Manalyze report for 735cb6a32f0323d7da7b124e4455510e

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2024-Jul-09 07:14:57
TLS Callbacks	2 callback(s) detected.
Debug artifacts	lua.pdb

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .buildid` `Unusual section name found: /4`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExA` `Possibly launches other programs: system`
Suspicious	The file contains overlay data.	`512 bytes of data starting at offset 0x8dc00.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`735cb6a32f0323d7da7b124e4455510e`
SHA1	`84d47e0b9291eb47bd3f1fe93f4aac96aaea2c73`
SHA256	`1dcf6e8fa2c7ae6dec94d169b067921a39d8db483f566df302b501d7fa171678`
SHA3	`bb95131bdfee3122b6b187bff7f6afb4ced6e4e21d4ca71cc742dc140d489d32`
SSDeep	`12288:zClTgBrKrWrcvPltoGI7Sa3uc14cXLF/R6L29Plpk6nU4VBtMU+Eux/Gg:8SiPvViR6LelphnFtf+pJG`
Imports Hash	`781d6aed26aeda08dcb9c5934dcba9f0`

DOS Header

e_magic	`MZ`
e_cblp	`0x78`
e_cp	`0x1`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0`
e_ss	`0`
e_sp	`0`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x78`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	2024-Jul-09 07:14:57
PointerToSymbolTable	`0x8dc00`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x74e00`
SizeOfInitializedData	`0x18a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001300 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x94000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x1000000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`996916a0b500f20a2e5b4f25862c8bdd`
SHA1	`36cb1d8e0f3464ceb1fcb101aeb85b88cbe2f461`
SHA256	`e489a521e194213d9ed5a454b81fd6051d0ec11e4d456de792e9b0ea17d6fe32`
SHA3	`7bb79c72ed32d9db8937c981d843ec816bd2437f5cf2dbf8bfa9bbce2b385983`
VirtualSize	`0x74cd4`
VirtualAddress	`0x1000`
SizeOfRawData	`0x74e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.57784`

.rdata

MD5	`b0407c82b57d57c58e001ff76f773959`
SHA1	`ad4aee823dceaa61c5d5264fbcfa207ccb242225`
SHA256	`fc7ed25538deb4c623521d900af2a35150e3c501d7fe6561bb18b588b8b041ea`
SHA3	`3299366165f47250d507616e5b0864e4fb798da8e1dcb18ac7b9504ce6813535`
VirtualSize	`0x984f`
VirtualAddress	`0x76000`
SizeOfRawData	`0x9a00`
PointerToRawData	`0x75200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.99319`

.buildid

MD5	`1b2f6debabdd33f8bcabc7b13f2ea03f`
SHA1	`0d7c3f50dde30c3276075104a791ee83c5c103e8`
SHA256	`39ee9f9c51d28f7958488ec96e832ea0decd89f9e30990f86bb253ddb747ab88`
SHA3	`729aa7c19cbcb6a2611b123d82f0f8dde0f82e248774a70ba8cafba9b6308c95`
VirtualSize	`0x3c`
VirtualAddress	`0x80000`
SizeOfRawData	`0x200`
PointerToRawData	`0x7ec00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.758419`

.data

MD5	`c5dfe783f2dc0c180c6f022be3558486`
SHA1	`a8c2f97f03213ec00412cde50d0ba0ca2a09dbce`
SHA256	`172d2b00d84bb7a0fe298d3df1eeaaa95db5e68a50a2025e8b1d7fc167b38947`
SHA3	`83e45867b4425fafd5ce7183871b6124c5d9030adcd99516c60a1851bc435e51`
VirtualSize	`0x1a38`
VirtualAddress	`0x81000`
SizeOfRawData	`0x200`
PointerToRawData	`0x7ee00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.33183`

.eh_fram

MD5	`ceafef733acae4421ac2b8fd3c7f5e91`
SHA1	`7503b46d0c677a39e5b1d120e0212b70f7c52e61`
SHA256	`b749a4bb500b28eee1d8f36e65ec9bd2a56995c5dc4e7e5ff47cd4f49562b254`
SHA3	`26e26ad37ad47acaad5a5c07b7df14f8c16b470094d3124e6ae9ef6e1eba349f`
VirtualSize	`0xad58`
VirtualAddress	`0x83000`
SizeOfRawData	`0xae00`
PointerToRawData	`0x7f000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.024`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x8`
VirtualAddress	`0x8e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x89e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.reloc

MD5	`38f727d95cfdbcacb6a19fe79426b7c2`
SHA1	`be5ad6507afb76c836e8b1fb5e70769623046f3a`
SHA256	`242b0ee7e608535724e22a88a496fd29ad9cfe89f3c02102b195cd087bd66789`
SHA3	`e5530d00efb76d710103786c793a42dea8af28052e6c7a05acebabfecfe32bd7`
VirtualSize	`0x39d4`
VirtualAddress	`0x8f000`
SizeOfRawData	`0x3a00`
PointerToRawData	`0x8a000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.50896`

/4

MD5	`cb65c8a2b01ed9e8b3fcf26a33d30526`
SHA1	`18e0a5e219f6585e17736e11fd70ce802d8f8c11`
SHA256	`eef78cf180e93892fb047999ad17a3d87fe699e1dc6f30a6fee09678828fcd4a`
SHA3	`401a2ff5d412258fd962b5f4a2bf854b6bf6096b4ce8791029fb739946055eb9`
VirtualSize	`0xc4`
VirtualAddress	`0x93000`
SizeOfRawData	`0x200`
PointerToRawData	`0x8da00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.71278`

Imports

api-ms-win-crt-environment-l1-1-0.dll	`__p__environ` `__p__wenviron` `getenv`
api-ms-win-crt-filesystem-l1-1-0.dll	`_lock_file` `_unlock_file` `remove` `rename`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `calloc` `free` `malloc` `realloc`
api-ms-win-crt-locale-l1-1-0.dll	`localeconv` `setlocale`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr` `acos` `asin` `atan2` `frexp` `pow`
api-ms-win-crt-private-l1-1-0.dll	`_setjmp3` `longjmp` `memchr` `strchr` `strrchr` `strstr`
api-ms-win-crt-runtime-l1-1-0.dll	`__p___argc` `__p___argv` `__p___wargv` `_cexit` `_configure_narrow_argv` `_configure_wide_argv` `_crt_at_quick_exit` `_crt_atexit` `_errno` `_exit` `_fpreset` `_initialize_narrow_environment` `_initialize_wide_environment` `_initterm` `_set_app_type` `_set_invalid_parameter_handler` `abort` `exit` `signal` `strerror` `system`
api-ms-win-crt-stdio-l1-1-0.dll	`__acrt_iob_func` `__p__commode` `__p__fmode` `__stdio_common_vfprintf` `__stdio_common_vfwprintf` `_fileno` `_isatty` `_pclose` `_popen` `clearerr` `fclose` `feof` `ferror` `fflush` `fgets` `fopen` `fputc` `fputs` `fread` `freopen` `fseek` `ftell` `fwrite` `getc` `setvbuf` `tmpfile` `tmpnam` `ungetc`
api-ms-win-crt-string-l1-1-0.dll	`isalnum` `isalpha` `iscntrl` `isgraph` `islower` `ispunct` `isspace` `isupper` `isxdigit` `strcmp` `strcoll` `strcpy` `strlen` `strncmp` `strpbrk` `strspn` `tolower` `toupper` `wcslen`
api-ms-win-crt-time-l1-1-0.dll	`__daylight` `__timezone` `__tzname` `_difftime64` `_gmtime64` `_localtime64` `_mktime64` `_time64` `_tzset` `clock` `strftime`
KERNEL32.dll	`DeleteCriticalSection` `EnterCriticalSection` `FormatMessageA` `FreeLibrary` `GetLastError` `GetModuleFileNameA` `GetProcAddress` `InitializeCriticalSection` `LeaveCriticalSection` `LoadLibraryExA` `SetUnhandledExceptionFilter` `Sleep` `TlsGetValue` `VirtualProtect` `VirtualQuery`
api-ms-win-crt-convert-l1-1-0.dll	`mbrtowc` `wcrtomb`

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2024-Jul-09 07:14:57
Version	`0.0`
SizeofData	`32`
AddressOfRawData	`0x8001c`
PointerToRawData	`0x7ec1c`
Referenced File	lua.pdb

TLS Callbacks

StartAddressOfRawData	`0x48e000`
EndAddressOfRawData	`0x48e004`
AddressOfIndex	`0x481088`
AddressOfCallbacks	`0x47eb4c`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`0x0046EDF0` `0x0046EDD0`

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Raw bytes from section .text could not be obtained.