Manalyze report for 73edb3820d07e066131f4ac99e79b61b

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2016-Jun-15 08:23:33
Detected languages	English - United States
Debug artifacts	C:\Users\DarkstaR\Desktop\Writing\Chatpers\Code\GameHackingExamples\bin\DEBUG_BUILDS\Chapter1_MemoryPointers.pdb

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	The PE is possibly packed.	`Section .textbss is both writable and executable.`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress`
Suspicious	VirusTotal score: 1/57 (Scanned on 2016-10-26 06:30:56)	`CrowdStrike: malicious_confidence_61% (W)`

Hashes

MD5	`73edb3820d07e066131f4ac99e79b61b`
SHA1	`8ccb1f003a1901f2f0f9dcb8881de3fb433b9869`
SHA256	`42191d1451be8dc2518fbeddfd587714d721118712da6356b0065927da960a98`
SHA3	`9994e9cfd4a9fafb3b11f13a3a23b52dca0164d20219bcad80de30d1e96fb9d6`
SSDeep	`384:mZJEUq/NmAb+0mNcQTKM0zQpY0oAhbQ3ClO88oPmwUb2RP0sJyvPVgxAFHi:A5q/NmAbGTKgd3bQ37JoNUszwvdg1`
Imports Hash	`5b5554e7178a88a034a69c5508817470`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`7`
TimeDateStamp	2016-Jun-15 08:23:33
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`10.0`
SizeOfCode	`0x7a00`
SizeOfInitializedData	`0x3a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000111B3 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x20000`
SizeOfHeaders	`0x400`
Checksum	`0x14853`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.textbss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x10000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.text

MD5	`c669ab68a4bd5d102da737131cb5d103`
SHA1	`7dfe134803a4ea54841123244c3d00a334b1de12`
SHA256	`6d1d8bb9ea4baf4ce04c27ba01067b6a157942d28474d0dc2e7c210f8e821e6f`
SHA3	`c0555a15bdbd69795083cd71e24237800d6a157ae822a964218c637b8119546b`
VirtualSize	`0x7985`
VirtualAddress	`0x11000`
SizeOfRawData	`0x7a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`3.87059`

.rdata

MD5	`ed422f5d5afb5150fe6bd92f3e007564`
SHA1	`690ebfb5f6f3b880bcf85c5afa5a048feb7c85d9`
SHA256	`1083fa05f340550bf3b71076288c180c56d7f9cb8bdf6a010b24d3fd7c3ccb38`
SHA3	`fa7cc83d23ffe2f68362b0e635a484e8d02577a8f9747d0054e867049f5dca08`
VirtualSize	`0x219b`
VirtualAddress	`0x19000`
SizeOfRawData	`0x2200`
PointerToRawData	`0x7e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.52637`

.data

MD5	`224091223ff1614aaf976bb5f70fe02c`
SHA1	`0bb528a8fc93e598e3612a0f19218987794d478d`
SHA256	`b1b29a23b44b13c217ae2128eed462746fba66d0b9ecebd695e3ea1edaa18ea6`
SHA3	`98e8d3082a3618a62afad0ceec53efc725a7a719df4a880737cf9f11ca6b0545`
VirtualSize	`0xe04`
VirtualAddress	`0x1c000`
SizeOfRawData	`0x200`
PointerToRawData	`0xa000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.423784`

.idata

MD5	`101dddd744cd70f29f4576ccacdfe855`
SHA1	`282aaedee2e4a6947f92a365c2cc706b6bc693b3`
SHA256	`ce61311bc758b1c554ca754a5a7b0449429a4607b4a64a68eaaa37d8ba2612d3`
SHA3	`af5f85c29666c51b6dff4c69feda63fabc776dc786262a7d16525131b14e2726`
VirtualSize	`0xd71`
VirtualAddress	`0x1d000`
SizeOfRawData	`0xe00`
PointerToRawData	`0xa200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.53124`

.rsrc

MD5	`0cc425d0556c63acb7c04b9b1a211d5b`
SHA1	`29f40a6f4e0a20c010bc29f9a2235c42a995f89e`
SHA256	`c66841853bfcddeec1cee0f0a319783988bdc74decc1c0d4c00c27c60dfa80e8`
SHA3	`206ab5c39bd068a6ccdcf94cce98b571a0e74e1e791eaeec1d44f81c4da93636`
VirtualSize	`0x1b4`
VirtualAddress	`0x1e000`
SizeOfRawData	`0x200`
PointerToRawData	`0xb000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.10501`

.reloc

MD5	`f3c84f2ff9f1a732efaa28b7e586d0a4`
SHA1	`1153bd568aa3c95a82481c069a6cbd7fb8a00131`
SHA256	`cf444192b9f696b9ae15d954b2cea302e1361c411827a397926d3235f25aec10`
SHA3	`4e8e12b4ae517bb807410dc5327c08c08174d6bb8c41e386807eb8650e2a6478`
VirtualSize	`0x5ef`
VirtualAddress	`0x1f000`
SizeOfRawData	`0x600`
PointerToRawData	`0xb200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.3181`

Imports

allegro-5.0.10-monolith-md-debug.dll	`al_install_system` `al_init_primitives_addon` `al_init_font_addon` `al_init_ttf_addon` `al_install_keyboard` `al_load_ttf_font` `al_create_timer` `al_create_display` `al_create_event_queue` `al_get_display_event_source` `al_register_event_source` `al_get_keyboard_event_source` `al_get_timer_event_source` `al_start_timer` `al_wait_for_event` `al_is_event_queue_empty` `al_clear_to_color` `al_flip_display` `al_show_native_message_box` `al_destroy_timer` `al_destroy_display` `al_destroy_event_queue` `al_draw_text` `al_draw_filled_circle` `al_map_rgb` `al_draw_filled_rectangle`
MSVCR100D.dll	`strlen` `??2@YAPAXI@Z` `fclose` `fread` `fopen` `??3@YAXPAX@Z` `__CxxFrameHandler3` `_CRT_RTC_INITW` `_unlock` `__dllonexit` `_lock` `_onexit` `_configthreadlocale` `__setusermatherr` `_commode` `_fmode` `__set_app_type` `_amsg_exit` `__getmainargs` `_exit` `_XcptFilter` `_cexit` `exit` `__initenv` `_CrtSetCheckCount` `_CrtDbgReportW` `_initterm` `_initterm_e` `_crt_debugger_hook` `_except_handler4_common` `?terminate@@YAXXZ` `_controlfp_s` `_invoke_watson` `_wmakepath_s` `wcscpy_s` `_wsplitpath_s` `abs` `sprintf` `memset`
KERNEL32.dll	`FreeLibrary` `GetModuleHandleW` `VirtualQuery` `GetModuleFileNameW` `GetProcessHeap` `HeapAlloc` `HeapFree` `GetSystemTimeAsFileTime` `GetCurrentProcessId` `GetCurrentThreadId` `GetTickCount` `QueryPerformanceCounter` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `LoadLibraryW` `GetProcAddress` `lstrlenA` `RaiseException` `MultiByteToWideChar` `IsDebuggerPresent` `WideCharToMultiByte` `HeapSetInformation` `InterlockedCompareExchange` `Sleep` `DecodePointer` `EncodePointer` `InterlockedExchange`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x15a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.79597`
MD5	`24d3b502e1846356b0263f945ddd5529`
SHA1	`bac45b86a9c48fc3756a46809c101570d349737d`
SHA256	`49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e`
SHA3	`1244ed60820da52dc4b53880ec48e3b587dbdbd9545f01fa2b1c0fcfea1d5e9e`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2016-Jun-15 08:23:33
Version	`0.0`
SizeofData	`137`
AddressOfRawData	`0x1a7c4`
PointerToRawData	`0x95c4`
Referenced File	C:\Users\DarkstaR\Desktop\Writing\Chatpers\Code\GameHackingExamples\bin\DEBUG_BUILDS\Chapter1_MemoryPointers.pdb

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xc0b289bb`
Unmarked objects	`0`
ASM objects (VS2010 SP1 build 40219)	`1`
C objects (VS2010 SP1 build 40219)	`18`
Imports (VS2008 SP1 build 30729)	`2`
Imports (VS2010 SP1 build 40219)	`5`
Total imports	`94`
C++ objects (VS2010 SP1 build 40219)	`8`
Linker (VS2010 SP1 build 40219)	`1`

Errors

[*] Warning: Section .textbss has a size of 0!