Manalyze report for 7ac84509363f13da2792e8633e4573d6

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2021-Sep-10 15:34:01

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`7ac84509363f13da2792e8633e4573d6`
SHA1	`1f4121b1db9f1eea3ed5f486ea77f98d1ff0265a`
SHA256	`116d4e2665b3f9f03eebe017c4d4390ed76b92a353263a3a1d17e0b154a73e95`
SHA3	`9680fd8a980aaa64639f2bee877403f08bc2ac3fdb90c44e73baaefadfc63cac`
SSDeep	`3072:OmW99As+nu5w5W6tKJ9Ofl844aZqHDunwyP96/sF2I+WwH71GnmhlXamZPuC5:DwAXpBfl8aqHDsjP2I4H71GMPuC5`
Imports Hash	`4c023173e4304f7365003d19ac037d92`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2021-Sep-10 15:34:01
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x15e00`
SizeOfInitializedData	`0x9600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001867 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x17000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x22000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`96e9d158be64e8c88013cf98f96b2f97`
SHA1	`5e4f62bfc154b4eb5aa549e253b0ea7811fcb4d6`
SHA256	`144065a645840ac0045c9a4744fe04b88f6a1ea6c723084fd8d98a0dfc22f621`
SHA3	`ee2eb7a9efbfe3d0035a593d2715f56cd0d9a70814174c60b6a39cf19358fcef`
VirtualSize	`0x15d5f`
VirtualAddress	`0x1000`
SizeOfRawData	`0x15e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.6227`

.rdata

MD5	`b0e12f990c92355c32555cf5882a8dde`
SHA1	`b426c2059433db4c0c3e63ab9f6517332558f746`
SHA256	`7566a4ad06d3fad4e950dc004c8dc82498ad5a8d24f04aa12c6dd967cbd1e06d`
SHA3	`93fa01dd8afd306a2e517b4bdd39770992394a947145ae1d22ba29c0ae4d872f`
VirtualSize	`0x6cc2`
VirtualAddress	`0x17000`
SizeOfRawData	`0x6e00`
PointerToRawData	`0x16200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.07172`

.data

MD5	`064160bcc43754954dc933f2daf53267`
SHA1	`5fbe0d8b565c856a4e87d5ff4389b4906739be56`
SHA256	`35dbcd66d9fd85f0467931004aa471e18e27064d01f777548e1272957bb617cf`
SHA3	`7cf1b3083acbf2386c75e7f8691d5fe732c30d988cc7b36da380f3afce0f2f0c`
VirtualSize	`0x1444`
VirtualAddress	`0x1e000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x1d000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.05474`

.reloc

MD5	`8850b28a97e5080a0751ca7a48257009`
SHA1	`1ba8e7513044920bcc45e4a908776e920842ea07`
SHA256	`130aadbfa565054df597e9d16765ca1ead4f98cc61db0ff0cf183ced57457042`
SHA3	`4b9ffc8a6aaac348ae8725efc3518695531d3c384cbf29afe6690cfd181bbb99`
VirtualSize	`0x1038`
VirtualAddress	`0x20000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x1da00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.22159`

Imports

ntdll.dll	`RtlUnwind` `DbgPrintEx`
USER32.dll	`DestroyWindow` `TranslateMessage` `SetParent` `GetDesktopWindow` `SetWindowLongA` `SetForegroundWindow` `SwitchToThisWindow` `SendInput` `ShowWindow` `DispatchMessageA` `CreateWindowExW` `RegisterClassExW` `UnregisterClassW` `DefWindowProcW` `GetMessageA`
KERNEL32.dll	`FreeLibrary` `WriteConsoleW` `CreateFileW` `ReadConsoleW` `ReadFile` `CloseHandle` `HeapReAlloc` `HeapSize` `SetFilePointerEx` `GetFileSizeEx` `GetConsoleMode` `GetConsoleOutputCP` `FlushFileBuffers` `GetStringTypeW` `SetStdHandle` `SetEnvironmentVariableW` `FreeEnvironmentStringsW` `DebugBreak` `OutputDebugStringA` `HeapAlloc` `HeapFree` `GetProcessHeap` `Sleep` `GetModuleHandleW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetCurrentProcess` `TerminateProcess` `GetEnvironmentStringsW` `WideCharToMultiByte` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `DecodePointer` `GetProcAddress` `LoadLibraryExW` `RaiseException` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `ExitProcess` `GetModuleHandleExW` `GetCommandLineA` `GetCommandLineW` `CompareStringW` `LCMapStringW` `GetFileType` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `MultiByteToWideChar`

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2021-Sep-10 15:34:01
Version	`0.0`
SizeofData	`616`
AddressOfRawData	`0x1ce08`
PointerToRawData	`0x1c008`

TLS Callbacks

Load Configuration

Size	`0xbc`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x41e078`
SEHandlerTable	`0x41ce00`
SEHandlerCount	`2`

RICH Header

XOR Key	`0x12157f53`
Unmarked objects	`0`
ASM objects (27412)	`10`
C++ objects (27412)	`147`
C objects (27412)	`18`
C++ objects (VS 2015/2017/2019 runtime 29804)	`37`
C objects (VS 2015/2017/2019 runtime 29804)	`17`
ASM objects (VS 2015/2017/2019 runtime 29804)	`17`
Imports (27412)	`7`
Total imports	`99`
C objects (VS2019 Update 9 (16.9.2-3) compiler 29913)	`1`
Linker (VS2019 Update 9 (16.9.2-3) compiler 29913)	`1`

7ac84509363f13da2792e8633e4573d6

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.reloc

Imports

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors