Manalyze report for 7fd14ab0d93f6f4dddac74069fcf98ff

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Nov-25 20:57:14
Detected languages	English - United States

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to Blowfish` `Uses constants related to TEA`
Suspicious	The PE is possibly packed.	`Unusual section name found: .bind`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Can access the registry: RegCloseKey RegOpenKeyExA RegQueryValueExA` `Leverages the raw socket API to access the Internet: #10 #21 #9 #3 #17 #20 #8 #52 #57 #115 #15 #2 #116 #14 #23` `Can take screenshots: GetDC BitBlt CreateCompatibleDC` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`7fd14ab0d93f6f4dddac74069fcf98ff`
SHA1	`afeedeb68f38a0180929d87623637972eeae8d2f`
SHA256	`fe41c02a08551b98001ebed4a31ba1584742f25ed794e1d548aefae997cfbcee`
SHA3	`c864fcd2a809003585fc3d262b52a678ec395d75b9fd1f296e5659657728aaab`
SSDeep	`49152:QdqkU+wHPuR8OzHwWNwtF73jhD5znlp7QPRLZRaSTAYWd+vugOmEo5wB6beerCTI:in1wvrOzHxm3t9rUPBaSTAdS0mrBswdR`
Imports Hash	`0befd0f1fc3d36d3c80ee64c2827a9c8`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2019-Nov-25 20:57:14
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`9.0`
SizeOfCode	`0x2ca400`
SizeOfInitializedData	`0x88200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000FDB310 (Section: .bind)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x1008000`
SizeOfHeaders	`0x400`
Checksum	`0x355a23`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`6e496f8fa0bbb341be69ac3fa8f03212`
SHA1	`6b690e293173f819e007b7e7c62d1cfda6afd5d1`
SHA256	`c16af759543112d1a42e5713197419bd9fa7d0749cca5a6e7bdff37b238a77df`
SHA3	`85f75f923a7e3a0eb5a11420206036bfaf7f977bf6513299308999af8f42a02e`
VirtualSize	`0x2ca3d3`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2ca400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99994`

.rdata

MD5	`14eb69c4f4ec739855bc12cc520cc6e5`
SHA1	`063150e0b9de21a92e2b9473f209dadf60a02bb9`
SHA256	`55004f50e88dad071db2b9aa55c42ffe9d61061771f68bbd7bb1c62cc43c82d6`
SHA3	`b5b68b677aff99dd1e167a1a4dee38bdfb7fb335538f63d8bfac6bb4c07a3470`
VirtualSize	`0x546f4`
VirtualAddress	`0x2cc000`
SizeOfRawData	`0x54800`
PointerToRawData	`0x2ca800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.24354`

.data

MD5	`5bb2d4e5b28b18b48787aa168e440ab5`
SHA1	`ef9ea32d01592f962554e522c1641a7aac8202ee`
SHA256	`689da812a8b5991a65206bb3103272f883b152afd421286267e8a061769f2603`
SHA3	`c77f2c7a37b30297e3195b2270f9715d13582cb674ebe105e8dc5f80ec8e3dac`
VirtualSize	`0xc9c5a0`
VirtualAddress	`0x321000`
SizeOfRawData	`0x17c00`
PointerToRawData	`0x31f000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.45943`

.pdata

MD5	`e84adc8e9901d41a424dce7376af4eb3`
SHA1	`883c218a8be901eb2ee47409cbd7bc0625c80390`
SHA256	`c9befde074ed35a4bb26150c71ea5e9b71de061b78e365935105d7f27e9b1081`
SHA3	`874f1d7e35428cc59f73e894f462b45b6c87121419af198a08c42f53d63aa0f2`
VirtualSize	`0x178ec`
VirtualAddress	`0xfbe000`
SizeOfRawData	`0x17a00`
PointerToRawData	`0x336c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.31588`

.rsrc

MD5	`6ed59969c7357056850d21a6073e2c85`
SHA1	`e64d5b9f4405f975c2650c16575d11fc8101aaa8`
SHA256	`6b1680f313afc38670d711aa0829931b855e8475ef4a0cd4aa2b15715c5bf426`
SHA3	`a28ab33f6cf5d34daac72112ecd30ac7b79c3ae014df005a9642b4d42d3a6015`
VirtualSize	`0x3b0`
VirtualAddress	`0xfd6000`
SizeOfRawData	`0x400`
PointerToRawData	`0x34e600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.34166`

.reloc

MD5	`66c2e9f92525861d7ddc0385215c9ea5`
SHA1	`8e245011ee36e8c03feb118ca469674edcd9eb7e`
SHA256	`51e535c155bf96fb38f5e5b02444f2221a442c9b49bcb69afb22b260b247be22`
SHA3	`58d976e93dc3076d309114c6826943cc3fb5f622aa9e58719cda1842149bd0d4`
VirtualSize	`0x3e64`
VirtualAddress	`0xfd7000`
SizeOfRawData	`0x4000`
PointerToRawData	`0x34ea00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.35448`

.bind

MD5	`626c56f82d27d511924a1ae68827c1ba`
SHA1	`eea083eac1a462fd123362b0dba00432d117bb7c`
SHA256	`a1349bbf7353d1f0dfe9a1b1e591f6215da30e9a0218ee8c7906deb8277961d7`
SHA3	`90054f02e231c1215b1b9229beee5f406097b4160a2624d15ae8579d83cb13ea`
VirtualSize	`0x2cb80`
VirtualAddress	`0xfdb000`
SizeOfRawData	`0x2cb80`
PointerToRawData	`0x352a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.9469`

Imports

WINMM.dll	`timeBeginPeriod` `timeGetTime` `timeEndPeriod`
USER32.dll	`EnumDisplaySettingsA` `GetMonitorInfoA` `ChangeDisplaySettingsExA` `FillRect` `MessageBoxA` `EnumDisplayMonitors` `ChangeDisplaySettingsA` `CloseClipboard` `GetClipboardData` `OpenClipboard` `MapVirtualKeyA` `PeekMessageA` `ReleaseDC` `GetWindowLongA` `UnregisterClassA` `ShowCursor` `TranslateMessage` `GetDC` `SendMessageA` `GetClientRect` `LoadIconA` `PostQuitMessage` `RegisterClassExA` `GetWindowLongPtrA` `DestroyWindow` `DefWindowProcA` `GetDesktopWindow` `SetWindowPos` `CreateWindowExA` `LoadCursorA` `AdjustWindowRect` `CallWindowProcA` `UpdateWindow` `ShowWindow` `LoadImageA` `SetWindowTextA` `DispatchMessageA` `SetWindowLongPtrA`
steam_api64.dll	`SteamAPI_UnregisterCallResult` `SteamAPI_GetHSteamPipe` `SteamInternal_CreateInterface` `SteamInternal_ContextInit` `SteamAPI_RestartAppIfNecessary` `SteamAPI_RunCallbacks` `SteamAPI_Init` `SteamAPI_Shutdown` `SteamAPI_RegisterCallResult` `SteamAPI_GetHSteamUser`
KERNEL32.dll	`GetTickCount` `QueryPerformanceCounter` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `CloseHandle` `GetFileTime` `CreateFileA` `GlobalUnlock` `GlobalSize` `GlobalLock` `GetStartupInfoA` `TerminateProcess` `GetCurrentProcess` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsDebuggerPresent` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `GetCurrentProcessId` `FreeLibrary` `GetProcAddress` `LoadLibraryA` `Sleep` `AllocConsole` `FreeConsole` `SetCurrentDirectoryA` `GetStdHandle` `GetModuleFileNameA`
GDI32.dll	`BitBlt` `ChoosePixelFormat` `SwapBuffers` `CreateDIBSection` `CreateCompatibleDC` `SelectObject` `DescribePixelFormat` `SetPixelFormat` `CreateSolidBrush` `GetStockObject` `DeleteObject` `SetBkColor` `GetDeviceCaps` `SetTextColor`
SHELL32.dll	`SHGetPathFromIDListA` `Shell_NotifyIconA` `SHGetSpecialFolderLocation`
ole32.dll	`CoTaskMemFree`
MSVCR90.dll	`floorf` `sprintf` `vsprintf` `memmove` `free` `malloc` `strchr` `strncpy` `strrchr` `sscanf` `tolower` `atol` `strncat` `strstr` `fopen` `fread` `fwrite` `fclose` `fprintf` `__iob_func` `printf` `ftell` `rename` `remove` `_findnext64i32` `_findclose` `_findfirst64i32` `_time64` `_purecall` `atan2f` `atoi` `_mkdir` `setvbuf` `_open_osfhandle` `_localtime64` `_fdopen` `calloc` `realloc` `ldexp` `qsort` `exit` `memchr` `memset` `memcpy` `_create_locale` `_atof_l` `_free_locale` `atof` `asin` `atan2` `sin` `cos` `isspace` `__CxxFrameHandler3` `strcpy` `strcat` `strcmp` `log` `ceil` `fmod` `sqrt` `pow` `atan` `tan` `acos` `exp` `rand` `srand` `floor` `fflush` `ferror` `getenv` `tmpfile` `fputs` `_sprintf_l` `memcmp` `fscanf` `feof` `fgets` `_stricmp` `_strnicmp` `_rmdir` `_access` `_strupr` `??3@YAXPEAX@Z` `_amsg_exit` `__getmainargs` `__C_specific_handler` `_XcptFilter` `_exit` `_ismbblead` `_cexit` `_acmdln` `_initterm` `_initterm_e` `_configthreadlocale` `__setusermatherr` `_commode` `_fmode` `_encode_pointer` `__set_app_type` `__crt_debugger_hook` `?terminate@@YAXXZ` `?_type_info_dtor_internal_method@type_info@@QEAAXXZ` `_unlock` `__dllonexit` `_lock` `_onexit` `_decode_pointer` `_nextafterf` `ceilf` `sinf` `cosf` `vfprintf` `_vsnprintf` `_snprintf` `abort` `_HUGE` `??2@YAPEAX_K@Z` `strlen` `sqrtf` `fseek` `powf`
OPENGL32.dll	`glDepthMask` `glFogfv` `glDisableClientState` `glTexGeni` `glTexCoordPointer` `glEnableClientState` `glColorPointer` `glNormalPointer` `glVertexPointer` `glGetFloatv` `glGetIntegerv` `wglGetProcAddress` `glGetString` `glViewport` `glTexEnvi` `glClearColor` `glCullFace` `glFrontFace` `glDepthFunc` `glReadPixels` `glFlush` `glReadBuffer` `glClear` `glVertex3f` `glColor3fv` `glTexImage2D` `glTexParameterf` `glTexParameteri` `glGenTextures` `glPixelStorei` `glTexSubImage2D` `glDeleteTextures` `glDrawElements` `glTexGenfv` `glTexEnvfv` `glColor3f` `glColor4f` `glPolygonMode` `glColorMaterial` `glMaterialfv` `glScissor` `glMultMatrixf` `glOrtho` `glNormal3f` `glFrustum` `glMaterialf` `glLightfv` `glLightModelfv` `glFogf` `glFogi` `wglMakeCurrent` `wglGetCurrentContext` `wglShareLists` `wglCreateContext` `wglGetCurrentDC` `wglDeleteContext` `glCopyTexSubImage2D` `glBlendFunc` `glBindTexture` `glEnable` `glDisable` `glGetError` `glLoadMatrixf` `glMatrixMode` `glLoadIdentity` `glBegin` `glColor4ubv` `glTexCoord2fv` `glVertex3fv` `glEnd` `glAlphaFunc`
DINPUT8.dll	`DirectInput8Create`
OpenAL32.dll	`alSourcePause` `alGetError` `alGenSources` `alGetProcAddress` `alcGetError` `alGetString` `alcMakeContextCurrent` `alcCreateContext` `alcGetIntegerv` `alcIsExtensionPresent` `alcOpenDevice` `alcCloseDevice` `alcDestroyContext` `alcGetString` `alDeleteSources` `alListenerfv` `alListener3f` `alBufferData` `alSourcePlay` `alSource3f` `alSourcef` `alSourceQueueBuffers` `alSourcei` `alSourceStop` `alGenBuffers` `alDeleteBuffers` `alSourceUnqueueBuffers` `alGetSourcef` `alGetSourcei`
WS2_32.dll	`#10` `#21` `#9` `#3` `#17` `#20` `#8` `#52` `#57` `#115` `#15` `#2` `#116` `#14` `#23`
ADVAPI32.dll	`RegCloseKey` `RegOpenKeyExA` `RegQueryValueExA`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x356`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.05691`
MD5	`a3bf223ac50682aa04e86e03563d2cb8`
SHA1	`0c22dcc1cc7a4e8684248c518eb09c5eeb345371`
SHA256	`ee68564974507b1d1387b60f79457c6fddd4269c5e12c30f362edd4fe4ac6dfe`
SHA3	`93715a8279920c0123248e7f24097bb8454088529eb3366c545a082a86492a5e`

Version Info

TLS Callbacks

Load Configuration

RICH Header

7fd14ab0d93f6f4dddac74069fcf98ff

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

.bind

Imports

Delayed Imports

1

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors