Manalyze report for 8103c6a809c9f49c6246e71efdca1728c79955f38199c1470807651f0f971325

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2019-Feb-20 10:46:31
Detected languages	English - United States
Debug artifacts	d:\Projects\hg\hidscard\sc-multi\release\pcsc-client.dll.pdb

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++ 8` `Microsoft Visual C++ 8.0` `MSVC++ v.8 (procedure 1 recognized - h)`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Leverages the raw socket API to access the Internet: socket htons __WSAFDIsSet listen select WSAStartup send closesocket inet_addr connect accept WSAGetLastError WSACleanup recv bind` `Enumerates local disk drives: GetDriveTypeA`
Suspicious	VirusTotal score: 1/71 (Scanned on 2026-03-19 12:55:47)	`MaxSecure: Trojan.Malware.300983.susgen`

Hashes

MD5	`c695281567241f5449f745c9e2bf5d0b`
SHA1	`5972a86081d7a804e972d7e3d0d47f247dd5bb69`
SHA256	`8103c6a809c9f49c6246e71efdca1728c79955f38199c1470807651f0f971325`
SHA3	`71cf8346be417dfba1decb34860398bafc3daaa440b363386e06f39bb472fed0`
SSDeep	`3072:ESmN1ANZ/zlHNnxM2CTxc5kU0oN93xu5Ft:ESUhcek8t`
Imports Hash	`d7e2cdbfa83cae49f3781ac8cc33a274`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2019-Feb-20 10:46:31
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x1d000`
SizeOfInitializedData	`0xa000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00010D86 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x1e000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x6c000`
SizeOfHeaders	`0x1000`
Checksum	`0x34fc7`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`c5cca6c7f192fbd1ccc257dc58b0722e`
SHA1	`0976ef2665036162a0cfae3b409b0cd9f3130e80`
SHA256	`90363570f3ffcecce076b13726bfc3257b290fdc07b4f08c5fadce6b2f752612`
SHA3	`4bae4dea856ffc6285a0a9d615686d3b6f6e8fe31730a6a77de3c55ee46b2fb4`
VirtualSize	`0x1c459`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1d000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.52837`

.rdata

MD5	`36714ce9ffde9c074732365e62df5be7`
SHA1	`f510787161ce36c4904320225d84ab23cf4b2358`
SHA256	`40619f2915e5b6d69fe621b0ea49cb9c9bc8b7109cdd1515c39426cadac49598`
SHA3	`bb71646aaddd1f9f352cdbcc352bee74fd0721bc6b19038cf3974379dd5f6969`
VirtualSize	`0x587e`
VirtualAddress	`0x1e000`
SizeOfRawData	`0x6000`
PointerToRawData	`0x1e000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.24455`

.data

MD5	`5f47a90d8868bdd945aa1b7cb4c16510`
SHA1	`b357d77f9f16ade38fcb9bae30aad85b132d9637`
SHA256	`8ea8f3359260752aa083738c8992d4236607193a21cb03fa210a4a35e3dc8611`
SHA3	`589e87c0aee40d3339c4bf5f107724a8846191a64428f9509a9a52eb68082531`
VirtualSize	`0x46e64`
VirtualAddress	`0x24000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x24000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.17006`

.rsrc

MD5	`353c9b3281a5f620a77a43b380d1d292`
SHA1	`cda7cae8f280562caa1f2a5c946f88320c2fd4c2`
SHA256	`f0a748ea3046d5440eab7bdd7e5e8920057c454ec149f53a765c0275c6547f73`
SHA3	`b988ef91e2341fdba0b08a003c066a8a3d6e7303827e8e37e2094cb792c70191`
VirtualSize	`0xb0`
VirtualAddress	`0x6b000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x27000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.05735`

Imports

WS2_32.dll	`socket` `htons` `__WSAFDIsSet` `listen` `select` `WSAStartup` `send` `closesocket` `inet_addr` `connect` `accept` `WSAGetLastError` `WSACleanup` `recv` `bind`
KERNEL32.dll	`GetStringTypeW` `GetStringTypeA` `LCMapStringW` `LCMapStringA` `SetEndOfFile` `GetLocaleInfoA` `SetEnvironmentVariableA` `CompareStringW` `CompareStringA` `GetProcAddress` `LoadLibraryA` `GetModuleHandleA` `GetModuleFileNameA` `InitializeCriticalSection` `LeaveCriticalSection` `GetFileAttributesA` `EnterCriticalSection` `GetCurrentThreadId` `GetVersionExA` `GetCurrentProcessId` `GetSystemTime` `Sleep` `GetLastError` `LocalAlloc` `CreateMutexA` `LocalFree` `VirtualQuery` `VirtualFree` `IsValidCodePage` `GetOEMCP` `GetACP` `GetCPInfo` `HeapFree` `GetSystemTimeAsFileTime` `GetDriveTypeA` `GetFullPathNameA` `HeapAlloc` `ExitProcess` `SetConsoleCtrlHandler` `TerminateProcess` `GetCurrentProcess` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsDebuggerPresent` `GetCommandLineA` `GetProcessHeap` `HeapDestroy` `HeapCreate` `DeleteCriticalSection` `VirtualAlloc` `HeapReAlloc` `SetHandleCount` `GetStdHandle` `GetFileType` `GetStartupInfoA` `WriteFile` `WideCharToMultiByte` `GetConsoleCP` `GetConsoleMode` `FlushFileBuffers` `RtlUnwind` `MultiByteToWideChar` `ReadFile` `SetFilePointer` `GetCurrentDirectoryA` `CloseHandle` `TlsGetValue` `TlsAlloc` `TlsSetValue` `TlsFree` `InterlockedIncrement` `SetLastError` `InterlockedDecrement` `HeapSize` `RaiseException` `FreeEnvironmentStringsA` `GetEnvironmentStrings` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `QueryPerformanceCounter` `GetTickCount` `WriteConsoleA` `GetConsoleOutputCP` `WriteConsoleW` `SetStdHandle` `CreateFileA`
ADVAPI32.dll	`AllocateAndInitializeSid` `SetSecurityDescriptorDacl` `InitializeSecurityDescriptor` `SetEntriesInAclA` `FreeSid`
VERSION.dll	`GetFileVersionInfoA` `GetFileVersionInfoSizeA` `VerQueryValueA`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x56`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.65542`
MD5	`bd62b6f553a2d1d012cc53fc325221d2`
SHA1	`c5353cec27b30fb35e414dd5f3d0e9205aaf1c07`
SHA256	`388f75e900f0c15fd66249d7b2e7edf6e14eeefb859e6f766b75058e44f27af6`
SHA3	`b59854a353caba5e0be1002399bcb847b4dd99e37cff0c7967dd0d42c1eab089`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2019-Feb-20 10:46:31
Version	`0.0`
SizeofData	`85`
AddressOfRawData	`0x21f08`
PointerToRawData	`0x21f08`
Referenced File	d:\Projects\hg\hidscard\sc-multi\release\pcsc-client.dll.pdb

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x424420`
SEHandlerTable	`0x422180`
SEHandlerCount	`25`

RICH Header

XOR Key	`0xf678a0d4`
Unmarked objects	`0`
ASM objects (VS2012 build 50727 / VS2005 build 50727)	`18`
126 (50327)	`1`
C++ objects (VS2012 build 50727 / VS2005 build 50727)	`47`
C objects (VS2012 build 50727 / VS2005 build 50727)	`126`
Total imports	`121`
Imports (VS2012 build 50727 / VS2005 build 50727)	`9`
113 (VS2012 build 50727 / VS2005 build 50727)	`7`
Linker (VS2012 build 50727 / VS2005 build 50727)	`1`

Errors

Leave a comment

No comments yet.