Manalyze report for 83014845558c7e377d841d0983949f393c3b8a470762f3b552e123375266add3

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Mar-25 19:10:28
Detected languages	English - United States
Debug artifacts	E:\r\ws\St_Make\code\build\win\results\Release\info\CaptiveAppEntry.vc2015.pdb

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	Interesting strings found in the binary:	Contains domain names: adobe.com http://www.adobe.com http://www.adobe.com/go/getair http://www.adobe.com/go/getair, http://www.adobe.com/go/getair. http://www.adobe.com/go/getair_br http://www.adobe.com/go/getair_cn http://www.adobe.com/go/getair_cz http://www.adobe.com/go/getair_de http://www.adobe.com/go/getair_es, http://www.adobe.com/go/getair_fr http://www.adobe.com/go/getair_it http://www.adobe.com/go/getair_jp http://www.adobe.com/go/getair_kr http://www.adobe.com/go/getair_nl http://www.adobe.com/go/getair_pl http://www.adobe.com/go/getair_ru http://www.adobe.com/go/getair_se http://www.adobe.com/go/getair_tr www.adobe.com
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryW LoadLibraryExW`
Safe	VirusTotal score: 0/72 (Scanned on 2026-01-01 04:32:27)	`All the AVs think this file is safe.`

Hashes

MD5	`73b81c73b4b0a0a92db4e6808984ebeb`
SHA1	`410492c7143e635c0943b2bff4780fe8f63990f9`
SHA256	`83014845558c7e377d841d0983949f393c3b8a470762f3b552e123375266add3`
SHA3	`c107ec1979c7d82e05c6bf25ee5554bcfb18d1d149c4f5f72b40b061dc15bfee`
SSDeep	`3072:vcR7HVcrFONqdOvS3f7fSJhRD08kkhR8W8ojzE3dy+iTkr5dju7:vcXugnJkk38W8ojzgxZ51y`
Imports Hash	`99f1208f8baa2895eb326f6c41fd3294`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2019-Mar-25 19:10:28
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0xaa00`
SizeOfInitializedData	`0x1da00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001540 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xc000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x2c000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f9526c7f10976172f95be5927f72acdc`
SHA1	`164532c468168a8745a3bb007e3696a7b9a17af6`
SHA256	`7cee8ee59ba5754adf8e8bc27419a255f96c0b2e20af49ccc2194c106c6ce43b`
SHA3	`c817be42e89d0941a22a18d9355b620e2b7b3bcb4eaaff8c85da91e0d1c63bfe`
VirtualSize	`0xa85c`
VirtualAddress	`0x1000`
SizeOfRawData	`0xaa00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.60246`

.rdata

MD5	`57e9461cdd04eb286ed1cbae63295000`
SHA1	`e4d298d61f1d93fe22cea0ec50ba06e8715df56b`
SHA256	`cb37630855fcb04051194f3d7c8d5a0921bfaf2eada2f30ed2cd10c73680a586`
SHA3	`d173bbec4fe731fd478af3154968d8b52d11b1323c0ac0f5362b5da2f444a767`
VirtualSize	`0x76da`
VirtualAddress	`0xc000`
SizeOfRawData	`0x7800`
PointerToRawData	`0xae00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.78018`

.data

MD5	`b0ee1bbffcf076883cfad64ac203b1de`
SHA1	`7389cf3a0fbccc2b8916a821d00939a856c4adce`
SHA256	`0afb3d71f4812b5d60bd22f3126c700189d19014858167108076c01760167e69`
SHA3	`33f5b7cc2a54492831ea11273c9a9eb4605dd6d93b8d8fc63f4ccdcfbc925dc3`
VirtualSize	`0x12dc`
VirtualAddress	`0x14000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x12600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.28377`

.rsrc

MD5	`f1f6e0f6e874be7638765e82daed7505`
SHA1	`5fa049048aa097eaf67370bb9610c8b30091063c`
SHA256	`d4fc5bdcf2f2da802ff896174caa1b4d4a23a6053d4489d0cd7fb2ff91867c5b`
SHA3	`8318771dc1cab65679985b64cae1b36bcab35b7d055e7a97fd869fd6a7ca2fe7`
VirtualSize	`0x147d0`
VirtualAddress	`0x16000`
SizeOfRawData	`0x14800`
PointerToRawData	`0x13000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.26411`

.reloc

MD5	`9d69b23d425a7cb73d28b0c4bdf3af98`
SHA1	`8e3ae22a3a4da1ef1be67ecacf3c1ab51b576cfc`
SHA256	`aae4e55abe75a0d7e9c4494529f66499eddfee1e04f0e70bab27748e1d38c151`
SHA3	`bcf43f0c1b77283532a94c4cb9c516017dc8fb88fef967165168facc4f0a6876`
VirtualSize	`0xe58`
VirtualAddress	`0x2b000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x27800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.23474`

Imports

KERNEL32.dll	`SetStdHandle` `WriteConsoleW` `GetProcAddress` `ExitProcess` `HeapAlloc` `GetProcessHeap` `GetModuleHandleW` `LoadLibraryW` `GetFileAttributesW` `CreateFileW` `GetUserDefaultUILanguage` `GetModuleFileNameW` `GetStdHandle` `GetCommandLineW` `RaiseException` `DecodePointer` `SetFilePointerEx` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetCurrentProcess` `TerminateProcess` `WriteFile` `CloseHandle` `InitializeCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `MultiByteToWideChar` `WideCharToMultiByte` `RtlUnwind` `GetLastError` `SetLastError` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `LoadLibraryExW` `GetFileType` `GetModuleFileNameA` `GetModuleHandleExW` `GetACP` `LCMapStringW` `FindClose` `FindFirstFileExA` `FindNextFileA` `IsValidCodePage` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `GetStringTypeW` `FlushFileBuffers` `GetConsoleCP` `GetConsoleMode` `HeapSize` `HeapReAlloc` `HeapFree`
SHELL32.dll	`CommandLineToArgvW`
USER32.dll	`MessageBoxExW`
SHLWAPI.dll	`StrCmpW`

Delayed Imports

AmdPowerXpressRequestBetterBatteryLife

Ordinal	`1`
Address	`0x14780`

NvOptimusDisablement

Ordinal	`2`
Address	`0x14784`

101

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.20109`
MD5	`ddaac3b2bf3a129f81e5e79c26f2eddf`
SHA1	`3e5b10b63eade8b0ec18191e3a415b1a6e2889b6`
SHA256	`bb18ba16bb3e15537ce10a0d5472bf744974914ce38958b492db33961022596f`
SHA3	`7d7b02a95edfe98cb22cdd003abc081bc6520914a48244f42eef46423a83893b`

102

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.29387`
MD5	`178024cf45737e51df8a707d6207c2e3`
SHA1	`817b72b141509cdab9313b690a3f2ba948f1e2f3`
SHA256	`6d80ae23df4fb7126626d4655233051090a0cabdf635bfb4d1da053f7de71e80`
SHA3	`28bdaa958e3ea2975d695adde7a3ba50e4ff8d4a672d630ae99f86e91d28c368`

103

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.31468`
MD5	`1edd7b5c43030bd299e9ebdcc0b64f17`
SHA1	`6747a155480c0402f2f846a393ec4078b8c8a2e9`
SHA256	`6adf9a6b877c387b9effb1eb77af3259cf625b4815e5d1888ff333104bc314f5`
SHA3	`2b1853fffbeddc0950e2f4bb7dc6b58ef85e14e938e1954923c14cb98724972b`

104

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.06775`
MD5	`c76ab8af8c197168f5b69feea568b90e`
SHA1	`409e11e5a9eb2b6085e0394fdc8e7eb8074806d7`
SHA256	`f51553a67a360e0dd17e757120f0ad4735c026f1fcbe1168a8edc0935e665da3`
SHA3	`d439dc6c4e6370a07cc96aa272964f53d5062009237c19327eada6841b625d0c`

100

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.7388`
Detected Filetype	Icon file
MD5	`a60d184be794baaf59173d8a9af8b3a6`
SHA1	`2b1bbb6ba806a612cc97de8d835ca4c3cec34104`
SHA256	`763993714a88498ab1433b91335995d0c2b6ec6eb2aa8e7f9443adeed6549b8b`
SHA3	`200e507439a8e0c88141aff70a08e59c748c173eec3a56d414cad4f8f6cdfb51`

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x336`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.3298`
MD5	`73faacbcdc7822a038c4e3786814611d`
SHA1	`287208b33c407a0b361d0ce2767111875e20a9f3`
SHA256	`411d4b3df3807e19bca735fd7415be9bbbfa9a87293a2d16bc53dda75845e50f`
SHA3	`0b3da7eac75b1a2f67eeda09933c30f1ff2415251fcfab020566826e9a344c08`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2019-Mar-25 19:10:28
Version	`0.0`
SizeofData	`103`
AddressOfRawData	`0x1286c`
PointerToRawData	`0x1166c`
Referenced File	E:\r\ws\St_Make\code\build\win\results\Release\info\CaptiveAppEntry.vc2015.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2019-Mar-25 19:10:28
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x128d4`
PointerToRawData	`0x116d4`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2019-Mar-25 19:10:28
Version	`0.0`
SizeofData	`752`
AddressOfRawData	`0x128e8`
PointerToRawData	`0x116e8`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2019-Mar-25 19:10:28
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x5c`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x414018`
SEHandlerTable	`0x412860`
SEHandlerCount	`3`
GuardCFCheckFunctionPointer	`4243756`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x2e83da52`
Unmarked objects	`0`
241 (40116)	`11`
243 (40116)	`125`
242 (40116)	`24`
C++ objects (24233)	`2`
ASM objects (VS2015 UPD3 build 24123)	`17`
C++ objects (VS2015 UPD3 build 24123)	`29`
C objects (VS2015 UPD3 build 24123)	`17`
Imports (65501)	`15`
Total imports	`131`
C++ objects (LTCG) (24233)	`1`
Exports (24233)	`1`
Resource objects (VS2015 UPD3 build 24210)	`1`
Linker (24233)	`1`

Errors

Leave a comment

No comments yet.