Manalyze report for 8417b4461cd30801055c882e7ce486b3

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2000-Jun-12 01:52:17
Detected languages	Japanese - Japan

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 8.0`
Info	The PE contains common functions which appear in legitimate applications.	`Possibly launches other programs: ShellExecuteA` `Enumerates local disk drives: GetVolumeInformationA`
Malicious	The file contains overlay data.	`60940 bytes of data starting at offset 0x5a00.` `The file contains a LZH Compressed archive file after the PE data.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`8417b4461cd30801055c882e7ce486b3`
SHA1	`357938897bc21837019653165fb8724c4a3489d5`
SHA256	`39a3133b0eb19d170b549270cf62ab9a5485fc7947b649214d3f613e16c32184`
SHA3	`4278e45d6492a9030dff656327a3e8b5e08c56bf752db2609ddc4683278b29a6`
SSDeep	`1536:YSzEd6eZ0sZi5hie1IhmCJAMV3+joovT8doskCDF7k8Ygb3a40Oik7N6:/zEdDmMmCtkXb8kCh7kZv4B6`
Imports Hash	`9e40caf27c5ec363183d41f515c99845`

DOS Header

e_magic	`MZ`
e_cblp	`0xcf`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x20`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0x25c`
e_csum	`0`
e_ip	`0`
e_cs	`0x26`
e_ovno	`0`
e_oemid	`0x484c`
e_oeminfo	`0x2741`
e_lfanew	`0x4d0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`7`
TimeDateStamp	2000-Jun-12 01:52:17
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`3.0`
SizeOfCode	`0x3000`
SizeOfInitializedData	`0x2200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00003CEE (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x4000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`4.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xa000`
SizeOfHeaders	`0x800`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`22b09453a3f5d5f20dc7a577fdf67a68`
SHA1	`486151d9e4aa85591343164fb2bd1764ff60937d`
SHA256	`5658409d0b84920ab7af8a91afd4d6d28c7ef4e102ea8a36e56df0e8f1808e46`
SHA3	`1147603fadf5b5cbb8f0b317c8f03fb33a95e2b21bfbb349231eac166f9c12e6`
VirtualSize	`0x2f18`
VirtualAddress	`0x1000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.51055`

.rdata

MD5	`bc869c46a0bd390d6c2108b5b09d7c5e`
SHA1	`0678ee6a5e62b30c55b713418419e27d828e01f2`
SHA256	`85618d9869a6f2e1e782c3f528807c4ecb39fe56f03ba410794dd8f508f13ee7`
SHA3	`d222d9f8ea9353e0be5bac5cce931393837840e288ef85d8c2b913e7480f80ff`
VirtualSize	`0xa5`
VirtualAddress	`0x4000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.96797`

.data

MD5	`b502e87a7f92a2f82d0fe8d3129580e8`
SHA1	`ea0d50898c5f6ba3b8d1d93f03e58bdaba562218`
SHA256	`5f932fd28fdf9fe59bc5ca6f75c2750431346fd6de26ef4bc90aaeb64bd7a169`
SHA3	`70896441979f99a0c3d27806b0b37558959568408b88c04cf6054839ffd8b551`
VirtualSize	`0x2c0`
VirtualAddress	`0x5000`
SizeOfRawData	`0x400`
PointerToRawData	`0x3a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.83111`

.idata

MD5	`ee822a116a47dd8181a2e0ba5b4ce490`
SHA1	`c6b20a13726ee46664e6d53239ad984f01045521`
SHA256	`6f587acfd2d3d262f525d0ca5907cbe28a3ae950188bc460bbbe2aa67a18dcfc`
SHA3	`9d8a9114ff53947bf03ea05a46bdaa38283faaba22b0248824988817a114bcf1`
VirtualSize	`0x8aa`
VirtualAddress	`0x6000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x3e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.40332`

.CRT

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x8`
VirtualAddress	`0x7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`07001eebdf0c11939c90a6ddb71c6365`
SHA1	`f53c11110e0a62ad4a91ad59862776d77de3adaa`
SHA256	`f97536f454163b121bce6c8ad6b2ec1dd515b44aa15db9d4933edd9c18523f67`
SHA3	`38a275f2899e569fbd17e4b3f2a4c1c7d48e2ba3386d07e575b168f5529c2526`
VirtualSize	`0x90c`
VirtualAddress	`0x8000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x4a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.22687`

.reloc

MD5	`502c2ffeb8f59e8510d5f3ea762e1157`
SHA1	`3cc3f6ddb4fc3d7c3e4951013cbc070bd7f7c4ec`
SHA256	`682346f09f599daaa54b8b79f7af64d21c175ae2c7b085e7c3b4db74d5fa009e`
SHA3	`a0ca9f0dae38b1e4f603764db1508ac4e5d34b1455714f49a25312786f282f93`
VirtualSize	`0x48a`
VirtualAddress	`0x9000`
SizeOfRawData	`0x600`
PointerToRawData	`0x5400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.03996`

Imports

KERNEL32.dll	`GetFileTime` `SystemTimeToFileTime` `SetFileTime` `SetFileAttributesA` `GetFileAttributesA` `CreateFileA` `LocalFree` `FileTimeToSystemTime` `GetVolumeInformationA` `_lopen` `GetModuleFileNameA` `GetVersionExA` `_llseek` `WriteFile` `lstrcpynA` `GetSystemDirectoryA` `SearchPathA` `GetEnvironmentVariableA` `GetWindowsDirectoryA` `lstrcatA` `GetCurrentDirectoryA` `lstrcpyA` `CreateDirectoryA` `DeleteFileA` `lstrlenA` `IsDBCSLeadByte` `_lread` `CloseHandle` `lstrcmpA` `LocalAlloc` `_lclose` `GetStartupInfoA` `GetModuleHandleA`
USER32.dll	`GetSystemMetrics` `SendDlgItemMessageA` `SetFocus` `GetDlgItemTextA` `PostMessageA` `GetWindowRect` `SetWindowTextA` `SetTimer` `IsIconic` `DestroyIcon` `BeginPaint` `MoveWindow` `KillTimer` `DialogBoxParamA` `LoadIconA` `SendMessageA` `DrawIcon` `SetDlgItemTextA` `PeekMessageA` `IsDialogMessageA` `TranslateMessage` `DispatchMessageA` `MessageBoxA` `wsprintfA` `CharNextA` `CharPrevA` `EndDialog` `GetDlgItem` `EnableWindow` `EndPaint`
GDI32.dll	`GetMapMode` `SetMapMode`
comdlg32.dll	`GetOpenFileNameA` `GetFileTitleA`
SHELL32.dll	`ShellExecuteA`
CRTDLL.dll	`_local_unwind2` `_global_unwind2` `memset` `_strnicmp` `exit` `strchr` `strrchr` `atoi` `_fmode_dll` `_exit` `_XcptFilter` `_acmdln_dll` `_initterm` `__GetMainArgs` `_commode_dll`

Delayed Imports

1

Type	`RT_ICON`
Language	Japanese - Japan
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	2000-Jun-12 01:52:17
Entropy	`2.48984`
MD5	`1cbf5981a6ff843f1533ebeb192415f6`
SHA1	`cb0212f6cb5d487aa9f6a8abf9b106c9bf929b49`
SHA256	`5292a912e52cde92d12447fc0b0129b1ca13dc28a760fc1c6c9789cb5b07ddbd`
SHA3	`bd1663c2cf7b7c390b8acbd75679c49fb97c4ccdccd81bf9d1ec8cef79821312`

2

Type	`RT_ICON`
Language	Japanese - Japan
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	2000-Jun-12 01:52:17
Entropy	`2.17002`
MD5	`99a09e69dd1833c57d4f52f4667541e4`
SHA1	`469277cb8603d96c474a51c145fd71b4fbe7d40c`
SHA256	`dd22120bb6f1e4bbb6b07b80cb5c106fba27fb7d8268ba1df867791f6d37125a`
SHA3	`8446e66e6635e685406968f31555d84c930178327bc31c4325940c04bee504cd`

GETDIRDIALOG

Type	`RT_DIALOG`
Language	Japanese - Japan
Codepage	UNKNOWN
Size	`0x21c`
TimeDateStamp	2000-Jun-12 01:52:17
Entropy	`3.98631`
MD5	`60a26366723326744817530729ff218b`
SHA1	`d70fe05c2ff17a693f96a6241145c1d83274d5d4`
SHA256	`b4ecd8ebdaf108caa7fe0d374bee31e75ee0d3dec35e134f2289060070402611`
SHA3	`1b93eb494ccb9700734992916099a4e73f1b018b76bc9751df4486b7b2c55917`

SFXDIALOG

Type	`RT_DIALOG`
Language	Japanese - Japan
Codepage	UNKNOWN
Size	`0x12c`
TimeDateStamp	2000-Jun-12 01:52:17
Entropy	`3.51056`
MD5	`5c1e3a9fcf9a46fc73ccd07b9d22f907`
SHA1	`1919f31e6ee7368b46feb299d2eac56e2c2fced0`
SHA256	`a7fe99d4ebdf637c258bee7a7e8ec1888a33b7a657dacabfe05a71ad243ff76e`
SHA3	`cc09450dd26e48b3044da79c81404293d4d57117163152b5f6cc5ae37a4d2fb1`

IDI_ICON1

Type	`RT_GROUP_ICON`
Language	Japanese - Japan
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	2000-Jun-12 01:52:17
Entropy	`2.37086`
Detected Filetype	Icon file
MD5	`d59e0d372ea5fd8c1f4de744376a6af4`
SHA1	`6883ce60e71a83424db0b41d0ab6bf61080e3de2`
SHA256	`b10e28a32eddb2ab20a46ceae59d9c0786911eb20f0c8dd2a28421f226ea2b8b`
SHA3	`5e39df982879204dd9f129a37d1e1c2ff906e88de9ae01b4418db5e8455e7ae1`

Version Info

TLS Callbacks

Load Configuration

RICH Header

8417b4461cd30801055c882e7ce486b3

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.idata

.CRT

.rsrc

.reloc

Imports

Delayed Imports

1

2

GETDIRDIALOG

SFXDIALOG

IDI_ICON1

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors