Manalyze report for 84228d47830b8d353b7849867d98405f

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	1970-Jan-13 18:42:02
TLS Callbacks	2 callback(s) detected.

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: constexpr.org gcc.gnu.org http://gcc.gnu.org http://gcc.gnu.org/bugs.html http://innoextract.constexpr.org http://innoextract.constexpr.org/issues innoextract.constexpr.org www.gog.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1`
Suspicious	The PE is possibly packed.	`Unusual section name found: /4`
Info	The PE contains common functions which appear in legitimate applications.	`Possibly launches other programs: CreateProcessW`
Suspicious	The file contains overlay data.	`19 bytes of data starting at offset 0x10b600.`
Suspicious	VirusTotal score: 1/68 (Scanned on 2021-09-15 00:18:44)	`MaxSecure: Trojan.Malware.300983.susgen`

Hashes

MD5	`84228d47830b8d353b7849867d98405f`
SHA1	`b95e5913bcb7c8a2b03d6c8642286b017651748d`
SHA256	`9ebc66d15c09613fb41efae7b16d2ec6ac2dbeb80d1d8d92b7eb37f30f3e498b`
SHA3	`ac73d12c5e2bffdd3dd9c48d4d8c0b0da564e3bf800d5bc48916109f388bd9c4`
SSDeep	`24576:N7pZeppaiy1Kg7SRYBuJDwaBlFaAKQTBwn6eaj8gn005e162IwomT2rOA:IpcKxRYBwMAKQTBCupbLwomTO`
Imports Hash	`39a47ed5fdc0ff10d72a34c7a09c20c1`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	1970-Jan-13 18:42:02
PointerToSymbolTable	`0x10b600`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0xe9c00`
SizeOfInitializedData	`0x10b200`
SizeOfUninitializedData	`0x1000`
AddressOfEntryPoint	`0x000014E0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xeb000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x112000`
SizeOfHeaders	`0x400`
Checksum	`0x113ecf`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a55b4de992f971b9ab52a47cd9390b7f`
SHA1	`22143d6efd39cffbf39b65cb044185866405e166`
SHA256	`2164e1ddf396ce3e0daf7274b84c4e52bddd781cda70df227a31b9601d14b8c3`
SHA3	`2f0fd74fdfed8546ab122cf98f13f2ebd871571b2fa8254eda6e435669f449c3`
VirtualSize	`0xe9a40`
VirtualAddress	`0x1000`
SizeOfRawData	`0xe9c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.27195`

.data

MD5	`3e29b304b6ce5e17248f2713f8d01c9d`
SHA1	`052203f553b33c2988aa1a848c081877ee559613`
SHA256	`e84ecf120f88f9f10738f0fcda970a83f79ee4830a32b7ac57bf8c3d285a0566`
SHA3	`622e6e7b4197552d2fdc71283f055573c0062d8ba35c19cadba64b6d78b83695`
VirtualSize	`0x5750`
VirtualAddress	`0xeb000`
SizeOfRawData	`0x5800`
PointerToRawData	`0xea000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.17131`

.rdata

MD5	`6980b1068c3b5db654ff3b979929d519`
SHA1	`a9c68a9691b6b9df19a3c9dee6a74ea183538689`
SHA256	`ce1b02e0eadbcdd0e16e6846facb9412696ef866a7509a47fd50652a94c8c91e`
SHA3	`8a610489940a5831fd2448095119978a21c0652004b17e1ed6dc09e838d3be86`
VirtualSize	`0x1a318`
VirtualAddress	`0xf1000`
SizeOfRawData	`0x1a400`
PointerToRawData	`0xef800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.74807`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xf40`
VirtualAddress	`0x10c000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`0bd6f4048b6a54bba0650f5099eb7a66`
SHA1	`0a3de98b546d27574f27c70888537f8d01accafb`
SHA256	`62718c5f13fa395e8bf9d7aef06a89efe37953472ec1e508a9e2c8e853b9aca2`
SHA3	`de91d25d10503258556ecb7b2c3abe9cefff515e7803204c1143d0ae9b55e73c`
VirtualSize	`0x129c`
VirtualAddress	`0x10d000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x109c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.09786`

.CRT

MD5	`5bcadb846986fd9139f28faa6774e156`
SHA1	`b2ecd497b2f62dec9e5a37bfce5047da22999cfe`
SHA256	`15916b634118bb0b6e1e79d8db6f109ec2bd7ba522fa1471dea58cbba3c8187c`
SHA3	`d76dca9694226f66728a79a3a70f747be67f297e14537938587134ef173efc48`
VirtualSize	`0x34`
VirtualAddress	`0x10f000`
SizeOfRawData	`0x200`
PointerToRawData	`0x10b000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.254511`

.tls

MD5	`a369353f28dbb6722a82defa6e3e496c`
SHA1	`a21c9e95e3a92671c056da909c1a9fca35925932`
SHA256	`33aef5ef21394e6c956b15ece28a548e6fff741768bc59b3f6becfaf55d1eaa0`
SHA3	`ede0c4817b909420083d55ecc0ab8cc926355f2b71cd7db9cea3a6c9fa84d174`
VirtualSize	`0x20`
VirtualAddress	`0x110000`
SizeOfRawData	`0x200`
PointerToRawData	`0x10b200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.175526`

/4

MD5	`d2689108adb05ddc78b2e8d6199c2c55`
SHA1	`6fca76cd8ca22c26a5daca12a2260ca92c7f1a35`
SHA256	`28db1b78fd690562c1c6ef1e33855f8ba273d2d00359b9995f093aed94f354d4`
SHA3	`e367f278251430ef40f3b815b4eb093384d273f9b8d66fabc178fe79798a347e`
VirtualSize	`0x1c`
VirtualAddress	`0x111000`
SizeOfRawData	`0x200`
PointerToRawData	`0x10b400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.476899`

Imports

KERNEL32.dll	`AreFileApisANSI` `CloseHandle` `CopyFileW` `CreateDirectoryExW` `CreateDirectoryW` `CreateFileA` `CreateFileW` `CreateProcessW` `CreateSemaphoreW` `DeleteCriticalSection` `DeleteFileW` `DeviceIoControl` `EnterCriticalSection` `FileTimeToSystemTime` `FillConsoleOutputAttribute` `FillConsoleOutputCharacterW` `FindClose` `FindFirstFileW` `FindNextFileW` `FormatMessageA` `GetCommandLineW` `GetConsoleMode` `GetConsoleScreenBufferInfo` `GetCurrentDirectoryW` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThreadId` `GetDiskFreeSpaceExW` `GetEnvironmentVariableW` `GetFileAttributesExW` `GetFileAttributesW` `GetFileInformationByHandle` `GetFileTime` `GetFullPathNameW` `GetLastError` `GetModuleHandleA` `GetModuleHandleW` `GetProcAddress` `GetStartupInfoA` `GetStdHandle` `GetSystemTimeAsFileTime` `GetTickCount` `GetTimeZoneInformation` `GetWindowsDirectoryW` `InitializeCriticalSection` `IsDBCSLeadByteEx` `LeaveCriticalSection` `LocalFree` `MoveFileExW` `MultiByteToWideChar` `QueryPerformanceCounter` `ReadFile` `ReleaseSemaphore` `RemoveDirectoryW` `ScrollConsoleScreenBufferW` `SetConsoleCtrlHandler` `SetConsoleCursorPosition` `SetConsoleTextAttribute` `SetConsoleWindowInfo` `SetCurrentDirectoryW` `SetEndOfFile` `SetEnvironmentVariableA` `SetFileAttributesW` `SetFilePointer` `SetFilePointerEx` `SetFileTime` `SetLastError` `SetUnhandledExceptionFilter` `Sleep` `SystemTimeToFileTime` `TerminateProcess` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `UnhandledExceptionFilter` `VirtualProtect` `VirtualQuery` `WaitForSingleObject` `WideCharToMultiByte` `WriteConsoleW` `WriteFile`
msvcrt.dll	`__dllonexit` `__doserrno` `__getmainargs` `__initenv` `__lconv_init` `__mb_cur_max` `__pioinfo` `__set_app_type` `__setusermatherr` `_acmdln` `_amsg_exit` `_cexit` `_errno` `_filelengthi64` `_fileno` `_fmode` `_get_osfhandle` `_initterm` `_iob` `_lock` `_lseeki64` `_onexit` `mktime` `gmtime` `_strnicmp` `_tzset` `_unlock` `calloc` `exit` `fclose` `ferror` `fflush` `fgetc` `fgetpos` `fopen` `fprintf` `fputc` `fputs` `fread` `free` `fsetpos` `fwrite` `getc` `getenv` `getwc` `ispunct` `isspace` `iswctype` `localeconv` `malloc` `memchr` `memcmp` `memcpy` `memmove` `memset` `putc` `putwc` `realloc` `setlocale` `signal` `sprintf` `strchr` `strcmp` `strcoll` `strerror` `strftime` `strlen` `strncmp` `strxfrm` `_write` `abort` `tolower` `towlower` `towupper` `ungetc` `ungetwc` `vfprintf` `wcscoll` `wcsftime` `wcslen` `wcsxfrm` `atoi` `_write` `_setmode` `_fileno` `_fdopen`
SHELL32.dll	`CommandLineToArgvW`

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData	`0x510000`
EndAddressOfRawData	`0x51001c`
AddressOfIndex	`0x50c02c`
AddressOfCallbacks	`0x50f020`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x0040E400` `0x0040E3B0`

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Section .bss has a size of 0!