Manalyze report for 88394fa523825b855f25427fde85af84

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2007-Apr-28 08:11:59
Detected languages	English - United States
Debug artifacts	c:\Dev\Xbox360\Xplorer360\Original\Release\Xplorer360.pdb
FileDescription	Xbox 360 File Explorer
FileVersion	`0, 10, 0, 1`
InternalName	Xplorer360
LegalCopyright	Copyright (C) 2006 roofus
OriginalFilename	Xplorer360.exe
ProductName	Xplorer360
ProductVersion	`0, 10, 0, 1`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++ v7.1 EXE` `Microsoft Visual Basic v5.0 - v6.0`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress LoadLibraryA` `Possibly launches other programs: ShellExecuteA` `Can create temporary files: CreateFileA GetTempPathA`
Suspicious	VirusTotal score: 2/64 (Scanned on 2018-04-09 02:14:25)	`Bkav: W32.eHeur.Malware14` `ClamAV: Win.Worm.Bybz-204`

Hashes

MD5	`88394fa523825b855f25427fde85af84`
SHA1	`41601ce45440ac550c65437d1c68a0ddf0d1f38b`
SHA256	`a8d512910cf1fb0fca70e38f543836f4e3ae6c8198988811317642f9ea90f4c1`
SHA3	`6245eb9e64497103dd5f213614cc9e578fcebb0c396256f6b1da5e568d90bd33`
SSDeep	`3072:hHk72nIk6XVMx2k87/f2iQGA1C+bfHK4:dWk6ek172iQGA1C+jK`
Imports Hash	`c26b858e8079c143fb27665ad7e46977`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2007-Apr-28 08:11:59
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`7.0`
SizeOfCode	`0xa000`
SizeOfInitializedData	`0x11000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00009C80 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xb000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x1c000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f70b559b622cd6a0275f979daf356be7`
SHA1	`34474cc1315072bfc6bcd5f603835e12514f3818`
SHA256	`3c40c3c41a17408ee61cf41508121104089ba7b1fd854e6793639d113e405f86`
SHA3	`b9685dda78143d0d0e00cb8a1b56c108e5785fa5c34a674e0dd630ee4552dab0`
VirtualSize	`0x9f7e`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.36405`

.rdata

MD5	`ea273ac1dbde89b69dcbdf40b795a66d`
SHA1	`26b9f8f7e17a1fa95d684101bfd3c444c9692f24`
SHA256	`aa529d7eebc53b0985e00e393e0140c81faa69da9ab7c5d7cdb416d832200909`
SHA3	`4dbd8067c7dfb9642e4add90408ba1eddf86c4e38359b6077960a23724289e21`
VirtualSize	`0x34f2`
VirtualAddress	`0xb000`
SizeOfRawData	`0x4000`
PointerToRawData	`0xb000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.8209`

.data

MD5	`5cc987916644f83da12d2b0924035fdb`
SHA1	`622ceca5e8430151fc3a9b128b06ea307f66e696`
SHA256	`ed55994adbe82ecb5b635a55a0a9623301935c824fb5535447da87c3c63c7525`
SHA3	`52242ed7dbd73919595dcb82f32b8e15fc69adb9c302f547c56fab9b1d2d84b0`
VirtualSize	`0x7b0`
VirtualAddress	`0xf000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xf000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.430593`

.rsrc

MD5	`d93e0c27570f31871b4a402e46cd9fba`
SHA1	`e4981c3c43fec06782520a9eef8d6fa108082e43`
SHA256	`9d81b36beccf48804e2a7e5f12d6f4c39deb501b9b935c2d72902df351cc85fd`
SHA3	`4f485ac7f5f85a2fbcf987a97e345d4f5a832422893312f5665f86e59f4f140c`
VirtualSize	`0xbc98`
VirtualAddress	`0x10000`
SizeOfRawData	`0xc000`
PointerToRawData	`0x10000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.01806`

Imports

SHELL32.dll	`SHFileOperationA` `DragQueryFileA` `ShellExecuteA` `SHGetPathFromIDListA` `SHGetFileInfoA` `SHBrowseForFolderA`
urlmon.dll	`CopyStgMedium`
SETUPAPI.dll	`SetupDiEnumDeviceInterfaces` `SetupDiGetDeviceInterfaceDetailA` `SetupDiDestroyDeviceInfoList` `SetupDiGetClassDevsA`
KERNEL32.dll	`GetStartupInfoA` `ExitProcess` `RaiseException` `GetVersionExA` `DebugBreak` `QueryPerformanceCounter` `GetTickCount` `CreateFileA` `GetLogicalDrives` `GlobalAlloc` `CreateDirectoryA` `SetCurrentDirectoryA` `GlobalFree` `DeviceIoControl` `GetCurrentDirectoryA` `CloseHandle` `GetTempPathA` `GetFileSize` `WaitForSingleObject` `SetEvent` `WriteFile` `CreateEventA` `ReadFile` `GetOverlappedResult` `FindFirstFileA` `GetLastError` `ResetEvent` `FindNextFileA` `GetFileAttributesA` `CreateThread` `GetModuleHandleW` `LoadLibraryW` `GetFileAttributesW` `GetModuleFileNameW` `SetLastError` `GetProcAddress` `LoadLibraryA` `GetModuleHandleA` `OutputDebugStringA` `GetVersion` `lstrlenA` `GlobalLock` `GlobalUnlock` `InitializeCriticalSection` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `CancelIo` `GetCurrentThreadId` `GetCurrentProcessId` `FreeLibrary` `GetProcessHeap` `HeapFree` `GetCurrentProcess` `GetSystemTimeAsFileTime` `GetModuleFileNameA` `HeapAlloc`
USER32.dll	`PeekMessageA` `MessageBoxA` `SetTimer` `GetDlgCtrlID` `LoadCursorA` `CallWindowProcA` `GetSysColorBrush` `EndDialog` `GetDlgItem` `SetWindowLongA` `SetPropA` `RegisterClipboardFormatA` `GetCursorPos` `PostQuitMessage` `SetCapture` `GetKeyState` `GetFocus` `LoadIconA` `wsprintfA` `GetClientRect` `CheckMenuRadioItem` `EnableMenuItem` `DefWindowProcA` `ShowWindow` `ReleaseCapture` `RegisterClassA` `MoveWindow` `GetMessageA` `TranslateMessage` `ChildWindowFromPoint` `DispatchMessageA` `SetWindowTextA` `UpdateWindow` `DialogBoxParamA` `SetDlgItemTextA` `ScreenToClient` `TrackPopupMenu` `GetSubMenu` `GetMenu` `GetWindowTextA` `GetWindowLongA` `CreateWindowExA` `MsgWaitForMultipleObjectsEx` `SetCursor` `GetPropA` `SendMessageA`
GDI32.dll	`SetTextColor` `CreateFontIndirectA` `SetBkMode` `DeleteObject` `SelectObject` `GetObjectA`
comdlg32.dll	`GetOpenFileNameA` `GetSaveFileNameA`
ole32.dll	`RevokeDragDrop` `OleInitialize` `OleUninitialize` `ReleaseStgMedium` `CoCreateInstance` `DoDragDrop` `RegisterDragDrop`
MSVCR71.dll	`_getcwd` `_mkdir` `time` `strncmp` `strlen` `sprintf` `strcat` `_chdir` `_itoa` `_controlfp` `?terminate@@YAXXZ` `__security_error_handler` `_except_handler3` `__set_app_type` `__p__fmode` `__p__commode` `_adjust_fdiv` `__setusermatherr` `_initterm` `__getmainargs` `_amsg_exit` `_acmdln` `exit` `_cexit` `_ismbblead` `vsprintf` `_XcptFilter` `_exit` `_c_exit` `_onexit` `__dllonexit` `_snprintf` `__CxxFrameHandler` `??2@YAPAXI@Z` `??3@YAXPAX@Z` `memcmp` `strcmp` `strncpy` `_stat` `free` `memcpy` `strcpy` `_stricmp` `localtime` `memset`

Delayed Imports

1

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.47861`
MD5	`36530f7f9903bee71ae977a6f6027dd6`
SHA1	`5121aae2bf52187c8c30abe8ef7207cf3591b5f8`
SHA256	`b3e2af1f1977627c6387856926d10a97f14ff775162ff723f26147de9171d3aa`
SHA3	`c73d3c63b5ee6bec94eecc6befdea3ceea0fc87184b959e675af53560d889bb6`

2

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0xb4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.62373`
MD5	`2fa1e5b27780f275780c15bfff7aa5e0`
SHA1	`f17c3b96d73a56f20d809116da8ffb8aa116ce77`
SHA256	`b1a3084998113957e42273ce24371f383e2dd589beb9e4d52644ae38891eefc9`
SHA3	`5180aa125fbf24e7eae226792bc5eda16769529a191cfce5dddc318585b9740c`

111

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x9c6a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.06626`
MD5	`64343750740b367a80eb2ad8a89ef70d`
SHA1	`8c7a02b7ae370c4dd9b9cccf6a7c0a45faf6c9f0`
SHA256	`4d6fa6a26adc2e71ae1e14e762612deccc70cd008f3b8d97df3385630bd271cc`
SHA3	`1044a7fe11db58d99544aada62cb6457edc13c6388f65b0e9e51e29cfd40bda3`
Preview

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.13196`
MD5	`248333bdd0b120e5a25f52a369d39ddf`
SHA1	`7e7ba39a1f1284a643317829e3ed8e4d33e78036`
SHA256	`a0f359f9384c64403164ae5aebd479bb3bdfb2d7fac250ba5b0692a1e3639613`
SHA3	`a1f2bc8feb0b34f1288f1b7b3221b759072703d1f41c977089888fb6707a5fc5`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.99`
MD5	`ba354d7480b4a0341c0097e38ce309ef`
SHA1	`4ebf8b979ea667e92eb62d7159fbffef349bcd1b`
SHA256	`627009377ed08919df3ea9ca9854f6af63959bf00579e915b22e36853b1e7761`
SHA3	`f437ee6bbf13d1f2663d818bfae3097c0cb162de7dd1fda6432935a73be38e67`

101

Type	`RT_MENU`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2a4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.28283`
MD5	`30e106cf91722c7a5802b4c68f9fdbda`
SHA1	`12e5601bfe25835ab6e08e126e2e185599b32cff`
SHA256	`602ff950049b031dac3256bce77dbc2263cb109ab832a51aa4f86403874d285f`
SHA3	`c4581e86c8a1a66715c4f8221ef0688a1564de2f27539b6f4f19dc608f42ad96`

102

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1a2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.32274`
MD5	`c7d22f4a23e7b660422fc8d0ad824db5`
SHA1	`2caac0a8a9b246975d24a7885c6c86888fb10531`
SHA256	`9c1938d1431db832726a231fc8118f0e83a48027a172bfcd9809987aad13a7da`
SHA3	`63fd967bd44700ae3d7a213872f05b9fd0d7a7cb90eb47685998f89c646a9bc4`

112

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.16692`
MD5	`ba73a5002a4976d9dea1b382370c1db0`
SHA1	`fc0db6885eac7572a868b774f9996d8ddf17d0c3`
SHA256	`33903acfe49230fecdf84150bc56aa054f1820f4cb741a56e9b6d0f00374e7cc`
SHA3	`16d79845fab658fd1ecdba083f672446b2a36268c6a660bb0ebd36a2d48564bd`

127

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x180`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.16075`
MD5	`c83725b1a17ffdd73acd9f56df1479e9`
SHA1	`b5c3872c451649d5693d27d2a8c0ab9ac6ef3080`
SHA256	`efc060fa98cb243aa4188517805a7990754eebec260514cd6a6525fd3a01d2cf`
SHA3	`84e79bc942b0c9e48878127b6223eb2444ec7bc76d4aac861b79d047b9f24307`

104

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.05878`
Detected Filetype	Cursor file
MD5	`7e68da438d06972412341d26a0b154e0`
SHA1	`2e8b4399fad4b323487c836ad0ad8b3042ba877d`
SHA256	`1ae3e871bb24efadc5c3ed9b87b902421883b191abb09c3d1033e38d9e538d4b`
SHA3	`d24bacc625f1fc96c0271b4dba4103749c504fb542a9af06709a51eaff6aaf3e`
Preview

110

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.48251`
Detected Filetype	Icon file
MD5	`d754cf71b6437880ac3e9934f6c0bd53`
SHA1	`e2c2d50c621da9b3dd766dee98950140d87394a2`
SHA256	`6d11e578cc598f327e8fd1eb6b0b30275170d6dc833d0c945754a797e6fadf1f`
SHA3	`267b057360fe5084f35aa1410ad73b31882edaff258d8892c6c0a42350208ea1`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.36196`
MD5	`e7024082a1855758748bf2ed725b4496`
SHA1	`b73e8146bb53218819d0a18112da2597e04bfd0a`
SHA256	`e225b3f4529d13fffe37290c329b33e4587197a7ef8b87f3d49fe8bacb72b277`
SHA3	`392d2dfc46106cb15d8880c8d3a5c155ebda5218903e404af825d6c0cdfc0e4a`

2 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2c5`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.88748`
MD5	`9b9661ccead44068668d4ddfaf1818aa`
SHA1	`77a4a811c98aa874841458fad084675343defbaf`
SHA256	`95806a900f2994907daac91239e6a5c5404532d519e646c440bf782705f1ebbb`
SHA3	`c75425185c442a94e81e4256a0db69cbb6839b323d8451a01c0a2a3a82462123`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.10.0.1
ProductVersion	0.10.0.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
FileDescription	Xbox 360 File Explorer
FileVersion (#2)	0, 10, 0, 1
InternalName	Xplorer360
LegalCopyright	Copyright (C) 2006 roofus
OriginalFilename	Xplorer360.exe
ProductName	Xplorer360
ProductVersion (#2)	0, 10, 0, 1

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2007-Apr-28 08:11:59
Version	`0.0`
SizeofData	`82`
AddressOfRawData	`0xd470`
PointerToRawData	`0xd470`
Referenced File	c:\Dev\Xbox360\Xplorer360\Original\Release\Xplorer360.pdb

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x40f040`
SEHandlerTable	`0x40d4d0`
SEHandlerCount	`6`

RICH Header

XOR Key	`0xd7b93e77`
Unmarked objects	`0`
105 (2067)	`5`
Imports (VS2003 (.NET) build 3077)	`2`
ASM objects (VS2003 (.NET) build 3077)	`7`
C objects (VS2003 (.NET) build 3077)	`15`
C++ objects (VS2003 (.NET) build 3077)	`11`
Total imports	`175`
Imports (VS2003 (.NET) build 4035)	`17`
C objects (VS2003 (.NET) build 4035)	`4`
100 (VS2003 (.NET) build 3077)	`16`
94 (VS2003 (.NET) build 3052)	`1`
Linker (VS2003 (.NET) build 3077)	`1`

88394fa523825b855f25427fde85af84

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

Imports

Delayed Imports

1

2

111

3

4

101

102

112

127

104

110

1 (#2)

2 (#2)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors