Manalyze report for 8c6426936652a7713dc7bfde0ac1a6ba

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2009-Apr-15 00:53:52
Detected languages	English - United States
Comments	Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
CompanyName	Apache Software Foundation
FileDescription	ApacheBench command line utility
FileVersion	`2.2.14`
InternalName	ab.exe
LegalCopyright	Copyright 2009 The Apache Software Foundation.
OriginalFilename	ab.exe
ProductName	Apache HTTP Server
ProductVersion	`2.2.14`

Suspicious	PEiD Signature:	`UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX v2.0 -> Markus, Laszlo & Reiser (h)` `UPX -> www.upx.sourceforge.net` `UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser`
Suspicious	The PE is packed with UPX	`Unusual section name found: UPX0` `Section UPX0 is both writable and executable.` `Unusual section name found: UPX1` `Section UPX1 is both writable and executable.` `The PE only has 8 import(s).`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Leverages the raw socket API to access the Internet: WSARecv`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

MD5	`8c6426936652a7713dc7bfde0ac1a6ba`
SHA1	`dfeae305c65d755fdb173dc6e19a3dfb6bd16b91`
SHA256	`1d0a50465fb95f70f2dbff09c6b61bd417190ed7a58472ff30a4c43df11242a7`
SHA3	`509efb1ddb017f0300b07c6fed7341afbaa86dce15e5ae437969b7aad43c7081`
SSDeep	`768:IgEl/G+5p2RRDfGH0liWQKHCNZfBSnpwAqYAqfyCq3:IRGQ2R7iLKHCjBSGAqYdtq3`
Imports Hash	`f18a6e1bbaa35e02773bf618ad77c915`

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2009-Apr-15 00:53:52
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xc000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

MD5	`93b55ce7b51168ca907c12fce5810e55`
SHA1	`5c138552a78af06e3bf6bfd04d157003c95e4c43`
SHA256	`4c6e0da0d589b1160273f022dc521e7cd23284ba183a2ea38991c8b455ce84c3`
SHA3	`c9d2fa99ae7544be61b91b66638f55a8afb2f14225f4b5f0579804c8b0755d64`
VirtualSize	`0xb000`
VirtualAddress	`0xd000`
SizeOfRawData	`0xaa00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.91891`

MD5	`af80b1dba5cefe4ae931c57a73eddc1d`
SHA1	`a73e0eb35f39bf2527d8910e9f59befe4ab9ba8d`
SHA256	`47416b17a3104ee6a695cf9eaf9e1f09278fd999299ab330efab8bb82bec2a26`
SHA3	`2253788176a7e81ff5d46ba378efae031994282561cecd06bc7d51ab9fcb22ab`
VirtualSize	`0x1000`
VirtualAddress	`0x18000`
SizeOfRawData	`0xa00`
PointerToRawData	`0xae00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.35099`

ADVAPI32.dll	`FreeSid`
KERNEL32.DLL	`LoadLibraryA` `ExitProcess` `GetProcAddress` `VirtualProtect`
MSVCRT.dll	`_iob`
WS2_32.dll	`WSARecv`
WSOCK32.dll	`#111`

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2.2.14.0
ProductVersion	2.2.14.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
Comments	Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
CompanyName	Apache Software Foundation
FileDescription	ApacheBench command line utility
FileVersion (#2)	2.2.14
InternalName	ab.exe
LegalCopyright	Copyright 2009 The Apache Software Foundation.
OriginalFilename	ab.exe
ProductName	Apache HTTP Server
ProductVersion (#2)	2.2.14

Resource LangID	English - United States

XOR Key	`0x859e59d7`
Unmarked objects	`0`
12 (7291)	`4`
14 (7299)	`9`
C objects (8047)	`11`
Linker (8047)	`3`
Total imports	`201`
Imports (2179)	`8`
48 (9044)	`40`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

[*] Warning: Section UPX0 has a size of 0!