Manalyze report for 8d757c7eaa2b87b9894fb778b81e4e51

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Mar-12 17:04:31
Detected languages	English - United States Russian - Russia
CompanyName	Skylon Software
FileDescription	Diaries Manager
FileVersion	`1.0.8.6`
InternalName	RND
LegalCopyright	Copyright © 2009-2023 Skylon Software
OriginalFilename	Редактор дневников.exe
ProductName	Редактор неструктурированных дневников
ProductVersion	`1.0.8.6`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	Interesting strings found in the binary:	`Contains domain names: http://skylon.ucoz.net http://skylon.ucoz.net/ http://skylon.ucoz.net/main.htm?%u https://www.scintilla.org https://www.scintilla.org/ inbox.ru scintilla.org skylon.ucoz.net www.scintilla.org`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryExW LoadLibraryA GetProcAddress` `Can access the registry: RegCreateKeyExW RegSetValueExW RegOpenKeyExW RegDeleteValueW RegQueryValueExW RegCloseKey` `Possibly launches other programs: ShellExecuteW ShellExecuteA` `Leverages the raw socket API to access the Internet: htons recv connect socket send WSAStartup gethostbyname closesocket WSACleanup` `Can take screenshots: GetDC CreateCompatibleDC BitBlt` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`8d757c7eaa2b87b9894fb778b81e4e51`
SHA1	`745942dc3e060c648b3092f6e950fdedb384eb8c`
SHA256	`31fc0c2886933c763553bae552a60f21fc44247f24ea9ea18442dd498fed5a88`
SHA3	`73a3264607c87d1d4a455434f2858fac6cd6895bf64080f865b9b093804ebe69`
SSDeep	`12288:iAKo9F2aLpKbG3A2tihUSPNsM1yYQbMzZRNO9/GPB:Ac2aLpKa9tSNLyhb+ZRc0Z`
Imports Hash	`b67c3384ca3b28783def055f8302d072`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2025-Mar-12 17:04:31
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x75a00`
SizeOfInitializedData	`0x3a000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00058CF0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x77000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0xb2000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`23a0cf175a7103edcf5429a8183b584f`
SHA1	`0ec06337b64bd3a1cb6943ad43d39a8e97531e26`
SHA256	`67200b227c02bd6c68031d94eaae32798331b7493a9b87f867fbddc3b24e7a16`
SHA3	`08527df96f5c9e41e0885cb9f7e5a22b746d1e17fb520583d55d2c0c277f329a`
VirtualSize	`0x75893`
VirtualAddress	`0x1000`
SizeOfRawData	`0x75a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.68637`

.rdata

MD5	`211c61c062b7e1aafac563215ec0cb82`
SHA1	`40117df9228cc7217bae1102ca8ce2a9edf3123f`
SHA256	`302d48a4b3f023a614a070bc9e8ec191b318802ba57cc0d7816bd695fdae6d40`
SHA3	`3da355b5d913febba9fb5cb26bdf9966c7caebab427fb362303628fc95b38d37`
VirtualSize	`0x1cefa`
VirtualAddress	`0x77000`
SizeOfRawData	`0x1d000`
PointerToRawData	`0x75e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.48965`

.data

MD5	`b7f2176cba4df6362dc8f61fc8dc5bfe`
SHA1	`8b479b4b1b758e40745a416cb64693d0e21d0628`
SHA256	`1f2cf200fd321c0e5f1ffb21dbcd1d31f8f8c73c52343ea47d96cf0846848750`
SHA3	`c784ae555c2ca84a4fb620a4fd5fbf32da648e22daa01a20f23a03c2ed54784f`
VirtualSize	`0x4cfc`
VirtualAddress	`0x94000`
SizeOfRawData	`0x2400`
PointerToRawData	`0x92e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.24014`

.rsrc

MD5	`d6d749394fd713f6f87d20aa93645e97`
SHA1	`895da0e836ede36c67713b989ce778e7f317acb4`
SHA256	`4467b79a06faebd510e463eff1e131fd4bf2ffe1ce41862091055a97d8922a6f`
SHA3	`3a7bbff292e4fd55644a162367512c59bb0c5b926087480b92cfcff17cc597c5`
VirtualSize	`0x128a8`
VirtualAddress	`0x99000`
SizeOfRawData	`0x12a00`
PointerToRawData	`0x95200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.62622`

.reloc

MD5	`1fd2e4a222174127f85789adc7cdad76`
SHA1	`d91edb68f7ad5f9248dfbd3a71d717f6ecf9e272`
SHA256	`974e51d26dee0077f80df5017b2afb77bce79dfbe938ad2d3fcdba079c4a1d49`
SHA3	`df01f038e91047c54c2569baddcf972c604a262f4970c089a6654e9d4bad71cf`
VirtualSize	`0x5684`
VirtualAddress	`0xac000`
SizeOfRawData	`0x5800`
PointerToRawData	`0xa7c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.55894`

Imports

WS2_32.dll	`htons` `recv` `connect` `socket` `send` `WSAStartup` `gethostbyname` `closesocket` `WSACleanup`
COMCTL32.dll	`#8` `InitCommonControlsEx`
KERNEL32.dll	`GetConsoleCP` `CloseHandle` `HeapFree` `GetFileType` `GetACP` `GetModuleHandleExW` `GetModuleFileNameA` `WriteFile` `GetStdHandle` `GetLastError` `RaiseException` `RtlUnwind` `GetStartupInfoW` `IsDebuggerPresent` `InitializeSListHead` `GetCurrentThreadId` `HeapReAlloc` `IsProcessorFeaturePresent` `TerminateProcess` `GetCurrentProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `CompareStringW` `DecodePointer` `EncodePointer` `GetSystemTimeAsFileTime` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `InitializeCriticalSectionAndSpinCount` `SetLastError` `GetStringTypeW` `QueryPerformanceFrequency` `QueryPerformanceCounter` `GetConsoleMode` `IsValidLocale` `GetUserDefaultLCID` `EnumSystemLocalesW` `HeapAlloc` `ReadFile` `ReadConsoleW` `FindClose` `FindFirstFileExA` `FindNextFileA` `IsValidCodePage` `GetOEMCP` `GetCommandLineA` `GetCPInfo` `GetCommandLineW` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `LoadLibraryExW` `FreeLibrary` `DeleteCriticalSection` `LoadLibraryA` `InitializeCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `GetTickCount` `GetModuleHandleW` `LCMapStringW` `GetProcAddress` `GlobalSize` `Sleep` `GetLocaleInfoA` `MulDiv` `GlobalUnlock` `SetEndOfFile` `WideCharToMultiByte` `ExitProcess` `GlobalLock` `GetLocalTime` `FindResourceW` `LoadResource` `GlobalFree` `GlobalAlloc` `MultiByteToWideChar` `GetVersion` `GetLocaleInfoW` `lstrlenW` `SetStdHandle` `GetProcessHeap` `SetFilePointerEx` `CreateFileW` `FlushFileBuffers` `WriteConsoleW` `HeapSize` `GetCurrentProcessId`
USER32.dll	`MapWindowPoints` `GetDoubleClickTime` `FrameRect` `DestroyMenu` `SystemParametersInfoA` `DrawTextW` `CreateIconIndirect` `GetWindowLongW` `SetScrollInfo` `RegisterClipboardFormatW` `GetIconInfo` `GetUpdateRgn` `GetDC` `HideCaret` `GetMonitorInfoW` `DrawTextA` `TrackPopupMenu` `InvalidateRect` `MonitorFromPoint` `GetWindowTextW` `UpdateWindow` `GetParent` `CreateMenu` `PostQuitMessage` `AppendMenuW` `GetDlgItem` `GetClientRect` `FillRect` `InflateRect` `MonitorFromRect` `GetKeyState` `DestroyCaret` `ScreenToClient` `GetSystemMetrics` `NotifyWinEvent` `GetScrollInfo` `MsgWaitForMultipleObjects` `RegisterClassExW` `SetCaretPos` `OpenClipboard` `SetTimer` `GetDlgCtrlID` `ClientToScreen` `CloseClipboard` `EmptyClipboard` `IsChild` `CreateCaret` `ValidateRect` `TrackMouseEvent` `GetKeyboardLayout` `GetMessageTime` `GetClipboardData` `CreateDialogIndirectParamA` `SetCapture` `SetClipboardData` `SetCursor` `AppendMenuA` `IsClipboardFormatAvailable` `GetCaretBlinkTime` `ShowCaret` `KillTimer` `SystemParametersInfoW` `PtInRect` `ReleaseCapture` `ReleaseDC` `GetCursorPos` `BeginPaint` `EndPaint` `GetMessageW` `DefWindowProcW` `AdjustWindowRectEx` `CallWindowProcW` `PostMessageW` `GetWindowRect` `DestroyWindow` `SetWindowPos` `MessageBoxW` `CreateWindowExW` `DeleteMenu` `SendMessageW` `SetWindowTextW` `CreatePopupMenu` `ShowWindow` `DispatchMessageW` `RegisterClassW` `GetSysColor` `MoveWindow` `SetMenu` `CreateAcceleratorTableW` `SetFocus` `TranslateAcceleratorW` `TranslateMessage` `LoadIconW` `LoadCursorW` `SendMessageA` `wsprintfW` `SetWindowLongW` `CheckMenuItem`
GDI32.dll	`CombineRgn` `SelectObject` `StartPage` `EndDoc` `CreateFontW` `GetStockObject` `GetDeviceCaps` `GetTextMetricsW` `DeleteDC` `SetTextColor` `Rectangle` `SetBkColor` `DeleteObject` `CreateBitmap` `ExtTextOutW` `StartDocW` `DPtoLP` `EndPage` `SetBkMode` `GetTextExtentPoint32W` `CreatePatternBrush` `GetTextExtentExPointA` `StretchBlt` `GetTextExtentExPointW` `CreateCompatibleDC` `GetTextExtentPoint32A` `CreateDIBSection` `ExtTextOutA` `CreateCompatibleBitmap` `BitBlt` `GetNearestColor` `CreateRectRgn` `CreateRectRgnIndirect` `IntersectClipRect` `CreateFontIndirectW` `RoundRect` `CreateSolidBrush` `Ellipse` `MoveToEx` `Polygon` `GetObjectW` `SetTextAlign` `CreatePen` `LineTo`
COMDLG32.dll	`PrintDlgExW` `PageSetupDlgW` `GetSaveFileNameW` `GetOpenFileNameW`
ADVAPI32.dll	`RegCreateKeyExW` `RegSetValueExW` `RegOpenKeyExW` `RegDeleteValueW` `RegQueryValueExW` `RegCloseKey`
SHELL32.dll	`DragAcceptFiles` `ShellExecuteW` `DragQueryFileW` `ShellExecuteA`
ole32.dll	`ReleaseStgMedium` `OleUninitialize` `DoDragDrop` `OleInitialize` `RegisterDragDrop` `RevokeDragDrop` `CoCreateInstance` `CLSIDFromProgID`
OLEAUT32.dll	`SysAllocString` `SysFreeString`
MSIMG32.dll	`AlphaBlend`
IMM32.dll	`ImmNotifyIME` `ImmSetCandidateWindow` `ImmEscapeW` `ImmGetCompositionStringW` `ImmSetCompositionWindow` `ImmSetCompositionFontW` `ImmReleaseContext` `ImmGetContext` `ImmSetCompositionStringW`

Delayed Imports

101

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0xb07c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.45822`
MD5	`ec6c0c646cb988d2c2a3f3e3b3925b73`
SHA1	`a2391ec56f4993d194becf4f2fd782fadcd96aee`
SHA256	`81dd85dfe9e57ab8be5b01941b06c39fb0c9a1a9ae56fdf1318ae9a9e46aad80`
SHA3	`c2038ee007559c7bc8fee7bc14a4db5b9ff5949600ac561b29682c817e598c8f`
Preview

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6791`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.95864`
Detected Filetype	PNG graphic file
MD5	`fa047dfd3ca0ed23c2173b9c766b6db2`
SHA1	`0efb3fe35db309b76ad58901744b6c45dbfe43fd`
SHA256	`b069075e6e0e7e5f433d568fd8a8cbd77d9131821d1f2044bb8d47d0aff9a4c5`
SHA3	`4df745766bd64778931615c9e19bd39d024b56dc112ccfb6f841b13f25b36d99`

250

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8f8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.49577`
MD5	`660df252f7570bad589236ffe97570d2`
SHA1	`5ce1445304c1dbdfb158fe4d056093b5c99b82d9`
SHA256	`b45dbb02fff7a827465a7d86db509ba313728dc0f43d6d589fb2c84d432a3afd`
SHA3	`3d213a2d877ecfae2bc53320b464342ae72a47ce93aa67f93d2f37c328be170d`

MAINICON

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.7815`
Detected Filetype	Icon file
MD5	`a498f3441e3b198bd655c3496faf5664`
SHA1	`b5b5ff38ba44e9f9858b6306eb4a201fa1231203`
SHA256	`9892654efb819d23a4d78077aa1e700914ce9a577988822e50f9ec5dafabbc48`
SHA3	`0a037c841997a875d4bd15c182c7395a2f563bddbf37513a50e9b3415f1271f0`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x328`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.79624`
MD5	`df8b70d53040598bf8f7f81e4c67ca8c`
SHA1	`f8d51408a5b08e28207f02460c3b4226d5243868`
SHA256	`2233d12cf0be41a8cd270e3356529383ff1039fab4993c16af4d78b5863f9583`
SHA3	`7ed997db452520749399c3ba2aad4155b92b0a1d2032c30e50106008dee84a8f`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x274`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00934`
MD5	`9fffc81f7cb3c76097db6a7397450850`
SHA1	`8528bea71cbc1b5494c4cdc975278612ee4b0243`
SHA256	`41f146d5cb10313fc2a7be20f31847bc1877197cbfe76ea594ee77df1f1f749c`
SHA3	`fd26b033cc34d5a240ce51ae7480a12084aeed8b70cf1fa6c956256bb0f6f984`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.8.6
ProductVersion	1.0.8.6
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	Russian - Russia
CompanyName	Skylon Software
FileDescription	Diaries Manager
FileVersion (#2)	1.0.8.6
InternalName	RND
LegalCopyright	Copyright © 2009-2023 Skylon Software
OriginalFilename	Редактор дневников.exe
ProductName	Редактор неструктурированных дневников
ProductVersion (#2)	1.0.8.6

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Mar-12 17:04:31
Version	`0.0`
SizeofData	`808`
AddressOfRawData	`0x8e0ac`
PointerToRawData	`0x8ceac`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2025-Mar-12 17:04:31
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0xa0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x494074`
SEHandlerTable	`0x48dc70`
SEHandlerCount	`271`

RICH Header

XOR Key	`0xf971f5fd`
Unmarked objects	`0`
241 (40116)	`15`
243 (40116)	`146`
242 (40116)	`33`
ASM objects (VS 2015/2017 runtime 26706)	`22`
C++ objects (VS 2015/2017 runtime 26706)	`57`
C objects (VS 2015/2017 runtime 26706)	`35`
C objects (VS2008 SP1 build 30729)	`3`
Total imports	`299`
Imports (VS2008 SP1 build 30729)	`25`
C++ objects (LTCG) (27053)	`43`
Resource objects (27053)	`1`
Linker (27053)	`1`

8d757c7eaa2b87b9894fb778b81e4e51

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

101

1

250

MAINICON

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors