Manalyze report for 8d973e393328944a9505537747e4287e

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2021-Feb-11 10:52:58
Detected languages	English - United States
CompanyName	UG North
FileDescription	Kernel Driver Utility
FileVersion	`1.0.2.2102`
InternalName	Hamakaze.exe
LegalCopyright	Copyright (C) 2020 - 2021 KDU Project
OriginalFilename	Hamakaze.exe
ProductName	KDU
ProductVersion	`1.0.2.2102`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: %temp% CurrentControlSet\Services`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to AES`
Suspicious	The PE is possibly packed.	`Unusual section name found: iris`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExA LoadLibraryExW LdrLoadDll` `Functions which can be used for anti-debugging purposes: NtQuerySystemInformation` `Can access the registry: RegCreateKeyExW RegEnumKeyExW RegSetValueExW RegOpenKeyExW RegSetKeyValueW RegCloseKey RegOpenKeyW RegDeleteKeyW` `Uses Windows's Native API: NtLoadDriver NtCreateFile NtQueryDirectoryObject NtOpenDirectoryObject NtFlushBuffersFile NtUnloadDriver NtWriteFile NtOpenProcessToken NtAdjustPrivilegesToken NtOpenProcess NtDuplicateObject NtSetSecurityObject NtDeviceIoControlFile NtQuerySystemInformation NtClose` `Manipulates other processes: NtOpenProcess`
Info	The PE's resources present abnormal characteristics.	`Resource 100 is possibly compressed or encrypted.` `Resource 103 is possibly compressed or encrypted.` `Resource 105 is possibly compressed or encrypted.` `Resource 106 is possibly compressed or encrypted.` `Resource 107 is possibly compressed or encrypted.` `Resource 108 is possibly compressed or encrypted.` `Resource 109 is possibly compressed or encrypted.` `Resource 110 is possibly compressed or encrypted.` `Resource 111 is possibly compressed or encrypted.` `Resource 112 is possibly compressed or encrypted.`
Malicious	VirusTotal score: 38/69 (Scanned on 2021-04-05 19:27:59)	`FireEye: Trojan.GenericKD.36422379` `CAT-QuickHeal: Trojan.Kdu` `McAfee: RDN/Generic PUP.z` `Cylance: Unsafe` `Zillya: Tool.KDU.Win64.724` `K7AntiVirus: Trojan ( 00572ba41 )` `K7GW: Trojan ( 00572ba41 )` `Cybereason: malicious.933289` `Cyren: W64/Trojan.OJHG-0833` `Symantec: Trojan.Gen.2` `ESET-NOD32: a variant of Win64/Riskware.KDU.A` `TrendMicro-HouseCall: TROJ_FRS.VSNW03C21` `Kaspersky: HEUR:HackTool.Win64.KernelDrUtil.gen` `BitDefender: Trojan.GenericKD.36422379` `Paloalto: generic.ml` `MicroWorld-eScan: Trojan.GenericKD.36422379` `Ad-Aware: Trojan.GenericKD.36422379` `Emsisoft: Trojan.GenericKD.36422379 (B)` `VIPRE: Trojan.Win32.Generic!BT` `TrendMicro: TROJ_FRS.VSNW03C21` `McAfee-GW-Edition: RDN/Generic PUP.z` `Sophos: Generic PUA NA (PUA)` `GData: Trojan.GenericKD.36422379` `Webroot: W32.Malware.Gen` `MAX: malware (ai score=99)` `Gridinsoft: Trojan.Heur!.02014023` `Arcabit: Trojan.Generic.D22BC2EB` `ZoneAlarm: HEUR:HackTool.Win64.KernelDrUtil.gen` `Microsoft: PUA:Win32/Presenoker` `AhnLab-V3: Malware/Win64.Generic.C4370492` `ALYac: Trojan.GenericKD.36422379` `Malwarebytes: Malware.AI.2509818333` `Rising: PUA.Presenoker!8.F608 (CLOUD)` `Yandex: Trojan.Igent.bVumLh.27` `Fortinet: Riskware/Generic_PUA_NA` `MaxSecure: Trojan.Malware.115606560.susgen` `Panda: Trj/Agent.AJS` `Qihoo-360: Win64/HackTool.Generic.HgEASRgA`

Hashes

MD5	`8d973e393328944a9505537747e4287e`
SHA1	`d033356bae086f5566f80601d086203d3cdcecb2`
SHA256	`59820ce4905819c5be34e863f8301c052fac0d25dfcaa0f0cde1309ca44aced2`
SHA3	`d903db28d2d45c6a35aa8e1cbd83357916811326dc2e684a7f500d7b8b280bbb`
SSDeep	`3072:vFzXSmhECndqixM5yOj4cwN4geUVhcRWwjYzGxZbqM8TwxAwcvTQ5pP3YNoNBWP:dXMNi+rdSmDxAwt5pfYNoNoDKP`
Imports Hash	`7198bb6ef9515f83101210c7a19822bf`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`8`
TimeDateStamp	2021-Feb-11 10:52:58
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x19e00`
SizeOfInitializedData	`0x34e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000007670 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x55000`
SizeOfHeaders	`0x400`
Checksum	`0x4eeff`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`1e84e0eda0affe8b2c431b850848c0cd`
SHA1	`9262f39bcfdbd7c415557a38c62ac1a00596a88d`
SHA256	`179ac8da861dd54c3758c009bdd46654e9402e720eafcff4473453ef66e53f94`
SHA3	`603ae6eb7cc87889af9d25a53b11bb624b277dff401a19cb2a60a4905a6919a7`
VirtualSize	`0x19d90`
VirtualAddress	`0x1000`
SizeOfRawData	`0x19e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.49818`

.rdata

MD5	`3b2c7489f6636a6e8def0856070044b5`
SHA1	`6f68239a6f076cd74d10948d553c4b3a58563b9d`
SHA256	`df745c30cdae5ee6468aea3bf059056d8396e50d6662b28cfae7305a7357f595`
SHA3	`ec6cd47143cad1c7979c75c11f94e543863a552505260f0c29e31a6282b16e7b`
VirtualSize	`0xd2e6`
VirtualAddress	`0x1b000`
SizeOfRawData	`0xd400`
PointerToRawData	`0x1a200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.16277`

.data

MD5	`81b0b1496161b38f3daf8b6752c23298`
SHA1	`f51fd2064d5e44a125302eb07a9c7c978f822f7b`
SHA256	`478361309a869aa9777eb9b220a529ed23021ab6106d3019478458be2dfd462f`
SHA3	`d97818b3538e3834e1e2578139be8441098e93135a7a58b2f9d92240f608fec5`
VirtualSize	`0x2358`
VirtualAddress	`0x29000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x27600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.964`

.pdata

MD5	`c181fe2599209bf3324c3a4f1e0258d7`
SHA1	`be4930ea5a7dfde49530dd12d32fe0866a2e682e`
SHA256	`f8906abe4f2e3157bfe78eed5e54fada87c15fdd3c2f0a5fc870c74e85d051aa`
SHA3	`034c8cb759c1ca92f89ca0d52c3bbb3f6146acdbbe8d7cc57f246d32f2076b77`
VirtualSize	`0x15fc`
VirtualAddress	`0x2c000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x28800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.2317`

_RDATA

MD5	`b7dd1fdf8d1c9db703563250fa9bef8e`
SHA1	`509e77bf5d2a68712ba6a5137e1147cc9a274c97`
SHA256	`058a649a04380f4a960b172070c85ad85d4426089a1454d2f384ce1734da7cd1`
SHA3	`15fb7d6e856c74fcc0321f14f3b1fca7ef4d19441e93896abf8da7ad4aa6a382`
VirtualSize	`0xfc`
VirtualAddress	`0x2e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x29e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.00657`

iris

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x4`
VirtualAddress	`0x2f000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2a000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`5287e62ab5cdbb0285e83f590a1f6a1c`
SHA1	`333fcb86cbd6724d70417e621d41378a5f281f04`
SHA256	`e39e9c94f31d9defd5ce81382955e7c661bbc443782b12eaa534474e473274fe`
SHA3	`361844c90a2a4c374f7e7d7189bdb6d4da86a5389633ba21f06646ba481fca50`
VirtualSize	`0x232e8`
VirtualAddress	`0x30000`
SizeOfRawData	`0x23400`
PointerToRawData	`0x2a200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.74436`

.reloc

MD5	`7c3c332fca07724195531f20a8d7936b`
SHA1	`d75998cb14fd99c7fab7e28f65db6124bf312850`
SHA256	`021561fa87abcc60c9502bb9d1774de7759e6fa93d592c014edd7c54b3ad4019`
SHA3	`6b23409d5585db1b6970774f98de22d76037715d86caf1bbf86c4ab660750f2b`
VirtualSize	`0x77c`
VirtualAddress	`0x54000`
SizeOfRawData	`0x800`
PointerToRawData	`0x4d600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.29763`

Imports

KERNEL32.dll	`SetLastError` `GetCurrentProcessId` `VirtualUnlock` `VirtualLock` `HeapSetInformation` `GetModuleHandleW` `FreeLibrary` `DeleteFileW` `GetCommandLineW` `GetSystemInfo` `GetSystemTimeAsFileTime` `GetFirmwareEnvironmentVariableW` `WriteConsoleW` `GetProcAddress` `GetSystemDirectoryA` `LoadLibraryExA` `CreateEventW` `WaitForSingleObject` `VirtualAlloc` `VirtualFree` `Sleep` `GetLastError` `CreateFileW` `CloseHandle` `HeapReAlloc` `HeapSize` `SetFilePointerEx` `GetFileSizeEx` `GetConsoleMode` `GetConsoleOutputCP` `FlushFileBuffers` `GetProcessHeap` `GetStringTypeW` `SetStdHandle` `SetEnvironmentVariableW` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `WideCharToMultiByte` `MultiByteToWideChar` `GetCPInfo` `GetOEMCP` `GetACP` `IsValidCodePage` `FindNextFileW` `FindFirstFileExW` `FindClose` `GetFileType` `LCMapStringW` `CompareStringW` `HeapFree` `HeapAlloc` `GetCommandLineA` `GetModuleHandleExW` `TerminateProcess` `ExitProcess` `GetCurrentProcess` `GetModuleFileNameW` `WriteFile` `GetStdHandle` `QueryPerformanceCounter` `GetCurrentThreadId` `InitializeSListHead` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `RtlUnwindEx` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `LoadLibraryExW` `RaiseException`
ADVAPI32.dll	`RegCreateKeyExW` `RegEnumKeyExW` `RegSetValueExW` `RegOpenKeyExW` `RegSetKeyValueW` `RegCloseKey` `RegOpenKeyW` `RegDeleteKeyW`
ntdll.dll	`RtlTimeToSecondsSince1970` `NtLoadDriver` `RtlSetLastWin32Error` `NtCreateFile` `RtlCreateSecurityDescriptor` `RtlCreateAcl` `RtlInitString` `RtlFreeHeap` `NtQueryDirectoryObject` `RtlExpandEnvironmentStrings` `NtOpenDirectoryObject` `NtFlushBuffersFile` `RtlValidSecurityDescriptor` `RtlAddAccessAllowedAce` `RtlLengthRequiredSid` `RtlLengthSid` `LdrFindResource_U` `RtlDosPathNameToNtPathName_U` `LdrAccessResource` `RtlSetDaclSecurityDescriptor` `RtlSubAuthoritySid` `NtUnloadDriver` `NtWriteFile` `RtlAllocateHeap` `LdrGetProcedureAddress` `RtlInitializeSid` `NtOpenProcessToken` `RtlLengthSecurityDescriptor` `NtAdjustPrivilegesToken` `NtOpenProcess` `NtDuplicateObject` `NtSetSecurityObject` `RtlDoesFileExists_U` `RtlGetVersion` `RtlNtStatusToDosError` `NtDeviceIoControlFile` `NtQuerySystemInformation` `NtClose` `RtlImageNtHeader` `LdrLoadDll` `RtlInitUnicodeString` `RtlFreeUnicodeString`
msdelta.dll	`ApplyDeltaB` `DeltaFree`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.69921`
MD5	`7bf35cd02941db11783cef8eb211d8a0`
SHA1	`2635575976fb2002f27c3d113b3d5d2308324b15`
SHA256	`2203159a36738037cc7ff7717340ca971b73df07239b6bffcf7eda566283d026`
SHA3	`d543a403c5378051fe718382e282ffcf2e6af12b10ff556e718b462a119d2310`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.12334`
MD5	`0bce4c72fd6eafa808e15ef50afed222`
SHA1	`daf43a7d07d1b4869faa4b9886eaa62fcc9faae6`
SHA256	`3c65baeb3d18b6775ff1ba75b6b88de11685dc76cb68e2a4f8145fd913681418`
SHA3	`98a98958e48328d3448386a04d13aa1421bff433e6795bfcd3ab0e458885a4ff`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.2538`
MD5	`f0b1384f459a77e30a940e2b2563935f`
SHA1	`8195790e7bc74989f5903c23eeb9eab829556350`
SHA256	`87032481e55e07516354fbcec10ba6dd43fc26f27506a2afc791a69459a76dec`
SHA3	`bbbaf24e824e1efae2c03cc66c795cdd4d16b14a8182e0b7bc3134b6fe050243`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.38652`
MD5	`02072a73a76ba9f276817027ea48aa6d`
SHA1	`f8c891391a2d46f644521fcbf68494f9c21c19b5`
SHA256	`b8587f37f5962fd539aad922218c37958461d41ee005e4d46da959f52af2e5dc`
SHA3	`30f7c676569d8680aabcdb91b1435ba01d8e1088efc1edbb323d8f94bf355e3c`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00906`
MD5	`3c6db245fe43f16a7ae537b18e9e8814`
SHA1	`52c2173662a67d5c248f39343069c3ed363a56da`
SHA256	`483f213de6bcd6a5d5939278da641551331a7987c9840edca47f720074138e59`
SHA3	`22d7afc413e5ead78e93967ed11143c10e2c38c04c874445ba751f6d333551dd`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.31613`
MD5	`faa3dca9d2d1b8293a61d92253010511`
SHA1	`e886a21ee37de979e9aa4355cf67d53ca01ef579`
SHA256	`a6d9897160879e2255addadb4cf87a1282f0b56961fc58546f7f366e83b69d55`
SHA3	`a102d89e66606b20cfedb5649394d737710a96329699277266e3625a2af78e86`

100

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x488b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98883`
MD5	`48e03aea762588a70453fd859709fe4b`
SHA1	`c993c26c8a66ec04952773853fbcce67f7d97b36`
SHA256	`0d9fd42f0f48dccc82f3034ab31b418218885ddfbc70d413bd4f585282af7d59`
SHA3	`58aec07d02575a6766feb7df4d4e70131826ff24290280535d78c7f3453ee44f`

103

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x425c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98835`
MD5	`d518a23cb1bed3ec2ff6af9043dbdd2f`
SHA1	`566a73d4a0ac024a9c8a7fbe4adf9424e11ecc40`
SHA256	`fe0048a958e0300b56b511cc0499984fc396d8dfa07c3f320a40a68ee3ee5298`
SHA3	`cfe0865ba3f8fbef34f1b108996afa36ff244bc62c676ae5278bcd1e480b8e5b`

105

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1db5`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.97209`
MD5	`c48f52dcd3468a55a2f211405c8eca32`
SHA1	`c614b5c3f7b2c553655837ba38a48616f71b86bc`
SHA256	`ec50ef5c4e71ea2352f8d7955b7fc27c8e6ab0b523644b8ff7030246380c634d`
SHA3	`3083adcc487b14fd5047d5fc00bea363daefa98d7a8d2daadbbbc33fadba49ab`

106

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x32bc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98456`
MD5	`5c314b4245d78c2e4dc31cb20923a57c`
SHA1	`c323879dbb51d8e2e63160b6a3dacdf29c0a7000`
SHA256	`e929863625643e6d2989c591cd5b0f07533011e289c044241f08a3ab49c23994`
SHA3	`8773379898c1d2095f85d4b378f7ffaefb832497578b7381076baaac143d344d`

107

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x28f0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.97428`
MD5	`07e1de7a777614010a6c384dbeb7c65c`
SHA1	`02526908bf1c9bb449b35f337ad5f6919e568a2d`
SHA256	`fce521e579303ffe6322c265b129bb57e7d57b9b8db9fa401788df13593ea2d0`
SHA3	`253c2c8643a4a8da06f77813d14d0db2e278f389b581f390cebc6d2301bc234b`

108

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x36f4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.9827`
MD5	`0b1dddca785c5f8c77464903b9a4540a`
SHA1	`21d827513b24116ccfb000e85b860be42459d55f`
SHA256	`f0d2058856503f1673bf52a5483bd2095d842b7dac09008eb9bcb918ee6fb6e9`
SHA3	`d617b786b92047f393024517a4978b1465efae617dc14dc01e94cfbe7db67fc1`

109

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2946`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.97922`
MD5	`92da044f4e86e1f6b22e5aad0478993d`
SHA1	`107de118d811eccf283795a1d7b1161e2c4ab605`
SHA256	`0ff7ff440111c8e0f3ceea41ddb2977ea657374c82e42ec0cc8674c61d5119b2`
SHA3	`acd803b9993387fd2fc525b1d1754eb4ba05bd215ca7e0e733a329239716897e`

110

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x23d0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.97625`
MD5	`bca623e85b4d9afa34656d159cb14c97`
SHA1	`7d95786e83fafe70e9cb856e626c087277a5aae0`
SHA256	`9ac009a3a4b7811e99a2778d1e81f84ea2d1fded5354761e65a3fab615802015`
SHA3	`4cd9b36d276b01c7bcb67305bd786db19e9858a958842d2a1a1248a0d73aa332`

111

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1f35`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.97426`
MD5	`2cb7cbbf2f7d79e6ef264a03f1c6958d`
SHA1	`14378fcea91261df624651caf5f5ff45232e8f70`
SHA256	`47b335f61814e6469f38ffbe53d5a4dd854eb98f1ea8633dd2976d96da83565e`
SHA3	`e0fe7c400f7254a2f2cc9317dfcf6dda799386c6e2c6a84f4f9b14b576b4fa6b`

112

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2adf`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.97859`
MD5	`b986cf805f5c5c820152f631157a9186`
SHA1	`e3dc3d9abda1ad901d40f85e4e22d348a5f8426e`
SHA256	`69b072dffe10638d4b19eb16fde640a3e28643c4f1b343809df89a4948ad71d0`
SHA3	`e364dae0289db74b9f6bd1b4dadde09c37c449217beea43d1a130356c1a8dcfe`

1001

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.69913`
Detected Filetype	Icon file
MD5	`fc8846589a152507308beb48ead7a796`
SHA1	`787c24f9fbf50523b34bcb328ed56d33c4e7ffd7`
SHA256	`4a2d022975e1b62b89e1e757b73f563b68b21b71edf8cac8dbbf062b2cb2d2fe`
SHA3	`8ddbf8de92320682fb04bf04b166aab2b443a9fd6055b504b0c29ee44468a9c9`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2f0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.44756`
MD5	`8f614990763d371157e865e2d1855c15`
SHA1	`324c7b40c71b0b803e7c46c81c1689feb5f760ba`
SHA256	`62f17c8b9d8db7867165be856161e06b45a4a86abfda842925171be8bb2b3fbf`
SHA3	`bec9d3c4ea6e30e6237c1749ba6a911fd9b9e99c4c95588346d95736d408a5e7`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.2.2102
ProductVersion	1.0.2.2102
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	UG North
FileDescription	Kernel Driver Utility
FileVersion (#2)	1.0.2.2102
InternalName	Hamakaze.exe
LegalCopyright	Copyright (C) 2020 - 2021 KDU Project
OriginalFilename	Hamakaze.exe
ProductName	KDU
ProductVersion (#2)	1.0.2.2102

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2021-Feb-11 10:52:58
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140029028`

RICH Header

XOR Key	`0x7b391e20`
Unmarked objects	`0`
C objects (27412)	`11`
ASM objects (27412)	`5`
C++ objects (27412)	`137`
C++ objects (VS 2015/2017/2019 runtime 29804)	`37`
C objects (VS 2015/2017/2019 runtime 29804)	`16`
ASM objects (VS 2015/2017/2019 runtime 29804)	`9`
Imports (27412)	`9`
Total imports	`153`
265 (29812)	`30`
Resource objects (29812)	`1`
151	`1`
Linker (29812)	`1`

8d973e393328944a9505537747e4287e

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

_RDATA

iris

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

100

103

105

106

107

108

109

110

111

112

1001

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors