Manalyze report for 8fcfb41d32e3a6f55bfd3ebd91899118

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Feb-01 12:47:41
TLS Callbacks	3 callback(s) detected.

Plugin Output

Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Manipulates other processes: OpenProcess`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`8fcfb41d32e3a6f55bfd3ebd91899118`
SHA1	`f2f94540d2c70dcc2c093c1841b93aee6b45af18`
SHA256	`708afc5a9604cadda43df800492a18c6563f5cd23d0f2cd4a689dcdc19b7c011`
SHA3	`d0d7ae2176101dbb23aab320d52b25f199f95ed74d97b1829175cb19d257b3ce`
SSDeep	`3072:Hl9nqu1H8xYtLltJUkUrd6xX2BX3iPd+ZUgX7P7cLET:Hl90utJhxmdZZUgX7P7c`
Imports Hash	`27f435e627e660418a3acfdb7fa27279`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`9`
TimeDateStamp	2024-Feb-01 12:47:41
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x22600`
SizeOfInitializedData	`0x2fe00`
SizeOfUninitializedData	`0xc00`
AddressOfEntryPoint	`0x000010BA (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x24000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x38000`
SizeOfHeaders	`0x400`
Checksum	`0x33b16`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`9cb610f53017578507a502038fff63be`
SHA1	`7fc8a01fc98cac709379dc3f73f71a6032d60f05`
SHA256	`e6e2ed8ddcf47f4d7feef3931570dce0266427ce1de53425523b2b519e532b9b`
SHA3	`c212feedd86023045f7b81f84248184332845f9f4b292ba5f0e8d537b71296ac`
VirtualSize	`0x22494`
VirtualAddress	`0x1000`
SizeOfRawData	`0x22600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.12911`

.data

MD5	`7582aa0f6350ac7a569b09f3aefd595e`
SHA1	`efec154f3d3c25af9913fae4790d2972501ab862`
SHA256	`3ab04b30de73ec1877f1927481bec2e0e78e54c14d584d84b035463f322f9f50`
SHA3	`0e5a37f1335d5be0710ab8fea3f711406067c41e62948d803709536ac08be584`
VirtualSize	`0x114`
VirtualAddress	`0x24000`
SizeOfRawData	`0x200`
PointerToRawData	`0x22a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.62324`

.rdata

MD5	`94ca303549da0ee3245c717d9db59c80`
SHA1	`5b56518bdd08e6314578698ab32b201a4e8547bc`
SHA256	`41760cbe86512c93ca0fe588681ff32f7c2e433c792111a07adfe9398c751c87`
SHA3	`0ead30be913a7006f8d5badb6eb3f78e87d81c7a636d8f4d8b6f0e5f79e1bb67`
VirtualSize	`0x4508`
VirtualAddress	`0x25000`
SizeOfRawData	`0x4600`
PointerToRawData	`0x22c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.50939`

.eh_fram

MD5	`ccf50aae5d29a1eeacf5ac0dc958a311`
SHA1	`5101ad4e246ddedf08f69ea6405a5828f4196a5b`
SHA256	`07b20c589cd41aacce498dd9c115d7e41f0b63e64cffdb6ac6df4afb42e255bd`
SHA3	`476b93185975a9c58188993db2d7659509536b1ff90fe6888e9306f6a52097d2`
VirtualSize	`0x63ac`
VirtualAddress	`0x2a000`
SizeOfRawData	`0x6400`
PointerToRawData	`0x27200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.00092`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xb08`
VirtualAddress	`0x31000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`bb605081905b067eb1a13c1fe3c86f25`
SHA1	`60c758a6429c7531269f455531e6bdb2c2fd0dd8`
SHA256	`e84a465e7c4385501639a16bada74c857399492bbfdfcb20e09a2d00c981eb1f`
SHA3	`afdfebc7086e4fee6524917bbe187e607d9f21d8e1fd267fd5ae4a16208b5037`
VirtualSize	`0x10a0`
VirtualAddress	`0x32000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x2d600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.16898`

.CRT

MD5	`42253fb7e2a68fc9de12dc7079490143`
SHA1	`2555234f7b517ce03b968bf04ec050556d28ffe3`
SHA256	`3ae53818c95ca48da44adc1e1fd89fdcb84b4796ae297222c25697341ce3fb4e`
SHA3	`c3fa3714343c02dc1dde1ce50d676e493aff1d4eff4ad41bf7341ba6641d914c`
VirtualSize	`0x34`
VirtualAddress	`0x34000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2e800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.285782`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x8`
VirtualAddress	`0x35000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2ea00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.reloc

MD5	`7a95509c6217edde87f76b8e877152b5`
SHA1	`f70e7bffb0c8ab46d5ec5a8ee55a42c22d0d9736`
SHA256	`9ae2018987f3fbe1e5174b8b0dd0ce8134d1f084966604a51e095e39226d4dc5`
SHA3	`44f1ead4dba4831d39dac002900d44811158054b3a9ec04361d106cf1232d3ae`
VirtualSize	`0x14c0`
VirtualAddress	`0x36000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x2ec00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.3977`

Imports

GDI32.dll	`ChoosePixelFormat` `SetPixelFormat`
KERNEL32.dll	`AddVectoredExceptionHandler` `CloseHandle` `CreateEventA` `CreateSemaphoreA` `DeleteCriticalSection` `DuplicateHandle` `EnterCriticalSection` `FreeLibrary` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThread` `GetCurrentThreadId` `GetHandleInformation` `GetLastError` `GetModuleHandleA` `GetModuleHandleW` `GetProcAddress` `GetProcessAffinityMask` `GetStartupInfoA` `GetSystemTimeAsFileTime` `GetThreadContext` `GetThreadPriority` `GetTickCount` `InitializeCriticalSection` `IsDBCSLeadByteEx` `IsDebuggerPresent` `LeaveCriticalSection` `LoadLibraryA` `MultiByteToWideChar` `OpenProcess` `OutputDebugStringA` `QueryPerformanceCounter` `QueryPerformanceFrequency` `RaiseException` `ReleaseSemaphore` `RemoveVectoredExceptionHandler` `ResetEvent` `ResumeThread` `SetEvent` `SetLastError` `SetProcessAffinityMask` `SetThreadContext` `SetThreadPriority` `SetUnhandledExceptionFilter` `Sleep` `SuspendThread` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TryEnterCriticalSection` `VirtualProtect` `VirtualQuery` `WaitForMultipleObjects` `WaitForSingleObject` `WideCharToMultiByte`
msvcrt.dll	`__getmainargs` `__initenv` `__mb_cur_max` `__p__acmdln` `__p__commode` `__p__fmode` `__set_app_type` `__setusermatherr` `_amsg_exit` `_beginthreadex` `_cexit` `_endthreadex` `_errno` `_initterm` `_iob` `_ismbblead` `_onexit` `_setjmp3` `_strdup` `_ultoa` `_vsnprintf` `_vsnwprintf` `abort` `atoi` `calloc` `exit` `fgetwc` `fprintf` `fputc` `fputs` `free` `fwrite` `getc` `getenv` `localeconv` `longjmp` `malloc` `memcpy` `memmove` `memset` `memcmp` `printf` `realloc` `setlocale` `signal` `strchr` `strcmp` `strerror` `strlen` `strncmp` `strtoul` `vfprintf` `wcslen`
OPENGL32.DLL	`glBegin` `glClear` `glColor3f` `glEnd` `glFlush` `glVertex2i` `glViewport` `wglCreateContext` `wglDeleteContext` `wglMakeCurrent`
USER32.dll	`AdjustWindowRect` `BeginPaint` `CreateWindowExW` `DefWindowProcA` `DestroyWindow` `DispatchMessageA` `EndPaint` `GetDC` `GetMessageA` `GetMonitorInfoA` `GetWindowLongA` `GetWindowRect` `LoadCursorA` `LoadIconA` `MessageBoxW` `MonitorFromWindow` `PostMessageA` `PostQuitMessage` `RegisterClassExW` `ReleaseDC` `SetWindowLongA` `SetWindowPos` `ShowWindow` `TranslateMessage` `UpdateWindow`

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData	`0x435000`
EndAddressOfRawData	`0x435004`
AddressOfIndex	`0x431050`
AddressOfCallbacks	`0x43401c`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x0040B998` `0x0040BA2F` `0x004183AC`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!