Manalyze report for 90b043cd383426c212917f9015ff5549

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Jul-21 08:39:13
Detected languages	English - United States
Debug artifacts	C:\Users\rafou\source\repos\NajiN\x64\Debug\Hammer.pdb

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	The PE is possibly packed.	`Section .textbss is both writable and executable.` `Unusual section name found: .msvcjmc`
Info	The PE contains common functions which appear in legitimate applications.	`Can create temporary files: GetTempPathW CreateFileW`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`90b043cd383426c212917f9015ff5549`
SHA1	`fd49a6d4692b50d9770762bc7ac1939e6b7c8690`
SHA256	`f3746850cef287fcf53de4f88dde7a9d8a779e9ba7e80f458864ff59a18bf09c`
SHA3	`9d640948304759f3348c024a4e30d06d6994e6265edb73057b393bb9814bb5fd`
SSDeep	`3072:P/aasMCdQ+DOxcD9K2UTja5N2MAREoBuyvvwYx:P/XC6ufUTKFyvvR`
Imports Hash	`e6866425243c21522c65c06f4ca9dd9b`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`10`
TimeDateStamp	2021-Jul-21 08:39:13
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x29600`
SizeOfInitializedData	`0x18400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000012050 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x59000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.textbss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x10717`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.text

MD5	`12c0ad1e3f122c2f8f1043fadfc5a677`
SHA1	`64e2b9183e9598f5c65468017cec42df1785649b`
SHA256	`fc966a263ec19ef55b9de6a9c6c18f80c5689878ee0d7ce7c8dc5a1ea655b0b7`
SHA3	`d362660aa66f0749311148c6bc724b95b844cb33bddc963035029e8c6e06f528`
VirtualSize	`0x29430`
VirtualAddress	`0x12000`
SizeOfRawData	`0x29600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`4.53764`

.rdata

MD5	`3f882b3460c47335f44b8983878a9459`
SHA1	`ebd95f365487665512f377dca883d365f2e79c63`
SHA256	`e3b3c4be1f2ce6d7a070a070592886e7c390ae3567081cdadb7e38d8526b07f7`
SHA3	`1f390c2d1f4235959e4868e078d0afb0e592f76099c64f602f12a9c852e32f07`
VirtualSize	`0xd2dd`
VirtualAddress	`0x3c000`
SizeOfRawData	`0xd400`
PointerToRawData	`0x29a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.36098`

.data

MD5	`c4329e15fd0a4632b1d27b6fbcdf559e`
SHA1	`8905525283529e227af53a15cf89f3dbfe49d183`
SHA256	`246668078ef180ce616bf8d6e84c7a704980553514b3e375fc6a838b860d2ee5`
SHA3	`23a895a2c723169b048c8bc37198257543ba4e3877be3845624dcfb208ffe973`
VirtualSize	`0x37a8`
VirtualAddress	`0x4a000`
SizeOfRawData	`0x800`
PointerToRawData	`0x36e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.20577`

.pdata

MD5	`8b6483ae009b03cc8ed01e2455801530`
SHA1	`a3aa95cac2492e44b60084f170458d765354d2e5`
SHA256	`c08e705f176e0f363eb40b5becaa73e6db5394224fd2c77ff52ab903c2acf61b`
SHA3	`3dd9b40c4d8fbb2470124aeab60161016696913dc0c12b94df8d1024cd5cd9bd`
VirtualSize	`0x47ac`
VirtualAddress	`0x4e000`
SizeOfRawData	`0x4800`
PointerToRawData	`0x37600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.6955`

.idata

MD5	`f75c9d6f2c490ff1a590bc05140a6dab`
SHA1	`6752728ee4f908ec8479a8020abd1c315074c586`
SHA256	`0e056c1c539a43cc7fedc4f6db510a79ae38a60983008fb60083ca35b86868e2`
SHA3	`c0fde94b4778f347b2f38cb8d9bc2f7032d0ba65136dee908625e431e7d2f555`
VirtualSize	`0x1e9c`
VirtualAddress	`0x53000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x3be00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.56336`

.msvcjmc

MD5	`aa3107c9f16992be5b269e5e0b800146`
SHA1	`e9ebfef87febea67ca5df1759815b96b0c8536b1`
SHA256	`76fe0530213f22003257c1e577faae744dd8277ff32a23ed732a724f7231fbd2`
SHA3	`dd62c9cb98aea4e58467789bc0760823388110e8ddf7efda12b4480a781b5ed5`
VirtualSize	`0x1c2`
VirtualAddress	`0x55000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3de00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.90043`

.00cfg

MD5	`ac815d5bd05e8d5bbaf5f1f1a1b393a5`
SHA1	`82b83756c23b39d31d4c310390f4ecbf611e194b`
SHA256	`7e5a455b2b6c5a803191f6c44d238855e9b33b7f0629eebc8a4484ee62fea94e`
SHA3	`62fdbd237285bcdb1f4b648a899c0d19c271c1ca9f76bda94a43d1b703493bb7`
VirtualSize	`0x151`
VirtualAddress	`0x56000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3e000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.404967`

.rsrc

MD5	`e784be843175fda10245a68a8dc77e76`
SHA1	`7bec9c1c92e7229f85b7a884cecb2624c56e051a`
SHA256	`ab87efecea791a0cbc4988e2c6d9fce91329226e3f6f33b591325cc9d37128bd`
SHA3	`59d0ecd47c701644e6e7091979b52d5d79e4e850abd73b4834fb95aec572c1ad`
VirtualSize	`0x326`
VirtualAddress	`0x57000`
SizeOfRawData	`0x400`
PointerToRawData	`0x3e200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.44416`

.reloc

MD5	`d38594d458ec70d48a5eaa51d4d15f63`
SHA1	`555b31d682b3e634efed7a555376211f924d6832`
SHA256	`29964b715ef8bde5803a889f46827cd3a64bca37f42c62f7ba62b26aaa062320`
SHA3	`3af405756e880bcad708670442666d2bcb2d5715f1ff509fa17c00acc261903b`
VirtualSize	`0x6d7`
VirtualAddress	`0x58000`
SizeOfRawData	`0x800`
PointerToRawData	`0x3e600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.49425`

Imports

KERNEL32.dll	`DecodePointer` `RaiseException` `GetLastError` `SetLastError` `InitializeCriticalSectionEx` `DeleteCriticalSection` `FreeLibrary` `VirtualQuery` `GetProcessHeap` `HeapFree` `HeapAlloc` `InitializeSListHead` `GetSystemTimeAsFileTime` `GetCurrentProcessId` `QueryPerformanceCounter` `GetModuleHandleW` `GetStartupInfoW` `IsProcessorFeaturePresent` `TerminateProcess` `GetCurrentProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `GetCurrentThreadId` `LeaveCriticalSection` `EnterCriticalSection` `OutputDebugStringW` `IsDebuggerPresent` `WideCharToMultiByte` `MultiByteToWideChar` `CreateSymbolicLinkW` `GetFileInformationByHandleEx` `CreateHardLinkW` `MoveFileExW` `CopyFileW` `CreateDirectoryExW` `DeviceIoControl` `CloseHandle` `AreFileApisANSI` `GetTempPathW` `SetFileTime` `SetFilePointerEx` `SetFileInformationByHandle` `SetFileAttributesW` `SetEndOfFile` `GetFullPathNameW` `GetFinalPathNameByHandleW` `GetFileInformationByHandle` `GetFileAttributesExW` `GetFileAttributesW` `GetDiskFreeSpaceExW` `FindNextFileW` `FindFirstFileExW` `FindClose` `CreateFileW` `CreateDirectoryW` `GetCurrentDirectoryW` `SetCurrentDirectoryW` `FormatMessageA` `LocalFree` `GetProcAddress`
USER32.dll	`UnregisterClassW`
ole32.dll	`CoInitialize` `CoTaskMemAlloc` `CoCreateInstance` `CoUninitialize`
OLEAUT32.dll	`SafeArrayGetVartype` `SafeArrayCopy` `SafeArrayUnlock` `SafeArrayLock` `SafeArrayGetLBound` `SafeArrayGetUBound` `SafeArrayDestroy` `SafeArrayCreate` `SysFreeString` `SysAllocString` `SysAllocStringLen`
MSVCP140D.dll	`?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ` `?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ` `?_Getmonths@_Locinfo@std@@QEBAPEBDXZ` `?_Getdays@_Locinfo@std@@QEBAPEBDXZ` `?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ` `_Mbrtowc` `?_Winerror_map@std@@YAHH@Z` `?_Syserror_map@std@@YAPEBDH@Z` `?_Xout_of_range@std@@YAXPEBD@Z` `?_Xlength_error@std@@YAXPEBD@Z` `?_Xbad_alloc@std@@YAXXZ` `??1_Lockit@std@@QEAA@XZ` `??0_Lockit@std@@QEAA@H@Z`
VCRUNTIME140D.dll	`_CxxThrowException` `memset` `memcpy` `__std_exception_destroy` `__std_exception_copy` `memcmp` `memmove` `__C_specific_handler` `__C_specific_handler_noexcept` `__current_exception_context` `__std_type_info_destroy_list` `__vcrt_LoadLibraryExW` `__vcrt_GetModuleHandleW` `__vcrt_GetModuleFileNameW` `__current_exception`
VCRUNTIME140_1D.dll	`__CxxFrameHandler4`
ucrtbased.dll	`__stdio_common_vsprintf_s` `strcat_s` `strcpy_s` `_initterm_e` `_initterm` `_callnewh` `_cexit` `_crt_at_quick_exit` `_crt_atexit` `_execute_onexit_table` `_register_onexit_function` `_initialize_onexit_table` `_initialize_narrow_environment` `_configure_narrow_argv` `__stdio_common_vsnwprintf_s` `_recalloc` `_errno` `wcscpy_s` `_malloc_dbg` `_free_dbg` `terminate` `___lc_codepage_func` `_wsplitpath_s` `_wcsicmp` `_calloc_dbg` `mbstowcs_s` `strlen` `_CrtDbgReport` `_invalid_parameter` `malloc` `_wmakepath_s` `__stdio_common_vswprintf_s` `__stdio_common_vswprintf` `_CrtDbgReportW` `wcslen` `free` `_seh_filter_dll` `_invalid_parameter_noinfo`

Delayed Imports

GetFunctions

Ordinal	`1`
Address	`0x12e1f`

TestBstr

Ordinal	`2`
Address	`0x12807`

TestBstrArray

Ordinal	`3`
Address	`0x12316`

TestInts

Ordinal	`4`
Address	`0x12c03`

TestPdbFunctions

Ordinal	`5`
Address	`0x123c5`

TestPdbFunctionsResponse

Ordinal	`6`
Address	`0x122fd`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x91`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.8858`
MD5	`f7ad1eab748bc07570a57ec87787cf90`
SHA1	`0b1608da9fef218386e825db575c65616826d9f4`
SHA256	`d2952e57023848a37fb0f21f0dfb38c9000f610ac2b00c2f128511dfd68bde04`
SHA3	`6c9541b36948c19ae507d74223621875b3af4064f7cd8200bdb97e15a047e96a`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2021-Jul-21 08:39:13
Version	`0.0`
SizeofData	`79`
AddressOfRawData	`0x435e8`
PointerToRawData	`0x30fe8`
Referenced File	C:\Users\rafou\source\repos\NajiN\x64\Debug\Hammer.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2021-Jul-21 08:39:13
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x43638`
PointerToRawData	`0x31038`

TLS Callbacks

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x18004a058`

RICH Header

XOR Key	`0x54f0f7d8`
Unmarked objects	`0`
C objects (30034)	`9`
ASM objects (30034)	`3`
C++ objects (30034)	`26`
Imports (30034)	`6`
Imports (27412)	`11`
Total imports	`146`
C++ objects (30038)	`5`
Exports (30038)	`1`
Resource objects (30038)	`1`
151	`1`
Linker (30038)	`1`

Errors

[*] Warning: Section .textbss has a size of 0!