Manalyze report for 92660985e527d3ea20a792b8c6945d1b

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2006-Mar-20 12:04:37
Detected languages	English - United States
CompanyName	FrontRange Solutions, Inc.
FileDescription	Message Waiting Indication Service
FileVersion	`5.4.0.92`
LegalCopyright	Copyright 2001-2008, FrontRange Solutions, Inc. All rights reserved.
OriginalFilename	mwi_svc.exe
ProductName	MWI Service
ProductVersion	`5.4.0.92`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++ 8.0`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc`
Safe	VirusTotal score: 0/39 (Scanned on 2009-03-06 00:38:09)	`All the AVs think this file is safe.`

Hashes

MD5	`92660985e527d3ea20a792b8c6945d1b`
SHA1	`015834d9c7948799f5dca75571f3894f74b6b077`
SHA256	`2151ad8064a2f78b04948d13e43d415b7061db149bc329ad36afbd9555969d89`
SHA3	`df3928c293b40295c9f26d11d466f6dc4f1c900b9d1df86d257653e2431afe91`
SSDeep	`384:n7eu6gkCClf/1SWJ+IXLBVFBVXTbSsrL2RjPcehd6HFdbcAxl7dbpkJSMEGEcS:n7eu6ECJ1SqBVFBVXHSJhcehdAxlhbpR`
Imports Hash	`6f07296858b8587a2dca2929346c502b`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2006-Mar-20 12:04:37
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`7.0`
SizeOfCode	`0x1a00`
SizeOfInitializedData	`0x3000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000025AA (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x3000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x8000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`84029b30a6f73db44175b65877ee16bc`
SHA1	`304d84a244a617b11314e549f30e99c66cc49bbc`
SHA256	`4d5ef7aa373db4a186a457b4ce6f4629ae33daf10bb6631e5f7ece9869fc1b84`
SHA3	`67e46b49507d033db8a46ce0ece1a9b52f377569bf0d6b21a5e73d811ebc4ab5`
VirtualSize	`0x188a`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.05601`

.rdata

MD5	`b433fe03fb7619387d354c4ddfd30085`
SHA1	`79cae39cc105bf450f0c8a59fe70ec5bbbf9a9a3`
SHA256	`ac8196599956fd1eb4f051da3e360689fcac17723d8ddd1fa2086bb44c5cf610`
SHA3	`6299d0a34b4efcb2c2b75976a6c07808fe1dafc98f467b487ba514d3d3986d74`
VirtualSize	`0x63a`
VirtualAddress	`0x3000`
SizeOfRawData	`0x800`
PointerToRawData	`0x1e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.06211`

.data

MD5	`e3eeccadfc5decc93620087da4ac692d`
SHA1	`bd208fa6d2f5c677237a25ea21108cf9f9123db0`
SHA256	`8050383be342c3d491312542cb59345a1dc7c5d74988aaae03a6ffcdc61898ec`
SHA3	`d098ed6b3880390903cb7c9947960ef0485ffb7a113ce1c6e9d0874728107eae`
VirtualSize	`0x123c`
VirtualAddress	`0x4000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x2600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.82995`

.rsrc

MD5	`e1cfcdc87d702e83c2791134f58ffc99`
SHA1	`e461567ae1a515bc2f41a61e7c3703447623a2ba`
SHA256	`1a39b509f80b1b154c3b32f50cf255276316b0329a9aa4f0be82cd4676a31a0d`
SHA3	`52f94bc6fe321dc66103b50889eb947ca3498243e33b9cb7d731dfffd0470bb5`
VirtualSize	`0x1cc8`
VirtualAddress	`0x6000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0x3000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.8674`

Imports

MSVCR71.dll	`_except_handler3` `__set_app_type` `_onexit` `_controlfp` `__p__fmode` `__p__commode` `_adjust_fdiv` `__setusermatherr` `_initterm` `__getmainargs` `_amsg_exit` `__p___initenv` `exit` `_cexit` `_XcptFilter` `_exit` `_c_exit` `realloc` `bsearch` `malloc` `qsort` `free` `setbuf` `getenv` `atoi` `strncmp` `strrchr` `_snprintf` `fprintf` `_iob` `__dllonexit` `strncpy` `_stricmp` `_strdup`
KERNEL32.dll	`IsBadReadPtr` `SetLastError` `GetProcessHeap` `HeapFree` `VirtualFree` `VirtualProtect` `VirtualAlloc` `FreeLibrary` `GetModuleHandleA` `LoadLibraryA` `GetProcAddress` `OutputDebugStringA` `GetFullPathNameA` `UnmapViewOfFile` `CreateFileA` `GetFileSize` `CreateFileMappingA` `CloseHandle` `MapViewOfFile` `FindResourceA` `GetModuleFileNameA` `LoadResource` `LockResource` `GetLastError` `FormatMessageA` `LocalFree` `HeapAlloc`

Delayed Imports

1

Type	`PYTHONSCRIPT`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x18d4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.87927`
MD5	`6cad5fce5a8896632e9235e1ebf3f14e`
SHA1	`48ce7edc20d7a15b896174bb84f5cdb76f0de33c`
SHA256	`40c22f18163d341d114b6e37686d166f6652ecacae9e74b1c02f017dd2dfd3cd`
SHA3	`941f566dde6a9d6b7efd778e7a8c005516992f4f1afa808623bdeb4e8b1da622`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x338`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.4135`
MD5	`692321c370943ba528dc711d69d91c78`
SHA1	`9c329026321671fbb20f6a10c917b295999ca1d6`
SHA256	`b579d5e5aabea723a4cbc0ae35dad129474d948295c8f69c9f37350acc4791cb`
SHA3	`c7524f8868c45c53bc8b4bab01cd3dba1f3247713433e9186a2c64ac1434d804`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	5.4.0.92
ProductVersion	1.0.0.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	FrontRange Solutions, Inc.
FileDescription	Message Waiting Indication Service
FileVersion (#2)	5.4.0.92
LegalCopyright	Copyright 2001-2008, FrontRange Solutions, Inc. All rights reserved.
OriginalFilename	mwi_svc.exe
ProductName	MWI Service
ProductVersion (#2)	5.4.0.92

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x40499c`
SEHandlerTable	`0x403180`
SEHandlerCount	`1`

RICH Header

XOR Key	`0xc0b25813`
Unmarked objects	`0`
Imports (2179)	`2`
105 (2067)	`2`
Total imports	`61`
Imports (VS2003 (.NET) build 3077)	`3`
C++ objects (VS2003 (.NET) build 3077)	`1`
ASM objects (VS2003 (.NET) build 3077)	`1`
C objects (VS2003 (.NET) build 3077)	`18`
94 (VS2003 (.NET) build 3052)	`1`
Linker (VS2003 (.NET) build 3077)	`1`

92660985e527d3ea20a792b8c6945d1b

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

Imports

Delayed Imports

1

1 (#2)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors