Manalyze report for 926cdbee582af44e0493d32e9a9d5d94

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2017-Feb-21 01:17:35
Detected languages	English - United States
Debug artifacts	C:\Users\nitro_000\documents\visual studio 2015\Projects\Task3\Debug\Task3.pdb

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `MASM/TASM - sig1(h)`
Suspicious	The PE is packed or was manually edited.	`Section .textbss is both writable and executable.` `The number of imports reported in the RICH header is inconsistent.`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Possibly launches other programs: CreateProcessA`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`926cdbee582af44e0493d32e9a9d5d94`
SHA1	`3ba0dd4ffeb90030db86dca60414b8fe62a54020`
SHA256	`4f3df2e962f51fc9dc9d6388b722c275fa34918784508318627e812d6a9806c9`
SHA3	`efb126022d95d23de07e15c206727fcf958f07df1d8fe69016257e033fe67ba6`
SSDeep	`24576:ZaXR10c7rYZvB/WuEmPoGDeIuFZrKUwI+:ZaX77kZvB/WuEmPoGDevF/+`
Imports Hash	`1bfd53fc77a75807cc6adbbb45f18d4d`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`10`
TimeDateStamp	2017-Feb-21 01:17:35
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0xb9400`
SizeOfInitializedData	`0x29600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00055EEC (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x13b000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.textbss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x53f8a`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.text

MD5	`879a5001bc74f430c809990b8e0ff25e`
SHA1	`52cbc56e2b37c4c7d6bad20a9958c7f9cf9d14c6`
SHA256	`2d48a7103281a38f42714f3db692fbedb5fcd27226b26d2ed699bb730bc6d8c1`
SHA3	`506848ba8fddc54ac2708ab9d013d339fbd5e3a7f1de8bc339c6ba5bb8d99718`
VirtualSize	`0xb92ca`
VirtualAddress	`0x55000`
SizeOfRawData	`0xb9400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.84442`

.rdata

MD5	`b6a911600eb43b2595fd953612b5d382`
SHA1	`c186d85fb0aa8252abd0aa6d4d5920d0af497139`
SHA256	`c5e3acfe503665d64d7668dec806f4214d151a124a3aa393a38ddcefa0b003cc`
SHA3	`f00bb2fe90e5c32a71dd17a83076dd734bde9dd7c846bc2bc59f9bda51a62c3f`
VirtualSize	`0x1ccfe`
VirtualAddress	`0x10f000`
SizeOfRawData	`0x1ce00`
PointerToRawData	`0xb9800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.36552`

.data

MD5	`f5625d77b39f31f7581a434ff944a341`
SHA1	`a84a885e199542550e99cb30becfe0a6a8e8d230`
SHA256	`e731db3067142a948b9e29868bf768b0a5b78bb9bd5e0694d61d073747002618`
SHA3	`f4c005cd5f0157f1b2c9d53ad5807f88f7c2fd6db2366a9f9e00dc65fc0118dc`
VirtualSize	`0x3f80`
VirtualAddress	`0x12c000`
SizeOfRawData	`0x2400`
PointerToRawData	`0xd6600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.37119`

.idata

MD5	`58fecc6c3166e2c3eb82fa155d74d174`
SHA1	`cdef365f40ac6eb2338e1ad89389100e42e85b33`
SHA256	`3c8f027ac55e106cad980da4909f6dfb1bf679096a5ba4f5a9b8ff55e9fd1ae1`
SHA3	`b5b5bba4c6694e3a253199509b9c84387fd1d93c66c940b502de3d4193ed84d2`
VirtualSize	`0xd21`
VirtualAddress	`0x130000`
SizeOfRawData	`0xe00`
PointerToRawData	`0xd8a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.62997`

.gfids

MD5	`30fedc7d3ba2c047056649d797359a03`
SHA1	`14b0cb1012f1f5de3c1accf3d0583fad4a9cbbd0`
SHA256	`b900df1f90a1db2f6cf1a0aecf4621d005aa153097157a75943399fa36038a2e`
SHA3	`88b1d8077d28099f4d8fa257363800670f4c069d58f53efa6e875ff9ffe4dddc`
VirtualSize	`0xd7e`
VirtualAddress	`0x131000`
SizeOfRawData	`0xe00`
PointerToRawData	`0xd9800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.00808`

.tls

MD5	`c573bd7cea296a9c5d230ca6b5aee1a6`
SHA1	`04a0b9fde89c71864acaf5e74689fe4c269bd7a8`
SHA256	`13bde09a110c13b533dc985f3e2c475b6f6bcf514d1a23fce5b784a653548e91`
SHA3	`3679da6860e8ab20485113de9ac22dfe22ddc29d53f14ddc33a648aa98196361`
VirtualSize	`0x309`
VirtualAddress	`0x132000`
SizeOfRawData	`0x400`
PointerToRawData	`0xda600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0111738`

.00cfg

MD5	`e300cdc7fd771cbc0b65e6dffb2a6e6e`
SHA1	`02566a6b9aaf86cc0b620a7976a373b461baad99`
SHA256	`c5010bf7126e4e6e361d70425591dd265e45e4774c84189f008ebdcb99ec0434`
SHA3	`c771dff610b0992b77f6470a87658d06f8ad9e6e4dda2c6b53f7d2a6c27c8d5d`
VirtualSize	`0x104`
VirtualAddress	`0x133000`
SizeOfRawData	`0x200`
PointerToRawData	`0xdaa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.0611629`

.rsrc

MD5	`d37c1aef3cd7d9f36909a804306b40ed`
SHA1	`50f443ca349ae3aa3b028674a085bf3d1c833215`
SHA256	`8ae0dbf8d1c398d6723708a7594ac207ff09f4bf2fd0dfd6c03cab4f61d07723`
SHA3	`9ab085f62b75ef4a3ed31f79ec1a3fe97e00a7b2ff456fb62ef9de692094fef3`
VirtualSize	`0x43c`
VirtualAddress	`0x134000`
SizeOfRawData	`0x600`
PointerToRawData	`0xdac00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.14167`

.reloc

MD5	`1668f16cc7b301741c0fcf5798cfd204`
SHA1	`a2e33d6b8fb719ce0c82abcc9afb9fa4995a7533`
SHA256	`3928f3126bd004de00be4304a2d2b0e9f2aa9b84c65d0911b42afc74ad9ad08e`
SHA3	`2b8741b822021a78384c496a97758a2ab93cb4dd544c2bd72cfaaadcbf1af78b`
VirtualSize	`0x5e51`
VirtualAddress	`0x135000`
SizeOfRawData	`0x6000`
PointerToRawData	`0xdb200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.98323`

Imports

KERNEL32.dll	`FormatMessageW` `WideCharToMultiByte` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `MultiByteToWideChar` `GetCPInfo` `EncodePointer` `DecodePointer` `SetLastError` `InitializeCriticalSectionAndSpinCount` `CreateEventW` `Sleep` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `GetSystemTimeAsFileTime` `GetTickCount` `GetModuleHandleW` `GetProcAddress` `CompareStringW` `LCMapStringW` `GetLocaleInfoW` `GetStringTypeW` `CloseHandle` `SetEvent` `ResetEvent` `WaitForSingleObjectEx` `IsProcessorFeaturePresent` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `InitializeSListHead` `GetCurrentProcess` `TerminateProcess` `RaiseException` `RtlUnwind` `GetLastError` `FreeLibrary` `LoadLibraryExW` `InterlockedPushEntrySList` `InterlockedFlushSList` `GetConsoleMode` `GetNumberOfConsoleInputEvents` `PeekConsoleInputA` `ReadConsoleInputA` `SetConsoleMode` `HeapAlloc` `HeapFree` `HeapReAlloc` `ExitProcess` `GetModuleHandleExW` `GetModuleFileNameA` `GetModuleFileNameW` `GetStdHandle` `WriteFile` `GetCommandLineA` `GetCommandLineW` `GetACP` `GetCurrentThread` `GetDateFormatW` `GetTimeFormatW` `IsValidLocale` `GetUserDefaultLCID` `EnumSystemLocalesW` `GetFileType` `CreateFileW` `GetProcessHeap` `FlushFileBuffers` `GetConsoleCP` `ReadFile` `SetFilePointerEx` `SetConsoleCtrlHandler` `GetTimeZoneInformation` `FindClose` `FindFirstFileExA` `FindFirstFileExW` `FindNextFileA` `FindNextFileW` `IsValidCodePage` `GetOEMCP` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetEnvironmentVariableA` `SetEnvironmentVariableW` `OutputDebugStringA` `OutputDebugStringW` `CreateThread` `SetStdHandle` `ReadConsoleW` `WriteConsoleW` `HeapSize` `SetEndOfFile` `CreateProcessA`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2017-Feb-21 00:52:16
Version	`0.0`
SizeofData	`103`
AddressOfRawData	`0x125f10`
PointerToRawData	`0xd0710`
Referenced File	C:\Users\nitro_000\documents\visual studio 2015\Projects\Task3\Debug\Task3.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2017-Feb-21 00:52:16
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x125f78`
PointerToRawData	`0xd0778`

TLS Callbacks

StartAddressOfRawData	`0x532000`
EndAddressOfRawData	`0x532208`
AddressOfIndex	`0x52e848`
AddressOfCallbacks	`0x50fb84`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x5c`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x52c084`
SEHandlerTable	`0`
SEHandlerCount	`0`

RICH Header

XOR Key	`0x7b01012c`
Unmarked objects	`0`
241 (40116)	`14`
243 (40116)	`157`
242 (40116)	`29`
ASM objects (VS2015 UPD3 build 24123)	`22`
C++ objects (VS2015 UPD3 build 24123)	`58`
C objects (VS2015 UPD3 build 24123)	`34`
Imports (65501)	`3`
Total imports	`98`
C++ objects (VS2015 UPD3.1 build 24215)	`1`
Resource objects (VS2015 UPD3 build 24210)	`1`
Linker (VS2015 UPD3.1 build 24215)	`1`

Errors

[*] Warning: Section .textbss has a size of 0!