Manalyze report for 9a2a586a9f5a9325ff6a4afb057f4285

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2023-Dec-10 00:05:01
Detected languages	English - United States
Debug artifacts	RBLD02\C$\BuildArea\GFramme_GT_11.01.2302.00017\g3e\bin\ExtractUtility.pdb
CompanyName	intergraph
ProductName	ExtractUtility
FileVersion	`1.00`
ProductVersion	`1.00`
InternalName	ExtractUtility
OriginalFilename	ExtractUtility.exe

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual Basic 5.0` `Microsoft Visual Basic v5.0/v6.0` `Microsoft Visual Basic v5.0 - v6.0`
Suspicious	The file contains overlay data.	`99 bytes of data starting at offset 0x14000.`

Hashes

MD5	`9a2a586a9f5a9325ff6a4afb057f4285`
SHA1	`f5bb86723554a42aa682910aa13300f5d46df1e0`
SHA256	`d1ff487e061002967896ef11ee3096447310d878adbd0197996ef39be7c33939`
SHA3	`4b0a13567fd026aaa6afffbfa3e05abbe1096c2ac49b83be1857049ed01d110e`
SSDeep	`1536:zRzRbQCgulNmbjsPKSaSTQQ71MZqr0tFB:pRbrwUPKmsQgFB`
Imports Hash	`31f30a42bad3eca48505758e92ec1bfe`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xc8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2023-Dec-10 00:05:01
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x11000`
SizeOfInitializedData	`0x2000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001818 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x12000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x15000`
SizeOfHeaders	`0x1000`
Checksum	`0x14065`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`313f387f21a125ce7cbc0c4b2b0b689f`
SHA1	`b376edee560815386290676dea3855b0e3e85e46`
SHA256	`eefcf8fabbb914b4b88264379870338deebd5260698c7c5937390e86494c950a`
SHA3	`d7fd55925d9dca6f14b927a7ef93f03d773cb7b6804c59886f1f4c9a88791d34`
VirtualSize	`0x10720`
VirtualAddress	`0x1000`
SizeOfRawData	`0x11000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.31889`

.data

MD5	`620f0b67a91f7f74151bc5be745b7110`
SHA1	`1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d`
SHA256	`ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7`
SHA3	`a99f9ed58079237f7f0275887f0c03a0c9d7d8de4443842297fceea67e423563`
VirtualSize	`0x12e0`
VirtualAddress	`0x12000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x12000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`57e9ad05fbfc7b608a8a1a011ac01f0b`
SHA1	`db459e536dc8d890c444cd370a41426d0ad09d1d`
SHA256	`e311ace507a27a73fd54c260d8c1b5f1884ec273666df8ff39b9597a3c36b200`
SHA3	`d24d2ea2ea4f03aed21a33221cc15cdf5fcf36221f3c83891a13be6981d58ad8`
VirtualSize	`0xebc`
VirtualAddress	`0x14000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x13000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.98263`

Imports

MSVBVM60.DLL	`#582` `__vbaVarSub` `#583` `__vbaStrI2` `_CIcos` `_adj_fptan` `#585` `__vbaVarMove` `__vbaStrI4` `__vbaVarVargNofree` `__vbaFreeVar` `__vbaStrVarMove` `__vbaLenBstr` `__vbaFreeVarList` `_adj_fdiv_m64` `__vbaFreeObjList` `__vbaStrErrVarCopy` `_adj_fprem1` `__vbaResume` `__vbaCopyBytes` `__vbaStrCat` `__vbaLsetFixstr` `__vbaSetSystemError` `__vbaHresultCheckObj` `#556` `__vbaLenVar` `#558` `_adj_fdiv_m32` `__vbaAryDestruct` `__vbaLateMemSt` `#592` `__vbaExitProc` `__vbaOnError` `__vbaObjSet` `#595` `_adj_fdiv_m16i` `__vbaObjSetAddref` `_adj_fdivr_m16i` `__vbaVarIndexLoad` `__vbaFpR4` `#520` `__vbaBoolVarNull` `__vbaRefVarAry` `_CIsin` `#709` `#631` `__vbaVarCmpGt` `#632` `__vbaLateMemStAd` `__vbaChkstk` `#526` `__vbaFileClose` `__vbaGenerateBoundsError` `__vbaVarAbs` `#528` `__vbaStrCmp` `__vbaAryConstruct2` `__vbaVarTstEq` `#560` `#561` `__vbaObjVar` `__vbaI2I4` `DllFunctionCall` `#563` `__vbaVarLateMemSt` `#670` `__vbaCastObjVar` `__vbaLbound` `_adj_fpatan` `__vbaFixstrConstruct` `__vbaLateIdCallLd` `__vbaStrR8` `_CIsqrt` `__vbaVarAnd` `__vbaObjIs` `__vbaVarMul` `__vbaExceptHandler` `__vbaStrToUnicode` `__vbaPrintFile` `_adj_fprem` `_adj_fdivr_m64` `__vbaVarDiv` `#607` `__vbaI2Str` `#608` `#716` `__vbaFPException` `__vbaStrCompVar` `__vbaStrVarVal` `__vbaUbound` `__vbaVarCat` `__vbaI2Var` `_CIlog` `__vbaErrorOverflow` `__vbaFileOpen` `__vbaR8Str` `__vbaNew2` `#648` `__vbaInStr` `_adj_fdiv_m32i` `_adj_fdivr_m32i` `__vbaStrCopy` `__vbaVarCmpLt` `__vbaFreeStrList` `_adj_fdivr_m32` `__vbaPowerR8` `__vbaR8Var` `_adj_fdiv_r` `#685` `#100` `__vbaVarTstNe` `__vbaI4Var` `__vbaVarCmpEq` `__vbaLateMemCall` `__vbaStrToAnsi` `__vbaStrComp` `__vbaVarDup` `#614` `__vbaCheckTypeVar` `#616` `__vbaFpI4` `__vbaVarLateMemCallLd` `#617` `__vbaLateMemCallLd` `_CIatan` `__vbaStrMove` `__vbaCastObj` `__vbaStrVarCopy` `__vbaR8IntI4` `#619` `_allmul` `_CItan` `_CIexp` `__vbaFreeStr` `__vbaI4ErrVar` `__vbaFreeObj` `#581`

Delayed Imports

30001

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x130`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.57965`
MD5	`a20d09bee9b4207ad5a3b67a78c1dce3`
SHA1	`ca85fbf532389887f3837bbadd1c579040b99c8b`
SHA256	`2d3915cdc82e909357d44c4de1b8890bd753605c28df11b10299e3fd09d930b9`
SHA3	`e3b2b0325b24bb74af126af0863b39a6e63c08820f69cf0ae582a31bfc1052db`

30002

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.76987`
MD5	`24799ca590d42134e7103b06d46fd960`
SHA1	`4af9a0fe3b7371abc50a18e851f3122fce9a2ffa`
SHA256	`a32e750bc1b0315530097434a7e1d324b843e1f5ffd95238b49d3a8aa8e6fe09`
SHA3	`9a17698629ef5e7a1c567a9669be74aa2c9d8356ecfba40c48811e4dcf5ea875`

30003

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.07177`
MD5	`e6c5053ba1c848d7e16701a2d08fb8c6`
SHA1	`f253482c0fa25197130f6475f2ded060527843bf`
SHA256	`46dc088910439dad6a0d69da5e64227d04a640845fd1c31e90a7d4340c539fe0`
SHA3	`1e6c369197dd1a466ea87357db49ec559ecf82c0c3fa13af1a383445945861e6`

1

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x30`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.97836`
Detected Filetype	Icon file
MD5	`835a20def9b2661b64b8ac06b4901f36`
SHA1	`70732dac88537f00c89d105f986ef843d3aca818`
SHA256	`cbdcb84268fcf2a25b844c1dca787de835c0376e82c1a2e62814a3c940a26cfb`
SHA3	`9a2de99425a7e2086c65d82719bf44696cfe58b8077ce214e814ceeeb78ba1f4`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x484`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.92223`
MD5	`687a4db8f8e024ef11b7100228037c77`
SHA1	`03b02d3933ee9ce9dd6f37666bfdbf78e491cfc0`
SHA256	`573a32976480300e822f7e7ec08838eb0e3f50b1ffffc3c2eaf5591b6c33aeaf`
SHA3	`c30bd259769672de90ec0f6869e367f077fd7166564a72486a22bb9292f017ff`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x338`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.12869`
MD5	`09d93aeb66cd2cc4c14822626b2d236f`
SHA1	`f85112194a933a11d69047d5f1f188e2daad0e7a`
SHA256	`95f627398a62c01d60ff460bec9b670c189b7e311d76417022b831865adfed18`
SHA3	`ce56201f0a7db1c7aeb3d7d2dc824d7498783b05220d6037917c64b3bce1c5d3`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	11.1.2302.16
ProductVersion	11.1.2302.16
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	intergraph
ProductName	ExtractUtility
FileVersion (#2)	1.00
ProductVersion (#2)	1.00
InternalName	ExtractUtility
OriginalFilename	ExtractUtility.exe

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2023-Dec-10 00:05:01
Version	`0.0`
SizeofData	`99`
AddressOfRawData	`0`
PointerToRawData	`0x14000`
Referenced File	RBLD02\C$\BuildArea\GFramme_GT_11.01.2302.00017\g3e\bin\ExtractUtility.pdb

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x9aca5793`
Unmarked objects	`0`
14 (7299)	`1`
9 (8783)	`9`
13 (VS98 SP6 build 8804)	`1`

Errors

[*] Warning: Raw bytes from section .text could not be obtained.
[!] Error: [plugin_virustotal] VirusTotal API access denied. Please verify that your API key is valid.