Manalyze report for 9ccaac268c61ff6d23a62e7261062c89

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2023-Jan-29 14:48:05
Detected languages	English - United States
Debug artifacts	C:\Users\Corey\Downloads\Stealthy-Kernelmode-Injector-main\Stealthy-Kernelmode-Injector-main\Client\x64\Release\Client.pdb

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 8.0` `MASM/TASM - sig1(h)`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress LoadLibraryExA LoadLibraryA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowA`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`9ccaac268c61ff6d23a62e7261062c89`
SHA1	`1f5be87fe05663d2f1e6ce3379b5d043354820ec`
SHA256	`c08b0cd70904913830d6feb6b071d9f969aeb29ede9b1f1450f50855e7107055`
SHA3	`647af3908a3840d7cb37f5a9b3a4c3c6813c60d01bffc288337c52fe3ba7aff2`
SSDeep	`384:GvxpHmRiQuq1X2RXpUT4EiFLFcsCxzDf5Is9fQaMDYnN47aD3G3D0q:GCwQFQkCF2xzDB1fQGyI3A`
Imports Hash	`ee10bffc8bddcb441afb7063b031f6a3`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2023-Jan-29 14:48:05
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x3800`
SizeOfInitializedData	`0x3000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000003B40 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xb000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`15eeecc5b9baded381eb3003e43b4615`
SHA1	`32a908857d85429515bbb75abf5bc7eda46e98f3`
SHA256	`5086d612d648f94b1b24fe8fb6c0c5d4a55f92316d1e0fd5bf4c3c29618c8d00`
SHA3	`3e2f3d8158884cf5789679b9ea0dd6fab2cda1e0bb31140aeef4b57d94d9755a`
VirtualSize	`0x373a`
VirtualAddress	`0x1000`
SizeOfRawData	`0x3800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.29302`

.rdata

MD5	`c67e85df79ac549eeb3a6b2080de4fbf`
SHA1	`07835e6f75cb4d25ac3efb65daee1e73c12c4dcd`
SHA256	`d4a3db5d08aa9ed0fcbcf7c0ee0d6840339769dfef5835cd9d5b2f4b16d621f3`
SHA3	`c2cb3740b19d15c0564930a72b075d0a4985d7c20b8c6c6c541ee136a30dc559`
VirtualSize	`0x1f40`
VirtualAddress	`0x5000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x3c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.46222`

.data

MD5	`050c5355e87c36885a1e29ce9f95c30e`
SHA1	`492ab9ad7f6ddb480cda01122bb55bbbbf931d8e`
SHA256	`0df567ef0ac8ce8f3d14d701c6d2f14239418b4da6fc5f784e5e70b4b5150fbb`
SHA3	`83d74cdbeff172060f678533d428418c3f303c958062fcb8a5ae6fbcbd84fd45`
VirtualSize	`0x740`
VirtualAddress	`0x7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x5c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.04478`

.pdata

MD5	`99acde1b9a56c42e9bf1cb9c8e9544dc`
SHA1	`7c6d3597c3a08c798edc997233598e42ee065ffb`
SHA256	`9eb68bd3c7e1e6660d1b85adc5b85acb3daabf567318b695ae3e478defe1c823`
SHA3	`a8f8753e7bcd47fa40871ba147bea26393a131e11e6271f13d8dba82c1021bb3`
VirtualSize	`0x378`
VirtualAddress	`0x8000`
SizeOfRawData	`0x400`
PointerToRawData	`0x5e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.68688`

.rsrc

MD5	`fb20ae2a7910d36ef7e1ed0b22953dbf`
SHA1	`53b0a43a879cf778730d8bd7309f76d73d40a678`
SHA256	`3ecd84e2d8e73672dba01382283fde59898dcd230ee8af5d9870cef983142e6a`
SHA3	`6d192e7d311d72fa64237646e50ec96550f5043fa0e8a3ed75069671657a6958`
VirtualSize	`0x1e0`
VirtualAddress	`0x9000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.7015`

.reloc

MD5	`c6c33c7355ccca3b8ba3d12dc325cdf6`
SHA1	`9b938f453e54d9578770476d699b0b3aa55c061c`
SHA256	`06cba5652b9388cf480b0ffd6aad5a886183cfb4f351e4db02fc4eac82b15f80`
SHA3	`c7fb49c44d5351d0685ae56e4a63ab1a276ac5d44eb5129abdad231737ff8133`
VirtualSize	`0x58`
VirtualAddress	`0xa000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.22755`

Imports

KERNEL32.dll	`Sleep` `LoadLibraryW` `GetProcAddress` `VirtualFree` `VirtualAlloc` `LoadLibraryExA` `LoadLibraryA` `FreeLibrary` `ReadFile` `Thread32Next` `Thread32First` `GetModuleHandleA` `CreateToolhelp32Snapshot` `CreateFileA` `CloseHandle` `GetFileSize` `OpenThread` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `UnhandledExceptionFilter` `InitializeSListHead` `GetModuleHandleW` `IsDebuggerPresent`
USER32.dll	`SetWindowsHookExW` `UnhookWindowsHookEx` `FindWindowA` `GetWindowThreadProcessId` `PostThreadMessageW`
MSVCP140.dll	`?_Xlength_error@std@@YAXPEBD@Z`
ntdll.dll	`RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `RtlImageNtHeader`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`__current_exception` `__std_exception_copy` `_CxxThrowException` `__C_specific_handler` `memset` `__std_exception_destroy` `memcpy` `__current_exception_context` `memmove`
api-ms-win-crt-stdio-l1-1-0.dll	`__stdio_common_vfprintf` `_set_fmode` `__p__commode` `__acrt_iob_func`
api-ms-win-crt-runtime-l1-1-0.dll	`_c_exit` `_register_thread_local_exe_atexit_callback` `__p___argv` `__p___argc` `_configure_narrow_argv` `_initialize_narrow_environment` `_initialize_onexit_table` `_register_onexit_function` `_exit` `terminate` `_get_initial_narrow_environment` `_invalid_parameter_noinfo_noreturn` `exit` `_cexit` `_initterm_e` `_set_app_type` `_seh_filter_exe` `_initterm` `_crt_atexit`
api-ms-win-crt-heap-l1-1-0.dll	`malloc` `_callnewh` `_set_new_mode` `free`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2023-Jan-29 14:48:05
Version	`0.0`
SizeofData	`147`
AddressOfRawData	`0x5c50`
PointerToRawData	`0x4850`
Referenced File	C:\Users\Corey\Downloads\Stealthy-Kernelmode-Injector-main\Stealthy-Kernelmode-Injector-main\Client\x64\Release\Client.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2023-Jan-29 14:48:05
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x5ce4`
PointerToRawData	`0x48e4`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2023-Jan-29 14:48:05
Version	`0.0`
SizeofData	`720`
AddressOfRawData	`0x5cf8`
PointerToRawData	`0x48f8`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2023-Jan-29 14:48:05
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140007008`

RICH Header

XOR Key	`0x748d460b`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`10`
Imports (31823)	`6`
C++ objects (31823)	`25`
C objects (31823)	`10`
ASM objects (31823)	`3`
Imports (30795)	`7`
Total imports	`84`
C++ objects (LTCG) (31937)	`5`
Resource objects (31937)	`1`
Linker (31937)	`1`

9ccaac268c61ff6d23a62e7261062c89

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors