Manalyze report for 9f8850850ce34d14f08881a9b33b6ed6

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1970-Jan-01 00:00:00
Detected languages	English - United States

Plugin Output

Suspicious	The PE is possibly packed.	`The PE only has 0 import(s).`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`9f8850850ce34d14f08881a9b33b6ed6`
SHA1	`3350f5d864ce50893883d057436c2e0cca42bebe`
SHA256	`cb8633767e2f445db8c890a29af434a02105ff995de42660e2bd31944d906cbc`
SHA3	`b355fcaaec61c6f6f1d63edf02719e7ed4da81c2d63cc566005f40739f027ff1`
SSDeep	`12288:9+tgiIIxPaUBNIhUgre17Q8W1X/XC588rNql:9++iIhUkhBrd8ZRK`
Imports Hash	`d41d8cd98f00b204e9800998ecf8427e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`5`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x91e00`
SizeOfInitializedData	`0xa000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000064270 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xa0000`
SizeOfHeaders	`0x400`
Checksum	`0x9f81a`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`5833818ae42de78f19861e4156b2436c`
SHA1	`a0be4c0c69ca34ddd3c375e59dfe45eae7e63e42`
SHA256	`d08522ef50e2629a076536f177e3913d2c9ef987c2adc1e610a3661cd01715b9`
SHA3	`fcdfe2fc3e17d3bcc9758bb2e2cd32f3ae27af04b9a0dfff2b698c9ebcfb02d5`
VirtualSize	`0x91cb4`
VirtualAddress	`0x1000`
SizeOfRawData	`0x91e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.85984`

.data

MD5	`d173e3e909912a358653eae648295b01`
SHA1	`fb1ecfee79a57fa95790a2fce9841919d65ce3ab`
SHA256	`b5568bf7ae9a8e4e4745c887e8329fda24fa2c67136aeb5fab751e3b52c9a0f3`
SHA3	`82c548551f9a4c5db426f61aca4bc70849acc344acd0d88d4257b15c16b8f52b`
VirtualSize	`0x6316`
VirtualAddress	`0x93000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x92200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.2246`

.pdata

MD5	`1bb6dc4b28b7daf2d3c95ec2eb044597`
SHA1	`d7222ea93d16d8a6e04a8fb40852bf71b3ed9065`
SHA256	`cb364ff074b18e03cade99ee92b757549255073b9232ce19746360f6da956a47`
SHA3	`dabd436f3ed7f4faffd302aa7c27b280cd7e2ce03444da76f72b43fb01b1f334`
VirtualSize	`0x3324`
VirtualAddress	`0x9a000`
SizeOfRawData	`0x3400`
PointerToRawData	`0x93000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.75379`

.rsrc

MD5	`47073ab0f41674365afed1b0d7cc6cd5`
SHA1	`d468492a8bded4049455a2a7be9b00efc9836756`
SHA256	`d30305e1e22547a9c72596d70d789b62782e905b6e7286398a55523c00cab087`
SHA3	`242ce4602f824c4e537efd5179c2452ae023bfb8fc8bc2b91d54bcbf450e7c64`
VirtualSize	`0x1e8`
VirtualAddress	`0x9e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x96400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.76813`

.reloc

MD5	`966b23d95f17a77169e22c90790e3ca1`
SHA1	`f7b7974bd60c2e3f25752956651c54f77886a469`
SHA256	`0c6de2af526bd2394d2ad78538cd94a3316a1d6d1aa34829b05050be4e264403`
SHA3	`eecf138e1e30a15159fd62789fa441f7a4856f31c80adaf25e5b0f71fc102ebb`
VirtualSize	`0x4dc`
VirtualAddress	`0x9f000`
SizeOfRawData	`0x600`
PointerToRawData	`0x96600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.89719`

Imports

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

Version Info

TLS Callbacks

Load Configuration

RICH Header

9f8850850ce34d14f08881a9b33b6ed6

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors