Manalyze report for a2a928fa7450089b3071f7c3d3cfa053

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-Sep-21 10:33:14
Detected languages	Chinese - PRC English - United States
Debug artifacts	c:\x64_dbg\bin\x64\x64dbg_exe.pdb
FileDescription	x64dbg
FileVersion	`0.0.2.5`
LegalCopyright	x64dbg.com
ProductName	x64dbg
ProductVersion	`0.0.2.5`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: x64dbg.com`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA`
Info	The PE is digitally signed.	`Signer: Open Source Developer` `Issuer: Certum Code Signing CA SHA2`
Safe	VirusTotal score: 0/71 (Scanned on 2020-10-01 11:42:15)	`All the AVs think this file is safe.`

Hashes

MD5	`a2a928fa7450089b3071f7c3d3cfa053`
SHA1	`7cfb3a4cdf819243ab12911424e4c1e136a9b529`
SHA256	`4751d1706dd72ff97eff0fd206ae361d626f4f334f8e3d0c6bde3066b0cbca2b`
SHA3	`6ab63657b169daf8ebe2fa00661cd9aba6fff7b69c7ddc616ee40d49652ff3de`
SSDeep	`768:6HnKOK2UrRZhONUrMeJ5shJEHZGTYKaogXLKdS4EhFF6yP:oKP2UrdONUwew7EH0zasdPEp6yP`
Imports Hash	`661163ee5bfc34eb52e81688f60bae4f`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2020-Sep-21 10:33:14
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`12.0`
SizeOfCode	`0x1e00`
SizeOfInitializedData	`0xac00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000002440 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x11000`
SizeOfHeaders	`0x400`
Checksum	`0x181f2`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`7c191b3a17322a57eb994049a58f4d06`
SHA1	`8dbb4cf408f28c3e4bb02a026181a371318c6d62`
SHA256	`df922df9e70ea9e11a090cd765a2c9326d2e226a0cd6e17ed384f06da5ab5283`
SHA3	`bd5e69b82de0ea9a87111016c580b8178c2aee44cc854d5520f579d15457ca27`
VirtualSize	`0x1ccf`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.96854`

.rdata

MD5	`3c5b8d59fac11df191f1872ec5d52cdd`
SHA1	`91dce40e98088f843ec97a7297bf8f83bf3560e6`
SHA256	`51843ca312b52f822cf11c4ad641203c641a3b13e714039735ce19d9be6bc5f1`
SHA3	`6225522becbcc567a1aeea1a0bcd3e3adaa9c64e45a40ecae929f89a6ffed6f9`
VirtualSize	`0x16ca`
VirtualAddress	`0x3000`
SizeOfRawData	`0x1800`
PointerToRawData	`0x2200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.20067`

.data

MD5	`d1c9039f0124b7738af6824b868a67f6`
SHA1	`e2f96ebb0046703323162761c792d56a0c3734b9`
SHA256	`1e7b21819657079337203355d6bb0925748b98471ae539f9f9e6eeef059c8d14`
SHA3	`c08df6f1c159fdc47220666bad65a570452c49b2fd87a5cd5cc811cb77f05af8`
VirtualSize	`0x750`
VirtualAddress	`0x5000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.80068`

.pdata

MD5	`e89a8aba5050f10be1c431fe17057040`
SHA1	`64d501ee72698036a3fae64c88ba6bc800fb9c3e`
SHA256	`d756ac767d0d1bf01889268b4a16e525a6def134812ffdfddb7feab74bed472d`
SHA3	`2e37dfc29468483f9dd46fce2ae865450eea9fb4e04f6d05857b43bd8292d5be`
VirtualSize	`0x294`
VirtualAddress	`0x6000`
SizeOfRawData	`0x400`
PointerToRawData	`0x3c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.8035`

.rsrc

MD5	`e5d15f67bd7eeee179ee9fda11bfe87a`
SHA1	`5cb8574f277f57af96fb0dfca26a5403af7f6b1b`
SHA256	`f8826209e9c3e3f1414ab2e312edabd26dc29eb2b1f646d1f073c37e6aed7695`
SHA3	`fac919a7f7a3265eaafcda091a98cc60cf7f740ade19c17cc78f6182ba63d360`
VirtualSize	`0x8570`
VirtualAddress	`0x7000`
SizeOfRawData	`0x8600`
PointerToRawData	`0x4000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.90458`

.reloc

MD5	`ceb06c53113e77121af26c316caff45b`
SHA1	`3a8fe010bf53772615072111849f75dfccdccbdb`
SHA256	`fd9fd4af6e8259c1b3f838a5b032a5cc72e3f0721c5c25551f7a900a45adc3d1`
SHA3	`eec5831493b24c346b471c64f29bf6d3db9558b84e0cbc25182fddd9db6518c8`
VirtualSize	`0x70`
VirtualAddress	`0x10000`
SizeOfRawData	`0x200`
PointerToRawData	`0xc600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.50955`

Imports

KERNEL32.dll	`GetProcAddress` `GetCurrentProcess` `GetCurrentProcessId` `RaiseException` `SetUnhandledExceptionFilter` `GetCurrentThreadId` `GetLastError` `IsDebuggerPresent` `CloseHandle` `GetLocalTime` `LoadLibraryA` `GetModuleHandleA` `GetCurrentDirectoryW` `CreateDirectoryW` `CreateFileW` `QueryPerformanceCounter` `IsProcessorFeaturePresent` `DecodePointer` `EncodePointer` `GetSystemTimeAsFileTime`
USER32.dll	`MessageBoxW` `LoadStringW` `MessageBoxA`
x64bridge.dll	`BridgeStart` `BridgeInit`
MSVCP120.dll	`?_Winerror_map@std@@YAPEBDH@Z` `?_Xbad_alloc@std@@YAXXZ` `?_Xlength_error@std@@YAXPEBD@Z` `?_Xout_of_range@std@@YAXPEBD@Z` `?_Syserror_map@std@@YAPEBDH@Z`
MSVCR120.dll	`__crtSetUnhandledExceptionFilter` `_XcptFilter` `wcscat_s` `_set_purecall_handler` `_set_invalid_parameter_handler` `vswprintf_s` `?set_terminate@@YAP6AXXZP6AXXZ@Z` `signal` `_purecall` `??2@YAPEAX_K@Z` `??3@YAXPEAX@Z` `memmove` `?_type_info_dtor_internal_method@type_info@@QEAAXXZ` `__CxxFrameHandler3` `memcpy` `_vsnprintf_s` `_lock` `_unlock` `_calloc_crt` `__dllonexit` `__C_specific_handler` `_onexit` `_CxxThrowException` `__crtGetShowWindowMode` `_amsg_exit` `__getmainargs` `__set_app_type` `exit` `_exit` `_cexit` `_ismbblead` `_configthreadlocale` `__setusermatherr` `_initterm_e` `_initterm` `_acmdln` `_fmode` `_commode` `__crt_debugger_hook` `__crtUnhandledException` `__crtTerminateProcess` `__crtCapturePreviousContext` `?terminate@@YAXXZ`

Delayed Imports

105

Type	`AFX_DIALOG_LAYOUT`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`c4103f122d27677c9db144cae1394a66`
SHA1	`1489f923c4dca729178b3e3233458550d8dddf29`
SHA256	`96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7`
SHA3	`762ba6a3d9312bf3e6dc71e74f34208e889fc44e6ff400724deecfeda7d5b3ce`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x7a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.87573`
Detected Filetype	PNG graphic file
MD5	`226b191785ae85f2c23cf1b2a8b4e3e2`
SHA1	`1ad9cfa2e480f8a523f58db9b17e561363caabce`
SHA256	`b5a2e8c430e775f8ae470ce533c16ec6b52ee8b8dcfe01d8978b50735a12afa1`
SHA3	`2ad6ae1148892aaa73f62aa330979cb517d84b4f057b79885487c5b3f4114eb3`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xff4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.91528`
Detected Filetype	PNG graphic file
MD5	`55b35f708bce7442eea2e561513eb5c8`
SHA1	`72792359b80869c40766178fa6812cd66f32388d`
SHA256	`8c0b9f2787a485d5157430ff54e124290c14367fa7387abef6801a44735e00f1`
SHA3	`17cf959b5d0c33dfab21f5f6c4815cf25f5a919df389a02af398fb0b52efc9d5`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1fc8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.93324`
Detected Filetype	PNG graphic file
MD5	`d6caff635bb375d392ffca6561aa57a4`
SHA1	`58e1669e856b9fea83df695ec0760390481b7529`
SHA256	`4518f350ca4d6ee2ad037da7ea3946977158aace4327c990c036ba6466db960a`
SHA3	`6c73f1bbb425b83b4b57f952e3d7121e8c2db119e43b9d321bd078d54fd5a410`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.90268`
MD5	`a9e393fe90f31f1efaa75cf93e0db0be`
SHA1	`94ca6417e6f43e39a5fd3e822addc58b5a6434bb`
SHA256	`9c207f3b0445cad18cbbf8fc59af1375be01e766f1510bb06a0184f581c7ad23`
SHA3	`f92e6d486eb116fb66ca1c30e4cd503c1b3d797d16dc4ec4ab2f1ddc35e7f101`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.64762`
MD5	`60b026cb0fb4c2945529fd707cac5b7d`
SHA1	`52d40f35e7d3b56b576ebef24d0c192cc8d8557c`
SHA256	`452364b24c98e546ea6ae5bcc3cae969ad910b63bfd799aec20e6fddfd450fdd`
SHA3	`79c228df6eebfe0d9f306e05c777f48a81a31c673f3767bbe8081e61b083020a`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.36505`
MD5	`6c9e9b655d36de7cec6766ed7d60e727`
SHA1	`f886ebee2865eaa693433e610f94770ede06c3fe`
SHA256	`e115ca7a8c06dd14fbbc0a7362f0efb94429e3e665da21402ddb9e31fa8413b3`
SHA3	`58b189951a3256b25b975ba5e2a62433499b7be3d3edc548fd6587eebad8f24a`

105 (#2)

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xd2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.97172`
MD5	`092af784b79ede28ec517d032223dbe6`
SHA1	`ed48f128ed676e2716a70463f8a80702b0112c40`
SHA256	`5ad20688b035a2c92436bbf7b69e02532de6bdf2413e41593669023bd7070363`
SHA3	`10e061149cb1cde5526184750d1437e3f7194850c65e45d12c4a987b87641a3b`

7

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x18c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.19318`
MD5	`07687779b62182c644c178f193c3fb0e`
SHA1	`55f7ac5fded3671afeb9015ab0cfd07bb353e65b`
SHA256	`dbb5550753718b8204dab11b8c9b36265d943d09ce5e2599ab14dc81f3139e09`
SHA3	`cb7c109ab096df3f0a673784be3a0b4aeb0a5cc6b902e2b488d6eb022c621742`

7 (#2)

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x94`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.53266`
MD5	`c776fa51af46e1e9e451ebc88782b8dd`
SHA1	`8b32783bd0cca7ffc911d16138da68257601339f`
SHA256	`e8c99bf0ee2f90a4b44b5b81a5452b40e3651676704b719a64e6fb7ee42dcedb`
SHA3	`53ee361ce4c89ac58851760ec193446d3eb5826bf19bf225788bae389670be2a`

8

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2de`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39734`
MD5	`2d8077979fa66ea3bc70a72271208ae2`
SHA1	`4fe718c08c14ba03a1bcd97fe05d63f9672835ae`
SHA256	`8c5d8e43a89e7c53be8ec8b68983446e9bd8ecd92c0c7d665bf48d571989458a`
SHA3	`17e2b16c67a135b9a7db79302bc0744bf9fa85758138011313873b7c2e023bba`

8 (#2)

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x1b4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.47046`
MD5	`95c94c250b76b7d6c10bf22a805b1552`
SHA1	`948f22dc4a4fd9cc82d2377b98156f4ad957d909`
SHA256	`00fdf1f6d3638f95260970e00a02d97a0111f8012c4cede5c0c91aa0c69a1541`
SHA3	`5d5f168068a58f374aa0888c1a1054a22399aff7929b0d1f86ce8f5f888e2bab`

100

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.7631`
Detected Filetype	Icon file
MD5	`dc67e09f4abeb58d187abbf1be044619`
SHA1	`a606d3b5429a08403ba940a51f9defed67b26c31`
SHA256	`c7f3ffae3302c359c6cf1c981f15ea4683db89b35a19641323f78ff415573904`
SHA3	`0008fe412bb54cd557226ed5e777625005af55f3b9ebd370914072905e3909b9`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1e4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.26343`
MD5	`6938f27e6eb59c9fe557554de80a88a8`
SHA1	`f011b4a0881bf1f96ccdab5575cfae6e9a1ed67b`
SHA256	`9f065038a0c220add773b2803b4bdd57ba6c4f6ba53872b080955f854348ad3c`
SHA3	`3388ffa7e8a1404c66911f50f0b4926d8cec95754e5d98cd7087da8aa21e00ae`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5e1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.14646`
MD5	`93ec22e91389442a4fd271901050ea03`
SHA1	`3a91e978223cd6373fd54fb938638fdd41bb6258`
SHA256	`e5bf19e4cb90f0e5ea96d8a53ef47c98610bf1f61756a7e1851dac9462fc8e6e`
SHA3	`d760cfbf75ad8c67fcef67e4b7597c314fb5863ee2426ed95a2ec1da13459797`

String Table contents

Install
Error
Error getting module path!
Question
Do you want to register a shell extension?
Do you want to create Desktop Shortcuts?
Done!
New configuration written! Restart to use x64dbg.
安装
错误
获取模块路径时出错!
温馨提示
您想要为调试器注册右键菜单吗?
您想要创建桌面快捷方式吗?
完成!
新的配置已经写入!
Path to x32dbg not specified in launcher configuration...
Path to x64dbg not specified in launcher configuration...
Invalid PE File!
File not found or in use!
A Debugger for the future!
Running as Admin?
RegCreateKey failed!
RegSetValueEx failed!
RegOpenKeyEx Failed!
BridgeInit Error
Debug with x64dbg
Do you want to register the database icon?
BridgeStart Error
启动器的配置文件中没有指定x32dbg的路径...
启动器的配置文件中没有指定x64dbg的路径...
无效的PE文件!
文件没找到，或者已被占用!
一个面向未来的调试器!
您确定以管理员权限运行本程序了吗?
RegCreateKey 失败!
RegSetValueEx 失败!
RegOpenKeyEx 失败!
BridgeInit 发生错误
用x64dbg调试
您想为调试数据库设置图标吗？
BridgeStart 发生错误

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.0.2.5
ProductVersion	0.0.2.5
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileDescription	x64dbg
FileVersion (#2)	0.0.2.5
LegalCopyright	x64dbg.com
ProductName	x64dbg
ProductVersion (#2)	0.0.2.5

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2020-Sep-21 10:33:14
Version	`0.0`
SizeofData	`58`
AddressOfRawData	`0x37d0`
PointerToRawData	`0x29d0`
Referenced File	c:\x64_dbg\bin\x64\x64dbg_exe.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2020-Sep-21 10:33:14
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x380c`
PointerToRawData	`0x2a0c`

TLS Callbacks

Load Configuration

Size	`0x70`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140005020`

RICH Header

XOR Key	`0x156a5db2`
Unmarked objects	`0`
199 (41118)	`2`
ASM objects (20806)	`1`
C objects (20806)	`18`
C++ objects (20806)	`4`
221 (20806)	`4`
221 (VS2013 UPD5 build 40629)	`2`
Imports (VS2008 SP1 build 30729)	`5`
Total imports	`75`
C++ objects (VS2013 UPD5 build 40629)	`2`
Resource objects (VS2013 build 21005)	`1`
151	`2`
Linker (VS2013 UPD5 build 40629)	`1`

a2a928fa7450089b3071f7c3d3cfa053

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

105

1

2

3

4

5

6

105 (#2)

7

7 (#2)

8

8 (#2)

100

1 (#2)

1 (#3)

String Table contents

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

TLS Callbacks

Load Configuration

RICH Header

Errors