a335f3a7274026b41f4011e950bbf883

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2020-Apr-24 07:44:00
Detected languages English - United States
Debug artifacts C:\projects\win-ca\n-api\build\Release\roots.pdb

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
 Interacts with the certificate store:
  • CertOpenSystemStoreA
Safe VirusTotal score: 0/59 (Scanned on 2021-02-09 05:02:15) All the AVs think this file is safe.

Hashes

MD5 a335f3a7274026b41f4011e950bbf883
SHA1 5147df126157876c0acdcff418b7cdb0cbc8a766
SHA256 acd4ecab7554910c06d23df6b10430c713471121f051e7a08057bf8c047c6959
SHA3 ccf40f967bbb8ae5d5e24d5ea2f4ada85be25b7122897a7cd71bdbec91b05abb
SSDeep 1536:AvXkMiKuR/pzISPfz3pxvzFuW5ZZQjx97jFBrzMhdYqFCsWkcdw2VWQON7H:1RRkSPfDDvzkqZQ99XMhdXFOw2VWQa
Imports Hash c2bf577919dd6612d5edb061b6bc7ae8

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 6
TimeDateStamp 2020-Apr-24 07:44:00
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0xba00
SizeOfInitializedData 0x7e00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000013CD (Section: .text)
BaseOfCode 0x1000
BaseOfData 0xd000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.1
ImageVersion 0.0
SubsystemVersion 5.1
Win32VersionValue 0
SizeOfImage 0x18000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 8b15781f0b8a3949c0d642ae6bc6b314
SHA1 d16409218fb0f11d836b57b64a52387f934a22a7
SHA256 1bdc3527d00221ea3906f1115db83a3523a1e614fd67750de3648528647e56d2
SHA3 412e7de802374f8053f4a8af6808f6cc89342fe107b21fdf44791a2b1ecdefa5
VirtualSize 0xb9d7
VirtualAddress 0x1000
SizeOfRawData 0xba00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.62773

.rdata

MD5 c84ee0a52cd73c8f660887003a5717b4
SHA1 a0a4d9305ee4d038eed147d10043a1c3a24f7e6f
SHA256 994f8d5bfc7de35e7022e7b2d819a7e6048928fc990610b93c20d9a552ff2e35
SHA3 91565e2e120235956ad155d4a5ac1dc6671fe23c6bc73f2981e238679a2942ca
VirtualSize 0x57de
VirtualAddress 0xd000
SizeOfRawData 0x5800
PointerToRawData 0xbe00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.91546

.data

MD5 6f06e30de58f9622ce083ed7730dddd2
SHA1 67caeda1327f67ba5b4aa1bc2703c1c9e12458a8
SHA256 798cdebf4c35e7f2f8969a53db988cfae4117247ce777d0148ceed4d6dd1d0f3
SHA3 73231f9da079191d5f4f0231312dfa08dcbb9d38ff64eb65c06877a9ad22cebb
VirtualSize 0x11d0
VirtualAddress 0x13000
SizeOfRawData 0x800
PointerToRawData 0x11600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.03172

.gfids

MD5 f02918efeb183c0046122730b34715cd
SHA1 df98bf2bd796bc2283d7bc185dcd08663784650a
SHA256 3ca62ba9dd7de7bf0b4e063ee1bd9af85e0e030fec3235ab580acfd3cde02500
SHA3 8c2b3aee64a9a9ef4b126e728e53e15130b58969ca0d53d162b0d7fa60de1370
VirtualSize 0xac
VirtualAddress 0x15000
SizeOfRawData 0x200
PointerToRawData 0x11e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.41661

.rsrc

MD5 c970c10a1e848ee974b87923ecbe6a2f
SHA1 6ec2704ce400703f30cf17cd7f5fb2ff7e4f9d67
SHA256 89f09174fd3a95dbea4b9e942ebd1106fa66ab65b71e2f1b47ad03120f498cd6
SHA3 3f834a2458f6aff655a398bb54821be6722cecca1ad1d0c3f33d8ef5408ca9d5
VirtualSize 0x1e0
VirtualAddress 0x16000
SizeOfRawData 0x200
PointerToRawData 0x12000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.70616

.reloc

MD5 e7ba153413555c2df55ac72be8dcb4fa
SHA1 e706e4283e93b9a7144b3d74da3fc35ea78a5a24
SHA256 c7031b0517dda51fc4f96c4a3286209bcd6545d2f9d70cd7241ea39ff4e51e12
SHA3 aad44f73a85cf013b2fe146e3a210be19c56b1cf0bb4a72d60811e870c28c38d
VirtualSize 0xe34
VirtualAddress 0x17000
SizeOfRawData 0x1000
PointerToRawData 0x12200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.13713

Imports

KERNEL32.dll UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
GetACP
HeapFree
HeapAlloc
GetFileType
CloseHandle
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
CompareStringW
LCMapStringW
SetStdHandle
GetStringTypeW
GetProcessHeap
GetConsoleCP
GetConsoleMode
SetFilePointerEx
HeapSize
HeapReAlloc
FlushFileBuffers
WriteConsoleW
CreateFileW
DecodePointer
RaiseException
CRYPT32.dll CertCloseStore
CertOpenSystemStoreA
CertEnumCertificatesInStore

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2020-Apr-24 07:44:00
Version 0.0
SizeofData 73
AddressOfRawData 0x11a7c
PointerToRawData 0x1087c
Referenced File C:\projects\win-ca\n-api\build\Release\roots.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2020-Apr-24 07:44:00
Version 0.0
SizeofData 20
AddressOfRawData 0x11ac8
PointerToRawData 0x108c8

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2020-Apr-24 07:44:00
Version 0.0
SizeofData 696
AddressOfRawData 0x11adc
PointerToRawData 0x108dc

TLS Callbacks

Load Configuration

Size 0x5c
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x413004
SEHandlerTable 0x411a70
SEHandlerCount 3

RICH Header

XOR Key 0xea3efeef
Unmarked objects 0
241 (40116) 9
243 (40116) 122
242 (40116) 24
ASM objects (VS2015 UPD3 build 24123) 17
C++ objects (VS2015 UPD3 build 24123) 29
C objects (VS2015 UPD3 build 24123) 17
Imports (65501) 5
Total imports 88
264 (24241) 2
Resource objects (VS2015 UPD3 build 24210) 1
Linker (24241) 1

Errors

<-- -->