Manalyze report for a584b067b9238a5140b77a43bbbcf0b2

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2019-Mar-25 08:09:40
TLS Callbacks	2 callback(s) detected.

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA`
Safe	VirusTotal score: 0/71 (Scanned on 2020-02-12 10:07:41)	`All the AVs think this file is safe.`

Hashes

MD5	`a584b067b9238a5140b77a43bbbcf0b2`
SHA1	`decda061e675a6a02c47bfa6a14c0872b728f6b8`
SHA256	`c61f309fe9fc09f031ec076114e103e4cb7be395d1899a2e6e182c2318c1f389`
SHA3	`20298bf65586d8d90a04ff75cde11b5ad318d2606d3609c9df51806e2ff0fc16`
SSDeep	`24576:DltG0t3aio1Kr+sJV7oNOW+iXBnvZQN5F04m9l4lWz:faio+oZEWlMW`
Imports Hash	`028e6d86f78d3d31fd1decd6acc7553d`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	2019-Mar-25 08:09:40
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0xfc200`
SizeOfInitializedData	`0x15ba00`
SizeOfUninitializedData	`0x1200`
AddressOfEntryPoint	`0x000012D0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xfe000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x163000`
SizeOfHeaders	`0x400`
Checksum	`0x165804`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`35c2f6fd44fe5281b8442c8df779415c`
SHA1	`40b1a45e730dc42895467070b45a96ae3314aed6`
SHA256	`df781f038502fdcccde949cdddd1c00f675637dbd03c1965d4be953495598a9c`
SHA3	`0f993de4e6763a195d2748f14ea172c481acaa18b03d48b8ae1b509beac18b8a`
VirtualSize	`0xfc0dc`
VirtualAddress	`0x1000`
SizeOfRawData	`0xfc200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.33041`

.data

MD5	`5e7d6b4849d466e246e062bfdafbb4ec`
SHA1	`f292b0cb9aa05cc21e1a219b77fc0d810860bd8f`
SHA256	`bee46fb0097e9355e8646eba54f6866a288e28490273a3a4baa646f651e4a1fb`
SHA3	`974c6504d37a377206a03ed13a4614673a8a754250ecdef673a40776592d4999`
VirtualSize	`0x1b04`
VirtualAddress	`0xfe000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0xfc600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.299531`

.rdata

MD5	`1477c9a770c974793ac942b974ec9ddd`
SHA1	`6eff0f3942208c5acda086c45b49c4a37fbe69a2`
SHA256	`507e0f899d6f254c20b7cff004c75050dd092048e909dfd6629be50004623e02`
SHA3	`f0aec27fea2b95ac11503fccb9d70eeceed32eff0eef600fc8974b56ad652104`
VirtualSize	`0x1405c`
VirtualAddress	`0x100000`
SizeOfRawData	`0x14200`
PointerToRawData	`0xfe200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.68008`

.eh_fram

MD5	`287f94ccfdd35c15f9a35c4812bf20de`
SHA1	`5dad3791c59cbe155d4c41d2c52510c9ac5af0b3`
SHA256	`a846739aa06a39cd0c8b26088880e7545928ad31eeec8e5694ad073ce3209d5b`
SHA3	`b4408f3e1a7ba4befe3233b12bd0c51e2b7ab2ce8e7caaacbe16651f237418d3`
VirtualSize	`0x489e8`
VirtualAddress	`0x115000`
SizeOfRawData	`0x48a00`
PointerToRawData	`0x112400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.85889`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x10e0`
VirtualAddress	`0x15e000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`0a42dc9f91c01d7cb8d2d800c81dff3f`
SHA1	`74fdeb82db08711d9f06b29dda14465ee2f35463`
SHA256	`6152435f9891f8091756d0f148027520b652541924b5420158bc6481539ca40f`
SHA3	`c0d072f6e17d0b1158e775044b91cc142e744865bf6f4a5090ab269496a28076`
VirtualSize	`0xbe0`
VirtualAddress	`0x160000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x15ae00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.96009`

.CRT

MD5	`22a5638eff8abfa18424be6bfbd029d9`
SHA1	`3a3a5a905490da9b545f417ebd8da6345be682fa`
SHA256	`399dc4cba49cacf8422db1e07dd28048a2b7976f098cd922196c91bf2ed56bad`
SHA3	`5f69e7676b959d7639f5501c7579904c16818b1ae3c103c6962bee62e1721193`
VirtualSize	`0x18`
VirtualAddress	`0x161000`
SizeOfRawData	`0x200`
PointerToRawData	`0x15ba00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.114463`

.tls

MD5	`310cb54b894bda104b22065156b71167`
SHA1	`40e905be8e07b353e2bc63c60ed5b6860975b69c`
SHA256	`a6a1279aff674bf06b7437546fced5d7ed114e7488489de51bad84dc0777d00b`
SHA3	`d77b1dfeadf2a776bf2b2212a38ca825c043890a94297213051b224817235c44`
VirtualSize	`0x20`
VirtualAddress	`0x162000`
SizeOfRawData	`0x200`
PointerToRawData	`0x15bc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.231158`

Imports

KERNEL32.dll	`CloseHandle` `CreateSemaphoreW` `DeleteCriticalSection` `EnterCriticalSection` `ExitProcess` `FindClose` `FindFirstFileA` `FindNextFileA` `FreeLibrary` `GetCommandLineA` `GetCurrentThreadId` `GetLastError` `GetModuleHandleA` `GetProcAddress` `InitializeCriticalSection` `InterlockedDecrement` `InterlockedExchange` `InterlockedIncrement` `IsDBCSLeadByteEx` `LeaveCriticalSection` `LoadLibraryA` `MultiByteToWideChar` `ReleaseSemaphore` `SetLastError` `SetUnhandledExceptionFilter` `Sleep` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `VirtualProtect` `VirtualQuery` `WaitForSingleObject` `WideCharToMultiByte`
msvcrt.dll	`_fdopen` `_fstat` `_lseek` `_read` `_strdup` `_stricoll` `_write`
msvcrt.dll (#2)	`_fdopen` `_fstat` `_lseek` `_read` `_strdup` `_stricoll` `_write`

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData	`0x562001`
EndAddressOfRawData	`0x56201c`
AddressOfIndex	`0x55e5b0`
AddressOfCallbacks	`0x561004`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x00449080` `0x00449030`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!