a900819e5c42faf6c56562cab1a90ade

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2000-Oct-06 02:50:24
Debug artifacts ke\Debug\CarMake.pdb

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
InstallShield 2000
MASM/TASM - sig1(h)
Microsoft Visual C++
Microsoft Visual C++ v6.0
Microsoft Visual C++ v5.0/v6.0 (MFC)
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
Functions which can be used for anti-debugging purposes:
  • FindWindowA
Suspicious The file contains overlay data. 45 bytes of data starting at offset 0x111000.
Safe VirusTotal score: 0/69 (Scanned on 2018-09-30 16:52:08) All the AVs think this file is safe.

Hashes

MD5 a900819e5c42faf6c56562cab1a90ade
SHA1 d533a6805b5a227a743ceeba66f519f2f165bfe3
SHA256 95f9ffaae424b4aaf145bd1ab31b0776c8b67de51303c5337d5ee806b613596c
SHA3 05377688b75c5e39c2d2ab27a82e24c9186bfc5079499e28bc05047ea635566e
SSDeep 24576:QItBJYXUyZhvS6uv6OfOM6h89S41ZKV593tB:QsJYG6uczhctZKV5N
Imports Hash 92dcc9617ec8dfb3ec6a65ef7c681891

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xd8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2000-Oct-06 02:50:24
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0xf7000
SizeOfInitializedData 0x3c000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00078E80 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x1000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x134000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 ad9744fef43cf10b3f80ac3b73cc2759
SHA1 043e5ab7aedf9e9febbe4164464ee61d5454bb34
SHA256 83e6ee103c72e78405f92a6b6559613b56432aeab70795292e7bd08503d3d36f
SHA3 984d392cb4b08389356298efef76efdfb4ed0fc5f2b6eb0f33a95aaf598d95ed
VirtualSize 0xf6bc0
VirtualAddress 0x1000
SizeOfRawData 0xf7000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.31988

.rdata

MD5 5e04c06fbbafbae96851ccdcc92c4b98
SHA1 6b3c400c24516a66eb1393c7f89fa1d2eb3156f6
SHA256 42efa3055294ebe7210702b4b31a87338e1a975541e5ae9feecc264a1f8d0700
SHA3 f2a8557d8670ad48b4e98a001d8320ef8f1a2a16114e11343d13457d97176e65
VirtualSize 0xba5e
VirtualAddress 0xf8000
SizeOfRawData 0xc000
PointerToRawData 0xf8000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.3116

.data

MD5 b082f79b3b914b852f36c5cd74ee0992
SHA1 0ee1297d33433dc44774d1041fcefd666eee7bc9
SHA256 3bdd0a3275905ea2a42abfe26b6e54b4a93e1ed7fa83cfeb28ab31feba77994a
SHA3 27c0af2392357f184646e21a653c3d0afdbcd4b0d74169d1008453e562b0b162
VirtualSize 0x28ca8
VirtualAddress 0x104000
SizeOfRawData 0x6000
PointerToRawData 0x104000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.95532

.idata

MD5 b26e45d053aa490150bd813a83d74078
SHA1 8a79425b1c375fd63994242e1377c3ba9ca8e472
SHA256 b2881d12ba5dde66a8debcca67dd8cc5be39201f5b5305026d190ce517faa31c
SHA3 2b7c0567a04bc54fabefac724c3ea7410d85d7d0426f57180c7983becd4721c5
VirtualSize 0xd88
VirtualAddress 0x12d000
SizeOfRawData 0x1000
PointerToRawData 0x10a000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.08553

.reloc

MD5 0bea091ed2dc9158bc57c770b4ca5582
SHA1 947902a82e626de13e2cff2adf5ea4fd9b7e2192
SHA256 30b1a4fbd39b3915400ae5d8924bda23b5cf8e03df3c22beb74e9abf5fc9ed0c
SHA3 852029e664e13ca0333b9593561ae4066907fd2f04c919bfbed4b23d532c31a6
VirtualSize 0x5fff
VirtualAddress 0x12e000
SizeOfRawData 0x6000
PointerToRawData 0x10b000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.71096

Imports

KERNEL32.dll FindFirstFileA
GetTickCount
Sleep
GetModuleFileNameA
SetConsoleTitleA
GetConsoleScreenBufferInfo
GetStdHandle
GetModuleHandleA
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemInfo
GlobalMemoryStatus
FileTimeToSystemTime
FileTimeToLocalFileTime
ExitProcess
TerminateProcess
GetCurrentProcess
RtlUnwind
IsBadWritePtr
IsBadReadPtr
HeapValidate
GetStartupInfoA
GetCommandLineA
GetVersion
GetLastError
GetFileAttributesA
CloseHandle
WriteFile
ReadFile
SetFilePointer
SetHandleCount
GetFileType
GetCurrentProcessId
InterlockedDecrement
OutputDebugStringA
InterlockedIncrement
HeapAlloc
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
FindClose
MultiByteToWideChar
LCMapStringA
LCMapStringW
RaiseException
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
FlushFileBuffers
SetStdHandle
SetEndOfFile
SetConsoleCtrlHandler
SetUnhandledExceptionFilter
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
CompareStringA
CompareStringW
SetEnvironmentVariableA
FindNextFileA
DebugBreak
CreateFileA
WideCharToMultiByte
USER32.dll CreateWindowExA
GetClientRect
SetFocus
SetWindowPos
GetSystemMetrics
SetForegroundWindow
SendMessageA
InvalidateRect
ShowWindow
RegisterClassA
UnregisterClassA
FillRect
FindWindowA
DestroyWindow
GetMessageA
PeekMessageA
DispatchMessageA
TranslateMessage
SetCursor
DefWindowProcA
BeginPaint
EndPaint
GDI32.dll DeleteObject
SelectObject
CreateSolidBrush

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2000-Oct-06 02:49:19
Version 0.0
SizeofData 45
AddressOfRawData 0
PointerToRawData 0x111000
Referenced File ke\Debug\CarMake.pdb

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x43cb13f1
Unmarked objects 0
12 (7291) 2
14 (7299) 37
C objects (VS98 build 8168) 175
Unmarked objects (#2) 1
19 (8034) 7
Total imports 98
C++ objects (VS98 build 8168) 90

Errors