Manalyze report for abd29bc27f9a24bf915b2770d9b52c6f

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-Mar-10 08:06:09
Detected languages	English - United States Russian - Russia
CompanyName	НПП ТОПАЗ
FileDescription	Основная программа комплекса СКАТ
FileVersion	`1.0.01`
InternalName	Topaz32
LegalCopyright	©1999, НПП ТОПАЗБатенин В.А., Голубков А.Н., Коберниченко А.В., Козленко М.И., Козленко Е.Е., Кутырин О.И., Лобанов Н.В., Лысов А.А., Макридин А.В., Павленко Д.А., Петрова О.Л., Хотчинский С.Ф., Шебунин Д.Н.
LegalTrademarks	СКАТ (ТМ)
OriginalFilename	TOPAZ32.EXE
ProductName	СКАТ
ProductVersion	`1.0.01`

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .AKS1` `Section .AKS1 is both writable and executable.` `Unusual section name found: .AKS2` `Section .AKS2 is both writable and executable.` `Unusual section name found: .AKS3` `Section .AKS3 is both writable and executable.`
Suspicious	The PE contains functions most legitimate programs don't use.	`Leverages the raw socket API to access the Internet: #115` `Manipulates other processes: EnumProcesses`
Suspicious	The file contains overlay data.	`256 bytes of data starting at offset 0x436a00.` `The overlay data has an entropy of 7.16464 and is possibly compressed or encrypted.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`abd29bc27f9a24bf915b2770d9b52c6f`
SHA1	`e5db1b380d867f13d5d4ac8cf56763c36846d09e`
SHA256	`6f38434409c853cdec5beaf4444a3828cefec46e951babb1fb220a9bc2079f3d`
SHA3	`c95d9392f47dcce91232c2b7207b1036719590317b6f4e72a1807acad2709bc5`
SSDeep	`98304:I1D9QrOEIDJULFdKgOw0/Y6G5E/ZFmrTRluYaNvIO9:I1UIJiFdKgOw0g5E/ZUpluYA`
Imports Hash	`ea2f345a064261f470822dae7519ff9c`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2020-Mar-10 08:06:09
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`10.0`
SizeOfCode	`0x128e00`
SizeOfInitializedData	`0x58400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x006E3000 (Section: .AKS3)`
BaseOfCode	`0x1000`
BaseOfData	`0x12a000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x6e5000`
SizeOfHeaders	`0x400`
Checksum	`0x4461a8`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.AKS1

MD5	`2f3ea25852600023bb006105b3a61787`
SHA1	`4a8400462fb5f820b9799684a6863e1dbbb3f9d5`
SHA256	`e114927cb2292e3e65eb366c118f7f008506ff36e896bb5a361dd38e28189cac`
SHA3	`22b85fb234077c7400d6c36cbd9b478839ec854a5187e6fb81d5f0021247bbef`
VirtualSize	`0x184000`
VirtualAddress	`0x1000`
SizeOfRawData	`0x84a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.9997`

.AKS2

MD5	`84296ca0d1707e9ead2c289ee993e2bf`
SHA1	`517c97f61d66172b357df66797c01625c802243f`
SHA256	`b31fbea3f9df589bb9767daa674a8ce00b1b342e5b1d637e9f3733094ff62744`
SHA3	`aa35e69e8d12e009b1b4005989bbdc9b6f6d159ec3110a8457bdc3a37595b48d`
VirtualSize	`0x55e000`
VirtualAddress	`0x185000`
SizeOfRawData	`0x3b0600`
PointerToRawData	`0x84e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99599`

.AKS3

MD5	`1a4a54bf5ceb1dc12efc1641a9f40fc7`
SHA1	`d984b5b10f11a8fdc45c053843bb9544903c8dc7`
SHA256	`b4675921192e15b3eba49c2920f4aafe99bb298f21e97ee1f8a9e432e1394b03`
SHA3	`1d2f38eae1c16ef305cad0344ae6bab79f50cff9f1ac44224507ff192c6d17d1`
VirtualSize	`0x569`
VirtualAddress	`0x6e3000`
SizeOfRawData	`0x600`
PointerToRawData	`0x435400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.0736`

.rsrc

MD5	`40da142aaba9a7089346ff1da5637947`
SHA1	`7ab2e1aa07721a9cce1f9891243f7996afd7e9b5`
SHA256	`877457fd5f78b6ed4dcca83a0415cb917094999f03d0b62074e758a27f70cbb4`
SHA3	`605cb8749bcab2c0d04bff93815f556b52261e870430f5b7ed6f441354bf7b3f`
VirtualSize	`0xf83`
VirtualAddress	`0x6e4000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x435a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.39755`

Imports

KERNEL32	`GetModuleHandleA` `GetProcAddress`
user32.dll	`GetDC`
advapi32.dll	`GetAce`
iphlpapi.dll	`GetIfTable`
shell32.dll	`ILFree`
hid.dll	`HidP_GetCaps`
setupapi.dll	`SetupInstallFileA`
dhcpcsvc.dll	`DhcpIsEnabled`
dhcpcsvc6.dll	`Dhcpv6IsEnabled`
psapi.dll	`EnumProcesses`
wsock32.dll	`bind`
WS2_32.dll	`#115`
appcfg.dll	`ApcGetConfigA`
asys.dll	`GetFormatValue`
topazrtl.dll	`LogError`
driver.dll	`?SetOpt@TAccessDataDriver@@QAEHHPBX@Z`
odsrtl.dll	`OdsCommand`
odsutil.dll	`?OuGetTablesDir@@YAHAAVTStringA@@@Z`
fsutil.dll	`??1TNameVersificatorA@@QAE@XZ`
jobdata.dll	`GetAttrMMO`
topazdao.dll	`??0CDaoDatabaseBlank@@QAE@XZ`
cvtdlg.dll	`??0ConverterNotifierDialogFactory@@QAE@XZ`
jobfmgr.dll	`GetJobPath`
jobui.dll	`??0CDialogSelectJob@@QAE@XZ`
graph.dll	`??0gTask@@QAE@XZ`
Passmgr.dll	`AddAerInfo`
secur.dll	`??0TopazSecurity@@QAE@XZ`
EvTblTree.dll	`??1Blank@@QAE@XZ`
COMMGUI.dll	`??1TFillBar@@QAE@XZ`
Table.dll	`_TableEnd@8`
Tableview.dll	`??0model@@QAE@XZ`
topfile.dll	`??1TFile@@QAE@XZ`
unitdisp.dll	`??0FORM@@QAE@XZ`
bazdial.dll	`??0CBDKey@@QAE@XZ`
dtinfo.dll	`??1TBlankInfo@@QAE@XZ`
reftimerng.dll	`??0RefRange02@@QAE@XZ`
mfc100d.dll	`#311`
MSVCR100D.dll	`atoi`
MSVCP100D.dll	`?_BADOFF@std@@3_JB`
OLEAUT32.dll	`#330`
ole32.dll	`CoInitialize`
WINSPOOL.DRV	`ClosePrinter`
COMDLG32.dll	`PrintDlgA`
GDI32.dll	`EndDoc`
d3d9.dll	`Direct3DCreate9`
WINMM.dll	`sndPlaySoundA`
VERSION.dll	`VerQueryValueA`
RPCRT4.dll	`UuidCreate`

Delayed Imports

CompareBort

Ordinal	`1`
Address	`0xa76f0`

CompareName

Ordinal	`2`
Address	`0xa7c70`

SaveAirlan

Ordinal	`3`
Address	`0x99770`

SaveAirlan2

Ordinal	`4`
Address	`0x998c0`

SaveAirlanBe200

Ordinal	`5`
Address	`0x99b60`

SaveAirlanKa32

Ordinal	`6`
Address	`0x99a10`

SaveBDsys

Ordinal	`7`
Address	`0xf920`

SaveCompass

Ordinal	`8`
Address	`0x99620`

SaveResursTu

Ordinal	`9`
Address	`0x99cb0`

SaveResursTu142

Ordinal	`10`
Address	`0x99e00`

SaveResursTu160

Ordinal	`11`
Address	`0x9a1f0`

SaveResursTu22

Ordinal	`12`
Address	`0x9a0a0`

SaveResursTu95

Ordinal	`13`
Address	`0x99f50`

1

Type	`RT_ICON`
Language	Russian - Russia
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.66488`
MD5	`d00f69dcc4cff3df5f5ffa5557af6134`
SHA1	`fb92a51bee64fffe6f0f1cde12814923b477c822`
SHA256	`fd3f7d59882c5110374c01b467710e1630eac2f418cd86ec39dc05e8301e0f44`
SHA3	`c675de15f42fc04c43ef6802fe522d36fb945a2db61ba93b7dc2001eb2040e96`

200

Type	`RT_GROUP_ICON`
Language	Russian - Russia
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.16096`
Detected Filetype	Icon file
MD5	`42cf62b780813706e75fb9f2b2e8c258`
SHA1	`a022d5c1cfdd8aace0089f3e72f2eedd41bda464`
SHA256	`a0c9d012e2bf6b2fe05c2d97cb5594d97cf2f539e97935c12abd7a3562f4d9bf`
SHA3	`0aafc8e3d8b6bde595537da4ffe0efc5fe53f01dafe336a2a5828b6a71283d3c`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x464`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.5372`
MD5	`e08af032025a1d41252f5642320b84b6`
SHA1	`a01505704c5bb4a43ee59b80a50cd8704c8683f5`
SHA256	`b12d99a491460a321d69e6d34fc86cd0ebbe2e38a7f0f984e0115daa675004b0`
SHA3	`c44d39e89db8c3e176f361e33608c9ade31c077c764435faa8383a126d11aba0`

1 (#3)

Type	`RT_VERSION`
Language	Russian - Russia
Codepage	Latin 1 / Western European
Size	`0x47c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.18368`
MD5	`121423b04b27ad308f662e0783c329c5`
SHA1	`2435cd6123d4e3b87ef167f6a2a7f882b67fea32`
SHA256	`50b36f79ec6acca662c7b932814de79bbd076ae8c68910877a08a5851a44560e`
SHA3	`6c7029927baa6623c3b7324920b1943cb1a62360ee2756aa034ea58af8c24c86`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.94904`
MD5	`e54df675446f104f3e6153a586774b18`
SHA1	`2f5a10f15684b67189b923111f804cace29d5ae2`
SHA256	`45cb3493020782cfcd906fb9afbf72d7f973b6e425fc5d3bd88a429e8ea395b1`
SHA3	`0c19618a4c7e6c8a7d54b8702d0132f746eb83cfff35aa7a8d49792cfda314df`

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xdc12cebb`
Unmarked objects	`0`
C++ objects (VS2010 build 30319)	`5`
C objects (VS2008 SP1 build 30729)	`2`
ASM objects (VS2010 SP1 build 40219)	`8`
C objects (VS2010 SP1 build 40219)	`20`
152 (20115)	`15`
Imports (VS2010 SP1 build 40219)	`54`
Imports (VS2008 SP1 build 30729)	`29`
Total imports	`1847`
C++ objects (VS2010 SP1 build 40219)	`49`
Exports (VS2010 SP1 build 40219)	`1`
Resource objects (VS2010 SP1 build 40219)	`1`
Linker (VS2010 SP1 build 40219)	`1`

Errors

[*] Warning: Multiple nodes using the name Version Info in a dictionary.