Manalyze report for ad4b07a4de1ec5798488e4828326820b

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2029-Oct-13 15:59:23
Debug artifacts	Embedded COFF debugging symbols

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `MASM/TASM - sig1(h)` `Microsoft Visual C++` `Microsoft Visual C++ v6.0` `Microsoft Visual C++ v5.0/v6.0 (MFC)`
Suspicious	PEiD Signature:	`ASPack v2.12`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Suspicious	The PE is packed with Aspack	`Section .text is both writable and executable.` `Unusual section name found: .aspack`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: FindWindowA` `Can access the registry: RegOpenKeyExA RegOpenKeyA RegSetValueExA RegCloseKey RegCreateKeyExA RegQueryValueExA`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`ad4b07a4de1ec5798488e4828326820b`
SHA1	`b65af35af59d83e69174fb3aee71efdca181f26c`
SHA256	`e97b019e9d9ed3d9b2bed50634f3b97e65ba402144db8d100cb5c249a6072318`
SHA3	`a10d4f5ce86d0b69788ed37054db95ec75ac07162a4b4903b26713c60bc623e0`
SSDeep	`12288:r7o/OlK9eWSCkdkW6sf6bOLEAiCejTcqouiEQwtev+Rf41AulbAp6fC2:r70YK5SCk5Ay4f/ouPtCKf41TbA4K`
Imports Hash	`114ad0e461fac14a08d85ebd38475e70`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2029-Oct-13 15:59:23
PointerToSymbolTable	`0x446b6361`
NumberOfSymbols	`1562469737`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0xd9000`
SizeOfInitializedData	`0x51000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000AE62D (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xda000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x12d000`
SizeOfHeaders	`0x600`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a9b85bf201ab484a4543a58a29ff940f`
SHA1	`fbe5e35f165b8330eabb3b323915aa4a2cc22599`
SHA256	`aa8d29d66f4a5f15b126a0c719ebd656d5492f653e7693f58de10ca4ef8283cc`
SHA3	`9ed1c558cdbf1ef8c9983be9e588d313532ec8b2a52b986ee38cff0fbf1a4b35`
VirtualSize	`0xd9000`
VirtualAddress	`0x1000`
SizeOfRawData	`0xd9000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.83946`

.rdata

MD5	`6b3ee1789205c14d126c119f07ccd9b3`
SHA1	`815e13450a3ddc67897a172e4e8f34a3b179ebfe`
SHA256	`ee020b965f02905c3f490948a792e27bbf16123cf9853087ace5c626791845c1`
SHA3	`11a7ae3a317a5f55329a024c5e768b12e66dd173858b9c12d6c3e58d889d44a8`
VirtualSize	`0xe000`
VirtualAddress	`0xda000`
SizeOfRawData	`0xe000`
PointerToRawData	`0xda000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.35919`

.data

MD5	`0ab1f7d5186e64660c575122143c9502`
SHA1	`7ac39ccfaba01fcbb2ac214e0c30c25ee7da1f5b`
SHA256	`0818bbbe07e9f07bdab0c2f3da59afb6646189f9caa39a0daafeb254b726de2f`
SHA3	`cadaddc4b6b0fd933ee5d28119cf607bda4328f70fd6c6e2e8f0b91f1ff56e25`
VirtualSize	`0x36000`
VirtualAddress	`0xe8000`
SizeOfRawData	`0x36000`
PointerToRawData	`0xe8000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.62725`

.idata

MD5	`1c4e3ec54e8c8c0defb3705b7f002d1e`
SHA1	`b999e5c13d46319cb2750687ddd6b758216d8efd`
SHA256	`a7518c5d2817b211eb7be66d5bccdf76aa7a112f5f3503cde871b956684617f5`
SHA3	`71d9b18e6664eb8cba6a7e194af92c74a277d5e9e751cd48764648adbea32960`
VirtualSize	`0x2000`
VirtualAddress	`0x11e000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x11e000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.11377`

.reloc

MD5	`c324946ce1884cae603d6f4aa055ac8c`
SHA1	`cab3203eedd68ad0cea45ee47b1d7866bb208b9a`
SHA256	`61d9e6520ef1b93e440f9c235baca40cac8a44cd938a93019acb62f220d02cb9`
SHA3	`e727ea3958170dc0f6d6ceb95fd01f78ecb72e1a27df89d7d18143e9e82d9fd3`
VirtualSize	`0xb000`
VirtualAddress	`0x120000`
SizeOfRawData	`0xb000`
PointerToRawData	`0x120000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.aspack

MD5	`3abefe10e37dca807b2fb74ee3559d95`
SHA1	`507e3f437421a4716355c45c5b2d874b6906c16c`
SHA256	`e62255c0d15063b87754e6c087e315f90d90ca9be6aa8b8007e1f2d657487607`
SHA3	`44f6f3549e038126909a4526469bf9f9b5107eb628382fa28175f90ea38baf6b`
VirtualSize	`0x2000`
VirtualAddress	`0x12b000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x12b000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.75644`

Imports

KERNEL32.dll	`lstrlenA` `GlobalMemoryStatus` `GetCommandLineA` `GetModuleHandleA` `GetVersion` `GetProcAddress` `CopyFileA` `LoadLibraryA` `SetErrorMode` `FreeLibrary` `GlobalAlloc` `GlobalFree` `InterlockedExchange` `FindNextFileA` `CompareFileTime` `DeleteFileA` `MoveFileA` `CreateDirectoryA` `FindFirstFileA` `FindClose` `Sleep` `GetTickCount` `HeapFree` `IsBadWritePtr` `GetEnvironmentVariableA` `GetCurrentProcess` `SetConsoleCtrlHandler` `SetEnvironmentVariableA` `CompareStringW` `CompareStringA` `IsBadCodePtr` `IsBadReadPtr` `SetEndOfFile` `SetStdHandle` `FlushFileBuffers` `GetEnvironmentStringsW` `GetEnvironmentStrings` `FreeEnvironmentStringsW` `GetStartupInfoA` `GetFileAttributesA` `FileTimeToSystemTime` `FileTimeToLocalFileTime` `GetCurrentThreadId` `GetModuleFileNameA` `SetConsoleTitleA` `GetConsoleScreenBufferInfo` `GetStdHandle` `GetVersionExA` `GetSystemInfo` `GetCurrentProcessId` `MultiByteToWideChar` `RtlUnwind` `HeapReAlloc` `HeapAlloc` `ExitProcess` `TerminateProcess` `UnhandledExceptionFilter` `RaiseException` `GetLastError` `GetTimeZoneInformation` `GetSystemTime` `GetLocalTime` `VirtualFree` `VirtualAlloc` `CloseHandle` `WriteFile` `ReadFile` `SetFilePointer` `SetHandleCount` `GetFileType` `CreateFileA` `WideCharToMultiByte` `LCMapStringA` `LCMapStringW` `SetUnhandledExceptionFilter` `HeapSize` `FreeEnvironmentStringsA` `HeapDestroy` `HeapCreate` `GetStringTypeA` `GetStringTypeW` `GetCPInfo` `GetACP` `GetOEMCP`
USER32.dll	`PeekMessageA` `GetMessageA` `ClientToScreen` `EndPaint` `ToAscii` `GetActiveWindow` `MessageBoxA` `DispatchMessageA` `TranslateMessage` `DestroyWindow` `FindWindowA` `CreateWindowExA` `UnregisterClassA` `RegisterClassA` `ShowWindow` `InvalidateRect` `SetFocus` `SetWindowsHookExA` `ClipCursor` `UnhookWindowsHookEx` `SetCursorPos` `CallNextHookEx` `GetKeyboardState` `SendMessageA` `FillRect` `BeginPaint` `DefWindowProcA` `SetCursor` `GetClientRect` `SetWindowPos` `GetSystemMetrics` `SetForegroundWindow`
ADVAPI32.dll	`RegOpenKeyExA` `RegOpenKeyA` `RegSetValueExA` `RegCloseKey` `RegCreateKeyExA` `RegQueryValueExA`
WINMM.dll	`timeKillEvent` `timeSetEvent` `mmioOpenA` `mmioClose` `mmioAscend` `mmioRead` `mmioDescend` `mmioSeek` `mmioSetInfo` `mmioAdvance` `mmioGetInfo` `timeGetTime`
DSOUND.dll	`#1`
GDI32.dll	`DeleteObject` `SelectObject` `CreateSolidBrush`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x4f643850`
Unmarked objects	`0`
12 (7291)	`2`
14 (7299)	`37`
C objects (8047)	`139`
C++ objects (8047)	`19`
C++ objects (VS98 build 8168)	`20`
48 (9044)	`62`
Unmarked objects (#2)	`4`
19 (8034)	`13`
Total imports	`138`
49 (9044)	`140`

Errors

[!] Error: Could not read a COFF symbol.
[!] Error: Could not read PDB file information of invalid magic number.