Manalyze report for b8a97c611fbd204f49005cb2ca32b409

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2017-May-10 18:29:54
Detected languages	English - United States
Debug artifacts	C:\Users\Inode Firewall\OneDrive\Documents\Présentations\SEC102\2017\PGSE\SEC102_Laura\bin\Debug\proclist.pdb

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	The PE contains functions most legitimate programs don't use.	`Manipulates other processes: OpenProcess`
Safe	VirusTotal score: 0/72 (Scanned on 2020-05-14 14:25:07)	`All the AVs think this file is safe.`

Hashes

MD5	`b8a97c611fbd204f49005cb2ca32b409`
SHA1	`7226af6ad5b709b081dc3c923216802ba20447db`
SHA256	`0ff7a847645d05c35b9e8d7d7b5fb3792385e472a7c34661c64be7e9412ac543`
SHA3	`841b1651916eebaf84c648a5617e24126133576fbb1db38794d4fa6c99c6ee80`
SSDeep	`384:JF4Q5SNwXV532rqDRgsPDqzyFCbNdVRTDYIjbisYpHtA3a3Cvv7x3tzb:JFN5HD2rqVgsPDqzyFMtYpNAqyvv7x`
Imports Hash	`5f26b65b1d7bd7c0f7675d7151359837`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	2017-May-10 18:29:54
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x5200`
SizeOfInitializedData	`0x4600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000102D (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x7000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x10000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`81ab63ea8b946f48f8a2eb32b0522047`
SHA1	`5301f2c166f9fb532e6261775b23c3fa4815ec87`
SHA256	`fb878ad0355718cb093a8792f605b080f692c38e2c97222282262458096a3c32`
SHA3	`e2fb90d20defb12bbfb1217940f4391cd9095c8562f69c948f09dbeb68287201`
VirtualSize	`0x50f7`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`4.72059`

.rdata

MD5	`39190675c1808edf65310e48d39b7320`
SHA1	`11122a41d864be73c13b53763d945d8cbcdae3c8`
SHA256	`28394f180cfa5b24eb1ddc6598a2430279d6b3f58ba46be8b8399fb7569bee60`
SHA3	`0377e789763a7d66859428fb66259b9bbae649661527a31fb0cc2dc94dbc40b1`
VirtualSize	`0x2135`
VirtualAddress	`0x7000`
SizeOfRawData	`0x2200`
PointerToRawData	`0x5600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.95588`

.data

MD5	`f568234f6971b04996cec3469728e562`
SHA1	`6491bc8cc41eafc6c9f1f869467a80a2412d4229`
SHA256	`fa63727d3cfe581180d11ac527786f42f0cc07cb2a7a9647b0f7f16633a25afb`
SHA3	`431c44b3df0b968bfe48b214274117ec10826960b9065cacbba8b8cccc160b6a`
VirtualSize	`0x71c`
VirtualAddress	`0xa000`
SizeOfRawData	`0x400`
PointerToRawData	`0x7800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.28068`

.idata

MD5	`dd2630b78040828649d989db8223f71b`
SHA1	`329ebdb845bedc0a2f1d393e048b71da7d8f282e`
SHA256	`46c1d532c600f918b7d95f92cc30ab0b0aef768cb75f9cd3b0547dd488a3d1dd`
SHA3	`ed9981061efd650544331eee8afe43c91dc743b739a54447c12e8c8116d4d56e`
VirtualSize	`0xbea`
VirtualAddress	`0xb000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x7c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.2964`

.gfids

MD5	`96069875f941840e876cbffd348cce91`
SHA1	`4af701989984a91f1759292d157dc8703e5f6862`
SHA256	`9ff01324f9f671882e0ec39acff5b79bc791976b6da405153f620c7ef9252982`
SHA3	`5dc2194c26d91d3e8193b1fdf2656cc5a7bb317cfe9e3754b66f06dfa20b6cdd`
VirtualSize	`0x13a`
VirtualAddress	`0xc000`
SizeOfRawData	`0x200`
PointerToRawData	`0x8800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.214733`

.00cfg

MD5	`ee40dcf3eb5f58db4568d4b26b72fd13`
SHA1	`8ca7afae8ab6842288f7b9a1cce6d2c8aa4458e2`
SHA256	`a9460e51947343d55a327282a7497c161309b33c7e54a266283e030393e8e555`
SHA3	`e43936fa5187a751ba4655ca3aa602b7f027e1097b452b2333071c482d1a47b0`
VirtualSize	`0x104`
VirtualAddress	`0xd000`
SizeOfRawData	`0x200`
PointerToRawData	`0x8a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.0611629`

.rsrc

MD5	`303b3828e907aba1ef2b388f25ba9b5f`
SHA1	`dc8b3cd4ecc247ce69dfcd4094568bb0c3642734`
SHA256	`f53e342e145f575f43dae0905ab37541480ae3115f6acaeee9276e4d2fd8c7c0`
SHA3	`797b27c50943dfb146bc7174e1a3c35ea9471ada92ef7b6f9e3fb66095b727f3`
VirtualSize	`0x43c`
VirtualAddress	`0xe000`
SizeOfRawData	`0x600`
PointerToRawData	`0x8c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.13542`

.reloc

MD5	`1624f02fdda21f8a3c03cd5c9485fbb7`
SHA1	`0e0cd4ef9020d51cd8704bcc4b6fd9cafdaed66e`
SHA256	`4e800c2000369d58b969b1ea17452592da50ab5a66493322090ca77164daf714`
SHA3	`6e8ef2b94da363d1bcb978c1cb31a6fca0471265709fb1cf9682698488a72b25`
VirtualSize	`0x4ce`
VirtualAddress	`0xf000`
SizeOfRawData	`0x600`
PointerToRawData	`0x9200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.6437`

Imports

KERNEL32.dll	`GetStdHandle` `CloseHandle` `OpenProcess` `ReadConsoleA` `K32EnumProcesses` `K32EnumProcessModulesEx` `K32GetModuleBaseNameA` `K32GetModuleFileNameExA` `K32GetModuleInformation` `K32GetProcessImageFileNameA` `FreeLibrary` `VirtualQuery` `GetProcessHeap` `HeapFree` `HeapAlloc` `GetLastError` `GetModuleHandleW` `GetStartupInfoW` `InitializeSListHead` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `GetCurrentProcessId` `QueryPerformanceCounter` `IsProcessorFeaturePresent` `TerminateProcess` `GetCurrentProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `WideCharToMultiByte` `MultiByteToWideChar` `RaiseException` `IsDebuggerPresent` `GetProcAddress`
VCRUNTIME140D.dll	`memset` `_except_handler4_common` `__vcrt_GetModuleFileNameW` `__vcrt_GetModuleHandleW` `__vcrt_LoadLibraryExW` `__std_type_info_destroy_list`
ucrtbased.dll	`_configthreadlocale` `_set_new_mode` `__p__commode` `__stdio_common_vsprintf_s` `_seh_filter_dll` `_initialize_onexit_table` `_register_onexit_function` `_execute_onexit_table` `_crt_atexit` `_crt_at_quick_exit` `_controlfp_s` `terminate` `_wmakepath_s` `_wsplitpath_s` `wcscpy_s` `exit` `_initterm_e` `_initterm` `_get_initial_narrow_environment` `_initialize_narrow_environment` `_configure_narrow_argv` `__setusermatherr` `_set_app_type` `_seh_filter_exe` `_CrtDbgReportW` `_CrtDbgReport` `__stdio_common_vfprintf` `__acrt_iob_func` `realloc` `malloc` `free` `_c_exit` `_cexit` `__p___argv` `__p___argc` `_set_fmode` `_exit` `_register_thread_local_exe_atexit_callback`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2017-May-10 18:29:54
Version	`0.0`
SizeofData	`135`
AddressOfRawData	`0x87d4`
PointerToRawData	`0x6dd4`
Referenced File	C:\Users\Inode Firewall\OneDrive\Documents\Présentations\SEC102\2017\PGSE\SEC102_Laura\bin\Debug\proclist.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2017-May-10 18:29:54
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x885c`
PointerToRawData	`0x6e5c`

TLS Callbacks

Load Configuration

Size	`0x5c`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x40a174`
SEHandlerTable	`0x4086d0`
SEHandlerCount	`1`

RICH Header

XOR Key	`0x67cdf58a`
Unmarked objects	`0`
239 (40116)	`2`
Imports (VS2015 UPD3 build 24123)	`2`
ASM objects (VS2015 UPD3 build 24123)	`1`
C++ objects (VS2015 UPD3 build 24123)	`23`
C objects (VS2015 UPD3 build 24123)	`13`
Imports (65501)	`3`
Total imports	`77`
C objects (VS2015 UPD3.1 build 24215)	`1`
Resource objects (VS2015 UPD3 build 24210)	`1`
Linker (VS2015 UPD3.1 build 24215)	`1`

b8a97c611fbd204f49005cb2ca32b409

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.idata

.gfids

.00cfg

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

TLS Callbacks

Load Configuration

RICH Header

Errors