Manalyze report for bc1f760a967fd2206c6c25631ba28a16

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Sep-30 22:27:23
Detected languages	English - United States
FileVersion	`1.0.0.0`
ProductVersion	`1.0.0.0`

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .didata` `Unusual section name found: .ffs0` `Unusual section name found: .ffs1` `Unusual section name found: .ffs2` `Unusual section name found: .ffs3`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Functions which can be used for anti-debugging purposes: NtQueryInformationProcess` `Can access the registry: RegSetValueExW` `Has Internet access capabilities: WinHttpGetIEProxyConfigForCurrentUser` `Queries user information on remote machines: NetWkstaGetInfo`
Info	The PE's resources present abnormal characteristics.	`The binary may have been compiled on a machine in the UTC+2 timezone.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`bc1f760a967fd2206c6c25631ba28a16`
SHA1	`6a5334aa47c30ad2cdda7a99454c261b4caa2816`
SHA256	`5c25a9eaca6365aeb8771ed83ca95b13d82be1743c7ce460c43d6a47906e085c`
SHA3	`ea21ce8c3d345883d9faae1f5f34c93dec98a3eeaa9375e003f251902882958c`
SSDeep	`393216:aEWyNXXn+VzVm95Tg7WTSD5XwtuVABJg:aENH+VzVm95EDXPABJg`
Imports Hash	`1b9d3523c0ee33aba8f23b475192665b`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`14`
TimeDateStamp	2024-Sep-30 22:27:23
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`8.2`
SizeOfCode	`0x76b400`
SizeOfInitializedData	`0x299800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000001107CE4 (Section: .ffs3)`
BaseOfCode	`0x1000`
ImageBase	`0x500000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`5.2`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x1cfc000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x2000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x76b288`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.data

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x9ee48`
VirtualAddress	`0x76d000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x244d4`
VirtualAddress	`0x80c000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x655a`
VirtualAddress	`0x831000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.didata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x1470`
VirtualAddress	`0x838000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.edata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x95`
VirtualAddress	`0x83a000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.tls

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x828`
VirtualAddress	`0x83b000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rdata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x6d`
VirtualAddress	`0x83c000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.ffs0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x517d4`
VirtualAddress	`0x83d000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.pdata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x5c67c`
VirtualAddress	`0x88f000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.ffs1

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x6fe2a3`
VirtualAddress	`0x8ec000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.ffs2

MD5	`9496c71090f42780f236d625a12d9412`
SHA1	`0ceba56007a4ded823ac0269600862624c1f4d49`
SHA256	`48ed402b796a7b12d013c473da0bca490969e45b65f3f784c94e7f7646ac9881`
SHA3	`0b87238abb3629469b200d1b8709f87aeddce125ce08a370f67278610cba903a`
VirtualSize	`0x2690`
VirtualAddress	`0xfeb000`
SizeOfRawData	`0x2800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`0.151724`

.ffs3

MD5	`4e9837a1f76202866d0cf5cf8d068023`
SHA1	`e3b0e0c426ae05881fcc45d34d8a5f99f179695b`
SHA256	`6a311f7419c817028557d904bc98867dbbdac285f5fe0b4dbf1c9ac949a2f89b`
SHA3	`55b96b8a0928a8f67ae54f4cdf5c58a96d84f40724ee385db865495ed3bb79d1`
VirtualSize	`0xcf2028`
VirtualAddress	`0xfee000`
SizeOfRawData	`0xcf2200`
PointerToRawData	`0x2c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`7.93185`

.rsrc

MD5	`92f873fa9f8cde332f06c455334ef9eb`
SHA1	`89913a22f12b16c7e635bf9aca9ddc037236f839`
SHA256	`e3064a7a816a4323858c80c0c5273b1d46d4fc62f1859baee8ecb677e32b2a80`
SHA3	`64da0a5d14d8dcecad28d5e1ab60908c8b7ab5203e6c574366bafa2db56489fa`
VirtualSize	`0x1a281`
VirtualAddress	`0x1ce1000`
SizeOfRawData	`0x1a400`
PointerToRawData	`0xcf4e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.43366`

Imports

DWrite.dll	`DWriteCreateFactory`
winmm.dll	`timeEndPeriod`
winspool.drv	`DocumentPropertiesW`
comdlg32.dll	`FindTextW`
comctl32.dll	`ImageList_GetImageInfo`
shell32.dll	`SHGetMalloc`
user32.dll	`CopyImage`
version.dll	`GetFileVersionInfoSizeW`
oleaut32.dll	`SysFreeString`
advapi32.dll	`RegSetValueExW`
netapi32.dll	`NetWkstaGetInfo`
msvcrt.dll	`memcpy`
winhttp.dll	`WinHttpGetIEProxyConfigForCurrentUser`
C:\windows\system32\dbghelp.dll	`SymSetOptions`
kernel32.dll	`GetVersionExA` `GetVersion` `GetVersionExW`
d2d1.dll	`D2D1CreateFactory`
wsock32.dll	`htons`
ole32.dll	`IsEqualGUID`
gdi32.dll	`Pie`
ntdll	`RtlCaptureContext`
ntdll.dll	`NtQueryInformationProcess`
kernel32.dll (#2)	`GetVersionExA` `GetVersion` `GetVersionExW`
kernel32.dll (#3)	`GetVersionExA` `GetVersion` `GetVersionExW`
kernel32.dll (delay-loaded)	`GetVersionExA` `GetVersion` `GetVersionExW`

Delayed Imports

Attributes	`0x1`
Name	`kernel32.dll`
ModuleHandle	`0x8381e0`
DelayImportAddressTable	`0x838258`
DelayImportNameTable	`0x1029428`
BoundDelayImportTable	`0x838818`
UnloadDelayImportTable	`0x838a88`
TimeStamp	`1970-Jan-01 00:00:00`

dbkFCallWrapperAddr

Ordinal	`1`
Address	`0x812298`

__dbk_fcall_wrapper

Ordinal	`2`
Address	`0x1c6e0`

TMethodImplementationIntercept

Ordinal	`3`
Address	`0x14d570`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x122f`
TimeDateStamp	2024-Oct-01 00:27:24
Entropy	`7.68274`
Detected Filetype	PNG graphic file
MD5	`5ac7c43377cb234b2f7a5758308ad0ac`
SHA1	`703e53fad897199572d49c30cd1febd5825095d5`
SHA256	`4f8c729d6eaeec942672df870b71390e6c71d3b7128d1afabf0711eaf076094f`
SHA3	`1d050351cfd88433d7c51af0e708fc66956f6036f27f52b081da9ddf0b984208`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	2024-Oct-01 00:27:24
Entropy	`2.76299`
MD5	`28f9f8832587b37e8a4f406cfe6a0501`
SHA1	`d7ad28200679c8434d791d0fbf8a34edf6d1e139`
SHA256	`70343fabbc866a853ef0af16abd9768138180f3f152378c5e4c3c99a3d15365d`
SHA3	`70cd07c3f906b88b66dbd3ae52dab8d3c30569279e6513abd07232a2f5903b54`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	2024-Oct-01 00:27:24
Entropy	`2.91341`
MD5	`bb063e5c1e88b5dda265506e42296420`
SHA1	`2a1a7209d146a4a12027155fa95fbe89d004fc78`
SHA256	`2e0507d422d684db3c74b6b84b1d86d95c14dd0c54995f9f4d5302d1677bed82`
SHA3	`0432aaac87c43a58aceafcbc8b815897c0581de4438a873599b62c72b384ca40`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	2024-Oct-01 00:27:24
Entropy	`3.03194`
MD5	`3e8d56b54691bd1cc6c47d8fe101a4ac`
SHA1	`29af098988fde14ca8a93f9a6bb8c8573647c015`
SHA256	`f563ed35af9d1c4995db353fb15866e91b638964a3acd70781b227a476f41043`
SHA3	`5c7fa611558fd98ed60a10c7c5e803278d87971a5453e95db79811c1c9df4bb5`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	2024-Oct-01 00:27:24
Entropy	`3.1571`
MD5	`b23d573e36046489fd778c73ee614627`
SHA1	`477dc287a72bf9a485a346a152693ecef807b3d8`
SHA256	`44faa6049699ef1bc3f9f347a00edb28948c4aac0b106a0efd47520cc13ba7d4`
SHA3	`865c9edb963df2455cdee9c1af822a9e1224887bac602388e18e8ef9bcbd4ba9`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	2024-Oct-01 00:27:24
Entropy	`3.41015`
MD5	`7e011f431c237cae83c0f7fc05000e5e`
SHA1	`d1b7072221e6ef20677074e6ee3b6b65ef6cef0d`
SHA256	`306ee8c052185b29048a35e82587099ab56686b150e3ad81f353edec65a4b048`
SHA3	`1db99f7262816ede83021300cf1096fc0264061166316a1114f531a70ac2d123`

MAINICON

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	2024-Oct-01 00:27:24
Entropy	`2.79908`
Detected Filetype	Icon file
MD5	`e45b447154182d631b0a58a631114de2`
SHA1	`f36223e4308f3b54dba7a644e7d6cd46c2d87ff8`
SHA256	`264b1aee638f74dd26e6440c4f854425b0c8676fa4494f86836323dc3c6b2ab2`
SHA3	`075ca32d544f01d66139e594c1450d86ff512115caf427fe8ae805f01a5f6756`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x140`
TimeDateStamp	2024-Oct-01 00:27:24
Entropy	`3.08884`
MD5	`1ec6fcdcd331620d1104636a505f3972`
SHA1	`1355c698a07bb00aa94122766bd2747b0d74da6e`
SHA256	`c4fac33237e25b6b32fb2d67c0c1adc3bbbc89e9ba8bc0cbfe8b174bf0d6e286`
SHA3	`89502483661fbf70f465184f9f831624201b57a9c8aaee29d7fc44bac728c08e`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x771`
TimeDateStamp	2024-Oct-01 00:27:24
Entropy	`5.26812`
MD5	`22defbf3c97155d0d2cd585f11f7e27c`
SHA1	`b0e92d9024779c52da85beea5dd440d687557485`
SHA256	`434fb3579f238e613feee0a3fb0bfec4b9f5adc9344dda6c4ff38b5dbc699422`
SHA3	`dd8319d0273c7cedd15bc213aae53fd1b782d820193a19a0aa8eeb13d006aa22`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.9039.816
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
FileVersion (#2)	1.0.0.0
ProductVersion (#2)	1.0.0.0

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not reach the TLS callback table.
[*] Warning: Section .text has a size of 0!
[*] Warning: Section .data has a size of 0!
[*] Warning: Section .bss has a size of 0!
[*] Warning: Section .idata has a size of 0!
[*] Warning: Section .didata has a size of 0!
[*] Warning: Section .edata has a size of 0!
[*] Warning: Section .tls has a size of 0!
[*] Warning: Section .rdata has a size of 0!
[*] Warning: Section .ffs0 has a size of 0!
[*] Warning: Section .pdata has a size of 0!
[*] Warning: Section .ffs1 has a size of 0!