bf83c461d5fbdc798a72af2e793197d2

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2020-May-10 16:52:12
Detected languages English - United States
TLS Callbacks 1 callback(s) detected.
Debug artifacts C:\Users\Ilya\Projects\sdmmlauncher\target\release\deps\sdmmlauncher.pdb
FileVersion 1.1.0
ProductVersion 1.1.0
ProductName sdmmlauncher

Plugin Output

Info Interesting strings found in the binary: Contains domain names:
  • api.github.com
  • github.com
  • https://api.github.com
  • https://api.github.com/repos/
  • https://github.com
  • https://spair.github.io
  • https://spair.github.io/StrongDMM/version.txtremote
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
 Functions which can be used for anti-debugging purposes:
  • SwitchToThread
 Can access the registry:
  • RegOpenKeyExW
  • RegQueryValueExW
  • RegCloseKey
 Possibly launches other programs:
  • CreateProcessW
 Can create temporary files:
  • GetTempPathW
  • CreateFileW
 Leverages the raw socket API to access the Internet:
  • WSAGetLastError
  • getpeername
  • WSAIoctl
  • WSASocketW
  • shutdown
  • ioctlsocket
  • getsockopt
  • getaddrinfo
  • freeaddrinfo
  • WSAStartup
  • WSACleanup
  • recv
  • WSASend
  • WSARecv
  • setsockopt
  • WSAGetOverlappedResult
  • closesocket
  • bind
 Interacts with the certificate store:
  • CertAddCertificateContextToStore
  • CertOpenStore
Safe VirusTotal score: 0/69 (Scanned on 2021-03-23 18:16:31) All the AVs think this file is safe.

Hashes

MD5 bf83c461d5fbdc798a72af2e793197d2
SHA1 4e8f146e3519170e790ed4198c59e25d878cff2b
SHA256 c587b4c5d6c0d4d225b107027b55813863ad284153279731f072d6f0cd979554
SHA3 4faaafb0df2ac41704e270bd34cd5d77080f66365d7f9c5a8abde88e4e8a23ac
SSDeep 49152:Tw6h/8pY3M9gVVzjkCVgXdS3PmJFANBX6Uu9xvyTJm5o:Twk8pY3TVgg/egsKT4
Imports Hash 2f497425899eb3734aff343a5f27dbfb

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2020-May-10 16:52:12
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x28d200
SizeOfInitializedData 0x10be00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0028D5BF (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x28f000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x39d000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 f6565f9f9d438b6cb41e99928588d1e8
SHA1 835d3d85f8a417dda113628478395291d5a5b152
SHA256 56d558d40f474b94661d16cce1aa05d3ce8e602464c584b707def2f1b5ce1a79
SHA3 a7a4814f56868cc278fcb9c0f23fad34d52ed0affa9e12637c14365f2a43c381
VirtualSize 0x28d1bb
VirtualAddress 0x1000
SizeOfRawData 0x28d200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.37099

.rdata

MD5 e301be7870e1a00189c5afe9f00afeb9
SHA1 8580b89da77e339d880c52087fa523dd1eb209e7
SHA256 2980416e865192fbedc0415b49b451a7e332085830b64be6796f32e3c83211f7
SHA3 b8147f84f150b447cee0369f021f32debb8b9f611b45d6b84c8fbfac11c4d594
VirtualSize 0xed300
VirtualAddress 0x28f000
SizeOfRawData 0xed400
PointerToRawData 0x28d600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.58202

.data

MD5 34c982449142cde66bc76396c2732adb
SHA1 5ebc076d4b1f4cf77b4fcf9a3483959910f39be8
SHA256 0afe6d9b98cb8ccbab694a4cf4917a5e690dd51e9c9264a7e40c3074b98f73cf
SHA3 d7b406c1d0a2330eab5cbca6f9be83bdc1d9d5e769fe7f2ac83cf17d2ab3881e
VirtualSize 0x136c
VirtualAddress 0x37d000
SizeOfRawData 0xe00
PointerToRawData 0x37aa00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.2078

.rsrc

MD5 0f4e2419ba55c02acf551454660f4043
SHA1 765ba051fcf79b65e816f4dddb5ed828d03efcce
SHA256 3244eb25c3258f1cdb0a6c078bdd0a0f112f347db6971b2900493802141b80b8
SHA3 08c8c560dd575258392cb2407a7adb4134a2caad163f475d274a314c45b55e3d
VirtualSize 0x1f00
VirtualAddress 0x37f000
SizeOfRawData 0x2000
PointerToRawData 0x37b800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.5779

.reloc

MD5 e7b9dececf8a2508b248383947cac24f
SHA1 1129dc543e12000b0c1df1fe91a160d1fa3d81fc
SHA256 43bddeae4b76e8a3ffb42f42767adc05a5e84aa70eac54ba4291b45fa3437c7b
SHA3 c52cd7041955d1c37f71c84d9cae03340e388398adb54891ac7321f908e69815
VirtualSize 0x1b4a4
VirtualAddress 0x381000
SizeOfRawData 0x1b600
PointerToRawData 0x37d800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.61285

Imports

ADVAPI32.dll RegOpenKeyExW
RegQueryValueExW
RegCloseKey
SystemFunction036
WS2_32.dll WSAGetLastError
getpeername
WSAIoctl
WSASocketW
shutdown
ioctlsocket
getsockopt
getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup
recv
WSASend
WSARecv
setsockopt
WSAGetOverlappedResult
closesocket
bind
KERNEL32.dll UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
ReadFile
GetLastError
GetProcessHeap
HeapFree
CloseHandle
HeapAlloc
SetLastError
GetTempPathW
TlsGetValue
TlsSetValue
HeapReAlloc
WaitForSingleObjectEx
LoadLibraryA
GetProcAddress
GetCurrentProcess
CreateMutexA
ReleaseMutex
GetStdHandle
GetFileInformationByHandleEx
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
DeleteCriticalSection
GetConsoleMode
FillConsoleOutputCharacterA
FillConsoleOutputAttribute
SetConsoleMode
SwitchToThread
IsDebuggerPresent
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
CreateIoCompletionPort
SetFileCompletionNotificationModes
SetHandleInformation
SetFileInformationByHandle
FindClose
WaitForSingleObject
SetFilePointerEx
WriteFile
AddVectoredExceptionHandler
GetModuleFileNameW
lstrlenW
GetEnvironmentStringsW
FreeEnvironmentStringsW
RemoveDirectoryW
CreateProcessW
ReadConsoleW
TlsAlloc
GetModuleHandleW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetEnvironmentVariableW
WriteConsoleW
GetCurrentThread
RtlCaptureContext
GetCurrentDirectoryW
FormatMessageW
CreateFileW
GetFileInformationByHandle
DeviceIoControl
FindNextFileW
CreateDirectoryW
FindFirstFileW
GetCurrentProcessId
CreateNamedPipeW
DuplicateHandle
ExitProcess
QueryPerformanceCounter
QueryPerformanceFrequency
MoveFileExW
DeleteFileW
SetFileAttributesW
CreateThread
GetFinalPathNameByHandleW
TryEnterCriticalSection
GetSystemInfo
SetConsoleTextAttribute
CancelIoEx
CRYPT32.dll CertFreeCertificateContext
CertCloseStore
CertFreeCertificateChain
CertDuplicateStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertAddCertificateContextToStore
CertGetCertificateChain
CertDuplicateCertificateChain
CertOpenStore
CertVerifyCertificateChainPolicy
ole32.dll CoTaskMemFree
Secur32.dll ApplyControlToken
EncryptMessage
InitializeSecurityContextW
AcquireCredentialsHandleA
AcceptSecurityContext
QueryContextAttributesW
DeleteSecurityContext
FreeCredentialsHandle
FreeContextBuffer
DecryptMessage
SHELL32.dll SHGetKnownFolderPath
VCRUNTIME140.dll memmove
_CxxThrowException
__CxxFrameHandler3
memset
memcmp
__current_exception
__current_exception_context
_except_handler4_common
memcpy
api-ms-win-crt-math-l1-1-0.dll __setusermatherr
trunc
api-ms-win-crt-heap-l1-1-0.dll malloc
_set_new_mode
free
api-ms-win-crt-runtime-l1-1-0.dll _cexit
_c_exit
_register_thread_local_exe_atexit_callback
__p___argc
_exit
exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_controlfp_s
terminate
__p___argv
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_set_app_type
_configure_narrow_argv
_seh_filter_exe
api-ms-win-crt-stdio-l1-1-0.dll _set_fmode
__p__commode
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x1c80
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.89074
Detected Filetype PNG graphic file
MD5 16e88b29146d200645c7d95f1a986088
SHA1 8c6a0a3c4982f6ea4115f617fb14930ca0fa940e
SHA256 1e3bdc263d659f9b033f4f452d4f3526769918c1c247144f3b6b602386b1fbac
SHA3 6836ad1ca8e98240e9ed78175d5f4983891757aa5ea8e44ac895e356caf85e16

1 (#2)

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.51664
Detected Filetype Icon file
MD5 4f551013dd5e36cf32aafaadefc7d20a
SHA1 63ce54519f1d4f67d5d4516ed91bc19ddbc7a520
SHA256 cb654d37678ebcfe03cb9641947ddcf9d19f663c9cc13256398506faefd417d9
SHA3 c19ca14c131c5db0b32b274d58f6a6239704f63c715fdfdcda3cf63e51d142f3

1 (#3)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x174
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.07124
MD5 b2d4e45efe1f5cbfc6cda62ad7aa08aa
SHA1 9297b95d5153ef059513f4edab726fddea61fc07
SHA256 9a2c0a07f17c3a51f3ba911c470d94f54e75c21a7d03a7a5bea718c5e3768d04
SHA3 56d183d8627aa5dc366ef133363103c0aa904f71c5265c9c18a0c2c70690143a

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.1.0.0
ProductVersion 1.1.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
FileVersion (#2) 1.1.0
ProductVersion (#2) 1.1.0
ProductName sdmmlauncher
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2020-May-10 16:52:12
Version 0.0
SizeofData 97
AddressOfRawData 0x35e018
PointerToRawData 0x35c618
Referenced File C:\Users\Ilya\Projects\sdmmlauncher\target\release\deps\sdmmlauncher.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2020-May-10 16:52:12
Version 0.0
SizeofData 20
AddressOfRawData 0x35e07c
PointerToRawData 0x35c67c

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2020-May-10 16:52:12
Version 0.0
SizeofData 780
AddressOfRawData 0x35e090
PointerToRawData 0x35c690

TLS Callbacks

StartAddressOfRawData 0x75e3ac
EndAddressOfRawData 0x75e3ad
AddressOfIndex 0x77dffc
AddressOfCallbacks 0x68f2f0
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_1BYTES
Callbacks 0x00639630

Load Configuration

Size 0xb8
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x77dd28
SEHandlerTable 0x75c7b0
SEHandlerCount 1562

RICH Header

XOR Key 0xaf6bae1e
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 10
Imports (VS 2015/2017/2019 runtime 28427) 2
C++ objects (VS 2015/2017/2019 runtime 28427) 24
C objects (VS 2015/2017/2019 runtime 28427) 12
ASM objects (VS 2015/2017/2019 runtime 28427) 6
Imports (26715) 15
Total imports 171
C objects (VS2019 Update 5 (16.5.2-3) compiler 28612) 7
Unmarked objects (#2) 3
Resource objects (VS2019 Update 5 (16.5.2-3) compiler 28612) 1
Linker (VS2019 Update 5 (16.5.2-3) compiler 28612) 1

Errors

<-- -->