Manalyze report for bff49cdc708aac4ca7939f1ce55927f6

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2024-Jan-30 21:02:42
TLS Callbacks	2 callback(s) detected.
Debug artifacts	D:\git-sdk-64-full\usr\src\MINGW-packages\mingw-w64-openssl\src\build-MINGW32\engines\capi.pdb

Plugin Output

Info	Libraries used to perform cryptographic operations:	`Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found: /4` `Unusual section name found: .debug`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Uses Microsoft's cryptographic API: CRYPTO_free CRYPTO_get_ex_new_index CRYPTO_malloc CRYPTO_set_mem_functions CRYPTO_strdup CRYPTO_zalloc CryptAcquireContextW CryptCreateHash CryptDecrypt CryptDestroyHash CryptDestroyKey CryptEnumProvidersW CryptExportKey CryptGetProvParam CryptGetUserKey CryptReleaseContext CryptSetHashParam CryptSignHashW` `Interacts with the certificate store: CertOpenStore`
Safe	VirusTotal score: 0/72 (Scanned on 2024-03-16 00:59:40)	`All the AVs think this file is safe.`

Hashes

MD5	`bff49cdc708aac4ca7939f1ce55927f6`
SHA1	`38134cb59a6c7a3a104c842eb9f2c53e13fa88a2`
SHA256	`b46dd3908a8063b3c2e5449da57769c4cb96fa1e8a66b53d576e115b24e060f2`
SHA3	`2313e8de2cf4dabcf625f6c0921703edde064f167f87df234ade8a8aeadc8e14`
SSDeep	`768:HwM3bg+a6g8e0J/FDtDWqSZ2bRcYURDWmI5Nlgrq/+myblKCUhvjWmguQkYa8wCT:BEZChE2mrzIYW5W`
Imports Hash	`92f31470f697bf99a8427c1e01cf19df`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`11`
TimeDateStamp	2024-Jan-30 21:02:42
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x6a00`
SizeOfInitializedData	`0xb200`
SizeOfUninitializedData	`0x200`
AddressOfEntryPoint	`0x000013B0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x8000`
ImageBase	`0x67980000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x14000`
SizeOfHeaders	`0x600`
Checksum	`0x2bd30`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`220250107d5d956fb2cbbb92481c761f`
SHA1	`fcb65981f6f10f93796e6084ff421bef6040a289`
SHA256	`a4772b19a5f746a76ebde1fe46853b94fd552165e60d8a0bbc66305371341171`
SHA3	`b52d7e1af280e56dbcf28b1b8b361baa7286272e9e7402a9684cc90f3023892a`
VirtualSize	`0x6964`
VirtualAddress	`0x1000`
SizeOfRawData	`0x6a00`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.79789`

.data

MD5	`25d53ba37970289d11da5658f6c9e14f`
SHA1	`8deeb06214464292657da365d8a7825a09808fe0`
SHA256	`a68d8af37c16e7ab20ff48dd8d74e7732f8afbf545a55ad00929e23c7deb9524`
SHA3	`aef268ff65b365b9105b6d1bb416e40a7bfccad77813921c56aff750b6091623`
VirtualSize	`0x160`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x7000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.69054`

.rdata

MD5	`5b54ae408243b2ad52a42565e7567c89`
SHA1	`fc36332a3d688da75221bda277a37a6c4ae07c20`
SHA256	`caeeba99b4b3f41299e255ac7c1c6f777cb6484d3699d658ebb44e3601365d8a`
SHA3	`e1f36b52b71c189436dff5c279bdb0fb9779e8a4ac0b5f113f58764cd4d71e7f`
VirtualSize	`0x11b8`
VirtualAddress	`0x9000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x7200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.21034`

/4

MD5	`a2ad9bf9d6aa98eeb6d54f77ba6de2ea`
SHA1	`47d2a4c9099c59ac8d30c05dce831316e09a5e0c`
SHA256	`2119962cc7c1d707ef1e5cdb84b7a5353ec618434744096a5bdd9e80534fe37f`
SHA3	`acaf637741bd5706684fd0b3fac6bf2f952b3bf577aecd4a7fc2aa3377b8e838`
VirtualSize	`0xf7c`
VirtualAddress	`0xb000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x8400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.92653`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xa0`
VirtualAddress	`0xc000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.edata

MD5	`9afbe261877ac44efae86a26c97d6731`
SHA1	`b1ce375006189f8de605a105c6e4d823f0fec0e3`
SHA256	`69147eac1c17a51fd55e0db2731e0614b3cae4eece270fb77cb9f7e6718afde1`
SHA3	`23257de556ecdedaa844617192589e5e5ec2026f7418e8c0114ec59ef7f5c046`
VirtualSize	`0x59`
VirtualAddress	`0xd000`
SizeOfRawData	`0x200`
PointerToRawData	`0x9400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.90522`

.idata

MD5	`4e2f4730238fcf17a392f8c0df13e58f`
SHA1	`3ad1a33b94543b04265a0fe0c0004d7cefd5ba24`
SHA256	`cf2b58fd121edf6af1e06d7e1f83e393442fec72eef337e5951765e2d80743e3`
SHA3	`11e4cc261efe8f2520e4b622dfb295037c7a9f63f89234f33662e5bb6172fd61`
VirtualSize	`0x1384`
VirtualAddress	`0xe000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x9600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.11364`

.CRT

MD5	`618c7485a31009b40743db8d0403d65e`
SHA1	`b8bb22d1472cd851946d30fa30aecc0a4de5b721`
SHA256	`86bb92259ffa8e1a9872af6971770351d40f7ae614c39ad0979ff708d9b58458`
SHA3	`ea46765e4cb1d8c78d3c863f3e68e0f6ba5efc79f90c3f843aab406e435290be`
VirtualSize	`0x2c`
VirtualAddress	`0x10000`
SizeOfRawData	`0x200`
PointerToRawData	`0xaa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.205446`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x8`
VirtualAddress	`0x11000`
SizeOfRawData	`0x200`
PointerToRawData	`0xac00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.reloc

MD5	`4d72815b8af6c786f73db51757bf1c57`
SHA1	`8c7b65e2e6834982cadb23505bf2a989ae233e1c`
SHA256	`56f429be898b107fd6499cdbe3990ac1fc04abc48de2eb7b623db54be6b877e2`
SHA3	`ca774d044da4068d1a4745e92a3e42558cfaf9940cca57cd2ca180ebe4eda9ef`
VirtualSize	`0x890`
VirtualAddress	`0x12000`
SizeOfRawData	`0xa00`
PointerToRawData	`0xae00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.20703`

.debug

MD5	`f973dc656d1dae2307f3633f90ab39cc`
SHA1	`9abcb2251c1b564b63dfd9771a94536606f2040d`
SHA256	`f1fb288388aa2d0873d9766957fd0779efff4b09395f2fd7d9d1c0f32c50d393`
SHA3	`be036f91f9827d9a9fa724b236f4aaf6e7c2a302d06507f52811e7edbbba8030`
VirtualSize	`0x200`
VirtualAddress	`0x13000`
SizeOfRawData	`0x9c`
PointerToRawData	`0xb800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.90218`

Imports

libcrypto-3.dll	`BIO_free` `BIO_new_file` `BIO_new_fp` `BIO_printf` `BIO_snprintf` `BIO_vprintf` `BN_bin2bn` `BN_free` `BN_new` `BN_set_word` `CRYPTO_free` `CRYPTO_get_ex_new_index` `CRYPTO_malloc` `CRYPTO_set_mem_functions` `CRYPTO_strdup` `CRYPTO_zalloc` `DSA_OpenSSL` `DSA_SIG_new` `DSA_SIG_set0` `DSA_free` `DSA_get0_engine` `DSA_get_ex_data` `DSA_meth_free` `DSA_meth_get_bn_mod_exp` `DSA_meth_get_mod_exp` `DSA_meth_get_verify` `DSA_meth_new` `DSA_meth_set_bn_mod_exp` `DSA_meth_set_finish` `DSA_meth_set_mod_exp` `DSA_meth_set_sign` `DSA_meth_set_verify` `DSA_new_method` `DSA_set0_key` `DSA_set0_pqg` `DSA_set_ex_data` `ENGINE_get_ex_data` `ENGINE_get_static_state` `ENGINE_set_DSA` `ENGINE_set_RSA` `ENGINE_set_cmd_defns` `ENGINE_set_ctrl_function` `ENGINE_set_destroy_function` `ENGINE_set_ex_data` `ENGINE_set_finish_function` `ENGINE_set_flags` `ENGINE_set_id` `ENGINE_set_init_function` `ENGINE_set_load_privkey_function` `ENGINE_set_load_ssl_client_cert_function` `ENGINE_set_name` `ERR_add_error_data` `ERR_get_next_error_library` `ERR_load_strings` `ERR_new` `ERR_set_debug` `ERR_set_error` `ERR_unload_strings` `EVP_PKEY_assign` `EVP_PKEY_new` `OPENSSL_cleanse` `OPENSSL_init_crypto` `OPENSSL_sk_free` `OPENSSL_sk_new_null` `OPENSSL_sk_num` `OPENSSL_sk_push` `OPENSSL_sk_value` `PEM_write_bio_X509` `RSA_PKCS1_OpenSSL` `RSA_free` `RSA_get0_engine` `RSA_get_ex_data` `RSA_meth_free` `RSA_meth_get_bn_mod_exp` `RSA_meth_get_mod_exp` `RSA_meth_get_pub_dec` `RSA_meth_get_pub_enc` `RSA_meth_new` `RSA_meth_set_bn_mod_exp` `RSA_meth_set_finish` `RSA_meth_set_mod_exp` `RSA_meth_set_priv_dec` `RSA_meth_set_priv_enc` `RSA_meth_set_pub_dec` `RSA_meth_set_pub_enc` `RSA_meth_set_sign` `RSA_new_method` `RSA_set0_key` `RSA_set_ex_data` `RSA_size` `X509_NAME_cmp` `X509_NAME_print_ex` `X509_check_purpose` `X509_free` `X509_get_ex_data` `X509_get_issuer_name` `X509_get_subject_name` `X509_print_ex` `X509_set_ex_data` `d2i_X509`
ADVAPI32.dll	`CryptAcquireContextW` `CryptCreateHash` `CryptDecrypt` `CryptDestroyHash` `CryptDestroyKey` `CryptEnumProvidersW` `CryptExportKey` `CryptGetProvParam` `CryptGetUserKey` `CryptReleaseContext` `CryptSetHashParam` `CryptSignHashW`
CRYPT32.dll	`CertCloseStore` `CertDuplicateCertificateContext` `CertEnumCertificatesInStore` `CertFindCertificateInStore` `CertFreeCertificateContext` `CertGetCertificateContextProperty` `CertOpenStore`
KERNEL32.dll	`DeleteCriticalSection` `EnterCriticalSection` `FreeLibrary` `GetLastError` `GetModuleHandleA` `GetProcAddress` `InitializeCriticalSection` `LeaveCriticalSection` `LoadLibraryA` `MultiByteToWideChar` `Sleep` `TlsGetValue` `VirtualProtect` `VirtualQuery` `WideCharToMultiByte`
msvcrt.dll	`_amsg_exit` `_initterm` `_iob` `_lock` `_unlock` `abort` `calloc` `free` `fwrite` `memcpy` `realloc` `strcmp` `strlen` `strncmp` `vfprintf` `wcscmp` `wcslen`

Delayed Imports

bind_engine

Ordinal	`1`
Address	`0x5870`

v_check

Ordinal	`2`
Address	`0x5850`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`0.0`
SizeofData	`128`
AddressOfRawData	`0x13000`
PointerToRawData	`0xb800`
Referenced File	D:\git-sdk-64-full\usr\src\MINGW-packages\mingw-w64-openssl\src\build-MINGW32\engines\capi.pdb

TLS Callbacks

StartAddressOfRawData	`0x67991000`
EndAddressOfRawData	`0x67991004`
AddressOfIndex	`0x6798c058`
AddressOfCallbacks	`0x67990018`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x67986B20` `0x67986AD0`

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Section .bss has a size of 0!