Manalyze report for c3adababcbf6d340be9feb286b004da2

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2015-Jun-03 05:22:55
Detected languages	Chinese - PRC
Comments	http://wincdemu.sysprogs.org/
CompanyName	Sysprogs OU
FileDescription	Portable WinCDEmu
FileVersion	`4.0`
LegalCopyright	LGPL
LegalTrademarks	Sysprogs
OriginalFilename	PortableWinCDEmu.exe
ProductName	WinCDEmu
ProductVersion	`4.0`

Plugin Output

Suspicious	PEiD Signature:	`PECompact v2.xx`
Info	Interesting strings found in the binary:	`Contains domain names: http://wincdemu.sysprogs.org http://wincdemu.sysprogs.org/ sysprogs.org wincdemu.sysprogs.org`
Suspicious	The PE is possibly packed.	`Section .text is both writable and executable.` `Section .rsrc is both writable and executable.`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Can access the registry: RegDeleteKeyW`
Suspicious	The PE is possibly a dropper.	`Resource 32 is possibly compressed or encrypted.` `Resources amount for 85.2829% of the executable.`
Malicious	VirusTotal score: 5/69 (Scanned on 2020-09-27 10:30:38)	`Bkav: W32.AIDetectVM.malware1` `APEX: Malicious` `Invincea: Generic ML PUA (PUA)` `eGambit: Unsafe.AI_Score_99%` `BitDefenderTheta: Gen:NN.ZexaF.34254.qm0aa4R32Fdb`

Hashes

MD5	`c3adababcbf6d340be9feb286b004da2`
SHA1	`0cb4adbfc39c3967403b7fd91adfb35f364058b5`
SHA256	`78c29099125123ed81e74bb28367a4aee74b56714cd85c053962b68512495fe9`
SHA3	`7df0f4d1b80a094a3e7a41b25e717b0e8fb059990c3e3755ed9771b3dc226938`
SSDeep	`6144:ZPDLTArjAoKBl5QPM5zzS7zHaEH6KE/Z80HEIiRjNkL:ZPDXYAoKBXJGzHgFQNkL`
Imports Hash	`0b248de4daf5fae66aecfc4f8ce29bcc`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2015-Jun-03 05:22:55
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`10.0`
SizeOfCode	`0x1c600`
SizeOfInitializedData	`0x8ac00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0001216A (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x1e000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0xb6000`
SizeOfHeaders	`0x400`
Checksum	`0x49502`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`6f6ce476fb62a21d1d7c3ec0c417b079`
SHA1	`6f9b0d3b3d5a04bb05077d1e33751e32d97823db`
SHA256	`1e5af8834cd8e8a2779d56c183bad62ebfac3e38c23b6aafea13016c5d3c1c40`
SHA3	`cf2fc8e76732f1655d94ecdcc23fd06db4ef1ab474bfa8a307347c272b6b7299`
VirtualSize	`0xa9000`
VirtualAddress	`0x1000`
SizeOfRawData	`0x37c00`
PointerToRawData	`0x400`
PointerToRelocations	`0x32434550`
PointerToLineNumbers	`0x4f7e`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99878`

.rsrc

MD5	`ed235976d12a51663a9078cc8b8c1225`
SHA1	`5bfb46dc2788691a6616418969009b96dd209afc`
SHA256	`3bfbe25139c7d96c8009093236a2b67bce2f4dc22e845e7f9a9793b7bc72043a`
SHA3	`5e21a28ecd064c29b4cd834cd7fe99eb124e9919d696797efed02694be181bca`
VirtualSize	`0xb000`
VirtualAddress	`0xaa000`
SizeOfRawData	`0xa600`
PointerToRawData	`0x38000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.79545`

.reloc

MD5	`a83df8c3da35b02537dc7931bdee8311`
SHA1	`8454017d5a2159e9478a3ffa55d08d3e5b56d866`
SHA256	`82a79375f54c284d2ded8cbff37cd59895eb8cda7b5b3efce6faa27581c87014`
SHA3	`60240d080935c2f77921ea8313a536de09e4dfdc76fc10e00a707973fa53f622`
VirtualSize	`0x200`
VirtualAddress	`0xb5000`
SizeOfRawData	`0x200`
PointerToRawData	`0x42600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.293594`

Imports

kernel32.dll	`LoadLibraryA` `GetProcAddress` `VirtualAlloc` `VirtualFree`
USER32.dll	`DestroyWindow`
COMDLG32.dll	`GetSaveFileNameW`
ADVAPI32.dll	`RegDeleteKeyW`
SHELL32.dll	`CommandLineToArgvW`
ole32.dll	`CoTaskMemAlloc`
OLEAUT32.dll	`VarUI4FromStr`
COMCTL32.dll	`ImageList_ReplaceIcon`
SETUPAPI.dll	`SetupDiEnumDeviceInfo`

Delayed Imports

32

Type	`DRIVERFILE`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x2eb58`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.39177`
MD5	`f8b6dec0588b50d1bd0e416cb95764f4`
SHA1	`7f629abf15db240628e64990eabffcccd09e3bb2`
SHA256	`5756be1ad78ca50782a64a363b662ec76911fd46ebe43efa457406f0facc97f7`
SHA3	`426763c3a89261dd7168f01bc20f14c19ad58027b2dbfab5319ca7e400610520`

1

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0xca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.84916`
MD5	`4409fefc4ed218de767b05872baba0fd`
SHA1	`93be5a0c1dce30add7179054026dfd6fceb759d8`
SHA256	`343ba98c24118af365cc9b251b31f674bd269ad131b3178d459d892873fec667`
SHA3	`850ed57330de9f4ad6cc0287a9c53ce4969de23bf200b174aba1ac8e350b01fe`

2

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.37251`
MD5	`6c74e4ab12664d92b8bfcabe4a59690a`
SHA1	`79919cfcf2796df6c2fc4d453ea55c0229e1c674`
SHA256	`9d7e4fa95d0fd5efea1187e57c55f52ce9dc6d6dcdecc11f453c8745a0c2c11d`
SHA3	`78bf16f53809706858e36831745363d2ea7ad609aedf42aa5cec69227e1d3f4d`

3

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.45052`
MD5	`2d023d6a36e2911448cfba2e156b4df8`
SHA1	`a051fada5c9063851de458ad24ade9d649d69b76`
SHA256	`a2ad5c56537048040e4d9c11ac94ef9cd1c89da3f37abd6374d79befa72d636d`
SHA3	`694f7c003bf9cb6e8e0f7507b7fa6fb2933f4550b832120db175f8cb96be63a2`

4

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.67283`
MD5	`7ab14d62bb65712c6100ed939e66cebe`
SHA1	`2c6493bbf458de0290ab53477c304f3ef1a59047`
SHA256	`1b670a07bf2ebc3f30528d102a2b081d1d97c98b7264cfc88441b917dd62ddf2`
SHA3	`5f22c8d25bfa305c8e625e1060172b6dea6c0292b60bdef07d428e7116fe3f10`

5

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.86373`
MD5	`679d57bcf9b629f02e3516ee29508f64`
SHA1	`4cfdf78fa6dfbe80e90a69b30df78372fe8f49ff`
SHA256	`18619897a460b53b40a5ec800b0dd3b81ad5d88ee14dc9b85b3a01763a988197`
SHA3	`8afe27ae5e1c00bb9baf55c5b9f98b171ec76f40e3b8a48e12a41b0f007003b8`

129

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x2e4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

9

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x46`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

3585

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x2a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

3601

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x296`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

3603

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x328`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

3604

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x27c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

3605

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x106`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

3606

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0xda`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

3825

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x1f8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

3826

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0xae`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

3838

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x44`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

128

Type	`RT_ACCELERATOR`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x70`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

128 (#2)

Type	`RT_GROUP_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.73093`
Detected Filetype	Icon file
MD5	`17f61dc5fe2b9eab8aa8a064c2b145f0`
SHA1	`069c1572c68ebc19c0bddc31495dda8579060206`
SHA256	`39638543212285054c8e2500dcfa3c10b36fd65f6a894ccd09b2b9dd88e89744`
SHA3	`88932a522a02b376b45c0e715fd63d9f337b0544d06574cc2cf3302784f5010f`

1 (#2)

Type	`RT_VERSION`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x2fc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.37804`
MD5	`2f2b12661d0c6a1e7a028d1d18a9317e`
SHA1	`ea14a38c4a69293e9511783818e150cf776cef80`
SHA256	`84682ea49fbfcb364ed3dd834c911342544b0e9b8a138562706ee95df481f679`
SHA3	`747d5951332bda8d4d9060e88a3ea20a9fb70f4adea7436397e8216d5432e494`

1 (#3)

Type	`RT_MANIFEST`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x279`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.01229`
MD5	`4e541c7ed18bbd039cc07dae957bfdac`
SHA1	`d4ef75f89eaea2b6e3884217ccf61011ce1c61c7`
SHA256	`7adafc350f7d7969a17f134f00b95b9f453051a23ceca97d55d1e932e62fb9b6`
SHA3	`f7e0ea394babb32601d20d53da6081bdd233f0de4115cec964301030b7923d6d`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	4.0.0.0
ProductVersion	4.0.0.0
FileFlags	`VS_FF_SPECIALBUILD`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	Chinese - PRC
Comments	http://wincdemu.sysprogs.org/
CompanyName	Sysprogs OU
FileDescription	Portable WinCDEmu
FileVersion (#2)	4.0
LegalCopyright	LGPL
LegalTrademarks	Sysprogs
OriginalFilename	PortableWinCDEmu.exe
ProductName	WinCDEmu
ProductVersion (#2)	4.0

Resource LangID	Chinese - PRC

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x4b4590`
SEHandlerTable	`0x4b4528`
SEHandlerCount	`25`

RICH Header

XOR Key	`0xffef0a08`
Unmarked objects	`0`
ASM objects (VS2010 SP1 build 40219)	`17`
C objects (VS2010 SP1 build 40219)	`116`
175 (VS2010 SP1 build 40219)	`9`
C objects (VS2008 SP1 build 30729)	`1`
Imports (VS2008 SP1 build 30729)	`19`
Total imports	`201`
C++ objects (VS2010 SP1 build 40219)	`54`
Resource objects (VS2010 SP1 build 40219)	`1`
Linker (VS2010 SP1 build 40219)	`1`

Errors

[*] Warning: Ignored an invalid IMAGE_RESOURCE_DATA_ENTRY
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!