Manalyze report for c5c1f77ea0ba123beaf35dda9959dee1

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1992-Jun-19 22:22:17

Plugin Output

Suspicious	PEiD Signature:	`D1S1G v1.1 beta --> D1N`
Info	Interesting strings found in the binary:	`Contains domain names: google.com http://www.google.com http://www.google.com/images/srpr/logo2w.png www.google.com`
Info	The PE contains common functions which appear in legitimate applications.	`Can access the registry: RegQueryValueExA RegOpenKeyExA RegCloseKey` `Possibly launches other programs: ShellExecuteA` `Has Internet access capabilities: InternetReadFile InternetOpenUrlA InternetOpenA InternetCloseHandle`
Suspicious	The PE header may have been manually modified.	`The resource timestamps differ from the PE header: 2020-Jun-29 10:37:28`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`c5c1f77ea0ba123beaf35dda9959dee1`
SHA1	`f7c64136ecf5d51511ca3f6efd4ad09b0e9da7ea`
SHA256	`14b72a86c10f4a2c0f73e468b2a6ba50355f79b8e24384d73d176f9db138261d`
SHA3	`669a64800291775d9c85b3829e203bb4244881cca6c4e355215022b6757e97f4`
SSDeep	`384:BOzKkhWGyyCMy850uj7KFJMn257LEZEfJJTEJcG/2G7AzHeBD/:uC3850ujog257JfPgj2JH4D`
Imports Hash	`02a8fddc2094319ee619938d99156108`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	1992-Jun-19 22:22:17
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_BYTES_REVERSED_HI` `IMAGE_FILE_BYTES_REVERSED_LO` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x3c00`
SizeOfInitializedData	`0x1400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000049DC (Section: CODE)`
BaseOfCode	`0x1000`
BaseOfData	`0x5000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xc000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

CODE

MD5	`0658433dc8f334585ac9f222e0e5b729`
SHA1	`5d9f40093c1cfd367bd4aa8f0e40c2af492b09bf`
SHA256	`83a49020cb2c6af55a625d148ed7ce04a36fa344503f9a1d016fa644af2d1bea`
SHA3	`1e3d1ea46e378b4360b3b992faf96621f13a67947373050b1e8b988f06a9f4d6`
VirtualSize	`0x3a7c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x3c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.34583`

DATA

MD5	`d2483e326c25b89b71843c27f407ec09`
SHA1	`5561706dc7d0989b3a1739a221f0eaf5a07a55fa`
SHA256	`f0dd8908d10dd93dbfe723b1718ee29667bc683ded192f965c5a6cce1f132970`
SHA3	`a6761adecaf3d76fec5bb5621edcb153cf8a3622a8df4925a56a315c0977a62e`
VirtualSize	`0x5e4`
VirtualAddress	`0x5000`
SizeOfRawData	`0x600`
PointerToRawData	`0x4000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.58336`

BSS

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x671`
VirtualAddress	`0x6000`
SizeOfRawData	`0`
PointerToRawData	`0x4600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`f14a2ad95fdcc323b674857c4804711f`
SHA1	`1bf057e275e87cb68ba910471588f6d11a794ba1`
SHA256	`67efb29327917abd6a2f97e190a32dcfbacc5b9761c0550d3c147f4c2d582758`
SHA3	`8a1fbaccc1b3195ac188fa99c8d7985431774ae5ef1148d14464f88b7a7ef813`
VirtualSize	`0x574`
VirtualAddress	`0x7000`
SizeOfRawData	`0x600`
PointerToRawData	`0x4600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.02647`

.tls

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x8`
VirtualAddress	`0x8000`
SizeOfRawData	`0`
PointerToRawData	`0x4c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rdata

MD5	`85a628617cb3cf1d4f392444aca2f86a`
SHA1	`eed39e44f0e566db571e65562a23f438e2b42a4e`
SHA256	`d6918e5b3a0aaebbc5ae2e1b2b09a7658c2e390bc286a1e7d8514805873034ee`
SHA3	`e503bdd20b24efb7c980f0ece7c64c23f4c0714a15a8598d33c67e63cb27cf81`
VirtualSize	`0x18`
VirtualAddress	`0x9000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`0.204488`

.reloc

MD5	`bbf8c6de1e0458b828d0a867a29db1c4`
SHA1	`f7532b29e84a3d14c3ac892319885a3d28abd763`
SHA256	`3513b85a0733a87af46eb4f7d18c46375e03b55393311b5b28c96ddfd5b5f40e`
SHA3	`4ede9ec80b50968bc9c636c94e540b89dc92659528fea7dc24f1d6b9140173fe`
VirtualSize	`0x3c0`
VirtualAddress	`0xa000`
SizeOfRawData	`0x400`
PointerToRawData	`0x4e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`6.3054`

.rsrc

MD5	`6e69518f21f7761a387fb7340e0b9312`
SHA1	`0e9ec4df3da604ec9d5f867205e022577b8bc3ec`
SHA256	`a9438a64069b7dcb461174f89c56cea2489879bc2141839efdb7ef591cee802d`
SHA3	`e8b1c62d679a09ecb9cea22f6a0e0cc5038d52926214384309222645f6c944e0`
VirtualSize	`0x200`
VirtualAddress	`0xb000`
SizeOfRawData	`0x200`
PointerToRawData	`0x5200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`2.59608`

Imports

kernel32.dll	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetVersion` `GetCurrentThreadId` `GetThreadLocale` `GetStartupInfoA` `GetLocaleInfoA` `GetCommandLineA` `FreeLibrary` `ExitProcess` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle`
user32.dll	`GetKeyboardType` `MessageBoxA`
advapi32.dll	`RegQueryValueExA` `RegOpenKeyExA` `RegCloseKey`
oleaut32.dll	`SysFreeString`
kernel32.dll (#2)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetVersion` `GetCurrentThreadId` `GetThreadLocale` `GetStartupInfoA` `GetLocaleInfoA` `GetCommandLineA` `FreeLibrary` `ExitProcess` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle`
kernel32.dll (#3)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetVersion` `GetCurrentThreadId` `GetThreadLocale` `GetStartupInfoA` `GetLocaleInfoA` `GetCommandLineA` `FreeLibrary` `ExitProcess` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle`
wininet.dll	`InternetReadFile` `InternetOpenUrlA` `InternetOpenA` `InternetCloseHandle`
shell32.dll	`ShellExecuteA`

Delayed Imports

DVCLAL

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10`
TimeDateStamp	2020-Jun-29 10:37:28
Entropy	`4`
MD5	`d8090aba7197fbf9c7e2631c750965a8`
SHA1	`04f73efb0801b18f6984b14cd057fb56519cd31b`
SHA256	`88d14cc6638af8a0836f6d868dfab60df92907a2d7becaefbbd7e007acb75610`
SHA3	`a5a67ad8166061d38fc75cfb2c227911de631166c6531a6664cd49cfb207e8bb`

PACKAGEINFO

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x64`
TimeDateStamp	2020-Jun-29 10:37:28
Entropy	`4.53384`
MD5	`d1bd1ba2f67346e6b7549dcb15663684`
SHA1	`b2f96750ed5729344dbe190b07a07bc1551be429`
SHA256	`30f3f0fc6ca135d5c12240ff3b79638a601a710e5f77bd43addeb37ef8995571`
SHA3	`c08e89f5893304ce5cd181076a0872d63f4a695e7df2ec1779bf91bd41b8eb66`

Version Info

TLS Callbacks

StartAddressOfRawData	`0x408000`
EndAddressOfRawData	`0x408008`
AddressOfIndex	`0x405088`
AddressOfCallbacks	`0x409010`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`(EMPTY)`

Load Configuration

RICH Header

Errors

[*] Warning: Section BSS has a size of 0!
[*] Warning: Section .tls has a size of 0!