Manalyze report for c75c315826cbf027a66b9aa3741dec9d

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2022-Aug-06 07:41:39
Detected languages	English - United States

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`c75c315826cbf027a66b9aa3741dec9d`
SHA1	`1cb54fbae395a841d8fe8d0e430ee794b3dcfa3f`
SHA256	`4f42200f929e6a37f02ba9efcf52812bdb3369c247723636fa084e0f18afe044`
SHA3	`ea5728dd03411eef0058f3f47457369e847224b2c23e6daa63cbea0360c80f9a`
SSDeep	`1536:4T0V1F7Wbtq5ukbvtIo7+pZLZSpguvZYfw2O997HNHFMN5oo7My4LKoC6BuDxfi:4c+tq5vtIU`
Imports Hash	`8b0dfc8d89f919c4d39b67bbb91af847`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2022-Aug-06 07:41:39
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x7600`
SizeOfInitializedData	`0x1679400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000081F4 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x1686000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x100000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a4a015f9c41f9708907f1c52f53e88b7`
SHA1	`f7bae31c5fc21eb282c599a30877b4c17f525231`
SHA256	`f4997c61030bc25d909f964c0fa7f7ad531008f80346586bdbfbd1bb59ef8870`
SHA3	`960e79bb3a63e9420053379568336b499185d5dd58dbd78ba734d44f9000e8b3`
VirtualSize	`0x7522`
VirtualAddress	`0x1000`
SizeOfRawData	`0x7600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.25367`

.rdata

MD5	`27fdefcfc5d31afff0e282b286db3902`
SHA1	`77c0af7c50c735f32085ecf135bdfab19f073d8a`
SHA256	`4350be0736eecda6197b7940980dbc6cea3610e282a9707c45543cb82c3a6234`
SHA3	`f70c6f74b0d194e75077746721b64174357e3f4dc7085a0fd185c99ade937d81`
VirtualSize	`0x5768`
VirtualAddress	`0x9000`
SizeOfRawData	`0x5800`
PointerToRawData	`0x7a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.04912`

.data

MD5	`1b39a3d54ea9b6345226aeb91fbe8f49`
SHA1	`242b797cc184a5b211a9e129c0a5d6a23fdf7d36`
SHA256	`aabe791082cbfa47e65a64124ac0ed1665ad8dce8b15ccabdd373342289ce572`
SHA3	`c1610285e54e8928a0583c54c2efb46236f967d3197436319265720824c7c212`
VirtualSize	`0x16733e8`
VirtualAddress	`0xf000`
SizeOfRawData	`0xca00`
PointerToRawData	`0xd200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0288996`

.pdata

MD5	`d74c8b134ce7222ca2a83d3cbeb09a9d`
SHA1	`a3e8feaa15636a50441cbd5360e8fe14009fde2e`
SHA256	`6669cede6311334a498d2be979899de28116ec64c3c8180876a47798ebaa9259`
SHA3	`9f9cee37d59960f3563fadd9b23a99ecd3a3b13ff05b46bb0e8372b772f5c4bc`
VirtualSize	`0xe4`
VirtualAddress	`0x1683000`
SizeOfRawData	`0x200`
PointerToRawData	`0x19c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.94647`

.rsrc

MD5	`4490308ef7dc9f8258558f27e853cce8`
SHA1	`00a852824794c788a36f254df851318689daf1e9`
SHA256	`54a2f8da154d1ff1f180d36073fea4668cb758a223708164ee8f3fa328dff6ee`
SHA3	`37a401a16505585c9903a183c9c2420f519268b71753e37b03046308ab9eb04d`
VirtualSize	`0x310`
VirtualAddress	`0x1684000`
SizeOfRawData	`0x400`
PointerToRawData	`0x19e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.44513`

.reloc

MD5	`af56a20e00fc8c860dd82aae41be07be`
SHA1	`ba54df9f37edac5ba1913198e734806e1691b430`
SHA256	`b1637febbcae51c86525a16980cf918cf4b2aa93f3871425d1be2b6b32103018`
SHA3	`1eea848d1928a8431d1813bb330cd3d107ba267867ccabd51adb14d783529a22`
VirtualSize	`0x2c`
VirtualAddress	`0x1685000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1a200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.575648`

Imports

KERNEL32.dll	`HeapFree` `WakeConditionVariable` `GetQueuedCompletionStatus` `lstrlenA` `LocalAlloc` `PostQueuedCompletionStatus` `Sleep` `GetLastError` `ReleaseSRWLockExclusive` `OutputDebugStringW` `AcquireSRWLockExclusive` `QueryPerformanceFrequency` `ReleaseSRWLockShared` `LoadLibraryW` `CreateThread` `HeapAlloc` `LocalSize` `GetProcAddress` `AcquireSRWLockShared` `ExitProcess` `GetProcessHeap` `GetModuleHandleW` `SleepConditionVariableSRW` `FormatMessageA` `QueryPerformanceCounter` `CreateIoCompletionPort`
USER32.dll	`SetCursorPos` `ShowCursor` `LoadImageW` `PostQuitMessage` `PostThreadMessageW` `TranslateMessage` `RegisterRawInputDevices` `MessageBoxA` `GetRawInputData` `PeekMessageW` `DispatchMessageW` `RegisterClassExW` `CreateWindowExW` `DestroyWindow` `GetWindowRect` `DefWindowProcW` `GetMessageW`
api-ms-win-crt-math-l1-1-0.dll	`sqrtf` `cosf` `tanf` `sinf`
api-ms-win-crt-stdio-l1-1-0.dll	`__stdio_common_vsprintf` `__stdio_common_vsprintf_s`
VCRUNTIME140.dll	`memcpy` `memset`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2a9`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.07607`
MD5	`a77f7bc715994213a368839a1919b831`
SHA1	`8c048fd3f4dad59ebd01b669d24b4c671855fb0e`
SHA256	`ceadc4ae9430eb6d4aeb47affa24c24e2a1dc4de04012122ad047819a745c489`
SHA3	`ee42472477294ae25a7dbff388c719246ec3c11ccc9362df7c50fa1797fc86fa`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2022-Aug-06 07:41:39
Version	`0.0`
SizeofData	`292`
AddressOfRawData	`0xde5c`
PointerToRawData	`0xc85c`

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xbdd9999f`
Unmarked objects	`0`
Imports (30034)	`2`
Imports (VS2008 SP1 build 30729)	`4`
C++ objects (30034)	`1`
Imports (27412)	`5`
Total imports	`51`
C objects (LTCG) (VS2019 Update 11 (16.11.13) compiler 30143)	`1`
Resource objects (VS2019 Update 11 (16.11.13) compiler 30143)	`1`
Linker (VS2019 Update 11 (16.11.13) compiler 30143)	`1`

c75c315826cbf027a66b9aa3741dec9d

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors