Manalyze report for ca3ff2746bc8a53c1590f6db3b28f2bf

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2014-Oct-27 13:54:18
Detected languages	English - United States
Debug artifacts	C:\Users\Latch Dimitrov\documents\visual studio 2013\Projects\ascii_to_motec\Release\ascii_to_motec.pdb

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Safe	VirusTotal score: 0/67 (Scanned on 2018-06-10 16:22:32)	`All the AVs think this file is safe.`

Hashes

MD5	`ca3ff2746bc8a53c1590f6db3b28f2bf`
SHA1	`1b24cc36ca1ebba3b5173514b810447f14db00f0`
SHA256	`1688cb85fba2af67ff32a3a87f94044b789a1c51030f8ec191311a645f3b461c`
SHA3	`3c93def512e7adfadc79f0233551db32cdab680cb636bdb5853ff43d8200e8b7`
SSDeep	`6144:QQtP2AIK1XC69lWgP+JZcRsJAOKAOopF1zKKD:QQ31XCegJZysJQC5zKK`
Imports Hash	`785e3f3e4a06f33a82a95b73def17957`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2014-Oct-27 13:54:18
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`12.0`
SizeOfCode	`0x25400`
SizeOfInitializedData	`0x17c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000E389 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x27000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x41000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d7f71372f273fa65b666740b467a3575`
SHA1	`53ceb155b6322b1051cb5a237fd74cac989b0828`
SHA256	`d293c2caa50bae3a3f1b007d0da205a36da6989e277470812ef1d18f1ad5df11`
SHA3	`b2981751e7920090376c2b87dcc587314b480f8752a175e9bc70dfc3083552d2`
VirtualSize	`0x2538d`
VirtualAddress	`0x1000`
SizeOfRawData	`0x25400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.68113`

.rdata

MD5	`1f7712fd562df24c627322ce01ea8d8f`
SHA1	`fb00ff5d4d450954de0ef728eff1b56b61d91eb0`
SHA256	`82481268ff6063974efb64938a182e2c4f1aff91972442bb3cfe7bef09c7c2a5`
SHA3	`404df97c772ae2cd11eb1b386aa71ee4ca4199f04a3e23fbed19ae05f4789114`
VirtualSize	`0x1151c`
VirtualAddress	`0x27000`
SizeOfRawData	`0x11600`
PointerToRawData	`0x25800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.69472`

.data

MD5	`b27e893db3c5c98c269557ce8b5330da`
SHA1	`3b217a4aa176b1a786babe188e51774e7235c951`
SHA256	`df5557114e206da2584b27501e921f4fefa8a37a468cb28b94320fd30d1277e3`
SHA3	`1dc2aa9232f833515ca17ecac2a7e6325dab4997db2a79ac8b451642bbfc0d73`
VirtualSize	`0x3e48`
VirtualAddress	`0x39000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0x36e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.83963`

.rsrc

MD5	`bde1b22770db5de52439d7b03653475d`
SHA1	`5c08cd94e4be42d69567f9571ca92e8dc85ed1b0`
SHA256	`40992cefe26ec6f9eb8a20b1d227089b45ce4d8df6c1b88e67688486c8fdd895`
SHA3	`bcc8c9acaf97106c17e9afd95941f2a450ce9abb8c7c8f47d110cdced2193f8c`
VirtualSize	`0x1e0`
VirtualAddress	`0x3d000`
SizeOfRawData	`0x200`
PointerToRawData	`0x38c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.71768`

.reloc

MD5	`53dd06345d418b9e37d271e2158721fd`
SHA1	`bedc0808e6c099a97b8b69ff9fb7e75d92ba8330`
SHA256	`22b32b1354c6a1f7d9fc1c5fb061e7f0639df47edab446e24a8d2a62e25b269b`
SHA3	`d8d67a1ef29bf463fda8b31f6d3898e0b9efd826cf04bc569535b3e554e74948`
VirtualSize	`0x2354`
VirtualAddress	`0x3e000`
SizeOfRawData	`0x2400`
PointerToRawData	`0x38e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.55865`

Imports

KERNEL32.dll	`WideCharToMultiByte` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `EncodePointer` `DecodePointer` `MultiByteToWideChar` `GetStringTypeW` `GetLastError` `HeapFree` `GetSystemTimeAsFileTime` `ExitProcess` `GetModuleHandleExW` `GetProcAddress` `AreFileApisANSI` `GetCommandLineA` `HeapAlloc` `RaiseException` `RtlUnwind` `GetCPInfo` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `SetLastError` `InitializeCriticalSectionAndSpinCount` `Sleep` `GetCurrentProcess` `TerminateProcess` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `GetStartupInfoW` `GetModuleHandleW` `IsProcessorFeaturePresent` `LCMapStringW` `GetLocaleInfoW` `IsValidLocale` `GetUserDefaultLCID` `EnumSystemLocalesW` `IsDebuggerPresent` `GetProcessHeap` `GetCurrentThreadId` `GetStdHandle` `GetFileType` `HeapSize` `IsValidCodePage` `GetACP` `GetOEMCP` `WriteFile` `GetConsoleCP` `GetConsoleMode` `ReadFile` `SetFilePointerEx` `FlushFileBuffers` `CloseHandle` `GetModuleFileNameW` `LoadLibraryExW` `GetModuleFileNameA` `QueryPerformanceCounter` `GetCurrentProcessId` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `HeapReAlloc` `ReadConsoleW` `SetStdHandle` `WriteConsoleW` `OutputDebugStringW` `CreateFileW` `SetEndOfFile`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2014-Oct-27 13:54:18
Version	`0.0`
SizeofData	`128`
AddressOfRawData	`0x35d28`
PointerToRawData	`0x34528`
Referenced File	C:\Users\Latch Dimitrov\documents\visual studio 2013\Projects\ascii_to_motec\Release\ascii_to_motec.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2014-Oct-27 13:54:18
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x35da8`
PointerToRawData	`0x345a8`

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x439750`
SEHandlerTable	`0x436a30`
SEHandlerCount	`43`

RICH Header

XOR Key	`0x10c07baf`
Unmarked objects	`0`
ASM objects (20806)	`32`
C++ objects (20806)	`70`
C objects (20806)	`213`
Imports (65501)	`3`
Total imports	`81`
229 (VS2013 build 21005)	`5`
Resource objects (VS2013 build 21005)	`1`
Linker (VS2013 build 21005)	`1`

ca3ff2746bc8a53c1590f6db3b28f2bf

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

TLS Callbacks

Load Configuration

RICH Header

Errors