Manalyze report for ca55aca3290a690bd8f7db37b4da40ca

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2017-May-10 18:29:50
Detected languages	English - United States
Debug artifacts	C:\Users\Inode Firewall\OneDrive\Documents\Présentations\SEC102\2017\PGSE\SEC102_Laura\bin\Debug\dirlist.pdb

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	VirusTotal score: 1/72 (Scanned on 2020-05-14 14:26:23)	`Cylance: Unsafe`

Hashes

MD5	`ca55aca3290a690bd8f7db37b4da40ca`
SHA1	`07769ed4df90f3fe3987e04af1f1c36ae9a55474`
SHA256	`a60cac9301645715e57e46a3113de61c0daa2f22f75ae7ba3e177ee5e8a8295d`
SHA3	`98758296544431c86382ac5327ab7fc5c1706234c30fff8c2747e6a064383ed6`
SSDeep	`384:/NQSf4ltN2EPncB1YuSUECYo02isYpOLQWWSAEx3tIZJ:/NQEQNJncB1YuqOYpiAExu`
Imports Hash	`e60ec9e359b724c952d4441a247f49ff`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	2017-May-10 18:29:50
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x5600`
SizeOfInitializedData	`0x4800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001032 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x7000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x10000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`495acf94c6c4779f1ebef1310c63e08c`
SHA1	`7d5ab34902f4f2e0684dd93d5f2eabd6955b3b12`
SHA256	`cbf9e4d49d6f2175fda2d866fba1152e966e11cd15f3c9b0bc5e464a733ee4f4`
SHA3	`292250180892548b6306203b42d0d3bdad073814b55202a0ee56b475db727a0e`
VirtualSize	`0x5475`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`4.74628`

.rdata

MD5	`40ea75ad82e201db0c409070a4562d80`
SHA1	`5226e9c811eb5176908c3a5b7ec8baf218b9905a`
SHA256	`5a7bc8b8544277be443120dc2cc5fe1721d3bf2cf43edb0f445ec09c0cf88bee`
SHA3	`7c2e53b72616a7ff9c21b695b319394915a720ba0f4107bbc03d9925757ead26`
VirtualSize	`0x2145`
VirtualAddress	`0x7000`
SizeOfRawData	`0x2200`
PointerToRawData	`0x5a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.96056`

.data

MD5	`4b8cb454c873c728d00c1beeb2b6b945`
SHA1	`f33ab83576c3ce6d57dbcd9c39c33d082691ea76`
SHA256	`212904e7b3b0eda836f365ad85d3d3f11248fa8c25e05bff26d96156ec273afe`
SHA3	`749d79948965faa8f23c328f4bd0dc2277cbfff9c648b85bdb77424127b4894d`
VirtualSize	`0x8b4`
VirtualAddress	`0xa000`
SizeOfRawData	`0x600`
PointerToRawData	`0x7c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.70265`

.idata

MD5	`4f6cf97e5dae4d6b6fe3800fdfd45894`
SHA1	`cae76f4c8f13c0068d554c7f1d0fbc310078d4c3`
SHA256	`eeb3ce3a2c2d8dd61c1618fda061c93230e669eb2efc8c6f4f874014e4389770`
SHA3	`f8aeed5fe56a8ac4173491e06434bbf27de2206bb2fc671baa010650e1d7bf1e`
VirtualSize	`0xaf2`
VirtualAddress	`0xb000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x8200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.93969`

.gfids

MD5	`96069875f941840e876cbffd348cce91`
SHA1	`4af701989984a91f1759292d157dc8703e5f6862`
SHA256	`9ff01324f9f671882e0ec39acff5b79bc791976b6da405153f620c7ef9252982`
SHA3	`5dc2194c26d91d3e8193b1fdf2656cc5a7bb317cfe9e3754b66f06dfa20b6cdd`
VirtualSize	`0x13a`
VirtualAddress	`0xc000`
SizeOfRawData	`0x200`
PointerToRawData	`0x8e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.214733`

.00cfg

MD5	`0196df8faab72d42dc0180034272dd8c`
SHA1	`dc846fb96b2fd815467f9a20398b73d32f512128`
SHA256	`0f218ee04a2cd58bc52832acad9dc07c7e99fc0f49e8aaab2e22ccead2f10773`
SHA3	`da702eb982bd76e895bc8ef660947ec104eef591637f3afc6bc272fb493243a4`
VirtualSize	`0x104`
VirtualAddress	`0xd000`
SizeOfRawData	`0x200`
PointerToRawData	`0x9000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.0611629`

.rsrc

MD5	`303b3828e907aba1ef2b388f25ba9b5f`
SHA1	`dc8b3cd4ecc247ce69dfcd4094568bb0c3642734`
SHA256	`f53e342e145f575f43dae0905ab37541480ae3115f6acaeee9276e4d2fd8c7c0`
SHA3	`797b27c50943dfb146bc7174e1a3c35ea9471ada92ef7b6f9e3fb66095b727f3`
VirtualSize	`0x43c`
VirtualAddress	`0xe000`
SizeOfRawData	`0x600`
PointerToRawData	`0x9200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.13542`

.reloc

MD5	`ce3e0b51291e7eb2a6f3e2a7ece47b9f`
SHA1	`df134dd25922c272f3fdc5fab3299f8c86434907`
SHA256	`0bf2660329b7260093addd2164e4bc2dbe54a0e0e896c88848233971b12a084b`
SHA3	`608f62007b274a93925dc4e6a7ca362922b4d24f9c657762bac5b25a8070a5d1`
VirtualSize	`0x4c5`
VirtualAddress	`0xf000`
SizeOfRawData	`0x600`
PointerToRawData	`0x9800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.60515`

Imports

KERNEL32.dll	`FindClose` `FindFirstFileA` `FindNextFileA` `FileTimeToSystemTime` `FreeLibrary` `VirtualQuery` `GetProcessHeap` `HeapFree` `HeapAlloc` `GetLastError` `GetModuleHandleW` `GetStartupInfoW` `InitializeSListHead` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `GetCurrentProcessId` `QueryPerformanceCounter` `IsProcessorFeaturePresent` `TerminateProcess` `GetCurrentProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `WideCharToMultiByte` `MultiByteToWideChar` `RaiseException` `IsDebuggerPresent` `GetProcAddress`
VCRUNTIME140D.dll	`__std_type_info_destroy_list` `_except_handler4_common` `__vcrt_GetModuleFileNameW` `__vcrt_GetModuleHandleW` `__vcrt_LoadLibraryExW` `memset`
ucrtbased.dll	`__p__commode` `_set_fmode` `_seh_filter_dll` `_initialize_onexit_table` `_register_onexit_function` `_execute_onexit_table` `_crt_atexit` `_crt_at_quick_exit` `_controlfp_s` `terminate` `_wmakepath_s` `_wsplitpath_s` `wcscpy_s` `_set_new_mode` `exit` `_initterm_e` `_initterm` `_get_initial_narrow_environment` `_initialize_narrow_environment` `_configure_narrow_argv` `__setusermatherr` `_set_app_type` `_seh_filter_exe` `_CrtDbgReportW` `_CrtDbgReport` `strlen` `__stdio_common_vfprintf` `__acrt_iob_func` `_configthreadlocale` `_register_thread_local_exe_atexit_callback` `_c_exit` `_cexit` `__p___argv` `_exit` `__p___argc` `__stdio_common_vsprintf_s`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2017-May-10 18:29:50
Version	`0.0`
SizeofData	`134`
AddressOfRawData	`0x87d4`
PointerToRawData	`0x71d4`
Referenced File	C:\Users\Inode Firewall\OneDrive\Documents\Présentations\SEC102\2017\PGSE\SEC102_Laura\bin\Debug\dirlist.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2017-May-10 18:29:50
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x885c`
PointerToRawData	`0x725c`

TLS Callbacks

Load Configuration

Size	`0x5c`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x40a310`
SEHandlerTable	`0x4086d0`
SEHandlerCount	`1`

RICH Header

XOR Key	`0x47eff642`
Unmarked objects	`0`
239 (40116)	`2`
Imports (VS2015 UPD3 build 24123)	`2`
C++ objects (VS2015 UPD3 build 24123)	`23`
C objects (VS2015 UPD3 build 24123)	`13`
Imports (65501)	`3`
Total imports	`69`
C objects (VS2015 UPD3.1 build 24215)	`2`
Resource objects (VS2015 UPD3 build 24210)	`1`
Linker (VS2015 UPD3.1 build 24215)	`1`

ca55aca3290a690bd8f7db37b4da40ca

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.idata

.gfids

.00cfg

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

TLS Callbacks

Load Configuration

RICH Header

Errors