Manalyze report for cc12d81ad5d3ac18f7a9b8d6ddd8681b54cd1887028867295598331ea08464cf

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2018-Sep-12 03:59:40
Debug artifacts	C:\Users\ana\code\Squirrel\Squirrel.Windows\src\StubExecutable\bin\Release\StubExecutable.pdb
Comments	Contrail
CompanyName	Contrail
FileDescription	Contrail
FileVersion	`2.4.3`
InternalName	Contrail.dll
LegalCopyright	Copyright Â© Contrail 2026
LegalTrademarks
OriginalFilename	Contrail.dll
ProductName	Contrail
ProductVersion	`2.4.3`
Assembly Version	2.4.3.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Possibly launches other programs: CreateProcessW`
Info	The PE is digitally signed.	`Signer: Lars Pinkenburg` `Issuer: Certum Code Signing 2021 CA`
Safe	VirusTotal score: 0/68 (Scanned on 2026-05-20 01:29:17)	`All the AVs think this file is safe.`

Hashes

MD5	`702b1dcd3aa47308b1b465912abfd937`
SHA1	`65b9c46511d0990db4f8dc2a6fca784363cd3e5b`
SHA256	`cc12d81ad5d3ac18f7a9b8d6ddd8681b54cd1887028867295598331ea08464cf`
SHA3	`75aad62bd1fbd557415e7d5af1064f12a19dd8a5fdeba8bc1f74a738999942cb`
SSDeep	`6144:i4Z2XhnWE4ZFT8/v/AOvgknAgJQmEKYrXomD1:i4ZYWEgO3ZigJQnPTomZ`
Imports Hash	`8e509efc29aa3364c399f520e8cefdac`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2018-Sep-12 03:59:40
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x1b000`
SizeOfInitializedData	`0x5ec00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000087FC (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x1c000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x7e000`
SizeOfHeaders	`0x400`
Checksum	`0x84ae4`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b2ee9298121b08706fe420715bd01f5f`
SHA1	`3236aedbc1478edd7fab4d0a69d57f12282801e0`
SHA256	`25dca47c9e4b07c69ac7ac0289d19e06c46c9910b344f57c1db95361e3ede172`
SHA3	`fd834b03a136033ff95a734ef2933149aad913768065434eba538a2942ee3097`
VirtualSize	`0x1afeb`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1b000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.65902`

.rdata

MD5	`d5baf950ee30f733c13dd3ed0f8256b2`
SHA1	`194f3cf4b15610faf9f7961320cf5eea7f894a69`
SHA256	`85eab60752bf0a1df23346cf3f7df2ac5803e63533dbbb1ea25079828717ab1e`
SHA3	`91b89491b55aeed5248c363b46a56e2dbaa474e23a58cddf59bf784bf34db288`
VirtualSize	`0xfac6`
VirtualAddress	`0x1c000`
SizeOfRawData	`0xfc00`
PointerToRawData	`0x1b400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.22607`

.data

MD5	`86d1ada28d9674501abd8a817101309b`
SHA1	`d5d8b2489516d3b5afee3b1710ae88bf24d944c4`
SHA256	`f6f0acc0ef18419dbfcc11c10635fee2264cfa70e58b1c9a6f3d89d1a68ece64`
SHA3	`99fcee482b5d411f9ecf7651ae056536445c2b53bc6ffb1cdc522d57db6ef266`
VirtualSize	`0x229c`
VirtualAddress	`0x2c000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x2b000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.38931`

.rsrc

MD5	`01760b65b8622372a784e8e33a01dd66`
SHA1	`68f6ee49bb2df32968562e18d5976f6d04a07924`
SHA256	`5db9f0224643dcc3b5ded9c80d9ed509e6dc1b7b73b3d08d6331ac9523204fc2`
SHA3	`c266e12ccfd99b2210dd72a1b89717fdb78864810afb04780f8112fa52d78519`
VirtualSize	`0x4b9b4`
VirtualAddress	`0x2f000`
SizeOfRawData	`0x4ba00`
PointerToRawData	`0x2c400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.76317`

.reloc

MD5	`f1690327061e8df3d321889a6738a118`
SHA1	`94125cf3c0d91eab8e705fe61eff05856f8180ed`
SHA256	`a425e292e61bf94cfb47bf48738419f2d50eb935e2ea6f74ba7ca344abfd211e`
SHA3	`17eb9cc9fefae88a271cba37ea3cba7c6ffde90d10b94ca14189a256160186c4`
VirtualSize	`0x21c4`
VirtualAddress	`0x7b000`
SizeOfRawData	`0x2200`
PointerToRawData	`0x77e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.51363`

Imports

KERNEL32.dll	`GetModuleFileNameW` `GetModuleHandleW` `FindFirstFileW` `FindNextFileW` `FindClose` `CreateProcessW` `WriteConsoleW` `FlushFileBuffers` `SetFilePointerEx` `GetConsoleMode` `WideCharToMultiByte` `GetLastError` `MultiByteToWideChar` `GetStringTypeW` `EncodePointer` `DecodePointer` `SetLastError` `InitializeCriticalSectionAndSpinCount` `SwitchToThread` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `GetSystemTimeAsFileTime` `GetProcAddress` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `LCMapStringW` `GetLocaleInfoW` `GetCPInfo` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `IsDebuggerPresent` `GetStartupInfoW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `InitializeSListHead` `RtlUnwind` `RaiseException` `FreeLibrary` `LoadLibraryExW` `ExitProcess` `GetModuleHandleExW` `GetStdHandle` `WriteFile` `GetACP` `HeapFree` `HeapAlloc` `IsValidLocale` `GetUserDefaultLCID` `EnumSystemLocalesW` `HeapReAlloc` `GetFileType` `FindFirstFileExW` `IsValidCodePage` `GetOEMCP` `GetCommandLineA` `GetCommandLineW` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `GetProcessHeap` `CloseHandle` `SetStdHandle` `HeapSize` `GetConsoleCP` `CreateFileW`
USER32.dll	`AllowSetForegroundWindow` `WaitForInputIdle`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.33756`
MD5	`3930e68c5c001ad5118221b0fba9d9d4`
SHA1	`fface2495b7964c7375edbbddb0e3dc62809b601`
SHA256	`b0db899b689350e14b3999d604cedbfa62731f45b7717f3d1564b0a1872502a5`
SHA3	`40fb63795c77a6e9aaf816d5a1e7adb11011ca33c770e3cabfa4f87bfbc25b19`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.80248`
MD5	`295f4ee5498c1919e731fb6c3c91f876`
SHA1	`25b4ee4abbbd1a8c8451cafbb7f0753fbd7656b5`
SHA256	`681a209c7055dbc4f63fe2fcbfa61c4ab61923bf28e9b67a85a01b11aacba85a`
SHA3	`1ca7c51d0e19b3d4b17d20818779d712c20adac34bf3b7f966f886ba5ca84caf`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41824`
MD5	`8d8abb0e6f9862cfbac8499dd5cc37d0`
SHA1	`c4e15f945e053eb406b45ca1f81ce9635b541d82`
SHA256	`be533c952fca518637bc58f4abd856c42974a708c66f7f2afb29852e56b326f5`
SHA3	`f7d5d48dc71b1d9b870299d1012c53e033200d66484e6b6fd5d147fc622aefc8`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.94361`
MD5	`1fb432995a4451e79acb903c04a5449e`
SHA1	`47389dd6c82cfdb8bb325496dbc01319fca2b923`
SHA256	`ca9a4b64df1c0cda9d7e77055e33d44d9893933e85c2fa74994e0b4b912d7919`
SHA3	`4bac1ec9433936c5873d6730ec5109738aab8a82b28ec5908f87165b38e366d0`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.68364`
MD5	`6cd4a7140b459a4c242cd01b9a7611ae`
SHA1	`298264a8a009935c21193b639e83abb8890413bb`
SHA256	`e3d31df78bdb3fe228082ddc7578a7cd2bea55c95a763b8bdde6cbaa5bf360de`
SHA3	`8082dbd9a10cc47d65c2e7a141c3a7eb087d47c83a7748aed51473837f8098e2`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.37753`
MD5	`6cb78991d7c9977118086f57de925530`
SHA1	`73a4db7146d1274274c42c8d1e61156ac8609116`
SHA256	`17ba12c7982df82245bf4630495dfa32000c65216882a0569a0b54da2aa674ec`
SHA3	`213c2ebcb8e1caec14daae36ba0c44c4afaea88c9f84120bf50ae1f671259cd0`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21715`
MD5	`a5fcbf91ac20156d7bb0592776000098`
SHA1	`14021e560c783ce36b7f71428e5108f3cb0fd41c`
SHA256	`8d091fd40890cba2addd93e4b56178a3fafde5ae3997fd32253c008d8f35a231`
SHA3	`2b000014cb31fc917bc84f00bbe271418166cf259492d532515e87f86df1f282`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.05797`
MD5	`8c25f7d16e881d19c1d4983da190fced`
SHA1	`422aa07993fee71f1c36f8cf0a036a5cc61b8e0f`
SHA256	`6d59bbcc1b05e528bd57cbc984c64371ac3db2db254d313e8371a6c5ea51cdb0`
SHA3	`c9868311b48cb707a40758901c2b4adf062a72562f01237455f103759cdc651e`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x3172`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.92465`
Detected Filetype	PNG graphic file
MD5	`f7b89c468c68944e0ea901bd5b1e0728`
SHA1	`18fadf14933b486bc69214f272e20c58c8496cd5`
SHA256	`c92b9b2d41343984fe0f4b96d233600f1122f866c56f3d3666d17bfa28277d0c`
SHA3	`ec9001aed53080353365a9dcaac5e7fb9e3e5a577c2d1a299e90d1942bf298ef`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.07075`
Detected Filetype	Icon file
MD5	`a43b9525e43baed4d28d835bee0b13fe`
SHA1	`9060703ba3625eb1a8325dc34a57c4a8d3625394`
SHA256	`0cbbd02d3fb179de17fa4e1806380c0c6fb490d892a4d97f79541e4cb544b135`
SHA3	`c6ecbf886553258621732eeb09a3b99096c8ade24847378746c181a5399c93bb`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x344`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.27514`
MD5	`ee3a9bab797ff06decc33c3215c11ea0`
SHA1	`15b0dd91de6b2e7c308f6f27860b88ba0a39e069`
SHA256	`2d1d677d8b9dd15c944e11fd139dc6eed135311d79139a065cfebec1b1cc37d7`
SHA3	`75795a6dee7da280909378a464861f76c7fd23c5f7c5309da3712452217cc9d7`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xc68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.0375`
MD5	`7a4e9919312bfb10769b52ee9bfaab56`
SHA1	`81b4b4e0686b42fc43b7868f9800e25c92dba0b2`
SHA256	`1abbf38a04d81b37bc6f5140756ccfa1d9269ccdc23d84297933e106c8b7464e`
SHA3	`544de7782d4b6404f5eaad992dac1d2f492b65b90cfffed0b1d65a6595249d22`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2.4.3.0
ProductVersion	2.4.3.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	Contrail
CompanyName	Contrail
FileDescription	Contrail
FileVersion (#2)	2.4.3
InternalName	Contrail.dll
LegalCopyright	Copyright Â© Contrail 2026
LegalTrademarks
OriginalFilename	Contrail.dll
ProductName	Contrail
ProductVersion (#2)	2.4.3
Assembly Version	2.4.3.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2018-Sep-12 03:59:40
Version	`0.0`
SizeofData	`118`
AddressOfRawData	`0x29a74`
PointerToRawData	`0x28e74`
Referenced File	C:\Users\ana\code\Squirrel\Squirrel.Windows\src\StubExecutable\bin\Release\StubExecutable.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2018-Sep-12 03:59:40
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x29aec`
PointerToRawData	`0x28eec`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2018-Sep-12 03:59:40
Version	`0.0`
SizeofData	`808`
AddressOfRawData	`0x29b00`
PointerToRawData	`0x28f00`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2018-Sep-12 03:59:40
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0xa0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x42c068`
SEHandlerTable	`0x429990`
SEHandlerCount	`57`

RICH Header

XOR Key	`0x8febeeac`
Unmarked objects	`0`
241 (40116)	`13`
243 (40116)	`135`
242 (40116)	`29`
199 (41118)	`1`
ASM objects (VS 2015/2017 runtime 26706)	`20`
C++ objects (VS 2015/2017 runtime 26706)	`60`
C objects (VS 2015/2017 runtime 26706)	`34`
Imports (65501)	`5`
Total imports	`93`
C++ objects (LTCG) (VS2017 v15.8.1 compiler 26726)	`4`
Resource objects (VS2017 v15.8.1 compiler 26726)	`1`
151	`1`
Linker (VS2017 v15.8.1 compiler 26726)	`1`

Errors

Leave a comment

No comments yet.