Manalyze report for ccba05bcabda7688e32a2a87c18cb4cd

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2019-Apr-24 22:18:38
Debug artifacts	C:\projects\src\out\Default\osmesa.dll.pdb

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: bugs.freedesktop.org freedesktop.org`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Safe	VirusTotal score: 0/67 (Scanned on 2019-10-31 00:58:57)	`All the AVs think this file is safe.`

Hashes

MD5	`ccba05bcabda7688e32a2a87c18cb4cd`
SHA1	`eb3687ea455162c5896789d3ede61b9931a93f46`
SHA256	`8eba687ed9732e197e1c254063f4f5aeff521ba988df114a70b8dc385326320d`
SHA3	`9b48b6864c5a14096b1018588a87984e498983bae18644cc7f08fc3ba12e7426`
SSDeep	`49152:sSnhpuRteAKxnKD3w47jWmUIdtaErCG44l:rLE`
Imports Hash	`93c69e8f1974e0c44e5e7837145c04fd`

DOS Header

e_magic	`MZ`
e_cblp	`0x78`
e_cp	`0x1`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0`
e_ss	`0`
e_sp	`0`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x78`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2019-Apr-24 22:18:38
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.1`
SizeOfCode	`0x1b5a00`
SizeOfInitializedData	`0x11a400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000191300 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`4.1`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x2f0000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`792eee6111a7f12ac87546b8c14448d3`
SHA1	`978388dcffd34d378847f0f97de60d682e2f40fb`
SHA256	`ea8913a63e3c9c0e09e89ebcfafeb554b39348fa199454580d615fb0695832f5`
SHA3	`bcd1254845a49bf4bcea159a41fa33780a1d2a9a6b4b9781e54d3f0a81a8be85`
VirtualSize	`0x1b59a6`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1b5a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.53895`

.rdata

MD5	`8116e2a646a44385ddcff809ee722ced`
SHA1	`fd2bec9d9b1784070aa0e3c3d1b13c40f39b6ef5`
SHA256	`a0129a6dc58568acb99a787a205323c79acd2de09302e85e7952e3a5ad608121`
SHA3	`fa4e19d924ba6ae59c932cfb930f6ac0b3b106660e40cf14c1a173dfa4653519`
VirtualSize	`0x103974`
VirtualAddress	`0x1b7000`
SizeOfRawData	`0x103a00`
PointerToRawData	`0x1b5e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.41235`

.data

MD5	`7bc696f45abdc786d64773dc0713151f`
SHA1	`525db44b5bffc6270b6d0847054c15de36b4c33d`
SHA256	`147a293ecc2899816ec8a1fb263989257769d4b8a8b0d2bce2e7b511198c3373`
SHA3	`1d73a6f1427212af237fe0cb8bd52a6be88846b02aa356a3414d9bf53572faa4`
VirtualSize	`0x1e0f0`
VirtualAddress	`0x2bb000`
SizeOfRawData	`0x3200`
PointerToRawData	`0x2b9800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.28422`

.pdata

MD5	`708977e8ce1918fec9f2baf96c2214c1`
SHA1	`f82226f6b0a78029c4cacdaadc625e3415438c51`
SHA256	`7832178abb35829b7d30f2fa51d225078f1db4a34fbd27a1058363ef84172e9b`
SHA3	`a21efbcf03d7d91a965e6708358c701647889a4d1decbecd09ece30a0e970105`
VirtualSize	`0xedd8`
VirtualAddress	`0x2da000`
SizeOfRawData	`0xee00`
PointerToRawData	`0x2bca00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.02503`

.00cfg

MD5	`7d252740c90a4dd8e233d01a14180d49`
SHA1	`0ff572d90cd3d59446f63fb1d9ab3eab246f9208`
SHA256	`e8c674c1f428d28975d32058e64f3d3aae3d260318d2a669f3a7affda8118d57`
SHA3	`bf77f3daba465a7d9d738a59b35b23d39a2ef841bed97bdf1ed58acb8fc71ee9`
VirtualSize	`0x10`
VirtualAddress	`0x2e9000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2cb800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.195869`

.gfids

MD5	`e353f15486f9936aecde24918ae71a8b`
SHA1	`e4f358696b249ff0d2277380eca36d57c27776ac`
SHA256	`460158758d07db9fed46e99851428c877f3aa8aefafc8eaea47eafcd0c93a4c5`
SHA3	`e312cf4841aba7d120c68ea09831e4635faecc183c04262699153bf25c1d3c02`
VirtualSize	`0xd4`
VirtualAddress	`0x2ea000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2cba00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.03916`

.reloc

MD5	`f9c322b6c7bf246251b025a94edf94d2`
SHA1	`997d7cbf2b1678f84e041c580bcc134a307fd6f2`
SHA256	`ec70149bf5b7e0d3b1d67c8a33c23cc472ff4ceae5d6707720906064c7aecffb`
SHA3	`9e169cba908686e7742ce5f8f389a8999b715d31307e0aa90b29232e1284a953`
VirtualSize	`0x45d4`
VirtualAddress	`0x2eb000`
SizeOfRawData	`0x4600`
PointerToRawData	`0x2cbc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.45585`

Imports

KERNEL32.dll	`CloseHandle` `CompareStringW` `CreateFileW` `DeleteCriticalSection` `EncodePointer` `EnterCriticalSection` `ExitProcess` `FindClose` `FindFirstFileExW` `FindNextFileW` `FlushFileBuffers` `FreeEnvironmentStringsW` `FreeLibrary` `GetACP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `GetConsoleCP` `GetConsoleMode` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThreadId` `GetEnvironmentStringsW` `GetFileType` `GetLastError` `GetModuleFileNameW` `GetModuleHandleExW` `GetModuleHandleW` `GetOEMCP` `GetProcAddress` `GetProcessHeap` `GetStartupInfoW` `GetStdHandle` `GetStringTypeW` `GetSystemTimeAsFileTime` `HeapAlloc` `HeapFree` `HeapQueryInformation` `HeapReAlloc` `HeapSize` `InitializeCriticalSection` `InitializeCriticalSectionAndSpinCount` `InitializeSListHead` `InterlockedFlushSList` `IsDebuggerPresent` `IsProcessorFeaturePresent` `IsValidCodePage` `LCMapStringW` `LeaveCriticalSection` `LoadLibraryExW` `MultiByteToWideChar` `OutputDebugStringA` `QueryPerformanceCounter` `RaiseException` `ReadConsoleW` `ReadFile` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlPcToFileHeader` `RtlUnwindEx` `RtlVirtualUnwind` `SetEndOfFile` `SetEnvironmentVariableW` `SetFilePointerEx` `SetLastError` `SetStdHandle` `SetUnhandledExceptionFilter` `TerminateProcess` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `UnhandledExceptionFilter` `WideCharToMultiByte` `WriteConsoleW` `WriteFile`

Delayed Imports

OSMesaColorClamp

Ordinal	`1`
Address	`0x4ff6`

OSMesaCreateContext

Ordinal	`2`
Address	`0x44d4`

OSMesaCreateContextExt

Ordinal	`3`
Address	`0x44f8`

OSMesaDestroyContext

Ordinal	`4`
Address	`0x4aea`

OSMesaGetColorBuffer

Ordinal	`5`
Address	`0x4f5a`

OSMesaGetCurrentContext

Ordinal	`6`
Address	`0x4d4b`

OSMesaGetDepthBuffer

Ordinal	`7`
Address	`0x4ef8`

OSMesaGetIntegerv

Ordinal	`8`
Address	`0x4e3c`

OSMesaGetProcAddress

Ordinal	`9`
Address	`0x4fac`

OSMesaMakeCurrent

Ordinal	`10`
Address	`0x4b77`

OSMesaPixelStore

Ordinal	`11`
Address	`0x4d50`

glAreTexturesResidentEXT

Ordinal	`12`
Address	`0x501e`

glDeleteTexturesEXT

Ordinal	`13`
Address	`0x5057`

glGenTexturesEXT

Ordinal	`14`
Address	`0x5088`

glGetColorTableEXT

Ordinal	`15`
Address	`0x50df`

glGetColorTableParameterfvEXT

Ordinal	`16`
Address	`0x511e`

glGetColorTableParameterivEXT

Ordinal	`17`
Address	`0x5155`

glIsTextureEXT

Ordinal	`18`
Address	`0x50b9`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2019-Apr-24 22:18:38
Version	`0.0`
SizeofData	`67`
AddressOfRawData	`0x2b5a58`
PointerToRawData	`0x2b4858`
Referenced File	C:\projects\src\out\Default\osmesa.dll.pdb

TLS Callbacks

Load Configuration

Size	`0x100`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1802bb100`

RICH Header

Errors

[*] Warning: 1 invalid export(s) not shown.