Manalyzer :: ce57b43949fd16826902cb8f365a05f7

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2002-Jul-02 13:32:11

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++` `Microsoft Visual C++ v6.0` `Microsoft Visual C++ v5.0/v6.0 (MFC)`
Suspicious	The PE contains functions most legitimate programs don't use.	`Changes object ACLs: SetFileSecurityA`
Suspicious	VirusTotal score: 1/71 (Scanned on 2020-07-17 18:47:43)	`MaxSecure: Trojan.Malware.300983.susgen`

Hashes

MD5	`ce57b43949fd16826902cb8f365a05f7`
SHA1	`2d1df2186071f6f7a55db8b636e3db46d73024bb`
SHA256	`42ad5e016768b9d3be10bea15618a6236fcb5059c6a9e6e95ec8852d07370ebf`
SHA3	`18d40c8bb09f3f55a82844aa1c5d28405a9cf297778b5777336f726276da1418`
SSDeep	`48:CrhCDZavKZkJXa+T5AK3Gpze45Gtboyl1rtDM1D29H:s+PZSaqAaGlYtboynrtM`
Imports Hash	`a0bb04cf10fb27cb6cceb1e387c8bac8`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2002-Jul-02 13:32:11
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x1000`
SizeOfInitializedData	`0x2000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001460 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x2000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x4000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`2b4947dc132c5d457f781af8c125e075`
SHA1	`5aa669bc6a732b52a6fd9673020dc25dadfa7385`
SHA256	`fd149778fcbd5014a5591b753bdeefda0683b933948f7d43aca50c7e4be2d9d1`
SHA3	`68e916b502cfb81fe1536ad281b41b8b394747be0075d14d05e5fb879541682d`
VirtualSize	`0x5ec`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`2.96524`

.rdata

MD5	`f471ebeb19cc73584c9c56bb19d22653`
SHA1	`3c7a8473cb49d724fd21d4d0f325e922dd1f8234`
SHA256	`f4dfc9c9851bdfedac5fbda2fc0d4d5b55f905bc9babce0f210b37e295b85f52`
SHA3	`f5a6d40228a56991552f76c6cdda104587c6a1f898249f82b08a5b0652f71743`
VirtualSize	`0x3de`
VirtualAddress	`0x2000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x2000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.61745`

.data

MD5	`dcc91aabdd7666109f5bd9e8825965e5`
SHA1	`b968b8c4a76926bdbcc4f1d9137579c7605ff615`
SHA256	`d0a7efab9614939eacf6500dbaa039916ca36b153fe9420adf647397c74a02f6`
SHA3	`2870215c638c37e7a15d2d5824148e3d75826adce483f273328cd46babd4f84e`
VirtualSize	`0x368`
VirtualAddress	`0x3000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x3000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0290454`

Imports

MSVCRT.dll	`__set_app_type` `_controlfp` `_except_handler3` `_exit` `__p__fmode` `__p__commode` `_adjust_fdiv` `__setusermatherr` `_initterm` `__getmainargs` `_acmdln` `exit` `_XcptFilter`
KERNEL32.dll	`GlobalUnlock` `GlobalLock` `GlobalAlloc` `GlobalFree` `GetModuleHandleA` `GetStartupInfoA`
ADVAPI32.dll	`GetAclInformation` `GetUserNameA` `LookupAccountNameA` `GetFileSecurityA` `InitializeSecurityDescriptor` `GetSecurityDescriptorDacl` `SetFileSecurityA` `GetLengthSid` `InitializeAcl` `AddAce` `GetAce` `AddAccessAllowedAce` `SetSecurityDescriptorDacl` `IsValidSecurityDescriptor`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xdb1ae8bb`
Unmarked objects	`0`
19 (8034)	`4`
C objects (8047)	`11`
14 (7299)	`1`
Total imports	`35`
Linker (8047)	`3`
C++ objects (8569)	`2`
C++ objects (VC++ 6.0 SP5 build 8804)	`2`

Errors

<-- -->