Manalyze report for d6c48c5cfa18451b5959b84ddb9ff0c9edebc91e3420d4e99546555b5900f811

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2024-Mar-13 12:10:25
Detected languages	English - United States
Debug artifacts	C:\Users\HAKAN\source\repos\HALIC_V.0.7\x64\Release\HALIC_ENCODE_V.0.7.0.pdb

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: gmail.com`
Suspicious	The PE is possibly packed.	`Unusual section name found: .retplne`
Malicious	VirusTotal score: 3/71 (Scanned on 2025-01-28 20:16:07)	`MaxSecure: Trojan.Malware.238931564.susgen` `Trapmine: suspicious.low.ml.score` `alibabacloud: Trojan`

Hashes

MD5	`529c2adfec885051428b708d4be0f22b`
SHA1	`8f0b8243452ad0b784146c6100865f5c61e63d35`
SHA256	`d6c48c5cfa18451b5959b84ddb9ff0c9edebc91e3420d4e99546555b5900f811`
SHA3	`fd941d6c831c27addfa73bda5a32760888db8467cb364cdc728fc92787a9efb9`
SSDeep	`1536:FnhRTHIXJpm7vj2h+qiBJnNJ8qUAW6XHDBRczVSl9SRAe03HQI3m:FPDIXi7Ch+dUAW6XHDBsVSl90A53w`
Imports Hash	`64679405d697d8160188fb28d524f6e5`

DOS Header

e_magic	`MZ`
e_cblp	`0x78`
e_cp	`0x1`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0`
e_ss	`0`
e_sp	`0`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x78`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`9`
TimeDateStamp	2024-Mar-13 12:10:25
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x13a00`
SizeOfInitializedData	`0x5a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000012770 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x22000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x4000000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`dcf29c55bd597810348db0704e34e6a0`
SHA1	`002474926f4245e472fa7694289639729568aadd`
SHA256	`d7e989ad49553285a50463a321d9048101b0836657567c9238844893247b3684`
SHA3	`06ada318efea9aa287f1a55df4a42d0375db9d9253725f49c270bc47dfb20130`
VirtualSize	`0x13916`
VirtualAddress	`0x1000`
SizeOfRawData	`0x13a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.93006`

.rdata

MD5	`1b27e23526ea8fb7feef5b7a74d7b691`
SHA1	`75f900901dd38254c94d7284dd3ec71579ce34e7`
SHA256	`633d81720a96fcaa7b9cf58f219aada38421f560d1283e0cfbe66d72956222f4`
SHA3	`41d53de69578d873cbd103009005287df3aec5ab6e05a52eff0b01d974dc7288`
VirtualSize	`0x376c`
VirtualAddress	`0x15000`
SizeOfRawData	`0x3800`
PointerToRawData	`0x13e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.85374`

.data

MD5	`b747579630233866e26a641968dc39ad`
SHA1	`a4cdb0ed59a2537e75ce0c114682dfe73aec431a`
SHA256	`76f00849b0e09e8d7196dee84ee8c0b1b15036c6c5f40933ab30d1b0e450dbad`
SHA3	`f6c6212e561358bfc434e0270e584a9946edb5eeaa5831509476e05211b1f6e0`
VirtualSize	`0x1380`
VirtualAddress	`0x19000`
SizeOfRawData	`0x200`
PointerToRawData	`0x17600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.16608`

.pdata

MD5	`f759ffc0f14da458e8b89ef98e5259c9`
SHA1	`70d17e96dffef74f99a1b19b34f76423c223ddf7`
SHA256	`866df5e47a1e7e34328352433a49730bf8631f0591d0ce882e8fde180d32dd21`
SHA3	`fd95e7845252ee8de21266ebd0528eb136b66146e0ba17fee7bbab98986f546b`
VirtualSize	`0x3c0`
VirtualAddress	`0x1b000`
SizeOfRawData	`0x400`
PointerToRawData	`0x17800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.42113`

.00cfg

MD5	`a9c8c17e8ebc730b8a8acf9cc4d12988`
SHA1	`61d5e25233f7b8b21473559d359baf514765b3b3`
SHA256	`452b3581b89a158d981b8d5b2ec0c7122ef4eac3a0c4e6ff4da835815fd3ced1`
SHA3	`44d9f02e5175935d50f9b002bfb36a38082f62c218ef5e5167e3f37cba12352b`
VirtualSize	`0x38`
VirtualAddress	`0x1c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x17c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.433566`

.retplne

MD5	`8ba86516d84cef220ecd4ff8550b6df0`
SHA1	`2ff3d6e10c4312fc7ed54d1d1b6cad938711bd4a`
SHA256	`1254c61e63f786c1e16364cfa840c08b86aafb9c3c0202648e0f66171ab06c56`
SHA3	`7daa631390569584519bbf77fd46b261ebebb8e4131414d0212a0c069fb5fd58`
VirtualSize	`0x5c`
VirtualAddress	`0x1d000`
SizeOfRawData	`0x200`
PointerToRawData	`0x17e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`(EMPTY)`
Entropy	`0.845849`

_RDATA

MD5	`ee1fc02d7d7f995077bdaee888cf4c22`
SHA1	`97479fd9e2b07406e4b9d06b896908d2e25af5c7`
SHA256	`cd4b39d2e187241ddef2f2e5a8e74396836e42d91e0a6c3c2adf14fd24c40c2f`
SHA3	`bc4fdf880cf4f0445d58ae5f02ac4926d246b61cee7242e65023216aee4b6f8e`
VirtualSize	`0x1200`
VirtualAddress	`0x1e000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x18000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.56226`

.rsrc

MD5	`8e9e29e2779c071c36c9e37bcbebfe92`
SHA1	`ddc3deaa344fa367490078d299fcd80783378220`
SHA256	`8c44e6a4048c863e2fbb74b8f6313afe910134553713d91689a927549f797043`
SHA3	`e16d124872b7ea542c777d4225c873d7a44fa925b18b3cfe38859fb8990e2ae3`
VirtualSize	`0x1a8`
VirtualAddress	`0x20000`
SizeOfRawData	`0x200`
PointerToRawData	`0x19200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.16624`

.reloc

MD5	`f2a5f6b9f1e5d12efc001ee5bbadcd29`
SHA1	`491757c84bcb13ead469711024703f9b9044053c`
SHA256	`228fa9f713e33b98626bdf84965a3a02418742eb7374a0f4d6405dfdc3f15d9a`
SHA3	`38867fd5ea2a7f0557c66ddde9c7385cf98ac0c61bbc13a632ea8e7cbaa846bc`
VirtualSize	`0x580`
VirtualAddress	`0x21000`
SizeOfRawData	`0x600`
PointerToRawData	`0x19400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.22547`

Imports

MSVCP140.dll	`?_Xinvalid_argument@std@@YAXPEBD@Z` `?_Xlength_error@std@@YAXPEBD@Z` `?_Xout_of_range@std@@YAXPEBD@Z`
KERNEL32.dll	`FormatMessageA` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThreadId` `GetModuleHandleW` `GetSystemTimeAsFileTime` `GetThreadLocale` `InitializeSListHead` `IsDebuggerPresent` `IsProcessorFeaturePresent` `LoadLibraryExA` `LocalFree` `QueryPerformanceCounter` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `SetUnhandledExceptionFilter` `TerminateProcess` `UnhandledExceptionFilter`
VCRUNTIME140.dll	`_CxxThrowException` `__C_specific_handler` `__CxxFrameHandler3` `__current_exception` `__current_exception_context` `__std_exception_copy` `__std_exception_destroy` `memchr` `memcpy` `memmove` `memset`
api-ms-win-crt-stdio-l1-1-0.dll	`__acrt_iob_func` `__p__commode` `__stdio_common_vfprintf` `__stdio_common_vsprintf` `_set_fmode` `fclose` `fopen_s` `fread` `fseek` `fwrite` `puts`
api-ms-win-crt-runtime-l1-1-0.dll	`__p___argc` `__p___argv` `_c_exit` `_cexit` `_configure_narrow_argv` `_crt_atexit` `_errno` `_exit` `_get_initial_narrow_environment` `_initialize_narrow_environment` `_initialize_onexit_table` `_initterm` `_initterm_e` `_invalid_parameter_noinfo_noreturn` `_register_onexit_function` `_register_thread_local_exe_atexit_callback` `_seh_filter_exe` `_set_app_type` `exit` `terminate`
api-ms-win-crt-heap-l1-1-0.dll	`_callnewh` `_set_new_mode` `free` `malloc`
api-ms-win-crt-convert-l1-1-0.dll	`strtol`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-string-l1-1-0.dll	`strlen` `strncpy`
api-ms-win-crt-environment-l1-1-0.dll	`getenv`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x143`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.71208`
MD5	`9ce8c70178061cc4cf4a6bb1e291df93`
SHA1	`dc9804dd3aa348fb0c05f53c53c698518af514a0`
SHA256	`6f88bc7cb02ccb2dbc26b5f4ce53e355b331e31bb920b2ba8cbbcd1b5d4cd5a0`
SHA3	`9492809889cb617928395fd8b46fc6dd11eeb9b1101175bd478b7c4ca5bc10e1`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2024-Mar-13 12:10:25
Version	`0.0`
SizeofData	`101`
AddressOfRawData	`0x1742c`
PointerToRawData	`0x1622c`
Referenced File	C:\Users\HAKAN\source\repos\HALIC_V.0.7\x64\Release\HALIC_ENCODE_V.0.7.0.pdb

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140019040`

RICH Header

Errors

Leave a comment

No comments yet.