Manalyze report for d989c3d80204db9846e40c4e706c32dd

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2018-Feb-09 21:02:20

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`d989c3d80204db9846e40c4e706c32dd`
SHA1	`7d531ca4f509b0dd1672d1c277dbbf06f2445e33`
SHA256	`495156fa04a28abd0643d4045baf0387c676ec7da460f3c90b9a5d345c4df368`
SHA3	`7bc75244a4ab909306274e6aac374ad0dd0c7f8bffa0929fde45f1afad4ab55b`
SSDeep	`96:WMxAaVO0JiHTlnYqE39/mMcFrkMUSoqZA6NvZLz9zGc+RfMR78c2:W8IuqEtG7oqZnLzlGDR`
Imports Hash	`990910e85e08b8331472a894e81e1391`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xc8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`4`
TimeDateStamp	2018-Feb-09 21:02:20
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xe00`
SizeOfInitializedData	`0x1000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001000 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x5000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`51cc7ac466bddda96a93318d85a0f364`
SHA1	`6b619b749a9ea473fd22d2be0b689434c74f5457`
SHA256	`a081a3b0afbdb0048b8374fd923d453409602a16924acb124f0543786cd200a0`
SHA3	`6b8287499da3ce8674ed8207fd02f96404c581fc4bf887033acd6e66977715c0`
VirtualSize	`0xcd5`
VirtualAddress	`0x1000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.642`

.rdata

MD5	`d353852cae8c75f8254812f7d1efc57f`
SHA1	`9f3bd634670fed3601bc2297bde4b9c2d606e034`
SHA256	`b5b46429197cb23b2a45d3c5313414d80176ff517779497fb9a8fd0c484824d5`
SHA3	`8472589688179d8614bf2201ccbdad38afb9e94342b67af38bee396585352d4c`
VirtualSize	`0x418`
VirtualAddress	`0x2000`
SizeOfRawData	`0x600`
PointerToRawData	`0x1200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.28473`

.data

MD5	`942e9441b42db4e56bd9d1bab41382e0`
SHA1	`d93ae72774d0876a6b0f86c5604f1b167a308cc9`
SHA256	`bf7a89adfbae3891827fba353bb92a10097bcaec02566689714ad8bf9a6d613c`
SHA3	`eb6147667f2e681de3eac7a6597c5f28c3107e41d4ce169aec9c654922d51e65`
VirtualSize	`0x770`
VirtualAddress	`0x3000`
SizeOfRawData	`0x400`
PointerToRawData	`0x1800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.9037`

.pdata

MD5	`bcc41fb73da66e2056468b584489dd54`
SHA1	`67e246c7584f9df252b393f68be47e53adf9f8fc`
SHA256	`148354137704c33a33342f2f1384d62d31cdb3620bc7db6016fa4dbe38982d96`
SHA3	`4006af99fe8b29b91eecad3fbc37d3ccc400038a68506c95c179e0bae12323ef`
VirtualSize	`0x84`
VirtualAddress	`0x4000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.1646`

Imports

KERNEL32.dll	`GetCurrentProcess` `GetStdHandle` `WriteConsoleA` `VirtualAlloc` `TerminateProcess` `ReadConsoleA` `Sleep` `TerminateThread` `LoadLibraryA` `CloseHandle` `CreateThread` `GetProcAddress`

Delayed Imports

strncmp

Ordinal	`1`
Address	`0x1c1c`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2018-Feb-09 21:02:20
Version	`0.0`
SizeofData	`244`
AddressOfRawData	`0x20b8`
PointerToRawData	`0x12b8`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2018-Feb-09 21:02:20
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xa672a535`
Unmarked objects	`0`
Imports (VS2017 v15.?.? build 25203)	`3`
Total imports	`12`
265 (VS2017 v15.5.3-4 build 25834)	`1`
Exports (VS2017 v15.5.3-4 build 25834)	`1`
Linker (VS2017 v15.5.3-4 build 25834)	`1`

d989c3d80204db9846e40c4e706c32dd

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

Imports

Delayed Imports

strncmp

Version Info

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors