Manalyze report for dc31c9d3aa68397379c8466874c3b7b1

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2021-May-09 11:46:22

Plugin Output

Suspicious	The PE is possibly packed.	`The PE only has 0 import(s).`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`dc31c9d3aa68397379c8466874c3b7b1`
SHA1	`1527819f23ba3d3e25ca9c5e9cf171f1fff85b92`
SHA256	`9acdbf27c4eea6bdf11aec57d34f57077dea36985e4e63f95424a5ac85bf5e72`
SHA3	`a75a8c6a56e22456a4ad1f600e8b7e89962d465bc0dd56b6eaa31af6758c001c`
SSDeep	`192:Yno5BaquOqc1stouxaGcOPBhR7rCwp9/fXPwo5f9bspM3yaY4gXsiRbtz0GmNRZw:zva9OpqPaG3phNV9/fXP55fhsS3yaY4a`
Imports Hash	`d41d8cd98f00b204e9800998ecf8427e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x120`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2021-May-09 11:46:22
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x33200`
SizeOfInitializedData	`0x1b600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000011490 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x55000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x33068`
VirtualAddress	`0x1000`
SizeOfRawData	`0x33200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`0`

.rdata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x16280`
VirtualAddress	`0x35000`
SizeOfRawData	`0x16400`
PointerToRawData	`0x33600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0`

.data

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x2ae4`
VirtualAddress	`0x4c000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x49a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.pdata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x2b98`
VirtualAddress	`0x4f000`
SizeOfRawData	`0x2c00`
PointerToRawData	`0x4ae00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0`

_RDATA

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xf4`
VirtualAddress	`0x52000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4da00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0`

.rsrc

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x520`
VirtualAddress	`0x53000`
SizeOfRawData	`0x600`
PointerToRawData	`0x4dc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0`

.reloc

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x984`
VirtualAddress	`0x54000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x4e200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0`

Imports

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x639f76a`
Unmarked objects	`0`
ASM objects (27412)	`10`
C objects (27412)	`19`
C++ objects (27412)	`184`
253 (28518)	`1`
C objects (VS2019 Update 9 (16.9.2-3) compiler 29913)	`16`
ASM objects (VS2019 Update 9 (16.9.2-3) compiler 29913)	`10`
C++ objects (VS2019 Update 9 (16.9.2-3) compiler 29913)	`72`
Imports (27412)	`17`
Total imports	`202`
ASM objects (VS2019 Update 9 (16.9.4) compiler 29914)	`1`
265 (VS2019 Update 9 (16.9.4) compiler 29914)	`12`
Exports (VS2019 Update 9 (16.9.4) compiler 29914)	`1`
Resource objects (VS2019 Update 9 (16.9.4) compiler 29914)	`1`
Linker (VS2019 Update 9 (16.9.4) compiler 29914)	`1`

Errors

[!] Error: Could not read the IMAGE_IMPORT_DESCRIPTOR.
[!] Error: Could not read the IMAGE_EXPORT_DIRECTORY.
[!] Error: Could not read an IMAGE_RESOURCE_DIRECTORY.
[!] Error: Could not read the DEBUG_DIRECTORY_ENTRY
[!] Error: Could not read an IMAGE_BASE_RELOCATION!
[!] Error: Could not read the IMAGE_TLS_DIRECTORY.
[*] Warning: Error while reading the IMAGE_LOAD_CONFIG_DIRECTORY!
[*] Warning: Section .text is larger than the executable!
[*] Warning: Section .text is larger than the executable!
[*] Warning: Section .rdata is larger than the executable!
[*] Warning: Section .rdata is larger than the executable!
[*] Warning: Section .data is larger than the executable!
[*] Warning: Section .data is larger than the executable!
[*] Warning: Section .pdata is larger than the executable!
[*] Warning: Section .pdata is larger than the executable!
[*] Warning: Section _RDATA is larger than the executable!
[*] Warning: Section _RDATA is larger than the executable!
[*] Warning: Section .rsrc is larger than the executable!
[*] Warning: Section .rsrc is larger than the executable!
[*] Warning: Section .reloc is larger than the executable!
[*] Warning: Section .reloc is larger than the executable!
[*] Warning: Section .text is larger than the executable!
[*] Warning: Section .rdata is larger than the executable!
[*] Warning: Section .data is larger than the executable!
[*] Warning: Section .pdata is larger than the executable!
[*] Warning: Section _RDATA is larger than the executable!
[*] Warning: Section .rsrc is larger than the executable!
[*] Warning: Section .reloc is larger than the executable!