Manalyze report for dd98a43cb27efd5bcc29efb23fdd6ca5

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2018-Jan-23 09:34:48

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	Interesting strings found in the binary:	`Contains domain names: http://luajit.org luajit.org`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Safe	VirusTotal score: 0/72 (Scanned on 2024-04-01 16:35:05)	`All the AVs think this file is safe.`

Hashes

MD5	`dd98a43cb27efd5bcc29efb23fdd6ca5`
SHA1	`38f621f3f0df5764938015b56ecfa54948dde8f5`
SHA256	`1cf20b8449ea84c684822a5e8ab3672213072db8267061537d1ce4ec2c30c42a`
SHA3	`794f4f6dbada8e9d0fb4abdd779adf165d58fb9fd21a831bfc8d1f04e1563ed8`
SSDeep	`1536:Ee7h7q/J6K3nHC+AGUob2f0DBFPbPWNPWp350NHcHkDsWqxcd2ZPSAv:Ee7oU8HC+AGUu2abPbPWQpO8E0A2tSA`
Imports Hash	`d0264e200554ef617c521261fe8fe2a4`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2018-Jan-23 09:34:48
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0xe400`
SizeOfInitializedData	`0x8600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000027CB (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x10000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x1a000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b97c392d098eadbc9c95c4f161db9c43`
SHA1	`fa0846fe2854b7654a9932827c2fecfe330cf9a4`
SHA256	`e2daa4862a712188cf543deb43f55113c7a328284195d6761959e22a117409fb`
SHA3	`19f80bdc4bacdcfa86f8f47335ec2bde52a377ab012e4498181d59ccf7b7241a`
VirtualSize	`0xe3d7`
VirtualAddress	`0x1000`
SizeOfRawData	`0xe400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.60555`

.rdata

MD5	`211de0d3d62de464b374c5fcd37b70a9`
SHA1	`7369212a2e7fcd889f7c689c775e3b095d343e88`
SHA256	`2152b5379303729ae08c7c19ec0defae4aa33818cb6b73855a749d2d7fea04ac`
SHA3	`ec1cf903efa0379c2711e902a754a4fa383962b8e2e7dd42dc76c88ffeadc3fa`
VirtualSize	`0x5f5e`
VirtualAddress	`0x10000`
SizeOfRawData	`0x6000`
PointerToRawData	`0xe800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.95243`

.data

MD5	`6dbfd5c750ae4db7bd40b894c4f30c74`
SHA1	`a1dd3e13e8cd6141bc28439a74004673a45d5475`
SHA256	`a4c506ba3df546db43834da69a4adc79e776eac8f57be57228d37de34613d9e1`
SHA3	`1c63002ca094cf045e4a52aa4ec84a1db5f5462110e6fd57eb785f8426170b91`
VirtualSize	`0x12e0`
VirtualAddress	`0x16000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x14800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.84429`

.reloc

MD5	`2ef1d0ccaa35ae861a0151c39039e435`
SHA1	`99f6f3c57a0d0911db5d85c8b5daef5da5abfcaa`
SHA256	`851cfd0435ffb7273ae4b007bd4776be65817a9ed4d0f015aa7e28e4d958e39f`
SHA3	`486288a6ae0eedc0d9a18958d3a5e59e70af9c20d1c5ccf94835b3c6b9cc9256`
VirtualSize	`0x1054`
VirtualAddress	`0x18000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x15200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.31764`

Imports

lua51.dll	`lua_gettop` `luaJIT_version_2_1_0_beta3` `luaL_openlibs` `luaL_traceback` `luaL_newstate` `luaL_loadbuffer` `luaL_loadfile` `luaL_where` `luaL_callmeta` `lua_sethook` `lua_concat` `lua_error` `lua_gc` `lua_cpcall` `lua_pcall` `lua_call` `lua_rawseti` `lua_setfield` `lua_createtable` `lua_rawgeti` `lua_getfield` `lua_gettable` `lua_pushboolean` `lua_pushcclosure` `lua_pushfstring` `lua_pushstring` `lua_pushlstring` `lua_pushnil` `lua_objlen` `lua_tolstring` `lua_toboolean` `lua_type` `lua_isstring` `lua_insert` `lua_remove` `lua_pushvalue` `lua_settop` `lua_close`
KERNEL32.dll	`TlsAlloc` `DecodePointer` `ReadConsoleW` `ReadFile` `WriteConsoleW` `CreateFileW` `CloseHandle` `HeapReAlloc` `HeapSize` `SetFilePointerEx` `GetProcessHeap` `GetStringTypeW` `SetStdHandle` `SetEnvironmentVariableA` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCPInfo` `GetOEMCP` `IsValidCodePage` `FindNextFileA` `FindFirstFileExA` `FindClose` `GetConsoleMode` `GetConsoleCP` `FlushFileBuffers` `GetFileType` `LCMapStringW` `CompareStringW` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `GetStartupInfoW` `GetModuleHandleW` `RtlUnwind` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `RaiseException` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `SetConsoleCtrlHandler` `GetStdHandle` `WriteFile` `GetModuleFileNameA` `MultiByteToWideChar` `WideCharToMultiByte` `ExitProcess` `GetModuleHandleExW` `GetCommandLineA` `GetCommandLineW` `GetACP` `HeapFree` `HeapAlloc`

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2018-Jan-23 09:34:48
Version	`0.0`
SizeofData	`616`
AddressOfRawData	`0x14eec`
PointerToRawData	`0x136ec`

TLS Callbacks

Load Configuration

Size	`0xa0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x416004`
SEHandlerTable	`0x414ee0`
SEHandlerCount	`3`

RICH Header

XOR Key	`0xf7e397b1`
Unmarked objects	`0`
ASM objects (VS2017 v15.?.? build 25203)	`10`
C++ objects (VS2017 v15.?.? build 25203)	`139`
C objects (VS2017 v15.?.? build 25203)	`18`
Imports (VS2017 v15.?.? build 25203)	`2`
ASM objects (VS2015/2017 runtime 25810)	`18`
C++ objects (VS2015/2017 runtime 25810)	`29`
C objects (VS2015/2017 runtime 25810)	`17`
Imports (VS2017 v15.5.3-4 build 25834)	`3`
Total imports	`122`
C objects (VS2017 v15.5.3-4 build 25834)	`1`
Linker (VS2017 v15.5.3-4 build 25834)	`1`

dd98a43cb27efd5bcc29efb23fdd6ca5

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.reloc

Imports

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors