Manalyze report for de38efc712e94efbf9a84ffb71c7052f8c7eb1e4142c8cc7b2eeedbd79bc4bca

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Apr-04 18:53:43
Detected languages	English - United States
Comments	Based on PSFTP command-line program by Simon Tatham.
FileDescription	SFTP library for HTTP Downloader
FileVersion	`0.74`
InternalName	psftp
LegalCopyright	Copyright Â© 2021 Eric Kutcher
OriginalFilename	psftp.dll
ProductName	psftp
ProductVersion	`0.74`

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Info	Interesting strings found in the binary:	`Contains domain names: libssh.org lysator.liu.se openssh.com projects.tartarus.org putty.projects.tartarus.org tartarus.org`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses constants related to Blowfish` `Uses known Diffie-Helman primes` `Microsoft's Cryptography API`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryExA GetProcAddress LoadLibraryA` `Can access the registry: RegOpenKeyA RegQueryValueExA RegCloseKey` `Uses Microsoft's cryptographic API: CryptAcquireContextA CryptGenRandom CryptReleaseContext`
Safe	VirusTotal score: 0/71 (Scanned on 2025-10-18 09:18:06)	`All the AVs think this file is safe.`

Hashes

MD5	`11800b982e3812f6019733491477ee68`
SHA1	`93783b910389a12952f3e517775d9e353bd41b1c`
SHA256	`de38efc712e94efbf9a84ffb71c7052f8c7eb1e4142c8cc7b2eeedbd79bc4bca`
SHA3	`10ff64e91a97ca516fcc7b75739b40c3af9fb680d70ea6742cc795b910e59906`
SSDeep	`6144:iN50cwBh8+jcu07adCWHEn7hRpnEZtb/LKqqD2sX9pU2:PcwLwurdCWHEnrpEt3qdNp`
Imports Hash	`c50c4c7977f5a2bbd5cde74e324345a8`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2021-Apr-04 18:53:43
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x30a00`
SizeOfInitializedData	`0x10200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000030FB0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x44000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a11b3611224bb98f54161af055a24c3b`
SHA1	`6a70db9eed10f0b099172eef9183ca1528ff2611`
SHA256	`a7e79ba9a694ae906fbd868dab81620d9720899523aeee48d94f2e1cae9638a3`
SHA3	`1cf153d2d984877b2d9302f9843888ff586ce1e0db13bec1caf4bc7918c63fcb`
VirtualSize	`0x30948`
VirtualAddress	`0x1000`
SizeOfRawData	`0x30a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.33783`

.rdata

MD5	`831e9ee762da68ed92352a3568f9803f`
SHA1	`9e71398c476bcfe854e3964edafc72c72bd4ec21`
SHA256	`ce213fa189ab7cce9f1102503177295484129f179c9d8c593cc8fecd757e89ed`
SHA3	`74005f10c65ae35f0b49c6cec17724ced36ebdcd74f9a0693e17fcfe54674087`
VirtualSize	`0xb920`
VirtualAddress	`0x32000`
SizeOfRawData	`0xba00`
PointerToRawData	`0x30e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.19754`

.data

MD5	`b9c048e233119c84c9c7c2fdd8b4d9a9`
SHA1	`63fbbb18cc98ae6e1df0d6216001556b86dd2a6a`
SHA256	`fdb255bfab07d5d3fccf3a4da12e81313469820491e3877763fe8dbff8ca2ee7`
SHA3	`5d4a7c5b0512823ddca195e5c37c00e01c1178949902b2f0ab541c9b0a174146`
VirtualSize	`0x980`
VirtualAddress	`0x3e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3c800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.05025`

.pdata

MD5	`b846e1d493f0bfc453e785fd7486a854`
SHA1	`ab1d6e0405e76255f90a8ba9e4accbc434eafae4`
SHA256	`9a1d9ebda0686d88f920fda9bed5ce9bcc622975419ed31eff3dae524f72c541`
SHA3	`07a6f239c16a1cb53f01f3cc7f2320221bef08df40e98eb9004a9cb0bdf39d2d`
VirtualSize	`0x2f34`
VirtualAddress	`0x3f000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x3ca00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.34814`

.rsrc

MD5	`0ca67a2156eb63cf346a90c532d495d2`
SHA1	`700b1cf2a0c9ddb865aadcb8d55b3f719e81a236`
SHA256	`6fcefdedeb13ef34e93e3bdcff4d8da54fd6325619322cfdae99eb0921d30013`
SHA3	`74c1f60afcbfa5ed708274d88601663c334201ba7aef6f98cd70a18664be69f1`
VirtualSize	`0x540`
VirtualAddress	`0x42000`
SizeOfRawData	`0x600`
PointerToRawData	`0x3fa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.78993`

.reloc

MD5	`2326cafe81c2645d82063ed6d41681bd`
SHA1	`5b4867b0264ed4b1852b81cda49deaa5006947c9`
SHA256	`bfa2c555c79f7d4283a9872db245f0f64660a70edf0d0cdb37f1fefd5efe3b99`
SHA3	`db4e08d7173dbefb02edf53e7f5c7e111b1ca470ef3245c4bcabaec7c43303d7`
VirtualSize	`0x61c`
VirtualAddress	`0x43000`
SizeOfRawData	`0x800`
PointerToRawData	`0x40000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.79247`

Imports

KERNEL32.dll	`GlobalFree` `GlobalReAlloc` `MultiByteToWideChar` `GetCurrentProcess` `GetCurrentThread` `GetCurrentProcessId` `GetThreadTimes` `GlobalMemoryStatus` `GetProcessTimes` `LoadLibraryExA` `LocalFileTimeToFileTime` `GetProcAddress` `FreeLibrary` `GlobalAlloc` `GetSystemDirectoryA` `LoadLibraryA` `QueryPerformanceCounter` `TerminateProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `GetCurrentThreadId` `GetTickCount` `WideCharToMultiByte` `DeleteCriticalSection` `InitializeCriticalSection` `LeaveCriticalSection` `GetSystemTimeAsFileTime` `EnterCriticalSection` `InitializeSListHead` `IsDebuggerPresent` `IsProcessorFeaturePresent`
USER32.dll	`GetCapture` `GetClipboardOwner` `GetCursorPos` `GetForegroundWindow` `GetQueueStatus`
ADVAPI32.dll	`RegOpenKeyA` `RegQueryValueExA` `CryptAcquireContextA` `CryptGenRandom` `CryptReleaseContext` `RegCloseKey`
VCRUNTIME140.dll	`__std_type_info_destroy_list` `memmove` `memcpy` `memset` `wcschr` `strchr` `memcmp` `strstr` `memchr` `__C_specific_handler`
api-ms-win-crt-runtime-l1-1-0.dll	`_initterm` `_initterm_e` `_seh_filter_dll` `_configure_narrow_argv` `_initialize_narrow_environment` `_initialize_onexit_table` `_execute_onexit_table` `_cexit`
api-ms-win-crt-stdio-l1-1-0.dll	`fgetc` `fclose` `fopen` `fread` `rewind` `ungetc` `__stdio_common_vsprintf` `fgets`
api-ms-win-crt-time-l1-1-0.dll	`_difftime64` `_time64`
api-ms-win-crt-convert-l1-1-0.dll	`strtoul`
api-ms-win-crt-string-l1-1-0.dll	`strcspn` `strncmp` `strspn` `strcmp`

Delayed Imports

SFTP_BackendClose

Ordinal	`1`
Address	`0x4520`

SFTP_BackendFree

Ordinal	`2`
Address	`0x3b00`

SFTP_CheckBackendStatus

Ordinal	`3`
Address	`0x44e0`

SFTP_CheckCallbackStatus

Ordinal	`4`
Address	`0x3db0`

SFTP_CheckCallbacks

Ordinal	`5`
Address	`0x3b30`

SFTP_CheckInitStatus

Ordinal	`6`
Address	`0x3c90`

SFTP_CreateSSHHandle

Ordinal	`7`
Address	`0x3690`

SFTP_DownloadCleanupPacket

Ordinal	`8`
Address	`0x43f0`

SFTP_DownloadCleanupTransfer

Ordinal	`9`
Address	`0x44a0`

SFTP_DownloadClose

Ordinal	`10`
Address	`0x4390`

SFTP_DownloadData

Ordinal	`11`
Address	`0x42e0`

SFTP_DownloadInit

Ordinal	`12`
Address	`0x4220`

SFTP_DownloadPrepareData

Ordinal	`13`
Address	`0x4270`

SFTP_DownloadQueue

Ordinal	`14`
Address	`0x4350`

SFTP_FreeDownloadData

Ordinal	`15`
Address	`0x4300`

SFTP_FreeSSHHandle

Ordinal	`16`
Address	`0x3b00`

SFTP_GetAttributes

Ordinal	`17`
Address	`0x4050`

SFTP_GetHandle

Ordinal	`18`
Address	`0x4150`

SFTP_GetKeyInfo

Ordinal	`19`
Address	`0x3b70`

SFTP_GetPacketInfo

Ordinal	`20`
Address	`0x3e70`

SFTP_GetRequestPacket

Ordinal	`21`
Address	`0x3de0`

SFTP_GetRequestPacketType

Ordinal	`22`
Address	`0x3f80`

SFTP_GetStatus

Ordinal	`23`
Address	`0x3d90`

SFTP_InitGSSAPI

Ordinal	`24`
Address	`0x3530`

SFTP_InitSendVersion

Ordinal	`25`
Address	`0x3cc0`

SFTP_IsDownloadDone

Ordinal	`26`
Address	`0x4310`

SFTP_PrepareRequestPacket

Ordinal	`27`
Address	`0x3f20`

SFTP_ProcessAttributes

Ordinal	`28`
Address	`0x4090`

SFTP_ProcessDownloadHandle

Ordinal	`29`
Address	`0x4190`

SFTP_ProcessGetRequestBuffer

Ordinal	`30`
Address	`0x3d10`

SFTP_ProcessVersion

Ordinal	`31`
Address	`0x3fe0`

SFTP_ProcessWriteRequest

Ordinal	`32`
Address	`0x3bb0`

SFTP_ResetPacketInfo

Ordinal	`33`
Address	`0x3ec0`

SFTP_RunCallbacks

Ordinal	`34`
Address	`0x3b50`

SFTP_SetAlgorithmPriorities

Ordinal	`35`
Address	`0x35c0`

SFTP_SetConfigInfo

Ordinal	`36`
Address	`0x3550`

SFTP_SetStatus

Ordinal	`37`
Address	`0x3da0`

SFTP_UninitGSSAPI

Ordinal	`38`
Address	`0x3540`

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x31c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.40901`
MD5	`f1f64161a2c3e7e54ad7bf3fcdee0540`
SHA1	`130b2a01c7b271972f5d31c94641d8954ae8a7a5`
SHA256	`10d1bf2865e74f9ffe286b467c83c8adb2b83f9bcf47c9bbfbac53a7b69ec555`
SHA3	`620407a9f396b0a3ca94e24b6fe0ca0cc845725bd3f1ca3dee247ffec62b022d`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.74.0.0
ProductVersion	0.74.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
Comments	Based on PSFTP command-line program by Simon Tatham.
FileDescription	SFTP library for HTTP Downloader
FileVersion (#2)	0.74
InternalName	psftp
LegalCopyright	Copyright Â© 2021 Eric Kutcher
OriginalFilename	psftp.dll
ProductName	psftp
ProductVersion (#2)	0.74

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2021-Apr-04 18:53:43
Version	`0.0`
SizeofData	`576`
AddressOfRawData	`0x3a100`
PointerToRawData	`0x38f00`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2021-Apr-04 18:53:43
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x18003e008`

RICH Header

XOR Key	`0xcebae372`
Unmarked objects	`0`
Imports (VS 2015/2017/2019 runtime 29804)	`2`
C++ objects (VS 2015/2017/2019 runtime 29804)	`11`
C objects (VS 2015/2017/2019 runtime 29804)	`8`
ASM objects (VS 2015/2017/2019 runtime 29804)	`3`
Imports (VS2008 SP1 build 30729)	`17`
Total imports	`98`
C++ objects (LTCG) (29912)	`73`
Exports (29912)	`1`
Resource objects (29912)	`1`
151	`1`
Linker (29912)	`1`

Errors

Leave a comment

No comments yet.