Manalyze report for e0777bb3744dfc974104b13818e4a56c

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Aug-14 07:58:56
Detected languages	English - United States
Debug artifacts	C:\Users\nishikigoi\Desktop\sqlite-mod\sqlite3.pdb
CompanyName	SQLite Development Team
FileDescription	SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine.
FileVersion	`3.29.0`
InternalName	sqlite3
LegalCopyright	http://www.sqlite.org/copyright.html
ProductName	SQLite
ProductVersion	`3.29.0`
SourceId	2019-07-10 17:32:03 fc82b73eaac8b36950e527f12c4b5dc1e147e6f4ad2217ae43ad82882a88bfa6

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryW LoadLibraryA LoadLibraryExW` `Can create temporary files: CreateFileA GetTempPathA CreateFileW GetTempPathW`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`e0777bb3744dfc974104b13818e4a56c`
SHA1	`a317db6761a1d63669e97fc715ba2d66a02259f3`
SHA256	`46dde5343cb45a69aa8d6f03f06b744063edaae17afcc01d08d696b64659c050`
SHA3	`84844b676c46f83d8f5647ffa9a92c37e2f4e3a5afce206f6d23b5f890827e04`
SSDeep	`24576:8sHhHWnJG9qgbp2ly2xmUYP5nnWJJNny4/ORC1dKnj8mpEnzVZWk0DB9QF:DHhI08+kyumZW/Lvy2WB9QF`
Imports Hash	`94a62b9d15ffda79e91f9664086e79ba`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`7`
TimeDateStamp	2019-Aug-14 07:58:56
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x150800`
SizeOfInitializedData	`0x2b400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00002F59 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x152000`
ImageBase	`0x10000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x181000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`57027cfde2433bab818c457b19960195`
SHA1	`dd3d635031afe6c0f584b9a889cc8e6127b88037`
SHA256	`915a16810b3ead0a8040fe1b8ca10feb1c79750ad5d455b8e0922f45e394a3a7`
SHA3	`3a8f876e8d5fee6ab04cf3a459c0b3d237f1706a565646e71bcbe061867dde79`
VirtualSize	`0x15072a`
VirtualAddress	`0x1000`
SizeOfRawData	`0x150800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.91707`

.rdata

MD5	`2e15363a17d1d5ea81833b26b710edd7`
SHA1	`8286a36949a7367043c8c13f9db846f6b8c8cd6b`
SHA256	`abfbd07b26d499ab624ee1645b20c63fb19f630479a22686d23f28df83cbf76b`
SHA3	`331820c94c5ef5d8ed1eb2ce5512ac0ae6d04d43f8d83b6ef760f079ffb20a8e`
VirtualSize	`0x1c79e`
VirtualAddress	`0x152000`
SizeOfRawData	`0x1c800`
PointerToRawData	`0x150c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.92807`

.data

MD5	`5907e90e3e8f1f82d43de16768618ecd`
SHA1	`c63b024da8ec2ad8e5b3434028516f750773335f`
SHA256	`d2ef6a50cf244eb1aac1c2dea6f447310652508a5ce183ec419191162a0f562e`
SHA3	`8dad9b4e6f765909e5285f35c1feeb5a15cbafb5a395809bd68d2843dc9139e6`
VirtualSize	`0x48e4`
VirtualAddress	`0x16f000`
SizeOfRawData	`0x2e00`
PointerToRawData	`0x16d400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.55001`

.idata

MD5	`2a898b9b7aca66f3fdaa3903651bb32c`
SHA1	`38a38f7859df59b6941c47ba4c614da62d03e9b6`
SHA256	`5d7debdae91f8b418b06601caf8b8dc07e0fabb0a77bd38f9f2294811bc7f3e6`
SHA3	`22aee89279b1daa798384d9509e2b0c5c39e2374b82fbfa6f3884959af725b3c`
VirtualSize	`0x108e`
VirtualAddress	`0x174000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x170200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.60099`

.00cfg

MD5	`bc32e7dc0a568692d7019d77c3ae3193`
SHA1	`72bdc8d4a518eaf7e787c00a6c8a73f9436b75b0`
SHA256	`3da6585cf46e1c1a32b8487f52dd3800709f64a761477fc81f8f95d1ad7d8192`
SHA3	`c404bdad77959b289fdbfe817697572bb1eb937cc2aa60cda5204cf3e65ce8f0`
VirtualSize	`0x104`
VirtualAddress	`0x176000`
SizeOfRawData	`0x200`
PointerToRawData	`0x171400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.0611629`

.rsrc

MD5	`85e48a5ee72cec14459a25a271e79b7e`
SHA1	`159e8ab43aa4f2670bc35e1f368a5a9ceadf93e2`
SHA256	`add0338f848157b1414d6820506eff5bbc1c78d84adbf0533a021f39d05b0ce9`
SHA3	`f494a1a85b28ce4dbb9ffc07afd813685a2fd1673b2e2204a1a123794a80e502`
VirtualSize	`0x79c`
VirtualAddress	`0x177000`
SizeOfRawData	`0x800`
PointerToRawData	`0x171600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.24801`

.reloc

MD5	`54ebabe361083cf18558133be6a72007`
SHA1	`78866ba9b6584397beb9bd3400919a819e342cc2`
SHA256	`d3b9f08b789d2eb02e25ba43eef73003445d2a6c902fd1cb5c56311d6432708e`
SHA3	`2187d36553822a72dd4dc8db5edaff9d4d550d7e5434847e10c377aafc1cf60e`
VirtualSize	`0x85b8`
VirtualAddress	`0x178000`
SizeOfRawData	`0x8600`
PointerToRawData	`0x171e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.25211`

Imports

KERNEL32.dll	`FlushFileBuffers` `GetTickCount` `QueryPerformanceCounter` `MapViewOfFile` `CreateFileMappingW` `FormatMessageA` `GetSystemTime` `GetSystemTimeAsFileTime` `WideCharToMultiByte` `FreeLibrary` `SystemTimeToFileTime` `GetProcessHeap` `GetCurrentProcessId` `GetFileSize` `LockFileEx` `LocalFree` `GetProcAddress` `UnlockFile` `HeapDestroy` `HeapCompact` `HeapAlloc` `LoadLibraryW` `GetSystemInfo` `CloseHandle` `HeapReAlloc` `DeleteFileW` `DeleteFileA` `WaitForSingleObjectEx` `LoadLibraryA` `CreateFileA` `FlushViewOfFile` `OutputDebugStringW` `GetFileAttributesExW` `GetFileAttributesA` `GetLastError` `GetDiskFreeSpaceA` `FormatMessageW` `GetTempPathA` `Sleep` `MultiByteToWideChar` `HeapSize` `HeapValidate` `UnmapViewOfFile` `GetFileAttributesW` `CreateFileW` `WaitForSingleObject` `CreateMutexW` `GetTempPathW` `UnlockFileEx` `SetEndOfFile` `GetFullPathNameA` `SetFilePointer` `LockFile` `OutputDebugStringA` `GetDiskFreeSpaceW` `WriteFile` `GetFullPathNameW` `HeapFree` `HeapCreate` `ReadFile` `AreFileApisANSI` `InitializeCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `TryEnterCriticalSection` `DeleteCriticalSection` `GetCurrentThreadId` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `InitializeSListHead` `IsDebuggerPresent` `GetStartupInfoW` `GetModuleHandleW` `WriteConsoleW` `InterlockedPushEntrySList` `InterlockedFlushSList` `RtlUnwind` `SetLastError` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `LoadLibraryExW` `EncodePointer` `RaiseException` `CreateThread` `ExitThread` `ResumeThread` `FreeLibraryAndExitThread` `GetModuleHandleExW` `ExitProcess` `GetModuleFileNameW` `GetStdHandle` `GetFileType` `GetTimeZoneInformation` `GetCurrentThread` `GetDateFormatW` `GetTimeFormatW` `CompareStringW` `LCMapStringW` `GetLocaleInfoW` `IsValidLocale` `GetUserDefaultLCID` `EnumSystemLocalesW` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetEnvironmentVariableW` `SetConsoleCtrlHandler` `SetStdHandle` `GetConsoleCP` `GetConsoleMode` `GetFileSizeEx` `SetFilePointerEx` `GetStringTypeW` `ReadConsoleW` `DecodePointer`

Delayed Imports

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x450`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.53052`
MD5	`840dbb55348113b6b852f426f5f6c361`
SHA1	`32e3757df3cbe3ff60874f7668023755afbc78ee`
SHA256	`9fd2f96d425dedd9537ae0bb9aa92077d0759ecbd7f21fc4c1f95c0c0a3a4cf3`
SHA3	`dea53335cc48968ac95af4dea4d5f80caed571d18989ae1b6576cc33ebcc68df`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	3.29.0.0
ProductVersion	3.29.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	SQLite Development Team
FileDescription	SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine.
FileVersion (#2)	3.29.0
InternalName	sqlite3
LegalCopyright	http://www.sqlite.org/copyright.html
ProductName	SQLite
ProductVersion (#2)	3.29.0
SourceId	2019-07-10 17:32:03 fc82b73eaac8b36950e527f12c4b5dc1e147e6f4ad2217ae43ad82882a88bfa6

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2019-Aug-14 07:58:56
Version	`0.0`
SizeofData	`75`
AddressOfRawData	`0x16d2e4`
PointerToRawData	`0x16bee4`
Referenced File	C:\Users\nishikigoi\Desktop\sqlite-mod\sqlite3.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2019-Aug-14 07:58:56
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x16d330`
PointerToRawData	`0x16bf30`

TLS Callbacks

Load Configuration

Size	`0xa4`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x10170e48`
SEHandlerTable	`0x1016d1c0`
SEHandlerCount	`7`

RICH Header

XOR Key	`0x4d4f719`
Unmarked objects	`0`
ASM objects (26213)	`11`
C++ objects (26213)	`155`
C objects (26213)	`18`
Imports (26213)	`3`
Total imports	`129`
C++ objects (27316)	`30`
C objects (27316)	`15`
ASM objects (27316)	`23`
C objects (VS2019 RTM compiler 27508)	`1`
Exports (VS2019 RTM compiler 27508)	`1`
Resource objects (VS2019 RTM compiler 27508)	`1`
Linker (VS2019 RTM compiler 27508)	`1`

e0777bb3744dfc974104b13818e4a56c

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.idata

.00cfg

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

TLS Callbacks

Load Configuration

RICH Header

Errors