Manalyze report for e26ae40ee51c1babf2da37acbac36d6f

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2018-Aug-16 23:51:52
Detected languages	English - New Zealand English - United States
Debug artifacts	C:\Users\nev.NZWLGPC1490\Documents\Visual Studio 2017\Projects\ATLProject1\Debug\ATLProject1.pdb
CompanyName	TODO: <Company name>
FileDescription	TODO: <File description>
FileVersion	`1.0.0.1`
LegalCopyright	TODO: (c) <Company name>. All rights reserved.
InternalName	ATLProject1.exe
OriginalFilename	ATLProject1.exe
ProductName	TODO: <Product name>
ProductVersion	`1.0.0.1`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`References the BITS service`
Suspicious	The PE is possibly packed.	`Section .textbss is both writable and executable.`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExA LoadLibraryExW` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Can access the registry: RegSetValueExA RegQueryInfoKeyW RegQueryInfoKeyA RegOpenKeyExA RegEnumKeyExA RegDeleteValueA RegDeleteKeyA RegCreateKeyExA RegCloseKey` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect`
Info	The PE is digitally signed.	`Signer: Custom Software Limited` `Issuer: Go Daddy Secure Certificate Authority - G2`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`e26ae40ee51c1babf2da37acbac36d6f`
SHA1	`2c435009099f72c7aa08930906dc9f8f6d025b14`
SHA256	`94acca79bc08eb48f7002c5d377a3006e5c4e3c0e59b47334bb0c190b379bdf1`
SHA3	`3297f0ad2339164bf6973a22c3533b5f59230c80ab35d9126a5edfefb8bdaf62`
SSDeep	`12288:8Nl1mId8k6Rr0HM2EiiHuuNj+iNWwX11yykVNj+CZEUld:Ud8bB0oNWwX11yPNj+s`
Imports Hash	`9f8552482a042b00e62df5c5d9b5abc8`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	2018-Aug-16 23:51:52
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0xc4e00`
SizeOfInitializedData	`0x3c200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0005EB75 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x161000`
SizeOfHeaders	`0x400`
Checksum	`0x10b21e`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.textbss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x5a371`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.text

MD5	`8e62784e388d65a6644b6460e88e0e57`
SHA1	`3b88edfc2257ce64eadcdb943690cd0c2dd4fdc2`
SHA256	`789bb2edfe148414e8167dec2303419eea3f1147ea511f272636e2f8c613fc2e`
SHA3	`5b06078e7c9082e0d960d3e018470fd4c4c9e7d9de3ff9e754e13dee425a4f57`
VirtualSize	`0xc4d3a`
VirtualAddress	`0x5c000`
SizeOfRawData	`0xc4e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.42742`

.rdata

MD5	`629990dbd24d2f2f6117dc98a5feebd5`
SHA1	`d0dfd6f799ce2d4981e8b7a53b6e2a7a99b9e599`
SHA256	`941dc18f16533431ac73465dc6f4b2259aa2bc5acbaeffb45688c91cac717421`
SHA3	`059b6f4c134411e97014a6228fabe28442e9e8e6a3aab8b7ab2e1b631947d2c8`
VirtualSize	`0x2d018`
VirtualAddress	`0x121000`
SizeOfRawData	`0x2d200`
PointerToRawData	`0xc5200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.72833`

.data

MD5	`ed06bdd4df086d289c46e313ac5a0428`
SHA1	`901fa87da46430b7368a726c36e918c7dd5844ce`
SHA256	`f3452d6868e7d48392469c450b2f3ea7b6cd03d62279748e0d4d288459e70042`
SHA3	`86f764b42971751c714705e710abf433a7c2944e73762a111eff79442a59a96e`
VirtualSize	`0x53fc`
VirtualAddress	`0x14f000`
SizeOfRawData	`0x1400`
PointerToRawData	`0xf2400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.75124`

.idata

MD5	`286ce95c6828031e2969f312d131727f`
SHA1	`c83e92161b892fde3b8dc81f64ea730ca6b8409e`
SHA256	`9f02b437f84f735687f2992ce1f671b7e3437a0e6c682d2620c71ebba97ea8bb`
SHA3	`da6d937f070eed685fdedd1b0d56dd49699dd71945eb2e58bb11e285e7c08b83`
VirtualSize	`0x1458`
VirtualAddress	`0x155000`
SizeOfRawData	`0x1600`
PointerToRawData	`0xf3800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.49869`

.00cfg

MD5	`4b2a75593d0050ddf91b25ac54329b1d`
SHA1	`2c5124cb7e15ecd527b068b5f55e5c3faaeec271`
SHA256	`2295b6ea18dc86017b9ce9ee022a7aa6bab0da870496854d71c6fcb03a382bd2`
SHA3	`680b838d4f3e79731a256e5715e2fce5c1058c984923a9b366c0c56bc7de07a4`
VirtualSize	`0x104`
VirtualAddress	`0x157000`
SizeOfRawData	`0x200`
PointerToRawData	`0xf4e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.0611629`

.rsrc

MD5	`c6b05bb9e532292c135cb629a0342213`
SHA1	`928e281531734a78f27ed3b16402c032b5078fe6`
SHA256	`b7843ff9d1d3afa27b70916fbb924c903c683b0efb673a40de3459a7836a704f`
SHA3	`27d87eca244df6ebf3e6aa4bcbc349ee876dcee63f273aa143f592bea62234ea`
VirtualSize	`0x1229`
VirtualAddress	`0x158000`
SizeOfRawData	`0x1400`
PointerToRawData	`0xf5000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.04923`

.reloc

MD5	`53e4540712b9e78bf097661031b7fd85`
SHA1	`e0c75cc3a8f20b18d308de1488fac97144873d5b`
SHA256	`ebafba72c3840f5e01504431b87edc7761c440228b25e9a29476353d327954b7`
SHA3	`b5ecc13fe6fafd0592dc395d67a98ae45b64f9d68cdb9938535e900752e9314c`
VirtualSize	`0x6f55`
VirtualAddress	`0x15a000`
SizeOfRawData	`0x7000`
PointerToRawData	`0xf6400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.13426`

Imports

KERNEL32.dll	`CreateEventA` `Sleep` `CreateThread` `GetCurrentThreadId` `FreeLibrary` `GetModuleFileNameA` `GetModuleHandleA` `GetModuleHandleW` `GetProcAddress` `LoadLibraryExA` `LoadResource` `SizeofResource` `FormatMessageA` `lstrcmpiA` `FindResourceA` `MultiByteToWideChar` `WideCharToMultiByte` `IsDBCSLeadByte` `OutputDebugStringA` `SetWaitableTimer` `CancelWaitableTimer` `WaitForSingleObject` `LocalFree` `CreateWaitableTimerA` `GetThreadLocale` `IsDebuggerPresent` `OutputDebugStringW` `EnterCriticalSection` `LeaveCriticalSection` `FlushFileBuffers` `SetFilePointerEx` `GetConsoleMode` `GetConsoleCP` `GetStringTypeW` `SetStdHandle` `SetEnvironmentVariableW` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCommandLineW` `GetCPInfo` `GetOEMCP` `GetACP` `IsValidCodePage` `FindNextFileW` `SetEvent` `DeleteCriticalSection` `InitializeCriticalSectionEx` `SetLastError` `GetLastError` `RaiseException` `CloseHandle` `DecodePointer` `LocalAlloc` `GetCommandLineA` `FindFirstFileExW` `FindClose` `HeapQueryInformation` `SetConsoleCtrlHandler` `WriteConsoleW` `GetFileType` `EnumSystemLocalesW` `GetUserDefaultLCID` `IsValidLocale` `GetLocaleInfoW` `LCMapStringW` `CompareStringW` `GetTimeFormatW` `CreateFileW` `GetDateFormatW` `HeapReAlloc` `HeapSize` `GetCurrentThread` `WriteFile` `GetStdHandle` `ExitProcess` `HeapValidate` `InitializeCriticalSectionAndSpinCount` `CreateEventW` `SwitchToThread` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `GetSystemTimeAsFileTime` `GetTickCount` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `GetStartupInfoW` `QueryPerformanceCounter` `GetCurrentProcessId` `InitializeSListHead` `HeapAlloc` `HeapFree` `GetProcessHeap` `VirtualQuery` `RtlUnwind` `InterlockedPushEntrySList` `InterlockedFlushSList` `GetModuleFileNameW` `LoadLibraryExW` `EncodePointer` `GetSystemInfo` `VirtualAlloc` `VirtualProtect` `GetModuleHandleExW`
USER32.dll	`SetWindowTextA` `TranslateMessage` `DispatchMessageA` `SendMessageA` `PostThreadMessageA` `UnregisterClassA` `CreateWindowExA` `CharUpperA` `CharNextA` `CharNextW` `GetSystemMetrics` `MessageBoxA` `GetMessageA`
ADVAPI32.dll	`RegSetValueExA` `RegQueryInfoKeyW` `RegQueryInfoKeyA` `RegOpenKeyExA` `RegEnumKeyExA` `RegDeleteValueA` `RegDeleteKeyA` `RegCreateKeyExA` `RegCloseKey`
ole32.dll	`CoUninitialize` `CoRegisterClassObject` `CoInitializeEx` `CoResumeClassObjects` `CoAddRefServerProcess` `CoReleaseServerProcess` `CoCreateInstance` `StringFromGUID2` `CoTaskMemAlloc` `CoTaskMemRealloc` `CoTaskMemFree` `CoInitialize` `CoRevokeClassObject`
OLEAUT32.dll	`#163` `#161` `#277` `#7` `#6` `#2` `#186`

Delayed Imports

201

Type	`AFX_DIALOG_LAYOUT`
Language	English - New Zealand
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`c4103f122d27677c9db144cae1394a66`
SHA1	`1489f923c4dca729178b3e3233458550d8dddf29`
SHA256	`96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7`
SHA3	`762ba6a3d9312bf3e6dc71e74f34208e889fc44e6ff400724deecfeda7d5b3ce`

101

Type	`REGISTRY`
Language	English - United States
Codepage	UNKNOWN
Size	`0xc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.79248`
MD5	`0faf7d9daad9eaf6481b7bb69bdb26b7`
SHA1	`f487bfff48f35946a8ae9cff98bcc5219e0a6cf4`
SHA256	`07d923e8f7f69e6f36e2226723e8c1abed527b999942669a8eff8c50a0be65f6`
SHA3	`5e8f495602f8c55786615e8d1898609eb7328208ce406dcc9bb8927feb64a60c`

1

Type	`TYPELIB`
Language	English - New Zealand
Codepage	UNKNOWN
Size	`0x4b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.3533`
MD5	`e44c29092fcb8e5d713c083d891a16bf`
SHA1	`e4622fc5b0b4c5c3f25a524cc2def253567e143e`
SHA256	`cea12e4ff1c0beae5e126b36f6ddfc7bcb03f9ee9622e3b291276d88bfc4ce52`
SHA3	`3659ff16dc3f25d0de2e5f616ff122ce5cf9bf43f11c2382e60515e50dce197c`

201 (#2)

Type	`RT_DIALOG`
Language	English - New Zealand
Codepage	UNKNOWN
Size	`0xac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.92643`
MD5	`fbac1aa6b823f0f1ec71719715ab5d3a`
SHA1	`bb4c4000460db40b6ba0469b4600b5d9f5b0f24c`
SHA256	`c8a015de37747dffc43ad686f309c0827ac2900ecaa271a1382160e9d7d03439`
SHA3	`aed5ebd7680980df1930941e965207efdeee530dc40169dea7e3223c00b5fa43`

7

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x36`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.56086`
MD5	`a3f4a39c172bcd7eeea926f00889774a`
SHA1	`723ac914f7d05f80dfd338685605492e6a618ab7`
SHA256	`215d995a52cd0f6f3cba9cd13a0d58b7894ddaf20b802f29fcade33045089241`
SHA3	`c7a7e6815dbfbc0f39dbf9c54ae6fc7d53d651872c8f351c942c82a7940b0a01`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x340`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.44724`
MD5	`c3189b138130628954190a83431dc437`
SHA1	`3abc6866b4e6640dd608ca0faa1befca887cfa40`
SHA256	`ff82cbc407e9a3fb5543b96846eac1f2666480ef27ca221afd8a35cbd903439d`
SHA3	`90dcb9ad5fc59a1ccd3ddbbd8d681a9515c2ef027fe62545df5e4a655a887566`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x224`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.04378`
MD5	`245b863be176aab16ef1dbe168defe03`
SHA1	`c0a369f6f0e77b89c5d9d37fb94e1d5e2d431b5b`
SHA256	`59ba97d56a01766792386c3b379946bb613c8921e3daf8a878855a268ad5e4aa`
SHA3	`7efbe82f17422b353f747a146c1e8f1b9df37e90648150f2020442ff9477341e`

String Table contents

ATLProject1

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.1
ProductVersion	1.0.0.1
FileFlags	`VS_FF_DEBUG`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	TODO: <Company name>
FileDescription	TODO: <File description>
FileVersion (#2)	1.0.0.1
LegalCopyright	TODO: (c) <Company name>. All rights reserved.
InternalName	ATLProject1.exe
OriginalFilename	ATLProject1.exe
ProductName	TODO: <Product name>
ProductVersion (#2)	1.0.0.1

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2018-Aug-16 20:57:33
Version	`0.0`
SizeofData	`121`
AddressOfRawData	`0x14b564`
PointerToRawData	`0xef764`
Referenced File	C:\Users\nev.NZWLGPC1490\Documents\Visual Studio 2017\Projects\ATLProject1\Debug\ATLProject1.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2018-Aug-16 20:57:33
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x14b5e0`
PointerToRawData	`0xef7e0`

TLS Callbacks

Load Configuration

Size	`0xa0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x54f0a0`
SEHandlerTable	`0`
SEHandlerCount	`0`

RICH Header

XOR Key	`0xcc632d48`
Unmarked objects	`0`
ASM objects (VS2015/2017 runtime 25711)	`13`
C++ objects (VS2015/2017 runtime 25711)	`154`
ASM objects (VS2017 v15.6.6 compiler 26131)	`21`
C objects (VS2017 v15.6.6 compiler 26131)	`17`
Imports (VS2015/2017 runtime 25711)	`11`
Total imports	`150`
C++ objects (VS2017 v15.6.6 compiler 26131)	`56`
C objects (VS2015/2017 runtime 25711)	`20`
C objects (VS2017 v15.7.2 compiler 26429)	`1`
C++ objects (VS2017 v15.7.2 compiler 26429)	`5`
Resource objects (VS2017 v15.7.2 compiler 26429)	`1`
151	`1`
Linker (VS2017 v15.7.2 compiler 26429)	`1`

Errors

[*] Warning: Section .textbss has a size of 0!