Manalyze report for e40cbc661d6a7937ed85e0c7a124d5b6

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2059-Mar-25 05:48:15

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: WOW64SVC` `Unusual section name found: W64SVC` `The PE only has 0 import(s).`
Safe	VirusTotal score: 0/64 (Scanned on 2019-08-08 10:48:04)	`All the AVs think this file is safe.`

Hashes

MD5	`e40cbc661d6a7937ed85e0c7a124d5b6`
SHA1	`817c59cae23df4ed8f3c8985e18edb5ccb7a92b1`
SHA256	`45a3048be15d835694e0280f9bd4eed17290ee752878713e379da242a21fd511`
SHA3	`0efdda484335dc0ba0b24c5a492b91dbd98dbdfeda1d12cdff9a30f45454f318`
SSDeep	`96:aSdNFCrR4qMhSZTc+q+6Ew5J8EzEdESzCE+rnMaEuDltqCQlFYz3v61amn5CsChM:aSd3LhK++5zCqwklezf6xnksChw/5`
Imports Hash	`d41d8cd98f00b204e9800998ecf8427e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`8`
TimeDateStamp	2059-Mar-25 05:48:15
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x1200`
SizeOfInitializedData	`0x1c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000012A0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x76e80000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`A.0`
ImageVersion	`A.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0x9000`
SizeOfHeaders	`0x400`
Checksum	`0x122ec`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x40000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`5bd914ea09cce9b1b66e965d8f4f7e63`
SHA1	`b037cb3f8b2e03913661a7d566c0d8d12863be98`
SHA256	`478582c7ce2f84449d27e6b85cf3b842b634e02bd83e7184e4473802f97c227c`
SHA3	`f0b0d0e2b6b94d702567464ae4544d1666a5800c050edc99049c2ba3778a9af3`
VirtualSize	`0xfdf`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`1.93308`

WOW64SVC

MD5	`9e965372a9398d56e0e13cf4b42e5b79`
SHA1	`4c6f8838e8f9f94c975af250d6795425ec8d9388`
SHA256	`33525347e8c3d6241526183393c78c68aa3a7503746fbac120d6a6f0acec7572`
SHA3	`935625b5f3e11a4c0a227c572ed69b14c076857249341dedb5c0ad564dc66079`
VirtualSize	`0x2d`
VirtualAddress	`0x2000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`4.91364`

.rdata

MD5	`4fb8e47444305838b389e732fd7253d8`
SHA1	`af86a31ed163c6a4a15c2df8fa1148ed113d1d4a`
SHA256	`5c3493c83bfdc46203f043d4036de370404d138fe73e782197d59cf267998935`
SHA3	`17a2cd60056c0d313d641558271fec6786c38d1530c738d21e074bec655b3e23`
VirtualSize	`0xb52`
VirtualAddress	`0x3000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x1600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.23241`

.data

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x581`
VirtualAddress	`0x4000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.pdata

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x114`
VirtualAddress	`0x5000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0`

W64SVC

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x10`
VirtualAddress	`0x6000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0`

.rsrc

MD5	`0f343b0931126a20f133d67c2b018a3b`
SHA1	`60cacbf3d72e1e7834203da608037b1bf83b40e8`
SHA256	`5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef`
SHA3	`6841b2c10aa6e5f7a384143e4de58fbc9aa28a4b742e9ad4ed14ba148a723a43`
VirtualSize	`0x3f0`
VirtualAddress	`0x7000`
SizeOfRawData	`0x400`
PointerToRawData	`0x2800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0`

.reloc

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x78`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0`

Imports

Delayed Imports

Version Info

UNKNOWN

Characteristics	`77260812`
TimeDateStamp	2044-Jan-13 10:14:24
Version	`8317.35649`
SizeofData	`2336303197`
AddressOfRawData	`0xf41386d`
PointerToRawData	`0x8075ba`

UNKNOWN (#2)

Characteristics	`2337022834`
TimeDateStamp	1989-Apr-13 16:16:52
Version	`8964.0`
SizeofData	`1090519040`
AddressOfRawData	`0x8b45d08e`
PointerToRawData	`0x89443c4d`

UNKNOWN (#3)

Characteristics	`2336302092`
TimeDateStamp	2105-Sep-15 14:34:13
Version	`19502.62603`
SizeofData	`1711285000`
AddressOfRawData	`0x202444c7`
PointerToRawData	`0x8b45002b`

TLS Callbacks

Load Configuration

Size	`0xc3000000`
TimeDateStamp	`2078-Nov-18 05:10:36`
Version	`52428.3942`
GlobalFlagsClear	`FLG_DEBUG_INITIAL_COMMAND` `FLG_HEAP_ENABLE_TAIL_CHECK` `FLG_MAINTAIN_OBJECT_TYPELIST` `FLG_POOL_ENABLE_TAGGING` `FLG_SHOW_LDR_SNAPS` `FLG_STOP_ON_EXCEPTION` `FLG_STOP_ON_HUNG_GUI`
GlobalFlagsSet	`FLG_APPLICATION_VERIFIER` `FLG_CRITSEC_EVENT_CREATION` `FLG_DEBUG_INITIAL_COMMAND_EX` `FLG_DISABLE_STACK_EXTENSION` `FLG_ENABLE_CLOSE_EXCEPTIONS` `FLG_ENABLE_HANDLE_EXCEPTIONS` `FLG_HEAP_PAGE_ALLOCS` `FLG_HEAP_VALIDATE_PARAMETERS` `FLG_MAINTAIN_OBJECT_TYPELIST` `FLG_MONITOR_SILENT_PROCESS_EXIT` `FLG_POOL_ENABLE_TAGGING` `FLG_STOP_ON_EXCEPTION` `FLG_USER_STACK_TRACE_DB`
CriticalSectionDefaultTimeout	`1413567809`
DeCommitFreeBlockThreshold	`0x68ec834855575653`
DeCommitTotalFreeThreshold	`0x3025248b4c65`
LockPrefixTable	`0x1fc03d8d4c00`
MaximumAllocationSize	`0x148824ac8b4d`
VirtualMemoryThreshold	`0x4100000080c58149`
ProcessAffinityMask	`0x413772008075ba0f`
ProcessHeapFlags	`HEAP_GENERATE_EXCEPTIONS` `HEAP_NO_SERIALIZE`
CSDVersion	`30091`
Reserved1	`0x4124`
EditList	`0x41386d8b41285d8b`
SecurityCookie	`0x44c7f48b4c34458b`
GuardCFCheckFunctionPointer	`4693890495321755019`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0xd1180091`
Unmarked objects	`0`
Imports (26213)	`5`
Total imports	`19`
C objects (26213)	`4`
Exports (26213)	`1`
ASM objects (26213)	`4`
269 (26213)	`1`
Resource objects (26213)	`1`
Linker (26213)	`1`

Errors

[!] Error: Could not read an import's name.
[*] Warning: IMAGE_EXPORT_DIRECTORY field Characteristics is reserved and should be 0!
[!] Error: Could not read the exported DLL name.
[*] Warning: The WIN_CERTIFICATE appears to be invalid.