Manalyze report for e750702b8229874eb0bb7fe142cc07bb

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2022-Sep-10 00:23:15

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains another PE executable: This program cannot be run in DOS mode.`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryExW`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`e750702b8229874eb0bb7fe142cc07bb`
SHA1	`1a56bc786e5443f3fd55f87acd858954c31991a2`
SHA256	`168f3980868852128ccf598680cacd503181aca24c34908d6e67a7dd3dc56eff`
SHA3	`0585accb8af3cb36e71059538ca19c4acdfc74a1f5ea631b9b9af2775f0a62d2`
SSDeep	`3072:6Bp/arufBcGYJQ1MpMIZ+GovbRM6ep5cyhki7bcMG5b4:Oh2/G6wvFep5cyhbe8`
Imports Hash	`35b3ee4f6344826b18c46585ba869fef`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2022-Sep-10 00:23:15
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xc400`
SizeOfInitializedData	`0x22a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001690 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x33000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a808ac8c0b112d52635e2ab6faea5991`
SHA1	`25c858f591834a52f59598929ec1e2ac7c0f6424`
SHA256	`4c1630c073630f120eb76a358f7ad92ae1ec1f8c7b4bb29346714f21f7388f7c`
SHA3	`c4fa434ea5a0c9f65b75b4ab5df08d5978ee5d5add91813add05bb9963245958`
VirtualSize	`0xc400`
VirtualAddress	`0x1000`
SizeOfRawData	`0xc400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.45852`

.rdata

MD5	`8ae468944a3a5d67f1e21f5148e05c9e`
SHA1	`a73009a77caa28dfe3531664d18502c4a2fc298e`
SHA256	`a42fd54ce73e86e9b37db75f92f37ca17cbeace95adb861705de4eeff44cedcd`
SHA3	`b27cc7abe5bf4e9477af3b0f3d8e1341dffd56335bef4f3c691aad80944cf470`
VirtualSize	`0x8d22`
VirtualAddress	`0xe000`
SizeOfRawData	`0x8e00`
PointerToRawData	`0xc800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.70139`

.data

MD5	`7fd920c27346e91d6d2ee9ae521ee795`
SHA1	`d74c52ab72ff60d0d1f7b73e5802ecbb75583265`
SHA256	`188a937c4bcafa5fc3faa41a4551e0866d47648246e5e9a5ad1fe82d50bd1620`
SHA3	`bcd70f91ce94f033ab6a709cd8aff3837d3d5616f013e687cc7633e3776cf346`
VirtualSize	`0x18228`
VirtualAddress	`0x17000`
SizeOfRawData	`0x17200`
PointerToRawData	`0x15600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.78978`

.pdata

MD5	`9ddeb0fadb6b66c94c91f8587f17bfe2`
SHA1	`cb3ae14e76b72cc4bcf8496d346c9ac080d90671`
SHA256	`19982f6ab5fbf18945148c4425234d3524b19d315ed77479c456d834080e08c6`
SHA3	`51ddb146ba966d88ef3ec55f1681ce2a71e929a0efcd6670c11c8a358c75280e`
VirtualSize	`0xd8c`
VirtualAddress	`0x30000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x2c800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.74524`

_RDATA

MD5	`bb0a583398f85970b9a51122f8b93217`
SHA1	`3c8a370614949c81c0ebf8292a4219cd5107ab73`
SHA256	`8c7c2b5965c015534c0d4d69b65c5a7111c8976beca874f1def641e52b89d3aa`
SHA3	`b511587525abccff05660876d4274c9f4aa0a4ed80fda3f2275397d8b823eb51`
VirtualSize	`0xf4`
VirtualAddress	`0x31000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2d600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.98781`

.reloc

MD5	`549896434945f602b1f9859234e397a3`
SHA1	`dd295bbff63d7b3092a04a7e7dc5c8a0029e4cff`
SHA256	`702e2703d9bf9b6144730c15f8ce0c869b6f80d2fd7aeb50e4351b6f860ca42e`
SHA3	`caf876f68f8ff5afd2cc14fdcc6267365951eeae4f5f4b207808a95493b8d9eb`
VirtualSize	`0x640`
VirtualAddress	`0x32000`
SizeOfRawData	`0x800`
PointerToRawData	`0x2d800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.81544`

Imports

KERNEL32.dll	`CreateFileA` `WriteFile` `CloseHandle` `GetProcAddress` `LoadLibraryA` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `WriteConsoleW` `RtlUnwindEx` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `LoadLibraryExW` `RaiseException` `GetStdHandle` `GetModuleFileNameW` `GetCurrentProcess` `ExitProcess` `TerminateProcess` `GetModuleHandleExW` `GetCommandLineA` `GetCommandLineW` `HeapAlloc` `HeapFree` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetEnvironmentVariableW` `SetStdHandle` `GetFileType` `GetStringTypeW` `CompareStringW` `LCMapStringW` `GetProcessHeap` `HeapSize` `HeapReAlloc` `FlushFileBuffers` `GetConsoleOutputCP` `GetConsoleMode` `SetFilePointerEx` `CreateFileW`

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2022-Sep-10 00:23:15
Version	`0.0`
SizeofData	`680`
AddressOfRawData	`0x157a0`
PointerToRawData	`0x13fa0`

TLS Callbacks

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14002d670`

RICH Header

XOR Key	`0x7fefddd9`
Unmarked objects	`0`
C objects (27412)	`11`
ASM objects (27412)	`5`
C++ objects (27412)	`137`
Imports (27412)	`3`
Total imports	`86`
C++ objects (30034)	`37`
C objects (30034)	`16`
ASM objects (30034)	`9`
C objects (30146)	`1`
Linker (30146)	`1`

e750702b8229874eb0bb7fe142cc07bb

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

_RDATA

.reloc

Imports

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors