Manalyze report for e865fb19dff6845beb70d515cc37c1bc

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2024-May-01 11:21:16
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	The PE is possibly packed.	`Section .textbss is both writable and executable.` `Unusual section name found: .msvcjmc`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`e865fb19dff6845beb70d515cc37c1bc`
SHA1	`a5df49d4ffc25fbd65388a000e680be7528440b7`
SHA256	`8cef95054417606cd53e3019f9a5f3254c7a1655cdd802a1cf5834aa5212df1f`
SHA3	`b23cbd0d64ed62cd14011982b8f288c2f9350fa518d01c55370ff22791184258`
SSDeep	`384:CWkpZ4eT0eky/avrJIEAIVUzsnH1yYZP2E5lkzWQfBX2YdP89Z7LP:CWkpSZySmex0G+EvkzvBDdP89`
Imports Hash	`cb53f14f870cb8e22b40d358293ae8ad`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`10`
TimeDateStamp	2024-May-01 11:21:16
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x7c00`
SizeOfInitializedData	`0x7800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000011262 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x7ff70d260000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x25000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.textbss

MD5	`fcd6bcb56c1689fcef28b57c22475bad`
SHA1	`1adc95bebe9eea8c112d40cd04ab7a8d75c4f961`
SHA256	`de2f256064a0af797747c2b97505dc0b9f3df0de4f489eac731c23ae9ca9cc31`
SHA3	`b843518c43581f4dc3563115943a72ec61580cdb7c6160568ae2ffa7f1a769c4`
VirtualSize	`0x10000`
VirtualAddress	`0x1000`
SizeOfRawData	`0x10000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.text

MD5	`7f250c2ffa2b50bd75287cee041419a0`
SHA1	`57895987b6e36228d71301167100322fa4423f26`
SHA256	`fe8216c9b3d4a4d7aff781471e37e69885906bcc1fb0566919054117eb2a8f3e`
SHA3	`3d4b7ae27245c3564a17cf01b444d3832c365fc09c83e96fd202c0aa71ccdc68`
VirtualSize	`0x8000`
VirtualAddress	`0x11000`
SizeOfRawData	`0x8000`
PointerToRawData	`0x11000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`3.49457`

.rdata

MD5	`4b8634ff0acf99f8253441e604b28500`
SHA1	`97a6d9081aafb83aea412a2ff5255af6e9996710`
SHA256	`8b6ce9f857ffdb71aa44b99f23cc0763fa7a6584d1a092189676d7b440962549`
SHA3	`d3271b2abfaa4b395fa6bc6bc412195199292aca23a119c20f356cb16eba9380`
VirtualSize	`0x3000`
VirtualAddress	`0x19000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x19000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.02846`

.data

MD5	`caba47c6d2603f937933c0587c13113c`
SHA1	`77fd59a2676d38985658cb33642eb8ac97e230ea`
SHA256	`9124d50766a7979ee0c980b1468d8d1b71d96d84072ea0545e0cd2261fa2257f`
SHA3	`53cc3a796e83b3d556d14d3d2eb1eec135cc1c76a288936853711af9e566f1b9`
VirtualSize	`0x1000`
VirtualAddress	`0x1c000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x1c000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.215922`

.pdata

MD5	`7f5d0d8734c8aea6ad89e17ad123110c`
SHA1	`71e1b44299a3fd7ee7d33f407fb2bd521869edb7`
SHA256	`5fecfd7d8a9d9826c262e02364dc65024893866324a725608a6eb1f1f7de7511`
SHA3	`aad9e04e49e9bb6e9a48c03219480a2ae5a61164c0ae6ae33e4fbd7d43b51700`
VirtualSize	`0x3000`
VirtualAddress	`0x1d000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x1d000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.756162`

.idata

MD5	`1df281e01e9079080c7e7b7bb1358dc0`
SHA1	`39a4d866249ff6798df6f8201a49e213c832d915`
SHA256	`3662814fd17fae5aa39c907d06aee790827e1353b3e683ae147903c5769e19f5`
SHA3	`b09126d5466a035b7bfdcd2e5aa8e079a14ee42b31184ea023dd0f36c012f82a`
VirtualSize	`0x1000`
VirtualAddress	`0x20000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x20000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.85946`

.msvcjmc

MD5	`a2fa459444d1b64680387a0ca9ffc7cc`
SHA1	`077adc4f2d3aa8ae866f35082b4d4a950fa673cd`
SHA256	`35c5e0552b919b98813306e9bbffc823f55f35d83ff39524bf4c066abf746dba`
SHA3	`85e1f1415787cee88e2f45adbf16de2821ef4c7941d44d8499b2c7645b3556e3`
VirtualSize	`0x1000`
VirtualAddress	`0x21000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x21000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.241351`

.00cfg

MD5	`24ebadd4dc315b54a6f9547470919b20`
SHA1	`34f3f3a96a71cbb75193492f2af4fc8e23cfdc42`
SHA256	`4b33578f112ca8383bd201cd0f979166b56e53b1a8fec92bbc65eed381c78084`
SHA3	`173ecbe38ad2d7b1db7afeba18e6549b1f8c65d604dd8c9a924fffee1eff49a7`
VirtualSize	`0x1000`
VirtualAddress	`0x22000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x22000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.0991356`

.rsrc

MD5	`1b393510c50a375de9ef36d0cd5e7a43`
SHA1	`246c6b627edfc126d88f3178845d9e4cccd0f953`
SHA256	`77c91e41a0db9de54138bfa3ba72fb705952124c3abb2fdec9c74a2ae1401130`
SHA3	`5b7f1287222167b8bcb0ae71a9fc0bfecfb36aca165fe5709a6fa1fed94c75c8`
VirtualSize	`0x1000`
VirtualAddress	`0x23000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x23000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.953248`

.reloc

MD5	`bcbdefcb17efde0a4e9a36858d6582a2`
SHA1	`1f90749cb7fe908e7a7b530f818138774644358c`
SHA256	`655b6db1e4e0ba8154a3145a63fb6a2386c2c79c223352f26317cffa0f951c45`
SHA3	`5c321c423b8d8cce0f628d195fcaaa09b1f00f6c35044994ab5401d4f623d568`
VirtualSize	`0x1000`
VirtualAddress	`0x24000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x24000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.218357`

Imports

KERNEL32.dll	`Sleep` `QueryPerformanceCounter` `GetCurrentProcessId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `TerminateProcess` `GetCurrentProcess` `GetProcAddress` `FreeLibrary` `VirtualQuery` `GetProcessHeap` `HeapFree` `HeapAlloc` `GetLastError` `WideCharToMultiByte` `MultiByteToWideChar` `RaiseException` `GetModuleHandleW` `IsProcessorFeaturePresent` `GetStartupInfoW` `SetUnhandledExceptionFilter` `GetCurrentThreadId`
VCRUNTIME140D.dll	`__C_specific_handler_noexcept` `__vcrt_GetModuleHandleW` `__current_exception` `__std_type_info_destroy_list` `__C_specific_handler` `__current_exception_context` `__vcrt_GetModuleFileNameW` `__vcrt_LoadLibraryExW` `memcpy`
ucrtbased.dll	`terminate` `strcpy_s` `strcat_s` `__stdio_common_vsprintf_s` `_wmakepath_s` `_wsplitpath_s` `wcscpy_s` `_crt_at_quick_exit` `_execute_onexit_table` `_register_onexit_function` `_initialize_onexit_table` `_seh_filter_dll` `__p__commode` `_set_new_mode` `_configthreadlocale` `_register_thread_local_exe_atexit_callback` `_c_exit` `_cexit` `__p___argv` `__p___argc` `_set_fmode` `_exit` `exit` `_initterm_e` `_initterm` `_get_initial_narrow_environment` `_initialize_narrow_environment` `_configure_narrow_argv` `__setusermatherr` `_set_app_type` `_seh_filter_exe` `_CrtDbgReportW` `_CrtDbgReport` `_crt_atexit`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x7ff70d27c040`

RICH Header

XOR Key	`0xbffbf713`
Unmarked objects	`0`
Imports (33218)	`2`
C++ objects (33218)	`23`
C objects (33218)	`11`
ASM objects (33218)	`3`
Imports (30795)	`5`
Total imports	`70`
C objects (33523)	`1`
Resource objects (33523)	`1`
Linker (33523)	`1`

Errors

[!] Error: Could not read PDB file information of invalid magic number.