Manalyze report for e984f1046e62ab2fabb4402992696610

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Jul-30 19:43:56
Detected languages	English - United States
Debug artifacts	c:\pl\output\CPUEater.pdb
Comments	CPUEater ProBalance Demo
FileDescription	CPUEater ProBalance Demo
InternalName	cpueater.exe
OriginalFilename	cpueater.exe
ProductName	Process Lasso
CompanyName	Bitsum LLC
FileVersion
LegalCopyright	(c)2021 Bitsum LLC
ProductVersion	`10.2.0.34`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to security software: msmpeng.exe` `Tries to detect virtualized environments: HARDWARE\DESCRIPTION\System` `May have dropper capabilities: CurrentControlSet\Services`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress LoadLibraryExW` `Can access the registry: RegEnumKeyExW RegQueryInfoKeyW RegOpenKeyExW RegSetValueExW RegCloseKey RegQueryValueExW RegCreateKeyExW` `Possibly launches other programs: CreateProcessW` `Manipulates other processes: OpenProcess`
Info	The PE is digitally signed.	`Signer: Bitsum Technologies (Bitsum LLC)` `Issuer: DigiCert EV Code Signing CA (SHA2)`
Suspicious	VirusTotal score: 1/68 (Scanned on 2022-05-25 18:34:14)	`APEX: Malicious`

Hashes

MD5	`e984f1046e62ab2fabb4402992696610`
SHA1	`b12cca839d678f7ff6d0ae52777b5ceaec2d978e`
SHA256	`e3329149298dedff8afcc3cefae991b9fa969cb3bf7ad9a9ce819674b21c5528`
SHA3	`3ab97ace77e1b3674e41c12f6d56d2c8c9b81486afcaf832e6b02b226fb099ee`
SSDeep	`6144:Ps4L3HMk1HTtWKfLRSO8yBHLeqalohlPfjM+zZh7dF:fsk1HTtWgLRS3tq+oDQcrhF`
Imports Hash	`212c873d6bb9dce88a34a86d90c23aea`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x120`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2021-Jul-30 19:43:56
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x42000`
SizeOfInitializedData	`0x35000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000024B18 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`4.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x7b000`
SizeOfHeaders	`0x400`
Checksum	`0x76ffd`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`cf6be402f54606675350952b1caa8218`
SHA1	`4d4cbbda9681d95dc723ee28776dbdbafebf2dc1`
SHA256	`3c6ae19d139e7625dd26ddccf818178ec921a44a62f5c55b2be54ef9a9dbd5c5`
SHA3	`35dcd753c7e126b2ae8ad7017ce92e315678fae64510987c539748ebb7fa3107`
VirtualSize	`0x41e6e`
VirtualAddress	`0x1000`
SizeOfRawData	`0x42000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.40547`

.rdata

MD5	`efb2f1281155405950c30823a4b5fe8b`
SHA1	`c59b23696c69d5d1c1b6d354b15f4047e0a492aa`
SHA256	`ac47538a54835e90267675c1de847eab566dc7cc4c5c0e121f397e837b85006f`
SHA3	`676b592bd282d73bc17e0167126fbdf7798908dffd4cc965c484ab5c70043c53`
VirtualSize	`0x17f54`
VirtualAddress	`0x43000`
SizeOfRawData	`0x18000`
PointerToRawData	`0x42400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.18082`

.data

MD5	`f9c0af476ee0192e6d1918f84784ec84`
SHA1	`ca09ef60635c00a804feb8192d529edb99918c8a`
SHA256	`6207efbefe9a7c675de4837db91d8494e1bd96bee006a4dde2d80e8a0dff8e58`
SHA3	`9494a84ee491e5b75b494345d2861f327303072837839fd07ac813b1f34b096f`
VirtualSize	`0x7a4c`
VirtualAddress	`0x5b000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x5a400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.79261`

.pdata

MD5	`85d6724727a7c9015ff6169b5c4cc222`
SHA1	`31fe36d0b2d0c12eeb8d0fee0cb73bdabad51094`
SHA256	`d5d554aa04bb6ca79f9d53e5af68ad5682b68ee640459b38dedbee0cf766d215`
SHA3	`ce0e50e376ac58a063a689099c74807e45bcbe3b0a2f6c766dbfda821289bdf1`
VirtualSize	`0x25d4`
VirtualAddress	`0x63000`
SizeOfRawData	`0x2600`
PointerToRawData	`0x5b800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.57537`

_RDATA

MD5	`3016ba6ec2164c1aac33832a6da6747c`
SHA1	`29a043f2027ef70819fab152a65ed419541ec552`
SHA256	`153dad5ccf3c5adc58bf54cd84c6efcf1ac79e1a828c947123b5bd24821ca897`
SHA3	`79c78847752c6a8722ade6367e2b4a46d92cb5d2f4fa408629db51a49e4217a5`
VirtualSize	`0xf4`
VirtualAddress	`0x66000`
SizeOfRawData	`0x200`
PointerToRawData	`0x5de00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.43507`

.rsrc

MD5	`61eccbc6c357a34a94ede12744fab120`
SHA1	`224865ba946f0770b39c4bad5813f98423c6350b`
SHA256	`d8d1aa19503a7c342dce7ed59ae74a06f90632accd24674577deb1ee38fe2dad`
SHA3	`de7613594ae77503e3ca57d63e91407ab068cc4c92f50190f17e1dbb11b913a6`
VirtualSize	`0x12150`
VirtualAddress	`0x67000`
SizeOfRawData	`0x12200`
PointerToRawData	`0x5e000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.2963`

.reloc

MD5	`47ae1eb613b5f7aa7d29bd8be4692052`
SHA1	`243d2ccbd7f981ef37f80d659d76613a1ac3b2b6`
SHA256	`dc024b4c513d006ee9a1257757f4b8e349167866ccfca4121a81135dcfa2b58b`
SHA3	`62c7d82a1a13dbf6a16ed2f088a2b58b679367261ba705413a8e7d6f6219fae3`
VirtualSize	`0x8cc`
VirtualAddress	`0x7a000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x70200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.17584`

Imports

COMCTL32.dll	`#17` `InitCommonControlsEx`
KERNEL32.dll	`DecodePointer` `GetLastError` `GetSystemInfo` `GetNumaHighestNodeNumber` `GetNumaNodeProcessorMask` `HeapDestroy` `HeapSize` `HeapReAlloc` `HeapFree` `HeapAlloc` `GetProcessHeap` `SizeofResource` `LockResource` `LoadResource` `InitializeCriticalSectionEx` `FindResourceW` `OpenProcess` `CloseHandle` `InitializeCriticalSectionAndSpinCount` `DeleteCriticalSection` `CreateEventW` `CreateThread` `GetStartupInfoW` `GetFileAttributesW` `CreateProcessW` `GetModuleFileNameW` `GetModuleHandleW` `WaitForSingleObject` `GetSystemTimeAsFileTime` `RaiseException` `LoadLibraryW` `MultiByteToWideChar` `GetCurrentProcess` `GetExitCodeProcess` `TerminateProcess` `SetEvent` `OpenEventW` `OpenMutexW` `GetPriorityClass` `GetThreadPriority` `SetThreadPriorityBoost` `GetCurrentThread` `SetThreadPriority` `FindResourceExW` `ExitProcess` `WriteConsoleW` `GetConsoleMode` `GetConsoleOutputCP` `LocalFree` `VerSetConditionMask` `VerifyVersionInfoW` `CreateFileW` `GetFileSize` `GetCurrentProcessId` `SetLastError` `GetProcAddress` `GetVolumeNameForVolumeMountPointW` `DeleteFileW` `WideCharToMultiByte` `GetLogicalProcessorInformationEx` `GetActiveProcessorCount` `GetActiveProcessorGroupCount` `GetUserDefaultUILanguage` `FreeLibrary` `InitializeCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `Sleep` `LocalAlloc` `ResetEvent` `GetTickCount` `GetFileTime` `ReadFile` `WriteFile` `FlushFileBuffers` `SetEndOfFile` `FindNextFileW` `TryEnterCriticalSection` `GetVersionExW` `MulDiv` `GlobalAlloc` `GlobalLock` `GlobalUnlock` `LocalLock` `LocalUnlock` `IsDebuggerPresent` `OutputDebugStringW` `InitializeSRWLock` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `GetCurrentThreadId` `GetStringTypeW` `QueryPerformanceCounter` `SetPriorityClass` `EncodePointer` `GetCPInfo` `WaitForSingleObjectEx` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsProcessorFeaturePresent` `InitializeSListHead` `RtlUnwindEx` `RtlPcToFileHeader` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `LoadLibraryExW` `GetModuleHandleExW` `GetStdHandle` `GetFileType` `LCMapStringW` `SetFilePointerEx` `FindClose` `FindFirstFileExW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCommandLineA` `GetCommandLineW` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle`
USER32.dll	`GetSysColor` `GetDialogBaseUnits` `GetSystemMetrics` `DrawTextW` `DestroyIcon` `GetClientRect` `FillRect` `IsWindow` `GetClassNameW` `EnableMenuItem` `GetSystemMenu` `SetFocus` `SetWindowPos` `GetWindowRect` `MoveWindow` `GetParent` `SetWindowTextW` `WinHelpW` `RedrawWindow` `OpenClipboard` `EmptyClipboard` `SetClipboardData` `CloseClipboard` `GetAsyncKeyState` `CreateDialogIndirectParamW` `PeekMessageW` `IsDialogMessageW` `WaitMessage` `DestroyWindow` `DialogBoxParamW` `GetDlgItem` `EnableWindow` `SendMessageW` `DrawIcon` `SetDlgItemTextW` `EndPaint` `BeginPaint` `RegisterClassExW` `DefWindowProcW` `PostQuitMessage` `KillTimer` `DispatchMessageW` `TranslateMessage` `GetMessageW` `LoadStringW` `SetForegroundWindow` `GetDlgItemInt` `IsWindowVisible` `SetTimer` `SystemParametersInfoW` `CreateWindowExW` `AllowSetForegroundWindow` `SetDlgItemInt` `LoadIconW` `GetWindowLongPtrW` `EndDialog` `PostMessageW` `MessageBoxW` `SetWindowLongPtrW` `IsDlgButtonChecked` `CheckDlgButton` `GetDlgItemTextW` `MessageBeep` `GetLastActivePopup` `GetActiveWindow` `SetRect` `GetWindow` `IsWindowEnabled` `ShowWindow` `GetWindowTextW`
GDI32.dll	`CreateSolidBrush` `CreateDCW` `DeleteDC` `DeleteObject` `SetBkColor` `SetTextColor` `CreateFontIndirectW` `GetTextExtentPoint32W` `SelectObject`
ADVAPI32.dll	`SetSecurityDescriptorDacl` `RegEnumKeyExW` `RegQueryInfoKeyW` `RegOpenKeyExW` `RegSetValueExW` `RegCloseKey` `RegQueryValueExW` `RegCreateKeyExW` `InitializeSecurityDescriptor`
OLEAUT32.dll	`SysFreeString` `VariantClear`
RPCRT4.dll	`UuidFromStringW`
SHELL32.dll	`SHGetSpecialFolderPathW` `SHCreateDirectoryExW`
ole32.dll	`CoInitializeEx` `StringFromGUID2`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.16769`
MD5	`c76b0708bf8c105d6293bb63c0b27e9c`
SHA1	`6baa0edd0e21400b181bc41df20d03b94589874b`
SHA256	`ed7c07c6c8c9b3b41c3c85a72402bd5b0484a544e73d9a7041ed02e91011166f`
SHA3	`db16f9acf6215389e4cc7d6802c8bb5bee5e99b18ec24056acf8fb15a20223bd`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.24094`
MD5	`3c210e92b4a9feb45bdb3e9e85544f6a`
SHA1	`7c9bb7a5119103fae27e701b5e08dd00a6aa8712`
SHA256	`c24f42a54c0fb9af0af6997310698123c4f59502997b71634f2b742f14077d88`
SHA3	`cc219d1d0130bde07cc5f7ca2055855a7ee5a8a4a4468ba2b1b3bf33242826d8`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x368`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.90061`
MD5	`feff0b36e5ce07d949abee0175f163aa`
SHA1	`5774e728b53c86f3a70bf7230540059ad69f7b32`
SHA256	`604e3a86895e68134666e2a0c33e6b5346d06ee12078ee09b322ff8292c04aed`
SHA3	`e444d70d9ae5eba0b0e99771a6971c0a75d6b004effd06e41b5d5d4ab43ca7a2`

133

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x30`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.64624`
Detected Filetype	Icon file
MD5	`17580f0214b5f005b5c69343b72180cd`
SHA1	`25c786e1bed20be5e46420bf6aaa7a966909fca4`
SHA256	`4cb122d219cd7aea7c4a18779e46d24d6e49eb3ebc109f2ccac2d0817a214ae1`
SHA3	`e194f817ae15a437b729157b4f16883c2a832c193cd5f0382e6380cb8c7876cd`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x324`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39622`
MD5	`9e8f79b22f28685fe8689eb5386961c2`
SHA1	`42520a7092fa9bf9a3ebc39cf1c1ae964ac5f6dd`
SHA256	`630de3706ed68c705bfa998827795af2c4b345225744e8da9a40c60e90a9febb`
SHA3	`52fabd338bbe05449b87beaee7e41ca45586e18156ac78c278abc2067c6899c8`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.33361`
MD5	`2dad67581b6045b42b6b71826468fea0`
SHA1	`5ce10c8dd774a76fb2285daca33cf3cdc874802b`
SHA256	`430703b3afcf40f753a6ba896f73d92f69bd231a931499a33407b97860d51844`
SHA3	`09b24861d5916cf65f831a8041df894670498814d86ce55c6ad5d7a022737e06`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	10.2.0.34
ProductVersion	10.2.0.34
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
Comments	CPUEater ProBalance Demo
FileDescription	CPUEater ProBalance Demo
InternalName	cpueater.exe
OriginalFilename	cpueater.exe
ProductName	Process Lasso
CompanyName	Bitsum LLC
FileVersion (#2)
LegalCopyright	(c)2021 Bitsum LLC
ProductVersion (#2)	10.2.0.34

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2021-Jul-30 19:43:56
Version	`0.0`
SizeofData	`50`
AddressOfRawData	`0x55600`
PointerToRawData	`0x54a00`
Referenced File	c:\pl\output\CPUEater.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2021-Jul-30 19:43:56
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x55634`
PointerToRawData	`0x54a34`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2021-Jul-30 19:43:56
Version	`0.0`
SizeofData	`1008`
AddressOfRawData	`0x55648`
PointerToRawData	`0x54a48`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2021-Jul-30 19:43:56
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x140055a58`
EndAddressOfRawData	`0x140055a60`
AddressOfIndex	`0x14005cdcc`
AddressOfCallbacks	`0x140043880`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14005b038`

RICH Header

XOR Key	`0x61cab02`
Unmarked objects	`0`
ASM objects (27412)	`10`
C objects (27412)	`19`
C++ objects (27412)	`173`
C objects (CVTCIL) (27412)	`1`
C objects (30034)	`18`
ASM objects (30034)	`10`
C++ objects (30034)	`88`
C++ objects (CVTCIL) (27412)	`1`
Imports (27412)	`27`
Total imports	`366`
C++ objects (LTCG) (VS2019 Update 10 (16.10.4) compiler 30040)	`43`
Resource objects (VS2019 Update 10 (16.10.4) compiler 30040)	`1`
151	`1`
Linker (VS2019 Update 10 (16.10.4) compiler 30040)	`1`

e984f1046e62ab2fabb4402992696610

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

_RDATA

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

133

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors