Manalyze report for ea38355b2094b9dec3e861a8a13d42da

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2017-Feb-20 10:20:02
Detected languages	English - United States Russian - Russia
CompanyName	TODO: <Company name>
FileDescription	TODO: <File description>
FileVersion	`1.0.0.1`
InternalName	NewTempl.exe
LegalCopyright	Copyright (C) 2017
OriginalFilename	NewTempl.exe
ProductName	TODO: <Product name>
ProductVersion	`1.0.0.1`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Suspicious	The PE is possibly packed.	`Unusual section name found: .er`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Enumerates local disk drives: GetLogicalDriveStringsA`
Info	No VirusTotal score.	`A scan if the file is currently queued.`

Hashes

MD5	`ea38355b2094b9dec3e861a8a13d42da`
SHA1	`1f1685834c0ee1386e2a2e4d17d161826afc015e`
SHA256	`892045a33b05f606d39e6f23f1fc824b2b67d53d7cf15d8e586aa750aa572dad`
SHA3	`5fa80fa1619abced69cf4c0c5a36ac85af6937f3d01e50d05743e49cdb39f636`
SSDeep	`12288:cCCQK6uuswOpRVR54lQXu2kKIzUEy9YgznZrG:QZnR5m2u2kTz095b`
Imports Hash	`3eb575ceb87310c646e7ae2c8209ecc0`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`7`
TimeDateStamp	2017-Feb-20 10:20:02
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x19200`
SizeOfInitializedData	`0x13400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00006C58 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x1b000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x169000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`018ff67869662a0f600fa18f9276b615`
SHA1	`029e24257f07ebb04cc29d69bca4224318613e00`
SHA256	`fa234d0164e7878803de9a140a3a6427cebb41234447c3a4391c81e3d435a414`
SHA3	`d3fea846374173e8e35a62e328873c8ab608018558b3b79aab8832d0a2669caa`
VirtualSize	`0x1906b`
VirtualAddress	`0x1000`
SizeOfRawData	`0x19200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.65587`

.rdata

MD5	`95030f706ff06de8ccbd4bf59c7edd35`
SHA1	`321b0aa8d578f96447db4640a08a9ea9278969f5`
SHA256	`c5a8078241a40fe731b43ae9cb731e431bdab4d77d978a5f480b3b0e43b4da7d`
SHA3	`718ce919e3ce1243a10056cc2c25b6f3720a23740064e7a9bbdc35ba89bd42eb`
VirtualSize	`0xc792`
VirtualAddress	`0x1b000`
SizeOfRawData	`0xc800`
PointerToRawData	`0x19600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.46146`

.data

MD5	`bf82294b0bdca34763a5c1bfa6cb67f1`
SHA1	`6192482fd83aaed6a8c142ff6b18599daba9ffe4`
SHA256	`a55b2c5e08219a48ab6be3ebab57f98735e7ff6fda67b28b46065d06389be0dc`
SHA3	`2f61c2169d5175bf118e0e9538a2d04a94f3f304d7455c422539a8582774575a`
VirtualSize	`0x1a78`
VirtualAddress	`0x28000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x25e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.04604`

.gfids

MD5	`4007d8224e1e89b88a74d6ca64d2cc3e`
SHA1	`5ef9083dc946c3916e24c5b671db82eba7606a2a`
SHA256	`ae4e048f6f59fc705187bac396f5ace09bf1a53676a676555d291e2f4d1b2d63`
SHA3	`d0cc2c7f28c9ec1f48e673eba95012296dff4d8c913e3ddde6a66d492cf6eebf`
VirtualSize	`0x1d0`
VirtualAddress	`0x2a000`
SizeOfRawData	`0x200`
PointerToRawData	`0x26c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.30362`

.rsrc

MD5	`7c35b3930cf8a86e655b0732ab3afefd`
SHA1	`01dea6f19ef57fda1c79100421a869238122b9f6`
SHA256	`a52f585ae876cd32035d4d09c4b80ee8fc340c3ac1d93d21b64256b978091725`
SHA3	`8d2d6155127c21da133df79fda9128ad12ce154cb7e76794ff314a5ebb3e3f2e`
VirtualSize	`0x31f8`
VirtualAddress	`0x2b000`
SizeOfRawData	`0x3200`
PointerToRawData	`0x26e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.39746`

.reloc

MD5	`b4795cfbdf87ce8f004343b509472252`
SHA1	`b11cd843e65d7c70246c5a1f4013908430a10747`
SHA256	`11d5fd1459b4e37cb8bf660abc55bc390f81596b2e74398e4e01c9ad036387bc`
SHA3	`c87e06858bd5d37f06ac6180d65780006260b79733f3a6d353545b165cacce24`
VirtualSize	`0x1bd8`
VirtualAddress	`0x2f000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0x2a000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.54152`

.er

MD5	`b3f27cb54ef2cf1ba46ed2080b2928fb`
SHA1	`f7ddbc9e694aa233713d7b52d7357ff57f2c0d82`
SHA256	`141ef380f7b79bb9ae70c7d209c65d559a496b8710ecac5c39551fca9b0d617f`
SHA3	`0088f64f9c207e9e0c5ed75aa1dc59b79d9e801508a4d03c4d573857e8d61722`
VirtualSize	`0x138000`
VirtualAddress	`0x31000`
SizeOfRawData	`0x137f00`
PointerToRawData	`0x2bc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.08475`

Imports

KERNEL32.dll	`GetLogicalDriveStringsA` `QueryDosDeviceA` `GetLastError` `VirtualProtect` `WriteConsoleW` `FlushFileBuffers` `WideCharToMultiByte` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `EncodePointer` `DecodePointer` `SetLastError` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `GetSystemTimeAsFileTime` `GetModuleHandleW` `GetProcAddress` `MultiByteToWideChar` `GetStringTypeW` `LCMapStringW` `GetLocaleInfoW` `GetCPInfo` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `InitializeSListHead` `IsDebuggerPresent` `GetStartupInfoW` `RaiseException` `RtlUnwind` `FreeLibrary` `LoadLibraryExW` `HeapAlloc` `HeapReAlloc` `HeapFree` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `ExitProcess` `GetModuleHandleExW` `GetACP` `IsValidLocale` `GetUserDefaultLCID` `EnumSystemLocalesW` `GetProcessHeap` `GetFileType` `CloseHandle` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetOEMCP` `GetCommandLineA` `GetCommandLineW` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `HeapSize` `GetConsoleCP` `GetConsoleMode` `SetFilePointerEx` `CreateFileW`
SHELL32.dll	`SHGetFolderPathW`

Delayed Imports

462

Type	`AFX_DIALOG_LAYOUT`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`c4103f122d27677c9db144cae1394a66`
SHA1	`1489f923c4dca729178b3e3233458550d8dddf29`
SHA256	`96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7`
SHA3	`762ba6a3d9312bf3e6dc71e74f34208e889fc44e6ff400724deecfeda7d5b3ce`

472

Type	`AFX_DIALOG_LAYOUT`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`c4103f122d27677c9db144cae1394a66`
SHA1	`1489f923c4dca729178b3e3233458550d8dddf29`
SHA256	`96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7`
SHA3	`762ba6a3d9312bf3e6dc71e74f34208e889fc44e6ff400724deecfeda7d5b3ce`

473

Type	`AFX_DIALOG_LAYOUT`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`c4103f122d27677c9db144cae1394a66`
SHA1	`1489f923c4dca729178b3e3233458550d8dddf29`
SHA256	`96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7`
SHA3	`762ba6a3d9312bf3e6dc71e74f34208e889fc44e6ff400724deecfeda7d5b3ce`

474

Type	`AFX_DIALOG_LAYOUT`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`c4103f122d27677c9db144cae1394a66`
SHA1	`1489f923c4dca729178b3e3233458550d8dddf29`
SHA256	`96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7`
SHA3	`762ba6a3d9312bf3e6dc71e74f34208e889fc44e6ff400724deecfeda7d5b3ce`

475

Type	`AFX_DIALOG_LAYOUT`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`c4103f122d27677c9db144cae1394a66`
SHA1	`1489f923c4dca729178b3e3233458550d8dddf29`
SHA256	`96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7`
SHA3	`762ba6a3d9312bf3e6dc71e74f34208e889fc44e6ff400724deecfeda7d5b3ce`

1

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.27187`
MD5	`5e031e175f424914de9781e12fafcef3`
SHA1	`30ba8a60ab31f18282fdce3a4ce6e3aa9755b713`
SHA256	`d2b3d259f74db2a890a028e836c3489c67d74c43fb9eb49f02bb4e89f798e046`
SHA3	`5ad3aa2694a7805e7c958501121a2103a4992e07a39941b8a6df79d8f4f03479`

462 (#2)

Type	`RT_DIALOG`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x9c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.77251`
MD5	`84fb8053cadc469cd40f1ebea2d7d635`
SHA1	`ebd7aa33235a862044fee6acd9e026f84f9b9a1b`
SHA256	`b833d967d2f4da0a2cd9d1b20d63d45f4a76aa471ff3c23a2f4a09d1e719b0c0`
SHA3	`721dc3a927294948f4d90d422bd1b9d80f4c5b65d0642a7f2916c8a432ae2625`

472 (#2)

Type	`RT_DIALOG`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x9c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.77251`
MD5	`84fb8053cadc469cd40f1ebea2d7d635`
SHA1	`ebd7aa33235a862044fee6acd9e026f84f9b9a1b`
SHA256	`b833d967d2f4da0a2cd9d1b20d63d45f4a76aa471ff3c23a2f4a09d1e719b0c0`
SHA3	`721dc3a927294948f4d90d422bd1b9d80f4c5b65d0642a7f2916c8a432ae2625`

473 (#2)

Type	`RT_DIALOG`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x9c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.77251`
MD5	`84fb8053cadc469cd40f1ebea2d7d635`
SHA1	`ebd7aa33235a862044fee6acd9e026f84f9b9a1b`
SHA256	`b833d967d2f4da0a2cd9d1b20d63d45f4a76aa471ff3c23a2f4a09d1e719b0c0`
SHA3	`721dc3a927294948f4d90d422bd1b9d80f4c5b65d0642a7f2916c8a432ae2625`

474 (#2)

Type	`RT_DIALOG`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x9c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.77251`
MD5	`84fb8053cadc469cd40f1ebea2d7d635`
SHA1	`ebd7aa33235a862044fee6acd9e026f84f9b9a1b`
SHA256	`b833d967d2f4da0a2cd9d1b20d63d45f4a76aa471ff3c23a2f4a09d1e719b0c0`
SHA3	`721dc3a927294948f4d90d422bd1b9d80f4c5b65d0642a7f2916c8a432ae2625`

475 (#2)

Type	`RT_DIALOG`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x9c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.77251`
MD5	`84fb8053cadc469cd40f1ebea2d7d635`
SHA1	`ebd7aa33235a862044fee6acd9e026f84f9b9a1b`
SHA256	`b833d967d2f4da0a2cd9d1b20d63d45f4a76aa471ff3c23a2f4a09d1e719b0c0`
SHA3	`721dc3a927294948f4d90d422bd1b9d80f4c5b65d0642a7f2916c8a432ae2625`

101

Type	`RT_GROUP_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91924`
Detected Filetype	Icon file
MD5	`6da8e7d5ae1d5d15e0230a67a7c16c6d`
SHA1	`678db52cbe5d617c33c6269bfd4b6d8d1a17f956`
SHA256	`6eb54801f91b6d8effccbfaefe6b2d7705a274a75940e6226e24e0d4ec58c396`
SHA3	`994fc217c7b8bc8008ac262ff58044403206de6eceafd424d4640ecad395eb2f`

1 (#2)

Type	`RT_VERSION`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x300`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.37708`
MD5	`7d0da86de2776c9db5558abd9fbacf3f`
SHA1	`f28a10aefa2854ed1e2e96a525961b004efa3a22`
SHA256	`e4e93bd33f1e906725cb9623c38ffd3be90a15ef565951befb2b5bc13c4c45c2`
SHA3	`5d73a0cdb8bff884c76540c74f1714aa92cee5efe57eb997c419ed9eccd7cfa1`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x27f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.06185`
MD5	`8c0370eb0d498578518de0d16659b1dd`
SHA1	`cb5a096dcb608211efd91da58513d2840e8ea50c`
SHA256	`6dbd966a60b703ef6fa0ef925272fb6be4e4bccd11f6cc78190348ff8714c3a2`
SHA3	`abd6f7aee429b91e99c15881d431d0d4c33846e819a2e36cddd030274400e350`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.1
ProductVersion	1.0.0.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	Russian - Russia
CompanyName	TODO: <Company name>
FileDescription	TODO: <File description>
FileVersion (#2)	1.0.0.1
InternalName	NewTempl.exe
LegalCopyright	Copyright (C) 2017
OriginalFilename	NewTempl.exe
ProductName	TODO: <Product name>
ProductVersion (#2)	1.0.0.1

Resource LangID	Russian - Russia

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2017-Feb-20 10:20:02
Version	`0.0`
SizeofData	`864`
AddressOfRawData	`0x260f0`
PointerToRawData	`0x246f0`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2017-Feb-20 10:20:02
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x5c`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x42806c`
SEHandlerTable	`0x426070`
SEHandlerCount	`32`

RICH Header

XOR Key	`0x5fb60089`
Unmarked objects	`0`
241 (40116)	`12`
243 (40116)	`134`
242 (40116)	`29`
ASM objects (VS2015 UPD3 build 24123)	`20`
C++ objects (VS2015 UPD3 build 24123)	`51`
C objects (VS2015 UPD3 build 24123)	`34`
Imports (65501)	`5`
Total imports	`92`
265 (VS2015 UPD3 build 24210)	`3`
Resource objects (VS2015 UPD3 build 24210)	`1`
151	`1`
Linker (VS2015 UPD3 build 24210)	`1`

ea38355b2094b9dec3e861a8a13d42da

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.gfids

.rsrc

.reloc

.er

Imports

Delayed Imports

462

472

473

474

475

1

462 (#2)

472 (#2)

473 (#2)

474 (#2)

475 (#2)

101

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors