Manalyze report for ec0cdaf22a48b5564ba9a5343447dd95

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2021-Jun-22 02:02:59
Detected languages	English - United States
TLS Callbacks	1 callback(s) detected.
CompanyName	www.mariondata.com
FileDescription	MDS ComputeShare Job Processor
FileVersion	`0.1.0`
LegalCopyright	Copyright (C) 2021 mariondata.com
ProductName	MDS ComputeShare Task
ProductVersion	`0.1.0`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: compute.mariondata.com mariondata.com www.mariondata.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA256`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryExW` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Leverages the raw socket API to access the Internet: gethostbyname WSASetLastError WSAStartup select WSARecvFrom WSASocketW WSASend WSARecv WSAIoctl socket shutdown setsockopt getsockopt ioctlsocket closesocket bind WSAGetLastError htonl htons` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Interacts with services: CreateServiceW QueryServiceStatus OpenSCManagerW QueryServiceConfigA DeleteService ControlService OpenServiceW`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`ec0cdaf22a48b5564ba9a5343447dd95`
SHA1	`4aa4cd22dd6365d4884e05cdbb68db1099c8286f`
SHA256	`cf644a049874487ceb3d8a971edd1b67169a76bbf9d22dfcb9deb74095eb3f5e`
SHA3	`6d33ae75b7cec586ecddea3a4cf16b175b825621a0cd123d16d8fd43a4d0f129`
SSDeep	`12288:6hhojayyNKBR6x8dBvVBkrY2pbUqQDwP/xDaeuz0P/fov7ty:w+WXwBfdBvjIlBae00PqBy`
Imports Hash	`f7a81f51c8d3bfacd28c5587a005bebe`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`8`
TimeDateStamp	2021-Jun-22 02:02:59
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x85200`
SizeOfInitializedData	`0x2bf400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000005C81C (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x349000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b55c7369f4f06069fc771ce229ae135c`
SHA1	`ada6691a197dd4165d9c72543f500171e94e307e`
SHA256	`478611e75a5396b3c30f7aa08f26cf1240b17889f4459c07191bad7d493b79b6`
SHA3	`9764d294b0c52691cf94a1c391ad42c00b6a9b1f2332e4b6826de954580d5626`
VirtualSize	`0x85124`
VirtualAddress	`0x1000`
SizeOfRawData	`0x85200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.54181`

.rdata

MD5	`603ce57a2f06607b2aaaf6d6046f3eca`
SHA1	`6780b1a703cec77eb9ae843474602770d3dccce6`
SHA256	`16197e03a753d1361de7260c78d272d1c526c78f98611512d3f41cb901ecf469`
SHA3	`ad7b9f455bd40ac55222046cefbd4322bd8441761616e84251ec924976cd8460`
VirtualSize	`0x23a0e`
VirtualAddress	`0x87000`
SizeOfRawData	`0x23c00`
PointerToRawData	`0x85600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.41172`

.data

MD5	`7dfae72dc46ad58d18b6246b15ce8646`
SHA1	`996820f05e3b16466e031bb4d464afd7c0cf0f97`
SHA256	`73201cb542c79633b1c4e0bbf811414ce87f801a5323789d3c347aa33c9a7250`
SHA3	`597a3126420386f0d151f5c6a7c1e342dbc1ab258a73331135a877ead2667d8d`
VirtualSize	`0x292ee4`
VirtualAddress	`0xab000`
SizeOfRawData	`0x3200`
PointerToRawData	`0xa9200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.96296`

.pdata

MD5	`cdcaa85678969979e177664bb3a66710`
SHA1	`4b7ed8490a3e16c288d4b8c20cda6a2cd2495f18`
SHA256	`bb36673a0fd00a21ab04d12e5ec338106dea32dd18ddfccca5620608379e6f72`
SHA3	`db57aad72283d885dcba929a482fd1785a1685c00c23bb7f0bead3532d0fd388`
VirtualSize	`0x60f0`
VirtualAddress	`0x33e000`
SizeOfRawData	`0x6200`
PointerToRawData	`0xac400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.76333`

_RDATA

MD5	`09975d486c3e27eb240091b43a69248c`
SHA1	`c89a392af83b982277c690ec39e8d26f7d6c1498`
SHA256	`4120c5c4b3d88550e3066892bc745e4bc5bc33ec91b510cfcd67b3b6972810cc`
SHA3	`9e89b53e314a31e9742bed1acab8990391e8787d0e89fe3c3a6e6c940736e59d`
VirtualSize	`0xc97`
VirtualAddress	`0x345000`
SizeOfRawData	`0xe00`
PointerToRawData	`0xb2600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.74267`

_RDATA (#2)

MD5	`32d44e5b95793c1954c273de4b2e32f9`
SHA1	`26daad1f5c3f86fdf069ae7b7f85901bb67d41a0`
SHA256	`eab19fc912b764662d3f59f6f7b01f4b028eb5f7ba9a21ee59eb907d8800bb33`
SHA3	`8027f21906672b6c69e94f6d7014b58bd1b461c4743177754efe1ad664ac2a65`
VirtualSize	`0xf4`
VirtualAddress	`0x346000`
SizeOfRawData	`0x200`
PointerToRawData	`0xb3400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.42966`

.rsrc

MD5	`9e3b3ade567615399f6e1dcb4228cc24`
SHA1	`92959f4d1c9d15870e9cdc8834c035051cb378c4`
SHA256	`497b56baa349cff85180bc565f96aa707687de5313252a91153c24b5235d3075`
SHA3	`6c77f5b81aacd4b0656c2c9476e6f144cf6a827967a864e4fdd55d2e3b47442c`
VirtualSize	`0x4c8`
VirtualAddress	`0x347000`
SizeOfRawData	`0x600`
PointerToRawData	`0xb3600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.58141`

.reloc

MD5	`3a733f9cf440e4aa8f2584676c0c06fe`
SHA1	`0d69319f5b80b3f17571ac80178efefe88eae058`
SHA256	`bc83923a86e653cc15e7258d1568be6a11923efd3e9cc37b795ba63bd4afff61`
SHA3	`95107ddd040e9d7650d9f0bafe7fe1f23a5a60714e75ab266b8049b063354412`
VirtualSize	`0xf14`
VirtualAddress	`0x348000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xb3c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.3284`

Imports

WS2_32.dll	`gethostbyname` `WSASetLastError` `WSAStartup` `select` `WSARecvFrom` `WSASocketW` `WSASend` `WSARecv` `WSAIoctl` `socket` `shutdown` `setsockopt` `getsockopt` `ioctlsocket` `closesocket` `bind` `WSAGetLastError` `htonl` `htons`
KERNEL32.dll	`ExitThread` `CreateThread` `WriteConsoleW` `GetStdHandle` `SetConsoleMode` `GetConsoleMode` `GetComputerNameA` `SetThreadAffinityMask` `SetPriorityClass` `GetCurrentProcess` `SetThreadPriority` `Sleep` `GetCurrentThread` `GetProcAddress` `GetModuleHandleW` `VirtualFree` `VirtualAlloc` `GetLargePageMinimum` `LocalAlloc` `GetLastError` `CloseHandle` `LocalFree` `GetCurrentThreadId` `AddVectoredExceptionHandler` `DeviceIoControl` `GetModuleFileNameW` `CreateFileW` `GetFileType` `PostQueuedCompletionStatus` `CreateFileA` `DuplicateHandle` `SetEvent` `ResetEvent` `WaitForSingleObject` `CreateEventA` `QueueUserWorkItem` `RegisterWaitForSingleObject` `UnregisterWait` `WideCharToMultiByte` `GetNumberOfConsoleInputEvents` `ReadConsoleInputW` `ReadConsoleW` `FillConsoleOutputCharacterW` `FillConsoleOutputAttribute` `GetConsoleCursorInfo` `SetConsoleCursorInfo` `GetConsoleScreenBufferInfo` `SetConsoleCursorPosition` `SetConsoleTextAttribute` `WriteConsoleInputW` `InitializeCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `SetConsoleCtrlHandler` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetEnvironmentVariableW` `SetLastError` `QueryPerformanceCounter` `QueryPerformanceFrequency` `GetCurrentProcessId` `GlobalMemoryStatusEx` `GetSystemInfo` `GetSystemTimeAsFileTime` `MultiByteToWideChar` `FreeLibraryAndExitThread` `SetHandleInformation` `CreateIoCompletionPort` `CancelIo` `SwitchToThread` `SetFileCompletionNotificationModes` `SetErrorMode` `GetQueuedCompletionStatus` `FlushFileBuffers` `ReadFile` `WriteFile` `ConnectNamedPipe` `PeekNamedPipe` `CreateNamedPipeW` `CancelIoEx` `CancelSynchronousIo` `DeleteCriticalSection` `TerminateProcess` `GetExitCodeProcess` `UnregisterWaitEx` `LCMapStringW` `GetLongPathNameW` `ReadDirectoryChangesW` `DebugBreak` `FormatMessageA` `TryEnterCriticalSection` `InitializeConditionVariable` `WakeConditionVariable` `WakeAllConditionVariable` `RtlUnwind` `ReleaseSemaphore` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `GetNativeSystemInfo` `CreateSemaphoreA` `GetModuleHandleA` `LoadLibraryA` `FindClose` `FindNextFileW` `GetFileSizeEx` `SetFilePointerEx` `GetStartupInfoW` `SetStdHandle` `LoadLibraryExW` `FreeLibrary` `RaiseException` `RtlPcToFileHeader` `RtlUnwindEx` `GetModuleHandleExW` `GetConsoleCP` `ExitProcess` `GetCommandLineA` `GetCommandLineW` `HeapAlloc` `HeapFree` `CompareStringW` `GetLocaleInfoW` `IsValidLocale` `GetUserDefaultLCID` `EnumSystemLocalesW` `GetTimeZoneInformation` `HeapReAlloc` `HeapSize` `FindFirstFileExW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetProcessHeap` `SleepConditionVariableCS` `InitializeSRWLock` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `InitializeCriticalSectionEx` `WaitForSingleObjectEx` `GetExitCodeThread` `SleepConditionVariableSRW` `EncodePointer` `DecodePointer` `LCMapStringEx` `GetStringTypeW` `GetCPInfo` `InitializeCriticalSectionAndSpinCount` `CreateEventW` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsProcessorFeaturePresent` `IsDebuggerPresent` `InitializeSListHead`
USER32.dll	`MapVirtualKeyW` `DispatchMessageA` `TranslateMessage` `GetSystemMetrics` `GetMessageA`
ADVAPI32.dll	`CreateServiceW` `QueryServiceStatus` `CloseServiceHandle` `OpenSCManagerW` `QueryServiceConfigA` `DeleteService` `ControlService` `StartServiceW` `OpenServiceW` `LookupPrivilegeValueW` `AdjustTokenPrivileges` `OpenProcessToken` `LsaOpenPolicy` `LsaAddAccountRights` `LsaClose` `GetTokenInformation`

Delayed Imports

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x29c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.33354`
MD5	`2aecd07f55bd54895b6d08e0cd32a306`
SHA1	`0f1c63077d36943fc85818fd25151f3e1052e447`
SHA256	`4b79b910f784b2a5e707c0c900a8dea0ff035da525826b6cd8339892354d2141`
SHA3	`79118bd1c0f4178e02d20582c9c0e1bd024d7265494db488b627aed80af0c810`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.1.1.0
ProductVersion	0.1.1.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	www.mariondata.com
FileDescription	MDS ComputeShare Job Processor
FileVersion (#2)	0.1.0
LegalCopyright	Copyright (C) 2021 mariondata.com
ProductName	MDS ComputeShare Task
ProductVersion (#2)	0.1.0

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2021-Jun-22 02:02:59
Version	`0.0`
SizeofData	`1104`
AddressOfRawData	`0xa0660`
PointerToRawData	`0x9ec60`

TLS Callbacks

StartAddressOfRawData	`0x1400a0ad0`
EndAddressOfRawData	`0x1400a0af8`
AddressOfIndex	`0x1403385f0`
AddressOfCallbacks	`0x140087928`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`0x000000014005C544`

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1400ab090`

RICH Header

XOR Key	`0x731e0387`
Unmarked objects	`0`
ASM objects (26213)	`10`
C objects (26213)	`22`
C++ objects (26213)	`180`
253 (28518)	`4`
C objects (30034)	`17`
ASM objects (30034)	`10`
C++ objects (30034)	`92`
Imports (26213)	`13`
Total imports	`304`
C objects (VS2019 Update 9 (16.9.0-1) compiler 29910)	`28`
265 (30038)	`101`
ASM objects (30038)	`1`
Resource objects (30038)	`1`
151	`1`
Linker (30038)	`1`

ec0cdaf22a48b5564ba9a5343447dd95

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

_RDATA

_RDATA (#2)

.rsrc

.reloc

Imports

Delayed Imports

1

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors