Manalyze report for eca7a1544e54814633505a9c43a5f281

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2021-Oct-22 23:59:31
Debug artifacts	D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb
CompanyName	ChatLange
FileDescription	ChatLange
FileVersion	`1.0.0.0`
InternalName	ChatLange.dll
LegalCopyright
OriginalFilename	ChatLange.dll
ProductName	ChatLange
ProductVersion	`1.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: go.microsoft.com https://aka.ms https://go.microsoft.com https://go.microsoft.com/fwlink/?linkid microsoft.com`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW LoadLibraryA` `Can access the registry: RegOpenKeyExW RegGetValueW RegCloseKey` `Possibly launches other programs: ShellExecuteW`
Suspicious	VirusTotal score: 1/64 (Scanned on 2021-12-03 19:46:41)	`Cylance: Unsafe`

Hashes

MD5	`eca7a1544e54814633505a9c43a5f281`
SHA1	`6cca6b7633f463c1e29e5bd1b8d0ca0a03f283d9`
SHA256	`e922cff89ee1832366a988bdaf3b632621e9c38d81e2055a5e7d557263133f9e`
SHA3	`bb9bb989f75245246a78c6bdb1759109a74c1365c6b66df6005804439c259703`
SSDeep	`3072:OwLEVbLoEZlKk7611VBzNkDqrB5bGEAd9/k3b:ORuk7611VBzhEEuM3`
Imports Hash	`6dbf27f4c70fe2c8ed3e0122ba75d641`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2021-Oct-22 23:59:31
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x18400`
SizeOfInitializedData	`0xc000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000013D50 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x2b000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x180000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b89b50329a2b7b03a651baf5525eb64e`
SHA1	`56bbab7a27b95e90ae435a28cc5073334fef91b7`
SHA256	`66ac76d22bbc7fab57dc82667453cde86a6a46f91a2da4788fb31bb8aebec6b0`
SHA3	`d0fa54d4cf0655ead958fbc2f3eba617b488cf6dcd4621a4193208b86316cf22`
VirtualSize	`0x1830c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x18400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.31203`

.rdata

MD5	`c6d7de9e4bfb975b9b7219eb50190a03`
SHA1	`9299568af63786db6a31da314c78d5684f85d71d`
SHA256	`47d8b0cb9e2863d984df58747047696b84be84c0b9b2b169b2f52f0a71e128f3`
SHA3	`8ff6870f2f84e0f9a44d29c5e9ee74f6af09ceab1a3bac5804854de445e17db6`
VirtualSize	`0x9202`
VirtualAddress	`0x1a000`
SizeOfRawData	`0x9400`
PointerToRawData	`0x18800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.52165`

.data

MD5	`832e1862f1a6533a94e9e46137c3d055`
SHA1	`4337cd7398a0554e17678ba6021e1b021624b6e8`
SHA256	`a2d456cd5bf307af533e6a7deefefa58b91efea05fe59a8b23dd872a0846c1de`
SHA3	`c81dfa2f7218c626750bcdcdc3e3c04ae8296e918f91834714c7c9a0ffe1820b`
VirtualSize	`0x14f8`
VirtualAddress	`0x24000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x21c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.46232`

.pdata

MD5	`0ce614da6c00576a17a8f44ee850616c`
SHA1	`5689477484a69c9bfb93d1b4ef77aca79d1ad216`
SHA256	`492799872a2845b09dc2b79b2f4e2327d99da0af7dc700e92f40964ab17a9dff`
SHA3	`c8298d73e96f086c7fc7fbe5ba2a9851a5adb83fdbf31bd9507c838541417f7f`
VirtualSize	`0x1404`
VirtualAddress	`0x26000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x22600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.82525`

_RDATA

MD5	`29e98a231776f5cea741579d3e1c86cc`
SHA1	`3d3a45556d669ce7363082b8a6f13ef752e16847`
SHA256	`a7552a62912e9153c826f96c5a3b5a6d81a19aa0cb3464e359fbfc86903cc459`
SHA3	`14421cab75fabdeb2f6b84a98ac089c3abe93c00bf1d2866a89f55ab3978f6a4`
VirtualSize	`0xf4`
VirtualAddress	`0x28000`
SizeOfRawData	`0x200`
PointerToRawData	`0x23c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.43963`

.rsrc

MD5	`0179245b37964f8f8e1165d6cbb8a9d5`
SHA1	`03e417df7e06806a4e296f2c80f9f74bd76df3c3`
SHA256	`aae918761537a014bf4f5fe211840d83fd6d92196181c3fdcc2bd9379b731f86`
SHA3	`d3ec8b59d81b40e7aec1d744a29200f42d3c381e5b5add5f03cb9510bc911f3a`
VirtualSize	`0x54c`
VirtualAddress	`0x29000`
SizeOfRawData	`0x600`
PointerToRawData	`0x23e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.61377`

.reloc

MD5	`e20c057f5db021474c35ac9d3a402fb2`
SHA1	`1f23d71a032de01057449fa6d3c407e46ff7b8ed`
SHA256	`9ee4f64319aa6d9e58b309c22c7a6a629d5e78de4663cb41048d13cdca5fbe1a`
SHA3	`4ecbf8be1975b5c4ac9f48fb98586853beec66e316f45715d28497bda1c966ea`
VirtualSize	`0x318`
VirtualAddress	`0x2a000`
SizeOfRawData	`0x400`
PointerToRawData	`0x24400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.68097`

Imports

KERNEL32.dll	`FindNextFileW` `GetCurrentProcess` `GetModuleHandleExW` `GetModuleFileNameW` `LeaveCriticalSection` `InitializeCriticalSection` `GetEnvironmentVariableW` `FindClose` `MultiByteToWideChar` `GetLastError` `GetFileAttributesExW` `GetFullPathNameW` `GetProcAddress` `DeleteCriticalSection` `WideCharToMultiByte` `IsWow64Process` `LoadLibraryExW` `FreeLibrary` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `EnterCriticalSection` `FindFirstFileExW` `OutputDebugStringW` `LoadLibraryA` `GetModuleHandleW` `InitializeCriticalSectionAndSpinCount` `SetLastError` `RaiseException` `RtlPcToFileHeader` `RtlUnwindEx` `InitializeSListHead` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `GetCurrentProcessId` `QueryPerformanceCounter` `IsDebuggerPresent` `IsProcessorFeaturePresent` `TerminateProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `LCMapStringEx` `DecodePointer` `EncodePointer` `InitializeCriticalSectionEx` `GetStringTypeW`
USER32.dll	`MessageBoxW`
SHELL32.dll	`ShellExecuteW`
ADVAPI32.dll	`RegOpenKeyExW` `RegGetValueW` `DeregisterEventSource` `RegisterEventSourceW` `ReportEventW` `RegCloseKey`
api-ms-win-crt-runtime-l1-1-0.dll	`_exit` `__p___argc` `_initterm_e` `_initterm` `_get_initial_wide_environment` `_invalid_parameter_noinfo_noreturn` `_initialize_wide_environment` `_configure_wide_argv` `_initialize_onexit_table` `_set_app_type` `__p___wargv` `_seh_filter_exe` `_register_onexit_function` `_cexit` `terminate` `_errno` `exit` `abort` `_crt_atexit` `_c_exit` `_register_thread_local_exe_atexit_callback`
api-ms-win-crt-stdio-l1-1-0.dll	`setvbuf` `fflush` `_wfopen` `__stdio_common_vswprintf` `__stdio_common_vfwprintf` `_set_fmode` `__stdio_common_vsprintf_s` `__acrt_iob_func` `fputwc` `fputws` `__p__commode`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `_callnewh` `free` `malloc` `calloc`
api-ms-win-crt-string-l1-1-0.dll	`wcsnlen` `strcpy_s` `_wcsdup` `strcspn` `wcsncmp` `toupper`
api-ms-win-crt-convert-l1-1-0.dll	`_wtoi` `wcstoul`
api-ms-win-crt-locale-l1-1-0.dll	`setlocale` `___lc_locale_name_func` `localeconv` `_unlock_locales` `_lock_locales` `___mb_cur_max_func` `_configthreadlocale` `__pctype_func` `___lc_codepage_func`
api-ms-win-crt-math-l1-1-0.dll	`frexp` `__setusermatherr`
api-ms-win-crt-time-l1-1-0.dll	`_gmtime64_s` `_time64` `wcsftime`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2c0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.23559`
MD5	`75c2ff6ea095e210a8e1019d03d7db46`
SHA1	`0ac8e8f87c7fa5ceb17a6ccd6948d0da67e9ecb1`
SHA256	`3e91698956d3e31de746cf9491f3de4e02a0bbfd80a9f889bf20f117e06d478a`
SHA3	`f856a540c75d079089084c5ced9c1a3d66ee3407fd93aa412b1b19104149676b`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	ChatLange
FileDescription	ChatLange
FileVersion (#2)	1.0.0.0
InternalName	ChatLange.dll
LegalCopyright
OriginalFilename	ChatLange.dll
ProductName	ChatLange
ProductVersion (#2)	1.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2021-Oct-22 23:59:31
Version	`0.0`
SizeofData	`109`
AddressOfRawData	`0x1fa70`
PointerToRawData	`0x1e270`
Referenced File	D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2021-Oct-22 23:59:31
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x1fae0`
PointerToRawData	`0x1e2e0`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2021-Oct-22 23:59:31
Version	`0.0`
SizeofData	`944`
AddressOfRawData	`0x1faf4`
PointerToRawData	`0x1e2f4`

TLS Callbacks

StartAddressOfRawData	`0x14001fec8`
EndAddressOfRawData	`0x14001fed8`
AddressOfIndex	`0x1400254e0`
AddressOfCallbacks	`0x14001a4d0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140024020`
GuardCFCheckFunctionPointer	`5368816648`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x2ee2c458`
Unmarked objects	`0`
C objects (30034)	`12`
ASM objects (30034)	`10`
C++ objects (30034)	`77`
Imports (VS2008 SP1 build 30729)	`16`
Imports (27412)	`9`
Total imports	`162`
265 (30133)	`10`
Linker (30133)	`1`

eca7a1544e54814633505a9c43a5f281

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

_RDATA

.rsrc

.reloc

Imports

Delayed Imports

1

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors