Manalyze report for eee28e8f5fcc61bf885b43adad78bdc9eb0e8c91c15e30538de0680ba043721d

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2023-Mar-16 07:56:45
Detected languages	English - United States
Debug artifacts	C:\MyWork\Git\WebDispatcher11_2_SFR\WebDispatcherV2\plugin\source\DispatcherPluginProj\firebreath\NativeMessageHost\RelWithDebInfo\FireWyrmNativeMessageHost.pdb
CompanyName	Kodiak Networks Motorola Solutions
FileDescription	WebDispatcher Plugin
FileVersion	`1.0.0.0`
InternalName	FireWyrm.exe
LegalCopyright	Copyright (C) 2023 Kodiak Networks Motorola Solutions
OriginalFilename	FireWyrm.exe
ProductName	WebDispatcher
ProductVersion	`1.0.0.0`

Plugin Output

Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryW LoadLibraryExW` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Can access the registry: RegEnumKeyExW RegOpenKeyExW RegQueryValueExW RegCloseKey` `Can create temporary files: CreateFileW GetTempPathW` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect`
Info	The PE is digitally signed.	`Signer: KODIAK NETWORKS INDIA PRIVATE LIMITED` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Safe	VirusTotal score: 0/75 (Scanned on 2024-08-01 15:20:50)	`All the AVs think this file is safe.`

Hashes

MD5	`fab80146c90ba11c3cb5877afbb20b0e`
SHA1	`8157c9688c9d2ae590318f56f425570d4fabbf3a`
SHA256	`eee28e8f5fcc61bf885b43adad78bdc9eb0e8c91c15e30538de0680ba043721d`
SHA3	`a3096dcf51463278187513741c01eaee869ffdc3ccdb48de9a517244b429e882`
SSDeep	`12288:B4aciXd8tcJOfTF14//Z4uBp4z89+4q0KA+Q+Sz56WAjKSEVYcYdDD3OnYFwSy/W:B4aciROfTKA3EOrFwSO0FPrMw42eebT`
Imports Hash	`356e484420585971769fe92cba81789a`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2023-Mar-16 07:56:45
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`12.0`
SizeOfCode	`0xe4000`
SizeOfInitializedData	`0x5da00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000055000 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x146000`
SizeOfHeaders	`0x400`
Checksum	`0x143dab`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`4fe106032580e03c2c00e1d8d74bab90`
SHA1	`35ce4cda87dcec3bb8d75f8cfc38fd26fa098fd5`
SHA256	`3f63d5814b79fe5751eaf085abf908b455bb87a3976ab91ca3851c5f81cb0f7f`
SHA3	`5d7dda7738fa7e0cc60940c066c63f2780d7be5c2fa352dc1db9e4b0f251f8ec`
VirtualSize	`0xe3e30`
VirtualAddress	`0x1000`
SizeOfRawData	`0xe4000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.40185`

.rdata

MD5	`25a32cb55718711539dcc3e5fadb16d5`
SHA1	`a9149ddd829c307882ad5e21190d59c30d54320f`
SHA256	`dfebce52c07b5de6eaeb227b58a3a37ae8533630de2f51383183b680ea29dbdc`
SHA3	`196dfbb953f2d408c1a29541840188427a6c9e367b017358e2cb5d6839f86efc`
VirtualSize	`0x4053a`
VirtualAddress	`0xe5000`
SizeOfRawData	`0x40600`
PointerToRawData	`0xe4400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.72517`

.data

MD5	`77358569ac841ce24e3ff297dea91f6f`
SHA1	`338a55f7ffb56667b8ea844851d2bce22a222380`
SHA256	`7350796eff984f0af57f3fdebcdb877868cab6a6fdd331f810ddedd3746d233b`
SHA3	`9aee07e86a9af1e5cd71e9c4a74c153059a01763997d057dc53a6b0ad7e9393f`
VirtualSize	`0xc360`
VirtualAddress	`0x126000`
SizeOfRawData	`0x5200`
PointerToRawData	`0x124a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.23915`

.pdata

MD5	`261728a6c1ad8331573c165626c03b0d`
SHA1	`2c4759f13e4f111a9f6cc7a4cf9d841ac9ca0382`
SHA256	`ddba5e1a01ae6f922b9f650834f40892eb62ae1d407c755691078ae179057b12`
SHA3	`33b23b1fad4e98234c263d7213468f7193834b525d3591bed4a42d19fa9917f8`
VirtualSize	`0xf06c`
VirtualAddress	`0x133000`
SizeOfRawData	`0xf200`
PointerToRawData	`0x129c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.08697`

.rsrc

MD5	`b7a66b7a68aaa88c1e5beb9ea08a9da1`
SHA1	`691143f351c7afad1adb76d2554bae4bf0ba6abe`
SHA256	`94e03d1805480d6b70c1df6850f6d28d03c9bbde55f959951994b11b80a984cd`
SHA3	`b3358b69b170f280b8ecbc27be6bb9cabd9a7e56e2daef29175d8e1e1e01fc8e`
VirtualSize	`0x568`
VirtualAddress	`0x143000`
SizeOfRawData	`0x600`
PointerToRawData	`0x138e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.85539`

.reloc

MD5	`26d8ae382faabfbbcc9897c01666e2b8`
SHA1	`fc1e83a39598f82bf1f2e4315feb6d638c1d50d3`
SHA256	`a05efb991c43e95bc79c8a1c402eca040c034c2c4617e2e3ca4e11b44f602678`
SHA3	`c64bb7f02e7cfb59e4809dcca3b427f9fd6310666d6004f123e6178089c5cd40`
VirtualSize	`0x1784`
VirtualAddress	`0x144000`
SizeOfRawData	`0x1800`
PointerToRawData	`0x139400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.44423`

Imports

KERNEL32.dll	`GetLastError` `GetProcAddress` `DecodePointer` `DeleteCriticalSection` `RaiseException` `WaitForMultipleObjectsEx` `WriteConsoleW` `GetTimeZoneInformation` `UnregisterWaitEx` `InitializeCriticalSectionAndSpinCount` `LoadLibraryW` `FreeLibrary` `SetStdHandle` `GetFullPathNameW` `FindFirstFileW` `SetEndOfFile` `MoveFileExW` `SetFilePointerEx` `CreateDirectoryW` `GetModuleHandleW` `SetFileTime` `CreateDirectoryExW` `CopyFileW` `GetFileAttributesW` `CreateFileW` `GetTempPathW` `GetCurrentDirectoryW` `SetLastError` `FindClose` `SetCurrentDirectoryW` `RemoveDirectoryW` `DeviceIoControl` `FindNextFileW` `GetFileTime` `GetFileAttributesExW` `GetDiskFreeSpaceExW` `CloseHandle` `DeleteFileW` `GetFileInformationByHandle` `SetFileAttributesW` `WideCharToMultiByte` `MultiByteToWideChar` `AreFileApisANSI` `FormatMessageA` `LocalFree` `DuplicateHandle` `WaitForSingleObject` `GetCurrentProcess` `GetCurrentThread` `GetCurrentThreadId` `GetExitCodeThread` `GetSystemTimeAsFileTime` `EncodePointer` `EnterCriticalSection` `LeaveCriticalSection` `GetStringTypeW` `HeapFree` `HeapAlloc` `GetCPInfo` `GetCommandLineA` `IsProcessorFeaturePresent` `IsDebuggerPresent` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `CreateEventW` `Sleep` `TerminateProcess` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `GetStartupInfoW` `GetTickCount` `CreateSemaphoreW` `CreateThread` `ExitThread` `LoadLibraryExW` `RtlPcToFileHeader` `RtlUnwindEx` `CreateTimerQueue` `TryEnterCriticalSection` `RtlCaptureStackBackTrace` `SetEvent` `WaitForSingleObjectEx` `SignalObjectAndWait` `SwitchToThread` `SetThreadPriority` `GetThreadPriority` `GetLogicalProcessorInformation` `CreateTimerQueueTimer` `ChangeTimerQueueTimer` `DeleteTimerQueueTimer` `GetNumaHighestNodeNumber` `GetProcessAffinityMask` `SetThreadAffinityMask` `RegisterWaitForSingleObject` `UnregisterWait` `FatalAppExitA` `GetDateFormatW` `GetTimeFormatW` `CompareStringW` `LCMapStringW` `GetLocaleInfoW` `IsValidLocale` `GetUserDefaultLCID` `EnumSystemLocalesW` `ExitProcess` `GetModuleHandleExW` `HeapSize` `GetFileType` `GetStdHandle` `FlushFileBuffers` `WriteFile` `GetConsoleCP` `GetConsoleMode` `GetProcessHeap` `ReadFile` `ReadConsoleW` `GetModuleFileNameW` `GetModuleFileNameA` `QueryPerformanceCounter` `GetCurrentProcessId` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `IsValidCodePage` `GetACP` `GetOEMCP` `SetConsoleCtrlHandler` `HeapReAlloc` `OutputDebugStringW` `GetThreadTimes` `FreeLibraryAndExitThread` `GetModuleHandleA` `GetVersionExW` `VirtualAlloc` `VirtualFree` `VirtualProtect` `SetProcessAffinityMask` `ReleaseSemaphore` `InitializeSListHead` `InterlockedPopEntrySList` `InterlockedPushEntrySList` `InterlockedFlushSList` `QueryDepthSList` `SetEnvironmentVariableA`
USER32.dll	`UnregisterClassW`
OLEAUT32.dll	`SysFreeString`
ADVAPI32.dll	`RegEnumKeyExW` `RegOpenKeyExW` `RegQueryValueExW` `RegCloseKey`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x348`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39659`
MD5	`f05564dd47d41565d2dc785fca7e77da`
SHA1	`00fbcf99a274273ed73c0abdcf4efbffd73c30ee`
SHA256	`878992274421fa8027429f13c887cc3682a4deebf46927f155ebb14ed553b630`
SHA3	`26df159181ddc91031eaecd75b65e70aa6db9a852bde5d98081e942282d02203`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Kodiak Networks Motorola Solutions
FileDescription	WebDispatcher Plugin
FileVersion (#2)	1.0.0.0
InternalName	FireWyrm.exe
LegalCopyright	Copyright (C) 2023 Kodiak Networks Motorola Solutions
OriginalFilename	FireWyrm.exe
ProductName	WebDispatcher
ProductVersion (#2)	1.0.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2023-Mar-16 07:56:45
Version	`0.0`
SizeofData	`185`
AddressOfRawData	`0xfce40`
PointerToRawData	`0xfc240`
Referenced File	C:\MyWork\Git\WebDispatcher11_2_SFR\WebDispatcherV2\plugin\source\DispatcherPluginProj\firebreath\NativeMessageHost\RelWithDebInfo\FireWyrmNativeMessageHost.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2023-Mar-16 07:56:45
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0xfcefc`
PointerToRawData	`0xfc2fc`

TLS Callbacks

Load Configuration

Size	`0x70`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140126640`

RICH Header

XOR Key	`0x10495348`
Unmarked objects	`0`
ASM objects (20806)	`14`
C++ objects (20806)	`134`
C objects (20806)	`211`
Imports (65501)	`9`
Total imports	`154`
229 (VS2013 build 21005)	`14`
Resource objects (VS2013 build 21005)	`1`
151	`1`
Linker (VS2013 build 21005)	`1`

Errors

Leave a comment

No comments yet.