Manalyze report for f12852d3c7892a48da5cbe12584bd612

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2016-May-21 03:09:54
Detected languages	English - United States
Debug artifacts	C:\Users\Paul\Documents\Visual Studio 2013\Projects\Keylogger\Release\Keylogger.pdb

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`f12852d3c7892a48da5cbe12584bd612`
SHA1	`e51ff37bb3ab3fbcab431dbcf54f2d54f136e78d`
SHA256	`90b22cf9b9981dd3518569da3c1768665feb4116e790baa3558012edb7c18eef`
SHA3	`1961ec3d2fa6c988596a5cf508b83d493e8bb76d452b7e32c9c94092485b9e6e`
SSDeep	`1536:1SKZMIOmICYWVAYXZk3P2NVwWw+y9kZzc2hxRKsWjcdU1NVL9QtK:KH9WVtXZaGmQbx7U1NVL9yK`
Imports Hash	`abfe9fd4dcf242fbba8abc09974532b6`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2016-May-21 03:09:54
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`12.0`
SizeOfCode	`0xe600`
SizeOfInitializedData	`0xe200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000029F5 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x10000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x21000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b0c3f8985cdc5c7aa52ec5ff046b3885`
SHA1	`30f15a1aff1614814a40f44762362446f0829480`
SHA256	`fa76b5e51043867645e43457aeb768cf8e042a47883678d3bc96b37a358ebf85`
SHA3	`2558c522f30c2d923ee054a78ce479305996a6f43630997c3b737043bb141946`
VirtualSize	`0xe584`
VirtualAddress	`0x1000`
SizeOfRawData	`0xe600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.70724`

.rdata

MD5	`c490027de06680139524e5590829e579`
SHA1	`f1a007cf4e8a6253b82e19865360c14c89b00bd7`
SHA256	`693d00b502927016140c5677e54e0c0dadf9ff0ea56721a3d0fc30d725e65104`
SHA3	`5a84fdecdfd041b621bdd9fdf8d410b82f541ce70804516c726085035f8f315f`
VirtualSize	`0x7242`
VirtualAddress	`0x10000`
SizeOfRawData	`0x7400`
PointerToRawData	`0xea00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.84431`

.data

MD5	`6bf4a43cd07b25de67b932700197e903`
SHA1	`1ca9ec780f28eafe59ae2a4d351eda9d83f68619`
SHA256	`7c05b2016f43a585a92bc37e2584524d01d855d2163b537bf2c4d599c5c70773`
SHA3	`104d70d1f451edeccaf5a9308457e82cc487f17d76a0e221af16f96fb3a9b540`
VirtualSize	`0x56c0`
VirtualAddress	`0x18000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x15e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.66111`

.rsrc

MD5	`eab25597db5aae01931701cf5da92008`
SHA1	`bbdae6f0573b6509c042cabad384f003067dd099`
SHA256	`890cc8f16e62f7f525da92d59b1fd3f6c31d12eeb2285f9c57ce82f83239fddc`
SHA3	`6f247c760ae9956c8c65507cf602a28521ec9c2c7e0dfa033841ac9eca524241`
VirtualSize	`0x1e0`
VirtualAddress	`0x1e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x17400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.71006`

.reloc

MD5	`c1f861bad5777c322fab5c78eb4543b9`
SHA1	`7e3aa65e688104002eb15a8330c7c95af994ba9d`
SHA256	`bd12dafcb4a16dfa426ceb53260dd0c8e69a031994ac27db66fe408469b0f259`
SHA3	`f896961a0b8b676914d81cec4925946c21d3d6a6f4b0b63e427cdaa1dbf7ae9e`
VirtualSize	`0x1380`
VirtualAddress	`0x1f000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x17600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.48011`

Imports

KERNEL32.dll	`Sleep` `GetModuleFileNameW` `CopyFileW` `CreateEventW` `GetLastError` `GetModuleHandleW` `WriteConsoleW` `SetStdHandle` `FlushFileBuffers` `SetFilePointerEx` `GetConsoleMode` `GetConsoleCP` `GetStringTypeW` `LCMapStringW` `HeapReAlloc` `InitializeSListHead` `CloseHandle` `GetCurrentProcess` `GetCurrentThread` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `EncodePointer` `DecodePointer` `ExitProcess` `GetModuleHandleExW` `GetProcAddress` `MultiByteToWideChar` `WideCharToMultiByte` `HeapAlloc` `IsDebuggerPresent` `IsProcessorFeaturePresent` `GetCommandLineA` `RaiseException` `RtlUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `SetLastError` `InitializeCriticalSectionAndSpinCount` `TerminateProcess` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `GetStartupInfoW` `LoadLibraryExW` `HeapFree` `SetEvent` `HeapSize` `GetStdHandle` `WriteFile` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetProcessHeap` `GetFileType` `GetModuleFileNameA` `QueryPerformanceCounter` `GetCurrentProcessId` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `OutputDebugStringW` `GetThreadTimes` `CreateFileW`
SHELL32.dll	`SHGetSpecialFolderPathW`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2016-May-21 03:09:54
Version	`0.0`
SizeofData	`108`
AddressOfRawData	`0x15f78`
PointerToRawData	`0x14978`
Referenced File	C:\Users\Paul\Documents\Visual Studio 2013\Projects\Keylogger\Release\Keylogger.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2016-May-21 03:09:54
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x15fe4`
PointerToRawData	`0x149e4`

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x418294`
SEHandlerTable	`0x416420`
SEHandlerCount	`12`

RICH Header

XOR Key	`0xa1362910`
Unmarked objects	`0`
ASM objects (20806)	`29`
C++ objects (20806)	`108`
C objects (20806)	`141`
Imports (VS2008 SP1 build 30729)	`9`
Total imports	`139`
229 (VS2013 build 21005)	`3`
Resource objects (VS2013 build 21005)	`1`
Linker (VS2013 build 21005)	`1`

f12852d3c7892a48da5cbe12584bd612

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

TLS Callbacks

Load Configuration

RICH Header

Errors