Manalyze report for f74a89efbca9f0be2bfe99aae4a91068

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Oct-25 10:05:07
Detected languages	English - United States
Debug artifacts	d:\build\ob\bora-14943755\bora-vmsoft\build\release-x64\svga\wddm\src\service\Win8Release\x64\bin\vm3dservice.pdb

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Looks for VMWare presence: VMware vmware` `Miscellaneous malware strings: backdoor`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryW LoadLibraryExW` `Can access the registry: RegQueryValueExA RegCloseKey RegOpenKeyExA` `Can create temporary files: CreateFileW GetTempPathW`
Info	The PE is digitally signed.	`Signer: VMware` `Issuer: VeriSign Class 3 Code Signing 2010 CA`
Safe	VirusTotal score: 0/67 (Scanned on 2021-09-07 12:45:24)	`All the AVs think this file is safe.`

Hashes

MD5	`f74a89efbca9f0be2bfe99aae4a91068`
SHA1	`f0032dfb7e5d67dd10568e61787a4a3032ff55f5`
SHA256	`97bb6a53fe5f87da7e36810b592f9929a7159bf0596e11210bf81ff79dd73022`
SHA3	`40322e0cf2ed716c8825e8ae3f08f96ffaa8d01bc180b17cf646b868fd9df16a`
SSDeep	`6144:SXMn5SvzYa2K/dpVoA8aMzDS2fixfZRUNaPmtS/OWm1tWg4IlSoy1EgwFs/:g1Ma2wP89S2wYNZG/mnYLCnF6`
Imports Hash	`87cd71079965ef9058275771f857bf72`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2019-Oct-25 10:05:07
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x65a00`
SizeOfInitializedData	`0x1d200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000004600 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x88000`
SizeOfHeaders	`0x400`
Checksum	`0x9710b`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`eb231daec7ec1627bd19e69582364109`
SHA1	`2d3ab153d5abdd650a4d0318d303962e6a1f7ed8`
SHA256	`cbed68511eb0b15b53d128456a2e9643482ded381fc68f4bd8899ffe4df97b00`
SHA3	`e2d0076bdda225fdd87848fb52755fdc725a8a6064782357e2686f478eddaf29`
VirtualSize	`0x65940`
VirtualAddress	`0x1000`
SizeOfRawData	`0x65a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.50121`

.rdata

MD5	`e1c5debb6bfa6dff9536d5503ab7af6a`
SHA1	`bf8dce378df16b37ae9e47f56b49694666ecf2c9`
SHA256	`6bad4510d090fa8a23644abd6259cf4ace2091ef05bce4c1837f7ea9f440a15a`
SHA3	`e26a7028d3bd4fa7d896d973fa00b4fc77b5aa3b4dfdf4c88a61ebad5eff0631`
VirtualSize	`0x14400`
VirtualAddress	`0x67000`
SizeOfRawData	`0x14400`
PointerToRawData	`0x65e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.31475`

.data

MD5	`47554b61bf99d2352eeffbe5efe255f5`
SHA1	`4a537abbc338061c3c144c8f9940d11b8b6b609e`
SHA256	`f9acd1bf033f9087b2869f86365a93cfbc4c7287b804118a80b01522c09e6bea`
SHA3	`f22cc0a0c995213e22927b0fa2b4458639c2be9e70651c61311864f00cef5f40`
VirtualSize	`0x29d8`
VirtualAddress	`0x7c000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x7a200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.42499`

.pdata

MD5	`5c753d22ea44217201ddc4c18f372e91`
SHA1	`de86ce6a021bff17e5e9293a27df60f2556a18c0`
SHA256	`dda8b919c9789c87cc45e73bdbcaa7ab65de4acc7500ec4f9967d787c7a937ad`
SHA3	`03aedef027e42aeaf51ba5b114070f88bf05577219fbd3f1954f94e407e8e427`
VirtualSize	`0x573c`
VirtualAddress	`0x7f000`
SizeOfRawData	`0x5800`
PointerToRawData	`0x7ae00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.82412`

_RDATA

MD5	`694299d2933a9a874835fca40f90ed24`
SHA1	`9f2df99e1610ddda132bb02ff1d53fd4c1fc6bb9`
SHA256	`712fe55879923648ed9311e65edd38256f81e6d8146eb6a24dafff3de1983de7`
SHA3	`a1875fc1b2e3ca26809264d8f622c3b16e5f30ae1976b87778351b6178d4e319`
VirtualSize	`0x100`
VirtualAddress	`0x85000`
SizeOfRawData	`0x200`
PointerToRawData	`0x80600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.52131`

.rsrc

MD5	`455df74e1aa2c80a98a890d2aaba8cea`
SHA1	`309776038a34e9ff7f0d792332c9d0724881ff6e`
SHA256	`1481c53179855eaf23524e62eaf1506a8cfb9907e4a4eaf27275de51160e43b2`
SHA3	`a3a40029b968fc994934ae52d1adcb8dace3b3bdb1e4c24e1e58500327a4ae78`
VirtualSize	`0x1e0`
VirtualAddress	`0x86000`
SizeOfRawData	`0x200`
PointerToRawData	`0x80800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.71377`

.reloc

MD5	`ef821bbbba2f9946aedc3d4082488520`
SHA1	`efbb47604c5929095f27862c28d9397cad6a8df0`
SHA256	`7834ad3004198e40c84b7240702d34b72d0b9d49bc8f652557fcf552ca25d0df`
SHA3	`ff926723ec54b6e387bb36411b95accb5beebb820299c30962ff87adfa2978e5`
VirtualSize	`0x7f0`
VirtualAddress	`0x87000`
SizeOfRawData	`0x800`
PointerToRawData	`0x80a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.35929`

Imports

KERNEL32.dll	`GetProcAddress` `GetModuleHandleW` `FreeLibrary` `RtlUnwind` `RtlCaptureStackBackTrace` `SetEndOfFile` `WriteConsoleW` `GetTickCount64` `VerifyVersionInfoW` `ReadConsoleW` `ReadFile` `SetFilePointerEx` `GetFileSizeEx` `SetConsoleCtrlHandler` `GetProcessHeap` `GetStringTypeW` `SetStdHandle` `SetEnvironmentVariableW` `HeapSize` `LoadLibraryW` `ProcessIdToSessionId` `GetCurrentProcessId` `HeapReAlloc` `VerSetConditionMask` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `FindClose` `FindFirstFileA` `FindNextFileA` `GetCurrentThreadId` `GetLocalTime` `GetLastError` `FatalExit` `RtlCaptureContext` `CreateDirectoryW` `CreateFileW` `DeleteFileW` `GetTempPathW` `CloseHandle` `RaiseException` `GetCurrentProcess` `MoveFileW` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `GetStartupInfoW` `RtlUnwindEx` `InterlockedPushEntrySList` `InterlockedFlushSList` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `LoadLibraryExW` `EncodePointer` `RtlPcToFileHeader` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `ExitProcess` `GetModuleHandleExW` `GetFileType` `HeapFree` `FlushFileBuffers` `GetConsoleCP` `GetConsoleMode` `HeapAlloc` `MultiByteToWideChar` `GetCurrentThread` `GetDateFormatW` `GetTimeFormatW` `CompareStringW` `LCMapStringW` `GetLocaleInfoW` `IsValidLocale` `GetUserDefaultLCID` `EnumSystemLocalesW` `WideCharToMultiByte` `OutputDebugStringW` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW`
USER32.dll	`RegisterWindowMessageW` `GetMessageW` `EnumDisplayDevicesW` `LoadCursorW` `SetRect` `AdjustWindowRectEx` `GetClientRect` `UpdateWindow` `ShowWindow` `CreateWindowExW` `RegisterClassExW` `UnregisterClassW` `PostQuitMessage` `DefWindowProcW` `GetSystemMetrics` `EnumDisplaySettingsW` `GetMonitorInfoW` `EnumDisplayMonitors` `TranslateMessage` `DispatchMessageW`
GDI32.dll	`CreateDCW`
ADVAPI32.dll	`SetServiceStatus` `RegisterServiceCtrlHandlerW` `RegQueryValueExA` `RegCloseKey` `RegOpenKeyExA` `StartServiceCtrlDispatcherW`
dwmapi.dll	`DwmIsCompositionEnabled`
dbghelp.dll	`SymFromAddr` `SymSetSearchPath` `MiniDumpWriteDump` `SymGetSearchPath` `StackWalk64` `SymSetOptions` `SymCleanup` `SymFunctionTableAccess64` `SymGetModuleBase64` `SymGetLineFromAddr64` `SymInitialize`
WINMM.dll	`timeGetTime`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2019-Oct-25 10:05:07
Version	`0.0`
SizeofData	`138`
AddressOfRawData	`0x7360c`
PointerToRawData	`0x7240c`
Referenced File	d:\build\ob\bora-14943755\bora-vmsoft\build\release-x64\svga\wddm\src\service\Win8Release\x64\bin\vm3dservice.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2019-Oct-25 10:05:07
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x73698`
PointerToRawData	`0x72498`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2019-Oct-25 10:05:07
Version	`0.0`
SizeofData	`784`
AddressOfRawData	`0x736ac`
PointerToRawData	`0x724ac`

TLS Callbacks

Load Configuration

Size	`0x108`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14007c018`
GuardCFCheckFunctionPointer	`5369132176`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x915dafce`
Unmarked objects	`0`
C objects (26715)	`10`
ASM objects (26715)	`5`
C++ objects (26715)	`159`
ASM objects (27316)	`8`
C objects (27316)	`16`
C++ objects (27316)	`37`
C++ objects (VS2015 UPD1 build 23506)	`1`
ASM objects (VS2017 v15.9.7-10 compiler 27027)	`1`
Imports (26213)	`15`
Total imports	`139`
C objects (VS2017 v15.9.7-10 compiler 27027)	`8`
Resource objects (VS2017 v15.9.7-10 compiler 27027)	`1`
Linker (VS2017 v15.9.7-10 compiler 27027)	`1`

f74a89efbca9f0be2bfe99aae4a91068

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

_RDATA

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors