Manalyze report for f8cfe07a813b4ec1825adb1dc185dbc7

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2003-Jul-04 14:31:13
Detected languages	Japanese - Japan
Comments	This program needs kirikiri executable to configure itself.
CompanyName
FileDescription	TVP(kirikiri) configuration tool
FileVersion	`1.1.2.0`
InternalName
LegalCopyright	Copyright (C)2001-2003, W.Dee All rights reserved
LegalTrademarks
OriginalFilename	krkrconf.exe
PrivateBuild
ProductName	TVP
ProductVersion	`1, 1, 2, 1`
SpecialBuild

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`Possibly launches other programs: CreateProcessA`
Info	The PE's resources present abnormal characteristics.	`The binary may have been compiled on a machine in the UTC+9 timezone.`
Suspicious	VirusTotal score: 1/70 (Scanned on 2020-01-30 20:10:56)	`eGambit: Unsafe.AI_Score_52%`

Hashes

MD5	`f8cfe07a813b4ec1825adb1dc185dbc7`
SHA1	`9c2fe7bf54755303e87265cdd102dc1d24a17e5d`
SHA256	`029a1be44b2e0f7a5fb79b484335a6739711579ae7c4c87815f95ef26f560cbd`
SHA3	`e6f5551c84799cea8baecb435c26977d0d1c9f0064a9cf1dabf4592ffe98d8ab`
SSDeep	`192:0t5mxXwF8lSnQu+aK6qRKhdihh/Z+VJHX8xHb/2i9ziHi5iQMEe69Qi:qwq8gqh/B0uLNe6W`
Imports Hash	`ac776be01a6535d843da627fa8b29124`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x200`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2003-Jul-04 14:31:13
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`5.0`
SizeOfCode	`0x1000`
SizeOfInitializedData	`0x1000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001000 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x2000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x7000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x2000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`560a78a020f10386a67231a42a40c972`
SHA1	`a98534ecafab07809798188e8eb10abd1b2bf453`
SHA256	`06d3483482d337bb6da31c5c20a4a995fe668a155ae221d27022107d844aa955`
SHA3	`863cb772540beca3e4ebb5ab50d9491c89785d1528bdd5d42fa2269785fda4f1`
VirtualSize	`0x1000`
VirtualAddress	`0x1000`
SizeOfRawData	`0x400`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.60135`

.data

MD5	`7d857f0430927126932992541c82b8d1`
SHA1	`eabc03ef079b4b49c9e8219543b4d0f901f63442`
SHA256	`40ad8b9f4ac6f039bc37ddade75a5f14a78a93b6b283c154ea64e9a6800829a6`
SHA3	`4aa5a1bc50f7c803cd7f7634315d3b1dc757a7a28ca4d7a7f0a26afc2c76537e`
VirtualSize	`0x1000`
VirtualAddress	`0x2000`
SizeOfRawData	`0x200`
PointerToRawData	`0xa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.91719`

.idata

MD5	`085a38382f0d125063c8411ef17168e2`
SHA1	`8b4d0d3353f64a3f8fe9056ba6751f6d1c56ce1a`
SHA256	`f891d3cd89c1d300b5d17597f7650f802d5993347d30b097cb4375af729d9ae4`
SHA3	`a653c6cf143691aae86c419bf9124308652bb44eaa1ca279f5da3de1cbd816b3`
VirtualSize	`0x1000`
VirtualAddress	`0x3000`
SizeOfRawData	`0x200`
PointerToRawData	`0xc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.42881`

.rsrc

MD5	`3f5d5eb2a3edca9ce022e68ceacdb237`
SHA1	`77413da247d389a6c20d2e68bc5c84b0a92b88df`
SHA256	`8ca9fdf3d91e212a1d899834df3406f4f9d42e6d98a18f305bc4c583f88d8171`
SHA3	`745e643c23f079651b9f0a5f392518e93a7660a498387a6ec9fe612fbf7d9089`
VirtualSize	`0x2000`
VirtualAddress	`0x4000`
SizeOfRawData	`0x1a00`
PointerToRawData	`0xe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.96409`

.reloc

MD5	`9a70f67138b54e31f343b17c53f89837`
SHA1	`7ea09580afbb74cc7b730c49bc1c8077e48398c3`
SHA256	`e118f5ff147829bae4156421b92705b3f6db6c4218faa57224a861c119f1d361`
SHA3	`0fee19f00ceef5b264736c748b8a455bd9a9e3a1a6fba927ed7bb9113cd26468`
VirtualSize	`0x1000`
VirtualAddress	`0x6000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`0.632421`

Imports

KERNEL32.DLL	`CloseHandle` `CreateFileA` `CreateProcessA` `ExitProcess` `FindClose` `FindFirstFileA` `FindNextFileA` `GetModuleFileNameA` `GetModuleHandleA` `ReadFile` `SetFilePointer`
USER32.DLL	`CharNextA` `MessageBoxA`

Delayed Imports

1

Type	`RT_ICON`
Language	Japanese - Japan
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	2003-Jul-04 23:31:14
Entropy	`3.61612`
MD5	`04cd731092e6a845d23ca804b583b4f8`
SHA1	`709c5464883b2aedbf4c2fa5fa7589c21a078f50`
SHA256	`98ed017cb951cfb62af774c73e956dcb3a16fc6a5e330a3e6ec9ce75527eca6b`
SHA3	`8db39a67a015e911b249e5b0e668428a828a5d54f373d218e4a7f34682e4e358`

2

Type	`RT_ICON`
Language	Japanese - Japan
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	2003-Jul-04 23:31:14
Entropy	`3.27999`
MD5	`b65427acba743e77d119c587717dd696`
SHA1	`ccb2e6ad3a941f1ed31dfdfcf2b620155951d3c2`
SHA256	`607a9013ab1b385f8f8e97c168fb73bac7108d94d3118cea54c7ab7fb900b0d3`
SHA3	`604c8958fc656263aaf3e0e67c96d158d4e9a6ad3c12e588274a9705031f9538`

3

Type	`RT_ICON`
Language	Japanese - Japan
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	2003-Jul-04 23:31:14
Entropy	`3.21754`
MD5	`a01b48a9176aae4c6074423c4043959b`
SHA1	`5b0938930172ad812d6981b12c8ed42aca481dc1`
SHA256	`5a5c4e3f7ab47f34c4f78f37f65a33b13319a4a528392b96ee1110661517a183`
SHA3	`0c0e2ab8ec6891f4adf7dde70f46571126ac76dc0cd7d794e5c6363e57583ea5`

4

Type	`RT_ICON`
Language	Japanese - Japan
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	2003-Jul-04 23:31:14
Entropy	`3.73262`
MD5	`ea624ec3231b8e6a55c0a7d934ea04ff`
SHA1	`1e354b88b8d92057a5fd5722512956593645f3da`
SHA256	`32b7df1ffba6e00afa5b1e3e3725302e58c663ddc0ef53a7989bdf3860d5be78`
SHA3	`101ec7bc9bfbf9519bfc91a318d46049cb111fbda42acc42694122495caaf5ec`

DVCLAL

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10`
TimeDateStamp	2003-Jul-04 23:31:14
Entropy	`4`
MD5	`a40263c75fde7440b1086b7da9c51fc2`
SHA1	`139a84f87110fb5cb16a386adade21f30cae98b0`
SHA256	`e7dbe99baa5c1045cdf7004edb037018b2e0f639a5edcf800ec4514d5c8e35b5`
SHA3	`d3a734fa7d36868d301f9569de92e1bfc551e4b5cf6d7c59eace8d0a554093c0`

ICON1

Type	`RT_GROUP_ICON`
Language	Japanese - Japan
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	2003-Jul-04 23:31:14
Entropy	`2.6902`
Detected Filetype	Icon file
MD5	`16aff0729ec359b83e3dd2bbc53fed96`
SHA1	`8b6ebfa3978b357143fce5430a3ecf10968147db`
SHA256	`e364eda86b11b656dcb48db0d41e17c1d00f43c166f0eab4bd716d97848c7536`
SHA3	`638f0958f35f8a1f1e884034aa68844546ea69cef75a4c3af5f5a6b1dc17f26c`

1 (#2)

Type	`RT_VERSION`
Language	Japanese - Japan
Codepage	UNKNOWN
Size	`0x3f4`
TimeDateStamp	2003-Jul-04 23:31:14
Entropy	`3.38919`
MD5	`66e0c0729732ec76b029fc8dff0906f8`
SHA1	`4d94565bff3974f5a16a009651687e37468d5905`
SHA256	`f311300aa0179077fb348d6147303240dc7c01e162253e63b34ac76ab62a726a`
SHA3	`f2fb45a918cd4db428b555a7e91c5177983fd3aba310bda1978d5a7ba352211b`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.1.2.0
ProductVersion	1.1.2.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	Japanese - Japan
Comments	This program needs kirikiri executable to configure itself.
CompanyName
FileDescription	TVP(kirikiri) configuration tool
FileVersion (#2)	1.1.2.0
InternalName
LegalCopyright	Copyright (C)2001-2003, W.Dee All rights reserved
LegalTrademarks
OriginalFilename	krkrconf.exe
PrivateBuild
ProductName	TVP
ProductVersion (#2)	1, 1, 2, 1
SpecialBuild

Resource LangID	Japanese - Japan

TLS Callbacks

Load Configuration

RICH Header

f8cfe07a813b4ec1825adb1dc185dbc7

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.data

.idata

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

DVCLAL

ICON1

1 (#2)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors