Manalyze report for fda9cf94aeeb3c9664695b53797acd17

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Aug-14 09:09:31
Detected languages	English - United States
Debug artifacts	C:\Users\nishikigoi\source\repos\sqlite3\Debug\sqlite3.pdb

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Suspicious	The PE is possibly packed.	`Section .textbss is both writable and executable.` `Unusual section name found: .msvcjmc`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryW` `Can create temporary files: CreateFileA CreateFileW GetTempPathA GetTempPathW`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`fda9cf94aeeb3c9664695b53797acd17`
SHA1	`fcdb4eca4490f7f76cb926e8910b548610ce517b`
SHA256	`996d6e14fdde9fde080a399616fbf1416c23770a0d50842942420e908da7922c`
SHA3	`b1d96c41e40f257f6ce1b30a18926e11e793047731786113d339f987c9fc7ef6`
SSDeep	`24576:zKt8JlbHuijSmZSrYmYufCjXkr1Cjlq7r3fa:9hvufMU0q7`
Imports Hash	`2832f65f2890a757f24bd3339ff6f492`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`9`
TimeDateStamp	2019-Aug-14 09:09:31
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0xfc200`
SizeOfInitializedData	`0x19000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0007E5BE (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x1000`
ImageBase	`0x10000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x198000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.textbss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x7c288`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.text

MD5	`5d60af6f835476b4c654a9151c837a48`
SHA1	`a5f7b92c9efc69534565f74def34a2f781483d10`
SHA256	`554b937e319eda6cca6667e40dcd3161cb765f9f8d521f88945d20c84a1a62f1`
SHA3	`f328927bd107e03620bf7daad2d1a20ae68f1e8b5661795831c44d699b36bb5b`
VirtualSize	`0xfc1ee`
VirtualAddress	`0x7e000`
SizeOfRawData	`0xfc200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.54155`

.rdata

MD5	`5b61fa1369e214356a702487eb416cae`
SHA1	`3407a6b4bc7b3ee9c8f949e3d3b77bc3a84797ae`
SHA256	`7e36b570bd859f0e4563f50dabc046e0d1723a1aa978e8ca9653a26bb6df6ea7`
SHA3	`7fad9e0cc14d1707134c7290d9aeca7e7135f101e9cc6030b003d30c0a354ae6`
VirtualSize	`0xef31`
VirtualAddress	`0x17b000`
SizeOfRawData	`0xf000`
PointerToRawData	`0xfc600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.02948`

.data

MD5	`51bea78774c513f1cf176836f6a83cb9`
SHA1	`2a5a711e2dff053c44fb0cec7139e6dc6918c8c9`
SHA256	`c600a6f1b3ee1ea0765bb9f5067b61ee1c844c8639bc5146ba61f783b84a5431`
SHA3	`7a1d05a6d0827a79b81c3a6fe60050fdaa65b265dfc295300978d44caf0bb076`
VirtualSize	`0x2620`
VirtualAddress	`0x18a000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0x10b600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.84081`

.idata

MD5	`a959f1e6e29edc50723a82030bae93b0`
SHA1	`4d4970e8c756ce7863688af31e32d8bc37e713cf`
SHA256	`002387bf73ac46c5a7b2d03f68ecf74500badf72c2bda54629fa77a4920f653d`
SHA3	`0a9a98acde84d5fb2481135263eee7fbc4a9bf1da0bfea3e9f5b5b8aacdb453c`
VirtualSize	`0x1095`
VirtualAddress	`0x18d000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x10d400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.52115`

.msvcjmc

MD5	`da5f3900ed1dd95b8246130ce7ed4ebb`
SHA1	`368fb617b8a04012f6db3a16f3b5d1779f7c7cd3`
SHA256	`fc07ac6de3746f400f42070fc3282f4ba151125b96e6b0bb7ef97cd0027d4e18`
SHA3	`c9f33f3e45aa3f345c334c239a559cf6841c90f3991ae901fd657079c2a48176`
VirtualSize	`0x119`
VirtualAddress	`0x18f000`
SizeOfRawData	`0x200`
PointerToRawData	`0x10e600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.24693`

.00cfg

MD5	`aa3f862e80470239ed34a18f2ac4a902`
SHA1	`1b7e1059268a51c4e809611009ac859dd1e496d6`
SHA256	`4d21ee8edb599178b8a2e07fcc44e32d0b466a25feddb44f39b79165d4c550b0`
SHA3	`d5e7f29f02c7e181538bbdd165501fbe3dc644a8615c12d25975c13e12b2d49e`
VirtualSize	`0x104`
VirtualAddress	`0x190000`
SizeOfRawData	`0x200`
PointerToRawData	`0x10e800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.0815394`

.rsrc

MD5	`915ba5806a66bd039757885941d771f7`
SHA1	`468ccb3f8b3f0188eb35b7044733efc21b63249a`
SHA256	`170c788064a4202ec84591b34e2bcd1e6ff8755270cca7378ffd9117afd60db9`
SHA3	`1c82942674e9356f813264ccfb2ddd0c24eefe681da1f5f62e94e08abf1f9c84`
VirtualSize	`0x326`
VirtualAddress	`0x191000`
SizeOfRawData	`0x400`
PointerToRawData	`0x10ea00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.44416`

.reloc

MD5	`c5c5ad3e52fd60d3030022f94356368d`
SHA1	`73f9d35dea666369f43e0e2187ececaf70561807`
SHA256	`6ce37aaa6c0b1331998f7dd10b60a2e36faafa0024040fb2772df3077cfadd85`
SHA3	`76e9a804b66bcc44f574444fd01651acc5c66c915914375f40e6a616ab88ee4a`
VirtualSize	`0x5db7`
VirtualAddress	`0x192000`
SizeOfRawData	`0x5e00`
PointerToRawData	`0x10ee00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.81731`

Imports

KERNEL32.dll	`AreFileApisANSI` `CloseHandle` `CreateFileA` `CreateFileMappingW` `CreateFileW` `CreateMutexW` `DeleteFileA` `DeleteFileW` `FlushFileBuffers` `FlushViewOfFile` `FormatMessageA` `FormatMessageW` `FreeLibrary` `GetCurrentProcessId` `GetDiskFreeSpaceA` `GetDiskFreeSpaceW` `GetFileAttributesA` `GetFileAttributesExW` `GetFileAttributesW` `GetFileSize` `GetFullPathNameA` `GetFullPathNameW` `GetLastError` `GetProcAddress` `GetProcessHeap` `GetSystemInfo` `GetSystemTime` `GetSystemTimeAsFileTime` `GetTempPathA` `GetTempPathW` `GetTickCount` `HeapAlloc` `HeapCompact` `HeapCreate` `HeapDestroy` `HeapFree` `HeapReAlloc` `HeapSize` `HeapValidate` `LoadLibraryA` `LoadLibraryW` `LocalFree` `LockFile` `LockFileEx` `MapViewOfFile` `MultiByteToWideChar` `OutputDebugStringA` `OutputDebugStringW` `QueryPerformanceCounter` `ReadFile` `SetEndOfFile` `SetFilePointer` `Sleep` `SystemTimeToFileTime` `UnlockFile` `UnlockFileEx` `UnmapViewOfFile` `WaitForSingleObject` `WaitForSingleObjectEx` `WideCharToMultiByte` `WriteFile` `InitializeCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `TryEnterCriticalSection` `DeleteCriticalSection` `GetCurrentThreadId` `GetModuleHandleW` `GetStartupInfoW` `InitializeSListHead` `DisableThreadLibraryCalls` `RaiseException` `IsDebuggerPresent` `IsProcessorFeaturePresent` `TerminateProcess` `GetCurrentProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `VirtualQuery`
VCRUNTIME140D.dll	`memcmp` `memcpy` `memmove` `memset` `strrchr` `__std_type_info_destroy_list` `_except_handler4_common` `__vcrt_GetModuleFileNameW` `__vcrt_GetModuleHandleW` `__vcrt_LoadLibraryExW`
ucrtbased.dll	`_beginthreadex` `_endthreadex` `_CrtDbgReport` `_CrtDbgReportW` `_except1` `_initterm` `_initterm_e` `strcpy_s` `strcat_s` `__stdio_common_vsprintf_s` `_seh_filter_dll` `_localtime64_s` `_initialize_narrow_environment` `_initialize_onexit_table` `_register_onexit_function` `_execute_onexit_table` `_crt_atexit` `_crt_at_quick_exit` `_cexit` `terminate` `_wmakepath_s` `_wsplitpath_s` `wcscpy_s` `free` `strncmp` `strlen` `strcspn` `strcmp` `fputs` `fclose` `fopen_s` `realloc` `_msize` `malloc` `_configure_narrow_argv`

Delayed Imports

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x91`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.8858`
MD5	`f7ad1eab748bc07570a57ec87787cf90`
SHA1	`0b1608da9fef218386e825db575c65616826d9f4`
SHA256	`d2952e57023848a37fb0f21f0dfb38c9000f610ac2b00c2f128511dfd68bde04`
SHA3	`6c9541b36948c19ae507d74223621875b3af4064f7cd8200bdb97e15a047e96a`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2019-Aug-14 09:09:31
Version	`0.0`
SizeofData	`83`
AddressOfRawData	`0x1895ec`
PointerToRawData	`0x10abec`
Referenced File	C:\Users\nishikigoi\source\repos\sqlite3\Debug\sqlite3.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2019-Aug-14 09:09:31
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x189640`
PointerToRawData	`0x10ac40`

TLS Callbacks

Load Configuration

Size	`0xa4`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1018bbd4`
SEHandlerTable	`0`
SEHandlerCount	`0`

RICH Header

XOR Key	`0x8e5eb46a`
Unmarked objects	`0`
Imports (27316)	`2`
C++ objects (27316)	`18`
C objects (27316)	`11`
ASM objects (27316)	`10`
Imports (26213)	`5`
Total imports	`124`
C objects (VS2019 RTM compiler 27508)	`1`
Resource objects (VS2019 RTM compiler 27508)	`1`
Linker (VS2019 RTM compiler 27508)	`1`

Errors

[*] Warning: Section .textbss has a size of 0!