Manalyze report for fdcd234367b92f8fcc9b26a8b1af410a

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2018-May-13 23:13:13

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to AES` `Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Section .bss is both writable and executable.`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Uses Microsoft's cryptographic API: CryptGenKey CryptExportKey CryptDecrypt CryptCreateHash CryptHashData CryptDestroyHash CryptSignHashA CryptDestroyKey` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtectEx VirtualProtect` `Leverages the raw socket API to access the Internet: #51 #115 #1 #2 #3 #9 #12 #13 #15 #16 #19 #21 #23`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`fdcd234367b92f8fcc9b26a8b1af410a`
SHA1	`3326ebf7eb2b4869ae6583f214cc839f64aa37e9`
SHA256	`edb3a93c48be2cc9cfceef4ffadcc91ac1544e1173517316bce18fa0bcb40f94`
SHA3	`820012f5b9c0af82f07fc6713c8782353e4d199aedb71cce37a69aae4bf0bfa0`
SSDeep	`6144:6QjVkO0L4i67QxItKHCKvElugbgYfI6OdWb59OccedrBVCs44RC77Kdk/Rdv6Ze:62yfLaKKgYT3b55ce34HlK2f6ZeY`
Imports Hash	`8bbd0a8e6a188f99e884eb60dc2128e7`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2018-May-13 23:13:13
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x29a00`
SizeOfInitializedData	`0x3e600`
SizeOfUninitializedData	`0x6a00`
AddressOfEntryPoint	`0x0000000000010BC0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x74000`
SizeOfHeaders	`0x400`
Checksum	`0x6aa2f`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`360cc9b9a94a073804821d238df7864e`
SHA1	`bf101244c7b0dd11568b9fb3d090b10a1107c739`
SHA256	`94b0e50f9069e01b9e2a58f8e355ecd29010cffd87290e6b7404254707a99789`
SHA3	`b7d467741ba379fbe2dcf5dcc482abad77d374583583125dddb5b9a37b40fad8`
VirtualSize	`0x29893`
VirtualAddress	`0x1000`
SizeOfRawData	`0x29a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.13965`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x6a00`
VirtualAddress	`0x2b000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rdata

MD5	`59636bbd8cc7283b0008380088bf8b97`
SHA1	`289566ea336490ad24a8eb5eca72d66b6e1961bf`
SHA256	`6f053c05fc5501d466286e20ae924626082d9ead935d1e5b3fc37a4b1689e116`
SHA3	`ac82427952c4be11b60bef7082be91da2055029d1fa2fc662055bdb2001cc92d`
VirtualSize	`0x7682`
VirtualAddress	`0x32000`
SizeOfRawData	`0x7800`
PointerToRawData	`0x29e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.83621`

.data

MD5	`3e6da6f1dda30d79ef1405e725310605`
SHA1	`af436a7ab20239f5dcf711bc9f490b61f8e4847e`
SHA256	`214eac2edbdb970ec8cc5b1733cc6316199f78232cc283bc629334f5837311e7`
SHA3	`6f532902b0517f3b6bd64e50e54e10212a04babe9df7f5c28531a248945b6658`
VirtualSize	`0x354f0`
VirtualAddress	`0x3a000`
SizeOfRawData	`0x35600`
PointerToRawData	`0x31600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.93093`

.pdata

MD5	`6b8434156d162560dfce3c5ade8b11a1`
SHA1	`5b01fabbec62ca4bf178fed04ae409ad391206b2`
SHA256	`95e3771ca658fa489c41c55be482cb7724acfb450a0f5b05dc7913206609b3e5`
SHA3	`87dd5a5bf44fc3fcd9136cde9462b212c3224d2130d220b630eddd054976b2da`
VirtualSize	`0x12f0`
VirtualAddress	`0x70000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x66c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.12607`

.CRT

MD5	`9b777668e42b27932812e65a4134c043`
SHA1	`cae31c416fee79d4f5b2bd28bc0532d343b969a9`
SHA256	`e0666e12b4ccacc5de72598abb1b144c67dcb87bbc80bcd226a828bc1178bd0c`
SHA3	`040d6795f1f98e21c1b822197b9336b3d5045164c58060f6f615c1ef2204ca55`
VirtualSize	`0x8`
VirtualAddress	`0x72000`
SizeOfRawData	`0x200`
PointerToRawData	`0x68000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.0611629`

.reloc

MD5	`46252071669f317a56ab50176265d497`
SHA1	`29d75869fbc2a7dc2741de54600e6c27ce1f2f3d`
SHA256	`8328a16c4c600ce1521d0bdcefbabf00869557bcc2e6ac2a6fa462e33c67c703`
SHA3	`e957d1de694b2a77c39516eaa92cb47e14147d43d705c359c6afd34c9e016473`
VirtualSize	`0x68`
VirtualAddress	`0x73000`
SizeOfRawData	`0x200`
PointerToRawData	`0x68200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.15278`

Imports

KERNEL32.dll	`GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThreadId` `InitializeCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `GetFileSize` `GetStdHandle` `WriteFile` `ReadFile` `SetFilePointer` `FindClose` `CloseHandle` `GetSystemTimeAsFileTime` `FileTimeToLocalFileTime` `GetTickCount` `lstrcmpiA` `lstrcpynA` `lstrcpyA` `lstrcpyW` `lstrcatA` `lstrcatW` `lstrlenA` `lstrlenW` `LoadLibraryA` `GetModuleHandleA` `CreateDirectoryA` `CreateFileA` `DeleteFileW` `FindFirstFileW` `FindNextFileW` `MultiByteToWideChar` `WideCharToMultiByte` `SetConsoleTextAttribute` `WriteConsoleA` `FlushInstructionCache` `VirtualAlloc` `VirtualFree` `CreateThread` `GetLastError` `SetLastError` `Sleep` `CreateEventA` `GetModuleFileNameA` `GetModuleHandleW` `GetModuleHandleExA` `GetSystemDirectoryA` `AllocConsole` `GetProcessHeap` `HeapFree` `HeapReAlloc` `HeapAlloc` `VirtualProtectEx` `VirtualQuery` `CreateFileW` `VirtualProtect` `GetProcAddress`
USER32.dll	`wsprintfW` `wsprintfA` `wvsprintfA`
ADVAPI32.dll	`CryptGenKey` `CryptExportKey` `CryptDecrypt` `CryptCreateHash` `CryptHashData` `CryptDestroyHash` `CryptSignHashA` `CryptDestroyKey`
SHELL32.dll	`SHGetSpecialFolderPathW`
WS2_32.dll	`#51` `#115` `#1` `#2` `#3` `#9` `#12` `#13` `#15` `#16` `#19` `#21` `#23`

Delayed Imports

GetFileVersionInfoA

Ordinal	`1`
Address	`0x299c0`

GetFileVersionInfoByHandle

Ordinal	`2`
Address	`0x29aa0`

GetFileVersionInfoExA

Ordinal	`3`
Address	`0x29b80`

GetFileVersionInfoExW

Ordinal	`4`
Address	`0x29c60`

GetFileVersionInfoSizeA

Ordinal	`5`
Address	`0x29d40`

GetFileVersionInfoSizeExA

Ordinal	`6`
Address	`0x29e20`

GetFileVersionInfoSizeExW

Ordinal	`7`
Address	`0x29f00`

GetFileVersionInfoSizeW

Ordinal	`8`
Address	`0x29fe0`

GetFileVersionInfoW

Ordinal	`9`
Address	`0x2a0c0`

VerFindFileA

Ordinal	`10`
Address	`0x2a1a0`

VerFindFileW

Ordinal	`11`
Address	`0x2a280`

VerInstallFileA

Ordinal	`12`
Address	`0x2a360`

VerInstallFileW

Ordinal	`13`
Address	`0x2a440`

VerLanguageNameA

Ordinal	`14`
Address	`0x2a520`

VerLanguageNameW

Ordinal	`15`
Address	`0x2a600`

VerQueryValueA

Ordinal	`16`
Address	`0x2a6e0`

VerQueryValueW

Ordinal	`17`
Address	`0x2a7c0`

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xa40edfa7`
Unmarked objects	`0`
Imports (40310)	`2`
Imports (VS2008 SP1 build 30729)	`15`
Total imports	`127`
C objects (VS2017 v15.0 compiler 25017)	`14`
C++ objects (VS2017 v15.0 compiler 25017)	`6`
Exports (VS2017 v15.0 compiler 25017)	`1`
Linker (VS2017 v15.0 compiler 25017)	`1`

Errors

[*] Warning: Section .bss has a size of 0!