Manalyzer :: fe96f440ae71d7c89491fdb9e864738fe085326d539c0c26c023c5070099bf5f

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2010-Nov-15 13:51:25
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++` `Microsoft Visual C++ v6.0` `Microsoft Visual C++ v5.0/v6.0 (MFC)`
Suspicious	PEiD Signature:	`FASM 1.5x` `FASM v1.5x`
Safe	VirusTotal score: 0/70 (Scanned on 2018-12-26 11:43:55)	`All the AVs think this file is safe.`

Hashes

MD5	`5595be86038b5fe8ffb67974361e5b48`
SHA1	`3112d9f598975ed75ad3af75204607298607cd9e`
SHA256	`fe96f440ae71d7c89491fdb9e864738fe085326d539c0c26c023c5070099bf5f`
SHA3	`83da8303463ccb8a64065d53a57d14fc7d6a56d79108054e888e3de7ac5e10fe`
SSDeep	`384:+IQEpvoi+bZb+iKuaw3btc1pkg4p6jbtf1I:+IQEpvD+FDKhQrW/`
Imports Hash	`ae6e9b68049149d4524145377287d1ae`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2010-Nov-15 13:51:25
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x5000`
SizeOfInitializedData	`0x3000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00005246 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x6000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x9000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b90ef1f8a4d4ed80d2453dac87cf64f2`
SHA1	`0cef2768644376cc775d59d8077ddd44fd84ead6`
SHA256	`ca75da4fa6a96f184d4e100d57360ea0585677e54f49ef15ce13d57c57eb6318`
SHA3	`656fb5ecd3a7f1b3d9f08e90194e7925bea14b928e46b5e7dd5e541c6e5c141e`
VirtualSize	`0x43dc`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.24215`

.rdata

MD5	`7a10e29a876d41b2c391edcff2d83a4b`
SHA1	`3531b5f4091ecc62469613d5fbece3b831f9ecd3`
SHA256	`2840f6cff0a3247d3f5d2538083354e503bd4cb9aed8d23981d04ee18cca807e`
SHA3	`a318ebfe98722b5ef8ee431ce6d5e7eac40f15b0e7fdbf97b1d73384830ce46f`
VirtualSize	`0x3e9`
VirtualAddress	`0x6000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x6000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.60674`

.data

MD5	`b13085643a14632b8eadb9fc785b177e`
SHA1	`8dce18f87f02fe9b850859e9b6f1cc3c4f5daa47`
SHA256	`f3e2c7d7766aa3c8da994f535a7c87d5bbfe2854f712011e1d6f1a3a10533ce8`
SHA3	`f42cacc80b56648374a28a61d7024758ae3e247c43b23e96ec148aeab4b3c2ea`
VirtualSize	`0xaec`
VirtualAddress	`0x7000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x7000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.780894`

.rsrc

MD5	`02fceded596f223e13e69134e8def939`
SHA1	`f10768f728f985027333fae88a87c21e97177b49`
SHA256	`d1242780b5d46ddb3a358afe83fd4c0316f162990a40461e58e5fdeb872e8a5a`
SHA3	`7a6501cbbc7191555f9ec41475c05aab0ea1527ad948d29a5acf124d3e76d309`
VirtualSize	`0x3a0`
VirtualAddress	`0x8000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x8000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.975907`

Imports

cblrtss.dll	`_mFerr2` `_mFginitdat_dll` `#969` `#1070` `#1499` `_mFgCE` `#2038` `#2006` `_mFgmain2` `_mFgWinMain2` `#1497` `#1146` `#1265` `#1116` `#1126` `#1463` `#1389` `#1461` `#1374` `#1446` `#1379` `#1468` `_mFgprogchain` `_mFgtypecheck` `_mFfindp` `_mFgprogcheckexit` `_mFgAE` `#733` `_mFgprogunchain` `#968`
MSVCRT.dll	`_controlfp` `_except_handler3` `__set_app_type` `__p__fmode` `__p__commode` `_adjust_fdiv` `__setusermatherr` `_initterm` `__getmainargs` `_acmdln` `exit` `_XcptFilter` `_exit`
KERNEL32.dll	`GetStartupInfoA` `GetModuleHandleA` `GetCommandLineA`

Delayed Imports

_mFdllinfo

Ordinal	`1`
Address	`0x7170`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.05233`
MD5	`fcfb0bd17abf55523c37d0dbcc3856dd`
SHA1	`e90aba0fe63c6bf097b058141fadf83653d3c0b1`
SHA256	`3f349b06c9139203d9e7d9f350dd144def3e68cb72d244f81efb8559763cdbb7`
SHA3	`d1325f4f05a97aabe0206f24fa8b927396c34287c40951d91ad70aed4962ebf4`

1 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.16096`
Detected Filetype	Icon file
MD5	`42cf62b780813706e75fb9f2b2e8c258`
SHA1	`a022d5c1cfdd8aace0089f3e72f2eedd41bda464`
SHA256	`a0c9d012e2bf6b2fe05c2d97cb5594d97cf2f539e97935c12abd7a3562f4d9bf`
SHA3	`0aafc8e3d8b6bde595537da4ffe0efc5fe53f01dafe336a2a5828b6a71283d3c`

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xe4263e58`
Unmarked objects	`0`
19 (8034)	`2`
C objects (VS98 build 8168)	`11`
14 (7299)	`1`
C objects (VC++ 6.0 SP5 imp/exp build 8447)	`8`
Linker (VC++ 6.0 SP5 imp/exp build 8447)	`3`
Total imports	`48`
Unmarked objects (#2)	`3`
Resource objects (VS98 cvtres build 1720)	`1`
Linker (VS98 build 8168)	`3`

Errors

Leave a comment

No comments yet.