Manalyze report for 27db1cf3a74b4be6c6caf4ce74aab1c6

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2013-Mar-16 15:41:49
Detected languages	Chinese - PRC English - United States
Debug artifacts	F:\tuSVN\2_P2PCam264_PC\Test\Release\Test_P2PCamLivePC.pdb
CompanyName	TODO: <Company name>
FileDescription	TODO: <File description>
FileVersion	`1.0.0.1`
InternalName	Test.exe
LegalCopyright	TODO: (c) <Company name>. All rights reserved.
OriginalFilename	Test.exe
ProductName	TODO: <Product name>
ProductVersion	`1.0.0.1`

Plugin Output

Suspicious	The PE is possibly a dropper.	`Resources amount for 90.9262% of the executable.`
Suspicious	VirusTotal score: 1/66 (Scanned on 2021-04-22 05:21:53)	`APEX: Malicious`

Hashes

MD5	`27db1cf3a74b4be6c6caf4ce74aab1c6`
SHA1	`aa5725bc61d8486107e6aa52b963fb4446c876da`
SHA256	`530a32769fd762011bd2cc62010247a30e308ce3e57766fff21fe8c484925f77`
SHA3	`ee0c44410f04034b7e25e91320e8a05f67e211611df2f494a87ed6d7638ae51b`
SSDeep	`12288:m80ONS2QUMX2B8MGL2kn4wEalzb1jw87UnOCRvs1b:3Sojh6gE`
Imports Hash	`30db07fb4b547d88c20f4f65c908c170`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2013-Mar-16 15:41:49
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`9.0`
SizeOfCode	`0x4800`
SizeOfInitializedData	`0x5b600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000048FD (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x6000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x63000`
SizeOfHeaders	`0x400`
Checksum	`0x6a8ff`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`2c5271c68df9b3c7673136ba26bd6782`
SHA1	`d0ae33004dbd83852f91ec1ab69115e101102409`
SHA256	`4304df4ff12100b992f21ddc95f7f4c7a744cf1aa615e75593a4d092e7228d7c`
SHA3	`bd27935cb64a52047d2eab5d38d641e713a509425bae7b4eb045b0ba986e4883`
VirtualSize	`0x47c5`
VirtualAddress	`0x1000`
SizeOfRawData	`0x4800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.20286`

.rdata

MD5	`473a85ee6cd2bcd29f8f0fe8a73ca2bc`
SHA1	`c8ad8464768761a26224991dc93c7e5c40e8d3c6`
SHA256	`6e87927166bfd79bf16666fbdff3f3075d0103e0fed24159c0215cfbb1f40ddd`
SHA3	`3aa562a2004952f13c671382daa5445699e913a8c6d93fa06a0ef2d194fcf081`
VirtualSize	`0x2634`
VirtualAddress	`0x6000`
SizeOfRawData	`0x2800`
PointerToRawData	`0x4c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.76919`

.data

MD5	`ad3872b1ab7d3b01ec8b22df9d36c62b`
SHA1	`c18f98918f6e50bb2be1d1834dcc161502df9a9c`
SHA256	`9b3c04831ffee7e5ae655ae3b42137f2d3989684de8cdba2c67bcfacbcdcf89b`
SHA3	`a93130f1043eb04145acef9163653503888bb3b4a8d71cacc8b112125b5e9948`
VirtualSize	`0x794`
VirtualAddress	`0x9000`
SizeOfRawData	`0x400`
PointerToRawData	`0x7400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.1126`

.rsrc

MD5	`432b8ad40f29dfc99b09d4adfb46f12c`
SHA1	`111117305ea57700023e3665ab868c5355345c18`
SHA256	`c6df7b7e9e6f316c4f338d146baf2bb1fb5ae23160a6a0112ede7cbddd5fc790`
SHA3	`3ee02de4eb52d9323248cae02f0580aab1865412f161d7a22159882d619c91a3`
VirtualSize	`0x57924`
VirtualAddress	`0xa000`
SizeOfRawData	`0x57a00`
PointerToRawData	`0x7800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.4211`

.reloc

MD5	`097e0e1eb971f2bed513d07b4b68ab73`
SHA1	`3059bb73c06395a6b17d6c93ecf40c03512b98e8`
SHA256	`da76e43e15e968da22b8db8e8f370dd3d0f789c16181805bb97d2a5a2dcc1cdf`
SHA3	`1b712617074d5b4035c6b1032d10d9761a5c2d087f9ea1c10553575ac4ad52c6`
VirtualSize	`0xf06`
VirtualAddress	`0x62000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x5f200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.94434`

Imports

P2PAVCore.dll	`#13` `#11` `#6` `#10` `#9` `#8` `#3` `#15` `#18` `#1` `#2` `#17` `#7` `#19` `#4` `#16` `#14` `#5` `#12`
H264Decoder.dll	`#3` `#2` `#5` `#4`
WINMM.dll	`waveOutPrepareHeader` `waveOutGetNumDevs` `waveOutOpen` `waveOutUnprepareHeader` `waveOutReset` `waveOutWrite` `waveOutClose`
MSVCR90.dll	`__wgetmainargs` `_cexit` `_exit` `_XcptFilter` `exit` `_wcmdln` `_initterm` `_initterm_e` `_configthreadlocale` `__setusermatherr` `_adjust_fdiv` `__p__commode` `__p__fmode` `_encode_pointer` `__set_app_type` `_unlock` `__dllonexit` `_lock` `_onexit` `_decode_pointer` `?terminate@@YAXXZ` `_except_handler4_common` `_invoke_watson` `_controlfp_s` `_crt_debugger_hook` `?_type_info_dtor_internal_method@type_info@@QAEXXZ` `_amsg_exit` `??2@YAPAXI@Z` `??_V@YAXPAX@Z` `??_U@YAPAXI@Z` `??3@YAXPAX@Z` `_stricmp` `memset` `__CxxFrameHandler3` `sprintf` `memcpy`
mfc90u.dll	`#4442` `#1248` `#296` `#554` `#1108` `#1137` `#2057` `#1918` `#2069` `#524` `#744` `#5182` `#5008` `#2596` `#2904` `#2592` `#5908` `#4774` `#1041` `#2537` `#4347` `#4131` `#6579` `#579` `#781` `#5543` `#5793` `#1565` `#2909` `#6835` `#290` `#4516` `#3515` `#4682` `#4910` `#3140` `#5650` `#1727` `#1791` `#1792` `#2139` `#5625` `#1442` `#3226` `#6376` `#5404` `#3682` `#6804` `#4174` `#6802` `#1641` `#2368` `#2375` `#2630` `#2612` `#2610` `#2628` `#2640` `#2617` `#2633` `#2638` `#2621` `#2623` `#2625` `#2619` `#2635` `#4000` `#971` `#967` `#969` `#965` `#960` `#5683` `#5685` `#6466` `#1728` `#4702` `#5154` `#3743` `#5653` `#4603` `#6800` `#5512` `#2074` `#5602` `#4664` `#1492` `#4345` `#1751` `#1754` `#6408` `#3353` `#1675` `#1809` `#1810` `#5324` `#5167` `#4631` `#5632` `#4494` `#4996` `#5680` `#5663` `#6018` `#2771` `#2983` `#3112` `#4728` `#2966` `#3115` `#2774` `#2893` `#2764` `#4080` `#4081` `#4071` `#2891` `#4348` `#4905` `#4681` `#3670` `#758` `#639` `#2208` `#4211` `#600` `#286` `#811` `#794` `#589` `#374` `#5979` `#4405` `#4448` `#4423` `#6801` `#4173` `#6803` `#4747` `#2251` `#2206` `#6035` `#4179` `#1048` `#5548` `#6741` `#4043` `#4967` `#813` `#5830` `#4213` `#2087` `#1272` `#3217` `#5674` `#5676` `#2615` `#2447` `#6275`
KERNEL32.dll	`InitializeCriticalSection` `DeleteCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `SetPriorityClass` `GetModuleFileNameW` `OutputDebugStringW` `Sleep` `GlobalHandle` `GlobalUnlock` `InterlockedCompareExchange` `GetTickCount` `MultiByteToWideChar` `WideCharToMultiByte` `MulDiv` `GetCurrentProcess` `GetSystemTimeAsFileTime` `TerminateProcess` `UnhandledExceptionFilter` `GetStartupInfoW` `SetUnhandledExceptionFilter` `QueryPerformanceCounter` `GetCurrentThreadId` `GlobalLock` `IsDebuggerPresent` `GlobalFree` `InterlockedExchange` `GetCurrentProcessId` `GlobalAlloc`
USER32.dll	`SetTimer` `LoadIconW` `SetRect` `IsIconic` `SendMessageW` `GetSystemMetrics` `GetClientRect` `MessageBoxW` `EnableWindow` `KillTimer` `CopyRect` `GetDC` `AppendMenuW` `GetSystemMenu` `DrawIcon`
GDI32.dll	`GetDeviceCaps`
COMCTL32.dll	`InitCommonControlsEx`
ole32.dll	`CoTaskMemFree` `CreateStreamOnHGlobal` `CoUninitialize` `CoInitialize` `CoTaskMemAlloc`
OLEAUT32.dll	`SysAllocStringLen` `SysFreeString` `OleLoadPicture`

Delayed Imports

1

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.31812`
MD5	`727488de72809146f2ffaef6319652d6`
SHA1	`3fa90124f5ae5619ea5c2c89ed5aa80ce34d7a01`
SHA256	`2d93ed1c38bcc48b0b1d7dc03afb5f8bb2bb7690dd9154d976ac4135e7566a24`
SHA3	`dbd93087fb42b4d4f0f62c482e22ab40736168f261d1cd885fc8af0ce940bfb7`

2

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.60443`
MD5	`51e7976a9235cccb432dded5dbe8e06a`
SHA1	`03c0abae00038e2e54859824f227e8bd0def47be`
SHA256	`c2c56eec3f64c855127cf775813aed42b94857c092dd518c73c31e29b95990e8`
SHA3	`2e6f5ad14f865ae21421fe16745bf8682c8f4185d5159f346284bc3e7fb9cdb5`

3

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.79264`
MD5	`c23e0f6f39d21812b9573c5840fc4dfb`
SHA1	`0c1dd8cf4f1f6a275e58d2f207ebb378814a51b1`
SHA256	`79ae306606cb6b9abaeaf472f0eeb20a910e7fdc1c08fd429c4953fda9946caf`
SHA3	`b14785e6fc1db550fb55cd2f434462d0306e30a2a5291af15cd0746d86dcf8bf`

4

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.87346`
MD5	`2f852271abaf51396a79b5d2bc265a24`
SHA1	`c603acdfaadfc321894de79e1b14a6dfd0235d21`
SHA256	`eba1c98dd2ece4d5d1ff7a5bf4d261c5434e5fea245106a995bad70ca351f869`
SHA3	`a82e41f87e984bbd7c8eba46e7838ecd2472a405d54a4b3cc1bb22dab9eafd79`

5

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.92715`
MD5	`6eb2f0ede96661c38c9a9a58ed9fdd4f`
SHA1	`9b8cb7b123ee92f9127c9d434e8fcd4bf96b37b9`
SHA256	`e5e611cf782f532e52ffca874d029847d5ab00decff55b5c4eea0684314bfb17`
SHA3	`e9ef53e007ecd84b918f657ae9fb0a7b703fd9cc09b18045750c05c063843997`

100

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.1383`
MD5	`e6ab5b02fec7330d42b359f6e4f7e4b8`
SHA1	`19cc410be0c2fd4e6939cabd170e72ddb2c7e939`
SHA256	`6e74f011d06aaf7b188146ce44759efa4d9bad19eb12f16939ce123e68372d11`
SHA3	`9337615da40ef5f7b173da64dc4b3d4398ac09a3c95eceb3a9a393a24ce73b03`

102

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xa2c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.46282`
MD5	`57b5507b3fb92fc08fc1b7726b9e40b3`
SHA1	`fd8a09cb3236dea735708a02cbcd6b552eea4c1d`
SHA256	`3b78212269ec9fadc2d4a5259f6a3e8ff23d1f78092058516959caeabcaf7463`
SHA3	`777bd53172e5476227562c6ec4725edeced372e34b22bba004492452b01e5bba`

7

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x3c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.67542`
MD5	`a8b1b6cbd78acaf344bbd29b829676f3`
SHA1	`55d05ae0a0c05fb0923cbff0b6ce47ff4ddb60ba`
SHA256	`70e7cff8c66fde26e321870a08f5a1f267a639b6b23c8895a9b6269ac6e38528`
SHA3	`61e1ebbd6883e75644db6cbf64b487d86ea6e073f7db41d5f7f34eae1952fdd5`

128

Type	`RT_GROUP_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.6474`
Detected Filetype	Icon file
MD5	`d64020e1074b6df9dc2c4bb34320134d`
SHA1	`583f4547f7d22568d7035a7c357157ee83dbf604`
SHA256	`40daebf4311b90eab9709571698979bbd161a7018b6eac1a18798cd10598b026`
SHA3	`06ef6158b6876e799ff82d58bae2e315c9accfd48ef61fd3cc5474cb17a735ec`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x328`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.37204`
MD5	`105d86a3da22b126539e9eeb0080132e`
SHA1	`779627d51e0adc67aea6470528fee2aff8ac6ea2`
SHA256	`72cee821f0113b8db7818f576c94cad62f83aac8d19a2aa92609ca62384827a0`
SHA3	`cb03f6d045905903ec10833553a2d62305284b9a16497ba99bee21501ef58b05`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x466`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.07977`
MD5	`8068221fe084f6c0b4e606743011b949`
SHA1	`18a55bfb363a06fd8d5e8975814add37338ec5e8`
SHA256	`82caa208d96286d2abb54015123a69ff453f6dad83cf467db487ca003c19bc4e`
SHA3	`ccc04d2bef39ac21565ca6ef81fef29676c4f36ecb5bb59597a00bcd60711bd6`

String Table contents

&About Test...

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.1
ProductVersion	1.0.0.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	TODO: <Company name>
FileDescription	TODO: <File description>
FileVersion (#2)	1.0.0.1
InternalName	Test.exe
LegalCopyright	TODO: (c) <Company name>. All rights reserved.
OriginalFilename	Test.exe
ProductName	TODO: <Product name>
ProductVersion (#2)	1.0.0.1

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2013-Mar-16 15:41:49
Version	`0.0`
SizeofData	`83`
AddressOfRawData	`0x7230`
PointerToRawData	`0x5e30`
Referenced File	F:\tuSVN\2_P2PCam264_PC\Test\Release\Test_P2PCamLivePC.pdb

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x409028`
SEHandlerTable	`0x407580`
SEHandlerCount	`16`

RICH Header

XOR Key	`0x2eb03327`
Unmarked objects	`0`
C objects (VS2012 build 50727 / VS2005 build 50727)	`1`
150 (20413)	`2`
ASM objects (VS2008 build 21022)	`2`
C objects (VS2008 build 21022)	`20`
C++ objects (VS2008 build 21022)	`7`
Imports (VS2012 build 50727 / VS2005 build 50727)	`14`
Imports (VS2008 build 21022)	`9`
Total imports	`283`
137 (VS2008 build 21022)	`6`
Linker (VS2008 build 21022)	`1`
Resource objects (VS2008 build 21022)	`1`

27db1cf3a74b4be6c6caf4ce74aab1c6

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

100

102

7

128

1 (#2)

1 (#3)

String Table contents

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors