Manalyze report for aeb5661d520dc2b12164e8c6213840dd

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Mar-28 07:53:15
Detected languages	English - United States
Debug artifacts	C:\Users\user\source\repos\bread\x64\Debug\bread.pdb

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig2(h)` `MASM/TASM - sig1(h)`
Suspicious	The PE is possibly packed.	`Section .textbss is both writable and executable.` `Unusual section name found: .msvcjmc`
Malicious	VirusTotal score: 3/71 (Scanned on 2024-04-29 19:29:49)	`Bkav: W64.AIDetectMalware` `Cynet: Malicious (score: 100)` `MaxSecure: Trojan.Malware.300983.susgen`

Hashes

MD5	`aeb5661d520dc2b12164e8c6213840dd`
SHA1	`5bd6a92cd06587531b4058ab93a729334d778d11`
SHA256	`5f9588a1914a0826a348a4f3c30a6a454d5761a4866db305059bdbe0605d1009`
SHA3	`05bdee6c5df474182e38af6e7d7e2f4823ca9dc6ac4d51239bdf541555e01ff6`
SSDeep	`384:awKdznRpKWa63P2AcE54GfsBgkT3XNtbPlhHXIncJtW6XagLDHeFZVfB7NdkCh2:w8lsV4xvdtbP/4VeRLr8HBcCQWAPm`
Imports Hash	`e2e676d9ff4583e2aa29600bf2912441`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`10`
TimeDateStamp	2024-Mar-28 07:53:15
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x8c00`
SizeOfInitializedData	`0x8000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000001100F (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x27000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.textbss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x10000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.text

MD5	`0451ff48ddd0bf0d973d63291bd36891`
SHA1	`848d858354f4e23d88b3aa4001913da9713176bd`
SHA256	`9bbd6d4e60004c466c4e23881049c0f52069109e35f699610329f6baed7e189d`
SHA3	`22457e9b3090957d3a6b9bedd1fa92d0099514ba88d372fcbeac740bb7b10aca`
VirtualSize	`0x8b65`
VirtualAddress	`0x11000`
SizeOfRawData	`0x8c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`3.75639`

.rdata

MD5	`c2978c235471213ac567f1c11fb1d03c`
SHA1	`a299d22fc795773e8c97328a677b9b646856393a`
SHA256	`463951652f3aa5e2c9f46049c1bc924529a819caa9a66470a8d76e1ed55c8a4d`
SHA3	`1dceb87036e55f429e0ef5ba6d182d3249af446ea8648056256e943201d82eea`
VirtualSize	`0x2c77`
VirtualAddress	`0x1a000`
SizeOfRawData	`0x2e00`
PointerToRawData	`0x9000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.44315`

.data

MD5	`8402e605c06c8ecb8cb1e46531c4e746`
SHA1	`ac8aed3d75dbff7e834fcd09ea92f170496beb2d`
SHA256	`7e6f44ad952a4b502a01d50436008df3415ce5dd9beca4633282b0cb8743ea98`
SHA3	`c232dd6368b20638a91ffb03ec71dc5f0c2514c39aa4d5e92a19ec5011830f69`
VirtualSize	`0x948`
VirtualAddress	`0x1d000`
SizeOfRawData	`0x200`
PointerToRawData	`0xbe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.496307`

.pdata

MD5	`b0f60d2c5749138f196fb88327279e58`
SHA1	`be6c5e25685e6c0dbc5c9c1f0127f8f55bf47245`
SHA256	`3db3c7e8664bcbffc310eb971297b98ad2c29e45efc539503ff5bf0de32cbebc`
SHA3	`8d8323572432e8276af8873640386187da30cf66a7d556793ece1a507276defb`
VirtualSize	`0x2214`
VirtualAddress	`0x1e000`
SizeOfRawData	`0x2400`
PointerToRawData	`0xc000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.20797`

.idata

MD5	`adcbeec493c5cc4ab4d5bbe1eec58e15`
SHA1	`e8332e58ea018cb4a21370e5f31960c09961598e`
SHA256	`997b6ab24435eb098c04a2ecb4eebd1aa95604edfb9927fe47bd1d714d5af481`
SHA3	`a4af0746f903308385044eaa3936fa5442a3cfc2b6d791256ffe0c591fe1e60c`
VirtualSize	`0x1426`
VirtualAddress	`0x21000`
SizeOfRawData	`0x1600`
PointerToRawData	`0xe400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.69703`

.msvcjmc

MD5	`12e3c34c93a8cf4959b3128c5efdb847`
SHA1	`a2a793746b4ad627ce28d774a4a3b759755c3323`
SHA256	`d2a08213de84017592a29d1c78c6856222c6c76e36e71a3e305b2efd7bece75b`
SHA3	`0c8e3e330226dcb7b85c08e8d6599130be4ad26f4466c6c23a1f6123e33d0e78`
VirtualSize	`0x29a`
VirtualAddress	`0x23000`
SizeOfRawData	`0x400`
PointerToRawData	`0xfa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.918946`

.00cfg

MD5	`bdab2ecca944095725172e3296d810c6`
SHA1	`9ae68172e811f0b58602e8532b0a11e0354fbcb6`
SHA256	`6e19c2bc3851205c48317f7647f13652c6a632c1239edd9a4601f4cfbcf8cee6`
SHA3	`abee6d5ba39dcfaed17808ffe06cd0f5d5fbc25abbeb12eeb359e744e7f42c3d`
VirtualSize	`0x175`
VirtualAddress	`0x24000`
SizeOfRawData	`0x200`
PointerToRawData	`0xfe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.464548`

.rsrc

MD5	`f12a6a180e33f477c89281318c2c1622`
SHA1	`5f36d131077060671148e72d8e29746587a0bfff`
SHA256	`88f7f0ae16c86ee192edde98a75195d10b488ebbf05af24b8d2848b77e5276c0`
SHA3	`6bb8e23afbd7b5659dd7092722da0e4147b97a98b998e2c9b443147da445e789`
VirtualSize	`0x326`
VirtualAddress	`0x25000`
SizeOfRawData	`0x400`
PointerToRawData	`0x10000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.44221`

.reloc

MD5	`50a4bccd701acacb2258de2501716f6b`
SHA1	`6a13662cde4f48d1ed9c9194e54d1124cf106b87`
SHA256	`7f80c30a63295956acd3e8a0b65a2c820674e0c357138b0842e1ac98fa0657c7`
SHA3	`ebbb4ab3ed6a451e8cac72be0779d6e1cfef8761ac79bcd0105279c36f775cfd`
VirtualSize	`0x273`
VirtualAddress	`0x26000`
SizeOfRawData	`0x400`
PointerToRawData	`0x10400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.690269`

Imports

MSVCP140D.dll	`?good@ios_base@std@@QEBA_NXZ` `?flags@ios_base@std@@QEBAHXZ` `?width@ios_base@std@@QEBA_JXZ` `?width@ios_base@std@@QEAA_J_J@Z` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ` `?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z` `?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ` `?uncaught_exception@std@@YA_NXZ` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z` `?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ`
VCRUNTIME140_1D.dll	`__CxxFrameHandler4`
VCRUNTIME140D.dll	`memcpy` `__C_specific_handler` `__C_specific_handler_noexcept` `__std_type_info_destroy_list` `__current_exception` `__current_exception_context` `__vcrt_GetModuleFileNameW` `__vcrt_GetModuleHandleW` `__vcrt_LoadLibraryExW`
ucrtbased.dll	`_wmakepath_s` `terminate` `_cexit` `_crt_at_quick_exit` `_crt_atexit` `_execute_onexit_table` `_register_onexit_function` `_initialize_onexit_table` `_wsplitpath_s` `_initialize_narrow_environment` `__stdio_common_vsprintf_s` `strcat_s` `strcpy_s` `_initterm_e` `_initterm` `_CrtDbgReportW` `_CrtDbgReport` `strlen` `wcscpy_s` `_configure_narrow_argv` `_seh_filter_dll`
KERNEL32.dll	`GetProcAddress` `IsDebuggerPresent` `GetCurrentThreadId` `MultiByteToWideChar` `WideCharToMultiByte` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetSystemTimeAsFileTime` `InitializeSListHead` `GetStartupInfoW` `GetModuleHandleW` `GetLastError` `HeapAlloc` `HeapFree` `GetProcessHeap` `VirtualQuery` `FreeLibrary` `RaiseException`

Delayed Imports

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x91`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.8858`
MD5	`f7ad1eab748bc07570a57ec87787cf90`
SHA1	`0b1608da9fef218386e825db575c65616826d9f4`
SHA256	`d2952e57023848a37fb0f21f0dfb38c9000f610ac2b00c2f128511dfd68bde04`
SHA3	`6c9541b36948c19ae507d74223621875b3af4064f7cd8200bdb97e15a047e96a`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2024-Mar-28 07:38:58
Version	`0.0`
SizeofData	`77`
AddressOfRawData	`0x1ba9c`
PointerToRawData	`0xaa9c`
Referenced File	C:\Users\user\source\repos\bread\x64\Debug\bread.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2024-Mar-28 07:38:58
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x1baec`
PointerToRawData	`0xaaec`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x18001d000`

RICH Header

XOR Key	`0x39e54576`
Unmarked objects	`0`
C++ objects (33218)	`17`
C objects (33218)	`9`
ASM objects (33218)	`3`
Imports (33218)	`7`
Imports (30795)	`4`
Total imports	`74`
C++ objects (33521)	`2`
Resource objects (33521)	`1`
Linker (33521)	`1`

Errors

[*] Warning: Section .textbss has a size of 0!