12621d0d9d8055c4bf5316b14582431c7784ed60814070d600bc5f44777b3e17

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2020-Sep-16 16:27:43
Detected languages English - United States
Debug artifacts C:\Users\Patrick\Dropbox\Projects\InControlNative\Windows\Build\x86_64\Release\InControlNative.pdb

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: Accesses the WMI:
  • root\cimv2
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryW
  • GetProcAddress
  • LoadLibraryExW
Functions which can be used for anti-debugging purposes:
  • SwitchToThread
Memory manipulation functions often used by packers:
  • VirtualAlloc
  • VirtualProtect
Suspicious VirusTotal score: 1/68 (Scanned on 2026-06-29 04:09:04) Cynet: Malicious (score: 100)

Hashes

MD5 5c8831032d447ac3484017cdc72ee9d2
SHA1 4ae1bf750046234fd48139d2a39461f3d1dc518e
SHA256 12621d0d9d8055c4bf5316b14582431c7784ed60814070d600bc5f44777b3e17
SHA3 acf19dcd12f145525ae083dd9dad376727c120ff8e0709704a20245ce1602199
SSDeep 6144:Zv2F/MxulQht2uFaPJpJish4yFZ+t5eFZ/wkFEbU/f3PTvPkU/44:wFknFaBish4yKtEFhnPrG
Imports Hash 72ba3de4e03807cc02cdf7692a9127c9

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x128

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 8
TimeDateStamp 2020-Sep-16 16:27:43
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x40200
SizeOfInitializedData 0x21400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00000000000084FC (Section: .text)
BaseOfCode 0x1000
ImageBase 0x180000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x67000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 62128358da3b3dd51c98ffbe6b493d55
SHA1 276ce386dc1614c59e28705146d6fb4e9df007a4
SHA256 59fc85b176c175d2d898c7dc542c28b1382b9b1394762844f6ad9a3290292340
SHA3 52ca2068efe0cd56eef5b56075cd5f44fecc636bf87373d31ba77ba1060d7ba3
VirtualSize 0x401e6
VirtualAddress 0x1000
SizeOfRawData 0x40200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.43982

.rdata

MD5 046a0b13411bf0e80a0a79a8d9c4843e
SHA1 d31672654c0c890fae04c2a87061aa4d8ae2b154
SHA256 4dd4d2b9153800f20095d30f070f664478d3c0861bc044caa3f4ed0ef7ec1458
SHA3 af46e21e7b701d14ec3ce11fb646fe73d0703d2f2959d3be48390d2ed107bcc5
VirtualSize 0x16b8c
VirtualAddress 0x42000
SizeOfRawData 0x16c00
PointerToRawData 0x40600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.78964

.data

MD5 22755b517bc51fed8837547fe8697aed
SHA1 e50e1989337efd1b77e09e5a3ca78294b489d920
SHA256 ffe6d7068d6a93110dd942e7706551a9cc6bed168e2b42810aa821b6ef8275c2
SHA3 f3ab40bceb66c0d9a7e355c3cf9f948190924b4157191f7463742001efc6a037
VirtualSize 0x49ac
VirtualAddress 0x59000
SizeOfRawData 0x3200
PointerToRawData 0x57200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.60023

.pdata

MD5 5e6dfe58f2f5664b333a43fc59ddfa7a
SHA1 6f565d65fc4e8f42a453c8b1ecc42c04a46d41c0
SHA256 121e8ffe56fae6409cf3ea6f823201d56263c0d1f32848750e178fde254f3d8a
SHA3 197086799de2f010c3a046743bc887403dfddf632fce70e8c935a18fb3c18b7b
VirtualSize 0x40e0
VirtualAddress 0x5e000
SizeOfRawData 0x4200
PointerToRawData 0x5a400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.49877

.gfids

MD5 8d150e7bd93dc1f44f4cce7b1b94754d
SHA1 4534c887645bd9e4f87c981463196e951c828a34
SHA256 020a9d5c74dee4b10cd698dcfe92640e7ba73a12c369c89d97b6d4269044a1e8
SHA3 16fb4020806a071ac5e6e82ab03ccea49efe7034bc646f054038fc9800a68d65
VirtualSize 0x9e0
VirtualAddress 0x63000
SizeOfRawData 0xa00
PointerToRawData 0x5e600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.77986

.tls

MD5 1f354d76203061bfdd5a53dae48d5435
SHA1 aa0d33a0c854e073439067876e932688b65cb6a9
SHA256 4c6474903705cb450bb6434c29e8854f17d8324efca1fdb9ee9008599060883a
SHA3 991fbbd46bbd69198269fe6c247d440e0f8a7d38259b7a1e04b74790301d1d2b
VirtualSize 0x9
VirtualAddress 0x64000
SizeOfRawData 0x200
PointerToRawData 0x5f000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.0203931

.rsrc

MD5 719052f3c9bf363cae31fbf61c9141b2
SHA1 67a60984cc7dce78b23d9e0426dc406e0b5fe50c
SHA256 f6bf3116252ed4a3743c186bef1820409b1534fab62ce51695a34b10f87cfd8a
SHA3 ea704471d5d7a3f2be09a0e1066cec3acb6fc5d9ebd8f4dccabc13381215e72e
VirtualSize 0x1e0
VirtualAddress 0x65000
SizeOfRawData 0x200
PointerToRawData 0x5f200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.71935

.reloc

MD5 6a580811bde81b7290857a798f1e5fa2
SHA1 c9ac04a25bc3f263a09c4ffd41e76a3de8fc94b6
SHA256 26c0c8266b3707b2f4b9f429f115cd0c52ef5209ed378442d0835ffcba564e4a
SHA3 c251c8c3394031f96ed3935c0986ba8ab66ec4390334bf7b43d0edc48af99d48
VirtualSize 0xcec
VirtualAddress 0x66000
SizeOfRawData 0xe00
PointerToRawData 0x5f400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.29415

Imports

KERNEL32.dll GetLastError
HeapReAlloc
CloseHandle
RaiseException
HeapAlloc
DecodePointer
DeleteCriticalSection
GetProcessHeap
GetModuleHandleW
SetThreadExecutionState
LoadLibraryW
GetProcAddress
FreeLibrary
HeapSize
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
CreateFileW
InitializeCriticalSectionEx
HeapFree
CreateThread
Sleep
WriteConsoleW
WaitForSingleObject
FindFirstFileExA
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
WideCharToMultiByte
QueryPerformanceCounter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
SetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
OutputDebugStringW
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
EncodePointer
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
RtlPcToFileHeader
RtlUnwindEx
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
GetStringTypeW
GetACP
GetStdHandle
GetFileType
LCMapStringW
FindClose
USER32.dll ShowWindow
SendInput
GetForegroundWindow
UnregisterClassW
DefWindowProcW
LoadCursorW
CreateWindowExW
RegisterClassExW
DestroyWindow
RegisterDeviceNotificationW
DispatchMessageW
PeekMessageW
TranslateMessage
ole32.dll CoInitialize
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
OLEAUT32.dll SysFreeString
SysAllocString
DINPUT8.dll DirectInput8Create
HID.DLL HidD_GetSerialNumberString
HidD_GetManufacturerString
HidD_GetAttributes
HidD_GetProductString
SHLWAPI.dll StrCmpW

Delayed Imports

InControl_GetDeviceEvents

Ordinal 1
Address 0x2790

InControl_GetDeviceInfo

Ordinal 2
Address 0x25d0

InControl_GetDeviceState

Ordinal 3
Address 0x2710

InControl_GetVersionInfo

Ordinal 4
Address 0x25a0

InControl_Init

Ordinal 5
Address 0x24c0

InControl_SetHapticState

Ordinal 6
Address 0x2b40

InControl_SetLightColor

Ordinal 7
Address 0x2b90

InControl_SetLightFlash

Ordinal 8
Address 0x2bf0

InControl_Stop

Ordinal 9
Address 0x2550

2

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2020-Sep-16 16:27:43
Version 0.0
SizeofData 123
AddressOfRawData 0x528d4
PointerToRawData 0x50ed4
Referenced File C:\Users\Patrick\Dropbox\Projects\InControlNative\Windows\Build\x86_64\Release\InControlNative.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2020-Sep-16 16:27:43
Version 0.0
SizeofData 20
AddressOfRawData 0x52950
PointerToRawData 0x50f50

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2020-Sep-16 16:27:43
Version 0.0
SizeofData 964
AddressOfRawData 0x52964
PointerToRawData 0x50f64

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2020-Sep-16 16:27:43
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

StartAddressOfRawData 0x180064000
EndAddressOfRawData 0x180064008
AddressOfIndex 0x18005c858
AddressOfCallbacks 0x180042548
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0x94
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x180059008

RICH Header

XOR Key 0x2ebd3a20
Unmarked objects 0
241 (40116) 14
243 (40116) 124
242 (40116) 18
C++ objects (23013) 2
C++ objects (65501) 1
208 (65501) 1
ASM objects (VS2015 UPD3 build 24123) 8
C++ objects (VS2015 UPD3 build 24123) 95
C objects (VS2015 UPD3 build 24123) 19
Imports (65501) 15
Total imports 157
C++ objects (LTCG) (VS2015 UPD3.1 build 24215) 8
Exports (VS2015 UPD3.1 build 24215) 1
Resource objects (VS2015 UPD3 build 24210) 1
Linker (VS2015 UPD3.1 build 24215) 1

Errors

Leave a comment

No comments yet.