Manalyze report for 3c18a6d15ab937b9686a8b623c6e0912c2ccd4822beeec487eb7fc993ff265d7

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2016-Jul-06 06:59:13
Detected languages	Chinese - PRC Chinese - Taiwan English - United States
CompanyName	Megawin Technology Co., Ltd.
FileDescription	DFU MFC Application
FileVersion	`1, 1, 5, 0`
InternalName	DFU
LegalCopyright	Copyright (C) 2012
OriginalFilename	DFU.EXE
ProductName	DFU Application
ProductVersion	`1, 1, 5, 0`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++` `Microsoft Visual C++ v6.0` `Microsoft Visual C++ v5.0/v6.0 (MFC)`
Suspicious	The PE contains functions most legitimate programs don't use.	`Can take screenshots: CreateCompatibleDC BitBlt`
Suspicious	The PE is possibly a dropper.	`Resources amount for 81.9955% of the executable.`
Suspicious	VirusTotal score: 2/69 (Scanned on 2024-02-10 23:26:15)	`APEX: Malicious` `Cynet: Malicious (score: 100)`

Hashes

MD5	`e9816fd6d5763b4633cf1e0e8e595247`
SHA1	`6fa96623675401ff209b6afdc422f3a387a188ff`
SHA256	`3c18a6d15ab937b9686a8b623c6e0912c2ccd4822beeec487eb7fc993ff265d7`
SHA3	`c31556d04d4dd942917d8fe908d8f77fe15211d4a07913a95a80beadaab9f6f1`
SSDeep	`6144:LifVFoSF4D0tDfRRhrIC85rlEfGKpEouNk:L2oArNE/k`
Imports Hash	`8e135a1943861551254b50562c7b8477`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2016-Jul-06 06:59:13
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x6000`
SizeOfInitializedData	`0x33000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000065A6 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x7000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x3a000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a151aaf5c634043c6017e4759ad46728`
SHA1	`43ba6e155841e1bade5f80bb51b955ec7025f6ca`
SHA256	`aa2cdf4a010aa7792555b9099077c5fdabee5792febc47499dc8054c916320ec`
SHA3	`9dd3bb3b78229dd3383f6b8cd8ea3e295e1047345cc31ab2e12625efc55f6622`
VirtualSize	`0x5e1a`
VirtualAddress	`0x1000`
SizeOfRawData	`0x6000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.09315`

.rdata

MD5	`ecfb8c79744cd02a188ba679c4257fe8`
SHA1	`94de44c7a1228700b847998feb05894672d304ff`
SHA256	`17abe0ec4128063de25b34c92b8fa3b1f953504216ee5ac0739f37970d574e07`
SHA3	`36b39a8b166dd3e4fa6d4a7ae59774abcbdf77e84ebc444280ab92f793808f6f`
VirtualSize	`0x1f86`
VirtualAddress	`0x7000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x7000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.77938`

.data

MD5	`dee81a633d4a29d625b3940b304d9571`
SHA1	`d3108ce1e2fd338385a070ac31b7d0a2ff957449`
SHA256	`282a458eab686eaca87bf70f531b22fef81016a972098f679f4df22e5a0e0608`
SHA3	`db5d74d51b24330bb48ceb384487be531c15e16e500021525be7f24767f7e170`
VirtualSize	`0x350`
VirtualAddress	`0x9000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x9000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.10014`

.rsrc

MD5	`b91a5f537fee5aee4367bbeb41e646ec`
SHA1	`28a5b0812cf1fc9bf9bd88380c7b7bb85e29a762`
SHA256	`853df78e58c882025a5017a3af11621fd22d686091e18b33d9508a6d3f3dbc8f`
SHA3	`779f1c30e059040de927f930ee4a655767943255bf9e9100db46457ba294eab7`
VirtualSize	`0x2fb90`
VirtualAddress	`0xa000`
SizeOfRawData	`0x30000`
PointerToRawData	`0xa000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.64283`

Imports

DFU.dll	`DFU_Reset_To_AP` `DFU_Download` `DFU_Reset_To_ISP` `DFU_Get_ProcessCount`
MFC42.DLL	`#3081` `#2976` `#3830` `#3831` `#3825` `#3079` `#4080` `#4622` `#4424` `#3738` `#561` `#825` `#815` `#641` `#656` `#800` `#2514` `#1205` `#2621` `#1134` `#5265` `#4376` `#4853` `#4998` `#6052` `#1775` `#5280` `#4425` `#3597` `#6055` `#4078` `#1776` `#4407` `#5241` `#2385` `#5163` `#6374` `#4353` `#5290` `#3798` `#4837` `#4441` `#2648` `#2055` `#6376` `#3749` `#5065` `#1727` `#5261` `#2446` `#2124` `#5277` `#3402` `#4627` `#3610` `#1146` `#1168` `#860` `#540` `#567` `#324` `#2289` `#2370` `#2302` `#4234` `#6215` `#3092` `#2860` `#6199` `#4710` `#1200` `#924` `#926` `#2818` `#665` `#1979` `#3318` `#5186` `#354` `#823` `#3175` `#858` `#3499` `#6334` `#2515` `#355` `#5953` `#2985` `#5683` `#537` `#2820` `#3790` `#1949` `#4275` `#3619` `#818` `#1270` `#3626` `#3663` `#2414` `#1232` `#6242` `#3089` `#2864` `#6453` `#3920` `#3797` `#3573` `#5875` `#1641` `#5788` `#5787` `#472` `#283` `#3706` `#3571` `#755` `#640` `#5781` `#5789` `#5785` `#1640` `#323` `#470` `#6128` `#2379` `#613` `#289` `#3752` `#5981` `#6129` `#5903` `#1706` `#941` `#939` `#430` `#5510` `#3216` `#4042` `#1652` `#429` `#1945` `#4273` `#4589` `#4588` `#4899` `#4370` `#4892` `#5076` `#4341` `#4349` `#4723` `#4890` `#4531` `#4545` `#4543` `#4526` `#4529` `#4524` `#4964` `#4961` `#4108` `#5240` `#3748` `#1726` `#5260` `#4432` `#813` `#560` `#4464` `#4299` `#1997` `#4278` `#5465` `#798` `#5194` `#533` `#3262` `#3136` `#4465` `#3259` `#3147` `#2982` `#5714` `#5289` `#5307` `#4698` `#4079` `#2725` `#5302` `#5300` `#3346` `#2396` `#5199` `#1089` `#3922` `#5731` `#2512` `#2554` `#4486` `#6375` `#4274` `#4673` `#4277` `#1576`
MSVCRT.dll	`_except_handler3` `__set_app_type` `__p__fmode` `__p__commode` `_adjust_fdiv` `__setusermatherr` `_initterm` `__getmainargs` `_acmdln` `_setmbcp` `__CxxFrameHandler` `_mbsicmp` `_beginthreadex` `_snprintf` `isprint` `tolower` `_CxxThrowException` `sscanf` `__dllonexit` `_onexit` `_exit` `_XcptFilter` `exit` `_controlfp`
KERNEL32.dll	`GetStartupInfoA` `GlobalLock` `GlobalUnlock` `GetModuleHandleA` `FindResourceA` `LoadResource` `SizeofResource` `ResumeThread` `Sleep` `CloseHandle` `GetExitCodeThread` `GlobalAlloc` `WaitForSingleObject`
USER32.dll	`OffsetRect` `FillRect` `GetFocus` `InvalidateRect` `ShowScrollBar` `GetClientRect` `ShowCaret` `SetCaretPos` `CreateCaret` `DestroyCaret` `SetCapture` `GetSystemMetrics` `ReleaseCapture` `GetCapture` `PtInRect` `SetTimer` `KillTimer` `GetKeyState` `GetNextDlgTabItem` `EmptyClipboard` `PostMessageA` `GetParent` `GetClassInfoA` `DefWindowProcA` `IsWindow` `GetSysColor` `RegisterClipboardFormatA` `EnableWindow` `LoadCursorA` `SetCursor` `PeekMessageA` `PostQuitMessage` `SendMessageA` `LoadIconA` `EnableScrollBar`
GDI32.dll	`GetObjectA` `CreateFontIndirectA` `CreateCompatibleDC` `CreateCompatibleBitmap` `CreateRectRgnIndirect` `BitBlt` `Polygon` `Polyline` `CreateSolidBrush` `GetCharWidthA` `GetTextExtentPoint32A` `GetStockObject`

Delayed Imports

133

Type	`BINARY`
Language	Chinese - Taiwan
Codepage	UNKNOWN
Size	`0xe7db`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.68701`
MD5	`e8d57ab3d90fd4728bf5128c61bfa79b`
SHA1	`12b4006a89a9e99e61235f28e35a5eee34ad5a09`
SHA256	`c729bdc21178ba42db678e1eacf05c210151c558b640be87eeee9592e7bfe680`
SHA3	`72749afb26858c8d725e3a424a25e8f2cc4338b3c80ab80595318653a654d2c2`

3

Type	`RT_CURSOR`
Language	Chinese - Taiwan
Codepage	UNKNOWN
Size	`0x2ec`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.88716`
MD5	`5aca64f80eccf9c5dc02599fa112afd9`
SHA1	`54f707ba9eda3344e7f0366cf001658bde1112ae`
SHA256	`a01e6693a649e41f0ffd440fe87f5559545429212504ed472f33aa8df3c0e1a0`
SHA3	`cecc8ed6a7247cb67bd4dc484019b81ba39536c5253766a086cf22475bde0d1e`

129

Type	`RT_BITMAP`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x202e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.27389`
MD5	`5f4d0be548944f643c3afe7f91885ec4`
SHA1	`87cc674eda0349cff7c16f08c6427d2d6aa3eb3e`
SHA256	`e0457a22ce26c9c2e8039b1dd1bf609e370a35bf96c6ffcbf31dde9cc363158e`
SHA3	`b973ce14ccdf47ef13fab981b352610011038e681c5d39fb585a6745c5575cc0`
Preview

1

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.6378`
MD5	`33fd4a93d5ca25b675a371fecbb9bdfd`
SHA1	`c8820c439fcaeb36d7f4537b2cd78527b10672e8`
SHA256	`3a28d2b5e2802b8dd9af450d592a87739e73f4234b3df5019fe01e8c8a50fc48`
SHA3	`62515640d7a79b1f7666ddc09ff1e27a7c5e2e3ca1205c47ecf527e70f86ca5b`

2

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.22833`
MD5	`a1f274163651dba316a3abaa3b0599ca`
SHA1	`39825122f4b4fc0b01b7e6201f0b75ae5628e4b1`
SHA256	`53d00cb00dddbb58f74f652a3c87c535ff67e7e16a27b222c4832ce8f58e1eab`
SHA3	`9df9411f68a108ced592438f82c5b6866e6e09574c6804db0f25ac2584cc2057`

102

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x38e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.18844`
MD5	`ac2b5441f66129fe96b7193c13555195`
SHA1	`1cf3d25ac7b40e27061bc052e179b9d49992c131`
SHA256	`a5886f6c8b4112d092fb6e766ade6fc78be7cbafcbdd31aa2368db61ffaa7ae8`
SHA3	`cda1c9eb88f43a47af5d7732a1f3b98f5c21b0da378664ae5335637aa6e09409`

132

Type	`RT_GROUP_CURSOR`
Language	Chinese - Taiwan
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`5dc7e209423286f781406bf66a6df6c2`
SHA1	`4bc112ddca20993a9a73d3806aa49e268574a83f`
SHA256	`712173255e8074f1aa356ded677a990da27a4e9c4f3c42262f8c756262ef20b4`
SHA3	`bf2b23c0b10f5896dfd2900937a638275455fba96bfa46e254416a303b594da0`
Preview

128

Type	`RT_GROUP_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.37086`
Detected Filetype	Icon file
MD5	`d59e0d372ea5fd8c1f4de744376a6af4`
SHA1	`6883ce60e71a83424db0b41d0ab6bf61080e3de2`
SHA256	`b10e28a32eddb2ab20a46ceae59d9c0786911eb20f0c8dd2a28421f226ea2b8b`
SHA3	`5e39df982879204dd9f129a37d1e1c2ff906e88de9ae01b4418db5e8455e7ae1`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x368`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.43102`
MD5	`2f94efb65a4c83ac886e32eb70bf2fcb`
SHA1	`890680300bd6d59207ba0ed61c7b616e3fd16d6f`
SHA256	`96b9e526138cc59a6f24ea2b358c368a8eec84ec8caf906f84632149df87a7d8`
SHA3	`dd5c321993c3c7a004da1397c69958b1af5a27c8743516c6cea4ee830ac5ab56`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.1.5.0
ProductVersion	1.1.5.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Megawin Technology Co., Ltd.
FileDescription	DFU MFC Application
FileVersion (#2)	1, 1, 5, 0
InternalName	DFU
LegalCopyright	Copyright (C) 2012
OriginalFilename	DFU.EXE
ProductName	DFU Application
ProductVersion (#2)	1, 1, 5, 0

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xe0ba1871`
Unmarked objects	`0`
19 (8034)	`6`
14 (7299)	`1`
C objects (8047)	`11`
Linker (8047)	`2`
C++ objects (VS98 SP6 build 8804)	`3`
Linker (VS98 SP6 build 8804)	`2`
Total imports	`295`
Linker (VC++ 6.0 SP5 imp/exp build 8447)	`3`
C++ objects (VS98 build 8168)	`5`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

Errors

Leave a comment

No comments yet.