3ec5e595f9b2b9045078acc00bbe88e66b5db2af15bc99b6eed86c4b6da66208

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2006-Aug-11 06:43:02
Detected languages English - United States
Debug artifacts c:\cbs\build\115526~2\in\udasw\utils\src\enlocstr\objfre_wnet_x86\i386\enlocstr.pdb

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
 Can access the registry:
  • RegCloseKey
  • RegSetValueExA
  • RegCreateKeyExA
Safe VirusTotal score: 0/71 (Scanned on 2026-04-24 20:43:39) All the AVs think this file is safe.

Hashes

MD5 6c579ba73df78e72ae21151a4cf92f81
SHA1 14506da456bd52c438a74e9e754b0882f2222f63
SHA256 3ec5e595f9b2b9045078acc00bbe88e66b5db2af15bc99b6eed86c4b6da66208
SHA3 bf038a6b9b777c505f2b5de7f55d2e6b888a7853d807d235e945ec38056f1c2d
SSDeep 96:NKTFtmV9exhBDNHBKJyaaCDB4V9vHRmlWRvv:QT6VmQJNaCDBiaWR
Imports Hash 354defb512e4142e057dcecf18a87b7e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2006-Aug-11 06:43:02
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 7.2
SizeOfCode 0xa00
SizeOfInitializedData 0xa00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000149D (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x2000
ImageBase 0x1000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.2
ImageVersion 5.2
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x4000
SizeOfHeaders 0x400
Checksum 0xc360
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x40000
SizeofStackCommit 0x2000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 1f7fc2f468453f10d9172692ee89e94e
SHA1 7516bd28e0c329ebe650665513462819717253f6
SHA256 976e3c496f38512b6108fc5df1016ced40d37c735e6fcf79c85d36cddef0a91b
SHA3 394e56618b905506269d5edfbee48aeee8a4fe4734801a3eebec3b84f7f569d4
VirtualSize 0x986
VirtualAddress 0x1000
SizeOfRawData 0xa00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.68147

.data

MD5 eb8ecb9760ea9740e75d2d5e42860333
SHA1 40d4fdae8ed17219805054a67e75b2e56ba357a2
SHA256 10dcb5b2cab2a63488d746411c97233c5ed4a4b0620df9545ccdd6a908ad26de
SHA3 b7430fe51d222ef68314f815658d6fd85e28319a87fbce0e0082f2d31ac6e167
VirtualSize 0x28
VirtualAddress 0x2000
SizeOfRawData 0x200
PointerToRawData 0xe00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.10191

.rsrc

MD5 eb53f199c472496f0d00ec387ff34dbf
SHA1 bb713ba451acdff5b333d86106e5c0c385ad0c8e
SHA256 3cc1aea1a8cf59bc53a4749b40f50ee28bd801f54c8d4dbb8c3b9ae7b293fed5
SHA3 212997f9497e23441800cb00f8b59f88277df61b2ef4cfcd0e3c3ddb9410fd66
VirtualSize 0x6ee
VirtualAddress 0x3000
SizeOfRawData 0x800
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.08094

Imports

MFC42.DLL #823
msvcrt.dll _initterm
__setusermatherr
_adjust_fdiv
__p__commode
__getmainargs
__set_app_type
_except_handler3
_controlfp
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
malloc
free
__p__fmode
ADVAPI32.dll RegCloseKey
RegSetValueExA
RegCreateKeyExA
KERNEL32.dll GetProcAddress
FreeLibrary
LoadLibraryA
GetStartupInfoA

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x696
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.2779
MD5 f5434988a1a7bf4379b92addc081ef08
SHA1 61506a778633669352571998d6ec69600fb9ba12
SHA256 b8dd803fbebfd215ff08015877733c914c2eeab7ad74258ae7965b6e670cb3aa
SHA3 ea58bd5ccefb50a400b61eb9486ef1e3c413cfc0f95ec324f7eca314094eab87

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2006-Aug-11 06:43:02
Version 0.0
SizeofData 108
AddressOfRawData 0x1178
PointerToRawData 0x578
Referenced File c:\cbs\build\115526~2\in\udasw\utils\src\enlocstr\objfre_wnet_x86\i386\enlocstr.pdb

TLS Callbacks

Load Configuration

Size 0x48
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x1002004
SEHandlerTable 0x10011f0
SEHandlerCount 1

RICH Header

XOR Key 0x86917be0
Unmarked objects 0
ASM objects (VS2003 (.NET) build 4035) 1
Imports (VS2003 (.NET) build 4035) 6
Linker (8450) 3
Total imports 45
77 (2144) 1
C objects (VS2003 (.NET) build 4035) 14
C++ objects (VS2003 (.NET) build 4035) 2
Linker (VS2003 (.NET) build 4035) 1

Errors

Leave a comment

No comments yet.