Manalyze report for 4df497f5148581a449be5681a929f2b49fc6f034ac75691a7cd32a1c0f647f24

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2013-Jan-23 14:57:36
Detected languages	English - United States
CompanyName	Ton van den Broek Automatisering
FileDescription	remote login applicatie
FileVersion	`1.0`
LegalCopyright	Ton van den Broek Automatisering
ProductName	installer
ProductVersion	`1.0`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: virus`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Code injection capabilities (process hollowing): SetThreadContext WriteProcessMemory ResumeThread` `Possibly launches other programs: CreateProcessA` `Can create temporary files: CreateFileA GetTempPathA` `Manipulates other processes: WriteProcessMemory`
Info	The PE is digitally signed.	`Signer: Ton van den Broek Automatisering` `Issuer: UTN-USERFirst-Object`
Safe	VirusTotal score: 0/65 (Scanned on 2022-01-08 11:06:33)	`All the AVs think this file is safe.`

Hashes

MD5	`33593803115edf4885ea4e7d688b3ab9`
SHA1	`aac7e500909a2e7ba76452257880488ff0eec0d5`
SHA256	`4df497f5148581a449be5681a929f2b49fc6f034ac75691a7cd32a1c0f647f24`
SHA3	`d1efe965b83c68636047170d3b04aa47e72c7f7fcfc4ca3daae25a8c056c595a`
SSDeep	`98304:WdA15a15m5jhFOIycXD66kPHiyeLIT5WNkO72jT:WdYa10SSXW6WCyxT5q2jT`
Imports Hash	`7c2116af86cf5b29bc6a7e0377601029`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2013-Jan-23 14:57:36
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`7.0`
SizeOfCode	`0xc00`
SizeOfInitializedData	`0x3000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001A00 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x2000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x6000`
SizeOfHeaders	`0x400`
Checksum	`0x320887`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`5e48762eefa4f86a8045d6bf47f6d3bc`
SHA1	`731873f81d1eb16efdf3be67bbffef8e31d4c0b7`
SHA256	`ab14a1bb89a367f0e04aa700256a5196258b66ad6ebc5b61149575e69118313d`
SHA3	`16e7df1511f2f3fcf0da3e3f238481c5aa1d6d854a0dcb59a6ead3c52a76f00b`
VirtualSize	`0xb40`
VirtualAddress	`0x1000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.75619`

.rdata

MD5	`76827252be1c93ce087c994958e9dcae`
SHA1	`1c9d7d4365774afb3cc11a4fbe3e3495a5f7da6d`
SHA256	`5ee3111b0194dd5dc32fbb2d080c5d1e75e451d4b4a71094dfeba1072df349fc`
SHA3	`04e2e9e7302df28d3225c4958c28035104ef29d7d3e7bab8b0dd854e4ce96b8c`
VirtualSize	`0x882`
VirtualAddress	`0x2000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.68288`

.data

MD5	`952a4c66e95952287fe0c274ca5088f5`
SHA1	`92c4ec56a8a2b4b44b0e5942bc092ba06f1e0329`
SHA256	`9b140d1f85e08b3c220ed39b80fce7137e8a7c1a29ea41773de6121f7a760b3d`
SHA3	`ffb8e5e9af8e13e20111bb0cbd04b55ceb9b0af925e876d804187387d24f85aa`
VirtualSize	`0x724`
VirtualAddress	`0x3000`
SizeOfRawData	`0x400`
PointerToRawData	`0x1a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.1676`

.rsrc

MD5	`8c057c08e30f6f1d0e09f4c645705b23`
SHA1	`9605c50883e5f90ba40c38eb3e0f002744eb96b7`
SHA256	`62399b9ca945bd936a226fde7eb3593ef4555fc5e453c9a59a24d922c868ee2c`
SHA3	`8876233e771b6da1e83f1300c3929b53a8589bd52c13422f0b7276fee89776aa`
VirtualSize	`0x1c50`
VirtualAddress	`0x4000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0x1e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.58674`

Imports

LZ32.dll	`LZInit` `LZClose` `LZCopy`
COMCTL32.dll	`#17`
KERNEL32.dll	`HeapAlloc` `GetProcessHeap` `GetLastError` `ExitProcess` `GetThreadContext` `CreateFileA` `SetThreadContext` `SetFilePointer` `lstrlenA` `lstrcpynA` `SetErrorMode` `FreeLibrary` `GetCurrentProcess` `GlobalLock` `WaitForSingleObject` `WriteFile` `GlobalAlloc` `Sleep` `CreateProcessA` `ReadFile` `GlobalUnlock` `FlushInstructionCache` `GetCommandLineA` `GetProcAddress` `RemoveDirectoryA` `VirtualProtectEx` `GlobalFree` `GetTempFileNameA` `LoadLibraryA` `MoveFileA` `GetModuleFileNameA` `DuplicateHandle` `CloseHandle` `GetTempPathA` `WriteProcessMemory` `ResumeThread` `DeleteFileA` `lstrcpyA` `GetModuleHandleA` `GetStartupInfoA`
USER32.dll	`wsprintfA` `MessageBoxA`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.25755`
MD5	`c5af786bfd9fd1c53c8fe9f0bd9ce38b`
SHA1	`4f6f7d9973b47063aa5353225a2bc5a76aa2a96a`
SHA256	`f59f62e7843b3ff992cf769a3c608acd4a85a38b3b302cda8507b75163659d7b`
SHA3	`e178a71f02edb18e31bf550d484b2cba8d865e1e9796065addb07855ce5627f9`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.47151`
MD5	`0a451222f7037983439a58e3b44db529`
SHA1	`6881cba71174502883d53a8885fb90dad81fd0c0`
SHA256	`dc785b2a3e4ea82bd34121cc04e80758e221f11ee686fcfd87ce49f8e6730b22`
SHA3	`d5599c242df5383add3fb330d42b31f1751594b36bbf52195e7d1dd564e7f0e3`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.91708`
MD5	`90ed3aac2a942e3067e6471b32860e77`
SHA1	`b849a2b9901473810b5d74e6703be78c3a7e64e3`
SHA256	`ca8fc96218d0a7e691dd7b95da05a27246439822d09b829af240523b28fd5bb3`
SHA3	`3f02085a0d69091556ede0b585f45145adce9849e175d8177c2f0fe0891a1bd8`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.28897`
MD5	`08a9c6a03dfc41d8390c53cb5863f668`
SHA1	`3ab8700aba90a45b87b3bb5c6b6a3566de4ab08b`
SHA256	`0a4d783c14704c963d417cfab8ad1f66a47866d79b106668cd3432786e442d48`
SHA3	`1a06f589e2f0d3d2bb6a823d54eb8ae76f3c1b1ae19c9cb94ccac96ece54ecde`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.64576`
Detected Filetype	Icon file
MD5	`f6262f462f61a1af1cac10cf4b790e5a`
SHA1	`4aa3239c2c59fa5f246b0dd68da564e529b98ff4`
SHA256	`44b095a62d7e401671f57271e6cada367bb55cf7b300ef768b3487b841facd3c`
SHA3	`f2a1d165133c29eba349014fa5f8059ddebe1aba5b220fb89f1a474e95c482ca`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3f4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.31594`
MD5	`5ad4ab8d0be330d0846dc8b144e6a121`
SHA1	`a24f28e193e239a3bd00a3ffddeb75e61a719f29`
SHA256	`969f1817c4b2a0bf747d361c2067a81db84c4aba2d0f5d1afef6af8bd90ddf30`
SHA3	`b245da16008f009abe0513fa949ae58e9b8e3fe671bbe08cba715dedf87524ce`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x433`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.29849`
MD5	`a0fde9e659c169dce0f80fb8c8b6f784`
SHA1	`c54b3e141b92928d840f72a161c6b9ec02dcaed5`
SHA256	`caace2b53ed2957de7d347831e93177734db46774c4829d2d7184403b1594a9d`
SHA3	`fcca57609345096ef0f20d803b3801c8e2e6ae397ae91008eb41174112c589eb`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Ton van den Broek Automatisering
FileDescription	remote login applicatie
FileVersion (#2)	1.0
LegalCopyright	Ton van den Broek Automatisering
ProductName	installer
ProductVersion (#2)	1.0

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x3cdb3571`
Unmarked objects	`0`
C++ objects (VS2002 (.NET) build 9466)	`3`
Imports (9210)	`9`
Total imports	`47`
43 (9955)	`1`
Resource objects (VS2002 (.NET) build 9466)	`1`
Linker (9955)	`1`

Errors

Leave a comment

No comments yet.