Manalyze report for 03e67b6cd84650a56d6ed8f9a8c04de14c5660ecd715dc5cd4c7e8cf04acf886

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Mar-25 19:10:28
Detected languages	English - United States
Debug artifacts	E:\r\ws\St_Make\code\build\win\results\Release\info\CaptiveAppEntry.vc2015.pdb

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	Interesting strings found in the binary:	Contains domain names: adobe.com http://www.adobe.com http://www.adobe.com/go/getair http://www.adobe.com/go/getair, http://www.adobe.com/go/getair. http://www.adobe.com/go/getair_br http://www.adobe.com/go/getair_cn http://www.adobe.com/go/getair_cz http://www.adobe.com/go/getair_de http://www.adobe.com/go/getair_es, http://www.adobe.com/go/getair_fr http://www.adobe.com/go/getair_it http://www.adobe.com/go/getair_jp http://www.adobe.com/go/getair_kr http://www.adobe.com/go/getair_nl http://www.adobe.com/go/getair_pl http://www.adobe.com/go/getair_ru http://www.adobe.com/go/getair_se http://www.adobe.com/go/getair_tr www.adobe.com
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryW LoadLibraryExW`
Safe	VirusTotal score: 0/73 (Scanned on 2024-03-11 01:02:14)	`All the AVs think this file is safe.`

Hashes

MD5	`4ed66c7994f6ed261fe3bd0d95535796`
SHA1	`a34c10f75d1a1d405bb0a78c7c87bab2f623c89e`
SHA256	`03e67b6cd84650a56d6ed8f9a8c04de14c5660ecd715dc5cd4c7e8cf04acf886`
SHA3	`3241447f8142389581c5bb184efe8414fd56618af078d2e38b5afdd2a8e45d7a`
SSDeep	`1536:9ynfkRc7VR7s8Vk7rf9MjNqgKI15Fo+QfssWncdf70MSVF28:9cR7HVcrFONqdOvS3f7fSVF7`
Imports Hash	`99f1208f8baa2895eb326f6c41fd3294`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2019-Mar-25 19:10:28
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0xaa00`
SizeOfInitializedData	`0xa000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001540 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xc000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x18000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f9526c7f10976172f95be5927f72acdc`
SHA1	`164532c468168a8745a3bb007e3696a7b9a17af6`
SHA256	`7cee8ee59ba5754adf8e8bc27419a255f96c0b2e20af49ccc2194c106c6ce43b`
SHA3	`c817be42e89d0941a22a18d9355b620e2b7b3bcb4eaaff8c85da91e0d1c63bfe`
VirtualSize	`0xa85c`
VirtualAddress	`0x1000`
SizeOfRawData	`0xaa00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.60246`

.rdata

MD5	`57e9461cdd04eb286ed1cbae63295000`
SHA1	`e4d298d61f1d93fe22cea0ec50ba06e8715df56b`
SHA256	`cb37630855fcb04051194f3d7c8d5a0921bfaf2eada2f30ed2cd10c73680a586`
SHA3	`d173bbec4fe731fd478af3154968d8b52d11b1323c0ac0f5362b5da2f444a767`
VirtualSize	`0x76da`
VirtualAddress	`0xc000`
SizeOfRawData	`0x7800`
PointerToRawData	`0xae00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.78018`

.data

MD5	`b0ee1bbffcf076883cfad64ac203b1de`
SHA1	`7389cf3a0fbccc2b8916a821d00939a856c4adce`
SHA256	`0afb3d71f4812b5d60bd22f3126c700189d19014858167108076c01760167e69`
SHA3	`33f5b7cc2a54492831ea11273c9a9eb4605dd6d93b8d8fc63f4ccdcfbc925dc3`
VirtualSize	`0x12dc`
VirtualAddress	`0x14000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x12600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.28377`

.rsrc

MD5	`7169c8efa1884bd4a4dd60f297f1ad1a`
SHA1	`cf02eae43a76c25248fca4a06448a5fc57ba7f69`
SHA256	`cb28a32b749c7d3dfcdad590578b42bd873d475432d818b4c6f41a30a1e09c32`
SHA3	`c075c4848d03ea949976d4b862d897fb6e7ebbd2e67338bb268fcd3cd6e7af2a`
VirtualSize	`0x398`
VirtualAddress	`0x16000`
SizeOfRawData	`0x400`
PointerToRawData	`0x13000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.11831`

.reloc

MD5	`9d69b23d425a7cb73d28b0c4bdf3af98`
SHA1	`8e3ae22a3a4da1ef1be67ecacf3c1ab51b576cfc`
SHA256	`aae4e55abe75a0d7e9c4494529f66499eddfee1e04f0e70bab27748e1d38c151`
SHA3	`bcf43f0c1b77283532a94c4cb9c516017dc8fb88fef967165168facc4f0a6876`
VirtualSize	`0xe58`
VirtualAddress	`0x17000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x13400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.23474`

Imports

KERNEL32.dll	`SetStdHandle` `WriteConsoleW` `GetProcAddress` `ExitProcess` `HeapAlloc` `GetProcessHeap` `GetModuleHandleW` `LoadLibraryW` `GetFileAttributesW` `CreateFileW` `GetUserDefaultUILanguage` `GetModuleFileNameW` `GetStdHandle` `GetCommandLineW` `RaiseException` `DecodePointer` `SetFilePointerEx` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetCurrentProcess` `TerminateProcess` `WriteFile` `CloseHandle` `InitializeCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `MultiByteToWideChar` `WideCharToMultiByte` `RtlUnwind` `GetLastError` `SetLastError` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `LoadLibraryExW` `GetFileType` `GetModuleFileNameA` `GetModuleHandleExW` `GetACP` `LCMapStringW` `FindClose` `FindFirstFileExA` `FindNextFileA` `IsValidCodePage` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `GetStringTypeW` `FlushFileBuffers` `GetConsoleCP` `GetConsoleMode` `HeapSize` `HeapReAlloc` `HeapFree`
SHELL32.dll	`CommandLineToArgvW`
USER32.dll	`MessageBoxExW`
SHLWAPI.dll	`StrCmpW`

Delayed Imports

AmdPowerXpressRequestBetterBatteryLife

Ordinal	`1`
Address	`0x14780`

NvOptimusDisablement

Ordinal	`2`
Address	`0x14784`

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x336`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.3298`
MD5	`73faacbcdc7822a038c4e3786814611d`
SHA1	`287208b33c407a0b361d0ce2767111875e20a9f3`
SHA256	`411d4b3df3807e19bca735fd7415be9bbbfa9a87293a2d16bc53dda75845e50f`
SHA3	`0b3da7eac75b1a2f67eeda09933c30f1ff2415251fcfab020566826e9a344c08`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2019-Mar-25 19:10:28
Version	`0.0`
SizeofData	`103`
AddressOfRawData	`0x1286c`
PointerToRawData	`0x1166c`
Referenced File	E:\r\ws\St_Make\code\build\win\results\Release\info\CaptiveAppEntry.vc2015.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2019-Mar-25 19:10:28
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x128d4`
PointerToRawData	`0x116d4`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2019-Mar-25 19:10:28
Version	`0.0`
SizeofData	`752`
AddressOfRawData	`0x128e8`
PointerToRawData	`0x116e8`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2019-Mar-25 19:10:28
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x5c`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x414018`
SEHandlerTable	`0x412860`
SEHandlerCount	`3`
GuardCFCheckFunctionPointer	`4243756`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x2e83da52`
Unmarked objects	`0`
241 (40116)	`11`
243 (40116)	`125`
242 (40116)	`24`
C++ objects (24233)	`2`
ASM objects (VS2015 UPD3 build 24123)	`17`
C++ objects (VS2015 UPD3 build 24123)	`29`
C objects (VS2015 UPD3 build 24123)	`17`
Imports (65501)	`15`
Total imports	`131`
C++ objects (LTCG) (24233)	`1`
Exports (24233)	`1`
Resource objects (VS2015 UPD3 build 24210)	`1`
Linker (24233)	`1`

Errors

Leave a comment

No comments yet.