Manalyze report for 71e4c997bcd2b16fd108e38a66c8fa1c29a77334c10e8680a5ecd8662b54fba9

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2024-Oct-17 20:40:02

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Enumerates local disk drives: GetDriveTypeA`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`66e34e988c0f5e70b695a332e3745602`
SHA1	`352efe62306b6b449de3f5712b8940e12fdcfece`
SHA256	`71e4c997bcd2b16fd108e38a66c8fa1c29a77334c10e8680a5ecd8662b54fba9`
SHA3	`0b9b6f2cd06b21e981b2a0a67680e25478e35a66605972f79f2cb5202f54a5d2`
SSDeep	`3072:AqWkKOgFcN98UADrFwcXmUtIQJdcBQKt1GG6dTpEle88mrdTuX18e+0oz2k1:dYPPNmUtI8dcBQK+dTyEMYIX`
Imports Hash	`6479fe139ba4f542ad9fee6eb89aedca`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2024-Oct-17 20:40:02
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x29a00`
SizeOfInitializedData	`0xee00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000E399 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x2b000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x3a000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`cba2f7aa1e0af686ddf8ad61e24240ba`
SHA1	`61e9919b71e7ae37abb9ea1b380a9c789df772da`
SHA256	`aaa88284e703ad6e47bd50b3d5ee34d71a56b6d63f800f17ae6ee38c66269a93`
SHA3	`a96e3e700eb27b996ac6ad1f2113155e0bbda85be11d83b0dacdf2ff0148082b`
VirtualSize	`0x29850`
VirtualAddress	`0x1000`
SizeOfRawData	`0x29a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.52808`

.rdata

MD5	`6bc6990758ee98c2b414b85cc0a6ba75`
SHA1	`f5f62f5e6077fef64ad6e3ee718c729a1b118185`
SHA256	`26529d07707bb12dbfe947e014d93e8a0f2556684eb026d874e93752beedaa30`
SHA3	`38fafea4966dc4502e85bf66b539f327c7d8c36543bebd7d4b3cb25a55046738`
VirtualSize	`0xacd2`
VirtualAddress	`0x2b000`
SizeOfRawData	`0xae00`
PointerToRawData	`0x29e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.90924`

.data

MD5	`d73737fab770b112440d295bf9414c1e`
SHA1	`9e08bb590eab054ef3c9ed48a11850948ebf6882`
SHA256	`a239167383866c955449da9caf3b75134c48e5d12ccad79f99413e20c5e00509`
SHA3	`e6b97d1e1a862afd713c519549ebee7a2fe0eea1b2bbf26a27c7e1ef4aac0fbb`
VirtualSize	`0x1e44`
VirtualAddress	`0x36000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x34c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.98355`

.reloc

MD5	`13861aadd5921bddcc61437390a2daae`
SHA1	`f8cc2b783e56ad46f7f3a67a70e1926cc397450b`
SHA256	`97df478bb21615e358550c1d6a2eaa1edab331294122dcfd85ebc60a6c38436d`
SHA3	`5492625efef671fba599debd4a14be1de4301ca836507604d520b9824538b150`
VirtualSize	`0x1e90`
VirtualAddress	`0x38000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x35e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.43456`

Imports

KERNEL32.DLL	`GetStartupInfoW` `HeapSize` `SetStdHandle` `GetProcessHeap` `SetEnvironmentVariableW` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetOEMCP` `GetDriveTypeA` `GetLogicalDrives` `GetLastError` `CreateMutexA` `LocalFree` `FormatMessageA` `GetLocaleInfoEx` `CreateFileW` `FindClose` `FindFirstFileW` `FindFirstFileExW` `FindNextFileW` `GetFileAttributesExW` `SetFileInformationByHandle` `AreFileApisANSI` `CloseHandle` `GetModuleHandleW` `GetProcAddress` `GetFileInformationByHandleEx` `MultiByteToWideChar` `WideCharToMultiByte` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionEx` `DeleteCriticalSection` `EncodePointer` `DecodePointer` `LCMapStringEx` `GetStringTypeW` `GetCPInfo` `IsProcessorFeaturePresent` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `WriteConsoleW` `GetCurrentProcess` `TerminateProcess` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `GetACP` `RaiseException` `RtlUnwind` `SetLastError` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `LoadLibraryExW` `ExitProcess` `GetModuleHandleExW` `GetModuleFileNameW` `GetStdHandle` `WriteFile` `GetCommandLineA` `GetCommandLineW` `HeapFree` `HeapAlloc` `CompareStringW` `LCMapStringW` `GetLocaleInfoW` `IsValidLocale` `GetUserDefaultLCID` `EnumSystemLocalesW` `GetFileType` `FlushFileBuffers` `GetConsoleOutputCP` `GetConsoleMode` `ReadFile` `GetFileSizeEx` `SetFilePointerEx` `ReadConsoleW` `HeapReAlloc` `IsValidCodePage`
USER32.dll	`MessageBoxA`
zip.dll	`zip_file_add` `zip_source_free` `zip_source_file` `zip_open` `zip_file_set_encryption` `zip_close`

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_UNKNOWN

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0xc0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x436080`
SEHandlerTable	`0x433910`
SEHandlerCount	`65`

RICH Header

XOR Key	`0xde243914`
Unmarked objects	`0`
ASM objects (30795)	`12`
C++ objects (30795)	`168`
C objects (30795)	`21`
ASM objects (33808)	`21`
C objects (33808)	`18`
C++ objects (33808)	`78`
Imports (30795)	`4`
Imports (34120)	`3`
Total imports	`119`
C++ objects (34120)	`1`
Linker (34120)	`1`

Errors

Leave a comment

No comments yet.