7b832e24f24a5c1534f71663c8b46af1c3900453be3db74ece353da57b9f189d

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2017-Sep-15 22:20:38
Detected languages English - United Kingdom
English - United States
Debug artifacts F:\work\build\win_32-linkMT-callFast-x86_32\cl_16.00.40219.01\rel\armar\armar.pdb
FileVersion 5.06.0.63
CompanyName ARM Limited
LegalCopyright Copyright (C) 2017
ProductName 5.06
ProductVersion 5.06.0
Copyright Copyright (C) ARM Ltd 2017 . All Rights Reserved
FileDescription The ARM Librarian
InternalName standard armar for win_32-x86_32-rel
OriginalFilename armar

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
MASM/TASM - sig1(h)
Info Interesting strings found in the binary: Contains domain names:
  • ds.arm.com
  • http://ds.arm.com
  • http://ds.arm.com/support/%s
  • http://ds.arm.com/support/licensing/
  • http://www.keil.com
  • http://www.keil.com/support/man/docs/license/license_management.htm
  • www.keil.com
Info Cryptographic algorithms detected in the binary: Uses constants related to Blowfish
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
  • LoadLibraryW
 Possibly launches other programs:
  • CreateProcessA
 Memory manipulation functions often used by packers:
  • VirtualAlloc
  • VirtualProtect
 Enumerates local disk drives:
  • GetDriveTypeW
  • GetDriveTypeA
Info The PE is digitally signed. Signer: ARM Ltd
Issuer: GlobalSign Extended Validation CodeSigning CA - SHA256 - G3
Safe VirusTotal score: 0/64 (Scanned on 2023-11-20 05:09:58) All the AVs think this file is safe.

Hashes

MD5 74967e3fd0aab6a4faad023ccfafd8d7
SHA1 15f229254ebce50aa8c385aa0285bd5dae4b7403
SHA256 7b832e24f24a5c1534f71663c8b46af1c3900453be3db74ece353da57b9f189d
SHA3 53796c2031d11f9661115d823da7546379b5f3d02a2a0995845d851b1aeb5fa4
SSDeep 24576:/yedC9H+rb+KgJqnr7Z+g3foGr+Pe7wQQj1a2viu20j/6ArLe6fC:R0Jqnr7Z+g3fwQQBaJUjSArS
Imports Hash accac18f20e1cf6b2f6f191d9d38af14

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2017-Sep-15 22:20:38
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 10.0
SizeOfCode 0x13f400
SizeOfInitializedData 0x47600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000FA5E1 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x141000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.1
ImageVersion 0.0
SubsystemVersion 5.1
Win32VersionValue 0
SizeOfImage 0x1a6000
SizeOfHeaders 0x400
Checksum 0x193ec2
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x800000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 2c4a7b040978d9dfa90f77b12d7a3372
SHA1 c43dbdce031d4ccbb75366f905bc80acb01f0386
SHA256 4d212d0d05e3d0f38856d3ceabdcf66f9d41c3558aeda04d74e1f0b39cf4d40a
SHA3 91c624ce89fe09155033bb8cf581b3a9f750378c2cdb00c0788ecd4534195d9f
VirtualSize 0x13f3db
VirtualAddress 0x1000
SizeOfRawData 0x13f400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.64356

.rdata

MD5 eac17f34a4512622903bd8aca7c6fd63
SHA1 c7d1f671469e530d8b04bd1fd5f90fa30cca5e4d
SHA256 0d64ecd318765c1aebd9de485113391a2755c5381b7773758ec8661e923ba854
SHA3 67b21c81594de853fce740fe3ecde7cef0a398da72f8e4147fcd0e6f2dd1b966
VirtualSize 0x3e675
VirtualAddress 0x141000
SizeOfRawData 0x3e800
PointerToRawData 0x13f800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.62719

.data

MD5 347ddb5a9476984885f7900fd5f8dfe2
SHA1 0307e0db626656ab77ab00a171745c9104fb8a63
SHA256 f3535a07c539ff804de01bcbdef4d27d85fefec4ac0a78eeba3fbad73d4ca9a4
SHA3 d8910f5e36e6256f4eb08162c302297575bbfe2f288203c7d26569e422201e99
VirtualSize 0x24904
VirtualAddress 0x180000
SizeOfRawData 0x8800
PointerToRawData 0x17e000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.06037

.rsrc

MD5 4c26fafbd3b717235464fa5ca4affeb6
SHA1 c443633f64dbb8998785778605cb36a58810988d
SHA256 4bcec6a47607d4419bd73ce7338692f146fb49dc9a0e22d8413df0036c65b9a1
SHA3 e75e6530e615773f150d3804206419245e4fadf034a52b3926c71bec62567c10
VirtualSize 0x55c
VirtualAddress 0x1a5000
SizeOfRawData 0x600
PointerToRawData 0x186800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.46968

Imports

SHLWAPI.dll PathRemoveFileSpecA
PathCombineA
PathFileExistsA
KERNEL32.dll GetProcessHeap
SetEndOfFile
WideCharToMultiByte
MultiByteToWideChar
GetComputerNameA
GetModuleFileNameA
CreateFileA
SetInformationJobObject
GetFileAttributesExA
WriteFile
AssignProcessToJobObject
GetFileAttributesA
CreateProcessA
TerminateProcess
ReadFile
CreateJobObjectA
GetStdHandle
FindFirstFileA
FindFirstFileExA
GetLastError
GetProcAddress
VirtualAlloc
CompareStringW
CreatePipe
GetModuleHandleA
VirtualProtect
GetCurrentDirectoryA
GetVersionExA
CloseHandle
GetVersion
GetCurrentProcessId
DeleteFileA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetFullPathNameA
ReleaseMutex
WaitForSingleObject
CreateMutexA
MoveFileExA
SystemTimeToFileTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
LoadLibraryA
SetFileAttributesA
MoveFileA
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetTimeFormatA
GetDateFormatA
GetModuleHandleW
ExitProcess
GetCommandLineA
HeapSetInformation
CreateFileW
HeapAlloc
DuplicateHandle
GetCurrentProcess
HeapReAlloc
GetDriveTypeW
FileTimeToSystemTime
FileTimeToLocalFileTime
FindNextFileA
CreateDirectoryA
SetEnvironmentVariableA
SetCurrentDirectoryA
FindClose
GetDriveTypeA
RaiseException
RtlUnwind
GetTimeZoneInformation
GetCPInfo
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
FatalAppExitA
GetConsoleCP
GetConsoleMode
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetModuleFileNameW
GetLocaleInfoW
SetConsoleCtrlHandler
LoadLibraryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
SetFilePointer
IsProcessorFeaturePresent
FlushFileBuffers
SetStdHandle
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEnvironmentVariableW
GetFileInformationByHandle
PeekNamedPipe
WriteConsoleW
ADVAPI32.dll GetUserNameA

Delayed Imports

DoBackendCallbackCommand

Ordinal 1
Address 0xdaff0

1

Type RT_VERSION
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x360
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.48805
MD5 7b6dfcf7a2dd63c08511b26bd5d3bc2c
SHA1 f39d665d2e1d570806f045486858fdf9cdfed53f
SHA256 f9fa0898f9fa5dde7d09d3625c04b0cf5ab04d1fbf1650b79b5a4932f2c24e35
SHA3 58335d26343c84fe5c4a985aea0d84c04219f44107081d499f59a41cae8ee0e6

1 (#2)

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x15a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.79597
MD5 24d3b502e1846356b0263f945ddd5529
SHA1 bac45b86a9c48fc3756a46809c101570d349737d
SHA256 49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e
SHA3 1244ed60820da52dc4b53880ec48e3b587dbdbd9545f01fa2b1c0fcfea1d5e9e

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 5.6.0.63
ProductVersion 5.6.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
FileVersion (#2) 5.06.0.63
CompanyName ARM Limited
LegalCopyright Copyright (C) 2017
ProductName 5.06
ProductVersion (#2) 5.06.0
Copyright Copyright (C) ARM Ltd 2017 . All Rights Reserved
FileDescription The ARM Librarian
InternalName standard armar for win_32-x86_32-rel
OriginalFilename armar
Resource LangID English - United Kingdom

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2017-Sep-15 22:20:38
Version 0.0
SizeofData 106
AddressOfRawData 0x16f548
PointerToRawData 0x16dd48
Referenced File F:\work\build\win_32-linkMT-callFast-x86_32\cl_16.00.40219.01\rel\armar\armar.pdb

TLS Callbacks

Load Configuration

Size 0x48
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x581000
SEHandlerTable 0x572580
SEHandlerCount 713

RICH Header

XOR Key 0x903b524f
Unmarked objects 0
152 (20115) 1
ASM objects (VS2010 SP1 build 40219) 34
Imports (VS2008 SP1 build 30729) 7
Total imports 133
C objects (VS2010 SP1 build 40219) 203
C++ objects (VS2010 SP1 build 40219) 85
175 (VS2010 SP1 build 40219) 106
Exports (VS2010 SP1 build 40219) 1
Resource objects (VS2010 SP1 build 40219) 1
Linker (VS2010 SP1 build 40219) 1

Errors

Leave a comment

No comments yet.