Manalyze report for 1849dcff696a0c32a5def57af0ac8bf66c8325c6552530681369269f6db44daa

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2002-Oct-01 07:03:21
Detected languages	English - United States Hebrew - Israel
CompanyName	NirSoft
FileVersion	`1.1`
InternalName	FileDate
LegalCopyright	Copyright © 2002 Nir Sofer
OriginalFilename	FileDate.exe
ProductName	FileDate Changer
ProductVersion	`1.1`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++` `Microsoft Visual C++ v6.0` `Microsoft Visual C++ v5.0/v6.0 (MFC)`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA`
Safe	VirusTotal score: 0/69 (Scanned on 2021-05-25 20:18:29)	`All the AVs think this file is safe.`

Hashes

MD5	`7e80e6205c1edf29cccd37297049755c`
SHA1	`af8e9f2a0e926a5e3ba73d743e2d521f12c0d060`
SHA256	`1849dcff696a0c32a5def57af0ac8bf66c8325c6552530681369269f6db44daa`
SHA3	`9dffcf38f0184e7a8cc229d4f2c69427e317ce12781f13ec2bc0c2c201a2305e`
SSDeep	`768:D0txiVPdkMsoySnXdtZu8XnwgncZ5lkoDr/Wh:D0mVl9NtZuan9oD6`
Imports Hash	`3892f13114288972b3bcd1e59f5e1d63`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2002-Oct-01 07:03:21
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x6000`
SizeOfInitializedData	`0x16000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001F43 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x7000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x1d000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`45b0c10c1853ab5d97c8b97b15239ccb`
SHA1	`6e1aeaa39e1b147359e7c6ba1654a0ca658670c2`
SHA256	`3abe0ff40b29971a16778a7faeb14c3d020f7f078665c908bc8a4cedc2a51507`
SHA3	`4bccba2ab87d12c9f0c41624c1e80c40fe8d480173edf17133acb4858ebbee7c`
VirtualSize	`0x5867`
VirtualAddress	`0x1000`
SizeOfRawData	`0x6000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.37583`

.rdata

MD5	`24071335f7eb9e0b26a7cf48579ef968`
SHA1	`596dd0b9e6b2925e9075e85b01ac79992107309f`
SHA256	`5bef41ecd85c17c06ad1b322251a8ae7568fcb70b3e66819fe215915c8156c5d`
SHA3	`f26c0fc96b6c023deddebb881902ad009925407afae9efb5eca1f4d7fd81723e`
VirtualSize	`0xc22`
VirtualAddress	`0x7000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x7000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.45916`

.data

MD5	`b71e1e1f4b7efce3895a2e8f761e0ca1`
SHA1	`d739c44ba74a0055f05f7f30c837910b1f5cb562`
SHA256	`11862785a5057a310cba98b0a8d3d8901ed81e657bc9d21497badea1103a87d7`
SHA3	`621124d7d2bac24a9aa028affb199c73429129faf801e4dc75c507d4852672b8`
VirtualSize	`0x13da0`
VirtualAddress	`0x8000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x8000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.763668`

.rsrc

MD5	`23123ccd74871a46b9a2723bf7eab1d5`
SHA1	`5f591cdc1c65f7b85de1a1b767f63e20f7430e9c`
SHA256	`8a592b1b5836e0cc6fa8547474bb0b5858603a8952406c07f08b75c709db0752`
SHA3	`f9ad13eea647439f8162a1dba44a6be1de428935d5406bbf92849bca4ea5a0bc`
VirtualSize	`0xd60`
VirtualAddress	`0x1c000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xb000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.18796`

Imports

KERNEL32.dll	`GetLastError` `SetFilePointer` `CloseHandle` `LocalFileTimeToFileTime` `SystemTimeToFileTime` `SetFileTime` `GetProcAddress` `LoadLibraryA` `CreateFileA` `WriteFile` `GetCommandLineA` `GetStringTypeA` `LCMapStringA` `MultiByteToWideChar` `SetStdHandle` `GetOEMCP` `GetACP` `GetCPInfo` `RtlUnwind` `GetFileType` `GetStdHandle` `SetHandleCount` `GetEnvironmentStringsW` `GetEnvironmentStrings` `WideCharToMultiByte` `FreeEnvironmentStringsW` `FreeEnvironmentStringsA` `UnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `LCMapStringW` `HeapAlloc` `HeapReAlloc` `VirtualAlloc` `VirtualFree` `HeapCreate` `HeapDestroy` `GetVersionExA` `GetEnvironmentVariableA` `GetModuleFileNameA` `ExitProcess` `GetVersion` `GetStartupInfoA` `GetModuleHandleA` `FlushFileBuffers` `GetStringTypeW` `HeapFree`
USER32.dll	`GetSystemMetrics` `LoadCursorA` `MessageBoxA` `LoadImageA` `CreateDialogParamA` `ShowWindow` `GetMessageA` `TranslateMessage` `DispatchMessageA` `SetFocus` `SendMessageA` `SetCursor` `SetWindowPos` `SetDlgItemTextA` `GetDlgItem` `EnableWindow` `SendDlgItemMessageA` `GetWindowRect` `PostQuitMessage` `IsDialogMessageA`
comdlg32.dll	`GetOpenFileNameA`
SHELL32.dll	`DragAcceptFiles` `DragFinish` `DragQueryFileA`
COMCTL32.dll	`InitCommonControlsEx`

Delayed Imports

1

Type	`RT_ICON`
Language	Hebrew - Israel
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.85849`
MD5	`c91688bb6d7d5993d49afcdc4be47e13`
SHA1	`b0f14ecea6db194ce05cb32816b66dcf7fd3cdef`
SHA256	`cf440bcef56e9a9c95fccdfb30347e6bc298635994b6080be3cae237a27630bc`
SHA3	`40bbc695d2f6f425b774242ba83297f9963f7f7e20e9626a8cbf4188c1bdb232`

2

Type	`RT_ICON`
Language	Hebrew - Israel
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.81946`
MD5	`5f49774bc6db7602c5fe94df66d404e0`
SHA1	`e87d3ed8cd523a36facb6eb2fb9dccb1ac78fb05`
SHA256	`870e695a099fb34d8237e3e82a69234ff7bbb921b6724c945ccaba1104a4e148`
SHA3	`8a629265bdeb599e3247fa6228d207083ff4891846cbd095991ac90992128ebd`

101

Type	`RT_DIALOG`
Language	Hebrew - Israel
Codepage	UNKNOWN
Size	`0x4a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.51005`
MD5	`f3d0b37bf9eb093374dff4bbb6ad1108`
SHA1	`26aa5cbf748dbd442dc1e72becf8687dfdf42965`
SHA256	`36936a7eb100d4b59a2ee55d1bdbc54ba456040be56332079c248633ee0558be`
SHA3	`32ff99ff219fae6399611384eece05c75f915c038860ff311933686bdd252ea5`

102

Type	`RT_GROUP_ICON`
Language	Hebrew - Israel
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.37086`
Detected Filetype	Icon file
MD5	`d59e0d372ea5fd8c1f4de744376a6af4`
SHA1	`6883ce60e71a83424db0b41d0ab6bf61080e3de2`
SHA256	`b10e28a32eddb2ab20a46ceae59d9c0786911eb20f0c8dd2a28421f226ea2b8b`
SHA3	`5e39df982879204dd9f129a37d1e1c2ff906e88de9ae01b4418db5e8455e7ae1`

1 (#2)

Type	`RT_VERSION`
Language	Hebrew - Israel
Codepage	UNKNOWN
Size	`0x320`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.27514`
MD5	`af99acfd3c0bc46c6c2ee1642ac1bca3`
SHA1	`544203e23a3271f477837413a4bdcd5eca29dc7a`
SHA256	`93c34ee548dd8bc27f6175beff4963d0edf18d044bf403dd8eac665dca6a98fe`
SHA3	`053f90d28b2f12dabe2f0f9eb2dbebfbf1850b2b99dcbe33137dd25e520021f9`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.1.0.0
ProductVersion	1.1.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	NirSoft
FileVersion (#2)	1.1
InternalName	FileDate
LegalCopyright	Copyright © 2002 Nir Sofer
OriginalFilename	FileDate.exe
ProductName	FileDate Changer
ProductVersion (#2)	1.1

Resource LangID	Hebrew - Israel

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x9a6f00a3`
Unmarked objects	`0`
12 (7291)	`3`
C++ objects (8047)	`1`
14 (7299)	`17`
C objects (8047)	`48`
Unmarked objects (#2)	`3`
19 (8034)	`11`
Total imports	`109`
C++ objects (VC++ 6.0 SP5 build 8804)	`2`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

Errors

Leave a comment

No comments yet.