Manalyzer :: 9430580cdebdc5d87bfaba3c02a078a8a5ebce2d95672662cc5c285ca87e9c4e

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2008-Jan-13 20:40:18

Plugin Output

Suspicious	The PE is possibly packed.	`The PE only has 6 import(s).`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress`
Suspicious	VirusTotal score: 1/71 (Scanned on 2025-12-27 19:20:19)	`Cynet: Malicious (score: 100)`

Hashes

MD5	`7d4d29c853202c99cb083ed9e96300c9`
SHA1	`1893e8f6b01c671ba68e513399d70702ce744893`
SHA256	`9430580cdebdc5d87bfaba3c02a078a8a5ebce2d95672662cc5c285ca87e9c4e`
SHA3	`918930052e0a76f3541e3002bbee82b0d2014cfa3071cb115019938ebb30bec5`
SSDeep	`24:eFGSKQNYsHw3zSDWhzWxPQ9V7rR/vJWZK1RcH8W5Eck:iK9sHw3OC0BQFiKMH8Pck`
Imports Hash	`43f206c7235be665fafb28cd2be8e9d2`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xc8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2008-Jan-13 20:40:18
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x200`
SizeOfInitializedData	`0x600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001180 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x2000`
ImageBase	`0x10000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x5000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d0aa2c8b49bc5ceb45580c706ff68cbf`
SHA1	`a7222df7536385b81ab1a11c0255aea22e1d22bd`
SHA256	`7cee94cef10a3241fb07f426c1fe92055c5806b8bd8d2dc9d86ac771b5934dc7`
SHA3	`0871aaeded10b0abf56138051f582ef068c360064441b1bd0c51e871210a0af2`
VirtualSize	`0x1c0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`4.61221`

.rdata

MD5	`b86bcb23be1d172191707f504cbe385a`
SHA1	`1ee19d923de0acd6d5bc975e9e46027a065cb4dd`
SHA256	`44cb2dec8de2c143ceeafcdafcff154d2ce4bad9bd6460fe947bf20148af96aa`
SHA3	`922e7b129b12837b97755f737ae0c87e1310ff411a2fa7bb854924466cf83563`
VirtualSize	`0x1a0`
VirtualAddress	`0x2000`
SizeOfRawData	`0x200`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.7174`

.data

MD5	`b7f65b70889b85cd39e4d9e0bf3859e3`
SHA1	`f788716b781980da209b1a1a7f661068b631eb09`
SHA256	`ed058d3ff61246bb8db6f8fa9e1c1e13c6950a6579ccc8ae4008308c5a61dcfd`
SHA3	`033cd443449a1f3d8570951691a7f877dd86632598d26cb2ea0b3f5c7824d4a5`
VirtualSize	`0x118`
VirtualAddress	`0x3000`
SizeOfRawData	`0x200`
PointerToRawData	`0x800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.9809`

.reloc

MD5	`2367ead3d009eb0d2dc44015e79696f9`
SHA1	`11c2e9ec2644fbfcfaa884c87d9a5587fd256a70`
SHA256	`04184ec7a7163b8a0c100fac050812f3dfd499a2a200cb0b738c4d5566484206`
SHA3	`aaecd65f2131c2b926e417f554c15f6ba29dca5ceb1cb813c3f36e19bdff9ab9`
VirtualSize	`0x7a`
VirtualAddress	`0x4000`
SizeOfRawData	`0x200`
PointerToRawData	`0xa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.3034`

Imports

KERNEL32.dll	`LoadLibraryA` `FreeLibrary` `FindClose` `FindNextFileA` `FindFirstFileA` `GetProcAddress`

Delayed Imports

ov_clear

Ordinal	`1`
Address	`0x1010`

ov_info

Ordinal	`2`
Address	`0x1050`

ov_open_callbacks

Ordinal	`3`
Address	`0x1000`

ov_read

Ordinal	`4`
Address	`0x1040`

ov_time_seek

Ordinal	`5`
Address	`0x1060`

ov_time_tell

Ordinal	`6`
Address	`0x1030`

ov_time_total

Ordinal	`7`
Address	`0x1020`

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x8946bd9b`
Unmarked objects	`0`
Total imports	`6`
19 (8034)	`3`
C++ objects (VS98 SP6 build 8804)	`1`
Linker (VC++ 6.0 SP5 imp/exp build 8447)	`1`

Errors

Leave a comment

No comments yet.