Manalyze report for a70bbb516f605c02437cca4bc9d8660b97fc2db43ddf708c828ba9a9d9fe100f

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2025-May-24 12:31:09
Detected languages	English - United States
Debug artifacts	C:\Users\RET2Pwn\OneDrive\Desktop\FlagYard Challenges\Reverse\Easy\1\One1\x64\Release\One1.pdb

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: procexp.exe procmon.exe wireshark.exe` `Contains references to debugging or reversing tools: ida.exe ida64.exe immunitydebugger.exe ollydbg.exe windbg.exe x64dbg.exe`
Suspicious	The PE contains functions most legitimate programs don't use.	`Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot CheckRemoteDebuggerPresent` `Manipulates other processes: Process32NextW Process32FirstW`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`53a3851e30a768419f4fb58b2bbc7a0d`
SHA1	`d4b220d811135f2b6fb080ed3117791390bb6e0b`
SHA256	`a70bbb516f605c02437cca4bc9d8660b97fc2db43ddf708c828ba9a9d9fe100f`
SHA3	`6f8d68a65c22d1e874a00e928c06c3bad4e553057cef270cb832cbb6adaea179`
SSDeep	`192:MEH6Lqdloh/O/rbyBR146PCruJeHuLjdXZ5oEutKFo9ZfN3Q5tfTcWCF:M7q0crbyjmESS4+XDoEEmo9hN31F`
Imports Hash	`53d7dbb5ce6d90b0094511f541f98eb3`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2025-May-24 12:31:09
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x1800`
SizeOfInitializedData	`0x2600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001CA0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x9000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`0f5e232b7e027ded604a0dee308b8d4f`
SHA1	`b7b088e3d50281671ab521e2071d843ea12d7126`
SHA256	`a2b0a527d5b1e01158496564e4a5e440e02fc85ef7c15bf8a3890793f320780f`
SHA3	`95ec5908dace33f957237e52df1b4554ab90dbf6ceb0a45f4d2a6ff8985752df`
VirtualSize	`0x170c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.95402`

.rdata

MD5	`904c6c0a33358326ea634894475695d5`
SHA1	`7dcaec5e94b16a89bee73b2de10d0c02f84e54d6`
SHA256	`f6ac9248cea0a188db3553bf488214e22cbef04dc6943d16857e7cbb45f377c1`
SHA3	`56fc792184089952a011563c57b451363f41bd7e007fa88935d05d8b330ba713`
VirtualSize	`0x1566`
VirtualAddress	`0x3000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x1c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.38462`

.data

MD5	`630da29d06608bdc9df3cac264dcd704`
SHA1	`f544d6706bc684124af40c95fc73cdcbac0fa273`
SHA256	`b67c2c99bd07b4570d1019069e1293f68116b0ee22bf23be67e6703501e4ef27`
SHA3	`1cf959021fbe97a3c919b850e578ab16058af8bc5a5206be614501e9ff8be53f`
VirtualSize	`0x6a0`
VirtualAddress	`0x5000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.572906`

.pdata

MD5	`36a14bbb8172b13ea6b7b38a0f022498`
SHA1	`3b84b513c56a3e2f0fbe9b3bd2fca1f765c0aa2e`
SHA256	`3a796eb1ec3af1e0ec45f3872d767673bd9256f3251c25582ed382216dddc695`
SHA3	`ea5ba3a56580e9a0ca4f825afe903542a2c963bc3aebb31efd4e099066b30bf1`
VirtualSize	`0x210`
VirtualAddress	`0x6000`
SizeOfRawData	`0x400`
PointerToRawData	`0x3400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.27591`

.rsrc

MD5	`0b35de07beeb30d1d6013cbca2846303`
SHA1	`c98626ce4d587471d115df6f42cb0f5221f13689`
SHA256	`c9ed38ed40cfe8c1718cbf78be16bb4aa76b76097a449f9ea315aee9fd20df0d`
SHA3	`76678b071daa4ec33980be3b819260aea5ade31193b0580e19b41e16156137cf`
VirtualSize	`0x1e0`
VirtualAddress	`0x7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.7015`

.reloc

MD5	`2b2519798bca7bcda566153eaf2ff2a0`
SHA1	`49a63f8667c0c09e2bff32477ebce94364a86b97`
SHA256	`16b6132e7fae523fb87518592fd99b37d1eb4501e17c9ae1bc0c90abf835a332`
SHA3	`6fdf3c3f8aea6df161c9fd23302072e66531fa31cb9c5fc305fba48b99dd5328`
VirtualSize	`0x30`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.716726`

Imports

KERNEL32.dll	`GetCurrentProcess` `GetCurrentThreadId` `CreateToolhelp32Snapshot` `Sleep` `Process32NextW` `GetCurrentThread` `Process32FirstW` `CloseHandle` `GetThreadContext` `GetCurrentProcessId` `IsBadReadPtr` `GetTickCount` `IsDebuggerPresent` `CheckRemoteDebuggerPresent` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `RtlCaptureContext` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `TerminateProcess` `GetModuleHandleW` `InitializeSListHead` `GetSystemTimeAsFileTime` `QueryPerformanceCounter` `IsProcessorFeaturePresent`
VCRUNTIME140.dll	`__current_exception` `__C_specific_handler` `__current_exception_context` `memset` `memcpy`
api-ms-win-crt-stdio-l1-1-0.dll	`_set_fmode` `__p__commode` `getchar` `__stdio_common_vfscanf` `__stdio_common_vfprintf` `__acrt_iob_func`
api-ms-win-crt-string-l1-1-0.dll	`_wcsicmp`
api-ms-win-crt-runtime-l1-1-0.dll	`_c_exit` `_register_thread_local_exe_atexit_callback` `__p___argc` `_initterm` `_seh_filter_exe` `exit` `_cexit` `_register_onexit_function` `_crt_atexit` `terminate` `_exit` `_set_app_type` `_initialize_onexit_table` `__p___argv` `_initterm_e` `_get_initial_narrow_environment` `_initialize_narrow_environment` `_configure_narrow_argv`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-May-24 12:31:09
Version	`0.0`
SizeofData	`119`
AddressOfRawData	`0x3868`
PointerToRawData	`0x2468`
Referenced File	C:\Users\RET2Pwn\OneDrive\Desktop\FlagYard Challenges\Reverse\Easy\1\One1\x64\Release\One1.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-May-24 12:31:09
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x38e0`
PointerToRawData	`0x24e0`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-May-24 12:31:09
Version	`0.0`
SizeofData	`644`
AddressOfRawData	`0x38f4`
PointerToRawData	`0x24f4`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2025-May-24 12:31:09
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140005000`

RICH Header

XOR Key	`0x1cb3cb4e`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`12`
Imports (34321)	`2`
ASM objects (34321)	`3`
C objects (34321)	`10`
C++ objects (34321)	`19`
Imports (30795)	`3`
Total imports	`63`
C objects (LTCG) (34808)	`1`
Resource objects (34808)	`1`
Linker (34808)	`1`

Errors

Leave a comment

No comments yet.