Manalyze report for ba09d10097d8389809dd3216b0a76403ab79fd0f7c378e8fac177a69532bc927

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2016-May-09 14:01:29
Detected languages	English - United States
Debug artifacts	C:\Users\wahiko\Desktop\GHost94_Plus\Release\hacker9.pdb

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Suspicious	PEiD Signature:	`UPolyX V0.1 -> Delikon`
Info	Interesting strings found in the binary:	`Contains domain names: continuousphysics.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses known Mersenne Twister constants`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA LoadLibraryW GetProcAddress` `Functions which can be used for anti-debugging purposes: FindWindowW` `Code injection capabilities (PowerLoader): FindWindowW GetWindowLongW` `Can create temporary files: CreateFileA GetTempPathW GetTempPathA CreateFileW` `Uses functions commonly found in keyloggers: AttachThreadInput GetForegroundWindow` `Can take screenshots: GetDC FindWindowW CreateCompatibleDC` `Reads the contents of the clipboard: GetClipboardData`
Safe	VirusTotal score: 0/67 (Scanned on 2025-04-14 10:03:51)	`All the AVs think this file is safe.`

Hashes

MD5	`a6052765ae15a3dbaaa2abe655edc4c5`
SHA1	`2338105b83b8fd181b47551230d2b40d34d833c0`
SHA256	`ba09d10097d8389809dd3216b0a76403ab79fd0f7c378e8fac177a69532bc927`
SHA3	`7aae06d7ff805c6c6b13f7c3e5489fc1682e63a76f3c0fff1abe7df4ed2101b5`
SSDeep	`98304:zfPiwq8jhtboJnGFplUZPHQ88M/ijGJn07q78YWe1O1/FAKKUXwfWl+rgckp:TPiasGFoZPHQ8beGJD7EeuAsBv`
Imports Hash	`8d36ca0d7f5dd37b860093e04a67ff77`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2016-May-09 14:01:29
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`10.0`
SizeOfCode	`0x3b1a00`
SizeOfInitializedData	`0x2e0000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x002D46A4 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x3b3000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0xb7f000`
SizeOfHeaders	`0x400`
Checksum	`0x6a0214`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a4ff96b7db3919abe678d107252a6219`
SHA1	`ac7e10459fa08b297d466ed7541a507badc4ccc7`
SHA256	`1effd8b1d004f3353aa5e731469b5cb91678bf964d35de120b0a3f7d86d54424`
SHA3	`639ff3d0a3b59bfcd52019c1b819ad68af2a7ca6ff5e8bf5ea3274d22a721eae`
VirtualSize	`0x3b19db`
VirtualAddress	`0x1000`
SizeOfRawData	`0x3b1a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.67345`

.rdata

MD5	`09ab106dffd00dedbb716813b7b13b2e`
SHA1	`328bb9b50a4fb183b192314b35319bfa697ae537`
SHA256	`eea26a309834894e697294766e80197b42666bfc64b41cc45b937f58fff1c780`
SHA3	`f09f804a344fc2cebc8a6de3f090fcda813d45febcb153eb309c6e6b2ef1ddfc`
VirtualSize	`0x9f93c`
VirtualAddress	`0x3b3000`
SizeOfRawData	`0x9fa00`
PointerToRawData	`0x3b1e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.62526`

.data

MD5	`56ff566e8495be71c4164b32530602c0`
SHA1	`52f11efa0c57a359824761111719d15b7f36784d`
SHA256	`c0efecfe89ac3b4987e03604ff32e1cb7918d19be3583de9016df476078de82b`
SHA3	`8180d2b58b9c33ccaf996a49064821821ff5559b6060360d1182c96e23fda1ff`
VirtualSize	`0x6fbd6c`
VirtualAddress	`0x453000`
SizeOfRawData	`0x211e00`
PointerToRawData	`0x451800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.33836`

.rsrc

MD5	`00ab2659b3ba76beb2c025238aa75da8`
SHA1	`2c9dcdee0870adc27e6d39a7b46e90f9acdfabf2`
SHA256	`52508cc189429a23a4f2cb0fd5c259eb1f0acb588d42819581cba697cc879453`
SHA3	`be7563d8949188c2585541df23196f7f761a1d557eb2d8bb443397730d588639`
VirtualSize	`0x2430`
VirtualAddress	`0xb4f000`
SizeOfRawData	`0x2600`
PointerToRawData	`0x663600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.0617`

.reloc

MD5	`feb775b234e6f68047e26c8aceef0d25`
SHA1	`c596aca51ea1437a965ac1cbb0e5fdbe2f6e5cf4`
SHA256	`0d7e5cfc5bdc4c76d694f95f9c816d648ffd23303bf06991c2215b98fa87975c`
SHA3	`85e69832630af4dc4872b2325919553476cc3763c3f5ed2772cd4f3060369286`
VirtualSize	`0x2c062`
VirtualAddress	`0xb52000`
SizeOfRawData	`0x2c200`
PointerToRawData	`0x665c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.37796`

Imports

KERNEL32.dll	`GlobalUnlock` `GlobalLock` `GlobalSize` `GlobalFree` `GlobalAlloc` `FileTimeToSystemTime` `FileTimeToLocalFileTime` `GetVersionExW` `GetSystemInfo` `OutputDebugStringW` `GlobalMemoryStatus` `HeapFree` `GetProcessHeap` `HeapAlloc` `GetVersionExA` `GetOEMCP` `GetCurrentDirectoryW` `SetCurrentDirectoryW` `CreateFileA` `ExitThread` `ResumeThread` `CreateThread` `SetThreadPriority` `SuspendThread` `GetCurrentThread` `InitializeCriticalSection` `DeleteCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `SetFilePointer` `LoadLibraryA` `VirtualFree` `VirtualQuery` `VirtualAlloc` `GetLastError` `GetTempFileNameW` `ReadFile` `GetExitCodeThread` `GetFileSize` `FindFirstFileW` `FindNextFileW` `FindClose` `lstrlenW` `WaitForMultipleObjects` `GetThreadPriority` `lstrcmpW` `lstrcpyW` `MulDiv` `lstrcpynW` `InterlockedIncrement` `InterlockedDecrement` `CreateSemaphoreA` `ReleaseSemaphore` `GetTempPathW` `WideCharToMultiByte` `GetTempFileNameA` `GetTempPathA` `GetSystemTimeAsFileTime` `DecodePointer` `EncodePointer` `GetCommandLineA` `HeapSetInformation` `GetStartupInfoW` `HeapReAlloc` `RtlUnwind` `GetModuleHandleW` `RaiseException` `TerminateProcess` `GetCurrentProcess` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsDebuggerPresent` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `SetLastError` `IsProcessorFeaturePresent` `HeapCreate` `GetStdHandle` `GetModuleFileNameW` `SetHandleCount` `InitializeCriticalSectionAndSpinCount` `GetFileType` `GetTimeZoneInformation` `MultiByteToWideChar` `GetConsoleCP` `GetConsoleMode` `GetModuleFileNameA` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCurrentProcessId` `HeapSize` `GetCPInfo` `GetACP` `IsValidCodePage` `FlushFileBuffers` `LCMapStringW` `SetStdHandle` `WriteConsoleW` `GetStringTypeW` `CompareStringW` `SetEnvironmentVariableA` `SetEndOfFile` `DeleteFileW` `CreateFileW` `WriteFile` `LoadLibraryW` `GetProcAddress` `FreeLibrary` `SetEvent` `CreateEventA` `WaitForSingleObject` `ResetEvent` `CloseHandle` `ExitProcess` `GetCurrentThreadId` `Sleep` `GetLocalTime` `QueryPerformanceFrequency` `QueryPerformanceCounter` `GetTickCount`
USER32.dll	`GetMenuItemInfoW` `GetMenuItemCount` `PostMessageW` `ShowCursor` `MessageBoxW` `GetClientRect` `FillRect` `ChangeDisplaySettingsA` `SetWindowPos` `SetForegroundWindow` `AttachThreadInput` `GetWindowThreadProcessId` `GetForegroundWindow` `SetActiveWindow` `AdjustWindowRectEx` `SetWindowLongW` `ClientToScreen` `DrawMenuBar` `MoveWindow` `DefWindowProcW` `SetCursor` `PostQuitMessage` `EndPaint` `BeginPaint` `DestroyMenu` `BringWindowToTop` `RegisterClassExW` `LoadCursorW` `UnhookWindowsHookEx` `SetTimer` `KillTimer` `GetMonitorInfoW` `EnumDisplaySettingsW` `EnumDisplayMonitors` `GetKeyboardState` `GetDesktopWindow` `GetMonitorInfoA` `PostThreadMessageA` `GetQueueStatus` `RegisterWindowMessageA` `MsgWaitForMultipleObjects` `OpenClipboard` `IsClipboardFormatAvailable` `CloseClipboard` `GetClipboardData` `ShowWindow` `UpdateWindow` `SystemParametersInfoW` `LoadIconW` `SetClassLongW` `SetWindowTextW` `SetMenu` `GetWindowRect` `GetDC` `ReleaseDC` `UnregisterClassW` `FindWindowW` `DestroyWindow` `GetCursorPos` `ClipCursor` `PeekMessageW` `IsDialogMessageW` `TranslateAcceleratorW` `TranslateMessage` `DispatchMessageW` `MessageBoxA` `SendMessageW` `SetWindowRgn` `EmptyClipboard` `GetWindowLongW` `SetClipboardData`
GDI32.dll	`GetObjectA` `StretchDIBits` `SelectObject` `CreateDIBSection` `EnumFontFamiliesExW` `DeleteDC` `CreateCompatibleDC` `DeleteObject` `GetDeviceCaps` `CombineRgn` `CreateRectRgn` `GetStockObject` `CreateSolidBrush` `CreateDCW` `Rectangle` `GetGlyphOutlineW` `GetTextMetricsA` `CreateFontW` `SetBkMode` `SetBkColor` `SetTextColor` `GetCharacterPlacementW` `TextOutW` `GetTextExtentPoint32W` `SetDIBitsToDevice`
SHELL32.dll	`DragQueryFileW` `DragFinish` `DragAcceptFiles` `DragQueryFileA`

Delayed Imports

opus_decode

Ordinal	`1`
Address	`0x3a1740`

opus_decode_float

Ordinal	`2`
Address	`0x3a1870`

opus_decoder_create

Ordinal	`3`
Address	`0x3a0910`

opus_decoder_ctl

Ordinal	`4`
Address	`0x3a18b0`

opus_decoder_destroy

Ordinal	`5`
Address	`0x3a1a70`

opus_decoder_get_nb_samples

Ordinal	`6`
Address	`0x3a1b70`

opus_decoder_get_size

Ordinal	`7`
Address	`0x3a07a0`

opus_decoder_init

Ordinal	`8`
Address	`0x3a07f0`

opus_get_version_string

Ordinal	`9`
Address	`0x3aaba0`

opus_multistream_decode

Ordinal	`10`
Address	`0x39f8a0`

opus_multistream_decode_float

Ordinal	`11`
Address	`0x39fcd0`

opus_multistream_decoder_create

Ordinal	`12`
Address	`0x39f7e0`

opus_multistream_decoder_ctl

Ordinal	`13`
Address	`0x39fd70`

opus_multistream_decoder_destroy

Ordinal	`14`
Address	`0x3a1a70`

opus_multistream_decoder_get_size

Ordinal	`15`
Address	`0x39f670`

opus_multistream_decoder_init

Ordinal	`16`
Address	`0x39f6d0`

opus_packet_get_bandwidth

Ordinal	`17`
Address	`0x3a1a80`

opus_packet_get_nb_channels

Ordinal	`18`
Address	`0x3a1ad0`

opus_packet_get_nb_frames

Ordinal	`19`
Address	`0x3a1ae0`

opus_packet_get_nb_samples

Ordinal	`20`
Address	`0x3a1b20`

opus_packet_get_samples_per_frame

Ordinal	`21`
Address	`0x3a0320`

opus_packet_parse

Ordinal	`22`
Address	`0x3a0770`

opus_pcm_soft_clip

Ordinal	`23`
Address	`0x39ffd0`

opus_strerror

Ordinal	`24`
Address	`0x3aab80`

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.49126`
MD5	`6dd6237d55da5069e560677cf929b24d`
SHA1	`127ca6c378f9627ca5f2afb8d56957920b77d7fa`
SHA256	`db0b9e5b3ea4c25d8f45e0b6daf8124a137b0e360e8e4116207bbb7bfa5f5d4d`
SHA3	`f898f48c9fa96035ce7e50aa2efbe9d5dc4e49ec2bf3af14cd2efd29bf8e8c00`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.49126`
MD5	`6dd6237d55da5069e560677cf929b24d`
SHA1	`127ca6c378f9627ca5f2afb8d56957920b77d7fa`
SHA256	`db0b9e5b3ea4c25d8f45e0b6daf8124a137b0e360e8e4116207bbb7bfa5f5d4d`
SHA3	`f898f48c9fa96035ce7e50aa2efbe9d5dc4e49ec2bf3af14cd2efd29bf8e8c00`

MAINICON

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.7815`
Detected Filetype	Icon file
MD5	`3c68f77c35c26ff079a1c410ee44fa62`
SHA1	`0b40150c95fc2c6414c90d44ee78b8d8814b3393`
SHA256	`a14e70ed824f3f17d3a51136aa08839954d6d3ccadaa067415c7bfc08e6636b0`
SHA3	`590dcbf2ec3f485a6c24e3e627f383ee7588eb49978321f12c07d8190a6c1396`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.94375`
Detected Filetype	Icon file
MD5	`d3bdbb19efa0630f837601a23f30ff3d`
SHA1	`f9513900fbb276100e1fcb1b798616c0ae0d4bc6`
SHA256	`852391035320228f8de3412c040f63d082abc6cc8ab8d715d1d5a92c243cbd97`
SHA3	`d64b14bf272ad71e0c7853722283bb1c1c821b983a886b63a7999ba1060420b6`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x15a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.79597`
MD5	`24d3b502e1846356b0263f945ddd5529`
SHA1	`bac45b86a9c48fc3756a46809c101570d349737d`
SHA256	`49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e`
SHA3	`1244ed60820da52dc4b53880ec48e3b587dbdbd9545f01fa2b1c0fcfea1d5e9e`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2016-May-09 14:01:29
Version	`0.0`
SizeofData	`81`
AddressOfRawData	`0x44d96c`
PointerToRawData	`0x44c76c`
Referenced File	C:\Users\wahiko\Desktop\GHost94_Plus\Release\hacker9.pdb

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xc665f9ab`
Unmarked objects	`0`
152 (20115)	`2`
ASM objects (VS2010 SP1 build 40219)	`58`
C objects (VS2010 SP1 build 40219)	`169`
C++ objects (VS2010 SP1 build 40219)	`50`
C objects (VS98 SP6 build 8804)	`196`
C++ objects (VS98 SP6 build 8804)	`64`
C++ objects (VS2012 build 50727 / VS2005 build 50727)	`75`
Imports (VS2008 SP1 build 30729)	`9`
Total imports	`253`
C++ objects (VS2008 SP1 build 30729)	`87`
175 (VS2010 SP1 build 40219)	`93`
Exports (VS2010 SP1 build 40219)	`1`
Resource objects (VS2010 SP1 build 40219)	`1`
Linker (VS2010 SP1 build 40219)	`1`

Errors

Leave a comment

No comments yet.