Manalyze report for 09448b111665efbb488024e087ac108d3718ddcb8c662980129d15b13c2a79b6

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2025-May-19 17:38:37
Detected languages	English - United States
Debug artifacts	D:\C++\ÐÐ¾ÑÐ½Ð¾_\x64\Debug\ÐÐ¾ÑÐ½Ð¾_.pdb

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Info	Interesting strings found in the binary:	`Contains domain names: https://www.youtube.com https://www.youtube.com/watch?v www.youtube.com youtube.com`
Suspicious	The PE is possibly packed.	`Section .textbss is both writable and executable.` `Unusual section name found: .msvcjmc`
Info	The PE contains common functions which appear in legitimate applications.	`Possibly launches other programs: ShellExecuteA`
Suspicious	VirusTotal score: 2/70 (Scanned on 2026-03-22 13:12:46)	`Bkav: W64.AIDetectMalware` `MaxSecure: Trojan.Malware.300983.susgen`

Hashes

MD5	`adc9b6537c3f283b4be2b61dbbf4f937`
SHA1	`6726b3419c9d484b3917a0ab7f1edcc6b8ab83af`
SHA256	`09448b111665efbb488024e087ac108d3718ddcb8c662980129d15b13c2a79b6`
SHA3	`027979830296ed45f34f9c47113368a0be51b2fb556c21e7f0652fb5e8729cd9`
SSDeep	`384:s0SImHZ7ReTIKZByyLOSP5IhHAchFnQjfuHHQ5rxiDyMGDKOQfBXK3vEeP89Z7L:VSIA7CfyAO9j4ViDuDIB637P89`
Imports Hash	`77e81f67100b4af4828de1eed1805491`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`10`
TimeDateStamp	2025-May-19 17:38:37
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x7c00`
SizeOfInitializedData	`0x7600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000001125D (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x25000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.textbss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x10000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.text

MD5	`42a47adbfe917932642a8fbb6e666b59`
SHA1	`245f00331e4161f11e5397951df885becc2bd9d9`
SHA256	`b135524c399d63d60de26760fce41c22211a90e3559852ddb40bb36e676cb91a`
SHA3	`3acccc13f421cde7225a4da1f0eb25c48602f85ac5dc5b14ca85402b601efcc6`
VirtualSize	`0x7ada`
VirtualAddress	`0x11000`
SizeOfRawData	`0x7c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`3.49874`

.rdata

MD5	`6d4f624c2ac83df89ed2141568a041d1`
SHA1	`4ac8b2d096b91a590cc4efc80da3cb599f7f20ac`
SHA256	`026a3c707b64a50f1e5f6be2d85128c3786f9ba3f0840ff147b7b5620eeac44c`
SHA3	`adea728ddd40c84c60b42691d27fcf628249cfc7d85c2cd2f5626cfc20d4b78e`
VirtualSize	`0x2bf5`
VirtualAddress	`0x19000`
SizeOfRawData	`0x2c00`
PointerToRawData	`0x8000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.17501`

.data

MD5	`aa38a894c63bc293b5d3a84a56a531b1`
SHA1	`bfa1bfe7cada0274b2eacb25f9e7b311fbe495d6`
SHA256	`6d4f9d0b148813485e2106a1ed101dfae2397190448d1349e40188b08701651d`
SHA3	`b2937f63771be0a48370b02662e46a5baec5b396d0e6e070eeaa9a0d55b2517e`
VirtualSize	`0x950`
VirtualAddress	`0x1c000`
SizeOfRawData	`0x200`
PointerToRawData	`0xac00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.508048`

.pdata

MD5	`ddef2f05395ba3371254ec6f6199cd97`
SHA1	`311c3aabfa59ae2932ea8c25bf18c021b1f133f2`
SHA256	`a1985055ee5adf762f9a6135e6ef719ddf5355e74e734efd4d365507351f6bfe`
SHA3	`9250efed28a9df6ecf83b1ee254d3a62b64263a519c7277d8d47e00ab7158b9c`
VirtualSize	`0x20ac`
VirtualAddress	`0x1d000`
SizeOfRawData	`0x2200`
PointerToRawData	`0xae00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.01631`

.idata

MD5	`82eb909423b4dcfe543a1fa1b962948c`
SHA1	`b53190b7da9268b1bdc3c885fc02958085056259`
SHA256	`a707f054603e1870299509bffdabf0bcb9cf6b966573dca89b0ed45154533c57`
SHA3	`2870c33a3153c5759017d919e46aff157fc6c7d635508b1c991539904138bc22`
VirtualSize	`0xf94`
VirtualAddress	`0x20000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xd000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.41507`

.msvcjmc

MD5	`722e8267d7afd826ef80814aecbd4316`
SHA1	`2d9b16349bfe755cce4090a83167a38f76e22caf`
SHA256	`46d6a1a6041b2be4e024ae74f38338d82237f72a4a75594d9defd66b2fb46974`
SHA3	`fd3b47500f89b6fd152284b0264f932b558400e25013a79b06da36d384b5eeae`
VirtualSize	`0x1c0`
VirtualAddress	`0x21000`
SizeOfRawData	`0x200`
PointerToRawData	`0xe000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.896038`

.00cfg

MD5	`8249ee016c5597acd76959b93a322e3d`
SHA1	`ed6e5ba114ac502634f60b07080caea02bb18e69`
SHA256	`9d92f4b207c212761960f832673e27da182943d7ba7c88968cad6a2d415335c5`
SHA3	`0be207e40326e55d04958a2f8e6c83669da5e08ba9f46905a72b0e5ea2cd323f`
VirtualSize	`0x175`
VirtualAddress	`0x22000`
SizeOfRawData	`0x200`
PointerToRawData	`0xe200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.464548`

.rsrc

MD5	`40c737bfd339670b22c570f6c08b5a07`
SHA1	`b40b01db5b78c4251a5e78e59586ae7621e020ce`
SHA256	`ad7331e2528db53a4618d2dc07a34fb9be3d578f97cb465f82ee56241167fb02`
SHA3	`1cdc993aacd1a17d2edfac0c70659acad8a90c04c0ad0d30034f10fb27ae8cf5`
VirtualSize	`0x43c`
VirtualAddress	`0x23000`
SizeOfRawData	`0x600`
PointerToRawData	`0xe400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.14086`

.reloc

MD5	`5c7b52ccec09fed800aed165abd09306`
SHA1	`4c4304f62b0dd931d55d9f88b14364e818b1bb71`
SHA256	`c508909baa452ab594de1f3e85e0da5ba7602e2a4e74c1e2f51e904ffee14a50`
SHA3	`a48f8588530a3094bea48206ab0e06b486a17baa277aed630a44439be7a62e06`
VirtualSize	`0x25f`
VirtualAddress	`0x24000`
SizeOfRawData	`0x400`
PointerToRawData	`0xea00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.725275`

Imports

SHELL32.dll	`ShellExecuteA`
VCRUNTIME140D.dll	`__C_specific_handler_noexcept` `__vcrt_LoadLibraryExW` `__current_exception` `__std_type_info_destroy_list` `__C_specific_handler` `__vcrt_GetModuleFileNameW` `__vcrt_GetModuleHandleW` `__current_exception_context` `memcpy`
ucrtbased.dll	`strcat_s` `__stdio_common_vsprintf_s` `_wmakepath_s` `_wsplitpath_s` `wcscpy_s` `strcpy_s` `terminate` `_crt_atexit` `_execute_onexit_table` `_register_onexit_function` `_initialize_onexit_table` `_seh_filter_dll` `__p__commode` `_set_new_mode` `_configthreadlocale` `_register_thread_local_exe_atexit_callback` `_c_exit` `_cexit` `__p___argv` `__p___argc` `_set_fmode` `_exit` `exit` `_initterm_e` `_initterm` `_get_initial_narrow_environment` `_initialize_narrow_environment` `_configure_narrow_argv` `__setusermatherr` `_set_app_type` `_seh_filter_exe` `_CrtDbgReportW` `_CrtDbgReport` `_crt_at_quick_exit`
KERNEL32.dll	`HeapAlloc` `QueryPerformanceCounter` `GetCurrentProcessId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `TerminateProcess` `GetCurrentProcess` `GetProcAddress` `FreeLibrary` `VirtualQuery` `GetProcessHeap` `HeapFree` `GetCurrentThreadId` `GetLastError` `WideCharToMultiByte` `MultiByteToWideChar` `RaiseException` `GetModuleHandleW` `IsProcessorFeaturePresent` `GetStartupInfoW`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-May-19 17:38:37
Version	`0.0`
SizeofData	`69`
AddressOfRawData	`0x1ad1c`
PointerToRawData	`0x9d1c`
Referenced File	D:\C++\ÐÐ¾ÑÐ½Ð¾_\x64\Debug\ÐÐ¾ÑÐ½Ð¾_.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-May-19 17:38:37
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x1ad64`
PointerToRawData	`0x9d64`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14001c040`

RICH Header

XOR Key	`0xc2852169`
Unmarked objects	`0`
Imports (VS 2015-2022 runtime 33030)	`2`
C++ objects (VS 2015-2022 runtime 33030)	`23`
C objects (VS 2015-2022 runtime 33030)	`11`
ASM objects (VS 2015-2022 runtime 33030)	`3`
Imports (30795)	`7`
Total imports	`70`
C++ objects (33140)	`1`
Resource objects (33140)	`1`
Linker (33140)	`1`

Errors

[*] Warning: Section .textbss has a size of 0!

Leave a comment

No comments yet.