Manalyze report for 12517eaa3f5193fd8a3cf8adb9cbda90096c9dd7f27ef24d298d1a5939f27479

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Jan-24 22:26:59
TLS Callbacks	1 callback(s) detected.
Debug artifacts	nfa_fix.pdb

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	PEiD Signature:	`UPolyX V0.1 -> Delikon`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: cmd.exe` `Contains domain names: daltonmaag.com github.com google.com http://ns.adobe http://scripts.sil.org http://scripts.sil.org/OFL http://www.daltonmaag.com http://www.daltonmaag.com/http http://www.daltonmaag.comUbuntuLight http://www.google.com http://www.google.com/get/noto/http http://www.monotype.com http://www.monotype.com/studioThis https://docs.rs https://github.com monotype.com scripts.sil.org www.daltonmaag.com www.google.com www.monotype.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to RC5 or RC6` `Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress LoadLibraryExA LoadLibraryA LoadLibraryW` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Can access the registry: RegCloseKey RegQueryValueExW RegSetValueExW RegOpenKeyExW` `Possibly launches other programs: CreateProcessW` `Uses Windows's Native API: NtOpenFile NtReadFile NtWriteFile` `Uses Microsoft's cryptographic API: CryptProtectData` `Uses functions commonly found in keyloggers: MapVirtualKeyW GetAsyncKeyState GetForegroundWindow` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	VirusTotal score: 1/67 (Scanned on 2026-03-30 07:02:32)	`APEX: Malicious`

Hashes

MD5	`86cbdd99b36ed076859c8073880456fd`
SHA1	`e34c1e37aaaa16d89add4e24ec30edfb822cee19`
SHA256	`12517eaa3f5193fd8a3cf8adb9cbda90096c9dd7f27ef24d298d1a5939f27479`
SHA3	`7c6bd4dca00f2b72c61ef2dad01f704bfb60b8d61b4fb0ab24f98529e421332e`
SSDeep	`49152:Ux87sI/SsQ2s8984pUo71CZ3pNu4u4gsxLebOiOfZ7cfQEuIy9Yswd3eqh+Dl0p:ELM4T7Z77Ezswdpz1AqawKXfbStOq`
Imports Hash	`466ced0ca52505d41bb0c292243787fb`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`5`
TimeDateStamp	2026-Jan-24 22:26:59
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x38c600`
SizeOfInitializedData	`0x2d4800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000036F9A8 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x663000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`536ca1b1aa0ce815be282dd4477c8867`
SHA1	`b9efede7eaecf0e86d17abc181ad9ee59d60d42f`
SHA256	`83b67b654ce84a92237f84d20b3f038ff32d540676207ab1afdf7e6b42623d4c`
SHA3	`6a5f2bdfd1b3a600a558aaf96efabccdf70c15feec1bc088ed806fa4e7c6fd5a`
VirtualSize	`0x38c54f`
VirtualAddress	`0x1000`
SizeOfRawData	`0x38c600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.34631`

.rdata

MD5	`e74ae925e0e156baf7330e4322eb9afe`
SHA1	`386336330d6b4f920a120267eefbf5302cc3e45e`
SHA256	`1b7d0e4a000dac4761183232131cc358d4bccb78d1e981ca83e98d5e35c39734`
SHA3	`183fa225d4d6a2db02cd542a3a73749184624ec461ae952e9055a57b1d338c43`
VirtualSize	`0x2aef2a`
VirtualAddress	`0x38e000`
SizeOfRawData	`0x2af000`
PointerToRawData	`0x38ca00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.32155`

.data

MD5	`0b98585f463ad6db8231bc82a92360f7`
SHA1	`1acea1bf815d69c24bd6c8780b9ae458c5e5d1e9`
SHA256	`2a733502c1dfd084e805fec002aba1710bb90c5e0435870ee9ef9039df7d8de0`
SHA3	`6921bc787afe31e1db8c52a63ed9468bf0f1fed273327a402644439eff8f81ea`
VirtualSize	`0xf60`
VirtualAddress	`0x63d000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x63ba00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.39848`

.pdata

MD5	`2c5909a1400f2df8f8e9d943416f330e`
SHA1	`476bd03526089c700cbea13a9f5cc78475cfb3b7`
SHA256	`1e4837922f8496d54300a08016610a90dafdb9c9a853c27573c19290f2c9c8d1`
SHA3	`ef030bb5a28a6bb1a56ed2000e79cee06af9ae4b553d05488b6fb76d0230de1a`
VirtualSize	`0x2091c`
VirtualAddress	`0x63e000`
SizeOfRawData	`0x20a00`
PointerToRawData	`0x63c800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.38207`

.reloc

MD5	`3cd86b525a980abc1b8996ce917e7ead`
SHA1	`0a952b4630ed4165707304358d0840fd9f089bad`
SHA256	`f02b56d8c96ff86fa9bac317865213c386b97fea4443c259ebb7b5522ef1ea14`
SHA3	`3c9b0106e646bc9863dcbfc96605afb8e4b5e9f5a24bc2dd19c632a5e56e4869`
VirtualSize	`0x3c9c`
VirtualAddress	`0x65f000`
SizeOfRawData	`0x3e00`
PointerToRawData	`0x65d200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.429`

Imports

KERNEL32.dll	`CloseHandle` `LocalFree` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `IsDebuggerPresent` `InitializeSListHead` `GetSystemTimeAsFileTime` `IsProcessorFeaturePresent`
kernel32.dll	`SetLastError` `WaitForSingleObject` `WideCharToMultiByte` `MultiByteToWideChar` `CreateEventW` `GetCurrentThread` `FormatMessageW` `LoadLibraryExW` `GetLastError` `FreeLibrary` `GetProcAddress` `HeapFree` `HeapAlloc` `GlobalLock` `GetProcessHeap` `LoadLibraryExA` `GlobalSize` `GetModuleHandleA` `Sleep` `LoadLibraryA` `CreateMutexA` `WaitForSingleObjectEx` `CreateThread` `WriteConsoleW` `GlobalUnlock` `GetFileAttributesW` `CreateProcessW` `GetWindowsDirectoryW` `GetSystemDirectoryW` `GetFullPathNameW` `WaitForMultipleObjects` `ReadFileEx` `CreateNamedPipeW` `ExitProcess` `GetModuleHandleW` `GetConsoleMode` `CancelIo` `ReadFile` `DeleteFileW` `FindFirstFileExW` `CreateDirectoryW` `GetFileInformationByHandleEx` `GetFileInformationByHandle` `GetOverlappedResult` `CreateFileW` `FindClose` `GlobalAlloc` `GlobalFree` `LoadLibraryW` `GetConsoleOutputCP` `GetCurrentThreadId` `ReleaseMutex` `lstrlenW` `HeapReAlloc` `GetSystemTimePreciseAsFileTime` `QueryPerformanceFrequency` `SetThreadErrorMode` `GetExitCodeProcess` `SleepEx` `FreeEnvironmentStringsW` `GetModuleFileNameW` `AddVectoredExceptionHandler` `SetThreadStackGuarantee` `SwitchToThread` `CreateWaitableTimerExW` `SetWaitableTimer` `QueryPerformanceCounter` `GetSystemInfo` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `GetCurrentDirectoryW` `GetEnvironmentStringsW` `GetEnvironmentVariableW` `WriteFileEx` `SetFileInformationByHandle` `GetCurrentProcess` `DuplicateHandle` `GetCurrentProcessId` `GetStdHandle` `CompareStringOrdinal`
api-ms-win-core-synch-l1-2-0.dll	`WakeByAddressSingle` `WaitOnAddress` `WakeByAddressAll`
bcryptprimitives.dll	`ProcessPrng`
advapi32.dll	`RegCloseKey` `RegQueryValueExW` `RevertToSelf` `RegSetValueExW` `RegOpenKeyExW` `ImpersonateAnonymousToken`
crypt32.dll	`CryptProtectData`
oleaut32.dll	`SysFreeString` `SafeArrayCreateVector` `SetErrorInfo` `GetErrorInfo` `SysAllocStringLen` `SysStringLen` `SafeArrayPutElement`
ole32.dll	`CoInitializeEx` `RevokeDragDrop` `CoUninitialize` `OleInitialize` `RegisterDragDrop` `CoCreateInstance`
user32.dll	`GetWindowLongW` `GetKeyboardLayout` `SetForegroundWindow` `SendInput` `AdjustWindowRectEx` `MapVirtualKeyW` `OpenClipboard` `GetClipboardData` `EmptyClipboard` `GetWindowTextW` `GetWindowTextLengthW` `EnableMenuItem` `GetSystemMenu` `SetWindowTextW` `MonitorFromPoint` `EnumDisplayMonitors` `CreateIcon` `DestroyIcon` `ShowCursor` `SetClipboardData` `ReleaseCapture` `SetCapture` `RegisterWindowMessageA` `KillTimer` `ReleaseDC` `SetTimer` `GetMessageW` `GetClipCursor` `ClipCursor` `RegisterRawInputDevices` `GetRawInputData` `GetDC` `GetKeyboardState` `GetAsyncKeyState` `GetKeyState` `CloseClipboard` `MapVirtualKeyExW` `IsIconic` `GetWindowRect` `PostMessageW` `ShowWindow` `GetMenu` `ScreenToClient` `IsProcessDPIAware` `SystemParametersInfoA` `RemovePropW` `SetPropW` `CallWindowProcW` `GetPropW` `SetWindowLongW` `RegisterClipboardFormatW` `IsClipboardFormatAvailable` `ToUnicodeEx` `FlashWindowEx` `SetCursorPos` `GetForegroundWindow` `ClientToScreen` `DestroyWindow` `SetWindowLongPtrW` `GetClassInfoExW` `GetClassNameW` `MonitorFromRect` `GetTouchInputInfo` `CloseTouchInputHandle` `CreateIconFromResourceEx` `SendMessageW` `GetActiveWindow` `GetClientRect` `SetWindowDisplayAffinity` `TrackMouseEvent` `GetCursorPos` `RegisterTouchWindow` `GetSystemMetrics` `CreateWindowExW` `RegisterClassExW` `MonitorFromWindow` `InvalidateRgn` `SetWindowPlacement` `GetWindowPlacement` `ChangeDisplaySettingsExW` `DispatchMessageW` `TranslateMessage` `PeekMessageW` `GetWindowLongPtrW` `ValidateRect` `RedrawWindow` `DefWindowProcW` `SetCursor` `LoadCursorW` `SetWindowPos` `GetMonitorInfoW`
shell32.dll	`DragFinish` `DragQueryFileW`
gdi32.dll	`SetPixelFormat` `ChoosePixelFormat` `DescribePixelFormat` `GetDeviceCaps` `DeleteObject` `SwapBuffers` `CreateRectRgn`
opengl32.dll	`wglGetCurrentDC` `wglGetCurrentContext` `wglDeleteContext` `wglGetProcAddress` `wglMakeCurrent` `wglCreateContext` `wglShareLists`
dwmapi.dll	`DwmEnableBlurBehindWindow`
shlwapi.dll	`AssocQueryStringW`
uiautomationcore.dll	`UiaReturnRawElementProvider` `UiaRaiseAutomationPropertyChangedEvent` `UiaRaiseAutomationEvent` `UiaHostProviderFromHwnd` `UiaGetReservedNotSupportedValue` `UiaLookupId`
uxtheme.dll	`SetWindowTheme`
imm32.dll	`ImmSetCompositionWindow` `ImmGetCompositionStringW` `ImmGetContext` `ImmAssociateContextEx` `ImmSetCandidateWindow` `ImmReleaseContext`
ntdll.dll	`NtOpenFile` `NtReadFile` `RtlNtStatusToDosError` `NtWriteFile`
VCRUNTIME140.dll	`memset` `__current_exception` `__current_exception_context` `memmove` `memcmp` `__C_specific_handler` `__CxxFrameHandler3` `memcpy` `_CxxThrowException`
api-ms-win-crt-string-l1-1-0.dll	`strlen` `wcslen`
api-ms-win-crt-math-l1-1-0.dll	`expf` `truncf` `powf` `cos` `sin` `exp2f` `ceil` `_hypotf` `cosf` `floor` `round` `ceilf` `floorf` `atan2f` `acosf` `trunc` `cbrtf` `roundf` `sinf` `__setusermatherr`
api-ms-win-crt-runtime-l1-1-0.dll	`__p___argc` `__p___argv` `_cexit` `_exit` `exit` `_initterm_e` `_initterm` `_get_initial_narrow_environment` `_initialize_narrow_environment` `_configure_narrow_argv` `_c_exit` `_set_app_type` `_seh_filter_exe` `_register_thread_local_exe_atexit_callback` `terminate` `_initialize_onexit_table` `_register_onexit_function` `strerror` `_crt_atexit`
api-ms-win-crt-stdio-l1-1-0.dll	`_set_fmode` `__p__commode`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `free`

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Jan-24 22:26:59
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x5c86f4`
PointerToRawData	`0x5c70f4`
Referenced File	nfa_fix.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Jan-24 22:26:59
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x5c8718`
PointerToRawData	`0x5c7118`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Jan-24 22:26:59
Version	`0.0`
SizeofData	`836`
AddressOfRawData	`0x5c872c`
PointerToRawData	`0x5c712c`

TLS Callbacks

StartAddressOfRawData	`0x1405c8a90`
EndAddressOfRawData	`0x1405c8c38`
AddressOfIndex	`0x14063dec8`
AddressOfCallbacks	`0x14038ea78`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`0x00000001403576C0`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14063dbc0`

RICH Header

XOR Key	`0xe78f5a45`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`12`
Imports (34321)	`2`
ASM objects (34321)	`3`
C objects (34321)	`9`
C++ objects (34321)	`23`
Imports (29395)	`3`
Total imports	`377`
Unmarked objects (#2)	`443`
Linker (34809)	`1`

Errors

Leave a comment

No comments yet.