Manalyze report for 13160f667e6b6373ac4fadd3ebd7d29210d94aabe880759863dd59b7bb194444

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-Apr-22 15:54:20
Detected languages	English - United States
Debug artifacts	C:\Users\user\source\repos\roblox_inject\x64\Release\robloxext.pdb

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Info	Interesting strings found in the binary:	`Contains domain names: github.com https://github.com`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowA` `Possibly launches other programs: ShellExecuteW system` `Uses functions commonly found in keyloggers: MapVirtualKeyW GetAsyncKeyState GetForegroundWindow` `Functions related to the privilege level: AdjustTokenPrivileges CheckTokenMembership OpenProcessToken` `Manipulates other processes: OpenProcess Process32NextW Process32FirstW ReadProcessMemory WriteProcessMemory` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`65c2cd5d0db9a820d86354faed09ca87`
SHA1	`2a44135498f42cd85d4a2e06e38e86d0d81a839d`
SHA256	`13160f667e6b6373ac4fadd3ebd7d29210d94aabe880759863dd59b7bb194444`
SHA3	`f04fba4c28d82f13a62191e3e4bf272eb51e45315945525b78e7035e02f35c0f`
SSDeep	`12288:lL8iXeudAQCf+mt7obw6bSgIfBbuNB2KbsdzGia33WDn0o:9HX9/sqtb7MB0nijDnv`
Imports Hash	`c639c8d445277ed4eef2eb392de7e729`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2026-Apr-22 15:54:20
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x70800`
SizeOfInitializedData	`0x21c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000006E880 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x96000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`6afae2cdb67b7d38660edc303554bb78`
SHA1	`2923c73f5e17d076f401590dac9aac91656c01fd`
SHA256	`d09da047052dec5a71dd7068aee2b72365cc004da964a6614b6a76ae8fa7999c`
SHA3	`5f3b6110b21e8bc5af0e51ce998fcbe5f85a6e5fde9d37d7e7a82b884a361121`
VirtualSize	`0x707b7`
VirtualAddress	`0x1000`
SizeOfRawData	`0x70800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.50775`

.rdata

MD5	`f7cb5a595050ca9954c2b4d1c37999c3`
SHA1	`2944ad1f9264478d24f72a3a330ade44cc4e9972`
SHA256	`afa45c0df8f0742f8101303163726c38b587aa5820ae0ef6082b420a602ace4c`
SHA3	`2b6c0c9ca132c443741a672c15652873b806405fc776b32fa3ba13f385cd6245`
VirtualSize	`0x1bb38`
VirtualAddress	`0x72000`
SizeOfRawData	`0x1bc00`
PointerToRawData	`0x70c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.27252`

.data

MD5	`ac3fbe4a96457c72a52598f723867262`
SHA1	`37514d6956864c82adad509573b59b1ec50fa519`
SHA256	`aea46d7f6ca87ff2a96eac1162a4fefe6e479f5d553ef25eb3a637989679a0c2`
SHA3	`4ee4e9bd0bd821842ca5acb50acba0b95656813320a0a34f091762e23a0ba558`
VirtualSize	`0xa98`
VirtualAddress	`0x8e000`
SizeOfRawData	`0x800`
PointerToRawData	`0x8c800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.58711`

.pdata

MD5	`f7bd67ca252487971768b97eb3ec013d`
SHA1	`d7a54656604ffc62753aaded85ba2a419069099a`
SHA256	`2b5a634b2f74c63b0c381d9afa6b69402187231aeb98df0dbccf902631aa8719`
SHA3	`864f4b348f7cc56ea1f82feb847fe80da85258683a77bebc4957ba2f36dcff9d`
VirtualSize	`0x4cd4`
VirtualAddress	`0x8f000`
SizeOfRawData	`0x4e00`
PointerToRawData	`0x8d000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.834`

.rsrc

MD5	`4fe00da9f3fd42ea1d323807293e5550`
SHA1	`c82bb6878602ec78aaa92318d250a5a7c7cd887a`
SHA256	`cc19ebf053ea3bc6b0c2f7de940f9181698316597b8c3109568d0cd29af86f5d`
SHA3	`7cd05c71530c0037d8509646a372b8cba714fe76d3881fad807a0f2757c0c363`
VirtualSize	`0x1e8`
VirtualAddress	`0x94000`
SizeOfRawData	`0x200`
PointerToRawData	`0x91e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.76813`

.reloc

MD5	`6beb1fe65c2b1c2887162e89057b462f`
SHA1	`5efeb38c11da81e05c6fcc22157405d8de9b5796`
SHA256	`d0dcfd0b97c5f8bb42379a13f27e969e5d2c4822fd37c53358536b86a0538ce4`
SHA3	`5d5aaa98a7db200f01daf7c30be824f10ae2e6c30d688901fe4e8ac8ad24659f`
VirtualSize	`0x2d4`
VirtualAddress	`0x95000`
SizeOfRawData	`0x400`
PointerToRawData	`0x92000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.29842`

Imports

KERNEL32.dll	`SetConsoleTitleA` `GetCurrentProcess` `GetStdHandle` `SetConsoleMode` `GetProcessId` `CreateMutexA` `DuplicateHandle` `OpenProcess` `CreateToolhelp32Snapshot` `Sleep` `GetConsoleMode` `GetTickCount64` `GetLastError` `Process32NextW` `Process32FirstW` `CloseHandle` `Module32FirstW` `ReadProcessMemory` `SetConsoleCP` `GetCurrentProcessId` `SetConsoleOutputCP` `CreateDirectoryA` `GetTickCount` `GetProcAddress` `GetFileInformationByHandleEx` `WriteProcessMemory` `AreFileApisANSI` `CreateFile2` `GetFileAttributesExW` `FindNextFileW` `FindFirstFileExW` `FindFirstFileW` `FindClose` `GetLocaleInfoEx` `FormatMessageA` `LocalFree` `InitializeSListHead` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `GetModuleHandleW` `SetUnhandledExceptionFilter` `SleepConditionVariableSRW` `WakeAllConditionVariable` `AcquireSRWLockExclusive` `ReleaseSRWLockExclusive` `SetConsoleTextAttribute` `QueryPerformanceCounter` `FreeLibrary` `IsDBCSLeadByte` `QueryPerformanceFrequency` `LoadLibraryA` `GetLocaleInfoA` `GetModuleHandleA` `GlobalUnlock` `WideCharToMultiByte` `GlobalLock` `GlobalFree` `GlobalAlloc` `MultiByteToWideChar` `OutputDebugStringA`
USER32.dll	`RegisterClassExA` `LoadCursorW` `PostQuitMessage` `UnregisterClassA` `mouse_event` `UpdateWindow` `SetForegroundWindow` `FindWindowA` `GetKeyboardLayout` `GetWindowThreadProcessId` `MapVirtualKeyW` `GetWindowRect` `DestroyWindow` `SetWindowPos` `GetSystemMetrics` `ShowWindow` `GetAsyncKeyState` `DispatchMessageW` `SetWindowLongA` `PeekMessageW` `SendInput` `TrackMouseEvent` `ClientToScreen` `GetCapture` `SetCapture` `SetCursor` `GetClientRect` `ScreenToClient` `IsWindowUnicode` `ReleaseCapture` `GetForegroundWindow` `SetCursorPos` `GetMessageExtraInfo` `GetCursorPos` `GetKeyState` `TranslateMessage` `SetLayeredWindowAttributes` `CreateWindowExA` `DefWindowProcA` `DefWindowProcW` `SetClipboardData` `GetClipboardData` `EmptyClipboard` `CloseClipboard` `OpenClipboard`
ADVAPI32.dll	`AllocateAndInitializeSid` `LookupPrivilegeValueW` `AdjustTokenPrivileges` `CheckTokenMembership` `FreeSid` `OpenProcessToken`
SHELL32.dll	`ShellExecuteW`
IMM32.dll	`ImmSetCandidateWindow` `ImmReleaseContext` `ImmGetContext` `ImmSetCompositionWindow`
D3DCOMPILER_47.dll	`D3DCompile`
dwmapi.dll	`DwmExtendFrameIntoClientArea`
d3d11.dll	`D3D11CreateDeviceAndSwapChain`
WINMM.dll	`PlaySoundA`
MSVCP140.dll	`?fail@ios_base@std@@QEBA_NXZ` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z` `?good@ios_base@std@@QEBA_NXZ` `?always_noconv@codecvt_base@std@@QEBA_NXZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z` `??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z` `??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z` `??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??1_Lockit@std@@QEAA@XZ` `??0_Lockit@std@@QEAA@H@Z` `?_Throw_Cpp_error@std@@YAXH@Z` `?uncaught_exceptions@std@@YAHXZ` `?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ` `?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A` `?_Xbad_alloc@std@@YAXXZ` `?_Id_cnt@id@locale@std@@0HA` `?_Xout_of_range@std@@YAXPEBD@Z` `?_Winerror_map@std@@YAHH@Z` `?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z` `?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z` `?_Xlength_error@std@@YAXPEBD@Z` `?_Syserror_map@std@@YAPEBDH@Z` `_Cnd_do_broadcast_at_thread_exit` `_Thrd_detach` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ` `??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `?ignore@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z` `?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z` `?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`__current_exception` `memmove` `memcpy` `memchr` `_CxxThrowException` `memset` `__C_specific_handler` `__current_exception_context` `memcmp` `__std_terminate` `__std_exception_copy` `__std_exception_destroy` `strchr`
api-ms-win-crt-stdio-l1-1-0.dll	`ftell` `__acrt_iob_func` `fflush` `__p__commode` `_set_fmode` `_get_stream_buffer_pointers` `_fseeki64` `fsetpos` `ungetc` `setvbuf` `fgetpos` `fgetc` `fclose` `fseek` `__stdio_common_vfprintf` `fwrite` `fputc` `_wfopen` `__stdio_common_vsscanf` `fread` `__stdio_common_vsprintf`
api-ms-win-crt-utility-l1-1-0.dll	`qsort` `rand` `srand`
api-ms-win-crt-heap-l1-1-0.dll	`malloc` `free` `_set_new_mode` `realloc` `_callnewh`
api-ms-win-crt-string-l1-1-0.dll	`strncmp` `_wcsicmp` `tolower` `strlen` `strncpy` `strcmp` `wcslen`
api-ms-win-crt-convert-l1-1-0.dll	`atof`
api-ms-win-crt-runtime-l1-1-0.dll	`_initialize_onexit_table` `_c_exit` `_initialize_narrow_environment` `_configure_narrow_argv` `__p___argv` `system` `__p___argc` `terminate` `_register_onexit_function` `_beginthreadex` `_exit` `exit` `_initterm_e` `_initterm` `_get_initial_narrow_environment` `_set_app_type` `_seh_filter_exe` `_crt_atexit` `_cexit` `abort` `_register_thread_local_exe_atexit_callback`
api-ms-win-crt-filesystem-l1-1-0.dll	`_unlock_file` `_lock_file`
api-ms-win-crt-math-l1-1-0.dll	`logf` `__setusermatherr` `fmodf` `powf` `ceilf` `atan2f` `acosf` `sinf` `sqrtf` `cosf` `tanf`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale` `___lc_codepage_func`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Apr-22 15:54:20
Version	`0.0`
SizeofData	`91`
AddressOfRawData	`0x82d6c`
PointerToRawData	`0x8196c`
Referenced File	C:\Users\user\source\repos\roblox_inject\x64\Release\robloxext.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Apr-22 15:54:20
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x82dc8`
PointerToRawData	`0x819c8`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Apr-22 15:54:20
Version	`0.0`
SizeofData	`912`
AddressOfRawData	`0x82ddc`
PointerToRawData	`0x819dc`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2026-Apr-22 15:54:20
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x140083190`
EndAddressOfRawData	`0x140083198`
AddressOfIndex	`0x14008e7b8`
AddressOfCallbacks	`0x1400729b0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14008e040`

RICH Header

XOR Key	`0xc3da17f`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`18`
Imports (35403)	`6`
ASM objects (35403)	`4`
C objects (35403)	`10`
C++ objects (35403)	`34`
Imports (33145)	`21`
Total imports	`326`
C++ objects (LTCG) (35728)	`8`
Resource objects (35728)	`1`
Linker (35728)	`1`

Errors

Leave a comment

No comments yet.