Manalyze report for 19adc7817b870018f10ad6878cca2f25145f912c1ca82e2545f1820cc5e62a78

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Mar-08 09:19:59
Detected languages	English - United States
TLS Callbacks	2 callback(s) detected.

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: cubecraft.net github.com`
Info	Cryptographic algorithms detected in the binary:	`Uses known Mersenne Twister constants`
Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Functions which can be used for anti-debugging purposes: SwitchToThread CreateToolhelp32Snapshot` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc` `Has Internet access capabilities: URLDownloadToFileA` `Enumerates local disk drives: GetDriveTypeW`
Suspicious	VirusTotal score: 1/70 (Scanned on 2026-03-10 11:00:26)	`Cynet: Malicious (score: 100)`

Hashes

MD5	`e6590004790ad8151e5bbaf7375d52f6`
SHA1	`46efb42b22f06ec4e76ee70f9c2277dd70a9b2a8`
SHA256	`19adc7817b870018f10ad6878cca2f25145f912c1ca82e2545f1820cc5e62a78`
SHA3	`06f3a25622ab7f3bde53f9513293547e905f9728fef41a04db4bdf0c39257083`
SSDeep	`98304:EuK8JCfxd3ddQxifTbZyQbe/Z4v61eRsk9LET:1JWdNdQs`
Imports Hash	`5f92c68d428112b737eaa35d681bc811`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2026-Mar-08 09:19:59
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x470e00`
SizeOfInitializedData	`0x254400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000361560 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x6c9000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`4816d8a51d3f77b799065bbe7335a65e`
SHA1	`03fbf76284556c8bc9d7497bf753e95c26c8fd24`
SHA256	`d5211b491142cd87d484a4b674bdba11e917dc34b94a417a4cf40b62e5833935`
SHA3	`1af75c40b65665f5ee3ab238fb2278c21da2926f55e099a0f20c8e86ced97e86`
VirtualSize	`0x470dac`
VirtualAddress	`0x1000`
SizeOfRawData	`0x470e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.41142`

.rdata

MD5	`f835f71c5472ad341cbb4a265b41cff0`
SHA1	`bbd1725df7415df11e47f3f3af46761ac4342d10`
SHA256	`0f4ed3132d27c8e55ff4dcd42fbdc748c31ad9573122c6ad869e11eab686a387`
SHA3	`8bc9a8555496369bc7fd9682d5cfa602f87c9547a0ebd69842f587abb627d175`
VirtualSize	`0xaa84e`
VirtualAddress	`0x472000`
SizeOfRawData	`0xaaa00`
PointerToRawData	`0x471200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.56156`

.data

MD5	`c79241d8eb3aba48c2ab7db7264e9d54`
SHA1	`6e07dad5d263010085b8729c7f3215afa0755d4e`
SHA256	`0867b3d8e9be47387727e6785c3fb4c59d96ecd08bd0e121fd3990234fa2dfce`
SHA3	`a8bf727ae88b908c3b8479b1f4b28fb60560c785c59d1977a540651925994e9c`
VirtualSize	`0x18febc`
VirtualAddress	`0x51d000`
SizeOfRawData	`0x18c200`
PointerToRawData	`0x51bc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0680863`

.pdata

MD5	`ca08a85637d32bed337be14b481658f1`
SHA1	`541bfe076ccf42e12201f3b8723d5706277be602`
SHA256	`93fbce6f1466d5651a9f58b4ba9f3e7f2873db37f3d755d42d53d3d49dcfba2a`
SHA3	`143773efd31283c1df06c81adf6be2eb017051e2e53b0888f7491809b295e62d`
VirtualSize	`0x13f98`
VirtualAddress	`0x6ad000`
SizeOfRawData	`0x14000`
PointerToRawData	`0x6a7e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.28564`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x100`
VirtualAddress	`0x6c1000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6bbe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`0abc4efb03e2a3f8bc7e17fbfc371180`
SHA1	`50d7027c41527a52162af7ec3b01c21f40be85fc`
SHA256	`a32b33724da12bc3be52e2045507cf43130f814cee3a4f6249db9147bdbce6b5`
SHA3	`5d643449294b6f55d084a8c21b34b8dcb9b59501aff23ec0d99016c78ca1600a`
VirtualSize	`0x1e0`
VirtualAddress	`0x6c2000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6bc000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.70148`

.reloc

MD5	`ae3fb452c8477bf5618426950c4334d5`
SHA1	`475bc3c5fabf6fb4280f9301f818e074cfa2e544`
SHA256	`cca4a522c5a7002db5cbdf44e77c735b54065cfe54a9f4b561ba9c6a7456335a`
SHA3	`599ecc7be304f53a4059224304edc56be440851398bdc34ec3064d5da6c2d048`
VirtualSize	`0x5404`
VirtualAddress	`0x6c3000`
SizeOfRawData	`0x5600`
PointerToRawData	`0x6bc200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.41916`

Imports

VERSION.dll	`GetFileVersionInfoSizeA` `GetFileVersionInfoA` `VerQueryValueA`
api-ms-win-core-synch-l1-2-0.dll	`InitOnceBeginInitialize` `SleepConditionVariableSRW` `WakeAllConditionVariable` `WakeConditionVariable` `InitOnceComplete` `Sleep`
api-ms-win-core-processthreads-l1-1-0.dll	`ExitProcess` `GetCurrentThreadId` `OpenThread` `SuspendThread` `ResumeThread` `GetCurrentProcessId` `GetExitCodeThread` `SwitchToThread` `CreateThread` `GetStartupInfoW` `ExitThread` `TerminateProcess` `GetCurrentProcess`
api-ms-win-core-libraryloader-l1-2-0.dll	`GetModuleFileNameA` `GetModuleFileNameW` `FreeLibraryAndExitThread` `GetModuleHandleW` `GetModuleHandleExW` `FreeLibrary` `GetProcAddress` `DisableThreadLibraryCalls` `LoadLibraryExW`
api-ms-win-core-sysinfo-l1-1-0.dll	`GetSystemInfo` `GetSystemTimeAsFileTime`
api-ms-win-core-processenvironment-l1-1-0.dll	`FreeEnvironmentStringsW` `SetStdHandle` `SetEnvironmentVariableW` `GetCommandLineA` `GetCommandLineW` `GetEnvironmentVariableA` `GetStdHandle` `GetEnvironmentStringsW` `GetCurrentDirectoryW`
api-ms-win-core-memory-l1-1-0.dll	`VirtualProtect` `VirtualAlloc` `VirtualQuery` `VirtualFree`
api-ms-win-core-heap-l2-1-0.dll	`GlobalAlloc` `GlobalFree` `LocalFree`
api-ms-win-core-heap-obsolete-l1-1-0.dll	`GlobalLock` `GlobalUnlock`
api-ms-win-core-handle-l1-1-0.dll	`CloseHandle`
api-ms-win-core-errorhandling-l1-1-0.dll	`GetLastError` `SetLastError` `UnhandledExceptionFilter` `RaiseException` `SetUnhandledExceptionFilter`
api-ms-win-core-heap-l1-1-0.dll	`HeapSize` `GetProcessHeap` `HeapAlloc` `HeapDestroy` `HeapReAlloc` `HeapFree` `HeapCreate`
api-ms-win-core-processthreads-l1-1-1.dll	`IsProcessorFeaturePresent` `FlushInstructionCache` `SetThreadContext` `GetThreadContext`
api-ms-win-core-toolhelp-l1-1-0.dll	`CreateToolhelp32Snapshot` `Thread32First` `Thread32Next`
api-ms-win-core-string-l1-1-0.dll	`CompareStringW` `GetStringTypeW` `CompareStringEx` `MultiByteToWideChar` `WideCharToMultiByte`
api-ms-win-core-console-l1-1-0.dll	`ReadConsoleW` `WriteConsoleA` `GetConsoleMode` `GetConsoleOutputCP` `WriteConsoleW`
api-ms-win-core-file-l1-1-0.dll	`FindFirstFileW` `WriteFile` `GetFileSizeEx` `ReadFile` `FindNextFileW` `FlushFileBuffers` `FindFirstFileExW` `FindClose` `GetFileType` `CreateFileW` `GetDriveTypeW` `GetFileInformationByHandle` `SetFileInformationByHandle` `GetFullPathNameW` `DeleteFileW` `SetEndOfFile` `GetFileAttributesExW` `SetFilePointerEx` `CreateDirectoryW`
api-ms-win-core-timezone-l1-1-0.dll	`GetDynamicTimeZoneInformation` `SystemTimeToTzSpecificLocalTime` `GetTimeZoneInformation` `FileTimeToSystemTime`
api-ms-win-core-console-l2-1-0.dll	`GetConsoleScreenBufferInfo` `SetConsoleTextAttribute`
KERNEL32.dll	`IsBadReadPtr`
USER32.dll	`SetClipboardData` `DefWindowProcA` `OpenClipboard` `CloseClipboard` `EmptyClipboard`
urlmon.dll	`URLDownloadToFileA`
WINMM.dll	`PlaySoundA`
api-ms-win-core-localization-l1-2-0.dll	`GetLocaleInfoEx` `LCMapStringEx` `FormatMessageA` `GetUserDefaultLCID` `IsValidCodePage` `LCMapStringW` `GetLocaleInfoW` `IsValidLocale` `GetCPInfo` `GetOEMCP` `GetACP` `EnumSystemLocalesW`
api-ms-win-core-file-l1-2-0.dll	`CreateFile2`
api-ms-win-core-file-l1-2-2.dll	`AreFileApisANSI`
api-ms-win-core-file-l2-1-0.dll	`CopyFile2` `GetFileInformationByHandleEx`
api-ms-win-core-rtlsupport-l1-1-0.dll	`RtlUnwind` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlUnwindEx` `RtlVirtualUnwind` `RtlPcToFileHeader`
api-ms-win-core-synch-l1-1-0.dll	`LeaveCriticalSection` `AcquireSRWLockExclusive` `ReleaseSRWLockExclusive` `TryAcquireSRWLockExclusive` `WaitForSingleObjectEx` `InitializeCriticalSectionEx` `DeleteCriticalSection` `AcquireSRWLockShared` `ReleaseSRWLockShared` `EnterCriticalSection`
api-ms-win-core-threadpool-l1-2-0.dll	`CreateThreadpoolWork` `SubmitThreadpoolWork` `FreeLibraryWhenCallbackReturns` `CloseThreadpoolWork`
api-ms-win-core-profile-l1-1-0.dll	`QueryPerformanceCounter` `QueryPerformanceFrequency`
api-ms-win-core-sysinfo-l1-2-0.dll	`GetSystemTimePreciseAsFileTime`
api-ms-win-core-util-l1-1-0.dll	`EncodePointer` `DecodePointer`
api-ms-win-core-interlocked-l1-1-0.dll	`InitializeSListHead` `InterlockedFlushSList`
api-ms-win-core-fibers-l1-1-0.dll	`FlsSetValue` `FlsFree` `FlsAlloc` `FlsGetValue`
api-ms-win-core-namedpipe-l1-1-0.dll	`PeekNamedPipe`
api-ms-win-core-debug-l1-1-0.dll	`IsDebuggerPresent`
api-ms-win-core-datetime-l1-1-0.dll	`GetTimeFormatW` `GetDateFormatW`

Delayed Imports

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Mar-08 09:19:59
Version	`0.0`
SizeofData	`1072`
AddressOfRawData	`0x4a74ac`
PointerToRawData	`0x4a66ac`

TLS Callbacks

StartAddressOfRawData	`0x1804a7930`
EndAddressOfRawData	`0x1804b8d14`
AddressOfIndex	`0x1806ac318`
AddressOfCallbacks	`0x1804739e8`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES`
Callbacks	`0x0000000180360A00` `0x0000000180360AA4`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1806a7b00`

RICH Header

XOR Key	`0xefb4b4bf`
Unmarked objects	`0`
C++ objects (33145)	`192`
C objects (33145)	`45`
ASM objects (33145)	`22`
C objects (35403)	`15`
ASM objects (35403)	`12`
C++ objects (35403)	`99`
Imports (VS2008 SP1 build 30729)	`72`
Imports (33145)	`13`
Total imports	`194`
C objects (35725)	`4`
C++ objects (35725)	`313`
Resource objects (35725)	`1`
Linker (35725)	`1`

Errors

[*] Warning: Yara callback received an unhandled message (6).

Leave a comment

No comments yet.