Manalyze report for 1cca6e5e796f39481b4bab258aefab9d42a9ad6b8fa23d851f8642f490631f2d

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-Apr-08 02:43:43
Detected languages	English - United States
TLS Callbacks	1 callback(s) detected.
Debug artifacts	¶HJ7Û`ue¤OF=·Ã£¯RhQu^ÐýfJÈpçÞÖx2½\|òÐOÒG«guÛÖXL`ó

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: CurrentControlSet\Services`
Suspicious	The PE is possibly packed.	`Unusual section name found: .idata2` `Unusual section name found: .xdata2` `Unusual section name found: .tls1` `The PE only has 1 import(s).`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`d15929e33e3784e5051b4018182ccef6`
SHA1	`ff124758a114bb3551fab10622a7a4dc1bc9bcda`
SHA256	`1cca6e5e796f39481b4bab258aefab9d42a9ad6b8fa23d851f8642f490631f2d`
SHA3	`63a2d43d1e272179c1af94b1d5bf28faa3237557a31b0a25ec27d9223e0044a6`
SSDeep	`6144:ftVEXTWwPhiHR1f3ngUT+Q49QjfTzBws:+TdER1Yln98`
Imports Hash	`cf3afa13cb4a38c3741b9573d5da93b6`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`9`
TimeDateStamp	2026-Apr-08 02:43:43
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x1aa00`
SizeOfInitializedData	`0x18c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000005C38 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x3a000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f196c635e8960b5ecebb4827e62ad8c9`
SHA1	`c532f09dd2136e2331d6e95a8a39bec31f887284`
SHA256	`3fb587bb32694bba9aa5e84300e662081755235d56e07626865f1d69c1788bed`
SHA3	`e6439e68de42e24a5c18b65e70c3919fe2a3ed157de370834721540645ab651d`
VirtualSize	`0x588b`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.66127`

.rdata

MD5	`2872a72761a2441e8d5d421c1982abf1`
SHA1	`61f339c2d3724c9b199f8fc453411eae45101807`
SHA256	`d3d6629548702dcd21a47787cdfdb62c9a75fd5991ac9cd5e51a0b88376c1a53`
SHA3	`2bb425ea17bb13a7cc8d79f64ff8f1aa806da1d39d71b01b81c36e40eaf16ca0`
VirtualSize	`0x648a`
VirtualAddress	`0x7000`
SizeOfRawData	`0x6600`
PointerToRawData	`0x5e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.21179`

.data

MD5	`e723611ee2d812d37b9eab037381b5ba`
SHA1	`59b18ead710a3a3970f6ef5700ad214dad2d6b77`
SHA256	`eb0405f9e36e7b3484709597147f216450df9ac3504797af8a3a1eaf14866f57`
SHA3	`5fff1556e12ee1a833af128cae6f91f829b0bf4a288d6c336890fa8d8f7344f4`
VirtualSize	`0x498`
VirtualAddress	`0xe000`
SizeOfRawData	`0x400`
PointerToRawData	`0xc400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.21733`

.pdata

MD5	`57dae2a466bf69c5b31f3e12a714d195`
SHA1	`e848c538acec4e46dee5666aa30e6aa1548257f6`
SHA256	`1449881780681b78fdccc33aaf53c20e031046338cc1e66b41175756d23e4470`
SHA3	`66451149ffdd0272aba7e1faa9b6d0b68bf20d3a4f94a071625988b515119419`
VirtualSize	`0x600`
VirtualAddress	`0xf000`
SizeOfRawData	`0x600`
PointerToRawData	`0xc800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.35362`

.rsrc

MD5	`7fb674792fe66f6671133a254ca44aa5`
SHA1	`234c04832be6431ad5b6c2cb4ad8df1d540d8e0e`
SHA256	`6db91187d518061b8e0eb1ab539700e0e869a14469d7b74d1f77539f03d31917`
SHA3	`10751e67e36ec57bec4a45c0ff03354c6f58c3e65182b0ff4c4f223917c293de`
VirtualSize	`0x1e0`
VirtualAddress	`0x10000`
SizeOfRawData	`0x200`
PointerToRawData	`0xce00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.69389`

.reloc

MD5	`7dff268222e5dc08d1a029d8065803eb`
SHA1	`2b2613a3149d2f2d325df9878bb9c4ec5b892daa`
SHA256	`320e172529d1a6ffe733d434ff2f1cc2dd357757589fd5bcbc05a33e00572605`
SHA3	`4684b04546b3138e7981d226cc0f5b9b73e5c4ccddb5c2ea7ea49656a7258943`
VirtualSize	`0xd0`
VirtualAddress	`0x11000`
SizeOfRawData	`0x200`
PointerToRawData	`0xd000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.60634`

.idata2

MD5	`cfc71fa8b0a29d4a929dfa6b4c336b28`
SHA1	`bbdc7b17499b90aabfd83efccce0776bcc5c85c6`
SHA256	`500d31c21ef93d65661815319fb7d4264710e462dd6fdef8a349cf50362d4723`
SHA3	`0f63cd9292d71df6868e9c1cab9208bfa1513209d78a71fd9d0dbb3b9c467b86`
VirtualSize	`0x11030`
VirtualAddress	`0x12000`
SizeOfRawData	`0x11200`
PointerToRawData	`0xd200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.64221`

.xdata2

MD5	`8b5bd8079cfa118701104ea133287b38`
SHA1	`328b05d071e7a7c36321991ce40d4e92edaa8019`
SHA256	`92d1128e3656d0956b3f80a1f50aa65ea5797a4b29f47c35febee36da059aa6a`
SHA3	`a1490c909b4e469188ee3048c04cb052185046193054665c3b3f079fcf1fbc5b`
VirtualSize	`0x14fcc`
VirtualAddress	`0x24000`
SizeOfRawData	`0x15000`
PointerToRawData	`0x1e400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.15838`

.tls1

MD5	`091e07b7712d295ddeb723154fecfb58`
SHA1	`682d879af3555935be9264ae97d8db9f503b73e9`
SHA256	`266b8975c1617a8388dba9b61dc25672f14b10edf5e690d250df8fbd1a1cad65`
SHA3	`8de13209612f32a1f94c38ce9bc46f4a186fe00a93f0e0141d7748ab4628d8b7`
VirtualSize	`0x268`
VirtualAddress	`0x39000`
SizeOfRawData	`0x400`
PointerToRawData	`0x33400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.151579`

Imports

KERNEL32.dll	`MultiByteToWideChar`
ADVAPI32.dll	`(EMPTY)`
SHELL32.dll	`(EMPTY)`
MSVCP140.dll	`(EMPTY)`
VCRUNTIME140_1.dll	`(EMPTY)`
VCRUNTIME140.dll	`(EMPTY)`
api-ms-win-crt-stdio-l1-1-0.dll	`(EMPTY)`
api-ms-win-crt-utility-l1-1-0.dll	`(EMPTY)`
api-ms-win-crt-filesystem-l1-1-0.dll	`(EMPTY)`
api-ms-win-crt-time-l1-1-0.dll	`(EMPTY)`
api-ms-win-crt-heap-l1-1-0.dll	`(EMPTY)`
api-ms-win-crt-runtime-l1-1-0.dll	`(EMPTY)`
api-ms-win-crt-math-l1-1-0.dll	`(EMPTY)`
api-ms-win-crt-locale-l1-1-0.dll	`(EMPTY)`
api-ms-win-crt-string-l1-1-0.dll	`(EMPTY)`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Apr-08 02:43:43
Version	`0.0`
SizeofData	`87`
AddressOfRawData	`0xb1d4`
PointerToRawData	`0x9fd4`
Referenced File	¶HJ7Û`ue¤OF=·Ã£¯RhQu^ÐýfJÈpçÞÖx2½\|òÐOÒG«guÛÖXL`ó

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Apr-08 02:43:43
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0xb22c`
PointerToRawData	`0xa02c`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Apr-08 02:43:43
Version	`0.0`
SizeofData	`780`
AddressOfRawData	`0xb240`
PointerToRawData	`0xa040`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2026-Apr-08 02:43:43
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0`
EndAddressOfRawData	`0`
AddressOfIndex	`0x140039028`
AddressOfCallbacks	`0x140039030`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x00000001400362E0`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14000e040`

RICH Header

XOR Key	`0xfa03a30e`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`18`
ASM objects (35403)	`3`
C objects (35403)	`10`
C++ objects (35403)	`28`
Imports (35403)	`6`
Imports (33145)	`7`
Total imports	`152`
C++ objects (LTCG) (35728)	`1`
Resource objects (35728)	`1`
Linker (35728)	`1`

Errors

[!] Error: Read the same import twice! This PE was almost certainly crafted manually!
[*] Warning: An error occurred while trying to read functions imported by module KERNEL32.dll.

Leave a comment

No comments yet.