Manalyze report for 1cdea528b9703c4eb19ca873afa0e0df329859ad10c26977fa19abd90195ba77

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Mar-08 23:05:20
Detected languages	English - United States
FileDescription	Lime Launcher
FileVersion	`0.1.9-alpha`
LegalCopyright
ProductName	Lime Launcher
ProductVersion	`0.1.9-alpha`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Looks for Qemu presence: QEmu` `Contains domain names: http://nsis.sf.net http://nsis.sf.net/NSIS_Error nsis.sf.net`
Suspicious	The PE is an NSIS installer	`Unusual section name found: .ndata`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress` `Can access the registry: RegEnumValueW RegEnumKeyW RegQueryValueExW RegSetValueExW RegCloseKey RegDeleteValueW RegDeleteKeyW RegOpenKeyExW RegCreateKeyExW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: GetTempPathW CreateFileW` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Can shut the system down or lock the screen: ExitWindowsEx`
Info	The PE is digitally signed.	`Signer: Lime Network LLC` `Issuer: Microsoft ID Verified CS EOC CA 02`
Malicious	VirusTotal score: 11/71 (Scanned on 2026-04-17 13:36:45)	`Alibaba: Trojan:Win32/Khalesi.1f2cbc8e` `DeepInstinct: MALICIOUS` `Kaspersky: Trojan.Win32.Khalesi.reiu` `Kingsoft: Win32.Trojan.Khalesi.reiu` `MaxSecure: Trojan.Malware.646572446.susgen` `Rising: Trojan.Khalesi!8.F103 (CLOUD)` `Sophos: Mal/Generic-S` `Symantec: Trojan.Gen.MBT` `TrellixENS: Artemis!2410FC36CAA6` `VBA32: BScope.TrojanDownloader.Upatre` `Varist: W64/ABTrojan.HAUZ-9099`

Hashes

MD5	`2410fc36caa69daf9123b2e1a6c4421c`
SHA1	`47b371976de8027563e72ed10d9c3b57768f79c5`
SHA256	`1cdea528b9703c4eb19ca873afa0e0df329859ad10c26977fa19abd90195ba77`
SHA3	`fb5165b0ba159f859553ace0458c8e99f3ea6ddf3e5901917253a549c031ce0b`
SSDeep	`98304:Shn6LIPj236nGbg7nIFXB648p6m31urKVMo3CBy2ELREunFVqlVXui29Vroz6MqT:Shn6Lajorcn+N8FOKVUBmi4LmtsviZij`
Imports Hash	`46ce5c12b293febbeb513b196aa7f843`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2025-Mar-08 23:05:20
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x6800`
SizeOfInitializedData	`0x22200`
SizeOfUninitializedData	`0x800`
AddressOfEntryPoint	`0x0000369F (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x8000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`6.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x67000`
SizeOfHeaders	`0x400`
Checksum	`0x5ed393`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`afb6c5993570f82e85ec446bbb886505`
SHA1	`3d96eacb962ab3f739212dac5bffbc1b0ac88889`
SHA256	`89bbbfc4d2f459cc1a27370026ac5737eb822174462d5d5577d01e23e9065cc0`
SHA3	`4682faf433c5881bed1095ca4cf639c5f7a9d5d9dff55595f105ffec8f30c8ef`
VirtualSize	`0x6711`
VirtualAddress	`0x1000`
SizeOfRawData	`0x6800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.45433`

.rdata

MD5	`e913094d8cceaca6b405bbbb52936387`
SHA1	`20df51227f19cb63323b43e74e506b2d2a09dce8`
SHA256	`512cb9ab76c260c6f4f8bb183a3e121f54906dcb42a74cded744aa6f6a330a19`
SHA3	`7f1ef0d8b4b6df73acc9b3d021673ec2f165f8688099c2a999d75994bfd54654`
VirtualSize	`0x1358`
VirtualAddress	`0x8000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x6c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.0997`

.data

MD5	`9d011beba2fe64a93f62fbb227cc9c35`
SHA1	`b6c4c61822b7f6abcb36cbd339f9cca5a4f4d452`
SHA256	`bdc36db376855e354e892a994ecdad27b11262eb19e548501a68049b0692f3f8`
SHA3	`cd0027898b2b69e95ffbf04ff0b04a714d00dc112e94d0266e2d5cc90aa7cf4c`
VirtualSize	`0x1fb78`
VirtualAddress	`0xa000`
SizeOfRawData	`0x600`
PointerToRawData	`0x8000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.12305`

.ndata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x2e000`
VirtualAddress	`0x2a000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rsrc

MD5	`e8553c8ba306a6f6387222d38b338f39`
SHA1	`383898f3ecf22c3b698a12dde9c0dea630bb5111`
SHA256	`90bdb0d1fcc11db3fbef213207d742a4be2fe77478c397a0270e28fd02f9f7e5`
SHA3	`f5f5eff3a740e4c1bae22ca0280f11a01df5ec1c74060927600ea210f0ac9c89`
VirtualSize	`0xe0d8`
VirtualAddress	`0x58000`
SizeOfRawData	`0xe200`
PointerToRawData	`0x8600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.83986`

Imports

ADVAPI32.dll	`RegEnumValueW` `RegEnumKeyW` `RegQueryValueExW` `RegSetValueExW` `RegCloseKey` `RegDeleteValueW` `RegDeleteKeyW` `AdjustTokenPrivileges` `LookupPrivilegeValueW` `OpenProcessToken` `RegOpenKeyExW` `RegCreateKeyExW`
SHELL32.dll	`SHGetPathFromIDListW` `SHBrowseForFolderW` `SHGetFileInfoW` `SHFileOperationW` `ShellExecuteExW`
ole32.dll	`CoCreateInstance` `OleUninitialize` `OleInitialize` `IIDFromString` `CoTaskMemFree`
COMCTL32.dll	`ImageList_Destroy` `#17` `ImageList_AddMasked` `ImageList_Create`
USER32.dll	`MessageBoxIndirectW` `GetDlgItemTextW` `SetDlgItemTextW` `CreatePopupMenu` `AppendMenuW` `TrackPopupMenu` `OpenClipboard` `EmptyClipboard` `SetClipboardData` `CloseClipboard` `IsWindowVisible` `CallWindowProcW` `GetMessagePos` `CheckDlgButton` `LoadCursorW` `SetCursor` `GetSysColor` `SetWindowPos` `GetWindowLongW` `IsWindowEnabled` `SetClassLongW` `GetSystemMenu` `EnableMenuItem` `GetWindowRect` `ScreenToClient` `EndDialog` `RegisterClassW` `SystemParametersInfoW` `CharPrevW` `GetClassInfoW` `DialogBoxParamW` `CharNextW` `ExitWindowsEx` `DestroyWindow` `CreateDialogParamW` `SetTimer` `SetWindowTextW` `PostQuitMessage` `SetForegroundWindow` `ShowWindow` `wsprintfW` `SendMessageTimeoutW` `FindWindowExW` `IsWindow` `GetDlgItem` `SetWindowLongW` `LoadImageW` `GetDC` `ReleaseDC` `EnableWindow` `InvalidateRect` `SendMessageW` `DefWindowProcW` `BeginPaint` `GetClientRect` `FillRect` `DrawTextW` `EndPaint` `CharNextA` `wsprintfA` `DispatchMessageW` `CreateWindowExW` `PeekMessageW` `GetSystemMetrics`
GDI32.dll	`GetDeviceCaps` `SetBkColor` `SelectObject` `DeleteObject` `CreateBrushIndirect` `CreateFontIndirectW` `SetBkMode` `SetTextColor`
KERNEL32.dll	`RemoveDirectoryW` `lstrcmpiA` `GetTempFileNameW` `CreateProcessW` `CreateDirectoryW` `CreateThread` `GlobalLock` `GlobalUnlock` `GetDiskFreeSpaceW` `WideCharToMultiByte` `lstrcpynW` `lstrlenW` `SetErrorMode` `GetVersionExW` `GetCommandLineW` `GetTempPathW` `GetWindowsDirectoryW` `SetEnvironmentVariableW` `CopyFileW` `WriteFile` `GetCurrentProcess` `GetModuleFileNameW` `GetLastError` `GetFileSize` `CreateFileW` `GetTickCount` `Sleep` `SetFileAttributesW` `GetFileAttributesW` `SetCurrentDirectoryW` `MoveFileW` `GetFullPathNameW` `GetShortPathNameW` `SearchPathW` `CompareFileTime` `SetFileTime` `CloseHandle` `lstrcmpiW` `lstrcmpW` `ExpandEnvironmentStringsW` `GlobalFree` `GlobalAlloc` `GetModuleHandleW` `LoadLibraryExW` `FreeLibrary` `WritePrivateProfileStringW` `GetPrivateProfileStringW` `lstrlenA` `MultiByteToWideChar` `ReadFile` `SetFilePointer` `FindClose` `FindNextFileW` `FindFirstFileW` `DeleteFileW` `MulDiv` `lstrcpyA` `MoveFileExW` `lstrcatW` `GetSystemDirectoryW` `GetProcAddress` `GetModuleHandleA` `GetExitCodeProcess` `WaitForSingleObject` `ExitProcess`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x9442`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.9755`
Detected Filetype	PNG graphic file
MD5	`bdd9a55b5483ba9fceccc7c2e0fa476a`
SHA1	`5eb25ee1b6049b4219f86564370de56d94158f5b`
SHA256	`8c69b4ec48a9ed575c896b8c0a5b8cce971775fe1caf9f657754723a6a9a1503`
SHA3	`65187b79f40ca62bafffbda1b8eb92088b9ac6f53bb57e5d5e343582737adaab`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1791`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.89326`
Detected Filetype	PNG graphic file
MD5	`ee479976ca6217cc291189c95d7be3df`
SHA1	`4c83490f0d07b2cf3b82557228f79edd4f6b102b`
SHA256	`bf1c424e4b1b3c712826d7c5c9c950aaef4052bd3fbf13125eecb9be0143e3dc`
SHA3	`63bf00ea1dfb7305d9cce2391966de60f247e4ad3e8a1fc64fabd6389e85c71d`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1019`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.86447`
Detected Filetype	PNG graphic file
MD5	`ed970fd287e09df9ab1d77a1384b8906`
SHA1	`bdc9e2a3ad3874781257cc02bbc4629844aafc60`
SHA256	`b7704395ac2995c6dadf1f1e59a8881798f8feb4e4d3108e3782de17080547e9`
SHA3	`efe18858978038f67b6734981188a4c030daa4df318e6fec1a1c4cbc3f62a605`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x92f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.82734`
Detected Filetype	PNG graphic file
MD5	`f739bf23421e72e763f5a7dab5e4647b`
SHA1	`ea2341d5ad6f5a202afa29beaf483342b9a83216`
SHA256	`b3f34c78987aa33c5ce72a084c1a6c229e808c60aadf1eb53c5393f2dc5867a1`
SHA3	`af8dbfb9109e55490d5a34b2c632ce32c2739cfa82f10b5836d5c0a5a469d76f`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x633`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.76935`
Detected Filetype	PNG graphic file
MD5	`1d240ebb24eb1c78de2760d7f3dd8df8`
SHA1	`4525b55bb36ae0753159ea69d8fc757ab6aae924`
SHA256	`e46ff319d3149f214db690259b0d080dc1f93e13e156389e05a3547fc0506b27`
SHA3	`21da682719ba8a6b2fd240cedb6446de1196875e91d0d77e8a4ba2e08d32c7a7`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x398`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.64703`
Detected Filetype	PNG graphic file
MD5	`fe0df62db61792b119d1d05f1f52cace`
SHA1	`f353fdeede84c2b13e31924ecb8dc650f399efee`
SHA256	`4ec8054288ae30ce26b3dc84097f784f64cba4863087bf4e6cee1bf61d6f76b5`
SHA3	`a5236e9445ec2c3a8ba777c6e8315e64a4a4afadda0d6a4321efcd6beddab450`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`982079681d7ad12766abc44f06946f3e`
SHA1	`50f73ed0787bf5911bb907e487efbc84a9714e48`
SHA256	`250f52cb2d6f1966a29f6ac771fa1cd185b8f8531396c8a4026c0fe635617e0c`
SHA3	`b8805d45012d79cfa8bb45e23c9b4a4421cd91538d569e58437efa0f545cf4d4`

103

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x120`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.56193`
MD5	`db6dd0434da4d7cac564518725167e09`
SHA1	`a65a1367d7cd96450f089a8f8108239bbcea9f5b`
SHA256	`c50631fc1f8425a95fd1edcc8e730d339e193a38f18d42372c32847a5ad2c016`
SHA3	`4e3be5455c51e1cb04836e318cb69ecdffd2deadd0f338d4bc985d8f5ca653ff`

105

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x202`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.73893`
MD5	`386770584473e271f23dced36427f4ff`
SHA1	`d14ce95f784b35e4e3ebee535476ebcd3e380c19`
SHA256	`425b8270f7ca42a927eae6bea468acf414a3e4b58b5ba2c56aaae4d1b2c11014`
SHA3	`db13e5969376b27e8443eebff685230e2b74685aeb2fba73973f06e5cddc8662`

106

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xf8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.91148`
MD5	`fa83652660409e90e0db9731ad2adb17`
SHA1	`0a8f0af67723c87fe26ccf676b8e19ec6357b4dc`
SHA256	`4a55bd714f5d50cd8eabba10e57f0618f1842717dcfa582d73a917b1933cd1d4`
SHA3	`5b3e1cb25be7a2dbae4f08f0d4794ed23dbd6ea37a3f9702be12dba588f42a7b`

107

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.52183`
MD5	`6ffba239dcfcab2080195f23947b70aa`
SHA1	`bcda1ca8ee9bb9878bde83aa06c670bb5a4d5843`
SHA256	`a7e5ea849cb343e9b58de221aeb25c9dd4a3748070bfba879a30c4265fc39023`
SHA3	`a75544b4c3fcbcb32fe4e02d1a631e045b2e58516aa1065bb96cce681aea7030`

111

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xee`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.92767`
MD5	`1db3e4c32b9560257ddf3506fef9dd3f`
SHA1	`6666e0c8336456cfacec71d84415c6516e9e2673`
SHA256	`587a03198c39f990e77691056bb5705e21374281862ce06de94c68172f50f763`
SHA3	`30ca0affc3f1d2ef8b37f2103db7581caaf88548823fb3ae1d308fae9738dab4`

103 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.30181`
Detected Filetype	Icon file
MD5	`61f1d03c3b311da2663821266c07276c`
SHA1	`bbeab507362488e6e722ec973f9b0523f596d9bd`
SHA256	`3cd9b9ce2a837eeae01e7b7acf88fa7cccbade9ba87fbf083eb9bc97db04f556`
SHA3	`f989e39a067581dec3c3a01a4fc17905c97fde6b2d979e6fd0a9991c0636b698`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1f8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.21118`
MD5	`f03bd103a11102ab8d40336263f0c1ba`
SHA1	`1de8cf96f439a7b4f1acffda8c50b0252212f704`
SHA256	`1b900462fef5f82ba41c13f6a1bb999be5a5fcb4bee15e7f0ede82d07b000f99`
SHA3	`d1bf044c43cbb76b7a7c601ef0933c1625eeddb74e0b335d714a8be27acf679d`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x548`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.28639`
MD5	`07b13c08cb06a8ee40e4cd270e5a7970`
SHA1	`4b15f71d939f279ba2168852c4612f9ecb06f195`
SHA256	`16233ba24b4e3d43375a8f54e73b60faa220809c667902e7015cc836b9e7002c`
SHA3	`f7038fba7c49192ee639552be4cf697612f93f6f15999b33626ee1a612524156`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0`
FileVersion	0.1.9.0
ProductVersion	0.1.9.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
FileDescription	Lime Launcher
FileVersion (#2)	0.1.9-alpha
LegalCopyright
ProductName	Lime Launcher
ProductVersion (#2)	0.1.9-alpha

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xd24e50e9`
Unmarked objects	`0`
C objects (VS2003 (.NET) build 4035)	`2`
Total imports	`163`
Imports (VS2003 (.NET) build 4035)	`15`
48 (9044)	`10`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

Errors

[*] Warning: Section .ndata has a size of 0!

Leave a comment

No comments yet.