Manalyze report for 2467c654a25beb70680572b4fd3ecf38446f78be25c61a8d3df56b908f244a13

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-Mar-18 14:13:16

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: cmd.exe`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress LoadLibraryExW` `Possibly launches other programs: CreateProcessW`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`b142c7924410fbdf9f6ce396da526bda`
SHA1	`2119dbe76bb17c32a9002652679eaa944fcc152b`
SHA256	`2467c654a25beb70680572b4fd3ecf38446f78be25c61a8d3df56b908f244a13`
SHA3	`15df1dc80b2e7a93f3e2a976ed73f95dd9a4a972731a1a410da5eea6b5337532`
SSDeep	`12288:UJ2UxLKUxLrdzlOUig2m8HdmIzmaz41J61VbdRu1B+EiX:UJ2UxLKUxLrdzlOUig2m8Hdmgmaz41A`
Imports Hash	`7b6bebeab9cb28c3760c995c2a58caff`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2026-Mar-18 14:13:16
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x7fa00`
SizeOfInitializedData	`0x36e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000055C50 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xbb000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`69a203fd34f47629da93e0bca2e2c442`
SHA1	`49c74d34cc3f65d9a5d0f6c4a84845f0e0ccd4a8`
SHA256	`f70c73eda9b9f268524a3e8bb0fe04ff7f906f1206796be90560d2c1dcd1110f`
SHA3	`2faaae99086880d2b274e0321277977e0afed78ffe708d2bb9f4feff24386475`
VirtualSize	`0x7f9c0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x7fa00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.13284`

.rdata

MD5	`0eab857ccaeba4608f99082825c4a8a5`
SHA1	`246a2722705c5d75c53962ac5cb1f8a30a024297`
SHA256	`889cc432c5af04dcc0c9142ef9d1cfb7276562f3488f1d113bb8b4771ea35723`
SHA3	`82ddd567bd94f49e3f6de2e8351be047743aa3a9dc21d11b5a4f6e42b5299e21`
VirtualSize	`0x291ce`
VirtualAddress	`0x81000`
SizeOfRawData	`0x29200`
PointerToRawData	`0x7fe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.73969`

.data

MD5	`f1a8d0a649eae9d8cf88773e5d8240da`
SHA1	`7b32bbe1becf3c8bc715dc0fe51b937461c4bcc8`
SHA256	`19ebb9ae4f10515efc7c984be24a4264c415c3b303a6739720bbf3c109309089`
SHA3	`eacb02e9d9e376ea1b873ff1be77b15a02dc8928196eaa67b8d0e88a869760a8`
VirtualSize	`0x8bb8`
VirtualAddress	`0xab000`
SizeOfRawData	`0x1200`
PointerToRawData	`0xa9000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.0131`

.pdata

MD5	`f3c2d70b1fa5a911691e20ac2ea1e109`
SHA1	`19e1bbd3b3badfd2102849aecc5e013120402b13`
SHA256	`1f35111f18b14fce5c105ea0eaccadab471c980d3d2f141d217b9b3d1b182c7e`
SHA3	`3f83e757b8f731938e0039b458e88cc66c85342fc780d9597bf440227f50adad`
VirtualSize	`0x44f4`
VirtualAddress	`0xb4000`
SizeOfRawData	`0x4600`
PointerToRawData	`0xaa200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.76984`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x100`
VirtualAddress	`0xb9000`
SizeOfRawData	`0x200`
PointerToRawData	`0xae800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.reloc

MD5	`8f68c5cc7ceda82701328bd99111e29f`
SHA1	`7e6e7603d762583f3396b41319aed2491af02564`
SHA256	`45a2a86bd9c1922b3c99c3ea3348c7dd174f2262d83868d20a297cadb0c1f394`
SHA3	`2321920573f6a60d6a0f3190a514fcbf730a0a53d6ea69f954d846c61f8aa0e8`
VirtualSize	`0x728`
VirtualAddress	`0xba000`
SizeOfRawData	`0x800`
PointerToRawData	`0xaea00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.17853`

Imports

glfw3.dll	`glfwGetTime` `glfwGetMouseButton` `glfwGetCursorPos` `glfwSetWindowShouldClose` `glfwSetKeyCallback` `glfwSetScrollCallback` `glfwSetMouseButtonCallback` `glfwSetCursorPosCallback` `glfwGetKey` `glfwGetCurrentContext` `glfwGetFramebufferSize` `glfwSetFramebufferSizeCallback` `glfwDestroyWindow` `glfwGetProcAddress` `glfwSwapInterval` `glfwMakeContextCurrent` `glfwTerminate` `glfwCreateWindow` `glfwWindowHint` `glfwInit` `glfwSwapBuffers` `glfwPollEvents` `glfwWindowShouldClose` `glfwSetWindowTitle` `glfwSetInputMode`
KERNEL32.dll	`GetFileType` `SetEndOfFile` `HeapSize` `FlushFileBuffers` `CreateFileW` `GetProcessHeap` `GetStringTypeW` `SetStdHandle` `SetEnvironmentVariableW` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `WideCharToMultiByte` `MultiByteToWideChar` `GetCPInfo` `GetOEMCP` `GetACP` `IsValidCodePage` `FindNextFileW` `FindFirstFileExW` `FindClose` `ReadConsoleW` `GetFileAttributesExW` `CreateProcessW` `GetExitCodeProcess` `WaitForSingleObject` `SetFilePointerEx` `LoadLibraryW` `GetProcAddress` `FreeLibrary` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `GetFileSizeEx` `RtlUnwindEx` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `LoadLibraryExW` `EncodePointer` `RaiseException` `RtlPcToFileHeader` `GetStdHandle` `RtlUnwind` `GetModuleFileNameW` `GetModuleHandleExW` `WriteConsoleW` `ReadFile` `WriteFile` `GetCurrentProcess` `ExitProcess` `TerminateProcess` `GetCommandLineA` `GetCommandLineW` `HeapFree` `CloseHandle` `HeapAlloc` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `InitializeCriticalSectionEx` `VirtualProtect` `CompareStringW` `LCMapStringW` `HeapReAlloc` `OutputDebugStringW` `GetConsoleOutputCP` `GetConsoleMode`

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Mar-18 14:13:16
Version	`0.0`
SizeofData	`928`
AddressOfRawData	`0xa5a08`
PointerToRawData	`0xa4808`

TLS Callbacks

StartAddressOfRawData	`0x1400a5df0`
EndAddressOfRawData	`0x1400a5e18`
AddressOfIndex	`0x1400b2ad8`
AddressOfCallbacks	`0x140081420`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1400ab6c0`

RICH Header

XOR Key	`0xb153d0ed`
Unmarked objects	`0`
C++ objects (33145)	`177`
C objects (33145)	`22`
ASM objects (33145)	`16`
Imports (33145)	`2`
ASM objects (35207)	`9`
C objects (35207)	`18`
C++ objects (35207)	`41`
Imports (33519)	`3`
Total imports	`123`
Unmarked objects (#2)	`19`
Linker (35222)	`1`

Errors

Leave a comment

No comments yet.