Manalyze report for 340e8e7dbdd78b55bfec23fed43012648906e88ea14ef54891dea83d44963074

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Dec-18 01:48:47
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 8.0` `MASM/TASM - sig1(h)`
Info	Libraries used to perform cryptographic operations:	`Microsoft's Cryptography API`
Suspicious	The PE contains functions most legitimate programs don't use.	`Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Uses Microsoft's cryptographic API: CryptBinaryToStringA` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc` `Has Internet access capabilities: InternetConnectW InternetOpenW InternetCrackUrlW InternetCloseHandle` `Can take screenshots: GetDC CreateCompatibleDC BitBlt`
Malicious	VirusTotal score: 3/71 (Scanned on 2026-03-05 05:41:03)	`CrowdStrike: win/malicious_confidence_70% (D)` `Cynet: Malicious (score: 100)` `Paloalto: generic.ml`

Hashes

MD5	`bac45e4c01ab28feb1a72e0445f093e8`
SHA1	`99d5dd7fa04f5d2c4e2ffaa69cf3702e36503eac`
SHA256	`340e8e7dbdd78b55bfec23fed43012648906e88ea14ef54891dea83d44963074`
SHA3	`4417995226773709366edef517c3077b1563c0449978051ba059488a9a441039`
SSDeep	`1536:bYuQnhptbv3Uua2nqAwgnJnJbEVgCIlOlGUXzkWAN44EbXgsRmH8:bnQnhbv3La2pmVgCI8ZkTCZNm`
Imports Hash	`42ecd74cb40809100bbe4854de4fa0d6`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2025-Dec-18 01:48:47
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xe600`
SizeOfInitializedData	`0x8600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000000E944 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x1b000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`9014e1d44bf2d9de243d9413317079e0`
SHA1	`13e560fa2bcf88d20f97ecf585b32f24343e3b39`
SHA256	`a287bac6d7eccbe5c32534e510ab8df01f4c0e1e443292efc690d1f42a61ce0b`
SHA3	`0a3d1d73bfb793c31e597d87ada724e9ba173dd8ed84c54e871dfa30c5b5bc10`
VirtualSize	`0xe417`
VirtualAddress	`0x1000`
SizeOfRawData	`0xe600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.40139`

.rdata

MD5	`c5b7ec7a2db61a4d84ba437526d90471`
SHA1	`862aa5585dba8e92b5ffbf11e55ee2481b9dda6d`
SHA256	`db2dfb89f5089aeb3f214dd38f5ec81bc6c9366c3e0caa5e37aec4422c3c05f5`
SHA3	`f56464c71580077cd14604ae866593d84a31e743e01c8c73df5d68139c80b75d`
VirtualSize	`0x6de6`
VirtualAddress	`0x10000`
SizeOfRawData	`0x6e00`
PointerToRawData	`0xea00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.4524`

.data

MD5	`96506586525c7b84048464f74e4198ed`
SHA1	`d2ca0025dc8a7a49c271886aeb45da748d7e99a9`
SHA256	`eb1ddfa34e8ba6356f2e51b4f347572ccbd713c9377b286b83efd82398f4a50b`
SHA3	`6816de96a1705cca17795c8e96e0df024f547f1878b8f9e8a236b9787bcbb2f9`
VirtualSize	`0x4d8`
VirtualAddress	`0x17000`
SizeOfRawData	`0x400`
PointerToRawData	`0x15800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.393`

.pdata

MD5	`6081d806beb13798f4213017b0252829`
SHA1	`8fdf2f31d19ca721457ee69e032ae6811665b52c`
SHA256	`9bc1dc5ced76512509b37312b0e1816bda67a4e583fd2a7624595e25dcb9550e`
SHA3	`921dd6a00dd17f6ed433c4df0d197e7a6f41bdc66e8b22e2163de083ad24dcc8`
VirtualSize	`0xcc0`
VirtualAddress	`0x18000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x15c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.60857`

.rsrc

MD5	`065463fcb19d087772450d47229f013f`
SHA1	`1526b75c7eafcc2c6d9d0b0e749611a07ad4389c`
SHA256	`5e3797a40b5e8560d4230eda091820fa88a6f42bd767e7c1eb80232e93771763`
SHA3	`5b8e71979429c7b801683513e45a06a7d9048437825ee2446f950258a5add76f`
VirtualSize	`0x1e0`
VirtualAddress	`0x19000`
SizeOfRawData	`0x200`
PointerToRawData	`0x16a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.71768`

.reloc

MD5	`3dcb737cf2f7036c7382a678b4cde1c0`
SHA1	`671eaa35090421a702d34b73937d05ce3c820db2`
SHA256	`e16dbd6a9465a61eb7d051fe6ca9ed14d4e5922905456fcffd11c56e65a29765`
SHA3	`5b3fcc61f0c4a742e29380c86e6f288b28f227afe0b3bd154c509a71fbb31771`
VirtualSize	`0x90`
VirtualAddress	`0x1a000`
SizeOfRawData	`0x200`
PointerToRawData	`0x16c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.83378`

Imports

gdiplus.dll	`GdiplusStartup` `GdipCreateBitmapFromHBITMAP` `GdipDisposeImage` `GdipFree` `GdiplusShutdown` `GdipCloneImage` `GdipAlloc` `GdipSaveImageToStream`
CRYPT32.dll	`CryptBinaryToStringA`
KERNEL32.dll	`GetFileAttributesA` `VirtualQuery` `GetModuleFileNameA` `GetModuleHandleA` `CloseHandle` `WaitForSingleObject` `Sleep` `CreateThread` `GlobalUnlock` `GlobalLock` `WideCharToMultiByte` `GetUserDefaultLocaleName` `GetModuleHandleW` `GetSystemInfo` `HeapCreate` `HeapDestroy` `HeapAlloc` `HeapReAlloc` `HeapFree` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThreadId` `OpenThread` `SuspendThread` `ResumeThread` `GetThreadContext` `SetThreadContext` `FlushInstructionCache` `VirtualProtect` `CreateToolhelp32Snapshot` `Thread32First` `Thread32Next` `VirtualAlloc` `VirtualFree` `QueryPerformanceCounter` `GetSystemTimeAsFileTime` `GetLastError` `InitializeSListHead`
USER32.dll	`GetSystemMetrics` `ReleaseDC` `GetDC`
GDI32.dll	`CreateCompatibleDC` `BitBlt` `CreateDIBSection` `SelectObject` `DeleteObject` `DeleteDC`
ole32.dll	`GetHGlobalFromStream` `CLSIDFromString` `CreateStreamOnHGlobal`
ADVAPI32.dll	`GetUserNameW`
MSVCP140.dll	`?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z` `?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z` `??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `?_Id_cnt@id@locale@std@@0HA` `?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `?_Xbad_alloc@std@@YAXXZ` `??0_Lockit@std@@QEAA@H@Z` `??1_Lockit@std@@QEAA@XZ` `?uncaught_exceptions@std@@YAHXZ` `?_Xlength_error@std@@YAXPEBD@Z` `?_Xout_of_range@std@@YAXPEBD@Z` `?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ` `?always_noconv@codecvt_base@std@@QEBA_NXZ` `?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `??Bios_base@std@@QEBA_NXZ` `?good@ios_base@std@@QEBA_NXZ` `?flags@ios_base@std@@QEBAHXZ` `?width@ios_base@std@@QEBA_JXZ` `?width@ios_base@std@@QEAA_J_J@Z` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ` `?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z` `?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z` `?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ` `?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ` `?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ` `?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z` `?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ` `?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ` `?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ` `?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ` `?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ`
WININET.dll	`InternetConnectW` `InternetOpenW` `InternetCrackUrlW` `HttpOpenRequestW` `HttpSendRequestW` `InternetCloseHandle`
VCRUNTIME140.dll	`memmove` `memcmp` `__C_specific_handler` `__std_type_info_destroy_list` `memset` `_CxxThrowException` `__std_exception_destroy` `__std_terminate` `__std_exception_copy` `memcpy`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
api-ms-win-crt-heap-l1-1-0.dll	`malloc` `_callnewh` `free`
api-ms-win-crt-string-l1-1-0.dll	`strnlen` `wcslen` `strlen` `toupper` `isspace`
api-ms-win-crt-stdio-l1-1-0.dll	`ungetc` `fwrite` `_fseeki64` `fsetpos` `fread` `fputc` `fgetpos` `fflush` `fclose` `_get_stream_buffer_pointers` `setvbuf` `fgetc`
api-ms-win-crt-filesystem-l1-1-0.dll	`_lock_file` `_unlock_file`
api-ms-win-crt-utility-l1-1-0.dll	`rand` `srand`
api-ms-win-crt-time-l1-1-0.dll	`_time64`
api-ms-win-crt-runtime-l1-1-0.dll	`_crt_atexit` `_cexit` `_invoke_watson` `_execute_onexit_table` `_seh_filter_dll` `_configure_narrow_argv` `_initialize_narrow_environment` `_initialize_onexit_table` `_register_onexit_function` `_initterm_e` `_initterm`

Delayed Imports

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Dec-18 01:48:47
Version	`0.0`
SizeofData	`740`
AddressOfRawData	`0x13560`
PointerToRawData	`0x11f60`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x180017240`

RICH Header

XOR Key	`0x3e29233b`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`14`
ASM objects (35403)	`3`
C objects (35403)	`8`
C++ objects (35403)	`20`
Imports (35403)	`8`
Imports (33145)	`17`
Total imports	`193`
C objects (35214)	`4`
C++ objects (35217)	`8`
C++ objects (35720)	`3`
Resource objects (35720)	`1`
Linker (35720)	`1`

Errors

Leave a comment

No comments yet.