Manalyze report for 348d5863c8a01db43945be3738198d9dc4d64f27c9c4282d59e1bc01af11dfab

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2020-Aug-24 15:03:39
Detected languages	English - United States

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses known Mersenne Twister constants`
Malicious	The PE contains functions mostly used by malware.	`Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowA` `Uses functions commonly found in keyloggers: GetAsyncKeyState GetForegroundWindow` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges` `Interacts with services: OpenSCManagerA OpenServiceA QueryServiceStatusEx` `Manipulates other processes: Process32First WriteProcessMemory OpenProcess Process32Next ReadProcessMemory` `Reads the contents of the clipboard: GetClipboardData`
Malicious	VirusTotal score: 29/71 (Scanned on 2026-05-19 22:20:47)	`APEX: Malicious` `AhnLab-V3: Unwanted/Win.GameHack.C5583065` `Antiy-AVL: RiskWare/Win64.Gamehack` `Bkav: W32.Malware.694CB333` `CTX: exe.hacktool.generic` `CrowdStrike: win/malicious_confidence_90% (W)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `ESET-NOD32: Win64/GameHack.FL potentially unsafe application` `Fortinet: Adware/GameHack` `Google: Detected` `Gridinsoft: Hack.Win64.GameHack.oa!s1` `K7AntiVirus: Trojan ( 005b12771 )` `K7GW: Trojan ( 005b12771 )` `Lionic: Trojan.Win32.GameHack.4!c` `Malwarebytes: RiskWare.GameHack` `MaxSecure: Trojan.Malware.325683076.susgen` `McAfeeD: ti!348D5863C8A0` `Paloalto: generic.ml` `Rising: Trojan.Kryptik@AI.84 (RDML:EEtduQ7uHxQp2TILWnuAyA)` `SentinelOne: Static AI - Suspicious PE` `Skyhigh: BehavesLike.Win64.Injector.gh` `Sophos: Generic Reputation PUA (PUA)` `Symantec: ML.Attribute.HighConfidence` `TrellixENS: Artemis!AD7057A3D147` `Varist: W64/ABTrojan.HYMF-3884` `ViRobot: Adware.GameHack.440320.A` `Xcitium: ApplicUnwnt@#1fy8yz8i17qvx` `huorong: Trojan/Agent.cgri!crit`

Hashes

MD5	`ad7057a3d1472fa03f068feb89eb81e0`
SHA1	`3c460a273a32961823c64e3b2c471b2eb48ed0a8`
SHA256	`348d5863c8a01db43945be3738198d9dc4d64f27c9c4282d59e1bc01af11dfab`
SHA3	`30f365e35a38b0dc521bab73520cd151da8f03a9dd4d4ca2c04b4bab171a4e3d`
SSDeep	`12288:Pil9fU2f6xmRYNS35PByptXLhu7YR44Lnt4+:PqFU2SxBY35PByptMYRDnt4`
Imports Hash	`d76f672ed6f495da4bb83044aeaf8537`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2020-Aug-24 15:03:39
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x4fa00`
SizeOfInitializedData	`0x1c400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000004EEE8 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x70000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`cd8c35d886a76d8801ea5e9f0135c849`
SHA1	`7dce9c1181e7cbded9774b5fd575c9f6d89a87fb`
SHA256	`05f95520d8814d3044af14e505dd4f6439b405c614d1b3c9d3b539d32e2d474e`
SHA3	`cf5c97dbac9b667cf30cfa75bc7c3149d7213594cb2eadc7a701d627235aa909`
VirtualSize	`0x4f997`
VirtualAddress	`0x1000`
SizeOfRawData	`0x4fa00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.47247`

.rdata

MD5	`c5ff15f7416440e65ffaa2873916e2c9`
SHA1	`666745bd758ef0a655334502964286d23774d012`
SHA256	`489dfc0666417fc328d843a43c49cf6bfac3cdcfd264830fe29a68fceb8959c4`
SHA3	`a04751fd9e10c8e91bffce1b4e43c71e0d87a31a1427e073a71f721f897a2163`
VirtualSize	`0x17874`
VirtualAddress	`0x51000`
SizeOfRawData	`0x17a00`
PointerToRawData	`0x4fe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.63875`

.data

MD5	`193da4fe2ccc93f03176736ee3a85324`
SHA1	`5c7ccf2313da0cc88ca6ccf37fe4e43f4534d661`
SHA256	`0305faadb0a29eacc3b315fef4556f1458be3073f733338a0fe4c9aeb255ce5b`
SHA3	`45eb5921c2bb7b9b52806707148ed0f9be27f1ba4d80409144215a8ef44639a0`
VirtualSize	`0xf60`
VirtualAddress	`0x69000`
SizeOfRawData	`0x600`
PointerToRawData	`0x67800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.61844`

.pdata

MD5	`2ec2c40276c8b70ca7cfc018648689cb`
SHA1	`c5a2af92173baecf08d565a408e577b5dd2d69a5`
SHA256	`9e0ef66a6221fa1288c5cc42ab417428137674839f589802df8b807a7b10883e`
SHA3	`bdf1cf584a731d34e1fb4221a8e30cd0a7b53efa8409cad3aa225a401f47b6e8`
VirtualSize	`0x3420`
VirtualAddress	`0x6a000`
SizeOfRawData	`0x3600`
PointerToRawData	`0x67e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.64286`

.rsrc

MD5	`e1d7472b0600e7c61019d9ad751c3b00`
SHA1	`8de974c9925228391f4caae26c37b987073d2b23`
SHA256	`5261aff6ba8df1fc3c4253d4b290149fc0cd964e0f9316df91cecd261cc40b01`
SHA3	`1ecced553fe0f98f6144f6d3cac872b62c48b4fe0701a76220b4b907437806b3`
VirtualSize	`0x1e8`
VirtualAddress	`0x6e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6b400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.77204`

.reloc

MD5	`c18ab7cd578cb794c066ab030c324b58`
SHA1	`21711c152e7222afe4161a36c24cc9a2fa23b23b`
SHA256	`7d18e1789e78adaed8b77b0634c465a69dd6af1109c3aed2dce6f65aefa52c8b`
SHA3	`0c2c00f7afd79bb595b1f8a8395178aeed4d366d2063930f05c6bf7a87736140`
VirtualSize	`0x13c`
VirtualAddress	`0x6f000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6b600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.72837`

Imports

d3d11.dll	`D3D11CreateDeviceAndSwapChain`
D3DCOMPILER_47.dll	`D3DCompile`
KERNEL32.dll	`GetModuleFileNameA` `Process32First` `WriteProcessMemory` `GetCurrentProcess` `OpenProcess` `CreateToolhelp32Snapshot` `Process32Next` `CloseHandle` `ReadProcessMemory` `VirtualQueryEx` `FindFirstFileA` `FindNextFileA` `FindClose` `GetModuleHandleA` `FreeConsole` `QueryPerformanceCounter` `GetCurrentProcessId` `IsDebuggerPresent` `InitializeSListHead` `IsProcessorFeaturePresent` `TerminateProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `GetModuleHandleW` `CreateEventW` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `GetProcAddress` `QueryPerformanceFrequency` `GlobalUnlock` `WideCharToMultiByte` `GlobalLock` `GlobalFree` `GlobalAlloc` `MultiByteToWideChar` `GetSystemTimeAsFileTime` `GetCurrentThreadId`
USER32.dll	`GetClientRect` `LoadCursorA` `SetCursor` `SetCapture` `GetWindowThreadProcessId` `DispatchMessageA` `DestroyWindow` `ShowWindow` `GetAsyncKeyState` `GetWindowTextA` `DefWindowProcA` `CreateWindowExA` `TranslateMessage` `SendMessageA` `PeekMessageA` `UnregisterClassA` `GetWindowTextLengthA` `FindWindowA` `RegisterClassExA` `UpdateWindow` `GetKeyState` `ReleaseCapture` `GetForegroundWindow` `CloseClipboard` `EmptyClipboard` `OpenClipboard` `IsChild` `GetClipboardData` `SetClipboardData` `ClientToScreen` `GetCursorPos` `GetCapture` `ScreenToClient` `SetCursorPos`
ADVAPI32.dll	`LookupPrivilegeValueA` `CloseServiceHandle` `OpenSCManagerA` `OpenProcessToken` `OpenServiceA` `QueryServiceStatusEx` `AdjustTokenPrivileges`
IMM32.dll	`ImmReleaseContext` `ImmGetContext` `ImmSetCompositionWindow`
XINPUT1_4.dll	`#4` `#2`
MSVCP140.dll	`??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z` `??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?always_noconv@codecvt_base@std@@QEBA_NXZ` `??Bid@locale@std@@QEAA_KXZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?_Xout_of_range@std@@YAXPEBD@Z` `?_Xlength_error@std@@YAXPEBD@Z` `_Query_perf_frequency` `??1_Lockit@std@@QEAA@XZ` `??0_Lockit@std@@QEAA@H@Z` `?_Throw_Cpp_error@std@@YAXH@Z` `?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ` `?uncaught_exception@std@@YA_NXZ` `?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z` `?_Random_device@std@@YAIXZ` `_Cnd_do_broadcast_at_thread_exit` `_Thrd_sleep` `_Thrd_id` `_Query_perf_counter` `_Xtime_get_ticks` `_Thrd_join` `?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z` `?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@F@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z` `?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z` `?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z` `?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`memset` `memmove` `memcpy` `memcmp` `__C_specific_handler` `__current_exception_context` `__current_exception` `__std_type_info_name` `__std_type_info_compare` `__std_exception_destroy` `strstr` `__std_terminate` `_CxxThrowException` `__std_exception_copy` `memchr`
api-ms-win-crt-stdio-l1-1-0.dll	`_get_stream_buffer_pointers` `getchar` `setvbuf` `fgetpos` `fsetpos` `_fseeki64` `fgetc` `__stdio_common_vsprintf_s` `ftell` `fputc` `__p__commode` `_set_fmode` `__acrt_iob_func` `ungetc` `__stdio_common_vsscanf` `fread` `__stdio_common_vsprintf` `_wfopen` `fwrite` `fflush` `fseek` `fclose`
api-ms-win-crt-string-l1-1-0.dll	`isalnum` `strcmp` `strncpy`
api-ms-win-crt-utility-l1-1-0.dll	`rand` `srand` `qsort`
api-ms-win-crt-heap-l1-1-0.dll	`free` `_set_new_mode` `_callnewh` `malloc`
api-ms-win-crt-convert-l1-1-0.dll	`strtoul` `atof` `strtof`
api-ms-win-crt-runtime-l1-1-0.dll	`_get_initial_narrow_environment` `_initterm` `_initterm_e` `_invalid_parameter_noinfo_noreturn` `__p___argc` `__p___argv` `_c_exit` `_register_thread_local_exe_atexit_callback` `_seh_filter_exe` `_cexit` `exit` `_beginthreadex` `_crt_atexit` `_register_onexit_function` `terminate` `_set_app_type` `_initialize_onexit_table` `_initialize_narrow_environment` `_configure_narrow_argv` `_exit`
api-ms-win-crt-math-l1-1-0.dll	`log2f` `sinf` `ceilf` `ceil` `acosf` `sqrtf` `cosf` `powf` `pow` `floorf` `fmodf` `atan2f` `log2` `__setusermatherr`
api-ms-win-crt-filesystem-l1-1-0.dll	`_unlock_file` `_lock_file`
api-ms-win-crt-environment-l1-1-0.dll	`getenv`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2020-Aug-24 15:03:39
Version	`0.0`
SizeofData	`888`
AddressOfRawData	`0x60614`
PointerToRawData	`0x5f414`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2020-Aug-24 15:03:39
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x1400609b0`
EndAddressOfRawData	`0x1400609b8`
AddressOfIndex	`0x140069c24`
AddressOfCallbacks	`0x1400518a0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x130`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140069010`

RICH Header

XOR Key	`0xc4ea6bf8`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`20`
Imports (VS 2015/2017/2019 runtime 28920)	`6`
C++ objects (VS 2015/2017/2019 runtime 28920)	`30`
C objects (VS 2015/2017/2019 runtime 28920)	`10`
ASM objects (VS 2015/2017/2019 runtime 28920)	`4`
Imports (VS2017 v14.15 compiler 26715)	`17`
Total imports	`279`
C++ objects (LTCG) (VS2019 Update 7 (16.7.1) compiler 29111)	`7`
Resource objects (VS2019 Update 7 (16.7.1) compiler 29111)	`1`
Linker (VS2019 Update 7 (16.7.1) compiler 29111)	`1`

Errors

Leave a comment

No comments yet.