Manalyze report for 349d04717f051421a2d33af56cb18241

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2025-Aug-26 07:33:47
Detected languages	English - United States
Debug artifacts	E:\Projects\shiroTools\hashlink\src\x64\Release\hl.pdb

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress LoadLibraryExA`

Hashes

MD5	`349d04717f051421a2d33af56cb18241`
SHA1	`77b2d8ab884af8079695e0c6e747aba31ffc1542`
SHA256	`7d8158123909e6787cb5a39fe4e303b02ffeabdd8d04d029116cf91684bda64d`
SHA3	`332876eb5865647e49aae85bce9fd86a5a8be06574b94ccedf39c360764336b5`
SSDeep	`6144:9rO69Xr2uWAzkSgwdZoWAFlZBXLzqxO3STIG43HNALB9n76EiwUjmgO+bvqYU:dFyqYDwaFV3SUP3HNALB9ndiwqOcvqY`
Imports Hash	`36c34d862b25a4096cdabcbd80dd50a1`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x120`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2025-Aug-26 07:33:47
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x19a00`
SizeOfInitializedData	`0x60e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000019FC0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x82000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`36509a8d5edce55cc0e488333e53b7d8`
SHA1	`3b81ffb9df1ef2bc8711b26bc2050419f92f05d0`
SHA256	`bb8464e912cc8223a0fba4c8f7164fa7cc33ac6a6ee57c957d02e64003e5eb3c`
SHA3	`85016ae8a8245534d7a6be934550832756e556a613ec5adec10e369778e999c4`
VirtualSize	`0x198ac`
VirtualAddress	`0x1000`
SizeOfRawData	`0x19a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.35908`

.rdata

MD5	`a75b466a6ec158bd7cdf42e0dfc1ef04`
SHA1	`3b78ebff8e9725285888d20124929364cbcff93f`
SHA256	`c756cb7f8a3fa2952459d0a4d6daef7110cf5e97ab00699c7ac96c193e52d456`
SHA3	`8c6000fb4c6590e0afb0a1be3837c89314fc3757c48e92c59cdc21d2cdad7b29`
VirtualSize	`0x4794`
VirtualAddress	`0x1b000`
SizeOfRawData	`0x4800`
PointerToRawData	`0x19e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.29337`

.data

MD5	`d4badfc6af022e395638a9e6c11dec23`
SHA1	`f609db6a327f1e670e62754afcd3a38a8e1a7594`
SHA256	`6885753701a2158f9ea398220fbf9c576878811806c37b0cedde5e55b2af593c`
SHA3	`65386746ad5c0eb4fbdf9141fe6372aac37ff39c3677c2f7b33a301d8dea8cee`
VirtualSize	`0x4a40`
VirtualAddress	`0x20000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x1e600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.12494`

.pdata

MD5	`1b48d5a5fcc5f241073b7fe81f7d926a`
SHA1	`e424faf32d3ee9d6a2490dc72bf6380754017ba6`
SHA256	`ff9c13284d306673f9003578495acf4c0768efea71db02b5efc7c5173ac9640e`
SHA3	`42d439a95a7e03b41d37fa010f381f23f3141056c443eb43baa14ed1a97627a3`
VirtualSize	`0xb1c`
VirtualAddress	`0x25000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x1f000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.75011`

.rsrc

MD5	`e040c02ef1ef548194a57bb1f67045c2`
SHA1	`191aefdc8b639dc8214a8a98e50238c7e698d7df`
SHA256	`5b2ff7dc98960f092a2ce35d7ddf8b37d94905ba19ae2e10d5afa5fcbe7bb428`
SHA3	`25c8e11fa6ba8fd4d4c38fccb7ab4279bfa4c36b9615c2bafbfbd6e8dbda4fae`
VirtualSize	`0x5adec`
VirtualAddress	`0x26000`
SizeOfRawData	`0x5ae00`
PointerToRawData	`0x1fc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.87416`

.reloc

MD5	`d75159fb29c17e3aa5d349d14c86c326`
SHA1	`271b8ebd27d69966624541739f729a46deeabce9`
SHA256	`2af7b72ae5a579ac1f3aa0ef49b3702fdbdda25472cb53233134b112ba141c7c`
SHA3	`c538de363c7c25a44243f0a994bf81e8fda6939467c7c2c38048105db38691a7`
VirtualSize	`0x19c`
VirtualAddress	`0x81000`
SizeOfRawData	`0x200`
PointerToRawData	`0x7aa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.63406`

Imports

libhl.dll	`hl_alloc_dynamic` `hl_to_virtual` `hlt_dyn` `hl_alloc_virtual` `hl_assert` `hl_dyn_casti64` `hl_alloc_buffer` `hl_field_name` `hl_buffer_content` `hl_dyn_call` `hl_socket_recv` `hl_socket_listen` `hl_get_thread` `hl_socket_bind` `hl_gc_threads_info` `hl_remove_root` `hl_dyn_setf` `hl_thread_start` `hl_sys_sleep` `hl_socket_send` `hl_socket_init` `hl_setup_reload_check` `hl_socket_accept` `hl_add_root` `hl_closure_stack_capture` `hl_pad_struct` `hl_socket_close` `hl_alloc_init` `hl_from_utf8` `hlt_void` `hl_zalloc` `hl_hash_gen` `hl_free` `hl_detect_debugger` `hl_malloc` `hl_global_init` `hl_sys_time` `hl_dyn_setd` `hlt_f64` `hl_dyn_call_safe` `hl_print_uncaught_exception` `hl_global_free` `hl_setup_profiler` `hl_init_virtual` `hl_obj_field_fetch` `hl_same_type` `hl_free_executable_memory` `hl_gc_set_dump_types` `hl_setup_vtune` `hl_setup_exception` `hl_to_utf8` `hl_fatal_fmt` `hl_make_dyn` `hl_flush_proto` `hl_alloc_obj` `hl_prim_not_loaded` `hl_init_enum` `hl_hash_utf8` `hl_dyn_geti64` `hl_is_dynamic` `hl_dyn_castf` `hl_dyn_getf` `hl_setup_callbacks2` `hl_alloc_dynobj` `hl_dyn_call_obj` `hl_dyn_compare` `hl_sys_init` `hl_type_size` `hl_buffer_str` `hl_dyn_getd` `hl_dyn_geti` `hl_rethrow` `hl_alloc_strbytes` `hl_alloc_closure_ptr` `hl_register_thread` `hl_dyn_castp` `hl_dyn_setp` `hl_throw` `hl_setup_longjump` `hlt_bytes` `hl_dyn_seti` `hl_dyn_casti` `hl_dyn_castd` `hl_alloc_dynbool` `hl_dyn_getp` `hl_dyn_seti64` `hl_sys_getpid` `hl_fatal_error` `hl_alloc_executable_memory` `hl_get_obj_rt` `hl_socket_new` `hl_alloc_enum` `hl_utf8_length`
USER32.dll	`MessageBoxA`
KERNEL32.dll	`RtlLookupFunctionEntry` `LoadLibraryA` `GetProcAddress` `SuspendThread` `ResumeThread` `CloseHandle` `GetThreadContext` `OpenThread` `GetEnvironmentVariableA` `LoadLibraryExA` `GetModuleHandleW` `IsProcessorFeaturePresent` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `IsDebuggerPresent` `RtlVirtualUnwind` `QueryPerformanceCounter` `RtlCaptureContext` `InitializeSListHead` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `GetCurrentProcessId` `FreeLibrary`
VCRUNTIME140.dll	`__C_specific_handler` `__intrinsic_setjmp` `__current_exception` `__current_exception_context` `memset` `memcmp` `strstr` `memcpy`
api-ms-win-crt-stdio-l1-1-0.dll	`__acrt_iob_func` `__p__commode` `_set_fmode` `fwrite` `fopen` `__stdio_common_vswprintf` `fflush` `fread` `_wfopen` `fseek` `__stdio_common_vfwprintf` `fclose` `ftell` `__stdio_common_vsprintf` `__stdio_common_vfprintf`
api-ms-win-crt-heap-l1-1-0.dll	`free` `malloc` `_set_new_mode`
api-ms-win-crt-runtime-l1-1-0.dll	`_register_onexit_function` `_initialize_onexit_table` `_register_thread_local_exe_atexit_callback` `_c_exit` `_cexit` `_crt_atexit` `__p___argc` `_exit` `_initterm_e` `_initterm` `_get_initial_wide_environment` `_initialize_wide_environment` `_configure_wide_argv` `_set_app_type` `_seh_filter_exe` `terminate` `__p___wargv` `exit`
api-ms-win-crt-math-l1-1-0.dll	`fmod` `__setusermatherr` `fmodf`
api-ms-win-crt-filesystem-l1-1-0.dll	`_wstat32`
api-ms-win-crt-convert-l1-1-0.dll	`wcstol` `wcstombs`
api-ms-win-crt-environment-l1-1-0.dll	`getenv`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x200ac`

NvOptimusEnablement

Ordinal	`2`
Address	`0x200a8`

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.12395`
MD5	`e8d1f459ec1e08cf77aa910bb05f76bb`
SHA1	`4cdc6e26d4cb17c953bfe89b5750b81412e8416a`
SHA256	`b8dfd5b67af200dc4ff667319c39deafdc937f6d60b123f16cd002aec7c5074a`
SHA3	`59989b14ca39dfd83047900a491e0fc48636769bc79a2ac841fb8087ac60681e`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.83548`
MD5	`45886aedbb96a1935136b578438d7f7f`
SHA1	`d02dd60e59e5355ab84d2d114f219c53fcda0caa`
SHA256	`0d85f25586057643e3cdfbe67963d10bd4cb19a12abbbe20c2fb8be587d8b11c`
SHA3	`7b0e5685370edcbdca2beae633747a679ec65331d54314eebbc32609b7593581`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.63773`
MD5	`0643b92b77b9663f8342ee480031c187`
SHA1	`33035eeb92adac244bbb499c69acf456de8a9942`
SHA256	`44b7f74f420b4614df986825c41e222a46d952b4c9c1ad111900d48bfe5017ed`
SHA3	`63928510d8f6224162e0aafc30e39fabb279f16859b97cc62a5c3eb77ba02b25`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.24533`
MD5	`7f2ff467947083b3336744e099261d3d`
SHA1	`22c28fad3d2ef830e22089e57cc10a83eeca3838`
SHA256	`7486cd3ec56bfcede65aecda0b7e795bf1db4eebacdf53d8a5a62927adbd1d0f`
SHA3	`0b8acc37cbee1382e47db2f73cb7d01f5d1316a32d7afba377bde1c885c23f86`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.09092`
MD5	`5cafe46b964fc89888243a6a1656e4e9`
SHA1	`5508481d88e54ef310e1e3b8d45c79512bd36c4c`
SHA256	`49048cf286c4ebe8bb1aaa2360fcb259402c081cb144740498d61083674fe117`
SHA3	`799c3186bb4f4f056087591adc2d8566362cae00ac2783c4d03825bca3c4f9af`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.01005`
MD5	`ba9014e2ada0da491042d5b22d7816e5`
SHA1	`c7aab318bd68ed10bf20ebb20834da960f1e6972`
SHA256	`a39d89a65980b125395589810c4fcbdc698a870ffee5abe63f745d62fc1ee4e0`
SHA3	`e74361875dd08a82640613d097d39c235c54e1d747bc6b743b3bc30d2feb4ddc`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.97708`
MD5	`eb40e40289bb4d3515974dda01ef9311`
SHA1	`23bd5d3102c39e1864ccdc8f93d7ff32dd29d0ae`
SHA256	`ac6edd892e475c633fb3f4f58362efa2fe5c63558e60cba1af3b46966b7f6cc6`
SHA3	`a52d1a2dd06029acfaa4c32fd55b8d1c9ea32cacf65ebef732a01c7766c41816`

8

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.92598`
MD5	`190a49cee9d1796a4e19a8479be8d302`
SHA1	`0960734437af779b9aa796fe187c581ec60bd0f2`
SHA256	`e05c490cf81044ef83c3fe4bfcb1bc703fa9bb5a9c20b38c42d53ae3775f2c4b`
SHA3	`4beec27ce2da6dd5bf1c458c4b4b56def03b8ee0cb3575c76ad124583d1e14ae`

9

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x13375`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98974`
MD5	`f52414702af8308763dda7d650f136a3`
SHA1	`8028657c482f372ac47fbfbae865bd2bf5da0aec`
SHA256	`6cf107cc541b49030dfffbe05a85632b33222d5485fa3cd0ab38f6ce68638530`
SHA3	`952ca9e68438e9e8659120a234e415b08277b7a5dede6e2a1c894ab1e6b29ee1`

1 (#2)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.00943`
MD5	`2c10609e6e77dadecfa7409827a1791e`
SHA1	`b2d48b1ec7a785f0a9f1cc88d8d5505a383f9b90`
SHA256	`6d91aa5e16fb3cc15b413a76678dbdfead5d882c03bcf23f17a9c446d6dacae0`
SHA3	`84d50ad59bdae47a65d62bd4d85f33204bcbbcaca399c54b6f3edcc68b304720`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x227`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.06343`
MD5	`bd5b97c8c5f843a48753f99cf80d27a1`
SHA1	`79c7a4cc0777cc5475141fa688f7c6929e8d0821`
SHA256	`97686763b3d9c9018c2274802d03d39cfb4b9d58b8ec8c03b7bb519e6ac79157`
SHA3	`43bedc35f2a9c52e621dc6638a8f52363f9fb72e918f67c47865f235f7759444`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Aug-26 07:33:47
Version	`0.0`
SizeofData	`79`
AddressOfRawData	`0x1d1a0`
PointerToRawData	`0x1bfa0`
Referenced File	E:\Projects\shiroTools\hashlink\src\x64\Release\hl.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Aug-26 07:33:47
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x1d1f0`
PointerToRawData	`0x1bff0`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Aug-26 07:33:47
Version	`0.0`
SizeofData	`660`
AddressOfRawData	`0x1d204`
PointerToRawData	`0x1c004`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2025-Aug-26 07:33:47
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140020078`

RICH Header

XOR Key	`0x4ae8557e`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`16`
Imports (30034)	`2`
253 (28518)	`1`
C++ objects (30034)	`18`
C objects (30034)	`9`
ASM objects (30034)	`2`
C objects (VS2022 Update 1 (17.1.4-5) compiler 31106)	`1`
Imports (33140)	`4`
Imports (30159)	`3`
Total imports	`176`
C objects (LTCG) (30159)	`6`
Exports (30159)	`1`
Resource objects (30159)	`1`
Linker (30159)	`1`

Errors

[*] Warning: Please edit the configuration file with your VirusTotal API key.
[!] Error: Could not load yara_rules/bitcoin.yara!
[!] Error: Could not load yara_rules/monero.yara!
[!] Error: Could not load yara_rules/compilers.yara!
[!] Error: Could not load yara_rules/findcrypt.yara!
[!] Error: Could not load yara_rules/suspicious_strings.yara!
[!] Error: Could not load yara_rules/domains.yara!
[!] Error: Could not load yara_rules/peid.yara!