Manalyze report for 40404d21640c706e184e96cf6c23528997acae6305e66f09a0ac161d26ed34f2

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Apr-13 02:24:07

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryExW`
Malicious	VirusTotal score: 3/70 (Scanned on 2026-04-25 10:37:40)	`APEX: Malicious` `Bkav: W64.AIDetectMalware` `CrowdStrike: win/malicious_confidence_60% (D)`

Hashes

MD5	`7a88f9cf5085ca81d4e397af7e30af7a`
SHA1	`47dd728eb872128da10cf7400f831a0113b42ee6`
SHA256	`40404d21640c706e184e96cf6c23528997acae6305e66f09a0ac161d26ed34f2`
SHA3	`5cdb7f9402b37c4202873fa44b7eb830f4584da68dbae19c0ba578694c9c5023`
SSDeep	`3072:FOYyaJoKB4n9EftPlHwdrxM+uB8IHuIaWx0JicQ7/FoqP1oTse8ZVUs3uTHNMuc:wwoicW+uEIaWx0JvQ7dl+P8Zmqr/b7`
Imports Hash	`e6db9d31031a63953685e5856384298f`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2026-Apr-13 02:24:07
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x37c00`
SizeOfInitializedData	`0x1b600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000012B14 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x57000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e4e8f7e3f07dbb552b749b2da430cf49`
SHA1	`85cfb593b0d789160e9ff50fa188e002ca329148`
SHA256	`afae98a83bd455e33d0025221f7403825ff1cf6840731fa2f8934267d32ade8e`
SHA3	`d1bc06ae7a94a41fe3cff8fb00fd7144b22972e52d60d5233cab6a12230ad76b`
VirtualSize	`0x37a48`
VirtualAddress	`0x1000`
SizeOfRawData	`0x37c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.4654`

.rdata

MD5	`6e0fb1f487d17a75f7ea2009cde9c57b`
SHA1	`bbfce8119943d0531d4da3a95ddf0521c716abd6`
SHA256	`b819f1bef6e00605cb24e33360702ad884048cc3191f5c054145615923164919`
SHA3	`466d3200de1a85a1bcf86b877ba98430dedfab061631214bd4d902343bd5cde0`
VirtualSize	`0x14510`
VirtualAddress	`0x39000`
SizeOfRawData	`0x14600`
PointerToRawData	`0x38000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.10525`

.data

MD5	`d351d48725861becc9853f7b5565a159`
SHA1	`f62e398d715e314c1005f9f77f23ac1a9343d7e2`
SHA256	`f564e174f8a12216d14246b045dfebb7ebef64dcd5d5fc078a745d4ef13184b2`
SHA3	`4781304eb0734f67c3682cfad18de4cee7df6c31f8eeded70d421acda6b0b928`
VirtualSize	`0x331c`
VirtualAddress	`0x4e000`
SizeOfRawData	`0x1800`
PointerToRawData	`0x4c600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.89868`

.pdata

MD5	`a58e606cfa3c779ead46866dd5b3fe4e`
SHA1	`604182f133ce5ab08fddafe5ff0b68ccb19cc355`
SHA256	`c077b7bd2fa20a3cbdf050364d45acfcd1309144330e6d9c7dc76519364f2c75`
SHA3	`85443c408c0516fb92c502996d71d695613c024ffdb142b604a6d94e22f51014`
VirtualSize	`0x2c58`
VirtualAddress	`0x52000`
SizeOfRawData	`0x2e00`
PointerToRawData	`0x4de00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.44884`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x100`
VirtualAddress	`0x55000`
SizeOfRawData	`0x200`
PointerToRawData	`0x50c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.reloc

MD5	`3b622edca309fd3f68c2ff0f440c7a48`
SHA1	`6ce14cf1be62d6d8f9de1639a59cd57581a9184b`
SHA256	`5fd0e78edab1f984f4b687f8b145ef86ab0dbf3b8a6fa72b213d6296e29a5032`
SHA3	`338f846c31c2486fa6037c9356b252779e07057389d162ad155079090ee97bb6`
VirtualSize	`0xa6c`
VirtualAddress	`0x56000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x50e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.1377`

Imports

USER32.dll	`TranslateMessage` `DispatchMessageA` `SendMessageA` `LoadCursorA` `EnumChildWindows` `FillRect` `AdjustWindowRect` `GetClientRect` `SetWindowTextA` `InvalidateRect` `EndPaint` `BeginPaint` `DrawTextA` `GetAsyncKeyState` `ShowWindow` `DestroyWindow` `CreateWindowExA` `RegisterClassA` `PostQuitMessage` `DefWindowProcA` `PostMessageA` `GetMessageA`
GDI32.dll	`MoveToEx` `SetTextColor` `SetBkMode` `SelectObject` `RoundRect` `LineTo` `DeleteObject` `CreateSolidBrush` `CreatePen` `CreateFontA`
COMCTL32.dll	`InitCommonControlsEx`
d3d11.dll	`D3D11CreateDevice`
KERNEL32.dll	`GetOEMCP` `GetACP` `IsValidCodePage` `FindNextFileW` `GetCommandLineA` `FindClose` `HeapReAlloc` `ReadConsoleW` `GetCommandLineW` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `GetProcessHeap` `SetStdHandle` `CreateFileW` `HeapSize` `SetEndOfFile` `WriteConsoleW` `FindFirstFileExW` `SetFilePointerEx` `GetFileSizeEx` `Sleep` `GetModuleFileNameA` `FreeLibrary` `GetProcAddress` `LoadLibraryA` `CloseHandle` `WaitForSingleObjectEx` `GetCurrentThreadId` `GetExitCodeThread` `WideCharToMultiByte` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionEx` `DeleteCriticalSection` `QueryPerformanceCounter` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `TryAcquireSRWLockExclusive` `WakeAllConditionVariable` `EncodePointer` `DecodePointer` `MultiByteToWideChar` `LCMapStringEx` `GetSystemTimeAsFileTime` `GetModuleHandleW` `RtlUnwind` `GetStringTypeW` `GetCPInfo` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetCurrentProcess` `TerminateProcess` `GetCurrentProcessId` `InitializeSListHead` `ReadFile` `RtlPcToFileHeader` `RaiseException` `RtlUnwindEx` `GetLastError` `SetLastError` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `LoadLibraryExW` `CreateThread` `ExitThread` `FreeLibraryAndExitThread` `GetModuleHandleExW` `ExitProcess` `GetModuleFileNameW` `GetStdHandle` `WriteFile` `HeapAlloc` `HeapFree` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `VirtualProtect` `LCMapStringW` `GetLocaleInfoW` `IsValidLocale` `GetUserDefaultLCID` `EnumSystemLocalesW` `GetFileType` `FlushFileBuffers` `GetConsoleOutputCP` `GetConsoleMode`

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Apr-13 02:24:07
Version	`0.0`
SizeofData	`900`
AddressOfRawData	`0x48ad4`
PointerToRawData	`0x47ad4`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14004e2c0`

RICH Header

XOR Key	`0x3a63a30c`
Unmarked objects	`0`
C++ objects (33145)	`175`
C objects (33145)	`18`
ASM objects (33145)	`8`
ASM objects (35207)	`10`
C objects (35207)	`16`
C++ objects (35207)	`91`
Imports (33145)	`11`
Total imports	`169`
C++ objects (35225)	`3`
Linker (35225)	`1`

Errors

Leave a comment

No comments yet.