Manalyze report for 43e73dbb77c6bb74083aab40b6f34436

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Jan-28 13:44:55
Detected languages	English - United States
FileDescription	Cortex
FileVersion	`1.0.13.0`
ProgramID	com.embarcadero.Cortex
ProductName	Cortex
ProductVersion	`1.0.0.0`

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .itext` `Unusual section name found: .didata` `Unusual section name found: .HXy` `Unusual section name found: .UC6` `Unusual section name found: .debug` `Unusual section name found: .mFU` `Unusual section name found: .\Kx` `Unusual section name found: .Z,c`
Info	The PE contains common functions which appear in legitimate applications.	`Can access the registry: RegSetValueExW` `Has Internet access capabilities: URLDownloadToFileW WinHttpGetIEProxyConfigForCurrentUser`
Info	The PE is digitally signed.	`Signer: TUS-DATA YAYINCILIK E\xC4\x9E\xC4\xB0T\xC4\xB0M DANI\xC5\x9EMANLIK SA\xC4\x9E.B\xC4\xB0L.H\xC4\xB0Z.SAN.T\xC4\xB0C A.\xC5\x9E.` `Issuer: GlobalSign GCC R45 EV CodeSigning CA 2020`

Hashes

MD5	`43e73dbb77c6bb74083aab40b6f34436`
SHA1	`2dd6b2e180cc93f8abafd8054c74794406efcbf2`
SHA256	`4eca02a341511bbed914d03e88a6193befb0df3f7f6d9739560524133712d6bb`
SHA3	`1d8e50dbe718bd8943803c90a0ca7954d79d6314638763fa10a5570fcd3a9d27`
SSDeep	`393216:XRPjo/Gar4twPvpcVX4+MgK3awZRfXszGCJi1BzXLHK:Jo/GKvpcVI+MFK2RfXvi+tbq`
Imports Hash	`d4337c4b8a4675be64a7723ba8e18aa0`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`17`
TimeDateStamp	2025-Jan-28 13:44:55
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x382600`
SizeOfInitializedData	`0xf0e381`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x01D66CA2 (Section: .Z,c)`
BaseOfCode	`0x1000`
BaseOfData	`0x385000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x2bbc000`
SizeOfHeaders	`0x600`
Checksum	`0x112c388`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x37f2a8`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.itext

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x3098`
VirtualAddress	`0x381000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.data

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x1188c`
VirtualAddress	`0x385000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x78a0`
VirtualAddress	`0x397000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x39da`
VirtualAddress	`0x39f000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.didata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xf0a`
VirtualAddress	`0x3a3000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.edata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x6f`
VirtualAddress	`0x3a4000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.tls

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x5c`
VirtualAddress	`0x3a5000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rdata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x5d`
VirtualAddress	`0x3a6000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.HXy

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x4d990`
VirtualAddress	`0x3a7000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.UC6

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x90c00`
VirtualAddress	`0x3f5000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.debug

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xe19581`
VirtualAddress	`0x486000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.mFU

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x7f6d8b`
VirtualAddress	`0x12a0000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.\Kx

MD5	`0f39871c51e4a3e2c6d584e1d0618f11`
SHA1	`bfafa1b5595dfc6d2a2af9394f6ab08d9fd7e237`
SHA256	`9407073c1aa30c9ca6d52cd21d08e17e865105a03df666bb33845cee300c3417`
SHA3	`95e15df479340a17b895d5b24dba8575efb285621018ecaf8c7f5012ebaa0d6c`
VirtualSize	`0x108`
VirtualAddress	`0x1a97000`
SizeOfRawData	`0x200`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.38871`

.Z,c

MD5	`e985123cc9a9c019d7309b1a1975459b`
SHA1	`8858f3784b31f1df46427f71da77b9365dddd323`
SHA256	`a841e73540ac6448f9535e97d1933e3eec31f154eeda0b521a670a3dcbf03fb9`
SHA3	`fe4f54e2ae61f4ebb8cf388fcadc4541b69495c6d783bdaf7893c3bf4e7a298b`
VirtualSize	`0x1101620`
VirtualAddress	`0x1a98000`
SizeOfRawData	`0x1101800`
PointerToRawData	`0x800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.97254`

.rsrc

MD5	`0e3b04ea306903b4642b41e37f82027b`
SHA1	`727ea24eb1036fcbc4a11d562e97bf9256aa2ec2`
SHA256	`5e0d01b859995aea2dd7942677218641a2cb23a0bc5d016dc1ecc39eb5c2ce61`
SHA3	`94e4f9766c1d6e70da1bd6ce112ce86218564e2a45b9b6629da1b0616c334bce`
VirtualSize	`0x20186`
VirtualAddress	`0x2b9a000`
SizeOfRawData	`0x20200`
PointerToRawData	`0x1102000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.66151`

.reloc

MD5	`253a33c894deca7b2bc67e8b2d32a806`
SHA1	`1cd5f3e21888564f1c3aa80653a86d637209522b`
SHA256	`a2a5ca9c1d74c4d5202f0258ec1e6cf32e08e72856af44c45d4e4a03b3652ded`
SHA3	`4a9e0ea08e6c5ee6e3ceb1d09753e25e4b9b812d75366404ce84535b030733c7`
VirtualSize	`0x77c`
VirtualAddress	`0x2bbb000`
SizeOfRawData	`0x800`
PointerToRawData	`0x1122200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.4221`

Imports

winmm.dll	`timeGetTime`
shlwapi.dll	`SHCreateStreamOnFileW`
winspool.drv	`DocumentPropertiesW`
comctl32.dll	`ImageList_GetImageInfo`
shell32.dll	`Shell_NotifyIconW`
user32.dll	`CopyImage`
version.dll	`GetFileVersionInfoSizeW`
URLMON.DLL	`URLDownloadToFileW`
oleaut32.dll	`SafeArrayPutElement`
WTSAPI32.DLL	`WTSUnRegisterSessionNotification`
advapi32.dll	`RegSetValueExW`
msvcrt.dll	`memcpy`
winhttp.dll	`WinHttpGetIEProxyConfigForCurrentUser`
kernel32.dll	`GetVersion` `GetVersionExW`
wintrust.dll	`WinVerifyTrust`
wsock32.dll	`send`
ole32.dll	`CoRevokeClassObject`
gdi32.dll	`Pie`
kernel32.dll (delay-loaded)	`GetVersion` `GetVersionExW`

Delayed Imports

Attributes	`0x1`
Name	`kernel32.dll`
ModuleHandle	`0x3a31e0`
DelayImportAddressTable	`0x3a321c`
DelayImportNameTable	`0x298f30c`
BoundDelayImportTable	`0x3a3504`
UnloadDelayImportTable	`0x3a3640`
TimeStamp	`1970-Jan-01 00:00:00`

dbkFCallWrapperAddr

Ordinal	`1`
Address	`0x39a648`

__dbk_fcall_wrapper

Ordinal	`2`
Address	`0x13580`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1f720`
TimeDateStamp	2025-Jan-28 16:44:56
Entropy	`1.47829`
MD5	`92afe7fbcc0dd40c6c47d3c20d7b9081`
SHA1	`3f962529a0e7cb142b84956ad2310e560aaec3ac`
SHA256	`e219c74fd36979e66fa920a09f53accdfc376cefe938f6d2fd631a6ced261e1b`
SHA3	`4818685e68cfdc1a61a5f577271919303067e8461c25102d9ec8e145b6a297fc`

MAINICON

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2025-Jan-28 16:44:56
Entropy	`1.98048`
MD5	`85c13fc48f7fc5620d7805c23d8396db`
SHA1	`f9769c2e63ebe0aca28016e520744fc65412294d`
SHA256	`07d1a0d7a977c65437f94c6a451370aed737253b80e32a9554231f90ccba5700`
SHA3	`446c058dd2fa6076a8e32dedacecf38bf80cb7dc938d686f6b99a75c6bba015c`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1f8`
TimeDateStamp	2025-Jan-28 16:44:56
Entropy	`3.16719`
MD5	`440173b47d908923ab4099e056137ca0`
SHA1	`b0a0340dec520fb1c3880be478ac28cfc9452f55`
SHA256	`43b51e9723f64040775cba863f49091cf8556a284a4750c78170c1ae52f7007d`
SHA3	`9684e138a5b79b9cb6845f03dabc92d89e6ed2e2f04b8e3385ce65ffa85b5256`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x716`
TimeDateStamp	2025-Jan-28 16:44:56
Entropy	`5.26758`
MD5	`5e0f4b7ae0e8e09db40209f0c8d59e2e`
SHA1	`b9ed3edd6e73ac5b17f0baad95ac24320a6de8f7`
SHA256	`a87fe171fba769aacaf45819d0b3c2239a0f7d85c8fcaa36d747afb61801dc08`
SHA3	`ea618875ecfa47de6e6dff45fea74c589c867337273dd407c03e96d5c514a44d`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.13.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
FileDescription	Cortex
FileVersion (#2)	1.0.13.0
ProgramID	com.embarcadero.Cortex
ProductName	Cortex
ProductVersion (#2)	1.0.0.0

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not reach the TLS callback table.
[*] Warning: Section .text has a size of 0!
[*] Warning: Section .itext has a size of 0!
[*] Warning: Section .data has a size of 0!
[*] Warning: Section .bss has a size of 0!
[*] Warning: Section .idata has a size of 0!
[*] Warning: Section .didata has a size of 0!
[*] Warning: Section .edata has a size of 0!
[*] Warning: Section .tls has a size of 0!
[*] Warning: Section .rdata has a size of 0!
[*] Warning: Section .HXy has a size of 0!
[*] Warning: Section .UC6 has a size of 0!
[*] Warning: Section .debug has a size of 0!
[*] Warning: Section .mFU has a size of 0!
[*] Warning: Please edit the configuration file with your VirusTotal API key.
[!] Error: Could not load yara_rules/bitcoin.yara!
[!] Error: Could not load yara_rules/monero.yara!
[!] Error: Could not load yara_rules/compilers.yara!
[!] Error: Could not load yara_rules/findcrypt.yara!
[!] Error: Could not load yara_rules/suspicious_strings.yara!
[!] Error: Could not load yara_rules/domains.yara!
[!] Error: Could not load yara_rules/peid.yara!