Manalyze report for 53158397f506980ab8be22152ff0a1c2

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Feb-01 12:04:43
Detected languages	English - United States
CompanyName	NinjEye
FileDescription	Anti-cheat module - https://ninjeye.net
FileVersion	`1.2.1.3`
InternalName	ninjeye.dll
LegalCopyright	Copyright (C) 2018-2026
OriginalFilename	ninjeye.dll
ProductName	NinjEye
ProductVersion	`1.2.1.3`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	Interesting strings found in the binary:	`Contains domain names: https://ninjeye.net https://www.youtube.com https://www.youtube.com/watch?v ninjeye.net openssl.org www.youtube.com youtube.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses constants related to Blowfish` `Uses constants related to TEA` `Uses known Diffie-Helman primes` `Uses known Mersenne Twister constants`
Suspicious	This PE is packed with Themida	`Unusual section name found: .fptable` `Unusual section name found: .debug` `Unusual section name found: .themida` `Section .themida is both writable and executable.` `Unusual section name found: .boot` `Unusual section name found: .SCY` `Section .SCY is both writable and executable.` `The PE only has 0 import(s).`
Suspicious	The file contains overlay data.	`12004768 bytes of data starting at offset 0x758060.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`53158397f506980ab8be22152ff0a1c2`
SHA1	`8c983fafe71f5e0afd882c758994edd5fe8cf95b`
SHA256	`b6c0fcdc67ed8804727123298ae89e0a826733e5d98fa3f8b65860be4d3f42d7`
SHA3	`57cd315c07a7048e1263215251f9ea9ceee3285af85f80facb4987709ef7de11`
SSDeep	`393216:/mEpYbtFWl/ttASsxQq4kWfbhHSeETQTk:4U/ttAg1fbhHSR`
Imports Hash	`d41d8cd98f00b204e9800998ecf8427e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x130`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`15`
TimeDateStamp	2026-Feb-01 12:04:43
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x4dc600`
SizeOfInitializedData	`0x1f5800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x004AFB0A (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x4de000`
ImageBase	`0x10000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x12d7000`
SizeOfHeaders	`0x600`
Checksum	`0x12cd897`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_NO_BIND`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`44e861c73fa24df3adb6be12d2de42e5`
SHA1	`3d3a24e2de8f05ccf4a99720ae9fda4491bd5916`
SHA256	`7e6307cb20b85cc6a095359a858f5a1119b96fa2efa89062c8fa91f812f05dc7`
SHA3	`44e833afcbf6bb0d6a60c7a2fcdac42f0fbd3aa9f54fc0ad560da83d17413a91`
VirtualSize	`0x4dd000`
VirtualAddress	`0x1000`
SizeOfRawData	`0x4dc600`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.70721`

.rdata

MD5	`d50fb74c7852a839ef2f5561f468c8e9`
SHA1	`07977d606c29870119cb31f06ed4b4c72849b901`
SHA256	`b00e9e926b978f5fff9d8297b02bd44447785eac6fa39662de2a9b9388f815a0`
SHA3	`073c7b2c2b276f12be31ea426ef585642586f6ba648487f13763ff091e75c5a0`
VirtualSize	`0x190000`
VirtualAddress	`0x4de000`
SizeOfRawData	`0x18e400`
PointerToRawData	`0x4dcc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.42321`

.data

MD5	`bb43d33942406a3c78b165fef8ba2d60`
SHA1	`b47f8948f1397827750e3092e79b307fa1fcf783`
SHA256	`2e31f9387f8fe7f064fd081d2f05f50560430909319fabda6b44d561b9f63a53`
SHA3	`b9080313a35ed4d1ff1fab0cec17e441fb6143eb6362445e1b0ebb0666c80e80`
VirtualSize	`0x13000`
VirtualAddress	`0x66e000`
SizeOfRawData	`0x12400`
PointerToRawData	`0x66b000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.63582`

.detourc

MD5	`0fc1366410252425a1e5a8736c511f9a`
SHA1	`55a7ab65b644467034016e3bd2151112c2e936cd`
SHA256	`d17d073696af2529c966bd1e8e50dfb7ea7ad2028ccc6b42303b6b8c8871e3ab`
SHA3	`896b92e307d14c57833795316131a60e60d5d49041abd1b0ccdea72a32f2bc2f`
VirtualSize	`0x2000`
VirtualAddress	`0x681000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x67d400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.0666`

.detourd

MD5	`15d7bd12d01a5e1cc9bcfda0df81f640`
SHA1	`4fd5ef23792011987ad768a1c398097710e63046`
SHA256	`2ec37d0cdd2014311fbb1971c4e8a4cb8e432396a5f9bc63420cf89254cfaa35`
SHA3	`a6d2e0e626572142b235f63a77794caa622e84a6587eb6874f6837a38c6663ed`
VirtualSize	`0x1000`
VirtualAddress	`0x683000`
SizeOfRawData	`0x200`
PointerToRawData	`0x67e600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0659144`

.fptable

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x1000`
VirtualAddress	`0x684000`
SizeOfRawData	`0`
PointerToRawData	`0x67e800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rsrc

MD5	`6df6c0c4e55a28eb838c2f399a6e2da1`
SHA1	`8e70dd7c3144e40e3bc1f5bea702d7d60a20c24e`
SHA256	`34dfa744db6c47096609b5745c2cbf6ca4eedcfc456590fef0e43b2521f43c8c`
SHA3	`5b28ba6362aa8d3bbb754034afe9ff435bca8c8f5ed1c89b708c0624b50815ee`
VirtualSize	`0x29000`
VirtualAddress	`0x685000`
SizeOfRawData	`0x28600`
PointerToRawData	`0x67e800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.28882`

.reloc

MD5	`ddeb907ff1e35aff0c4fe94079965017`
SHA1	`aacd1832729ffdf49207cddadcff329264ee8bbd`
SHA256	`0026c2f7fa32f8a580114dd2da8c79d71fa3a969102476e254f9b22884363d5a`
SHA3	`88b5a0bee2454704c5f47ad6725a602b3af633a0b2ef928c629997d979dc7734`
VirtualSize	`0x2a000`
VirtualAddress	`0x6ae000`
SizeOfRawData	`0x29400`
PointerToRawData	`0x6a6e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.58044`

.debug

MD5	`8e29bcc7c9ef673e5628d8ae160b38d8`
SHA1	`22eceefb755322e2a4993a763f03d1442c2a0644`
SHA256	`49fe5091881a5d04abc7c30258555299674c7ad437f040148815b3fc1a8fef96`
SHA3	`7e7dde1c38571483c7c2de1514b9ba95c856c45c8bc423be8709c5b95df49c75`
VirtualSize	`0x1000`
VirtualAddress	`0x6d8000`
SizeOfRawData	`0x600`
PointerToRawData	`0x6d0200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.64503`

.idata

MD5	`f47604dfcc67a08c114c82ac37cd7deb`
SHA1	`b09f537b5e77db172247f95c46507e8aa35c6ee8`
SHA256	`b897207ee831659bc675f185f86e7e6532d4b68a1394c3fb61cccafaa6094e5e`
SHA3	`a798287834a2ad271830a4d3566879528a2772fa08b499e62f93cf323e6b2afe`
VirtualSize	`0x1000`
VirtualAddress	`0x6d9000`
SizeOfRawData	`0x400`
PointerToRawData	`0x6d0800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.11881`

.tls

MD5	`431676d93d134f71965f7b4b59a06a90`
SHA1	`724f323becfcf808f151b29e62e44db0fc5088fa`
SHA256	`c87d3240c338e13e58b4004023121fbbd6e8ac45df7d812694a93c8bb6ecf0d5`
SHA3	`54b2225fe5af1052eee7543712a88d7b812a4562b9739999a69ad0cc9dc7a184`
VirtualSize	`0x1000`
VirtualAddress	`0x6da000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6d0c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.253231`

.themida

MD5	`67c7a6e7896e5cecffba2752cdcb1c01`
SHA1	`5cb4df61098a481edfec04280e5591441c3953a5`
SHA256	`6aa21939060915a584b77030f88feb375efe388352d2a5b708b92b27ec0cd80d`
SHA3	`208ea760ca855a57c5468805181ae8c3020060eda49433306f3aef4072943c61`
VirtualSize	`0x76c000`
VirtualAddress	`0x6db000`
SizeOfRawData	`0x76c000`
PointerToRawData	`0x6d0e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.30834`

.boot

MD5	`d8d58964e3c026f6b9a156cfd0f11f25`
SHA1	`95ef9b4ff9965d753db9c8ff1759e41d60d79e5d`
SHA256	`240f7d59e6b812ef097a888368ea3aeb540ef264a257a9404a58a0359093630b`
SHA3	`f410be3676f44c851379bb4c987078754d77cf1a3fff2f9b0cfd5c5135be2b6f`
VirtualSize	`0x48e000`
VirtualAddress	`0xe47000`
SizeOfRawData	`0x48dc00`
PointerToRawData	`0xe3ce00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.957`

.reloc (#2)

MD5	`f5c26e4aca33e984bade45e48c310975`
SHA1	`f1791f573f3ba9bae43850777e9e69bcef9fa55f`
SHA256	`8cd7ff788ca1a194077a59d7257529e45817d43349dd7d0eb6009546d1835d58`
SHA3	`92a4f57c9c840e4542d189cd4bd66013eda86d60b19ff574f09d9070007406d1`
VirtualSize	`0x1000`
VirtualAddress	`0x12d5000`
SizeOfRawData	`0x400`
PointerToRawData	`0x12caa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ`
Entropy	`3.92812`

.SCY

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x1000`
VirtualAddress	`0x12d6000`
SizeOfRawData	`0`
PointerToRawData	`0x12cae00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

Imports

Delayed Imports

101

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2802a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.30717`
MD5	`08230f14032a55e3c29cdd474405f2f1`
SHA1	`c645614c68ce3dd5b5210d329c03b46d3035879a`
SHA256	`95f7537cfdd0a5254c835f6bbf20ba90d5519e8ad54d0919ddece7fff3a64e94`
SHA3	`4ef9d6126d58fcc7945b33c5ec5c444703041fcc679b41198798479d8a137bc8`
Preview

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.45537`
MD5	`a7365f341ee5b61da006d304fbc6fe07`
SHA1	`57a1a39c83dd1e79be32a2e01e04dd6cbe084b59`
SHA256	`73ee36a22d043ddea8dbb6691d257d829978af10945fdde20df1a943059640cd`
SHA3	`64c9c1850b933983cce362e9816fdc182a75141af0a21324424a7ac1424fae06`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x91`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.8858`
MD5	`f7ad1eab748bc07570a57ec87787cf90`
SHA1	`0b1608da9fef218386e825db575c65616826d9f4`
SHA256	`d2952e57023848a37fb0f21f0dfb38c9000f610ac2b00c2f128511dfd68bde04`
SHA3	`6c9541b36948c19ae507d74223621875b3af4064f7cd8200bdb97e15a047e96a`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.2.1.3
ProductVersion	1.2.1.3
FileFlags	`VS_FF_PRERELEASE` `VS_FF_SPECIALBUILD`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	NinjEye
FileDescription	Anti-cheat module - https://ninjeye.net
FileVersion (#2)	1.2.1.3
InternalName	ninjeye.dll
LegalCopyright	Copyright (C) 2018-2026
OriginalFilename	ninjeye.dll
ProductName	NinjEye
ProductVersion (#2)	1.2.1.3

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not read the IMAGE_IMPORT_DESCRIPTOR.
[!] Error: Could not read PDB file information of invalid magic number.
[!] Error: Could not reach the TLS callback table.
[*] Warning: The WIN_CERTIFICATE appears to be invalid.
[*] Warning: Section .fptable has a size of 0!
[*] Warning: Section .SCY has a size of 0!