Manalyze report for 63192da67a20db6d4c9e50a5b91a8d2571225ef3c6907ad7320cbec972109f2f

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1970-Jan-01 00:00:00
Detected languages	English - United States
TLS Callbacks	2 callback(s) detected.
CompanyName	Steam Tools
FileDescription	Steam Account Switcher
FileVersion	`1.0.0.0`
InternalName	SteamAccountSwitcher
LegalCopyright	Copyright (C) 2026
OriginalFilename	SteamAccountSwitcher.exe
ProductName	Steam Account Switcher
ProductVersion	`1.0.0.0`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: https://steamcommunity.com steamcommunity.com`
Info	Libraries used to perform cryptographic operations:	`Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata`
Suspicious	The PE contains functions most legitimate programs don't use.	`Can access the registry: RegCloseKey RegCreateKeyExA RegFlushKey RegOpenKeyExA RegQueryValueExA RegSetValueExA` `Possibly launches other programs: ShellExecuteA` `Uses Microsoft's cryptographic API: CryptProtectData` `Manipulates other processes: OpenProcess` `Can take screenshots: BitBlt CreateCompatibleDC GetDC` `Checks if it has admin rights: IsUserAnAdmin`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`c334377bd73c440930dcd923280fa749`
SHA1	`8adc039313509684b1ad429522e8d875eccd894a`
SHA256	`63192da67a20db6d4c9e50a5b91a8d2571225ef3c6907ad7320cbec972109f2f`
SHA3	`057061d63a8801e2bd013f1fcde931bb85c40a1144d3ae161b4c94af19ef2f7c`
SSDeep	`1536:O3r3J4cN5Gp7cED50wnRhU/5Q40xWTjv08xfSYbFPtOH0OdHLk22SBukCD7t067:ODzYZSKyvbfSYbFQUWo22Muk87t06f`
Imports Hash	`ceddf1d41296e4228c82c162097440f2`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`11`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0x10600`
SizeOfInitializedData	`0x17000`
SizeOfUninitializedData	`0xee00`
AddressOfEntryPoint	`0x00000000000013E0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x2d000`
SizeOfHeaders	`0x400`
Checksum	`0x17aed`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`7ff6e7a39eb618639c99923783e2f02e`
SHA1	`b0058ee96b9b7e6be4b1f63a5ccb61c02c342579`
SHA256	`55f024480913274630f044be65e1651e1ca9605a4fa472ce4e23b79e939ddd81`
SHA3	`258c9b96c65343fc08e6c68b15aa25e998cfc65a9d64a4741803ff8533a61475`
VirtualSize	`0x10428`
VirtualAddress	`0x1000`
SizeOfRawData	`0x10600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.2583`

.data

MD5	`2e1b713093d7f611d3117d50c4364dad`
SHA1	`ca6c9f2af20044039ecef911b2698a14ce290912`
SHA256	`305d11dfefa304e4a8ee95a8a10b0449e221a47999f617223aa3c3cf56c69bd7`
SHA3	`e468d7fbc1da168ce321bad4be057d2f83f0c56787b486285b6cfcde2e0a3816`
VirtualSize	`0x2b0`
VirtualAddress	`0x12000`
SizeOfRawData	`0x400`
PointerToRawData	`0x10a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.51048`

.rdata

MD5	`22c5b23b7b52a7c8243ff769bdbe8305`
SHA1	`ee5ec004dd9a6cc882d30a8c89da4fc5816dae24`
SHA256	`e0a2f0b66e31d3084604b517d7c94c28615d89ea698cf734f11aae6b6e0488b2`
SHA3	`5395c1801f6d7d0efe78a381c599dc1ac63bdfa66e2b44c87172b65341b68110`
VirtualSize	`0x2c90`
VirtualAddress	`0x13000`
SizeOfRawData	`0x2e00`
PointerToRawData	`0x10e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.96416`

.pdata

MD5	`4487b85d50bbde71a0f2ad7c96df1c89`
SHA1	`4ca6d8304a677b92ed8a485a2adf0f2f9620c55f`
SHA256	`c1795d400451c9abc3cc87c023066109893e2c5946078939dbaf7b0453afa0c5`
SHA3	`22e4462b0fbd4fa8ef9bec0935461d5f4fd891d29874a9d8efd5ddd2dbd1d2c9`
VirtualSize	`0x54c`
VirtualAddress	`0x16000`
SizeOfRawData	`0x600`
PointerToRawData	`0x13c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.30996`

.xdata

MD5	`5a469513a2c507a6081b51d83afd1c18`
SHA1	`f0cfd78cc376d2c6ab9ee8184eb348dfecae89c2`
SHA256	`1edfed31217190766cc78f7e746a9a9fa178bbbc469464c8019be0741eb2bde6`
SHA3	`3b872d73f862bc9ecf3a83d411fe6686e1bf2d35dcdf2b98eab7f1fb7417cf6a`
VirtualSize	`0x664`
VirtualAddress	`0x17000`
SizeOfRawData	`0x800`
PointerToRawData	`0x14200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.23341`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xee00`
VirtualAddress	`0x18000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`74e53feecb5f0c68ae4ee10c1f7b6ce3`
SHA1	`09738e3bad17ccde1baa4b3fc46cb3f6d4d7a6fa`
SHA256	`7642db2b1d0bfaabda5fdca599d81a9a83ee525a9f6e466ba0eb95d3bbca0f6f`
SHA3	`cfb871303e501328938934a0349d9abe573386798b2d32f1d2be7262cbc7dc30`
VirtualSize	`0x1b90`
VirtualAddress	`0x27000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0x14a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.52005`

.CRT

MD5	`e203e632c6e3c7a30a6c271a83f5c638`
SHA1	`53fb42f67c00156b18316738b6eeb50d731cd60a`
SHA256	`bb32175485c7886e80f079cd7016baf36c22b866874ebed302f473e882ff0a02`
SHA3	`09d83ddeb83b4f34b19bb7ceb1efbc4c5a73369d887cdf1aafe8c33740fbcc3b`
VirtualSize	`0x60`
VirtualAddress	`0x29000`
SizeOfRawData	`0x200`
PointerToRawData	`0x16600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.266512`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x10`
VirtualAddress	`0x2a000`
SizeOfRawData	`0x200`
PointerToRawData	`0x16800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`dbdc6e9ed3c8b1b4b9691037def2138d`
SHA1	`5076edf9ec528ea0ce50140eba15b3fbd5fbb043`
SHA256	`978a7eaacc708312d2ba6c71a81a369d24bc61568222e500a0fd21781ce62e7d`
SHA3	`f47d0ee0d2b11bc250a7b23d43efd25de37ecd60eef4167b4d5b37465ab7e613`
VirtualSize	`0x7f0`
VirtualAddress	`0x2b000`
SizeOfRawData	`0x800`
PointerToRawData	`0x16a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.81604`

.reloc

MD5	`be6193e5a9ccb27990d41e6c84efdac9`
SHA1	`bf1114d9170bb1f33fd4d2aaf8e80855c1a956e5`
SHA256	`5981220cb4ec02954f13ad32ffe0b96cfcf668148993683dbc4d9c4f970150d2`
SHA3	`1fb969d5397dd0f9e3c621f62377429860cc8d6cb00fc7721951d3409470b50b`
VirtualSize	`0x8c`
VirtualAddress	`0x2c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x17200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.72038`

Imports

ADVAPI32.dll	`RegCloseKey` `RegCreateKeyExA` `RegFlushKey` `RegOpenKeyExA` `RegQueryValueExA` `RegSetValueExA`
COMCTL32.dll	`InitCommonControls`
CRYPT32.dll	`CryptProtectData`
GDI32.dll	`BitBlt` `CreateCompatibleBitmap` `CreateCompatibleDC` `CreateDIBSection` `CreateFontA` `CreatePen` `CreateSolidBrush` `DeleteDC` `DeleteObject` `GetStockObject` `GetTextExtentPoint32A` `LineTo` `MoveToEx` `SelectObject` `SetBkColor` `SetBkMode` `SetTextColor` `TextOutA`
KERNEL32.dll	`CloseHandle` `CreateDirectoryA` `DeleteCriticalSection` `DeleteFileA` `DeleteFileW` `EnterCriticalSection` `ExitProcess` `FileTimeToLocalFileTime` `FileTimeToSystemTime` `FindClose` `FindFirstFileA` `FindFirstFileW` `FindNextFileA` `FindNextFileW` `GetFileAttributesW` `GetLastError` `GetModuleFileNameA` `GetModuleHandleA` `GetStartupInfoA` `GlobalAlloc` `GlobalLock` `GlobalUnlock` `InitializeCriticalSection` `IsDBCSLeadByteEx` `K32EnumProcesses` `LeaveCriticalSection` `LocalFree` `MultiByteToWideChar` `OpenProcess` `QueryFullProcessImageNameA` `RemoveDirectoryA` `RemoveDirectoryW` `SetFileAttributesW` `SetUnhandledExceptionFilter` `Sleep` `TerminateProcess` `TlsGetValue` `VirtualProtect` `VirtualQuery` `WideCharToMultiByte`
msvcrt.dll	`__C_specific_handler` `___lc_codepage_func` `___mb_cur_max_func` `__getmainargs` `__initenv` `__iob_func` `__set_app_type` `__setusermatherr` `_acmdln` `_amsg_exit` `_cexit` `_commode` `_errno` `fwprintf` `_fmode` `_initterm` `_ismbblead` `_lock` `_onexit` `_time64` `_unlock` `_wfopen` `abort` `calloc` `exit` `fclose` `fflush` `fgets` `fopen` `fprintf` `fputc` `fputs` `fputwc` `fread` `free` `fseek` `ftell` `fwrite` `localeconv` `malloc` `memcpy` `memmove` `memset` `signal` `strcat` `strchr` `strcmp` `strcpy` `strerror` `strlen` `strncmp` `strncpy` `strrchr` `strstr` `tolower` `vfprintf` `wcscat` `wcscmp` `wcslen` `_strlwr` `_atoi64`
ole32.dll	`CoCreateInstance` `CoInitialize` `CoUninitialize` `OleInitialize` `OleUninitialize`
SHELL32.dll	`IsUserAnAdmin` `SHFileOperationA` `SHGetFolderPathW` `ShellExecuteA`
SHLWAPI.dll	`PathFileExistsA` `PathFileExistsW`
USER32.dll	`AppendMenuA` `BeginPaint` `ClientToScreen` `CloseClipboard` `CreatePopupMenu` `CreateWindowExA` `DefWindowProcA` `DestroyMenu` `DestroyWindow` `DispatchMessageA` `DrawEdge` `DrawTextA` `DrawTextW` `EmptyClipboard` `EnableWindow` `EndPaint` `FillRect` `GetClassNameA` `GetClientRect` `GetCursorPos` `GetDC` `GetDesktopWindow` `GetMessageA` `GetScrollInfo` `GetWindowRect` `GetWindowTextA` `InvalidateRect` `IsDialogMessageA` `LoadCursorA` `MessageBoxA` `MessageBoxW` `OpenClipboard` `PostQuitMessage` `PtInRect` `RegisterClassA` `RegisterClassExA` `ReleaseDC` `ScreenToClient` `SendMessageA` `SetClipboardData` `SetCursor` `SetFocus` `SetScrollInfo` `ShowWindow` `TrackPopupMenu` `TranslateMessage` `UnregisterClassA` `UpdateWindow`

Delayed Imports

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x314`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.32855`
MD5	`0e6b7913026de6f33d4c2f268687f1b5`
SHA1	`af939e99b7dce6c6bcc86cc17aa4de8324163f9c`
SHA256	`da635596e0ec228af5fb7483cfe5fd31acf8736b8a0001b5fd494bd866af39f2`
SHA3	`8c37e9503ebdbacc56cd0caa9d13a6af78569edf6ca5adfed956aab80b197e6e`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x438`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.20195`
MD5	`289da3b17d26596ba6af6189293f97b5`
SHA1	`19ea41f8d1ec375014a2610d245225db7251fe55`
SHA256	`6eb2d915f325dd482d2fbf88889e3d80c059e16f49b3a5f81cb99253806161e1`
SHA3	`a29ed835747d81dc903e76a816733e53c97eb7d43d8735960c59dd123ac270f5`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Steam Tools
FileDescription	Steam Account Switcher
FileVersion (#2)	1.0.0.0
InternalName	SteamAccountSwitcher
LegalCopyright	Copyright (C) 2026
OriginalFilename	SteamAccountSwitcher.exe
ProductName	Steam Account Switcher
ProductVersion (#2)	1.0.0.0

Resource LangID	English - United States

TLS Callbacks

StartAddressOfRawData	`0x14002a000`
EndAddressOfRawData	`0x14002a008`
AddressOfIndex	`0x1400262ec`
AddressOfCallbacks	`0x140029038`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x0000000140008540` `0x0000000140008510`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!

Leave a comment

No comments yet.