Manalyze report for 69a651493b275cd5172392f9b96e517c5c2ac4a2c58cccbfcf18d3d54363b594

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Mar-31 22:55:30
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	Interesting strings found in the binary:	`Contains domain names: cv.iptc.org http://cv.iptc.org http://cv.iptc.org/newscodes/digitalsourcetype/trainedAlgorithmicMedia http://va.truepic.com http://va.truepic.com/ejbca/publicweb/status/ocsp0 truepic.com va.truepic.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses known Mersenne Twister constants`
Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryExW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Uses functions commonly found in keyloggers: GetAsyncKeyState GetForegroundWindow` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	The PE is possibly a dropper.	`Resources amount for 77.9253% of the executable.`
Malicious	VirusTotal score: 12/72 (Scanned on 2026-04-10 14:39:58)	`APEX: Malicious` `CrowdStrike: win/malicious_confidence_70% (D)` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `Elastic: malicious (high confidence)` `MaxSecure: Trojan.Malware.300983.susgen` `McAfeeD: ti!69A651493B27` `Sangfor: Trojan.Win32.Save.a` `Skyhigh: BehavesLike.Win32.Spyware.vc` `Sophos: Generic ML PUA (PUA)` `Symantec: ML.Attribute.HighConfidence` `Trapmine: malicious.moderate.ml.score`

Hashes

MD5	`cc1d5756c3fac642b8433004a065b74a`
SHA1	`585cde5917401f602da42c8ebf50e59e4c046ca8`
SHA256	`69a651493b275cd5172392f9b96e517c5c2ac4a2c58cccbfcf18d3d54363b594`
SHA3	`f1fec6f1926fd4df619500168da67082e0fd95163cd4f01a83cae22b06eedf56`
SSDeep	`49152:Nq6l2Ywnu3saZXmaEF/DQhbG949O/TIkSILjfKmarMzsMHMMt:NqC2YYWXj2/DQE949n9u9zAMHM`
Imports Hash	`f44845215d3cb540b7fa7131184d4465`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2026-Mar-31 22:55:30
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x76400`
SizeOfInitializedData	`0x225800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0005707B (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x78000`
ImageBase	`0x10000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x2a0000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`6d052e257bbe743669b3cde8518ef085`
SHA1	`58a53059df93cc6bd21626bcc041c7a40ca32b01`
SHA256	`a451fec6280372b9bafe74ae6a645638c926c79bbfb41b2f1bfbd48564a948a0`
SHA3	`8054bfe5b850c438b01a91be822ded4b8ab7079b499f78dd7f8ed945f75a9ae2`
VirtualSize	`0x76315`
VirtualAddress	`0x1000`
SizeOfRawData	`0x76400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.65616`

.rdata

MD5	`58cf44abad1dd5a333a6db626da2258b`
SHA1	`89d042f9ce3843b4a4d9cbb63da0c2ae3bfa7afd`
SHA256	`431767a8e2992b72417cf5c2086511132121de7924e00d88d9b6cbcc21a35c33`
SHA3	`2685e988f6a10a6e6d2169e48e24ca1f1d666f7abfdc9b4fd7b61f5c4230f678`
VirtualSize	`0x179bc`
VirtualAddress	`0x78000`
SizeOfRawData	`0x17a00`
PointerToRawData	`0x76800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.44411`

.data

MD5	`d128a116d1f2c2ae0f90b3f9357103c0`
SHA1	`3da85ce2f55238e3333f11805392b0460e13587f`
SHA256	`3c40f4204edddf5d6a49914d3b2df9c7dc1b5ff6548a72791992c17d5306a2af`
SHA3	`852b37432dffc15108d9d9a8a259ab55d725b5696db03a6f83951e965d4ef481`
VirtualSize	`0x2ed8`
VirtualAddress	`0x90000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x8e200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.95325`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x80`
VirtualAddress	`0x93000`
SizeOfRawData	`0x200`
PointerToRawData	`0x8f200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`c1e5ef67d1a3b1e28c98eda24ee3511d`
SHA1	`c992702f6e07c95ddb1bae359f584ab73c445d54`
SHA256	`355878a2b5c5ec1a4fd395ba4c8d0dd55d07657c548717f15fbd49c3ca912d21`
SHA3	`831f7449bce1d3b90aa38b691c42fd3c8268f3285cc636f985fec0abb9fc78e0`
VirtualSize	`0x207070`
VirtualAddress	`0x94000`
SizeOfRawData	`0x207200`
PointerToRawData	`0x8f400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.98039`

.reloc

MD5	`9ff935558588cb154f3a3ce0bbdb6987`
SHA1	`0160b5133c21ff682a71b134caf97a24b33da2c2`
SHA256	`f13b1d86f01e37dd4bd53a51089a660e99134bc17279e7067dcfdfcbeab5807b`
SHA3	`a810435af0cd28e6ac7766d1708f44774120ffb13ad2fce7065f9c15599ffdab`
VirtualSize	`0x3838`
VirtualAddress	`0x29c000`
SizeOfRawData	`0x3a00`
PointerToRawData	`0x296600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.62845`

Imports

KERNEL32.dll	`FreeLibrary` `QueryPerformanceCounter` `SizeofResource` `VirtualProtect` `GetModuleFileNameW` `FindResourceA` `Sleep` `GetTickCount64` `DisableThreadLibraryCalls` `LockResource` `LoadResource` `ExitProcess` `VirtualFree` `VirtualAlloc` `VirtualQuery` `HeapCreate` `HeapFree` `GetCurrentProcess` `Thread32Next` `Thread32First` `GetCurrentThreadId` `SuspendThread` `ResumeThread` `CreateToolhelp32Snapshot` `GetLastError` `HeapReAlloc` `CloseHandle` `HeapAlloc` `GetThreadContext` `GetCurrentProcessId` `GetModuleHandleW` `GetProcAddress` `SetThreadContext` `OpenThread` `GetSystemDirectoryA` `SetEndOfFile` `WriteConsoleW` `HeapSize` `CreateFileW` `GetStringTypeW` `SetStdHandle` `GetProcessHeap` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCommandLineW` `GetCommandLineA` `GetCPInfo` `GetOEMCP` `GetACP` `IsValidCodePage` `FindNextFileW` `FindFirstFileExW` `FindClose` `GetFileSizeEx` `GetConsoleOutputCP` `WriteFile` `FlushFileBuffers` `LCMapStringW` `QueryPerformanceFrequency` `LoadLibraryA` `GetModuleHandleA` `GlobalUnlock` `WideCharToMultiByte` `GlobalLock` `GlobalFree` `MultiByteToWideChar` `GlobalAlloc` `FlushInstructionCache` `InitializeCriticalSectionEx` `FlsFree` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `WakeAllConditionVariable` `SleepConditionVariableSRW` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `TerminateProcess` `IsProcessorFeaturePresent` `IsDebuggerPresent` `GetStartupInfoW` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlUnwind` `RaiseException` `InterlockedFlushSList` `SetLastError` `EncodePointer` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `LoadLibraryExW` `ReadFile` `GetModuleHandleExW` `SetFilePointerEx` `GetConsoleMode` `ReadConsoleW` `GetStdHandle` `GetFileType` `FlsAlloc` `FlsGetValue` `FlsSetValue` `DecodePointer`
USER32.dll	`SetClipboardData` `GetClipboardData` `EmptyClipboard` `CloseClipboard` `OpenClipboard` `CallWindowProcW` `GetActiveWindow` `GetAsyncKeyState` `MessageBoxA` `SetWindowLongW` `GetKeyState` `ScreenToClient` `GetCapture` `ClientToScreen` `IsChild` `TrackMouseEvent` `GetForegroundWindow` `LoadCursorW` `SetCapture` `SetCursor` `GetClientRect` `ReleaseCapture` `SetCursorPos` `GetCursorPos`
IMM32.dll	`ImmGetContext` `ImmSetCompositionWindow` `ImmReleaseContext`
D3DCOMPILER_47.dll	`D3DCompile`
d3d11.dll	`D3D11CreateDeviceAndSwapChain`

Delayed Imports

GetFileVersionInfoA

Ordinal	`1`
Address	`0x565a0`

GetFileVersionInfoByHandle

Ordinal	`2`
Address	`0x565b0`

GetFileVersionInfoExA

Ordinal	`3`
Address	`0x565d0`

GetFileVersionInfoExW

Ordinal	`4`
Address	`0x565c0`

GetFileVersionInfoSizeExA

Ordinal	`5`
Address	`0x565e0`

GetFileVersionInfoSizeExW

Ordinal	`6`
Address	`0x565f0`

GetFileVersionInfoSizeW

Ordinal	`7`
Address	`0x56600`

GetFileVersionInfoW

Ordinal	`8`
Address	`0x56610`

VerFindFileA

Ordinal	`9`
Address	`0x56620`

VerFindFileW

Ordinal	`10`
Address	`0x56630`

VerInstallFileA

Ordinal	`11`
Address	`0x56640`

VerInstallFileW

Ordinal	`12`
Address	`0x56650`

VerLanguageNameA

Ordinal	`13`
Address	`0x56660`

VerLanguageNameW

Ordinal	`14`
Address	`0x56670`

VerQueryValueA

Ordinal	`15`
Address	`0x56680`

VerQueryValueW

Ordinal	`16`
Address	`0x56690`

GetFileVersionInfoSizeA

Ordinal	`17`
Address	`0x42070`

__GetFileVersionInfoSizeA@8

Ordinal	`18`
Address	`0x42070`

101

Type	`PNG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x206e3c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98088`
Detected Filetype	PNG graphic file
MD5	`af6956cdce6c07186684fa5347cf27de`
SHA1	`31550bfbb2cd7c2aeb11dd4c5b86e33b2066146d`
SHA256	`926f9a9192bbf6ad9215a69e6adc82221b1b682375a54776a38fd48122ba190f`
SHA3	`982a91ca4eb1ef1b4b0f0d6e5c19fa1bbbc8b64b0b6da85f566e2476d1efafb8`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Mar-31 22:55:30
Version	`0.0`
SizeofData	`900`
AddressOfRawData	`0x8d6b4`
PointerToRawData	`0x8beb4`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2026-Mar-31 22:55:30
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x1008da48`
EndAddressOfRawData	`0x1008da6c`
AddressOfIndex	`0x10091154`
AddressOfCallbacks	`0x10078270`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0xc0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x10090040`
SEHandlerTable	`0x1008d53c`
SEHandlerCount	`40`

RICH Header

XOR Key	`0xb8745507`
Unmarked objects	`0`
ASM objects (33145)	`32`
C++ objects (33145)	`164`
C objects (33145)	`23`
ASM objects (35207)	`25`
C objects (35207)	`15`
C++ objects (35207)	`39`
Imports (33145)	`15`
Total imports	`162`
C++ objects (LTCG) (35222)	`15`
Exports (35222)	`1`
Resource objects (35222)	`1`
151	`1`
Linker (35222)	`1`

Errors

Leave a comment

No comments yet.