Manalyze report for 7f6e00dde3f0d4ce5cf5449ecb1be3357acb06ee9c733a301ed7e01de7525d0a

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-Apr-22 07:01:11
TLS Callbacks	1 callback(s) detected.
Debug artifacts	cs2_dumper.pdb

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	PEiD Signature:	`PeStubOEP v1.x`
Info	Interesting strings found in the binary:	`Contains domain names: github.com https://github.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to RC5 or RC6`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot NtQueryInformationProcess` `Uses Windows's Native API: NtWriteFile NtReadFile NtQueryInformationProcess` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges` `Manipulates other processes: WriteProcessMemory ReadProcessMemory Process32NextW Process32FirstW OpenProcess`
Safe	VirusTotal score: 0/71 (Scanned on 2026-05-25 10:03:34)	`All the AVs think this file is safe.`

Hashes

MD5	`eda6bd7493e66f2b0525b8be3c53d2f2`
SHA1	`076736974307d00998217ceb0bc67ef69c2d36d4`
SHA256	`7f6e00dde3f0d4ce5cf5449ecb1be3357acb06ee9c733a301ed7e01de7525d0a`
SHA3	`73fe42d869f45e3ac8391cb22f19a9391bf0f490c7f1c9253b8fc5de7bac1ef7`
SSDeep	`49152:pAY4D1GNmdVuS/jh+tFPsB4OuQYKVpET2OfaFUBk3xg:pC8uFt+LEJoQRC`
Imports Hash	`2260b7babc20c6e952370fc3817edf90`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`5`
TimeDateStamp	2026-Apr-22 07:01:11
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x18d800`
SizeOfInitializedData	`0x82e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000018632C (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x214000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b158dcdb5c1e6af5eb8ca8e35353da16`
SHA1	`c8d4979ed1b1fcdfb53e74b2c0d268ed4aef71ae`
SHA256	`ff84254af8597e55fd56faa6c2934b383a7acc78d47f2ac3be9a68f1bf414e57`
SHA3	`6196b5e02d712d32ada880202af3546f99a81688fcb356d5ec5466aa811f6884`
VirtualSize	`0x18d724`
VirtualAddress	`0x1000`
SizeOfRawData	`0x18d800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.24124`

.rdata

MD5	`b29cb62fb3e1fd5a8cb27339d247ebb6`
SHA1	`1ee636a7d243a097f0971ed1052b3acc4878fbc6`
SHA256	`189bb6139205908d130c00603342a5d0274b0ec736c6a2c1f8b27348961fad35`
SHA3	`e4c1f3898a9a6a1c0825aeba86cf34caf8c416d813fb1d887f096833b4fd14a0`
VirtualSize	`0x72a7c`
VirtualAddress	`0x18f000`
SizeOfRawData	`0x72c00`
PointerToRawData	`0x18dc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.30022`

.data

MD5	`80b0bdd9a7ca17422b5abd15dd53bd30`
SHA1	`628d738e35d42c01cd58b2fae51e6923a426bc14`
SHA256	`52bc2e15645d7684d75a588bd52861389c989fb79e098ba5599651f942ff1231`
SHA3	`9b86f722afe3206c198c4f0853aaa43e217f951e665917c4f82cc870f276f82a`
VirtualSize	`0x3e0`
VirtualAddress	`0x202000`
SizeOfRawData	`0x400`
PointerToRawData	`0x200800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.17294`

.pdata

MD5	`5e68f179a75cb621799280ca8cc5ab17`
SHA1	`956a63060557a704898711977e6827e06f15d206`
SHA256	`6a1cde3b156646dff8655693dceca86b2b9ea6161384fef4e9128116c5189d50`
SHA3	`fe8a041dec0b76ef741dcefed063c63133a4b52115b90997d74de726eb7d27fd`
VirtualSize	`0xc57c`
VirtualAddress	`0x203000`
SizeOfRawData	`0xc600`
PointerToRawData	`0x200c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.18616`

.reloc

MD5	`844e4a6e4600c39b57156a998d9eda3b`
SHA1	`47f798b34cb35558b34775b9ed91cba918ce181d`
SHA256	`82278e455c553488a3d248a2641056115a1aafbecf8e4957c18342766c457cfb`
SHA3	`c2fe721a93cd9aa16f294a860344cc817ad2cef0d95322ee7a4c5060c084a392`
VirtualSize	`0x3674`
VirtualAddress	`0x210000`
SizeOfRawData	`0x3800`
PointerToRawData	`0x20d200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.42245`

Imports

kernel32.dll	`SetFileTime` `WriteConsoleW` `GetFileInformationByHandle` `GetFileInformationByHandleEx` `GetFileType` `SetFileInformationByHandle` `GetFullPathNameW` `GetConsoleOutputCP` `GetConsoleMode` `GetStdHandle` `GetTimeZoneInformationForYear` `LoadLibraryExW` `GetModuleFileNameW` `GetSystemTimePreciseAsFileTime` `FindClose` `GetProcAddress` `SetConsoleMode` `IsDebuggerPresent` `ExitProcess` `FormatMessageW` `GetConsoleScreenBufferInfo` `UnhandledExceptionFilter` `FindFirstFileExW` `WaitForSingleObject` `ReleaseMutex` `CreateMutexA` `GetCurrentProcessId` `WaitForSingleObjectEx` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `GetCurrentThreadId` `Sleep` `GetCurrentProcess` `SetUnhandledExceptionFilter` `WriteProcessMemory` `InitializeSListHead` `ReadProcessMemory` `Process32NextW` `Process32FirstW` `CreateToolhelp32Snapshot` `K32GetModuleInformation` `K32GetModuleFileNameExA` `IsProcessorFeaturePresent` `K32EnumProcessModulesEx` `VirtualQueryEx` `OpenProcess` `HeapAlloc` `FreeLibrary` `SetThreadErrorMode` `GetCurrentThread` `SetThreadStackGuarantee` `AddVectoredExceptionHandler` `SetLastError` `CloseHandle` `SetConsoleTextAttribute` `GetLastError` `HeapReAlloc` `HeapFree` `FindNextFileW` `GetProcessHeap` `GetSystemTimeAsFileTime`
api-ms-win-core-synch-l1-2-0.dll	`WaitOnAddress` `WakeByAddressSingle` `WakeByAddressAll`
ntdll.dll	`RtlNtStatusToDosError` `NtWriteFile` `NtReadFile` `NtQueryInformationProcess`
user32.dll	`GetKeyState` `GetKeyboardState`
advapi32.dll	`OpenProcessToken` `LookupPrivilegeValueA` `AdjustTokenPrivileges`
ole32.dll	`CoTaskMemFree`
oleaut32.dll	`GetErrorInfo`
bcryptprimitives.dll	`ProcessPrng`
KERNEL32.dll	`GetCommandLineW` `lstrlenW` `GetModuleHandleA` `GetCurrentDirectoryW` `LoadLibraryA` `WideCharToMultiByte` `MultiByteToWideChar` `GetEnvironmentVariableW` `QueryPerformanceFrequency` `GetModuleHandleW` `QueryPerformanceCounter` `CreateFileW` `CreateDirectoryW`
shell32.dll	`SHGetKnownFolderPath`
VCRUNTIME140.dll	`__CxxFrameHandler3` `memcmp` `memmove` `memcpy` `memset` `_CxxThrowException` `__C_specific_handler` `__current_exception` `__current_exception_context`
api-ms-win-crt-string-l1-1-0.dll	`strlen`
api-ms-win-crt-runtime-l1-1-0.dll	`exit` `_exit` `_get_initial_narrow_environment` `_initialize_narrow_environment` `terminate` `_cexit` `_configure_narrow_argv` `_c_exit` `_set_app_type` `_initterm_e` `_register_thread_local_exe_atexit_callback` `__p___argv` `_initterm` `__p___argc` `_initialize_onexit_table` `_seh_filter_exe` `_register_onexit_function` `_crt_atexit`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-stdio-l1-1-0.dll	`_set_fmode` `__p__commode`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `free`

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Apr-22 07:01:11
Version	`0.0`
SizeofData	`39`
AddressOfRawData	`0x1d5e6c`
PointerToRawData	`0x1d4a6c`
Referenced File	cs2_dumper.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Apr-22 07:01:11
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x1d5e94`
PointerToRawData	`0x1d4a94`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Apr-22 07:01:11
Version	`0.0`
SizeofData	`816`
AddressOfRawData	`0x1d5ea8`
PointerToRawData	`0x1d4aa8`

TLS Callbacks

StartAddressOfRawData	`0x1401d61f8`
EndAddressOfRawData	`0x1401d6328`
AddressOfIndex	`0x140202350`
AddressOfCallbacks	`0x14018f4e8`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`0x0000000140179DD0`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1402021c0`

RICH Header

XOR Key	`0xa6a0bd5a`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`12`
Imports (35207)	`2`
ASM objects (35207)	`3`
C objects (35207)	`9`
C++ objects (35207)	`23`
Imports (30151)	`2`
Imports (33145)	`3`
Total imports	`130`
Unmarked objects (#2)	`27`
Linker (35225)	`1`

Errors

Leave a comment

No comments yet.