Manalyze report for 7feaa69f389658bfa8e6297beade8140f18740ab8e4caa1c08b2ac2c05dd7761

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2023-Mar-01 06:34:54
Detected languages	English - United States
Debug artifacts	wfTypicalDSP.pdb

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ v6.0 DLL` `Microsoft Visual C++ 6.0 - 8.0`
Info	Interesting strings found in the binary:	`Contains domain names: github.com http://www.opensource.org http://www.opensource.org/licenses/mit-license.php https://github.com opensource.org www.opensource.org`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Functions which can be used for anti-debugging purposes: SwitchToThread`
Suspicious	VirusTotal score: 2/71 (Scanned on 2026-05-16 03:55:39)	`CrowdStrike: win/grayware_confidence_70% (D)` `Cynet: Malicious (score: 100)`

Hashes

MD5	`d4da000f5e0204f27507441a9bf0fd3d`
SHA1	`c6b1da525d02e1d715d71a2b600e12a744503542`
SHA256	`7feaa69f389658bfa8e6297beade8140f18740ab8e4caa1c08b2ac2c05dd7761`
SHA3	`0f974fec76bed650e710637294cc2ba28a0fbaf2b5eb9eec5625096205364b7e`
SSDeep	`12288:y7aSr+seSsl/jwhZfBUfWuGlfzYgMkKFiwq12H3XJwBOVaX9s:y7aSrOl/jwhZfmOzYgt1E3qBcaX`
Imports Hash	`880ea415e4bb43368db63bd5df31f182`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2023-Mar-01 06:34:54
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x111000`
SizeOfInitializedData	`0x60000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000F5FBF (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x112000`
ImageBase	`0x10000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x174000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`7557e41f017057e625a82b3b2c2fe88f`
SHA1	`c7317d8ac0f020aedc744b2827875b7081579faa`
SHA256	`19ca808ed6cc46baa73855c46164b0e3b5afe1e1ba0930edb7f3567c02919095`
SHA3	`1420ec1b8e7307376266ac394b81f615ce799ba7d1dbd2cc0260249f25086bc8`
VirtualSize	`0x110e6c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x111000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.18489`

.rdata

MD5	`497979955fb985488206f152cf9c0da0`
SHA1	`c3a3a728021c8df7167b40cb77acad8caca0908a`
SHA256	`10466850f5d38eea840a0f93685fd5dfee5c90e9bc5cd371926c91f01bc0246e`
SHA3	`7a624f6179216d07a23c7af12fcb5c23858f9ce45b71553aedfb486bcc36e06f`
VirtualSize	`0x34af4`
VirtualAddress	`0x112000`
SizeOfRawData	`0x34c00`
PointerToRawData	`0x111400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.28168`

.data

MD5	`b6f6fe6e68f18bb36185f4fc409b458a`
SHA1	`e705431e38245c8ec6d5509736aa4ceec2496b9d`
SHA256	`e23648669889dddb9fc51ae6f9c07cb27d1888030893a343fbb8fe785d206d8f`
SHA3	`b1cf99a84a26b8e355d076d7b34655b91618b4e8646d6f221ec2202fee3b8941`
VirtualSize	`0x1998c`
VirtualAddress	`0x147000`
SizeOfRawData	`0x18c00`
PointerToRawData	`0x146000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.97422`

.rsrc

MD5	`de57a0ac4c836506e55f01e57be1e485`
SHA1	`f9af04c7d8fea193c8833e4ad227d271b3eb2d73`
SHA256	`fc96d44c10f1c0decd78a2c6a9de7b5f31aec304cb2fcf142c4df11a23399332`
SHA3	`a485e5d059053edd18497cf77eb063c7aad69944b7966f5e91c9ca8670f11ee3`
VirtualSize	`0x718`
VirtualAddress	`0x161000`
SizeOfRawData	`0x800`
PointerToRawData	`0x15ec00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.892`

.reloc

MD5	`787ae71773d1ddad478661ff1b133523`
SHA1	`da1951734bce0d51fd0fa3e03674a8d55415a8ab`
SHA256	`38f788d4259a42adc2329adbf3ca972df64bd6ee889c7044ea050f3b12114f4d`
SHA3	`cb29d6c138bfab26c937ae898042167458ae693c459e5dadd232ed1c2abba61f`
VirtualSize	`0x111cc`
VirtualAddress	`0x162000`
SizeOfRawData	`0x11200`
PointerToRawData	`0x15f400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.39221`

Imports

KERNEL32.dll	`SizeofResource` `FindResourceA` `LockResource` `LoadResource` `CloseHandle` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionAndSpinCount` `DeleteCriticalSection` `SetEvent` `ResetEvent` `WaitForSingleObjectEx` `CreateEventW` `GetModuleHandleW` `GetProcAddress` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `IsDebuggerPresent` `GetStartupInfoW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `GetLastError` `WideCharToMultiByte` `SetLastError` `SwitchToThread` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `EncodePointer` `DecodePointer` `MultiByteToWideChar` `LCMapStringW` `GetLocaleInfoW` `GetStringTypeW` `GetCPInfo` `RtlUnwind` `RaiseException` `InterlockedFlushSList` `FreeLibrary` `LoadLibraryExW` `ExitProcess` `GetModuleHandleExW` `GetModuleFileNameA` `HeapFree` `HeapAlloc` `GetACP` `GetStdHandle` `GetFileType` `IsValidLocale` `GetUserDefaultLCID` `EnumSystemLocalesW` `FindClose` `FindFirstFileExA` `FindNextFileA` `IsValidCodePage` `GetOEMCP` `GetCommandLineA` `GetCommandLineW` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `GetProcessHeap` `HeapReAlloc` `SetStdHandle` `HeapSize` `WriteFile` `GetConsoleCP` `GetConsoleMode` `SetFilePointerEx` `FlushFileBuffers` `WriteConsoleW` `CreateFileW`
USER32.dll	`LoadStringW`

Delayed Imports

V2Link

Ordinal	`1`
Address	`0x10e0`

V2Unlink

Ordinal	`2`
Address	`0x1110`

_V2Link@4

Ordinal	`3`
Address	`0x10e0`

_V2Unlink@0

Ordinal	`4`
Address	`0x1110`

63

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x9a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.8047`
MD5	`373cdeb470afa7c6de2a5f12a8303802`
SHA1	`cdb0e4c2e52ec5343f49050779c7cc041366d270`
SHA256	`9b6e2c1a5af7b120b745eea1a5ec0e9a680e4d424d32801f75121fdd577ce569`
SHA3	`49c7cf4a68e1bea0ee5186daf634eb185a7f2da82d045a56a728a53034bd39ad`

LICENSE

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5c1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.21512`
MD5	`d8297ba40b6195b98fb9be498363c046`
SHA1	`8cd046f3f46d79a45e83552f71ca0e93a9cab966`
SHA256	`8f303bdfa88bab7c0d9acc7d2eac18e0c0fbe7f4b81c3419f777e0842d0b5ad6`
SHA3	`75783ef876080b79e972461ec718ce75430d7d6103fa008395c3846c0d49c1c0`

String Table contents

DSPFilters License: https://github.com/vinniefalco/DSPFilters

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2023-Mar-01 06:34:54
Version	`0.0`
SizeofData	`41`
AddressOfRawData	`0x144b50`
PointerToRawData	`0x143f50`
Referenced File	wfTypicalDSP.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2023-Mar-01 06:34:54
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x144b7c`
PointerToRawData	`0x143f7c`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2023-Mar-01 06:34:54
Version	`0.0`
SizeofData	`856`
AddressOfRawData	`0x144b90`
PointerToRawData	`0x143f90`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2023-Mar-01 06:34:54
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x10144ef8`
EndAddressOfRawData	`0x10144f00`
AddressOfIndex	`0x1015fe20`
AddressOfCallbacks	`0x10112188`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0xa0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1014700c`
SEHandlerTable	`0x10144a60`
SEHandlerCount	`60`

RICH Header

XOR Key	`0xb5e39eee`
Unmarked objects	`0`
241 (40116)	`38`
243 (40116)	`131`
242 (40116)	`35`
C++ objects (VS 2015/2017 runtime 26706)	`54`
C objects (VS 2015/2017 runtime 26706)	`36`
ASM objects (VS 2015/2017 runtime 26706)	`21`
Imports (VS2008 SP1 build 30729)	`5`
Total imports	`96`
C++ objects (LTCG) (27048)	`20`
Exports (27048)	`1`
Resource objects (27048)	`1`
Linker (27048)	`1`

Errors

Leave a comment

No comments yet.