Manalyze report for 83d39c3a991f1afff9b9073fbc567453b537989d7f85fa619697f2807a6f1920

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Jun-20 07:12:20
TLS Callbacks	2 callback(s) detected.

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains obfuscated function names: 39 1a 14 11 39 1c 17 07 14 07 0c` `Contains domain names: https://files.catbox.moe https://files.catbox.moe/5z0529.mp3`
Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`fa75d76d61212982c1520e52af23c26d`
SHA1	`ef4b6c04307d5b4707751652e28815b374d564ab`
SHA256	`83d39c3a991f1afff9b9073fbc567453b537989d7f85fa619697f2807a6f1920`
SHA3	`9de02cf2045557e89735d9ac010ab37c271a100ce21a28ca01634f7938f56164`
SSDeep	`1536:xHa9pxWEB4LA4RU+5WqNrKqHA1V+73CMwYECm2MTyaWzIoW:xHMxWEB4Lh35WcrKqoIuCm2MTyaeI9`
Imports Hash	`f1e70ac1787b4084c14c2eeaaf164762`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`10`
TimeDateStamp	2026-Jun-20 07:12:20
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0xa600`
SizeOfInitializedData	`0x4e00`
SizeOfUninitializedData	`0xac00`
AddressOfEntryPoint	`0x00000000000013E0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x21000`
SizeOfHeaders	`0x400`
Checksum	`0x17445`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`190bdedd24221e5e9c4ca372c8d45598`
SHA1	`d078a75439f7e457ec5ec74b20c1cd125dfa75f9`
SHA256	`4235afc1d5e23d47d90390ca99944caee61fd610ac561802866daaaba92ac06e`
SHA3	`31cec2745feee7d3dcbc18ea812008934c1fe1e90dd74cbe75fe9c9ea30292fc`
VirtualSize	`0xa600`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.33386`

.data

MD5	`9d7c881cb59943579c729dc4affd6ad7`
SHA1	`98ad64c490ce50146fa3521ecdcd1f4142f4d35a`
SHA256	`5426de773cd885d2235715e054142fbf798aa9e4d561f40b3481bb48c50aef5e`
SHA3	`7516f80d0ef0535c75752b53a5dcc5b4d4147f57dc1b9dc78e7697d23d27fa54`
VirtualSize	`0x70`
VirtualAddress	`0xc000`
SizeOfRawData	`0x200`
PointerToRawData	`0xaa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.464107`

.rdata

MD5	`f6d0d74de1a5f8a228babb09a9f4304a`
SHA1	`7ebf3b362fdd4637c8ce1f922c1753a7ee403ddb`
SHA256	`2c308b07c553b0acfb0a5ac2d856866ce4c6186f7fe79cdd485729f229ee856a`
SHA3	`05759aa8b2d94a5772dfce93672237946d75098fbd32fe97d7e55a221adccf62`
VirtualSize	`0x2618`
VirtualAddress	`0xd000`
SizeOfRawData	`0x2800`
PointerToRawData	`0xac00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.46501`

.pdata

MD5	`d48829eb46696651514f370bf43dbea2`
SHA1	`bae6466cd520e290d629171badb35c65c6bd0fd0`
SHA256	`2a792b265bcb59b79a5c821bd20d582d8175b3640c2dfce60ecca1f008221b62`
SHA3	`1e30ea8a03458cf23b22e62d1843a272dc751f2c94f917014b2f7a4872a0e408`
VirtualSize	`0x45c`
VirtualAddress	`0x10000`
SizeOfRawData	`0x600`
PointerToRawData	`0xd400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.52518`

.xdata

MD5	`3ea388dbce1336da9c4538a7adb88467`
SHA1	`1059d4a9b16e212e9ca65b66407a9f92f9a087ac`
SHA256	`4f5876393d92e599a63ebe689f5506cd5276504c1ad79e9c3f709bfe10628a90`
SHA3	`ffcbca910a4f5f1cda431df5997781fe58017ddf4d5e90da866dbafaa773ffc9`
VirtualSize	`0x40c`
VirtualAddress	`0x11000`
SizeOfRawData	`0x600`
PointerToRawData	`0xda00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.27627`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xac00`
VirtualAddress	`0x12000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`63f6137700a98b6172a0d665ca9f009a`
SHA1	`28211042d302b5dd682b2cd4f2681fa28cf19e57`
SHA256	`e25bc8a4ddb635220f0d01b2e637191f99d66e766c33b656e32a71488bd1a02d`
SHA3	`976aac2839a4ee79b5f01951fe358b804c0e676826a488edb1cf0147d6c74159`
VirtualSize	`0xc2c`
VirtualAddress	`0x1d000`
SizeOfRawData	`0xe00`
PointerToRawData	`0xe000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.02607`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x10`
VirtualAddress	`0x1e000`
SizeOfRawData	`0x200`
PointerToRawData	`0xee00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`9d3e2c0d5977fc65bac788ca9c666713`
SHA1	`3258ec03fc6315a87594de229609b3dfb0485a43`
SHA256	`55599d3f7a24e026197893101405b1543c07018cd5c0c6b2848e3328e482a248`
SHA3	`1f68c2aebc70f92ec776c416bee3635222cf00b3a3c8c06dc46dfe3fa106fa1b`
VirtualSize	`0x4e8`
VirtualAddress	`0x1f000`
SizeOfRawData	`0x600`
PointerToRawData	`0xf000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.78258`

.reloc

MD5	`cfdb448974fdd153fa0053ee6fab9fbc`
SHA1	`a4006c9e243ff736f46e5d6a3b2f7d9e9abcd325`
SHA256	`02118178ec7854717352b76b9170a0186e9153217bbfb5bd2b36eb171d927730`
SHA3	`9e0061dc08ddfac0e632cf9f624c0f2154afb63ac354b991032472e326efcf24`
VirtualSize	`0xb0`
VirtualAddress	`0x20000`
SizeOfRawData	`0x200`
PointerToRawData	`0xf600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.06068`

Imports

KERNEL32.dll	`AllocConsole` `CloseHandle` `CreateFileA` `CreateFileMappingA` `CreateWaitableTimerW` `DeleteCriticalSection` `EnterCriticalSection` `GetConsoleMode` `GetCurrentProcess` `GetCurrentThread` `GetFileSize` `GetLastError` `GetModuleHandleA` `GetModuleHandleW` `GetProcAddress` `GetProcessHeap` `GetStdHandle` `GetSystemTimeAsFileTime` `GetTickCount` `GetTickCount64` `HeapAlloc` `HeapFree` `HeapReAlloc` `InitializeCriticalSection` `IsDBCSLeadByteEx` `LeaveCriticalSection` `LoadLibraryA` `MapViewOfFile` `MultiByteToWideChar` `ReadConsoleA` `ReadFile` `SetConsoleMode` `SetConsoleTitleA` `SetUnhandledExceptionFilter` `SetWaitableTimer` `Sleep` `TlsGetValue` `UnmapViewOfFile` `VirtualAlloc` `VirtualFree` `VirtualProtect` `VirtualQuery` `WideCharToMultiByte` `WriteConsoleA` `__C_specific_handler`
msvcrt.dll	`___lc_codepage_func` `___mb_cur_max_func` `__getmainargs` `__initenv` `__iob_func` `__set_app_type` `__setusermatherr` `_amsg_exit` `_cexit` `_commode` `_errno` `_fmode` `_initterm` `abort` `atexit` `calloc` `exit` `fprintf` `fputc` `free` `localeconv` `malloc` `memcmp` `memcpy` `memmove` `signal` `strerror` `strlen` `strncmp` `strstr` `vfprintf` `wcslen`
USER32.dll	`DispatchMessageW` `GetCursorPos` `MsgWaitForMultipleObjects` `PeekMessageW` `TranslateMessage`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x48f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.13793`
MD5	`5aa04ce935e78505e230765e85c34355`
SHA1	`6c93b8c5fde8be4b2231dca6b8ec513cdc82c991`
SHA256	`a73f26a8d504043f785d7360e8febf2eeb8522ec873a0d4dd5d1d4bfd1e67d3d`
SHA3	`149467cafc03ba34b33cd8076fc2771413760822357952de205dbae2b5cb8059`

Version Info

TLS Callbacks

StartAddressOfRawData	`0x14001e000`
EndAddressOfRawData	`0x14001e008`
AddressOfIndex	`0x14001c12c`
AddressOfCallbacks	`0x14000f5f0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x0000000140003B20` `0x0000000140003B00`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!

Leave a comment

No comments yet.