Manalyze report for a02e1a12b2ef568fb9380e46af15f117a341ca8b0c7fb2a9179bae410d7dc0a8

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Jun-20 07:28:31
TLS Callbacks	2 callback(s) detected.

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`cad3db473988b61946c6f739dca690fb`
SHA1	`d2f31523b9442c47e9ddf9ad11541b6a49f266e9`
SHA256	`a02e1a12b2ef568fb9380e46af15f117a341ca8b0c7fb2a9179bae410d7dc0a8`
SHA3	`f3aa6d8aa3bcf58061e333aa239ea39dd7d644af659796824197579c1e465d5e`
SSDeep	`1536:yCJSeTcn9pxLAYkUW5WqNrKqHAOAIUCMcEVmGlpTylYsQW:yCJSeQn9pxLBe5WcrKqTOXVmGlpTyas`
Imports Hash	`1a03b5e0e48f221918f07bcefbac2768`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`10`
TimeDateStamp	2026-Jun-20 07:28:31
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0xa800`
SizeOfInitializedData	`0x4a00`
SizeOfUninitializedData	`0xae00`
AddressOfEntryPoint	`0x00000000000013E0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x21000`
SizeOfHeaders	`0x400`
Checksum	`0x16c58`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b6d07ca7db3a45b81695eb62b980cd5f`
SHA1	`111cc2e685370069d73794e928c0ce3f8efc50b9`
SHA256	`bd39f19c6df493cbf3808add54b1c0c138a7988ed7d6992ff06c8e4487e38b6a`
SHA3	`28c2f97d561f9535d1d60582d4152215ba440c0fc2331d7d99e457187b164e0f`
VirtualSize	`0xa7a0`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.32658`

.data

MD5	`c96954132c17d8362761c418ebd35e4f`
SHA1	`e3733d04af71aac4ab5b5a65333c6403233aa0f8`
SHA256	`fa0b5a9834e40f0764a0836f9aca4967119f38a4ddb83861f49d158906251fb8`
SHA3	`c4d2eea39a1ab8da57dd51d67e7661d92333eef432bb1dba369dac53b4dc4e0e`
VirtualSize	`0x70`
VirtualAddress	`0xc000`
SizeOfRawData	`0x200`
PointerToRawData	`0xac00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.461675`

.rdata

MD5	`02f045f11db032cbbe90ebe2b62358a4`
SHA1	`98f4a019a6296dd768af3b5ecfab2354452cf60c`
SHA256	`0d659edde793ee2b5fdc1d693f160916cacf6d981ae10fbeb5bc802ecbf7f51e`
SHA3	`ee0e334c7aa583ad047fd381c95e2cec3b36a0913f18182a04a1211051466401`
VirtualSize	`0x24d8`
VirtualAddress	`0xd000`
SizeOfRawData	`0x2600`
PointerToRawData	`0xae00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.69386`

.pdata

MD5	`461ef575b7b25e2c5d480ad2be7bfab0`
SHA1	`c47d4b4762cdfd24c0aadf7c28e34b6f01f15a24`
SHA256	`7062eeb5dd37c751aaa9364f087838e69ac12efbca060dbca3ff6be3871cb5a1`
SHA3	`cc9a810d0499fc5ed9c6cacbb84d137fcecb9725ca06ee100d530227009464b1`
VirtualSize	`0x45c`
VirtualAddress	`0x10000`
SizeOfRawData	`0x600`
PointerToRawData	`0xd400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.54706`

.xdata

MD5	`d697946b27eb629c6c5867125d8a3c2a`
SHA1	`9ddacacaaf2c609a7b83e5f86ba632a1c07dd5bc`
SHA256	`588e33d75ac436d4769a84c31dc308b7e32a2411c2884b95c423fe01a7987d5c`
SHA3	`9cc8e7ecb1a8764e025f540d35cd6d62b129e3ef7909af2334e7964f10e1f93a`
VirtualSize	`0x40c`
VirtualAddress	`0x11000`
SizeOfRawData	`0x600`
PointerToRawData	`0xda00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.29501`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xac20`
VirtualAddress	`0x12000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`d2146c841b867bf5ac053d5f20b289e9`
SHA1	`076aa3359f1d6159927f317add94cbb40e619d60`
SHA256	`bd641e0c05297ebdec7b47622d9b1b41e716abc997b4866328bba0ebf9e71176`
SHA3	`06985abd70ca5ede46c3a047929cf17a653eafd1f55f09825f53b4b2eddc9f85`
VirtualSize	`0xbe0`
VirtualAddress	`0x1d000`
SizeOfRawData	`0xc00`
PointerToRawData	`0xe000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.41353`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x10`
VirtualAddress	`0x1e000`
SizeOfRawData	`0x200`
PointerToRawData	`0xec00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`9d3e2c0d5977fc65bac788ca9c666713`
SHA1	`3258ec03fc6315a87594de229609b3dfb0485a43`
SHA256	`55599d3f7a24e026197893101405b1543c07018cd5c0c6b2848e3328e482a248`
SHA3	`1f68c2aebc70f92ec776c416bee3635222cf00b3a3c8c06dc46dfe3fa106fa1b`
VirtualSize	`0x4e8`
VirtualAddress	`0x1f000`
SizeOfRawData	`0x600`
PointerToRawData	`0xee00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.78258`

.reloc

MD5	`39f987e0a33cf5574e0afe6819bcdeee`
SHA1	`1a4f3e86b99d1a16ce08dbfbe8945518deffa130`
SHA256	`deba622b10426d8018642c7e8f08a513af4a48dfcbe10a15401ee709538f7d03`
SHA3	`f9031a67e10f72188822424f3d6d46273fa8747d4ca7ae12528052dba106ff51`
VirtualSize	`0x6c`
VirtualAddress	`0x20000`
SizeOfRawData	`0x200`
PointerToRawData	`0xf400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.31557`

Imports

KERNEL32.dll	`AllocConsole` `CloseHandle` `CreateFileA` `CreateFileMappingA` `CreateWaitableTimerW` `DeleteCriticalSection` `EnterCriticalSection` `GetConsoleMode` `GetCurrentProcess` `GetCurrentThread` `GetFileSize` `GetLastError` `GetModuleHandleA` `GetModuleHandleW` `GetProcessHeap` `GetStdHandle` `GetSystemTimeAsFileTime` `GetTickCount` `GetTickCount64` `HeapAlloc` `HeapFree` `HeapReAlloc` `InitializeCriticalSection` `IsDBCSLeadByteEx` `LeaveCriticalSection` `LoadLibraryA` `MapViewOfFile` `MultiByteToWideChar` `ReadConsoleA` `ReadFile` `SetConsoleMode` `SetConsoleTitleA` `SetUnhandledExceptionFilter` `SetWaitableTimer` `Sleep` `TlsGetValue` `UnmapViewOfFile` `VirtualFree` `VirtualProtect` `VirtualQuery` `WideCharToMultiByte` `WriteConsoleA` `__C_specific_handler`
msvcrt.dll	`___lc_codepage_func` `___mb_cur_max_func` `__getmainargs` `__initenv` `__iob_func` `__set_app_type` `__setusermatherr` `_amsg_exit` `_cexit` `_commode` `_errno` `_fmode` `_initterm` `abort` `atexit` `calloc` `exit` `fprintf` `fputc` `free` `localeconv` `malloc` `memcmp` `memcpy` `memmove` `signal` `strerror` `strlen` `strncmp` `strstr` `vfprintf` `wcslen`
USER32.dll	`DispatchMessageW` `GetCursorPos` `MsgWaitForMultipleObjects` `PeekMessageW` `TranslateMessage`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x48f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.13793`
MD5	`5aa04ce935e78505e230765e85c34355`
SHA1	`6c93b8c5fde8be4b2231dca6b8ec513cdc82c991`
SHA256	`a73f26a8d504043f785d7360e8febf2eeb8522ec873a0d4dd5d1d4bfd1e67d3d`
SHA3	`149467cafc03ba34b33cd8076fc2771413760822357952de205dbae2b5cb8059`

Version Info

TLS Callbacks

StartAddressOfRawData	`0x14001e000`
EndAddressOfRawData	`0x14001e008`
AddressOfIndex	`0x14001c14c`
AddressOfCallbacks	`0x14000f4b0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x0000000140003C70` `0x0000000140003C50`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!

Leave a comment

No comments yet.