Manalyze report for a21a0bdaffa89215aaf103ca02ad1fba6606047c4e7d377073f8a2546d43acaf

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-May-03 23:47:10
TLS Callbacks	2 callback(s) detected.

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to RC5 or RC6`
Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata`
Malicious	VirusTotal score: 4/71 (Scanned on 2026-05-11 00:08:49)	`APEX: Malicious` `Bkav: W32.Malware.64B8880C` `CrowdStrike: win/malicious_confidence_70% (W)` `Symantec: ML.Attribute.HighConfidence`

Hashes

MD5	`a17d04b3fec79820140bacbe5fe537f8`
SHA1	`64bce25f20479a55c58b0774e1ecc1950c8dba21`
SHA256	`a21a0bdaffa89215aaf103ca02ad1fba6606047c4e7d377073f8a2546d43acaf`
SHA3	`d84d06501f9d1774c5cc6bd10777246cd8149e93fa5d77f0bb75d9de262d999c`
SSDeep	`24576:1VH6lLmZlZ/97TFcS/YaDOU5GSdMjft1zORkN4PBhB+f:SlLmNV7TFcS/YRUwSdM3KkNOB`
Imports Hash	`d096aa69ffda0ff96e26938264bf6146`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`9`
TimeDateStamp	2026-May-03 23:47:10
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0x186800`
SizeOfInitializedData	`0x3400`
SizeOfUninitializedData	`0x200`
AddressOfEntryPoint	`0x00000000000013F0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x191000`
SizeOfHeaders	`0x400`
Checksum	`0x192f43`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`036c1cba21d9e7c2cdcb5d307bf237f4`
SHA1	`00565fef39a3a02bc091d87bd9f4e27b77e3e5d5`
SHA256	`dbc74e79d0b444354094da58d805f4aff60cada52c7ace4e1ff4d3523b17a68b`
SHA3	`afd612d80c1268d10ff544cf069b7c38b857ccfd6050e42b6adb1027468a30e8`
VirtualSize	`0x186680`
VirtualAddress	`0x1000`
SizeOfRawData	`0x186800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.79489`

.data

MD5	`a76ff6d0ca709ac92e8cb5ff87095696`
SHA1	`88607534375b74a985e6457901088c8d8b178a87`
SHA256	`eb9e48cd0e97704d711178c984ffc07417fff90e85851b6f9b335cebb64f0662`
SHA3	`f88a6946fdff2dd0a3168e2c95c4fd7e94023ea38be952bba6e1bd3249758849`
VirtualSize	`0x120`
VirtualAddress	`0x188000`
SizeOfRawData	`0x200`
PointerToRawData	`0x186c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.64709`

.rdata

MD5	`b596e0d9e6d304df26d110d1a4148bd0`
SHA1	`3f247ca32dbabf18ed16fcac1fc631f5f08346d8`
SHA256	`50d28b98e3153a719111d70d3f9fef0ebc75c09354609c060ed7030157e73923`
SHA3	`d5143df7acdd2e253a6458ff524c93c635e5cd2246ec123e3337dfe4f1852eba`
VirtualSize	`0x1d48`
VirtualAddress	`0x189000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0x186e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.93541`

.pdata

MD5	`fd9a44fd2b4a4a2007fc6a3d9ea1bef9`
SHA1	`bcc39b37b95081a8c5019462803371ef213cbae9`
SHA256	`dd89be7e4dbf0e8e6dbcb346f5c746ecad82d1f8f82384f8c2e6472e597f1589`
SHA3	`20e8723fd2c52a4105efaaf1fda5a37f0123977088d5d7bf03e9984d2294ada1`
VirtualSize	`0x228`
VirtualAddress	`0x18b000`
SizeOfRawData	`0x400`
PointerToRawData	`0x188c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.84347`

.xdata

MD5	`49eb09f41e4f0006e9d5ead4e891aeba`
SHA1	`aa263d22b4564fc1473c143e413afc51eb6fb6d3`
SHA256	`8ebe981a1648c356da260e332eda711cc59c721a65b5481172f351b637e5fa95`
SHA3	`aafdd434ca4a8488e0a35bb7c5f47943c85a7dcd9b24ba0b293b383a34800565`
VirtualSize	`0x1c0`
VirtualAddress	`0x18c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x189000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.69286`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x1a0`
VirtualAddress	`0x18d000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`aa6e3c039a9166f1bdac5f9540bda5a9`
SHA1	`c793612728b530f73a5d00154ddd7c8489eecbf1`
SHA256	`d735883e9d161c25654cb7847afbce5a6370274c7b8fc62e51493bf7cffaad27`
SHA3	`47a1980240ef965d6449a9d2b53029daf3be80b8f1cc9ea48fe678a2246b4802`
VirtualSize	`0x930`
VirtualAddress	`0x18e000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x189200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.04981`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x10`
VirtualAddress	`0x18f000`
SizeOfRawData	`0x200`
PointerToRawData	`0x189c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.reloc

MD5	`3e01ee2c1f40dde9b5ade58f5e4c72a9`
SHA1	`1e5ba47c105ceb528efb3961a4442d31a0dc9952`
SHA256	`0b78b4bc13f74f5414d5551f3802623c39c62f2a19390b9b04d641ebcc0432c6`
SHA3	`de74ee655eec9472cdcc36e254b12170d7b17bb23d2aada6ab80841a9e7673a4`
VirtualSize	`0x84`
VirtualAddress	`0x190000`
SizeOfRawData	`0x200`
PointerToRawData	`0x189e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.75622`

Imports

KERNEL32.dll	`DeleteCriticalSection` `EnterCriticalSection` `GetLastError` `InitializeCriticalSection` `LeaveCriticalSection` `SetUnhandledExceptionFilter` `Sleep` `TlsGetValue` `VirtualProtect` `VirtualQuery`
api-ms-win-crt-conio-l1-1-0.dll	`_getch`
api-ms-win-crt-environment-l1-1-0.dll	`__p__environ` `getenv`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `calloc` `free` `malloc`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-private-l1-1-0.dll	`__C_specific_handler` `memcpy`
api-ms-win-crt-runtime-l1-1-0.dll	`__p___argc` `__p___argv` `_cexit` `_configure_narrow_argv` `_crt_atexit` `_exit` `_initialize_narrow_environment` `_set_app_type` `_initterm` `_initterm_e` `_set_invalid_parameter_handler` `abort` `exit` `signal`
api-ms-win-crt-stdio-l1-1-0.dll	`__acrt_iob_func` `__p__commode` `__p__fmode` `__stdio_common_vfprintf` `fgets` `fputs` `fwrite` `putchar`
api-ms-win-crt-string-l1-1-0.dll	`strcspn` `strlen` `strncmp`

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData	`0x14018f000`
EndAddressOfRawData	`0x14018f008`
AddressOfIndex	`0x14018d08c`
AddressOfCallbacks	`0x14018ad20`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x0000000140186320` `0x0000000140186300`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!

Leave a comment

No comments yet.