Manalyze report for a4e300298aa774bc033505fbf086a3cb956eb718f0c9f3c4c48463775be7f40e

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Feb-25 16:26:52
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Suspicious	The PE is possibly packed.	Unusual section name found: .-,` `Unusual section name found: .JMH` `Unusual section name found: .s^_`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryW LoadLibraryA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Code injection capabilities (process hollowing): ResumeThread SetThreadContext WriteProcessMemory` `Can access the registry: RegQueryValueExA RegOpenKeyExA RegCloseKey` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc` `Manipulates other processes: WriteProcessMemory`
Malicious	VirusTotal score: 42/71 (Scanned on 2026-06-03 15:25:29)	`ALYac: Gen:Variant.Tedy.935265` `APEX: Malicious` `AVG: Win64:MalwareX-gen [Misc]` `Antiy-AVL: Trojan[Packed]/Win32.VMProtect` `Arcabit: Trojan.Tedy.DE4561` `Avast: Win64:MalwareX-gen [Misc]` `Avira: TR/W64.Agent` `BitDefender: Gen:Variant.Tedy.935265` `Bkav: W32.Malware.1E7C0F97` `CTX: dll.trojan.vmprotect` `CrowdStrike: win/malicious_confidence_100% (W)` `Cylance: Unsafe` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `ESET-NOD32: Win32/Packed.VMProtect.ACT trojan` `Elastic: malicious (moderate confidence)` `Emsisoft: Gen:Variant.Tedy.935265 (B)` `F-Secure: Trojan.TR/W64.Agent` `Fortinet: W32/PossibleThreat` `GData: Gen:Variant.Tedy.935265` `Google: Detected` `Gridinsoft: Trojan.Win64.Packed.cl` `Ikarus: Trojan.Win32.VMProtect` `Lionic: Trojan.Win32.VMProtect.4!c` `Malwarebytes: VMProtect.Trojan.MalPack.DDS` `MaxSecure: Trojan.Malware.324995110.susgen` `McAfeeD: ti!A4E300298AA7` `MicroWorld-eScan: Gen:Variant.Tedy.935265` `Microsoft: Trojan:Win32/Wacatac.B!ml` `Paloalto: generic.ml` `SentinelOne: Static AI - Suspicious PE` `Skyhigh: BehavesLike.Win64.Injector.vc` `Sophos: Mal/Generic-S` `Symantec: Trojan.Gen.MBT` `Trapmine: suspicious.low.ml.score` `TrellixENS: Artemis!51A176AEC611` `TrendMicro: Trojan.Win64.VMPROTECT.USBLCM26` `TrendMicro-HouseCall: Trojan.Win64.VMPROTECT.USBLCM26` `VIPRE: Gen:Variant.Tedy.935265` `Varist: W64/ABTrojan.AIEI-9241` `Zillya: Trojan.VMProtect.Win32.144342` `alibabacloud: VirTool:Win/Packed.VMProtect.AWB`

Hashes

MD5	`51a176aec611b717b17ba600e03b4c70`
SHA1	`e639c0da591f9b2ba695565e2a949887e27654ac`
SHA256	`a4e300298aa774bc033505fbf086a3cb956eb718f0c9f3c4c48463775be7f40e`
SHA3	`36613a8613f6c277db4302fcdbb8d4ac4f648e2e6e979ff97e589b92c685788b`
SSDeep	`98304:0jP189JvqydSujLE4dS7NYL4kQpKg859AM/Y8/1wCXYuQTbfKteSWdcfmwVG/:K189JvqydEHkQpAHZ/76NKE+ews`
Imports Hash	`5a2d73814d87753619fa56f818d15e42`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`9`
TimeDateStamp	2026-Feb-25 16:26:52
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x4e00`
SizeOfInitializedData	`0x4600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000004286C9 (Section: .s^_)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x679000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`ea38791356e60c6c819abc94a6c9498a`
SHA1	`c7c57effbe8eafd4abfb645f7a5fd1a6b1393035`
SHA256	`e91616f3e915c88e2443f1ce7768b94d21b48bab4e820e969077025ca55c959c`
SHA3	`cd99de61678c00efa60e074d88649fdd611e4e26de3c53a0e99d84db01e73f94`
VirtualSize	`0x4c55`
VirtualAddress	`0x1000`
SizeOfRawData	`0x4e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.35013`

.rdata

MD5	`9151222336a7d78885636e03a352b3f6`
SHA1	`fe768e74653675f8be44e201cc0224b50576d450`
SHA256	`eb3cdac02dd8acc7836f60cfb3e64fc90588b2c78dc39ba256a0420c6657ea05`
SHA3	`fa77730f6f05f7fc1adabd66fdf5b0603f1865272b602e13bbc6d0e5fb49fcb8`
VirtualSize	`0x2c5c`
VirtualAddress	`0x6000`
SizeOfRawData	`0x2e00`
PointerToRawData	`0x5200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.77391`

.data

MD5	`a436a5058cd531edec20a3ae64238e15`
SHA1	`8dde33fe1f6796c9dc11df6111577b33ce954212`
SHA256	`20a0b9d6948a7cdaac9c9beb8eadddeb77f9fbb6cf686d68a0dd299fb9394650`
SHA3	`06e140b46459d108ba3774f30ea6d339bcae9de525189f2b5b823faa8c8355f6`
VirtualSize	`0xd18`
VirtualAddress	`0x9000`
SizeOfRawData	`0x800`
PointerToRawData	`0x8000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.14925`

.pdata

MD5	`8dcdc1abe9d1763737c79440674260a0`
SHA1	`ecd7b9c9e771cf2bff2c3b637b9cbb78801c87f4`
SHA256	`0c181dd67fa4d8bcc08c8f70e6cb06e1b0b7278853d2c15ee163e06bbc76cb5f`
SHA3	`8cf62ac97d49655c3011d98d5afb9df8ba45b261efade726c9e79f42fc57a749`
VirtualSize	`0x5d0`
VirtualAddress	`0xa000`
SizeOfRawData	`0x600`
PointerToRawData	`0x8800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.56659`

.-,`

MD5	`20fe154cd9fd96771df1a08aa81a311b`
SHA1	`55e818b4c630c10a7abb3c87c6ef340d33267736`
SHA256	`cf42a223208702dadf6954bf092a3285891ab8df8bc7fd01100888fb16f3c5d0`
SHA3	`f321e4fef4623a41bcece1c69bdefd631f240e73182e22888ab03b41ac2d0ea0`
VirtualSize	`0x3fc515`
VirtualAddress	`0xb000`
SizeOfRawData	`0x3fc600`
PointerToRawData	`0x8e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.66543`

.JMH

MD5	`febeea72e5d483140898085651c1c1a4`
SHA1	`ebbe664c6d6c377f1abfa36a4e9e2acf83d14dfc`
SHA256	`574b892e8a5eb7640f19eb40258c0a3db0903ddd8cc752aa023cbe80382d73ac`
SHA3	`5875f61dbae84144ca2c0b28ca277dbc17e6473b4f4a355aad59ece0579cba5c`
VirtualSize	`0x9d8`
VirtualAddress	`0x408000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x405400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.44948`

.s^_

MD5	`6a1a82c5824a72c9768d006013838909`
SHA1	`397742796e9658a01609a78fe1bdebdad3e290c9`
SHA256	`e7eab05c2945dc4823325915814b11d3eca28419cd9629f291ca12626ba698f4`
SHA3	`f845249dcb9a01e900e24ef2ae0da0c41a714e653f3beedaa432da13a698c5ff`
VirtualSize	`0x26de90`
VirtualAddress	`0x409000`
SizeOfRawData	`0x26e000`
PointerToRawData	`0x405e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`7.5413`

.reloc

MD5	`37f6b8f5e1254beddba62954492c748c`
SHA1	`313cf234eeef990fdbab1ef2efec92a53a13f445`
SHA256	`c32b42489f72a536d3a69c9b92f9f5ab106336f0e41e8f3c33c71d1a43a4c870`
SHA3	`8c597e4c52fa1a1b298b7b01847193f16bcfa5a155aba2d7db942c1bcf2615f1`
VirtualSize	`0x430`
VirtualAddress	`0x677000`
SizeOfRawData	`0x600`
PointerToRawData	`0x673e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.23102`

.rsrc

MD5	`1c2647a51c514c87ee3340742ce08257`
SHA1	`5ddb8b78641ecd7652a066b5e1e032d269225e68`
SHA256	`6cbbe98d5b2bfc4107213b9fd130bb443a0014788e6dcef29af4beb297a0c0f8`
SHA3	`d074adc59809f8acc8fe012b5e638be1c097d237200edca2bad439231f1a148e`
VirtualSize	`0xe9`
VirtualAddress	`0x678000`
SizeOfRawData	`0x200`
PointerToRawData	`0x674400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.52201`

Imports

KERNEL32.dll	`GetProcAddress` `HeapDestroy` `HeapCreate` `LoadLibraryW` `VirtualProtect` `HeapAlloc` `DisableThreadLibraryCalls` `GetModuleHandleW` `GetLastError` `CloseHandle` `HeapFree` `Sleep` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThreadId` `OpenThread` `SuspendThread` `ResumeThread` `GetThreadContext` `SetThreadContext` `FlushInstructionCache` `CreateToolhelp32Snapshot` `Thread32First` `Thread32Next` `GetSystemInfo` `VirtualAlloc` `VirtualFree` `VirtualQuery` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `HeapReAlloc`
USER32.dll	`MessageBoxA`
ADVAPI32.dll	`RegQueryValueExA` `RegOpenKeyExA` `RegCloseKey`
MSVCP140.dll	`?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z` `?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?_Xlength_error@std@@YAXPEBD@Z` `?_Xbad_alloc@std@@YAXXZ` `?_Xinvalid_argument@std@@YAXPEBD@Z` `?_Xout_of_range@std@@YAXPEBD@Z` `?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `??Bios_base@std@@QEBA_NXZ`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`__C_specific_handler` `__std_exception_copy` `__std_terminate` `_CxxThrowException` `__std_type_info_destroy_list` `__std_exception_destroy` `memset` `memcpy`
api-ms-win-crt-runtime-l1-1-0.dll	`_initterm_e` `_seh_filter_dll` `_configure_narrow_argv` `_errno` `_invoke_watson` `_initialize_narrow_environment` `_initialize_onexit_table` `_execute_onexit_table` `_cexit` `_initterm`
api-ms-win-crt-convert-l1-1-0.dll	`strtol`
api-ms-win-crt-heap-l1-1-0.dll	`free` `malloc` `_callnewh`
KERNEL32.dll (#2)	`GetProcAddress` `HeapDestroy` `HeapCreate` `LoadLibraryW` `VirtualProtect` `HeapAlloc` `DisableThreadLibraryCalls` `GetModuleHandleW` `GetLastError` `CloseHandle` `HeapFree` `Sleep` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThreadId` `OpenThread` `SuspendThread` `ResumeThread` `GetThreadContext` `SetThreadContext` `FlushInstructionCache` `CreateToolhelp32Snapshot` `Thread32First` `Thread32Next` `GetSystemInfo` `VirtualAlloc` `VirtualFree` `VirtualQuery` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `HeapReAlloc`
USER32.dll (#2)	`MessageBoxA`
KERNEL32.dll (#3)	`GetProcAddress` `HeapDestroy` `HeapCreate` `LoadLibraryW` `VirtualProtect` `HeapAlloc` `DisableThreadLibraryCalls` `GetModuleHandleW` `GetLastError` `CloseHandle` `HeapFree` `Sleep` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThreadId` `OpenThread` `SuspendThread` `ResumeThread` `GetThreadContext` `SetThreadContext` `FlushInstructionCache` `CreateToolhelp32Snapshot` `Thread32First` `Thread32Next` `GetSystemInfo` `VirtualAlloc` `VirtualFree` `VirtualQuery` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `HeapReAlloc`

Delayed Imports

LHOOK

Ordinal	`1`
Address	`0x2070`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x91`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.8858`
MD5	`f7ad1eab748bc07570a57ec87787cf90`
SHA1	`0b1608da9fef218386e825db575c65616826d9f4`
SHA256	`d2952e57023848a37fb0f21f0dfb38c9000f610ac2b00c2f128511dfd68bde04`
SHA3	`6c9541b36948c19ae507d74223621875b3af4064f7cd8200bdb97e15a047e96a`

Version Info

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x180009240`

RICH Header

Errors

Leave a comment

No comments yet.