Manalyze report for a6a7e1dc78b7b086fae7546e04a4755a9c21d5bc423cb20f2b98f53681b02860

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Apr-29 12:56:32
Debug artifacts	D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb
CompanyName	Bypass Extreme
FileDescription	Bypass Extreme
FileVersion	`1.1.0.0`
InternalName	Bypass Extreme.dll
LegalCopyright
OriginalFilename	Bypass Extreme.dll
ProductName	Bypass Extreme
ProductVersion	`1.1.0`
Assembly Version	1.1.0.0

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Tries to detect virtualized environments: HARDWARE\DESCRIPTION\System` `Contains another PE executable: This program cannot be run in DOS mode.` `Contains domain names: go.microsoft.com google.com http://schemas.microsoft.com http://schemas.microsoft.com/winfx/2006/xaml http://schemas.microsoft.com/winfx/2006/xaml/presentation https://aka.ms https://bypass.cgxhub.in https://bypass.cgxhub.in/api/bypass https://bypass.cgxhub.in/api/user/info?username https://go.microsoft.com https://go.microsoft.com/fwlink/?linkid https://www.google.com microsoft.com microsoft.net schemas.microsoft.com www.google.com`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryExW LoadLibraryA GetProcAddress` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Can access the registry: RegOpenKeyExW RegGetValueW RegCloseKey` `Possibly launches other programs: ShellExecuteW`
Malicious	The file contains overlay data.	`6430334 bytes of data starting at offset 0x25000.` `The file contains a PE Executable after the PE data.` `Overlay data amounts for 97.6974% of the executable.`
Malicious	VirusTotal score: 4/70 (Scanned on 2026-05-31 14:45:54)	`APEX: Malicious` `ESET-NOD32: MSIL/Packed.VMProtect.E suspicious application` `Elastic: malicious (moderate confidence)` `Malwarebytes: Malware.AI.2453874359`

Hashes

MD5	`eefa74ef297d184d7c09b2209db14c89`
SHA1	`e3d852e50aa0fd47231d7bb6d10a38c98ae8c47d`
SHA256	`a6a7e1dc78b7b086fae7546e04a4755a9c21d5bc423cb20f2b98f53681b02860`
SHA3	`8c5a960e72165ce6427f9d35408d32c7a94ce45bdba149ce4c29b983bc4fb40e`
SSDeep	`98304:VPPa2mJHS8ra6FouZGo+u3Swso4FsbX6EPA5xpdBK8fN:7m4i7sxu3Swsoj6EoDpd48fN`
Imports Hash	`bb3ac2c21e02c68abcad237dc3fa6d00`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2026-Apr-29 12:56:32
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x16400`
SizeOfInitializedData	`0xf800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000011AD0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x2a000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x180000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`bd8169b934831f0d7c307541e15d253d`
SHA1	`7e23ea546068ff285112721e96d3ecbcf6e3ef7c`
SHA256	`fda83b7bc7753790cdb67b0cfc6cbd3ae7ae6d51e0303b1a18245142bdb4be85`
SHA3	`b03811287b26f9b48755371e7cded6fd71ffb50b7c7c601dfc05e45ab76d6aa2`
VirtualSize	`0x1629c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x16400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.34558`

.rdata

MD5	`5a05324b0f5c64a1e7290c4f1b74d196`
SHA1	`d0fc574b6b1e5912d36567bdb7d8524c63469939`
SHA256	`d8c2c1920f36e8211c3ec4c0c7442595c289537dcaf2636110fbd4f0bf45d18b`
SHA3	`c1ec17cb6fcb02ec418789dc87693122f862d06cc5fcd00a4dd04f1a9495e2a9`
VirtualSize	`0xbd1e`
VirtualAddress	`0x18000`
SizeOfRawData	`0xbe00`
PointerToRawData	`0x16800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.83624`

.data

MD5	`09fe0bb8665c0a23e3ea421252459868`
SHA1	`a66bfd130195ac81c429290bb14594dfe5f90e46`
SHA256	`a45b04c9c2e784cd02ae3f883f10e759e4f229cf0aeb76e39cb2a881f41a65d4`
SHA3	`4042db488af0b57cc1ef31c86cd2d2cd0ad042b2d3f19b70ff04a93fab25bcd6`
VirtualSize	`0x1838`
VirtualAddress	`0x24000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x22600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.40322`

.pdata

MD5	`837cf48bc20406f18cd363be8c3165c1`
SHA1	`6fd2ba564659c7a99523601241bd84a8e1c1df97`
SHA256	`8ec64d1641e6c662f6c059f8dd795fb6576f7e2578ef7b24bb02b1473260e3fe`
SHA3	`5d5ee6c8b0655201e420c7105a304733c76bb76757b33777aca844a8514a4c81`
VirtualSize	`0x141c`
VirtualAddress	`0x26000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x23000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.85413`

.reloc

MD5	`37812f81534460a128d06d0d29b2cb00`
SHA1	`8dcae4bb04c6e5e5d5a68d9e1d0bdc85c923ad95`
SHA256	`7d1932eae9901ec74760eb2c44a2df4a20f3a8bfb1a595db5dd20e43af7c73cf`
SHA3	`fa934fd7324404a9d4dd0c78dee6a4cbae71cf80f9cf2820ab6a74fe3716a019`
VirtualSize	`0x338`
VirtualAddress	`0x28000`
SizeOfRawData	`0x400`
PointerToRawData	`0x24600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.80573`

.rsrc

MD5	`7e1d59eb0089d6e0b8bc1bd9f18b48fc`
SHA1	`2435e98505b757e365cb19e47c4ee84faaf4f037`
SHA256	`badb78edf54253f7aa8a8216214c4c8c52493d3b8d95edf8b1af9bbb6f2d2256`
SHA3	`f8e1780108d6630001ec665a9d5642bb64fc7ef40e4220d1248eef1f8170c661`
VirtualSize	`0x56c`
VirtualAddress	`0x29000`
SizeOfRawData	`0x600`
PointerToRawData	`0x24a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.9513`

Imports

KERNEL32.dll	`FreeLibrary` `LoadLibraryExW` `OutputDebugStringW` `FindFirstFileExW` `EnterCriticalSection` `GetFullPathNameW` `FindNextFileW` `GetCurrentProcess` `GetModuleHandleExW` `GetModuleFileNameW` `LeaveCriticalSection` `GetEnvironmentVariableW` `GetModuleHandleW` `MultiByteToWideChar` `GetFileAttributesExW` `LoadLibraryA` `DeleteCriticalSection` `WideCharToMultiByte` `IsWow64Process` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `InitializeCriticalSectionAndSpinCount` `GetProcAddress` `GetWindowsDirectoryW` `FindResourceW` `GetLastError` `ActivateActCtx` `FindClose` `CreateActCtxW` `SetLastError` `RaiseException` `RtlPcToFileHeader` `RtlUnwindEx` `InitializeSListHead` `GetCurrentProcessId` `IsDebuggerPresent` `IsProcessorFeaturePresent` `TerminateProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `GetStringTypeW` `SwitchToThread` `GetCurrentThreadId` `InitializeCriticalSectionEx` `EncodePointer` `DecodePointer` `LCMapStringEx` `QueryPerformanceCounter` `GetSystemTimeAsFileTime`
USER32.dll	`MessageBoxW`
SHELL32.dll	`ShellExecuteW`
ADVAPI32.dll	`RegOpenKeyExW` `RegGetValueW` `DeregisterEventSource` `RegisterEventSourceW` `ReportEventW` `RegCloseKey`
api-ms-win-crt-runtime-l1-1-0.dll	`_invoke_watson` `__p___argc` `_exit` `exit` `_initterm_e` `_initterm` `_get_initial_wide_environment` `_initialize_wide_environment` `_configure_wide_argv` `_set_app_type` `_seh_filter_exe` `_cexit` `_crt_atexit` `_register_onexit_function` `_errno` `_initialize_onexit_table` `abort` `_c_exit` `_register_thread_local_exe_atexit_callback` `terminate` `__p___wargv`
api-ms-win-crt-stdio-l1-1-0.dll	`__acrt_iob_func` `_set_fmode` `fputwc` `__p__commode` `fputws` `_wfsopen` `fflush` `__stdio_common_vfwprintf` `__stdio_common_vsnwprintf_s` `__stdio_common_vswprintf` `setvbuf`
api-ms-win-crt-heap-l1-1-0.dll	`calloc` `_set_new_mode` `free` `_callnewh` `malloc`
api-ms-win-crt-string-l1-1-0.dll	`wcsncmp` `toupper` `strcmp` `strlen` `_wcsdup` `wcsnlen` `strcpy_s`
api-ms-win-crt-convert-l1-1-0.dll	`wcstoul` `_wtoi`
api-ms-win-crt-time-l1-1-0.dll	`wcsftime` `_gmtime64_s` `_time64`
api-ms-win-crt-locale-l1-1-0.dll	`___mb_cur_max_func` `_configthreadlocale` `___lc_codepage_func` `___lc_locale_name_func` `__pctype_func` `_lock_locales` `setlocale` `_unlock_locales`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2fc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.26623`
MD5	`429b17ab111bbb1eac0d0edc8d5fd72b`
SHA1	`dc78075daee4b22cf8c6128ccb98c740a594a59a`
SHA256	`70982fd99e00edd72023491d0c399e42c29d700cc1196cb50f2d774cd0e60913`
SHA3	`8822963655552f219832a308df54dde3696cb1becc63072df16bb7722d6adfd7`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1d0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.86233`
MD5	`0c26acea25cf0e410e45e8b26807884c`
SHA1	`714926f9f319cb7d49eae6f2c57d7986b202690e`
SHA256	`33d30803584516d396058750aebedeea0434f56c4ed42beca89307baa6eef284`
SHA3	`22bf90fe18e50b2ea41248b590733a1b9261746d899937f611213d04b9f47da4`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.1.0.0
ProductVersion	1.1.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	Bypass Extreme
FileDescription	Bypass Extreme
FileVersion (#2)	1.1.0.0
InternalName	Bypass Extreme.dll
LegalCopyright
OriginalFilename	Bypass Extreme.dll
ProductName	Bypass Extreme
ProductVersion (#2)	1.1.0
Assembly Version	1.1.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Apr-29 23:38:13
Version	`0.0`
SizeofData	`109`
AddressOfRawData	`0x2079c`
PointerToRawData	`0x1ef9c`
Referenced File	D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Apr-29 23:38:13
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x2080c`
PointerToRawData	`0x1f00c`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Apr-29 23:38:13
Version	`0.0`
SizeofData	`988`
AddressOfRawData	`0x20820`
PointerToRawData	`0x1f020`

TLS Callbacks

StartAddressOfRawData	`0x140020c48`
EndAddressOfRawData	`0x140020c58`
AddressOfIndex	`0x140025820`
AddressOfCallbacks	`0x1400184f0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140024080`
GuardCFCheckFunctionPointer	`5368808480`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x55c5acc4`
Unmarked objects	`0`
ASM objects (35207)	`10`
C objects (35207)	`12`
C++ objects (35207)	`87`
Imports (VS2008 SP1 build 30729)	`16`
Imports (33145)	`9`
Total imports	`204`
C++ objects (LTCG) (35225)	`10`
Linker (35225)	`1`

Errors

Leave a comment

No comments yet.