Manalyze report for a76ccd522674b7107c7b2f48c5eaff1ed0094f22b9156b3e509d0243995186aa

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Oct-30 22:38:51

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Looks for Qemu presence: qEMu`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: GetTempPathW CreateFileW` `Functions related to the privilege level: OpenProcessToken` `Enumerates local disk drives: GetDriveTypeW`
Suspicious	The file contains overlay data.	`23463831 bytes of data starting at offset 0x52e00.` `The overlay data has an entropy of 7.99785 and is possibly compressed or encrypted.` `Overlay data amounts for 98.5739% of the executable.`
Malicious	VirusTotal score: 6/72 (Scanned on 2026-03-13 18:47:02)	`APEX: Malicious` `Bkav: W64.AIDetectMalware` `CrowdStrike: win/malicious_confidence_90% (D)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `Elastic: malicious (moderate confidence)`

Hashes

MD5	`dc4764f3f989faf40d500a34c555bae5`
SHA1	`17f4ff023d84527023fd27e92874f46235e834d6`
SHA256	`a76ccd522674b7107c7b2f48c5eaff1ed0094f22b9156b3e509d0243995186aa`
SHA3	`81196662c6cc71f2849107fd8ab3d947c93128cf40ffd3c7348dbd5a3d61c72d`
SSDeep	`393216:IpNsTx2YXT/+W8FIL2Vmd6m+a44uwxjaiWv49rkA2ndE0GzajaE3+d9KecyqdpX:IYyW8FIyVmdSdwVaPw9rkDEEbOd9K/y`
Imports Hash	`dcaf48c1f10b0efa0a4472200f3850ed`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2025-Oct-30 22:38:51
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x2be00`
SizeOfInitializedData	`0x26c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000000DA30 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x5c000`
SizeOfHeaders	`0x400`
Checksum	`0x16bc19d`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x1e8480`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`79078dae5994611672a1080749101869`
SHA1	`be9c7a11814f7e654435b7b2a858df7738f0241a`
SHA256	`1180a0bbf2679ba2720454c832cc6b01ea5bbeaee37609b47ddc1bf806e7d9da`
SHA3	`7de9be818a2c3f66ad004fa3e393e42ef976f3b4b7b6931e4953031ae23eb158`
VirtualSize	`0x2bd80`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2be00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.47403`

.rdata

MD5	`62208efd2df5ded74bef5f1968c09d05`
SHA1	`dd9b018f2c5e7a687a5fe1196f610432dff0417d`
SHA256	`38b676943e8e1f19b010fd6cc8ce8a717e855707ceb59fdb5436abf1a7c70d98`
SHA3	`a635ad3f5c7a1765db41f609874c767e587cfc36f57525df86b747e654baa60a`
VirtualSize	`0x13968`
VirtualAddress	`0x2d000`
SizeOfRawData	`0x13a00`
PointerToRawData	`0x2c200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.74438`

.data

MD5	`e0a74fb607d827b7f2943febfe00c7d1`
SHA1	`d20b33e2d420135a15643e84ab2baac0d80c55a5`
SHA256	`8148ddc2a533e179fc88c07354adf34ed86333daaebd0891e86993c082233de5`
SHA3	`55830dfaa0f7dcbdcc4b4a494eebc43dc5a9965a4efe4398e65026dbef32d5ec`
VirtualSize	`0x50b0`
VirtualAddress	`0x41000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x3fc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.81901`

.pdata

MD5	`8de57d92d89fc5d4db9828c2663f55ee`
SHA1	`90f19cf10cbb12507a9ed4b275065147758888d6`
SHA256	`76d215d188c2739fa2991be73942f6552065d66409fd48a98c8ed6c84bbd12fd`
SHA3	`59af4ab2b1e601cc6818a4181762a6a0739d311ba69acaa2510fed60bfee1d0a`
VirtualSize	`0x23dc`
VirtualAddress	`0x47000`
SizeOfRawData	`0x2400`
PointerToRawData	`0x40a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.47251`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x100`
VirtualAddress	`0x4a000`
SizeOfRawData	`0x200`
PointerToRawData	`0x42e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`6f4f1410a6586c0ee29768cd1c08deb3`
SHA1	`7b58433c2c589f3dc5f742a5dc86790b8f4ff420`
SHA256	`d62d7db0f6a97a884a355dc558c7c0b9177d740cfef85d5b79878a117524db87`
SHA3	`2fbd9a864124e40158f9abdf9a1661e413497f0acba4cae3fb6f621fcda741cd`
VirtualSize	`0xf41c`
VirtualAddress	`0x4b000`
SizeOfRawData	`0xf600`
PointerToRawData	`0x43000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.55497`

.reloc

MD5	`66c54168d4d2ad0a461ee561d8a0c79d`
SHA1	`74d880349b51dce02fd33f4b07c9bc72fe3f7a60`
SHA256	`977618f629e78ac49a41fc8407054bc51db7413ba82183c901835b7731d2a79e`
SHA3	`c244ee7f42dd35f36c4a8182b272540e318fdd40c7b00a5f5676f735577a6c22`
VirtualSize	`0x774`
VirtualAddress	`0x5b000`
SizeOfRawData	`0x800`
PointerToRawData	`0x52600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.26264`

Imports

USER32.dll	`CreateWindowExW` `ShutdownBlockReasonCreate` `MsgWaitForMultipleObjects` `ShowWindow` `DestroyWindow` `RegisterClassW` `DefWindowProcW` `PeekMessageW` `DispatchMessageW` `TranslateMessage` `PostMessageW` `GetMessageW` `MessageBoxW` `MessageBoxA` `SystemParametersInfoW` `DestroyIcon` `SetWindowLongPtrW` `GetWindowLongPtrW` `GetClientRect` `InvalidateRect` `ReleaseDC` `GetDC` `DrawTextW` `GetDialogBaseUnits` `EndDialog` `DialogBoxIndirectParamW` `MoveWindow` `SendMessageW`
COMCTL32.dll	`#380`
KERNEL32.dll	`GetACP` `IsValidCodePage` `GetStringTypeW` `GetFileAttributesExW` `SetEnvironmentVariableW` `FlushFileBuffers` `LCMapStringW` `CompareStringW` `VirtualProtect` `InitializeCriticalSectionEx` `GetOEMCP` `GetCPInfo` `GetLastError` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `GetModuleHandleW` `MulDiv` `FormatMessageW` `GetModuleFileNameW` `SetDllDirectoryW` `GetEnvironmentStringsW` `SetErrorMode` `CreateDirectoryW` `GetCommandLineW` `GetEnvironmentVariableW` `ExpandEnvironmentStringsW` `DeleteFileW` `FindClose` `FindFirstFileW` `FindNextFileW` `GetDriveTypeW` `RemoveDirectoryW` `GetTempPathW` `CloseHandle` `QueryPerformanceCounter` `QueryPerformanceFrequency` `WaitForSingleObject` `Sleep` `GetCurrentProcess` `TerminateProcess` `GetExitCodeProcess` `CreateProcessW` `GetStartupInfoW` `LocalFree` `SetConsoleCtrlHandler` `K32EnumProcessModules` `K32GetModuleFileNameExW` `CreateFileW` `FindFirstFileExW` `GetFinalPathNameByHandleW` `MultiByteToWideChar` `WideCharToMultiByte` `FlsFree` `FreeEnvironmentStringsW` `GetProcessHeap` `GetTimeZoneInformation` `HeapSize` `HeapReAlloc` `WriteConsoleW` `SetEndOfFile` `CreateSymbolicLinkW` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsProcessorFeaturePresent` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `RtlUnwindEx` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `EncodePointer` `RaiseException` `RtlPcToFileHeader` `GetCommandLineA` `GetFileInformationByHandle` `GetFileType` `PeekNamedPipe` `SystemTimeToTzSpecificLocalTime` `FileTimeToSystemTime` `ReadFile` `GetFullPathNameW` `SetStdHandle` `GetStdHandle` `WriteFile` `ExitProcess` `GetModuleHandleExW` `HeapFree` `GetConsoleMode` `ReadConsoleW` `SetFilePointerEx` `GetConsoleOutputCP` `GetFileSizeEx` `HeapAlloc` `GetCurrentDirectoryW` `FlsAlloc` `FlsGetValue` `FlsSetValue`
ADVAPI32.dll	`OpenProcessToken` `GetTokenInformation` `ConvertStringSecurityDescriptorToSecurityDescriptorW` `ConvertSidToStringSidW`
GDI32.dll	`SelectObject` `DeleteObject` `CreateFontIndirectW`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.15653`
MD5	`15d6a8563184abef13a1ee75aea262ad`
SHA1	`d7d896432efd845f283f2b98a66486df05bf5e10`
SHA256	`7cccfafd00332ac9c9f6ac0112cc0653991eb169943919e55d05f3fa15929821`
SHA3	`93904dad7224f31021bf8d53753e553f8233c2f40f6dbe25e67b692c6ae378ab`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.44895`
MD5	`1c06420cfb94514d35c088699a04774d`
SHA1	`2c23d7df4bc8ce3fb15f33e78c042b12814aea3b`
SHA256	`d73c1848a067a0fd094423213dc1e855b5b29b0b441f0bcb315feb90d662972e`
SHA3	`a630c0bd054ccf853d3673897d2a553e10797d288b3f09898503304ecec7d7f3`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.77742`
MD5	`db1208cf5d76055be1c3a34567af9f5a`
SHA1	`c5adcd7407c8b18459e4b4ce96fb70ecf5701a97`
SHA256	`5a008270f7254f5ca861e9936f4b5b7a23c04d63165895234fd1782bc03ec0e5`
SHA3	`549076010917e74ff3fe656848779d90468b96740184b07016dbf2833e9abf99`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x952c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.95095`
Detected Filetype	PNG graphic file
MD5	`f6fbada22d6a6c07ef8fdaa504f117d5`
SHA1	`591a723501eff1a4920462f8efcaf3715e829450`
SHA256	`3919b11194f130d310dfe08bdce2891c5b64f2703107f53a5a1cbc016fdb609f`
SHA3	`ceca597fff3f436773eb9e48be245ce9d24439b9527a0d3aedaa1469e49d3f5c`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.0521`
MD5	`86ce219c337119fe35646823cb56d091`
SHA1	`74d3090f01f3128bda93a3a7525f139c495bffbd`
SHA256	`7ef5a24efde1748c0eb12c5817b14cfe1397ae968489a7824a269d02c8223cee`
SHA3	`8daaa7aab035df895cb478d3b92385d12aebd96c8bbde3a05a615ff56d41aebf`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.15081`
MD5	`58b7700e8f20d0a3c77021eb7e7019dc`
SHA1	`87f7668b96ab48bd6ba5c8b9968dbb024a028407`
SHA256	`c5536b396be6dcfc96f4e4f77cc7007b2a56730ee57598a6979cc1c1c71c920a`
SHA3	`13bb36cea0c569109ddca6560016003d3ce662f8e0bc189e9750019ccdc7bc72`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.39466`
MD5	`9de69c1c4b3a06597da9c275b38bffb6`
SHA1	`a4ed3bd1bb4edc0eaa187b68929f596906e9ee87`
SHA256	`ac2e25dc4a4f7bd96a0bcf3ea63cd1bcf26a6f6a05835e32f96ef99cb4323f30`
SHA3	`6ff197b54509b5c0fa643d6bdbc756cccec2b5bc8495c770883c021e833f7509`

1 (#2)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.71858`
Detected Filetype	Icon file
MD5	`cd3a631eace19041876b4c4c6ec8461a`
SHA1	`d4b3f99c4d648e3446dc05e7fb6e444e42dfed01`
SHA256	`f5b94a42f1c77c9eef858a0dfd656419fea900b00318c2c0bf49c2fce345d838`
SHA3	`b6dcbb1b4c262eb5aee12773a52c29ff20fef809a4e61822700d005457944b9f`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x50d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.25791`
MD5	`84da8dee6b319ea0b10b6de5489c6aae`
SHA1	`5f8991f3e065fd95614859a293f88b9c70e4bb23`
SHA256	`abf8f2022f12f350789d961aceaf9ccfd53e7ec58d8c9934cfce77779b4eac11`
SHA3	`08f0562915b54bedce5a84e9d32cb2efcc538268785103b1852338e20a3b4606`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Oct-30 22:38:51
Version	`0.0`
SizeofData	`816`
AddressOfRawData	`0x3cff8`
PointerToRawData	`0x3c1f8`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140041040`
GuardCFCheckFunctionPointer	`5368894648`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x461d01ab`
Unmarked objects	`0`
C++ objects (33140)	`183`
C objects (33140)	`12`
ASM objects (33140)	`10`
253 (35207)	`3`
ASM objects (35207)	`9`
C objects (35207)	`17`
C++ objects (35207)	`40`
Imports (33140)	`11`
Total imports	`159`
C objects (35215)	`27`
Linker (35215)	`1`

Errors

Leave a comment

No comments yet.