Manalyze report for b5cdfe803df322289302361de134e321

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2025-May-06 17:29:37
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Safe	VirusTotal score: 0/72 (Scanned on 2026-02-09 10:12:58)	`All the AVs think this file is safe.`

Hashes

MD5	`b5cdfe803df322289302361de134e321`
SHA1	`85f03728aeccb0586b46176df3322bdf5497105f`
SHA256	`dbd5ad4b388d0ab80d2269d3967bd616117ea68ef04c46dd999ee94e55ab27f6`
SHA3	`87e517e24649d0fa76af7f623b9d55c06c7320ff878076f9a58059d2defefa72`
SSDeep	`6144:7g6FLThOm6zL5/Giahl3X5BKGI8oQi+Y5D:7g6FHYYZYGI8oQ`
Imports Hash	`827efb6039b0b6a472845c285ce70f16`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2025-May-06 17:29:37
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x2a600`
SizeOfInitializedData	`0x6800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000002A32C (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x35000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`564d73196f97a74c8336d0180b3bc939`
SHA1	`24bba5dd7c91b24e3d9281f5a8d6eef269c48e9c`
SHA256	`4f46a92bf1a65132cb6a0904295a8f12866dd455fb934a1cc365008be79eada4`
SHA3	`b52f5b4f3b82c8c264f283e845d917ca7cf9cfae0bcd92d41c4e1905f2336e93`
VirtualSize	`0x2a4f7`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2a600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.53711`

.rdata

MD5	`fc7a098f80e3e3b747d0b22d54d74ab3`
SHA1	`fadb5c7d0cedcd248c41ec3385ce9b444da88387`
SHA256	`e4d1374d1b9b6fd746fc22c8a29b1fe4397bf10d37f6716b8453523922820b2f`
SHA3	`16bb73ff22e87830f6074d5ee8882f252f9c305e0eea6a601dfe2e0ddf5ca44b`
VirtualSize	`0x4a5e`
VirtualAddress	`0x2c000`
SizeOfRawData	`0x4c00`
PointerToRawData	`0x2aa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.9824`

.data

MD5	`41521eec41bd90fd6d6b0903086e0f2b`
SHA1	`a58c8c85102181f7b970ad3082dca4fa5c5e5aed`
SHA256	`be196766b0090e0fe71076ad487f617b1e2f4cb2233a9a589edb970ef69d7b2f`
SHA3	`b0d3ca6a37fbfcf8adb69932b852e071691ad5be2d33ba4a9bdcf236e92f1e07`
VirtualSize	`0xaf0`
VirtualAddress	`0x31000`
SizeOfRawData	`0x600`
PointerToRawData	`0x2f600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.22744`

.pdata

MD5	`3161df98746b04cedf559b85dd6465a9`
SHA1	`4d19258a61ca3c627717a555b47767faa2043ff6`
SHA256	`cbd7dd14bddb3a283187ecb88bee6f7a5e412132f36e771f74f325342937c4e4`
SHA3	`9a3d0383bcb2eeec14b41bae64b149a95a8157144a835aa80d8b34d2dcf8a897`
VirtualSize	`0xa8c`
VirtualAddress	`0x32000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x2fc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.49316`

.rsrc

MD5	`7d123d6987b6fa0f191e9ee2fb0d9484`
SHA1	`36284291a51c08391e248ab6c9068123bacb4d7d`
SHA256	`1dd257c59e017ffcda58d8a76784cc7142fd6e25004f074e63913fb10a731fe5`
SHA3	`a42489c5b55231d608191aa09ca35f822b1edd3eea6b7aef547be9fd2f49b5dd`
VirtualSize	`0x1e0`
VirtualAddress	`0x33000`
SizeOfRawData	`0x200`
PointerToRawData	`0x30800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.71134`

.reloc

MD5	`a791549a3e4be6b915d3312544ff9e44`
SHA1	`ad26f2e160a152d03084f6f0b1d24052b59a36bd`
SHA256	`a4193cd12d75bc35a56cf6de378db9366f747eaff7bd92e8fd0030ad042a9f35`
SHA3	`b51b86780642e529d92bdf9d2a11a250f4481c13bfe1fddb55e6f55a01d9b822`
VirtualSize	`0xe8`
VirtualAddress	`0x34000`
SizeOfRawData	`0x200`
PointerToRawData	`0x30a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.99911`

Imports

python312.dll	`PyBytes_FromStringAndSize` `PyImport_ImportModule` `PyImport_AddModule` `Py_ExitStatusException` `Py_InitializeFromConfig` `Py_FinalizeEx` `Py_Finalize` `PyRun_SimpleStringFlags` `PyModule_GetDict` `PyDict_SetItemString` `PyList_SetItem` `PyList_New` `PyConfig_Clear` `PyConfig_InitIsolatedConfig` `PyWideStringList_Append` `PyStatus_Exception` `PyUnicode_FromWideChar` `_Py_Dealloc`
libcrypto-3-x64.dll	`PEM_read_bio_PUBKEY` `ERR_print_errors_fp` `OPENSSL_init_crypto` `SHA256_Final` `SHA256_Update` `SHA256_Init` `EVP_PKEY_CTX_set_rsa_mgf1_md` `EVP_PKEY_CTX_set_rsa_pss_saltlen` `EVP_PKEY_CTX_set_rsa_padding` `EVP_PKEY_free` `EVP_aes_256_cbc` `EVP_sha256` `EVP_CIPHER_CTX_free` `EVP_CIPHER_CTX_new` `EVP_DigestVerifyInit` `EVP_DigestVerify` `EVP_DecryptFinal_ex` `EVP_DecryptUpdate` `EVP_DecryptInit_ex` `EVP_MD_CTX_free` `EVP_MD_CTX_new` `EVP_MD_CTX_get_pkey_ctx` `BIO_new_mem_buf` `BIO_free`
MSVCP140.dll	`?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `??0_Lockit@std@@QEAA@H@Z` `??1_Lockit@std@@QEAA@XZ` `?_Xlength_error@std@@YAXPEBD@Z` `?_Xout_of_range@std@@YAXPEBD@Z` `?uncaught_exception@std@@YA_NXZ` `?_Syserror_map@std@@YAPEBDH@Z` `?_Winerror_map@std@@YAHH@Z` `??Bid@locale@std@@QEAA_KXZ` `?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ` `?always_noconv@codecvt_base@std@@QEBA_NXZ` `?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z` `?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z` `?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ` `?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A`
VCRUNTIME140.dll	`__current_exception` `__C_specific_handler` `__current_exception_context` `memset` `__std_terminate` `__std_exception_copy` `__std_exception_destroy` `_CxxThrowException` `memmove` `memcpy`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
api-ms-win-crt-runtime-l1-1-0.dll	`_exit` `_initterm_e` `_initterm` `_get_initial_wide_environment` `__p___argc` `_configure_wide_argv` `_invalid_parameter_noinfo_noreturn` `exit` `__p___wargv` `_set_app_type` `_c_exit` `_seh_filter_exe` `_register_thread_local_exe_atexit_callback` `_initialize_wide_environment` `terminate` `_initialize_onexit_table` `_register_onexit_function` `_crt_atexit` `_cexit`
api-ms-win-crt-stdio-l1-1-0.dll	`__acrt_iob_func` `_get_stream_buffer_pointers` `fclose` `ungetc` `setvbuf` `fwrite` `_fseeki64` `_set_fmode` `fsetpos` `fread` `fputc` `fgetpos` `fgetc` `fflush` `__p__commode`
api-ms-win-crt-filesystem-l1-1-0.dll	`_unlock_file` `_lock_file`
api-ms-win-crt-heap-l1-1-0.dll	`malloc` `_callnewh` `_set_new_mode` `free`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale` `___lc_codepage_func`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
KERNEL32.dll	`InitializeSListHead` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `GetCurrentProcessId` `QueryPerformanceCounter` `TerminateProcess` `GetCurrentProcess` `GetModuleHandleW` `IsProcessorFeaturePresent` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `IsDebuggerPresent` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `WideCharToMultiByte` `MultiByteToWideChar` `GetFileInformationByHandleEx` `LocalFree` `GetLastError` `CloseHandle` `AreFileApisANSI` `GetFullPathNameW` `GetFileAttributesExW` `CreateFileW` `FormatMessageA`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-May-06 17:29:37
Version	`0.0`
SizeofData	`800`
AddressOfRawData	`0x2db34`
PointerToRawData	`0x2c534`

TLS Callbacks

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1400310b8`

RICH Header

XOR Key	`0x5a7be633`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`12`
C objects (30034)	`10`
ASM objects (30034)	`4`
C++ objects (30034)	`28`
Imports (30034)	`6`
Imports (30795)	`2`
Imports (34123)	`2`
Imports (34436)	`3`
Total imports	`213`
C++ objects (30159)	`2`
Resource objects (30159)	`1`
Linker (30159)	`1`

b5cdfe803df322289302361de134e321

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors