Manalyze report for b8f81e07d271218725c5e0be5798539a4a489517a6a7d6753d4e6aadb1870018

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Mar-27 08:16:05
Detected languages	English - United States
Debug artifacts	C:\Users\user\source\repos\cs2 int\x64\Release\cs2 int.pdb

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: github.com https://github.com`
Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryExW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowA` `Possibly launches other programs: ShellExecuteW` `Can create temporary files: GetTempPathA CreateFileW` `Uses functions commonly found in keyloggers: GetAsyncKeyState GetForegroundWindow` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`37268a06a531f8af6b73f1f45f52358d`
SHA1	`40670d3dbb7e1b0e746ad674334e907c28fa318a`
SHA256	`b8f81e07d271218725c5e0be5798539a4a489517a6a7d6753d4e6aadb1870018`
SHA3	`7b3bac43c1194cb91a825fcd3c2304c2d88a9612c68cee4460f38a53dc2ef118`
SSDeep	`12288:sDM5MQzOSPoQCP8eoQcKOnYT74k7anl/LaE9sn9Mia33WRnBoaG/kG+B:4MuQjJ7qOnI75Yl//yuijRnBn`
Imports Hash	`e8db671dc773cedbab2cb65f0a57b436`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2026-Mar-27 08:16:05
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x8b400`
SizeOfInitializedData	`0x2e200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000066784 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xbe000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b9224e585456bc6cadeeab692325c794`
SHA1	`39dec06a388c090e70723208424c14627e46f6ad`
SHA256	`05df0b9e1e26cdd937977791e0fadbd1d930fa302fbb486347e673e26327a07e`
SHA3	`09da79eea11e231809085f4ad06b1f886cebb4787ea0cb029d613ae6d56e8c2a`
VirtualSize	`0x8b260`
VirtualAddress	`0x1000`
SizeOfRawData	`0x8b400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.57553`

.rdata

MD5	`40bf397bfbb4fb04872169d891cdb2af`
SHA1	`5c47083744f40d8d890098ae70c3951a3b72266b`
SHA256	`fde4a5513e94dd94179efa4a90e486b79101b69a91300934b2daa2a9c8f32610`
SHA3	`bd7d986566b28748cb6864272d1ba24b61cab394265afb3e58a4b9484f97c107`
VirtualSize	`0x2571e`
VirtualAddress	`0x8d000`
SizeOfRawData	`0x25800`
PointerToRawData	`0x8b800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.30916`

.data

MD5	`c9948e7a120f83b9dc484a87505882f8`
SHA1	`2dcfbb18d1ff3f5e97a0fa5e68af92f8999761da`
SHA256	`c2d78acf9efb3441045e7a4c57cf94941ce3731d7ee47fafb070b8218b5e136f`
SHA3	`7a46f9b3e2573b151a201ef4656d405f1088fdd06cf46d8d36e11f0bdc81f5ab`
VirtualSize	`0x1b2c`
VirtualAddress	`0xb3000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xb1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.77439`

.pdata

MD5	`f0eefbbc2f4c5762002601d7e67d402d`
SHA1	`ac565379786a0ca340d80e17b3f7f314c8c00675`
SHA256	`2b53d79d7620c268b913987ef9f60f206bba5cfe14d2c4ffda1838794cc18ded`
SHA3	`ba1a150c6158e875e15f91c6da07ac6ce6641309593c337a3221bf807650e850`
VirtualSize	`0x5f64`
VirtualAddress	`0xb5000`
SizeOfRawData	`0x6000`
PointerToRawData	`0xb2000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.93408`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x100`
VirtualAddress	`0xbb000`
SizeOfRawData	`0x200`
PointerToRawData	`0xb8000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`7129c166adc9ec1a6dc55876835257a2`
SHA1	`8e29a880a3237c836f698a5c943739bc6d039565`
SHA256	`5c08ad6361435b688147cffb0f9f029ac1aa5a8c0c0d0285674640faa81925d9`
SHA3	`8614fe89dd9b834e6ba7b98dff768292d74af963b199ccd8a4335e71fc8779b1`
VirtualSize	`0xf8`
VirtualAddress	`0xbc000`
SizeOfRawData	`0x200`
PointerToRawData	`0xb8200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.5313`

.reloc

MD5	`eae66291125d5fed5929e2e944b8bbee`
SHA1	`f24f79c052ede50d90b5227248a020009c756693`
SHA256	`5f842c836824e772d46bb2fee1f785ac26ef95b7ba6f20201607a4455142286a`
SHA3	`c43ceaec9a92bd082bcd8d47eaaaffbfaefb2f64eb6d1ca5280a5af66d903116`
VirtualSize	`0x8a0`
VirtualAddress	`0xbd000`
SizeOfRawData	`0xa00`
PointerToRawData	`0xb8400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.12776`

Imports

KERNEL32.dll	`SuspendThread` `ResumeThread` `CreateToolhelp32Snapshot` `Sleep` `GetLastError` `HeapReAlloc` `CloseHandle` `HeapAlloc` `HeapDestroy` `GetThreadContext` `GetProcAddress` `GetCurrentProcessId` `GetModuleHandleW` `FlushInstructionCache` `SetThreadContext` `OpenThread` `OutputDebugStringA` `MultiByteToWideChar` `GlobalAlloc` `GlobalFree` `GlobalLock` `WideCharToMultiByte` `GlobalUnlock` `GetModuleHandleA` `GetLocaleInfoA` `LoadLibraryA` `QueryPerformanceFrequency` `IsDBCSLeadByte` `FreeLibrary` `QueryPerformanceCounter` `FreeLibraryAndExitThread` `DisableThreadLibraryCalls` `CreateThread` `GetTempPathA` `GetTickCount` `SetEndOfFile` `GetCurrentThreadId` `HeapSize` `CreateFileW` `GetStringTypeW` `SetStdHandle` `GetProcessHeap` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCommandLineW` `GetCommandLineA` `GetCPInfo` `GetOEMCP` `GetACP` `IsValidCodePage` `FindNextFileW` `FindFirstFileExW` `FindClose` `GetFileSizeEx` `GetConsoleOutputCP` `WriteFile` `FlushFileBuffers` `LCMapStringW` `LoadLibraryExW` `GetFileType` `GetStdHandle` `ReadConsoleW` `Thread32First` `Thread32Next` `GetCurrentProcess` `HeapFree` `GetConsoleMode` `VirtualProtect` `HeapCreate` `VirtualQuery` `VirtualAlloc` `GetSystemInfo` `WriteConsoleW` `VirtualFree` `SetFilePointerEx` `UnhandledExceptionFilter` `IsDebuggerPresent` `RtlVirtualUnwind` `RtlCaptureContext` `IsProcessorFeaturePresent` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `WakeAllConditionVariable` `SleepConditionVariableSRW` `SetUnhandledExceptionFilter` `GetStartupInfoW` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlLookupFunctionEntry` `RtlUnwindEx` `RtlPcToFileHeader` `RaiseException` `InterlockedFlushSList` `SetLastError` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `EncodePointer` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionEx` `DeleteCriticalSection` `ReadFile` `ExitProcess` `TerminateProcess` `GetModuleHandleExW` `GetModuleFileNameW`
USER32.dll	`CloseClipboard` `EmptyClipboard` `GetClipboardData` `SetClipboardData` `OpenClipboard` `SendInput` `GetAsyncKeyState` `mouse_event` `FindWindowA` `DestroyWindow` `CallWindowProcA` `DefWindowProcA` `CreateWindowExA` `UnregisterClassA` `SetWindowLongPtrA` `RegisterClassExA` `DefWindowProcW` `GetKeyState` `GetMessageExtraInfo` `ScreenToClient` `GetCapture` `ClientToScreen` `TrackMouseEvent` `GetKeyboardLayout` `GetForegroundWindow` `LoadCursorW` `SetCapture` `SetCursor` `GetClientRect` `IsWindowUnicode` `ReleaseCapture` `SetCursorPos` `GetCursorPos`
SHELL32.dll	`ShellExecuteW` `SHGetFolderPathA`
IMM32.dll	`ImmSetCandidateWindow` `ImmSetCompositionWindow` `ImmReleaseContext` `ImmGetContext`
D3DCOMPILER_47.dll	`D3DCompile`
d3d11.dll	`D3D11CreateDeviceAndSwapChain`

Delayed Imports

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x91`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.8858`
MD5	`f7ad1eab748bc07570a57ec87787cf90`
SHA1	`0b1608da9fef218386e825db575c65616826d9f4`
SHA256	`d2952e57023848a37fb0f21f0dfb38c9000f610ac2b00c2f128511dfd68bde04`
SHA3	`6c9541b36948c19ae507d74223621875b3af4064f7cd8200bdb97e15a047e96a`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Mar-27 08:16:05
Version	`0.0`
SizeofData	`83`
AddressOfRawData	`0xa8b8c`
PointerToRawData	`0xa738c`
Referenced File	C:\Users\user\source\repos\cs2 int\x64\Release\cs2 int.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Mar-27 08:16:05
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0xa8be0`
PointerToRawData	`0xa73e0`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Mar-27 08:16:05
Version	`0.0`
SizeofData	`892`
AddressOfRawData	`0xa8bf4`
PointerToRawData	`0xa73f4`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2026-Mar-27 08:16:05
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x1800a8fb8`
EndAddressOfRawData	`0x1800a8fc0`
AddressOfIndex	`0x1800b3ecc`
AddressOfCallbacks	`0x18008d558`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1800b3040`

RICH Header

XOR Key	`0x30becfc8`
Unmarked objects	`0`
C++ objects (33145)	`160`
C objects (33145)	`30`
ASM objects (33145)	`23`
ASM objects (35403)	`10`
C objects (35403)	`15`
C++ objects (35403)	`38`
Imports (33145)	`17`
Total imports	`175`
C objects (LTCG) (35727)	`24`
Resource objects (35727)	`1`
Linker (35727)	`1`

Errors

Leave a comment

No comments yet.