Manalyze report for b9fd434c3360ebcb418f8cd9a8ad7dbffd370cefeab0ac89937fc5559ddb1990

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Apr-18 07:06:07
Detected languages	English - United States
CompanyName	MaxDesign Studio
FileDescription	Maxim's Custom Graphic Optimizer
FileVersion	`1.3.3.7`
InternalName	vsheap.exe
LegalCopyright	Copyright (C) 2026 Canema
OriginalFilename	vsheap.exe
ProductName	Secret of Maxim
ProductVersion	`1.3.3.7`

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress LoadLibraryExW`
Malicious	VirusTotal score: 6/71 (Scanned on 2026-04-26 22:20:38)	`APEX: Malicious` `CrowdStrike: win/malicious_confidence_70% (D)` `Cylance: Unsafe` `Elastic: malicious (moderate confidence)` `McAfeeD: ti!B9FD434C3360` `Trapmine: suspicious.low.ml.score`

Hashes

MD5	`110280076b502bf1646ce0005ad97dfd`
SHA1	`4d4dbd191ae0ce67cba402d2fbb4c10536c57e2e`
SHA256	`b9fd434c3360ebcb418f8cd9a8ad7dbffd370cefeab0ac89937fc5559ddb1990`
SHA3	`9fde11ca949b594a37e6668b8a316dd74206a7bc433ce423597a02fb1f1c7d59`
SSDeep	`6144:3BSV8lXMFZGMPKgT1mEsPwRGl0IRrm4yWg9JGLqnUL0Cy7:3BLlXMFZGMCgTV5Rk0FTWYyq8Ve`
Imports Hash	`3446e2817f9917accb6fa7ce9798871b`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2026-Apr-18 07:06:07
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x33c00`
SizeOfInitializedData	`0x17e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000014A30 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x50000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`fdfe35ce9c8be2493b7663608f139401`
SHA1	`74b2caa6a3411d7417816e2bb368a365c805ee17`
SHA256	`ca159a07e3d101f83a8ca6a6a1e40314ada6c37dfa969017e34d2ebb4cd29c5a`
SHA3	`cb46f5b30269c5e51f40eafbea0759422fae2670d5700889884a96ea36406105`
VirtualSize	`0x33b64`
VirtualAddress	`0x1000`
SizeOfRawData	`0x33c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.23069`

.data

MD5	`675bbe2055778911b18beaf3ae8bee32`
SHA1	`0337794a6cf5fb58358060b109a4f957c133beeb`
SHA256	`f93b80016c47b16ed970cec972bc193bd121284c172b201032b2001549674863`
SHA3	`935fe306a6df9fabc3b1468a63970772da2886a9b697f43ed533770fdaa12f40`
VirtualSize	`0x29c8`
VirtualAddress	`0x35000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x34000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.61831`

.pdata

MD5	`5ba5053a178d2cf83fd2b97d162a071f`
SHA1	`794b9cbd8c034d79a2f3246d98e444f325311091`
SHA256	`defb86fc9932504a4edb5441443a6705d499c7d7e3666dc16437fc15532ae95e`
SHA3	`1162bf660d818d4a9de514cfe7d1816f925b4488045cf512ab194e8b109b4732`
VirtualSize	`0x2214`
VirtualAddress	`0x38000`
SizeOfRawData	`0x2400`
PointerToRawData	`0x35400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.34735`

.idata

MD5	`97faa06818f040a2d2f94b9fef80c4a4`
SHA1	`fe2f4371612168924ef30cccde1a3ad752cb5040`
SHA256	`ab9fbc171faa7fe74077f02697bc2f48f9461ff533287249e598323a23ce33e3`
SHA3	`bfe8b8e83587a206cd5dcf080337a4de61a375ad19c15cd9857f22e1d40c15d4`
VirtualSize	`0xc76`
VirtualAddress	`0x3b000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x37800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.31868`

_RDATA

MD5	`13ebd8e733d0a79b5ba798a3e4d6d32a`
SHA1	`cdcac4c67b718552debd031ff07dc0a515bdd73f`
SHA256	`3ac7d060ff35c6313bbbeadd2c043ca8d3c8c00c3a6403badede19f553f163b9`
SHA3	`ac5707948c8523a13f1613a582662887dfa54f14463a83f212c0e1d8212a42f6`
VirtualSize	`0x1f4`
VirtualAddress	`0x3c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x38600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.1924`

.rsrc

MD5	`2fde0de7141cf16d2c9be3e918e0c290`
SHA1	`5f2bdc7aa00ac140067a6876125f2e5c4d2ad939`
SHA256	`fa4323dad1e105d2afd4f1b6cd2ebfe9f8988c8e687d8423f526fffe6e491423`
SHA3	`ed97b4d2945d28b878b25f1e64800faadbd337c379c9b9417c1713e974b8b44a`
VirtualSize	`0x114e8`
VirtualAddress	`0x3d000`
SizeOfRawData	`0x11600`
PointerToRawData	`0x38800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.91377`

.reloc

MD5	`dfa727e68b32b1e9a18a780859f897ef`
SHA1	`e89d7d5fc409eb2d277abb28d11a3c6eeae27c9a`
SHA256	`e252dda02c78679ac4fd0ffbb9716b3c0954026ca7a9103b4fab6bd53f44fe33`
SHA3	`26d6467ad6354e80585cfce29dde3b8543a2ad3cae15a349fa5dfd1bcb9d5322`
VirtualSize	`0x94c`
VirtualAddress	`0x4f000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x49e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.25037`

Imports

KERNEL32.dll	`GetModuleFileNameA` `WaitForSingleObject` `GetModuleHandleA` `LoadLibraryA` `CloseHandle` `SetEndOfFile` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionEx` `DeleteCriticalSection` `EncodePointer` `DecodePointer` `MultiByteToWideChar` `WideCharToMultiByte` `LCMapStringEx` `GetStringTypeW` `GetCPInfo` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `GetStartupInfoW` `GetModuleHandleW` `RtlUnwindEx` `RtlPcToFileHeader` `RaiseException` `GetLastError` `SetLastError` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `ExitProcess` `GetModuleHandleExW` `GetCommandLineA` `GetCommandLineW` `GetFileSizeEx` `SetFilePointerEx` `GetFileType` `FlushFileBuffers` `GetConsoleOutputCP` `GetConsoleMode` `HeapFree` `HeapAlloc` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `CompareStringW` `LCMapStringW` `GetLocaleInfoW` `IsValidLocale` `GetUserDefaultLCID` `EnumSystemLocalesW` `ReadFile` `ReadConsoleW` `HeapReAlloc` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetEnvironmentVariableW` `SetStdHandle` `GetProcessHeap` `CreateFileW` `HeapSize` `WriteConsoleW` `RtlUnwind`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10f1a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.95118`
Detected Filetype	PNG graphic file
MD5	`88750583a250661147779af9d241c192`
SHA1	`f18b80cfa0e9dfeb1460c31f5712e7c9340a4747`
SHA256	`6a1b657bb690381c504d00101c180caaea3e6ed9b5d6b917ae9c7465082e7974`
SHA3	`301e1a5b8a3bf584f4ba52fb6311e2d6aaf912a1231aafc7850ca0eb9a23b245`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.84274`
Detected Filetype	Icon file
MD5	`80267fcc2cb8f990f9f5e870ffa4a6f7`
SHA1	`f7df9ac9bc04956aa6f5d09d546f3149bb3d29d5`
SHA256	`6792914c99d595aafbcf78e7d48a493ae7d92481e091746d31881fa3b0cbfbf0`
SHA3	`97e2c11242c1ecc994f53712ceb971365e62ea9c4c091d4f684cc4e235ef81cf`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x300`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.46121`
MD5	`0c803c3233a7f63abc9a7ab16dc755e6`
SHA1	`0c9f083212bae4e880f16833a89c56246ef2e3f5`
SHA256	`8b23989db2f64d7ae95c64ceace38c1a260a5334b804d08aa1da845699b883e8`
SHA3	`d241d7b814d8d9c74c993bab18f8473df9c1345fd9d0832da6a93f9485d20cca`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.3.3.7
ProductVersion	1.3.3.7
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	MaxDesign Studio
FileDescription	Maxim's Custom Graphic Optimizer
FileVersion (#2)	1.3.3.7
InternalName	vsheap.exe
LegalCopyright	Copyright (C) 2026 Canema
OriginalFilename	vsheap.exe
ProductName	Secret of Maxim
ProductVersion (#2)	1.3.3.7

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Apr-18 07:06:07
Version	`0.0`
SizeofData	`916`
AddressOfRawData	`0xc774`
PointerToRawData	`0xbb74`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2026-Apr-18 07:06:07
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140035080`

RICH Header

XOR Key	`0x9938d8e7`
Unmarked objects	`0`
ASM objects (30795)	`5`
C++ objects (30795)	`174`
C objects (30795)	`16`
Unmarked objects (#2)	`1`
C objects (33218)	`16`
ASM objects (33218)	`18`
C++ objects (33218)	`80`
Imports (30795)	`3`
Total imports	`102`
C++ objects (LTCG) (33523)	`1`
Resource objects (33523)	`1`
151	`1`
Linker (33523)	`1`

Errors

Leave a comment

No comments yet.