Manalyze report for c47bc1d2562c0090b73c146ce9b0d8551d974adfdff565998544a0353c8d504c

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Mar-17 09:43:04
TLS Callbacks	1 callback(s) detected.
Debug artifacts	tg_unblock.pdb

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: cmd.exe` Contains domain names: .web.telegram.org blog.demofox.org daltonmaag.com demofox.org docs.microsoft.com en.wikipedia.org github.com google.com http://en.wikipedia.org http://en.wikipedia.org/wiki/MIT_License http://scripts.sil.org http://scripts.sil.org/OFL http://www.daltonmaag.com http://www.daltonmaag.com/http http://www.daltonmaag.comUbuntuLight http://www.google.com http://www.google.com/get/noto/http http://www.monotype.com http://www.monotype.com/studioThis https://blog.demofox.org https://blog.demofox.org/2022/01/01/interleaved-gradient-noise-a-different-kind-of-low-discrepancy-sequence/ https://docs.microsoft.com https://docs.microsoft.com/typography/aboutMicrosoft https://docs.rs https://github.com https://t.me https://www.shadertoy.com https://www.shadertoy.com/view/llVGzG microsoft.com monotype.com scripts.sil.org shadertoy.com telegram.org web.telegram.org wikipedia.org www.daltonmaag.com www.google.com www.monotype.com www.shadertoy.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to SHA1` `Uses constants related to RC5 or RC6`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExA GetProcAddress LoadLibraryExW LoadLibraryW LoadLibraryA` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Possibly launches other programs: CreateProcessW` `Uses Windows's Native API: NtDeviceIoControlFile NtOpenFile NtWriteFile NtCreateFile NtReadFile NtCancelIoFileEx NtCreateNamedPipeFile` `Uses functions commonly found in keyloggers: MapVirtualKeyW GetForegroundWindow GetAsyncKeyState` `Leverages the raw socket API to access the Internet: accept recv send WSACleanup ioctlsocket connect getsockopt WSAIoctl WSASocketW bind listen freeaddrinfo getaddrinfo WSAStartup WSAGetLastError socket setsockopt closesocket` `Reads the contents of the clipboard: GetClipboardData` `Interacts with the certificate store: CertOpenStore CertAddCertificateContextToStore`
Suspicious	VirusTotal score: 1/71 (Scanned on 2026-03-26 14:45:44)	`APEX: Malicious`

Hashes

MD5	`3b7167e4e9807c55d5a7f9634fd19282`
SHA1	`283a1654cb83a951c1af6d134e3762001b62eb23`
SHA256	`c47bc1d2562c0090b73c146ce9b0d8551d974adfdff565998544a0353c8d504c`
SHA3	`c99e0e22c31e414fa59a3c9a9a49e516cf012dfdceacafda2eeeebc959d2a4a3`
SSDeep	`49152:WEm2+EvtL777lTQX59U5iD6EqYgb0vJBy0J0UFsl0pPwksphkksMzncCfjmvRJ9:WyLukUfPyNQGjCI1sdbI`
Imports Hash	`3cc3746245ed86243055dc616f553eb1`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`5`
TimeDateStamp	2026-Mar-17 09:43:04
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x2fd600`
SizeOfInitializedData	`0x36d600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000002E3D44 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x66e000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b5ddf744b811804f8ebdeb3bd3913e61`
SHA1	`45fed8e78fcec78c747cd03ec8e81299014b8564`
SHA256	`85fea62518a30e6272435ebc96b6838aa24533b23202aab96f2f2b497dffa3f6`
SHA3	`9749084f3fa581f6dbd3d25d67e36ce0cf4e04505761d0aadea565db7b13cc50`
VirtualSize	`0x2fd454`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2fd600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.36982`

.rdata

MD5	`9d82689c465ec2d714b96573b2a6bad5`
SHA1	`bab9be7b402e265a43cf1973fd6143ad39eab248`
SHA256	`afe28538844d3858a8098cad4f2c082b4cbe4a03cac3a93c8b3155ebf0089e4a`
SHA3	`dda4b7dd3d05497e73b555c4736e23019a4b4c7904987bb13d927f01941a9d9a`
VirtualSize	`0x348330`
VirtualAddress	`0x2ff000`
SizeOfRawData	`0x348400`
PointerToRawData	`0x2fda00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.53246`

.data

MD5	`e8d89a4437e31916ec33f040a72da9ba`
SHA1	`023128ad595c300cc983a8dc2b6e70e3b95957f1`
SHA256	`fdf6a4bf7c176065c092fefebcc8a61e7ff2402d309c434135ac8499d8b5d878`
SHA3	`ed11e592883c61cbb0763ff5d09e419a006a05fd61e46c48eecbc03623218d24`
VirtualSize	`0x16d0`
VirtualAddress	`0x648000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x645e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.8023`

.pdata

MD5	`7250a1935a763a9bdeeb80f30c5883c8`
SHA1	`0fa1436895647d66a54ba10e6bde72276ee24cde`
SHA256	`6e06b2e4474247fc82e5b3a277e90c9f8215ef45230592d296b3c1559bbd609c`
SHA3	`368e01213d0ea41f8785c375b6b2b36d15191ff10f10b88149d9d535fc25d76b`
VirtualSize	`0x20a24`
VirtualAddress	`0x64a000`
SizeOfRawData	`0x20c00`
PointerToRawData	`0x647200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.35256`

.reloc

MD5	`6bae72772ad1f6e5ba5691062aa4f4c6`
SHA1	`5df222b27ad1e497536eab257472d2559a834dc4`
SHA256	`65245e95f2d18e894d2e388f2582ff6ab6cc2201e4d25534a54137c9ce0f3f92`
SHA3	`252ed1cd0e5f143f43c8a703ef121a57f3e2dbc9272d286b5125b93fbf52e79d`
VirtualSize	`0x2d4c`
VirtualAddress	`0x66b000`
SizeOfRawData	`0x2e00`
PointerToRawData	`0x667e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.4313`

Imports

kernel32.dll	`LoadLibraryExA` `FormatMessageW` `GetProcAddress` `LoadLibraryExW` `SetThreadErrorMode` `FreeLibrary` `HeapFree` `GetModuleFileNameW` `CreateFileW` `CloseHandle` `HeapAlloc` `GetProcessHeap` `GetCurrentThreadId` `LoadLibraryW` `GlobalLock` `GlobalAlloc` `SetLastError` `GetFinalPathNameByHandleW` `GlobalUnlock` `GlobalSize` `GlobalFree` `GetCurrentThread` `CreateEventW` `WaitForSingleObject` `CreateWaitableTimerExW` `SetWaitableTimer` `GetModuleHandleW` `GetCurrentProcess` `DuplicateHandle` `SetHandleInformation` `GetOverlappedResult` `PostQueuedCompletionStatus` `ReadFile` `GetLastError` `CreateIoCompletionPort` `GetQueuedCompletionStatusEx` `GetSystemTimeAsFileTime` `SetFileCompletionNotificationModes` `IsProcessorFeaturePresent` `Sleep` `GetModuleHandleA` `LoadLibraryA`
advapi32.dll	`ImpersonateAnonymousToken` `RevertToSelf` `SystemFunction036`
oleaut32.dll	`GetErrorInfo` `SysFreeString` `SysStringLen` `SysAllocStringLen` `SafeArrayCreateVector` `SafeArrayPutElement` `VariantClear` `SetErrorInfo`
ws2_32.dll	`accept` `recv` `send` `WSACleanup` `ioctlsocket` `connect` `getsockopt` `WSAIoctl` `WSASocketW` `bind` `listen` `freeaddrinfo` `getaddrinfo` `WSAStartup` `WSAGetLastError` `socket` `setsockopt` `closesocket`
secur32.dll	`InitializeSecurityContextW` `AcceptSecurityContext` `EncryptMessage` `DeleteSecurityContext` `QueryContextAttributesW` `FreeCredentialsHandle` `AcquireCredentialsHandleA` `FreeContextBuffer` `DecryptMessage`
crypt32.dll	`CertCloseStore` `CertEnumCertificatesInStore` `CertOpenStore` `CertDuplicateStore` `CertVerifyCertificateChainPolicy` `CertGetCertificateChain` `CertAddCertificateContextToStore` `CertDuplicateCertificateChain` `CertFreeCertificateChain` `CertFreeCertificateContext` `CertDuplicateCertificateContext`
api-ms-win-core-synch-l1-2-0.dll	`WaitOnAddress` `WakeByAddressSingle` `WakeByAddressAll`
bcrypt.dll	`BCryptGenRandom`
ntdll.dll	`NtDeviceIoControlFile` `NtOpenFile` `NtWriteFile` `NtCreateFile` `RtlNtStatusToDosError` `NtReadFile` `NtCancelIoFileEx` `NtCreateNamedPipeFile`
bcryptprimitives.dll	`ProcessPrng`
OPENGL32.dll	`wglMakeCurrent` `wglGetCurrentContext` `wglShareLists` `wglCreateContext` `wglGetProcAddress` `wglDeleteContext` `wglGetCurrentDC`
SHLWAPI.dll	`AssocQueryStringW`
KERNEL32.dll	`IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `InitializeSListHead` `GetEnvironmentVariableW` `GetEnvironmentStringsW` `GetCurrentDirectoryW` `SetThreadStackGuarantee` `AddVectoredExceptionHandler` `SetFileTime` `SetFileInformationByHandle` `ReleaseMutex` `CreateMutexA` `GetCurrentProcessId` `WaitForSingleObjectEx` `lstrlenW` `HeapReAlloc` `MultiByteToWideChar` `WideCharToMultiByte` `GetFileInformationByHandleEx` `SwitchToThread` `GetFileInformationByHandle` `FindFirstFileExW` `FindClose` `GetConsoleMode` `GetFullPathNameW` `ExitProcess` `QueryPerformanceFrequency` `CancelIo` `WriteConsoleW` `GetStdHandle` `GetConsoleOutputCP` `CreateThread` `WaitForMultipleObjects` `ReadFileEx` `SleepEx` `GetFileAttributesW` `FreeEnvironmentStringsW` `CompareStringOrdinal` `GetSystemDirectoryW` `GetWindowsDirectoryW` `CreateProcessW` `WriteFileEx` `GetSystemTimePreciseAsFileTime` `QueryPerformanceCounter` `GetSystemInfo` `GetExitCodeProcess` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind`
USER32.dll	`GetWindowPlacement` `GetDC` `GetClientRect` `GetWindowLongPtrW` `DispatchMessageW` `TranslateMessage` `PeekMessageW` `RedrawWindow` `ReleaseDC` `CreateIconFromResourceEx` `SendMessageW` `GetSystemMetrics` `GetActiveWindow` `DestroyWindow` `PostMessageW` `SetWindowPlacement` `EmptyClipboard` `IsClipboardFormatAvailable` `OpenClipboard` `SetClipboardData` `GetClipboardData` `RegisterClipboardFormatW` `CloseClipboard` `SetPropW` `SetWindowLongPtrW` `GetPropW` `CallWindowProcW` `RemovePropW` `RegisterWindowMessageA` `SetCapture` `GetClassNameW` `SystemParametersInfoA` `MonitorFromPoint` `EnumDisplayMonitors` `RegisterRawInputDevices` `MapVirtualKeyW` `MsgWaitForMultipleObjectsEx` `GetMonitorInfoW` `RegisterClassExW` `GetCursorPos` `DestroyCursor` `DestroyIcon` `GetClipCursor` `ClipCursor` `ShowCursor` `ShowWindow` `GetSystemMenu` `EnableMenuItem` `SetWindowLongW` `GetWindowLongW` `GetMenu` `AdjustWindowRectEx` `SetWindowDisplayAffinity` `IsProcessDPIAware` `GetRawInputData` `CreateWindowExW` `ClientToScreen` `SetCursorPos` `GetForegroundWindow` `SetWindowPos` `InvalidateRgn` `LoadCursorW` `SetCursor` `ReleaseCapture` `GetClassInfoExW` `GetWindowRect` `IsIconic` `SendInput` `SetForegroundWindow` `GetWindowTextLengthW` `GetWindowTextW` `SetWindowTextW` `RegisterTouchWindow` `CreateIcon` `ScreenToClient` `MonitorFromRect` `TrackMouseEvent` `GetTouchInputInfo` `CloseTouchInputHandle` `ValidateRect` `MapVirtualKeyExW` `GetKeyboardState` `GetAsyncKeyState` `GetKeyState` `GetKeyboardLayout` `ToUnicodeEx` `FlashWindowEx` `MonitorFromWindow` `ChangeDisplaySettingsExW` `DefWindowProcW`
SHELL32.dll	`DragFinish` `DragQueryFileW`
GDI32.dll	`GetDeviceCaps` `ChoosePixelFormat` `DescribePixelFormat` `SetPixelFormat` `DeleteObject` `CreateRectRgn` `SwapBuffers`
uiautomationcore.dll	`UiaRaiseAutomationPropertyChangedEvent` `UiaHostProviderFromHwnd` `UiaReturnRawElementProvider` `UiaRaiseAutomationEvent` `UiaLookupId` `UiaGetReservedNotSupportedValue`
ole32.dll	`RegisterDragDrop` `OleInitialize` `CoCreateInstance` `CoUninitialize` `CoInitializeEx` `RevokeDragDrop`
imm32.dll	`ImmGetContext` `ImmSetCompositionWindow` `ImmSetCandidateWindow` `ImmGetCompositionStringW` `ImmReleaseContext` `ImmAssociateContextEx`
dwmapi.dll	`DwmEnableBlurBehindWindow` `DwmSetWindowAttribute`
uxtheme.dll	`SetWindowTheme`
VCRUNTIME140.dll	`__CxxFrameHandler3` `memcpy` `memcmp` `_CxxThrowException` `__current_exception_context` `__C_specific_handler` `memset` `memmove` `__current_exception`
api-ms-win-crt-math-l1-1-0.dll	`cos` `floorf` `sin` `_hypotf` `floor` `truncf` `cbrtf` `trunc` `ceilf` `expf` `powf` `roundf` `acosf` `round` `sinf` `cosf` `__setusermatherr` `atan2f` `pow` `exp2f`
api-ms-win-crt-string-l1-1-0.dll	`strlen` `wcslen`
api-ms-win-crt-runtime-l1-1-0.dll	`_configure_narrow_argv` `_set_app_type` `terminate` `_initialize_narrow_environment` `_get_initial_narrow_environment` `_initterm` `_initterm_e` `_exit` `__p___argc` `__p___argv` `_seh_filter_exe` `_cexit` `_c_exit` `_register_thread_local_exe_atexit_callback` `_crt_atexit` `_initialize_onexit_table` `_register_onexit_function` `strerror` `exit`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `free`
api-ms-win-crt-stdio-l1-1-0.dll	`_set_fmode` `__p__commode`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Mar-17 09:43:04
Version	`0.0`
SizeofData	`39`
AddressOfRawData	`0x5d1cf4`
PointerToRawData	`0x5d06f4`
Referenced File	tg_unblock.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Mar-17 09:43:04
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x5d1d1c`
PointerToRawData	`0x5d071c`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Mar-17 09:43:04
Version	`0.0`
SizeofData	`836`
AddressOfRawData	`0x5d1d30`
PointerToRawData	`0x5d0730`

TLS Callbacks

StartAddressOfRawData	`0x1405d2098`
EndAddressOfRawData	`0x1405d22c8`
AddressOfIndex	`0x140649640`
AddressOfCallbacks	`0x1402ffbe8`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`0x00000001402B2B40`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140649380`

RICH Header

XOR Key	`0xcabbfa92`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`12`
Imports (35207)	`2`
ASM objects (35207)	`3`
C objects (35207)	`9`
C++ objects (35207)	`23`
Imports (33145)	`13`
Total imports	`481`
Unmarked objects (#2)	`614`
Linker (35223)	`1`

Errors

Leave a comment

No comments yet.