Manalyze report for ccd390be92630a8ec0228f9dcbcea7f236a44c3092d7dd1ae7472f506c26a601

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1970-Jan-01 00:00:00
Detected languages	English - United States
CompanyName	CS.RiN.RU
FileVersion	`1.0.0.0`

Plugin Output

Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc`
Malicious	VirusTotal score: 4/72 (Scanned on 2026-03-13 20:34:55)	`Bkav: W64.AIDetectMalware` `CrowdStrike: win/malicious_confidence_70% (W)` `McAfeeD: ti!CCD390BE9263` `Rising: Trojan.Kryptik@AI.82 (RDML:WMBB+YzDP15UyqF4PlsJ7w)`

Hashes

MD5	`6f393d0a0f28ba98c19e8288d7dd1351`
SHA1	`f49996d41ead1b6077aaf00beb6c22ee9d28516f`
SHA256	`ccd390be92630a8ec0228f9dcbcea7f236a44c3092d7dd1ae7472f506c26a601`
SHA3	`edd812849240d778ccea5430bb667377543352b12567f0cb4c9ad07a1e2aa323`
SSDeep	`1536:CGJQvpfQ37IzwIovy04Xk3SGuB+xMX50tuCrJNllN1dFtV9lN1F9N1dt9NFVi2s:Mt4kcIo34W3euW50ttBlN1dFtV9lN1F`
Imports Hash	`d6b7cd9873832333a7cca0167d1a2be3`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xc800`
SizeOfInitializedData	`0xba00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000002C38 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x1c000`
SizeOfHeaders	`0x400`
Checksum	`0x1c927`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`ef66af38232957350b743a1584d18814`
SHA1	`05242de1260dfbdf7412e8bbe4e8fff8d38791a2`
SHA256	`8bfd956f45a05c5e94e9d118dbd41094fe46a6e44498857a08ee64564b10408a`
SHA3	`0497d83f9626256116fdb0aa0bbf36156ef212e3b8f3156780e3f518a191eb57`
VirtualSize	`0xc7c0`
VirtualAddress	`0x1000`
SizeOfRawData	`0xc800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.46267`

.rdata

MD5	`1c044b96f6d2c8807f149c6e9c9b122c`
SHA1	`bbb9ef82caec2b63ad96243200e3dab6b7ae4eca`
SHA256	`62ebbf4f04328e64751b0bd0c0424d442382b357ad01c1159a823aab15afc86d`
SHA3	`c294618294701cd15ccfb82fee3d169589203e9498ff5321782fe0534d03486c`
VirtualSize	`0x88d8`
VirtualAddress	`0xe000`
SizeOfRawData	`0x8a00`
PointerToRawData	`0xcc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.76224`

.data

MD5	`93d48f3c549aad17cd3e8e2e13d639e7`
SHA1	`23b9d82275bf1356d31f83fe0a987dfe07b7fae3`
SHA256	`c5f14b92328d49a0bc4c123fd9bf1bdeda5b87f9fc30158e2cd5783736de806b`
SHA3	`c3e52579d714940c0664094b1f6a52a8980967603a635ba4fb3dffc4d7112a00`
VirtualSize	`0x1e00`
VirtualAddress	`0x17000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x15600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.80929`

.pdata

MD5	`7f0cf28fbe57c1ab7063b58db077ac73`
SHA1	`83fbf7950d4a5dc3a634e9468f96c29207be97e1`
SHA256	`2bdea60400ac30e2c90cdeb0b53afab23a913b885321bdb9ed7fabcb2b88de1f`
SHA3	`d11da77f90439ff3f4e30f69d66ff6b2112082fec2bc2d8a8f775c116e3cc814`
VirtualSize	`0xdec`
VirtualAddress	`0x19000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x16200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.83828`

_RDATA

MD5	`7c0b8b55eb589335b27986d4b3b99c67`
SHA1	`ab638e43cf22bcc07e007b5010c1cd73d338b36c`
SHA256	`fcaa4cfd52dca9f2727fcd3b99f4c38ac16bc1520597613255612158d8c9d4e8`
SHA3	`f8d3f578d4c2c7b45281afcef284e0e1484c4f745956b55f6a96aad0de80be41`
VirtualSize	`0x94`
VirtualAddress	`0x1a000`
SizeOfRawData	`0x200`
PointerToRawData	`0x17000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.07555`

.rsrc

MD5	`fe580d0157d33493acadcd260ed35c4e`
SHA1	`d873ac602c279b343c32afb0ef2fc8ebf284d9b4`
SHA256	`fbe07c08ca60dcbe02dfb1cd28d705d696dbad6b38cddbfe4af87e1dda75fce3`
SHA3	`7d15b0520da035cd2f605207dc8c0d7dee6f510de68adfb60524074ab2f70ecc`
VirtualSize	`0x198`
VirtualAddress	`0x1b000`
SizeOfRawData	`0x200`
PointerToRawData	`0x17200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.31754`

Imports

d3d12.dll	`#101`
KERNEL32.dll	`TlsGetValue` `WriteConsoleW` `GetModuleFileNameA` `GetVersionExA` `GetProcAddress` `HeapCreate` `VirtualProtect` `HeapFree` `GetCurrentProcess` `Thread32Next` `Thread32First` `GetCurrentThreadId` `SuspendThread` `ResumeThread` `CreateToolhelp32Snapshot` `Sleep` `HeapReAlloc` `CloseHandle` `HeapAlloc` `HeapDestroy` `GetThreadContext` `GetCurrentProcessId` `GetModuleHandleW` `FlushInstructionCache` `SetThreadContext` `OpenThread` `VirtualFree` `VirtualAlloc` `GetSystemInfo` `VirtualQuery` `QueryPerformanceCounter` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `TerminateProcess` `CreateFileW` `RtlUnwindEx` `InterlockedFlushSList` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsSetValue` `TlsFree` `FreeLibrary` `LoadLibraryExW` `RaiseException` `ExitProcess` `GetModuleHandleExW` `GetModuleFileNameW` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `LCMapStringW` `GetProcessHeap` `GetStdHandle` `GetFileType` `GetStringTypeW` `HeapSize` `SetStdHandle` `FlushFileBuffers` `WriteFile` `GetConsoleCP` `GetConsoleMode` `SetFilePointerEx`

Delayed Imports

Ordinal	`1`
Address	`0x1200`

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x140`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.00305`
MD5	`1731c28c964cc040610669dcdb64a648`
SHA1	`fa13d8818e80ea589d0f317e536599775a421a2a`
SHA256	`2c88a52c2771985ee8d4ceec8821dfb37fb9b726e9f25f3a2683c2dbfc40b386`
SHA3	`d5af0763bea261571613d15f0c58676aab6bbd0ce8359c0bf207888a8f69f705`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	CS.RiN.RU
FileVersion (#2)	1.0.0.0

Resource LangID	English - United States

TLS Callbacks

Load Configuration

Size	`0x108`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x180017010`

RICH Header

XOR Key	`0x68cdd18d`
Unmarked objects	`0`
C objects (VS2017 v14.15 compiler 26715)	`10`
ASM objects (VS2017 v14.15 compiler 26715)	`6`
C++ objects (VS2017 v14.15 compiler 26715)	`132`
C++ objects (26504)	`29`
C objects (26504)	`15`
ASM objects (26504)	`8`
Imports (VS2017 v14.15 compiler 26715)	`5`
Total imports	`104`
C++ objects (LTCG) (VS2019 Update 2 (16.2) compiler 27905)	`5`
Exports (VS2019 Update 2 (16.2) compiler 27905)	`1`
Linker (VS2019 Update 2 (16.2) compiler 27905)	`1`

Errors

Leave a comment

No comments yet.