Manalyze report for d425df929d00dfed33bd0fe59e863838b0bf405cfe96995734ff54c44811b21a

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-Mar-28 14:10:14
Detected languages	English - United States

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`d48f0cacbd14c96a8477d218d8a7484f`
SHA1	`2f7761a00114527670d389dc091e89b6c1b87a05`
SHA256	`d425df929d00dfed33bd0fe59e863838b0bf405cfe96995734ff54c44811b21a`
SHA3	`ce6e3b5ad2de64ad500ebe077f15afd14696daa97ed13da36460f22bd5c2489b`
SSDeep	`6144:buA0IOd4Stgh6ZKovSCk2cRccYe9pPcqbEdkq8svS21y:yda6lLJ7ePcmMv0`
Imports Hash	`31eab0c54b955498aa165c451949cca4`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2026-Mar-28 14:10:14
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x4ec00`
SizeOfInitializedData	`0x1d800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000002C610 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x71000`
SizeOfHeaders	`0x400`
Checksum	`0x7acf3`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`29d0dcf1ca17794363d29856cda4fad4`
SHA1	`a288e85dcfbb0a59ad232358c3ae9e4ebd363c08`
SHA256	`ca017c6017dcb83f1329316d8db0afb91eb522dd2c4525cd54bef0b6dc9bcfb5`
SHA3	`512a3726e55e86b4d8dcfb3d9ddd57d4de0bb069f71084339ac40f1a41e56127`
VirtualSize	`0x4ebe8`
VirtualAddress	`0x1000`
SizeOfRawData	`0x4ec00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.56279`

.rdata

MD5	`c52af5c83d0ae42bf59eae3753018e40`
SHA1	`17db640f7d69016f66ec640b688c4ad2bc3e9f3f`
SHA256	`0b45a65e0ae1582acb45fc6862031036e8dc9d47e8723792326a8d1a4f6129c1`
SHA3	`babc3c75318cebd8081f7a28d6bf46d873af92c81aa6f345fd3329139b1323c2`
VirtualSize	`0x1570c`
VirtualAddress	`0x50000`
SizeOfRawData	`0x15800`
PointerToRawData	`0x4f000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.26383`

.data

MD5	`22fba981a0ab810b787a627f00fdb5de`
SHA1	`101e4662f4ba43feb790ce21327a441b9edcc858`
SHA256	`8fcd5abd21cdcb586b3aafcebd6d8d8b41eb93691830e99cbdcd2c6dfbb04319`
SHA3	`20675711c6cefce30561bbc7f63d18af565821e87799f93751aa8930ab17358f`
VirtualSize	`0x39e4`
VirtualAddress	`0x66000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x64800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.7643`

.pdata

MD5	`532e9904f38df4529ab3f2a7fdd40d45`
SHA1	`020d4fd9371e26d67d95eedc6e8f7ccdeadd20f6`
SHA256	`efb3eb1c20c37cde7a461c30a47076176f93e7259df4ecf309e70d60df4ca7b8`
SHA3	`dd4b7e8a42b6a36c58b7ece54a11d8c707d03392e2138fb17aabd15f03ccf194`
VirtualSize	`0x35c4`
VirtualAddress	`0x6a000`
SizeOfRawData	`0x3600`
PointerToRawData	`0x66800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.63925`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x100`
VirtualAddress	`0x6e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x69e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`1119c786fce1ed2b7b8811edd5277775`
SHA1	`8f89614f4a47b39afa45b46758a697636760924f`
SHA256	`914425d5ec603596e299eae5de61d09fbfd08325cd3488d8f166f976b6cf9bbc`
SHA3	`f8f7c314ca8d3a5245cd997335ef49bdae5179ad0e3cef34964b4b0c42b68260`
VirtualSize	`0x1e8`
VirtualAddress	`0x6f000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6a000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.77204`

.reloc

MD5	`ffb703011ea1c54da5ae15de7af6a4f3`
SHA1	`8b3fc983114ec5bc96562f1c87edc65f8a76c753`
SHA256	`fabef5e58043103d874fb2f1f6a79de317d1f0022c43875167a7f2477b829caf`
SHA3	`d9131616edff6489335ba4693827cb5a8708aa6fddd28c3c486f44807058de90`
VirtualSize	`0xa04`
VirtualAddress	`0x70000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x6a200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.02893`

Imports

KERNEL32.dll	`GetConsoleScreenBufferInfo` `SetConsoleTextAttribute` `GetStdHandle` `Sleep` `GetTickCount64` `FillConsoleOutputCharacterW` `FillConsoleOutputAttribute` `GetCurrentProcessId` `SetConsoleCursorPosition` `QueryPerformanceCounter` `WriteConsoleW` `LocalFree` `FormatMessageA` `GetLocaleInfoEx` `CreateFileW` `FindClose` `FindFirstFileW` `FindFirstFileExW` `FindNextFileW` `GetFileAttributesExW` `SetFileInformationByHandle` `AreFileApisANSI` `CloseHandle` `GetLastError` `GetModuleHandleW` `GetProcAddress` `GetFileInformationByHandleEx` `MultiByteToWideChar` `WideCharToMultiByte` `GetCurrentThreadId` `EncodePointer` `DecodePointer` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `WakeAllConditionVariable` `SleepConditionVariableSRW` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionEx` `DeleteCriticalSection` `LCMapStringEx` `GetSystemTimeAsFileTime` `GetStringTypeW` `GetCPInfo` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `IsDebuggerPresent` `GetStartupInfoW` `InitializeSListHead` `RtlUnwindEx` `RtlPcToFileHeader` `RaiseException` `SetLastError` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `LoadLibraryExW` `CreateThread` `ExitThread` `FreeLibraryAndExitThread` `GetModuleHandleExW` `GetConsoleCP` `ExitProcess` `GetModuleFileNameW` `WriteFile` `GetCommandLineA` `GetCommandLineW` `HeapAlloc` `HeapFree` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `VirtualProtect` `CompareStringW` `LCMapStringW` `GetLocaleInfoW` `IsValidLocale` `GetUserDefaultLCID` `EnumSystemLocalesW` `GetConsoleMode` `SetConsoleMode` `GetNumberOfConsoleInputEvents` `ReadConsoleInputW` `PeekConsoleInputA` `ReadConsoleW` `GetFileType` `FlushFileBuffers` `GetConsoleOutputCP` `ReadFile` `GetFileSizeEx` `SetFilePointerEx` `HeapReAlloc` `IsValidCodePage` `GetACP` `GetOEMCP` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetEnvironmentVariableW` `GetProcessHeap` `SetStdHandle` `HeapSize` `RtlUnwind`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Mar-28 14:10:14
Version	`0.0`
SizeofData	`1032`
AddressOfRawData	`0x5feec`
PointerToRawData	`0x5eeec`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2026-Mar-28 14:10:14
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2026-Mar-28 14:10:14
Version	`0.0`
SizeofData	`4`
AddressOfRawData	`0x6031c`
PointerToRawData	`0x5f31c`

TLS Callbacks

StartAddressOfRawData	`0x140060340`
EndAddressOfRawData	`0x140060348`
AddressOfIndex	`0x140068d48`
AddressOfCallbacks	`0x140050478`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140066080`

RICH Header

XOR Key	`0xc86280f9`
Unmarked objects	`0`
C++ objects (33145)	`173`
C objects (33145)	`18`
ASM objects (33145)	`8`
ASM objects (35207)	`10`
C objects (35207)	`17`
C++ objects (35207)	`91`
Imports (33145)	`3`
Total imports	`160`
C++ objects (LTCG) (35225)	`5`
Resource objects (35225)	`1`
Linker (35225)	`1`

Errors

Leave a comment

No comments yet.