Manalyze report for d6dd1803edc5fd61ba5f6ee80111b73f061ecb217cfe0c225ac85d026070660c

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-May-26 18:01:40
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	The PE is possibly packed.	`Section .textbss is both writable and executable.` `Unusual section name found: .msvcjmc` `Unusual section name found: .metadat`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`bb71f2484c727f506ce16f523da14b5c`
SHA1	`b1fbcd85dc64d625d1ed51812b23fe74db9be584`
SHA256	`d6dd1803edc5fd61ba5f6ee80111b73f061ecb217cfe0c225ac85d026070660c`
SHA3	`07d2b1f56440aaee6a57e433a7612bc277637a84b0182a68cb24ce7c53dcc056`
SSDeep	`384:DvGwL3pnn0Uax4fSJlIzwseSeT/yYixcfIBm/qKTdwARjiQfB1X1CA69XM8Lm9:zqzxU4yPh76jDBTCA69cim`
Imports Hash	`20c750c76c4205378fe496453b8ddc37`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`11`
TimeDateStamp	2026-May-26 18:01:40
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x8e00`
SizeOfInitializedData	`0x8200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000112D0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x2a000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.textbss

MD5	`fcd6bcb56c1689fcef28b57c22475bad`
SHA1	`1adc95bebe9eea8c112d40cd04ab7a8d75c4f961`
SHA256	`de2f256064a0af797747c2b97505dc0b9f3df0de4f489eac731c23ae9ca9cc31`
SHA3	`b843518c43581f4dc3563115943a72ec61580cdb7c6160568ae2ffa7f1a769c4`
VirtualSize	`0x10000`
VirtualAddress	`0x1000`
SizeOfRawData	`0x10000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.text

MD5	`068f5b8a5db4f55c6e093cdad987a1b0`
SHA1	`9b47f8ad14ba77d33043d427950073da0e12dfcc`
SHA256	`0b02f9a5b96dac7374fd7b2565ca579ce3a149ec8148e871a4ac2b2588298fbd`
SHA3	`25597dc89b7b6f5d4429b3272670cc4597e89f8d626bcfbb1e5871e7dc816b85`
VirtualSize	`0x8d03`
VirtualAddress	`0x11000`
SizeOfRawData	`0x8e00`
PointerToRawData	`0x10400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`3.73744`

.rdata

MD5	`b5b666659d8530781fe779c6c5fda87f`
SHA1	`d4139de3596fd9c559f6680afbb0435d43a0885b`
SHA256	`35ea2664f5c6bb738281b1193d9bd80d5146256ca6c51b448517c2d49065f1d8`
SHA3	`08a2ae091f3da5e51613ec8f8399b0570a1718302ca7bb9f0411a3e76b5c12ed`
VirtualSize	`0x2f60`
VirtualAddress	`0x1a000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x19200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.28512`

.data

MD5	`3e6be604af242a4ce635148063968941`
SHA1	`9742df6c426e2c2714055b2b35195996ebda2a94`
SHA256	`a0ac007c151434243c024682a1495cceac0a22f1e49a75049b45339599f3b079`
SHA3	`db9977581630dfe3eaacf7e3556c3904bc90d0f273f00460eb62c439657bc1df`
VirtualSize	`0x948`
VirtualAddress	`0x1d000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x1c200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.15336`

.pdata

MD5	`13a95890b5f0947d6f058ca9c30a3e01`
SHA1	`bc4466467455454fc43a214aa693963caf12139b`
SHA256	`2d07a41ae992770085117e9815300bfd0730745883e60b24aaad5e69dfc087ae`
SHA3	`bd6056914399cc93c6bc9bf102d8e61ee8c5dc287a60f02f46fd51863d86ba17`
VirtualSize	`0x222c`
VirtualAddress	`0x1e000`
SizeOfRawData	`0x2400`
PointerToRawData	`0x1cc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0`

.idata

MD5	`22b060f89a69d399bbc1c1bb6efc0a37`
SHA1	`d2dd1dd6db7c4d155c366b1ea019317277ed8735`
SHA256	`294e22407a6686246b56e462e956d07d8e492ba93bb00b64a688e8b4ebc4a2e0`
SHA3	`269e9449d74075c9902259f76d922b2c358431f281fb63e54608dfbbbc334ee3`
VirtualSize	`0x1526`
VirtualAddress	`0x21000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x1f000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.72755`

.msvcjmc

MD5	`dd83952b433f237b08746c26e6b2ca43`
SHA1	`e624549e07dd4a3535f27a9d1f3ca31c42d24b08`
SHA256	`369f98724b27c757b96ce576932efb513c8264a257ace37ad34472d1647c9e3b`
SHA3	`ec58ec05ae9ab516f0a4245f29938ea8beec43ddb38999ad76c1cbb43b8d0c12`
VirtualSize	`0x18e`
VirtualAddress	`0x23000`
SizeOfRawData	`0x200`
PointerToRawData	`0x20600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.782209`

.00cfg

MD5	`2f965dabf1229a5cbd2f2d74be8d31d7`
SHA1	`5460dde2ad0c1f196ab44d029ad9e38274590a18`
SHA256	`efb48be8a21c59832b6c7cf87e61acf05ff4c59e2cc1e601bc4e21ad59c61dd8`
SHA3	`a7493479ce87f6a2806252d4f88759088861cd43d4f977db53ea1893175e99fa`
VirtualSize	`0x175`
VirtualAddress	`0x24000`
SizeOfRawData	`0x200`
PointerToRawData	`0x20800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.464548`

.rsrc

MD5	`53e979547d8c2ea86560ac45de08ae25`
SHA1	`53ea2cb716f312714685c92b6be27e419f8c746c`
SHA256	`80422bc3d307b4a25bdafcc84ac7fb01cb55a09810e8b0f37bb12e0edb5c48ca`
SHA3	`98b444d887d755b7913e4a144d8a6ac6d1f2d7f0c3db6ba026997ec5f45d9573`
VirtualSize	`0x43c`
VirtualAddress	`0x25000`
SizeOfRawData	`0x600`
PointerToRawData	`0x20a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0`

.reloc

MD5	`0f343b0931126a20f133d67c2b018a3b`
SHA1	`60cacbf3d72e1e7834203da608037b1bf83b40e8`
SHA256	`5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef`
SHA3	`6841b2c10aa6e5f7a384143e4de58fbc9aa28a4b742e9ad4ed14ba148a723a43`
VirtualSize	`0x27a`
VirtualAddress	`0x26000`
SizeOfRawData	`0x400`
PointerToRawData	`0x21000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0`

.metadat

MD5	`09fd414eaa255911abf6cadeb12edc85`
SHA1	`dd1948d671791203b1c531a995ea71fb986f169c`
SHA256	`1d60fcdf3c068106037399133bdad0f8cc1efd68ae0f67af9b11e12f07ca4910`
SHA3	`fcebb3fc60e3f686f032e09d9571d6fced183ac2b111b19c7bf62bcdfc8f24a7`
VirtualSize	`0x2494`
VirtualAddress	`0x27000`
SizeOfRawData	`0x2600`
PointerToRawData	`0x21400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.74769`

Imports

MSVCP140D.dll	`?good@ios_base@std@@QEBA_NXZ` `?flags@ios_base@std@@QEBAHXZ` `?width@ios_base@std@@QEBA_JXZ` `?width@ios_base@std@@QEAA_J_J@Z` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ` `?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `?uncaught_exception@std@@YA_NXZ` `?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ` `?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ`
VCRUNTIME140_1D.dll	`__CxxFrameHandler4`
VCRUNTIME140D.dll	`__C_specific_handler` `__C_specific_handler_noexcept` `__std_type_info_destroy_list` `memcpy` `__current_exception` `__current_exception_context` `__vcrt_GetModuleFileNameW` `__vcrt_GetModuleHandleW` `__vcrt_LoadLibraryExW`
ucrtbased.dll	`_execute_onexit_table` `_crt_atexit` `_crt_at_quick_exit` `terminate` `_wmakepath_s` `_wsplitpath_s` `wcscpy_s` `_register_onexit_function` `__stdio_common_vsprintf_s` `strcat_s` `strcpy_s` `__p__commode` `_set_new_mode` `_register_thread_local_exe_atexit_callback` `_c_exit` `_initialize_onexit_table` `__p___argv` `__p___argc` `_set_fmode` `_exit` `exit` `_initterm_e` `_initterm` `_get_initial_narrow_environment` `_initialize_narrow_environment` `_configure_narrow_argv` `__setusermatherr` `_set_app_type` `_seh_filter_exe` `_CrtDbgReportW` `_CrtDbgReport` `strlen` `_cexit` `_seh_filter_dll` `_configthreadlocale`
KERNEL32.dll	`FreeLibrary` `IsDebuggerPresent` `RaiseException` `MultiByteToWideChar` `WideCharToMultiByte` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetSystemTimeAsFileTime` `InitializeSListHead` `GetStartupInfoW` `GetModuleHandleW` `GetLastError` `HeapAlloc` `HeapFree` `GetProcessHeap` `VirtualQuery` `GetProcAddress` `GetCurrentThreadId`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14001d000`

RICH Header

XOR Key	`0x59a5d7ba`
Unmarked objects	`0`
ASM objects (35207)	`3`
C objects (35207)	`11`
C++ objects (35207)	`25`
Imports (35207)	`7`
Imports (33140)	`4`
Total imports	`85`
C++ objects (35217)	`1`
Resource objects (35217)	`1`
Linker (35217)	`1`

Errors

[!] Error: Could not read PDB file information of invalid magic number.

Leave a comment

No comments yet.