Manalyze report for de01f2ed507abaaeae3eb62196ed33f05a5defc81608ac441322087fa3ce3098

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Dec-08 03:59:27
Detected languages	English - United States
TLS Callbacks	2 callback(s) detected.

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .buildid`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryW`
Suspicious	The PE is possibly a dropper.	`Resources amount for 90.5279% of the executable.`
Safe	VirusTotal score: 0/69 (Scanned on 2026-05-15 03:12:31)	`All the AVs think this file is safe.`

Hashes

MD5	`d8d99bf9c903145f1f72afe73b7ce99f`
SHA1	`def677cd75ebcad1d7623141b8ed3605932e2ad8`
SHA256	`de01f2ed507abaaeae3eb62196ed33f05a5defc81608ac441322087fa3ce3098`
SHA3	`b0ae6c62c7c6d52b3eb96424dcb24710cad452845c11cbd33ada05fa906562aa`
SSDeep	`3072:waTmSXZLAVdYnfMN0oRpxAYXb4GxH0VZ:waTNXZLrnUiesYXbiV`
Imports Hash	`a9563ca2ee659a9314820bead4ec962b`

DOS Header

e_magic	`MZ`
e_cblp	`0x78`
e_cp	`0x1`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0`
e_ss	`0`
e_sp	`0`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x78`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2024-Dec-08 03:59:27
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x1e00`
SizeOfInitializedData	`0x17600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001140 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x2f000`
SizeOfHeaders	`0x400`
Checksum	`0x3632b`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`612f13b1a20949bba1c805c638495c00`
SHA1	`8e74a79958acf6488fe615dee4173a4b96e39fae`
SHA256	`4ab9a6254f73f4956601a46361357f0ad92d238a43ae6f8eab200fa5047c1415`
SHA3	`1e7a84cf73f8503dee0f05389252d65ec5d8e1cb349fe970a29a24a6db3def5a`
VirtualSize	`0x1c86`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.77527`

.rdata

MD5	`dcb7faae7abc7c1dfadac4c2855067fa`
SHA1	`cae7ca686a9024d78f8289ce8674185151ec9550`
SHA256	`38d9791ed6ef45149712782f4a0ccfb42f23c02b3a4492ca7f03e53b9cbdecdc`
SHA3	`7f6f0f51025e8dd9feeb07420ea2050bd7396785845219b11465ff5de10d62bc`
VirtualSize	`0x114c`
VirtualAddress	`0x3000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x2200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.35065`

.buildid

MD5	`b839218e0b39eca7a3277dbf8b74976c`
SHA1	`952675409da6cc8ba17f8abf168b4c7beb86fa08`
SHA256	`0f424b652b1ade73ddf3abd5f3b22eb3677461110cda26d536165aaf4ead2af7`
SHA3	`2178090fa3facc18505d6816da828bee38c0ea6afefff40af909eaf2a204627f`
VirtualSize	`0x35`
VirtualAddress	`0x5000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.596849`

.data

MD5	`d36e8e0be902e9d81289ba090cc311e5`
SHA1	`6d2c8cf042080bc1196e5565f5b2aa7854c74458`
SHA256	`a028f657d3a4672e79bfecb170e886116cbd0b06e428d842c91c20f05784ec66`
SHA3	`eb6eebff34b04427a10388b0c0285cbd5904f812b78d60a49dbd74bd6afa4325`
VirtualSize	`0x1bc`
VirtualAddress	`0x6000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.42505`

.pdata

MD5	`96b91119ce3f4f34345e33b607b00a4d`
SHA1	`47f375ecbcc5dee11fcadc69f4f66feaa2812e65`
SHA256	`6b6d61042d983cc28576e611fed69c351522e7188a7fe4ad6b870276bff8351d`
SHA3	`f839da7b9cf99a56b06fe69b6fc83d09a617654109243f8a352898a60c299d0c`
VirtualSize	`0x18c`
VirtualAddress	`0x7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.12203`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x10`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`eec464f71b418db71c8f583d80e3794d`
SHA1	`6c9ea08eb68b542e936a7eeb6357f724be55f877`
SHA256	`e02dae801b12bc0ee653a166f011c871cbc15407498291db61f75d7f204ab9f1`
SHA3	`41629452af5c82a07b96a614484257781b1137594ec88ad8551c59b1639f76d8`
VirtualSize	`0x2570c`
VirtualAddress	`0x9000`
SizeOfRawData	`0x25800`
PointerToRawData	`0x3c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.54555`

Imports

api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `calloc` `free` `malloc`
api-ms-win-crt-private-l1-1-0.dll	`__C_specific_handler` `memcpy`
api-ms-win-crt-runtime-l1-1-0.dll	`__p___argc` `__p___argv` `__p___wargv` `__p__wcmdln` `_cexit` `_configure_narrow_argv` `_configure_wide_argv` `_crt_at_quick_exit` `_crt_atexit` `_initialize_narrow_environment` `_initialize_wide_environment` `_initterm` `_set_app_type` `_set_invalid_parameter_handler` `abort` `exit` `signal`
api-ms-win-crt-stdio-l1-1-0.dll	`__acrt_iob_func` `__p__commode` `__p__fmode` `__stdio_common_vfprintf` `__stdio_common_vfwprintf` `__stdio_common_vswprintf` `fwrite`
api-ms-win-crt-string-l1-1-0.dll	`_wcsdup` `memset` `strlen` `strncmp` `wcslen`
USER32.dll	`MessageBoxW`
KERNEL32.dll	`DeleteCriticalSection` `EnterCriticalSection` `GetLastError` `GetProcAddress` `GetStartupInfoW` `InitializeCriticalSection` `LeaveCriticalSection` `LoadLibraryW` `SetDllDirectoryW` `SetUnhandledExceptionFilter` `Sleep` `TlsGetValue` `VerSetConditionMask` `VerifyVersionInfoW` `VirtualProtect` `VirtualQuery`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-environment-l1-1-0.dll	`__p__environ` `__p__wenviron`
api-ms-win-crt-time-l1-1-0.dll	`__daylight` `__timezone` `__tzname` `_tzset`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.91025`
MD5	`54e8ca70de6ac511f8faaf55ebdbd36c`
SHA1	`fbad8070ec2856ef0bd9459db5d4e7af4df3a4f0`
SHA256	`7e8f8563f6fa6a10f27b2268947b5635ae5d93e46a30d4ce2c2a8af12751a051`
SHA3	`587fab94895295837d0c2aeb56c5ccb82525f086aa85150e91b27b52dc3395a1`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.79126`
MD5	`abb0f8805557b9225fd337096abfc2e6`
SHA1	`5de62225862b4370d11d95bdf01b6a6ba7146967`
SHA256	`e7a9d3041dc17344829c736cc80b7a055211dc5c2dd85d448998d3f8de54dee3`
SHA3	`8df849f52307b310009b9eb255509df22c92e5a637b0699636f0d678722581a1`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.48605`
MD5	`fa0c5b021cc384ee6011bd875d81162c`
SHA1	`104eed1225493f8d4853e11465f1adb5ffc8b819`
SHA256	`9408d18fa52fdc66c6b477be5e508e75ed08f4c734b100baec85038ea99c28e4`
SHA3	`03f1b6c52548727c61a993411fe2802675c8e4203784ef07c2f5575f5b887d03`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.29881`
MD5	`46e33ebba70b802c596f44eb0ff92b71`
SHA1	`c5d65d4ea391b1b12d28f13b26443a997ad3f43e`
SHA256	`962353964d304883290e7d25279278226f95214f8626763f628ab68490e430a7`
SHA3	`788b3e55247d2d59a84167e29fc05789f6159df9d717d4f4bf092a9b361cf5e3`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.0903`
MD5	`3e7e5844fac73a8428fb1ee10614a5bd`
SHA1	`df8e23801e8740ba48993b0f3125e9515fbdc03e`
SHA256	`8e3c2436eceb732673422323e151e5d55d49ef47ea77efaef2d0acf634c7c95f`
SHA3	`b57b90ac6cb55dc94e800f89e16362c00ab1d34f197c5e0680b0d9a4f017d5ba`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xd01a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98963`
Detected Filetype	PNG graphic file
MD5	`f0fe9cd9d164d36f40ab37884bd7abe4`
SHA1	`ef7ea0a4edde0a67f45635c14db8d50060f14e14`
SHA256	`4a9aca4653673ca16dc49776f203d7ac84f0e755de7e81a2d87824b764fb5203`
SHA3	`3228fb70a339f4b44016a7f258f79ea8ac6e48d92437897e208488d12bb2acf8`

1 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.79908`
Detected Filetype	Icon file
MD5	`65f11a66cb5e9ef1f73e04a59e429bb3`
SHA1	`f48a619d9818f90eed4c570975d08c23d7ad88f6`
SHA256	`f6cb6f6dd1e39cc1002ceb6eb2f37b375bbd176acb8736fc77d436345a28e191`
SHA3	`19e73f1e636a36855a2e3b7676f03b1f4c8453cbe8948d408627cf37bdb4dac0`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2024-Dec-08 03:59:27
Version	`0.0`
SizeofData	`25`
AddressOfRawData	`0x501c`
PointerToRawData	`0x341c`

TLS Callbacks

StartAddressOfRawData	`0x140008000`
EndAddressOfRawData	`0x140008008`
AddressOfIndex	`0x140006128`
AddressOfCallbacks	`0x140003530`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`0x0000000140001780` `0x0000000140001800`

Load Configuration

RICH Header

Errors

[!] Error: Could not read an IMAGE_BASE_RELOCATION!

Leave a comment

No comments yet.