Manalyze report for e05f154939714ff8110a30ca2778d9e8953cdc38db9670407ed7bb34cff9d27b

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-May-10 11:13:41
Detected languages	English - United States
Debug artifacts	C:\Users\Volxp\source\repos\static-injector\x64\Release\static-injector.pdb

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Malicious	The PE contains functions mostly used by malware.	`Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowA` `Code injection capabilities: OpenProcess VirtualAllocEx WriteProcessMemory` `Possibly launches other programs: CreateProcessA` `Manipulates other processes: OpenProcess Process32Next ReadProcessMemory WriteProcessMemory Process32First`
Malicious	VirusTotal score: 3/71 (Scanned on 2026-05-14 19:32:28)	`Bkav: W32.Malware.8AD1988E` `CrowdStrike: win/malicious_confidence_70% (D)` `Symantec: ML.Attribute.HighConfidence`

Hashes

MD5	`cc94e211942d60dc8ec0d6b21dbee51c`
SHA1	`a07c97480b6a07abc5ebb2c9fa656cf15f69d740`
SHA256	`e05f154939714ff8110a30ca2778d9e8953cdc38db9670407ed7bb34cff9d27b`
SHA3	`1aff36c34414b8791beed15c9f33bcbb5700588b14261789fdc29de0bf20a9c3`
SSDeep	`1536:0IkmHzbjtFQLrX9o/BLYdAnrmsdZC3J8tBYD:QWb5FQLR0BmAnrLAJ8tBY`
Imports Hash	`386a6e3f7774bcdb1e142e10de823a78`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2026-May-10 11:13:41
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xd400`
SizeOfInitializedData	`0x8000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000000CE94 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x19000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`26f5ec73944685b117c19a6208e07d9a`
SHA1	`2211552326aade4ab1074a35a391028204ed1836`
SHA256	`a22de2d3c73716f300a1ef12eaf52b7d5216dd81c0770dfb131369b9b7ba382c`
SHA3	`1da81c3622c180d9e82f8d17b3c5cf3dd705d56c8fadeda92d11c576f50b5b40`
VirtualSize	`0xd2d3`
VirtualAddress	`0x1000`
SizeOfRawData	`0xd400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.18987`

.rdata

MD5	`1b82771d94a1750bb94f235c4b68f450`
SHA1	`4b33f9209050b7e3c1577f25ac6d62a90f908cd5`
SHA256	`2b770ee486c6a51781c1a9ead475b115a7557aef177c8f4902fcb7a478144b47`
SHA3	`3965d80a9e941bb6f15a8d96d9b448edba2212226117654aeaacdf25f689f94d`
VirtualSize	`0x5ce6`
VirtualAddress	`0xf000`
SizeOfRawData	`0x5e00`
PointerToRawData	`0xd800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.89667`

.data

MD5	`9f080030ca95c447b1f26ed28c45b270`
SHA1	`67475d1a433fc44c5d00862d2c12bcef8f8904bb`
SHA256	`b5ab5cf396756a09871cd0dc73bc86e7f071f637361e8c2f243c49239f68a86f`
SHA3	`d26754aebe0096c483b601d31596de43db2cdf64390243e1d85060811bc7c405`
VirtualSize	`0xc90`
VirtualAddress	`0x15000`
SizeOfRawData	`0x800`
PointerToRawData	`0x13600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.22587`

.pdata

MD5	`23b9e922aaf3c38766731f1c0914a035`
SHA1	`42ddc6482a225ba1d7b5aa4e9fd960ea932c2611`
SHA256	`3368517f9be47ec1b3ab9dd098ec06f4fc1535813189efa21293045783d45e48`
SHA3	`e5774b6868dc07c0dbbf0e501946152389b8e54845387a49ab32054fe409ba32`
VirtualSize	`0xf3c`
VirtualAddress	`0x16000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x13e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.78136`

.rsrc

MD5	`2c9bc3c453765c5a8e37ea178e81aa1b`
SHA1	`974f84a1c1efa7c6e0d963ce7479765c9444963a`
SHA256	`15f6ad57552d43f7cae352a593cfdf6be16c96fb903b6f7de618808ee1685819`
SHA3	`e8e0136fa0ac3c6c54952814f8fbbcbd7708f853b22f51ceaedc2db0dafd2a3a`
VirtualSize	`0x1e0`
VirtualAddress	`0x17000`
SizeOfRawData	`0x200`
PointerToRawData	`0x14e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.71006`

.reloc

MD5	`ef16868625e2989e6309bdb07b3d822b`
SHA1	`54719026fffc0e6f11f20f3865f4d8135e322e9c`
SHA256	`e17fa075f03c8749a01426ff230cffd55938004e6d65eebde33f7c21f04e1f77`
SHA3	`d6d1d582ac6c6a93a07a4fdb7a76d336f2787e0d06601483e4549fe86cf3deb0`
VirtualSize	`0x10c`
VirtualAddress	`0x18000`
SizeOfRawData	`0x200`
PointerToRawData	`0x15000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.35649`

Imports

KERNEL32.dll	`OpenProcess` `CreateToolhelp32Snapshot` `Process32Next` `CloseHandle` `VirtualAllocEx` `CreateProcessA` `WideCharToMultiByte` `QueryFullProcessImageNameW` `ReadProcessMemory` `VirtualQueryEx` `MultiByteToWideChar` `LocalFree` `VirtualQuery` `WriteProcessMemory` `GetCurrentProcess` `WaitForSingleObject` `GetModuleHandleA` `GetLastError` `K32GetModuleInformation` `GetProcAddress` `K32EnumProcessModulesEx` `K32GetModuleBaseNameA` `K32EnumProcesses` `K32EnumProcessModules` `GetCurrentDirectoryW` `InitializeSListHead` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `GetCurrentProcessId` `TerminateProcess` `Process32First` `DuplicateHandle` `Sleep` `CreateDirectoryW` `CreateFileW` `FindClose` `FindFirstFileW` `FindFirstFileExW` `FindNextFileW` `GetFileAttributesExW` `GetFileInformationByHandle` `SetFileInformationByHandle` `AreFileApisANSI` `DeviceIoControl` `GetModuleHandleW` `CopyFileW` `GetFileInformationByHandleEx` `CreateSymbolicLinkW` `FormatMessageA` `GetLocaleInfoEx` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsProcessorFeaturePresent` `IsDebuggerPresent` `QueryPerformanceCounter`
USER32.dll	`MessageBoxA` `GetWindowThreadProcessId` `FindWindowA`
MSVCP140.dll	`?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z` `?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z` `?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ` `?good@ios_base@std@@QEBA_NXZ` `?always_noconv@codecvt_base@std@@QEBA_NXZ` `?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A` `?_Winerror_map@std@@YAHH@Z` `?_Syserror_map@std@@YAPEBDH@Z` `?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?_Xlength_error@std@@YAXPEBD@Z` `?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z` `?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z` `?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `?_Xout_of_range@std@@YAXPEBD@Z` `?_Id_cnt@id@locale@std@@0HA` `?_Xbad_alloc@std@@YAXXZ` `?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ` `?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?uncaught_exceptions@std@@YAHXZ` `??0_Lockit@std@@QEAA@H@Z` `??1_Lockit@std@@QEAA@XZ`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`__std_terminate` `memcmp` `__current_exception` `__std_exception_destroy` `__C_specific_handler` `_CxxThrowException` `memset` `memmove` `__std_exception_copy` `__current_exception_context` `memcpy`
api-ms-win-crt-stdio-l1-1-0.dll	`fputc` `fclose` `fgetc` `fwrite` `fgetpos` `setvbuf` `ungetc` `fsetpos` `fread` `_get_stream_buffer_pointers` `__acrt_iob_func` `__stdio_common_vfprintf` `getchar` `fflush` `__p__commode` `_set_fmode` `_fseeki64`
api-ms-win-crt-heap-l1-1-0.dll	`_callnewh` `_set_new_mode` `malloc` `free`
api-ms-win-crt-runtime-l1-1-0.dll	`_set_app_type` `_seh_filter_exe` `_register_thread_local_exe_atexit_callback` `_c_exit` `abort` `__p___argv` `terminate` `exit` `__p___argc` `_configure_narrow_argv` `_initialize_narrow_environment` `_initialize_onexit_table` `_register_onexit_function` `_crt_atexit` `_exit` `_initterm_e` `_initterm` `_get_initial_narrow_environment` `_cexit` `_invoke_watson`
api-ms-win-crt-filesystem-l1-1-0.dll	`_lock_file` `_unlock_file`
api-ms-win-crt-string-l1-1-0.dll	`_stricmp`
api-ms-win-crt-locale-l1-1-0.dll	`___lc_codepage_func` `_configthreadlocale`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-May-10 11:13:41
Version	`0.0`
SizeofData	`100`
AddressOfRawData	`0x112e4`
PointerToRawData	`0xfae4`
Referenced File	C:\Users\Volxp\source\repos\static-injector\x64\Release\static-injector.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-May-10 11:13:41
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x11348`
PointerToRawData	`0xfb48`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-May-10 11:13:41
Version	`0.0`
SizeofData	`800`
AddressOfRawData	`0x1135c`
PointerToRawData	`0xfb5c`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2026-May-10 11:13:41
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140015040`

RICH Header

XOR Key	`0x70b5210b`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`16`
ASM objects (35207)	`4`
C objects (35207)	`10`
C++ objects (35207)	`33`
Imports (35207)	`6`
Imports (33145)	`7`
Total imports	`240`
ASM objects (35222)	`1`
C++ objects (LTCG) (35226)	`7`
Resource objects (35226)	`1`
Linker (35226)	`1`

Errors

Leave a comment

No comments yet.