Manalyze report for e37b4159f1c4a2781fea370878a200a0675204730c45a64387adedbc214f4911

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Feb-28 10:43:36

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Looks for Qemu presence: qemu`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: GetTempPathW CreateFileW` `Functions related to the privilege level: OpenProcessToken` `Enumerates local disk drives: GetDriveTypeW`
Suspicious	The file contains overlay data.	`9142901 bytes of data starting at offset 0x6fc00.` `The overlay data has an entropy of 7.99837 and is possibly compressed or encrypted.` `Overlay data amounts for 95.2323% of the executable.`
Malicious	VirusTotal score: 7/72 (Scanned on 2026-03-05 23:19:26)	`APEX: Malicious` `Bkav: W64.AIDetectMalware` `CrowdStrike: win/malicious_confidence_100% (D)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `Elastic: malicious (moderate confidence)` `SentinelOne: Static AI - Suspicious PE`

Hashes

MD5	`7e921ff9ae3cb982c7b956ac48454a0e`
SHA1	`7af1dd6036d6cd575b2c2da399891942a3e7ab50`
SHA256	`e37b4159f1c4a2781fea370878a200a0675204730c45a64387adedbc214f4911`
SHA3	`2f5fd2b96806a250b37d86e543afac2b8bb671576089f96264eae289136476c3`
SSDeep	`196608:tk0wqe5urHmqQ3qemdUSCtsoMi6By14qM9qPixo8eOnyc:tPYuCq6mdUSCoy14lw+8c`
Imports Hash	`dcaf48c1f10b0efa0a4472200f3850ed`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2026-Feb-28 10:43:36
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x2c600`
SizeOfInitializedData	`0x43200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000000DFA0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x79000`
SizeOfHeaders	`0x400`
Checksum	`0x934b71`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x1e8480`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`fe1a4732883ce431166d66ecb765b28e`
SHA1	`2110e916aac8ceca0aff8fac71279a4404d1204b`
SHA256	`bf1ad991c2350ab9408ca71f2c82d95b410b3b5a8c323514ea841adcf9478194`
SHA3	`685b4b9bb824ff236223b93263bf11304f1f36249fbd6f937dca11891c9386a1`
VirtualSize	`0x2c470`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2c600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.46276`

.rdata

MD5	`30121d1ff3fafdb10446ac87089995db`
SHA1	`a74b76fd3f782832c616e93c71de1c34b09913eb`
SHA256	`91170d1a1e96bd4f688db037c382d12fa5bef86c3e9844e2334863387c880a38`
SHA3	`8ffeb725f1cb6aac4a2971a0922384908231d163ed4bb383970323cbe0ace49e`
VirtualSize	`0x13b78`
VirtualAddress	`0x2e000`
SizeOfRawData	`0x13c00`
PointerToRawData	`0x2ca00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.75511`

.data

MD5	`480ab7be9be730afcebb349cd1d2328a`
SHA1	`ded45b1e3b731c13795e36c5d7e8f3dac03f9634`
SHA256	`5bf16564eab136ff8a49b29867918b49a778978cd4c5acf2fb5ccdd19340831c`
SHA3	`665776fd9e8a604af79a90d67204a109fae9ce0d6a01405a4d85231867f7a494`
VirtualSize	`0x50b0`
VirtualAddress	`0x42000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x40600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.8161`

.pdata

MD5	`181207c9744a54a87a1d6cff3cfa9919`
SHA1	`a670345ff2911f8f6763c1973ac4c5fd29f132a9`
SHA256	`52b9b4d42f0b332e55608f6bf5446fcb11f6f9fc4e3267b5b0e64d86b6d099f8`
SHA3	`ee1eb803cb2d9711d7b3affe83928dd572cd4d05c8211457c0f274200abc1623`
VirtualSize	`0x2424`
VirtualAddress	`0x48000`
SizeOfRawData	`0x2600`
PointerToRawData	`0x41400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.31997`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x100`
VirtualAddress	`0x4b000`
SizeOfRawData	`0x200`
PointerToRawData	`0x43a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`786b87c433631a893305082e36b7028b`
SHA1	`6d77a984b52b9d0835a782e8b6229c71495bbf67`
SHA256	`92521f7685393c13a2f2d4f3784dfec6c0c2c5b873ad8903f7aa6c89c0bbec18`
SHA3	`60ecbbdbf1366133b2bef431a9e8876f12e5e71f81a6d84151958867ce6965d1`
VirtualSize	`0x2b76c`
VirtualAddress	`0x4c000`
SizeOfRawData	`0x2b800`
PointerToRawData	`0x43c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.78564`

.reloc

MD5	`2b6e08476851652d83b5fd30f90f9ad7`
SHA1	`b61504ed73820ed543f7df51e5227d17e517badb`
SHA256	`c80cd8828e3293d84bf4a1764b2d6611ca75492eef2fbf318645b9dbe3731db6`
SHA3	`403fee35fd8e088c0269d849358d33217081fa4c577a1530a25d0911ed5bcf3e`
VirtualSize	`0x774`
VirtualAddress	`0x78000`
SizeOfRawData	`0x800`
PointerToRawData	`0x6f400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.26439`

Imports

USER32.dll	`CreateWindowExW` `ShutdownBlockReasonCreate` `MsgWaitForMultipleObjects` `ShowWindow` `DestroyWindow` `RegisterClassW` `DefWindowProcW` `PeekMessageW` `DispatchMessageW` `TranslateMessage` `PostMessageW` `GetMessageW` `MessageBoxW` `MessageBoxA` `SystemParametersInfoW` `DestroyIcon` `SetWindowLongPtrW` `GetWindowLongPtrW` `GetClientRect` `InvalidateRect` `ReleaseDC` `GetDC` `DrawTextW` `GetDialogBaseUnits` `EndDialog` `DialogBoxIndirectParamW` `MoveWindow` `SendMessageW`
COMCTL32.dll	`#380`
KERNEL32.dll	`GetACP` `IsValidCodePage` `GetStringTypeW` `GetFileAttributesExW` `SetEnvironmentVariableW` `FlushFileBuffers` `LCMapStringW` `CompareStringW` `VirtualProtect` `InitializeCriticalSectionEx` `GetOEMCP` `GetCPInfo` `GetLastError` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `GetModuleHandleW` `MulDiv` `FormatMessageW` `GetModuleFileNameW` `SetDllDirectoryW` `GetEnvironmentStringsW` `SetErrorMode` `CreateDirectoryW` `GetCommandLineW` `GetEnvironmentVariableW` `ExpandEnvironmentStringsW` `DeleteFileW` `FindClose` `FindFirstFileW` `FindNextFileW` `GetDriveTypeW` `RemoveDirectoryW` `GetTempPathW` `CloseHandle` `QueryPerformanceCounter` `QueryPerformanceFrequency` `WaitForSingleObject` `Sleep` `GetCurrentProcess` `TerminateProcess` `GetExitCodeProcess` `CreateProcessW` `GetStartupInfoW` `LocalFree` `SetConsoleCtrlHandler` `K32EnumProcessModules` `K32GetModuleFileNameExW` `CreateFileW` `FindFirstFileExW` `GetFinalPathNameByHandleW` `MultiByteToWideChar` `WideCharToMultiByte` `FlsFree` `FreeEnvironmentStringsW` `GetProcessHeap` `GetTimeZoneInformation` `HeapSize` `HeapReAlloc` `WriteConsoleW` `SetEndOfFile` `CreateSymbolicLinkW` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsProcessorFeaturePresent` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `RtlUnwindEx` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `EncodePointer` `RaiseException` `RtlPcToFileHeader` `GetCommandLineA` `GetFileInformationByHandle` `GetFileType` `PeekNamedPipe` `SystemTimeToTzSpecificLocalTime` `FileTimeToSystemTime` `ReadFile` `GetFullPathNameW` `SetStdHandle` `GetStdHandle` `WriteFile` `ExitProcess` `GetModuleHandleExW` `HeapFree` `GetConsoleMode` `ReadConsoleW` `SetFilePointerEx` `GetConsoleOutputCP` `GetFileSizeEx` `HeapAlloc` `GetCurrentDirectoryW` `FlsAlloc` `FlsGetValue` `FlsSetValue`
ADVAPI32.dll	`OpenProcessToken` `GetTokenInformation` `ConvertStringSecurityDescriptorToSecurityDescriptorW` `ConvertSidToStringSidW`
GDI32.dll	`SelectObject` `DeleteObject` `CreateFontIndirectW`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.1928`
MD5	`863bee49ea0d9e875f4917e55a8273a8`
SHA1	`629ef56cc598c23ed6cab0a74fa15650f5ba6b7d`
SHA256	`f3da1bafeb03f50cad408960a951d2581fb9a7c5066395eedca2940b70b5f16c`
SHA3	`1ccfc53a5c781a84f13769fd48243768c79c01ceed921b06414c9b9d33b7992a`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.00396`
MD5	`14c28c1b55ce2a9cf629c1005c8c26b9`
SHA1	`ebccc3e718ba5b5066c57fb26f089c85802db2ac`
SHA256	`bc27393f9539c1ab2e2b7bbd92821d9263028f7d382617d289a406f7eca47420`
SHA3	`c63fb5ab214a0bb99ed189f2d513f1cd96973e45e0694e317c6bd0bcb2101e3b`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.7702`
MD5	`b09d7ed367af832e28f7c617e58c0a5d`
SHA1	`4e06012d40d57642553579d1614b407f5acf7cd5`
SHA256	`c66ce8394c55343d118a1a41980dc1e6bf9a7424a26d62da3430c45f224ab5a0`
SHA3	`aa9255beaa64a6556f7a31b232365506d71d6687034ebae9355dbc70d6b869a1`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.37374`
MD5	`6c3dc3817e296ab73264840140be8700`
SHA1	`15e37f9af326183b1091fc2e31dfefce9936349a`
SHA256	`d043a22ca2b523493fe292f9330791edc4bd4a3380aea78ac153e847932ea234`
SHA3	`0704a96883bee0504b5c91d28cd78e9f596f037792924358209d06b2ed812561`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.20736`
MD5	`81bc45b261e2d46e94d833598897e76f`
SHA1	`018a9454d5e756689752b9033e1b18ed273e98f7`
SHA256	`1a9d5349853c54b793596b642dcd900062ea8119b4f1cad0d0841448b1a12193`
SHA3	`105bf1b8de00df6db1f8b175818e51d50ce5df870aa13ba85b6481b324653111`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x5488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.15909`
MD5	`7530c87c9b4db88f347e4960fac63dd4`
SHA1	`ffbc74a2ff923496a565e5a88c1c12433ad9a376`
SHA256	`08b6f29a04fc4230721c7036f8ee2b8bc04e0cf2c216f2943ddf9f2183f1cf3e`
SHA3	`f7960a3141e3966bba545c570537dcfe4d9ca2dab42a85e048b30f791cec86b3`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.99037`
MD5	`4dcddf2070fe39e1e419f28af3c30e52`
SHA1	`e8e19baa77da615be93806c83029478d9d37a2c9`
SHA256	`0c258787c72dd5c7ba8c42530045e65615e498695b04a946ec23b8d0dcd81aba`
SHA3	`8fe023b64a98637e4f12cbd7d6d243189227aa5e9f9b222429d431d7361be9b7`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.84961`
MD5	`99fe4375eea6040f32c452350ef58ad0`
SHA1	`dc2a730180f28d25fc4a9b4c7d84529dae7db791`
SHA256	`5d54c0c0e685a487929b4a9bbb94c70e0c5b2aae3b4dabddd1a4ba8e1ba1222a`
SHA3	`e95220de79b3a2dd2d13431292293df41e2fdec22d15b721b6e595967784ea28`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x37ae`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.94041`
Detected Filetype	PNG graphic file
MD5	`eed5cd1428fe7dd10e1ad1f328f522d3`
SHA1	`d2d57ba8000f0d1849f2f953ef2aac2eb8546de0`
SHA256	`7952e535411ac8e2fde9455bf845990a25baa6596cb76d152778368b86f24991`
SHA3	`a5739ac895028aab89e4e13d49256e5e1fe0161bf1f18f4b4386624b96159d10`

1 (#2)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.03466`
Detected Filetype	Icon file
MD5	`40fc3fa2f1da571f051b3db1a4490567`
SHA1	`e0fdeb2fb8752a55f9f04c6ea69fadbd3f15df99`
SHA256	`c3892bafc88e7d161d5446059f9ef465ae8fd835357fad31190eb58bd09170b3`
SHA3	`2949f152e2ec2a3499e35dad0dbc525a0d6bc7a7bb979970ade2e1a4647e71ba`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x50d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.25791`
MD5	`84da8dee6b319ea0b10b6de5489c6aae`
SHA1	`5f8991f3e065fd95614859a293f88b9c70e4bb23`
SHA256	`abf8f2022f12f350789d961aceaf9ccfd53e7ec58d8c9934cfce77779b4eac11`
SHA3	`08f0562915b54bedce5a84e9d32cb2efcc538268785103b1852338e20a3b4606`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Feb-28 10:43:36
Version	`0.0`
SizeofData	`816`
AddressOfRawData	`0x3e178`
PointerToRawData	`0x3cb78`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140042040`
GuardCFCheckFunctionPointer	`5368898744`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x8ea371bd`
Unmarked objects	`0`
C++ objects (33145)	`183`
C objects (33145)	`12`
ASM objects (33145)	`11`
253 (35207)	`3`
ASM objects (35207)	`9`
C objects (35207)	`17`
C++ objects (35207)	`40`
Imports (33145)	`11`
Total imports	`159`
C objects (35222)	`27`
Linker (35222)	`1`

Errors

Leave a comment

No comments yet.