Manalyze report for ee66c9c3f7d721efe057bbb6d0f9d3457a1a35b47444004ba9e0acdfd0c01a4d

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Dec-09 19:32:28
Detected languages	English - United States
Comments	HTTP Downloader is made free under the GPLv3 license.
FileDescription	HTTP Downloader
FileVersion	`1, 0, 6, 9`
InternalName	HTTP Downloader
LegalCopyright	Copyright Â© 2015-2025 Eric Kutcher
OriginalFilename	HTTP_Downloader.exe
ProductName	HTTP Downloader
ProductVersion	`1, 0, 6, 9`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: example.com githubusercontent.com https://erickutcher.github.io https://erickutcher.github.io/#HTTP_Downloader https://raw.githubusercontent.com https://raw.githubusercontent.com/erickutcher/httpdownloader/master/HTTP_Downloader/changelog.txt https://raw.githubusercontent.com/erickutcher/httpdownloader/master/HTTP_Downloader/version.txt raw.githubusercontent.com`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryW` `Functions which can be used for anti-debugging purposes: FindWindowW` `Can take screenshots: GetDC FindWindowW` `Reads the contents of the clipboard: GetClipboardData` `Can shut the system down or lock the screen: ExitWindowsEx LockWorkStation`
Suspicious	VirusTotal score: 1/69 (Scanned on 2026-06-29 17:05:52)	`APEX: Malicious`

Hashes

MD5	`ada230a9051e973c83b825df6dadefaa`
SHA1	`62c59bdbb2b46345d0b8ee4613b493528022a5f0`
SHA256	`ee66c9c3f7d721efe057bbb6d0f9d3457a1a35b47444004ba9e0acdfd0c01a4d`
SHA3	`ad73c8dfd4a001e24f244ac5b3cf2c3aa0c71e075c986102e99e8e7375ca5b0c`
SSDeep	`12288:wgv2xvskKzGg8cYoY9F+vXUIkRn3x4/D5E9WDQP2NFWG6wfvIknvw:wgwIvkIkRn3x8IOlbvI3`
Imports Hash	`50a6bdefb802cc66066324cfd30ca860`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2025-Dec-09 19:32:28
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`9.0`
SizeOfCode	`0x8b600`
SizeOfInitializedData	`0x13000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000002F108 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0xa7000`
SizeOfHeaders	`0x400`
Checksum	`0xa59da`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`fa5b3406a94bff1666cb63bafb073553`
SHA1	`0ad8da41a1c779317a245f1a4283bd9a0ffe60d5`
SHA256	`862374872d1cd6208d39d8bf3bd6799da1b4332baadd6fa8a979f206e9111628`
SHA3	`c32dd7ca096d137d8b18585f6ede8063c00b6ef17c00c01a2f9779a189d9531a`
VirtualSize	`0x8b5f8`
VirtualAddress	`0x1000`
SizeOfRawData	`0x8b600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.3097`

.rdata

MD5	`0a2263ac51d952855714d5bda44cfebd`
SHA1	`f709746333dd64cd5f885f0674f908b901a1a411`
SHA256	`2469cd1b0a80442519d7369b4d250b1333003c3ef286e81008122163b169eba7`
SHA3	`4cc80e38e5790064969efc17dab11024ed8d8f3ce4b615f861688cc179632173`
VirtualSize	`0xb944`
VirtualAddress	`0x8d000`
SizeOfRawData	`0xba00`
PointerToRawData	`0x8ba00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.38945`

.data

MD5	`a601f0488df0604b3003a955cbebf9c7`
SHA1	`6a8b5552c32df99de0d2c44601eafb1e739aefef`
SHA256	`639d83525e601618bc7692ca39c3c9cb03b5868d0724f0fdf84335afa799da12`
SHA3	`dfd22235417a7437ce341f45846c0ceea204f24fcca656bfac8067a2f5a22b05`
VirtualSize	`0x7de4`
VirtualAddress	`0x99000`
SizeOfRawData	`0x2800`
PointerToRawData	`0x97400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.05225`

.pdata

MD5	`ea0e50c25e9f6fcff46de12f95d5faae`
SHA1	`e9ddcf9bf18e8c970e08374f62ab7fcc4658af7b`
SHA256	`6d3abd9f823446005ce9c6ce53071d57c59a4848f74e8d38b75fe0963e8ca47e`
SHA3	`b45d6f14094c452274dd5d6f35dde4e795498534d44d7d8a06dce34acd2a75c2`
VirtualSize	`0x1434`
VirtualAddress	`0xa1000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x99c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.378`

.rsrc

MD5	`3b5a8f618f3ce460d05bc20b83651dd1`
SHA1	`08f37e6ab5134fe339794a3e0712d4d6b1a724a3`
SHA256	`64bc05ed616a3c6baa3db2584dbe32c654a049607076b24dfad7131afb719e83`
SHA3	`fb36c8e44c0091bdbf1e2d5b95497d10c78fdadc5e4671dc90efb1e89d625986`
VirtualSize	`0x2a34`
VirtualAddress	`0xa3000`
SizeOfRawData	`0x2c00`
PointerToRawData	`0x9b200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.7355`

.reloc

MD5	`cbc6a547d57a9c406216615c8fba469f`
SHA1	`a5d6135bf325eb4af6411e06535cd7a7ca373791`
SHA256	`b6815b00636c8210ea648ea6fcb4e42533aae406966857f32ff2c469938a415f`
SHA3	`88e76cee4914229b05b2c2fefe4b2199fde499bca737205aacbfb82db85529cb`
VirtualSize	`0xb9e`
VirtualAddress	`0xa6000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x9de00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.15788`

Imports

KERNEL32.dll	`GlobalAlloc` `GlobalFree` `lstrcmpW` `CloseHandle` `UnlockFileEx` `SetEndOfFile` `WriteFile` `lstrlenW` `LockFileEx` `CreateFileW` `Sleep` `GetLastError` `ExitThread` `LeaveCriticalSection` `ReleaseSemaphore` `EnterCriticalSection` `SetFilePointer` `CreateDirectoryW` `GetFileAttributesW` `GetProcAddress` `GetFileSize` `ReadFile` `MulDiv` `CreateThread` `PostQueuedCompletionStatus` `TryEnterCriticalSection` `WaitForSingleObject` `WideCharToMultiByte` `CreateSemaphoreW` `InitializeCriticalSection` `CreateIoCompletionPort` `MultiByteToWideChar` `lstrcmpiW` `GlobalReAlloc` `DeleteCriticalSection` `lstrlenA` `GetSystemTimeAsFileTime` `SystemTimeToFileTime` `GetLocalTime` `MoveFileWithProgressW` `DeleteFileW` `DeviceIoControl` `GetQueuedCompletionStatus` `WaitForMultipleObjects` `SetThreadPriority` `GlobalUnlock` `GlobalSize` `GlobalLock` `FileTimeToSystemTime` `lstrcmpiA` `SetFileValidData` `SetFilePointerEx` `SetFileTime` `MoveFileW` `SetLastError` `FreeLibrary` `LoadLibraryW` `SetErrorMode` `lstrcpynW` `ExitProcess` `ReleaseMutex` `GetCurrentProcess` `CreateMutexW` `GetSystemInfo` `LocalFree` `GetCommandLineW` `GetModuleFileNameW` `GetModuleHandleW` `lstrcmpA` `GetTickCount` `VerifyVersionInfoW` `VerSetConditionMask` `SetThreadExecutionState`
USER32.dll	`ReleaseDC` `GetSysColor` `GetWindowDC` `GetWindowRect` `DefWindowProcW` `SetFocus` `TrackPopupMenu` `GetParent` `ClientToScreen` `TrackMouseEvent` `GetClientRect` `GetKeyState` `CallWindowProcW` `SendMessageW` `InsertMenuItemW` `CreatePopupMenu` `SetWindowLongPtrW` `GetWindowLongPtrW` `CreateWindowExW` `GetDlgCtrlID` `IsWindowVisible` `SendNotifyMessageW` `EndDeferWindowPos` `DeferWindowPos` `BeginDeferWindowPos` `DestroyWindow` `SetWindowPos` `GetMonitorInfoW` `MonitorFromWindow` `EnumChildWindows` `SetForegroundWindow` `ShowWindow` `SendMessageA` `EnableWindow` `DestroyIcon` `ScreenToClient` `SetLayeredWindowAttributes` `GetCursorPos` `CloseClipboard` `SetClipboardData` `EmptyClipboard` `OpenClipboard` `GetDC` `SystemParametersInfoW` `GetSystemMetrics` `ExitWindowsEx` `MessageBoxW` `GetMessageW` `DispatchMessageW` `TranslateMessage` `IsDialogMessageW` `RegisterClassExW` `LoadCursorW` `FindWindowW` `RegisterClipboardFormatW` `LoadImageW` `DestroyMenu` `SetMenuItemInfoW` `EnableMenuItem` `CreateMenu` `CheckMenuItem` `FlashWindow` `IsIconic` `InvalidateRect` `CreateIconIndirect` `FillRect` `GetIconInfo` `ReleaseCapture` `KillTimer` `SetScrollInfo` `GetScrollInfo` `SetTimer` `SetCapture` `EndPaint` `DrawIconEx` `BeginPaint` `GetDoubleClickTime` `DrawTextW` `GetClipboardData` `IsClipboardFormatAvailable` `GetSysColorBrush` `MapWindowPoints` `IsZoomed` `GetWindow` `GetFocus` `PostMessageW` `LockWorkStation` `OffsetRect` `MonitorFromRect` `RegisterWindowMessageW` `SetMenu` `PostQuitMessage` `SetCursor` `ScrollWindow` `SetScrollPos` `DrawFocusRect`

Delayed Imports

102

Type	`RT_BITMAP`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xe92`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.6051`
MD5	`2d6d6a54cc72a776191b0bda6ec61a8c`
SHA1	`c1e588ac525e1d9e61886f9e39e53a5fb4d6330c`
SHA256	`fa707ffe7031c27d15af0f4f3de15bfdf41155c5f5f526460f19fcfed713a710`
SHA3	`c3f5856aa796192a51f03a26417cfd2f9964c5cca0c9e200e51402e3ba86dbbf`
Preview

103

Type	`RT_BITMAP`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x892`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.50584`
MD5	`50248473b4ce77c5dd6e59358995e780`
SHA1	`997981393862cebd701f578088a46276f46e2aaa`
SHA256	`71252564207d281a75a1378bda4b56ca1548485e037fa5a10cc5cdffea88611a`
SHA3	`03f40b2c2049b539d8090382de2a0f1cbc9e30a86d295657775999261022403e`
Preview

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.02378`
MD5	`6390cac6ea8fd1ab7c9f7df395543a92`
SHA1	`5e6b069425f9f7615f859afb015c32958f5b779a`
SHA256	`8f732d777f0cac37b7b76890ceec2a4717aea63a1a22b7e930bc28fc74cfea8a`
SHA3	`803cedccb17e47ad0b3a543d8e08e5f1224da453aa6f3523589b8a3cd0e81aed`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.73779`
MD5	`72af65167e6d173a92244147700d25b8`
SHA1	`694637ee1499a8e23082600877580005e1a64323`
SHA256	`48b9d813a23a4ef317b159863adaddd55372f3547fc0444a36b2c34663be704a`
SHA3	`c42a94df0e59411c23e220913041706929ed0cfb02d63f19cd08658029e55bbb`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.39605`
MD5	`60ad59f63cc9768cd25ce58acb562b9d`
SHA1	`49792d93fb103bb093e1371731fc07b7b4aed932`
SHA256	`fb8aa688a8c462ff7f37dbe18faa3e91b953fb94675a8a6bdc4c125eb1acfeee`
SHA3	`ef6c20907f76fc6d493f0042394cdf4d81a201ed978cc67077f018ef08531047`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.37086`
Detected Filetype	Icon file
MD5	`c1c122f0803bda39a0a478b7f6f75954`
SHA1	`69dc2bcb5214afae0d924867d59ece9c0c0f1f64`
SHA256	`62b460dcfdda934b386205e7f4a16da00a73c2ca7f4ea9a396fb25537fb33b76`
SHA3	`ffeff2838ef20f5e9b000b10f6538617dbf201bb6d23fa2831e24c8652fc93c5`

104

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.02322`
Detected Filetype	Icon file
MD5	`60f05e3b8ea9e18928923bdbcc112277`
SHA1	`d97726a6e9c326a37507f879feca7e152157839c`
SHA256	`7698ef362b288a7e3b96304ca50814b42518cba38598db9dbb36d8b90212d76a`
SHA3	`390fd88c6012552aecc7f109e733a1bf00339b8b3758127752832484c9f13ce6`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x358`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.47278`
MD5	`36299bd90786d24b59e4949e89cda8f2`
SHA1	`9439d26437057aca67dcf6a15d343311647c5b22`
SHA256	`bfa9d88efc0c48b9ddb32056eb7e423cd1a833b150100a4b7e791a329b4d5a7c`
SHA3	`551a3c44f185a714ce936ee40a4ad765dbfafb5b5f1d819e8c71a4e6a19f0c6a`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x80b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.15656`
MD5	`e864b6a55decf3b6b52548d5a3dbdcba`
SHA1	`52d8fc8842cfd3e8655180cc7f2459c0a8392fbf`
SHA256	`55886f85a6fe5b399d436e1bf97515762da8b8c3964d16f7ed4d9bce6dff312d`
SHA3	`847ddce253bb24c5d222e54bc2d8587135f046e43fc209a2ca8d27edadf4093a`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.6.9
ProductVersion	1.0.6.9
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
Comments	HTTP Downloader is made free under the GPLv3 license.
FileDescription	HTTP Downloader
FileVersion (#2)	1, 0, 6, 9
InternalName	HTTP Downloader
LegalCopyright	Copyright Â© 2015-2025 Eric Kutcher
OriginalFilename	HTTP_Downloader.exe
ProductName	HTTP Downloader
ProductVersion (#2)	1, 0, 6, 9

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x9c980558`
Unmarked objects	`0`
Imports (VS2012 build 50727 / VS2005 build 50727)	`5`
Total imports	`169`
C++ objects (VS2008 SP1 build 30729)	`64`
Linker (VS2008 build 21022)	`1`
Resource objects (VS2008 SP1 build 30729)	`1`

Errors

Leave a comment

No comments yet.