Manalyze report for ef76e0c19f991c1b996ca34e845659368090c0dc458a4cf353d0717e6f0c7369

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-Apr-14 19:41:58
TLS Callbacks	1 callback(s) detected.
Debug artifacts	rxing_cli.pdb

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Info	Interesting strings found in the binary:	Contains domain names: github.com http://www.w3.or http://www.w3.org http://www.w3.org/1999/xlinkhref http://www.w3.org/2000/svgbaselineltrinlinevisibleblack041startnormallr-tbhttp http://www.w3.org/TR/SVG11/feature#BasicCliphttp http://www.w3.org/TR/SVG11/feature#BasicFilterhttp http://www.w3.org/TR/SVG11/feature#BasicGraphicsAttributehttp http://www.w3.org/TR/SVG11/feature#BasicPaintAttributehttp http://www.w3.org/TR/SVG11/feature#BasicStructurehttp http://www.w3.org/TR/SVG11/feature#BasicTexthttp http://www.w3.org/TR/SVG11/feature#Cliphttp http://www.w3.org/TR/SVG11/feature#ConditionalProcessinghttp http://www.w3.org/TR/SVG11/feature#ContainerAttributehttp http://www.w3.org/TR/SVG11/feature#CoreAttributehttp http://www.w3.org/TR/SVG11/feature#Filterhttp http://www.w3.org/TR/SVG11/feature#Gradienthttp http://www.w3.org/TR/SVG11/feature#GraphicsAttributehttp http://www.w3.org/TR/SVG11/feature#Imagehttp http://www.w3.org/TR/SVG11/feature#Markerhttp http://www.w3.org/TR/SVG11/feature#Maskhttp http://www.w3.org/TR/SVG11/feature#OpacityAttributehttp http://www.w3.org/TR/SVG11/feature#PaintAttributehttp http://www.w3.org/TR/SVG11/feature#Patternhttp http://www.w3.org/TR/SVG11/feature#SVG-statichttp http://www.w3.org/TR/SVG11/feature#SVGDOM-statichttp http://www.w3.org/TR/SVG11/feature#Shapehttp http://www.w3.org/TR/SVG11/feature#Structurehttp http://www.w3.org/TR/SVG11/feature#Stylehttp http://www.w3.org/TR/SVG11/feature#Texthttp http://www.w3.org/TR/SVG11/feature#XlinkAttributeC http://www.w3.org/XML/1998/namespace&C https://github.com www.w3.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Uses Windows's Native API: NtWriteFile NtReadFile`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`3b6f295a0d169dd5dc6b72ae0861ee04`
SHA1	`0d94f79a1f186a8871a6de08d224ee268c6c05ba`
SHA256	`ef76e0c19f991c1b996ca34e845659368090c0dc458a4cf353d0717e6f0c7369`
SHA3	`fbd78e04a90d3055683733c92fa6a57cf74d36d4451d057a28bd72292b971c11`
SSDeep	`98304:X0KuNJ7aG4d/b79/ysJ03SUJVZOrPOQGKkPhWwt1eKw1rRY6U5:Pt79P0beKw1re`
Imports Hash	`14b2fe36875e0477e9ad7516581853b8`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`5`
TimeDateStamp	2026-Apr-14 19:41:58
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x7f2200`
SizeOfInitializedData	`0x3eae00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000793D5C (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xbe0000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a52c5feb95b32c23642ead5fa07ea5f4`
SHA1	`e9e5b923a42dec1734c9e6156e42c6a9039a148d`
SHA256	`a764fcd84ecf9c34741f0bdc68c09f16f03c1f4b4e35bbb6df82aed10317338f`
SHA3	`0f864ee1b6433096e9b90366c515eec50449d92d87dde5838187f1617da5fc98`
VirtualSize	`0x7f21d4`
VirtualAddress	`0x1000`
SizeOfRawData	`0x7f2200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.33622`

.rdata

MD5	`32e9200c75a6b38f34560de79fe4063e`
SHA1	`1c57781e8969acc9983508febbf64de8bf7a7af4`
SHA256	`e35eb6922ef1d6096ca014aa45b64780f16ac78330846e9247b3ce473a384726`
SHA3	`4e195b19958c18f4dccb86229ad4a0113fa421e1d5eee0618fdc5a3f11f14b4e`
VirtualSize	`0x3a6d42`
VirtualAddress	`0x7f4000`
SizeOfRawData	`0x3a6e00`
PointerToRawData	`0x7f2600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.01302`

.data

MD5	`957ecc19fb4b9574f216da2559585daf`
SHA1	`863edb9ee1c7eb7928555759e4eb6592e9292349`
SHA256	`dadbdb83f5ce4ec8efbfad1da9ef2206d8ebf93793ab4bf439b139d26658235d`
SHA3	`e60214df41fc75cda3a152e47438d176e3178ae9cf6191fb5d4eeef001d3a229`
VirtualSize	`0xe90`
VirtualAddress	`0xb9b000`
SizeOfRawData	`0xe00`
PointerToRawData	`0xb99400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.05149`

.pdata

MD5	`3fbbfa1a0a5a0e7542509bea245da102`
SHA1	`f10154fc9d98491031b6eea2ec6b64c37a4e3541`
SHA256	`36d620b507d2137fbbb512d98728e64b49b3d0ea6500d4c707eea5580d995677`
SHA3	`bbc36f9f485e0da2de539b16be849a261ed4171e3cc0419db342fe20a9ebae98`
VirtualSize	`0x2c250`
VirtualAddress	`0xb9c000`
SizeOfRawData	`0x2c400`
PointerToRawData	`0xb9a200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.48851`

.reloc

MD5	`6866424e4ac31c75fef43bbb22a87f44`
SHA1	`689e1330faa595980a03d1cbdcee961c244a2b36`
SHA256	`78a4b839a5e98239e176812ac0783daa05f66bcdf20e6d46e9c6a813913a92ea`
SHA3	`c713366cd53fe6ba85e70847255377bbd0531e364a4b2a7e54f9960a27db8407`
VirtualSize	`0x16bec`
VirtualAddress	`0xbc9000`
SizeOfRawData	`0x16c00`
PointerToRawData	`0xbc6600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.46902`

Imports

kernel32.dll	`GetStdHandle` `CloseHandle` `GetConsoleMode` `WriteConsoleW` `GetConsoleOutputCP` `GetLastError` `SetConsoleMode` `GetConsoleScreenBufferInfo` `SetConsoleTextAttribute` `SetLastError`
ntdll.dll	`NtWriteFile` `RtlNtStatusToDosError` `NtReadFile`
bcryptprimitives.dll	`ProcessPrng`
api-ms-win-core-synch-l1-2-0.dll	`WakeByAddressSingle` `WaitOnAddress` `WakeByAddressAll`
KERNEL32.dll	`IsProcessorFeaturePresent` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `IsDebuggerPresent` `InitializeSListHead` `GetSystemTimeAsFileTime` `QueryPerformanceCounter` `GetFileType` `GetModuleHandleA` `FormatMessageW` `GetModuleHandleW` `GetFileInformationByHandleEx` `GetFileInformationByHandle` `SetFileInformationByHandle` `SetFileTime` `CreateFileW` `FindClose` `ExitProcess` `GetProcessHeap` `HeapFree` `HeapReAlloc` `GetCommandLineW` `GetModuleFileNameW` `AddVectoredExceptionHandler` `SetThreadStackGuarantee` `GetCurrentThread` `GetSystemTimePreciseAsFileTime` `GetSystemInfo` `CreateThread` `SwitchToThread` `SetFilePointerEx` `WaitForSingleObject` `GetCurrentThreadId` `GetCurrentDirectoryW` `RtlCaptureContext` `RtlLookupFunctionEntry` `WaitForSingleObjectEx` `LoadLibraryA` `GetProcAddress` `GetCurrentProcess` `lstrlenW` `GetCurrentProcessId` `CreateMutexA` `ReleaseMutex` `RtlVirtualUnwind` `WideCharToMultiByte` `MultiByteToWideChar` `HeapAlloc` `GetEnvironmentVariableW` `GetFullPathNameW` `FindFirstFileExW` `QueryPerformanceFrequency`
VCRUNTIME140.dll	`__CxxFrameHandler3` `memcmp` `memmove` `memset` `memcpy` `__C_specific_handler` `__current_exception` `__current_exception_context` `_CxxThrowException`
api-ms-win-crt-math-l1-1-0.dll	`fmodf` `acosf` `acos` `atan2f` `__setusermatherr` `round` `roundf` `fmod` `sin` `cos` `atan2` `ceil` `log2` `exp` `pow` `fmaf` `fma` `floorf` `ceilf` `cosf` `sinf` `floor` `powf` `_hypotf` `log2f` `truncf` `exp2f` `tan`
api-ms-win-crt-runtime-l1-1-0.dll	`_initialize_onexit_table` `_register_onexit_function` `_c_exit` `_seh_filter_exe` `_set_app_type` `terminate` `_configure_narrow_argv` `_initialize_narrow_environment` `_get_initial_narrow_environment` `_initterm` `_initterm_e` `exit` `_exit` `__p___argc` `__p___argv` `_cexit` `_crt_atexit` `_register_thread_local_exe_atexit_callback`
api-ms-win-crt-stdio-l1-1-0.dll	`_set_fmode` `__p__commode`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-heap-l1-1-0.dll	`free` `_set_new_mode`

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Apr-14 19:41:58
Version	`0.0`
SizeofData	`38`
AddressOfRawData	`0xaebe6c`
PointerToRawData	`0xaea46c`
Referenced File	rxing_cli.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Apr-14 19:41:58
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0xaebe94`
PointerToRawData	`0xaea494`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Apr-14 19:41:58
Version	`0.0`
SizeofData	`816`
AddressOfRawData	`0xaebea8`
PointerToRawData	`0xaea4a8`

TLS Callbacks

StartAddressOfRawData	`0x140aec1f8`
EndAddressOfRawData	`0x140aec2d0`
AddressOfIndex	`0x140b9bdf8`
AddressOfCallbacks	`0x1407f44d8`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`0x00000001406D1BA0`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140b9bc40`

RICH Header

XOR Key	`0xb93679ef`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`10`
Imports (35207)	`2`
ASM objects (35207)	`3`
C objects (35207)	`9`
C++ objects (35207)	`23`
Imports (33140)	`3`
Total imports	`134`
Unmarked objects (#2)	`13`
Linker (35209)	`1`

Errors

Leave a comment

No comments yet.