Manalyze report for f17b77de0e9337d371c1159bc05ca35a8529f8e4f6fa093895ef7143e561fd08

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1970-Jan-01 00:00:00
Detected languages	English - United States
Comments	Shecan Desktop Client
CompanyName	shecan
FileDescription	shecan desktop client
LegalCopyright	Â© 2025, shecan
ProductName	shecan-desktop
ProductVersion	`v0.1.5`

Plugin Output

Suspicious	PEiD Signature:	`XWD graphics format` `HQR data file`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to security software: MSApp.exe` `Looks for Qemu presence: QEMU QEMu qeMu` `Miscellaneous malware strings: cmd.Exe cmd.exe` Contains domain names: --From.apk.bin.bmp.com -From.apk.bin.bmp.com -github.com .eq.github.com .eq.gitlab.shcn.ir .eq.golang.org .hash.golang.org .hash.net 1github.com 2github.com 4github.com 4gitlab.shcn.ir 5github.com 7gitlab.shcn.ir 9github.com Egithub.com From.apk.bin.bmp.com adobe.com apk.bin.bmp.com bin.bmp.com casedieresis.cn cases.info casetilde.cn check.shecan.ir commaaccentright.cn cyrillictail.cn cyrillictic.cn ddns.shecan.ir docs.microsoft.com eq.github.com eq.gitlab.shcn.ir eq.golang.org github.com gitlab.shcn.ir golang.org hamravesh.com hash.golang.org http://momentjs.com http://ns.adobe.com http://ns.adobe.com/xap/1.0/ http://ns.adobe.com/xap/1.0/mm/ http://ns.adobe.com/xap/1.0/sType/ResourceRef# http://scripts.sil.org http://scripts.sil.org/OFLThis http://scripts.sil.org/OFLhttps http://www.microsoft.com http://www.microsoft.com/typography/fonts/mattesontypographics.comMicrosoft http://www.w3.org http://www.w3.org/1998/Math/MathML http://www.w3.org/1999/02/22-rdf-syntax-ns# http://www.w3.org/1999/xhtml http://www.w3.org/1999/xlink http://www.w3.org/2000/svg http://www.w3.org/2000/svg'%3e%3cpath%20d http://www.w3.org/2000/svg'%3e%3crect%20width http://www.w3.org/2000/svg'%3e%3crect%20y http://www.w3.org/XML/1998/namespace https://check.shecan.ir https://check.shecan.ir/?$ https://ddns.shecan.ir https://ddns.shecan.ir/show?password https://ddns.shecan.ir/update?password https://ddns.shecan.ir/updateGetVolumeInformationByHandleWsync.WaitGroup.Wait https://docs.microsoft.com https://docs.microsoft.com/typography/aboutWeightWidthOptical https://docs.sentry.io https://docs.sentry.io/product/releases/.http2 https://github.com https://go.dev https://ip.shecan.ir https://ip.shecan.ir/ https://my.shecan.ir https://my.shecan.ir/attachments/download/$ https://my.shecan.ir/my/page https://my.shecan.ir/new-dashboard/order https://my.shecan.ir/new-dashboard/order/$ https://my.shecan.ir/uploads.json https://reactjs.org https://reactrouter.com https://rsms.me https://shecan.ir https://tailwindcss.com https://v3.wails.io https://v3.wails.io/ https://v3.wails.io/feedback/ https://v3.wails.io/learn/build/#using-a-browser-for-development\n https://wails.ioremoving ip.shecan.ir koronisaccentleft.cn microsoft.com momentjs.com my.shecan.ir ns.adobe.com reactjs.org reactrouter.com scripts.sil.org sentry.hamravesh.com shecan.ir style.top tailwindcss.com textArea.style.top tildecross.cn value2.top vgithub.com www.microsoft.com www.w3.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES`
Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata` `Unusual section name found: .symtab`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Functions which can be used for anti-debugging purposes: SwitchToThread`
Malicious	VirusTotal score: 3/65 (Scanned on 2026-06-06 04:03:21)	`Bkav: W32.Malware.F335971E` `CrowdStrike: win/malicious_confidence_70% (D)` `Trapmine: malicious.moderate.ml.score`

Hashes

MD5	`d2ca6293c36bdb5075f37ba5bf7d069d`
SHA1	`96a895a403e174c1bd47b1dd1fb2460252665ed2`
SHA256	`f17b77de0e9337d371c1159bc05ca35a8529f8e4f6fa093895ef7143e561fd08`
SHA3	`6c8cc8dc2bd9b2b09fef0233b576f8883a6800ef10e6d38c042c3eec1702a126`
SSDeep	`98304:h0Fj8SLh1qQwMakQL5wHgSaQ3jzZ1oZDFNM+Qi8xtE:SSS1UD5ogSTZwDcg`
Imports Hash	`ed8b780a3ce7ca4aba78a21f6bc3d4e0`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0x8b`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`9`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0x167c200`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`3.0`
SizeOfCode	`0x538600`
SizeOfInitializedData	`0xa9c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000008CAA0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.1`
ImageVersion	`1.0`
SubsystemVersion	`6.1`
Win32VersionValue	`0`
SizeOfImage	`0x36ea000`
SizeOfHeaders	`0x600`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`ba348d568f7a7dded7339b95b81bc6d2`
SHA1	`40af0ed65569005e2757a516591db79c3caa3499`
SHA256	`f18cb4d08bd85a67b2fc66c75d0c85ff21a241820ae41c6ba2794b450329034f`
SHA3	`3dc7899bc958eedb6df0c5c0d38af9fb434d2969d560c0ee1bf1f180c49a4ba0`
VirtualSize	`0x5385f1`
VirtualAddress	`0x1000`
SizeOfRawData	`0x538600`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.18211`

.rdata

MD5	`96ed4819b7face8c571633f25bc00d32`
SHA1	`d2e29276f2bec20a8aa3a7acea0b19e2de146ea4`
SHA256	`5d03e46d3edd6d776741b7c462659dc4bcf884751103ad0caf6ebf4389a4a3fd`
SHA3	`9e095349dd0bc1993ac3146a479782c5dc867b389217b2c1ec9dbac31139b14c`
VirtualSize	`0x1054ef8`
VirtualAddress	`0x53a000`
SizeOfRawData	`0x1055000`
PointerToRawData	`0x538c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.62814`

.data

MD5	`9e76c531b5090ab5c59c234a5b842d12`
SHA1	`322b65cca56c7ad784d4bdd5ac51b1bdf98da132`
SHA256	`b912150311039427039a00f6afc385e5626b34a1f4ac051115f5101cadce39c3`
SHA3	`7b15409587a73dd77c0fbc83f7092ca6eac4cbef09a60ad98220df4853e139df`
VirtualSize	`0x2103160`
VirtualAddress	`0x158f000`
SizeOfRawData	`0xa9c00`
PointerToRawData	`0x158dc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.76207`

.pdata

MD5	`1aef43e9918e4e6194468b88c0770840`
SHA1	`54ed8f186cd313d519da13f3043fbbf7238bee7c`
SHA256	`1a50507b63ad13103595a53ff5a47a16583d2094866ef4ef8f086c5fa1b3550c`
SHA3	`8d6befe884133cf29554328c7db089c79b8dc13ba50601632f35b32f78cc01fe`
VirtualSize	`0x25af4`
VirtualAddress	`0x3693000`
SizeOfRawData	`0x25c00`
PointerToRawData	`0x1637800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.84414`

.xdata

MD5	`3557d808f818bf3135bd9ab30300ea56`
SHA1	`535b79510482ab1cceeddec1eb36777f7a11629e`
SHA256	`bb08184a3b369c26735ac7b7e36a6902dbe516196cf71883746985dfcf2aaebf`
SHA3	`83da8c2d009f01a5774ef3f9c14151f3d844608c58aabb5dd9bc76928a14a81a`
VirtualSize	`0xb4`
VirtualAddress	`0x36b9000`
SizeOfRawData	`0x200`
PointerToRawData	`0x165d400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.78711`

.idata

MD5	`6023c77e16db6300d3bba1776f3b5e7c`
SHA1	`b2fc139f4d50285027642595f23fdf4a0a86a0db`
SHA256	`c1e07ca3a00b6a2d665243fd648eb02589d6f4e3b3bb7f3e3848031173f6388c`
SHA3	`9b990819b263a0d572be6dd7a6c2ae9adea825ebc0699f1e05ede037544ce3ea`
VirtualSize	`0x57c`
VirtualAddress	`0x36ba000`
SizeOfRawData	`0x600`
PointerToRawData	`0x165d600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.31183`

.reloc

MD5	`6328355771f73247ed0b36c77ec4d7b3`
SHA1	`1a0fb2d102f3d85216cfb64c8c9a83a718bd41ef`
SHA256	`3bf02e973f6d2f3d779b819bf4d373e4bddaa6692aad6bc70a94d3aea43d15c2`
SHA3	`401a672234ebd23cec2ed9aa565029361babd877ab8972d781ea1e5f2aae1092`
VirtualSize	`0x1e4d8`
VirtualAddress	`0x36bb000`
SizeOfRawData	`0x1e600`
PointerToRawData	`0x165dc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.43848`

.symtab

MD5	`07b5472d347d42780469fb2654b7fc54`
SHA1	`943ae54f4818e52409fbbaf60ffd71318d966b0d`
SHA256	`3e67f4a7d14b832ff2a2433e9cf0f6f5720821f67148a87c0ee2595a20c96c68`
SHA3	`a70a3e18515c06557b62676f2a8eb6d7d41962d8c9c7c49f4641c429cc65b977`
VirtualSize	`0x4`
VirtualAddress	`0x36da000`
SizeOfRawData	`0x200`
PointerToRawData	`0x167c200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0203931`

.rsrc

MD5	`d3e7c999bf1d3ac8ed58274ca7d78c4e`
SHA1	`ac7039e00eff2b65157545794a22aeb859b1269a`
SHA256	`b1f0b42f22c3079e9233be1f65fcc34e6ca624bd4e97319b61a312df85336439`
SHA3	`af094f75f634b4d8ca21fa3dd88bcbf0a7fab61402e32d480f7110ff8d107da3`
VirtualSize	`0xe770`
VirtualAddress	`0x36db000`
SizeOfRawData	`0xe800`
PointerToRawData	`0x167c400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.94671`

Imports

kernel32.dll	`GetProcAddress` `LoadLibraryExW` `WriteFile` `WriteConsoleW` `WerSetFlags` `WerGetFlags` `WaitForMultipleObjects` `WaitForSingleObject` `VirtualQuery` `VirtualFree` `VirtualAlloc` `TlsAlloc` `SwitchToThread` `SuspendThread` `SetWaitableTimer` `SetProcessPriorityBoost` `SetEvent` `SetErrorMode` `SetConsoleCtrlHandler` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `ResumeThread` `RaiseFailFastException` `QueryPerformanceCounter` `PostQueuedCompletionStatus` `LoadLibraryExW` `SetThreadContext` `GetThreadContext` `GetSystemInfo` `GetSystemDirectoryA` `GetStdHandle` `GetQueuedCompletionStatusEx` `GetProcessAffinityMask` `GetProcAddress` `GetErrorMode` `GetEnvironmentStringsW` `GetCurrentThreadId` `GetConsoleMode` `FreeEnvironmentStringsW` `ExitProcess` `DuplicateHandle` `CreateWaitableTimerExW` `CreateThread` `CreateIoCompletionPort` `CreateEventA` `CloseHandle` `AddVectoredExceptionHandler` `AddVectoredContinueHandler`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x955f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98423`
Detected Filetype	PNG graphic file
MD5	`5fad4541d90e8f5d1465aa23989aa55d`
SHA1	`64f36155e7ea20a680e9f15d80830a7b02429756`
SHA256	`c6b6cca14036aa883f49226e091c56a4cc95c70907d7dfbe94e8380707fdc720`
SHA3	`7809c46d025aed185b91af5caf768d2361056e27d7395050018a2f0568db22d7`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2145`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.96475`
Detected Filetype	PNG graphic file
MD5	`adb504ff89fe585e1abb226f2d071e0f`
SHA1	`2a957ca07fe8f8e0da9b3bf6c1e744f625100a87`
SHA256	`9c3aeda28600250353a6ea3a4a1bd300f709682ac6aa6a063cde92d257419b43`
SHA3	`34639ec4e89c93fd7d6694bda03c8df514d7b936db1aacc9befcf39d08800294`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1130`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.93144`
Detected Filetype	PNG graphic file
MD5	`0a1ad00b090ed7fa6acdf46c9df7ce02`
SHA1	`8346f43caf50470f1e73789e05d993a1bfe5f2f6`
SHA256	`0897c78dd6680ac5dc032f14e06161a6ae4a08ef09d1167dd61d209a9649620d`
SHA3	`639764641dd10ce92c9bbc5f7908d86b3e8040db3b33eb448a567870f288e14d`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xbb6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.91426`
Detected Filetype	PNG graphic file
MD5	`6619faa68c27c7ed83a41e9d83ca6bee`
SHA1	`17b7055962d92f80aaf84a85c94b26ee9a68a696`
SHA256	`18b706ba22e330e4e12dd94fef62b827645d7e277f2304dde42c0103937b2298`
SHA3	`e17371dd8a7007e577e1476d40c1da85a3a24e86adcf94ff3abe694da16f40c7`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x697`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.86446`
Detected Filetype	PNG graphic file
MD5	`ce221e7d9798c7e4a8b39dd913b70ff5`
SHA1	`6056322f688adce303748233a7c3bd1ef8c1005d`
SHA256	`294c367ccaea5ac8716f9b64546d11905b2e0746b4e1a0647c45631505e45726`
SHA3	`b26f6c835443bb0b783d4c649d327ddae468ed9f5dc0b481939388e5665f61e1`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2b9`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.59741`
Detected Filetype	PNG graphic file
MD5	`7c6a34362d4f54f6885734a686deb005`
SHA1	`3dda1084ec212c22323a81eccbf183d0db0c147b`
SHA256	`54c22fea29cc636ddc5137cf98afe50eb575230a7882570b01a479e82b61218f`
SHA3	`ac38d95eb042394822419375f404d96be1d5699a211ae75f26b1011a39f00493`

3 (#2)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.55548`
Detected Filetype	Icon file
MD5	`d55ad96017b8d6a70b3bfed4a2e96495`
SHA1	`685320af503723463d8313cd907793cee3cd4a64`
SHA256	`42950e16c241adab43793443389dacf3ff9e148a846045f78821c04f19a801ee`
SHA3	`f5602f74704eb784a94959d70481f3930f2d8a97933c3aa609f7f7982882f32e`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.25469`
MD5	`4f57df084620b5dbad814b4e03aaa13b`
SHA1	`351cec1d429f2407c0411e048f697a7cbd697c22`
SHA256	`095903ab75e461d61b8fbcb9561436782628362658a8756e865c28547b441fac`
SHA3	`657f43b904470cd96788df2e02d5cbd748ba536cec26f0e0697198be222009a3`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.22465`
MD5	`8d1cd064801999ce0a008aa78d218510`
SHA1	`79116bc98897c8cd3525e5979f7d0cd113e80e27`
SHA256	`3086d363efd417ad744f3a23c19b44407a8670b2d93fa9e59a8bbcb77a91593d`
SHA3	`cdb670344442f7a79d6036d5a15d77ca661eaec536509af3f929606f9ecde518`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.0.0.0
ProductVersion	0.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	Shecan Desktop Client
CompanyName	shecan
FileDescription	shecan desktop client
LegalCopyright	Â© 2025, shecan
ProductName	shecan-desktop
ProductVersion (#2)	v0.1.5

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.