Manalyze report for f66b293ad5afa49c2bd8b58bdc18d453

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Jul-18 06:52:43
Detected languages	English - United States
CompanyName	Alexander Blade
FileDescription	RDR 2 *.asi plugin loader
FileVersion	`1.0.0.2`
InternalName	asiloader.dll
LegalCopyright	(C) Alexander Blade 2019-2021
OriginalFilename	asiloader.dll
ProductName	RDR 2 Asi loader
ProductVersion	`1.0.0.2`

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryExW`
Suspicious	VirusTotal score: 2/72 (Scanned on 2026-02-15 16:25:26)	`APEX: Malicious` `Cynet: Malicious (score: 100)`

Hashes

MD5	`f66b293ad5afa49c2bd8b58bdc18d453`
SHA1	`a64ba484761f06adc1494863949589a6e552fe4b`
SHA256	`956fb3765572d00f6c08bcae11e9856a00a68107464a87b6ccc6c1ffed46b88a`
SHA3	`5f622557e939e28646dccbb9cb55a0e72ba5e326bc39484e63b59e6d49fa6e34`
SSDeep	`3072:uHcpVMabeR0iujTE/yhSWbAJgUSJYt9c+eJ+VPa2s:WcpVM7lQTE/ygWUmXysDJ+a2`
Imports Hash	`94effc1b893e3249b25978949218628c`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2021-Jul-18 06:52:43
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`12.0`
SizeOfCode	`0x12a00`
SizeOfInitializedData	`0xf600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000003814 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x25000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`5b44c06ba78a713b9b0db8a3a2c19166`
SHA1	`681695a32c0f1f1431c1b712ddc5ca60d8fac813`
SHA256	`ba967c25b836e3c863023b56cb5602ed11a649022d1086843307ca56cb458be7`
SHA3	`a1b4d35021c2243df92eedc9db0f7299bfafb52bc53e00e6b1764323a8d4f252`
VirtualSize	`0x1299f`
VirtualAddress	`0x1000`
SizeOfRawData	`0x12a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.47842`

.rdata

MD5	`5abf4b78b1dd4347cfe42864fc6fdd61`
SHA1	`3f52103d9f6143dd981eaa2371b6fdabfa25088c`
SHA256	`dbd96a23fa0b856bc6ee5cec9fa5786e84ccb694db894871bdedab6efc620723`
SHA3	`93aff50ec2c34a68a48d761bf2bf327c6f90aaa405714c93057b65bbf42870e2`
VirtualSize	`0x97aa`
VirtualAddress	`0x14000`
SizeOfRawData	`0x9800`
PointerToRawData	`0x12e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.23631`

.data

MD5	`e9819809a91bc6a2fb4cce491779273b`
SHA1	`b1966437632055731e2bc4b5c553478ef0c4e10d`
SHA256	`026eceb10becc8263ecb7b8e8a9fc4ff2d5bede94ddbd27a92b04b0cbfe27d5b`
SHA3	`b30271ef2a3b6f18a1773f1c20d10ad6651cace99d7750f14fe7f85aacb25e93`
VirtualSize	`0x3f88`
VirtualAddress	`0x1e000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0x1c600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.05695`

.pdata

MD5	`7608283d776f7f58d30a63401b6f5a4c`
SHA1	`603579fd905ca779b8e19f30b0664ddf89b5a592`
SHA256	`52c7e335190112850b1dd3f89e671119e1c807c871050e6f824ae333fa254ade`
SHA3	`b448eaaca4868ef07a782bbc30f3e832dc005dfbd9ade5bba8ecf004e5fee09c`
VirtualSize	`0xfb4`
VirtualAddress	`0x22000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x1e200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.93536`

.rsrc

MD5	`1ba4565e5a8aa4f52cc00b09d1441680`
SHA1	`9cf453a0d804ffc2e4e92505c6a5b6743e6281da`
SHA256	`1ff726dfd85582df0087931d9de5446e55bf89f5a35bc84970f91b1ce9da4fbe`
SHA3	`6067a577e4662208d7fa290c034389e036951c4918d5a11735a3298f962e8365`
VirtualSize	`0x520`
VirtualAddress	`0x23000`
SizeOfRawData	`0x600`
PointerToRawData	`0x1f200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.72504`

.reloc

MD5	`2c01d36d19db0272f658d5790a336594`
SHA1	`5d121c3a7f62dd546112a7291af675140539ba00`
SHA256	`736465cc312f5cb541eaa63162606537be636a793376ebabd4aed896d1b79c06`
SHA3	`f10e1138821b8406d17faab66be7304d706ac104c6c39868469110debc026922`
VirtualSize	`0x7f8`
VirtualAddress	`0x24000`
SizeOfRawData	`0x800`
PointerToRawData	`0x1f800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.37714`

Imports

KERNEL32.dll	`GetSystemDirectoryA` `GetProcAddress` `LoadLibraryA` `VirtualProtect` `OutputDebugStringA` `GetSystemTimeAsFileTime` `FindFirstFileA` `FindClose` `GetModuleFileNameA` `FindNextFileA` `GetModuleHandleA` `EncodePointer` `DecodePointer` `IsDebuggerPresent` `IsProcessorFeaturePresent` `GetCommandLineA` `GetCurrentThreadId` `EnterCriticalSection` `LeaveCriticalSection` `FlushFileBuffers` `GetLastError` `WriteFile` `WideCharToMultiByte` `GetConsoleCP` `GetConsoleMode` `DeleteCriticalSection` `RtlUnwindEx` `ExitProcess` `GetModuleHandleExW` `AreFileApisANSI` `MultiByteToWideChar` `HeapSize` `GetStdHandle` `GetFileType` `GetStartupInfoW` `HeapFree` `CloseHandle` `HeapAlloc` `RtlPcToFileHeader` `RaiseException` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `SetLastError` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `InitializeCriticalSectionAndSpinCount` `Sleep` `GetCurrentProcess` `TerminateProcess` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `GetModuleHandleW` `GetProcessHeap` `QueryPerformanceCounter` `GetCurrentProcessId` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetFilePointerEx` `SetStdHandle` `WriteConsoleW` `GetModuleFileNameW` `LoadLibraryExW` `HeapReAlloc` `LCMapStringW` `GetStringTypeW` `CreateFileW` `OutputDebugStringW` `SetEndOfFile` `ReadFile` `ReadConsoleW`

Delayed Imports

DirectInput8Create

Ordinal	`1`
Address	`0x1060`

DllCanUnloadNow

Ordinal	`2`
Address	`0x1080`

DllGetClassObject

Ordinal	`3`
Address	`0x10a0`

DllRegisterServer

Ordinal	`4`
Address	`0x10c0`

DllUnregisterServer

Ordinal	`5`
Address	`0x10e0`

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x300`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.37355`
MD5	`e2a5255a7f697929cf1c3ec0fbd6c34f`
SHA1	`d43c158e580059a030e4d3a21eebd3fad8ed101f`
SHA256	`857bc1099d5a8f550aab988a49b130540cbc991d6e4dae88f96e1ff94d3331b9`
SHA3	`3c448d1b31f1b613ca0f9e63dbb108fc69ad9717acab1ab4cadacff70e934f12`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.2
ProductVersion	1.0.0.2
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	Alexander Blade
FileDescription	RDR 2 *.asi plugin loader
FileVersion (#2)	1.0.0.2
InternalName	asiloader.dll
LegalCopyright	(C) Alexander Blade 2019-2021
OriginalFilename	asiloader.dll
ProductName	RDR 2 Asi loader
ProductVersion (#2)	1.0.0.2

Resource LangID	English - United States

TLS Callbacks

Load Configuration

Size	`0x70`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x18001e000`

RICH Header

XOR Key	`0x1bf2192`
Unmarked objects	`0`
C++ objects (20806)	`48`
C objects (20806)	`122`
ASM objects (20806)	`12`
Imports (65501)	`3`
Total imports	`91`
229 (VS2013 UPD3 build 30723)	`4`
Exports (VS2013 UPD3 build 30723)	`1`
Resource objects (VS2013 build 21005)	`1`
151	`1`
Linker (VS2013 UPD3 build 30723)	`1`

f66b293ad5afa49c2bd8b58bdc18d453

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

DirectInput8Create

DllCanUnloadNow

DllGetClassObject

DllRegisterServer

DllUnregisterServer

1

2

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors