Manalyze report for fda7026477256845afab371e354c4d512896665f1761939cb5887d0a9dec257a

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2025-Dec-05 17:28:01
Detected languages	English - United States
Debug artifacts	D:\a\1\b\bin\amd64\python.pdb
CompanyName	Python Software Foundation
FileDescription	Python
FileVersion	`3.14.2`
InternalName	Python Console
LegalCopyright	Copyright Â© 2001 Python Software Foundation. Copyright Â© 2000 BeOpen.com. Copyright Â© 1995-2001 CNRI. Copyright Â© 1991-1995 SMC.
OriginalFilename	python.exe
ProductName	Python
ProductVersion	`3.14.2`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 8.0` `MASM/TASM - sig1(h)`
Info	Interesting strings found in the binary:	`Contains domain names: BeOpen.com`
Suspicious	The PE is possibly a dropper.	`Resources amount for 75.316% of the executable.`
Info	The PE is digitally signed.	`Signer: Python Software Foundation` `Issuer: Microsoft ID Verified CS EOC CA 01`
Safe	VirusTotal score: 0/72 (Scanned on 2026-02-23 13:25:48)	`All the AVs think this file is safe.`

Hashes

MD5	`9bd26657353d7441a72f29ab43f1fd37`
SHA1	`62ac30b4c691f2f0a410d6f7d854fd40d533f5d2`
SHA256	`fda7026477256845afab371e354c4d512896665f1761939cb5887d0a9dec257a`
SHA3	`8798c8cada4e9a76a55696658e4ba551aab6e94fc4a98d51ae622ed0678b284f`
SSDeep	`1536:KiiuRbuEYE+9z2wp+FavGmhMn+IhzZtzY/zQRHycA89/fIbHev:KiiuRbuAs0FNmhMn+IhNq/zQRET`
Imports Hash	`a0fad384db41cc8b86fa51996bb88ac7`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2025-Dec-05 17:28:01
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x1000`
SizeOfInitializedData	`0x15a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000012A0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x1a000`
SizeOfHeaders	`0x400`
Checksum	`0x23705`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x2dc6c0`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`325d5ee3d716b1ac96b088f2aa8332ca`
SHA1	`2fd8fc142b89a4b5cf32c7281b16a013c5b887ba`
SHA256	`27d06871c43b079ce35d2facd2e5496ab3387a0bb4bd5aeaf30a06a8b1290415`
SHA3	`376a99c6d25e36a81111e878db9551a5734258e8b588f485567e4ba79906eed4`
VirtualSize	`0xe2c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.557`

.rdata

MD5	`7e2132f5da986d28cff62dfaeabe0d16`
SHA1	`d99fef8501e6fefcc060a95b15e6240469e326bb`
SHA256	`380081e9cf065d62adf16ffbb4e64b1e7e6baff067c4394851c185550b2d070a`
SHA3	`7495b864ba884a6253fb664264e163164d759530014fbfa75a6d3de2e1c53a36`
VirtualSize	`0xf66`
VirtualAddress	`0x2000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x1400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.14127`

.data

MD5	`85c2aebd011c5c1b37c1009def59c2b6`
SHA1	`e6f88330c0bc7698e3f5d77202242a6e10f6e321`
SHA256	`ab4f194dcbbaf38d8dca700fa10eee22d80c5463d8256b36eb72ed5f7126ba69`
SHA3	`a5818bd143f172ebe95ef85b8e270e51e0d1ae2330fd892938463b36527155ea`
VirtualSize	`0x680`
VirtualAddress	`0x3000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.53249`

.pdata

MD5	`6f75b10523096013c059f62f87de5d34`
SHA1	`e97c73b2ecfc688501f21bdb31456320eeafdd8a`
SHA256	`3a1fda1cd97200f513d7cd62fb13143bde0635beeeec68701763cad0d0bfdd40`
SHA3	`7216cf733333ddc12419dfc4c20b8ee1b8354ec23d6dbf2f8ab09161f9cd0934`
VirtualSize	`0x15c`
VirtualAddress	`0x4000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.80238`

.rsrc

MD5	`90d0f90f39ee1a15df799ce6326d3300`
SHA1	`08423a919c0cae56228fcd67f27d64641ff32acf`
SHA256	`36ca4acea2860cf5f772c364a3d218032d7e13f36254df7a96c3670cc418ff03`
SHA3	`906c534904dec1b2a3dada706eb5f7d9ba2d91b20aa55727ebaba7bb707a752a`
VirtualSize	`0x13c20`
VirtualAddress	`0x5000`
SizeOfRawData	`0x13e00`
PointerToRawData	`0x2800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.15128`

.reloc

MD5	`d6dca15ebdb817e5d0f6c827ff179d9c`
SHA1	`2cbbe7c3d04982757205551f66f1babca0054a1b`
SHA256	`3ffab0fa965d0070c42e0dad6cb0bee7651c0392160ba00fbb7297dab85eacc7`
SHA3	`eb77eea3f34b7b6a85fbf921d5983c9f3463bd69aa93b5b6b252cfa064ade1c0`
VirtualSize	`0x30`
VirtualAddress	`0x19000`
SizeOfRawData	`0x200`
PointerToRawData	`0x16600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.712298`

Imports

python314.dll	`Py_Main`
VCRUNTIME140.dll	`__C_specific_handler` `__current_exception` `__current_exception_context` `memset` `memcpy`
api-ms-win-crt-runtime-l1-1-0.dll	`_initialize_onexit_table` `_register_onexit_function` `_crt_atexit` `terminate` `_get_initial_wide_environment` `_register_thread_local_exe_atexit_callback` `_initialize_wide_environment` `_configure_wide_argv` `_initterm` `_set_app_type` `_seh_filter_exe` `_c_exit` `_cexit` `__p___wargv` `__p___argc` `_initterm_e` `_exit` `exit`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-stdio-l1-1-0.dll	`__p__commode` `_set_fmode`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode`
KERNEL32.dll	`GetCurrentThreadId` `GetCurrentProcessId` `QueryPerformanceCounter` `IsProcessorFeaturePresent` `TerminateProcess` `GetCurrentProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `InitializeSListHead` `IsDebuggerPresent` `GetSystemTimeAsFileTime` `GetModuleHandleW`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3d97`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.92312`
Detected Filetype	PNG graphic file
MD5	`d84083d023ab6bb01cc96281cfb3e626`
SHA1	`8370c259d6de6b37d085b6ad619b700b021b8082`
SHA256	`340f2558a86deacf822e4fc71aa76b57eced007eafa8fc0f5f4c36db0fee036b`
SHA3	`a900e884fbed02bcba86678651f582be635d2359db70a7ec69edce03dcd41122`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1628`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.41689`
MD5	`dde62d95fb87110950e35f5cee25e1fd`
SHA1	`47bbdd56fad02e02bf5c1b17f306ceafc6d56a85`
SHA256	`05321b56810c7a9f2512e16d5c643677c43a99f9b30f1c7ce48cc6306cd2eebd`
SHA3	`52136ae691c4afb053c7e96af67c0d6766a270d89a7771afa4c9564dd1a6cd14`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.79946`
MD5	`ed103ab242f20dea088dce386834cb8f`
SHA1	`f42f092d074570ec52d76be85a532a406b0f19bc`
SHA256	`4923eeebe7b9cf9ca305d3186bc352757b3004313697ee4b6f8fe82a2b177a10`
SHA3	`f0f4f63f9e1a0db5f53e93ac977ab670671a1f9aca4a46c0f523b0eb9210cd4c`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.46048`
MD5	`76625981516eaa8e7c76387398de1af7`
SHA1	`052509f83f8dc727f4b303f5fe40ffbf47db2ca5`
SHA256	`ccfe3199e1582613d64adc318bb337fd5f5c6628548188bfadf8f1c20580eeba`
SHA3	`fd503cf0748b1a89409e61a00c19f7997a7ec9c42dd9a2d603149f37db2afc00`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.19604`
MD5	`700e0b990563d9ab9546cf3cd75d3980`
SHA1	`7dd2e290a294d0b02fe2acade1a30e543a98c238`
SHA256	`a779a6adb616fe70692d7ca9e60ed4e464e912877a9afce52ce2c0a7de8fd7c1`
SHA3	`8bec8f54bcb05505c780b7d11d1be08bcaa34cd9fcc3d787eb5b12c84cdbca80`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.22279`
MD5	`9f1e1348de3da00f9548ba9aa951523c`
SHA1	`dcf9ab58ce285445cf7e43ad40d77d5c552542e4`
SHA256	`72138c1f894dc2e2198ec2b25c1edae7fd2c27501e0da92475c3a83c31740921`
SHA3	`724dffb1bc5dee2805799a7b955e54bebee13cce99c53a7c2e3c0ded609dc287`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x30fa`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.93695`
Detected Filetype	PNG graphic file
MD5	`0db28d2e17bf94752eaee9078e8cf3c4`
SHA1	`f68fa54699a9ddf89987a4533c057209ff44ebd0`
SHA256	`ca773d78ea0b81263cba18acf2845fdc4b53a689bcf5b78e1eb06942f13220df`
SHA3	`e7341548fed5212a386dba6ea6a9bddeec310569d714f712ad6a8034d19776bd`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.75838`
MD5	`55fbb9e8fc0a5ca1082147b72ec9a8ee`
SHA1	`c1e5c4c0e06510313a2794f1a1f447d77abb73a6`
SHA256	`eecf352bb39aba19adf2110a53cc5a5d440c04aa99ed32cc3cd19a8bbf012eb3`
SHA3	`7a78b172ad44dfc99dbb19f031af8c802d4fe537489daa0bcc3808a0ea9394a7`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.05077`
MD5	`0e77ae575bb14cda2d4632f8de90cac3`
SHA1	`a36266b5aa140e34cdd858693b66baaa416fb29a`
SHA256	`2035c31dd483556102cd4877aecdc1634c3eef8fecd394b5ffa873745e1eb710`
SHA3	`2f91d2a4d72a840e05dd2d6ce0affaecd706ff852fff97c6d383dc8d90fd36df`

10

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.00445`
MD5	`8753647d8d4fc2e4df04cdf4f522d015`
SHA1	`d4f9322de3ec8d48a789c30f51dac1dd869b04d2`
SHA256	`83fbae1dab956aa0b6f46047287bf550800519e44a5f2581627283d1a01fb800`
SHA3	`4685066823ddbb2f04f7a699ba30a0eed81b6231d16a3ed3dd29cdf86a509a82`

11

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.40353`
MD5	`e2dc532e0f88b9e775b40d06a45d9757`
SHA1	`6625d375ed2fd36091c6959163ca10b45c68ad62`
SHA256	`46af9a2c04627346f31662b09ae8a859b399db09c5da0055fb29c58587598dae`
SHA3	`e9f94a069dd51f7146b36cecd1d74d5b13c7a9086603763f3cb6a13e64e419f3`

12

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.12758`
MD5	`470b0a6086c6ec068a38f1629e93e169`
SHA1	`be4b68f8504d02e681d467f9bb585cb3f6de31b6`
SHA256	`db28967f8609ec90b509881d4d1d29278ba6f02d03e7e949e411298e3d7f2284`
SHA3	`0dddacd9b6f1c90f126138286e46e99d7bb127f7c7f25cb2bcea9f48952b05f0`

1 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xae`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.00668`
Detected Filetype	Icon file
MD5	`95a824ff8067919e99897f959b3ac0d4`
SHA1	`e09cc39164ba426634d9c9148156ba13e09e1a90`
SHA256	`ebe3b5f6f527967d80bfea4860213781120fcb46fd9d709f73a1ef15688f1a06`
SHA3	`09b405ea060666deee850834ebcc88fbc3b377f7d252015bd278c396d7a657a5`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.47655`
MD5	`80e8a8c839e68d444855102803adcb4f`
SHA1	`9c8541c4d874fd4ea6a615e539885964d365bb14`
SHA256	`98440b5032e7ed418951213af0d053a287be3ba5118fbe156fa254fba988c9bc`
SHA3	`bdb049e5bdb2a52447992be564672773f306dd1fb437ecb19b836591945cf613`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5db`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.22`
MD5	`cc5f24bf41b0c2cb7d441d0f07cd74e7`
SHA1	`38e5c2df563b22a201f98fcada5c80cce3f396bf`
SHA256	`a6bfbf8d5bca6033c9eac8aa511bf4d7d6655f6c9a6046e63c3dc57b10ff3902`
SHA3	`3f5f45a1cb69fe836312190630162b2d88569d9b999d682ae01dce6f9696681b`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	3.14.2150.1013
ProductVersion	3.14.2150.1013
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	Python Software Foundation
FileDescription	Python
FileVersion (#2)	3.14.2
InternalName	Python Console
LegalCopyright	Copyright Â© 2001 Python Software Foundation. Copyright Â© 2000 BeOpen.com. Copyright Â© 1995-2001 CNRI. Copyright Â© 1991-1995 SMC.
OriginalFilename	python.exe
ProductName	Python
ProductVersion (#2)	3.14.2

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Dec-05 17:28:01
Version	`0.0`
SizeofData	`54`
AddressOfRawData	`0x246c`
PointerToRawData	`0x186c`
Referenced File	D:\a\1\b\bin\amd64\python.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Dec-05 17:28:01
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x24a4`
PointerToRawData	`0x18a4`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Dec-05 17:28:01
Version	`0.0`
SizeofData	`672`
AddressOfRawData	`0x24b8`
PointerToRawData	`0x18b8`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140003000`

RICH Header

XOR Key	`0x2cc576a3`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`10`
Imports (35207)	`2`
ASM objects (35207)	`3`
C objects (35207)	`10`
C++ objects (35207)	`18`
Imports (35221)	`3`
Imports (33145)	`2`
Total imports	`51`
C objects (POGO O) (35221)	`1`
Resource objects (35221)	`1`
Linker (35221)	`1`

Errors

Leave a comment

No comments yet.