Manalyze report for 8b457d86c45f92ecf7ce3d375e31ffac

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2024-Apr-27 21:31:19
Detected languages	English - United States
Debug artifacts	C:\Users\karag\Desktop\fxhgdfhdf\Gaming-Lag-Switch-main\x64\Release\GLS.pdb

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: github.com https://github.com https://lagswitch.org lagswitch.org`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Possibly launches other programs: WinExec ShellExecuteA` `Uses functions commonly found in keyloggers: GetAsyncKeyState GetForegroundWindow` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`8b457d86c45f92ecf7ce3d375e31ffac`
SHA1	`26f3f58101191f0f7dbeede0fc3f001d40d7933b`
SHA256	`19f0ece5918531b36d7ca4323d091acd96e4e73bc2ea97635af8a1dd0bbe9294`
SHA3	`4d4149e31253a4b169477ef20b552ed5ae63c7aae6a2368a19bb5cc10edd4c0d`
SSDeep	`6144:2keTSlH+085BjSoV0sEH3SLL9CU1Bi6Z6+VnQun8afSG:JHreBWoVvEHCLJCU1sy6+9Qunm`
Imports Hash	`a822f751c4e8f3c6905273d5dde26dc5`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2024-Apr-27 21:31:19
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x43c00`
SizeOfInitializedData	`0x18e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000004373C (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x61000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`eeb4494f72c6fd8f191440a31d9eb463`
SHA1	`af7afd0e5b32d6c749601e95cd272d50b0f4a1ed`
SHA256	`7471024bd3410a2e127f4aa557d0ea24f62ca9afea9bc90552d0b8d5305e7d91`
SHA3	`780bdc3dae6c3807c2ad766eb0e358208529dc4a7e28ff8ee4e9543f80e5c61a`
VirtualSize	`0x43b13`
VirtualAddress	`0x1000`
SizeOfRawData	`0x43c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.48333`

.rdata

MD5	`4521b521e2eb10a387be0f0112ebe2e8`
SHA1	`146f224eba410109df114110afaaa9c0f7b44d27`
SHA256	`7dbf267b0008e460dbd6eba0cb2924491259c104c2c2516a9a59e32efe246d81`
SHA3	`3a50916aa4bdab7e5d111395dcadf530a43b3005d46441d2fd35ba6b6d33f65e`
VirtualSize	`0x14424`
VirtualAddress	`0x45000`
SizeOfRawData	`0x14600`
PointerToRawData	`0x44000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.44288`

.data

MD5	`623f4c390392596341b6590543171561`
SHA1	`653a926a0d13be4c67c273f2ff731a34f47430d2`
SHA256	`c46664be330dec95b8020c688f7c3a555a1d7b360f2b87a4880b4e70b4b46838`
SHA3	`3e023780ebe082407546bb26d9afc73908b3b8e7e9fc62d144f5037e7d29246f`
VirtualSize	`0xea0`
VirtualAddress	`0x5a000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x58600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.69463`

.pdata

MD5	`6c6b037e63f1bb559c5bcdc5f1f71322`
SHA1	`e2c5d01b00b9874ef94d4f173b99e7bc7d9efaba`
SHA256	`a1c5581beccf41069981c7489c8b97fd2ee199216a36ebef5dd3561fcd8ce380`
SHA3	`f19a4e83cd15d5e491f9323d5e2fb477b76e40c11903cd4b43815a968549e464`
VirtualSize	`0x303c`
VirtualAddress	`0x5b000`
SizeOfRawData	`0x3200`
PointerToRawData	`0x59000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.5672`

.rsrc

MD5	`89db728432b4749bcfdc7687d4677948`
SHA1	`21ecbc5b1fac885f68f857389c15fe7616f8cda8`
SHA256	`b4598426c44988fbe6a3f5c3fab5a2f2de0b99fd87a135c1805332505c5d3432`
SHA3	`75454675c7284cdb777ae360ed1bd3ad124109de39f779e5fca496bdde31b0d4`
VirtualSize	`0x1e8`
VirtualAddress	`0x5f000`
SizeOfRawData	`0x200`
PointerToRawData	`0x5c200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.77204`

.reloc

MD5	`735f2e6dd646d167456185b417cb93cf`
SHA1	`80e9e1dbadcc33be320f8e65dfef182c284bf093`
SHA256	`b4a0e59e96684fd7f7dfa1e6da00d26052542992937e71b49c23862a50aa88f7`
SHA3	`a05298c7a14fa0c4c52964c9240c4125632debdd6098b229219534e3ca4c70c2`
VirtualSize	`0x214`
VirtualAddress	`0x60000`
SizeOfRawData	`0x400`
PointerToRawData	`0x5c400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.5256`

Imports

KERNEL32.dll	`CloseHandle` `FreeConsole` `Beep` `WinExec` `CreateDirectoryA` `FreeLibrary` `InitializeSListHead` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `Sleep` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `IsDebuggerPresent` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `GetModuleHandleW` `CreateEventW` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `CreateFileA` `GetModuleHandleA` `QueryPerformanceCounter` `IsProcessorFeaturePresent` `GetProcAddress` `QueryPerformanceFrequency` `LoadLibraryA` `GlobalUnlock` `WideCharToMultiByte` `GlobalLock` `GlobalFree` `GlobalAlloc` `MultiByteToWideChar` `GetCurrentProcessId`
USER32.dll	`OpenClipboard` `GetCapture` `DispatchMessageA` `GetWindowRect` `DestroyWindow` `SetWindowPos` `ShowWindow` `GetAsyncKeyState` `DefWindowProcA` `CreateWindowExA` `TranslateMessage` `PeekMessageA` `UnregisterClassA` `PostQuitMessage` `CloseClipboard` `GetDesktopWindow` `RegisterClassExA` `UpdateWindow` `GetKeyState` `GetCursorPos` `SetCursorPos` `ReleaseCapture` `ClientToScreen` `SetClipboardData` `GetClipboardData` `EmptyClipboard` `LoadCursorA` `IsChild` `GetForegroundWindow` `SetCapture` `SetCursor` `GetClientRect` `ScreenToClient`
COMDLG32.dll	`GetOpenFileNameA`
SHELL32.dll	`ShellExecuteA`
d3d9.dll	`Direct3DCreate9`
MSVCP140.dll	`??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `??1_Lockit@std@@QEAA@XZ` `??0_Lockit@std@@QEAA@H@Z` `?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ` `?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z` `?_Xlength_error@std@@YAXPEBD@Z` `?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z` `?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z` `?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ` `?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ` `?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ` `?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?always_noconv@codecvt_base@std@@QEBA_NXZ` `??Bid@locale@std@@QEAA_KXZ` `_Query_perf_frequency` `?_Throw_Cpp_error@std@@YAXH@Z` `_Cnd_do_broadcast_at_thread_exit` `_Thrd_sleep` `_Query_perf_counter` `_Xtime_get_ticks` `?uncaught_exceptions@std@@YAHXZ`
IMM32.dll	`ImmReleaseContext` `ImmGetContext` `ImmSetCompositionWindow`
fwpuclnt.dll	`FwpmEngineOpen0` `FwpmFilterDeleteById0` `FwpmFilterAdd0`
VCRUNTIME140.dll	`__current_exception` `__current_exception_context` `memset` `_CxxThrowException` `__std_exception_copy` `__std_exception_destroy` `memcpy` `memmove` `memchr` `strstr` `__C_specific_handler` `memcmp`
api-ms-win-crt-stdio-l1-1-0.dll	`_fseeki64` `_set_fmode` `__p__commode` `fread` `fsetpos` `ungetc` `_get_stream_buffer_pointers` `setvbuf` `fgetpos` `fwrite` `ftell` `__stdio_common_vsscanf` `fgetc` `__stdio_common_vsprintf` `fclose` `fflush` `_wfopen` `fputc` `__acrt_iob_func` `fseek`
api-ms-win-crt-heap-l1-1-0.dll	`free` `_set_new_mode` `malloc` `_callnewh`
api-ms-win-crt-filesystem-l1-1-0.dll	`_lock_file` `_unlock_file` `remove`
api-ms-win-crt-convert-l1-1-0.dll	`mbstowcs` `atoi`
api-ms-win-crt-runtime-l1-1-0.dll	`_configure_narrow_argv` `_initialize_onexit_table` `_register_onexit_function` `_crt_atexit` `_cexit` `_seh_filter_exe` `_set_app_type` `terminate` `_get_initial_narrow_environment` `_initterm` `_initterm_e` `_exit` `_invalid_parameter_noinfo_noreturn` `__p___argc` `__p___argv` `_c_exit` `_register_thread_local_exe_atexit_callback` `_beginthreadex` `exit` `_wassert` `_initialize_narrow_environment`
api-ms-win-crt-string-l1-1-0.dll	`strncpy` `strcmp`
api-ms-win-crt-utility-l1-1-0.dll	`rand` `qsort`
api-ms-win-crt-math-l1-1-0.dll	`sqrtf` `fmodf` `acosf` `__setusermatherr` `cosf` `sinf` `ceilf`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2024-Apr-27 21:31:19
Version	`0.0`
SizeofData	`100`
AddressOfRawData	`0x529e4`
PointerToRawData	`0x519e4`
Referenced File	C:\Users\karag\Desktop\fxhgdfhdf\Gaming-Lag-Switch-main\x64\Release\GLS.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2024-Apr-27 21:31:19
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x52a48`
PointerToRawData	`0x51a48`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2024-Apr-27 21:31:19
Version	`0.0`
SizeofData	`932`
AddressOfRawData	`0x52a5c`
PointerToRawData	`0x51a5c`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2024-Apr-27 21:31:19
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x140052e20`
EndAddressOfRawData	`0x140052e28`
AddressOfIndex	`0x14005aa68`
AddressOfCallbacks	`0x140045850`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14005a038`

RICH Header

XOR Key	`0x8b7b39bb`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`20`
C objects (VS2022 Update 4 (17.4.2) compiler 31935)	`9`
ASM objects (VS2022 Update 4 (17.4.2) compiler 31935)	`3`
C++ objects (VS2022 Update 4 (17.4.2) compiler 31935)	`28`
Imports (VS2022 Update 4 (17.4.2) compiler 31935)	`6`
Imports (VS2012 build 50727 / VS2005 build 50727)	`2`
C objects (30795)	`1`
Imports (30795)	`21`
Total imports	`284`
C++ objects (LTCG) (VS2022 Update 5 (17.5.0-2) compiler 32215)	`13`
Resource objects (VS2022 Update 5 (17.5.0-2) compiler 32215)	`1`
Linker (VS2022 Update 5 (17.5.0-2) compiler 32215)	`1`

8b457d86c45f92ecf7ce3d375e31ffac

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors