Manalyze report for 0f6c2a0ebde58ff64c23e51d7d0184b139d36b9839b142c7e7574e9e35bac9c5

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2022-Jul-01 19:22:20
Detected languages	English - United States
FileVersion	`2.1.0.0`
ProductVersion	`2.1.0.0`
FileDescription	StopTheLag
CompanyName	StopTheLag
LegalCopyright	Danilo @ 2025 all rights reserved.
ProductName	StopTheLag

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++` `Microsoft Visual C++ v6.0` `Microsoft Visual C++ v5.0/v6.0 (MFC)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: cmd.exe` `Contains domain names: command.com`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Possibly launches other programs: CreateProcessA` `Can create temporary files: GetTempPathA CreateFileA` `Leverages the raw socket API to access the Internet: WSAStartup` `Enumerates local disk drives: GetVolumeInformationA`
Suspicious	The file contains overlay data.	`38288 bytes of data starting at offset 0x19000.`
Malicious	VirusTotal score: 7/72 (Scanned on 2025-09-25 09:57:18)	`Cylance: Unsafe` `DeepInstinct: MALICIOUS` `McAfeeD: ti!0F6C2A0EBDE5` `SentinelOne: Static AI - Suspicious PE` `Skyhigh: BehavesLike.Win32.Infected.ch` `Trapmine: malicious.high.ml.score` `TrellixENS: Artemis!4C51E5A0E006`

Hashes

MD5	`4c51e5a0e0068ab069aae8d85ccc040c`
SHA1	`9b719f72c2e5154f86e61d01490a72a840308ae8`
SHA256	`0f6c2a0ebde58ff64c23e51d7d0184b139d36b9839b142c7e7574e9e35bac9c5`
SHA3	`f6035e9e387646ba0db525cf2fca5d9f2c4be960636871d9fff033ecf16605ae`
SSDeep	`3072:IrkWzCuGZmQt+kdt92/N//ohgCm/uIPC9aBUGhPP+9Y0F9t2/BbU:IADbtJjHDm/uIPHPP+9XF94A`
Imports Hash	`e4d9e6c70d4272f4be22f97effe45fe7`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2022-Jul-01 19:22:20
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x13000`
SizeOfInitializedData	`0x5000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000C880 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x14000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xb24000`
SizeOfHeaders	`0x1000`
Checksum	`0x1a4ee`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a2fe4dc77f423051c14e607dc366bc60`
SHA1	`db0b63a7e3e7be30d32db2ee789bb585020a1de1`
SHA256	`caffbed126e5308113b01f1b5691c5035934a2393c73d4378cc48f6c15b6fe28`
SHA3	`6834965a5aad681357fe669449dd8305a9c3d52d17af9af9f79569396d97db18`
VirtualSize	`0x126c2`
VirtualAddress	`0x1000`
SizeOfRawData	`0x13000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.42385`

.rdata

MD5	`e7be1394fd136025e490d81de0b9ba77`
SHA1	`c88892793a4d4b4754ee19c752557a36d4175296`
SHA256	`d63c4e14b260eca85812990d3caa9394cf52a3394a7b35cf8a24e8808a9ff34b`
SHA3	`a54e59e7d98d15d2a1607cd89ae2d0fa124b0e912ba0cfabcde7dd520f268cbd`
VirtualSize	`0xbd0`
VirtualAddress	`0x14000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x14000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.47664`

.data

MD5	`c3c8caaa553ad3aee5daa91dfcf4f10f`
SHA1	`3198f581665292c4e7fe350015167548462d9399`
SHA256	`93b36f935d1e77db7bc0525e1b45a559d8fcd1d8cd0230726dda437305bf0ad0`
SHA3	`366b49c7ff1973c13a6b446d9d09978b7278eed5eb1bc00f4eb7d5aab982ebc4`
VirtualSize	`0xb0c498`
VirtualAddress	`0x15000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x15000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.69146`

.rsrc

MD5	`1b8f27a3480f560ead6204da6aa2c646`
SHA1	`b97616e0e2fbc7e2aff0e41dcf4c758e654a52da`
SHA256	`fa721270ca8e79370d2738bced4e7beb5d41077839108bde60d156044f72a8ce`
SHA3	`ae79623a9eb40b63657d5c64707236d95e7fd81337e8f28d1709bce4207c103c`
VirtualSize	`0x1764`
VirtualAddress	`0xb22000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x17000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.17978`

Imports

KERNEL32.dll	`GetWindowsDirectoryA` `GetTempPathA` `GetModuleFileNameA` `GetStdHandle` `SetConsoleMode` `GetConsoleMode` `Sleep` `SetConsoleCursorInfo` `SetConsoleCursorPosition` `SetConsoleTextAttribute` `GetTickCount` `GetVolumeInformationA` `GetLastError` `GetProcAddress` `LoadLibraryA` `ReadConsoleInputA` `WriteConsoleA` `LCMapStringW` `ExitProcess` `TerminateProcess` `GetCurrentProcess` `GetCommandLineA` `GetVersion` `SetHandleCount` `GetFileType` `GetStartupInfoA` `ReadFile` `SetFilePointer` `HeapFree` `CloseHandle` `GetFileAttributesA` `GetModuleHandleA` `WriteFile` `UnhandledExceptionFilter` `FreeEnvironmentStringsA` `FreeEnvironmentStringsW` `WideCharToMultiByte` `GetEnvironmentStrings` `GetEnvironmentStringsW` `HeapDestroy` `HeapCreate` `VirtualFree` `RtlUnwind` `HeapAlloc` `SetStdHandle` `FlushFileBuffers` `VirtualAlloc` `HeapReAlloc` `CreateFileA` `GetExitCodeProcess` `WaitForSingleObject` `CreateProcessA` `MultiByteToWideChar` `GetStringTypeA` `GetStringTypeW` `GetCPInfo` `GetACP` `GetOEMCP` `SetEndOfFile` `CompareStringA` `CompareStringW` `SetEnvironmentVariableA` `LCMapStringA`
WINMM.dll	`timeGetTime`
WS2_32.dll	`WSAStartup`

Delayed Imports

102

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.55018`
MD5	`534fab263c4e3d6c51b4089e012a3887`
SHA1	`90fb527a168242109f05bbe9ff7e792f49e1a4d1`
SHA256	`93ecb634bd63f5c21002071ce40f7c8df3f00e2520c2035e854b08a18ace65d2`
SHA3	`ae3cb7aca95e920227561d899d05d43616b3823c271c313a31b06a3588d34f7b`

102 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.18548`
Detected Filetype	Icon file
MD5	`23675916006a34365715c80221811929`
SHA1	`0e1447d619a1618daac8b6e4ee3e664f00b4ca1b`
SHA256	`0cdb5513a45637d349def5c2a08a2def98b32c6c09dd2ed085e3d0a88b04a24f`
SHA3	`8b026a3239ff2d60fa607ee6fee8fe9f8b3d3e6e0158ee132b3272fb5045c8a7`

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.2855`
MD5	`1089aca13ead1f99e9e96a1fa5f08d4b`
SHA1	`9747a604a2f643a9d4d3b4ec93a7da6c85d965b5`
SHA256	`e204b4f9fd4d339d354e9a6a6db931178e99894871a89b853b9c214bfc955ee9`
SHA3	`4542f47fc739d15d2c9f58121a6eb070fb1ac4b89776915d8aa0fe13f1a6d259`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x312`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.99409`
MD5	`e156a19b13e1251c5d71dff35d6b8ffa`
SHA1	`55b13b71107d69d1005ffac99562c83f2861d5b0`
SHA256	`b662bae58577fa99796a324987e2544cd5f8921d912f8ff208b25e38b864200c`
SHA3	`81b91c4dcef00042153a725f9d91ad9425a1372eb7a3bbdee4d05049cb43f469`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2.1.0.0
ProductVersion	2.1.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	UNKNOWN
FileVersion (#2)	2.1.0.0
ProductVersion (#2)	2.1.0.0
FileDescription	StopTheLag
CompanyName	StopTheLag
LegalCopyright	Danilo @ 2025 all rights reserved.
ProductName	StopTheLag

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x1a1e39b4`
Unmarked objects	`0`
12 (7291)	`4`
14 (7299)	`14`
C objects (VS98 build 8168)	`97`
19 (8034)	`7`
Total imports	`68`
C++ objects (VS98 build 8168)	`2`
Resource objects (VS98 cvtres build 1720)	`1`

Errors

Leave a comment

No comments yet.