Manalyze report for 1af136d31f6a2e74389f68717c518322c0ba0d2cdaccf2023eddf95207fb808a

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-Mar-25 23:05:36
Detected languages	English - United States
Debug artifacts	...................................................................................................................

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains another PE executable: This program cannot be run in DOS mode.` Contains domain names: Cloud.com GoDaddy.com certificates.godaddy.com certs.godaddy.com crl.godaddy.com crl.microsoft.com github.com godaddy.com http://certificates.godaddy.com http://certificates.godaddy.com/repository/gd_intermediate.crt0 http://certificates.godaddy.com/repository/gdroot.crl0K http://certificates.godaddy.com/repository0 http://certificates.godaddy.com/repository100. http://crl.godaddy.com http://crl.godaddy.com/gds2-1.crl0M http://crl.microsoft.com http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0 http://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0 http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0X http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T http://ocsp.godaddy.com http://ocsp.godaddy.com/0J http://ocsp.godaddy.com0F http://www.microsoft.com http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0 http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0 http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0 http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0 http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0a http://www.microsoft.com/pkiops/docs/primarycps.htm0 http://www.openssl.org http://www.openssl.org/support/faq.html https://certs.godaddy.com https://certs.godaddy.com/repository/0 https://github.com microsoft.com ocsp.godaddy.com openssl.org www.microsoft.com www.openssl.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses constants related to Blowfish` `Uses constants related to RC5 or RC6` `Uses known Mersenne Twister constants`
Suspicious	The PE is possibly packed.	`Unusual section name found: .vlizer` `Section .vlizer is both writable and executable.` `The PE only has 0 import(s).`
Info	The PE is digitally signed.	`Signer: NVIDIA Corporation` `Issuer: VeriSign Class 3 Code Signing 2010 CA`
Malicious	VirusTotal score: 34/71 (Scanned on 2026-04-03 03:48:37)	`APEX: Malicious` `AVG: MalwareX-gen [Misc]` `Antiy-AVL: Trojan/Win32.Sabsik` `Arcabit: Trojan.Application.Tedy.D4983` `Avast: MalwareX-gen [Misc]` `BitDefender: Gen:Variant.Application.Tedy.18819` `Bkav: W64.AIDetectMalware` `CAT-QuickHeal: Trojan.Sabsik` `CTX: exe.trojan.gencbl` `CrowdStrike: win/malicious_confidence_100% (W)` `Cylance: Unsafe` `Cynet: Malicious (score: 99)` `DeepInstinct: MALICIOUS` `ESET-NOD32: Win32/GenCBL.BUN trojan` `Elastic: malicious (moderate confidence)` `Emsisoft: Gen:Variant.Application.Tedy.18819 (B)` `Fortinet: Riskware/GenCBL` `GData: Gen:Variant.Application.Tedy.18819` `Google: Detected` `Ikarus: Trojan.Win32.Generic` `Lionic: Trojan.Win32.GenCBL.4!c` `Malwarebytes: Malware.AI.3369319756` `MaxSecure: Trojan.Malware.596673917.susgen` `McAfeeD: ti!1AF136D31F6A` `Microsoft: Trojan:Win32/Wacatac.B!ml` `Paloalto: generic.ml` `Skyhigh: Artemis` `Symantec: ML.Attribute.HighConfidence` `Tencent: Malware.Win32.Gencirc.14ac1bdb` `TrellixENS: Artemis!66CC2EA9DE74` `TrendMicro-HouseCall: TROJ_GEN.R002H0ACR26` `VBA32: SigCompromised.NVIDIACorporation` `VIPRE: Gen:Variant.Application.Tedy.18819` `Varist: W64/ABApplication.UAYR-0250`

Hashes

MD5	`66cc2ea9de7472bfa14c9d655da16fc2`
SHA1	`cccaa1aae01da1c6f883d58e5c063f5ffe1557bb`
SHA256	`1af136d31f6a2e74389f68717c518322c0ba0d2cdaccf2023eddf95207fb808a`
SHA3	`dd21350e03f4437add69b21b62b35fa8cd8f7c9bf32783b7cff3584c026a0dc2`
SSDeep	`393216:zExtfn/1ETN5isV4QJjQTKaxlXFiHQwMjc6Z8:zEfHWTmeoKaxNxwMjvW`
Imports Hash	`d41d8cd98f00b204e9800998ecf8427e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xb8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2026-Mar-25 23:05:36
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x30e00`
SizeOfInitializedData	`0x1937600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000185E0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x1d86000`
SizeOfHeaders	`0x400`
Checksum	`0x1d8b495`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`79462491d74f14e8dbe0b2a039d0ae88`
SHA1	`e1189c7c6a68a0730a2479899a593fbea17cd9e1`
SHA256	`57f5911d82e88e425500e028e25893d14009738959f01b2658983224739b6bc9`
SHA3	`2f8edf115127c76fe8e39abcfd71ac14fea2b8ab284b40738b45b92bdd4b720c`
VirtualSize	`0x30c18`
VirtualAddress	`0x1000`
SizeOfRawData	`0x30e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.24924`

.rdata

MD5	`8b8cd723f1b014eead83a951576ad81d`
SHA1	`9729ce86ca501a01e0e72a6fb78447f2b43efedf`
SHA256	`18c787d1e65d09b554fb2fd2935a4addbeb3b8f01aa05d60e48236218bfd53df`
SHA3	`0db4fd13c0c0d9379d625c97660789ed3c772337a7e072dcf5e7a963bd54b99d`
VirtualSize	`0x20ac`
VirtualAddress	`0x32000`
SizeOfRawData	`0x2200`
PointerToRawData	`0x31200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.10859`

.data

MD5	`9cdd34e571877f2248453263f64fc813`
SHA1	`0a220a06baa6ac635f959a07db29bcd42965bf60`
SHA256	`ff7463b9106a4eba54659afa8d8d1df5887764529dc769a0ce3928b1650194d1`
SHA3	`590e54672ea79a353c1d56702a80a3489c344be855e380a52287bb293a9692e9`
VirtualSize	`0x19316d8`
VirtualAddress	`0x35000`
SizeOfRawData	`0x1931200`
PointerToRawData	`0x33400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.1614`

.pdata

MD5	`c2eb971b245962dd6c0ed22f281334e5`
SHA1	`245c3d299fc5b1e6a80554d6bc50a3bebdecb646`
SHA256	`9dd6bacf370a993015e64dc857d51ed7763587d717051a3b22468f35c9068ef9`
SHA3	`c2cdde1cfba351f9afff43438d1038a9dc55fc07ebf90233e02124075723b561`
VirtualSize	`0x38a0`
VirtualAddress	`0x1967000`
SizeOfRawData	`0x3a00`
PointerToRawData	`0x1964600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.93904`

.rsrc

MD5	`1760130715940659323445ea67342377`
SHA1	`3fa6538a1cd88be42d2c77c6d4ab6d36f633c639`
SHA256	`5a261c3fc03c0faf145032ed9d296a7cd4141f4970019cb92d50fb19f277d580`
SHA3	`f7cb48df9104622c73db3911bea8764359cd545dd4a047ec6bcc3941056e966d`
VirtualSize	`0x1e8`
VirtualAddress	`0x196b000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1968000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.78028`

.vlizer

MD5	`7568201ddbe1fc2817f0c970b122b3db`
SHA1	`9d52459e85c5327f519797a4eb1772e9aa2d1899`
SHA256	`32871a7f3acd098c89d29d5570f3d6863ed8ead2f9d527cc06d935f8536c9c9f`
SHA3	`17b4c09d56169a534ba23e7553da3e1528f77486e9702db629788d4980c70605`
VirtualSize	`0x41a000`
VirtualAddress	`0x196c000`
SizeOfRawData	`0x419f21`
PointerToRawData	`0x1968200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.1481`

Imports

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Mar-25 23:05:36
Version	`0.0`
SizeofData	`140`
AddressOfRawData	`0x33cdc`
PointerToRawData	`0x32edc`
Referenced File	...................................................................................................................

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Mar-25 23:05:36
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x33d68`
PointerToRawData	`0x32f68`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Mar-25 23:05:36
Version	`0.0`
SizeofData	`192`
AddressOfRawData	`0x33d7c`
PointerToRawData	`0x32f7c`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2026-Mar-25 23:05:36
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x9cabf3d9`
Unmarked objects	`0`
C++ objects (35222)	`4`
Resource objects (35222)	`1`
Linker (35222)	`1`

Errors

Leave a comment

No comments yet.