Manalyze report for 1ba4423722aeb7f9b3015e6da810e0e571ab7b04df31f27a89a3feb103310203

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-Mar-16 14:39:29
Detected languages	English - United States
CompanyName	Original Experimental Division
FileDescription	HD2 Cheat Menu Injector
FileVersion	`1.0.0.2`
InternalName	HD2CheatMenuInjector
LegalCopyright	Zodiac
OriginalFilename	HD2CheatMenuInjector.exe
ProductName	HD2 Cheat Menu Injector
ProductVersion	`1.0.0.2`

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Code injection capabilities: OpenProcess VirtualAllocEx CreateRemoteThread WriteProcessMemory` `Possibly launches other programs: ShellExecuteW` `Memory manipulation functions often used by packers: VirtualAllocEx VirtualProtect` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges` `Manipulates other processes: Process32FirstW Process32NextW OpenProcess WriteProcessMemory`
Malicious	VirusTotal score: 7/72 (Scanned on 2026-03-22 22:18:21)	`APEX: Malicious` `Bkav: W64.AIDetectMalware` `DeepInstinct: MALICIOUS` `Elastic: malicious (moderate confidence)` `Malwarebytes: Malware.Heuristic.2518` `Symantec: ML.Attribute.HighConfidence` `Trapmine: malicious.moderate.ml.score`

Hashes

MD5	`632c4e67345cb3099ca85a7ae118d0ef`
SHA1	`3cff88879389581d6863a2064c33108dd4691429`
SHA256	`1ba4423722aeb7f9b3015e6da810e0e571ab7b04df31f27a89a3feb103310203`
SHA3	`34bc380f5304159bf2895744814a353a8c1d0023bbe1dc1887b7d4b1239b0d62`
SSDeep	`6144:sXMVrFdYT1oStdrJrbIK7ph0lhSMXlBXBWnTdt+CqUHQ:s8VrF9Stdr157ph0lhSMXliTdtf`
Imports Hash	`21511f9c76c79a90652a98dc96d5bd09`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2026-Mar-16 14:39:29
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x2d600`
SizeOfInitializedData	`0x3d600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000001642C (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x70000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`31648bcc5f4d46e1c88bacea872e1625`
SHA1	`e1450ec0ac4294f148dd0ad7ba844466bd9a7726`
SHA256	`4fd5a0f22f1c8f00a84233eb0b46fb7c7af96c1b848f1ca75de27949df38aa29`
SHA3	`54b2f6825e5b340a1cae2e4dc5ea89e12a856078d473cf8070a0ebca2132c2fa`
VirtualSize	`0x2d59c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2d600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.46414`

.rdata

MD5	`5269b64df88300434aeddaa99f11e2a4`
SHA1	`2db5a482368848806e6f864f663ca9417b0c6f5f`
SHA256	`8597ce02b98359bed8e30365fcb9b0905acab7141fefd8491257448a24b7f108`
SHA3	`734bd67816189bf944f1575c5146da2f17d6f5b40399e148dd9448ee7a278030`
VirtualSize	`0x33c14`
VirtualAddress	`0x2f000`
SizeOfRawData	`0x33e00`
PointerToRawData	`0x2da00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.31382`

.data

MD5	`97f24b7e84a7fd3e1a28a9433511577b`
SHA1	`3142c4d2659673e309de47641ebe8265be6526c6`
SHA256	`f45cd1e3ae892ff6d8bc58ef9f31f67f3035febb3658a652401957fc8b7bbef4`
SHA3	`7730fa7b66032c5e096eeaf479078c87e31c9f8920db8555387add2d5590b5f7`
VirtualSize	`0x2334`
VirtualAddress	`0x63000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x61800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.75028`

.pdata

MD5	`43b5d44a4e48aedfbcd3ae72c3b0fa02`
SHA1	`9fa8d5303f4ea9d28c7580d3520ab36c52d757de`
SHA256	`c2f1ad3008e5934143e5b811b1e6699b64d07a6359440a4f7fffe52cfd6a4900`
SHA3	`cfcdeee4d8fc9a693840208995330af6f8c39012cc8851ef6f91f3a0c726fe86`
VirtualSize	`0x2580`
VirtualAddress	`0x66000`
SizeOfRawData	`0x2600`
PointerToRawData	`0x62c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.55934`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x100`
VirtualAddress	`0x69000`
SizeOfRawData	`0x200`
PointerToRawData	`0x65200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`fe9772259984fd19ec6ace0b0ccd78db`
SHA1	`486071073e823f3e2fca1f2c35117eb11616aee4`
SHA256	`b4545e14f519ab3676297acf13a4e48676682a368acd3841bde9adaaf7a87593`
SHA3	`b40bfb59412d91e9cb8faf5fa079d464fb6dcc163ce51b52658d5ace3e16cd23`
VirtualSize	`0x40b0`
VirtualAddress	`0x6a000`
SizeOfRawData	`0x4200`
PointerToRawData	`0x65400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.00272`

.reloc

MD5	`298b3469d013c31aed2904ae25a0f48c`
SHA1	`471e56e12740b5ae15487a0cf1ace6d7f8388c5b`
SHA256	`f9b4dbf4655641ed462acbb87d6a3efef456ba06c9819d3087644a2e22fad7dc`
SHA3	`4a6bca299be9ec36353c3325c66ffe2bb0fa707bd09b6988cd523acd6fc2de16`
VirtualSize	`0x8fc`
VirtualAddress	`0x6f000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x69600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.21855`

Imports

KERNEL32.dll	`SetConsoleWindowInfo` `SetConsoleScreenBufferSize` `Sleep` `CloseHandle` `GetCurrentProcess` `GetModuleFileNameW` `GetLastError` `CreateToolhelp32Snapshot` `Process32FirstW` `Process32NextW` `GetProcAddress` `GetModuleHandleW` `OpenProcess` `TerminateProcess` `VirtualAllocEx` `GetCurrentConsoleFontEx` `CreateRemoteThread` `WaitForSingleObject` `GetExitCodeThread` `VirtualFreeEx` `SetConsoleCP` `SetConsoleOutputCP` `SetConsoleTitleW` `WriteConsoleW` `CreateFileW` `HeapSize` `FlushFileBuffers` `SetStdHandle` `GetConsoleWindow` `GetStdHandle` `SetConsoleTextAttribute` `WriteProcessMemory` `MultiByteToWideChar` `GetProcessHeap` `SetEnvironmentVariableW` `FreeEnvironmentStringsW` `FindClose` `FindFirstFileW` `FindFirstFileExW` `FindNextFileW` `GetFileAttributesExW` `CreateFile2` `AreFileApisANSI` `GetFileInformationByHandleEx` `WideCharToMultiByte` `FormatMessageA` `LocalFree` `GetLocaleInfoEx` `EncodePointer` `DecodePointer` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionEx` `DeleteCriticalSection` `GetStringTypeW` `GetCPInfo` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `WakeAllConditionVariable` `SleepConditionVariableSRW` `SetUnhandledExceptionFilter` `GetStartupInfoW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlLookupFunctionEntry` `RtlUnwindEx` `RtlPcToFileHeader` `RaiseException` `SetLastError` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `ExitProcess` `FreeLibrary` `GetModuleHandleExW` `IsProcessorFeaturePresent` `WriteFile` `GetCommandLineA` `GetCommandLineW` `RtlCaptureContext` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `HeapAlloc` `HeapFree` `VirtualProtect` `LoadLibraryExW` `CompareStringW` `LCMapStringW` `GetLocaleInfoW` `IsValidLocale` `GetUserDefaultLCID` `EnumSystemLocalesW` `GetFileType` `GetConsoleOutputCP` `GetConsoleMode` `GetFileSizeEx` `SetFilePointerEx` `HeapReAlloc` `IsValidCodePage` `GetACP` `GetOEMCP` `GetEnvironmentStringsW`
USER32.dll	`SetWindowLongW` `GetDesktopWindow` `GetClientRect` `GetWindowRect` `SetWindowPos` `GetWindowLongW`
ADVAPI32.dll	`LookupPrivilegeValueW` `GetTokenInformation` `OpenProcessToken` `AdjustTokenPrivileges`
SHELL32.dll	`ShellExecuteW` `ShellExecuteExW`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.1084`
MD5	`59329ab0546336a4485ec6f84752e1a9`
SHA1	`ce220520fc5b7688c4fa51cee4097f8d691564cb`
SHA256	`8e331a7a87e4035d30aaef5653547fa697a5dc1a2c86efec8033bf217deae313`
SHA3	`f07825268b2804376b016c92b37ebe9f9205194d77fa0b8e4a2db736e145d20f`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.78904`
MD5	`06514bd542abffb6b32aa9378f95da99`
SHA1	`a91868022cb6dfd0c8353b953ec20faa336167fc`
SHA256	`258b2cda4c0642c2b012ed00759d4358fd0b6512440d6dcd731e298c28514dde`
SHA3	`4c3e6ddcf486bf4542616be05776555c3814d26e064adfc1e632ba0517dc965a`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.77891`
MD5	`9297935302b5365ac63dad0ee68b9514`
SHA1	`9b493d0f72fb82c2d7ba5acad469d021e18b5d11`
SHA256	`979ab9279d188be70f2e9862e30be80bef27c3204693c577c2c68f92efca2a59`
SHA3	`5a4c56d31d91d15cdaa7e3a4c0fc24dbdac5076b1d6935ef79ad01c9e023fa0d`

IDI_EDICON

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x30`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.51589`
Detected Filetype	Icon file
MD5	`298232997883411f1ee110d990f9551c`
SHA1	`4ffeb8f324718a55a88d60510e45437add99e956`
SHA256	`d688200ab02f6fe049104a3e63ed160087c953b6d812e469db2aa2275e366cec`
SHA3	`9da59cc538741e621778c8be995153688357f472f6c6a9c481d5f33ff19c500a`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x324`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34005`
MD5	`090f053e00ebcaa9ba7e6f319bd8be06`
SHA1	`4342cefb0072402b284965d6a45e14cb745ce955`
SHA256	`f1ce35281ae9368014efa5f7ba3be739a8effeba6a07961b71f5da8fb920e4c8`
SHA3	`dfd8f2374f65b41558c12ee88c9f726ad0ca67262cf7bd10285a3e5647be0787`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.2
ProductVersion	1.0.0.2
FileFlags	`(EMPTY)`
FileOs	`(EMPTY)`
FileType	`VFT_UNKNOWN`
Language	English - United States
CompanyName	Original Experimental Division
FileDescription	HD2 Cheat Menu Injector
FileVersion (#2)	1.0.0.2
InternalName	HD2CheatMenuInjector
LegalCopyright	Zodiac
OriginalFilename	HD2CheatMenuInjector.exe
ProductName	HD2 Cheat Menu Injector
ProductVersion (#2)	1.0.0.2

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Mar-16 14:39:29
Version	`0.0`
SizeofData	`1052`
AddressOfRawData	`0x5e828`
PointerToRawData	`0x5d228`

TLS Callbacks

StartAddressOfRawData	`0x14005ec90`
EndAddressOfRawData	`0x14005ec98`
AddressOfIndex	`0x1400645f4`
AddressOfCallbacks	`0x14002f4b0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140063040`

RICH Header

XOR Key	`0x99ad2d6`
Unmarked objects	`0`
C++ objects (33145)	`158`
C objects (33145)	`18`
ASM objects (33145)	`7`
ASM objects (35403)	`10`
C objects (35403)	`16`
C++ objects (35403)	`81`
Imports (33145)	`9`
Total imports	`150`
C++ objects (LTCG) (35726)	`2`
Resource objects (35726)	`1`
151	`1`
Linker (35726)	`1`

Errors

Leave a comment

No comments yet.