Manalyze report for 2375ab0342558691bed7484f4b2c70ef05bfc2e3d6dbbd3f4c747e182ba16b75

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-May-01 19:11:54
Detected languages	English - United States
Debug artifacts	FlameBullet.pdb

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: cmd.exe`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to AES` `Uses constants related to RC5 or RC6` `Uses known Mersenne Twister constants` `Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryExA LoadLibraryExW LoadLibraryW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowA` `Code injection capabilities (PowerLoader): FindWindowA GetWindowLongA GetWindowLongW` `Can access the registry: RegCloseKey RegCreateKeyExA RegDeleteValueA RegOpenKeyExA RegQueryValueExA RegSetValueExA` `Possibly launches other programs: CreateProcessW ShellExecuteA` `Uses Microsoft's cryptographic API: CryptAcquireContextA CryptCreateHash CryptDestroyHash CryptGetHashParam CryptHashData CryptReleaseContext` `Can create temporary files: CreateFileA CreateFileW GetTempPathA` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Leverages the raw socket API to access the Internet: WSACleanup WSAGetLastError WSAStartup closesocket connect htons inet_pton recv send setsockopt shutdown socket` `Functions related to the privilege level: OpenProcessToken` `Interacts with services: CreateServiceA OpenSCManagerW` `Manipulates other processes: Process32FirstW Process32NextW`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`02ac54b01292398b336ec7b80b87c16d`
SHA1	`01951d60624561e65ede81756f1646942c028a88`
SHA256	`2375ab0342558691bed7484f4b2c70ef05bfc2e3d6dbbd3f4c747e182ba16b75`
SHA3	`30f72242611fc15f41906449b925ac00e51b3f42a2fd075be1d607fb43f23f2a`
SSDeep	`49152:m+fxdyjmNlGWgaaw6OAmEuvvySs8ryOFS1CouDCzZ6E/TjJNFKAOMOs9oXU/tbB:QeGynXXvCbO+i0BuJcCHAzQc/`
Imports Hash	`109b17ea1885c702c729066127c0ad0c`

DOS Header

e_magic	`MZ`
e_cblp	`0x78`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x78`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`9`
TimeDateStamp	2026-May-01 19:11:54
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x44ce00`
SizeOfInitializedData	`0x215e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000004118C0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x66f000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`86752dada9ef295fe19182507b564e10`
SHA1	`bcfd9517922777b1e2e8ff1543066d54fab0e1c4`
SHA256	`d9d44e4a11bc3255db07403caebe0130baf7ffa5287bf3f8c85fd2f197688c7a`
SHA3	`63016f495137dd0f2b313c2dfe3fe3892290e060117df927246b10e7178664dc`
VirtualSize	`0x44ccd6`
VirtualAddress	`0x1000`
SizeOfRawData	`0x44ce00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.72337`

.rdata

MD5	`153dcfc0d11bbe492bd3e49c9d27d7fc`
SHA1	`68f4d43bea090033f0ab103c761a8d3498129118`
SHA256	`f8d2358ce9211a68d42a66de78807d59542ccdd60186288fd7866e4faca74d75`
SHA3	`cda842bea7a1af2967b5d1ac20721e943c70d68afe77f1dc799198d48b57ed3d`
VirtualSize	`0xa8be4`
VirtualAddress	`0x44e000`
SizeOfRawData	`0xa8c00`
PointerToRawData	`0x44d200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.18463`

.data

MD5	`770cca2c87f149334a4b39e6bcaad53c`
SHA1	`9dd26fc56eed62ec91ac76a496906f3473fac50e`
SHA256	`5e63537a091dd033a7d2da2cd0ec5f1431118734ee223979eaa32a55bbcb3ced`
SHA3	`7b563cf8066a3892b60ec4cbf678dabe8401da59b7583f3313b266d45e885e59`
VirtualSize	`0x1318e0`
VirtualAddress	`0x4f7000`
SizeOfRawData	`0x12bc00`
PointerToRawData	`0x4f5e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.69163`

.pdata

MD5	`0e7b40d2e9e18288d7510efef45a264a`
SHA1	`637119e3d7e2ca681f838aba20738547d52efb11`
SHA256	`1184437277193100bdaac592ebc1355e9087e4115dad4092ee921818b2beaa50`
SHA3	`55c4db080f9666ab335f8c2134cc109b95f12096e714f93e682cb1d36e71a418`
VirtualSize	`0x1a01c`
VirtualAddress	`0x629000`
SizeOfRawData	`0x1a200`
PointerToRawData	`0x621a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.23236`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x100`
VirtualAddress	`0x644000`
SizeOfRawData	`0x200`
PointerToRawData	`0x63bc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.tls

MD5	`1f354d76203061bfdd5a53dae48d5435`
SHA1	`aa0d33a0c854e073439067876e932688b65cb6a9`
SHA256	`4c6474903705cb450bb6434c29e8854f17d8324efca1fdb9ee9008599060883a`
SHA3	`991fbbd46bbd69198269fe6c247d440e0f8a7d38259b7a1e04b74790301d1d2b`
VirtualSize	`0x9`
VirtualAddress	`0x645000`
SizeOfRawData	`0x200`
PointerToRawData	`0x63be00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0203931`

_RDATA

MD5	`686ae7823077c9f91f2f2cedffb6da14`
SHA1	`0878e2e69dc9f0bf995d570e3ec9b54e7ab8539c`
SHA256	`d4845bc10ed0212022c1e21d0f281edc7ff9270e72fa58dad642870914e3db39`
SHA3	`8d412ecf3bd5bcc6faa14fab322dcde56b928191a2b816c98e9aff6614db37d4`
VirtualSize	`0x1f4`
VirtualAddress	`0x646000`
SizeOfRawData	`0x200`
PointerToRawData	`0x63c000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.20411`

.rsrc

MD5	`88566773d3680e029dcd2811fcfce151`
SHA1	`d3ad88ce99f3c4d31c3731d1cf4f0c390f2ba67f`
SHA256	`f73ba289690ff0f5edddab430923d0154b26260edc9c73223b59c8f15712ac2d`
SHA3	`ce8d9327e1b5956ce076869f364c2021e9422991bb9f2d9dc0964c7fd4491482`
VirtualSize	`0x1e0`
VirtualAddress	`0x647000`
SizeOfRawData	`0x200`
PointerToRawData	`0x63c200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.66873`

.reloc

MD5	`b6e11dcacde67b3e3e6b9335db7afdb1`
SHA1	`dc332a4d3556a83020d7c8f19ca901ad3f92c0f3`
SHA256	`0cbeb377875df3432c7a3a155f621c24d139b009c44cdd0d0862e760d557851f`
SHA3	`a97fe799d2a90d24ff3bbe61f7f66147d6a62abd2734415e3f0953bcd12331e5`
VirtualSize	`0x26bcc`
VirtualAddress	`0x648000`
SizeOfRawData	`0x26c00`
PointerToRawData	`0x63c400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.55355`

Imports

KERNEL32.dll	`AcquireSRWLockExclusive` `AllocConsole` `AreFileApisANSI` `CloseHandle` `CompareStringW` `CopyFileW` `CreateDirectoryW` `CreateFileA` `CreateFileMappingA` `CreateFileW` `CreateHardLinkW` `CreateProcessW` `CreateSymbolicLinkW` `CreateThread` `CreateToolhelp32Snapshot` `DecodePointer` `DeleteCriticalSection` `DeviceIoControl` `DuplicateHandle` `EncodePointer` `EnterCriticalSection` `EnumSystemLocalesW` `ExitProcess` `ExitThread` `FindClose` `FindFirstFileA` `FindFirstFileExW` `FindFirstFileW` `FindNextFileA` `FindNextFileW` `FlsAlloc` `FlsFree` `FlsGetValue` `FlsSetValue` `FlushFileBuffers` `FlushInstructionCache` `FormatMessageA` `FreeEnvironmentStringsW` `FreeLibrary` `FreeLibraryAndExitThread` `GetACP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `GetConsoleMode` `GetConsoleOutputCP` `GetConsoleWindow` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThreadId` `GetDateFormatW` `GetEnvironmentStringsW` `GetExitCodeProcess` `GetExitCodeThread` `GetFileAttributesExW` `GetFileInformationByHandle` `GetFileInformationByHandleEx` `GetFileSize` `GetFileSizeEx` `GetFileType` `GetLastError` `GetLocaleInfoEx` `GetLocaleInfoW` `GetModuleFileNameA` `GetModuleFileNameW` `GetModuleHandleA` `GetModuleHandleExA` `GetModuleHandleExW` `GetModuleHandleW` `GetOEMCP` `GetProcAddress` `GetProcessHeap` `GetStartupInfoW` `GetStdHandle` `GetStringTypeW` `GetSystemDefaultLocaleName` `GetSystemDirectoryW` `GetSystemTimeAsFileTime` `GetTempPathA` `GetTickCount64` `GetTimeFormatW` `GetTimeZoneInformation` `GetUserDefaultLCID` `HeapAlloc` `HeapFree` `HeapQueryInformation` `HeapReAlloc` `HeapSize` `InitializeCriticalSectionAndSpinCount` `InitializeCriticalSectionEx` `InitializeSListHead` `IsDebuggerPresent` `IsProcessorFeaturePresent` `IsValidCodePage` `IsValidLocale` `LCMapStringEx` `LCMapStringW` `LeaveCriticalSection` `LoadLibraryA` `LoadLibraryExA` `LoadLibraryExW` `LoadLibraryW` `LocalFree` `MapViewOfFile` `Module32FirstW` `Module32NextW` `MoveFileExW` `MultiByteToWideChar` `OpenThread` `Process32FirstW` `Process32NextW` `QueryPerformanceCounter` `QueryPerformanceFrequency` `RaiseException` `ReadConsoleW` `ReadFile` `ReleaseSRWLockExclusive` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlPcToFileHeader` `RtlUnwind` `RtlUnwindEx` `RtlVirtualUnwind` `SetConsoleCP` `SetConsoleOutputCP` `SetConsoleTextAttribute` `SetConsoleTitleA` `SetEndOfFile` `SetEnvironmentVariableW` `SetFileInformationByHandle` `SetFilePointerEx` `SetLastError` `SetStdHandle` `SetUnhandledExceptionFilter` `Sleep` `SleepConditionVariableSRW` `TerminateProcess` `Thread32First` `Thread32Next` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `TryAcquireSRWLockExclusive` `UnhandledExceptionFilter` `UnmapViewOfFile` `VirtualAlloc` `VirtualFree` `VirtualProtect` `WaitForSingleObject` `WaitForSingleObjectEx` `WakeAllConditionVariable` `WakeConditionVariable` `WideCharToMultiByte` `WriteConsoleW` `WriteFile` `lstrcpyA` `lstrcpyW` `lstrlenW`
USER32.dll	`EnumWindows` `FindWindowA` `GetWindowLongA` `GetWindowLongW` `GetWindowRect` `GetWindowThreadProcessId` `IsWindowVisible` `MessageBoxA` `MessageBoxW` `MoveWindow` `PostThreadMessageW` `SetWindowLongA` `SetWindowLongW` `SetWindowPos` `SetWindowsHookExW` `ShowScrollBar` `UnhookWindowsHookEx`
ADVAPI32.dll	`CloseServiceHandle` `CreateServiceA` `CryptAcquireContextA` `CryptCreateHash` `CryptDestroyHash` `CryptGetHashParam` `CryptHashData` `CryptReleaseContext` `GetTokenInformation` `OpenProcessToken` `OpenSCManagerW` `RegCloseKey` `RegCreateKeyExA` `RegDeleteValueA` `RegOpenKeyExA` `RegQueryValueExA` `RegSetValueExA` `StartServiceA`
SHELL32.dll	`CommandLineToArgvW` `SHGetFolderPathA` `ShellExecuteA`
SHLWAPI.dll	`PathFileExistsW`
ntdll.dll	`RtlAdjustPrivilege` `RtlImageNtHeader`
IPHLPAPI.DLL	`IcmpCloseHandle` `IcmpCreateFile` `IcmpSendEcho`
WS2_32.dll	`WSACleanup` `WSAGetLastError` `WSAStartup` `closesocket` `connect` `htons` `inet_pton` `recv` `send` `setsockopt` `shutdown` `socket`
bcrypt.dll	`BCryptCloseAlgorithmProvider` `BCryptCreateHash` `BCryptDestroyHash` `BCryptFinishHash` `BCryptGetProperty` `BCryptHashData` `BCryptOpenAlgorithmProvider`
WINTRUST.dll	`WinVerifyTrust`

Delayed Imports

?start@@YA_NXZ

Ordinal	`1`
Address	`0x38c4c0`

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.84857`
MD5	`1b3cb4ac5487290385d8b1554adf5c81`
SHA1	`b7edbc56328989d97726dc3f04b9dafc5c9109f7`
SHA256	`e059b7af692224b60cf6ee82e3cfc3091d8c2f08550c56a65983930e4f7d8b5c`
SHA3	`6491d4c57ba00d005ad50ce68d69637f02d33bc3c7d3b0beae250c2efb7c31ae`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-May-01 19:11:54
Version	`0.0`
SizeofData	`40`
AddressOfRawData	`0x4cdebc`
PointerToRawData	`0x4cd0bc`
Referenced File	FlameBullet.pdb

TLS Callbacks

StartAddressOfRawData	`0x140645000`
EndAddressOfRawData	`0x140645008`
AddressOfIndex	`0x140625d88`
AddressOfCallbacks	`0x1404ce0f0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14061fc40`

RICH Header

Errors

Leave a comment

No comments yet.