Manalyze report for 24d99cafda11f383e4855c7f23b4b172

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2023-Apr-18 22:40:23
Detected languages	English - United States
FileVersion	`1.0.0.0`
ProductVersion	`1.0.0.0`
CompanyName	Secret Unlocked Circle of FortKnight's
LegalCopyright	Jackpot_ZB
ProductName	SUCKProtocol WIN11 FIX

Plugin Output

Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: FindWindowA` `Possibly launches other programs: CreateProcessA` `Can create temporary files: GetTempPathA CreateFileA` `Enumerates local disk drives: GetVolumeInformationA`
Suspicious	The file contains overlay data.	`871 bytes of data starting at offset 0x41000.`

Hashes

MD5	`24d99cafda11f383e4855c7f23b4b172`
SHA1	`ca9009157fb3f109475a261cfd58012b90cd63e5`
SHA256	`82318c10014db9e3ecc9b01f16089bcb1b5f1cbccb2f03a1ef3c58f4c70d9432`
SHA3	`9870fdb2fac449d86f6d08122e7f7e6bc6b593539d8a674f7808c5a19ff0a419`
SSDeep	`3072:F23rbZi/8GprF3jg/otScD9J7INCw+q4u9uvCnMDHyX+mCxlBMRoAPnN8eRwe:FKr1i/8UFJX9kuc+LxlBMWQNj6e`
Imports Hash	`c29ab370ed500debe05d495f2d8c12c2`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2023-Apr-18 22:40:23
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0xf000`
SizeOfInitializedData	`0x31000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000090C6 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x10000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xb41000`
SizeOfHeaders	`0x1000`
Checksum	`0x1f7ff`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a8784bbf74a4f67f820ca8ca14d6893d`
SHA1	`0549e3c1bbb2e2fac4a900eeab1a797e40754f4f`
SHA256	`dd7ad4e866f95c6deeebb34c64772a4f6328df2da53448072520f2e81e0ced38`
SHA3	`46cd0f374627888dcbfb05d92fd8246f6e8cd975cd51c2d8f517090a1d09b60a`
VirtualSize	`0xec66`
VirtualAddress	`0x1000`
SizeOfRawData	`0xf000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.39452`

.rdata

MD5	`7de9cd21a659de4e55e38eb82065b6dd`
SHA1	`9161c80edb01ce3081aa02628d54eb0a406385b2`
SHA256	`b66a510ae1de3aeeda69a59465e8a554f60e6690e9f2cd8245b4263a9b9448dd`
SHA3	`f2df5b0f762212f73d590f2d4dd20c698676b813508641054f36990f9f08d6cd`
VirtualSize	`0xc0a`
VirtualAddress	`0x10000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x10000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.55816`

.data

MD5	`2a62dc5e9a954239623d5f838743b6ec`
SHA1	`7dcdd00652c1ca39fceb3d2cdc3dbd99255ff4fe`
SHA256	`5b81452f80ca647fcac0da0d3cd82ecc91f442d3a6fdf7435b8ee68a6254a897`
SHA3	`095619aa1136f1ea1df2e51bf768387d7acd9707d1512ca3944a825533791beb`
VirtualSize	`0xb010d8`
VirtualAddress	`0x11000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x11000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.77119`

.rsrc

MD5	`f50037024150b1f410434a5d6448f20a`
SHA1	`7be7f5a741d7be231e57914a781987088d38125d`
SHA256	`f3e1d0488243499b04c776e6ac45254e10af9080e489d645c13d4b6823091ddf`
SHA3	`6ca6798bdec5b79f432aa8b064e558e6d169a83d802d6cad0e329203ba453406`
VirtualSize	`0x2d444`
VirtualAddress	`0xb13000`
SizeOfRawData	`0x2e000`
PointerToRawData	`0x13000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.67156`

Imports

KERNEL32.dll	`GetTempPathA` `GetModuleFileNameA` `GetStdHandle` `SetConsoleMode` `GetConsoleMode` `Sleep` `SetConsoleTextAttribute` `GetTickCount` `SetConsoleCursorInfo` `SetConsoleCursorPosition` `GetVolumeInformationA` `ReadConsoleInputA` `WriteConsoleA` `LCMapStringW` `LCMapStringA` `SetEnvironmentVariableA` `CompareStringW` `ExitProcess` `TerminateProcess` `GetCurrentProcess` `GetCommandLineA` `GetVersion` `SetHandleCount` `GetFileType` `GetStartupInfoA` `GetLastError` `ReadFile` `SetFilePointer` `HeapFree` `CloseHandle` `GetFileAttributesA` `GetProcAddress` `GetModuleHandleA` `WriteFile` `UnhandledExceptionFilter` `FreeEnvironmentStringsA` `FreeEnvironmentStringsW` `WideCharToMultiByte` `GetEnvironmentStrings` `GetEnvironmentStringsW` `HeapDestroy` `HeapCreate` `VirtualFree` `RtlUnwind` `HeapAlloc` `SetStdHandle` `FlushFileBuffers` `VirtualAlloc` `HeapReAlloc` `CreateFileA` `GetExitCodeProcess` `WaitForSingleObject` `CreateProcessA` `MultiByteToWideChar` `GetStringTypeA` `GetStringTypeW` `GetCPInfo` `GetACP` `GetOEMCP` `LoadLibraryA` `SetEndOfFile` `CompareStringA`
USER32.dll	`FindWindowA` `GetDesktopWindow` `GetWindowRect` `SetWindowPos`
WINMM.dll	`timeGetTime`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x14748`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99246`
MD5	`826bf7f8aa37ada2e0207c41e615d5e6`
SHA1	`a9c597655a21c6063cbd9bee222f25c189fbdfca`
SHA256	`cc6888fe9a889a0578e88fc6f831f2d4c9e42d643f5d1c55598a869c8214641e`
SHA3	`40d197e723d17a890972e4dd6322d6d13a8f0076cf36d247ef550e512839c2a0`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.68932`
MD5	`a92244bb640554cb9addbdf26ac1c167`
SHA1	`a986456531b82db40393d465dfa1c53a3dc81599`
SHA256	`94bfbdddba6e1c35f746201b9d90a3ca77c090e4bdd71f321ded6b1f0c58c87c`
SHA3	`6effd3ca49cfd0dfb64037b2d0cf12438fecfcb8d610d168c538c38e8773bdbb`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89028`
MD5	`7d5847914956a9426dbe771f0cf9850f`
SHA1	`4b0d7acbe621517b5f6533a6ab16e3ee5bd07700`
SHA256	`416ade61648e70f6eb55a43e388385d1c77da019b88373096e4f6bddb4360d3f`
SHA3	`972f12079bf531ba2dd0796073aa6ba6bcddbbf59685b69a3bda8649336c77f1`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00605`
MD5	`db9ccbb9229c762a3205eabdde18fb3c`
SHA1	`bb80eafccf675d42ce692f0fd7cf7cfd2ea99f93`
SHA256	`7fd667e9958c6c941711c62c00a7531dbcf9df3ffb0889c5a34f6ae6d4bd13c6`
SHA3	`f9a4fb4af36c7e7197347de5fccb62ddef86cf98752380e47fb6e9b9f71f7d74`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.19078`
MD5	`70276e02fc25654391daa5e6cd87ccbd`
SHA1	`e1639cca6378d3ef89b9ad9b7913179fb60589cf`
SHA256	`470a58cae35e009d6dc1b94b904b27443165468eb2160a06c4ee5d598648db93`
SHA3	`1dbf78236768ec7eec6d2177b26f105881dfb6f68b7ade6928661e2d952b7dda`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.37279`
MD5	`5d5b2701ddc1092dd095024a36f09f67`
SHA1	`4c7d3aa6ea4760a9344aed28dcecc6e76e4184fb`
SHA256	`7f0f517e13846e94474b2207c48d51618577420c12a85c971399abcf5fffec71`
SHA3	`337ed3b61eec8ac92499a5eda6a9f66fce67207c95908a0ceafe242ce1cef8d1`

1 (#2)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.39721`
MD5	`44aac607c9e13da8ae26b371edba364f`
SHA1	`cc0e4b5fe4fad2dbb486428f8a8870a183bbf5e6`
SHA256	`9a6827087b1dd6addd4a8a8389ea72799ff35097ddbe6ffef15d6b8365b6894c`
SHA3	`1b5a58e6e24abe1e9a14569cd611304572b0267a63e345846b325e6542f93ca1`

1 (#3)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x264`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.28333`
MD5	`929f7c51906b4326fbc9fe8f057dd0c2`
SHA1	`057414815568872749c64f888ba3e136c193c3ad`
SHA256	`00219da8f6c237b491d65289a2bd886d1795c2ea4eb4995cad37edff61f76cae`
SHA3	`e1cedd05327e4cb9e1e76ece323e8fe4b7724ed212924a884ebd8ca49691a455`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x312`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.99409`
MD5	`e156a19b13e1251c5d71dff35d6b8ffa`
SHA1	`55b13b71107d69d1005ffac99562c83f2861d5b0`
SHA256	`b662bae58577fa99796a324987e2544cd5f8921d912f8ff208b25e38b864200c`
SHA3	`81b91c4dcef00042153a725f9d91ad9425a1372eb7a3bbdee4d05049cb43f469`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	UNKNOWN
FileVersion (#2)	1.0.0.0
ProductVersion (#2)	1.0.0.0
CompanyName	Secret Unlocked Circle of FortKnight's
LegalCopyright	Jackpot_ZB
ProductName	SUCKProtocol WIN11 FIX

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xa0b83448`
Unmarked objects	`0`
12 (7291)	`2`
C++ objects (VS98 build 8168)	`1`
14 (7299)	`15`
19 (8034)	`7`
Total imports	`70`
C objects (VS98 build 8168)	`95`
Resource objects (VS98 cvtres build 1720)	`1`

Errors

[*] Warning: Please edit the configuration file with your VirusTotal API key.
[!] Error: Could not load yara_rules/bitcoin.yara!
[!] Error: Could not load yara_rules/monero.yara!
Could not load company_names.yara!
[!] Error: Could not load yara_rules/compilers.yara!
[!] Error: Could not load yara_rules/findcrypt.yara!
[!] Error: Could not load yara_rules/suspicious_strings.yara!
[!] Error: Could not load yara_rules/domains.yara!
[!] Error: Could not load yara_rules/peid.yara!