Manalyze report for 2510d5706889c19ebf6e26d400b18c3b0962b1289b55bfbbea52fcefb6768627

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Mar-08 23:05:20
Detected languages	English - United States
CompanyName	foobar2000.org
FileDescription	Free Encoder Pack (2026-03-13)
FileVersion	`2026-03-13`
LegalCopyright	foobar2000.org
ProductName	Free Encoder Pack
ProductVersion	`2026-03-13`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: foobar2000.org http://nsis.sf.net http://nsis.sf.net/NSIS_Error nsis.sf.net`
Suspicious	The PE is an NSIS installer	`Unusual section name found: .ndata`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress` `Can access the registry: RegEnumValueW RegEnumKeyW RegQueryValueExW RegSetValueExW RegCloseKey RegDeleteValueW RegDeleteKeyW RegOpenKeyExW RegCreateKeyExW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: GetTempPathW CreateFileW` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Can shut the system down or lock the screen: ExitWindowsEx`
Info	The PE is digitally signed.	`Signer: Illustrate Ltd` `Issuer: Microsoft ID Verified CS EOC CA 01`
Suspicious	VirusTotal score: 2/70 (Scanned on 2026-05-19 14:19:32)	`Malwarebytes: Malware.Heuristic.2125` `Zillya: Trojan.AgentAGen.Win64.41425`

Hashes

MD5	`95c21bea34cd390938636578626c08eb`
SHA1	`407432369c83d32e9cabec9858521d5fc89babbc`
SHA256	`2510d5706889c19ebf6e26d400b18c3b0962b1289b55bfbbea52fcefb6768627`
SHA3	`80429e8376ec62a40d2a6b7daf47ad99446d7cd19987bc85f134d740da3d11e3`
SSDeep	`98304:WqOW3R8C2PMWghHqGtDChOYSLvmn8vXZSZ0wEEaPE6eh:WqOW3Rp2PR9G8SLvE0w0YY8h`
Imports Hash	`46ce5c12b293febbeb513b196aa7f843`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2025-Mar-08 23:05:20
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x6800`
SizeOfInitializedData	`0x64a00`
SizeOfUninitializedData	`0x4000`
AddressOfEntryPoint	`0x0000369F (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x8000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`6.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x19d000`
SizeOfHeaders	`0x400`
Checksum	`0x56b572`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`726d71cdaef290af7f1731c2143df1d4`
SHA1	`3260b7838eaa399e482dde23e60908fd29e111e4`
SHA256	`f17e217343517cb7327e71994c59cb9fb080eca5a99374c7d6dfcfa6d4475550`
SHA3	`68a9d9d4716f4f28e5b9d8cf067bd8754c2f0121c3f76812a6f86248c8c83485`
VirtualSize	`0x6711`
VirtualAddress	`0x1000`
SizeOfRawData	`0x6800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.4541`

.rdata

MD5	`e913094d8cceaca6b405bbbb52936387`
SHA1	`20df51227f19cb63323b43e74e506b2d2a09dce8`
SHA256	`512cb9ab76c260c6f4f8bb183a3e121f54906dcb42a74cded744aa6f6a330a19`
SHA3	`7f1ef0d8b4b6df73acc9b3d021673ec2f165f8688099c2a999d75994bfd54654`
VirtualSize	`0x1358`
VirtualAddress	`0x8000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x6c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.0997`

.data

MD5	`f910cdbdcfecebce4e6c66a5f8e48f79`
SHA1	`ad0d57369c0c28710b5b130f3c1143f141424c2d`
SHA256	`a8074e58573421424cfa8d2fcd4466da44b6fcfb274701321c9a48d68b68a6fd`
SHA3	`4364989ba32dc276687c34b3fab7609839c34942c54883893e3df5318019b899`
VirtualSize	`0x62378`
VirtualAddress	`0xa000`
SizeOfRawData	`0x600`
PointerToRawData	`0x8000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.12035`

.ndata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x128000`
VirtualAddress	`0x6d000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rsrc

MD5	`2c5fd28640ef0b2e4a585bead3cdf918`
SHA1	`7dac18c0e26dd5f86c072224fa0fb3382659384b`
SHA256	`7b230dbef253a52ee81fc28d330c3b3040fc363917ea3cc77f1ded47034a5f7e`
SHA3	`56224dedcff54c5ba197eda49c9c1270dbf6b4050c2e181d2262c55aa0554984`
VirtualSize	`0x73c0`
VirtualAddress	`0x195000`
SizeOfRawData	`0x7400`
PointerToRawData	`0x8600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.12585`

Imports

ADVAPI32.dll	`RegEnumValueW` `RegEnumKeyW` `RegQueryValueExW` `RegSetValueExW` `RegCloseKey` `RegDeleteValueW` `RegDeleteKeyW` `AdjustTokenPrivileges` `LookupPrivilegeValueW` `OpenProcessToken` `RegOpenKeyExW` `RegCreateKeyExW`
SHELL32.dll	`SHGetPathFromIDListW` `SHBrowseForFolderW` `SHGetFileInfoW` `SHFileOperationW` `ShellExecuteExW`
ole32.dll	`CoCreateInstance` `OleUninitialize` `OleInitialize` `IIDFromString` `CoTaskMemFree`
COMCTL32.dll	`ImageList_Destroy` `#17` `ImageList_AddMasked` `ImageList_Create`
USER32.dll	`MessageBoxIndirectW` `GetDlgItemTextW` `SetDlgItemTextW` `CreatePopupMenu` `AppendMenuW` `TrackPopupMenu` `OpenClipboard` `EmptyClipboard` `SetClipboardData` `CloseClipboard` `IsWindowVisible` `CallWindowProcW` `GetMessagePos` `CheckDlgButton` `LoadCursorW` `SetCursor` `GetSysColor` `SetWindowPos` `GetWindowLongW` `IsWindowEnabled` `SetClassLongW` `GetSystemMenu` `EnableMenuItem` `GetWindowRect` `ScreenToClient` `EndDialog` `RegisterClassW` `SystemParametersInfoW` `CharPrevW` `GetClassInfoW` `DialogBoxParamW` `CharNextW` `ExitWindowsEx` `DestroyWindow` `CreateDialogParamW` `SetTimer` `SetWindowTextW` `PostQuitMessage` `SetForegroundWindow` `ShowWindow` `wsprintfW` `SendMessageTimeoutW` `FindWindowExW` `IsWindow` `GetDlgItem` `SetWindowLongW` `LoadImageW` `GetDC` `ReleaseDC` `EnableWindow` `InvalidateRect` `SendMessageW` `DefWindowProcW` `BeginPaint` `GetClientRect` `FillRect` `DrawTextW` `EndPaint` `CharNextA` `wsprintfA` `DispatchMessageW` `CreateWindowExW` `PeekMessageW` `GetSystemMetrics`
GDI32.dll	`GetDeviceCaps` `SetBkColor` `SelectObject` `DeleteObject` `CreateBrushIndirect` `CreateFontIndirectW` `SetBkMode` `SetTextColor`
KERNEL32.dll	`RemoveDirectoryW` `lstrcmpiA` `GetTempFileNameW` `CreateProcessW` `CreateDirectoryW` `CreateThread` `GlobalLock` `GlobalUnlock` `GetDiskFreeSpaceW` `WideCharToMultiByte` `lstrcpynW` `lstrlenW` `SetErrorMode` `GetVersionExW` `GetCommandLineW` `GetTempPathW` `GetWindowsDirectoryW` `SetEnvironmentVariableW` `CopyFileW` `WriteFile` `GetCurrentProcess` `GetModuleFileNameW` `GetLastError` `GetFileSize` `CreateFileW` `GetTickCount` `Sleep` `SetFileAttributesW` `GetFileAttributesW` `SetCurrentDirectoryW` `MoveFileW` `GetFullPathNameW` `GetShortPathNameW` `SearchPathW` `CompareFileTime` `SetFileTime` `CloseHandle` `lstrcmpiW` `lstrcmpW` `ExpandEnvironmentStringsW` `GlobalFree` `GlobalAlloc` `GetModuleHandleW` `LoadLibraryExW` `FreeLibrary` `WritePrivateProfileStringW` `GetPrivateProfileStringW` `lstrlenA` `MultiByteToWideChar` `ReadFile` `SetFilePointer` `FindClose` `FindNextFileW` `FindFirstFileW` `DeleteFileW` `MulDiv` `lstrcpyA` `MoveFileExW` `lstrcatW` `GetSystemDirectoryW` `GetProcAddress` `GetModuleHandleA` `GetExitCodeProcess` `WaitForSingleObject` `ExitProcess`

Delayed Imports

110

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x666`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82633`
MD5	`b6bf70baab40fe438feff063bfb9ff6f`
SHA1	`7d4659d43e08d368ddacd31945872461c0b06253`
SHA256	`0e90a9e4b8f3a5bf990e8aadfd8096ad7aeaf1a4e032ac7b6395ce191d61c142`
SHA3	`cab98fabaf20118d9a8a4d2bcff4383a7291a0e04ff11a8690e71eed619c75e7`
Preview

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.36425`
MD5	`c3a1ef3f17657414a81e33397c5d4db7`
SHA1	`63a58f769fb02c03bc0a468725efb752f7674dfe`
SHA256	`5d0fd9805c654813b57f0d4dfbec540d20cb426100a2f8149f1a5582950524aa`
SHA3	`bf8085a0bc59ec30122b5b29ba472afe95204f81f1b55dce7232e7147d7d0db4`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.28602`
MD5	`7223c9662398be480104401d4ca75ed0`
SHA1	`6c3830359f7536084a74dbfcb7db1b38c006e9a8`
SHA256	`3ea678698c0882fd6f193ccd4c2e4e875782d014bd9b6dceab17d845d60529c6`
SHA3	`6ca51ae74926408360ca196df5cdd95397691bea53916bbc6657fa31ed3b08fa`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.06944`
MD5	`fcd01aaaad1b7ec612c45718ee04ff84`
SHA1	`1ba930ef55cd4d828030d124e17abdf58320f5c0`
SHA256	`7c69a7a6a81a1a4e6f5faaa489df538333febf3e3905c169c7cd8f83ce3f3fe2`
SHA3	`5b1cf498fa5533dbed306ad756332c086cbacc7c66ef962a8ca7b1856ee87f53`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.33781`
MD5	`c56fb3cc85e03a020663673be38dea5c`
SHA1	`69dace2feba520424b550403127b137ad907fd76`
SHA256	`7e8ead76419dd81f992a0d579dfc6f9b4f2e476d96e5e011584c2a62a85ffdf2`
SHA3	`7e62facaa9eb113e829a0bd4e6ed15820fbf94058864685c9876fe7b02edc78b`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.13165`
MD5	`ad68a2b1d2739688861906eb5d07c6e8`
SHA1	`a886b0b9826f6e56c770f5dbe2fae116a59b4468`
SHA256	`edd023e8331cc2bd63de453185190b4dcf685516fc77f3ac9d35069cb70b4630`
SHA3	`a73c342c3cddb74df77cd42d8da614b706891849bcf7f841bf7cbae3cf791b86`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.1985`
MD5	`45e283d2d48d1d03e95f699fe2bcbfb6`
SHA1	`ae2e7dd47c67ec70530ab43cb7d12a865a3efcf1`
SHA256	`0c49cc0a5a983dfa113cc509d48ec8ab6c5891e503dac710fdb5486de3feee85`
SHA3	`1e0e7cdde9d76251efb40fee58fb89a12eb9a99e147a15438d85ac838d6e0a27`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34146`
MD5	`4cab9376ec4701da71f80d4aeba2c240`
SHA1	`06e5e13b365af3f01b7bdca213f3e9ceb7e50879`
SHA256	`fe32e4619872af13373e6dd9db85348cd07eef4bedb58376d070d7210da98ff8`
SHA3	`bf7a8e758c26e1200ba0b3fbd42dd08ea028cb7fe6d448a4ece7974b3cccd7ff`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04232`
MD5	`21a4ab41cbf67f81a31f1ee4d8362ad7`
SHA1	`862e3ec0dbb7780391965b594656c93d3d639043`
SHA256	`a6ab81883d8b074d2df028d332baa4958e5655291a2f525fa26e0e2424594cfa`
SHA3	`ebff1e32c7b361d088b00377e8b83422392f8b42f4ab684f0af5e8565c40de1b`

103

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x120`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.56193`
MD5	`db6dd0434da4d7cac564518725167e09`
SHA1	`a65a1367d7cd96450f089a8f8108239bbcea9f5b`
SHA256	`c50631fc1f8425a95fd1edcc8e730d339e193a38f18d42372c32847a5ad2c016`
SHA3	`4e3be5455c51e1cb04836e318cb69ecdffd2deadd0f338d4bc985d8f5ca653ff`

104

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x118`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.62725`
MD5	`c1f51a43850c4cbe4d9f15f57ef4731d`
SHA1	`b34bea545aefddaf91100e43b4e747fc430d2735`
SHA256	`d039d2b37efb10d58c3af244602446b2af669b7766796176ec0abf068380ff7b`
SHA3	`e4c0c73febe1fc08c3dbdaf9593cbc0c75061053f624a7dfa0c3ca953f4cd112`

105

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x202`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.73893`
MD5	`386770584473e271f23dced36427f4ff`
SHA1	`d14ce95f784b35e4e3ebee535476ebcd3e380c19`
SHA256	`425b8270f7ca42a927eae6bea468acf414a3e4b58b5ba2c56aaae4d1b2c11014`
SHA3	`db13e5969376b27e8443eebff685230e2b74685aeb2fba73973f06e5cddc8662`

106

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xf8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.91148`
MD5	`fa83652660409e90e0db9731ad2adb17`
SHA1	`0a8f0af67723c87fe26ccf676b8e19ec6357b4dc`
SHA256	`4a55bd714f5d50cd8eabba10e57f0618f1842717dcfa582d73a917b1933cd1d4`
SHA3	`5b3e1cb25be7a2dbae4f08f0d4794ed23dbd6ea37a3f9702be12dba588f42a7b`

111

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xee`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.92767`
MD5	`1db3e4c32b9560257ddf3506fef9dd3f`
SHA1	`6666e0c8336456cfacec71d84415c6516e9e2673`
SHA256	`587a03198c39f990e77691056bb5705e21374281862ce06de94c68172f50f763`
SHA3	`30ca0affc3f1d2ef8b37f2103db7581caaf88548823fb3ae1d308fae9738dab4`

103 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x76`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.69402`
Detected Filetype	Icon file
MD5	`e81ecec370cd30fb8550738dd6b47031`
SHA1	`f2579e7c66c70097608c8bcc64fd802245ca6b3a`
SHA256	`cd8ec74b887964d5a6c479b934ebab725869889f763bbd23cc6e6b13c73472af`
SHA3	`69c3cefd80721d6464065138f4628e938a6ef9b3e78423b39494fbdcb9c41c3f`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x280`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.27602`
MD5	`0f6f9209cce559dbd90ede0552f6171b`
SHA1	`4846cd6ee9e948d7fe03628f8db0fd5b4ff6ef3a`
SHA256	`1ffbde694cd6614c0125b56658f4af82a894fc44e1cddd98c1abc01c37a9668d`
SHA3	`7b235dc3a6d3e6f0c8508cf904b078664e6e3a5997820cbe78c5c857e430e28c`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.28574`
MD5	`aac92e8300ca3fd4759bd85aa10a1ca1`
SHA1	`11d048375440e23f6ac9578cd0362fac41df3bb0`
SHA256	`0ab1fbeb2c336f9bb8e5945142564f793ae1f66a5a17ab8765efd6e52432df14`
SHA3	`d6fda98570e7c75c45369595834fc40bfbe9f1e8a7c6b00bfa1a9701a74bd873`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	foobar2000.org
FileDescription	Free Encoder Pack (2026-03-13)
FileVersion (#2)	2026-03-13
LegalCopyright	foobar2000.org
ProductName	Free Encoder Pack
ProductVersion (#2)	2026-03-13

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xd24e50e9`
Unmarked objects	`0`
C objects (VS2003 (.NET) build 4035)	`2`
Total imports	`163`
Imports (VS2003 (.NET) build 4035)	`15`
48 (9044)	`10`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

Errors

[*] Warning: Section .ndata has a size of 0!

Leave a comment

No comments yet.