Manalyze report for 25714ca20b2ce8eecbacc59d34b2c6712fa4f1913b4dc8c8d7a0e4375aefa356

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Apr-28 12:15:35
TLS Callbacks	2 callback(s) detected.
Comments	ReactiveProperty is MVVM and Asynchronous Extensions for Reactive Extensions(System.Reactive).
CompanyName	neuecc xin9le okazuki
FileDescription	ReactiveProperty
FileVersion	`9.3.4.0`
InternalName	ReactiveProperty.dll
LegalCopyright
OriginalFilename	ReactiveProperty.dll
ProductName	ReactiveProperty
ProductVersion	`9.3.4+324599ee933973e1bb3ba18f9b1f8e64f9891d35`
Assembly Version	9.3.4.0

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata`
Suspicious	The PE contains functions most legitimate programs don't use.	`Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Manipulates other processes: OpenProcess`
Malicious	VirusTotal score: 29/70 (Scanned on 2026-05-15 22:21:29)	`AVG: Win64:MalwareX-gen [Misc]` `AhnLab-V3: Trojan/Win.Generic.R772335` `Antiy-AVL: Trojan/Win64.ShellcodeRunner` `Arcabit: Trojan.Generic.D4C6AEC8` `Avast: Win64:MalwareX-gen [Misc]` `Avira: TR/W64.Agent` `BitDefender: Trojan.GenericKD.80129736` `CTX: dll.trojan.shellcoderunner` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `ESET-NOD32: Win64/ShellcodeRunner.BTO trojan` `Emsisoft: Trojan.GenericKD.80129736 (B)` `F-Secure: Trojan.TR/W64.Agent` `GData: Win64.Trojan.Agent.MZY4S6` `Google: Detected` `Ikarus: Trojan.Win64.Shellcoderunner` `K7AntiVirus: Trojan ( 006d8d181 )` `K7GW: Trojan ( 006d8d181 )` `McAfeeD: ti!25714CA20B2C` `MicroWorld-eScan: Trojan.GenericKD.80129736` `Microsoft: Trojan:Win32/Wacatac.C!ml` `Rising: Malware.Undefined!8.C (TFE:5:lvV8rr3Vp5V)` `Sophos: Mal/Generic-S` `Symantec: Trojan.Gen.MBT` `Tencent: Win32.Trojan.W64.Htgl` `TrellixENS: Artemis!588AD1D14266` `VIPRE: Trojan.GenericKD.80129736` `Varist: W64/ABTrojan.QVZA-6780` `alibabacloud: Trojan:Win/ShellcodeRunner.BSX`

Hashes

MD5	`588ad1d142661f8ed96ded0e267c6fb4`
SHA1	`521f551fe2ec194973db0e7e3d0aae5ab6b36759`
SHA256	`25714ca20b2ce8eecbacc59d34b2c6712fa4f1913b4dc8c8d7a0e4375aefa356`
SHA3	`479ecf0558e5e91d362188e9e8fd12ba2e8d632229ca8a6d3b3cc80d1d737b92`
SSDeep	`3072:VEvkWOtR1Fd7hLKVzypt2bwByedrq5PdH+5thqo+Q1CEGGmrQ:NtR1Fd7hLpt2bwBHdId4t/fCEGGmr`
Imports Hash	`36394ea1bf18637b6d6e2d2731b19ef7`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`11`
TimeDateStamp	2026-Apr-28 12:15:35
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0x1e000`
SizeOfInitializedData	`0xb600`
SizeOfUninitializedData	`0x200`
AddressOfEntryPoint	`0x00000000000011F0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x2e8a60000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x32000`
SizeOfHeaders	`0x400`
Checksum	`0x2c1b9`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a95052bd491b59379b82be31faedff74`
SHA1	`dc00f841fb07a3f9cd865865130239a64dea6144`
SHA256	`2c5c86c7159da86d28292f1b5745749b313538c72c7e03e5186eb72098973d77`
SHA3	`308f4bb2e174adf8accc48d7055e3b6f1037240634f7e048e5f05afa71d8abac`
VirtualSize	`0x1df20`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1e000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.37219`

.data

MD5	`f5aa5828802b1674ad1b52de9386a827`
SHA1	`c40d07096b19841360dcfbe719786a0ddd52e125`
SHA256	`c519bf9cb87b3616f49b21e8e228accac2b13385520ddf7483a30ddeebefdd7f`
SHA3	`fb929d9733b3f10065d57ed867fd5de4541797660ba613b09de2c475bbe936c4`
VirtualSize	`0x60`
VirtualAddress	`0x1f000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1e400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.367015`

.rdata

MD5	`a155e514e030bf4e7710605525d52f86`
SHA1	`2eb0e9b46d4c1d5b4708ef56ce855de9a7b3c60a`
SHA256	`3ae75a3aeeb4818988cf0bebab85c49978fa7d50bd4bf718cb35f292060d4af1`
SHA3	`34b9161967f0b54eeb11f6e9f1f64ce2ddaf979468adf337238dbc4baf75f448`
VirtualSize	`0x2048`
VirtualAddress	`0x20000`
SizeOfRawData	`0x2200`
PointerToRawData	`0x1e600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.65238`

.pdata

MD5	`c5c1360c659fa1171b787314891b92e1`
SHA1	`f60566002cac05d7e15c180cf5b45d409d18ed53`
SHA256	`24fa279172ce9dcce97a1720a802126225ff45ce7fec41e3fd87e6a7dd6e9a10`
SHA3	`f080f165dfeb8f4ed08f36db6e45083d33a5c370c72b484217b4845d96625146`
VirtualSize	`0x35f4`
VirtualAddress	`0x23000`
SizeOfRawData	`0x3600`
PointerToRawData	`0x20800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.31848`

.xdata

MD5	`f0689d4772f01f07ee534f6fd34478a0`
SHA1	`92c752e4c06038da7fbe8c463c835ebd478100ee`
SHA256	`0fe1f813ef5bd4a22b89630a91bdc8fc02893f9d66b45fb2c9b2a5ebe28a20c6`
SHA3	`a7084de43e4adb5b434b6d88ea4de2cb32e2bff7f05bbb80664ac73336a49059`
VirtualSize	`0x3a90`
VirtualAddress	`0x27000`
SizeOfRawData	`0x3c00`
PointerToRawData	`0x23e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.94084`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x110`
VirtualAddress	`0x2b000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.edata

MD5	`8b8d490430a296b218631ee791ae4df9`
SHA1	`135ae038cf74c36884c05609962e9cb67bf664c3`
SHA256	`c24f61ddeca3f6acef0f90938f3118c2a7c21876cd08aebd5166c9591bb44911`
SHA3	`cdfc19cc19ed91ba2e7da5c33b0f132be86469c935939db7cf3502496a402da6`
VirtualSize	`0xd6`
VirtualAddress	`0x2c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x27a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.50743`

.idata

MD5	`935cb67b47b4d0de7c773fdd417c5e03`
SHA1	`0d10f65e57601e07ef02666184e7d73fd396775d`
SHA256	`8fad83412eebdb8938afa3157d950830f20365ed896d8444917667be5ffb2ef5`
SHA3	`c472aabbeeecb9273d5bddbc512bcde496841cfd955e152f327781228a772d75`
VirtualSize	`0x1268`
VirtualAddress	`0x2d000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x27c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.43681`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x10`
VirtualAddress	`0x2f000`
SizeOfRawData	`0x200`
PointerToRawData	`0x29000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`0e439f49d2a0e5702a3804d038f931d0`
SHA1	`e8e97008d4a1166e3474f981c4a20d8f5158fe8d`
SHA256	`9c2a21d1d28c7a61b56f9e55e7f571d8ff1744d6210cb09b13d4b447f0eb8608`
SHA3	`52d139d38f63ab215e3460598d9a52261cda452d0481a7271fe10f52237216c8`
VirtualSize	`0x49c`
VirtualAddress	`0x30000`
SizeOfRawData	`0x600`
PointerToRawData	`0x29200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.94853`

.reloc

MD5	`8a1e8ec6f11ddb870039089c548a91a6`
SHA1	`78222c771a72bbfc296c1b24583bacee9fdfb98a`
SHA256	`8da94cef20e6e0a0e51524d17762f719edd596219a6b6404ee91b1dc80d609b4`
SHA3	`ea41199a8e0791e3d73a8ce0bcd76fd5f2c7146759f54297eca8dbac3e1f5fea`
VirtualSize	`0x54`
VirtualAddress	`0x31000`
SizeOfRawData	`0x200`
PointerToRawData	`0x29800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.983376`

Imports

bcrypt.dll	`BCryptGenRandom`
dwmapi.dll	`DwmIsCompositionEnabled`
DWrite.dll	`DWriteCreateFactory`
libgcc_s_seh-1.dll	`_Unwind_Resume`
KERNEL32.dll	`CloseHandle` `DeleteCriticalSection` `DisableThreadLibraryCalls` `EnterCriticalSection` `EnumSystemCodePagesW` `GetCurrentProcessId` `GetLastError` `GetProcessHandleCount` `InitializeCriticalSection` `K32GetProcessMemoryInfo` `LeaveCriticalSection` `OpenProcess` `Sleep` `TlsGetValue` `VirtualAlloc` `VirtualProtect` `VirtualQuery` `VirtualQueryEx`
api-ms-win-crt-heap-l1-1-0.dll	`calloc` `free`
api-ms-win-crt-math-l1-1-0.dll	`fmodf`
api-ms-win-crt-private-l1-1-0.dll	`memcpy` `memmove`
api-ms-win-crt-runtime-l1-1-0.dll	`_beginthreadex` `_endthreadex` `_execute_onexit_table` `_exit` `_initialize_onexit_table` `_initterm` `_initterm_e` `_register_onexit_function` `abort`
api-ms-win-crt-stdio-l1-1-0.dll	`__acrt_iob_func` `__stdio_common_vfprintf`
api-ms-win-crt-string-l1-1-0.dll	`memset` `strlen` `strncmp`
SDL3.dll	`SDL_CloseIO` `SDL_CreateEnvironment` `SDL_CreateRenderer` `SDL_CreateSemaphore` `SDL_CreateThreadRuntime` `SDL_CreateWindow` `SDL_Delay` `SDL_DestroyEnvironment` `SDL_DestroyRenderer` `SDL_DestroySemaphore` `SDL_DestroyWindow` `SDL_GetCurrentTime` `SDL_GetDateTimeLocalePreferences` `SDL_GetEnvironmentVariable` `SDL_GetEnvironmentVariables` `SDL_GetTicks` `SDL_IOFromDynamicMem` `SDL_IOprintf` `SDL_Init` `SDL_PollEvent` `SDL_Quit` `SDL_ReadIO` `SDL_ReadU32LE` `SDL_RenderClear` `SDL_RenderFillRect` `SDL_RenderLine` `SDL_RenderPoint` `SDL_RenderPresent` `SDL_RenderRect` `SDL_SeekIO` `SDL_SetRenderDrawColor` `SDL_SignalSemaphore` `SDL_TimeToDateTime` `SDL_WaitSemaphore` `SDL_WaitThread` `SDL_WriteU32LE` `SDL_free`
libstdc++-6.dll	`_ZNKSt8__detail20_Prime_rehash_policy14_M_need_rehashEyyy` `_ZNSt8__detail15_List_node_base7_M_hookEPS0_` `_ZSt17__throw_bad_allocv` `_ZSt18_Rb_tree_decrementPSt18_Rb_tree_node_base` `_ZSt18_Rb_tree_incrementPSt18_Rb_tree_node_base` `_ZSt20__throw_length_errorPKc` `_ZSt21__glibcxx_assert_failPKciS0_S0_` `_ZSt28__throw_bad_array_new_lengthv` `_ZSt29_Rb_tree_insert_and_rebalancebPSt18_Rb_tree_node_baseS0_RS_` `_ZdlPvy` `_Znay` `_Znwy` `__cxa_begin_catch` `__cxa_end_catch` `__cxa_rethrow` `__gxx_personality_seh0`

Delayed Imports

DrawLineChart

Ordinal	`1`
Address	`0x1b21`

DrawScatterPlot

Ordinal	`2`
Address	`0x3682`

GetProcessMemoryMetrics

Ordinal	`3`
Address	`0x4882`

RenderAreaChart

Ordinal	`4`
Address	`0x289b`

ScreenCtrl

Ordinal	`5`
Address	`0x18d9`

SecurityPie

Ordinal	`6`
Address	`0x1429`

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x444`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.4698`
MD5	`80ff62db3774d15913fca20fbfa2e5ba`
SHA1	`25029994ad3e1f65345611c46c0b9b286cb8a4e1`
SHA256	`aa33592aad940f48a8ed2a166a84edc5911d77da73f59973d6971613bfb13731`
SHA3	`cae065b0b79adfe4f0d522db7008408044ecd230bb2b0a4a6db2bbb1bc200b14`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	9.3.4.0
ProductVersion	9.3.4.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	UNKNOWN
Comments	ReactiveProperty is MVVM and Asynchronous Extensions for Reactive Extensions(System.Reactive).
CompanyName	neuecc xin9le okazuki
FileDescription	ReactiveProperty
FileVersion (#2)	9.3.4.0
InternalName	ReactiveProperty.dll
LegalCopyright
OriginalFilename	ReactiveProperty.dll
ProductName	ReactiveProperty
ProductVersion (#2)	9.3.4+324599ee933973e1bb3ba18f9b1f8e64f9891d35
Assembly Version	9.3.4.0

Resource LangID	UNKNOWN

TLS Callbacks

StartAddressOfRawData	`0x2e8a8f000`
EndAddressOfRawData	`0x2e8a8f008`
AddressOfIndex	`0x2e8a8b05c`
AddressOfCallbacks	`0x2e8a82020`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x00000002E8A65190` `0x00000002E8A65170`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!

Leave a comment

No comments yet.