Manalyze report for 26e2410debd51f90fdfbc5756a920ce3aa9771b85e10e53388d4f18e070c8767

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2019-Jul-30 08:52:45
Detected languages	English - United States
FileVersion	`1.0.0`
ProductVersion	`1.0.0`
ProductName	TDR DADDY Optimization
FileDescription	TDR DADDY Windows Optimization Tool
CompanyName	TDR DADDY
LegalCopyright	Â© 2026 TDR DADDY. All rights reserved

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig2(h)`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress LoadLibraryW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: GetTempPathW CreateFileW`
Info	The PE's resources present abnormal characteristics.	`Resource 51E67D9801A1719550CAAB87022EAAA4 is possibly compressed or encrypted.`
Malicious	VirusTotal score: 18/63 (Scanned on 2026-06-14 02:26:30)	`CrowdStrike: win/malicious_confidence_70% (D)` `Cylance: Unsafe` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `Elastic: malicious (high confidence)` `Fortinet: W32/PossibleThreat` `Google: Detected` `Gridinsoft: Trojan.Win32.Gen.cl` `Lionic: Trojan.Win32.Generic.4!c` `MaxSecure: Trojan.Malware.300983.susgen` `McAfeeD: Real Protect-LS!B47EC36E354F` `Paloalto: generic.ml` `Sangfor: Trojan.Win32.Save.a` `SentinelOne: Static AI - Malicious PE` `Sophos: Generic ML PUA (PUA)` `Symantec: ML.Attribute.HighConfidence` `TrendMicro-HouseCall: Trojan.Win32.Gen.TL0101C326` `Varist: W32/Agent.MEW2.gen!Eldorado`

Hashes

MD5	`b47ec36e354f29208914b1d74081460c`
SHA1	`ca3461d739686bccc1b7760c003901f0ec5cac87`
SHA256	`26e2410debd51f90fdfbc5756a920ce3aa9771b85e10e53388d4f18e070c8767`
SHA3	`17dd7679863880bfb912fd8290e5f55850df4f70b393a3042ee5e719aa9f14a2`
SSDeep	`3072:y7DhdC6kzWypvaQ0FxyNTBfojT8IMqLgur6tkVbLiT:yBlkZvaF4NTBQn7g9kFc`
Imports Hash	`2c5f2513605e48f2d8ea5440a870cb9e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2019-Jul-30 08:52:45
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x11400`
SizeOfInitializedData	`0xdc00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001000 (Section: .code)`
BaseOfCode	`0x1000`
BaseOfData	`0x13000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x23000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.code

MD5	`46da2c5018752470fd3127bf22d63b95`
SHA1	`79689d07d23e494c8a40e425f6b58b6fcfcee935`
SHA256	`dde5c88b25500cafc481c699e30ea58342b107228ef6f3a08d3361a60203430b`
SHA3	`dae8493b3d4a31fe01cf730bafbd7390586ff0f116fa5ded8284d0382b858c3e`
VirtualSize	`0x387e`
VirtualAddress	`0x1000`
SizeOfRawData	`0x3a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.52922`

.text

MD5	`e1a026e66953c410d7f60b1f1e3c560f`
SHA1	`838d55d26dd9efd6b0506c9c55f064f69bff3a1d`
SHA256	`97f61efc9684f623eae30fcce8a8b3035003d341200579275f19f5468d496a75`
SHA3	`cf24a88fe26c2aa2d32468714671eaf669efc73ed42178d15681551c2967b390`
VirtualSize	`0xd962`
VirtualAddress	`0x5000`
SizeOfRawData	`0xda00`
PointerToRawData	`0x3e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.56249`

.rdata

MD5	`a16842a34a5da6feda9533bb3e83c3c1`
SHA1	`597bcd6908d7d29b813201e8506c5ae636de4377`
SHA256	`e7aa3b9a2637a54058211b802f96742faf19c341e604e483c54b9da022bf7a4d`
SHA3	`054e5f2439e80e489d6f8f42717ee344b2492bc8230b9d42ef3816c922b51cc1`
VirtualSize	`0x33a5`
VirtualAddress	`0x13000`
SizeOfRawData	`0x3400`
PointerToRawData	`0x11800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.11184`

.data

MD5	`48555095ec363cbb8745a078664b3159`
SHA1	`c22cee25f8e2b53c254835589d4451bcbebc1968`
SHA256	`1bd2ce13f4031eee3dced908c6fe4ff30865dbad79e90091294ec478fb5c13cf`
SHA3	`2f27568db11b0d2c6700d9cdd8997584bbf0009f393fb2e5e08e5325bf178114`
VirtualSize	`0x178c`
VirtualAddress	`0x17000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x14c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.10126`

.rsrc

MD5	`1b677659aa1b51aa5d6d229cdd8af356`
SHA1	`baf48ee2e3b824c1e39f0860e4a31c538400ce89`
SHA256	`8a90a40e95ddc7abf64888bfff18760ddfc0b45e39db5749fa67c81b5b69c2cc`
SHA3	`77ced85559247eb2947f064a6f314c2fc75f54b22b15fffe42522f322416618a`
VirtualSize	`0x9424`
VirtualAddress	`0x19000`
SizeOfRawData	`0x9600`
PointerToRawData	`0x15e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.86864`

Imports

MSVCRT.dll	`memset` `wcsncmp` `memmove` `wcsncpy` `wcsstr` `_wcsnicmp` `_wcsdup` `free` `_wcsicmp` `wcslen` `wcscpy` `wcscmp` `wcscat` `memcpy` `tolower` `malloc`
KERNEL32.dll	`GetModuleHandleW` `HeapCreate` `GetStdHandle` `SetConsoleCtrlHandler` `HeapDestroy` `ExitProcess` `WriteFile` `GetTempFileNameW` `LoadLibraryExW` `EnumResourceTypesW` `FreeLibrary` `RemoveDirectoryW` `EnumResourceNamesW` `GetCommandLineW` `LoadResource` `SizeofResource` `FreeResource` `FindResourceW` `GetNativeSystemInfo` `GetShortPathNameW` `GetWindowsDirectoryW` `GetSystemDirectoryW` `EnterCriticalSection` `CloseHandle` `LeaveCriticalSection` `InitializeCriticalSection` `WaitForSingleObject` `TerminateThread` `CreateThread` `GetProcAddress` `GetVersionExW` `Sleep` `WideCharToMultiByte` `HeapAlloc` `HeapFree` `LoadLibraryW` `GetCurrentProcessId` `GetCurrentThreadId` `GetModuleFileNameW` `PeekNamedPipe` `TerminateProcess` `GetEnvironmentVariableW` `SetEnvironmentVariableW` `GetCurrentProcess` `DuplicateHandle` `CreatePipe` `CreateProcessW` `GetExitCodeProcess` `SetUnhandledExceptionFilter` `HeapSize` `MultiByteToWideChar` `CreateDirectoryW` `SetFileAttributesW` `GetTempPathW` `DeleteFileW` `GetCurrentDirectoryW` `SetCurrentDirectoryW` `CreateFileW` `SetFilePointer` `TlsFree` `TlsGetValue` `TlsSetValue` `TlsAlloc` `HeapReAlloc` `DeleteCriticalSection` `InterlockedCompareExchange` `InterlockedExchange` `GetLastError` `SetLastError` `UnregisterWait` `GetCurrentThread` `RegisterWaitForSingleObject`
USER32.DLL	`CharUpperW` `CharLowerW` `MessageBoxW` `DefWindowProcW` `DestroyWindow` `GetWindowLongW` `GetWindowTextLengthW` `GetWindowTextW` `UnregisterClassW` `LoadIconW` `LoadCursorW` `RegisterClassExW` `IsWindowEnabled` `EnableWindow` `GetSystemMetrics` `CreateWindowExW` `SetWindowLongW` `SendMessageW` `SetFocus` `CreateAcceleratorTableW` `SetForegroundWindow` `BringWindowToTop` `GetMessageW` `TranslateAcceleratorW` `TranslateMessage` `DispatchMessageW` `DestroyAcceleratorTable` `PostMessageW` `GetForegroundWindow` `GetWindowThreadProcessId` `IsWindowVisible` `EnumWindows` `SetWindowPos`
GDI32.DLL	`GetStockObject`
COMCTL32.DLL	`InitCommonControlsEx`
SHELL32.DLL	`ShellExecuteExW` `SHGetFolderLocation` `SHGetPathFromIDListW`
WINMM.DLL	`timeBeginPeriod`
OLE32.DLL	`CoInitialize` `CoTaskMemFree`
SHLWAPI.DLL	`PathAddBackslashW` `PathRenameExtensionW` `PathQuoteSpacesW` `PathRemoveArgsW` `PathRemoveBackslashW`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.74834`
MD5	`ceab3453f8b04614f5cf92a676b84988`
SHA1	`8e4ba97a700cf8feddbdfd2208cc3d0f99b6cbbe`
SHA256	`a1650ee05373947aa409c608d66e9b27ac7af579a45ecdc5aef4ad1139c57aa9`
SHA3	`469cb3941faa15925c730f8fcfcb59026959f2ec07362ebc7904960a05462f4f`

0C23EB7102

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`55a54008ad1ba589aa210d2629c1df41`
SHA1	`bf8b4530d8d246dd74ac53a13471bba17941dff7`
SHA256	`4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a`
SHA3	`2767f15c8af2f2c7225d5273fdd683edc714110a987d1054697c348aed4e6cc7`

51E67D9801A1719550CAAB87022EAAA4

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x7b01`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.9946`
MD5	`f2bf091e0463f4ca4a2d7f136ba1cb50`
SHA1	`52fe2b5fb2a85451bc379956d6ef3926fbc4e058`
SHA256	`78b404b33c1f28ae33c15c7c86ceb73e0fca0ce671ed892976870a1621e17e01`
SHA3	`0975cf5736b4a36339429d044cf47514389ec8d757953578dfb34f789bb82033`

77437A5C12997AF77B1E80648E04A7E80716E0ED

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.82516`
MD5	`9890a79a675d4dac6e277db2a568c54f`
SHA1	`230ae979fbb4de5f2c1bf95794c4b4dbf39a5ff8`
SHA256	`597f604577b7daf8712778505b3b564b9035f97724004451b93935ac83f214b1`
SHA3	`14cee927c8e03648ce842b236f8b291659fc023a7841728a6d85bc31298ce62b`

FD77740C962A64254583481A36EF58BA

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xe`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.23593`
MD5	`7bb55e591962edd967c9a3039407256c`
SHA1	`e84642313805d66ef70fdada202992d040a1c2cc`
SHA256	`8fcbd3ba77d0af716d0b3f342b877539512ba665a6c5ad7999a531bff05a6a91`
SHA3	`116f25e12adcabbb7a50c5223cf85536391d06d1114f226b2e5d018f6907ff91`

1 (#2)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.7815`
Detected Filetype	Icon file
MD5	`3c68f77c35c26ff079a1c410ee44fa62`
SHA1	`0b40150c95fc2c6414c90d44ee78b8d8814b3393`
SHA256	`a14e70ed824f3f17d3a51136aa08839954d6d3ccadaa067415c7bfc08e6636b0`
SHA3	`590dcbf2ec3f485a6c24e3e627f383ee7588eb49978321f12c07d8190a6c1396`

1 (#3)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x29c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34576`
MD5	`977f9887f53a7458c7b585e26bb61be1`
SHA1	`a61a1e5bc84836afac6ff9a9a34a8696cedff616`
SHA256	`fc855bcbff31e63a175d005795f6f15f61e7df006748e98a5febc0052b6f1cd2`
SHA3	`957410c840682a495a3b477e463544a7e86f5deb4b43010a3f300a851d635b19`

1 (#4)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2a0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.08821`
MD5	`ffd3b06250ba95d239365ef050b3627b`
SHA1	`16e3981245d8dbd44f33d93b203c02a44f3c2b95`
SHA256	`1c3703755b6e9a690e8eafaa0cc318f667cd5d4c06935b6e3cd07296df9e9dcd`
SHA3	`2c6baa84c172762978837565c2b2ed4f7716c0edaab79bda3a3ef74724426773`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.0.0.0
ProductVersion	0.0.0.0
FileFlags	`VS_FF_DEBUG` `VS_FF_PRERELEASE` `VS_FF_PRIVATEBUILD`
FileOs	`VOS_DOS` `VOS_DOS_WINDOWS16` `VOS_DOS_WINDOWS32` `VOS_OS232` `VOS_OS232_PM32` `VOS_WINCE` `VOS__PM32` `VOS__WINDOWS16`
FileType	`VFT_APP`
Language	English - United States
FileVersion (#2)	1.0.0
ProductVersion (#2)	1.0.0
ProductName	TDR DADDY Optimization
FileDescription	TDR DADDY Windows Optimization Tool
CompanyName	TDR DADDY
LegalCopyright	Â© 2026 TDR DADDY. All rights reserved

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.