Manalyze report for 27d56ef6eae2426423a075bc60d381ba79f24c8c5044ac97a447ba8a0a9d0d27

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-Aug-01 02:44:18
Detected languages	English - United States
CompanyName	RealDefense, Limited
FileDescription	SUPERPrivateBrowser
FileVersion	`1.0.0.41`
InternalName	SUPERPrivateBrowser
LegalCopyright	Copyright 2025 RealDefense, Limited. All rights reserved.
ProductName	SUPERPrivateBrowser
ProductVersion	`1.0.0.41`

Plugin Output

Suspicious	PEiD Signature:	`UPolyX V0.1 -> Delikon`
Info	Interesting strings found in the binary:	`Contains domain names: http://nsis.sf.net http://nsis.sf.net/NSIS_Error nsis.sf.net`
Suspicious	The PE is an NSIS installer	`Unusual section name found: .ndata`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Can access the registry: RegCreateKeyExW RegEnumKeyW RegQueryValueExW RegSetValueExW RegCloseKey RegDeleteValueW RegDeleteKeyW RegOpenKeyExW RegEnumValueW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: GetTempPathW CreateFileW` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Changes object ACLs: SetFileSecurityW` `Can shut the system down or lock the screen: ExitWindowsEx`
Info	The PE is digitally signed.	`Signer: RealDefense LLC` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Suspicious	VirusTotal score: 2/70 (Scanned on 2026-03-29 05:39:24)	`CrowdStrike: win/grayware_confidence_70% (D)` `DrWeb: Program.Unwanted.5706`

Hashes

MD5	`8c58d15c9863ccc81cfcd40ba5fad2b0`
SHA1	`628c7307cac8dee871dcef6e029f0214b054f67a`
SHA256	`27d56ef6eae2426423a075bc60d381ba79f24c8c5044ac97a447ba8a0a9d0d27`
SHA3	`e2a614a4f231b5685e1b7810adcb86c17b8b5f08cad655e74bca72745ce0e12e`
SSDeep	`24576:cgwTtSa8B/LXUzMdjDUSv3xB9zdXEyNe0j9tXsV1:cgqt1kLXUkjASPxfZeyc1`
Imports Hash	`c05041e01f84e1ccca9c4451f3b6a383`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2020-Aug-01 02:44:18
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x6600`
SizeOfInitializedData	`0x22a00`
SizeOfUninitializedData	`0x800`
AddressOfEntryPoint	`0x000035D8 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x8000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`6.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x4e000`
SizeOfHeaders	`0x400`
Checksum	`0x119f96`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`869e1d11bbf88d92521c022fa6f3d4f0`
SHA1	`3442c1bb49ba3c7bfc46618255cc471a7e3e3bb7`
SHA256	`7a538c35c247872f01b15c7f6c3ef38e2beb898ed0ee2831791dc252f682d7e4`
SHA3	`18176b457042f120366c90c49be5dfbfd7c65ac06c739b685d60bb7038e8d9a2`
VirtualSize	`0x6572`
VirtualAddress	`0x1000`
SizeOfRawData	`0x6600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.45392`

.rdata

MD5	`79e286249499b713a2ddbee33baa50da`
SHA1	`fe2bedee8c2ca0b3a39a9a62d201d08eee8b3f17`
SHA256	`83bea15184035cd426d88b077d6973382cb3ec99b72dda413183a0d751fcab2c`
SHA3	`12c7013e4c1c09d5a669b32a2e022721f8916191a733fbcdb2f1894d6a86c61c`
VirtualSize	`0x1398`
VirtualAddress	`0x8000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x6a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.13672`

.data

MD5	`b6d02c867f7bfbcf68de2cfeea94fd73`
SHA1	`ac77cc46ab8d1809c15541e5c084c069a6bf8107`
SHA256	`c49462737ce149cb4c498bfa3d56d6883dca161155785402c8af95c10e3d7e29`
SHA3	`ecd4b42a60e0ce1edc396ff446f1b645da4584097cd55da5e4ef561ef43a6174`
VirtualSize	`0x20378`
VirtualAddress	`0xa000`
SizeOfRawData	`0x600`
PointerToRawData	`0x7e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.09681`

.ndata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x18000`
VirtualAddress	`0x2b000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rsrc

MD5	`e10748542fbb90d18ff72c6c58c94d0c`
SHA1	`315cbb21e5812d745daccf0c7ebb1ad64ddbed2e`
SHA256	`270726ff4b4f6fdb4d03afbede72fe45ddcfadc3c3c65bb0e24dcbe353e75635`
SHA3	`19bf83d40afebe8ab9c8151e0e755228447df7b417564c445a99333194682f43`
VirtualSize	`0xa3e8`
VirtualAddress	`0x43000`
SizeOfRawData	`0xa400`
PointerToRawData	`0x8400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.26465`

Imports

ADVAPI32.dll	`RegCreateKeyExW` `RegEnumKeyW` `RegQueryValueExW` `RegSetValueExW` `RegCloseKey` `RegDeleteValueW` `RegDeleteKeyW` `AdjustTokenPrivileges` `LookupPrivilegeValueW` `OpenProcessToken` `SetFileSecurityW` `RegOpenKeyExW` `RegEnumValueW`
SHELL32.dll	`SHGetSpecialFolderLocation` `SHFileOperationW` `SHBrowseForFolderW` `SHGetPathFromIDListW` `ShellExecuteExW` `SHGetFileInfoW`
ole32.dll	`OleInitialize` `OleUninitialize` `CoCreateInstance` `IIDFromString` `CoTaskMemFree`
COMCTL32.dll	`#17` `ImageList_Create` `ImageList_Destroy` `ImageList_AddMasked`
USER32.dll	`GetClientRect` `EndPaint` `DrawTextW` `IsWindowEnabled` `DispatchMessageW` `wsprintfA` `CharNextA` `CharPrevW` `MessageBoxIndirectW` `GetDlgItemTextW` `SetDlgItemTextW` `GetSystemMetrics` `FillRect` `AppendMenuW` `TrackPopupMenu` `OpenClipboard` `SetClipboardData` `CloseClipboard` `IsWindowVisible` `CallWindowProcW` `GetMessagePos` `CheckDlgButton` `LoadCursorW` `SetCursor` `GetWindowLongW` `GetSysColor` `SetWindowPos` `PeekMessageW` `SetClassLongW` `GetSystemMenu` `EnableMenuItem` `GetWindowRect` `ScreenToClient` `EndDialog` `RegisterClassW` `SystemParametersInfoW` `CreateWindowExW` `GetClassInfoW` `DialogBoxParamW` `CharNextW` `ExitWindowsEx` `DestroyWindow` `CreateDialogParamW` `SetTimer` `SetWindowTextW` `PostQuitMessage` `SetForegroundWindow` `ShowWindow` `wsprintfW` `SendMessageTimeoutW` `FindWindowExW` `IsWindow` `GetDlgItem` `SetWindowLongW` `LoadImageW` `GetDC` `ReleaseDC` `EnableWindow` `InvalidateRect` `SendMessageW` `DefWindowProcW` `BeginPaint` `EmptyClipboard` `CreatePopupMenu`
GDI32.dll	`SetBkMode` `SetBkColor` `GetDeviceCaps` `CreateFontIndirectW` `CreateBrushIndirect` `DeleteObject` `SetTextColor` `SelectObject`
KERNEL32.dll	`GetExitCodeProcess` `WaitForSingleObject` `GetModuleHandleA` `GetProcAddress` `GetSystemDirectoryW` `lstrcatW` `Sleep` `lstrcpyA` `WriteFile` `GetTempFileNameW` `lstrcmpiA` `RemoveDirectoryW` `CreateProcessW` `CreateDirectoryW` `GetLastError` `CreateThread` `GlobalLock` `GlobalUnlock` `GetDiskFreeSpaceW` `WideCharToMultiByte` `lstrcpynW` `lstrlenW` `SetErrorMode` `GetVersion` `GetCommandLineW` `GetTempPathW` `GetWindowsDirectoryW` `SetEnvironmentVariableW` `ExitProcess` `CopyFileW` `GetCurrentProcess` `GetModuleFileNameW` `GetFileSize` `CreateFileW` `GetTickCount` `MulDiv` `SetFileAttributesW` `GetFileAttributesW` `SetCurrentDirectoryW` `MoveFileW` `GetFullPathNameW` `GetShortPathNameW` `SearchPathW` `CompareFileTime` `SetFileTime` `CloseHandle` `lstrcmpiW` `lstrcmpW` `ExpandEnvironmentStringsW` `GlobalFree` `GlobalAlloc` `GetModuleHandleW` `LoadLibraryExW` `MoveFileExW` `FreeLibrary` `WritePrivateProfileStringW` `GetPrivateProfileStringW` `lstrlenA` `MultiByteToWideChar` `ReadFile` `SetFilePointer` `FindClose` `FindNextFileW` `FindFirstFileW` `DeleteFileW`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3dee`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.87547`
Detected Filetype	PNG graphic file
MD5	`ac38dd03afae397bd1dce53e6ac339d2`
SHA1	`0ac0023c160ea3347810827ed363787b954ea780`
SHA256	`053681e00201fb35fb9fc6e8d1b07daf0a8bfda6c646d77eef6ab0cf4bc0f34e`
SHA3	`89731d4f711ef346d1117580f4d8e93895097ce059d6ce19a0e59417de0ffa38`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.95795`
MD5	`4fad109a6382958b36912be0a89eadaa`
SHA1	`f94ef580f0bddcb7409a57e67c09d1df0db46699`
SHA256	`330a9489bd0ce9b756982bd49a2a2f1f5cf6e80b42e0aa05ee65ba3fc92aed88`
SHA3	`163f892b67ce19638a9f47486e62cf5d6981f4f2410afcc32e572045e162fe06`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.99217`
MD5	`a9b1e520f6755846e557a976647569f6`
SHA1	`27ed006fd13ea7d7c1524b0ece62749e0c5e1082`
SHA256	`7c616b96ec210884cd7424b5d677e3050f8502c5ff1f419fb918249998786601`
SHA3	`88c8de2eaeca79bb49160c854233655d4c294ecf8dbeb109536dc2f6333cdb37`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.77262`
MD5	`1ef187a45c93ef72613b6ef463a11921`
SHA1	`01cb2e297b9e05d4387a2321ec54d9dc44c805f1`
SHA256	`7fcfd571c550f5f1822907c7daf6f72eeb411f0f1203bdb65bdc90029cf2c03b`
SHA3	`386fa4c6019457f28e3d012e43d01733fc7b624a4777a96bc6ef5c1da459d014`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.46922`
MD5	`ff59feb67fd5e24c375c200599ca7a19`
SHA1	`069c3b69a0cd7b9f3b96a8d006ee24dcbf48b652`
SHA256	`bdbcac2cba5922b92a347100ea9d8105099b55c59a1eaeb9ff885d8d4494e756`
SHA3	`5c1dec8cfa0fafc26e44662ec2d76c0fc9a714467dd081f13f8ddccfe9034ad7`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.55182`
MD5	`2c26eea6ed511d15542275e7d23e0900`
SHA1	`0d0c7a255539c178b52567104f6120e4faff4209`
SHA256	`8733503af0ef24ce2b80147d704c9da983fd6a8fd577c9fc40c9cb3dc5ac3bb3`
SHA3	`83e522329dc30cbd01a098ea472eadac71196c6674c7dcc3bf71f310a25c00b8`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.77838`
MD5	`103915aba01ccfb1e4d72c37b898b7a0`
SHA1	`e599b75f01192689622677a1418984475a5f78ba`
SHA256	`191715f160233fade1a4e5011b7db3d1e8525fa7b4073683a7e1333a7f7e034d`
SHA3	`05e1dd7aad503f593f1a341feb94ef27d362822328ee10e74319b864394a5fa3`

105

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x202`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.73893`
MD5	`386770584473e271f23dced36427f4ff`
SHA1	`d14ce95f784b35e4e3ebee535476ebcd3e380c19`
SHA256	`425b8270f7ca42a927eae6bea468acf414a3e4b58b5ba2c56aaae4d1b2c11014`
SHA3	`db13e5969376b27e8443eebff685230e2b74685aeb2fba73973f06e5cddc8662`

106

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xf8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.89384`
MD5	`3f145145da21614de72c0da073529fb6`
SHA1	`824b69a49adb1c6105446ed2d4fdf482d6a497ca`
SHA256	`2291b810e47f055ab2ff100618a8a9966f1fbf5fc0cb58e9f8fbb36ac7c983fa`
SHA3	`999c540cbf8b2538317695989c1e3c2913db9113267473fc49c24cac4119d558`

111

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xee`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.89887`
MD5	`663040d6315b1d6ce8c0334d182ed8fc`
SHA1	`ebcfff801a12fb8ad1200a4526fca8bd2c3e96cf`
SHA256	`cb3c86cbcb579244a6f819f9c1807a7e89b6e600982ec6ea0841fcdcb16a9efd`
SHA3	`6a25a2cb16aeb17693f10e8aaa0245c701701db571b458fde7830291a4a01cfc`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.71858`
Detected Filetype	Icon file
MD5	`feb0b0fab3acbe5af346c87178d39047`
SHA1	`9490e9c7b8c6a14a20edcff908626b112b9495b5`
SHA256	`14fec7743a7e0eae2bf2bbec6fce274d6eed5609e825b9e3b848403b4c4ef5d4`
SHA3	`a07edbab5e982f6860f8486990b4130e52ad8feb21b70812a71087a94ab592e7`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x30c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.37261`
MD5	`d95328dbc4399ad044b6057a88eac646`
SHA1	`10b9da1f83f579a68a34c09e562214e8875073eb`
SHA256	`0c539299f1128af0d0d878e6c8fedd1d86b036dd4efed62c50d036be0d6e70ea`
SHA3	`e154ffbc5a7341f9d34685047139cac61bd3ba7cd408b0c3782c5e84b298ab73`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x425`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.29826`
MD5	`af3abf33a5999828aec044433df68d1c`
SHA1	`fa545813c34d795fc80538e9822b52684fba8cb7`
SHA256	`fe56c4d72ed9a8b7abd27037ac9e852a203afbbe442b990a239c71bd1835919a`
SHA3	`a138038971744a7215aec9b2cfb0000a97580f764eb4d251e8d0d4cac0b680b9`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0`
FileVersion	1.0.0.41
ProductVersion	1.0.0.41
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	RealDefense, Limited
FileDescription	SUPERPrivateBrowser
FileVersion (#2)	1.0.0.41
InternalName	SUPERPrivateBrowser
LegalCopyright	Copyright 2025 RealDefense, Limited. All rights reserved.
ProductName	SUPERPrivateBrowser
ProductVersion (#2)	1.0.0.41

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xd26650e9`
Unmarked objects	`0`
C objects (VS2003 (.NET) build 4035)	`2`
Total imports	`165`
Imports (VS2003 (.NET) build 4035)	`15`
48 (9044)	`10`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

Errors

[*] Warning: Section .ndata has a size of 0!

Leave a comment

No comments yet.