Manalyze report for 291d650dfbef12ee78122de84b89b23e3da95e95384649606f20f4eb48365949

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Aug-19 19:38:32
Detected languages	English - United States
Debug artifacts	D:\a\x64dbg\x64dbg\bin\x64\loaddll.pdb

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryExA LoadLibraryW GetProcAddress LoadLibraryExW`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`cb5642e2bc06e75b90872a108bae125a`
SHA1	`67b92daa8cb11ee0879fc3936ac1917306e43604`
SHA256	`291d650dfbef12ee78122de84b89b23e3da95e95384649606f20f4eb48365949`
SHA3	`dbeb7ec780644f0340c4b4c5d8d3a97ce4253cf5f76b60f12a2d21ab3172f4b9`
SSDeep	`3072:Rt1KUVnfq2tc3b4O+wFwMd33mmMsn0ZNaokc6Xft:X1hVn4r4O+w5R0Z6bPt`
Imports Hash	`de664d7402212a3b78a60499f3aa70b6`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2025-Aug-19 19:38:32
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x14400`
SizeOfInitializedData	`0xee00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001568 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x7ff6dd410000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x28000`
SizeOfHeaders	`0x400`
Checksum	`0x2ba03`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`671c65cfef742851c77415b8accfde31`
SHA1	`62bcf84ac78d49ae8611c694e4fe9aa4e107252e`
SHA256	`1528c208f76f6855f71145c76e5c81fd5962be1b85f4274b55060050cc129dc3`
SHA3	`f781ef97d936d6a86768d8b9e20da4181c138dba131098d209ba514f87910123`
VirtualSize	`0x15000`
VirtualAddress	`0x1000`
SizeOfRawData	`0x14400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.48634`

.rdata

MD5	`a41b4fce11bd042d34cf698cb573bb37`
SHA1	`58878801897a9e263be236881e2df4b44d9ac26e`
SHA256	`a80288719a361d4bc9af9f1835a7d73502177dd02281a0e2f0d09024bd0c13cd`
SHA3	`ba1119fa482de0c8d64eb9fd97dd3eac08bce95e91b175415da85665fe6b8337`
VirtualSize	`0xb000`
VirtualAddress	`0x16000`
SizeOfRawData	`0xae00`
PointerToRawData	`0x14800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.15278`

.data

MD5	`c9def424128b0004fe2c3212039ca009`
SHA1	`cb88719aa00e1364a9a3b147621a65cf33c21b8e`
SHA256	`77efad10b94288e288e60e2ec218785f04b425fb2eed9ef397e2e1f6822c6946`
SHA3	`d5ee88ce272743257ceb7ca7c9bc1843f82c84f7445725dea4b69371bcb346f4`
VirtualSize	`0x2000`
VirtualAddress	`0x21000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x1f600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.67571`

.pdata

MD5	`8fc9dd13e2c24a9ad1e58b4856eceb3d`
SHA1	`32f77d9693cb9c785a5166f0fa32f0da601ca786`
SHA256	`9575e10534ef6f32e40a184fb5a573ef4166a088f9e97cbcbc40139f5344725c`
SHA3	`54d2f11768b2a3d3070273d2b29c1ab383e37cd6135dd7a154cdb362534556a2`
VirtualSize	`0x2000`
VirtualAddress	`0x23000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x21600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.70455`

.fptable

MD5	`8cad9fc240e3b85229e9972e1f651d3f`
SHA1	`d1a62026d07f66611f95f993e51e5d9485860209`
SHA256	`cf59214f555fbca13e608bdf81f007c9a7cddec0b6dde718ae106927ae941eb6`
SHA3	`c0ee3862cad4eae2923084375eab0c7fd56ca46de52269b9e93f7986b63f3ea8`
VirtualSize	`0x1000`
VirtualAddress	`0x25000`
SizeOfRawData	`0x200`
PointerToRawData	`0x22a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.343744`

.rsrc

MD5	`427f554a3525eb742c0443df523fadba`
SHA1	`283f3a10d73caef1bdb726707053fad157efd0b9`
SHA256	`f33f286a120e5312fcd9f6ccdce915cf210210489bb5182ed9ce4fdfbf2d7183`
SHA3	`7619ca681f4c9fa5579dbfb3a7df0b8dfb0344e2c1f8ba842488953abb505fac`
VirtualSize	`0x1000`
VirtualAddress	`0x26000`
SizeOfRawData	`0x200`
PointerToRawData	`0x22c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.71377`

.reloc

MD5	`407af550523f9a12b64d0af770ca75af`
SHA1	`fc45bffbfacc723375d3250d23c0454eea073fcd`
SHA256	`c577b0b20b730d098c11f706ca9ea664c4111fe4ba0ff725bbe996b779c658e9`
SHA3	`f71039dc32fa1c37c6ff18068666a9314e232560bac0bce186e56c001ce0fc37`
VirtualSize	`0x1000`
VirtualAddress	`0x27000`
SizeOfRawData	`0x800`
PointerToRawData	`0x22e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.95543`

Imports

ntdll.dll	`RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `RtlUnwindEx` `RtlPcToFileHeader` `RtlGetLastNtStatus`
KERNEL32.dll	`LoadLibraryExA` `CloseHandle` `GetLastError` `GetCurrentProcessId` `OpenFileMappingW` `MapViewOfFile` `UnmapViewOfFile` `LoadLibraryW` `lstrcpyW` `GetSystemInfo` `WriteConsoleW` `CreateFileW` `GetConsoleMode` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `GetStartupInfoW` `GetModuleHandleW` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `EncodePointer` `RaiseException` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `ExitProcess` `GetModuleHandleExW` `HeapFree` `HeapAlloc` `GetConsoleOutputCP` `GetFileType` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetStringTypeW` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `InitializeCriticalSectionEx` `VirtualProtect` `LCMapStringW` `GetProcessHeap` `SetFilePointerEx` `HeapSize` `HeapReAlloc` `FlushFileBuffers` `VirtualQuery`
USER32.dll (delay-loaded)	`MessageBoxW`

Delayed Imports

Attributes	`0x1`
Name	`USER32.dll`
ModuleHandle	`0x21ec0`
DelayImportAddressTable	`0x21aa0`
DelayImportNameTable	`0x202a8`
BoundDelayImportTable	`0x202c8`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Aug-19 19:38:32
Version	`0.0`
SizeofData	`63`
AddressOfRawData	`0x1eca4`
PointerToRawData	`0x1d4a4`
Referenced File	D:\a\x64dbg\x64dbg\bin\x64\loaddll.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Aug-19 19:38:32
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x1ece4`
PointerToRawData	`0x1d4e4`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Aug-19 19:38:32
Version	`0.0`
SizeofData	`960`
AddressOfRawData	`0x1ecf8`
PointerToRawData	`0x1d4f8`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x7ff6dd431000`

RICH Header

XOR Key	`0x2fd7b485`
Unmarked objects	`0`
C++ objects (33140)	`142`
C objects (33140)	`12`
ASM objects (33140)	`8`
ASM objects (35207)	`9`
C objects (35207)	`16`
Imports (33140)	`2`
C++ objects (35207)	`44`
Imports (VS2017 v15.2 compiler 25019)	`3`
Total imports	`102`
C++ objects (35214)	`1`
Resource objects (35214)	`1`
Linker (35214)	`1`

Errors

[*] Warning: The WIN_CERTIFICATE appears to be invalid.

Leave a comment

No comments yet.