Manalyze report for 2e59694472a6042021b80c988f0119fac7809b0f5261db9f537a873c66d13f94

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-Jan-25 21:16:28
TLS Callbacks	1 callback(s) detected.
Debug artifacts	cs2_dumper.pdb

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	PEiD Signature:	`PeStubOEP v1.x`
Info	Interesting strings found in the binary:	`Contains domain names: github.com https://github.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to RC5 or RC6`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot NtQueryInformationProcess` `Uses Windows's Native API: NtWriteFile NtReadFile NtQueryInformationProcess` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Manipulates other processes: WriteProcessMemory ReadProcessMemory Process32NextW Process32FirstW OpenProcess`
Safe	VirusTotal score: 0/69 (Scanned on 2026-02-23 10:02:08)	`All the AVs think this file is safe.`

Hashes

MD5	`0e1785b0394257d115733ed2521516d6`
SHA1	`62ab663a3167750cc4847198368e182ee38b3e17`
SHA256	`2e59694472a6042021b80c988f0119fac7809b0f5261db9f537a873c66d13f94`
SHA3	`a6f7ccd5cf266106b51ce8dca5f4e6c949a2ad278d9254f4924688ac83bb9f29`
SSDeep	`24576:DX1ozIyuzsUoPpXiKd9CksZgDdEb1vXVhlX+v74ksEJ5e93:b1ozIyuzsUoPpiMIZgD4VhlXM74kih`
Imports Hash	`8f37f7769cc6ba69d866565c69465ad7`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`5`
TimeDateStamp	2026-Jan-25 21:16:28
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x185e00`
SizeOfInitializedData	`0x85600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000016967C (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x20f000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`01feee44cf863b3a52d5efdf5ddb1c81`
SHA1	`c55293d441ddb3225debbbc55296df209a2aedf3`
SHA256	`f6c720bd6c03089a7c00cb6c19bb940cd33b3d0a1949c272ba2f972001dd34e4`
SHA3	`ce26d01678a717ba210fa737038c811691c79645fd1ce9cd98db093cea519aca`
VirtualSize	`0x185ddb`
VirtualAddress	`0x1000`
SizeOfRawData	`0x185e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.22829`

.rdata

MD5	`faa76fb41e6d53ee5e2f83bbb2c48d8a`
SHA1	`9e2c3d056d30a87ac6892e10d1862c0653561af9`
SHA256	`1eeea79a6cc2cf361a79e6bc28237bab1920a7138cc91f04656ede27a4bf6f74`
SHA3	`6916319abe31d5116e7dc9f93d917fe69ede126c37a552ed63cb67fb94294a20`
VirtualSize	`0x75036`
VirtualAddress	`0x187000`
SizeOfRawData	`0x75200`
PointerToRawData	`0x186200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.32183`

.data

MD5	`399990e2cfda0bb7f389bb7390f1329b`
SHA1	`7640f0b810e1b4c9b1f520b5924cc4c44831d5f9`
SHA256	`4e2e7b0975a3638e91753151c6ae8c995cd4fe284cd04cc7bc44449e4a963c8a`
SHA3	`c5d1d7864c3d8295bb968f12fafda3486fad414ddc7e88e5d5d3d16044ed8362`
VirtualSize	`0x3e0`
VirtualAddress	`0x1fd000`
SizeOfRawData	`0x400`
PointerToRawData	`0x1fb400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.1561`

.pdata

MD5	`796b3c1df13ed5df16a4f1c813a44ac3`
SHA1	`d999ccf28ba02a03718ef6f7111912c7cc9d5a07`
SHA256	`8616e83cb5d995c09bef35852e65d0521140699b0a977884f82d6cb819e1b205`
SHA3	`53122192f4ba7d763060121b321138b0b672459029377fe95ccc5524e46aaacd`
VirtualSize	`0xc798`
VirtualAddress	`0x1fe000`
SizeOfRawData	`0xc800`
PointerToRawData	`0x1fb800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.18949`

.reloc

MD5	`5cce687d86c005356f6b1fe1d2a0b758`
SHA1	`94a664443296cf986c54327fb7683b459d493660`
SHA256	`d9fda5e94902f6fe4a78a44fb2040a500162f80d0fa58caade6ed33757ef4a69`
SHA3	`a0878827d0891e7d5c8acb315de37ba755d37847da48247c04e742c9fb666627`
VirtualSize	`0x36b0`
VirtualAddress	`0x20b000`
SizeOfRawData	`0x3800`
PointerToRawData	`0x208000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.43474`

Imports

kernel32.dll	`SetFileInformationByHandle` `GetFileInformationByHandle` `GetFileInformationByHandleEx` `GetFileType` `GetFullPathNameW` `WriteConsoleW` `GetConsoleOutputCP` `GetConsoleMode` `GetStdHandle` `GetTimeZoneInformationForYear` `LoadLibraryExW` `GetModuleFileNameW` `GetSystemTimePreciseAsFileTime` `FindClose` `GetProcAddress` `InitializeSListHead` `FindNextFileW` `ExitProcess` `FormatMessageW` `HeapAlloc` `SetConsoleTextAttribute` `SetConsoleMode` `WaitForSingleObject` `ReleaseMutex` `CreateMutexA` `GetCurrentProcessId` `WaitForSingleObjectEx` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `GetCurrentThreadId` `Sleep` `SetUnhandledExceptionFilter` `GetCurrentProcess` `WriteProcessMemory` `IsDebuggerPresent` `ReadProcessMemory` `Process32NextW` `Process32FirstW` `CreateToolhelp32Snapshot` `K32EnumProcessModulesEx` `IsProcessorFeaturePresent` `K32GetModuleInformation` `K32GetModuleFileNameExA` `VirtualQueryEx` `OpenProcess` `UnhandledExceptionFilter` `FreeLibrary` `SetThreadErrorMode` `GetCurrentThread` `SetThreadStackGuarantee` `AddVectoredExceptionHandler` `SetLastError` `CloseHandle` `GetConsoleScreenBufferInfo` `GetLastError` `HeapReAlloc` `HeapFree` `FindFirstFileExW` `GetProcessHeap` `GetSystemTimeAsFileTime`
api-ms-win-core-synch-l1-2-0.dll	`WaitOnAddress` `WakeByAddressSingle` `WakeByAddressAll`
ntdll.dll	`RtlNtStatusToDosError` `NtWriteFile` `NtReadFile` `NtQueryInformationProcess`
advapi32.dll	`AdjustTokenPrivileges` `LookupPrivilegeValueA` `OpenProcessToken`
user32.dll	`GetKeyState` `GetKeyboardState`
ole32.dll	`CoTaskMemFree`
oleaut32.dll	`GetErrorInfo`
bcryptprimitives.dll	`ProcessPrng`
KERNEL32.dll	`GetCommandLineW` `lstrlenW` `QueryPerformanceCounter` `GetModuleHandleA` `GetCurrentDirectoryW` `LoadLibraryA` `WideCharToMultiByte` `MultiByteToWideChar` `GetEnvironmentVariableW` `QueryPerformanceFrequency` `GetModuleHandleW` `CreateFileW` `CreateDirectoryW`
shell32.dll	`SHGetKnownFolderPath`
VCRUNTIME140.dll	`__CxxFrameHandler3` `memcmp` `memmove` `memcpy` `memset` `_CxxThrowException` `__C_specific_handler` `__current_exception` `__current_exception_context`
api-ms-win-crt-string-l1-1-0.dll	`strlen`
api-ms-win-crt-runtime-l1-1-0.dll	`exit` `_exit` `_get_initial_narrow_environment` `_initialize_narrow_environment` `terminate` `_cexit` `_configure_narrow_argv` `_c_exit` `_set_app_type` `_initterm_e` `_register_thread_local_exe_atexit_callback` `__p___argv` `_initterm` `__p___argc` `_initialize_onexit_table` `_seh_filter_exe` `_register_onexit_function` `_crt_atexit`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-stdio-l1-1-0.dll	`_set_fmode` `__p__commode`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `free`

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Jan-25 21:16:28
Version	`0.0`
SizeofData	`39`
AddressOfRawData	`0x1cfeec`
PointerToRawData	`0x1cf0ec`
Referenced File	cs2_dumper.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Jan-25 21:16:28
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x1cff14`
PointerToRawData	`0x1cf114`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Jan-25 21:16:28
Version	`0.0`
SizeofData	`816`
AddressOfRawData	`0x1cff28`
PointerToRawData	`0x1cf128`

TLS Callbacks

StartAddressOfRawData	`0x1401d0278`
EndAddressOfRawData	`0x1401d03a8`
AddressOfIndex	`0x1401fd350`
AddressOfCallbacks	`0x1401874e0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`0x000000014015CB20`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1401fd1c0`

RICH Header

XOR Key	`0xa69ebd4e`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`12`
Imports (35207)	`2`
ASM objects (35207)	`3`
C objects (35207)	`9`
C++ objects (35207)	`23`
Imports (30151)	`2`
Imports (33145)	`3`
Total imports	`129`
Unmarked objects (#2)	`27`
Linker (35219)	`1`

Errors

Leave a comment

No comments yet.