Manalyze report for 2fd35ed72f3edb04bee9677fd08d0c709a1ce9ff0d46f2e7a6515244d258a69c

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2022-Nov-05 12:09:55
Detected languages	Chinese - PRC English - United States
Debug artifacts	D:\sources\java\HMCL\HMCLauncher\Release\HMCLauncher.pdb
CompanyName	huanghongxun
FileDescription	Hello Minecraft! Launcher For Windows
FileVersion	`3.5.0.0`
InternalName	HMCL.exe
LegalCopyright	Copyright (C) 2021 huangyuhui
OriginalFilename	HMCL.exe
ProductName	Hello Minecraft! Launcher
ProductVersion	`3.5.0.0`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	Interesting strings found in the binary:	`Contains domain names: bell-sw.com download.bell-sw.com https://aka.ms https://download.bell-sw.com https://download.bell-sw.com/java/17.0.4.1+1/bellsoft-jre17.0.4.1+1-windows-i586-full.msi https://www.java.com paint.net www.java.com`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Can access the registry: RegCloseKey RegEnumKeyExW RegQueryInfoKeyW RegOpenKeyExW RegQueryValueExW` `Possibly launches other programs: CreateProcessW ShellExecuteW`
Suspicious	The file contains overlay data.	`4811750 bytes of data starting at offset 0x18600.` `The overlay data has an entropy of 7.96472 and is possibly compressed or encrypted.` `Overlay data amounts for 97.9673% of the executable.`
Malicious	VirusTotal score: 26/71 (Scanned on 2024-06-19 11:05:43)	`ALYac: Trojan.GenericKD.72786229` `Antiy-AVL: Trojan/Win32.SGeneric` `Arcabit: Trojan.Generic.D456A135` `BitDefender: Trojan.GenericKD.72786229` `Cybereason: malicious.10ef68` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `Elastic: malicious (moderate confidence)` `Emsisoft: Trojan.GenericKD.72786229 (B)` `FireEye: Trojan.GenericKD.72786229` `Fortinet: W32/PossibleThreat` `GData: Trojan.GenericKD.72786229` `Jiangmin: Trojan.Starter.fi` `Lionic: Trojan.Win32.Generic.4!c` `MAX: malware (ai score=84)` `Malwarebytes: Malware.AI.3982725161` `MaxSecure: Win.MxResIcn.Heur.Gen` `McAfee: Artemis!B03269510EF6` `McAfeeD: ti!2FD35ED72F3E` `MicroWorld-eScan: Trojan.GenericKD.72786229` `Sangfor: Trojan.Win32.Agent.V98u` `TrendMicro-HouseCall: TROJ_GEN.R002H09EM24` `VIPRE: Trojan.GenericKD.72786229` `Webroot: W32.Malware.Gen` `Zillya: Trojan.Agent.Win32.3270555` `alibabacloud: Suspicious`

Hashes

MD5	`b03269510ef685f5aced7e8d5594acc5`
SHA1	`6c0723515fb377fd1b1871c72c53742838c8023b`
SHA256	`2fd35ed72f3edb04bee9677fd08d0c709a1ce9ff0d46f2e7a6515244d258a69c`
SHA3	`e3a6b86aa531b8c34383d370486c486ab5b76fcf89bb0dd5152b1722a70938e0`
SSDeep	`98304:lDlR2faIp7DNc7vhiHFHZrsApWP86cdUtkDljFl/F+:UfhpnNc74lBewytkh5lc`
Imports Hash	`4d8dd026b2129d1c67998644d6b39021`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2022-Nov-05 12:09:55
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0xe400`
SizeOfInitializedData	`0xa800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000037ED (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x10000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x1d000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`858124ada62d8124ec1811c07fce6060`
SHA1	`432ff471569c7868677e26cb649aed16822f34d0`
SHA256	`393b86cf07736fb8051cb90fe01907d1b5f6cb8b81dbea0a70c3c5498d254289`
SHA3	`101f19a066b01ff8858f318e7799f90e77ff343679a39d05eb06dd46649b4415`
VirtualSize	`0xe32b`
VirtualAddress	`0x1000`
SizeOfRawData	`0xe400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.57527`

.rdata

MD5	`005cf71609e94edb514efc3f512e1961`
SHA1	`49ba6ebb69e9f770b111a0e8213f668eac0f7ddf`
SHA256	`d6c1cd4708cea0c35ad7e1850fc4930b710b25525b2bf1043a69bd83871bb073`
SHA3	`751f7f84beb2c17d8b8b7c55edd7bd8353e8a46263f834b4d6b0d085dc7c6ce2`
VirtualSize	`0x69ea`
VirtualAddress	`0x10000`
SizeOfRawData	`0x6a00`
PointerToRawData	`0xe800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.80047`

.data

MD5	`19265820c304a4f6ad5a43d27d867fd5`
SHA1	`a614a4663e3ed9fc60a0dc2c6eb00b810e6a5b9b`
SHA256	`e02815786a83ee97105596e270315215ed65a8776d2426c44c2818e5cb740a23`
SHA3	`1b01972f85747547c1c0e80d9087904b9c8a14adccd4b7ce488665c3b03ca996`
VirtualSize	`0x13e8`
VirtualAddress	`0x17000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x15200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.35093`

.rsrc

MD5	`4233a35551f335e79dd8e6a1615af1e3`
SHA1	`0de6260f879f239c8f0d757bd3c0d1cd5d2494f3`
SHA256	`1e82a2c53b46399c33dbf9e6735d216e7a9528ab2a4c80d0013e443e9dadd2a7`
SHA3	`e66f491b10cdc93fd08661dc700fc09a65abecff14748c48e253510540949266`
VirtualSize	`0x1758`
VirtualAddress	`0x19000`
SizeOfRawData	`0x1800`
PointerToRawData	`0x15c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.27974`

.reloc

MD5	`ae33605fe965e6f8c6eb751a25f22f44`
SHA1	`8fb49a3a27ca6e2685d76e000658fbc32750cdaa`
SHA256	`f6d75e76835be41a05fe3c417d95a2248e25e05c080c0a0b33b930b08eb2eb40`
SHA3	`7d970adf64a72759193f835a6c78e485ce51bc0c36ffea6977b673531b3ec152`
VirtualSize	`0x1084`
VirtualAddress	`0x1b000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x17400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.32216`

Imports

VERSION.dll	`GetFileVersionInfoSizeW` `GetFileVersionInfoW` `VerQueryValueW`
KERNEL32.dll	`FindClose` `GetUserDefaultUILanguage` `VerSetConditionMask` `VerifyVersionInfoW` `GetNativeSystemInfo` `GetModuleFileNameW` `FindNextFileW` `GetEnvironmentVariableW` `CreateProcessW` `GetConsoleMode` `GetConsoleCP` `FlushFileBuffers` `FindFirstFileW` `SetFilePointerEx` `WriteConsoleW` `DecodePointer` `GetLastError` `TlsGetValue` `HeapReAlloc` `HeapSize` `GetProcessHeap` `GetStringTypeW` `GetFileType` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `GetStartupInfoW` `GetModuleHandleW` `RtlUnwind` `RaiseException` `SetLastError` `EncodePointer` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `CreateFileW` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `ExitProcess` `GetModuleHandleExW` `GetStdHandle` `WriteFile` `MultiByteToWideChar` `WideCharToMultiByte` `GetACP` `LCMapStringW` `HeapAlloc` `CloseHandle` `HeapFree` `FindFirstFileExW` `IsValidCodePage` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle`
USER32.dll	`MessageBoxW`
ADVAPI32.dll	`RegCloseKey` `RegEnumKeyExW` `RegQueryInfoKeyW` `RegOpenKeyExW` `RegQueryValueExW`
SHELL32.dll	`ShellExecuteW` `SHGetFolderPathW`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x1779c`

NvOptimusEnablement

Ordinal	`2`
Address	`0x177a0`

1

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.64797`
MD5	`95538df203960d85c38e220df879c08a`
SHA1	`e7787ae043ee99164500bfda607511712bb4f0ea`
SHA256	`b341d96f73141345842746dda091237ec14878350d199039d012a24a832fd260`
SHA3	`6629fbf067a99bd4698478c99348828ba68011796b17446d0f954a1a91139b36`

7

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x30`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.22202`
MD5	`6424cc4b7c8ed38c6efcffafa1326374`
SHA1	`650c5d77f664a2129d0b9294a737f6a40e5f7303`
SHA256	`0179009086d9f96f6f40227727c49fcda53395abdf41cb21ac13f61db1394f5f`
SHA3	`e64dc39719129b6df5e8f9a93c7a86c47f32681ae864a2aa6f70cfe60a9e9172`

109

Type	`RT_ACCELERATOR`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x10`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.79879`
MD5	`3d2b1af3424dbcd504f73918619c7d99`
SHA1	`10d6ed54ea742211a14a05414883f6c00c03080a`
SHA256	`c2f0c188d6c493d7827bf83fb89c704815796445a0178bb2ae79658d96703a3c`
SHA3	`b8c5f28d2c132e5bc304e4dc1b314a3f32a2e48675c06828a2a8a014ea05e7fb`

107

Type	`RT_GROUP_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.7815`
Detected Filetype	Icon file
MD5	`3c68f77c35c26ff079a1c410ee44fa62`
SHA1	`0b40150c95fc2c6414c90d44ee78b8d8814b3393`
SHA256	`a14e70ed824f3f17d3a51136aa08839954d6d3ccadaa067415c7bfc08e6636b0`
SHA3	`590dcbf2ec3f485a6c24e3e627f383ee7588eb49978321f12c07d8190a6c1396`

1 (#2)

Type	`RT_VERSION`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x314`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41748`
MD5	`5c8124154cee214409476f6050dd2efb`
SHA1	`2bb672c842e760103d93e2f6edd17efa33a132ab`
SHA256	`40a5d62fb4d0811d38f2421942f188ca78c3311a5529e66a7bcfe40003b2d91b`
SHA3	`94426e50012512d15517bc65c93643243418d5ee97a362a73e6b6d0846369c8e`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

String Table contents

HMCL
HMCL

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	3.4.0.0
ProductVersion	3.4.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	Chinese - PRC
CompanyName	huanghongxun
FileDescription	Hello Minecraft! Launcher For Windows
FileVersion (#2)	3.5.0.0
InternalName	HMCL.exe
LegalCopyright	Copyright (C) 2021 huangyuhui
OriginalFilename	HMCL.exe
ProductName	Hello Minecraft! Launcher
ProductVersion (#2)	3.5.0.0

Resource LangID	Chinese - PRC

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2022-Nov-05 12:09:55
Version	`0.0`
SizeofData	`81`
AddressOfRawData	`0x15734`
PointerToRawData	`0x13f34`
Referenced File	D:\sources\java\HMCL\HMCLauncher\Release\HMCLauncher.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2022-Nov-05 12:09:55
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x15788`
PointerToRawData	`0x13f88`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2022-Nov-05 12:09:55
Version	`0.0`
SizeofData	`764`
AddressOfRawData	`0x1579c`
PointerToRawData	`0x13f9c`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2022-Nov-05 12:09:55
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0xa0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x417004`
SEHandlerTable	`0x415710`
SEHandlerCount	`9`

RICH Header

XOR Key	`0xb8e80c4c`
Unmarked objects	`0`
241 (40116)	`10`
243 (40116)	`123`
242 (40116)	`24`
C objects (VS 2015/2017 runtime 26706)	`17`
ASM objects (VS 2015/2017 runtime 26706)	`18`
C++ objects (VS 2015/2017 runtime 26706)	`41`
Imports (VS2008 SP1 build 30729)	`13`
Total imports	`105`
C++ objects (LTCG) (27045)	`5`
Exports (27045)	`1`
Resource objects (27045)	`1`
151	`1`
Linker (27045)	`1`

Errors

Leave a comment

No comments yet.