Manalyze report for 3265be29b86b8fca818eb826e9d114c8e8495d8f146cbe9194b771b35756bd95

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2025-Dec-06 19:46:02
Detected languages	English - United States
Debug artifacts	C:\Users\bhaie\Documents\ABI ANITCHEAT DCO\x64\Release\ABI ANITCHEAT DCO.pdb

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: taskmgr.exe`
Info	Cryptographic algorithms detected in the binary:	`Uses known Mersenne Twister constants`
Malicious	The PE contains functions mostly used by malware.	`Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Possibly launches other programs: system` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Manipulates other processes: OpenProcess Process32NextW Process32FirstW`
Suspicious	VirusTotal score: 1/71 (Scanned on 2026-04-19 23:36:21)	`APEX: Malicious`

Hashes

MD5	`ece0d25a9e4b029a5ad229c2b914aef5`
SHA1	`a08ef703b0da7bab68f61dc4982c889316d1c097`
SHA256	`3265be29b86b8fca818eb826e9d114c8e8495d8f146cbe9194b771b35756bd95`
SHA3	`4e12b84aaf312ce83fcd63c5d906d1e42555d4c9347bbe71a4ae9b0a34d0f2d5`
SSDeep	`768:2tITmATnRNHNDgyZ70DF1fqhJebolbkZFn/9mNxfp7GvfyS7SDMItEST9W2ibVr:h1TRNl3Z7NbebOkZ9uCijibZYh`
Imports Hash	`41a3ba504bb45f5a75fd3d84ffc6b5ce`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2025-Dec-06 19:46:02
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x8400`
SizeOfInitializedData	`0x8400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000084A0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x16000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`4285a3b1f8456af63ff2ab79c8b7c46d`
SHA1	`8b2c5d9b97e703a7d8c173c9fdee92683855efc9`
SHA256	`2609a223c9dce78e00672c41de79b251d3f2f223c3b6a1979846e715d4d601bd`
SHA3	`d3eee6f9cc06fff05c7b45da905b02729cef98e09fd8b5fdbd10663993ec5fc5`
VirtualSize	`0x83e3`
VirtualAddress	`0x1000`
SizeOfRawData	`0x8400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.20209`

.rdata

MD5	`21ddb3dace5a52a3bc02b4cecea8b023`
SHA1	`7401bdf7cc6614198f2fa716ea826c488b2d3ac0`
SHA256	`c54c2a8653ac334b2b2a7cb492e03dac5c9ba11e3b23f34be94c87e3f3e36962`
SHA3	`5024151e660b250576dd5cfee6d1d20ef0f4670836e362268991f58fd4982d6d`
VirtualSize	`0x72e6`
VirtualAddress	`0xa000`
SizeOfRawData	`0x7400`
PointerToRawData	`0x8800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.35009`

.data

MD5	`5816ec12af5abe4b3366c204c6831dde`
SHA1	`52c85f5921c2609f54fa2f1cba0c533fd849dd3d`
SHA256	`3e9e7ea01b7277c002703d49c69efdb2453b19be9f3f14cb03af56a855ea5b5a`
SHA3	`d4776340de2e19046953ac645c5b0444aee81ae71b030a3c0460a655d2061061`
VirtualSize	`0x220`
VirtualAddress	`0x12000`
SizeOfRawData	`0x200`
PointerToRawData	`0xfc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.37009`

.pdata

MD5	`d5996b8ef348cd257a3c808d24d66900`
SHA1	`dfdc0a4951d891e9d56d5413da1d9a577c90fb7a`
SHA256	`fcdd7d41734798f3873aeca357789322c9d510e47c33cbefad434f41f814b691`
SHA3	`c7a9fd61a358bffa15e4ed3b854bd32ce715abebe240381adfbfd13c02d0c63d`
VirtualSize	`0x624`
VirtualAddress	`0x13000`
SizeOfRawData	`0x800`
PointerToRawData	`0xfe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.57494`

.rsrc

MD5	`f1b801d7cee918c8de20c6e09bf27838`
SHA1	`8089325985b9f78b361d2bef5ce408f2815c083a`
SHA256	`c996b4e7ac2116baf910d8892f417cadac44e190cba77ea251a150063e0cd005`
SHA3	`8f0e1b4d3ea8f1ffce29558e1a6915fe1d68bf9c30b0f524267cdff4179fe746`
VirtualSize	`0x1e0`
VirtualAddress	`0x14000`
SizeOfRawData	`0x200`
PointerToRawData	`0x10600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.71006`

.reloc

MD5	`1ea52771a45838073d675f88ea9c31ed`
SHA1	`b9209e4c3c3bd1ef8458e5f9939d5e90eccb2e64`
SHA256	`9b999fdf4332a6ad11081a037abc55738a472711fcba9adc025085d00d44b2a5`
SHA3	`8f354bcbae11ed1ec1da68ae0e14e177dfd99187b9d976e1ecbcb1a1bcc63b5f`
VirtualSize	`0x70`
VirtualAddress	`0x15000`
SizeOfRawData	`0x200`
PointerToRawData	`0x10800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.38376`

Imports

KERNEL32.dll	`SetConsoleMode` `GetProcessId` `K32GetModuleFileNameExW` `Thread32Next` `Thread32First` `DuplicateHandle` `OpenProcess` `CreateToolhelp32Snapshot` `Sleep` `GetConsoleMode` `GetLastError` `Process32NextW` `K32GetModuleBaseNameW` `Process32FirstW` `CloseHandle` `GetStdHandle` `Beep` `GetProcAddress` `GetCurrentProcessId` `GetModuleHandleW` `GetConsoleWindow` `Module32NextW` `SetConsoleCursorPosition` `OpenThread` `SetUnhandledExceptionFilter` `InitializeSListHead` `GetSystemTimeAsFileTime` `QueryPerformanceCounter` `GetCurrentThreadId` `GetCurrentProcess` `SetConsoleTitleA` `SetConsoleTextAttribute` `Module32FirstW` `GetConsoleScreenBufferInfo`
USER32.dll	`DeleteMenu` `GetWindowLongW` `EnumWindows` `PostMessageW` `GetWindowThreadProcessId` `GetSystemMenu`
ADVAPI32.dll	`AdjustTokenPrivileges` `OpenProcessToken` `GetTokenInformation` `LookupPrivilegeValueW`
MSVCP140.dll	`?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ` `?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A` `?_Xbad_alloc@std@@YAXXZ` `?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A` `?_Id_cnt@id@locale@std@@0HA` `?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?wcerr@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A` `?_Random_device@std@@YAIXZ` `?_Xlength_error@std@@YAXPEBD@Z` `?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z` `_Cnd_do_broadcast_at_thread_exit` `_Thrd_id` `_Query_perf_counter` `_Thrd_join` `?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z` `?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `?uncaught_exceptions@std@@YAHXZ` `?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ` `?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z` `?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z` `?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z` `?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z` `?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z` `?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z` `?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ` `?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z` `?getloc@ios_base@std@@QEBA?AVlocale@2@XZ` `?good@ios_base@std@@QEBA_NXZ` `?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A` `?_Throw_Cpp_error@std@@YAXH@Z` `??0_Lockit@std@@QEAA@H@Z` `??1_Lockit@std@@QEAA@XZ` `_Query_perf_frequency` `?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A`
WINTRUST.dll	`WinVerifyTrust`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`__current_exception_context` `__std_exception_destroy` `__current_exception` `memset` `_CxxThrowException` `__C_specific_handler` `__std_terminate` `memmove` `memcpy` `memcmp` `__std_exception_copy`
api-ms-win-crt-heap-l1-1-0.dll	`free` `malloc` `realloc` `_set_new_mode` `_callnewh`
api-ms-win-crt-time-l1-1-0.dll	`_time64` `strftime` `_localtime64_s`
api-ms-win-crt-runtime-l1-1-0.dll	`__p___argv` `__p___argc` `_c_exit` `_register_thread_local_exe_atexit_callback` `_beginthreadex` `_exit` `exit` `_initialize_onexit_table` `_register_onexit_function` `_crt_atexit` `_initterm_e` `_initterm` `_get_initial_narrow_environment` `_configure_narrow_argv` `_set_app_type` `_seh_filter_exe` `system` `_cexit` `terminate` `_initialize_narrow_environment`
api-ms-win-crt-conio-l1-1-0.dll	`_getch`
api-ms-win-crt-string-l1-1-0.dll	`tolower` `strlen` `wcslen`
api-ms-win-crt-utility-l1-1-0.dll	`rand`
api-ms-win-crt-stdio-l1-1-0.dll	`__p__commode` `_set_fmode` `__stdio_common_vsprintf`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Dec-06 19:46:02
Version	`0.0`
SizeofData	`101`
AddressOfRawData	`0xe774`
PointerToRawData	`0xcf74`
Referenced File	C:\Users\bhaie\Documents\ABI ANITCHEAT DCO\x64\Release\ABI ANITCHEAT DCO.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Dec-06 19:46:02
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0xe7dc`
PointerToRawData	`0xcfdc`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Dec-06 19:46:02
Version	`0.0`
SizeofData	`780`
AddressOfRawData	`0xe7f0`
PointerToRawData	`0xcff0`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2025-Dec-06 19:46:02
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140012040`

RICH Header

XOR Key	`0x9c9333a0`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`18`
ASM objects (35403)	`4`
C objects (35403)	`10`
C++ objects (35403)	`30`
Imports (35403)	`6`
Imports (33145)	`9`
Total imports	`203`
C++ objects (LTCG) (35719)	`1`
Resource objects (35719)	`1`
Linker (35719)	`1`

Errors

Leave a comment

No comments yet.