3265be29b86b8fca818eb826e9d114c8e8495d8f146cbe9194b771b35756bd95

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2025-Dec-06 19:46:02
Detected languages English - United States
Debug artifacts C:\Users\bhaie\Documents\ABI ANITCHEAT DCO\x64\Release\ABI ANITCHEAT DCO.pdb

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: Contains references to system / monitoring tools:
  • taskmgr.exe
Info Cryptographic algorithms detected in the binary: Uses known Mersenne Twister constants
Malicious The PE contains functions mostly used by malware. Functions which can be used for anti-debugging purposes:
  • CreateToolhelp32Snapshot
Possibly launches other programs:
  • system
Functions related to the privilege level:
  • AdjustTokenPrivileges
  • OpenProcessToken
Manipulates other processes:
  • OpenProcess
  • Process32NextW
  • Process32FirstW
Suspicious VirusTotal score: 1/71 (Scanned on 2026-04-19 23:36:21) APEX: Malicious

Hashes

MD5 ece0d25a9e4b029a5ad229c2b914aef5
SHA1 a08ef703b0da7bab68f61dc4982c889316d1c097
SHA256 3265be29b86b8fca818eb826e9d114c8e8495d8f146cbe9194b771b35756bd95
SHA3 4e12b84aaf312ce83fcd63c5d906d1e42555d4c9347bbe71a4ae9b0a34d0f2d5
SSDeep 768:2tITmATnRNHNDgyZ70DF1fqhJebolbkZFn/9mNxfp7GvfyS7SDMItEST9W2ibVr:h1TRNl3Z7NbebOkZ9uCijibZYh
Imports Hash 41a3ba504bb45f5a75fd3d84ffc6b5ce

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2025-Dec-06 19:46:02
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x8400
SizeOfInitializedData 0x8400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00000000000084A0 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x16000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 4285a3b1f8456af63ff2ab79c8b7c46d
SHA1 8b2c5d9b97e703a7d8c173c9fdee92683855efc9
SHA256 2609a223c9dce78e00672c41de79b251d3f2f223c3b6a1979846e715d4d601bd
SHA3 d3eee6f9cc06fff05c7b45da905b02729cef98e09fd8b5fdbd10663993ec5fc5
VirtualSize 0x83e3
VirtualAddress 0x1000
SizeOfRawData 0x8400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.20209

.rdata

MD5 21ddb3dace5a52a3bc02b4cecea8b023
SHA1 7401bdf7cc6614198f2fa716ea826c488b2d3ac0
SHA256 c54c2a8653ac334b2b2a7cb492e03dac5c9ba11e3b23f34be94c87e3f3e36962
SHA3 5024151e660b250576dd5cfee6d1d20ef0f4670836e362268991f58fd4982d6d
VirtualSize 0x72e6
VirtualAddress 0xa000
SizeOfRawData 0x7400
PointerToRawData 0x8800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.35009

.data

MD5 5816ec12af5abe4b3366c204c6831dde
SHA1 52c85f5921c2609f54fa2f1cba0c533fd849dd3d
SHA256 3e9e7ea01b7277c002703d49c69efdb2453b19be9f3f14cb03af56a855ea5b5a
SHA3 d4776340de2e19046953ac645c5b0444aee81ae71b030a3c0460a655d2061061
VirtualSize 0x220
VirtualAddress 0x12000
SizeOfRawData 0x200
PointerToRawData 0xfc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.37009

.pdata

MD5 d5996b8ef348cd257a3c808d24d66900
SHA1 dfdc0a4951d891e9d56d5413da1d9a577c90fb7a
SHA256 fcdd7d41734798f3873aeca357789322c9d510e47c33cbefad434f41f814b691
SHA3 c7a9fd61a358bffa15e4ed3b854bd32ce715abebe240381adfbfd13c02d0c63d
VirtualSize 0x624
VirtualAddress 0x13000
SizeOfRawData 0x800
PointerToRawData 0xfe00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.57494

.rsrc

MD5 f1b801d7cee918c8de20c6e09bf27838
SHA1 8089325985b9f78b361d2bef5ce408f2815c083a
SHA256 c996b4e7ac2116baf910d8892f417cadac44e190cba77ea251a150063e0cd005
SHA3 8f0e1b4d3ea8f1ffce29558e1a6915fe1d68bf9c30b0f524267cdff4179fe746
VirtualSize 0x1e0
VirtualAddress 0x14000
SizeOfRawData 0x200
PointerToRawData 0x10600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.71006

.reloc

MD5 1ea52771a45838073d675f88ea9c31ed
SHA1 b9209e4c3c3bd1ef8458e5f9939d5e90eccb2e64
SHA256 9b999fdf4332a6ad11081a037abc55738a472711fcba9adc025085d00d44b2a5
SHA3 8f354bcbae11ed1ec1da68ae0e14e177dfd99187b9d976e1ecbcb1a1bcc63b5f
VirtualSize 0x70
VirtualAddress 0x15000
SizeOfRawData 0x200
PointerToRawData 0x10800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 1.38376

Imports

KERNEL32.dll SetConsoleMode
GetProcessId
K32GetModuleFileNameExW
Thread32Next
Thread32First
DuplicateHandle
OpenProcess
CreateToolhelp32Snapshot
Sleep
GetConsoleMode
GetLastError
Process32NextW
K32GetModuleBaseNameW
Process32FirstW
CloseHandle
GetStdHandle
Beep
GetProcAddress
GetCurrentProcessId
GetModuleHandleW
GetConsoleWindow
Module32NextW
SetConsoleCursorPosition
OpenThread
SetUnhandledExceptionFilter
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcess
SetConsoleTitleA
SetConsoleTextAttribute
Module32FirstW
GetConsoleScreenBufferInfo
USER32.dll DeleteMenu
GetWindowLongW
EnumWindows
PostMessageW
GetWindowThreadProcessId
GetSystemMenu
ADVAPI32.dll AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation
LookupPrivilegeValueW
MSVCP140.dll ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xbad_alloc@std@@YAXXZ
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?_Id_cnt@id@locale@std@@0HA
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?wcerr@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?_Random_device@std@@YAIXZ
?_Xlength_error@std@@YAXPEBD@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Query_perf_counter
_Thrd_join
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?uncaught_exceptions@std@@YAHXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?good@ios_base@std@@QEBA_NXZ
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?_Throw_Cpp_error@std@@YAXH@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Query_perf_frequency
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
WINTRUST.dll WinVerifyTrust
VCRUNTIME140_1.dll __CxxFrameHandler4
VCRUNTIME140.dll __current_exception_context
__std_exception_destroy
__current_exception
memset
_CxxThrowException
__C_specific_handler
__std_terminate
memmove
memcpy
memcmp
__std_exception_copy
api-ms-win-crt-heap-l1-1-0.dll free
malloc
realloc
_set_new_mode
_callnewh
api-ms-win-crt-time-l1-1-0.dll _time64
strftime
_localtime64_s
api-ms-win-crt-runtime-l1-1-0.dll __p___argv
__p___argc
_c_exit
_register_thread_local_exe_atexit_callback
_beginthreadex
_exit
exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_initterm_e
_initterm
_get_initial_narrow_environment
_configure_narrow_argv
_set_app_type
_seh_filter_exe
system
_cexit
terminate
_initialize_narrow_environment
api-ms-win-crt-conio-l1-1-0.dll _getch
api-ms-win-crt-string-l1-1-0.dll tolower
strlen
wcslen
api-ms-win-crt-utility-l1-1-0.dll rand
api-ms-win-crt-stdio-l1-1-0.dll __p__commode
_set_fmode
__stdio_common_vsprintf
api-ms-win-crt-math-l1-1-0.dll __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2025-Dec-06 19:46:02
Version 0.0
SizeofData 101
AddressOfRawData 0xe774
PointerToRawData 0xcf74
Referenced File C:\Users\bhaie\Documents\ABI ANITCHEAT DCO\x64\Release\ABI ANITCHEAT DCO.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2025-Dec-06 19:46:02
Version 0.0
SizeofData 20
AddressOfRawData 0xe7dc
PointerToRawData 0xcfdc

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2025-Dec-06 19:46:02
Version 0.0
SizeofData 780
AddressOfRawData 0xe7f0
PointerToRawData 0xcff0

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2025-Dec-06 19:46:02
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140012040

RICH Header

XOR Key 0x9c9333a0
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 18
ASM objects (35403) 4
C objects (35403) 10
C++ objects (35403) 30
Imports (35403) 6
Imports (33145) 9
Total imports 203
C++ objects (LTCG) (35719) 1
Resource objects (35719) 1
Linker (35719) 1

Errors

Leave a comment

No comments yet.