Manalyze report for 3cdba6f206dc6551b9444f1e7b443d60

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Jan-11 15:36:56
Detected languages	English - United States German - Germany
Debug artifacts	C:\Users\jakob\source\repos\WaterMelonTool\x64\Release\WaterMelonTool.pdb
CompanyName	Needless GmbH
FileDescription	TOOL for Trading
FileVersion	`1.0.0.1`
InternalName	NeedlessTool.exe
LegalCopyright	Copyright (C) Watermelon GmbH 2022
OriginalFilename	NeedlessTool.exe
ProductName	Needless TOOL
ProductVersion	`1.0.0.1`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Looks for VMWare presence: VMware vmware` `Looks for Qemu presence: QEMU qemu` `Contains domain names: discord.com github.com pastebin.com`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Possibly launches other programs: CreateProcessW` `Can create temporary files: CreateFileW GetTempPathW` `Has Internet access capabilities: WinHttpReceiveResponse WinHttpQueryHeaders WinHttpQueryDataAvailable WinHttpConnect WinHttpSendRequest WinHttpOpen WinHttpOpenRequest WinHttpReadData WinHttpCloseHandle` `Manipulates other processes: Process32NextW Process32FirstW` `Can take screenshots: GetDC CreateCompatibleDC BitBlt`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`3cdba6f206dc6551b9444f1e7b443d60`
SHA1	`398434e294daa7cadfab042d05fde768c8596b46`
SHA256	`9549112a31534d04865b5110691a61368b648e292857204618e5b097c597d545`
SHA3	`165eb8688a9cead661663fe16408b345a0dfcda6b43633acb072e2adc9909218`
SSDeep	`768:jElJTNJ2/MFCrY0Cz5/yj8UPrGJaBcJI6ucOsZzS1hmu/9HNZ8EE4hm+rol6m:wlJ+CIoYrH+JecjN879HNZi4XEl6m`
Imports Hash	`a742d94e9901c17680b27c3afd00e1e8`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2025-Jan-11 15:36:56
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xac00`
SizeOfInitializedData	`0x6c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000000A800 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x15000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e6904deabfeb6d6da4d09b0f339a1733`
SHA1	`dc1dfb1848a1851ccb9dd96dc25ca4a19a645ba2`
SHA256	`5cb87db77bda781e6dc2f8997c08b839cd8447f2483b3c6c061314b9d689defd`
SHA3	`49109fadd3072a4aeb2899d6cfd9c97ae6b09600b778445fb1e76ad86616f717`
VirtualSize	`0xaaf3`
VirtualAddress	`0x1000`
SizeOfRawData	`0xac00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.14376`

.rdata

MD5	`cc7f499a9ae93ae06d7e5fe85eca3fc7`
SHA1	`414eeb1acf3fcf84e50f4bb9f360de05b755e91c`
SHA256	`270ad4569fa258a295daab760aed1d2ad6268bd08b9eaf28058e0d846963fe87`
SHA3	`4252ca1616e6bf598754e72f8ffd90b1692fe688f5c144ee179e29dbbcad8880`
VirtualSize	`0x4f02`
VirtualAddress	`0xc000`
SizeOfRawData	`0x5000`
PointerToRawData	`0xb000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.65115`

.data

MD5	`343d29a48e0e116354ece51bc9d2b0f0`
SHA1	`88240012575d74892ccbea319401e9f1aa242a4f`
SHA256	`9f29e3451eac8d0798300d6affbb120d05fba643fdabf8cb5a3c731f8de7f080`
SHA3	`e9924672293c494a3273d91e40803781dd03f79a77b7acfeff1a565fbaa84e67`
VirtualSize	`0xac8`
VirtualAddress	`0x11000`
SizeOfRawData	`0x600`
PointerToRawData	`0x10000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.07606`

.pdata

MD5	`cb9695883b50ed5dd3d9131176d63afb`
SHA1	`e04ac0b20af77df7fdeef2be0788bc72319c90e8`
SHA256	`af477c4b893957cc06788ca83f93b67fa6a8ef66955eb56ec0abbcea1b511870`
SHA3	`940418c265e95266b2c52d49854b1e5c55840f33cd100aac1621e749303bafa0`
VirtualSize	`0x7b0`
VirtualAddress	`0x12000`
SizeOfRawData	`0x800`
PointerToRawData	`0x10600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.35246`

.rsrc

MD5	`aaf51d50f157e65fd1a4348679fbccc2`
SHA1	`d1ec4e3af16ad53c4f923820e15b7f2309ce6aae`
SHA256	`f0d27c6a8929c84343bbe9cfcc9bd7b28ca530cbb55606696d217af7f76747b1`
SHA3	`c74876066d1b9e318511865c982c5cadd068c2eeb665ee65195247f5b718da38`
VirtualSize	`0x520`
VirtualAddress	`0x13000`
SizeOfRawData	`0x600`
PointerToRawData	`0x10e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.71208`

.reloc

MD5	`df1727ecad1682f933175a13271ee047`
SHA1	`38318d931f7c2f273f48bffee0964de36b4d49ce`
SHA256	`97ab2e854bf710b7d79405fed687f126a5a033a11b01efc8bb42580fcfecf91d`
SHA3	`bd0421dd18b90c250e0733d16a417705df6fe7847820d0908c8deffae0419ea6`
VirtualSize	`0xa8`
VirtualAddress	`0x14000`
SizeOfRawData	`0x200`
PointerToRawData	`0x11400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.20947`

Imports

KERNEL32.dll	`Process32NextW` `K32GetProcessMemoryInfo` `GetDiskFreeSpaceExW` `Process32FirstW` `CloseHandle` `GetSystemInfo` `LoadLibraryW` `GetProcAddress` `LocalFree` `GetComputerNameW` `GetTickCount64` `CreateProcessW` `FreeLibrary` `WideCharToMultiByte` `K32GetPerformanceInfo` `SetProcessWorkingSetSize` `RtlLookupFunctionEntry` `GetModuleHandleW` `GetStartupInfoW` `IsDebuggerPresent` `InitializeSListHead` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `MultiByteToWideChar` `CreateToolhelp32Snapshot` `CreateFileW` `FindClose` `GetTempPathW` `GetCurrentProcess` `WriteFile` `GlobalMemoryStatusEx` `FindFirstFileW` `GetCurrentProcessId` `QueryPerformanceCounter` `IsProcessorFeaturePresent` `TerminateProcess` `RtlCaptureContext` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter`
USER32.dll	`ReleaseDC` `GetDC` `MessageBoxW` `GetSystemMetrics` `EnumDisplayDevicesW`
GDI32.dll	`CreateCompatibleBitmap` `SelectObject` `CreateCompatibleDC` `DeleteDC` `DeleteObject` `BitBlt`
ADVAPI32.dll	`GetUserNameW`
ole32.dll	`CLSIDFromString` `CreateStreamOnHGlobal` `CoUninitialize`
MSVCP140.dll	`??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ` `?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ` `?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ` `?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z` `??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ` `??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z` `??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ` `?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ` `?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ` `?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ` `?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ` `?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z` `?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z` `?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z` `?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ` `?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z` `??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z` `??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ` `?good@ios_base@std@@QEBA_NXZ` `?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z` `?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z` `?_Xlength_error@std@@YAXPEBD@Z` `?_Xout_of_range@std@@YAXPEBD@Z` `?uncaught_exception@std@@YA_NXZ`
gdiplus.dll	`GdipCreateBitmapFromHBITMAP` `GdipSaveImageToStream` `GdipFree` `GdipDisposeImage` `GdipCloneImage` `GdipAlloc`
WINHTTP.dll	`WinHttpReceiveResponse` `WinHttpQueryHeaders` `WinHttpQueryDataAvailable` `WinHttpConnect` `WinHttpSendRequest` `WinHttpOpen` `WinHttpOpenRequest` `WinHttpReadData` `WinHttpCloseHandle`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`memcpy` `memchr` `memmove` `memcmp` `memset` `__current_exception_context` `__current_exception` `__std_exception_destroy` `__std_exception_copy` `__std_terminate` `__C_specific_handler` `_CxxThrowException`
api-ms-win-crt-stdio-l1-1-0.dll	`__stdio_common_vfwprintf` `__acrt_iob_func` `_set_fmode` `__p__commode`
api-ms-win-crt-string-l1-1-0.dll	`tolower`
api-ms-win-crt-runtime-l1-1-0.dll	`_get_wide_winmain_command_line` `_c_exit` `_register_thread_local_exe_atexit_callback` `exit` `_initterm_e` `_cexit` `_initialize_wide_environment` `_set_app_type` `_initialize_onexit_table` `_register_onexit_function` `_crt_atexit` `terminate` `_seh_filter_exe` `_invalid_parameter_noinfo_noreturn` `_initterm` `_exit` `_configure_wide_argv`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `free` `_callnewh` `malloc`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`

Delayed Imports

1

Type	`RT_VERSION`
Language	German - Germany
Codepage	UNKNOWN
Size	`0x300`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.35754`
MD5	`af61e720de70ba7e2e9e724e9522541b`
SHA1	`42f4e23ee85f76fc628708dedb905bcda1f4dec1`
SHA256	`1504cc8b5bca109a23542f1a7894348dea3d34668a5ab78065892ff81ecc1846`
SHA3	`a57d07c66d2386275a8ae6504985600fd99c7a6a831de402caa075965ac6c343`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.1
ProductVersion	1.0.0.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	German - Germany
CompanyName	Needless GmbH
FileDescription	TOOL for Trading
FileVersion (#2)	1.0.0.1
InternalName	NeedlessTool.exe
LegalCopyright	Copyright (C) Watermelon GmbH 2022
OriginalFilename	NeedlessTool.exe
ProductName	Needless TOOL
ProductVersion (#2)	1.0.0.1

Resource LangID	German - Germany

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Jan-11 15:36:56
Version	`0.0`
SizeofData	`98`
AddressOfRawData	`0xe620`
PointerToRawData	`0xd620`
Referenced File	C:\Users\jakob\source\repos\WaterMelonTool\x64\Release\WaterMelonTool.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Jan-11 15:36:56
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0xe684`
PointerToRawData	`0xd684`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Jan-11 15:36:56
Version	`0.0`
SizeofData	`720`
AddressOfRawData	`0xe698`
PointerToRawData	`0xd698`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2025-Jan-11 15:36:56
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140011000`

RICH Header

XOR Key	`0x6c7f139c`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`12`
ASM objects (34321)	`3`
C objects (34321)	`10`
C++ objects (34321)	`27`
C++ objects (CVTCIL) (33138)	`1`
Imports (34321)	`6`
Imports (33138)	`15`
Total imports	`162`
C++ objects (LTCG) (34435)	`1`
Resource objects (34435)	`1`
151	`1`
Linker (34435)	`1`

3cdba6f206dc6551b9444f1e7b443d60

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

1

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors