Manalyze report for 3dc8a1fbe8a9377a08be4b112019b2715aaf7398f3ddd73d6632132e40b63ae9

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Nov-05 20:46:38
Detected languages	English - United States
CompanyName	GSE
FileDescription	GSE
FileVersion	`1, 0, 0, 2`
InternalName	GSE
LegalCopyright	Copyright (C) 2021 GSE
OriginalFilename	steam.exe
ProductName	GSE
ProductVersion	`1, 0, 0, 2`

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress LoadLibraryExW` `Code injection capabilities: VirtualAllocEx WriteProcessMemory CreateRemoteThread` `Can access the registry: RegQueryValueExW RegOpenKeyExW RegDeleteKeyW RegCreateKeyExW RegCloseKey RegSetValueExW` `Possibly launches other programs: CreateProcessW` `Memory manipulation functions often used by packers: VirtualAllocEx VirtualProtect` `Manipulates other processes: WriteProcessMemory`
Info	The PE is digitally signed.	`Signer: GSE` `Issuer: GSE`
Malicious	VirusTotal score: 36/72 (Scanned on 2026-03-09 15:24:01)	`ALYac: Application.Generic.4472836` `AVG: Win64:Evo-gen [Trj]` `AhnLab-V3: Trojan/Win.Generic.R759558` `Arcabit: Application.Generic.D444004` `Avast: Win64:Evo-gen [Trj]` `BitDefender: Application.Generic.4472836` `Bkav: W64.AIDetectMalware` `CAT-QuickHeal: Trojan.GameHack` `CTX: exe.trojan.generic` `CrowdStrike: win/malicious_confidence_70% (D)` `DeepInstinct: MALICIOUS` `ESET-NOD32: Win64/GameHack.MH potentially unsafe application` `Elastic: malicious (high confidence)` `Emsisoft: Application.Generic.4472836 (B)` `GData: Application.Generic.4472836` `Google: Detected` `Gridinsoft: Trojan.Win64.Agent.oa!s1` `K7AntiVirus: Unwanted-Program ( 005d20111 )` `K7GW: Unwanted-Program ( 005d20111 )` `Lionic: Trojan.Win32.GameHack.4!c` `Malwarebytes: RiskWare.DllInjector` `MaxSecure: Trojan.Malware.324995110.susgen` `MicroWorld-eScan: Application.Generic.4472836` `Microsoft: Trojan:Win32/Kepavll!rfn` `Paloalto: generic.ml` `Skyhigh: Artemis!Trojan` `Sophos: Generic Reputation PUA (PUA)` `Symantec: ML.Attribute.HighConfidence` `TrellixENS: Artemis!6B498AACF553` `TrendMicro: TROJ_GEN.R002C0DL925` `TrendMicro-HouseCall: TROJ_GEN.R002C0DL925` `VIPRE: Application.Generic.4472836` `Varist: W64/ABApplication.XIMA-2429` `ViRobot: Trojan.Win.Z.Gamehack.351144.A` `Webroot: W32.Malware.Gen` `Zillya: Trojan.GameHack.Win64.3806`

Hashes

MD5	`6b498aacf553ac0ea81f9016c8bc4c2f`
SHA1	`859d61d2a4e38087d3758e40c926b82ca416903a`
SHA256	`3dc8a1fbe8a9377a08be4b112019b2715aaf7398f3ddd73d6632132e40b63ae9`
SHA3	`53124f2b2add8eb7e709ac6dcfda82bdd2375308d64ef61ddd00220f89d7bdac`
SSDeep	`6144:dGq6IsVjt9VhdgG0DDU5kGf8U+W4AxTjaK2F/lrAueiLTR:dMTKG03U5kRWnxT52trZTR`
Imports Hash	`365e642f3e1cc345bc7f6d7709fe1049`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2025-Nov-05 20:46:38
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x37e00`
SizeOfInitializedData	`0x46c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000001D580 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x83000`
SizeOfHeaders	`0x400`
Checksum	`0x64e40`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`76fc596c695a1f37345d04d562aaf519`
SHA1	`963b91d80ce54b1fdd4a0cad6afb56723e066671`
SHA256	`63384b7634458424cca65fd81c42e67731dc34e9ab86de37b78651c095f776ef`
SHA3	`1811b1c582657a33e1e5ce0765244a001042527c4dddb18ae58c0e3a884d126e`
VirtualSize	`0x37ccc`
VirtualAddress	`0x1000`
SizeOfRawData	`0x37e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.41881`

.rdata

MD5	`a1c2920516356785ba357516ab4ecb51`
SHA1	`1e7c4e4e902497cb58eec0890eeb471eb32d35eb`
SHA256	`c9930c68c44c7ab9f783a4dccbc4a3e3df2d42e9d95786ff0c66c248ae3d5041`
SHA3	`4a9239bb06cbada5eb52ad37325b087926f9cd0535438919a8d395525e6cbe55`
VirtualSize	`0x1697a`
VirtualAddress	`0x39000`
SizeOfRawData	`0x16a00`
PointerToRawData	`0x38200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.08028`

.data

MD5	`c40f7d0e39b1f7c5a8b052942872d38b`
SHA1	`b12951162b992f102f4df17a83fe91a55836e5f2`
SHA256	`ed83b376e7eda39bc87aa2e1757456e5b56031b34bfc95e293631fd0ea2e19a4`
SHA3	`1a341b61c9b3d589fe50a91284068b029dd7687c0f61d21809175c8fff62bf4a`
VirtualSize	`0x2b4fc`
VirtualAddress	`0x50000`
SizeOfRawData	`0x1a00`
PointerToRawData	`0x4ec00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.06773`

.pdata

MD5	`13f5673801c2d35e9fa63bd26fccc1c3`
SHA1	`e95bc059e90b8f30deb0d8b0e76b48a4b93a1fa6`
SHA256	`0acd1a06baa0480cf184e0c5190ae64eceec394556e109d15dec8c6c7a8478d6`
SHA3	`a8070cbe7d5e36b49184eff7da847a50cbb688895c91527973c32045141c7a83`
VirtualSize	`0x3294`
VirtualAddress	`0x7c000`
SizeOfRawData	`0x3400`
PointerToRawData	`0x50600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.48268`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x100`
VirtualAddress	`0x80000`
SizeOfRawData	`0x200`
PointerToRawData	`0x53a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`4f30d42b6bc3e75c116f10f294ebc9ea`
SHA1	`4971ac0db1d61b6f90d5efe6fe77a0ea38511699`
SHA256	`20b9a24d00bdf085a45cd1ec2ab62db9fbf890fce7b0d17c51df89085a32bf5f`
SHA3	`1be2591016e17f4f88b2961d7431c8564149b5211e49a870aec95490fbe20063`
VirtualSize	`0x818`
VirtualAddress	`0x81000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x53c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.39929`

.reloc

MD5	`526faabe8738b9f964f6ca51229f4293`
SHA1	`1c369ae86fdbf7813aa8f51663f6519807bc5522`
SHA256	`e5f47358f5918a19709693ae277787c05160326321759a5aa78e787531439296`
SHA3	`319a976d8c604595db6eb64d998d196c9ebfb41d4f1d6ad77f213d58d3d7df5c`
VirtualSize	`0xa8c`
VirtualAddress	`0x82000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x54600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.14933`

Imports

USER32.dll	`MessageBoxA`
KERNEL32.dll	`VirtualAllocEx` `WriteProcessMemory` `VirtualFreeEx` `GetModuleFileNameW` `GetModuleHandleW` `CreateRemoteThread` `FormatMessageA` `SetEnvironmentVariableA` `SetEnvironmentVariableW` `GetCurrentProcessId` `TerminateProcess` `ResumeThread` `CreateProcessW` `WriteConsoleW` `WaitForSingleObject` `SetLastError` `GetLastError` `CloseHandle` `SetEndOfFile` `LoadLibraryW` `LocalFree` `GetLocaleInfoEx` `QueryPerformanceCounter` `QueryPerformanceFrequency` `Sleep` `GetCurrentThreadId` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `TryAcquireSRWLockExclusive` `GetCurrentDirectoryW` `CreateFileW` `FindClose` `FindFirstFileW` `FindFirstFileExW` `FindNextFileW` `GetFileAttributesExW` `GetFullPathNameW` `AreFileApisANSI` `GetProcAddress` `GetFileInformationByHandleEx` `MultiByteToWideChar` `WideCharToMultiByte` `GetStringTypeW` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionEx` `DeleteCriticalSection` `RtlUnwind` `GetSystemTimeAsFileTime` `EncodePointer` `DecodePointer` `LCMapStringEx` `GetCPInfo` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `IsProcessorFeaturePresent` `IsDebuggerPresent` `GetStartupInfoW` `InitializeSListHead` `RtlPcToFileHeader` `RaiseException` `RtlUnwindEx` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `LoadLibraryExW` `GetModuleHandleExW` `ExitProcess` `GetStdHandle` `WriteFile` `HeapFree` `HeapAlloc` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `VirtualProtect` `LCMapStringW` `GetLocaleInfoW` `IsValidLocale` `GetUserDefaultLCID` `EnumSystemLocalesW` `GetFileType` `FlushFileBuffers` `GetConsoleOutputCP` `GetConsoleMode` `ReadFile` `GetFileSizeEx` `SetFilePointerEx` `ReadConsoleW` `HeapReAlloc` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCommandLineA` `GetCommandLineW` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `GetProcessHeap` `SetStdHandle` `HeapSize`
ADVAPI32.dll	`RegQueryValueExW` `RegOpenKeyExW` `RegDeleteKeyW` `RegCreateKeyExW` `RegCloseKey` `RegSetValueExW`

Delayed Imports

SOURCE_CONTROL_ID

Type	`SCID`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x7`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.95021`
MD5	`b4f6bc541faccef222d975874c899b50`
SHA1	`58e0e5df12c1279c1a2f6a610f3de274d3ae8cb5`
SHA256	`07b46b5ce9d2dc257fcbd24a26c8d1146d73e1f4f1e0439076d11183ab931a98`
SHA3	`ec80b28420a1acca1406fdcde0e8176fc28a7006244e02d5d0cf5a37a1d61c94`

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2d4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.42788`
MD5	`0f33b0c4be60d21fddb3b77f517dddfe`
SHA1	`4cd3f1296b1405ce95b9703235ea2caaf7d70405`
SHA256	`5231504016fae38511a580b925ffc2100fdbc5b412377b65d682e9bd12889690`
SHA3	`dcf88802e5f832fd96116f5e95f7349d4fe6bd95e8d17cbda5228fb67c2c49e1`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x288`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.32137`
MD5	`7f5710f272d616aa9a40b65cecd5c1cc`
SHA1	`9c4d1459be754f3c18a9d1f931e32c996b23d9e5`
SHA256	`917aec2cabe0f29377d328d7e7e956c0ab2065565c1ddfa46b24ebf682856103`
SHA3	`fa28470225ae684dad80adbba635b23a697638d67d1a34c048526d26b31b10f6`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Nov-05 20:46:38
Version	`0.0`
SizeofData	`1036`
AddressOfRawData	`0x49b7c`
PointerToRawData	`0x48d7c`

TLS Callbacks

StartAddressOfRawData	`0x140049fd0`
EndAddressOfRawData	`0x140049fd1`
AddressOfIndex	`0x14007a290`
AddressOfCallbacks	`0x140039508`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_1BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140050300`

RICH Header

Errors

[*] Warning: Multiple nodes using the name Version Info in a dictionary.

Leave a comment

No comments yet.