Manalyze report for 3f65ecf504f796e5edc4a800ff0c12ed655305e6bc7c593dc6ffeb0bf94c1a76

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Feb-28 10:22:10
Detected languages	English - United States Korean - Korea

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to RC5 or RC6`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Uses functions commonly found in keyloggers: GetForegroundWindow GetAsyncKeyState` `Manipulates other processes: Process32Next Process32First` `Can take screenshots: PrintWindow GetDC BitBlt CreateCompatibleDC`
Malicious	VirusTotal score: 3/61 (Scanned on 2026-04-04 04:07:01)	`APEX: Malicious` `CrowdStrike: win/malicious_confidence_70% (W)` `Trapmine: suspicious.low.ml.score`

Hashes

MD5	`0646c8dc1336b043fc4f6b7028b04f34`
SHA1	`557756160399fa10f3295a80ec8f82d2fd7b9341`
SHA256	`3f65ecf504f796e5edc4a800ff0c12ed655305e6bc7c593dc6ffeb0bf94c1a76`
SHA3	`608bd21fdb20e0c1153e058618710df365e9d4cbf818168725818a945d2825a7`
SSDeep	`12288:QK3g9pnmtdLjMN6iSjxv9ufbyFgBToDQiAhG/Au/j5dHF:QK3gXnmzTxFuTyFMlC9dH`
Imports Hash	`75a1b1d6de2b9b4e1554e6384e4f63d7`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2026-Feb-28 10:22:10
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x60e00`
SizeOfInitializedData	`0x78200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000033C74 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xdd000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`ed7752ae05673aea9413de416f84641d`
SHA1	`940ee306e5cf3913c6b95fe5b5987afb12fd6c15`
SHA256	`851bc54538378a515a8aeeb2201eeb684cf6694e8180b5195425631ad9bd3ddb`
SHA3	`f8331aa8b9261834da6ad6b430a1585cb7a41bce156bf7fc8285226d673f374e`
VirtualSize	`0x60ca8`
VirtualAddress	`0x1000`
SizeOfRawData	`0x60e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.43057`

.rdata

MD5	`c9635b6a1db445fbd209a68b9d81753b`
SHA1	`64fffee5874e293a4e12e42b5034da7473e3d008`
SHA256	`727f2ed362481c17f29989b0de2c003fe34cbfd9a48176176e31fd89da9df403`
SHA3	`55790b9d67a66482b0d0e02a1a128621b0090303be1f4d8de33f4bc982bd1e5b`
VirtualSize	`0x1d586`
VirtualAddress	`0x62000`
SizeOfRawData	`0x1d600`
PointerToRawData	`0x61200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.19191`

.data

MD5	`94105cd168dbeecbcb0ee82555760d3c`
SHA1	`7bb8e8470db06a89ee55ade5689c50e14f8e9bc3`
SHA256	`4a4ac6cc77b6f796ea16c54f3ab79b39cf8a527441efa6e13e2881e73da69c36`
SHA3	`6d525c20ef40b546f7f12906ac9a78bf5e9f93dc8ad214598755bc7cbc089ff3`
VirtualSize	`0x4105c`
VirtualAddress	`0x80000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x7e800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.28646`

.pdata

MD5	`637aac85ff1fe973ba147990ab9950ec`
SHA1	`a0a1b8a98fca5ef49da084cb3b3d107e7dfd536d`
SHA256	`5e3b85556bcf9f217136d08eee18764f0263a7f0eb0c5494f3df864eb0ffef74`
SHA3	`12ce93b2e303e4f7fdee4000ec08e2b22e1c81959298fb4e340bd35a343562eb`
VirtualSize	`0x3f90`
VirtualAddress	`0xc2000`
SizeOfRawData	`0x4000`
PointerToRawData	`0x81800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.73533`

_RDATA

MD5	`cc9e78549d146f8660a99132a0ef1cc7`
SHA1	`443e3d89ee713ebc691418d131e18ed20f0b9841`
SHA256	`b6c6ce4f54f1790da265c139e3e5842af9ef5d80d1c71ad918b0a28d842b8765`
SHA3	`6731ee4385945908a01051507ea264193634931833fd66471dded07bc07db185`
VirtualSize	`0xfc`
VirtualAddress	`0xc6000`
SizeOfRawData	`0x200`
PointerToRawData	`0x85800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.44794`

.rsrc

MD5	`a99bfbd87186bbda08a633e4ced13463`
SHA1	`1f9ae65c58e058a1f4cf99be2f03ea0a9c75ba0b`
SHA256	`b837ba159e4306a1179a2367ced4ec697f2961b29fb414496601ac83c037da6b`
SHA3	`41a668ab0d99ba13a9877674cf180d700e85cfcb4905004a6963d0746384a3fa`
VirtualSize	`0x148d8`
VirtualAddress	`0xc7000`
SizeOfRawData	`0x14a00`
PointerToRawData	`0x85a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.90644`

.reloc

MD5	`378464951519015399aa6b12525f611b`
SHA1	`5f049be6579ed7b20276ab108030fde408dcee5a`
SHA256	`a9faf250b98810a157235981af0ee74ec12343104f01c71f4b5b8999d282e627`
SHA3	`ca1da69d44dc6e2e50bba442485b17712352ee832f5d1dc8d8d4424c160278cd`
VirtualSize	`0xd68`
VirtualAddress	`0xdc000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x9a400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.36718`

Imports

KERNEL32.dll	`FindResourceA` `WaitForSingleObject` `GetCurrentThreadId` `ResumeThread` `GetModuleHandleA` `CreateToolhelp32Snapshot` `Sleep` `GetLastError` `TerminateThread` `LockResource` `QueryPerformanceFrequency` `Process32Next` `LoadResource` `GetProcAddress` `GetCurrentProcessId` `QueryPerformanceCounter` `GetTickCount` `WriteConsoleW` `HeapSize` `HeapReAlloc` `GetProcessHeap` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCommandLineW` `GetCommandLineA` `GetOEMCP` `GetACP` `IsValidCodePage` `FlushFileBuffers` `GetFileSizeEx` `EnumSystemLocalesW` `GetUserDefaultLCID` `IsValidLocale` `GetLocaleInfoW` `LCMapStringW` `GetConsoleOutputCP` `SetStdHandle` `ReadConsoleW` `GetConsoleMode` `GetFileType` `HeapFree` `HeapAlloc` `GetStdHandle` `FreeLibraryAndExitThread` `ExitThread` `CreateThread` `FindFirstFileExW` `FindClose` `SetEndOfFile` `GetModuleHandleExW` `ExitProcess` `LoadLibraryExW` `FreeLibrary` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `SetLastError` `RaiseException` `RtlPcToFileHeader` `RtlUnwindEx` `GetCPInfo` `LCMapStringEx` `DecodePointer` `EncodePointer` `GetModuleFileNameW` `TerminateProcess` `GetCurrentProcess` `FindNextFileW` `Process32First` `SizeofResource` `UnmapViewOfFile` `WideCharToMultiByte` `SystemTimeToFileTime` `GetCurrentDirectoryW` `CloseHandle` `LocalFileTimeToFileTime` `MultiByteToWideChar` `CreateFileW` `SetFilePointer` `FlsFree` `FlsSetValue` `FlsGetValue` `FlsAlloc` `TryEnterCriticalSection` `InitializeCriticalSectionEx` `AcquireSRWLockExclusive` `ReleaseSRWLockExclusive` `InitializeSRWLock` `GetStringTypeW` `InitializeSListHead` `GetSystemTimeAsFileTime` `GetStartupInfoW` `IsDebuggerPresent` `IsProcessorFeaturePresent` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `GetModuleHandleW` `CreateEventW` `WaitForSingleObjectEx` `ResetEvent` `SetEvent` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `LeaveCriticalSection` `EnterCriticalSection` `WriteFile` `ReadFile` `SetFilePointerEx` `RtlUnwind`
USER32.dll	`UpdateLayeredWindow` `PeekMessageA` `GetClientRect` `PrintWindow` `SetCursor` `SendMessageA` `TranslateMessage` `ChangeWindowMessageFilter` `DefWindowProcA` `EnumWindows` `GetForegroundWindow` `ReleaseDC` `SetForegroundWindow` `RegisterClassW` `SetClassLongPtrA` `GetWindowTextA` `GetAsyncKeyState` `IsWindow` `ShowWindow` `GetActiveWindow` `TrackPopupMenu` `WindowFromPoint` `GetSystemMetrics` `CreateWindowExW` `PostMessageA` `EnumChildWindows` `MessageBoxW` `SetWindowPos` `GetDC` `GetCursorPos` `MessageBoxA` `LoadCursorA` `GetWindowThreadProcessId` `GetKeyState` `GetClassLongPtrA` `LoadImageA` `SetProcessDpiAwarenessContext` `DispatchMessageA`
GDI32.dll	`GetCurrentObject` `CreateBitmap` `DeleteObject` `BitBlt` `CreateCompatibleBitmap` `SelectObject` `CreateCompatibleDC` `GdiAlphaBlend` `StretchBlt` `GetBitmapBits` `GetDeviceCaps` `DeleteDC` `SetBitmapBits` `SetStretchBltMode` `GetObjectA`
SHELL32.dll	`Shell_NotifyIconW`
ole32.dll	`CreateStreamOnHGlobal`
gdiplus.dll	`GdipDeleteFontFamily` `GdipGetImageHeight` `GdipSetCompositingQuality` `GdipDrawRectangleI` `GdipCreateFontFamilyFromName` `GdipDrawLineI` `GdipCreatePen1` `GdipCreateBitmapFromScan0` `GdipDeletePen` `GdipGetImageWidth` `GdipGetFontSize` `GdipDeleteGraphics` `GdipGetImageGraphicsContext` `GdipMeasureString` `GdipStringFormatGetGenericTypographic` `GdipSetTextRenderingHint` `GdipCreateFromHDC` `GdipDrawString` `GdipFree` `GdipGetGenericFontFamilySansSerif` `GdipCreateHBITMAPFromBitmap` `GdipGraphicsClear` `GdipCreateSolidFill` `GdipSetInterpolationMode` `GdipCreateFont` `GdipSetSmoothingMode` `GdipDisposeImage` `GdipAlloc` `GdipCreateBitmapFromStream` `GdipDeleteBrush` `GdipCloneImage` `GdiplusStartup`
ntdll.dll	`RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind`
IMM32.dll	`ImmReleaseContext` `ImmGetContext` `ImmSetConversionStatus`

Delayed Imports

101

Type	`ZIP`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x13895`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99758`
Detected Filetype	Zip Compressed Archive
MD5	`1b33c65985f926c471e7b7b8fd2002c1`
SHA1	`c10618e39991d048a3c7d77630a7acf4d71bfa63`
SHA256	`b9a4c58cc010e532e5e53081977bba82dfe7078d0091730cdc6137e93ab7a94f`
SHA3	`c98fb5a8ccb1f6192b6ddb5632beebb7820fc0a66838040a1c98f8d4908596d9`

1

Type	`RT_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.69788`
MD5	`648c1bf7ba41e8797a6dbd5200f21766`
SHA1	`cf088b367cae5748368ed67c5555309231135bd8`
SHA256	`04c2214dbc1933c058dec679b784a8bee7ebf2d8887554f206b904683fccf1bb`
SHA3	`458c6c9716fff4c39ae01dacbb95d2492eaa33c5ff854e75ac90a7f109757a21`

2

Type	`RT_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.78796`
MD5	`7e9668a11781be35f44fe766b2a2d09e`
SHA1	`5bfa1bf4fcea51785acb763e1e78203f58923f06`
SHA256	`adfb79c6c2e17e759706f76b68f9140912e2a6a9897ae53fa2491ee612a27cb9`
SHA3	`230e6c867ecb8ef5b34e6f2cb4339331fd420db41fad55d2c040c6a9cd200978`

102

Type	`RT_GROUP_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.32824`
Detected Filetype	Icon file
MD5	`62d6b1d51e9721a781148fb63c1970c6`
SHA1	`0491f06e0b5fe9241d44138303ece1776840fd6d`
SHA256	`1d47c7bd2cc20089bc0387c8e7ac0a1680e9b4dc81dbde998c3c5c8e6c7d69aa`
SHA3	`9f1474d08ea9f8bc44f2b127a2a96dbaaed16872128ddd81afe07b2b3756d3bd`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x91`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.8858`
MD5	`f7ad1eab748bc07570a57ec87787cf90`
SHA1	`0b1608da9fef218386e825db575c65616826d9f4`
SHA256	`d2952e57023848a37fb0f21f0dfb38c9000f610ac2b00c2f128511dfd68bde04`
SHA3	`6c9541b36948c19ae507d74223621875b3af4064f7cd8200bdb97e15a047e96a`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Feb-28 10:22:10
Version	`0.0`
SizeofData	`1008`
AddressOfRawData	`0x78194`
PointerToRawData	`0x77394`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2026-Feb-28 10:22:10
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x1400785a8`
EndAddressOfRawData	`0x1400785b0`
AddressOfIndex	`0x140083528`
AddressOfCallbacks	`0x1400627d0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140080010`

RICH Header

XOR Key	`0x87b3c424`
Unmarked objects	`0`
ASM objects (29395)	`11`
C++ objects (29395)	`203`
253 (28518)	`3`
C++ objects (30034)	`87`
C objects (30034)	`18`
ASM objects (30034)	`10`
C objects (29395)	`20`
Imports (29395)	`23`
Total imports	`367`
C++ objects (LTCG) (VS2019 Update 11 (16.11.13) compiler 30143)	`3`
Resource objects (VS2019 Update 11 (16.11.13) compiler 30143)	`1`
151	`1`
Linker (VS2019 Update 11 (16.11.13) compiler 30143)	`1`

Errors

Leave a comment

No comments yet.