Manalyze report for 43f40aa7414c75c01168ec0ef4c7a979

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2070-Apr-05 10:57:58
Debug artifacts	C:\Users\ourko\source\src\thunder\thunder\obj\x64\Debug\thunder.pdb
Comments	roblox execution (imgui imitation)
CompanyName	THUNDER SOFTWORKS
FileDescription	thunder
FileVersion	`1.0.0.0`
InternalName	thunder.exe
LegalCopyright	Copyright © 2021
LegalTrademarks	THUNDER SIGNED
OriginalFilename	thunder.exe
ProductName	thunder
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: githubusercontent.com https://discord.gg https://forms.gle https://pastebin.com https://raw.githubusercontent.com https://raw.githubusercontent.com/EdgeIY/infiniteyield/master/source https://raw.githubusercontent.com/speedstarkawaii/thunder/refs/heads/main/pushed.version pastebin.com raw.githubusercontent.com`
Suspicious	The PE is possibly packed.	`The PE only has 0 import(s).`
Malicious	VirusTotal score: 5/72 (Scanned on 2025-01-01 18:28:53)	`Bkav: W64.AIDetectMalware.CS` `CrowdStrike: win/malicious_confidence_60% (W)` `Kingsoft: Msil.TrojDownloader.pstinb.a` `VirIT: Trojan.Win64.MSIL_Heur.A` `huorong: TrojanDownloader/MSIL.Pstinb.a`

Hashes

MD5	`43f40aa7414c75c01168ec0ef4c7a979`
SHA1	`67044acb3a169daf244c240318881c937b24c0e9`
SHA256	`f4524a9ba2932b9f129e0867a1c109be2b0af520a8905d5b83f6f520e7525e0d`
SHA3	`532ab3d2d8a147128605c3c46e504ffd9fefb9034a798351620bbb558dc82e25`
SSDeep	`12288:oIZAuH3AuH6LOVcKRa4YYxeLLlgtYhx4fPIMw5aE9gljA8RcIz6iG:obFJKRarS0AIq+glFceZ`
Imports Hash	`d41d8cd98f00b204e9800998ecf8427e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`2`
TimeDateStamp	2070-Apr-05 10:57:58
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`48.0`
SizeOfCode	`0xa7000`
SizeOfInitializedData	`0x1800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000000000 (Section: ?)`
BaseOfCode	`0x2000`
ImageBase	`0x140000000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xac000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x400000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x2000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`734d0f49db9d71d28f41cdb322a66cf1`
SHA1	`589395896e85276e53e147c2b4525cba850dc08c`
SHA256	`b764bd68d92541197720662b71d306b5964d8ff6933108d360f97fc1b31f7a42`
SHA3	`2345edc405466b41f64b53d97bc27a21156933b3acb086d06bb57de530fa47c2`
VirtualSize	`0xa6e48`
VirtualAddress	`0x2000`
SizeOfRawData	`0xa7000`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.00825`

.rsrc

MD5	`0d482c19834925be77a18a2fab809fd9`
SHA1	`08e12820ba5e2d20f87f2e1337f3c2aaf846927f`
SHA256	`1a5f596f6f84b04fee76ae1143ccda77d0a09680dcc98dc18e536a5a59c62c73`
SHA3	`d940c2a00102803fe0117e219b5fc05ece13a795b22b54f2d44f79e5957465ce`
VirtualSize	`0x1768`
VirtualAddress	`0xaa000`
SizeOfRawData	`0x1800`
PointerToRawData	`0xa7200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.84908`

Imports

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.68242`
MD5	`ce7d7f0de36b16ff66e57bf9c049100f`
SHA1	`8384f89b484c76cbba7588ba3e08297ac7375def`
SHA256	`70aa2e6b312ed56d2237a3e4828f06e2448b25679a404fb3b06e7092126c4d83`
SHA3	`eee21dc14f86df121a61cd6d35f2491a824d05d943574aa81e256f22f7ca3110`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.7815`
Detected Filetype	Icon file
MD5	`3c68f77c35c26ff079a1c410ee44fa62`
SHA1	`0b40150c95fc2c6414c90d44ee78b8d8814b3393`
SHA256	`a14e70ed824f3f17d3a51136aa08839954d6d3ccadaa067415c7bfc08e6636b0`
SHA3	`590dcbf2ec3f485a6c24e3e627f383ee7588eb49978321f12c07d8190a6c1396`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x38c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.38883`
MD5	`bd216682db41450c82258f04ff1bc87f`
SHA1	`e7c9a4e9a174e5f41af9eee70a3716004d7996a1`
SHA256	`0c9a2dfe27af6eb4c5392f6b83f185487d2214a2d24db617ff85ca136e62685c`
SHA3	`d0889a2530d428da79763f42302a88dab85237ab07eaf50de853fca6d1a20a59`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	roblox execution (imgui imitation)
CompanyName	THUNDER SOFTWORKS
FileDescription	thunder
FileVersion (#2)	1.0.0.0
InternalName	thunder.exe
LegalCopyright	Copyright © 2021
LegalTrademarks	THUNDER SIGNED
OriginalFilename	thunder.exe
ProductName	thunder
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2039-Sep-12 19:57:13
Version	`0.0`
SizeofData	`92`
AddressOfRawData	`0xa8dec`
PointerToRawData	`0xa6fec`
Referenced File	C:\Users\ourko\source\src\thunder\thunder\obj\x64\Debug\thunder.pdb

UNKNOWN

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

RICH Header

43f40aa7414c75c01168ec0ef4c7a979

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

Imports

Delayed Imports

1

32512

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors