Manalyze report for 48f6e3813394155cc8109cc88eb53e51

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2023-Feb-20 19:11:44
Detected languages	English - United States
Debug artifacts	C:\Users\Corey\Downloads\Fortnite-External-Source-main\Fortnite-External-Source-main\x64\Release\fortnite.pdb

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Uses functions commonly found in keyloggers: GetAsyncKeyState GetForegroundWindow` `Manipulates other processes: Process32NextW Process32FirstW` `Reads the contents of the clipboard: GetClipboardData`
Malicious	VirusTotal score: 8/70 (Scanned on 2023-03-06 21:39:40)	`Symantec: ML.Attribute.HighConfidence` `Elastic: malicious (high confidence)` `ESET-NOD32: a variant of Win64/GameHack_AGen.HM potentially unsafe` `APEX: Malicious` `Cynet: Malicious (score: 100)` `Rising: PUF.GameHack!8.223 (TFE:5:VelxpbzkYtS)` `MaxSecure: Trojan.Malware.300983.susgen` `CrowdStrike: win/malicious_confidence_60% (W)`

Hashes

MD5	`48f6e3813394155cc8109cc88eb53e51`
SHA1	`d3ce55eddbac4744cf98dfca9e186ef36822c8f4`
SHA256	`eeb14d6abad763ac02322b753f0c94b02d72129fba27f37323db31f6e6d82ba2`
SHA3	`36b96d01f2007249c7501f7a0f0629acdb72bce7744cc6615278594a7182d645`
SSDeep	`6144:kENP9rZvQW93rAaPakDAC13XDsuD3rS7TMUKGwct1no3DX:kEvR79nPD3GcUKG51n8`
Imports Hash	`de2ebd5d632972a1dce66a2fcac2029f`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2023-Feb-20 19:11:44
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x3c400`
SizeOfInitializedData	`0xfc00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000003C464 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x51000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f2ee8445edf287424b5066d779981297`
SHA1	`c8fd83dfef6f5aca017c7210debf9bca1e2dac3a`
SHA256	`9aff68a1aee687691157e2a2bdb8f44678534880b43d8cec4a49e3c1d9c5207a`
SHA3	`54ed8cb091a769a16ca26c1932723a7e49e8c9d0703bdc17bd2c3b14233bf428`
VirtualSize	`0x3c210`
VirtualAddress	`0x1000`
SizeOfRawData	`0x3c400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.4895`

.rdata

MD5	`944515b42e278b7a90bf309372471b64`
SHA1	`041f42838d13df54319ddc38037fbcb7789b2916`
SHA256	`bc88ab747082f98a63d40fc591f544af1b49a9759383dc049f3b2134ffda32e7`
SHA3	`3f054856f3634ed3b3fd343d8cfcd187a2a2b8d30d323e6ffaab49584a70471f`
VirtualSize	`0xc37e`
VirtualAddress	`0x3e000`
SizeOfRawData	`0xc400`
PointerToRawData	`0x3c800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.24338`

.data

MD5	`43771693ad398fd4bd5b5bc68a9efdc2`
SHA1	`2182a48de99dee192012367f8aba364a5b210b63`
SHA256	`96438d0eab910025e5e1919fd38056139d57ffe7060da3abba984d1da395e406`
SHA3	`4ae8ff82aa29a287524698a25fe87b4919fc6ab237a12aec0e23b928a5ecf153`
VirtualSize	`0x858`
VirtualAddress	`0x4b000`
SizeOfRawData	`0x200`
PointerToRawData	`0x48c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.59606`

.pdata

MD5	`4207e4514c8b9c87f9a4b3f285efcd3c`
SHA1	`85aefa880d01874fd4197ff129c47e06ad87ac60`
SHA256	`5802d2145bcf20d749d3b5f863f80de728a7896e6c180a99aec8bb800ad619e8`
SHA3	`330c89cf6a4375d3b1cdfc086d16376c50138eb89d363e425e9e703107e721ec`
VirtualSize	`0x28a4`
VirtualAddress	`0x4c000`
SizeOfRawData	`0x2a00`
PointerToRawData	`0x48e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.55675`

.rsrc

MD5	`8a7b4b7ab078f500fd18cb6d20c2bc45`
SHA1	`0c1146ebdaaa4c92bbead96deee3d9fbf82d5f83`
SHA256	`f81d8ff7779f10f0fb27f8f10ca981f8c4d2d260fa3264265fc9ff47c4d11a87`
SHA3	`d8ef712fd0517f653e637d3ba6e6dae9d2433613d6e0279812320eb5fe8bd621`
VirtualSize	`0x1e0`
VirtualAddress	`0x4f000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4b800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.71377`

.reloc

MD5	`d2dbb58b7da9a2597d51540fdd338f4d`
SHA1	`3c00dba39e540601626a65022de14d6f505441b7`
SHA256	`aee5c25857d978084ea39065d5b2f0de759ca17e03dfd486a6bc2ac44cf127c9`
SHA3	`4bb19dd0c29105ee80d01456e663335e5c79ab8e8cd33c860956b749d6d30da9`
VirtualSize	`0x1c0`
VirtualAddress	`0x50000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4ba00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.73906`

Imports

KERNEL32.dll	`GetProcAddress` `FreeLibrary` `QueryPerformanceCounter` `VirtualFree` `VirtualAlloc` `CreateToolhelp32Snapshot` `Process32NextW` `Process32FirstW` `CloseHandle` `GetModuleHandleW` `lstrcmpiW` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `LoadLibraryA` `GlobalFree` `TerminateProcess` `IsProcessorFeaturePresent` `InitializeCriticalSectionAndSpinCount` `DeleteCriticalSection` `CreateEventW` `IsDebuggerPresent` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `QueryPerformanceFrequency` `GlobalUnlock` `WideCharToMultiByte` `SetUnhandledExceptionFilter` `GlobalLock` `GlobalAlloc` `MultiByteToWideChar` `GetCurrentProcess`
USER32.dll	`DefWindowProcA` `PeekMessageW` `DispatchMessageW` `GetAsyncKeyState` `ShowWindow` `GetSystemMetrics` `SetWindowPos` `DestroyWindow` `GetWindowRect` `GetWindow` `SetLayeredWindowAttributes` `TranslateMessage` `LoadIconW` `SetWindowLongW` `GetDesktopWindow` `RegisterClassExA` `UpdateWindow` `GetKeyState` `GetClientRect` `CreateWindowExA` `SetClipboardData` `GetClipboardData` `EmptyClipboard` `SetCursor` `LoadCursorW` `GetForegroundWindow` `SetCursorPos` `ClientToScreen` `ScreenToClient` `GetCursorPos` `CloseClipboard` `OpenClipboard`
d3d9.dll	`Direct3DCreate9Ex`
IMM32.dll	`ImmSetCompositionWindow` `ImmReleaseContext` `ImmGetContext` `ImmSetCandidateWindow`
dwmapi.dll	`DwmExtendFrameIntoClientArea`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`__std_terminate` `memmove` `memcpy` `memcmp` `memchr` `strstr` `memset` `__C_specific_handler` `__current_exception_context` `__current_exception`
api-ms-win-crt-stdio-l1-1-0.dll	`_set_fmode` `__acrt_iob_func` `fflush` `fclose` `__p__commode` `fseek` `__stdio_common_vfprintf` `__stdio_common_vsscanf` `fread` `__stdio_common_vsprintf` `_wfopen` `fwrite` `ftell`
api-ms-win-crt-utility-l1-1-0.dll	`qsort`
api-ms-win-crt-string-l1-1-0.dll	`strncmp` `strcmp` `strncpy`
api-ms-win-crt-heap-l1-1-0.dll	`free` `malloc` `_set_new_mode`
api-ms-win-crt-convert-l1-1-0.dll	`atof`
api-ms-win-crt-runtime-l1-1-0.dll	`_c_exit` `__p___argv` `exit` `terminate` `_configure_narrow_argv` `__p___argc` `_initialize_narrow_environment` `_initialize_onexit_table` `_register_thread_local_exe_atexit_callback` `_exit` `_initterm_e` `_initterm` `_get_initial_narrow_environment` `_set_app_type` `_seh_filter_exe` `_cexit` `_crt_atexit` `_register_onexit_function`
api-ms-win-crt-math-l1-1-0.dll	`asin` `ceilf` `cosf` `fmodf` `__setusermatherr` `acosf` `sinf` `sqrtf` `tanf`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2023-Feb-20 19:11:44
Version	`0.0`
SizeofData	`134`
AddressOfRawData	`0x44b24`
PointerToRawData	`0x43324`
Referenced File	C:\Users\Corey\Downloads\Fortnite-External-Source-main\Fortnite-External-Source-main\x64\Release\fortnite.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2023-Feb-20 19:11:44
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x44bac`
PointerToRawData	`0x433ac`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2023-Feb-20 19:11:44
Version	`0.0`
SizeofData	`816`
AddressOfRawData	`0x44bc0`
PointerToRawData	`0x433c0`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2023-Feb-20 19:11:44
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x140044f10`
EndAddressOfRawData	`0x140044f18`
AddressOfIndex	`0x14004b664`
AddressOfCallbacks	`0x14003e530`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14004b010`

RICH Header

XOR Key	`0x45f2e275`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`16`
Imports (VS2022 Update 3 (17.3.0) compiler 31616)	`4`
C++ objects (VS2022 Update 3 (17.3.0) compiler 31616)	`27`
C objects (VS2022 Update 3 (17.3.0) compiler 31616)	`10`
ASM objects (VS2022 Update 3 (17.3.0) compiler 31616)	`3`
Imports (VS2012 build 50727 / VS2005 build 50727)	`2`
Imports (30795)	`11`
Total imports	`166`
C++ objects (LTCG) (31631)	`8`
Resource objects (31631)	`1`
Linker (31631)	`1`

48f6e3813394155cc8109cc88eb53e51

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors