Manalyze report for 4d432aade0f786cfb586c6e8952debcdf4e7844aa5207103ce6de2f5093306e2

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Apr-18 20:15:13

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Info	Interesting strings found in the binary:	`Contains domain names: httpbin.org https://httpbin.org`
Info	The PE contains common functions which appear in legitimate applications.	`Possibly launches other programs: CreateProcessA`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`7c4ea73ff54afdd62bca9b6d33436fe7`
SHA1	`90e338c04865716b504c356b9c35a8268a2d081b`
SHA256	`4d432aade0f786cfb586c6e8952debcdf4e7844aa5207103ce6de2f5093306e2`
SHA3	`a736937881e37d2e6174eb1097c431761c87de481b4115a7cec04a38fc30f6bd`
SSDeep	`6144:6DvwftesFBq2Im1zF7idnjCJeF7xf6ahYrsRjaBmm780Jt9gVGzJ5ueqFg+3edK:ovwftNrI5F7xSYNaBm4zUGKeSg+ud/`
Imports Hash	`ce96d2c19b1a34a03eee3c1cbbb19748`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`4`
TimeDateStamp	2026-Apr-18 20:15:13
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x62000`
SizeOfInitializedData	`0x5400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000006055C (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x69000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`83c79eb9be0c4f558146cae4d1386877`
SHA1	`28ee3a073f05a4d23dd23629927adf532f0d513b`
SHA256	`f31c10ccda08e1d59b3f6e13f21a2a829bcc968a43a588f11b8f2c4b4c9ed7c4`
SHA3	`54365811f533ab5c28a8b97afff655dbdfa0e04d3e5da62bd0bfe30d508f1cd4`
VirtualSize	`0x61ea4`
VirtualAddress	`0x1000`
SizeOfRawData	`0x62000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.49392`

.data

MD5	`e409734c3f8bc1f20357881c03d46b48`
SHA1	`819fc85b491a08cbb30fba6e19e7d2f7d42bdf40`
SHA256	`e7b9a85e6e9fac06dfebe6bacc8e267339000ef23d3316e6072ec4c9e53ab0f7`
SHA3	`89badc36a566863a003f090790a433f8c0f60d8325224cdb6dbac29ab73d7b80`
VirtualSize	`0x2d08`
VirtualAddress	`0x63000`
SizeOfRawData	`0x2600`
PointerToRawData	`0x62400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.52405`

.idata

MD5	`6886d13988eb83d994b5685d68b1f637`
SHA1	`9d1d8d3eb118fc1a2333a52008db4dd217732a2e`
SHA256	`184c39208f52f6e31a705b508703e3c46c6f6e569b1f37e21d0333bf05eb5ebb`
SHA3	`f6d712d439eaa00e2724fbc0e70df280987196aa21c84165c1ab0cc853a7c828`
VirtualSize	`0x1be8`
VirtualAddress	`0x66000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0x64a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.52689`

.reloc

MD5	`bddf5aa740e479d42d3d3b8dc5d2f8c0`
SHA1	`a9ec03c9ae824e00aadc0c35ab8670abb616aeff`
SHA256	`70e1df8f154b5554df65a617d8df1324b011729dc30091b57b2abba2ad21240e`
SHA3	`33b0b9676e430d1de26c47226f1d3253baac0dd0223d0c5444a5c2b703f6b07c`
VirtualSize	`0x8cc`
VirtualAddress	`0x68000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x66600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.1745`

Imports

USER32.dll	`GetSystemMetrics` `ShowWindow` `SetTimer` `TrackMouseEvent` `EndPaint` `SetWindowTextA` `GetMonitorInfoA` `DefWindowProcA` `CreateWindowExA` `SetLayeredWindowAttributes` `PostMessageA` `SendMessageA` `SetCursor` `SystemParametersInfoA` `GetClientRect` `PostQuitMessage` `RegisterClassExA` `UpdateWindow` `ReleaseCapture` `InvalidateRect` `ReleaseDC` `BeginPaint` `ScreenToClient` `MonitorFromWindow` `SetWindowPos` `GetWindowRect` `LoadCursorA` `DispatchMessageA` `GetMessageA` `TranslateMessage` `AdjustWindowRectEx`
GDI32.dll	`SelectObject` `DeleteDC` `GetDeviceCaps` `CreateCompatibleBitmap` `DeleteObject`
gdiplus.dll	`GdipAlloc` `GdipDeletePath` `GdipCreateFontFamilyFromName` `GdipAddPathArcI` `GdipSetSmoothingMode` `GdipCreatePath` `GdipSetStringFormatLineAlign` `GdipCreateFont` `GdipCreateSolidFill` `GdipSetStringFormatTrimming` `GdipFillPath` `GdipGraphicsClear` `GdipSetSolidFillColor` `GdipDrawRectangleI` `GdipClosePathFigure` `GdipCloneBrush` `GdipFree` `GdipDrawPath` `GdipDrawString` `GdipCreateFromHDC` `GdipSetTextRenderingHint` `GdipGetSolidFillColor` `GdipSetStringFormatFlags` `GdipSetStringFormatAlign` `GdipCreatePen1` `GdipDeleteFontFamily` `GdiplusShutdown` `GdipDeletePen` `GdipDeleteFont` `GdipDeleteStringFormat` `GdipDeleteGraphics` `GdipFillRectangleI` `GdiplusStartup` `GdipGetStringFormatFlags` `GdipDeleteBrush` `GdipCreateStringFormat`
MSVCP140.dll	`?_Xinvalid_argument@std@@YAXPEBD@Z` `?_Xbad_function_call@std@@YAXXZ` `?_Xlength_error@std@@YAXPEBD@Z` `?_Xout_of_range@std@@YAXPEBD@Z`
SHELL32.dll	`DragFinish` `DragQueryFileA` `DragAcceptFiles`
KERNEL32.dll	`CreateThread` `CreateProcessA` `GetTickCount` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetTickCount64` `IsProcessorFeaturePresent` `GetModuleHandleW` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `GetCurrentProcess` `TerminateProcess` `CloseHandle` `MultiByteToWideChar` `QueryPerformanceCounter` `OutputDebugStringA` `GetModuleFileNameA` `GetStartupInfoW`
VCRUNTIME140.dll	`__std_exception_destroy` `memmove` `memcpy` `__std_exception_copy` `memset` `memcmp` `__C_specific_handler` `_CxxThrowException` `__current_exception` `__current_exception_context`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
api-ms-win-crt-stdio-l1-1-0.dll	`fseek` `_set_fmode` `fread` `__stdio_common_vsprintf` `ftell` `__stdio_common_vsprintf_s` `__stdio_common_vsscanf` `__stdio_common_vfprintf` `fwrite` `__acrt_iob_func` `fopen` `__p__commode` `fclose`
api-ms-win-crt-math-l1-1-0.dll	`tan` `pow` `ceilf` `trunc` `log` `sqrt` `fmod` `fabs` `nan` `floor` `cos` `ceil` `_dtest` `sin` `__setusermatherr` `round`
api-ms-win-crt-runtime-l1-1-0.dll	`_cexit` `_crt_atexit` `_register_onexit_function` `_initialize_onexit_table` `_initialize_narrow_environment` `_seh_filter_exe` `_errno` `_get_narrow_winmain_command_line` `abort` `_initterm` `_initterm_e` `exit` `_exit` `_configure_narrow_argv` `terminate` `_register_thread_local_exe_atexit_callback` `_invoke_watson` `_c_exit` `_set_app_type`
api-ms-win-crt-convert-l1-1-0.dll	`strtoul` `strtol` `strtod` `strtof`
api-ms-win-crt-string-l1-1-0.dll	`isxdigit` `toupper` `strcmp` `isalpha` `isdigit` `tolower` `wcslen` `isspace` `isalnum`
api-ms-win-crt-utility-l1-1-0.dll	`rand`
api-ms-win-crt-heap-l1-1-0.dll	`free` `malloc` `_set_new_mode` `_callnewh`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Apr-18 20:15:13
Version	`0.0`
SizeofData	`740`
AddressOfRawData	`0xdce8`
PointerToRawData	`0xd0e8`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140063040`

RICH Header

XOR Key	`0xe34d95ec`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`16`
ASM objects (35207)	`4`
C objects (35207)	`10`
C++ objects (35207)	`28`
Imports (35207)	`6`
Imports (33145)	`11`
Total imports	`186`
C++ objects (LTCG) (35225)	`1`
Linker (35225)	`1`

Errors

Leave a comment

No comments yet.