Manalyze report for 4eb7d64fade63938b3125d7d273ba935b5086eecc34d1b954d762d7b88535213

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-Jan-19 02:31:27
Detected languages	English - United States
Debug artifacts	C:\Users\Administrador\source\repos\Testando\x64\Debug\Testando.pdb

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Suspicious	The PE is possibly packed.	`Section .textbss is both writable and executable.` `Unusual section name found: .msvcjmc`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW LoadLibraryA LoadLibraryW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Can create temporary files: GetTempPathW CreateFileW` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc`
Malicious	VirusTotal score: 5/65 (Scanned on 2026-05-06 01:39:06)	`CrowdStrike: win/malicious_confidence_90% (W)` `DeepInstinct: MALICIOUS` `Google: Detected` `Ikarus: Trojan.Win64.Krypt` `MaxSecure: Trojan.Malware.300983.susgen`

Hashes

MD5	`ddc42c31be8c1bd7a8549c48eace8db4`
SHA1	`6c72c14a6d1c94e9fe724d0bde83e78d894593d1`
SHA256	`4eb7d64fade63938b3125d7d273ba935b5086eecc34d1b954d762d7b88535213`
SHA3	`cf7de3395e653120a81a41703d86be57a6effda15f8d9fd93ac9b5fa25a96190`
SSDeep	`12288:908yS/Y85Mo8F4roVNLQ6MnyPQ/JiaeqU:Br5F8GoVNLQ6oT2L`
Imports Hash	`d2d499edb4dd587abcc3b417d62d9929`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`10`
TimeDateStamp	2026-Jan-19 02:31:27
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xcc600`
SizeOfInitializedData	`0x31000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000063446 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x165000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.textbss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x604df`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.text

MD5	`a9a3432a05d4486f244fb9cdfecb536c`
SHA1	`0bea0ff9fcdcf8a0cde278b2cf7a62b134677523`
SHA256	`c857f67a069fed12065c58ee242539f69510394bd3b6e4fcdc233cb117f2bd0c`
SHA3	`f90071cc2c5735bf18de80ad6764b96fe6e1f2ee334c2c6b9f7fda738881f5ad`
VirtualSize	`0xcc511`
VirtualAddress	`0x62000`
SizeOfRawData	`0xcc600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.04659`

.rdata

MD5	`1f12afc287c59a240510fa1e66a1323d`
SHA1	`4df8b21eb38ccdc8b0d2cdd6fdc33c734cd359a0`
SHA256	`0efc981fb936d3c8c50c3014cb371985a08c29f7b523cb9013933f6e6307163f`
SHA3	`417453d2f42afa15d34da9585abeb438587e6e7d3a4bf322e789e0f91cb94210`
VirtualSize	`0x20574`
VirtualAddress	`0x12f000`
SizeOfRawData	`0x20600`
PointerToRawData	`0xcca00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.28334`

.data

MD5	`85f50c63baa3888ded9e85f47eb6eded`
SHA1	`f811bdc329d3c11b48652b09a8f493b6e412b67c`
SHA256	`e0c6ec0b596c9ddd9246fc2ecc96b63733ce61d1caf43ec03e738625da90adb5`
SHA3	`ad8e088748345e50c4a6a68aee2d907f665abc3b8fee02c985713e5b44240aaf`
VirtualSize	`0x1288`
VirtualAddress	`0x150000`
SizeOfRawData	`0xa00`
PointerToRawData	`0xed000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.00362`

.pdata

MD5	`35c3dbf0657ea6cca62321174935ba52`
SHA1	`89285750628fe295c62a72c9deb9aeb960f2386c`
SHA256	`86cfdcdae6104472f23a86911620a3af2e42ba2c811d6cc2ed41b920fabc53b3`
SHA3	`92489fafdc9b918674283fca8fc571456db6d423ac7d37389d0713fc1a6543c9`
VirtualSize	`0xa578`
VirtualAddress	`0x152000`
SizeOfRawData	`0xa600`
PointerToRawData	`0xeda00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.89327`

.idata

MD5	`1cbfe9b4c26a84d97bb2166e02880e64`
SHA1	`3d95e02c3a4bd4f610a2473f962af73ef88de98c`
SHA256	`793b9e89816e524d64c84cb54b9fa1d2f532902081abdcc2c3ca89fad39b1900`
SHA3	`ccb4b2b68dbdfed9709fc0ed230ef2edc642ea3c31e2f7eb42587c7620d620ee`
VirtualSize	`0x2575`
VirtualAddress	`0x15d000`
SizeOfRawData	`0x2600`
PointerToRawData	`0xf8000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.15461`

.msvcjmc

MD5	`1f5e04caab1f24af0d053aabfe01dbf3`
SHA1	`54f7bc86ea58f0fcd41dd93a927af1dd32bec197`
SHA256	`4c15fb4bd536507a5a9b90de161c3abf7059d368d9b01097adc62068fc5dced9`
SHA3	`ebcf1ddca5f3e8ea4128ef38ea4ce292ba171a7471428642d715c4097cd0b998`
VirtualSize	`0xaec`
VirtualAddress	`0x160000`
SizeOfRawData	`0xc00`
PointerToRawData	`0xfa600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.894178`

.00cfg

MD5	`9a3553f0441bb8bbe368a3a442a22465`
SHA1	`1b3a343c0bd8e856b6c069931359593670e1d9e3`
SHA256	`ed3ca79fe9bb016e048d06cca621df95ef5ed766cd08148b3dbfb8591acdca02`
SHA3	`63e9cc32e409892210e756b8128ea6f74d0843d7f3907cd3c2c068c147d8b5b5`
VirtualSize	`0x175`
VirtualAddress	`0x161000`
SizeOfRawData	`0x200`
PointerToRawData	`0xfb200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.490171`

.rsrc

MD5	`101924a3ea316c4e4aa414c107d8c6d2`
SHA1	`e52eaa6f0ebce94ad004da20a048580461639241`
SHA256	`9b4680e177688286d0696f747e25ae7a049212d678f452a79fae2940a12a936b`
SHA3	`57b24c8ef8e34076f1cc9d7a90f468d7765ef09520702590380c16c0117e5681`
VirtualSize	`0x43c`
VirtualAddress	`0x162000`
SizeOfRawData	`0x600`
PointerToRawData	`0xfb400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.14297`

.reloc

MD5	`1217c9b331f11c761a31c9719fbe2515`
SHA1	`86d3571139b364aaadb7c9be8a60d960cb7c8fed`
SHA256	`2cbe5b1f019f10da95b0dd5148250ec5d448cddc72a530dbb7cd012d44f7c4eb`
SHA3	`303c80086b537ec274a0d62f2748e77f591a31527e153b666098badc2d2eb3ff`
VirtualSize	`0x144c`
VirtualAddress	`0x163000`
SizeOfRawData	`0x1600`
PointerToRawData	`0xfba00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.71844`

Imports

KERNEL32.dll	`GetCurrentThreadId` `VirtualProtect` `CloseHandle` `AddVectoredExceptionHandler` `RemoveVectoredExceptionHandler` `GetCurrentProcessId` `OpenThread` `GetThreadContext` `SetThreadContext` `CreateToolhelp32Snapshot` `Thread32First` `Thread32Next` `FreeLibrary` `GetModuleHandleA` `GetProcAddress` `LoadLibraryExW` `LoadResource` `LockResource` `SizeofResource` `FindResourceW` `LoadLibraryA` `LoadLibraryW` `SetDllDirectoryW` `VirtualQuery` `GetSystemInfo` `VirtualAlloc` `VirtualFree` `GetLastError` `HeapCreate` `HeapDestroy` `HeapAlloc` `HeapReAlloc` `HeapFree` `Sleep` `GetCurrentProcess` `SuspendThread` `ResumeThread` `FlushInstructionCache` `GetModuleHandleW` `GetSystemTimeAsFileTime` `QueryPerformanceCounter` `GetProcessHeap` `GetStartupInfoW` `IsProcessorFeaturePresent` `TerminateProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `RaiseException` `IsDebuggerPresent` `WideCharToMultiByte` `MultiByteToWideChar` `CreateSymbolicLinkW` `GetFileInformationByHandleEx` `CreateHardLinkW` `MoveFileExW` `CopyFileW` `CreateDirectoryExW` `DeviceIoControl` `AreFileApisANSI` `GetTempPathW` `SetFileTime` `SetFileInformationByHandle` `SetFileAttributesW` `GetFullPathNameW` `GetFinalPathNameByHandleW` `GetFileInformationByHandle` `GetFileAttributesExW` `GetFileAttributesW` `GetDiskFreeSpaceExW` `FindNextFileW` `FindFirstFileExW` `FindFirstFileW` `FindClose` `CreateFileW` `CreateDirectoryW` `GetCurrentDirectoryW` `SetCurrentDirectoryW` `GetLocaleInfoEx` `FormatMessageA` `LocalFree` `InitializeSListHead`
MSVCP140D.dll	`??1_Lockit@std@@QEAA@XZ` `?_Xlength_error@std@@YAXPEBD@Z` `?_Xout_of_range@std@@YAXPEBD@Z` `?_Xbad_function_call@std@@YAXXZ` `?_Xbad_alloc@std@@YAXXZ` `?uncaught_exception@std@@YA_NXZ` `?_Syserror_map@std@@YAPEBDH@Z` `?_Winerror_map@std@@YAHH@Z` `?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ` `?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ` `?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ` `?good@ios_base@std@@QEBA_NXZ` `?flags@ios_base@std@@QEBAHXZ` `?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?width@ios_base@std@@QEBA_JXZ` `?width@ios_base@std@@QEAA_J_J@Z` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ` `?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ` `?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `??0_Lockit@std@@QEAA@H@Z`
VCRUNTIME140D.dll	`__std_exception_copy` `__std_exception_destroy` `_CxxThrowException` `memmove` `memcpy` `memset` `memchr` `memcmp` `strstr` `__C_specific_handler` `__current_exception` `__current_exception_context` `__C_specific_handler_noexcept` `__vcrt_GetModuleFileNameW` `__vcrt_GetModuleHandleW` `__vcrt_LoadLibraryExW` `__std_type_info_destroy_list`
VCRUNTIME140_1D.dll	`__CxxFrameHandler4`
ucrtbased.dll	`_get_initial_narrow_environment` `_initterm` `_initterm_e` `_exit` `_set_fmode` `__p___argc` `__p___argv` `_c_exit` `_seh_filter_exe` `_configthreadlocale` `_set_new_mode` `__p__commode` `_wmakepath_s` `_wsplitpath_s` `wcscpy_s` `_open` `__setusermatherr` `_read` `_write` `__stdio_common_vsprintf_s` `strcat_s` `strcpy_s` `terminate` `_CrtDbgReportW` `_cexit` `_crt_at_quick_exit` `_crt_atexit` `_execute_onexit_table` `_register_onexit_function` `_initialize_onexit_table` `_initialize_narrow_environment` `_configure_narrow_argv` `_seh_filter_dll` `_close` `_callnewh` `_malloc_dbg` `_free_dbg` `abort` `___lc_codepage_func` `_rotl` `strerror` `_errno` `_lseeki64` `_wopen` `wcstombs` `malloc` `free` `__stdio_common_vsprintf` `strtoul` `strlen` `ceilf` `_calloc_dbg` `strtol` `calloc` `wcslen` `tolower` `__stdio_common_vfprintf` `__acrt_iob_func` `_CrtDbgReport` `exit` `_invoke_watson` `_set_app_type` `_register_thread_local_exe_atexit_callback` `_wcsicmp`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Jan-19 02:31:27
Version	`0.0`
SizeofData	`92`
AddressOfRawData	`0x142068`
PointerToRawData	`0xdfa68`
Referenced File	C:\Users\Administrador\source\repos\Testando\x64\Debug\Testando.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Jan-19 02:31:27
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x1420c4`
PointerToRawData	`0xdfac4`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1401502c0`

RICH Header

XOR Key	`0xe2d8c91d`
Unmarked objects	`0`
253 (35207)	`4`
ASM objects (35207)	`4`
C objects (35207)	`11`
C++ objects (35207)	`35`
Imports (35207)	`6`
Imports (33140)	`5`
Total imports	`191`
C++ objects (35217)	`4`
C objects (35217)	`20`
Resource objects (35217)	`1`
Linker (35217)	`1`

Errors

[*] Warning: Section .textbss has a size of 0!

Leave a comment

No comments yet.