Manalyze report for 4fa43e7c203b1e6f7f2fb6da9abd061c

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Feb-07 19:53:52
Detected languages	English - United States

Plugin Output

Info	Libraries used to perform cryptographic operations:	`Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found: .ud1` `Unusual section name found: .7+X` `Unusual section name found: .\|\~`
Suspicious	The PE contains functions most legitimate programs don't use.	`Uses Microsoft's cryptographic API: CryptGenRandom` `Leverages the raw socket API to access the Internet: bind`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`4fa43e7c203b1e6f7f2fb6da9abd061c`
SHA1	`9f2a732fc76a25d3613e16b0f6133783d4d1dd35`
SHA256	`40d5d6ff09b99b1ce80afbc528173e723d0e7591c573335b38880f13c790cc95`
SHA3	`aa37f5053088568732b161c0872e825f113c8fd6ae8322738d1af2e2ad74f489`
SSDeep	`196608:J7YEalCb3bAbdcigIJSnyfjE8LEMLXq15PyHUCJNhgoFLpFbc6cgOZ711VrNvQU:hYRlAMZch0Y8LEIafmh1gwvgbj`
Imports Hash	`e4d2117d5c4c345d164d5b0685231bfe`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`9`
TimeDateStamp	2026-Feb-07 19:53:52
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x15b200`
SizeOfInitializedData	`0x10f000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000D4BE5E (Section: .\|\~)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x19d2000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x15b0a3`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.rdata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x9924a`
VirtualAddress	`0x15d000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.data

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x65568`
VirtualAddress	`0x1f7000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.pdata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xed90`
VirtualAddress	`0x25d000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.ud1

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x8666e3`
VirtualAddress	`0x26c000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.7+X

MD5	`d0c4ea7f2191943acf75af1ce7728694`
SHA1	`eb453dacd04cc11997cd939f6a07df7fd40921c2`
SHA256	`426b4e16ca4474e4ee015af8eb70948e280ffbca8f0f72a4fee2f732cabdf193`
SHA3	`d2a2cd72654bf7cfa159c8fbbddaed53ccfa92e334040ef2910aecfd05f5c64d`
VirtualSize	`0x200`
VirtualAddress	`0xad3000`
SizeOfRawData	`0x200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.68266`

.|\~

MD5	`c63a82e74c5aa4b73f578f562e87b361`
SHA1	`aa6d2c3d4aa20cde39f24d78fc3612e371be9771`
SHA256	`360fb2dc7cd7e01851e263b4fbd959dc123a0dcdadd4857c556855ee4c937b47`
SHA3	`38649b78c7d022666577fd5284644ba2f58eb6c05490e7044fa9a7eab8242698`
VirtualSize	`0xefbb3c`
VirtualAddress	`0xad4000`
SizeOfRawData	`0xefbc00`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`7.84084`

.rsrc

MD5	`b31f40c1df609d65efcc4960f52af74e`
SHA1	`ea36542e1bb607bf8060584a3444c82f4ff9f9db`
SHA256	`557d84baf9681543756b47b22f7a2604f0ea9b256de87f34ffa5be49c272943b`
SHA3	`f256468b9a46eae0d82c6399be7b722f6c1e7614d51f8c05ecd0d5b97b245d61`
VirtualSize	`0x1e0`
VirtualAddress	`0x19d0000`
SizeOfRawData	`0x200`
PointerToRawData	`0xefc200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.76442`

.reloc

MD5	`2a7e39f741e29a2e9abd1777b3ef5f0e`
SHA1	`f1422e41453256eb5f5458374d351fc6a846668d`
SHA256	`12ad6d9f789f29a551253e9267e228951a3f2a5c5e5428ced9595b8a9c2beb96`
SHA3	`90759e546780ac770b6f174208835b21640578418c54aa0285631584731ef19a`
VirtualSize	`0x110`
VirtualAddress	`0x19d1000`
SizeOfRawData	`0x200`
PointerToRawData	`0xefc400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.65197`

Imports

d3dx9_43.dll	`D3DXMatrixTranspose`
d3dx11_43.dll	`D3DX11CreateShaderResourceViewFromMemory`
d3d11.dll	`D3D11CreateDeviceAndSwapChain`
KERNEL32.dll	`GetCurrentProcessId`
USER32.dll	`GetForegroundWindow`
ADVAPI32.dll	`CryptGenRandom`
MSVCP140.dll	`??1_Lockit@std@@QEAA@XZ`
WS2_32.dll	`bind`
Normaliz.dll	`IdnToAscii`
CRYPT32.dll	`CertFreeCertificateChain`
WLDAP32.dll	`#217`
ntdll.dll	`ZwWriteVirtualMemory`
IMM32.dll	`ImmSetCandidateWindow`
D3DCOMPILER_47.dll	`D3DCompile`
dwmapi.dll	`DwmExtendFrameIntoClientArea`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`__RTtypeid`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode`
api-ms-win-crt-string-l1-1-0.dll	`strncpy`
api-ms-win-crt-convert-l1-1-0.dll	`strtol`
api-ms-win-crt-runtime-l1-1-0.dll	`_c_exit`
api-ms-win-crt-stdio-l1-1-0.dll	`__acrt_iob_func`
api-ms-win-crt-math-l1-1-0.dll	`ceilf`
api-ms-win-crt-utility-l1-1-0.dll	`qsort`
api-ms-win-crt-filesystem-l1-1-0.dll	`_unlock_file`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-environment-l1-1-0.dll	`_wgetenv`
api-ms-win-crt-time-l1-1-0.dll	`_gmtime64`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

Version Info

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1401f7080`

RICH Header

Errors

[!] Error: Could not reach the TLS callback table.
[*] Warning: Section .text has a size of 0!
[*] Warning: Section .rdata has a size of 0!
[*] Warning: Section .data has a size of 0!
[*] Warning: Section .pdata has a size of 0!
[*] Warning: Section .ud1 has a size of 0!