Manalyze report for 4fcdedbc68eae4b4cfe0eed275316fdf66c9d4a57a98d29a77d0e8f4149cfcbc

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2025-Apr-15 14:03:27
Debug artifacts	ffmpeg.dll.pdb

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Looks for VMWare presence: VMware`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA1` `Uses constants related to SHA256`
Suspicious	The PE is possibly packed.	`Unusual section name found: .gxfg` `Unusual section name found: .retplne`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Safe	VirusTotal score: 0/66 (Scanned on 2026-04-27 21:27:16)	`All the AVs think this file is safe.`

Hashes

MD5	`e3bdb59b37b730647d4a1e44756a730d`
SHA1	`bb435a479fa6956f3d091c927d12c2f71e433c35`
SHA256	`4fcdedbc68eae4b4cfe0eed275316fdf66c9d4a57a98d29a77d0e8f4149cfcbc`
SHA3	`0c8d550fdfb32c82c8d64463bacc218920a1254a6b299b3718c4ca901124e71b`
SSDeep	`49152:0FUWNgdIjHFoDr2XlKVDdusGH6qfLgvsI74i3OQ+Jhp:0F2IDq3CYVDdufU4i6hp`
Imports Hash	`91b8685f04cd4eceae98e68aec559609`

DOS Header

e_magic	`MZ`
e_cblp	`0x78`
e_cp	`0x1`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0`
e_ss	`0`
e_sp	`0`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x78`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`9`
TimeDateStamp	2025-Apr-15 14:03:27
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x23f200`
SizeOfInitializedData	`0x8b400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000098F00 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`A.0`
ImageVersion	`0.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0x3ad000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`2fe57353f7522be8fa4bc82c2ecd4394`
SHA1	`8473d3396dfc4b12a0f3b220f470081b847521dd`
SHA256	`cd800388a16d851bc4830618b4b0e7c165fa449b246e4162bea1cc6edf3f7989`
SHA3	`67bff264c82e08765d0168eaa8475b19f4ed4d97dbf847f3db74adcd2ef3b54b`
VirtualSize	`0x23f125`
VirtualAddress	`0x1000`
SizeOfRawData	`0x23f200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.72589`

.rdata

MD5	`97cce2d0b85bffa878e1ea37a0244efe`
SHA1	`6b6be6e58fb053a86fa34b482dee3b8dbca4513b`
SHA256	`75babe5eefceed3b98693f5d6e4412ca8b863fa1e2da333f692c50eadb5ed096`
SHA3	`4b3fbb2e377b0e7a55e22f246d669dd4080a259187b8b424df75ba846a0a6b56`
VirtualSize	`0x7850c`
VirtualAddress	`0x241000`
SizeOfRawData	`0x78600`
PointerToRawData	`0x23f600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.66231`

.data

MD5	`f46b1245a26e5fa6c4cfc08584ed07ee`
SHA1	`aba5eca793b3bd2515272b171f8df77365661d53`
SHA256	`54e7a0457da4e9189688feda1209e2ccfe215fc4ef456c4d98effe91539bc6dc`
SHA3	`ad076e080309d5a994c7c3d4cccbdf2cd98d0769b7f082ea944718b027849e69`
VirtualSize	`0xdd6d0`
VirtualAddress	`0x2ba000`
SizeOfRawData	`0x2200`
PointerToRawData	`0x2b7c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.61482`

.pdata

MD5	`2c2fccdf61e20b25bd940b5bfe269306`
SHA1	`29091743967f3daa4ed36c445dc8d6ef9f415b12`
SHA256	`82a3230cb4c8ac58ed46d12df0f0567728c448114d675fc2bcc1247357b0dd9c`
SHA3	`4a2f05cb4fb9dd649c6fb8163b95f9286d05c4fe02156a604e6379c155af355f`
VirtualSize	`0xa5e4`
VirtualAddress	`0x398000`
SizeOfRawData	`0xa600`
PointerToRawData	`0x2b9e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.04996`

.gxfg

MD5	`37d95feb4bdca49a0b162a53dfe7c3a7`
SHA1	`6ebb3e30cc34d2ea4f2dd961cc08237cb4f78945`
SHA256	`60545b48b293fc42dddabdc33c05ee8f2ff713b4257520ffbd9c9ec8121606bd`
SHA3	`0a5acb1fb72b5e10ab6dc5eeefec4fdb01a74e5f15ce7dd9b078e09340620b2e`
VirtualSize	`0x2b10`
VirtualAddress	`0x3a3000`
SizeOfRawData	`0x2c00`
PointerToRawData	`0x2c4400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.12598`

.retplne

MD5	`8c950f651287cbc1296bcb4e8cd7e990`
SHA1	`018fcd27ff9f8487c792aecf902a516f00c03d18`
SHA256	`15163cfff9feb802c2e7699f17e01245e54304d28a1650c79f9237de661774e0`
SHA3	`5b66ec3ad2d5f760e44bb32dd7acc837d5364d21154bccafc1c375d2993cd545`
VirtualSize	`0x8c`
VirtualAddress	`0x3a6000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2c7000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`(EMPTY)`
Entropy	`1.05058`

.tls

MD5	`1f354d76203061bfdd5a53dae48d5435`
SHA1	`aa0d33a0c854e073439067876e932688b65cb6a9`
SHA256	`4c6474903705cb450bb6434c29e8854f17d8324efca1fdb9ee9008599060883a`
SHA3	`991fbbd46bbd69198269fe6c247d440e0f8a7d38259b7a1e04b74790301d1d2b`
VirtualSize	`0x9`
VirtualAddress	`0x3a7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2c7200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0203931`

_RDATA

MD5	`dbe536c232ea53bfb272fd598b40b3b4`
SHA1	`0375a7e69034a47f5e1e4b9b4bddf78d1fa9d4dc`
SHA256	`5a26305d83afa6308713c9763eb95074014eada44ca836e83bfc773f93613ee8`
SHA3	`9ca99b6e2afdacc78e9e5fd471bbf73927ec43757ce4e85251f90e4e710d52dc`
VirtualSize	`0x1f4`
VirtualAddress	`0x3a8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2c7400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.19175`

.reloc

MD5	`ab84418c60922c374a05cc7b410ad866`
SHA1	`9015d7a571159af3fbd820ff0d6912d10ea42404`
SHA256	`bff543c5e0384ddfa2168610d16d5fded8fa555b65aaa260bf576c3069e68bad`
SHA3	`c99100578e820ffef9bc1ea85a7bd9fc2260d63a3bf869a250166e6b65dcd89a`
VirtualSize	`0x353c`
VirtualAddress	`0x3a9000`
SizeOfRawData	`0x3600`
PointerToRawData	`0x2c7600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.44733`

Imports

KERNEL32.dll	`AcquireSRWLockExclusive` `CloseHandle` `CompareStringW` `CreateFileW` `CreateThread` `DeleteCriticalSection` `EncodePointer` `EnterCriticalSection` `EnumSystemLocalesW` `ExitProcess` `ExitThread` `FindClose` `FindFirstFileExW` `FindNextFileW` `FlsAlloc` `FlsFree` `FlsGetValue` `FlsSetValue` `FlushFileBuffers` `FreeEnvironmentStringsW` `FreeLibrary` `FreeLibraryAndExitThread` `GetACP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `GetConsoleMode` `GetConsoleOutputCP` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThreadId` `GetDateFormatW` `GetEnvironmentStringsW` `GetFileSizeEx` `GetFileType` `GetLastError` `GetLocaleInfoW` `GetModuleFileNameW` `GetModuleHandleExW` `GetModuleHandleW` `GetOEMCP` `GetProcAddress` `GetProcessAffinityMask` `GetProcessHeap` `GetStartupInfoW` `GetStdHandle` `GetStringTypeW` `GetSystemTimeAsFileTime` `GetTimeFormatW` `GetTimeZoneInformation` `GetUserDefaultLCID` `HeapAlloc` `HeapFree` `HeapQueryInformation` `HeapReAlloc` `HeapSize` `InitOnceBeginInitialize` `InitOnceComplete` `InitializeConditionVariable` `InitializeCriticalSectionAndSpinCount` `InitializeSListHead` `InitializeSRWLock` `InterlockedFlushSList` `IsDebuggerPresent` `IsProcessorFeaturePresent` `IsValidCodePage` `IsValidLocale` `LCMapStringW` `LeaveCriticalSection` `LoadLibraryExW` `MultiByteToWideChar` `QueryPerformanceCounter` `QueryPerformanceFrequency` `RaiseException` `ReadConsoleW` `ReadFile` `ReleaseSRWLockExclusive` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlPcToFileHeader` `RtlUnwind` `RtlUnwindEx` `RtlVirtualUnwind` `SetEnvironmentVariableW` `SetFilePointerEx` `SetLastError` `SetStdHandle` `SetUnhandledExceptionFilter` `Sleep` `SleepConditionVariableSRW` `TerminateProcess` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `UnhandledExceptionFilter` `WaitForSingleObjectEx` `WakeAllConditionVariable` `WakeConditionVariable` `WideCharToMultiByte` `WriteConsoleW` `WriteFile`

Delayed Imports

av_buffer_create

Ordinal	`1`
Address	`0x5abe0`

av_buffer_get_opaque

Ordinal	`2`
Address	`0x5ad40`

av_dict_count

Ordinal	`3`
Address	`0x110ed0`

av_dict_free

Ordinal	`4`
Address	`0x5ba60`

av_dict_get

Ordinal	`5`
Address	`0x5b5b0`

av_dict_set

Ordinal	`6`
Address	`0x5b750`

av_force_cpu_flags

Ordinal	`7`
Address	`0x100e70`

av_frame_alloc

Ordinal	`8`
Address	`0x5ef00`

av_frame_clone

Ordinal	`9`
Address	`0x112b00`

av_frame_free

Ordinal	`10`
Address	`0x5efa0`

av_frame_unref

Ordinal	`11`
Address	`0x5efd0`

av_free

Ordinal	`12`
Address	`0x5fa60`

av_get_bytes_per_sample

Ordinal	`13`
Address	`0x1179c0`

av_get_cpu_flags

Ordinal	`14`
Address	`0x5a310`

av_image_check_size

Ordinal	`15`
Address	`0x1018e0`

av_init_packet

Ordinal	`16`
Address	`0x45b10`

av_log_set_level

Ordinal	`17`
Address	`0x5f370`

av_malloc

Ordinal	`18`
Address	`0x5f990`

av_max_alloc

Ordinal	`19`
Address	`0x5f980`

av_new_packet

Ordinal	`20`
Address	`0x45d40`

av_packet_alloc

Ordinal	`21`
Address	`0x45b60`

av_packet_copy_props

Ordinal	`22`
Address	`0x460f0`

av_packet_free

Ordinal	`23`
Address	`0x45bc0`

av_packet_get_side_data

Ordinal	`24`
Address	`0x8a6f0`

av_packet_unref

Ordinal	`25`
Address	`0x45c90`

av_read_frame

Ordinal	`26`
Address	`0x49db0`

av_rescale_q

Ordinal	`27`
Address	`0x5f610`

av_samples_get_buffer_size

Ordinal	`28`
Address	`0x61730`

av_seek_frame

Ordinal	`29`
Address	`0xfe200`

av_strdup

Ordinal	`30`
Address	`0x5fc50`

av_stream_get_first_dts

Ordinal	`31`
Address	`0x477f0`

av_stream_get_side_data

Ordinal	`32`
Address	`0xe4bc0`

av_strerror

Ordinal	`33`
Address	`0x5bb70`

avcodec_align_dimensions

Ordinal	`34`
Address	`0xdc190`

avcodec_alloc_context3

Ordinal	`35`
Address	`0x458d0`

avcodec_descriptor_get

Ordinal	`36`
Address	`0x42970`

avcodec_descriptor_next

Ordinal	`37`
Address	`0xd0850`

avcodec_find_decoder

Ordinal	`38`
Address	`0x41c10`

avcodec_flush_buffers

Ordinal	`39`
Address	`0xcfb30`

avcodec_free_context

Ordinal	`40`
Address	`0x45a80`

avcodec_get_name

Ordinal	`41`
Address	`0xdc250`

avcodec_open2

Ordinal	`42`
Address	`0x41d20`

avcodec_parameters_to_context

Ordinal	`43`
Address	`0x42fa0`

avcodec_receive_frame

Ordinal	`44`
Address	`0x42320`

avcodec_send_packet

Ordinal	`45`
Address	`0x43410`

avformat_alloc_context

Ordinal	`46`
Address	`0x474c0`

avformat_close_input

Ordinal	`47`
Address	`0x49650`

avformat_find_stream_info

Ordinal	`48`
Address	`0x4af70`

avformat_free_context

Ordinal	`49`
Address	`0x47b20`

avformat_open_input

Ordinal	`50`
Address	`0x49080`

avio_alloc_context

Ordinal	`51`
Address	`0x481e0`

avio_close

Ordinal	`52`
Address	`0x48110`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Apr-15 14:03:27
Version	`0.0`
SizeofData	`39`
AddressOfRawData	`0x2aca38`
PointerToRawData	`0x2ab038`
Referenced File	ffmpeg.dll.pdb

TLS Callbacks

StartAddressOfRawData	`0x1803a7000`
EndAddressOfRawData	`0x1803a7008`
AddressOfIndex	`0x1802bc0f0`
AddressOfCallbacks	`0x1802af0b8`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1802ba040`
GuardCFCheckFunctionPointer	`6445264920`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

Errors

Leave a comment

No comments yet.