Manalyze report for 5313618d93640bb29b66baadf2339de85e593a51715290dadece6d58e039a75e

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1970-Jan-01 00:00:00
Detected languages	English - United States
TLS Callbacks	1 callback(s) detected.
Comments
CompanyName
FileDescription
FileVersion	`6.3.0.0`
InternalName
LegalCopyright
LegalTrademarks
OriginalFilename
ProductName
ProductVersion

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: virus`
Info	Cryptographic algorithms detected in the binary:	`Uses known Mersenne Twister constants`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryW LoadLibraryA GetProcAddress` `Possibly launches other programs: ShellExecuteW` `Manipulates other processes: ReadProcessMemory`
Info	The PE is digitally signed.	`Signer: Cheat Engine EZ` `Issuer: GlobalSign GCC R45 EV CodeSigning CA 2020`
Suspicious	VirusTotal score: 1/69 (Scanned on 2026-05-03 23:56:34)	`Webroot: W32.Hack.Tool`

Hashes

MD5	`0c84c800533ae5dee5923d5351da9923`
SHA1	`b454dec7e2091712fa9ca8909dbc176d1f104c17`
SHA256	`5313618d93640bb29b66baadf2339de85e593a51715290dadece6d58e039a75e`
SHA3	`119f3a03f427f463bad3736f1f8046cc110f12b173abd692143a2dbabc7ecee9`
SSDeep	`12288:h010wHrzPcHFQjL2CVpGzJ+44EZ8B+gugEnoSE5f6:TwLTclQjL2CVpGzJvZ8B+gugEnoSE5f6`
Imports Hash	`9631e1b58a98a01f63ad18824df51ff7`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`7`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`3.0`
SizeOfCode	`0x3cd00`
SizeOfInitializedData	`0x2a04`
SizeOfUninitializedData	`0x2d44`
AddressOfEntryPoint	`0x00001830 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x3e000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x63000`
SizeOfHeaders	`0x400`
Checksum	`0x71b1b`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x1000000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b836a7ceef09df586a46402995d0251e`
SHA1	`226d27ae19b26e1b5c7a3675393bce907b67d40f`
SHA256	`74ebd2681e293a84c9b522fddf4136ab91c5c2302f82251ac3cc16b0ec14682f`
SHA3	`4b05f5bf1b0e3dc083c4f26788969e99fbcec7d0436778eb1b23da9344b53e5a`
VirtualSize	`0x3cd00`
VirtualAddress	`0x1000`
SizeOfRawData	`0x3ce00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.22979`

.data

MD5	`f824f15e50cc2219ffb2e945bd772ac8`
SHA1	`fd4bf1c3a3618189b83347e055a52f93858171ab`
SHA256	`e71aca63cca425c1ada5d37264250f921a77f9a79b25b9d471af333d99ac1b40`
SHA3	`a2d1f6e31e7438010d8cdaaadc75d1b162ade3c46155d3a714588d8d93885da9`
VirtualSize	`0x2a04`
VirtualAddress	`0x3e000`
SizeOfRawData	`0x2c00`
PointerToRawData	`0x3d200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.43156`

.rdata

MD5	`2f2764311e479656cd1bd1c4bfd2afcf`
SHA1	`a75439e4e132718893e10d58892c0ad29fca453d`
SHA256	`613977c68b7208315036229e9cb7a5259839deff9cadf8f3831376456c2c0467`
SHA3	`7158222c743b565f636ff191ec7d80ddff94c3061f7070263b6674322fbe4b98`
VirtualSize	`0xa9b0`
VirtualAddress	`0x41000`
SizeOfRawData	`0xaa00`
PointerToRawData	`0x3fe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.98157`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x2d44`
VirtualAddress	`0x4c000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.CRT

MD5	`7fd3e8b70e59c729d953f0072682717b`
SHA1	`d07e9d852615e82a258fc7ce97c3f5896e34d68b`
SHA256	`4fae58a49a20e90c4438259fabac9422b23b43fd2651e81d593ae156b6ab764c`
SHA3	`fb8d7359154e9f2013a39fa812e4851a08ebdbd14ad31da5b2b09c75b54b6057`
VirtualSize	`0xc`
VirtualAddress	`0x4f000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4a800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0611629`

.idata

MD5	`7661d9cc474e0ec9f3fd6d62d5f58575`
SHA1	`a2cd4587c428cfb0293219bc66e4e502c7da2d50`
SHA256	`b04c4e9d22516a740272f596e761ff9eee63f402a174749a7b59eaaba63472a5`
SHA3	`2b0a0d9ab07598b685edfb0067bbb6598212c6a2353e3a7632d545ce74af961c`
VirtualSize	`0xcc5`
VirtualAddress	`0x50000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x4aa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.70704`

.rsrc

MD5	`d5d7fbdc8f85c28c34db3fb1a64f09aa`
SHA1	`7c65e40af24adacdff6a2ba4424bb05f076176f3`
SHA256	`a483ac7e33cdd017c72f805a63c6b0200c698efafcfa0df265e3c661aa45b7fb`
SHA3	`807f96f1bb3355200ab393c6c7031baf394ccfd69a260c9ba1bf50854b3cefe5`
VirtualSize	`0x112e0`
VirtualAddress	`0x51000`
SizeOfRawData	`0x11400`
PointerToRawData	`0x4b800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.43994`

Imports

kernel32.dll	`GetStdHandle` `GetConsoleMode` `TlsGetValue` `GetLastError` `SetLastError` `RaiseException` `ExitProcess` `GetStartupInfoA` `GetCommandLineA` `GetCurrentProcessId` `GetCurrentThreadId` `GetCurrentProcess` `ReadProcessMemory` `GetModuleFileNameA` `GetModuleHandleA` `WriteFile` `ReadFile` `CloseHandle` `SetFilePointer` `SetEndOfFile` `GetSystemInfo` `LoadLibraryW` `LoadLibraryA` `GetProcAddress` `FreeLibrary` `FormatMessageW` `CreateFileW` `GetFileAttributesW` `GetCurrentDirectoryW` `GetFullPathNameW` `GetConsoleOutputCP` `GetOEMCP` `GetProcessHeap` `HeapAlloc` `HeapFree` `TlsAlloc` `TlsSetValue` `CreateThread` `ExitThread` `LocalAlloc` `LocalFree` `Sleep` `SuspendThread` `ResumeThread` `TerminateThread` `WaitForSingleObject` `SetThreadPriority` `GetThreadPriority` `GetCurrentThread` `OpenThread` `IsDebuggerPresent` `CreateEventA` `ResetEvent` `SetEvent` `InitializeCriticalSection` `DeleteCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `TryEnterCriticalSection` `MultiByteToWideChar` `WideCharToMultiByte` `GetACP` `GetConsoleCP` `RtlUnwind` `EnumResourceTypesA` `EnumResourceNamesA` `EnumResourceLanguagesA` `FindResourceA` `FindResourceExA` `LoadResource` `SizeofResource` `LockResource` `FreeResource` `GetWindowsDirectoryA` `GetVersionExA` `CompareStringA` `GetLocaleInfoA` `GetDateFormatA` `EnumCalendarInfoA` `GetModuleFileNameW` `GetCommandLineW` `CompareStringW` `GetLocaleInfoW` `GetDateFormatW` `FindFirstFileExW` `VirtualFree` `DeviceIoControl` `FindClose` `GetLocalTime` `GetCPInfo` `GetThreadLocale` `SetThreadLocale` `GetUserDefaultLCID`
oleaut32.dll	`SysAllocStringLen` `SysFreeString` `SysReAllocStringLen` `SafeArrayCreate` `SafeArrayRedim` `SafeArrayGetUBound` `SafeArrayGetLBound` `SafeArrayAccessData` `SafeArrayUnaccessData` `SafeArrayGetElement` `SafeArrayPutElement` `SafeArrayPtrOfIndex` `VariantChangeTypeEx` `VariantClear` `VariantCopy` `VariantInit`
user32.dll	`MessageBoxA` `CharUpperBuffW` `CharLowerBuffW` `CharUpperA` `CharUpperBuffA` `CharLowerA` `CharLowerBuffA` `MessageBoxW` `GetSystemMetrics` `MessageBeep`
shell32.dll	`ShellExecuteW`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.29383`
MD5	`b1bd4f48a2c5550220ec09d82eb26e30`
SHA1	`1287c02c9c4671a073b2523970b5e2c20ff7a13c`
SHA256	`07deae1ff951e2ed4725c9430ad3d230b2e84f083da7302541a77fe4fa5ad836`
SHA3	`fbc81e7d64e17d698d99dcc401c6d2bc3ad4608e151f8493007259cb06fcf1cd`

MAINICON

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.98048`
Detected Filetype	Icon file
MD5	`38388dda6548693f4d42f2241a4218d7`
SHA1	`78bedd12a20f97e31e58742381f3d0ca1edb4715`
SHA256	`cd0991dd595a1392452a8c7ccf089e73626bc6eed1fd3f54ee4c6aa7ffbaedba`
SHA3	`9ace1e9f008d60580379cdfdcd4119706c82d52d2e5fdb9e5745fa00864cc1a8`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x268`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.08125`
MD5	`b735928f47844bc4d2a8a2c6326e9806`
SHA1	`d96404e7420e6a8588199e3361a03bafa0ac613b`
SHA256	`3b923486a10d519f5e808b63598f37d4e6dc466790445afef380b5860a709398`
SHA3	`7cf2c6fcd43640a6cd1f9bf97b92e00f02942484960ba52c1be300d756ea158f`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x6f5`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.33957`
MD5	`960c6c60f091c730c4c93e3ca7945841`
SHA1	`4030eaf195e37d43c38c16044def0a2ca87a3498`
SHA256	`6bd8b0f5b60ffdea762cfff00f3c43ee03f9ee2743e17115826b4ddddd0872e4`
SHA3	`44ba5e60145d28682f49d466b5d321d7ab0dd0baad8c0d0afd16799b91df377a`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	6.3.0.0
ProductVersion	0.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
Comments
CompanyName
FileDescription
FileVersion (#2)	6.3.0.0
InternalName
LegalCopyright
LegalTrademarks
OriginalFilename
ProductName
ProductVersion (#2)

Resource LangID	UNKNOWN

TLS Callbacks

StartAddressOfRawData	`0x400000`
EndAddressOfRawData	`0x400000`
AddressOfIndex	`0x440a00`
AddressOfCallbacks	`0x44f000`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x004017B0`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!

Leave a comment

No comments yet.