Manalyze report for 564ebc2160dd3cd87640809f9f8f2a6d9ae85922b98fab63f3323278ec30b3be

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-Jun-08 02:26:08
TLS Callbacks	1 callback(s) detected.
Debug artifacts	image-viewer.pdb

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: cmd.exe`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Possibly launches other programs: CreateProcessW` `Uses Windows's Native API: NtWriteFile NtOpenFile NtCreateNamedPipeFile`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`4537a80fc216401517bb467b084241c0`
SHA1	`ea26ff19c32760b1bbf07c66faf2977d1f093416`
SHA256	`564ebc2160dd3cd87640809f9f8f2a6d9ae85922b98fab63f3323278ec30b3be`
SHA3	`dbcdf3c2d1365dc2197ce77c7cb55b51948997fbf7510793aed6dd70d6d5939b`
SSDeep	`3072:9Pwi8DJz89SFLwL1nkHmuqX7L8cTXrqk3WjfNTCG/pkSP:9wxDuIJOkHmxLzGLjfNTCR6`
Imports Hash	`176cb0f7836372734b3bda8eef264eb3`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`5`
TimeDateStamp	2026-Jun-08 02:26:08
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x22600`
SizeOfInitializedData	`0xca00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000219BC (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x33000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b1463a970f9e1d6a0a9c2091a22a2299`
SHA1	`e0d0507023330559932e8436606f223bd4b3d335`
SHA256	`05ed3509a1b548825e9d432d6ad4527a2e1862783e3d1b866c38ba90c84413ee`
SHA3	`4c0451ceffb32b6dd8d96716dcdc314a47bc7d5e63737a8e9d07ed3b378df8bb`
VirtualSize	`0x22563`
VirtualAddress	`0x1000`
SizeOfRawData	`0x22600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.32006`

.rdata

MD5	`6fda174b7a15ec37cb95c1084f8297ad`
SHA1	`aac8d34b78030cce4d99f044bb5c655620457d41`
SHA256	`6033c0a10b60e72580ef1cd51b8963bbe5d26666b6555a729c0f85bfe4935adf`
SHA3	`810a3f3b1cee8d73c30c177e3d6ea1f88d3f0a254f30a93df91abc0aabb59757`
VirtualSize	`0xabf6`
VirtualAddress	`0x24000`
SizeOfRawData	`0xac00`
PointerToRawData	`0x22a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.62151`

.data

MD5	`118cc07e297cb5f76ea90c7548036926`
SHA1	`1ebf72073d7ff5f1c571b3758df45ebe483c7cca`
SHA256	`bd1d62a1c97a904830a7f275a4b478ef8acc0726f9db0135978573825113a05a`
SHA3	`bbf8f14e30b347c42ee4f531382abc774dc76795d626346d01d33bf22050ed62`
VirtualSize	`0x280`
VirtualAddress	`0x2f000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2d600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.28896`

.pdata

MD5	`64e37ac65058707cc317dd71171ae199`
SHA1	`a8c9f13963c6ac4479530149ac8594c8b6a7492b`
SHA256	`c355370a0e62230611f8a3c4f58680c6be8c9b2367f39304f70c53834396f4f5`
SHA3	`7564aa0628ce3f3cda4af376afc95c9cda652b89319e10beaafb5daf121a64e5`
VirtualSize	`0x1590`
VirtualAddress	`0x30000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x2d800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.26095`

.reloc

MD5	`7381d7c332db7808fe60047f0c73451f`
SHA1	`a158ae707a375bfe13bb2b86d5a97d8f51864d3d`
SHA256	`599e085bf09e3ad58a05d936c0307d35564df7ba5601ae41bc51d3e9fff505e0`
SHA3	`b21ed2cc6ca93f90859d085de1e0d3d0f7e7fb2fbafb2236c933e772b35554bf`
VirtualSize	`0x268`
VirtualAddress	`0x32000`
SizeOfRawData	`0x400`
PointerToRawData	`0x2ee00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.91717`

Imports

api-ms-win-core-synch-l1-2-0.dll	`WaitOnAddress` `WakeByAddressAll` `WakeByAddressSingle`
KERNEL32.dll	`IsProcessorFeaturePresent` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `GetCommandLineW` `CloseHandle` `WaitForSingleObject` `GetExitCodeProcess` `GetLastError` `AddVectoredExceptionHandler` `SetThreadStackGuarantee` `GetCurrentThread` `GetProcessHeap` `HeapFree` `HeapReAlloc` `GetCurrentThreadId` `SetLastError` `GetCurrentDirectoryW` `RtlCaptureContext` `GetCurrentProcess` `RtlLookupFunctionEntry` `WaitForSingleObjectEx` `LoadLibraryA` `GetProcAddress` `lstrlenW` `GetCurrentProcessId` `CreateMutexA` `ReleaseMutex` `WideCharToMultiByte` `RtlVirtualUnwind` `GetStdHandle` `GetConsoleMode` `GetConsoleOutputCP` `MultiByteToWideChar` `WriteConsoleW` `HeapAlloc` `GetEnvironmentVariableW` `ReadFileEx` `SleepEx` `WriteFileEx` `GetModuleHandleW` `FormatMessageW` `GetModuleHandleA` `GetFullPathNameW` `ExitProcess` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `CompareStringOrdinal` `GetSystemDirectoryW` `GetWindowsDirectoryW` `CreateProcessW` `GetFileAttributesW` `GetModuleFileNameW` `DuplicateHandle` `CreateFileW` `CreateThread` `GetSystemTimeAsFileTime` `IsDebuggerPresent` `InitializeSListHead` `QueryPerformanceCounter`
ntdll.dll	`NtWriteFile` `RtlNtStatusToDosError` `NtOpenFile` `NtCreateNamedPipeFile`
VCRUNTIME140.dll	`memmove` `__CxxFrameHandler3` `memcpy` `memcmp` `memset` `__current_exception_context` `__C_specific_handler` `__current_exception`
api-ms-win-crt-runtime-l1-1-0.dll	`_set_app_type` `__p___argc` `__p___argv` `_cexit` `_c_exit` `_register_thread_local_exe_atexit_callback` `_initterm_e` `_initterm` `_exit` `_initialize_onexit_table` `_register_onexit_function` `_crt_atexit` `terminate` `_get_initial_narrow_environment` `_initialize_narrow_environment` `_seh_filter_exe` `_configure_narrow_argv` `exit`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-stdio-l1-1-0.dll	`__p__commode` `_set_fmode`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-heap-l1-1-0.dll	`free` `_set_new_mode`

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Jun-08 02:26:08
Version	`0.0`
SizeofData	`41`
AddressOfRawData	`0x2a26c`
PointerToRawData	`0x28c6c`
Referenced File	image-viewer.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Jun-08 02:26:08
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x2a298`
PointerToRawData	`0x28c98`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Jun-08 02:26:08
Version	`0.0`
SizeofData	`816`
AddressOfRawData	`0x2a2ac`
PointerToRawData	`0x28cac`

TLS Callbacks

StartAddressOfRawData	`0x14002a600`
EndAddressOfRawData	`0x14002a658`
AddressOfIndex	`0x14002f1ec`
AddressOfCallbacks	`0x1400243d0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`0x00000001400109A0`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14002f0c0`

RICH Header

XOR Key	`0xfece8403`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`10`
Imports (33731)	`2`
ASM objects (33731)	`3`
C objects (33731)	`9`
C++ objects (33731)	`22`
Imports (33145)	`5`
Total imports	`103`
Unmarked objects (#2)	`4`
Linker (33821)	`1`

Errors

Leave a comment

No comments yet.