Manalyze report for 571ca9768d7b7a96678cf75a24024977f16b2031d263f07a9ad34661c4dee615

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Apr-14 09:43:49
Detected languages	English - United States
Debug artifacts	C:\test\mssip32\x64\Release\mssip32.pdb

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to security software: bundle.exe` `Miscellaneous malware strings: cmd.exe` `Contains domain names: dl.multiextension.com geo.opera.com http://194.87.138.68 http://194.87.138.68/setup.exe','C http://dl.multiextension.com http://dl.multiextension.com/setup-win32-bundle.exe','C https://net.geo.opera.com https://net.geo.opera.com/opera/stable?utm_medium multiextension.com net.geo.opera.com opera.com`
Malicious	The PE contains functions mostly used by malware.	`Can access the registry: RegSetValueExW RegCreateKeyExW RegCloseKey` `Possibly launches other programs: CreateProcessW` `Functions related to the privilege level: OpenProcessToken`
Suspicious	The file contains overlay data.	`12288 bytes of data starting at offset 0x4200.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`7e4ee8d6755541748745b88b9dd5b499`
SHA1	`3bf45cd5d797cd121d2d4f17bfeba133647cd6fd`
SHA256	`571ca9768d7b7a96678cf75a24024977f16b2031d263f07a9ad34661c4dee615`
SHA3	`119c7dd85e2f1b1e25d36c55db264ce0984c93078317c7142289a06e05983cc2`
SSDeep	`384:phZZrCh4wPDJGtB4rV0mnY4MgUM9JWeHHC9sYSLknpLjdg:LZ0lbr+L4gMDNHFL4Z`
Imports Hash	`59e404eb82dcd25f68ffe732d191c751`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2026-Apr-14 09:43:49
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x1600`
SizeOfInitializedData	`0x2800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001AF4 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x9000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`db3a1ec4dadb90dbcb789f12b2740c66`
SHA1	`be6a2d90dedb08371fd5ffb2f6bc714ddb3ee41d`
SHA256	`2b0273cf5377869a93534ac4577d7c7d75d352a039261dc17688c8dbe886b0a6`
SHA3	`a0679b471df1dcb854976965d3d31f5193e2f39ed9afb4fc237ae42fdcd08da1`
VirtualSize	`0x1488`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.89765`

.rdata

MD5	`79303dfb9d5bf72a948657d6a2a4be07`
SHA1	`e43bc6cb559b44e993d2574c1905d783b03dfdd5`
SHA256	`49785e755b31924a05b94b6abe37abfab1b56a96047dc2f577064f98cd2e1e7d`
SHA3	`3554a47bcb969c5b0f12235c9f2fb21aaa4577589ce889bc82f35949f1cd06b8`
VirtualSize	`0x1de0`
VirtualAddress	`0x3000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0x1a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.1296`

.data

MD5	`21fe78f3192d0eb150dee52038fd836d`
SHA1	`a8afd532719371b17b9e1f59448ca66f9a5bda59`
SHA256	`a14dd027485630ab7db105f24fafc06fe665b8b5a1c1b4e987f026812e4d2c91`
SHA3	`4d8e1ce520a477eb128dd77df44594ba4a2d3418f8b1fb9ccbaed8443839693c`
VirtualSize	`0x118`
VirtualAddress	`0x5000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.517653`

.pdata

MD5	`931da36d460292757c69ccb3ca1d89ce`
SHA1	`fd1795234fe55204bc7032ae447f3bff49825f37`
SHA256	`367f5d6b629ba1d5d8f3fec5e491d03ad43ee1c4abf4cf4b21a56d18ff5e34c0`
SHA3	`3be0d7f9043f0e243ef381f1015d8cb77ca148df4fd24da02285b3e236378c93`
VirtualSize	`0x210`
VirtualAddress	`0x6000`
SizeOfRawData	`0x400`
PointerToRawData	`0x3a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.29845`

.rsrc

MD5	`74421ade29ae659aa6b7217dd935979e`
SHA1	`dced4cc99cbea0a5455dffd54e2e246a0fc2ca18`
SHA256	`719c24aac5529e19e2b4dee43bc11eb1d8d10b081ba3f35b0eeb9df2e2eaea83`
SHA3	`bb11f1600ba2a5afe88f7cd664cb4583363d840867f5e40962d9aed2872ed681`
VirtualSize	`0xf8`
VirtualAddress	`0x7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.51196`

.reloc

MD5	`8e2b2f835db3099501a0f98ebfe6d7dd`
SHA1	`2ca30425ec30ab6fa02b0c1a1760cc5f2f4df1d3`
SHA256	`5a7f536672716dc65d7f97fd22d5e336070ef1c7144d86fb13be6553ab20da20`
SHA3	`c3d5c49a9c9b9e6ba699e470608b093da7570c029186c127f8801c1f457b2a19`
VirtualSize	`0x30`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.589084`

Imports

KERNEL32.dll	`GetCurrentProcess` `GetFileAttributesW` `CopyFileW` `Sleep` `DisableThreadLibraryCalls` `GetCurrentProcessId` `GetModuleFileNameW` `GetModuleHandleW` `CloseHandle` `WaitForSingleObject` `CreateProcessW` `ExitProcess` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `QueryPerformanceCounter`
ADVAPI32.dll	`RegSetValueExW` `RegCreateKeyExW` `GetTokenInformation` `OpenProcessToken` `RegCloseKey`
VCRUNTIME140.dll	`__std_type_info_destroy_list` `__C_specific_handler` `wcsrchr` `memcpy` `memset`
api-ms-win-crt-stdio-l1-1-0.dll	`__stdio_common_vswprintf`
api-ms-win-crt-string-l1-1-0.dll	`wcscpy_s`
api-ms-win-crt-runtime-l1-1-0.dll	`_execute_onexit_table` `_cexit` `_initialize_onexit_table` `_initterm` `_seh_filter_dll` `_initialize_narrow_environment` `_configure_narrow_argv` `_initterm_e`

Delayed Imports

curl_easy_cleanup

Ordinal	`1`
Address	`0x1750`

curl_easy_init

Ordinal	`2`
Address	`0x1720`

curl_easy_perform

Ordinal	`3`
Address	`0x1740`

curl_easy_setopt

Ordinal	`4`
Address	`0x1760`

curl_global_cleanup

Ordinal	`5`
Address	`0x1750`

curl_global_init

Ordinal	`6`
Address	`0x1750`

curl_version

Ordinal	`7`
Address	`0x1770`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x91`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.8858`
MD5	`f7ad1eab748bc07570a57ec87787cf90`
SHA1	`0b1608da9fef218386e825db575c65616826d9f4`
SHA256	`d2952e57023848a37fb0f21f0dfb38c9000f610ac2b00c2f128511dfd68bde04`
SHA3	`6c9541b36948c19ae507d74223621875b3af4064f7cd8200bdb97e15a047e96a`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Apr-14 09:43:49
Version	`0.0`
SizeofData	`64`
AddressOfRawData	`0x42d0`
PointerToRawData	`0x2cd0`
Referenced File	C:\test\mssip32\x64\Release\mssip32.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Apr-14 09:43:49
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x4310`
PointerToRawData	`0x2d10`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Apr-14 09:43:49
Version	`0.0`
SizeofData	`600`
AddressOfRawData	`0x4324`
PointerToRawData	`0x2d24`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2026-Apr-14 09:43:49
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x180005000`

RICH Header

XOR Key	`0x2ca449ca`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`6`
Imports (35403)	`2`
ASM objects (35403)	`4`
C objects (35403)	`8`
C++ objects (35403)	`11`
Imports (33145)	`5`
Total imports	`44`
C++ objects (LTCG) (35722)	`2`
Exports (35722)	`1`
Resource objects (35722)	`1`
Linker (35722)	`1`

Errors

Leave a comment

No comments yet.