Manalyze report for 5a99e5beabadba3cc94466f8f1256df6

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2024-Dec-26 18:24:50
Detected languages	English - United States
Debug artifacts	C:\Users\ivank\source\repos\skeet\Release\steam.pdb

Plugin Output

Malicious	The PE contains functions mostly used by malware.	`Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Code injection capabilities: WriteProcessMemory OpenProcess VirtualAllocEx CreateRemoteThread` `Manipulates other processes: WriteProcessMemory OpenProcess Process32NextW Process32FirstW`
Malicious	VirusTotal score: 10/72 (Scanned on 2024-12-26 19:27:36)	`APEX: Malicious` `CrowdStrike: win/malicious_confidence_70% (D)` `Cylance: Unsafe` `Cynet: Malicious (score: 100)` `MaxSecure: Trojan.Malware.300983.susgen` `McAfeeD: ti!4ACF549BE6AF` `Microsoft: Trojan:Win32/Sabsik.FL.A!ml` `Rising: Trojan.Kryptik@AI.82 (RDML:D4mrzZbTO8Gtaw8Q8ECS8Q)` `SentinelOne: Static AI - Malicious PE` `Trapmine: suspicious.low.ml.score`

Hashes

MD5	`5a99e5beabadba3cc94466f8f1256df6`
SHA1	`049082a232f681f93e27f7aa34c7e896f1d53391`
SHA256	`4acf549be6af1caadb7d86ed294de8495c4343dd4d9d6b439f8d5543013d304f`
SHA3	`eb06dbcead5bc6126f4383ec46e3539294fc954e6101c615b7616ae581ff864e`
SSDeep	`384:gm9SzxPcLMvrYxmj6bw6+poiXxyd6dB2+gucEgFjI8xabRZMvPuuaAgC87KMlds:mrUBs6RhwdyPkRGXuuafC87B6W`
Imports Hash	`8638d3164b5b468d505978d5a5f58962`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2024-Dec-26 18:24:50
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x4000`
SizeOfInitializedData	`0x2a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00003FA8 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x5000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xa000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e5d60c864d27334f9ce3a8ae34fce724`
SHA1	`5a37ecf4f7ecb0e98a435448596c434a6a2cc303`
SHA256	`0b28fb7237ad7ee46a0b716292c5916af5b86a75fa37069ac2e1a87084235f6d`
SHA3	`79296fa39c2cc197454c0e34d9c97c8731f1e5c35caeaede25888f51e8e59c86`
VirtualSize	`0x3eab`
VirtualAddress	`0x1000`
SizeOfRawData	`0x4000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.27805`

.rdata

MD5	`210c50e2753e62bf43d95580181c9c15`
SHA1	`2307c0fa4b8c845d7af67aa3f91f9509cae2c995`
SHA256	`21215b6d63e4027b929563e8a7ecda61c17694b45296cb97b010e33fb58587a4`
SHA3	`f40fde1374adb32ce2e9f69d8657a61cd18ddf086e3204b3f6db7166c7b061bb`
VirtualSize	`0x1af8`
VirtualAddress	`0x5000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0x4400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.41091`

.data

MD5	`ebb9ea8dcbfccbd69ae601fa8772fa9b`
SHA1	`15a2f7a7cbc6e1a20cf9717d52894914f7fe4e68`
SHA256	`95847966fc390d225bfbc188e60a4061c40e4eabbc7bba2c6f28bf0540e1d5b9`
SHA3	`f75d155dc2659a871b99312528ed8c785cd16a8dbfe53235b7b3611d57dcbeb1`
VirtualSize	`0x568`
VirtualAddress	`0x7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.01819`

.rsrc

MD5	`aab75a50651b831a187cc100e6f72a34`
SHA1	`3610a3599548b540ce1e7415ab3d1d9e494bfafc`
SHA256	`743c930cfc250a37933a363239f3f5fe452c616f8e90f4647cc5ada97fc5a596`
SHA3	`56ef1f74069b791eaeea78c24f5a58989b8a7709ab212d50b105f01dab4714a0`
VirtualSize	`0x1e8`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.75077`

.reloc

MD5	`af32ec5edf7c3d3724668f45d076ba45`
SHA1	`6b1dffd41692f6f738014377d41ffb5e397e9f53`
SHA256	`7b2c145d757b6f818037fe0ae01cf88938241f847956d4f157557d53b02d7d81`
SHA3	`37910e55cc25712831d3952275bce12f4124bcdd67650100e6b9202d4ab4557f`
VirtualSize	`0x4a4`
VirtualAddress	`0x9000`
SizeOfRawData	`0x600`
PointerToRawData	`0x6400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.63798`

Imports

KERNEL32.dll	`WriteProcessMemory` `SetConsoleTitleA` `WaitForSingleObject` `GetModuleHandleA` `OpenProcess` `CreateToolhelp32Snapshot` `Process32NextW` `Process32FirstW` `CloseHandle` `GetProcAddress` `VirtualAllocEx` `CreateRemoteThread` `GetCurrentDirectoryW` `AreFileApisANSI` `GetLastError` `GetModuleHandleW` `WideCharToMultiByte` `LocalFree` `FormatMessageA` `GetLocaleInfoEx` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsDebuggerPresent` `InitializeSListHead` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `GetCurrentProcessId` `QueryPerformanceCounter` `IsProcessorFeaturePresent`
MSVCP140.dll	`?uncaught_exceptions@std@@YAHXZ` `?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?_Winerror_map@std@@YAHH@Z` `?_Xlength_error@std@@YAXPBD@Z` `?_Syserror_map@std@@YAPBDH@Z` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z` `?good@ios_base@std@@QBE_NXZ` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z`
VCRUNTIME140.dll	`memmove` `__CxxFrameHandler3` `__std_exception_destroy` `__std_exception_copy` `__std_terminate` `_CxxThrowException` `__current_exception` `__current_exception_context` `memset` `memcpy` `_except_handler4_common`
api-ms-win-crt-heap-l1-1-0.dll	`malloc` `_callnewh` `free` `_set_new_mode`
api-ms-win-crt-runtime-l1-1-0.dll	`_invalid_parameter_noinfo_noreturn` `terminate` `_initialize_onexit_table` `_register_thread_local_exe_atexit_callback` `_register_onexit_function` `_cexit` `_controlfp_s` `_exit` `exit` `_initterm_e` `_initterm` `_get_initial_narrow_environment` `_initialize_narrow_environment` `_configure_narrow_argv` `_crt_atexit` `_set_app_type` `_seh_filter_exe` `__p___argv` `_c_exit` `__p___argc`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale` `___lc_codepage_func`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-stdio-l1-1-0.dll	`__p__commode` `_set_fmode`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2024-Dec-26 18:24:50
Version	`0.0`
SizeofData	`76`
AddressOfRawData	`0x5924`
PointerToRawData	`0x4d24`
Referenced File	C:\Users\ivank\source\repos\skeet\Release\steam.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2024-Dec-26 18:24:50
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x5970`
PointerToRawData	`0x4d70`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2024-Dec-26 18:24:50
Version	`0.0`
SizeofData	`692`
AddressOfRawData	`0x5984`
PointerToRawData	`0x4d84`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2024-Dec-26 18:24:50
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0xc0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x407000`
SEHandlerTable	`0x405880`
SEHandlerCount	`14`

RICH Header

XOR Key	`0x82d79e1f`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`10`
ASM objects (34321)	`1`
C objects (34321)	`12`
C++ objects (34321)	`26`
Imports (34321)	`4`
Imports (33138)	`3`
Total imports	`127`
C++ objects (LTCG) (34435)	`1`
Resource objects (34435)	`1`
Linker (34435)	`1`

5a99e5beabadba3cc94466f8f1256df6

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors