Manalyze report for 5fad59654841f3d1883ad1c2424ca6a6

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Jan-14 18:47:07
Detected languages	English - United States
Debug artifacts	C:\Users\sunny\Desktop\imgui-1.92.5\imgui-1.92.5\examples\example_win32_directx11\Release\hope.pdb

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains another PE executable: This program cannot be run in DOS mode.` `Contains domain names: anthropic.com api.anthropic.com api.deepseek.com api.openai.com deepseek.com generativelanguage.googleapis.com github.com googleapis.com http://www.fontsmith.comFeatherBoldFeather http://www.fontsmith.comFontsmith http://www.w3.org http://www.w3.org/1999/xlink http://www.w3.org/2000/svg http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd https://github.com openai.com svgrepo.com www.svgrepo.com www.w3.org`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses known Mersenne Twister constants`
Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Code injection capabilities: OpenProcess VirtualAllocEx CreateRemoteThread WriteProcessMemory` `Code injection capabilities (mapping injection): CreateFileMappingA CreateRemoteThread MapViewOfFile` `Possibly launches other programs: CreateProcessW ShellExecuteW ShellExecuteA` `Uses functions commonly found in keyloggers: MapVirtualKeyW CallNextHookEx GetAsyncKeyState GetForegroundWindow` `Memory manipulation functions often used by packers: VirtualAllocEx VirtualProtect` `Has Internet access capabilities: WinHttpQueryDataAvailable WinHttpConnect WinHttpSendRequest WinHttpCloseHandle WinHttpOpenRequest WinHttpReadData WinHttpQueryHeaders WinHttpAddRequestHeaders WinHttpOpen WinHttpReceiveResponse WinHttpCrackUrl` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges` `Manipulates other processes: OpenProcess Process32NextW Process32FirstW WriteProcessMemory` `Can take screenshots: GetDC CreateCompatibleDC BitBlt` `Reads the contents of the clipboard: GetClipboardData`
Malicious	The PE is possibly a dropper.	`Resource 101 detected as a PE Executable.`
Info	The PE is digitally signed.	`Signer: Ofradr.Inc` `Issuer: Ofradr.Inc`
Malicious	VirusTotal score: 38/72 (Scanned on 2026-01-31 12:02:07)	`ALYac: Trojan.GenericKD.78371664` `AVG: Win64:MalwareX-gen [Trj]` `AhnLab-V3: Trojan/Win.Agent.C5838517` `Antiy-AVL: Trojan/Win32.Sabsik` `Arcabit: Trojan.Generic.D4ABDB50` `Avast: Win64:MalwareX-gen [Trj]` `BitDefender: Trojan.GenericKD.78371664` `Bkav: W64.AIDetectMalware` `CAT-QuickHeal: Trojan.Ghanarava.17696885544ca6a6` `CTX: exe.trojan.generic` `Cynet: Malicious (score: 99)` `Elastic: malicious (high confidence)` `Emsisoft: Trojan.GenericKD.78371664 (B)` `Fortinet: W32/PossibleThreat` `GData: Trojan.GenericKD.78371664` `Google: Detected` `Ikarus: Trojan.Win64.Krypt` `K7AntiVirus: Riskware ( 00584baa1 )` `K7GW: Riskware ( 00584baa1 )` `Kaspersky: Trojan.Win32.Agent.xcbywh` `Kingsoft: Win32.Trojan.Agent.xcbywh` `Lionic: Trojan.Win32.Agent.Y!c` `Malwarebytes: Malware.AI.1410446724` `McAfeeD: ti!FF2D976705B2` `MicroWorld-eScan: Trojan.GenericKD.78371664` `Microsoft: Trojan:Win32/Wacatac.B!ml` `Paloalto: generic.ml` `Sangfor: Trojan.Win32.Agent.Vpse` `Skyhigh: Artemis!Trojan` `Sophos: Mal/Generic-S` `Symantec: ML.Attribute.HighConfidence` `Tencent: Malware.Win32.Gencirc.11e3c0a7` `TrellixENS: Artemis!5FAD59654841` `TrendMicro-HouseCall: TROJ_GEN.R002H09AH26` `VBA32: Trojan.Agent` `VIPRE: Trojan.GenericKD.78371664` `Varist: W64/ABTrojan.KDPJ-0270` `alibabacloud: Trojan:Win/Agent.xzqcvk`

Hashes

MD5	`5fad59654841f3d1883ad1c2424ca6a6`
SHA1	`9ee7fc0fdfc5348dcc6e3dfcc5de61af77490715`
SHA256	`ff2d976705b2396a1adf1bf52e648283abcd64da5fd8ecdeb90623b625307f3d`
SHA3	`0b8bde66e4b2a7a7ff524c5380bc9fb417ada14c606c970f4ce260f14f0edb2f`
SSDeep	`24576:QFBA6ZcJuZdiSy2BEHp2AoABbqGGETUL6iTnYHGReK6:Qn3fZdiSfBGoAuTTnYG6`
Imports Hash	`e5c72f89066c586ff28299fbfdc86113`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2026-Jan-14 18:47:07
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xe9400`
SizeOfInitializedData	`0x84a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000AFB64 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x172000`
SizeOfHeaders	`0x400`
Checksum	`0x173ff0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`64edeb7d1e2ea73b2ae5d6ab278b4d5d`
SHA1	`51954588f7c3ba72cb0529fa22536507c34a3a89`
SHA256	`6c6e17dd042504ecea34853fbae26c350c499c8fc7527c01a0de7a1328f4b2da`
SHA3	`0113266113870a3516dc8752c3dd62c9b10194b409a87ccc9823e4c05466c387`
VirtualSize	`0xe9250`
VirtualAddress	`0x1000`
SizeOfRawData	`0xe9400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.55506`

.rdata

MD5	`02a6545beacf66f77129909a7254180a`
SHA1	`55f23258e7663aff6756419526d3aa8015da47d6`
SHA256	`40df04e7c26d28d9a3a1f3f4e865952984c4f40fbb07273aede8c07aab02b75f`
SHA3	`e1275760a64bd07c2dba4f932e679cfad51de4281da4b21d058acc73534f43c1`
VirtualSize	`0x408ba`
VirtualAddress	`0xeb000`
SizeOfRawData	`0x40a00`
PointerToRawData	`0xe9800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.65448`

.data

MD5	`403178bcf98a3b6fa03d7ef9313b1c78`
SHA1	`2c460df2af12f276d226a1729dd234dca53b3b6e`
SHA256	`241d8e8dfd8416aa372002a4e49b37be1507014dde096641e52528325a19d93d`
SHA3	`828cfebeb85c536b8919f485bb494d87c32a40804a163d97f950fe67ead5c512`
VirtualSize	`0x1e0a4`
VirtualAddress	`0x12c000`
SizeOfRawData	`0x1c600`
PointerToRawData	`0x12a200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.00798`

.pdata

MD5	`ff50aa24ec820a4d68aacb64471c5660`
SHA1	`6cddcff7e9e9061b9ed51f74e1f6492df4286a99`
SHA256	`b01f7bf61b2a1125125a6e212e37c124bba8304f0b11d4850f2b30c16ac82b75`
SHA3	`7b994ac142b8d5f194bed3dcedf993dddb42da5b72cd68486da50690bdaa5c1c`
VirtualSize	`0x9e40`
VirtualAddress	`0x14b000`
SizeOfRawData	`0xa000`
PointerToRawData	`0x146800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.09705`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x100`
VirtualAddress	`0x155000`
SizeOfRawData	`0x200`
PointerToRawData	`0x150800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`e65fffb2c30e82ba297cf102557f957e`
SHA1	`748448e680df42654cc188e7fcd66e9041be0ff4`
SHA256	`a2e13383910f32a70d6c6e9f05fd74b677a8dfa0ae3c7729ad0613d2903b102d`
SHA3	`11ac87f5bc21d6079e6a99f3d88f9602455f4e7e71d14d0015b6ec877011f1ea`
VirtualSize	`0x1ac28`
VirtualAddress	`0x156000`
SizeOfRawData	`0x1ae00`
PointerToRawData	`0x150a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.91053`

.reloc

MD5	`0e77eb77930ba6b38de61014cea3441c`
SHA1	`d888c98c1569de337c7d1f855e165606d686c630`
SHA256	`11af5302acc248c57855f987ab80d18f84c9078a3574372cce60722422f1f662`
SHA3	`2d4434cd9dc96aaa9bfaac5e2cb1746090c3260e80c251ad5ec3d61c8da3b8d0`
VirtualSize	`0xcd8`
VirtualAddress	`0x171000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x16b800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.22621`

Imports

d3d11.dll	`D3D11CreateDeviceAndSwapChain`
D3DCOMPILER_47.dll	`D3DCompile`
KERNEL32.dll	`GetModuleFileNameW` `WaitForSingleObject` `GetCurrentThreadId` `UnmapViewOfFile` `OpenProcess` `CreateToolhelp32Snapshot` `Sleep` `GetTickCount64` `Process32NextW` `Process32FirstW` `CloseHandle` `VirtualAllocEx` `CreateFileMappingA` `ExitProcess` `GetCurrentProcessId` `CreateProcessW` `GetModuleHandleW` `CreateRemoteThread` `VirtualFreeEx` `MapViewOfFile` `GetTickCount` `GetFileSizeEx` `GetConsoleOutputCP` `FlushFileBuffers` `EnumSystemLocalesW` `GetUserDefaultLCID` `IsValidLocale` `GetLocaleInfoW` `LCMapStringW` `CompareStringW` `VirtualProtect` `FlsFree` `FlsSetValue` `FlsGetValue` `FlsAlloc` `HeapFree` `HeapAlloc` `ReadConsoleW` `GetConsoleMode` `GetCurrentProcess` `SetFilePointerEx` `WriteFile` `FreeLibraryAndExitThread` `ExitThread` `CreateThread` `TerminateProcess` `CreateFileW` `WriteConsoleW` `GetModuleHandleExW` `GetFileType` `GetStdHandle` `ReadFile` `LoadLibraryExW` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `InitializeCriticalSectionAndSpinCount` `SetLastError` `GetLastError` `RaiseException` `RtlPcToFileHeader` `RtlUnwindEx` `WriteProcessMemory` `QueryPerformanceCounter` `FreeLibrary` `GetProcAddress` `QueryPerformanceFrequency` `LoadLibraryA` `GetLocaleInfoA` `GlobalUnlock` `WideCharToMultiByte` `GlobalLock` `GlobalFree` `GetCPInfo` `GetStringTypeW` `SetEndOfFile` `GetProcessHeap` `SetEnvironmentVariableW` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GlobalAlloc` `MultiByteToWideChar` `HeapSize` `RtlUnwind` `GetCommandLineW` `GetCommandLineA` `GetOEMCP` `GetACP` `OutputDebugStringW` `IsValidCodePage` `FindNextFileW` `FindFirstFileExW` `FindClose` `HeapReAlloc` `GetTimeZoneInformation` `SetStdHandle` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `WakeAllConditionVariable` `SleepConditionVariableSRW` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetSystemTimeAsFileTime` `InitializeSListHead` `TryAcquireSRWLockExclusive` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionEx` `DeleteCriticalSection` `EncodePointer` `DecodePointer` `LCMapStringEx`
USER32.dll	`ReleaseDC` `OpenClipboard` `ReleaseCapture` `IsWindowUnicode` `SetProcessDPIAware` `CloseClipboard` `EmptyClipboard` `GetClipboardData` `GetCursorPos` `SetCursorPos` `SetWindowDisplayAffinity` `GetClientRect` `DefWindowProcW` `PostMessageW` `MapVirtualKeyW` `GetWindowRect` `SetWindowPos` `CreateWindowExW` `CallNextHookEx` `GetSystemMetrics` `GetClassNameA` `RegisterClassExW` `WindowFromPoint` `GetThreadDesktop` `ShowWindow` `GetKeyNameTextA` `GetAsyncKeyState` `CloseDesktop` `DispatchMessageW` `PeekMessageW` `SetCursor` `UnhookWindowsHookEx` `SetLayeredWindowAttributes` `OpenInputDesktop` `TranslateMessage` `SetWindowsHookExW` `ToUnicode` `GetUserObjectInformationW` `PostQuitMessage` `PtInRect` `GetAncestor` `GetKeyState` `GetMessageExtraInfo` `GetDC` `ScreenToClient` `GetCapture` `ClientToScreen` `TrackMouseEvent` `GetKeyboardLayout` `GetForegroundWindow` `LoadCursorW` `SetCapture` `SetClipboardData`
GDI32.dll	`DeleteDC` `DeleteObject` `CreateCompatibleDC` `BitBlt` `CreateCompatibleBitmap` `SelectObject`
ADVAPI32.dll	`OpenProcessToken` `LookupPrivilegeValueW` `AdjustTokenPrivileges`
SHELL32.dll	`ShellExecuteW` `ShellExecuteA`
ole32.dll	`CoCreateInstance` `CoUninitialize` `CreateStreamOnHGlobal` `CoInitializeEx`
OLEAUT32.dll	`SysStringLen` `SysFreeString`
IMM32.dll	`ImmSetCompositionWindow` `ImmReleaseContext` `ImmGetContext` `ImmSetCandidateWindow`
WINHTTP.dll	`WinHttpQueryDataAvailable` `WinHttpConnect` `WinHttpSendRequest` `WinHttpCloseHandle` `WinHttpOpenRequest` `WinHttpReadData` `WinHttpQueryHeaders` `WinHttpAddRequestHeaders` `WinHttpOpen` `WinHttpReceiveResponse` `WinHttpCrackUrl`
gdiplus.dll	`GdipBitmapUnlockBits` `GdipAlloc` `GdipCreateBitmapFromHBITMAP` `GdipGetImageEncoders` `GdipFree` `GdipBitmapLockBits` `GdipSaveImageToStream` `GdipCloneImage` `GdiplusShutdown` `GdiplusStartup` `GdipDisposeImage` `GdipGetImageEncodersSize`

Delayed Imports

101

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1aa00`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.92508`
Detected Filetype	PE Executable
MD5	`49ee5aba3ca12f9148d2c4cd93079bef`
SHA1	`54439ad60b8a8a2cbcc714abf8c1d83e2bf9038c`
SHA256	`e5e54e3ebe1ddd3c0a1b637dd3488c13657a8fdd7d7df5659c5d45f469baa8dc`
SHA3	`b79c0c7aca651576659546bc69caa00b64d7694c9dbebbeb1a24e4c412a7d866`

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x184`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91862`
MD5	`3250787fdcd75aa2587529b89c7738b2`
SHA1	`622b5627941ecee9cfe6179c3017bbf7b43fffaa`
SHA256	`8b0de2e560d8476fb0013b44f1e10c2789ae71e0353866890dc5f9c57fb1f44a`
SHA3	`6bf4f0eaf6795c219d4d808caa895dcb53f7fe9c81e92ce03da1db7841bfcd3d`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Jan-14 18:47:07
Version	`0.0`
SizeofData	`123`
AddressOfRawData	`0x119f1c`
PointerToRawData	`0x11871c`
Referenced File	C:\Users\sunny\Desktop\imgui-1.92.5\imgui-1.92.5\examples\example_win32_directx11\Release\hope.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Jan-14 18:47:07
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x119f98`
PointerToRawData	`0x118798`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Jan-14 18:47:07
Version	`0.0`
SizeofData	`1052`
AddressOfRawData	`0x119fac`
PointerToRawData	`0x1187ac`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2026-Jan-14 18:47:07
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x14011a410`
EndAddressOfRawData	`0x14011a418`
AddressOfIndex	`0x1401484a8`
AddressOfCallbacks	`0x1400eb8b8`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14012c040`

RICH Header

XOR Key	`0x7df3f722`
Unmarked objects	`0`
C++ objects (33145)	`196`
C objects (33145)	`35`
ASM objects (33145)	`25`
ASM objects (35207)	`10`
C objects (35207)	`18`
C++ objects (35207)	`93`
Imports (33145)	`27`
Total imports	`272`
C++ objects (LTCG) (35221)	`8`
Resource objects (35221)	`1`
151	`1`
Linker (35221)	`1`

5fad59654841f3d1883ad1c2424ca6a6

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.fptable

.rsrc

.reloc

Imports

Delayed Imports

101

1

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors