Manalyze report for 60687291cf69e6ed3f8a1cdf3316c9038346d15c26d2aecdd48773d11a7fe811

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-May-12 18:10:06
Detected languages	English - United States
CompanyName	Microsoft Corporation
FileDescription	Runtime Broker
FileVersion	`6.2.9200.16384 (win8_rtm.120725-1247)`
InternalName	Runtime Broker
LegalCopyright	Â© Microsoft Corporation. All rights reserved.
OriginalFilename	RuntimeBroker.exe
ProductName	Microsoft Windows Operating System
ProductVersion	`6.2.9200.16384`

Plugin Output

Suspicious	The PE is packed with UPX	`Unusual section name found: UPX0` `Section UPX0 is both writable and executable.` `Unusual section name found: UPX1` `Section UPX1 is both writable and executable.` `The PE only has 8 import(s).`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Functions related to the privilege level: OpenProcessToken`
Info	The PE is digitally signed.	`Signer: Service Health Monitor` `Issuer: Service Health Monitor`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`fd2f8f58508fdf31ac8b430d73abcd5e`
SHA1	`bb96432521e5688c64e680f62d58d7ef845d3e42`
SHA256	`60687291cf69e6ed3f8a1cdf3316c9038346d15c26d2aecdd48773d11a7fe811`
SHA3	`663bae9795adabcd75859db3c2babbe59332ab3d8d133a8d1e88d532a3b30bf0`
SSDeep	`196608:rR2eIbwkurHMuhHToAUPNfGU5vXvcLDdIgZ+E:roHuJhHTodRGkX0HJAE`
Imports Hash	`bbadd88e560afea1d0dd8f728c4701ca`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`3`
TimeDateStamp	2026-May-12 18:10:06
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x1f000`
SizeOfInitializedData	`0x6000`
SizeOfUninitializedData	`0x37000`
AddressOfEntryPoint	`0x00000000000557A0 (Section: UPX1)`
BaseOfCode	`0x38000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x5d000`
SizeOfHeaders	`0x400`
Checksum	`0x6e27ab`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x1e8480`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

UPX0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x37000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

UPX1

MD5	`a0702b1644b0aa8d9fb221dc33edbb6e`
SHA1	`ba47e9477ef358de036c37bb283db8a323585de2`
SHA256	`9e4626d63f6de8c7ddc46fe50707c2d0581c36089af3968a6de51a7ae4dea939`
SHA3	`78321aa8fa0d04d5d7ba0d48ea128abf43d456b5afafa3529805e07a03ecb902`
VirtualSize	`0x1f000`
VirtualAddress	`0x38000`
SizeOfRawData	`0x1e600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99078`

.rsrc

MD5	`7148bb194f92d18f9e4d8e50d1625efe`
SHA1	`10b8a69a6909d70c1695e612cdbde43c53dbe439`
SHA256	`9b8975e1055f50d227e0109287056216af2a91f9ebb1efc2f9b0a648bb822fb8`
SHA3	`28a54859be1070f894120642e8d83af61977f523494f71b8f72ca71c6b450fcf`
VirtualSize	`0x6000`
VirtualAddress	`0x57000`
SizeOfRawData	`0x5800`
PointerToRawData	`0x1ea00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.68309`

Imports

ADVAPI32.dll	`OpenProcessToken`
COMCTL32.dll	`#380`
GDI32.dll	`SelectObject`
KERNEL32.DLL	`LoadLibraryA` `ExitProcess` `GetProcAddress` `VirtualProtect`
USER32.dll	`GetDC`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1de0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.84996`
Detected Filetype	PNG graphic file
MD5	`fdf5ec38f09db115e30039b2d8bb9b58`
SHA1	`31b5c7bfe5abe4ab8692efe7d5a9635b5d3b6812`
SHA256	`7ebdb18a5533df1320d0c11bbc7748c52cd47230128348e60871a014e4ac122d`
SHA3	`3735ff50fbf3a4a14fdf797443766d472d07a8044da1d466b6626f9e3fd197ff`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xdfe`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.88198`
Detected Filetype	PNG graphic file
MD5	`3f3e4fd7b4a1a90ad24bb15de3bb5f93`
SHA1	`365e401d86f7055dfe932dee4f097f76f5e9ad60`
SHA256	`5e8d019495dd3931987c6d386e6116e1bbd38d723db16f0243b13175faedc341`
SHA3	`38ed85b55a480e090ca298bc3779e8b519eabc38b317de7f969f02a3582c1432`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x947`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.85197`
Detected Filetype	PNG graphic file
MD5	`c61359f7cf72af2a94aed4e493b466ea`
SHA1	`1730bc4dad84467018318fb6a558046995d906f2`
SHA256	`0f62a17e38443721f8b44c65956a86fae281fd7c454f5c80dfb412999f066bc8`
SHA3	`902158267b2a8f66cbb5eeda8ca1f7926646f8b0c5b908bb59493b392cadad73`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x623`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.80086`
Detected Filetype	PNG graphic file
MD5	`0ae09b0b69a5ae9c9e18fbeec93bb8e6`
SHA1	`3918c3590ea831f9eea13527f2c67108d0d41990`
SHA256	`af70c38274b7c3b0d81ff0d237f72246d48fcae660a9b4fc261c8e7382fdd74f`
SHA3	`5699b61a6643614c61545b89868d9d11348ad14f81f0fad2167f98216a62c275`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x4d6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.78743`
Detected Filetype	PNG graphic file
MD5	`75452d7bb9d6f4e498c46aa149ca2ec9`
SHA1	`aeda6c8847d777cfde52542e415cfcbdbcc12d63`
SHA256	`b310c1b17408287d87942bff1405d50375d4a37f08905ad8edfd6c35b1ff9cea`
SHA3	`a2d9eb33152b6dba824fd9020087009c6217e1e7d5f11730be52ade688661054`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x3b4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.7434`
Detected Filetype	PNG graphic file
MD5	`cbf9f040b5c2e0ed27cc11ace9e140ab`
SHA1	`8d1c1c50bfea5e5239ccb840d8b6c25098394906`
SHA256	`b9e4ee6c9ddff5c755d25db83c413c9f6eec17428b0ee45963a07e3ebfb27def`
SHA3	`becc320511d4981c1ccc59eb90d60359dfdef6546e1d0bf30dc1e9ed32912567`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x32e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.64902`
Detected Filetype	PNG graphic file
MD5	`abad462ca437d2dc99c0107e094d81da`
SHA1	`40fbd3856b647d0b398a9594185f8816a527ed80`
SHA256	`22c717bfd9a5465e493ebaa97afbe2849f99429ced71eb8d321a18d9ce9f2d43`
SHA3	`4660c548f6b86bfe778cb7f6df02a05e70ba909c05bd232506019c971947cc62`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x264`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.60957`
Detected Filetype	PNG graphic file
MD5	`7435aa29f0cededb635a887421762572`
SHA1	`a20e9ff3796131f1a6edad4c11cc2a77448caba7`
SHA256	`681ea62eabad2627fefa7777629becf3bcd4d4575a8defa3ac9e5b4efa8e75ab`
SHA3	`474d974af540c949d3cfcfb228a5107cb07537aec10ad1d33a0f38f14a60aced`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.08674`
Detected Filetype	PNG graphic file
MD5	`1f34ff7efa7a833bba638de2a69d0047`
SHA1	`36b412441d561af2942fd8cb0b07aaae65875e61`
SHA256	`1649e735461eeab24164c1d4a7679e8a2712215de517edec9f98ef7bec779081`
SHA3	`67686ab916e7efe9b5e0da1223b4781f0125509f5fd6e13c73d21f8ec3aae836`

1 (#2)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.99389`
Detected Filetype	Icon file
MD5	`2f420172502f577ef1eb96211156c46b`
SHA1	`2ea209ec2b39156a6527f86f5c6a8a6b078ad847`
SHA256	`7494e1d8d36591ee5ae44b04b62ed5b08e828ef145512ab6b7893baa2db66c45`
SHA3	`aab97aa14b8babd5938b4e6a3add2b01314a1a153a043e9fc3058bdc285187b4`

1 (#3)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x394`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.53045`
MD5	`5a5d713f99e4b5716788d67b9f90a4a2`
SHA1	`35c7ae311a503d73aca9030854cd810a2000e657`
SHA256	`57c453421ac1a67708117d26b39d1e9b26c67acd67ad6c4c60030303713819cc`
SHA3	`27581182f2ef8e654b819a0ba0abc1eb1ec38022fc190a120fb786287a0e850e`

1 (#4)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x50d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.25791`
MD5	`84da8dee6b319ea0b10b6de5489c6aae`
SHA1	`5f8991f3e065fd95614859a293f88b9c70e4bb23`
SHA256	`abf8f2022f12f350789d961aceaf9ccfd53e7ec58d8c9934cfce77779b4eac11`
SHA3	`08f0562915b54bedce5a84e9d32cb2efcc538268785103b1852338e20a3b4606`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	6.2.9200.16384
ProductVersion	6.2.9200.16384
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Runtime Broker
FileVersion (#2)	6.2.9200.16384 (win8_rtm.120725-1247)
InternalName	Runtime Broker
LegalCopyright	Â© Microsoft Corporation. All rights reserved.
OriginalFilename	RuntimeBroker.exe
ProductName	Microsoft Windows Operating System
ProductVersion (#2)	6.2.9200.16384

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140042040`

RICH Header

XOR Key	`0x8ea371bd`
Unmarked objects	`0`
C++ objects (33145)	`183`
C objects (33145)	`12`
ASM objects (33145)	`11`
253 (35207)	`3`
ASM objects (35207)	`9`
C objects (35207)	`17`
C++ objects (35207)	`40`
Imports (33145)	`11`
Total imports	`159`
C objects (35222)	`27`
Linker (35222)	`1`

Errors

[*] Warning: Section UPX0 has a size of 0!

Leave a comment

No comments yet.