Manalyze report for 60a8882c16694f2ee6ae2341237ca08d

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Feb-06 10:43:36
Detected languages	English - United States
Debug artifacts	E:\000_DotNETProjects\0_Learning\Csh\000_Testing\test_xll_cpp\x64\Release\test_xll_cpp.pdb

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to security software: rshell.exe` `May have dropper capabilities: Programs\Startup` `Contains obfuscated function names: 12 30 21 05 27 3a 36 14 31 31 27 30 26 26` `Contains a XORed PE executable: 01 3d 3c 26 75 25 27 3a 32 27 34 38 75 36 34 3b 3b 3a 21 75 ...`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress` `Possibly launches other programs: ShellExecuteW ShellExecuteA` `Can create temporary files: GetTempPathW CreateFileW`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`60a8882c16694f2ee6ae2341237ca08d`
SHA1	`0c037e5be59896cadfc8c05821de90c7fe8e3bc5`
SHA256	`742c4f3d3dd1683cb6018509bafec389e7411803371cbc1d0c65ee63082b093c`
SHA3	`ce90f40c5b91a664293da3fbd6360094b0c27c4f611a21d12e3849b8da8ba412`
SSDeep	`12288:8JjZdCbSYQ5PBfL40rQ4GJcCPgU1rs/uHomJzzKqONDdUW+9L10:kjm6pLlSPgms/uHomJzeJDuW`
Imports Hash	`2aaf905b1715ea6c8e4d7616b200fa24`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2026-Feb-06 10:43:36
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x4200`
SizeOfInitializedData	`0xba200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000004404 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xc3000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`4fcbdca7ed59222a7f13d21fc4d6228c`
SHA1	`2b83f117b58ae32cb90fb9202243bc8dc8e14384`
SHA256	`9e3350339716f2cbc94c91eebb08481b8b4ae4942ee54051e1969cfa7bb488cb`
SHA3	`42868defea32cda140395b6353d5fd8b972dc10219e8ad97f70c3729b501edeb`
VirtualSize	`0x40df`
VirtualAddress	`0x1000`
SizeOfRawData	`0x4200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.11832`

.rdata

MD5	`d515dd47bb1386a1bf984395d630e28b`
SHA1	`ad0bc051d019d3fd84b5b2c3ca72926b5ee283d9`
SHA256	`58365b2cd70876822da40a22ee540eeb6b6187f107c5b22dd0ab1d9ec920e588`
SHA3	`6679a1bbfa742c1a42e2a4eddbed5b51087cf2ae42f47adc4b05cfd6ceb9093a`
VirtualSize	`0xb6500`
VirtualAddress	`0x6000`
SizeOfRawData	`0xb6600`
PointerToRawData	`0x4600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.61656`

.data

MD5	`55cccd5964e3f7c2d46e1daa14e6e09a`
SHA1	`b55ffb741dc67e48ddea68a4a68714d3328a2396`
SHA256	`7a34bfaf511727d736d4d68a87ca6fa4986b60b9d9e528c5c48d3c419a057c72`
SHA3	`e46e895ebdaf92982e9e6ec98ec5a81aa25295adecb5225d67c30ecc215f7df8`
VirtualSize	`0x9d0`
VirtualAddress	`0xbd000`
SizeOfRawData	`0x400`
PointerToRawData	`0xbac00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.13939`

.pdata

MD5	`2748aad11f520c484f24dd09a47402c3`
SHA1	`3bd44569e081781d841ebe06af4a0bd6f45bd0d8`
SHA256	`60e8f22cadb2720dc8c3275121487cc2e1c7f54e6ab2883b37dd1fbbc886df04`
SHA3	`8201f70797dd860ef903fd8265859b950eb1f82672a670c550a3001a01d6b146`
VirtualSize	`0x594`
VirtualAddress	`0xbe000`
SizeOfRawData	`0x600`
PointerToRawData	`0xbb000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.37158`

.rsrc

MD5	`c043ddee572da0100202ac75c7ecf568`
SHA1	`5e43fd6dfd73c3a1998e85c685acae6f742eb993`
SHA256	`7b2871b2ff144ba332ab1fecc760f5274c46f1cf978a63ec6523e9ea4a54dbe0`
SHA3	`8bc234091008cb7ea84bb505964e1c7c71ede1a2db2ccd79097b8b8e0d949b42`
VirtualSize	`0x2990`
VirtualAddress	`0xbf000`
SizeOfRawData	`0x2a00`
PointerToRawData	`0xbb600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.74958`

.reloc

MD5	`e679ef4029704b2ea26c20f6500f2b0f`
SHA1	`67c55736f30933d79f7adc93f0e6f47cd09efad2`
SHA256	`3f0ea122c823c3d2cc1144bef21cc8bd1dc78c302a279078c68f387df74d129a`
SHA3	`be35edf6c26f60624f834518ed9efc3c81fd6ca116ee261e9dd899520989b64b`
VirtualSize	`0x9c`
VirtualAddress	`0xc2000`
SizeOfRawData	`0x200`
PointerToRawData	`0xbe000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.03551`

Imports

KERNEL32.dll	`SizeofResource` `WriteFile` `GetTempPathW` `CreateFileW` `LockResource` `DeleteFileW` `CloseHandle` `LoadLibraryW` `LoadResource` `FindResourceW` `GetProcAddress` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `IsDebuggerPresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlCaptureContext`
SHELL32.dll	`ShellExecuteW` `ShellExecuteA`
MSVCP140.dll	`??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z` `?always_noconv@codecvt_base@std@@QEBA_NXZ` `?_Xbad_alloc@std@@YAXXZ` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ` `??1_Lockit@std@@QEAA@XZ` `??0_Lockit@std@@QEAA@H@Z` `?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ` `?_Id_cnt@id@locale@std@@0HA` `?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z` `?_Xlength_error@std@@YAXPEBD@Z` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`__std_terminate` `__std_exception_destroy` `memcpy` `__C_specific_handler` `memset` `_CxxThrowException` `__std_exception_copy` `__std_type_info_destroy_list` `memmove`
api-ms-win-crt-stdio-l1-1-0.dll	`fgetpos` `fwrite` `fsetpos` `fread` `fgetc` `fclose` `fflush` `_fseeki64` `fputc` `setvbuf` `ungetc` `_get_stream_buffer_pointers`
api-ms-win-crt-runtime-l1-1-0.dll	`_cexit` `_initterm` `_initterm_e` `_seh_filter_dll` `_initialize_narrow_environment` `_crt_atexit` `_execute_onexit_table` `_invoke_watson` `_initialize_onexit_table` `_register_onexit_function` `_configure_narrow_argv`
api-ms-win-crt-filesystem-l1-1-0.dll	`_lock_file` `_unlock_file`
api-ms-win-crt-heap-l1-1-0.dll	`free` `malloc` `_callnewh`

Delayed Imports

xlAutoOpen

Ordinal	`1`
Address	`0x1bc0`

101

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2770`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.82096`
Detected Filetype	Microsoft Office Open XML Format
Detected Filetype (#2)	Zip Compressed Archive
MD5	`dd9fd29c1716fd905db63964127615ac`
SHA1	`d97267007afae24a020f046b4a6ec7915d519510`
SHA256	`7aef6fdcda0dae18142df037d0b2587d8f2419fab4a610983c6691d2fa7b38cd`
SHA3	`cbdba1c723eeb55cd54df48031961e749c2d5b21e9918da6e5fb48ba5557e21e`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Feb-06 10:43:36
Version	`0.0`
SizeofData	`115`
AddressOfRawData	`0xba968`
PointerToRawData	`0xb8f68`
Referenced File	E:\000_DotNETProjects\0_Learning\Csh\000_Testing\test_xll_cpp\x64\Release\test_xll_cpp.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Feb-06 10:43:36
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0xba9dc`
PointerToRawData	`0xb8fdc`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Feb-06 10:43:36
Version	`0.0`
SizeofData	`756`
AddressOfRawData	`0xba9f0`
PointerToRawData	`0xb8ff0`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2026-Feb-06 10:43:36
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1800bd040`

RICH Header

XOR Key	`0xb861f131`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`8`
ASM objects (35207)	`3`
C objects (35207)	`8`
C++ objects (35207)	`18`
Imports (35207)	`6`
Imports (33140)	`5`
Total imports	`112`
C++ objects (LTCG) (35216)	`1`
Exports (35216)	`1`
Resource objects (35216)	`1`
151	`1`
Linker (35216)	`1`

60a8882c16694f2ee6ae2341237ca08d

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

xlAutoOpen

101

2

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors