Manalyze report for 65ad03490ea8dde9092cf7acab758cd7fd19512ebb45c3451e745f74be623746

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Feb-24 12:22:08
Detected languages	English - United States Portuguese - Brazil
CompanyName	http://bladeknight109.com
FileDescription	Client
FileVersion	`6.0.6.0`
InternalName	Client
LegalCopyright	Copyright Â© 2022 by BladeKnight109
LegalTrademarks	Trademarks Â® 2022 BladeKnight109
OriginalFilename	Client.dll
ProductName	Client
ProductVersion	`6.0.6.0`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: bladeknight109.com enigmaprotector.com http://bladeknight109.com https://enigmaprotector.com`
Suspicious	The PE is possibly packed.	`Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Section .data is both writable and executable.`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Can access the registry: RegCloseKey` `Possibly launches other programs: ShellExecuteA` `Has Internet access capabilities: InternetGetConnectedState` `Leverages the raw socket API to access the Internet: recv` `Manipulates other processes: EnumProcessModules`
Info	The PE's resources present abnormal characteristics.	`Resource 103 is possibly compressed or encrypted.` `Resource 105 is possibly compressed or encrypted.` `Resource 106 is possibly compressed or encrypted.`
Info	The PE is digitally signed.	`Signer: BladeKnight109 Co.` `Issuer: BladeKnight109 Co.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`01fe3e0de11c1cc4221567e87d696364`
SHA1	`a249753e4f073e86a846ad6197e19ecc2df0a2da`
SHA256	`65ad03490ea8dde9092cf7acab758cd7fd19512ebb45c3451e745f74be623746`
SHA3	`ce7acddaa791f06bd399547a87561d23c4875417cc975f42eb637793d96fa14f`
SSDeep	`49152:SZ5sAMXvmqV5ieKiQMX/+b2SxWIOdY9PEHMXUS+chB49gE4DvylA8Prs:SIR/mqVPQbb2/ld7ISGPE4DvyBPrs`
Imports Hash	`7f2001da73f830629f597733b3293217`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	2026-Feb-24 12:22:08
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`10.0`
SizeOfCode	`0x97600`
SizeOfInitializedData	`0xa0600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x013FE524 (Section: .data)`
BaseOfCode	`0x1000`
BaseOfData	`0x99000`
ImageBase	`0x10000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x1402000`
SizeOfHeaders	`0x400`
Checksum	`0x30f175`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x2000`
SizeofHeapReserve	`0x200000`
SizeofHeapCommit	`0x2000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

Section_1

MD5	`46b5ccdaf3d4e2997cb78e8c9753c941`
SHA1	`420dfe22b76df0f69f6d42378d5f822c95ae60fa`
SHA256	`620c11d4bf72cc5370f2410ab356cb8b3f36387b38e5afab304c8458a65eb134`
SHA3	`210a6ab2906281af80f72ef4fdde0f9d47383b25b83485f70377a88f4ae54190`
VirtualSize	`0x98000`
VirtualAddress	`0x1000`
SizeOfRawData	`0x48200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99931`

Section_2

MD5	`9aae6eaa1babb1315026c5a2a9599e94`
SHA1	`cae58ae8992bf8c62ffb9de34d1621f57f85fada`
SHA256	`6162c3ee96e82b034e33efaf6f22b036c4de39910d8b5b8e9851ad79196ff373`
SHA3	`1d249b733cf3458084d9af499b94bec68ae466b62e5d14894d26108c251664e1`
VirtualSize	`0x23000`
VirtualAddress	`0x99000`
SizeOfRawData	`0x9000`
PointerToRawData	`0x48600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99403`

Section_3

MD5	`15a7ee65e16b43a12945f1be577789b5`
SHA1	`083356196634aa86edc05d700b39f6acb49ae908`
SHA256	`12a303323deaa9cbc01685be261a1c6919a506ca298e7626c9234f0039f95469`
SHA3	`34b6fb6e15fed30c8e0f9591d3d6e894f639a52ed40ed89e1aff5f816639ad8d`
VirtualSize	`0x863000`
VirtualAddress	`0xbc000`
SizeOfRawData	`0x600`
PointerToRawData	`0x51600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.89891`

Section_4

MD5	`5c6e49a5520da94e8bc52d0fc083db31`
SHA1	`c48736959d2353c8515d9b676bf06d482ab1393e`
SHA256	`cd7f444d6ee1f40bd78d851aa96954f35abf1f7d4edee0f1477add71654a1032`
SHA3	`c17c4f35e2002917287d714e5ead7f46e710608f8e7fbcee58b5c3c739593130`
VirtualSize	`0x6c000`
VirtualAddress	`0x91f000`
SizeOfRawData	`0x49a00`
PointerToRawData	`0x51c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99925`

Section_5

MD5	`0c7103f68c9c94821aced1ede8f04ea1`
SHA1	`7bcaf4248633b1fce1e74a4fa63df81b23454eec`
SHA256	`58314861fb9ce06b34ce27d258978a323e6b70bb3a5444072adf095a4744d9bc`
SHA3	`0b43b99e70034c0a179d6497ad546d6d36e38e1815ded081d08c1db1ee4125dd`
VirtualSize	`0x11000`
VirtualAddress	`0x98b000`
SizeOfRawData	`0x6a00`
PointerToRawData	`0x9b600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.97506`

.rsrc

MD5	`986b1584683789bd5ca3d3a1e60a5be2`
SHA1	`16b075b81aff3d1cad7399c219e698fbd82dcc07`
SHA256	`bc7ef73fd3f26f611fd362e3c6e009da7f69a51c1f6bac4a4a5815dfa7097674`
SHA3	`ad55f9a51883e63a5c7dbc4574b4a4ed40e9fa50ebbd68aaac8f9af98dcbbf6f`
VirtualSize	`0x1000`
VirtualAddress	`0x99c000`
SizeOfRawData	`0x600`
PointerToRawData	`0xa2000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.06`

Section_7

MD5	`8d17cc312d7632d479ad84c0b2c72ba7`
SHA1	`41e79c85ce3c3c319b626dcb8738d94584811a53`
SHA256	`6913f5a64903dfad1084380e92ba37bc232ff42433eedfa14af43061cad3d8ee`
SHA3	`7c6ea469a3c6a12dccd2e6b0cade17b6d7fb2846fe2d97502dd3a397df2d2a6a`
VirtualSize	`0x82e000`
VirtualAddress	`0x99d000`
SizeOfRawData	`0x34000`
PointerToRawData	`0xa2600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99852`

.data

MD5	`3da548528d822e40d0052832bb940adf`
SHA1	`79735d691e6e92789ab49fd790cfbac0a5816b51`
SHA256	`0a124f90a3372f32362079809c86500803fc05caaba65f43dd7111d421b4674a`
SHA3	`f95d6070826342bc1367e64b441727e2852a70ee1f49d52fdf58c0884f9901c6`
VirtualSize	`0x237000`
VirtualAddress	`0x11cb000`
SizeOfRawData	`0x236c00`
PointerToRawData	`0xd6600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.98082`

Imports

kernel32.dll	`GetModuleHandleA` `GetProcAddress` `ExitProcess` `LoadLibraryA`
user32.dll	`MessageBoxA`
advapi32.dll	`RegCloseKey`
oleaut32.dll	`SysFreeString`
gdi32.dll	`CreateFontA`
shell32.dll	`ShellExecuteA`
version.dll	`GetFileVersionInfoA`
ole32.dll	`CoInitializeSecurity`
MSVCP100.dll	`?_Xlength_error@std@@YAXPBD@Z`
SHLWAPI.dll	`StrStrIA`
WS2_32.dll	`recv`
IPHLPAPI.DLL	`GetAdaptersInfo`
PSAPI.DLL	`EnumProcessModules`
WININET.dll	`InternetGetConnectedState`
MSVCR100.dll	`wcstombs`
WLDAP32.dll	`#143`
CRYPT32.dll	`CertFreeCertificateContext`
Normaliz.dll	`IdnToAscii`

Delayed Imports

Init

Ordinal	`1`
Address	`0x4360`

103

Type	`RT_BITMAP`
Language	Portuguese - Brazil
Codepage	Latin 1 / Western European
Size	`0x23b5e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99867`
MD5	`c2a9a74d1817a040f63dff720ba6417d`
SHA1	`8f91577542fdef2ea095985f78780158882112f4`
SHA256	`b4888ae349e564939ad773495ed80f1d09f47d62e85367072b9b04a956cba672`
SHA3	`a7b7f15171bdefebae0819b8d3ebaeb58c89a94ee34654b13cf08b6eaf44778c`
Preview

105

Type	`RT_BITMAP`
Language	Portuguese - Brazil
Codepage	Latin 1 / Western European
Size	`0x23b5e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99883`
MD5	`1cbfe48f11f100293e741046fe55523d`
SHA1	`91ffa04a4ef8426f04025fca0e0ee31793f93cd2`
SHA256	`7377f79e0750f7ee9ea0b5ce44aeb2a9ede595f9143413d3801a0fd08d43bf36`
SHA3	`395389a3d4182a888b7dda4f59ac2f0a215eff3b0444997da035354c07414025`
Preview

106

Type	`RT_BITMAP`
Language	Portuguese - Brazil
Codepage	Latin 1 / Western European
Size	`0x23b5e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98796`
MD5	`756ced225b94250072ffe599b143aff5`
SHA1	`6ba1a305357d0f47645c00ff44c4194278055423`
SHA256	`783a70eeaa598c58ac37b58775b8c40684a71dae2f77a786bf369718f8def5b6`
SHA3	`438d207d7381ea6ed75b434041610b79696022d2c5e64897b2c61a09fdf9f2ed`
Preview

1

Type	`RT_VERSION`
Language	Portuguese - Brazil
Codepage	Latin 1 / Western European
Size	`0x344`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39643`
MD5	`e476aa1671ef7b328670348fb5b61251`
SHA1	`e51c7e7a9bb238a270544fadac8f350876439c8c`
SHA256	`75cc9a4519fed0626e707960df9cce38d9667e87fe72b50b94142b2b1ae40cdb`
SHA3	`c5f019ae01b48261dfae0833694680b784f97fea89526c0fadf4e8efe0e9a258`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x15a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.79597`
MD5	`24d3b502e1846356b0263f945ddd5529`
SHA1	`bac45b86a9c48fc3756a46809c101570d349737d`
SHA256	`49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e`
SHA3	`1244ed60820da52dc4b53880ec48e3b587dbdbd9545f01fa2b1c0fcfea1d5e9e`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	6.0.6.0
ProductVersion	6.0.6.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	http://bladeknight109.com
FileDescription	Client
FileVersion (#2)	6.0.6.0
InternalName	Client
LegalCopyright	Copyright Â© 2022 by BladeKnight109
LegalTrademarks	Trademarks Â® 2022 BladeKnight109
OriginalFilename	Client.dll
ProductName	Client
ProductVersion (#2)	6.0.6.0

Resource LangID	Portuguese - Brazil

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x7869c4aa`
Unmarked objects	`0`
152 (20115)	`12`
ASM objects (VS2010 SP1 build 40219)	`10`
C objects (VS2010 SP1 build 40219)	`129`
Imports (VS2012 build 50727 / VS2005 build 50727)	`2`
C++ objects (VS2010 build 30319)	`5`
Imports (VS2010 SP1 build 40219)	`4`
C++ objects (VS2010 SP1 build 40219)	`11`
C objects (VS2008 SP1 build 30729)	`2`
Imports (VS2008 SP1 build 30729)	`47`
Total imports	`563`
175 (VS2010 SP1 build 40219)	`296`
Exports (VS2010 SP1 build 40219)	`1`
Resource objects (VS2010 SP1 build 40219)	`1`
Linker (VS2010 SP1 build 40219)	`1`

Errors

Leave a comment

No comments yet.