Manalyze report for 6d38749981bad9deed1d5afcc202beebb9da21c7242dca2dcf7fda8ac26c029f

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Mar-10 11:22:22

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: GetTempPathW CreateFileW` `Functions related to the privilege level: OpenProcessToken` `Enumerates local disk drives: GetDriveTypeW`
Suspicious	The file contains overlay data.	`8377366 bytes of data starting at offset 0x65000.` `The overlay data has an entropy of 7.9984 and is possibly compressed or encrypted.` `Overlay data amounts for 95.2941% of the executable.`
Malicious	VirusTotal score: 5/69 (Scanned on 2026-03-16 17:57:02)	`APEX: Malicious` `CrowdStrike: win/malicious_confidence_90% (D)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `SentinelOne: Static AI - Suspicious PE`

Hashes

MD5	`2455e4c245eaf0febab8d64e792adb3a`
SHA1	`cff7672068fab226ea39028b87c8376897835f73`
SHA256	`6d38749981bad9deed1d5afcc202beebb9da21c7242dca2dcf7fda8ac26c029f`
SHA3	`8bdbf52fd541c2e3b15c625b6389669e9d2cb9c1af56d338742a3de45d230f02`
SSDeep	`196608:hafhwgtbW897G+x7eovq5XMP6PzFcsAHsoqBbkjj0sFE:+N1Fdq1B7LAHsoqBbQj0CE`
Imports Hash	`dcaf48c1f10b0efa0a4472200f3850ed`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2026-Mar-10 11:22:22
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x2c600`
SizeOfInitializedData	`0x38600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000000DFA0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x6e000`
SizeOfHeaders	`0x400`
Checksum	`0x86d5c1`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x1e8480`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`fe1a4732883ce431166d66ecb765b28e`
SHA1	`2110e916aac8ceca0aff8fac71279a4404d1204b`
SHA256	`bf1ad991c2350ab9408ca71f2c82d95b410b3b5a8c323514ea841adcf9478194`
SHA3	`685b4b9bb824ff236223b93263bf11304f1f36249fbd6f937dca11891c9386a1`
VirtualSize	`0x2c470`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2c600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.46276`

.rdata

MD5	`a03f4a371f6b844ddeff12e941197773`
SHA1	`3e87ed90455ad2b495d8f28f5b7d6aba118a7dc7`
SHA256	`10d745e0f1763c2dbf8577d84755c56d7183b48464c5c6fa24a41825b65a2f64`
SHA3	`f403fa96198842ed61fa988007d873fbda8a658b6d4cb219da6063726b4b0a09`
VirtualSize	`0x13b78`
VirtualAddress	`0x2e000`
SizeOfRawData	`0x13c00`
PointerToRawData	`0x2ca00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.75512`

.data

MD5	`480ab7be9be730afcebb349cd1d2328a`
SHA1	`ded45b1e3b731c13795e36c5d7e8f3dac03f9634`
SHA256	`5bf16564eab136ff8a49b29867918b49a778978cd4c5acf2fb5ccdd19340831c`
SHA3	`665776fd9e8a604af79a90d67204a109fae9ce0d6a01405a4d85231867f7a494`
VirtualSize	`0x50b0`
VirtualAddress	`0x42000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x40600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.8161`

.pdata

MD5	`181207c9744a54a87a1d6cff3cfa9919`
SHA1	`a670345ff2911f8f6763c1973ac4c5fd29f132a9`
SHA256	`52b9b4d42f0b332e55608f6bf5446fcb11f6f9fc4e3267b5b0e64d86b6d099f8`
SHA3	`ee1eb803cb2d9711d7b3affe83928dd572cd4d05c8211457c0f274200abc1623`
VirtualSize	`0x2424`
VirtualAddress	`0x48000`
SizeOfRawData	`0x2600`
PointerToRawData	`0x41400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.31997`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x100`
VirtualAddress	`0x4b000`
SizeOfRawData	`0x200`
PointerToRawData	`0x43a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`e075a86a3e9f127b6875eb97b170fba1`
SHA1	`15e066241ee9b6e226862c449616ce5c0d34fdd2`
SHA256	`04736711760932e18603374bb4bbbe048958af9178f753c49aac0368c923d32d`
SHA3	`8e37edce0ba659173f14006a49f57816537af191cbcec0f4233b436af1d27d46`
VirtualSize	`0x20be8`
VirtualAddress	`0x4c000`
SizeOfRawData	`0x20c00`
PointerToRawData	`0x43c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.99164`

.reloc

MD5	`2b6e08476851652d83b5fd30f90f9ad7`
SHA1	`b61504ed73820ed543f7df51e5227d17e517badb`
SHA256	`c80cd8828e3293d84bf4a1764b2d6611ca75492eef2fbf318645b9dbe3731db6`
SHA3	`403fee35fd8e088c0269d849358d33217081fa4c577a1530a25d0911ed5bcf3e`
VirtualSize	`0x774`
VirtualAddress	`0x6d000`
SizeOfRawData	`0x800`
PointerToRawData	`0x64800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.26439`

Imports

USER32.dll	`CreateWindowExW` `ShutdownBlockReasonCreate` `MsgWaitForMultipleObjects` `ShowWindow` `DestroyWindow` `RegisterClassW` `DefWindowProcW` `PeekMessageW` `DispatchMessageW` `TranslateMessage` `PostMessageW` `GetMessageW` `MessageBoxW` `MessageBoxA` `SystemParametersInfoW` `DestroyIcon` `SetWindowLongPtrW` `GetWindowLongPtrW` `GetClientRect` `InvalidateRect` `ReleaseDC` `GetDC` `DrawTextW` `GetDialogBaseUnits` `EndDialog` `DialogBoxIndirectParamW` `MoveWindow` `SendMessageW`
COMCTL32.dll	`#380`
KERNEL32.dll	`GetACP` `IsValidCodePage` `GetStringTypeW` `GetFileAttributesExW` `SetEnvironmentVariableW` `FlushFileBuffers` `LCMapStringW` `CompareStringW` `VirtualProtect` `InitializeCriticalSectionEx` `GetOEMCP` `GetCPInfo` `GetLastError` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `GetModuleHandleW` `MulDiv` `FormatMessageW` `GetModuleFileNameW` `SetDllDirectoryW` `GetEnvironmentStringsW` `SetErrorMode` `CreateDirectoryW` `GetCommandLineW` `GetEnvironmentVariableW` `ExpandEnvironmentStringsW` `DeleteFileW` `FindClose` `FindFirstFileW` `FindNextFileW` `GetDriveTypeW` `RemoveDirectoryW` `GetTempPathW` `CloseHandle` `QueryPerformanceCounter` `QueryPerformanceFrequency` `WaitForSingleObject` `Sleep` `GetCurrentProcess` `TerminateProcess` `GetExitCodeProcess` `CreateProcessW` `GetStartupInfoW` `LocalFree` `SetConsoleCtrlHandler` `K32EnumProcessModules` `K32GetModuleFileNameExW` `CreateFileW` `FindFirstFileExW` `GetFinalPathNameByHandleW` `MultiByteToWideChar` `WideCharToMultiByte` `FlsFree` `FreeEnvironmentStringsW` `GetProcessHeap` `GetTimeZoneInformation` `HeapSize` `HeapReAlloc` `WriteConsoleW` `SetEndOfFile` `CreateSymbolicLinkW` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsProcessorFeaturePresent` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `RtlUnwindEx` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `EncodePointer` `RaiseException` `RtlPcToFileHeader` `GetCommandLineA` `GetFileInformationByHandle` `GetFileType` `PeekNamedPipe` `SystemTimeToTzSpecificLocalTime` `FileTimeToSystemTime` `ReadFile` `GetFullPathNameW` `SetStdHandle` `GetStdHandle` `WriteFile` `ExitProcess` `GetModuleHandleExW` `HeapFree` `GetConsoleMode` `ReadConsoleW` `SetFilePointerEx` `GetConsoleOutputCP` `GetFileSizeEx` `HeapAlloc` `GetCurrentDirectoryW` `FlsAlloc` `FlsGetValue` `FlsSetValue`
ADVAPI32.dll	`OpenProcessToken` `GetTokenInformation` `ConvertStringSecurityDescriptorToSecurityDescriptorW` `ConvertSidToStringSidW`
GDI32.dll	`SelectObject` `DeleteObject` `CreateFontIndirectW`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2c4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.65149`
Detected Filetype	PNG graphic file
MD5	`eb3c0d3bf16b9959eeba2249f78143db`
SHA1	`1f4331fac5eb336646741f81d0e75e7e490b12a7`
SHA256	`1f2bb531744afb31b7af0871c3f1ddab3930b2f81806af72721c21a0bcd7c82a`
SHA3	`7d4a021e08a0f1a11bd46d935baca7c9b11cd4a478180898200011d35a0ac6d4`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x556`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.79479`
Detected Filetype	PNG graphic file
MD5	`6f9a1cb3bc51ef0050cd00509dbf192c`
SHA1	`8938e4d7d9a1df9428e719867dd9a50c3a427864`
SHA256	`8a2a66c5550fcbed4730c8eaf923f3c16cafad41058b1d702c09c24d3f32f985`
SHA3	`31cfeed209bcc249e6e9e115f7865b251b99b4cfb613ea4e982b887ff0572bfa`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x89a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.87069`
Detected Filetype	PNG graphic file
MD5	`bc1a50977b59eb9df795d486e23f8e3d`
SHA1	`b934c48bb46bfb5756867460de4133d334d60cb7`
SHA256	`34ce0880ba829bc2be93eb0873757530b28c337f5f9a159e5f4a599205ee6e80`
SHA3	`d51c1bebe194699532fbe198c47492afdef80d6c2bc6545b7ee970446076e192`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1170`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.94218`
Detected Filetype	PNG graphic file
MD5	`c129947d3b07ba2824fa54e9493096d6`
SHA1	`fdd450450f628e5f3267dfb823802d0615bbb474`
SHA256	`1d9ac1c9d075f2fee607ec6735f4827254460fc318fc05a593786642e514194c`
SHA3	`e6eab0703f676563950e393d36d7de81321823b078496efc38cb212f53da9ba4`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1d0a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.96263`
Detected Filetype	PNG graphic file
MD5	`b61f03a772ee1c9d5e1796dfaffed1fd`
SHA1	`27844c61160647ec28b7c311734822184cabe79e`
SHA256	`1497b89fe33ef6b2d3538af9edb57c6fc9c4a57f328f8f43d5cb97d85351191f`
SHA3	`d0264c41f028be98070e7277dcb544abd6510dd32144433cac367effc1769e0f`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x63df`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.986`
Detected Filetype	PNG graphic file
MD5	`21fa836365cc9cd4a3e874bce1d77991`
SHA1	`3713d17acab169e8b05c2e9f0c52fb5b2305db3b`
SHA256	`7b3e7f715e5cddd34207d0e422d8081ac66dcc9c1b9ad10db2f8c0f2cec282c2`
SHA3	`bb1dcff85b451a781e25cbd163ce783451ab30c5d2b6869ce7f59b26b75b5cc5`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x16153`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99337`
Detected Filetype	PNG graphic file
MD5	`e9688feb6cfde058af633b977e58ca53`
SHA1	`aa18f442b165ff25e0ab2c6d0acc32f8439c44b8`
SHA256	`b2dd73439f5197a4053a23b7d5b88972cbcf87600d45b30fcc623c5142c16349`
SHA3	`0efdd7e60ed57f0ea28af5e24d8c4a360f5920972f08f94348c581f87f52fcff`

1 (#2)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.74795`
Detected Filetype	Icon file
MD5	`f0a701083c14afa182a327fc940a61ee`
SHA1	`928310cbd82b71218f8d93ab9973b3bac1b39370`
SHA256	`5f15dd3de22fb0e03b0d1335b04929412326253371b02e400972539e627a1517`
SHA3	`31b97f56ade7fe790365a3378737537263aa3543a91d751075abc7c79f531d49`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x50d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.25791`
MD5	`84da8dee6b319ea0b10b6de5489c6aae`
SHA1	`5f8991f3e065fd95614859a293f88b9c70e4bb23`
SHA256	`abf8f2022f12f350789d961aceaf9ccfd53e7ec58d8c9934cfce77779b4eac11`
SHA3	`08f0562915b54bedce5a84e9d32cb2efcc538268785103b1852338e20a3b4606`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Mar-10 11:22:22
Version	`0.0`
SizeofData	`816`
AddressOfRawData	`0x3e178`
PointerToRawData	`0x3cb78`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140042040`
GuardCFCheckFunctionPointer	`5368898744`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x8ea371bd`
Unmarked objects	`0`
C++ objects (33145)	`183`
C objects (33145)	`12`
ASM objects (33145)	`11`
253 (35207)	`3`
ASM objects (35207)	`9`
C objects (35207)	`17`
C++ objects (35207)	`40`
Imports (33145)	`11`
Total imports	`159`
C objects (35222)	`27`
Linker (35222)	`1`

Errors

Leave a comment

No comments yet.