Manalyze report for 74eb01aaa62ab567610e0a94033b094e19e471eaabd43956aaac3ba307d132f8

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Jun-19 16:46:03
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	Interesting strings found in the binary:	`Contains domain names: eador.com`
Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress` `Possibly launches other programs: ShellExecuteW`
Suspicious	VirusTotal score: 2/69 (Scanned on 2026-06-19 18:24:10)	`APEX: Malicious` `Sophos: Generic ML PUA (PUA)`

Hashes

MD5	`f0dabdb6ca753c7f78d918e02f62a343`
SHA1	`2f8a8070bc88b3caaa3dc82b59836dd02d261fdd`
SHA256	`74eb01aaa62ab567610e0a94033b094e19e471eaabd43956aaac3ba307d132f8`
SHA3	`9ab6c17593f65806370a5614034877026a713f0545ad0baf79771fee082fb5e1`
SSDeep	`49152:tCSuEgF2kuhYKQfTJ8bmv6xi6E2Dlr6K6rFkW:AXH2AfTJmm6xi6E2DN6K6rFk`
Imports Hash	`dfc2c23fbfa2d74312305eea234ad751`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2026-Jun-19 16:46:03
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x176600`
SizeOfInitializedData	`0xad200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000631E (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x178000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x228000`
SizeOfHeaders	`0x400`
Checksum	`0x1b6913`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f7726c59005296e544a7b3ec93b32ff0`
SHA1	`d1b6eef99e6e8e588189107b3edb09a708f18c85`
SHA256	`4da6b152a5bcfb74a4ed48b71fb629542eee185c6c2b8b34157673ae8253e4e2`
SHA3	`45cfc3a4ee8dfb2639c20edefd83b2382dff280f3ae95895f7adcf1ef0f11758`
VirtualSize	`0x176585`
VirtualAddress	`0x1000`
SizeOfRawData	`0x176600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.46185`

.rdata

MD5	`6ebf699918b17099999d808f734e2c14`
SHA1	`335519899e99791b22a45dafd0101936e8963f24`
SHA256	`1c08133758abb1559c92274b7569402c75e7b0e4ebcf4c5c048e237907d5f11e`
SHA3	`b91fb8495a7ff7bb518cf88df447bf5c10ecb44f2a528d2613a8af18e9237d4e`
VirtualSize	`0x17020`
VirtualAddress	`0x178000`
SizeOfRawData	`0x17200`
PointerToRawData	`0x176a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.60325`

.data

MD5	`36e63caeb3c6a47d5ca61d64a55ae06d`
SHA1	`f4c240857304807d2afb8c40ce69328d1843bdb1`
SHA256	`e391e094f5335541d5bf87f6419d3852c769219a922f07b21a1240c250c3d77c`
SHA3	`16518abd70a0fdaecf1bc9096c7577dcd473165bb7747e8a649597f1d67d8979`
VirtualSize	`0x951ec`
VirtualAddress	`0x190000`
SizeOfRawData	`0x26200`
PointerToRawData	`0x18dc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.143656`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x80`
VirtualAddress	`0x226000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1b3e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`884b41931884b67229e4cdbc0500cc21`
SHA1	`4ccf39d9722e9d4e3509394e59d6c6bd4acb9ae5`
SHA256	`b047b171ea15ca3105ed9f84767e8bd80bac155b2cf18ba73e9c868b16932c61`
SHA3	`3cacc46f365ca40847de451f3fae12179fc352f6e79a21f639b33acce1f5a0a6`
VirtualSize	`0xb50`
VirtualAddress	`0x227000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x1b4000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.60746`

Imports

alogg.dll	`alogg_adjust_ogg` `alogg_destroy_ogg` `alogg_poll_ogg` `alogg_stop_ogg` `alogg_create_ogg_from_buffer` `alogg_play_ex_ogg` `alogg_get_length_msecs_ogg`
alleg43.dll	`#533` `#222` `#655` `#657` `#753` `#562` `#843` `#624` `#889` `#694` `#746` `#452` `#844` `#411` `#445` `#460` `#749` `#649` `#104` `#103` `#731` `#662` `#105` `#653` `#823` `#459` `#176` `#181` `#179` `#796` `#690` `#540` `#21` `#792` `#818` `#781` `#504` `#509` `#512` `#566` `#507` `#949` `#514` `#800` `#297` `#261` `#645` `#640` `#854` `#651` `#706` `#709` `#747` `#550` `#208` `#591` `#816` `#622` `#264` `#619` `#807` `#857` `#620` `#614` `#680` `#221` `#582` `#299` `#304` `#192` `#856` `#679` `#764`
KERNEL32.dll	`QueryPerformanceCounter` `WideCharToMultiByte` `DecodePointer` `EncodePointer` `DeleteCriticalSection` `InitializeCriticalSectionEx` `LeaveCriticalSection` `EnterCriticalSection` `InitializeSListHead` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `SetEndOfFile` `WriteConsoleW` `CreateFileW` `HeapSize` `HeapReAlloc` `SetStdHandle` `GetProcessHeap` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCommandLineW` `GetCommandLineA` `GetOEMCP` `GetACP` `IsValidCodePage` `FindNextFileW` `FindFirstFileExW` `FindClose` `ReadConsoleW` `ReadFile` `EnumSystemLocalesW` `GetUserDefaultLCID` `IsValidLocale` `GetLocaleInfoW` `LCMapStringW` `VirtualProtect` `FlsFree` `FlsSetValue` `FlsGetValue` `FlsAlloc` `CloseHandle` `GetConsoleMode` `GetConsoleOutputCP` `FlushFileBuffers` `SetFilePointerEx` `GetFileSizeEx` `GetFileType` `HeapAlloc` `HeapFree` `WriteFile` `GetStdHandle` `GetModuleFileNameW` `GetModuleHandleExW` `ExitProcess` `LoadLibraryExW` `GetProcAddress` `FreeLibrary` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `InitializeCriticalSectionAndSpinCount` `SetLastError` `GetLastError` `RaiseException` `RtlUnwind` `GetCPInfo` `MultiByteToWideChar` `Sleep` `CopyFileW` `GetCurrentProcessId` `GetModuleHandleW` `GetStartupInfoW` `IsDebuggerPresent` `GetStringTypeW` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `LCMapStringEx`
SHELL32.dll	`ShellExecuteW`
VCOMP140.DLL	`_vcomp_set_num_threads` `_vcomp_atomic_add_i4` `_vcomp_barrier` `_vcomp_enter_critsect` `_vcomp_for_dynamic_init` `_vcomp_for_dynamic_next` `_vcomp_for_static_end` `_vcomp_for_static_init` `_vcomp_for_static_simple_init` `_vcomp_fork` `_vcomp_leave_critsect` `_vcomp_master_begin` `_vcomp_master_end` `_vcomp_reduction_r8` `omp_get_thread_num`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.46679`
MD5	`a419cbc51f63014cdfb18e7f914fa053`
SHA1	`e1378d4dd60ea6d07bd6b51e6eecbc1888be6ceb`
SHA256	`db836073a9331f349f26b81020d7437ce64a662207ca50dd83ef03df83f0c310`
SHA3	`112e0545786cd77074b98196d8e08af0d7db4b20135f6bd3dab1dbb4f86a8487`

ALLEGRO_ICON

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.81924`
Detected Filetype	Icon file
MD5	`cbee427fa121aba9b9b265ff05de5383`
SHA1	`24fcae33001c8e0f5ec795c6edf076a69d59589f`
SHA256	`494e4fd717fa1ee0c5c7bb3b4e28fdab4b7f6e95b4f9865f5ab86f03f62ae62c`
SHA3	`a3fa35d56632275ba55716a4964f02031270f61f06a903fc460ac2dd6bebde85`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Jun-19 16:46:03
Version	`0.0`
SizeofData	`872`
AddressOfRawData	`0x18a9ac`
PointerToRawData	`0x1893ac`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2026-Jun-19 16:46:03
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0xc0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x590040`
SEHandlerTable	`0x58a5f4`
SEHandlerCount	`176`

RICH Header

XOR Key	`0x9d68a5ed`
Unmarked objects	`0`
ASM objects (33145)	`21`
C++ objects (33145)	`176`
C objects (33145)	`25`
Imports (35207)	`2`
ASM objects (35207)	`23`
C objects (35207)	`17`
C++ objects (35207)	`81`
Imports (33145)	`4`
Imports (VS2012 build 50727 / VS2005 build 50727)	`5`
Total imports	`195`
C++ objects (LTCG) (35222)	`28`
Resource objects (35222)	`1`
151	`1`
Linker (35222)	`1`

Errors

Leave a comment

No comments yet.