Manalyze report for 757c53bbf7f76a35d07d5737510418433a98bcddc536c361426dd45a46cb5226

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-Apr-23 08:17:57
TLS Callbacks	1 callback(s) detected.
Debug artifacts	attack_01_dll_injection.pdb

Plugin Output

Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Code injection capabilities: CreateRemoteThread OpenProcess WriteProcessMemory VirtualAllocEx` `Manipulates other processes: OpenProcess Process32FirstW Process32NextW WriteProcessMemory`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`aa4f490dcede7348d99c75cc4c809a32`
SHA1	`372d7c235e0c6a4f09b060bc37c2282a69a900a3`
SHA256	`757c53bbf7f76a35d07d5737510418433a98bcddc536c361426dd45a46cb5226`
SHA3	`f850d4692ffff77414f4e4f1984a7573212068097465e108585b1efe5a744c0d`
SSDeep	`6144:nYrS+4kcMj2uEnA8Z4444444Si444444444444444444G44h7/0:g4WaL4444444Si44444444444444444`
Imports Hash	`b6559027b25a32f3401b7d78a7c6a5be`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`5`
TimeDateStamp	2026-Apr-23 08:17:57
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x21a00`
SizeOfInitializedData	`0xfe00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000020AB0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x35000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`68e9932e98d3c6770be8aa5fc25260c9`
SHA1	`0b30a65d60836d3b29987d7ecc8542c1319e8b80`
SHA256	`109aa9896eb8e15afea01cda67ca6967ac88c481939dfafac3646a6a9436f956`
SHA3	`5c578ee9ac59c4d0ce2560baa9a19ff117815e44f59e698d028a80eb02e1705e`
VirtualSize	`0x21984`
VirtualAddress	`0x1000`
SizeOfRawData	`0x21a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.28895`

.rdata

MD5	`4a59282a1cef02b196c16084e849be0c`
SHA1	`5828b341e609f5e06891a461687c1b3d7c19d1ba`
SHA256	`b20e4ea70762073bce7e31c6acb7f77ad672cd97dfb660805524d94bea28523c`
SHA3	`68a2f7ad025ae090ff441291efe73bc8f9d5cbe99da9a384da9b489389e77fc9`
VirtualSize	`0xd5c2`
VirtualAddress	`0x23000`
SizeOfRawData	`0xd600`
PointerToRawData	`0x21e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.46292`

.data

MD5	`c1375f41974958f03331af1eb00f4d3a`
SHA1	`d196f88df1baf294edf09db642100334e6a6958b`
SHA256	`58409ce4a72d38eb3644ad6e6e505d8f2106f2609e3bdcb9cfd13fdb01b6a474`
SHA3	`84541b11df43e6c23ca7db25e8b1d7d1f3281b41dc604c6250b1bbcd1eb0a3e8`
VirtualSize	`0x300`
VirtualAddress	`0x31000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2f400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.66541`

.pdata

MD5	`28280d9c5ff77303619c264797f36c69`
SHA1	`6c4180c2fa78f14e442d66a6a31120235c9065b5`
SHA256	`26b85ff2919a79196ef4cb33bebfc51e8f9f650d815f9dac3641ed9ccd57f343`
SHA3	`78c9a76caeb2a792eaa5c560452c35906f4c37b720b90177c93f6e7a5b38916e`
VirtualSize	`0x1e30`
VirtualAddress	`0x32000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x2f600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.11554`

.reloc

MD5	`6134fe769cdcd14912cdf54af2b6b1a8`
SHA1	`ab4d56e0e61c9c5bb6a3dc1d332ac8056d423148`
SHA256	`f297793142ba53cb0af37dc101428b8362951367af2fd64180b6442e1a9772c7`
SHA3	`d7efcfe70718ca07c07c05b5fcbc41e997880d63cfb5565dcf8ae0abcdf3ee92`
VirtualSize	`0x348`
VirtualAddress	`0x34000`
SizeOfRawData	`0x400`
PointerToRawData	`0x31600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.82299`

Imports

kernel32.dll	`GetLastError` `GetModuleHandleW` `IsProcessorFeaturePresent` `IsDebuggerPresent` `GetProcAddress` `CreateRemoteThread` `WaitForSingleObject` `OpenProcess` `CreateToolhelp32Snapshot` `Process32FirstW` `Process32NextW` `WriteProcessMemory` `VirtualAllocEx` `CloseHandle` `VirtualFreeEx` `GetSystemTimeAsFileTime`
api-ms-win-core-synch-l1-2-0.dll	`WakeByAddressAll` `WakeByAddressSingle` `WaitOnAddress`
KERNEL32.dll	`UnhandledExceptionFilter` `InitializeSListHead` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `GetCurrentThreadId` `QueryPerformanceCounter` `SetUnhandledExceptionFilter` `GetProcessHeap` `HeapFree` `HeapReAlloc` `lstrlenW` `GetCurrentProcess` `WideCharToMultiByte` `WaitForSingleObjectEx` `LoadLibraryA` `GetCurrentProcessId` `CreateMutexA` `ReleaseMutex` `SetFileInformationByHandle` `AddVectoredExceptionHandler` `SetThreadStackGuarantee` `GetCurrentThread` `SetLastError` `GetCurrentDirectoryW` `GetEnvironmentVariableW` `GetCommandLineW` `CreateFileW` `GetFinalPathNameByHandleW` `GetConsoleMode` `GetFullPathNameW` `GetModuleHandleA` `GetModuleFileNameW` `FormatMessageW` `HeapAlloc` `MultiByteToWideChar` `WriteConsoleW` `GetStdHandle` `GetConsoleOutputCP` `CreateWaitableTimerExW` `SetWaitableTimer` `Sleep`
ntdll.dll	`RtlNtStatusToDosError` `NtWriteFile`
VCRUNTIME140.dll	`__current_exception` `__C_specific_handler` `_CxxThrowException` `memcmp` `memmove` `memcpy` `__CxxFrameHandler3` `memset` `__current_exception_context`
api-ms-win-crt-runtime-l1-1-0.dll	`__p___argc` `_crt_atexit` `exit` `terminate` `_initterm_e` `_register_onexit_function` `_c_exit` `_initialize_onexit_table` `__p___argv` `_initterm` `_register_thread_local_exe_atexit_callback` `_get_initial_narrow_environment` `_seh_filter_exe` `_set_app_type` `_exit` `_configure_narrow_argv` `_initialize_narrow_environment` `_cexit`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-stdio-l1-1-0.dll	`_set_fmode` `__p__commode`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-heap-l1-1-0.dll	`free` `_set_new_mode`

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Apr-23 08:17:57
Version	`0.0`
SizeofData	`52`
AddressOfRawData	`0x2a8fc`
PointerToRawData	`0x296fc`
Referenced File	attack_01_dll_injection.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Apr-23 08:17:57
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x2a930`
PointerToRawData	`0x29730`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Apr-23 08:17:57
Version	`0.0`
SizeofData	`816`
AddressOfRawData	`0x2a944`
PointerToRawData	`0x29744`

TLS Callbacks

StartAddressOfRawData	`0x14002ac98`
EndAddressOfRawData	`0x14002acf0`
AddressOfIndex	`0x140031268`
AddressOfCallbacks	`0x1400233c8`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`0x000000014000CB90`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140031100`

RICH Header

XOR Key	`0x9d8e0c72`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`12`
Imports (35207)	`2`
ASM objects (35207)	`3`
C objects (35207)	`9`
C++ objects (35207)	`23`
Imports (33145)	`9`
Total imports	`190`
Unmarked objects (#2)	`90`
Linker (35222)	`1`

Errors

Leave a comment

No comments yet.