Manalyze report for 796186c9aa6b73a45896f0bb1208492709def379e6f77438e436ed8aa6417706

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Mar-24 16:04:09
Detected languages	English - United States
Debug artifacts	C:\Users\erenk\Desktop\melwez\exeler\CraftRise.pdb
CompanyName	CraftRise Launcher
FileDescription	CraftRise
FileVersion	`1.0.0.1`
InternalName	CraftRise Launcher
LegalCopyright	craftrise-copyright
OriginalFilename	CraftRise Launcher.exe
ProductName	CraftRise Launcher
ProductVersion	`1.0.0.1`

Plugin Output

Info	Interesting strings found in the binary:	Contains domain names: adobe.com apache.org github.com http://ns.adobe.com http://ns.adobe.com/photoshop/1.0/ http://ns.adobe.com/xap/1.0/ http://ns.adobe.com/xap/1.0/mm/ http://ns.adobe.com/xap/1.0/sType/ResourceEvent# http://purl.org http://www.apache.org http://www.apache.org/licenses/LICENSE-2.0 http://www.fontdiner.comLicensed http://www.w3.org http://www.w3.org/1999/02/22-rdf-syntax-ns# https://github.com https://openfontlicense.orgGoogle.comChristian https://openfontlicense.orgThis ns.adobe.com www.apache.org www.w3.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowA` `Possibly launches other programs: WinExec system` `Uses functions commonly found in keyloggers: GetAsyncKeyState GetForegroundWindow` `Manipulates other processes: Process32First WriteProcessMemory OpenProcess Process32Next ReadProcessMemory` `Can take screenshots: FindWindowA GetDC CreateCompatibleDC BitBlt` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`34b8f6e72224e9516e09555dea668b22`
SHA1	`6c3d9796300cd4949a1effadf1ce6f3ba3a656b9`
SHA256	`796186c9aa6b73a45896f0bb1208492709def379e6f77438e436ed8aa6417706`
SHA3	`103d23315fc407b33df763873fe3bb704f5a262099dce8a981eb05eb97ae5b50`
SSDeep	`24576:xRm4/lJA3E78vbTEEbk/FWo1nRKnfHYepoZmqOcEVxke3ut:jm4fA3EAvbTEEbkNWenRzeuQVWI0`
Imports Hash	`115d4f086d3af77d53aac430f029a918`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2026-Mar-24 16:04:09
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x9ba00`
SizeOfInitializedData	`0xd6a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000948E0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x176000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`5b77248289f90c7f5f1ff5967ddb158b`
SHA1	`cc9b926ed40578eebbc1d7447cce4441c262181e`
SHA256	`dbad0e5e00254661c320f3e10abb0291a4102bafd900801f61f13c39c700cd62`
SHA3	`b33d65f45bd16c0ef3ef554473ea4b4cdf062a4d40935ae5f38197b0c6f69397`
VirtualSize	`0x9b9bc`
VirtualAddress	`0x1000`
SizeOfRawData	`0x9ba00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.46711`

.rdata

MD5	`7e6b87de77d58dcdf63e0eb8b0f8dc67`
SHA1	`ca4db0eb58795c73602015bd3f7069afa212ee4b`
SHA256	`71ddd9a415dfa3deb1b7f017105b4ccaf7d24ceb51e47e9df7182bcc58d14ef7`
SHA3	`76cb0079f777b1d3ca4a026c4682457f388f7c0f714942d656221d7af11e92ff`
VirtualSize	`0x1d10c`
VirtualAddress	`0x9d000`
SizeOfRawData	`0x1d200`
PointerToRawData	`0x9be00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.91056`

.data

MD5	`28275ea8acc20a5704e1467ef96d022e`
SHA1	`f7562fc4d478ac61ba22b9490ff63be5a34a0400`
SHA256	`c4cc53d1705e4f0d8daae51fae8d16b2a52775e14a5549868b6acbfbd9842603`
SHA3	`bbbf046025b8f3ee02f19d1b7f77ae1b713f508f86b6134312039539acab9e8e`
VirtualSize	`0xb2c08`
VirtualAddress	`0xbb000`
SizeOfRawData	`0xb1a00`
PointerToRawData	`0xb9000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.21961`

.pdata

MD5	`aef2757dd6d964457be0a48fee779fbf`
SHA1	`64a009d92f6e44c29d7b74e78dad506b5e26db6c`
SHA256	`bd32b1057f1ed82ecef45fad3c14b55eb91c672732e5ccbd1dd7c64a940ae397`
SHA3	`fd8eb762213be8fe25f531f3f30b48c8d5b28f88423a9b80f385a2c956d6d7fd`
VirtualSize	`0x59dc`
VirtualAddress	`0x16e000`
SizeOfRawData	`0x5a00`
PointerToRawData	`0x16aa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.9727`

.rsrc

MD5	`79878a314e04214666a11369eee0022b`
SHA1	`a6258cb78b95a30f39694da6d2092b803f7d199f`
SHA256	`4e2f18358b8f71e05251185f89275b381b7b9ce70e3ded6ba576bff61618197b`
SHA3	`2f7ded0197a4ea8114fa0f900fc5e295687ebeb219b07b17197210c3fb8045f7`
VirtualSize	`0x528`
VirtualAddress	`0x174000`
SizeOfRawData	`0x600`
PointerToRawData	`0x170400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.70415`

.reloc

MD5	`bc65a1473ccb8582578c30a3055477d7`
SHA1	`51ca00e2a739582e038084581e9c0194b7ba028e`
SHA256	`bb546c464cab8883dcfbe77e041cdbfd82ca5519961e994a4f504a428f3805e3`
SHA3	`f7c1d017a84dc9a667dc4ed00740950360047aec50849060b40a494c73ab9a1b`
VirtualSize	`0x8b4`
VirtualAddress	`0x175000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x170a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.08525`

Imports

ntdll.dll	`VerSetConditionMask`
ADVAPI32.dll	`GetUserNameA`
api-ms-win-shcore-scaling-l1-1-1.dll	`SetProcessDpiAwareness`
gdiplus.dll	`GdipSaveImageToFile` `GdipFree` `GdipDisposeImage` `GdipCreateBitmapFromHBITMAP` `GdiplusStartup` `GdiplusShutdown` `GdipCloneImage` `GdipAlloc`
d3d11.dll	`D3D11CreateDeviceAndSwapChain`
d3dx11_43.dll	`D3DX11CreateShaderResourceViewFromMemory`
KERNEL32.dll	`MultiByteToWideChar` `GlobalAlloc` `GlobalFree` `GlobalLock` `WideCharToMultiByte` `GlobalUnlock` `GetModuleHandleA` `LoadLibraryA` `QueryPerformanceFrequency` `GetProcAddress` `FreeLibrary` `QueryPerformanceCounter` `CreateMutexA` `Sleep` `GetLastError` `DeleteFileW` `CloseHandle` `WinExec` `GetComputerNameA` `Process32First` `WriteProcessMemory` `FindFirstFileA` `SetConsoleTextAttribute` `GetStdHandle` `Module32Next` `FindNextFileA` `FindClose` `Module32First` `OpenProcess` `CreateToolhelp32Snapshot` `GetTempPathA` `QueryFullProcessImageNameA` `DeleteFileA` `Process32Next` `FreeConsole` `Beep` `RemoveDirectoryA` `ExitProcess` `ReadProcessMemory` `GetCurrentProcessId` `GetCurrentThreadId` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `WakeAllConditionVariable` `SleepConditionVariableSRW` `SetUnhandledExceptionFilter` `GetStartupInfoW` `GetModuleHandleW` `GetSystemTimeAsFileTime` `InitializeSListHead` `GetFileInformationByHandleEx` `AreFileApisANSI` `CreateFile2` `GetFileAttributesExW` `FindNextFileW` `FindFirstFileExW` `FindFirstFileW` `GetLocaleInfoEx` `FormatMessageA` `LocalFree` `TryAcquireSRWLockExclusive` `GetSystemTimePreciseAsFileTime` `LCMapStringEx` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionEx` `DeleteCriticalSection` `EncodePointer` `DecodePointer` `CompareStringEx` `GetCPInfo`
USER32.dll	`DispatchMessageA` `SetProcessDpiAwarenessContext` `MonitorFromPoint` `GetWindowThreadProcessId` `ShowWindow` `DestroyWindow` `GetAsyncKeyState` `SetWindowLongA` `SetWindowDisplayAffinity` `DefWindowProcA` `CreateWindowExA` `SetWindowPos` `IsWindow` `RegisterClassExA` `UpdateWindow` `GetSystemMetrics` `SetLayeredWindowAttributes` `TranslateMessage` `mouse_event` `LoadIconA` `PeekMessageA` `UnregisterClassA` `PostQuitMessage` `FindWindowA` `GetKeyState` `LoadCursorA` `GetDC` `ScreenToClient` `GetCapture` `ClientToScreen` `TrackMouseEvent` `GetForegroundWindow` `SetCapture` `SetCursor` `GetClientRect` `SetProcessDPIAware` `IsWindowUnicode` `ReleaseCapture` `SetCursorPos` `ReleaseDC` `GetCursorPos` `OpenClipboard` `CloseClipboard` `EmptyClipboard` `GetClipboardData` `SetClipboardData`
GDI32.dll	`GetDeviceCaps` `DeleteDC` `CreateCompatibleDC` `SelectObject` `CreateCompatibleBitmap` `BitBlt` `DeleteObject`
SHELL32.dll	`SHGetFolderPathA`
ole32.dll	`CLSIDFromString`
IMM32.dll	`ImmSetCompositionWindow` `ImmGetContext` `ImmReleaseContext` `ImmSetCandidateWindow`
D3DCOMPILER_47.dll	`D3DCompile`
dwmapi.dll	`DwmExtendFrameIntoClientArea`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`__std_terminate` `_purecall` `__std_type_info_compare` `__uncaught_exceptions` `memmove` `memchr` `memcpy` `memcmp` `memset` `_CxxThrowException` `__C_specific_handler` `strchr` `__current_exception_context` `__current_exception` `__std_exception_copy` `__RTtypeid` `__std_exception_destroy` `strstr`
api-ms-win-crt-stdio-l1-1-0.dll	`__stdio_common_vsscanf` `fread` `_wfsopen` `__stdio_common_vsprintf` `__stdio_common_vsprintf_s` `fgetc` `ftell` `__acrt_iob_func` `fflush` `fclose` `fseek` `fgetpos` `setvbuf` `__stdio_common_vfprintf` `ungetc` `fwrite` `fsetpos` `_wfopen` `fputc` `_fseeki64` `__p__commode` `_set_fmode` `_get_stream_buffer_pointers`
api-ms-win-crt-utility-l1-1-0.dll	`rand` `qsort`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `realloc` `_callnewh` `calloc` `free` `malloc`
api-ms-win-crt-string-l1-1-0.dll	`_wcsdup` `islower` `isupper` `strcmp` `strlen` `tolower` `strncmp` `strncpy` `__strncnt` `strcpy_s` `wcslen`
api-ms-win-crt-convert-l1-1-0.dll	`atoi`
api-ms-win-crt-runtime-l1-1-0.dll	`_exit` `_c_exit` `_register_thread_local_exe_atexit_callback` `exit` `_initterm_e` `_initterm` `_get_narrow_winmain_command_line` `abort` `_set_app_type` `_cexit` `_crt_atexit` `_register_onexit_function` `_initialize_onexit_table` `_initialize_narrow_environment` `_errno` `_configure_narrow_argv` `system` `_beginthreadex` `terminate` `_seh_filter_exe`
api-ms-win-crt-time-l1-1-0.dll	`_localtime64_s` `strftime` `_time64`
api-ms-win-crt-filesystem-l1-1-0.dll	`_unlock_file` `_lock_file`
api-ms-win-crt-locale-l1-1-0.dll	`setlocale` `__pctype_func` `_lock_locales` `___lc_collate_cp_func` `___lc_locale_name_func` `_configthreadlocale` `___lc_codepage_func` `_unlock_locales`
api-ms-win-crt-math-l1-1-0.dll	`cosf` `ceilf` `sqrtf` `sinf` `powf` `fmodf` `__setusermatherr` `acosf` `logf`
api-ms-win-crt-environment-l1-1-0.dll	`getenv`

Delayed Imports

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2fc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.27885`
MD5	`489378be69ae9ceef4bbede61842b9e0`
SHA1	`d5bdb7caef73aaf8fe1bd17bb0e4639562cfd8fc`
SHA256	`b98e2bebd899bdfeefe9105e2e44df5df84067cc20fc49f2212220ec315d1e71`
SHA3	`97587fc199785d00a57dabd5b3d35fd24763e99cb6fa68380b2f6c64704f8fb8`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.1
ProductVersion	1.0.0.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	CraftRise Launcher
FileDescription	CraftRise
FileVersion (#2)	1.0.0.1
InternalName	CraftRise Launcher
LegalCopyright	craftrise-copyright
OriginalFilename	CraftRise Launcher.exe
ProductName	CraftRise Launcher
ProductVersion (#2)	1.0.0.1

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Mar-24 16:04:09
Version	`0.0`
SizeofData	`75`
AddressOfRawData	`0xad2b8`
PointerToRawData	`0xac0b8`
Referenced File	C:\Users\erenk\Desktop\melwez\exeler\CraftRise.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Mar-24 16:04:09
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0xad304`
PointerToRawData	`0xac104`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Mar-24 16:04:09
Version	`0.0`
SizeofData	`932`
AddressOfRawData	`0xad318`
PointerToRawData	`0xac118`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2026-Mar-24 16:04:09
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x1400ad6e0`
EndAddressOfRawData	`0x1400ad6e8`
AddressOfIndex	`0x14016c970`
AddressOfCallbacks	`0x14009dae8`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1400bb040`

RICH Header

XOR Key	`0xaa9e7cca`
Unmarked objects	`0`
Imports (35403)	`4`
Imports (21202)	`2`
Imports (VS2008 SP1 build 30729)	`24`
ASM objects (35403)	`4`
C objects (35403)	`10`
C++ objects (35403)	`80`
Imports (33145)	`25`
Total imports	`377`
C++ objects (LTCG) (35727)	`14`
Resource objects (35727)	`1`
151	`1`
Linker (35727)	`1`

Errors

Leave a comment

No comments yet.