Manalyze report for 796431ea88971a71e1357e5f1d54fd88fe901ba836befee158b291b4a60bf6c6

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-May-15 14:27:33

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable` `Unusual section name found: .trace`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryExA LoadLibraryExW`
Suspicious	VirusTotal score: 2/70 (Scanned on 2026-05-15 17:45:51)	`Bkav: W32.Malware.AA137C44` `Elastic: malicious (moderate confidence)`

Hashes

MD5	`87df9ffaa0fc6bcebf2c20bb63d47d3f`
SHA1	`0c8641a97c68866956784d37f7af74353196b000`
SHA256	`796431ea88971a71e1357e5f1d54fd88fe901ba836befee158b291b4a60bf6c6`
SHA3	`49d3f05680e3dbab316308a37ab69b3fa842990dd69ed27d7a40dc7781d7ea05`
SSDeep	`12288:RY9Wwrvff58g512VeoAW6XHCixp0pzhzGTi/1WXto9+6nuB6b03hF9VQwQuQbqd:ejqg512VaxpU1q+/N09BpnQnJudM`
Imports Hash	`5d03505f0b49d9cf2da51ba6af12d28f`

DOS Header

e_magic	`MZ`
e_cblp	`0x78`
e_cp	`0x1`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0`
e_ss	`0`
e_sp	`0`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x78`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`9`
TimeDateStamp	2026-May-15 14:27:33
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x7a000`
SizeOfInitializedData	`0x6a400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000394B0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xed000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b87f1b96695f42208f84f7ba43456a83`
SHA1	`a5b507be9b05c70af6c92338925930d0fa972ff7`
SHA256	`de9237a34333ddb3370fa62da9c553205183ac13b5659b391b61d70f9ad84d50`
SHA3	`4c49d80d5e26e7045251bd5a5b454b76e861fb5cd471a266b4129801e11db130`
VirtualSize	`0x79e26`
VirtualAddress	`0x1000`
SizeOfRawData	`0x7a000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.67104`

.rdata

MD5	`d02a253545a6cb3babee667a1b3d86e1`
SHA1	`1027c1fd244fa6777cd9705168f3a883587bf46e`
SHA256	`9706e67b0c77b6f2da218ce92d95960c1b79694bdfa8c4d22a32bdac0b39ff0c`
SHA3	`8259de6e77ae030f0a2200c174f261f23cd184346cb41904c0b465b355067112`
VirtualSize	`0x5b954`
VirtualAddress	`0x7b000`
SizeOfRawData	`0x5ba00`
PointerToRawData	`0x7a400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.42558`

.data

MD5	`342bb7e6fc40e922a784e1bf656bdd43`
SHA1	`8c48309aec85bd0da99ba344e5c9dc16df5c6286`
SHA256	`e8ac57dc952a6351306eb3c7c26d3aa6dcb4610c796f33893cae39bbf1df25b6`
SHA3	`379d5c5649048a92e94d56bdd22b10e99b4459ef181820aa6d476d2083a49908`
VirtualSize	`0x81a4`
VirtualAddress	`0xd7000`
SizeOfRawData	`0x5800`
PointerToRawData	`0xd5e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.83213`

.pdata

MD5	`47fd0ee79d9e180b04b03aca7853a214`
SHA1	`14c7ddc2442dff91f77da957342b9faf01f29b79`
SHA256	`8605cf5948a8be70579221bf8efa53e0b70b749c545a406dc4cfe4b783216cfe`
SHA3	`804c66d0b147b5b028d965cbeeaab6bb04a58d881fbb1dba8fed50ebf0365fa5`
VirtualSize	`0x3390`
VirtualAddress	`0xe0000`
SizeOfRawData	`0x3400`
PointerToRawData	`0xdb600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.79251`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x100`
VirtualAddress	`0xe4000`
SizeOfRawData	`0x200`
PointerToRawData	`0xdea00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.tls

MD5	`1f354d76203061bfdd5a53dae48d5435`
SHA1	`aa0d33a0c854e073439067876e932688b65cb6a9`
SHA256	`4c6474903705cb450bb6434c29e8854f17d8324efca1fdb9ee9008599060883a`
SHA3	`991fbbd46bbd69198269fe6c247d440e0f8a7d38259b7a1e04b74790301d1d2b`
VirtualSize	`0x11`
VirtualAddress	`0xe5000`
SizeOfRawData	`0x200`
PointerToRawData	`0xdec00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0203931`

.trace

MD5	`5f1a446704a55b4606fb6cd3203068ba`
SHA1	`910cb29153c64dd42ac378238dd583a0569b18a8`
SHA256	`44710095e1ac2cae2b8bef8f630ffc9202a4a5bf224c4fe55a0073123af0550b`
SHA3	`3e18080644747c6c11b1a56323facb7ed14c6a886aafb88ae5f985dc68e12177`
VirtualSize	`0x2f3d`
VirtualAddress	`0xe6000`
SizeOfRawData	`0x3000`
PointerToRawData	`0xdee00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.45353`

_RDATA

MD5	`8a4ee1a28e6bdc80818cf31cca75b5b8`
SHA1	`ff5cc88655bc7880687745b4b627598134b5c9ca`
SHA256	`c286225070f82d1c22cbf53d549f935e1a8c5ad848dd488c8e21ff3f8d582040`
SHA3	`9a7207499e28920e154b807a209a07840b31043e3cb416a5e996bf105709a42a`
VirtualSize	`0x1400`
VirtualAddress	`0xe9000`
SizeOfRawData	`0x1400`
PointerToRawData	`0xe1e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.0995`

.reloc

MD5	`68ace022c35f9bc6f8fc619ef0e185df`
SHA1	`4599abcedf2bc4855c10ba375bafcc89adbab676`
SHA256	`c23cd12959244b4913adc7bb6c5f0ad12505791442c6dd3eeacba3fb9172a28b`
SHA3	`e57abba5d0b66efccd30395a58402cd0066485e2919252a78c8073c61b223788`
VirtualSize	`0x15c0`
VirtualAddress	`0xeb000`
SizeOfRawData	`0x1600`
PointerToRawData	`0xe3200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.5586`

Imports

KERNEL32.dll	`AcquireSRWLockExclusive` `CloseHandle` `CloseThreadpoolWork` `CompareStringW` `CreateFileW` `CreateThread` `CreateThreadpoolWork` `DecodePointer` `DeleteCriticalSection` `EncodePointer` `EnterCriticalSection` `EnumSystemLocalesW` `ExitProcess` `ExitThread` `FindClose` `FindFirstFileExW` `FindNextFileW` `FlsAlloc` `FlsFree` `FlsGetValue` `FlsSetValue` `FlushFileBuffers` `FormatMessageA` `FreeEnvironmentStringsW` `FreeLibrary` `FreeLibraryAndExitThread` `FreeLibraryWhenCallbackReturns` `GetACP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `GetConsoleMode` `GetConsoleOutputCP` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThreadId` `GetEnvironmentStringsW` `GetExitCodeThread` `GetFileSizeEx` `GetFileType` `GetLastError` `GetLocaleInfoW` `GetLogicalProcessorInformationEx` `GetModuleFileNameW` `GetModuleHandleExW` `GetModuleHandleW` `GetOEMCP` `GetProcAddress` `GetProcessHeap` `GetStartupInfoW` `GetStdHandle` `GetStringTypeW` `GetSystemTimeAsFileTime` `GetSystemTimePreciseAsFileTime` `GetThreadLocale` `GetUserDefaultLCID` `HeapAlloc` `HeapFree` `HeapReAlloc` `HeapSize` `InitOnceBeginInitialize` `InitOnceComplete` `InitializeCriticalSectionEx` `InitializeSListHead` `IsDebuggerPresent` `IsProcessorFeaturePresent` `IsValidCodePage` `IsValidLocale` `LCMapStringEx` `LCMapStringW` `LeaveCriticalSection` `LoadLibraryA` `LoadLibraryExA` `LoadLibraryExW` `LocalFree` `MultiByteToWideChar` `QueryPerformanceCounter` `QueryPerformanceFrequency` `RaiseException` `ReadConsoleW` `ReadFile` `ReleaseSRWLockExclusive` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlPcToFileHeader` `RtlUnwind` `RtlUnwindEx` `RtlVirtualUnwind` `SetEndOfFile` `SetEnvironmentVariableW` `SetFilePointerEx` `SetLastError` `SetStdHandle` `SetUnhandledExceptionFilter` `SleepConditionVariableSRW` `SubmitThreadpoolWork` `TerminateProcess` `TryAcquireSRWLockExclusive` `UnhandledExceptionFilter` `VirtualProtect` `WaitForSingleObjectEx` `WakeAllConditionVariable` `WakeConditionVariable` `WideCharToMultiByte` `WriteConsoleW` `WriteFile`

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-May-15 14:27:33
Version	`0.0`
SizeofData	`4`
AddressOfRawData	`0xd2668`
PointerToRawData	`0xd1a68`

IMAGE_DEBUG_TYPE_POGO (#2)

Characteristics	`0`
TimeDateStamp	2026-May-15 14:27:33
Version	`0.0`
SizeofData	`4`
AddressOfRawData	`0xd266c`
PointerToRawData	`0xd1a6c`

TLS Callbacks

StartAddressOfRawData	`0x1400e5000`
EndAddressOfRawData	`0x1400e5010`
AddressOfIndex	`0x1400dce68`
AddressOfCallbacks	`0x1400d2750`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1400d7140`

RICH Header

Errors

Leave a comment

No comments yet.