Manalyze report for 7ddc8e15eca1ef4a2a848afb5c74ec1ea154db99c1012f00f35ef6b701e38d68

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-May-19 04:56:59
TLS Callbacks	3 callback(s) detected.

Plugin Output

Suspicious	PEiD Signature:	`HQR data file`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains another PE executable: This program cannot be run in DOS mode.` `Miscellaneous malware strings: cmd.exe` `Contains domain names: .value..de GoDaddy.com core..de core..net example.com fontello.com github.com http://fontello.com https://docs.rs https://example.com https://github.com https://registry.khronos.org https://registry.khronos.org/vulkan/specs/1.3-extensions/html/vkspec.html#devsandqueues-lost-device json..de json..value..de khronos.org openssl.org registry.khronos.org value..de`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to RC5 or RC6`
Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress LoadLibraryExW` `Functions which can be used for anti-debugging purposes: SwitchToThread CreateToolhelp32Snapshot` `Possibly launches other programs: CreateProcessW` `Uses Windows's Native API: NtOpenFile NtReadFile NtWriteFile NtCreateNamedPipeFile` `Can create temporary files: CreateFileW GetTempPathW` `Uses functions commonly found in keyloggers: GetForegroundWindow MapVirtualKeyA MapVirtualKeyW` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`807dc0cc0e84fb53c6b8c92d97c70bba`
SHA1	`a3965035009c71c10978061f786576d247281eb0`
SHA256	`7ddc8e15eca1ef4a2a848afb5c74ec1ea154db99c1012f00f35ef6b701e38d68`
SHA3	`b7aca1f1830dcd9adba54e6377bf14836ed69d973b0916cf10a05e306f35003f`
SSDeep	`98304:RyfkHhARvRR2ikrjJHlAZLnxDcJTbq8En4iGC+sNP2apc2q5HFCi:g/Qtb+twbqZ4iGCfPcqi`
Imports Hash	`3b74904a0b64548a15ba264d312ed3a6`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`9`
TimeDateStamp	2026-May-19 04:56:59
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0x396e00`
SizeOfInitializedData	`0x676200`
SizeOfUninitializedData	`0x400`
AddressOfEntryPoint	`0x0000000000001440 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0xa12000`
SizeOfHeaders	`0x400`
Checksum	`0xa16ac8`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`bc413f70e6e1d26c3b76488591ee3cd0`
SHA1	`5763a2bedddb70796c4e17690f3f0bf062d00905`
SHA256	`d94fc2b08317884d5787a6a1c911bc93b61d6cf5d4d2d8d129ed3214bf00a4f7`
SHA3	`bf27b68cf3caa28839ff9e8234a390ef7e92a1c816a5067b127638fe9015ccee`
VirtualSize	`0x396da0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x396e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.24404`

.data

MD5	`28fc5b2943fb8f795bfa68433abd0dbb`
SHA1	`4b16a8f07171fbf88ee267901adc614e08281fbc`
SHA256	`437de6d6715cca199d295d4a5f4333ef2feae9022632700b8046c81c457cf1f1`
SHA3	`07f92938590bf9a2547a0bc0c5f20dde93fad8bf2827f33261af684ff0b7c91c`
VirtualSize	`0x1b70`
VirtualAddress	`0x398000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0x397200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.424426`

.rdata

MD5	`713d9916009fe846692f44ae76104477`
SHA1	`951ba269048aec9249ba0c7804de744e7394679b`
SHA256	`9c26eb41488133be4386d6290b2c545411c33226f7bb132fbab6bd2991b40b64`
SHA3	`e710d9da0216a2a481f50e6a26b922d42740d5c61fcb0c540e4e498bf1ebcdc4`
VirtualSize	`0x617b20`
VirtualAddress	`0x39a000`
SizeOfRawData	`0x617c00`
PointerToRawData	`0x398e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.58611`

.pdata

MD5	`7ad5a2fca126809e84761a40f4edf34c`
SHA1	`51548b1568ce5484010fb73aac14ebee4ee68460`
SHA256	`079eb3e38418b54fc0cfc0a194bc879f040787203afd3e33f176434b2b1e32b5`
SHA3	`9000d1e51c8b378338a4454734cb55bab7af9fc6f0fe3b7f00b644a562887f1a`
VirtualSize	`0x15f3c`
VirtualAddress	`0x9b2000`
SizeOfRawData	`0x16000`
PointerToRawData	`0x9b0a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.46586`

.xdata

MD5	`f167bcfe41c856a981104938ea46c6e2`
SHA1	`4d3fa3c17b374c0a2ba286d9f4858391d126c382`
SHA256	`7c87450133615ec3a7d504ffa5d98a16e5bcf0295b784a1dd0974cc4be5da517`
SHA3	`d3a54efe7b93f29869d730b5ccc2c558863de5a05295a723ae6ae415c146d86a`
VirtualSize	`0x3e948`
VirtualAddress	`0x9c8000`
SizeOfRawData	`0x3ea00`
PointerToRawData	`0x9c6a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.90522`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x260`
VirtualAddress	`0xa07000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`e439f389e055a30267f34d0052c45ecd`
SHA1	`44ea11e607f2b55cb8905f63e886f187a09cf5af`
SHA256	`8813c86b364dcc9691bf0e3b1528a7396d0d1e1d20819d38ebbc5d3e4402c35b`
SHA3	`44cfb89beb66469c68a4f2276a893e3fe336a2bef738c2c30d3b4c88880ae4df`
VirtualSize	`0x29c0`
VirtualAddress	`0xa08000`
SizeOfRawData	`0x2a00`
PointerToRawData	`0xa05400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.46626`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x10`
VirtualAddress	`0xa0b000`
SizeOfRawData	`0x200`
PointerToRawData	`0xa07e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.reloc

MD5	`9b8dc030b3825799103ece5f99ece135`
SHA1	`5638398c17fca31b7e2c2ef664de16bd17839d12`
SHA256	`10d8a6d7cc1439dd4373df498aa71b3d359af1dd218450ae45c1d99886fa0679`
SHA3	`30d0dc7e2784e13451cdad5e09f69f10587e39ad9e06054c21212da0cad2affd`
VirtualSize	`0x522c`
VirtualAddress	`0xa0c000`
SizeOfRawData	`0x5400`
PointerToRawData	`0xa08000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.43126`

Imports

advapi32.dll	`SystemFunction036`
bcrypt.dll	`BCryptGenRandom`
d3dcompiler_47.dll	`D3DCompile`
dwmapi.dll	`DwmEnableBlurBehindWindow`
gdi32.dll	`CreateRectRgn` `DeleteObject` `GetDeviceCaps` `StretchDIBits`
imm32.dll	`ImmAssociateContextEx` `ImmGetCompositionStringW` `ImmGetContext` `ImmReleaseContext`
kernel32.dll	`AddVectoredExceptionHandler` `CancelIo` `CompareStringOrdinal` `CreateEventA` `CreateEventW` `CreateFileMappingW` `CreateFileW` `CreateProcessW` `CreateThread` `CreateWaitableTimerExW` `FormatMessageW` `FreeEnvironmentStringsW` `GetCurrentDirectoryW` `GetCurrentThreadId` `GetEnvironmentStringsW` `GetEnvironmentVariableW` `GetExitCodeProcess` `GetModuleHandleW` `GetOverlappedResult` `GetProcessHeap` `GetProcessId` `GetUserPreferredUILanguages` `GlobalAlloc` `GlobalLock` `GlobalSize` `GlobalUnlock` `HeapAlloc` `HeapFree` `HeapReAlloc` `InitOnceBeginInitialize` `InitOnceComplete` `MultiByteToWideChar` `QueryPerformanceCounter` `QueryPerformanceFrequency` `ReadFile` `ReadFileEx` `RemoveVectoredExceptionHandler` `SetThreadStackGuarantee` `SetUnhandledExceptionFilter` `SetWaitableTimer` `SleepEx` `SwitchToThread` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `VirtualProtect` `WaitForMultipleObjects` `WaitForSingleObject` `WriteFileEx`
ntdll.dll	`NtOpenFile` `NtReadFile` `NtWriteFile`
ole32.dll	`CoCreateInstance` `CoInitializeEx` `CoUninitialize` `OleInitialize` `RegisterDragDrop` `RevokeDragDrop`
oleaut32.dll	`GetErrorInfo`
shell32.dll	`DragFinish` `DragQueryFileW`
user32.dll	`AdjustWindowRectEx` `ChangeDisplaySettingsExW` `ClientToScreen` `ClipCursor` `CloseClipboard` `CloseTouchInputHandle` `CreateIcon` `CreateWindowExW` `DefWindowProcW` `DestroyIcon` `DestroyWindow` `DispatchMessageW` `EmptyClipboard` `EnableMenuItem` `FlashWindowEx` `GetActiveWindow` `GetClientRect` `GetClipCursor` `GetClipboardData` `GetCursorPos` `GetDC` `GetForegroundWindow` `GetKeyState` `GetKeyboardLayout` `GetKeyboardState` `GetMenu` `GetMessageW` `GetMonitorInfoW` `GetRawInputData` `GetSystemMenu` `GetSystemMetrics` `GetTouchInputInfo` `GetUpdateRect` `GetWindowLongPtrW` `GetWindowLongW` `GetWindowPlacement` `GetWindowRect` `InvalidateRgn` `IsIconic` `IsProcessDPIAware` `IsWindowVisible` `LoadCursorW` `MapVirtualKeyA` `MapVirtualKeyW` `MonitorFromPoint` `MonitorFromRect` `MonitorFromWindow` `MsgWaitForMultipleObjectsEx` `OpenClipboard` `PeekMessageW` `PostMessageW` `PostThreadMessageW` `RedrawWindow` `RegisterClassExW` `RegisterRawInputDevices` `RegisterTouchWindow` `RegisterWindowMessageA` `ReleaseCapture` `ScreenToClient` `SendInput` `SendMessageW` `SetCapture` `SetClipboardData` `SetCursor` `SetForegroundWindow` `SetWindowDisplayAffinity` `SetWindowLongPtrW` `SetWindowLongW` `SetWindowPlacement` `SetWindowPos` `SetWindowTextW` `ShowCursor` `ShowWindow` `SystemParametersInfoA` `ToUnicodeEx` `TrackMouseEvent` `TranslateMessage` `ValidateRect`
uxtheme.dll	`SetWindowTheme`
winmm.dll	`timeBeginPeriod` `timeEndPeriod` `timeGetDevCaps`
kernel32.dll (#2)	`AddVectoredExceptionHandler` `CancelIo` `CompareStringOrdinal` `CreateEventA` `CreateEventW` `CreateFileMappingW` `CreateFileW` `CreateProcessW` `CreateThread` `CreateWaitableTimerExW` `FormatMessageW` `FreeEnvironmentStringsW` `GetCurrentDirectoryW` `GetCurrentThreadId` `GetEnvironmentStringsW` `GetEnvironmentVariableW` `GetExitCodeProcess` `GetModuleHandleW` `GetOverlappedResult` `GetProcessHeap` `GetProcessId` `GetUserPreferredUILanguages` `GlobalAlloc` `GlobalLock` `GlobalSize` `GlobalUnlock` `HeapAlloc` `HeapFree` `HeapReAlloc` `InitOnceBeginInitialize` `InitOnceComplete` `MultiByteToWideChar` `QueryPerformanceCounter` `QueryPerformanceFrequency` `ReadFile` `ReadFileEx` `RemoveVectoredExceptionHandler` `SetThreadStackGuarantee` `SetUnhandledExceptionFilter` `SetWaitableTimer` `SleepEx` `SwitchToThread` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `VirtualProtect` `WaitForMultipleObjects` `WaitForSingleObject` `WriteFileEx`
kernel32.dll (#3)	`AddVectoredExceptionHandler` `CancelIo` `CompareStringOrdinal` `CreateEventA` `CreateEventW` `CreateFileMappingW` `CreateFileW` `CreateProcessW` `CreateThread` `CreateWaitableTimerExW` `FormatMessageW` `FreeEnvironmentStringsW` `GetCurrentDirectoryW` `GetCurrentThreadId` `GetEnvironmentStringsW` `GetEnvironmentVariableW` `GetExitCodeProcess` `GetModuleHandleW` `GetOverlappedResult` `GetProcessHeap` `GetProcessId` `GetUserPreferredUILanguages` `GlobalAlloc` `GlobalLock` `GlobalSize` `GlobalUnlock` `HeapAlloc` `HeapFree` `HeapReAlloc` `InitOnceBeginInitialize` `InitOnceComplete` `MultiByteToWideChar` `QueryPerformanceCounter` `QueryPerformanceFrequency` `ReadFile` `ReadFileEx` `RemoveVectoredExceptionHandler` `SetThreadStackGuarantee` `SetUnhandledExceptionFilter` `SetWaitableTimer` `SleepEx` `SwitchToThread` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `VirtualProtect` `WaitForMultipleObjects` `WaitForSingleObject` `WriteFileEx`
kernel32.dll (#4)	`AddVectoredExceptionHandler` `CancelIo` `CompareStringOrdinal` `CreateEventA` `CreateEventW` `CreateFileMappingW` `CreateFileW` `CreateProcessW` `CreateThread` `CreateWaitableTimerExW` `FormatMessageW` `FreeEnvironmentStringsW` `GetCurrentDirectoryW` `GetCurrentThreadId` `GetEnvironmentStringsW` `GetEnvironmentVariableW` `GetExitCodeProcess` `GetModuleHandleW` `GetOverlappedResult` `GetProcessHeap` `GetProcessId` `GetUserPreferredUILanguages` `GlobalAlloc` `GlobalLock` `GlobalSize` `GlobalUnlock` `HeapAlloc` `HeapFree` `HeapReAlloc` `InitOnceBeginInitialize` `InitOnceComplete` `MultiByteToWideChar` `QueryPerformanceCounter` `QueryPerformanceFrequency` `ReadFile` `ReadFileEx` `RemoveVectoredExceptionHandler` `SetThreadStackGuarantee` `SetUnhandledExceptionFilter` `SetWaitableTimer` `SleepEx` `SwitchToThread` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `VirtualProtect` `WaitForMultipleObjects` `WaitForSingleObject` `WriteFileEx`
api-ms-win-core-synch-l1-2-0.dll	`WaitOnAddress` `WakeByAddressAll` `WakeByAddressSingle`
bcryptprimitives.dll	`ProcessPrng`
kernel32.dll (#5)	`AddVectoredExceptionHandler` `CancelIo` `CompareStringOrdinal` `CreateEventA` `CreateEventW` `CreateFileMappingW` `CreateFileW` `CreateProcessW` `CreateThread` `CreateWaitableTimerExW` `FormatMessageW` `FreeEnvironmentStringsW` `GetCurrentDirectoryW` `GetCurrentThreadId` `GetEnvironmentStringsW` `GetEnvironmentVariableW` `GetExitCodeProcess` `GetModuleHandleW` `GetOverlappedResult` `GetProcessHeap` `GetProcessId` `GetUserPreferredUILanguages` `GlobalAlloc` `GlobalLock` `GlobalSize` `GlobalUnlock` `HeapAlloc` `HeapFree` `HeapReAlloc` `InitOnceBeginInitialize` `InitOnceComplete` `MultiByteToWideChar` `QueryPerformanceCounter` `QueryPerformanceFrequency` `ReadFile` `ReadFileEx` `RemoveVectoredExceptionHandler` `SetThreadStackGuarantee` `SetUnhandledExceptionFilter` `SetWaitableTimer` `SleepEx` `SwitchToThread` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `VirtualProtect` `WaitForMultipleObjects` `WaitForSingleObject` `WriteFileEx`
ntdll.dll (#2)	`NtOpenFile` `NtReadFile` `NtWriteFile`
oleaut32.dll (#2)	`GetErrorInfo`
KERNEL32.dll	`DeleteCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `LeaveCriticalSection` `RaiseException` `RtlUnwindEx` `VirtualQuery` `__C_specific_handler`
msvcrt.dll	`__getmainargs` `__initenv` `__iob_func` `__set_app_type` `__setusermatherr` `_amsg_exit` `_cexit` `_commode` `_errno` `_fmode` `_fpreset` `_hypot` `_initterm` `abort` `acos` `atexit` `calloc` `exit` `fflush` `fprintf` `free` `ldexp` `malloc` `memcmp` `memcpy` `memmove` `memset` `setvbuf` `signal` `strerror` `strlen` `strncmp` `tan` `vfprintf`
ntdll.dll (#3)	`NtOpenFile` `NtReadFile` `NtWriteFile`

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData	`0x140a0b000`
EndAddressOfRawData	`0x140a0b008`
AddressOfIndex	`0x140a0719c`
AddressOfCallbacks	`0x1409b1af0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x000000014015DAE0` `0x0000000140396BE0` `0x0000000140396BC0`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!

Leave a comment

No comments yet.