Manalyze report for 8403af23dcd879a6b7b0633eca9bb248235ce751533f0bfd125b3aa9400f3a8e

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-May-12 09:35:03

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: GetTempPathW CreateFileW` `Functions related to the privilege level: OpenProcessToken` `Enumerates local disk drives: GetDriveTypeW`
Suspicious	The file contains overlay data.	`8070610 bytes of data starting at offset 0x59600.` `The overlay data has an entropy of 7.99809 and is possibly compressed or encrypted.` `Overlay data amounts for 95.6609% of the executable.`
Malicious	VirusTotal score: 4/71 (Scanned on 2026-06-04 11:29:05)	`CrowdStrike: win/malicious_confidence_70% (D)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `SentinelOne: Static AI - Suspicious PE`

Hashes

MD5	`a65f93651d67cbe334baa3c4e336c575`
SHA1	`c4ac18abcea114250c28c983b2f4e87ee7b34cdb`
SHA256	`8403af23dcd879a6b7b0633eca9bb248235ce751533f0bfd125b3aa9400f3a8e`
SHA3	`ecce9d435485a099f8eb5e78496020ee24842f1dca24272ce887e1e8fd428e83`
SSDeep	`196608:cYmoNgECd1CEbvs+Hc/IDtT9OiNG+0pswtmJh:cGC/CMs+8ADtAiNj0OwEh`
Imports Hash	`351592d5ead6df0859b0cc0056827c95`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2026-May-12 09:35:03
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x2da00`
SizeOfInitializedData	`0x2b800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000000D4C0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x62000`
SizeOfHeaders	`0x400`
Checksum	`0x8140dc`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x1e8480`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`0a0db4bf7a70f17fc633dde750f90f8b`
SHA1	`7dae29a81cafbb8b73c2dda3bbded5571d22ceec`
SHA256	`751e3ad9ad222cc656b0393dcea8afd9b398ea5ad28f1e04c6e62bd7528382d9`
SHA3	`a1ea1c3c6e4ddbb7b44b6a6cffdea30ef33d15da1596b408999644811203c03c`
VirtualSize	`0x2d8c0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2da00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.47743`

.rdata

MD5	`7842a151451e9dcfaa615e504331657c`
SHA1	`6ff5390fb77ee7808f77cfcea9d9ef376242547a`
SHA256	`97a6d343822a3a6cf56d2af7fb7556f8a86540214643fe26ae715487662432fb`
SHA3	`b40b9c2cc711dba74104e8d5871e7aacc9ccf3f97f059a8ba88c037d0217d946`
VirtualSize	`0x1395a`
VirtualAddress	`0x2f000`
SizeOfRawData	`0x13a00`
PointerToRawData	`0x2de00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.76296`

.data

MD5	`b2a2b4610e1a32ff11d5f0a359ac8f88`
SHA1	`91f72167adf232b75e63611ee7e01703dc831c07`
SHA256	`47731e6e902f1d83980a1014f89201f13e5cb820552f93427aa9185c66b24ff0`
SHA3	`7eb386ecfca935ea9cb0d2ac955598d8053a514f990e72c8e6ccfc6df7f477a0`
VirtualSize	`0x50b0`
VirtualAddress	`0x43000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x41800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.82145`

.pdata

MD5	`52649c6e28253ec2cf107358a2752fa5`
SHA1	`8142661e67a908b517b825940c383a8882ade749`
SHA256	`07729761d991b1b0d918d103429e828afb95fc133208c5787f15c79fe7f245a2`
SHA3	`8b514a413eba2b9c6ef0787b62049c40237cd66abdbc10dbe76f848bce6b0562`
VirtualSize	`0x2478`
VirtualAddress	`0x49000`
SizeOfRawData	`0x2600`
PointerToRawData	`0x42600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.37288`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x100`
VirtualAddress	`0x4c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x44c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`3a4ffd5df5deaac50c5a5a7c85bf7541`
SHA1	`7cd4be4a45ce77ddbcb35bb7e82436d1765dc56c`
SHA256	`d39082692b366a52fc3bb89477ed8d06bc0e75c31d93bd397680b21da910a306`
SHA3	`a835ea6a271ffa9f132390a5eab864cdd673bb74546e18fd5c7743dc8534dbd0`
VirtualSize	`0x13fa8`
VirtualAddress	`0x4d000`
SizeOfRawData	`0x14000`
PointerToRawData	`0x44e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.98572`

.reloc

MD5	`a93b3a1977afcf926ff83c8ed4ffb307`
SHA1	`23054409d91f698f202b7543a8bf9c09685290a1`
SHA256	`9f37c1c4fe7bed8ea2c05a4b314b4d89de9ee8dd8c01cd62a16fb07294b43de9`
SHA3	`579067d8558813db899ca33eccf6d65513269c1106f72ebaeb985f4637bd71a1`
VirtualSize	`0x774`
VirtualAddress	`0x61000`
SizeOfRawData	`0x800`
PointerToRawData	`0x58e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.27138`

Imports

USER32.dll	`TranslateMessage` `ShutdownBlockReasonCreate` `GetWindowThreadProcessId` `SetWindowLongPtrW` `GetWindowLongPtrW` `MsgWaitForMultipleObjects` `ShowWindow` `DestroyWindow` `CreateWindowExW` `RegisterClassW` `DefWindowProcW` `PeekMessageW` `DispatchMessageW` `GetMessageW`
KERNEL32.dll	`GetTimeZoneInformation` `GetProcessHeap` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCPInfo` `GetOEMCP` `GetACP` `IsValidCodePage` `GetStringTypeW` `GetLastError` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `FormatMessageW` `GetModuleFileNameW` `SetDllDirectoryW` `CreateSymbolicLinkW` `SetErrorMode` `CreateDirectoryW` `GetCommandLineW` `GetEnvironmentVariableW` `ExpandEnvironmentStringsW` `DeleteFileW` `FindClose` `HeapSize` `FindNextFileW` `GetDriveTypeW` `RemoveDirectoryW` `GetTempPathW` `CloseHandle` `QueryPerformanceCounter` `QueryPerformanceFrequency` `WaitForSingleObject` `Sleep` `GetCurrentProcess` `GetCurrentProcessId` `TerminateProcess` `GetExitCodeProcess` `CreateProcessW` `GetStartupInfoW` `LocalFree` `SetConsoleCtrlHandler` `GetConsoleWindow` `K32EnumProcessModules` `K32GetModuleFileNameExW` `CreateFileW` `FindFirstFileExW` `GetFinalPathNameByHandleW` `MultiByteToWideChar` `WideCharToMultiByte` `GetFileAttributesExW` `HeapReAlloc` `WriteConsoleW` `SetEndOfFile` `FindFirstFileW` `GetModuleHandleW` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsProcessorFeaturePresent` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `RtlUnwindEx` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `EncodePointer` `RaiseException` `RtlPcToFileHeader` `GetFileInformationByHandle` `GetFileType` `PeekNamedPipe` `SystemTimeToTzSpecificLocalTime` `FileTimeToSystemTime` `ReadFile` `GetFullPathNameW` `SetStdHandle` `GetStdHandle` `WriteFile` `ExitProcess` `GetModuleHandleExW` `GetCommandLineA` `HeapFree` `GetConsoleMode` `ReadConsoleW` `SetFilePointerEx` `GetConsoleOutputCP` `GetFileSizeEx` `HeapAlloc` `GetCurrentDirectoryW` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `InitializeCriticalSectionEx` `VirtualProtect` `CompareStringW` `LCMapStringW` `FlushFileBuffers` `SetEnvironmentVariableW`
ADVAPI32.dll	`ConvertSidToStringSidW` `GetTokenInformation` `OpenProcessToken` `ConvertStringSecurityDescriptorToSecurityDescriptorW`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1399a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98723`
Detected Filetype	PNG graphic file
MD5	`2964e01562ab8e262d1c62dd3518a626`
SHA1	`185eeba410d0480f6940efa1480ea3340ef65586`
SHA256	`ded0b9f4695596174c76fb484bc2bb5c392b960a9257e71e2066287b4b44c7c0`
SHA3	`6bb96b9a5451c2e7f7b8f03e66062da2bcd6d8100d8e4906c49421d96cd92d00`

1 (#2)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.59047`
Detected Filetype	Icon file
MD5	`1f467514191d147bb47c87d38f64f483`
SHA1	`34f410fc00df3066801c45489dea86ad89147642`
SHA256	`0e8e691d0ed7ba1a1abe6accd7dd12ab8ae3ca08a1e597bf32c90f9f83f3e50d`
SHA3	`ffeae4b1a4303c69aaee054cf2860e767ba18cbc4636734b61dd5211d01c48b1`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x50d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.25791`
MD5	`84da8dee6b319ea0b10b6de5489c6aae`
SHA1	`5f8991f3e065fd95614859a293f88b9c70e4bb23`
SHA256	`abf8f2022f12f350789d961aceaf9ccfd53e7ec58d8c9934cfce77779b4eac11`
SHA3	`08f0562915b54bedce5a84e9d32cb2efcc538268785103b1852338e20a3b4606`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-May-12 09:35:03
Version	`0.0`
SizeofData	`816`
AddressOfRawData	`0x3f0f8`
PointerToRawData	`0x3def8`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140043040`
GuardCFCheckFunctionPointer	`5368902680`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0xdd17a4db`
Unmarked objects	`0`
C++ objects (33145)	`182`
C objects (33145)	`12`
ASM objects (33145)	`11`
253 (35207)	`3`
ASM objects (35207)	`9`
C objects (35207)	`17`
C++ objects (35207)	`40`
Imports (33145)	`7`
Total imports	`141`
C objects (35225)	`27`
Linker (35225)	`1`

Errors

Leave a comment

No comments yet.