Manalyze report for 89f9b43eb0382538638418932dec03f1e3398cf2d38a73d470d0b910fcac0d09

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Apr-18 01:28:54
Detected languages	English - United States
Debug artifacts	C:\Users\Admin\Downloads\ext-5m-main\ext-5m-main\x64\Release\cheat.pdb

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: crl.microsoft.com http://crl.microsoft.com http://crl.microsoft.com/pki/crl/products/CodeSignPCA.crl0 http://ocsp.verisign.com http://ocsp.verisign.com/ocsp/status0 http://www.microsoft.com http://www.microsoft.com/typography http://www.microsoft.com/typographyNormalNormaaliNormalNorm https://www.verisign.com https://www.verisign.com/rpa https://www.verisign.com/rpa0 microsoft.com ocsp.verisign.com verisign.com www.microsoft.com www.verisign.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress LoadLibraryExW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowA` `Uses functions commonly found in keyloggers: GetAsyncKeyState GetForegroundWindow` `Manipulates other processes: WriteProcessMemory OpenProcess ReadProcessMemory` `Reads the contents of the clipboard: GetClipboardData`
Malicious	VirusTotal score: 19/72 (Scanned on 2026-04-06 15:12:40)	`APEX: Malicious` `CTX: exe.trojan.generic` `CrowdStrike: win/malicious_confidence_90% (W)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `Elastic: malicious (high confidence)` `Fortinet: PossibleThreat.PALLAS.M` `Google: Detected` `Gridinsoft: Malware.Win64.Gen.cl` `Ikarus: Riskware.Win32.Hacktool` `Lionic: Trojan.Win32.Generic.4!c` `McAfeeD: ti!89F9B43EB038` `Microsoft: Adware:Win32/Tnega` `Paloalto: generic.ml` `SentinelOne: Static AI - Suspicious PE` `Sophos: Generic Reputation PUA (PUA)` `Symantec: ML.Attribute.HighConfidence` `TrellixENS: Artemis!2D3D9A404716` `Varist: W64/ABRisk.UTZM-0172`

Hashes

MD5	`2d3d9a404716f12ad28bb1e098e7d081`
SHA1	`5b129f50c1332a49f4567c057442970e1809666e`
SHA256	`89f9b43eb0382538638418932dec03f1e3398cf2d38a73d470d0b910fcac0d09`
SHA3	`33c485207c66e4a3d152c020cfa0f4fdf0db466e69b8982d5e289be16941470e`
SSDeep	`24576:kVr4hLka7952ruFkO/SG3HnxCiOJKyX4C89LT:kVk7L26Fz3nQVJKUB89`
Imports Hash	`ad3708e60acc9e5fb54b8b05931c64af`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2025-Apr-18 01:28:54
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x6f800`
SizeOfInitializedData	`0x71a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000004A970 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xe5000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`7849a9242330b262ccdd9eabe311d751`
SHA1	`f5e80cdd9b1a0ec2675e2d1d504cade30cf79a6d`
SHA256	`f0e9e067656b41f1cb62725b17236e84b76c3a3d3131f72104e645a2d2b7e81e`
SHA3	`5a35ba27efd5199a8919f7dfaee79dab44ba8586fc2c93c31f1cf29fb69e5123`
VirtualSize	`0x6f69c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x6f800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.59405`

.rdata

MD5	`e192c730748cf3203061eb8dee646a87`
SHA1	`47453263ed80051bc5734387ce453f60d1076dee`
SHA256	`fbfcd1df54465219181e47812f3994d774d848484a9486b04aaf7e1df4c7873d`
SHA3	`73412759bca060df16928aa4da808db461717b73e52a57981de43f558dbb5c6a`
VirtualSize	`0x1d682`
VirtualAddress	`0x71000`
SizeOfRawData	`0x1d800`
PointerToRawData	`0x6fc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.87798`

.data

MD5	`e4b02c9da0883dbce0485555c256afd7`
SHA1	`3ffc58a785bb555478224eda57890ea2c2703458`
SHA256	`467f7189efb0bceac8cdc29d47ea5b5ba5c1f696047449c02109398a7f321f73`
SHA3	`35d50abb95f1dd37c2b6dda74a38bef324f8e10b96b60ab112a6956416a3ccb5`
VirtualSize	`0x4e9c4`
VirtualAddress	`0x8f000`
SizeOfRawData	`0x4ce00`
PointerToRawData	`0x8d400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.79922`

.pdata

MD5	`d55d34556edfeca9ea661f8a908b9500`
SHA1	`f24dc7491cff4c9def1f211719514c41452cca8b`
SHA256	`43c5cf76a9c746c0035bd4539561a2af40700e52cc469438a0acde997cbdbc12`
SHA3	`35634b339295a14bd964d56e55a33b710d35474ce95a7517f2e9d183cf2dfe4b`
VirtualSize	`0x4b60`
VirtualAddress	`0xde000`
SizeOfRawData	`0x4c00`
PointerToRawData	`0xda200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.79973`

.rsrc

MD5	`e86f9ac1bbfdbd8f0ea5582e779bf245`
SHA1	`4a6ddae2826a300b4a9a3ade25a4ddba0a904bc6`
SHA256	`20f9761d337da736e99f1f67d775addc1f5b7fe0b6ce481a66baeb414a525ecb`
SHA3	`98d28c4fb2591ee13c71b092d4ccf1a8a455b28504f1a7f3c703c8742be4bc00`
VirtualSize	`0x1e0`
VirtualAddress	`0xe3000`
SizeOfRawData	`0x200`
PointerToRawData	`0xdee00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.71134`

.reloc

MD5	`a53d7164d5b87d7f81d512f1b79d3159`
SHA1	`888c92df7541580abe887591909b5dbfecef1071`
SHA256	`c8f710f89cd7af41d52bb2e61e774b27a79bf7658091490fa3c95c31e33154a6`
SHA3	`fd7f10d1ff96be88c50e149af9484ca4c61d2c7c25cfef1b5d434c41d67e1740`
VirtualSize	`0x974`
VirtualAddress	`0xe4000`
SizeOfRawData	`0xa00`
PointerToRawData	`0xdf000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.33422`

Imports

KERNEL32.dll	`LoadLibraryA` `QueryPerformanceFrequency` `GetProcAddress` `FreeLibrary` `QueryPerformanceCounter` `WriteProcessMemory` `OpenProcess` `CreateToolhelp32Snapshot` `Module32FirstW` `Module32NextW` `VirtualProtectEx` `VirtualQueryEx` `SetEndOfFile` `WriteConsoleW` `HeapReAlloc` `HeapSize` `CreateFileW` `GetStringTypeW` `SetStdHandle` `GetProcessHeap` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCommandLineW` `GetCommandLineA` `GetCPInfo` `GetOEMCP` `GetLocaleInfoA` `IsValidCodePage` `FindNextFileW` `FindFirstFileExW` `FindClose` `GetFileSizeEx` `GetConsoleOutputCP` `FlushFileBuffers` `GetFileType` `ReadConsoleW` `GetConsoleMode` `SetFilePointerEx` `LCMapStringW` `FlsFree` `FlsSetValue` `FlsGetValue` `FlsAlloc` `HeapFree` `GetModuleHandleA` `GlobalUnlock` `WideCharToMultiByte` `GlobalLock` `HeapAlloc` `WriteFile` `GetStdHandle` `GetModuleFileNameW` `GlobalFree` `GlobalAlloc` `MultiByteToWideChar` `GetExitCodeProcess` `ReadProcessMemory` `GetACP` `CloseHandle` `ExitProcess` `ReadFile` `GetModuleHandleExW` `FreeLibraryAndExitThread` `ExitThread` `CreateThread` `LoadLibraryExW` `GetCurrentThreadId` `Sleep` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `TryAcquireSRWLockExclusive` `SleepConditionVariableSRW` `WakeAllConditionVariable` `GetSystemTimeAsFileTime` `GetModuleHandleW` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `IsDebuggerPresent` `GetStartupInfoW` `GetCurrentProcessId` `InitializeSListHead` `RtlUnwindEx` `RtlPcToFileHeader` `RaiseException` `GetLastError` `SetLastError` `EncodePointer` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree`
USER32.dll	`GetAsyncKeyState` `SetClipboardData` `GetClipboardData` `EmptyClipboard` `CloseClipboard` `OpenClipboard` `GetCursorPos` `SetCursorPos` `ReleaseCapture` `IsWindowUnicode` `DefWindowProcW` `GetWindowRect` `DestroyWindow` `CreateWindowExW` `UnregisterClassW` `RegisterClassExW` `ShowWindow` `DispatchMessageW` `PeekMessageW` `SetLayeredWindowAttributes` `TranslateMessage` `SetWindowLongW` `UpdateWindow` `GetWindowThreadProcessId` `FindWindowA` `GetKeyState` `GetMessageExtraInfo` `ScreenToClient` `GetCapture` `ClientToScreen` `TrackMouseEvent` `GetKeyboardLayout` `GetForegroundWindow` `LoadCursorW` `SetCapture` `SetCursor` `GetClientRect`
d3dx9_43.dll	`D3DXMatrixTranspose`
d3d11.dll	`D3D11CreateDeviceAndSwapChain`
IMM32.dll	`ImmSetCandidateWindow` `ImmSetCompositionWindow` `ImmReleaseContext` `ImmGetContext`
D3DCOMPILER_47.dll	`D3DCompile`
dwmapi.dll	`DwmExtendFrameIntoClientArea`
WINMM.dll	`timeEndPeriod` `timeBeginPeriod`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Apr-18 01:28:54
Version	`0.0`
SizeofData	`95`
AddressOfRawData	`0x864fc`
PointerToRawData	`0x850fc`
Referenced File	C:\Users\Admin\Downloads\ext-5m-main\ext-5m-main\x64\Release\cheat.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Apr-18 01:28:54
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x8655c`
PointerToRawData	`0x8515c`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Apr-18 01:28:54
Version	`0.0`
SizeofData	`992`
AddressOfRawData	`0x86570`
PointerToRawData	`0x85170`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2025-Apr-18 01:28:54
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x140086998`
EndAddressOfRawData	`0x1400869a0`
AddressOfIndex	`0x1400dc62c`
AddressOfCallbacks	`0x1400715a0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14008f080`

RICH Header

XOR Key	`0xe3c5a6c4`
Unmarked objects	`0`
ASM objects (30795)	`23`
C++ objects (30795)	`162`
C objects (30795)	`17`
ASM objects (34321)	`10`
C objects (34321)	`17`
C++ objects (34321)	`60`
Imports (21202)	`2`
Imports (30795)	`17`
Total imports	`204`
C++ objects (LTCG) (34810)	`17`
Resource objects (34810)	`1`
Linker (34810)	`1`

Errors

Leave a comment

No comments yet.