Manalyze report for 8fe715775b60b7c8d73113bd61ebf48a2d0d2363d44c3919194cc5d6d569c615

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Jun-01 00:59:32
Detected languages	English - United States
TLS Callbacks	2 callback(s) detected.

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Can access the registry: RegOpenKeyExA RegQueryValueExA RegSetValueExA RegCloseKey RegCreateKeyExA` `Uses functions commonly found in keyloggers: MapVirtualKeyA GetAsyncKeyState GetForegroundWindow` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc` `Has Internet access capabilities: WinHttpReceiveResponse WinHttpSendRequest WinHttpCrackUrl WinHttpOpen WinHttpCloseHandle WinHttpConnect WinHttpReadData WinHttpQueryDataAvailable WinHttpSetOption WinHttpSetTimeouts WinHttpOpenRequest` `Enumerates local disk drives: GetVolumeInformationA` `Reads the contents of the clipboard: GetClipboardData`
Malicious	VirusTotal score: 5/71 (Scanned on 2026-06-01 12:17:13)	`Cylance: Unsafe` `Cynet: Malicious (score: 100)` `Elastic: malicious (moderate confidence)` `Microsoft: Program:Win32/Wacapew.C!ml` `VBA32: suspected of Trojan.Downloader.gen`

Hashes

MD5	`b47c638818060f627f1dce140bc58570`
SHA1	`3314e8371268be737fc593db6a21c9d98b2529f8`
SHA256	`8fe715775b60b7c8d73113bd61ebf48a2d0d2363d44c3919194cc5d6d569c615`
SHA3	`684582d4ccdd12b4ec6cb292d91f21eefc785a7cd0a11ad4c0d5f4b340b89d05`
SSDeep	`12288:mCdbQsiG9Xp/nNojkkF8KCsIyvHx5ngilmnW5tty3Ih1XuV:mCNQs39Xp/nNojkkF8KCsZHxrmnWfty`
Imports Hash	`b5c262e6f8509aa7dc61166a4469d85b`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2026-Jun-01 00:59:32
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x79200`
SizeOfInitializedData	`0x23e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00055FE0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x7b000`
ImageBase	`0x10000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xa2000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`6efa685c788d0580d877a23968edbd51`
SHA1	`ea925d01b4dc7ab990a19d10695252fb9416048e`
SHA256	`fa5aca74a9adb27794d9d4b8b9ae79cce455820b0ecd4168d736d7c972b7ca80`
SHA3	`9c88c7c54c7caf0372df92e36a88d02547110522c46fe2eea1975b2702ca219f`
VirtualSize	`0x790a5`
VirtualAddress	`0x1000`
SizeOfRawData	`0x79200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.67223`

.rdata

MD5	`eff98ed696904065d23a68b9b4627e4c`
SHA1	`beba25dd0e238278b57198a663a554cd1acd0cb0`
SHA256	`43456c4b9c4c1bccea06d524986b18fc94e42950b00341c219f1f4b37d7a4c4c`
SHA3	`b2c5bba950cbf5dea66bc9768bb74f8ca6fb744f877025c2d1c3deb4c1d26de2`
VirtualSize	`0x1c560`
VirtualAddress	`0x7b000`
SizeOfRawData	`0x1c600`
PointerToRawData	`0x79600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.36939`

.data

MD5	`3452f82d5f66ef41c617b3df39b25859`
SHA1	`c8a53e52b6c8bfc93adde6b5ecc3f28468aea147`
SHA256	`f285ab451c2a4e4181e3595d7ad630bfbe00f1ecc1bee02373dea5a396c13d27`
SHA3	`76c89c9d1d6c4475b37549cbafa75bd33ec51d7961583f8c580ab5817477db04`
VirtualSize	`0x266c`
VirtualAddress	`0x98000`
SizeOfRawData	`0x1800`
PointerToRawData	`0x95c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.48102`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x80`
VirtualAddress	`0x9b000`
SizeOfRawData	`0x200`
PointerToRawData	`0x97400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`69bb76c629af30194eca17b94492e691`
SHA1	`345c21051ea7c797bbe6516398fb186ea5b60368`
SHA256	`0fe07e585a6bc76ac2f9bac9f57bad8666fa251ed2274b2f543c79a6f43c9fbd`
SHA3	`1017d58137700d285ff38c82f3bd928954237cf462cbae53196c2daaf76afbe4`
VirtualSize	`0x1e0`
VirtualAddress	`0x9c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x97600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.72082`

.reloc

MD5	`af071fca254b7293eee7be4259f2a78b`
SHA1	`01cd168341be238d00dee0cd17db07dbd0321c23`
SHA256	`0c72358a7b843d5ec08a211c5c8345caa749488c4b026d740bd89703e3a9895e`
SHA3	`039fab1edee5b414e3930f1f0747ec59af94f3a7556677ed87c5f420918aa96b`
VirtualSize	`0x4a48`
VirtualAddress	`0x9d000`
SizeOfRawData	`0x4c00`
PointerToRawData	`0x97800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.68539`

Imports

d3d9.dll	`Direct3DCreate9`
USER32.dll	`wsprintfA` `MessageBoxA` `CallWindowProcA` `PostMessageA` `MapVirtualKeyA` `GetAsyncKeyState` `OpenClipboard` `CloseClipboard` `SetClipboardData` `GetClipboardData` `EmptyClipboard` `GetKeyboardLayout` `TrackMouseEvent` `GetMessageExtraInfo` `GetKeyState` `GetForegroundWindow` `SetWindowLongA` `GetCapture` `SetCapture` `SetCursor` `ReleaseCapture` `LoadCursorA` `ScreenToClient` `ClientToScreen` `GetCursorPos` `IsWindowUnicode` `SetCursorPos` `GetClientRect` `GetDesktopWindow`
KERNEL32.dll	`GetACP` `IsValidCodePage` `FindNextFileW` `FindFirstFileExW` `FindClose` `GetFileSizeEx` `SetFilePointerEx` `ReadConsoleW` `LCMapStringW` `LoadLibraryExW` `GetConsoleMode` `GetConsoleOutputCP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `GetEnvironmentVariableA` `DeleteFileA` `CloseHandle` `Sleep` `CreateThread` `DisableThreadLibraryCalls` `GetModuleHandleA` `GetTickCount64` `CreateFileA` `ReadFile` `WaitForSingleObject` `GetTickCount` `GetCurrentProcess` `GetCurrentThreadId` `K32GetModuleInformation` `VirtualQuery` `VirtualQueryEx` `FlushFileBuffers` `WriteFile` `AddVectoredExceptionHandler` `VirtualProtect` `CreateDirectoryA` `OutputDebugStringA` `SetUnhandledExceptionFilter` `GetLastError` `GetEnvironmentStringsW` `ExitProcess` `TerminateProcess` `GetLocalTime` `GetModuleFileNameA` `GetModuleHandleExA` `GetProcAddress` `QueryFullProcessImageNameA` `MapViewOfFile` `UnmapViewOfFile` `CreateFileMappingA` `GetVolumeInformationA` `GlobalAlloc` `GlobalUnlock` `GlobalLock` `GlobalFree` `MultiByteToWideChar` `WideCharToMultiByte` `QueryPerformanceCounter` `QueryPerformanceFrequency` `FreeLibrary` `LoadLibraryA` `GetLocaleInfoA` `VirtualAlloc` `VirtualFree` `HeapCreate` `HeapDestroy` `HeapAlloc` `HeapReAlloc` `HeapFree` `OpenThread` `SuspendThread` `ResumeThread` `GetThreadContext` `SetThreadContext` `FlushInstructionCache` `GetModuleHandleW` `CreateToolhelp32Snapshot` `WriteConsoleW` `Thread32Next` `DecodePointer` `FreeEnvironmentStringsW` `GetProcessHeap` `CreateFileW` `GetStringTypeW` `GetStdHandle` `UnhandledExceptionFilter` `IsDebuggerPresent` `GetModuleFileNameW` `GetModuleHandleExW` `GetFileType` `SetStdHandle` `DeleteCriticalSection` `InitializeCriticalSectionEx` `LeaveCriticalSection` `EnterCriticalSection` `EncodePointer` `FlsFree` `FlsSetValue` `FlsGetValue` `HeapSize` `SetEndOfFile` `GetCurrentProcessId` `Thread32First` `FlsAlloc` `SetLastError` `InterlockedFlushSList` `IsProcessorFeaturePresent` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `GetStartupInfoW` `GetSystemTimeAsFileTime` `InitializeSListHead` `TryAcquireSRWLockExclusive` `GetSystemTimePreciseAsFileTime` `RaiseException` `RtlUnwind`
ADVAPI32.dll	`RegOpenKeyExA` `RegQueryValueExA` `RegSetValueExA` `RegCloseKey` `RegCreateKeyExA`
WINMM.dll	`timeBeginPeriod`
dbghelp.dll	`MiniDumpWriteDump`
WINHTTP.dll	`WinHttpReceiveResponse` `WinHttpSendRequest` `WinHttpCrackUrl` `WinHttpOpen` `WinHttpCloseHandle` `WinHttpConnect` `WinHttpReadData` `WinHttpQueryDataAvailable` `WinHttpSetOption` `WinHttpSetTimeouts` `WinHttpOpenRequest`
IMM32.dll	`ImmSetCandidateWindow` `ImmReleaseContext` `ImmSetCompositionWindow` `ImmGetContext`

Delayed Imports

_Initialize@0

Ordinal	`1`
Address	`0x1f00`

_MSPGetVersion@0

Ordinal	`2`
Address	`0x1f00`

_Start@0

Ordinal	`3`
Address	`0x1f00`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Jun-01 00:59:32
Version	`0.0`
SizeofData	`980`
AddressOfRawData	`0x9404c`
PointerToRawData	`0x9264c`

TLS Callbacks

StartAddressOfRawData	`0x10094430`
EndAddressOfRawData	`0x10094568`
AddressOfIndex	`0x1009a01c`
AddressOfCallbacks	`0x1007b344`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`0x100557C0` `0x100556D0`

Load Configuration

Size	`0xc0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x10098c40`
SEHandlerTable	`0x10093e2c`
SEHandlerCount	`88`

RICH Header

XOR Key	`0xb46e65f2`
Unmarked objects	`0`
ASM objects (33145)	`35`
C++ objects (33145)	`164`
C objects (33145)	`25`
ASM objects (35721)	`24`
C objects (35721)	`15`
C++ objects (35721)	`45`
Imports (33145)	`21`
Total imports	`202`
C++ objects (36246)	`26`
C objects (36246)	`4`
Exports (36246)	`1`
Resource objects (36246)	`1`
Linker (36246)	`1`

Errors

Leave a comment

No comments yet.