Manalyze report for 9194048ff0d6c9e69f56db87a60b467ec487382bc43ee4b520e7461b3e596fcb

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-Jun-27 01:10:30
Detected languages	English - United States
Debug artifacts	D:\Aplicativos\Projeto\[DOWNLOAD]\[Projeto]\[OUTROS]\[ARQUIVOS]\Internal C++\examples\example_win32_directx11\Release\DOKO-Team.pdb

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Info	Interesting strings found in the binary:	`Contains domain names: casedieresis.cn casetilde.cn commaaccentright.cn cyrillictail.cn cyrillictic.cn github.com http://scripts.sil.org http://scripts.sil.org/OFLThis http://scripts.sil.org/OFLhttps https://github.com https://rsms.me koronisaccentleft.cn scripts.sil.org tildecross.cn`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowA` `Possibly launches other programs: CreateProcessA system` `Uses functions commonly found in keyloggers: GetAsyncKeyState GetForegroundWindow` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Manipulates other processes: Process32First OpenProcess Process32Next` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`c970225ad06f85186225ffcd70f70de3`
SHA1	`452928efaa525164dbe5ffe020613ab1cd59cb7a`
SHA256	`9194048ff0d6c9e69f56db87a60b467ec487382bc43ee4b520e7461b3e596fcb`
SHA3	`321f0794758c79b07dc52b6fe2fb188fb1f8f56bc41040ab60057013d6d6dc3a`
SSDeep	`24576:J3+0xY977SHJqEMfuhD6onj+1hPqIP93JDZvcJ069ZpznW9aagTl:J3+r+pqpuheq8qIJJDUFngapl`
Imports Hash	`63a7521435efced3ee657a039705883e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x128`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2026-Jun-27 01:10:30
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xd1200`
SizeOfInitializedData	`0xb5200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000D0728 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x18a000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`203f53acd27315dee463fa3235be620d`
SHA1	`9abced50c75670c150133490e4300bca2019cabf`
SHA256	`cb9da8c6a99c87ff82d48c15aa9ec6c5fd8c5c0b4d881b4df3c40dabe7ed3481`
SHA3	`6cb54d8e1c72df31e339172515dd89df6880c4f5fbd299b23a01e7f096c3c966`
VirtualSize	`0xd1110`
VirtualAddress	`0x1000`
SizeOfRawData	`0xd1200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.55267`

.rdata

MD5	`24f9f12fdf15bbe8970a54bb943420aa`
SHA1	`78d82af4a9c30988819e198cb3679ef9b5fea782`
SHA256	`dde800d51f05cc6c23fa07ad5ec0e587995059b2f60f56cf0c6c31c032cacccb`
SHA3	`aeb5c8f442e0fb01cae56ee83c1e9c66f1b2bc1ae043a327ce92c4e7a2f2620b`
VirtualSize	`0x4fc10`
VirtualAddress	`0xd3000`
SizeOfRawData	`0x4fe00`
PointerToRawData	`0xd1600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.12013`

.data

MD5	`c31136ecd91c44e9d9fb220e7006fd75`
SHA1	`12f7203bc16883989d8b7046f9c0332477721227`
SHA256	`0250d8cecf78dbb550c94e81fe3ba8880bf182a2538ea6d045a2506971a94a18`
SHA3	`d0e39a374b156341952152ab65b78e00d085988e62830cbda35be180144be950`
VirtualSize	`0x5a598`
VirtualAddress	`0x123000`
SizeOfRawData	`0x54a00`
PointerToRawData	`0x121400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.44079`

.pdata

MD5	`7e757ee8a5addf4555c8d4ff9e64535d`
SHA1	`6089004bb81714a67b6a7dfadf764ad51ce49f0a`
SHA256	`c2cdd0cea661778c6dd0f31db9e682d527786c492b657a3914233458dac22172`
SHA3	`b728a318af40aa7f7f5a7384fe8cf67c637af42a61d212e629203daf939d2403`
VirtualSize	`0x9b7c`
VirtualAddress	`0x17e000`
SizeOfRawData	`0x9c00`
PointerToRawData	`0x175e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.0327`

.rsrc

MD5	`cdf879cac12b2b9112290a85739fca73`
SHA1	`8664d15a84def1146e69fab19f862b18fc9e41f6`
SHA256	`ee5bb281919cb163516d78f1620b4989ef00f8c8d2d45370896423e23cc76bc7`
SHA3	`745086d59f29124a00e9d64a62e10ce49e4b2d98a4e81251943dc088489c1394`
VirtualSize	`0x1e0`
VirtualAddress	`0x188000`
SizeOfRawData	`0x200`
PointerToRawData	`0x17fa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.71397`

.reloc

MD5	`6b55debed3f54fb4b64a1c0624c14082`
SHA1	`947a1d51701366ae673641c31a6083b6fe4fb946`
SHA256	`c995b2bd33d7e642b682cce5c9c7f92fe445eaae4ae0876c0e62024d5b27c772`
SHA3	`ab89cc791da80c7357bf5ef2a76c74333fc63fd7215acfafca6e7a3a032c4847`
VirtualSize	`0xe4c`
VirtualAddress	`0x189000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x17fc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.14312`

Imports

d3d11.dll	`D3D11CreateDeviceAndSwapChain`
D3DCOMPILER_43.dll	`D3DCompile`
KERNEL32.dll	`LoadLibraryA` `QueryPerformanceFrequency` `GetProcAddress` `FreeLibrary` `QueryPerformanceCounter` `VirtualFree` `VirtualAlloc` `GetSystemInfo` `VirtualQuery` `HeapCreate` `VirtualProtect` `HeapFree` `GetCurrentProcess` `Thread32Next` `Thread32First` `GetCurrentThreadId` `SuspendThread` `ResumeThread` `CreateToolhelp32Snapshot` `Sleep` `GetLastError` `HeapReAlloc` `CloseHandle` `HeapAlloc` `HeapDestroy` `GetThreadContext` `GetCurrentProcessId` `FlushInstructionCache` `SetThreadContext` `OpenThread` `ReadFile` `GetModuleFileNameA` `Process32First` `SetHandleInformation` `GlobalFree` `GetModuleHandleA` `CreatePipe` `WaitForSingleObject` `FreeLibraryAndExitThread` `OpenProcess` `SetCurrentDirectoryA` `GetTickCount64` `DisableThreadLibraryCalls` `Process32Next` `CreateThread` `CreateProcessA` `GlobalAlloc` `GetFileSizeEx` `MapViewOfFile` `UnmapViewOfFile` `CreateFileMappingA` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `SleepConditionVariableSRW` `WakeAllConditionVariable` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsProcessorFeaturePresent` `IsDebuggerPresent` `GetSystemTimeAsFileTime` `InitializeSListHead` `GetLocaleInfoA` `GlobalUnlock` `WideCharToMultiByte` `TerminateProcess` `GlobalLock` `MultiByteToWideChar` `CreateFileA` `WriteFile`
USER32.dll	`TranslateMessage` `LoadIconA` `PeekMessageA` `GetWindowLongPtrA` `PostQuitMessage` `GetDesktopWindow` `SetWindowLongPtrA` `SetLayeredWindowAttributes` `FindWindowA` `UpdateWindow` `GetKeyState` `GetMessageExtraInfo` `GetClipboardData` `EmptyClipboard` `CloseClipboard` `OpenClipboard` `GetCursorPos` `SetCursorPos` `ReleaseCapture` `IsWindowUnicode` `MessageBoxA` `GetWindowTextA` `FindWindowExA` `RedrawWindow` `ShowWindow` `RegisterClassExW` `UnregisterClassW` `GetSystemMetrics` `CreateWindowExW` `PostMessageA` `SetClipboardData` `EnumChildWindows` `MessageBoxW` `DestroyWindow` `GetWindowRect` `DispatchMessageA` `DefWindowProcW` `GetWindowThreadProcessId` `GetAsyncKeyState` `GetClientRect` `SetCursor` `SetCapture` `GetForegroundWindow` `GetKeyboardLayout` `TrackMouseEvent` `ClientToScreen` `GetCapture` `ScreenToClient` `LoadCursorA`
GDI32.dll	`GetStockObject`
MSVCP140.dll	`??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z` `?good@ios_base@std@@QEBA_NXZ` `?_Xlength_error@std@@YAXPEBD@Z` `?_Xout_of_range@std@@YAXPEBD@Z` `_Query_perf_frequency` `?uncaught_exceptions@std@@YAHXZ` `?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `_Query_perf_counter` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z`
IMM32.dll	`ImmSetCandidateWindow` `ImmReleaseContext` `ImmGetContext` `ImmSetCompositionWindow`
dwmapi.dll	`DwmExtendFrameIntoClientArea`
d3dx11_43.dll	`D3DX11CreateShaderResourceViewFromMemory`
OPENGL32.dll	`wglGetProcAddress` `wglGetCurrentDC` `glGetString` `glDisable` `glDrawElements` `glBegin` `glColorMask` `glBlendFunc` `glLineWidth` `glEnd` `glVertex3f` `glEnable` `glPolygonMode` `glDepthRange` `glPopMatrix` `glGetIntegerv` `glTexImage2D` `glTexParameteri` `glGenTextures` `glBindTexture` `glPushMatrix`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`__current_exception` `__current_exception_context` `__intrinsic_setjmp` `_CxxThrowException` `__std_type_info_destroy_list` `__std_exception_destroy` `__std_exception_copy` `__std_terminate` `__C_specific_handler` `memcmp` `memchr` `memset` `memmove` `memcpy` `longjmp` `strrchr` `strstr`
api-ms-win-crt-stdio-l1-1-0.dll	`__acrt_iob_func` `__stdio_common_vsprintf_s` `fclose` `fseek` `ftell` `__stdio_common_vsscanf` `fread` `__stdio_common_vsprintf` `_wfopen` `fwrite` `__stdio_common_vfprintf` `fflush`
api-ms-win-crt-runtime-l1-1-0.dll	`_crt_atexit` `_cexit` `_initterm` `_initterm_e` `_execute_onexit_table` `_beginthreadex` `_invoke_watson` `_initialize_onexit_table` `_initialize_narrow_environment` `_wassert` `_configure_narrow_argv` `_seh_filter_dll` `system` `_register_onexit_function` `terminate`
api-ms-win-crt-utility-l1-1-0.dll	`qsort`
api-ms-win-crt-string-l1-1-0.dll	`strncmp` `strcpy_s` `strcmp` `strncpy`
api-ms-win-crt-heap-l1-1-0.dll	`malloc` `free` `_callnewh`
api-ms-win-crt-convert-l1-1-0.dll	`strtoull` `strtol`
api-ms-win-crt-multibyte-l1-1-0.dll	`_mbsicmp`
api-ms-win-crt-math-l1-1-0.dll	`powf` `sin` `sinf` `logf` `ceilf` `sqrtf` `cosf` `acosf`

Delayed Imports

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Jun-27 01:10:30
Version	`0.0`
SizeofData	`156`
AddressOfRawData	`0x113db4`
PointerToRawData	`0x1123b4`
Referenced File	D:\Aplicativos\Projeto\[DOWNLOAD]\[Projeto]\[OUTROS]\[ARQUIVOS]\Internal C++\examples\example_win32_directx11\Release\DOKO-Team.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Jun-27 01:10:30
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x113e50`
PointerToRawData	`0x112450`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Jun-27 01:10:30
Version	`0.0`
SizeofData	`832`
AddressOfRawData	`0x113e64`
PointerToRawData	`0x112464`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2026-Jun-27 01:10:30
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x1801141c8`
EndAddressOfRawData	`0x1801141d0`
AddressOfIndex	`0x18017ce38`
AddressOfCallbacks	`0x1800d3978`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x180123080`

RICH Header

XOR Key	`0x4af2a025`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`18`
Imports (VS2012 build 50727 / VS2005 build 50727)	`2`
253 (35207)	`1`
ASM objects (35207)	`4`
C objects (35207)	`8`
C++ objects (35207)	`24`
Imports (35207)	`6`
C objects (VS2022 Update 1 (17.1.6) compiler 31107)	`26`
Imports (35222)	`12`
Imports (21202)	`7`
Total imports	`312`
C objects (VS2015 build 23026)	`1`
C++ objects (LTCG) (35228)	`16`
Resource objects (35228)	`1`
Linker (35228)	`1`

Errors

Leave a comment

No comments yet.