Manalyze report for 91c69e3894e5c43072f173cc76ca2d8e0fe8434e93374ea44ada81ee24a3aaa0

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Nov-16 01:43:08
Detected languages	English - United States
TLS Callbacks	2 callback(s) detected.

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .buildid`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryW`
Suspicious	The PE is possibly a dropper.	`Resources amount for 93.0118% of the executable.`
Safe	VirusTotal score: 0/72 (Scanned on 2026-03-22 20:12:01)	`All the AVs think this file is safe.`

Hashes

MD5	`530b83675472698a87777011edcb6844`
SHA1	`cc269f159bf776d1661e058e6974481cb2cb2702`
SHA256	`91c69e3894e5c43072f173cc76ca2d8e0fe8434e93374ea44ada81ee24a3aaa0`
SHA3	`98aa2bd108b9def94826d75278d045fcd1c0a3477224fc4d4301c74b80d0493c`
SSDeep	`6144:H4fh1jRsbWK4Bh1UB4wns4lDrwluUF2MJDs3Cd:Yfh1lmWKs2uwns4lDrgR2R`
Imports Hash	`a9563ca2ee659a9314820bead4ec962b`

DOS Header

e_magic	`MZ`
e_cblp	`0x78`
e_cp	`0x1`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0`
e_ss	`0`
e_sp	`0`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x78`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2024-Nov-16 01:43:08
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x1e00`
SizeOfInitializedData	`0x17600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001140 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x3e000`
SizeOfHeaders	`0x400`
Checksum	`0x471d4`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`612f13b1a20949bba1c805c638495c00`
SHA1	`8e74a79958acf6488fe615dee4173a4b96e39fae`
SHA256	`4ab9a6254f73f4956601a46361357f0ad92d238a43ae6f8eab200fa5047c1415`
SHA3	`1e7a84cf73f8503dee0f05389252d65ec5d8e1cb349fe970a29a24a6db3def5a`
VirtualSize	`0x1c86`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.77527`

.rdata

MD5	`dcb7faae7abc7c1dfadac4c2855067fa`
SHA1	`cae7ca686a9024d78f8289ce8674185151ec9550`
SHA256	`38d9791ed6ef45149712782f4a0ccfb42f23c02b3a4492ca7f03e53b9cbdecdc`
SHA3	`7f6f0f51025e8dd9feeb07420ea2050bd7396785845219b11465ff5de10d62bc`
VirtualSize	`0x114c`
VirtualAddress	`0x3000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x2200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.35065`

.buildid

MD5	`300323f2a8b91e35b132a987d93f08de`
SHA1	`8edb185d97c0ed85be01c01a2b35e7ef891631c1`
SHA256	`4a0e75054014f62871bb1cf2e083d6f8129264084f3a4731f341b13d9f0f2c7a`
SHA3	`70a26e4ad9baa4090fb0991977f9095db43a9c6227c1f5835c323c99f74e173f`
VirtualSize	`0x35`
VirtualAddress	`0x5000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.600755`

.data

MD5	`d36e8e0be902e9d81289ba090cc311e5`
SHA1	`6d2c8cf042080bc1196e5565f5b2aa7854c74458`
SHA256	`a028f657d3a4672e79bfecb170e886116cbd0b06e428d842c91c20f05784ec66`
SHA3	`eb6eebff34b04427a10388b0c0285cbd5904f812b78d60a49dbd74bd6afa4325`
VirtualSize	`0x1bc`
VirtualAddress	`0x6000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.42505`

.pdata

MD5	`96b91119ce3f4f34345e33b607b00a4d`
SHA1	`47f375ecbcc5dee11fcadc69f4f66feaa2812e65`
SHA256	`6b6d61042d983cc28576e611fed69c351522e7188a7fe4ad6b870276bff8351d`
SHA3	`f839da7b9cf99a56b06fe69b6fc83d09a617654109243f8a352898a60c299d0c`
VirtualSize	`0x18c`
VirtualAddress	`0x7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.12203`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x10`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`122b8fc76b9f6c614ecf8f2c2b5db2ef`
SHA1	`c9b330d57b2df5aae68dc4c7f53a20091c302946`
SHA256	`88615f36acbc2c03c194d82fe52aca359d16be126c6cfe2481af167b2fc57aef`
SHA3	`2206e9b5855c9b67f6218d18572dc0a8bec0f2262b7c57c47e9547b08d43d33b`
VirtualSize	`0x34560`
VirtualAddress	`0x9000`
SizeOfRawData	`0x34600`
PointerToRawData	`0x3c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.1406`

Imports

api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `calloc` `free` `malloc`
api-ms-win-crt-private-l1-1-0.dll	`__C_specific_handler` `memcpy`
api-ms-win-crt-runtime-l1-1-0.dll	`__p___argc` `__p___argv` `__p___wargv` `__p__wcmdln` `_cexit` `_configure_narrow_argv` `_configure_wide_argv` `_crt_at_quick_exit` `_crt_atexit` `_initialize_narrow_environment` `_initialize_wide_environment` `_initterm` `_set_app_type` `_set_invalid_parameter_handler` `abort` `exit` `signal`
api-ms-win-crt-stdio-l1-1-0.dll	`__acrt_iob_func` `__p__commode` `__p__fmode` `__stdio_common_vfprintf` `__stdio_common_vfwprintf` `__stdio_common_vswprintf` `fwrite`
api-ms-win-crt-string-l1-1-0.dll	`_wcsdup` `memset` `strlen` `strncmp` `wcslen`
USER32.dll	`MessageBoxW`
KERNEL32.dll	`DeleteCriticalSection` `EnterCriticalSection` `GetLastError` `GetProcAddress` `GetStartupInfoW` `InitializeCriticalSection` `LeaveCriticalSection` `LoadLibraryW` `SetDllDirectoryW` `SetUnhandledExceptionFilter` `Sleep` `TlsGetValue` `VerSetConditionMask` `VerifyVersionInfoW` `VirtualProtect` `VirtualQuery`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-environment-l1-1-0.dll	`__p__environ` `__p__wenviron`
api-ms-win-crt-time-l1-1-0.dll	`__daylight` `__timezone` `__tzname` `_tzset`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.7069`
MD5	`0eaac43a5745f135345ce94c4438ad60`
SHA1	`cade7121e5ad8707868fb3013cb318dafaebc9f5`
SHA256	`b9abe074ec0f60c337571850fc1ae609ed9873fa74ffa35434826a0055271b5e`
SHA3	`599864c91e0f3ff24dfe9313b11ac927e4fbefcb6cc652c8977095837dd550a8`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.50013`
MD5	`b298870b55ca62eeb0f23a05f2a38206`
SHA1	`12ff7071ff67721f2cf0f6b8a89310641b4117e5`
SHA256	`bd8bcc0643077f73310961f5edf635114587498892df7abba369ab9c0c571bc8`
SHA3	`a7ad74a1c87a2d6702726b0abddc27df26e83902f1251da28e4e70443ab07473`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.23474`
MD5	`f39eec20c6858fb36ae7c631d40035f3`
SHA1	`a8b2a17e2899055d5ca3962d289f8ad1dcadeb29`
SHA256	`da163a0594f13bcb7157209dce93d6e19f2d1e0fd88735ca1f9ec58349e93a5c`
SHA3	`afa97b84951beab35e0529ec04141bc0cb51eea56ba205e15e45c94f74babbae`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.93529`
MD5	`be3dd2eb090c5dfac0033d1d212d7fcb`
SHA1	`996f73af21e67ebc31ab8c230e4f10c166516433`
SHA256	`939c2d41d921b232bc27969e299265d9987012c2cb9ab6b19e1a6e5edd63b9fd`
SHA3	`13f098150fa675eb9744ef5bac86082a55e446fd2fbfbfdb909308b3f3c7a3cc`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.86863`
MD5	`eacd0713a20391c7b7534caaf28c16d6`
SHA1	`0816b8886c6d6f50bf0b7d452a0222ef9dd52326`
SHA256	`0e3af1f1ae527efb0193f751e3bbb904ac6e7ad6cdb379683fffe4f344a705d4`
SHA3	`7459660c98165d8dbb9b9a4911662cf156e6302ac1d7e3e29df36051e8660c6c`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.80354`
MD5	`10916af7dc0d4bb8763840ecbce9ae9e`
SHA1	`bfd6d76753bd18a005741a785fb4f7447eee3e32`
SHA256	`00f6ce62fadb3adb18c087831396027da5d7752e24dd4628f918a2ba42ffc4a4`
SHA3	`db0108c07c5ccb956de666fbde9cc6de6a07a31097c7a3542347f17f5bd0fc14`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.75961`
MD5	`bc0a9155977482a107202d511c86f5a0`
SHA1	`9ddf39ed9a515c5c5d52c5cc89f352faf40b0b6b`
SHA256	`83ab0275e3451cd084438615f4cbd15a8813f01e03b38904ae40c63e9b42ae80`
SHA3	`3a944feff6370ec45382828ae153884f9ff820ed81ea5b4e30f06843bc11935d`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.6958`
MD5	`b2febe7412c15ec30506b0702690d154`
SHA1	`8ece9a5989c46c853b89bf938bc307055160d4a6`
SHA256	`6dd815fe1501754b802076c7b8fadbb60637480a79ebc678e0c9f993fdfa7d3e`
SHA3	`8b26ef6dc2ec42e66a68f4dd0ddf8f6e7c8fe4d320df13d07b0b7b3f52f98201`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xcafb`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98464`
Detected Filetype	PNG graphic file
MD5	`28036e73e16ae7d42a71eb583cb302a1`
SHA1	`c5752c2423eb9714f278d2503ef42c6160ed98fd`
SHA256	`d229494146afead8d3d33f57f8340e9a7da4ce401213cb25555c110c443c83e7`
SHA3	`17eee7a07eab75379faaf91126efe40da4c599b555bb36efa95c805976dbda4f`

1 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.03466`
Detected Filetype	Icon file
MD5	`651584fe8ac262c317655b772513a208`
SHA1	`192ba2a859e65e122654d6a858e1baa7b77f8101`
SHA256	`15fa5e4dfe2c348c2e7fe3d9bd67dc2a6d901752a21094dc72a74856f4efb62f`
SHA3	`e06347b47dc6b7dfe0cdee51fd2a7d522a38baf9a3c2aae0bd49d64bc9eaea6e`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2024-Nov-16 01:43:08
Version	`0.0`
SizeofData	`25`
AddressOfRawData	`0x501c`
PointerToRawData	`0x341c`

TLS Callbacks

StartAddressOfRawData	`0x140008000`
EndAddressOfRawData	`0x140008008`
AddressOfIndex	`0x140006128`
AddressOfCallbacks	`0x140003530`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`0x0000000140001780` `0x0000000140001800`

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.