Manalyze report for 9279996ff4464241abc83ac6adec7900

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Mar-13 02:40:18
Detected languages	English - United States

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA256` `Uses known Mersenne Twister constants`
Suspicious	The PE is packed with UPX	`Unusual section name found: UPX0` `Section UPX0 is both writable and executable.` `Unusual section name found: UPX1` `Section UPX1 is both writable and executable.`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Can access the registry: RegCloseKey` `Has Internet access capabilities: WinHttpOpen`
Info	The PE's resources present abnormal characteristics.	`Resource 10 is possibly compressed or encrypted.` `Resource 11 is possibly compressed or encrypted.` `Resource 12 is possibly compressed or encrypted.` `Resource 13 is possibly compressed or encrypted.` `Resource 14 is possibly compressed or encrypted.` `Resource 15 is possibly compressed or encrypted.` `Resource 16 is possibly compressed or encrypted.` `Resource 17 is possibly compressed or encrypted.` `Resource 18 is possibly compressed or encrypted.` `Resource 103 is possibly compressed or encrypted.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`9279996ff4464241abc83ac6adec7900`
SHA1	`64868f1d854301c89b1cb7749e9abbd8b43f6bae`
SHA256	`1be2b7d4c13cd653530f728b8b310a04092914fca8f5e6a566cc361b8d1cc223`
SHA3	`4d9dce8aa55a76af99136e627a8ef41767f5f89cb0e3ef010e9b0d197fa10c5e`
SSDeep	`98304:EKEnq9aVCC8vNjMEoILXUhuUNi1GR/53s6Omj7Jz4F:EK/JvNQckhNrOYz`
Imports Hash	`37abb6f441e46d16571777af5b64c252`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x120`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`3`
TimeDateStamp	2025-Mar-13 02:40:18
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x2e1000`
SizeOfInitializedData	`0x35000`
SizeOfUninitializedData	`0x105000`
AddressOfEntryPoint	`0x00000000003E5C60 (Section: UPX1)`
BaseOfCode	`0x106000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x41c000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

UPX0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x105000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

UPX1

MD5	`5de8c0812315f6064388eb509621d5d4`
SHA1	`9ddf685d4e8661345d14f84519c942eae9117af1`
SHA256	`b2a39020fe331607016db186974c5127c063b4c8b9a9dbb29594e8db340b2b0f`
SHA3	`c450378f86e5e405b21965ba49848a2621976c40c1393868e716aa676e432ea3`
VirtualSize	`0x2e1000`
VirtualAddress	`0x106000`
SizeOfRawData	`0x2e0200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.85661`

.rsrc

MD5	`7687b30f8cb16ba77584eb6e1922cc48`
SHA1	`b2f71fbbcec33bc2d8f186b3503672400afad540`
SHA256	`b41f9365bc26f28a173e1908cc8474a92676c4376db5ba30153a5739c2d4d41a`
SHA3	`4b81ca8703af8cb4fb199add2e6d2e63782765d3e95234cd7b3fc78954e274ba`
VirtualSize	`0x35000`
VirtualAddress	`0x3e7000`
SizeOfRawData	`0x35000`
PointerToRawData	`0x2e0600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.40351`

Imports

ADVAPI32.dll	`RegCloseKey`
d3d11.dll	`D3D11CreateDeviceAndSwapChain`
D3DCOMPILER_43.dll	`D3DCompile`
d3dx11_43.dll	`D3DX11CreateShaderResourceViewFromMemory`
GDI32.dll	`GetDeviceCaps`
IMM32.dll	`ImmGetContext`
KERNEL32.DLL	`LoadLibraryA` `ExitProcess` `GetProcAddress` `VirtualProtect`
USER32.dll	`GetDC`
WINHTTP.dll	`WinHttpOpen`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.06358`
MD5	`a2ca05e6237618825ded91eca2c87106`
SHA1	`a1cd6cee3ee519368448bcd8b361192686a44f5b`
SHA256	`b9ccb29477abd7c182ac7bcd6a9ba070fa4b0f1fa74eda6e13dd8595316e050e`
SHA3	`36de07cf863945b2232e3b541bf107c14e80b0216d516863ec7dcd935f4818ea`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.68495`
MD5	`f2fb0cb4034dc4fa3c29ea13405d43fd`
SHA1	`ab599aafcdb692a62ba812cdddc30e03d50249ca`
SHA256	`5f405d1dea6dcd73d04a83ec753929dddcef8fb76f3a69f37d77a2f1b2bfe942`
SHA3	`a88c896cb390f78cd8417bfd2adb5ec4292ebb8ab9a0a34dff88fb938070c8d6`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.27566`
MD5	`7ca946e5ab9ef1133a2150214e803ae7`
SHA1	`b83da8d1e589137a84112d780d056c80d6114afa`
SHA256	`ab4234218cda6f28450c1119046875d7d0c5c53fbd10ad2438c729d8522d721e`
SHA3	`984d2d73950504813c31c97056096995eb37837a125750a02752960661f84271`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.63436`
MD5	`9043c546390378b792afdc2084cdf0ee`
SHA1	`723baec0c4df3890f91bb1e2ec45e33dcd6fca26`
SHA256	`c1b829d4e5d3f4f92b1b45c6c805b313fe6db490c2f0d10e083dc0aa9e1a2879`
SHA3	`c7cacef2f8bf122fc30301d8244f5f49aee63b054bc9d760afbc3dd7a56c032a`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.37364`
MD5	`00e99dcc94924034fa6dbaf49049c818`
SHA1	`71afb46cb56a4cb8b58c755addc1c2edd6c41470`
SHA256	`5415528f3ae606bfbacb9188eb2a943d8d96978f05d8ac098a2996261ee1488f`
SHA3	`cd155f5775d3cef0a77894b59583cf741dc6f48d66e43130bf2d8725d985f57f`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.21053`
MD5	`0056fc09e893bb31380db2e96d8d6a88`
SHA1	`177621e55f44f73fba94ee0df6679956c4ea560e`
SHA256	`b73f6ff18036525e6653cd0bdfd4b84adfac0d4b40262fb16b5e526fb54470fa`
SHA3	`bc89b4f3859e9aaf4c48542cb3b266060f2a99778003901928f32272d0242c3a`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.03658`
MD5	`920eb17fb45ab317ac1ece4a17cc76aa`
SHA1	`b875b745371117ec7ffd806b553832b2d94e2b9a`
SHA256	`a3f55b92a6165c58c2d365d54e5a44a9610cd6197be49cd45af3e4725955d830`
SHA3	`870c3ea8b7cca263d7bccf8359e5738f9df50a362a702cf63de4ac10367e5362`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.85689`
MD5	`4e711f572af2fc961c67c49e7a5ef9c2`
SHA1	`f9df7dba8c543ba6ea9612cf6033e69d6ffc0905`
SHA256	`51dbea2ee2fa75fd6189597aee8ff067e8823463a8e7d56ca9af0cd2da8ac4ea`
SHA3	`ea80014d76840b5ba91be94cc54f5075bb900d6763fff761d6066e2b24a47e24`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xcd75`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98745`
Detected Filetype	PNG graphic file
MD5	`76dd3658acb7c77ea44a828002f31939`
SHA1	`d4cd34784771e016ff6b57ebe0be406a84a6281c`
SHA256	`d12703443c713c73e352dad667d956210404f37a1909939b5e8537f0bed54af8`
SHA3	`7ce66e4b7f97f3734f2a625be141fbe2a91f64a4ce1a123911748e601cd03bb4`

10

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.43991`
MD5	`e84385f9ee79f8aee49a18a782983300`
SHA1	`e4493cbde3ad680a164f0b20b04ae48b4251a4cc`
SHA256	`99a9b8eb6add262f7dcd8b00cbeb9f249ced507d7fc1cbca517015c72db36a39`
SHA3	`7bdf19bc821a291885a37869b8ea40897f6bf54bfe68ddd6acb6e0d2000eaec6`

11

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.63774`
MD5	`b4a05f0248304ca7c3c9803f5ab1c022`
SHA1	`21faaad85d2f682c33d474ac650905fe6f85b62d`
SHA256	`34560abc0ab3e6b0ba03ed0e80a6ee8f72f3b145690a3cee7e6eb847cff9724e`
SHA3	`3fc0ac189f5c05f59af6ad08b2fd93d02a8005bb744738242e0899732565a4d8`

12

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.75826`
MD5	`b39f8e47180ded82a55a14be708e15e2`
SHA1	`c175479176f1b303964da559c5232578ab32e440`
SHA256	`47f9deb7d79913d93c2c7c521d0e7f5261a72db3325851524cddcc226f119108`
SHA3	`0b705221c0f2777d5ef9f9022634451c6872feae33c629222705040720c1258a`

13

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.82759`
MD5	`0828c1f2a2979e639eb8a37894c33507`
SHA1	`58aed7decb3bbe09a4ead8a11ccd12385a8bf245`
SHA256	`90cae3812fdb147a9a256546573654995f38223adf6621fdd6d8e546bc70844a`
SHA3	`6f0d61e471567aeeebd6ca6bd5cb6206c924a8bf0935b57b83e71070d7538c2d`

14

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.8305`
MD5	`7571bcf03a9bcd1fecd7d699c62c985e`
SHA1	`102f7cb899ffd6032d8962e3534d3873025c1ee7`
SHA256	`e636397c86d75d1302ba0dde2afc96738d259023fd5ed5805ae33dd34fdcd8ac`
SHA3	`9dde508f982ca0480138659ea37faeeb90144d7ef0f1182e67dbc4bb298978a4`

15

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.87267`
MD5	`a4ec1ae15250ef12484c64064ac0b68d`
SHA1	`9d0f1da81db46bd84dcfeaf7d7d8940cdc57bcba`
SHA256	`f2681f3ae76c455c2f54aa79908ad7cbaed7128875ca6518de645b64cf5b4fc2`
SHA3	`a66819828d5e3f1050d3bf5802c31eb90b1da50963783f3ce6b980aa51eda98e`

16

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.86299`
MD5	`25a31130a64eed50e059bd84b33017d1`
SHA1	`a9dabee78e89a2edbc3878fde338b7119585398d`
SHA256	`d03ed280e415b2d3a08e5f2f1040659f58e9de1bc0f8d4cb4f2ff685f51a940a`
SHA3	`856a06796e2e34cff2f8d5ae11c0e13300c55b69640cdf31770b2708821289e0`

17

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.81832`
MD5	`1d985369ba51920d92853d48845c368b`
SHA1	`c4ff1e8e8d732f7beba27d30ec10890b826dae06`
SHA256	`3e73a723f2573ef412b28e982a36eb4d2708396496c5e825fd49631b7fde03e7`
SHA3	`d4f26dfefac10c2a63fd9ad101457965bdf1c300f33b1b84e084adedaa7522f2`

18

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xcd75`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.82851`
MD5	`3e08c2b64bae2577a538a62378454e0f`
SHA1	`a5815f62f8e776e5d6a4628b68039d5093e6eabc`
SHA256	`273e9bd860a173bf14c80012b444ff7616e6bddc251adba3e22a8b096cbae22a`
SHA3	`6511167e9a16a859a0e1a51c2ed3813887da2666f43d1f480ca6c37dee37d86b`

109

Type	`RT_MENU`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.60993`
MD5	`80af347b5088fd61a83eb289d3b5fc78`
SHA1	`4f9062cab241fb06608ba803ec5a1de409827128`
SHA256	`946ada249e8e1936b9e099f993783354b2fa06b5186c940a7995fe0eb875627a`
SHA3	`5b46f4a405a5e664a73f020c3b5a099bd0dd815bacf53c19e2566dae4e0eb425`

103

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x144`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.15166`
MD5	`daf6c85a161a5e742a26db1566f789a1`
SHA1	`ad2e3478b5452618975e310c0cf0c5d544df8ee1`
SHA256	`1309a426ab383804a75846cf42634c1990c2109f60fdac381c5e771c8e2a28a0`
SHA3	`974fd7ab2898c2961d30da40ac7c1e7b46eb80db330c6b539934b4cacdf0a1bb`

7 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.60906`
MD5	`0915a0a7078d30111f957c50fad6be61`
SHA1	`09c86d0baecf7e53faab39003c6412f61a088dc2`
SHA256	`23e3f170980134c7842f37cf07ce2339b3acaf1ee035f02eaeac4157f5f9ca17`
SHA3	`aa2d27f4e87ca28a62ce1023860856cf4e6dc1e3805dd9f66c7053ffc09cde37`

109 (#2)

Type	`RT_ACCELERATOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.875`
MD5	`bca419b17bbeeb942754b71f79256256`
SHA1	`ec9f008ecbc90f00d7b019f809fc954364cb5fdf`
SHA256	`436cfa6d5cfec80b5ae2590c17bef7ab0e87d1bd211e0f9371fbdd9b7444843d`
SHA3	`814060de828429c92784c535bf669e32537541cdcaf678b6215cc5b0c092f501`

107

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.03466`
Detected Filetype	Icon file
MD5	`8279ecf0581daa157c2d64b91e3f9aa4`
SHA1	`5e88084834df306e26484c53a365580cd668c874`
SHA256	`0d6b9a43345e0b9d80a90d1701042daeed73525a0cf119ed87964e82df975980`
SHA3	`15a87a817857c5bb135b3c339ed1180567c8a4c15961d42645f8604024ae47de`

108

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.35285`
MD5	`2deee835121b77ecfa0e53ebc3b24942`
SHA1	`03ef12324e8088e1face5068487620f0e70e3b7e`
SHA256	`0b17cb80f05a1af5c13d6bd1356c49a1a0ef615f50d3b62f4b85096ce456806f`
SHA3	`1d2d2b867bcdedb0ed6400ed49b892f9381dd0dee27381980fb35bce97ad4e48`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

Version Info

TLS Callbacks

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1403657d8`

RICH Header

XOR Key	`0x3b02b1f8`
Unmarked objects	`0`
C objects (27412)	`26`
ASM objects (27412)	`23`
C++ objects (27412)	`187`
C++ objects (30034)	`92`
C objects (30034)	`17`
ASM objects (30034)	`10`
Imports (27412)	`16`
C++ objects (VS 2015/2017/2019 runtime 29913)	`37`
ASM objects (VS 2015/2017/2019 runtime 29913)	`1`
Imports (21202)	`7`
Total imports	`239`
C objects (30157)	`2`
C++ objects (30157)	`15`
Resource objects (30157)	`1`
151	`1`
Linker (30157)	`1`

Errors

[!] Error: Could not reach the TLS callback table.
[*] Warning: Section UPX0 has a size of 0!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Resource 108 is empty!