Manalyze report for 92c355c50a9fe2916c4ca02d9ced13714069e4efe2448cfe26affac213654d31

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Sep-25 21:56:47
Detected languages	English - United States
FileDescription	Harmless Asset Manager
FileVersion	`3.2.0`
LegalCopyright	Â© 2026 Harmless Creations
ProductName	Harmless Asset Manager
ProductVersion	`3.2.0`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: http://nsis.sf.net http://nsis.sf.net/NSIS_Error nsis.sf.net`
Suspicious	The PE is an NSIS installer	`Unusual section name found: .ndata`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Can access the registry: RegCreateKeyExW RegEnumKeyW RegQueryValueExW RegSetValueExW RegCloseKey RegDeleteValueW RegDeleteKeyW RegOpenKeyExW RegEnumValueW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: GetTempPathW CreateFileW` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Changes object ACLs: SetFileSecurityW` `Can shut the system down or lock the screen: ExitWindowsEx`
Suspicious	The file contains overlay data.	`3494906 bytes of data starting at offset 0x22000.` `The overlay data has an entropy of 7.99994 and is possibly compressed or encrypted.` `Overlay data amounts for 96.1679% of the executable.`
Suspicious	VirusTotal score: 1/71 (Scanned on 2026-04-08 01:33:09)	`APEX: Malicious`

Hashes

MD5	`ca30f24a0bc61cd2ed95389f69687b72`
SHA1	`abc8f3af64cba412dac56c39db60dd0cd16fddee`
SHA256	`92c355c50a9fe2916c4ca02d9ced13714069e4efe2448cfe26affac213654d31`
SHA3	`0347491f71ceed629bd635c2888c53766c2b210bf7fff85b04e1aef431e8d502`
SSDeep	`98304:imZeD0mTzYqOYMoEuHtqGAwc/bNz0GNVHAF6ZOujip:im5mnYBuE0tqG5gbF0Gv3c`
Imports Hash	`61259b55b8912888e90f516ca08dc514`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2021-Sep-25 21:56:47
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x6800`
SizeOfInitializedData	`0x22a00`
SizeOfUninitializedData	`0x800`
AddressOfEntryPoint	`0x00003640 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x8000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`6.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x73000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`6f5abe9eeda26ee84b3c1ed1a6c82001`
SHA1	`55517dc6ad93689679677d152abfdd1ce20f1135`
SHA256	`6683c31450d22725f8046313577f87ed284052143421d41ca971ebf03a732b4a`
SHA3	`0166ffe9450ef9b8cd85513de36173358cc6d06134a32f515f12aa858073020f`
VirtualSize	`0x6676`
VirtualAddress	`0x1000`
SizeOfRawData	`0x6800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.41746`

.rdata

MD5	`8c5edfd8ff9cc0135e197611be38ca18`
SHA1	`dc4f14d019cad6646b38852dfb7370532acafebc`
SHA256	`95df72950424a97746c83c619f9aa736879b408a87751927b5d41994e8183a9c`
SHA3	`b74f8f6ea5fb7e429da44419f9d163743fd38ce97f3b9819fb2397744d42dad2`
VirtualSize	`0x139a`
VirtualAddress	`0x8000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x6c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.14107`

.data

MD5	`4b2421975c21b032f7ea000f5e7f9fbf`
SHA1	`f45486287d474fdcafc99c24e37c4eb61bf613b3`
SHA256	`f05daf3c91cc357d04794a740f21eaaeb870f250877e3a6dc498c5c3046cb414`
SHA3	`03ddd58bddd9af320b79e443521aae041b4098e328b842349f29c2bda6bdb122`
VirtualSize	`0x20378`
VirtualAddress	`0xa000`
SizeOfRawData	`0x600`
PointerToRawData	`0x8000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.11058`

.ndata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x2e000`
VirtualAddress	`0x2b000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rsrc

MD5	`dedb4df8f9716775780e6fa53f0ab0b4`
SHA1	`af09f368b2a758ddad18728a3d1273bd97450e42`
SHA256	`ad135b5f790d8d2023ef4ed33cb02ccb902d22447f5875dfa999e7959b297464`
SHA3	`bee13eeb1e53776ecf4582894c2d6e7e93c32e243139ad571e1396801f57d9ae`
VirtualSize	`0x19888`
VirtualAddress	`0x59000`
SizeOfRawData	`0x19a00`
PointerToRawData	`0x8600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.93491`

Imports

ADVAPI32.dll	`RegCreateKeyExW` `RegEnumKeyW` `RegQueryValueExW` `RegSetValueExW` `RegCloseKey` `RegDeleteValueW` `RegDeleteKeyW` `AdjustTokenPrivileges` `LookupPrivilegeValueW` `OpenProcessToken` `SetFileSecurityW` `RegOpenKeyExW` `RegEnumValueW`
SHELL32.dll	`SHGetSpecialFolderLocation` `SHFileOperationW` `SHBrowseForFolderW` `SHGetPathFromIDListW` `ShellExecuteExW` `SHGetFileInfoW`
ole32.dll	`OleInitialize` `OleUninitialize` `CoCreateInstance` `IIDFromString` `CoTaskMemFree`
COMCTL32.dll	`#17` `ImageList_Create` `ImageList_Destroy` `ImageList_AddMasked`
USER32.dll	`GetClientRect` `EndPaint` `DrawTextW` `IsWindowEnabled` `DispatchMessageW` `wsprintfA` `CharNextA` `CharPrevW` `MessageBoxIndirectW` `GetDlgItemTextW` `SetDlgItemTextW` `GetSystemMetrics` `FillRect` `AppendMenuW` `TrackPopupMenu` `OpenClipboard` `SetClipboardData` `CloseClipboard` `IsWindowVisible` `CallWindowProcW` `GetMessagePos` `CheckDlgButton` `LoadCursorW` `SetCursor` `GetSysColor` `SetWindowPos` `GetWindowLongW` `PeekMessageW` `SetClassLongW` `GetSystemMenu` `EnableMenuItem` `GetWindowRect` `ScreenToClient` `EndDialog` `RegisterClassW` `SystemParametersInfoW` `CreateWindowExW` `GetClassInfoW` `DialogBoxParamW` `CharNextW` `ExitWindowsEx` `DestroyWindow` `CreateDialogParamW` `SetTimer` `SetWindowTextW` `PostQuitMessage` `SetForegroundWindow` `ShowWindow` `wsprintfW` `SendMessageTimeoutW` `FindWindowExW` `IsWindow` `GetDlgItem` `SetWindowLongW` `LoadImageW` `GetDC` `ReleaseDC` `EnableWindow` `InvalidateRect` `SendMessageW` `DefWindowProcW` `BeginPaint` `EmptyClipboard` `CreatePopupMenu`
GDI32.dll	`SetBkMode` `SetBkColor` `GetDeviceCaps` `CreateFontIndirectW` `CreateBrushIndirect` `DeleteObject` `SetTextColor` `SelectObject`
KERNEL32.dll	`GetExitCodeProcess` `WaitForSingleObject` `GetModuleHandleA` `GetProcAddress` `GetSystemDirectoryW` `lstrcatW` `Sleep` `lstrcpyA` `WriteFile` `GetTempFileNameW` `lstrcmpiA` `RemoveDirectoryW` `CreateProcessW` `CreateDirectoryW` `GetLastError` `CreateThread` `GlobalLock` `GlobalUnlock` `GetDiskFreeSpaceW` `WideCharToMultiByte` `lstrcpynW` `lstrlenW` `SetErrorMode` `GetVersionExW` `GetCommandLineW` `GetTempPathW` `GetWindowsDirectoryW` `SetEnvironmentVariableW` `CopyFileW` `ExitProcess` `GetCurrentProcess` `GetModuleFileNameW` `GetFileSize` `CreateFileW` `GetTickCount` `MulDiv` `SetFileAttributesW` `GetFileAttributesW` `SetCurrentDirectoryW` `MoveFileW` `GetFullPathNameW` `GetShortPathNameW` `SearchPathW` `CompareFileTime` `SetFileTime` `CloseHandle` `lstrcmpiW` `lstrcmpW` `ExpandEnvironmentStringsW` `GlobalFree` `GlobalAlloc` `GetModuleHandleW` `LoadLibraryExW` `MoveFileExW` `FreeLibrary` `WritePrivateProfileStringW` `GetPrivateProfileStringW` `lstrlenA` `MultiByteToWideChar` `ReadFile` `SetFilePointer` `FindClose` `FindNextFileW` `FindFirstFileW` `DeleteFileW`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1348e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99527`
Detected Filetype	PNG graphic file
MD5	`d85411fc7753790011575be309cbadea`
SHA1	`41c958edcf5631040a86cfc0c097d2a7c3088c93`
SHA256	`347c3bdfa98fc1fc79391ae80ad08e356295a65533800f43faa7eb0eb4513eb1`
SHA3	`ff2237f56093af87a5dfa74ef848efe4d9b5fd838f1ee549234fb34c04ae32ff`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x23d6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.87085`
Detected Filetype	PNG graphic file
MD5	`c197b694b3e9f67af141c0b3f90e362d`
SHA1	`73bfc2ef6270fc4a6d2de1b419b57f4297167810`
SHA256	`39c47308a097811bea8e25a5815a3e1e40cdac4c11a35469e1adbba947af7a3f`
SHA3	`f0acaae022bf301f1f69393e501755d91e5d55dd3f729d74b1f3486ca789dcfa`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x167f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.86109`
Detected Filetype	PNG graphic file
MD5	`a9d3a41acfe8f85c3c012ca39337682e`
SHA1	`1aad57054cae2f0266c2c4ffb778e8fb9557a0cf`
SHA256	`7ec293795b43e0163b481e4234eca0e113e3eef5472d52fab0871cddfa4ba79f`
SHA3	`56fa57d02c7d1dca5251ef975f1c52c8a496971c7fe903fdfafc5ad2e6796c0e`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xbfe`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.85284`
Detected Filetype	PNG graphic file
MD5	`abc829f962e7f7c26978684643ab66cb`
SHA1	`35dd399c59772e81f8ecf3310cf635c88aff4a50`
SHA256	`daaead2292f9c8d92d024750f661794e4f335827c67e5222bcfe0a9b1c509fc6`
SHA3	`fbb260cb96be0ea4620791566c9b555d159b3fa519ed5b6dfdb2286244e08f4f`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x78d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.77963`
Detected Filetype	PNG graphic file
MD5	`2728abfa56732623f99edc85cc3b223a`
SHA1	`d1efd7f2b04eaf8e886aa236d775f50a69665f71`
SHA256	`3b12f6510adbb6462e2885f4f414e325464eecd8c7286dfd39d5a2983ece51bc`
SHA3	`52948746319ee930bf38e2fd15421bad538febe064c86d3000377ed0bd9183d1`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3fe`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.64452`
Detected Filetype	PNG graphic file
MD5	`e92a0d0c37ac1d76ce5fbde44838e86c`
SHA1	`fcb16393a4f1004be7f533e4989a5c484d0e198b`
SHA256	`9bf901d293a81f53991598d0f85e68355b05696ffc60feec0a19e753406d385c`
SHA3	`cbc7472ec6cb2ef2f7741994d79e6a0b240bded90ff008a6e2abbf35417195e5`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`982079681d7ad12766abc44f06946f3e`
SHA1	`50f73ed0787bf5911bb907e487efbc84a9714e48`
SHA256	`250f52cb2d6f1966a29f6ac771fa1cd185b8f8531396c8a4026c0fe635617e0c`
SHA3	`b8805d45012d79cfa8bb45e23c9b4a4421cd91538d569e58437efa0f545cf4d4`

103

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x120`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.56193`
MD5	`db6dd0434da4d7cac564518725167e09`
SHA1	`a65a1367d7cd96450f089a8f8108239bbcea9f5b`
SHA256	`c50631fc1f8425a95fd1edcc8e730d339e193a38f18d42372c32847a5ad2c016`
SHA3	`4e3be5455c51e1cb04836e318cb69ecdffd2deadd0f338d4bc985d8f5ca653ff`

105

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x200`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.67385`
MD5	`d1a92272fbd597e1aa19021483110d5a`
SHA1	`9f75072682b37c6c52361d8c988ebd06dd003f63`
SHA256	`15663576584c947d634dab9848defcc7d8f05eb0b7e7c6d52d81eca695fc7a6e`
SHA3	`704756797695ae34f6fae500852bca70e5066a1d1993348fe40ccf626235d0d6`

106

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xf8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.91148`
MD5	`fa83652660409e90e0db9731ad2adb17`
SHA1	`0a8f0af67723c87fe26ccf676b8e19ec6357b4dc`
SHA256	`4a55bd714f5d50cd8eabba10e57f0618f1842717dcfa582d73a917b1933cd1d4`
SHA3	`5b3e1cb25be7a2dbae4f08f0d4794ed23dbd6ea37a3f9702be12dba588f42a7b`

107

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.52183`
MD5	`6ffba239dcfcab2080195f23947b70aa`
SHA1	`bcda1ca8ee9bb9878bde83aa06c670bb5a4d5843`
SHA256	`a7e5ea849cb343e9b58de221aeb25c9dd4a3748070bfba879a30c4265fc39023`
SHA3	`a75544b4c3fcbcb32fe4e02d1a631e045b2e58516aa1065bb96cce681aea7030`

111

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xee`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.92767`
MD5	`1db3e4c32b9560257ddf3506fef9dd3f`
SHA1	`6666e0c8336456cfacec71d84415c6516e9e2673`
SHA256	`587a03198c39f990e77691056bb5705e21374281862ce06de94c68172f50f763`
SHA3	`30ca0affc3f1d2ef8b37f2103db7581caaf88548823fb3ae1d308fae9738dab4`

103 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.38137`
Detected Filetype	Icon file
MD5	`35510b7fbb32405c01ba7dcde1fb349d`
SHA1	`63d5d139b4c8c64bfd9ec2d3cbd3ab34d214cbe1`
SHA256	`a5c754335f920ce94dd0f637588a45e23f5c09655a6e372c61e1077a5a44753d`
SHA3	`fcbf193be572fd95538604cc0af4df395cc5c6ba5e9e4bbe4b5e217fb749d813`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x238`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.26191`
MD5	`b114ab92e5e1a9796216b412ba2fc597`
SHA1	`723a0af54b93a6202debaa3916afac7b314546da`
SHA256	`cda5718e863ae00ef94f84f7cde4abb063f6948d5b965641f062bcfecaffd178`
SHA3	`331e89d9644ab39fc109cc1e168ba967208bd5790096affc860a1db131328e00`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x548`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.28651`
MD5	`74bd1c9761bde4540e0ce44a22adc8d9`
SHA1	`3887d7d5641fa941e4a7045496a6b67d45ddda7b`
SHA256	`5fe6e1123b916d49e917b7b90ba08196b2eaf5919b6b54ca2287a47070a49d63`
SHA3	`04345f5c159bd835d0f660688bc78b3cdd1695e1dc6555b44cc684a29af0dc20`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0`
FileVersion	3.2.0.0
ProductVersion	3.2.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
FileDescription	Harmless Asset Manager
FileVersion (#2)	3.2.0
LegalCopyright	Â© 2026 Harmless Creations
ProductName	Harmless Asset Manager
ProductVersion (#2)	3.2.0

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xd26650e9`
Unmarked objects	`0`
C objects (VS2003 (.NET) build 4035)	`2`
Total imports	`165`
Imports (VS2003 (.NET) build 4035)	`15`
48 (9044)	`10`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

Errors

[*] Warning: Section .ndata has a size of 0!

Leave a comment

No comments yet.