Manalyze report for 95687f76ebcd3357b710346fcb0c9ae25e5cf0e0337b14e68341cc3b67bc1960

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2025-Sep-27 10:30:12
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	The PE is possibly packed.	`Unusual section name found: .0Dev`
Malicious	VirusTotal score: 8/72 (Scanned on 2026-01-26 08:36:45)	`APEX: Malicious` `CrowdStrike: win/malicious_confidence_90% (W)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `Kaspersky: Trojan.Win64.Agent.smeujg` `McAfeeD: ti!95687F76EBCD` `Symantec: ML.Attribute.HighConfidence` `TrellixENS: Artemis!8289F2FDAC54`

Hashes

MD5	`8289f2fdac542ba98a5aab7bfd3ade7c`
SHA1	`9bf21643a9348e7e9e06035ef3b04dd5fa85700f`
SHA256	`95687f76ebcd3357b710346fcb0c9ae25e5cf0e0337b14e68341cc3b67bc1960`
SHA3	`70c4953d4d0e2a99dfe90c24aa5d5919395a55742eecfeb71d77f8279b23cec6`
SSDeep	`384:dOccXjC44aeGe5NekXtPGe5NU9y13IxQmoMNgvUjmxn1ysq5Sx:dONmDpeAhpU9y13AQDz7j`
Imports Hash	`7a34c5cef9eb9e4108db949eb00aa613`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2025-Sep-27 10:30:12
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x1600`
SizeOfInitializedData	`0x2000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001AC0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xb000`
SizeOfHeaders	`0x600`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a64aa56cfa27eff78e18e455dc77f361`
SHA1	`c8bc09a0092e9d5036b160bb9c2820156bec8919`
SHA256	`79cbd441eb1feb04cbadf73346a15e7b4bdaeb14d3cd7a9cbdaedee8ba7ba2f5`
SHA3	`7885f529b30740db747def7e81f28d4df53693ec349727ad69e8567453c4c81d`
VirtualSize	`0x141c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.50723`

.rdata

MD5	`61173a3e2a2f15f3f18ea3e8db95b4a8`
SHA1	`282c0b43ebdf9f50cae9d250f664ac2ff42e1518`
SHA256	`607b84792740ca1693ca1fcc99c7a85590a113ab4796a7fb3e4a00b554926bf5`
SHA3	`11cfc5ba3be43facd5b45213158bb855c33706c7fa067b5a3a9db786eda16d7e`
VirtualSize	`0x105e`
VirtualAddress	`0x3000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x3000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.95528`

.data

MD5	`df472dc55d3b30057eb5fc703f6e33fa`
SHA1	`599b17bf94a08deb831c54748da8a829caf16fd9`
SHA256	`c068a0fad040f60494b0daa4a2a17fbdea2bdb3da2c5e1540507a69f57cfa17f`
SHA3	`ce5bc46e8f40a2aa939a93d1835faf32446abb053542bdfdb7be717e8b68ffa0`
VirtualSize	`0x648`
VirtualAddress	`0x5000`
SizeOfRawData	`0x200`
PointerToRawData	`0x5000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.464663`

.pdata

MD5	`be3775f5e4fc426a3d965b1eaed767b3`
SHA1	`f22f375779af0cb098116b76aec4daa49109f271`
SHA256	`cea2049167f67df2b83d62a33bdbd6c93529e8788544d3352c5fcb5e8f11e07a`
SHA3	`ecf7aa21810f6e6815c3f8e5568f06e0ec91e0742038949340bf9ac0a954d140`
VirtualSize	`0x1bc`
VirtualAddress	`0x6000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.33556`

.rsrc

MD5	`0b35de07beeb30d1d6013cbca2846303`
SHA1	`c98626ce4d587471d115df6f42cb0f5221f13689`
SHA256	`c9ed38ed40cfe8c1718cbf78be16bb4aa76b76097a449f9ea315aee9fd20df0d`
SHA3	`76678b071daa4ec33980be3b819260aea5ade31193b0580e19b41e16156137cf`
VirtualSize	`0x1e0`
VirtualAddress	`0x7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x7000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.7015`

.reloc

MD5	`51e9924b42776f8dd8b9b1e014b61333`
SHA1	`da473fe02f49214fb4dec4828a7a4c5c084bc864`
SHA256	`9a84ab7513e174451511a332183c1403919cb38207e0aeccc8544247fe4f55b3`
SHA3	`92efefacb942106aaf4563d71babb14c21a497e1f10dd1661a5672c21f38eafe`
VirtualSize	`0x2c`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x8000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.631764`

.0Dev

MD5	`bfc2eb9502c0be5031ad33e344634ac9`
SHA1	`39d47f89815616b05bd00c582145e402ee842f30`
SHA256	`d235e2d642df08baab37ef421a1423612530d771caa932be23ef3b91268fe347`
SHA3	`4a135de32ea4f33b363e6dd2791370e68dce28447e3e40f35a38021e886da5f9`
VirtualSize	`0x2000`
VirtualAddress	`0x9000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x9000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`3.16852`

Imports

VCRUNTIME140.dll	`__current_exception` `__current_exception_context` `memset` `__C_specific_handler`
api-ms-win-crt-stdio-l1-1-0.dll	`_set_fmode` `__stdio_common_vsscanf` `__p__commode` `__acrt_iob_func` `__stdio_common_vfprintf` `__stdio_common_vfscanf`
api-ms-win-crt-string-l1-1-0.dll	`strncpy`
api-ms-win-crt-runtime-l1-1-0.dll	`_cexit` `_seh_filter_exe` `_initialize_onexit_table` `__p___argv` `_c_exit` `_crt_atexit` `terminate` `_set_app_type` `_configure_narrow_argv` `_register_thread_local_exe_atexit_callback` `__p___argc` `_register_onexit_function` `_exit` `exit` `_initterm_e` `_initterm` `_get_initial_narrow_environment` `_initialize_narrow_environment`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode`
KERNEL32.dll	`GetCurrentThreadId` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetModuleHandleW` `IsDebuggerPresent` `InitializeSListHead` `GetSystemTimeAsFileTime` `RtlCaptureContext` `GetCurrentProcessId` `QueryPerformanceCounter` `IsProcessorFeaturePresent` `TerminateProcess` `GetCurrentProcess`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

TLS Callbacks

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140005008`

RICH Header

XOR Key	`0xb2d23819`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`12`
Imports (VS 2015/2017/2019 runtime 29118)	`3`
C++ objects (VS 2015/2017/2019 runtime 29118)	`18`
C objects (VS 2015/2017/2019 runtime 29118)	`10`
ASM objects (VS 2015/2017/2019 runtime 29118)	`3`
Imports (27412)	`2`
Total imports	`52`
C++ objects (LTCG) (VS2019 Update 8 (16.8.5-6) compiler 29337)	`1`
Resource objects (VS2019 Update 8 (16.8.5-6) compiler 29337)	`1`
Linker (VS2019 Update 8 (16.8.5-6) compiler 29337)	`1`

Errors

[!] Error: Could not read PDB file information of invalid magic number.

Leave a comment

No comments yet.