Manalyze report for 96c525c605fe0e78508cd03940c57027dea49588e37dbb12af21d6c9a62bbed8

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Mar-22 00:38:55
Detected languages	English - United States

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress LoadLibraryExW` `Possibly launches other programs: ShellExecuteW` `Uses functions commonly found in keyloggers: GetForegroundWindow GetAsyncKeyState MapVirtualKeyA` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`9b70a51363e00e794f7f4c1c606db41c`
SHA1	`c34befb64aff23ee0d6fd6f1dd6cae15215e46db`
SHA256	`96c525c605fe0e78508cd03940c57027dea49588e37dbb12af21d6c9a62bbed8`
SHA3	`8d27fdcc7ab0a8812b6aaa04ade6747cb753fe90c2c318b8e9c013b56ef7abf6`
SSDeep	`24576:fdczleSF0N83Lu/gTRu5CB3zMLTHviong:l67FLhnB3z+6on`
Imports Hash	`c541d1d04327d25fea3d12065f1ddb0f`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`8`
TimeDateStamp	2026-Mar-22 00:38:55
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x94e00`
SizeOfInitializedData	`0x31e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000067B74 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xcc000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`48eef297d0c921627ac41aa70250e2e0`
SHA1	`3ac75fc978aafb7c9f75fde557ea020c7d07ccdc`
SHA256	`e653ec60aa9533f36c318f709d0c2242815d201030a391d47dac927c5af7acd7`
SHA3	`4031b32ca5c54654c4abd0348f6f85d648ce40510b65f17080f582ec40b3eb56`
VirtualSize	`0x94c24`
VirtualAddress	`0x1000`
SizeOfRawData	`0x94e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.56301`

.rdata

MD5	`33cc7b691b71abc69556d388331a9333`
SHA1	`7c7745bac15a1ee40d005a6e82b53e28b663ff92`
SHA256	`1094c6555a2d9385fad4f6b25d971835436cd20ead22789733a254c27060d386`
SHA3	`61613d0f9ec4e3024187a939662fca64788f18f7df7b4da31c27a0464f67feb9`
VirtualSize	`0x274d0`
VirtualAddress	`0x96000`
SizeOfRawData	`0x27600`
PointerToRawData	`0x95200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.07017`

.data

MD5	`db41eb13f19b45cc4307c8f418831150`
SHA1	`f6f381fdfcc602697b594f7db1969db9272d4a3a`
SHA256	`ffd3cfeea36af0037aad257a7888c16988604bef2ad256b5eb6b2c2a651f516c`
SHA3	`42ecf07a1655081abc2d730e8f3c6e5ea696c0400da9ea28efbb84cd3bae5d8d`
VirtualSize	`0x2a98`
VirtualAddress	`0xbe000`
SizeOfRawData	`0x1400`
PointerToRawData	`0xbc800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.82815`

.pdata

MD5	`b16ee60901c63711beffedba91ad4f1f`
SHA1	`843fbd7210c90800a3d30edb7d864540208ffa9e`
SHA256	`e46564d937595668b078262afada8768fde3c386cbf17b3ea112506231a02aba`
SHA3	`ab90e8a1d40c3d2d4669eba32f4759e45a1ec156d7ccfd3cfef5b00a679f3af2`
VirtualSize	`0x6948`
VirtualAddress	`0xc1000`
SizeOfRawData	`0x6a00`
PointerToRawData	`0xbdc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.90551`

_RDATA

MD5	`ca742afed17a448f85feadcdcdd57e13`
SHA1	`8c54a76d34e2ca1e242fe85bf7ed1b5e8ed93f4f`
SHA256	`75ccd708cd02cade8abd5ad95bf7ab30d7fdf63b862d5f110ec54bdf6caf3ee2`
SHA3	`c7896ba888cf99ec303f209f7cd9763de7ce8c5278e93fd09c3aa0e207e7a7b4`
VirtualSize	`0x15c`
VirtualAddress	`0xc8000`
SizeOfRawData	`0x200`
PointerToRawData	`0xc4600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.35385`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x100`
VirtualAddress	`0xc9000`
SizeOfRawData	`0x200`
PointerToRawData	`0xc4800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`a5308eee9262f839c365cda64038c063`
SHA1	`f4d7bf318c7379d1f5eb34b3fc9722ca1ede2e6f`
SHA256	`4b95e653ff568357cb485ec3fd36e1b8a66f5d4eb231243bb53fb65aa7917a7b`
SHA3	`72fb2e5945061b3ed81e95eeb86a62781ffaa56ed90c2cc0e0892ea8b9ed5144`
VirtualSize	`0x1e8`
VirtualAddress	`0xca000`
SizeOfRawData	`0x200`
PointerToRawData	`0xc4a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.77204`

.reloc

MD5	`df8233dd52c4e7d7d8d72f24201d45e0`
SHA1	`cbf8c0179a5dbb0f4b0dd8c4ddbcac3e9fbe017a`
SHA256	`cc122ac4f75b7423df0b6dc977ea9e46d25d8e8442881d6825a4f37f042cd5ca`
SHA3	`48d64ecb29b31589d8a66fc8907bcc596ee30886351ae3e9bd013aabd4caa6cd`
VirtualSize	`0xb68`
VirtualAddress	`0xcb000`
SizeOfRawData	`0xc00`
PointerToRawData	`0xc4c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.3473`

Imports

d3d11.dll	`D3D11CreateDeviceAndSwapChain`
D3DCOMPILER_47.dll	`D3DCompile`
KERNEL32.dll	`GlobalFree` `GlobalLock` `WideCharToMultiByte` `GlobalUnlock` `GetLocaleInfoA` `LoadLibraryA` `QueryPerformanceFrequency` `IsDBCSLeadByte` `GetProcAddress` `FreeLibrary` `QueryPerformanceCounter` `SetEnvironmentVariableW` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetOEMCP` `GetACP` `IsValidCodePage` `FindNextFileW` `FindFirstFileExW` `FindClose` `GlobalAlloc` `HeapReAlloc` `ReadConsoleW` `EnumSystemLocalesW` `GetUserDefaultLCID` `IsValidLocale` `GetLocaleInfoW` `LCMapStringW` `CompareStringW` `VirtualProtect` `FlsFree` `FlsSetValue` `FlsGetValue` `FlsAlloc` `HeapAlloc` `HeapFree` `GetConsoleMode` `MultiByteToWideChar` `GetTickCount64` `SetStdHandle` `GetProcessHeap` `GetConsoleOutputCP` `FlushFileBuffers` `CreateFileW` `HeapSize` `WriteConsoleW` `UnhandledExceptionFilter` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionEx` `DeleteCriticalSection` `EncodePointer` `DecodePointer` `LCMapStringEx` `GetStringTypeW` `GetCPInfo` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `SetEndOfFile` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `CloseHandle` `InitializeCriticalSectionAndSpinCount` `SetEvent` `ResetEvent` `WaitForSingleObjectEx` `CreateEventW` `GetModuleHandleW` `IsDebuggerPresent` `GetStartupInfoW` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlUnwindEx` `RtlPcToFileHeader` `RaiseException` `GetLastError` `SetLastError` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `LoadLibraryExW` `RtlUnwind` `ReadFile` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `ExitProcess` `GetModuleHandleExW` `GetCommandLineA` `GetCommandLineW` `GetFileSizeEx` `SetFilePointerEx` `GetFileType`
USER32.dll	`GetKeyState` `GetMessageExtraInfo` `ScreenToClient` `GetCapture` `ClientToScreen` `TrackMouseEvent` `GetKeyboardLayout` `GetForegroundWindow` `LoadCursorW` `SetCapture` `SetCursor` `GetClientRect` `IsWindowUnicode` `ReleaseCapture` `SetCursorPos` `GetCursorPos` `OpenClipboard` `CloseClipboard` `EmptyClipboard` `GetClipboardData` `SetClipboardData` `DefWindowProcW` `GetKeyNameTextA` `GetAsyncKeyState` `MapVirtualKeyA` `PostQuitMessage`
SHELL32.dll	`ShellExecuteW`
IMM32.dll	`ImmReleaseContext` `ImmSetCompositionWindow` `ImmSetCandidateWindow` `ImmGetContext`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Mar-22 00:38:55
Version	`0.0`
SizeofData	`1028`
AddressOfRawData	`0xb279c`
PointerToRawData	`0xb199c`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2026-Mar-22 00:38:55
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x1400b2be8`
EndAddressOfRawData	`0x1400b2bf0`
AddressOfIndex	`0x1400bfce8`
AddressOfCallbacks	`0x140096520`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1400be080`

RICH Header

XOR Key	`0xc1668f1b`
Unmarked objects	`0`
C++ objects (33145)	`177`
C objects (33145)	`30`
ASM objects (33145)	`22`
Unmarked objects (#2)	`1`
C objects (32420)	`16`
ASM objects (32420)	`10`
C++ objects (32420)	`82`
Imports (33145)	`17`
Total imports	`158`
C++ objects (LTCG) (32548)	`8`
Resource objects (32548)	`1`
Linker (32548)	`1`

Errors

Leave a comment

No comments yet.