Manalyze report for 98d58511ee00171645eb20b76a4b8eb2f7185759209ce7ca9af4d3e23967b2f9

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-Apr-23 20:50:08
Detected languages	English - United States

Plugin Output

Info	Libraries used to perform cryptographic operations:	`Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found: .~*:` `Unusual section name found: .rSl` `Unusual section name found: .b8c`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Possibly launches other programs: ShellExecuteA` `Uses Microsoft's cryptographic API: CryptAcquireContextW` `Leverages the raw socket API to access the Internet: getpeername`
Malicious	VirusTotal score: 16/71 (Scanned on 2026-06-28 04:10:11)	`APEX: Malicious` `Bkav: W32.Malware.90619D02` `CrowdStrike: win/malicious_confidence_100% (D)` `Cylance: Unsafe` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `ESET-NOD32: Win32/Packed.VMProtect.ACX trojan` `Elastic: malicious (high confidence)` `Gridinsoft: Trojan.Heur!.02212023` `Malwarebytes: Malware.Heuristic.2108` `McAfeeD: Real Protect-LS!908EABD133DB` `Rising: Trojan.Kryptik@AI.88 (RDML:yrtlDUQrJbbUqK/Vv+5NYg)` `Sangfor: Trojan.Win32.Save.a` `SentinelOne: Static AI - Malicious PE` `Symantec: ML.Attribute.HighConfidence` `Trapmine: suspicious.low.ml.score`

Hashes

MD5	`908eabd133db85bbd410c404f8aab5bc`
SHA1	`c831e40d32fe9a4c7d46717d20b5eb1da7e1d94a`
SHA256	`98d58511ee00171645eb20b76a4b8eb2f7185759209ce7ca9af4d3e23967b2f9`
SHA3	`bf5d14e205b13de37fa9b55c28f36226b7be50955314aac4d66676929bf1f656`
SSDeep	`393216:4e/Y0hLJiyykfyvAopE6btpeXUMY+CkeiAB:4LWJmkfeAObtMUCy`
Imports Hash	`61ddde98833a5f181914a51d1cd13700`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`9`
TimeDateStamp	2026-Apr-23 20:50:08
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xc4800`
SizeOfInitializedData	`0xba9200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000014AFD90 (Section: .b8c)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x2532000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xc4743`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.rdata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x35ca4`
VirtualAddress	`0xc6000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.data

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xb69c58`
VirtualAddress	`0xfc000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.pdata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x8868`
VirtualAddress	`0xc66000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.~*:

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x80b214`
VirtualAddress	`0xc6f000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.rSl

MD5	`5a9ff057d1f8dfaf301396be02c1c6b4`
SHA1	`0e596c7a021c209002f741a565cbc5f0fde95191`
SHA256	`ef7123f59f5c2092f4a3f52a94b56dfcca0fc73499d7fa8848e57a3adaa89646`
SHA3	`39a749e5617e816b3744cccf80bc61af81a02a145a06355baa85bacd19b5d7d9`
VirtualSize	`0x1358`
VirtualAddress	`0x147b000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.327722`

.b8c

MD5	`83949cf66f36c2f546d151de135afb18`
SHA1	`559e7d2b036a06b24e047de86ccd58f1edc72c70`
SHA256	`f006a4e2ce4625a4028a4c2b0b72f26c2736f63eb09551a9937bd490f50ce244`
SHA3	`2745b3cdb910e6bc05dd9be55350a1e8c98928d098bbcfef7dc4097c8a02d719`
VirtualSize	`0x10b2530`
VirtualAddress	`0x147d000`
SizeOfRawData	`0x10b2600`
PointerToRawData	`0x1800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`7.8937`

.reloc

MD5	`a4b7cf4c8e993b58a029809f471e1d09`
SHA1	`d09f51a40eee27f988e3d74f646f19b04b1357df`
SHA256	`c4575aab57ce34bf0b68a3c458f3d14c8f197ffe2dfd05da8b001b7dbdf02cd8`
SHA3	`177288ad878f197f624e92cada0185135f8e68a4aadde3531b18e373dc53cd38`
VirtualSize	`0x128`
VirtualAddress	`0x2530000`
SizeOfRawData	`0x200`
PointerToRawData	`0x10b3e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.73826`

.rsrc

MD5	`23a8763622b686c999aaec57576305fc`
SHA1	`453bcf0560c295081648cc9b54db6248cd1a1c7b`
SHA256	`3624753fdf6a64d335bfde895001e8cf87ddee773a87145df55255796074cdb7`
SHA3	`2a57e17de01aef0b410b2bea06af5d754961af3665f97fdd85d585d8e2dd8571`
VirtualSize	`0x1e0`
VirtualAddress	`0x2531000`
SizeOfRawData	`0x200`
PointerToRawData	`0x10b4000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.7879`

Imports

d3d11.dll	`D3D11CreateDeviceAndSwapChain`
D3DCOMPILER_43.dll	`D3DCompile`
KERNEL32.dll	`GetFileSizeEx`
USER32.dll	`OpenClipboard`
ADVAPI32.dll	`CryptAcquireContextW`
SHELL32.dll	`ShellExecuteA`
CRYPT32.dll	`PFXImportCertStore`
WS2_32.dll	`getpeername`
IPHLPAPI.DLL	`if_nametoindex`
Secur32.dll	`InitSecurityInterfaceW`
MSVCP140.dll	`??Bios_base@std@@QEBA_NXZ`
IMM32.dll	`ImmSetCompositionWindow`
dwmapi.dll	`DwmExtendFrameIntoClientArea`
d3dx11_43.dll	`D3DX11CreateShaderResourceViewFromFileW`
ntdll.dll	`RtlCaptureContext`
bcrypt.dll	`BCryptGenRandom`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`_CxxThrowException`
api-ms-win-crt-stdio-l1-1-0.dll	`fwrite`
api-ms-win-crt-runtime-l1-1-0.dll	`_get_initial_narrow_environment`
api-ms-win-crt-utility-l1-1-0.dll	`rand`
api-ms-win-crt-string-l1-1-0.dll	`strcpy_s`
api-ms-win-crt-heap-l1-1-0.dll	`calloc`
api-ms-win-crt-convert-l1-1-0.dll	`atoi`
api-ms-win-crt-filesystem-l1-1-0.dll	`_unlink`
api-ms-win-crt-time-l1-1-0.dll	`strftime`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-math-l1-1-0.dll	`acosf`
KERNEL32.dll (#2)	`GetFileSizeEx`
KERNEL32.dll (#3)	`GetFileSizeEx`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

Version Info

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1400fc840`

RICH Header

Errors

[!] Error: Could not reach the TLS callback table.
[*] Warning: Section .text has a size of 0!
[*] Warning: Section .rdata has a size of 0!
[*] Warning: Section .data has a size of 0!
[*] Warning: Section .pdata has a size of 0!
[*] Warning: Section .~*: has a size of 0!

Leave a comment

No comments yet.