Manalyze report for 9910cca375735a6c99aba2769e3b0d003af213020a7f0784176f930485f0c1dc

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-Apr-12 21:45:20
TLS Callbacks	3 callback(s) detected.

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: cmd.exe`
Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot SwitchToThread` `Possibly launches other programs: CreateProcessW` `Uses Windows's Native API: NtCreateFile NtCreateNamedPipeFile NtOpenFile NtReadFile NtWriteFile` `Can create temporary files: CreateFileW GetTempPathW` `Leverages the raw socket API to access the Internet: GetHostNameW WSACleanup WSADuplicateSocketW WSAGetLastError WSARecv WSASend WSASocketW WSAStartup accept bind closesocket connect freeaddrinfo getaddrinfo getpeername getsockname getsockopt ioctlsocket listen recv recvfrom select send sendto setsockopt shutdown`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`7d7a2aa310ed83d3bad4da02f420b23f`
SHA1	`3ea26e79805c5ea6af4f61d5ca33928f32888877`
SHA256	`9910cca375735a6c99aba2769e3b0d003af213020a7f0784176f930485f0c1dc`
SHA3	`2b5ff78160e5b227cdf1cabbede4919aa2ce91d8799ca3e4721a48cdeb9b666f`
SSDeep	`12288:PC5yZCC8+V4kOCty4fPCdVl5oVmfgd+Jf4k8ts33I:CyZCC/P2P5oVmfgd+JQk8tsI`
Imports Hash	`cdb60690ae00dba0aca743f66be9c69d`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`10`
TimeDateStamp	2026-Apr-12 21:45:20
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0x9a000`
SizeOfInitializedData	`0x37800`
SizeOfUninitializedData	`0x400`
AddressOfEntryPoint	`0x000000000000105F (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0xd6000`
SizeOfHeaders	`0x400`
Checksum	`0xd6d98`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`ca1f6a67b2196abd544d6fa1bbf730bf`
SHA1	`1a50c3cc2008a7ca95882c4ec6a82bbe514d9be7`
SHA256	`3df976fbbdab2e5120a4a8136a7e304ebb4c8b3d852433ca475361531ffb95aa`
SHA3	`d6746169f414c56d510493f9c7893c430f594af34c9037541976f40321ab8d4a`
VirtualSize	`0x99f70`
VirtualAddress	`0x1000`
SizeOfRawData	`0x9a000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.37169`

.data

MD5	`821003c32e323015d76e431d26c06d05`
SHA1	`c412897b0a1e65699671d81bc3d919110cbca0e4`
SHA256	`6ee6f76ba97c38fdd2ad70f323b8a889fc3651f18feb73fb5bc822db28027877`
SHA3	`8c71aab4ae97b7760912e97bd4579ebbbf5085a895979c13b8cd3348ef64075b`
VirtualSize	`0xc00`
VirtualAddress	`0x9b000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x9a400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.785385`

.rdata

MD5	`3888cc20f552f1513c3a34d7e9540403`
SHA1	`e659b8b0af952e2fbaae3e6eae7f87f2062ca1be`
SHA256	`f4d01c8e1b8d03748ea1892d036fdd1b85719df88e614d1c872d859d02b1173b`
SHA3	`118715240b7bac7601b7b710d210dc7da83fba59488d9e200aa72547486c0047`
VirtualSize	`0x24d98`
VirtualAddress	`0x9c000`
SizeOfRawData	`0x24e00`
PointerToRawData	`0x9b000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.98722`

.eh_fram

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x4`
VirtualAddress	`0xc1000`
SizeOfRawData	`0x200`
PointerToRawData	`0xbfe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.pdata

MD5	`75d229a4c7344b9ade59367500956a28`
SHA1	`54f9611a5e2727e93e90c594704133e4be27cb46`
SHA256	`f0bb9cd661a092aab756f476bf1e9b73960e1db18c3d10f22c827d36a2c8ff46`
SHA3	`19ec813a48e995f0b2d04118626e315b291fb1a303c03bbe2db978d9ed331faf`
VirtualSize	`0x4d34`
VirtualAddress	`0xc2000`
SizeOfRawData	`0x4e00`
PointerToRawData	`0xc0000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.86369`

.xdata

MD5	`c3a31a0b3dceb5d05ae5972a8504583b`
SHA1	`d0c9ee8132b956514cf676ba12bebb4f4275de5e`
SHA256	`2a7c2ef5efd0fdf36843999c6d95f516c87cac02f529296315ae913be4ce36d4`
SHA3	`10c374620abf10e23be753873dafa43d2ff1cf7db7801d9a160d3cfb65a57e43`
VirtualSize	`0x9f10`
VirtualAddress	`0xc7000`
SizeOfRawData	`0xa000`
PointerToRawData	`0xc4e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.39866`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x240`
VirtualAddress	`0xd1000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`b669c14d7059d1cf99f4df25e643297c`
SHA1	`218ee995dada19e40aa1627cff83a287b0b5ec03`
SHA256	`680b83eef7069300841ff49c70da03430c3d3bb1bed5bde7da70090331ecbeb4`
SHA3	`bef88a0868d784a728a37d87a522d6bcf364a96eb07b16346b9cfce5a48a1652`
VirtualSize	`0x1ff0`
VirtualAddress	`0xd2000`
SizeOfRawData	`0x2000`
PointerToRawData	`0xcee00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.72288`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x10`
VirtualAddress	`0xd4000`
SizeOfRawData	`0x200`
PointerToRawData	`0xd0e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.reloc

MD5	`29e82e14c766fb60195e0dcd50a85c65`
SHA1	`0f3bb14b8e9d66142303998ccd315f654a53ad1a`
SHA256	`0825a73473a9e1115f6900cf857728521cda2698ea0e52b8a107b81a689cfa3a`
SHA3	`d1373d9cbfcb6ea083bca2a6fd9cd3d959f393b6ac7735913dc37b2d1c105143`
VirtualSize	`0xc00`
VirtualAddress	`0xd5000`
SizeOfRawData	`0xc00`
PointerToRawData	`0xd1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.41548`

Imports

api-ms-win-core-synch-l1-2-0.dll	`WaitOnAddress` `WakeByAddressAll` `WakeByAddressSingle`
bcryptprimitives.dll	`ProcessPrng`
user32.dll	`MessageBoxW`
KERNEL32.dll	`AddVectoredExceptionHandler` `CancelIo` `CloseHandle` `CompareStringOrdinal` `CopyFileExW` `CreateDirectoryW` `CreateEventW` `CreateFileMappingA` `CreateFileW` `CreateHardLinkW` `CreatePipe` `CreateProcessW` `CreateSymbolicLinkW` `CreateThread` `CreateToolhelp32Snapshot` `CreateWaitableTimerExW` `DeleteCriticalSection` `DeleteFileW` `DeleteProcThreadAttributeList` `DeviceIoControl` `DuplicateHandle` `EnterCriticalSection` `ExitProcess` `FindClose` `FindFirstFileExW` `FindNextFileW` `FlushFileBuffers` `FormatMessageW` `FreeEnvironmentStringsW` `FreeLibrary` `GetCommandLineW` `GetConsoleMode` `GetConsoleOutputCP` `GetCurrentDirectoryW` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThread` `GetCurrentThreadId` `GetEnvironmentStringsW` `GetEnvironmentVariableW` `GetExitCodeProcess` `GetFileAttributesW` `GetFileInformationByHandle` `GetFileInformationByHandleEx` `GetFileSizeEx` `GetFileType` `GetFinalPathNameByHandleW` `GetFullPathNameW` `GetLastError` `GetModuleFileNameW` `GetModuleHandleA` `GetModuleHandleW` `GetOverlappedResult` `GetProcAddress` `GetProcessHeap` `GetProcessId` `GetStdHandle` `GetSystemDirectoryW` `GetSystemInfo` `GetSystemTimePreciseAsFileTime` `GetTempPathW` `GetWindowsDirectoryW` `HeapAlloc` `HeapFree` `HeapReAlloc` `InitOnceBeginInitialize` `InitOnceComplete` `InitializeCriticalSection` `InitializeProcThreadAttributeList` `LeaveCriticalSection` `LoadLibraryA` `LockFileEx` `MapViewOfFile` `Module32FirstW` `Module32NextW` `MoveFileExW` `MultiByteToWideChar` `QueryPerformanceCounter` `QueryPerformanceFrequency` `RaiseException` `ReadConsoleW` `ReadFile` `ReadFileEx` `RemoveDirectoryW` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlUnwindEx` `RtlVirtualUnwind` `SetCurrentDirectoryW` `SetEnvironmentVariableW` `SetFileAttributesW` `SetFileInformationByHandle` `SetFilePointerEx` `SetFileTime` `SetHandleInformation` `SetLastError` `SetThreadStackGuarantee` `SetUnhandledExceptionFilter` `SetWaitableTimer` `Sleep` `SleepEx` `SwitchToThread` `TerminateProcess` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `UnlockFile` `UnmapViewOfFile` `UpdateProcThreadAttribute` `VirtualProtect` `VirtualQuery` `WaitForMultipleObjects` `WaitForSingleObject` `WideCharToMultiByte` `WriteConsoleW` `WriteFileEx` `__C_specific_handler` `lstrlenW`
api-ms-win-crt-environment-l1-1-0.dll	`__p__environ`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `calloc` `free` `malloc`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-private-l1-1-0.dll	`memcmp` `memcpy` `memmove`
api-ms-win-crt-runtime-l1-1-0.dll	`__p___argc` `__p___argv` `_cexit` `_configure_narrow_argv` `_crt_atexit` `_exit` `_fpreset` `_initialize_narrow_environment` `_set_app_type` `_initterm` `_initterm_e` `_set_invalid_parameter_handler` `abort` `exit` `signal`
api-ms-win-crt-stdio-l1-1-0.dll	`__acrt_iob_func` `__p__commode` `__p__fmode` `__stdio_common_vfprintf` `fflush` `setvbuf`
api-ms-win-crt-string-l1-1-0.dll	`memset` `strlen` `strncmp`
ntdll.dll	`NtCreateFile` `NtCreateNamedPipeFile` `NtOpenFile` `NtReadFile` `NtWriteFile` `RtlNtStatusToDosError`
USERENV.dll	`GetUserProfileDirectoryW`
WS2_32.dll	`GetHostNameW` `WSACleanup` `WSADuplicateSocketW` `WSAGetLastError` `WSARecv` `WSASend` `WSASocketW` `WSAStartup` `accept` `bind` `closesocket` `connect` `freeaddrinfo` `getaddrinfo` `getpeername` `getsockname` `getsockopt` `ioctlsocket` `listen` `recv` `recvfrom` `select` `send` `sendto` `setsockopt` `shutdown`

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData	`0x1400d4000`
EndAddressOfRawData	`0x1400d4008`
AddressOfIndex	`0x1400d1190`
AddressOfCallbacks	`0x1400c0d68`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x0000000140010220` `0x00000001400996C0` `0x0000000140099779`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!

Leave a comment

No comments yet.