Manalyze report for 9cb08d23c3d390c2825b7cba6adf902b92581be4a00a3025aacdecea7f36581b

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2025-May-25 16:46:51
Detected languages	English - United States
Debug artifacts	C:\Users\PC\source\repos\BEBYPASS\x64\Release\BEBYPASS.pdb

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 8.0`
Info	The PE contains common functions which appear in legitimate applications.	`Possibly launches other programs: system`
Malicious	VirusTotal score: 8/72 (Scanned on 2025-10-20 10:02:20)	`APEX: Malicious` `Bkav: W64.AIDetectMalware` `CrowdStrike: win/malicious_confidence_90% (W)` `DeepInstinct: MALICIOUS` `McAfeeD: ti!9CB08D23C3D3` `Paloalto: generic.ml` `Rising: Trojan.Kryptik@AI.96 (RDML:STRTb9lc7dG0iiLMaW5AeA)` `Symantec: ML.Attribute.HighConfidence`

Hashes

MD5	`9d063bec1f173d3bff17750e62c95983`
SHA1	`01b295ab3d08ca519919e7cd18657ef826698130`
SHA256	`9cb08d23c3d390c2825b7cba6adf902b92581be4a00a3025aacdecea7f36581b`
SHA3	`cbf96b1147d27256e9250e5b7875c0878c3aa300d3655ab8697d4648127ea5c8`
SSDeep	`768:J1zv2JHk2HT/nxxCAFJ44+RG/ls00KYss:J1yJBzoRGls00Kw`
Imports Hash	`a4e624af90dde93e98fff7a97c8867b2`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2025-May-25 16:46:51
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x7000`
SizeOfInitializedData	`0x3000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000007380 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xf000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f6bd20e183eee811ebe31cfbdb4e7e24`
SHA1	`51be00b5ba2a12ded4a507233cca0e9a406ace5e`
SHA256	`a319419436feb70da3d62fe251a1b7bae884bca1e6e3dba3ef465adef0c6bb2d`
SHA3	`ac305a503861b2d50b77746eb9ee2b13875ccba9613719574076978dfb10f45d`
VirtualSize	`0x6eec`
VirtualAddress	`0x1000`
SizeOfRawData	`0x7000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.00004`

.rdata

MD5	`9ae81aec00fd74eb97abab4c8f52a42e`
SHA1	`5e5e66202a0fc85528eb7a15262690f724e2bdd7`
SHA256	`34b2213563c63292ab8ceb8ee0e3dc8004a743e8e35e35c54aa3088b56449656`
SHA3	`05f2b9daaccf58d3749eb7f829ccfe5d6084e9e0ce449f34261e50c38fdd2015`
VirtualSize	`0x214e`
VirtualAddress	`0x8000`
SizeOfRawData	`0x2200`
PointerToRawData	`0x7400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.91234`

.data

MD5	`85c2aebd011c5c1b37c1009def59c2b6`
SHA1	`e6f88330c0bc7698e3f5d77202242a6e10f6e321`
SHA256	`ab4f194dcbbaf38d8dca700fa10eee22d80c5463d8256b36eb72ed5f7126ba69`
SHA3	`a5818bd143f172ebe95ef85b8e270e51e0d1ae2330fd892938463b36527155ea`
VirtualSize	`0x680`
VirtualAddress	`0xb000`
SizeOfRawData	`0x200`
PointerToRawData	`0x9600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.53249`

.pdata

MD5	`4578f3631f1358c7fd45b28ee634fbf3`
SHA1	`45c737956b021a11fd9f40c262df69b7f4aab89a`
SHA256	`31959bcefb38679b5d35337311c95cd31fbdb50962cbf289a6955c9959ef196e`
SHA3	`e450dec7739a2111586c5a4fec5a4f28c9b7f867fac76c19bee52b41a526f597`
VirtualSize	`0x1a4`
VirtualAddress	`0xc000`
SizeOfRawData	`0x200`
PointerToRawData	`0x9800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.25982`

.rsrc

MD5	`3f589857bb32ae56ee50be3b0a125141`
SHA1	`c483667476f55e15e0164c5715d9a9c07a64d5ee`
SHA256	`416d2ffc1e4a908e4f1d7731e95df7539f86421c0c0cf080f12aaeb698b70140`
SHA3	`bdf399e173dfa9ab053159cbd7e7e96cd413048121c0b4b217c21476a3a02c79`
VirtualSize	`0x1e8`
VirtualAddress	`0xd000`
SizeOfRawData	`0x200`
PointerToRawData	`0x9a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.75615`

.reloc

MD5	`cbb1e7293385d97a0f9c1c1b2f337776`
SHA1	`7aa600282b437d8bfe7388401488b3b365d45b9a`
SHA256	`0e260b68ff537b75527c8d028a6c731bbc0ffd2fb752458833e041652bd63b75`
SHA3	`9ac969569bdcf85f91c73ef36f2792d2625c114dab91b6992576a2c1bd3002c7`
VirtualSize	`0x3c`
VirtualAddress	`0xe000`
SizeOfRawData	`0x200`
PointerToRawData	`0x9c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.74541`

Imports

KERNEL32.dll	`GetConsoleWindow` `SetConsoleTitleW` `Sleep` `GetCurrentThreadId` `RtlCaptureContext` `GetModuleHandleW` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsDebuggerPresent` `InitializeSListHead` `GetSystemTimeAsFileTime` `GetCurrentProcessId` `QueryPerformanceCounter` `IsProcessorFeaturePresent`
USER32.dll	`GetAsyncKeyState` `SetWindowLongW` `MessageBoxA` `SetLayeredWindowAttributes` `GetWindowLongW`
MSVCP140.dll	`_Query_perf_counter` `_Query_perf_frequency`
VCRUNTIME140.dll	`__C_specific_handler` `memcpy` `__current_exception` `__current_exception_context` `memset`
api-ms-win-crt-runtime-l1-1-0.dll	`_crt_atexit` `_register_onexit_function` `_register_thread_local_exe_atexit_callback` `_c_exit` `_cexit` `__p___argv` `__p___argc` `exit` `_exit` `_initterm_e` `_initterm` `_get_initial_narrow_environment` `_initialize_narrow_environment` `_configure_narrow_argv` `terminate` `_set_app_type` `_seh_filter_exe` `system` `_initialize_onexit_table`
api-ms-win-crt-stdio-l1-1-0.dll	`__p__commode` `_set_fmode` `__acrt_iob_func` `__stdio_common_vfprintf`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-May-25 16:46:51
Version	`0.0`
SizeofData	`83`
AddressOfRawData	`0x94e4`
PointerToRawData	`0x88e4`
Referenced File	C:\Users\PC\source\repos\BEBYPASS\x64\Release\BEBYPASS.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-May-25 16:46:51
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x9538`
PointerToRawData	`0x8938`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-May-25 16:46:51
Version	`0.0`
SizeofData	`644`
AddressOfRawData	`0x954c`
PointerToRawData	`0x894c`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2025-May-25 16:46:51
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14000b000`

RICH Header

XOR Key	`0x8814b771`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`10`
ASM objects (34321)	`3`
C objects (34321)	`10`
C++ objects (34321)	`19`
Imports (34321)	`6`
Imports (33140)	`5`
Total imports	`71`
C++ objects (LTCG) (34809)	`1`
Resource objects (34809)	`1`
Linker (34809)	`1`

Errors

Leave a comment

No comments yet.