Manalyze report for a069957a4546fa3acc37a744bfeb9bbe7b091f886314b3247f70e3c6bfa10d5a

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-Mar-13 11:01:32
Detected languages	English - United States
Debug artifacts	C:\Users\Admin\Downloads\yuki-external\yuki-external\x64\Release\owo.pdb

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: assetdelivery.roblox.com github.com https://assetdelivery.roblox.com https://assetdelivery.roblox.com/v1/asset/?id https://github.com roblox.com`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowA` `Code injection capabilities (PowerLoader): FindWindowA GetWindowLongA` `Possibly launches other programs: ShellExecuteW` `Uses functions commonly found in keyloggers: GetAsyncKeyState GetForegroundWindow MapVirtualKeyA` `Manipulates other processes: OpenProcess Process32Next Process32First` `Can take screenshots: GetDC FindWindowA` `Reads the contents of the clipboard: GetClipboardData`
Malicious	VirusTotal score: 18/70 (Scanned on 2026-03-13 11:15:02)	`ALYac: Gen:Variant.Application.Tedy.17879` `APEX: Malicious` `Arcabit: Trojan.Application.Tedy.D45D7` `BitDefender: Gen:Variant.Application.Tedy.17879` `Bkav: W64.AIDetectMalware` `CTX: exe.unknown.tedy` `CrowdStrike: win/malicious_confidence_90% (D)` `ESET-NOD32: Win64/GameHack_AGen.ALH potentially unsafe application` `Elastic: malicious (high confidence)` `Emsisoft: Gen:Variant.Application.Tedy.17879 (B)` `GData: Gen:Variant.Application.Tedy.17879` `Google: Detected` `Ikarus: Trojan.Win64.Krypt` `McAfeeD: ti!A069957A4546` `MicroWorld-eScan: Gen:Variant.Application.Tedy.17879` `Microsoft: Trojan:Win32/Wacatac.B!ml` `Rising: Trojan.Kryptik@AI.98 (RDML:5fiArCep/YFf8+zaDkN7yw)` `VIPRE: Gen:Variant.Application.Tedy.17879`

Hashes

MD5	`d99c20e6861d4d8db512e171dc964ac9`
SHA1	`9ec63082ed40ff1a98a4f51af00c32f6cf005263`
SHA256	`a069957a4546fa3acc37a744bfeb9bbe7b091f886314b3247f70e3c6bfa10d5a`
SHA3	`a7c6ea4854eeee8b3b70176d6a8bfc2931c13a7cc3b7e09b0b1b191c339dbcc4`
SSDeep	`12288:llQRQntqljQoCnRfXqVSgFrS3UInTxglfAi6nyX7sc8:lKYtqljQocRf6F23X12Ai6ng7n8`
Imports Hash	`2f6c4267ef4fb7c8b7bb736d7317df16`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2026-Mar-13 11:01:32
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x72800`
SizeOfInitializedData	`0x1d400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000071898 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x94000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`2e8c5133c33cd4e02283528e164e1ea5`
SHA1	`14c09142a8246040a17c6a9318145e54f46979fc`
SHA256	`abc614531953949d840820d07b802bf2043370db2c8b00fa665364d88a91c89d`
SHA3	`5b85ff0225c0da29731afcc18021a4e5cc29ce595c81254d1a40e635fccab5fa`
VirtualSize	`0x7263b`
VirtualAddress	`0x1000`
SizeOfRawData	`0x72800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.50143`

.rdata

MD5	`520ab66880a263a8fa34f697bc9cb716`
SHA1	`96538fc33b55d24b73551a419cbaeab9271d84f7`
SHA256	`aa343bc2c7fb271840b5783ee73afc6353869ab954e074327ffb86162ad2c50f`
SHA3	`05fe7f058d6e2a728a02049e9b2836e9643ec7c27aab75173380d47b190ab808`
VirtualSize	`0x16b1e`
VirtualAddress	`0x74000`
SizeOfRawData	`0x16c00`
PointerToRawData	`0x72c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.97343`

.data

MD5	`e7b779607e4d9ea653c6b25a24574993`
SHA1	`417e1c368a2d9104fe443c7ae8c1e65cf4d41111`
SHA256	`a36387fd4b80df305e37a5858b03b4eaca656e72f6b787df2c1ac254ee75972d`
SHA3	`4a137161cbc28796a228aaa3d696d8a2143223299c9094571d1bb75fa3fb87fd`
VirtualSize	`0x13b8`
VirtualAddress	`0x8b000`
SizeOfRawData	`0x800`
PointerToRawData	`0x89800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.49292`

.pdata

MD5	`53ea5e9ea843e88e5e79c50849ed0838`
SHA1	`a41fb0a0a09857fd176ab70026f0c4d230a02dfb`
SHA256	`ad90ac6bc07edd2bd49f25ebc518cab82c3d031aa77eca503bc537257bdc7b3e`
SHA3	`bf84bbf667dffd0b0f3739ac721cfd8731bd183daa4f00ac15ba627280c74ece`
VirtualSize	`0x4c74`
VirtualAddress	`0x8d000`
SizeOfRawData	`0x4e00`
PointerToRawData	`0x8a000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.82355`

.rsrc

MD5	`9d292d144d2c0212dffed8d6eeed2c96`
SHA1	`a36bd40606486b7129a919660513743c931deed7`
SHA256	`ff5ec14e62fdbaaf3e354e7acd3976190e8c55c4fa0e738902c95beb6562b475`
SHA3	`0b9ca9731ba65314ad4b9b39636a86c9bb47f5b9e77d752e485966060f7e32c5`
VirtualSize	`0x1e0`
VirtualAddress	`0x92000`
SizeOfRawData	`0x200`
PointerToRawData	`0x8ee00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.70046`

.reloc

MD5	`b9fbacb851cf2a04a1a676e9457fe4bb`
SHA1	`ee0c69b172aa0c168fd77ed748403f6b8e018f37`
SHA256	`2cfef78aec2e8af4bcb911988960fb3b2f81df1e776f7ac6c5f71757bc946cb9`
SHA3	`b8c853361988fc2addbb3e59e038cdb4919a8ff405f9e9437bfbdaa9e2995385`
VirtualSize	`0x314`
VirtualAddress	`0x93000`
SizeOfRawData	`0x400`
PointerToRawData	`0x8f000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.58895`

Imports

KERNEL32.dll	`Module32First` `OpenProcess` `CreateToolhelp32Snapshot` `Process32Next` `CloseHandle` `MultiByteToWideChar` `GlobalAlloc` `GlobalFree` `GlobalLock` `WideCharToMultiByte` `GlobalUnlock` `GetLocaleInfoA` `LoadLibraryA` `QueryPerformanceFrequency` `GetProcAddress` `VerSetConditionMask` `FreeLibrary` `QueryPerformanceCounter` `InitializeSListHead` `GetSystemTimeAsFileTime` `GetCurrentProcessId` `IsDebuggerPresent` `IsProcessorFeaturePresent` `TerminateProcess` `GetCurrentProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `WakeAllConditionVariable` `GetCurrentThreadId` `SleepConditionVariableSRW` `Module32Next` `AcquireSRWLockExclusive` `ReleaseSRWLockExclusive` `GetFileInformationByHandleEx` `GetModuleHandleW` `GetLastError` `AreFileApisANSI` `GetFileAttributesExW` `FindNextFileW` `FindFirstFileExW` `FindFirstFileW` `FindClose` `CreateFileW` `CreateDirectoryW` `Process32First` `GetPrivateProfileStringA` `GetPrivateProfileIntA` `GetConsoleWindow` `GetLocaleInfoEx` `FormatMessageA` `LocalFree` `WritePrivateProfileStringA` `GetCurrentThread` `GetProcessId` `Sleep` `GetModuleHandleA` `SetThreadPriority`
USER32.dll	`ScreenToClient` `GetMessageExtraInfo` `GetSystemMetrics` `UnregisterClassW` `RegisterClassExW` `LoadCursorA` `GetDC` `GetCapture` `ShowWindow` `ClientToScreen` `TrackMouseEvent` `GetKeyboardLayout` `SetCapture` `SetCursor` `GetClientRect` `SetProcessDPIAware` `IsWindowUnicode` `ReleaseCapture` `CreateWindowExW` `ReleaseDC` `OpenClipboard` `DestroyWindow` `CloseClipboard` `DispatchMessageA` `SendInput` `EmptyClipboard` `GetCursorPos` `MonitorFromPoint` `SetCursorPos` `DefWindowProcW` `UpdateWindow` `GetClipboardData` `SetClipboardData` `FindWindowA` `GetKeyNameTextA` `PostQuitMessage` `PeekMessageA` `TranslateMessage` `SetLayeredWindowAttributes` `GetAsyncKeyState` `GetForegroundWindow` `MapVirtualKeyA` `GetWindowLongA` `GetWindowTextA` `SetWindowLongA` `GetKeyState`
GDI32.dll	`GetDeviceCaps`
SHELL32.dll	`ShellExecuteW`
MSVCP140.dll	`?_Xinvalid_argument@std@@YAXPEBD@Z` `?_Id_cnt@id@locale@std@@0HA` `?_Xout_of_range@std@@YAXPEBD@Z` `?_Winerror_map@std@@YAHH@Z` `?_Xlength_error@std@@YAXPEBD@Z` `?_Syserror_map@std@@YAPEBDH@Z` `_Cnd_do_broadcast_at_thread_exit` `_Query_perf_counter` `_Thrd_detach` `_Xtime_get_ticks` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z` `?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z` `?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z` `?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?getloc@ios_base@std@@QEBA?AVlocale@2@XZ` `?good@ios_base@std@@QEBA_NXZ` `_Query_perf_frequency` `??1_Lockit@std@@QEAA@XZ` `?_Xbad_alloc@std@@YAXXZ` `??0_Lockit@std@@QEAA@H@Z` `?_Throw_Cpp_error@std@@YAXH@Z` `?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A` `?uncaught_exceptions@std@@YAHXZ` `?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A` `?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ`
d3d11.dll	`D3D11CreateDeviceAndSwapChain`
dwmapi.dll	`DwmExtendFrameIntoClientArea`
IMM32.dll	`ImmReleaseContext` `ImmSetCandidateWindow` `ImmGetContext` `ImmSetCompositionWindow`
D3DCOMPILER_47.dll	`D3DCompile`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`memmove` `__std_exception_destroy` `__std_exception_copy` `__std_terminate` `strstr` `strchr` `memcmp` `memchr` `memcpy` `memset` `__C_specific_handler` `__current_exception` `__current_exception_context` `_CxxThrowException`
api-ms-win-crt-runtime-l1-1-0.dll	`_register_thread_local_exe_atexit_callback` `_c_exit` `__p___argv` `__p___argc` `_exit` `_initterm_e` `_initterm` `_get_initial_narrow_environment` `_set_app_type` `_seh_filter_exe` `_cexit` `_crt_atexit` `_initialize_onexit_table` `_initialize_narrow_environment` `_configure_narrow_argv` `abort` `_errno` `terminate` `_beginthreadex` `_invoke_watson` `exit` `_register_onexit_function`
api-ms-win-crt-heap-l1-1-0.dll	`_callnewh` `free` `malloc` `_set_new_mode`
api-ms-win-crt-convert-l1-1-0.dll	`strtof` `atof`
api-ms-win-crt-time-l1-1-0.dll	`_localtime64_s`
api-ms-win-crt-string-l1-1-0.dll	`strcpy_s` `strncmp` `tolower` `_stricmp` `strncpy` `strcmp`
api-ms-win-crt-utility-l1-1-0.dll	`rand` `qsort`
api-ms-win-crt-stdio-l1-1-0.dll	`__stdio_common_vfprintf` `__p__commode` `_set_fmode` `__stdio_common_vsprintf_s` `__stdio_common_vsprintf` `__stdio_common_vsscanf` `fread` `_wfopen` `fwrite` `__acrt_iob_func` `ftell` `fseek` `fclose` `fflush`
api-ms-win-crt-environment-l1-1-0.dll	`_dupenv_s`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale` `___lc_codepage_func`
api-ms-win-crt-math-l1-1-0.dll	`acosf` `sinf` `fmodf` `cosf` `atan2f` `floorf` `powf` `sqrtf` `logf` `ceilf` `__setusermatherr`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Mar-13 11:01:32
Version	`0.0`
SizeofData	`97`
AddressOfRawData	`0x7fdc8`
PointerToRawData	`0x7e9c8`
Referenced File	C:\Users\Admin\Downloads\yuki-external\yuki-external\x64\Release\owo.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Mar-13 11:01:32
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x7fe2c`
PointerToRawData	`0x7ea2c`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Mar-13 11:01:32
Version	`0.0`
SizeofData	`912`
AddressOfRawData	`0x7fe40`
PointerToRawData	`0x7ea40`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2026-Mar-13 11:01:32
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x1400801f0`
EndAddressOfRawData	`0x1400801f8`
AddressOfIndex	`0x14008bcc8`
AddressOfCallbacks	`0x1400748f0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14008b040`

RICH Header

XOR Key	`0xafdd0b59`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`20`
ASM objects (35207)	`4`
C objects (35207)	`10`
C++ objects (35207)	`35`
Imports (35207)	`6`
Imports (33145)	`17`
Total imports	`301`
C++ objects (LTCG) (35224)	`9`
ASM objects (35224)	`1`
Resource objects (35224)	`1`
Linker (35224)	`1`

Errors

Leave a comment

No comments yet.