Manalyze report for a6659c216f79a797bdd0fc221b591c7762b39a3aff7d6f2ad9c7905764d121d3

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-May-20 16:37:56
Detected languages	English - United States
Debug artifacts	loaderBuilder.pdb
CompanyName	Discord Inc.
FileDescription	Discord - https://discord.com/
FileVersion	`1.0.9237`
InternalName	Setup.exe
LegalCopyright	Copyright (c) 2026 Discord Inc. All rights reserved.
OriginalFilename	Setup.exe
ProductName	Discord - https://discord.com/
ProductVersion	`1.0.9237`

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Info	Interesting strings found in the binary:	`Contains domain names: discord.com https://discord.com`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: NtQueryInformationProcess` `Possibly launches other programs: CreateProcessA` `Uses Windows's Native API: NtWriteFile NtQueryInformationProcess` `Memory manipulation functions often used by packers: VirtualProtectEx VirtualAllocEx` `Manipulates other processes: ReadProcessMemory WriteProcessMemory`
Malicious	The PE's digital signature is invalid.	`Signer: Discord Inc.` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1` `The file was modified after it was signed.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`c265ebac8e561ea326631c7a79dcb8e4`
SHA1	`bfa51b73cf7d9c1446d5bf263da71d893646df10`
SHA256	`a6659c216f79a797bdd0fc221b591c7762b39a3aff7d6f2ad9c7905764d121d3`
SHA3	`91208de5bf891359b227e7d85839c86d1399dbbfad3e6f86a69c0f8cdcca2ebf`
SSDeep	`24576:j2PbtfRk9y0OoPdohL4KfSe8SfA8dCD0//MY9Qp5ubDkQqG4WtLjBME:jKbtWtJPdohLH6MjoInMtDubDqGTVBME`
Imports Hash	`4075bcfe8313d05f47b3e332b3b6c1df`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2026-May-20 16:37:56
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x14000`
SizeOfInitializedData	`0x15d800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000001390C (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x176000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`484add9a4b525b8e00a00d3b579ec002`
SHA1	`59b4f430e8fdc8738e9e468696840c298748c247`
SHA256	`a18689fc5deb641c837352ad18ba89ef093b8b7ada0ea15b03b5f747d54e1c06`
SHA3	`4ce9484653b882b29ad3603905c5f487a8b6f43f263b13ca2cf063c76fe66995`
VirtualSize	`0x13e69`
VirtualAddress	`0x1000`
SizeOfRawData	`0x14000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.45128`

.rdata

MD5	`e32be57488e61b9d65b73c42308e39ea`
SHA1	`00152134f93f0ede30e9d655aa636269a1e3ea54`
SHA256	`fa7ed90b275f9ea1abc5060056126c3fd5b0eba0c3a46a20fbf95cfe5e6e3cf7`
SHA3	`28776d29e455bf8e10b642ec227a81c1df01b9729fb3076de961d1c3f9de3d72`
VirtualSize	`0x1562c0`
VirtualAddress	`0x15000`
SizeOfRawData	`0x156400`
PointerToRawData	`0x14400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.99532`

.data

MD5	`f6d98dec698561e26ef9b9ecc543421e`
SHA1	`ea3ecb375512fa520a1b5b4da907f10ce551ca0c`
SHA256	`93b752aeb714b75d0eb981443cfcd1baa47d33314cbd9b323c094338f270b1c8`
SHA3	`91a635ea6699d5bc6fee6ad6a781f38ff78d1f13ddf68425576f06497668531a`
VirtualSize	`0x270`
VirtualAddress	`0x16c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x16a800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.29708`

.pdata

MD5	`6c8d4ec3f04218360a40f61b3dc213c8`
SHA1	`9073bc6c46362ec82c23fd2f94e6fcffd6cc61fd`
SHA256	`65fa37f2ab211a0930b9b2ff4d8b78f2a02fd8153ad3956389b7a09e5896773d`
SHA3	`b0201204b67696d7d5af90d676e7bac594ebe23edb57a94eaed126865b5339e2`
VirtualSize	`0xb10`
VirtualAddress	`0x16d000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x16aa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.88246`

.rsrc

MD5	`956a559ccdf2e47b7f3fb58968dc4599`
SHA1	`c35402aea3e0ee6b62cf0019ec70e6f476e1e3de`
SHA256	`c1498088c6fc77d3bee86d89880ce92254caee919b4c6446a28597803dfd65b7`
SHA3	`53b8bbd70105f9c570dabf884923f6b0d1d6481ab05d2492689283f985b2d3bf`
VirtualSize	`0x603c`
VirtualAddress	`0x16e000`
SizeOfRawData	`0x6200`
PointerToRawData	`0x16b600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.46989`

.reloc

MD5	`a184cea0edc793489807180c9c78d4b1`
SHA1	`a7db9fcc17974ca133a02edd507105a2aaf3171f`
SHA256	`a508b2f5fa2f8281b6667cd194fa6f288bea72f068edcebf01d2e0e3188f623d`
SHA3	`b60fe01f49b29541cd2084de523016f46b4768fee43178aed06ea5c9e5be9388`
VirtualSize	`0x230`
VirtualAddress	`0x175000`
SizeOfRawData	`0x400`
PointerToRawData	`0x171800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.67977`

Imports

api-ms-win-core-synch-l1-2-0.dll	`WakeByAddressSingle` `WakeByAddressAll` `WaitOnAddress`
kernel32.dll	`GetSystemTimeAsFileTime` `AddVectoredExceptionHandler` `CloseHandle` `ResumeThread` `GetCurrentThreadId` `VirtualProtectEx` `InitializeSListHead` `VirtualAllocEx` `CreateProcessA` `ReadProcessMemory` `HeapReAlloc` `GetModuleHandleA` `HeapAlloc` `WriteConsoleW` `MultiByteToWideChar` `SetUnhandledExceptionFilter` `WaitForSingleObject` `GetConsoleOutputCP` `GetConsoleMode` `GetStdHandle` `RtlVirtualUnwind` `WideCharToMultiByte` `ReleaseMutex` `CreateMutexA` `GetCurrentProcessId` `lstrlenW` `HeapFree` `GetProcessHeap` `GetProcAddress` `LoadLibraryA` `WaitForSingleObjectEx` `RtlLookupFunctionEntry` `GetCurrentProcess` `RtlCaptureContext` `GetCurrentDirectoryW` `GetEnvironmentVariableW` `GetCurrentThread` `SetLastError` `WriteProcessMemory` `GetLastError` `QueryPerformanceCounter` `SetThreadStackGuarantee` `GetModuleHandleW`
ntdll.dll	`RtlNtStatusToDosError` `NtWriteFile` `NtQueryInformationProcess`
VCRUNTIME140.dll	`memcpy` `memcmp` `memset` `memmove` `__current_exception_context` `__current_exception` `__C_specific_handler` `__CxxFrameHandler3`
api-ms-win-crt-runtime-l1-1-0.dll	`_crt_atexit` `_set_app_type` `_register_onexit_function` `_initialize_onexit_table` `terminate` `_register_thread_local_exe_atexit_callback` `_c_exit` `_cexit` `__p___argv` `__p___argc` `_configure_narrow_argv` `_exit` `exit` `_initterm_e` `_initterm` `_get_initial_narrow_environment` `_initialize_narrow_environment` `_seh_filter_exe`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-stdio-l1-1-0.dll	`__p__commode` `_set_fmode`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `free`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.01108`
MD5	`5b97a5c01627ce981d9ac56025f91113`
SHA1	`00de7d3f038c0a4a0835238182e605d0ed6ea607`
SHA256	`5477aa408542ea444e75feae1dafd9d77925ba45b6941a82c3dbd888fc21a7c5`
SHA3	`5086d819a85c7bfb17bdfb8c1897570554f8b6d9eb9e2f1fe61743833155a9d7`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.49078`
MD5	`ea461299c49dc67e524820d7abb961f2`
SHA1	`904140b4d1207e7c681119233d4d480b461adc80`
SHA256	`58eb4cc55e39640cd025035dd9278c8faf598a1266fb04c58ec7ed0596f5de47`
SHA3	`cf5056e5f3f5af4212841a39a03492b7e8a4d2cb624f66542bf881df5048023a`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.67794`
MD5	`ec333769bd7fcb6541028b141e1e5305`
SHA1	`5b9b5c9e4a7d55d7b33d252b6a7a3bca7f5776d0`
SHA256	`628802d823cc24178da1abc6146328e886bac2154202372baea7d738b7dd1b24`
SHA3	`7a9eeeec5ac6ad37477fa32a6017fd83532fb2b300d1697b3c980ebeaee2616e`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.53369`
MD5	`fd47841895a86a0abac228b49f012d81`
SHA1	`e36fc6890e7bd667faf1d6a81eaf3c7341c2ba73`
SHA256	`c9f9c4848870c16fbf3051141ddbf9ace291c4dfe399b40027ada6d6a360e876`
SHA3	`a810b5b9764ded751e821efc00d7d5225e5155449f5ad739bf89c57002912e20`

0

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.37928`
Detected Filetype	Icon file
MD5	`247d0ea5294c5888854897d8accf9013`
SHA1	`a785ff8fe44a3414cfe25471be0ac520355d8fba`
SHA256	`d49ae99601dff64e974f90c34c27b186111b876e259cbaaebe1020c323d43a60`
SHA3	`afb03d46f74ddc29216b59f878b17c37f8f63ec1b843d089bc32de5d4e527e90`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x3a4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.17277`
MD5	`6e1469a1f3782b2e724873979f10057e`
SHA1	`5046f4f82528ede911e2c124d6249b7e98cc4dbf`
SHA256	`3f852c2b586bc9ea805dfcfded235fa19e8cb299ad848176c55aaec049988a11`
SHA3	`7282104e86cebd363a39e5048742c95fa688a9761a90881b01ace63462c2b33f`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0`
FileVersion	1.0.9237.0
ProductVersion	1.0.9237.0
FileFlags	`(EMPTY)`
FileOs	`(EMPTY)`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Discord Inc.
FileDescription	Discord - https://discord.com/
FileVersion (#2)	1.0.9237
InternalName	Setup.exe
LegalCopyright	Copyright (c) 2026 Discord Inc. All rights reserved.
OriginalFilename	Setup.exe
ProductName	Discord - https://discord.com/
ProductVersion (#2)	1.0.9237

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-May-20 16:37:56
Version	`0.0`
SizeofData	`42`
AddressOfRawData	`0x168fe4`
PointerToRawData	`0x1683e4`
Referenced File	loaderBuilder.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-May-20 16:37:56
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x169010`
PointerToRawData	`0x168410`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-May-20 16:37:56
Version	`0.0`
SizeofData	`796`
AddressOfRawData	`0x169024`
PointerToRawData	`0x168424`

TLS Callbacks

StartAddressOfRawData	`0x140169360`
EndAddressOfRawData	`0x140169380`
AddressOfIndex	`0x14016c1e4`
AddressOfCallbacks	`0x140015348`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14016c0c0`

RICH Header

XOR Key	`0xa05a7b45`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`10`
Imports (35403)	`2`
ASM objects (35403)	`3`
C objects (35403)	`9`
C++ objects (35403)	`22`
Imports (30151)	`5`
Total imports	`86`
Unmarked objects (#2)	`4`
Linker (35725)	`1`

Errors

Leave a comment

No comments yet.