Manalyze report for abf39cbf32caf190fe66e941b0d6348717cb47782ea7e3da934baf3844622e1f

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Nov-03 17:59:37
Detected languages	English - United States
TLS Callbacks	3 callback(s) detected.

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable` `Unusual section name found: .Z&=` Unusual section name found: .\L` `Unusual section name found: .cqn`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Can access the registry: RegSetValueExA` `Leverages the raw socket API to access the Internet: WSAStartup`
Malicious	VirusTotal score: 40/71 (Scanned on 2026-03-10 11:20:18)	`ALYac: Gen:Variant.Application.Tedy.6563` `APEX: Malicious` `AVG: Win64:MalwareX-gen [Misc]` `AhnLab-V3: Packed/Win.Generic.R756374` `Alibaba: Packed:Win32/VMProtect.6207dfad` `Antiy-AVL: Trojan[Packed]/Win32.VMProtect` `Arcabit: Trojan.Application.Tedy.D19A3` `Avast: Win64:MalwareX-gen [Misc]` `BitDefender: Gen:Variant.Application.Tedy.6563` `Bkav: W64.AIDetectMalware` `CAT-QuickHeal: Trojan.Ghanarava.177270466714da4d` `CTX: exe.trojan.vmprotect` `CrowdStrike: win/malicious_confidence_100% (W)` `Cylance: Unsafe` `Cynet: Malicious (score: 99)` `DeepInstinct: MALICIOUS` `ESET-NOD32: Win32/Packed.VMProtect.ACX trojan` `Elastic: malicious (high confidence)` `Emsisoft: Gen:Variant.Application.Tedy.6563 (B)` `GData: Gen:Variant.Application.Tedy.6563` `Google: Detected` `Ikarus: Trojan.Win32.VMProtect` `K7AntiVirus: Riskware ( 005cdde21 )` `K7GW: Riskware ( 005cdde21 )` `Lionic: Trojan.Win32.VMProtect.4!c` `Malwarebytes: Malware.AI.4118199753` `McAfeeD: Real Protect-LS!F2D58CB22203` `MicroWorld-eScan: Gen:Variant.Application.Tedy.6563` `Microsoft: Trojan:Win32/Kepavll!rfn` `Paloalto: generic.ml` `Sangfor: Suspicious.Win32.Save.a` `SentinelOne: Static AI - Malicious PE` `Skyhigh: Artemis` `Sophos: Mal/Generic-S` `Symantec: ML.Attribute.HighConfidence` `TrellixENS: Artemis!F2D58CB22203` `VIPRE: Gen:Variant.Application.Tedy.6563` `Varist: W64/ABApplication.USBO-5772` `Yandex: Trojan.VMProtect!D/pCDGl9t08` `alibabacloud: Riskware:Win/Packed.VMProtect.AWF`

Hashes

MD5	`f2d58cb22203ef6659de067f4414da4d`
SHA1	`02f90681155a4454fee4c62b03e35aca0594b923`
SHA256	`abf39cbf32caf190fe66e941b0d6348717cb47782ea7e3da934baf3844622e1f`
SHA3	`ad891b9d6fa37cd8f14cc490b06562d8b21f1f7510b78dbf937cbdb46ff6619f`
SSDeep	`393216:2QFjB/kgwUEBNzZpSgeabQltIECdt+B0vQfm:2n/2geabQ8vhQu`
Imports Hash	`aa2c9bce14a85624af75c685abe11ccb`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`10`
TimeDateStamp	2025-Nov-03 17:59:37
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x2c2600`
SizeOfInitializedData	`0x55bc00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000001046B1B (Section: .cqn)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x1fd9000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x2c25a6`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.rdata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x162f06`
VirtualAddress	`0x2c4000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.data

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x3d36c4`
VirtualAddress	`0x427000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.pdata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x1f8e4`
VirtualAddress	`0x7fb000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.fptable

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x100`
VirtualAddress	`0x81b000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.Z&=

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x7759af`
VirtualAddress	`0x81c000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.\L`

MD5	`5d0f7d39c3127caadbb6fe7ef24305ad`
SHA1	`db2190e6080fcb614db8dd0f33e977f90f928ac8`
SHA256	`c8d80763d41cf3a37548c317ea437c7e20ee402c7aea20f915ced74ffeedb1f0`
SHA3	`272fba5935a5924029e44caa2125319f9ad562716d2e4d161036764c87d8986a`
VirtualSize	`0x29bc`
VirtualAddress	`0xf92000`
SizeOfRawData	`0x2a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.124112`

.cqn

MD5	`d4d259310c31d2596101834eb3bbea9e`
SHA1	`cd44a9f697a986297e55547409b98081d09f34df`
SHA256	`407e905c745447cab814d06ddcf34e1b5557c0bd56b06a43d160aefa64847b6f`
SHA3	`10fbd86f4a2a6f928f1d3c209ec1323c7684e6056c50d1a1289e7051ef01e9c9`
VirtualSize	`0x1041a0c`
VirtualAddress	`0xf95000`
SizeOfRawData	`0x1041c00`
PointerToRawData	`0x2e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`7.91239`

.reloc

MD5	`cdd28b401f24836551db6ec4b7a6653e`
SHA1	`ad1a395773e28e6b800cfa202f82266be4e60125`
SHA256	`5be059abb26fd9a8ed62348a85e557e54a41845bbe844808b718961d370db0a9`
SHA3	`323977b8a3a6b9071a3c7593a7ae877db28b03f4dc00efad0f94cb8b444550aa`
VirtualSize	`0x118`
VirtualAddress	`0x1fd7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1044a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.79642`

.rsrc

MD5	`c84f1213f02bb45fc809e9f64ce7f4cd`
SHA1	`acd02435ff15f49bf79d92604874f7697ea4177e`
SHA256	`24e077691bbff604d85d973ce2e9e99d10e270009754ddb133bd4c2b5f6c758c`
SHA3	`f610b18364eeeef2896a2078e2cd5033f927600960947a3dafa92a684a8088bd`
VirtualSize	`0x1e0`
VirtualAddress	`0x1fd8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1044c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.7749`

Imports

d3d11.dll	`D3D11CreateDeviceAndSwapChain`
D3DCOMPILER_43.dll	`D3DCompile`
KERNEL32.dll	`DeleteFileW`
USER32.dll	`SetClipboardData`
ADVAPI32.dll	`RegSetValueExA`
SHELL32.dll	`SHCreateItemFromParsingName`
ole32.dll	`CoUninitialize`
IMM32.dll	`ImmSetCompositionWindow`
WS2_32.dll	`WSAStartup`
SHLWAPI.dll	`StrStrW`
d3dx11_43.dll	`D3DX11CreateShaderResourceViewFromMemory`
IPHLPAPI.DLL	`if_nametoindex`
bcrypt.dll	`BCryptGenRandom`
ntdll.dll	`RtlLookupFunctionEntry`
dbghelp.dll	`ImageRvaToVa`
VERSION.dll	`GetFileVersionInfoSizeW`
CRYPT32.dll	`CertFreeCertificateChain`
WINTRUST.dll	`WTHelperGetProvSignerFromChain`
Secur32.dll	`InitSecurityInterfaceW`
OLEAUT32.dll	`SysFreeString`
KERNEL32.dll (#2)	`DeleteFileW`
KERNEL32.dll (#3)	`DeleteFileW`

Delayed Imports

??0VMemMgr@asmjit@@QEAA@PEAX@Z

Ordinal	`1`
Address	`0x112070`

??1VMemMgr@asmjit@@QEAA@XZ

Ordinal	`2`
Address	`0x1120e0`

??_FVMemMgr@asmjit@@QEAAXXZ

Ordinal	`3`
Address	`0x109b10`

?alloc@VMemMgr@asmjit@@QEAAPEAX_KI@Z

Ordinal	`4`
Address	`0x1121e0`

?alloc@VMemUtil@asmjit@@SAPEAX_KPEA_KI@Z

Ordinal	`5`
Address	`0x1113d0`

?allocProcessMemory@VMemUtil@asmjit@@SAPEAXPEAX_KPEA_KI@Z

Ordinal	`6`
Address	`0x111470`

?getPageGranularity@VMemUtil@asmjit@@SA_KXZ

Ordinal	`7`
Address	`0x1113b0`

?getPageSize@VMemUtil@asmjit@@SA_KXZ

Ordinal	`8`
Address	`0x111390`

?release@VMemMgr@asmjit@@QEAAIPEAX@Z

Ordinal	`9`
Address	`0x112350`

?release@VMemUtil@asmjit@@SAIPEAX_K@Z

Ordinal	`10`
Address	`0x111510`

?releaseProcessMemory@VMemUtil@asmjit@@SAIPEAX0_K@Z

Ordinal	`11`
Address	`0x111550`

?reset@VMemMgr@asmjit@@QEAAXXZ

Ordinal	`12`
Address	`0x112130`

?shrink@VMemMgr@asmjit@@QEAAIPEAX_K@Z

Ordinal	`13`
Address	`0x112510`

?x86RegData@asmjit@@3UX86RegData@1@B

Ordinal	`14`
Address	`0x3357b0`

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

Version Info

TLS Callbacks

StartAddressOfRawData	`0x140f93490`
EndAddressOfRawData	`0x140f949bc`
AddressOfIndex	`0x1407bd078`
AddressOfCallbacks	`0x1419fc618`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES`
Callbacks	`0x0000000141070E70` `0x00000001401D903C` `0x00000001401D90AC`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1404278c0`

RICH Header

Errors

[*] Warning: Section .text has a size of 0!
[*] Warning: Section .rdata has a size of 0!
[*] Warning: Section .data has a size of 0!
[*] Warning: Section .pdata has a size of 0!
[*] Warning: Section .fptable has a size of 0!
[*] Warning: Section .Z&= has a size of 0!

Leave a comment

No comments yet.