Manalyze report for adef706f6791fa2f48f130a9c0d09e0419589bd069de04a6410398cf55e05d6d

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Oct-05 08:06:41
Detected languages	English - United States
ProductName	r-studio_rportable_rec
ProductVersion	`1.8`
FileVersion	`1.8`
FileDescription	r-studio_rportable_rec
InternalName	r-studio_rportable_rec
OriginalFilename	r-studio_rportable_rec.exe
LegalCopyright	Copyright (c) 2025

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig2(h)`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryW` `Functions which can be used for anti-debugging purposes: FindWindowW` `Code injection capabilities (PowerLoader): FindWindowW GetWindowLongW` `Enumerates local disk drives: GetDriveTypeW` `Can take screenshots: FindWindowW GetDC CreateCompatibleDC BitBlt`
Malicious	VirusTotal score: 12/70 (Scanned on 2026-05-26 11:04:32)	`APEX: Malicious` `AhnLab-V3: Trojan/Win.Generic.C5298273` `Cylance: Unsafe` `Gridinsoft: Trojan.Win32.Wacatac.dd!n` `MaxSecure: Trojan.Malware.338151687.susgen` `McAfeeD: Trojan:Win/Generic.GSLT` `Paloalto: generic.ml` `Trapmine: malicious.high.ml.score` `TrellixENS: GenericRXAA-AA!7EF0F415D5F4` `VBA32: BScope.Trojan.Wacatac` `Webroot: W32.Malware.gen` `Xcitium: Backdoor.Win32.Androm.XTA@4z809t`

Hashes

MD5	`7ef0f415d5f490c8f5a30e045d6c2b90`
SHA1	`44876b91767f14a1d7a00cc14777e661d9e454e5`
SHA256	`adef706f6791fa2f48f130a9c0d09e0419589bd069de04a6410398cf55e05d6d`
SHA3	`c542fac052fc1c59d3a9f33fe0913b5ce1cfaebee912e088eba2848dcbc25cf8`
SSDeep	`3072:fXiqT0AamEQ+wa+V4teUfGSMqWrt1E7+SpRnAOUFnrpGv35u95vski2Owb8:fyq+mEbdt0fvE7+SpRnAOUFnrpGf5e5`
Imports Hash	`9eaa2486835bd3f6565ee40106e8746c`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2025-Oct-05 08:06:41
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x19400`
SizeOfInitializedData	`0x10000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001000 (Section: .code)`
BaseOfCode	`0x1000`
BaseOfData	`0x1b000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x2c000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.code

MD5	`b8e1ba1cf90e4af6402468b9176a478d`
SHA1	`3f377ad8f90567866ee29f8f390961a790b13b90`
SHA256	`35f63aab66f5831a457a383d462e00a5d034b2c0c0411e3e9998f5f1198f2def`
SHA3	`d5b3866699e9d9f2cefc9ba2f5f857a405b6940c497d506922fb0d6f96063426`
VirtualSize	`0x2966`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.57536`

.text

MD5	`5e1e82f89f2abbd0efece80f5cf48b41`
SHA1	`2caa63f3785abf040517429ee90fac9b328f8943`
SHA256	`19ef67901baf0d1227afb42f4e3158d127eba0725082478fba8450da905d945c`
SHA3	`1f234a1edc419daa55068d6b1c56ca9b305af42b2b488a4cd7d1c7b107b22c60`
VirtualSize	`0x168cc`
VirtualAddress	`0x4000`
SizeOfRawData	`0x16a00`
PointerToRawData	`0x2e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.50497`

.rdata

MD5	`2c8e69d3402c7bf02c04b317f17d61ef`
SHA1	`2f8f329bc924783cd788ff435e3b0a86b201bd7e`
SHA256	`be23e3306970b5b4e0b11dbe86a4d907573c2bf3c652253f0f4ea8430d975504`
SHA3	`1bf4ab36aebc9777eea9d71fc8e3bd03001ad1c65fe9cb6a8cfa48b9aca5a102`
VirtualSize	`0x69c`
VirtualAddress	`0x1b000`
SizeOfRawData	`0x800`
PointerToRawData	`0x19800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.48154`

.data

MD5	`886eb5fc0b9de0f96d33b04f949de894`
SHA1	`76c5077ae5975670e56ade12e249ecec6063b8db`
SHA256	`b09cb73ad4ac22f1b11d77aacf42c5684e496eb77190e15aa1bcafa1b391605b`
SHA3	`cd9e36a11b6f5913b238cd37b792e567f56d0d6d8441d7226ea295e2af8ecfe7`
VirtualSize	`0x96b8`
VirtualAddress	`0x1c000`
SizeOfRawData	`0x8e00`
PointerToRawData	`0x1a000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.54708`

.rsrc

MD5	`a7c140c434357b18e7737c9ab156673e`
SHA1	`3c710dc65a5b7e56b25163530a0819fd70413768`
SHA256	`75fb135c28b3ecbd5f51ba12246c255051cfbdc2655230dd20f91074aed9f116`
SHA3	`f11987b42817d4f9cc004bc5a053a3c161ea1b2655d91ca0522c6d258e9f9804`
VirtualSize	`0x5f24`
VirtualAddress	`0x26000`
SizeOfRawData	`0x6000`
PointerToRawData	`0x22e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.12639`

Imports

MSVCRT.dll	`memset` `wcscmp` `memmove` `wcslen` `wcscpy` `memcpy` `wcsncmp` `_wcsicmp` `fabs` `malloc` `free` `ceil` `floor` `fseek` `ftell` `fread` `fclose` `pow` `??3@YAXPAX@Z` `cos` `fmod` `sin` `abs` `wcsncpy` `wcscat` `localtime` `mktime` `gmtime` `tolower` `_vsnwprintf`
KERNEL32.dll	`GetModuleHandleW` `HeapCreate` `HeapDestroy` `ExitProcess` `VirtualProtect` `GetProcAddress` `EnterCriticalSection` `CloseHandle` `LeaveCriticalSection` `InitializeCriticalSection` `WaitForSingleObject` `CreateThread` `TerminateThread` `GetModuleFileNameW` `HeapAlloc` `FreeLibrary` `HeapFree` `LoadLibraryW` `HeapReAlloc` `GetVersionExW` `SetLastError` `GetCurrentProcessId` `CreateFileW` `WriteFile` `DeleteFileW` `MultiByteToWideChar` `WideCharToMultiByte` `TlsAlloc` `TlsSetValue` `MulDiv` `GetDriveTypeW` `FindFirstFileW` `FindClose` `GetFileAttributesW` `MoveFileW` `FileTimeToLocalFileTime` `FileTimeToSystemTime` `SystemTimeToFileTime` `LocalFileTimeToFileTime` `SetFileTime` `GetLocalTime` `SetFilePointer` `GetFileSize` `ReadFile` `DeleteCriticalSection` `InterlockedCompareExchange` `Sleep` `InterlockedExchange` `GlobalAlloc` `GlobalLock` `GlobalUnlock`
USER32.dll	`FindWindowW` `GetWindowRect` `MoveWindow` `InvalidateRect` `MessageBoxW` `SendMessageW` `SetMenu` `DestroyMenu` `CreatePopupMenu` `AppendMenuW` `GetCursorPos` `SetForegroundWindow` `TrackPopupMenu` `DestroyWindow` `SystemParametersInfoW` `GetWindowTextLengthW` `GetWindowTextW` `GetSysColor` `GetSysColorBrush` `GetDC` `SetRect` `DrawTextW` `GetWindowLongW` `GetSystemMetrics` `ReleaseDC` `CreateWindowExW` `GetKeyState` `GetPropW` `BeginPaint` `EndPaint` `ClipCursor` `UpdateWindow` `SetFocus` `RedrawWindow` `GetMessagePos` `ScreenToClient` `ChildWindowFromPointEx` `SetCursor` `CallWindowProcW` `GetCapture` `ReleaseCapture` `GetClientRect` `MapWindowPoints` `SetCapture` `DefWindowProcW` `FillRect` `GetFocus` `DrawStateW` `DrawFocusRect` `LoadCursorW` `SetPropW` `RegisterClassExW` `EnableWindow` `GetWindow` `SetWindowLongW` `SetWindowTextW` `IsWindowEnabled` `RemovePropW` `SetWindowPos` `SetScrollPos` `GetParent` `InflateRect` `GetWindowDC` `SetActiveWindow` `DestroyIcon` `LoadIconW` `PeekMessageW` `MsgWaitForMultipleObjects` `GetMessageW` `GetActiveWindow` `TranslateAcceleratorW` `TranslateMessage` `DispatchMessageW` `RegisterClassW` `AdjustWindowRectEx` `ShowWindow` `CreateAcceleratorTableW` `UnregisterClassW` `DefFrameProcW` `DestroyAcceleratorTable` `EnumChildWindows` `PostMessageW` `IsWindowVisible` `GetClassNameW` `GetWindowThreadProcessId` `IsChild` `RegisterWindowMessageW` `EnumDisplaySettingsW` `OpenClipboard` `EmptyClipboard` `SetClipboardData` `CloseClipboard` `GetIconInfo` `DrawIconEx`
GDI32.dll	`CreateSolidBrush` `GetStockObject` `SetBkMode` `SetTextColor` `DeleteObject` `CreateFontIndirectW` `SetBkColor` `SelectObject` `GetObjectW` `CreateCompatibleDC` `BitBlt` `DeleteDC` `CreateCompatibleBitmap` `CreateDIBSection` `GdiGetBatchLimit` `GdiSetBatchLimit` `GetTextExtentPoint32W` `ExcludeClipRect` `GetObjectType` `CreateDCW` `SetStretchBltMode` `StretchBlt` `GetDeviceCaps` `CreateRectRgnIndirect` `GetClipRgn` `ExtSelectClipRgn` `SelectClipRgn` `CreateBitmap` `SetPixel` `GetDIBits` `SetTextAlign` `TextOutW` `SetBrushOrgEx` `GetTextMetricsW` `GetPixel` `CreateFontW`
COMDLG32.dll	`GetOpenFileNameW`
ole32.dll	`RevokeDragDrop`
gdiplus.dll	`GdipDeleteFont` `GdipDeleteGraphics` `GdipDeletePath` `GdipDeleteMatrix` `GdipDeletePen` `GdipDeleteStringFormat` `GdipFree` `GdipGetDpiX` `GdipGetDpiY`
COMCTL32.dll	`InitCommonControlsEx` `_TrackMouseEvent` `ImageList_Replace` `ImageList_Add` `ImageList_ReplaceIcon` `ImageList_Remove` `ImageList_AddMasked` `ImageList_Destroy` `ImageList_Create`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	2025-Oct-05 08:06:41
Entropy	`5.28855`
MD5	`8d54aa534a05556fc8690d34a6584577`
SHA1	`bfd5ae3c0c7321bed505fa07b506ce5bfb5d25aa`
SHA256	`2604aae7ab735f7c543c9b9bc4027214cddde43e1a0d0ca096ecbafc8979db3b`
SHA3	`522227bd225a9e92054373c0d9cd680a1f354266269d79d93d1a9464cfab6d0f`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	2025-Oct-05 08:06:41
Entropy	`5.72985`
MD5	`5aa0559a5c81c7442df8ea6d2b800d58`
SHA1	`0085a704cc85013de77595a28f45c30bb2082c96`
SHA256	`04fec38a7900ed3956eee6b06d958fac8dd32697c0cb51e53c0e622e438c3d83`
SHA3	`1987483553486a70d90cf772c0e65994dd15f8c6dec8a17bdacb0ffdbde3cfd6`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	2025-Oct-05 08:06:41
Entropy	`4.55189`
MD5	`ff5da2b08b944e8cde0d88de1355bbf9`
SHA1	`161e7f2ab4bdd8f5a9b4548cc90925713b388c84`
SHA256	`62af10635045ccf23d80c7e67218fc745f1bac0f83965d2ee913f8735d96c26d`
SHA3	`12d6063f3500e644d2ce1e8e53f1d52ecaaedecc727ac8d5f1561ab12ca64e79`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	2025-Oct-05 08:06:41
Entropy	`4.81015`
MD5	`7d0992b508edd569cdbffcb1bdcca9fd`
SHA1	`ca24bc3463518488696eb1f8c0a08f8331845dd5`
SHA256	`2abcf2d7bc7500d4b1f8eeb5ce90607d95064f8416e4d6c471d30ea612a4ff22`
SHA3	`fbfa94fe7fc0efcb95090298aac651c3eca411b8e100e7f2ccc7441518bf5c59`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	2025-Oct-05 08:06:41
Entropy	`4.71505`
MD5	`4a9dd71c673d7eb124c8c5474bb365d0`
SHA1	`96c38e485925cc2ecea4a4676020079245106ff7`
SHA256	`b9b0aff8d5ac13001c6da8d8a17a25b0c48891948f73710a6efa7cb31e81fbf4`
SHA3	`997dd0701116158bf625cae2fee76b351f0f56f90f1b0043ac1ad1d3a11c2411`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	2025-Oct-05 08:06:41
Entropy	`5.39313`
MD5	`02320a263633a5dd798715898add7bfa`
SHA1	`8c025fe027becaf3e24efa0bc2a079a31bf8b376`
SHA256	`080cd56528bfa2fcfcccde400e337d0fa04ff81a66175095195dbc7e7c87710e`
SHA3	`f1de7405686e01132d8278bcf80435debb6060faf5e093effd223f1a6e024d92`

1 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	2025-Oct-05 08:06:41
Entropy	`2.69913`
Detected Filetype	Icon file
MD5	`fc8846589a152507308beb48ead7a796`
SHA1	`787c24f9fbf50523b34bcb328ed56d33c4e7ffd7`
SHA256	`4a2d022975e1b62b89e1e757b73f563b68b21b71edf8cac8dbbf062b2cb2d2fe`
SHA3	`8ddbf8de92320682fb04bf04b166aab2b443a9fd6055b504b0c29ee44468a9c9`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2d4`
TimeDateStamp	2025-Oct-05 08:06:41
Entropy	`3.25087`
MD5	`99570195dcdaacc5558e81a3c8c7162d`
SHA1	`8c456189d122039b81a1305b5b9bdcdb925d6c50`
SHA256	`5abcde7ac11af7fd3d9c64d290c6a32a2f00299e6dbe7c8778a96d36096d207b`
SHA3	`fa352a7cc4c29e3e9bb00c4b58e21ebc59042d7f209603dc35fae5e9348c0ccd`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x263`
TimeDateStamp	2025-Oct-05 08:06:41
Entropy	`4.92322`
MD5	`841795bb3b61ebd511249778aa26af77`
SHA1	`59f426938522ef9906b0740821e8cc270d1ca897`
SHA256	`be809cba9d14bfb52a969d766992832b10e99e133babcdd99dc6d1bba5597cf7`
SHA3	`5fa5c36711cc5c3661248b1180ce35543201ff1dc77d158129b844f03a2144c9`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.8.0.0
ProductVersion	1.8.0.0
FileFlags	`(EMPTY)`
FileOs	`(EMPTY)`
FileType	`VFT_UNKNOWN`
Language	UNKNOWN
ProductName	r-studio_rportable_rec
ProductVersion (#2)	1.8
FileVersion (#2)	1.8
FileDescription	r-studio_rportable_rec
InternalName	r-studio_rportable_rec
OriginalFilename	r-studio_rportable_rec.exe
LegalCopyright	Copyright (c) 2025

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.