Manalyze report for b0943f704ffc3830b8b900408b94e7a27434602dd34e9a831f81730bee4631a2

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2010-Nov-18 18:41:55
Detected languages	English - United States
FileDescription	AutoHotkey Setup
FileVersion	`1.1.34.02`
ProductName	AutoHotkey
ProductVersion	`1.1.34.02`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++` `Microsoft Visual C++ v6.0`
Info	The PE contains common functions which appear in legitimate applications.	`Possibly launches other programs: CreateProcessW` `Can create temporary files: CreateFileW GetTempPathW`
Malicious	The file contains overlay data.	`3243475 bytes of data starting at offset 0xbc00.` `The file contains a 7-Zip compressed file after the PE data.` `Overlay data amounts for 98.5379% of the executable.`
Suspicious	VirusTotal score: 2/71 (Scanned on 2026-03-28 14:54:41)	`APEX: Malicious` `SentinelOne: Static AI - Suspicious SFX`

Hashes

MD5	`02d66398c0eea83f09e76778d4084a11`
SHA1	`a19dbeef8795173fbc53edc5f09be78e236e7ce7`
SHA256	`b0943f704ffc3830b8b900408b94e7a27434602dd34e9a831f81730bee4631a2`
SHA3	`8a365c9cf42ec1cb8e687ac02ff493132fcea89e7259848d211adf5828044536`
SSDeep	`49152:rz4Kywl+Jj1hlNPBSBLl48PiBgL99WTOJSBbXvrwEGPrd7ntnTnAOZm8:rzazPQz4fs8OGjwES1tTAAZ`
Imports Hash	`fa4d5c869351014d1ce952f2833a7558`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2010-Nov-18 18:41:55
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x5600`
SizeOfInitializedData	`0x8400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000643F (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x7000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x11000`
SizeOfHeaders	`0x400`
Checksum	`0x167fd`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`c64c87c9aa464d2e806c4d837bed1860`
SHA1	`cbf104c9872e7b62311c1545be7d60854312aa9c`
SHA256	`c995d2fea387a80e4acc0ade96d6f18b8bcdc237fb96f0f0a4b6725cdb48d50e`
SHA3	`246c7635c540e7e8918b14e8f7964052552f7fce66952380ff2d6744720a3822`
VirtualSize	`0x55cc`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.59892`

.rdata

MD5	`456426414cb0467d180e86ee3e691e20`
SHA1	`bf8fd133e895cf82d2f85f25b1134aa4fe42f76e`
SHA256	`620970a18adfa1df157c04c8e84c78473fb592589c58b573ebacbeeb3be1af9f`
SHA3	`591c2f213780158e3774a62acba4cecd5ddc367edaf166befa069626f6d2784f`
VirtualSize	`0x548`
VirtualAddress	`0x7000`
SizeOfRawData	`0x600`
PointerToRawData	`0x5a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.38017`

.data

MD5	`19e034c032410ac04ee293cd340e2b1d`
SHA1	`a5c55515bc7ac18193d84fbbec58d10bd95223cc`
SHA256	`cfcb0bcd90e4000d298db8fbb5c7f2231e3bff9290594089bdc4c44243d74b07`
SHA3	`10a4c1381a6ef9d09a4bd9478ca7edc657a947976a91647feb1365e663b0321e`
VirtualSize	`0x220c`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.32755`

.rsrc

MD5	`1b1b6c4c7b72e81b2b242d224775dd0d`
SHA1	`47450a264c55f751d2ac9d7c1580cc10b1768000`
SHA256	`7882699fc6060f3949cba4d65599d1738201a3e165745a723622b47d21c20029`
SHA3	`632586223ce2686f9aa800745c4f282ef6b8a0fbd5c5fb23ff726a4c4ac82fd8`
VirtualSize	`0x58df`
VirtualAddress	`0xb000`
SizeOfRawData	`0x5a00`
PointerToRawData	`0x6200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.37764`

Imports

USER32.dll	`MessageBoxA`
SHELL32.dll	`ShellExecuteExW`
MSVCRT.dll	`_controlfp` `_except_handler3` `__set_app_type` `__p__fmode` `__p__commode` `_adjust_fdiv` `__setusermatherr` `_initterm` `__getmainargs` `_acmdln` `exit` `_XcptFilter` `_exit` `memcpy` `free` `malloc` `wcscmp` `memcmp` `memmove` `strlen` `wcslen` `wcscpy` `wcscat` `memset`
KERNEL32.dll	`GetStartupInfoA` `GetModuleHandleA` `SetFilePointer` `WriteFile` `ReadFile` `CreateFileW` `DeleteFileW` `FindNextFileW` `RemoveDirectoryW` `FindFirstFileW` `FindClose` `GetModuleFileNameW` `GetCommandLineW` `GetTempPathW` `GetCurrentThreadId` `GetTickCount` `GetCurrentProcessId` `CreateDirectoryW` `GetLastError` `SetFileTime` `SetFileAttributesW` `CreateProcessW` `CloseHandle` `WaitForSingleObject`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.80589`
MD5	`9fef9676ae7c2069b24da67e98f0539b`
SHA1	`906d5eeb14c92ad810063b1906b029c68bbb7256`
SHA256	`6805a90dc52c437cd2aa120a28900f2da8d447b94a3e2796040e74ecaa80df73`
SHA3	`281cb61acc2308bd530c20446b5c974c68be689be72720f7948a702da3f33ee8`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.18403`
MD5	`a792cef939f02d76cd876d1da1ffd1b7`
SHA1	`63e2d98ac53e5763e269277d05a1d1737dc04974`
SHA256	`fe174802e7a3a9d4ef79ae6e9baf2f3dedb02b8c0f5f5342ad04a37e3b9d6eeb`
SHA3	`39848cd80ec893f2971c96b27a6bdce65825c9f9dfb824e4b3f86ab87df3e3e7`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.1643`
MD5	`bd70243045efd29dbd474c654aebcb1b`
SHA1	`949a91d66767a8b69bec51b6947b8b51f90e183a`
SHA256	`6cb96fbfa5b6fd161bf0ccfa8ed683d0cfec68218a981ff8b457d74ae26b36ba`
SHA3	`cba182b03660abdf15a313404ebc3f739caa10f3d6fe5686344ebf7f1a6522b0`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.5146`
MD5	`3284b3703a0e5678dc54c8fa3cccd5a6`
SHA1	`d88f8515c675e39b984b3f46d9c9113be4c6bd36`
SHA256	`93a3eadd5076ab81f5ec3a90140b843c47b76f975f21b8937fce54126f521eb5`
SHA3	`14930d72a2f392fea91adf0073358a4029faf03ecd13345ab7de8ad141466878`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.93897`
MD5	`02c86f08c8e32ba671a2b8be43d94674`
SHA1	`9884c0c721031548f2f03cd36b925e21d37fa93c`
SHA256	`98ce75e02b9dc518a46a65feaf24fe690b407b4fa9feaf553458203cf5f563e2`
SHA3	`6d2c160effef9cb41bcc9199d5a165637b48f170383677b3c36506552b303d86`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.37592`
MD5	`def9be44cbd3a2f4d6e163c7f3e7d780`
SHA1	`1b6dd0340b441f115717672e3ab00661ac820591`
SHA256	`e3d619c5a24a10392346f66d1716d8b519254064844c363a1a57cc7c7c38912c`
SHA3	`d2baa423212a41402aefcca28f90594658449822644bea4eb2566e4d708bc683`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.199`
MD5	`db5f1b5c251d847f987eb6932594f4d9`
SHA1	`bcd8edab1531db5af231da2cde37c9ba8d3f979c`
SHA256	`e16b408c1473ee8fbb1e3b64345b51d925f534c9525befe8fafd334cfd572b40`
SHA3	`d22e224b8eec5c843d9dff6fc057269d14ee46aa48df0cd968cbc6678cc54a26`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.44465`
MD5	`cb93f25a0ee6d02ce3b9c17fe40b3835`
SHA1	`53368dcdd77c9046b3bddad41ea399fa30b2cc51`
SHA256	`ae6029237344a6c5c4da7b003e7fb0ffba924771b9af5d913360b8c50a4bb3b2`
SHA3	`9373aefa12bb167a7e7bf7f2f9038cb88b80c333be388bb3c3fc377cdd407f7d`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.85349`
MD5	`6948b3a73688c3ea8fbd7f533a579e25`
SHA1	`931d017e52aa63fec9f1401436e07e3df2573e1b`
SHA256	`8561da4d70ae051d1f146859ba0b50467258730daae8af73726e0700c034b737`
SHA3	`2e6fc86970dfb7e8d036900a05d4c89591b3ab0a597a5074ea56489aa68d3414`

1 (#2)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.81932`
Detected Filetype	Icon file
MD5	`d81e1fa4c9943a70026fb6e1376f3be6`
SHA1	`24436dea18b8d6c986496c204d1f0317e3d6515c`
SHA256	`0ec57dae2d5bfeca1955783a3eaf42207ca6cb5f4e472577f391be0fe0db22d4`
SHA3	`a2d054354016dede620ba3e5a3208bd97ce510d4aa8dc31224985f2a6ec5397f`

1 (#3)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.37086`
Detected Filetype	Icon file
MD5	`d59e0d372ea5fd8c1f4de744376a6af4`
SHA1	`6883ce60e71a83424db0b41d0ab6bf61080e3de2`
SHA256	`b10e28a32eddb2ab20a46ceae59d9c0786911eb20f0c8dd2a28421f226ea2b8b`
SHA3	`5e39df982879204dd9f129a37d1e1c2ff906e88de9ae01b4418db5e8455e7ae1`

1 (#4)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1cc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.29637`
MD5	`8ee0e850ece42ccb20e34324bb68f5b3`
SHA1	`1e41ab58321adb3cda79cfd0c4116bac04b8e4e5`
SHA256	`3113b54aa593cf5fba17b6ff9e33a5b6e1d1d3a5514f15fb46371a9c5472655f`
SHA3	`5c2c86ffa2349553bc65840d5c88427b545f4cb17b60ac4559d3b4d10263aa61`

1 (#5)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2d7`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.31459`
MD5	`8c5330c323b611bc34428cb4996022a0`
SHA1	`cf4795eab5132b964836f3c99bff2001cb1b9eea`
SHA256	`7e823e0e506f3a1fcf9c1fd394ae8fea184beeff70095ea1ca450f82c235f684`
SHA3	`2278d28f2f6fe6e71b640a3aaeef683411a203d6e0c4d3dea1cdcb5ddba1e92c`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.1.34.2
ProductVersion	1.1.34.2
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
FileDescription	AutoHotkey Setup
FileVersion (#2)	1.1.34.02
ProductName	AutoHotkey
ProductVersion (#2)	1.1.34.02

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x2fe509d5`
Unmarked objects	`0`
C objects (8047)	`11`
14 (7299)	`5`
Linker (8047)	`2`
Total imports	`55`
Imports (2179)	`7`
C objects (VS98 SP6 build 8804)	`16`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

Errors

Leave a comment

No comments yet.