Manalyze report for b63468dd118dfbca5ef7967ba344e0e3

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2022-Nov-18 17:55:10
Detected languages	English - United States
CompanyName	Mojang
FileDescription	The Minecraft Launcher
FileVersion	`3.2.0.0`
LegalCopyright
ProductName	SKlauncher
ProductVersion	`3.2.0`
OriginalFilename	SKlauncher-3.2-x64.exe
InternalName	SKlauncher

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains obfuscated function names: c4 e7 e9 ec c4 e1 ea fa e9 fa f1 cf ed fc d8 fa e7 eb c9 ec ec fa ed fb fb` `Contains a XORed PE executable: dc e0 e1 fb a8 f8 fa e7 ef fa e9 e5 a8 eb e9 e6 e6 e7 fc a8 ...` `Miscellaneous malware strings: cmd.exe` `Contains domain names: adoptium.net https://adoptium.net`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryW LoadLibraryExA` `Can access the registry: RegEnumKeyExA RegOpenKeyExA RegQueryValueExA RegCreateKeyExA RegSetValueExA RegCloseKey` `Possibly launches other programs: CreateProcessW CreateProcessA` `Can create temporary files: CreateFileW CreateFileA GetTempPathW GetTempPathA` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Can shut the system down or lock the screen: ExitWindowsEx`
Suspicious	The file contains overlay data.	`1284608 bytes of data starting at offset 0x56600.` `The overlay data has an entropy of 7.90742 and is possibly compressed or encrypted.` `Overlay data amounts for 78.4062% of the executable.`
Suspicious	VirusTotal score: 1/70 (Scanned on 2024-02-11 19:51:29)	`tehtris: Generic.Malware`

Hashes

MD5	`b63468dd118dfbca5ef7967ba344e0e3`
SHA1	`2ba4f0df5f3bd284bf2a89aba320e4440d8b8355`
SHA256	`05ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf`
SHA3	`ef60932aef561d337c6d508de9917ac8081d355f9402f8aea780eb44ab650ceb`
SSDeep	`49152:HIBc3n9dRvwVlzhFAQ/ggUTPQjYEiim7V:oBaO/FAqMQjYEXm`
Imports Hash	`de361320741c3eefff5c87665ab4f6f4`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2022-Nov-18 17:55:10
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`9.0`
SizeOfCode	`0x3bc00`
SizeOfInitializedData	`0x29e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000021394 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x68000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`02111087c6d67400e0e5c7c99590bad9`
SHA1	`519af3865a067dafafd4831e7b87c5b096dd74f5`
SHA256	`e9579f08f4282c2e6e152b96ca4b93813dde32513d9788db558ba65ed747b841`
SHA3	`dbb61256d160739a7203b10c23d8decc45e81070629a71ae1075ed865122de1e`
VirtualSize	`0x3bba6`
VirtualAddress	`0x1000`
SizeOfRawData	`0x3bc00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.41271`

.rdata

MD5	`fdbbc519350b8363b8f21d24104bb193`
SHA1	`72792a78f08d4f90adc0e6214ed9ea7844a01d28`
SHA256	`46a71b7b1c11701b120ce53f31829def9fb1cbe660274c562ea78d933fd4faff`
SHA3	`4cac94f3029d3489304d36a0476469d562fa321ffa7c01f2cf0ec7d90c184898`
VirtualSize	`0xfdf8`
VirtualAddress	`0x3d000`
SizeOfRawData	`0xfe00`
PointerToRawData	`0x3c000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.87177`

.data

MD5	`3eb7d16e624d969f044d7db4e1838d56`
SHA1	`9ed48681447e96c7867da9248e99f0e6cfd8ed9e`
SHA256	`a2437f002f7365c57c53eb480b29e2be2fa262042b0519014faa29148677b73f`
SHA3	`ef2344b3ca0c8a41dc871ba461cfe13407260b988d7842f3f49d876859cba49e`
VirtualSize	`0x11f84`
VirtualAddress	`0x4d000`
SizeOfRawData	`0x2800`
PointerToRawData	`0x4be00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.57743`

.pdata

MD5	`91a5fa352d429be13ae31deb8176c1f8`
SHA1	`371e41c04d30dcf3f60215d43ff9c9e305e5036f`
SHA256	`ca485b4e50ee3669e1a27eaf95809b27aef252f9342e1d027c47ddf97834bf60`
SHA3	`699dd143f33853353e4d58c10e4732ed723d0500c82d94d7805112de18804b2a`
VirtualSize	`0x2c58`
VirtualAddress	`0x5f000`
SizeOfRawData	`0x2e00`
PointerToRawData	`0x4e600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.45712`

.rsrc

MD5	`b9b2ad067a582303c12ec69d8e150ce5`
SHA1	`550c0ea65fc3ec50afcbd69223266632403e3121`
SHA256	`91e30bf8bee522206a4f2a683b0250499eb36e665418bfca18bc5d553a66ea15`
SHA3	`153f75bbe3eb683a58b3c360ea4b4646b1133af4bca96ea41989926a475a4c35`
VirtualSize	`0x4800`
VirtualAddress	`0x62000`
SizeOfRawData	`0x4800`
PointerToRawData	`0x51400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.79127`

.reloc

MD5	`540e4b98014aa1d6e7dc115ed17d230f`
SHA1	`de22e6538243d86f3e04a3162302cc8b894c49e4`
SHA256	`881787a5a22ba2fec759ec84f58a265bff3d6d7d0ab14d2dfbbefe9a0537ae72`
SHA3	`09e2398f7d0406d7b21a0b4c0ab2e08e96955cfbafbbf014403b35dc8b97a5c7`
VirtualSize	`0x834`
VirtualAddress	`0x67000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x55c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.19296`

Imports

USER32.dll	`SetForegroundWindow` `MessageBoxA` `ExitWindowsEx` `EnumWindows` `IsIconic` `ShowWindow` `MessageBoxW` `GetLastActivePopup` `IsWindowVisible` `GetWindowThreadProcessId` `MonitorFromPoint`
ADVAPI32.dll	`AdjustTokenPrivileges` `InitializeSecurityDescriptor` `SetSecurityDescriptorDacl` `OpenProcessToken` `GetTokenInformation` `ConvertSidToStringSidA` `RegEnumKeyExA` `RegOpenKeyExA` `RegQueryValueExA` `RegCreateKeyExA` `RegSetValueExA` `RegCloseKey` `LookupPrivilegeValueA`
ole32.dll	`CreateStreamOnHGlobal` `CoCreateInstance` `CoInitializeEx` `GetHGlobalFromStream` `CoUninitialize`
KERNEL32.dll	`GetStringTypeW` `GetStringTypeA` `HeapReAlloc` `QueryPerformanceCounter` `GetTimeZoneInformation` `EnumSystemLocalesA` `IsValidLocale` `InitializeCriticalSectionAndSpinCount` `WriteConsoleA` `SetStdHandle` `CompareStringA` `CompareStringW` `GetLocaleInfoW` `SetEndOfFile` `GetLocaleInfoA` `SetCurrentDirectoryA` `HeapCreate` `HeapSetInformation` `IsValidCodePage` `GetOEMCP` `GetACP` `GetLastError` `CreateFileW` `SetFilePointer` `WriteFile` `ReadFile` `GetProcAddress` `LoadLibraryA` `GetUserDefaultLCID` `CloseHandle` `CreateFileA` `CreateDirectoryA` `FlushFileBuffers` `WriteConsoleW` `GetFileType` `GetStdHandle` `GetLongPathNameW` `ExitProcess` `RemoveDirectoryA` `MultiByteToWideChar` `AreFileApisANSI` `FindClose` `FindFirstFileA` `FindFirstFileW` `TerminateProcess` `GetExitCodeProcess` `CreateProcessW` `GetWindowsDirectoryW` `SetHandleInformation` `CreatePipe` `GetShortPathNameA` `GetModuleFileNameA` `GetShortPathNameW` `GetModuleFileNameW` `GetCurrentProcessId` `GetLongPathNameA` `FoldStringW` `GetWindowsDirectoryA` `GetEnvironmentVariableW` `GetEnvironmentVariableA` `GetTempPathW` `GetTempPathA` `GetTempFileNameA` `GetFullPathNameW` `GetFullPathNameA` `FindNextFileA` `DeleteFileA` `LoadLibraryW` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `FreeEnvironmentStringsA` `GetEnvironmentStrings` `GetExitCodeThread` `WaitForSingleObject` `CreateThread` `GetConsoleOutputCP` `SetEnvironmentVariableA` `GetProcessHeap` `GetCurrentDirectoryA` `GetVersionExA` `CreateProcessA` `SearchPathA` `GetSystemTimeAsFileTime` `EnterCriticalSection` `InitializeCriticalSection` `LeaveCriticalSection` `Sleep` `GetMailslotInfo` `CreateMailslotA` `GetCommandLineW` `CreateSemaphoreA` `LocalFree` `GetCurrentProcess` `LocalAlloc` `SizeofResource` `LockResource` `LoadResource` `FindResourceA` `GlobalUnlock` `GlobalSize` `GlobalLock` `GetTickCount` `AllocConsole` `GetModuleHandleA` `LoadLibraryExA` `SetEnvironmentVariableW` `SetCurrentDirectoryW` `WideCharToMultiByte` `DeleteCriticalSection` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsDebuggerPresent` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `RaiseException` `RtlPcToFileHeader` `RtlUnwindEx` `CreateDirectoryW` `RemoveDirectoryW` `HeapAlloc` `HeapFree` `DebugBreak` `GetCommandLineA` `GetStartupInfoA` `LCMapStringA` `LCMapStringW` `GetCPInfo` `EncodePointer` `DecodePointer` `FlsGetValue` `FlsSetValue` `FlsFree` `SetLastError` `GetCurrentThreadId` `FlsAlloc` `HeapSize` `GetModuleHandleW` `GetConsoleCP` `GetConsoleMode` `SetHandleCount`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.444`
MD5	`65517e5b529712dde5ac5e2e10b0a0fc`
SHA1	`cf7a2450aa12e179ca5242c656784ef1f7ff61cc`
SHA256	`8615bd563ed389056175d728d95eedbff611a9ce3a80b47ab8854572231d6a09`
SHA3	`c8701bab96dd47f002ea34ba32e79b052e0069ba6752d0c7223d48c9810653f1`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.05135`
MD5	`601078a471e95e047bc2167e328cfe1a`
SHA1	`9f63905e0c3c78adf18fa9078334dd4bc2c65a3c`
SHA256	`816933c06ded287b0f0aab1ba7e4450fae0cf8f4b97ebe50c4e57bafd7cf6792`
SHA3	`c073764ebffb0c11bbee891e3a0aab53f6aa0d53c64e58a1992f40d2db1d2bd5`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.64923`
MD5	`3e7fcc7321959e7545159bf7cebb6e57`
SHA1	`ffa6b9ded88ba1763020d12187332b9313e25679`
SHA256	`e9a0ecc434e21f0cf24491f8d93997489ac7b0e600aa23e2d70d013d9d65e815`
SHA3	`86a95f63db98d28ff75fbe8136d1dec14d95c84b8cb4fd8b63a0bf594921c1ee`

101

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x12e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.19761`
MD5	`238fdd72acad6b08e164c4f6b3308b6b`
SHA1	`bbc5c30a0040697cb2c2ae3ac8ef4f96b38fb89d`
SHA256	`cb7a4a8a66eee064a9fb1451870ce7225bb3672ceb3bda74be73c2c893c623c4`
SHA3	`e0dcd8f763fb5915fbd818274955346254ff9e082c27642c1e99aa6ce95bd299`

1001

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x30`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.45849`
Detected Filetype	Icon file
MD5	`1ec6a7b3300970378c29695a6cc13d36`
SHA1	`99ce74251d19d800608e30bed6e0d793931da56e`
SHA256	`77a1efb6136f52dd2372987b13bf486aa75baeacb93bad009aa3e284c57b8694`
SHA3	`7a94ba315b3ab461cec9dad3048599d32b0e597047f9655159bd6dfdc694e4a3`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x2b4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.27742`
MD5	`ec886c19d60e0c2d7fd894fcb68257f7`
SHA1	`3123c7d35c6e2169fbe5a64619ab2991652b0e55`
SHA256	`eb0573439dbdba81df50a390cb350b4afc94c58976cc9b79dbcb806095e94d6c`
SHA3	`bb0c3c5eee32171d030eec07bcb9c8661bfa96c1bbeb3882f529825f76385b25`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4e0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.16882`
MD5	`56c7a92468a36606955971d49e1011fe`
SHA1	`fcf6faf0cb1d229bba7e029decff58c0472c886b`
SHA256	`f3bb536b691776c7ee7489a5a3089862d51a38953a52b18e8f8bdfe237b0bdad`
SHA3	`e212f8b719d2dd6c4d59fa38c328618db35ef4e241fa7c15225a58f163c8ad88`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	3.2.0.0
ProductVersion	3.2.0.0
FileFlags	`VS_FF_DEBUG`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	UNKNOWN
CompanyName	Mojang
FileDescription	The Minecraft Launcher
FileVersion (#2)	3.2.0.0
LegalCopyright
ProductName	SKlauncher
ProductVersion (#2)	3.2.0
OriginalFilename	SKlauncher-3.2-x64.exe
InternalName	SKlauncher

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x78cfa1b2`
Unmarked objects	`0`
150 (20413)	`4`
ASM objects (VS2008 build 21022)	`13`
C objects (VS2008 build 21022)	`176`
C++ objects (VS2012 build 50727 / VS2005 build 50727)	`1`
Imports (VS2012 build 50727 / VS2005 build 50727)	`9`
Total imports	`189`
C++ objects (VS2008 build 21022)	`91`
Linker (VS2008 SP1 build 30729)	`1`
Resource objects (VS2008 build 21022)	`1`

b63468dd118dfbca5ef7967ba344e0e3

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

101

1001

1 (#2)

1 (#3)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors