Manalyze report for 4b46fef42356da27639b0ced949c130968c47d86e4167b2790185bb0e8aa84b5

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Jul-26 21:23:15

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5`
Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress LoadLibraryExW` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`b84c0b85c71f35fe27181c61daf5920b`
SHA1	`0f21f9e65562060993a5126c3ce1f6db51b58189`
SHA256	`4b46fef42356da27639b0ced949c130968c47d86e4167b2790185bb0e8aa84b5`
SHA3	`28378478875f9255ac78ff52da3749af94fe6e1ad62951f4b66eec29a4e4ae73`
SSDeep	`49152:l6H05TGrx7+xju73dfWCn3fXsjArIZVYzDUFF0/rmgbU0u1Ps0X:Lt6xzdfWCnP7fXrnbZnG`
Imports Hash	`7ec039b8d1c7a90dba2af267c8c12641`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2024-Jul-26 21:23:15
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x302a00`
SizeOfInitializedData	`0x99e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000002A1DF0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x3b2000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b2ae8920180c93e63c068303c6ca041c`
SHA1	`c8678bc7de3759a44cb98cd504c19d3a4d054f1f`
SHA256	`faf35e6eb868aa264e8762f3785d2bab5a3a2961065af6ad352ea8e9afc669ea`
SHA3	`9ac0354531851a65255a61ff3b37bf7bba587e84397be22f867e188e5a3b06e5`
VirtualSize	`0x302874`
VirtualAddress	`0x1000`
SizeOfRawData	`0x302a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.75496`

.rdata

MD5	`c9c535116905b66a4645a99e80ca9669`
SHA1	`ee108d829c501ca05fab7c75ceb38f46dffb5ccd`
SHA256	`228736871e6d41c04c80ec0649d25292c0505e7e399699420ca48f579a1b24ba`
SHA3	`c283128cc3e17149f667fded7a5409d6c5cddad526e2f7c4c8f336a85fd5ae8a`
VirtualSize	`0x4b834`
VirtualAddress	`0x304000`
SizeOfRawData	`0x4ba00`
PointerToRawData	`0x302e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.41937`

.data

MD5	`9617bdc3b135f013e567d2a63c94085d`
SHA1	`e2920762808b9367a1d6f2662ef6c95180095512`
SHA256	`1736ab5e3c1bd59e7684b58fd427587ec2ecd34ef935c58a3f5a1e012e167bfd`
SHA3	`e3c5d62689949b5e5b572e16c1ccfdca950b20db4d55dcfce5eb804f561c8c63`
VirtualSize	`0x4548c`
VirtualAddress	`0x350000`
SizeOfRawData	`0x33600`
PointerToRawData	`0x34e800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.79015`

.pdata

MD5	`2049b03f69aead8e8619c3eb173a1a9d`
SHA1	`47b23b1c68b70dfb2f23fb10e4fbae69fe22a5d7`
SHA256	`56889cb47f7f4bcf13247ab8e6db20d90585458ff9d2b3dddb679586302c7d9d`
SHA3	`9a59d2531dddf66bf21c57ca2e96eb9e504e7abe56221d0bc6c22f5ed857f63d`
VirtualSize	`0xdc2c`
VirtualAddress	`0x396000`
SizeOfRawData	`0xde00`
PointerToRawData	`0x381e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.04961`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x100`
VirtualAddress	`0x3a4000`
SizeOfRawData	`0x200`
PointerToRawData	`0x38fc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.reloc

MD5	`00db1ab870c15bf7169fced3024171cd`
SHA1	`045c4e291d02c822fe9c8c5916ec6884733de9f9`
SHA256	`40567004fca44e5ddb5be5415789613eb661b207d240e724a8a466ea12e39e32`
SHA3	`27239a8354512866276bb4e2ac07f2830af2421ec5e5bc872eb5d18b3db03456`
VirtualSize	`0xcc1c`
VirtualAddress	`0x3a5000`
SizeOfRawData	`0xce00`
PointerToRawData	`0x38fe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.43667`

Imports

VMProtectSDK64.dll	`VMProtectDecryptStringW`
ntdll.dll	`RtlPcToFileHeader` `RtlUnwindEx` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `VerSetConditionMask` `RtlUnwind`
USER32.dll	`LoadCursorA` `MonitorFromWindow` `ReleaseDC` `GetDC` `SetProcessDPIAware` `GetKeyboardLayout` `GetKeyState` `GetMessageExtraInfo` `IsWindowUnicode` `ReleaseCapture` `SetCapture` `GetCapture` `OpenClipboard` `TrackMouseEvent` `SetCursor` `ScreenToClient` `GetCursorPos` `SetCursorPos` `ClientToScreen` `GetForegroundWindow` `GetClientRect` `SetClipboardData` `EmptyClipboard` `CloseClipboard` `GetClipboardData`
KERNEL32.dll	`SetEndOfFile` `HeapSize` `CreateFileW` `GetTimeZoneInformation` `HeapReAlloc` `GetProcessHeap` `GetCommandLineW` `GetCommandLineA` `GetOEMCP` `GetACP` `IsValidCodePage` `FindNextFileW` `FindFirstFileExW` `FindClose` `OutputDebugStringW` `FlushFileBuffers` `ReadConsoleW` `SetFilePointerEx` `GetFileSizeEx` `GetConsoleMode` `GetConsoleOutputCP` `WriteFile` `EnumSystemLocalesW` `GetUserDefaultLCID` `IsValidLocale` `GetLocaleInfoW` `LCMapStringW` `CompareStringW` `GetTimeFormatW` `GetDateFormatW` `VirtualProtect` `GetCurrentProcessId` `MultiByteToWideChar` `GlobalLock` `WideCharToMultiByte` `GlobalUnlock` `GlobalAlloc` `GlobalFree` `QueryPerformanceFrequency` `QueryPerformanceCounter` `LoadLibraryA` `GetProcAddress` `FreeLibrary` `GetLocaleInfoA` `GetModuleHandleA` `AllocConsole` `CreateFileA` `SetStdHandle` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `WakeAllConditionVariable` `SleepConditionVariableSRW` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `TryAcquireSRWLockExclusive` `CloseHandle` `WaitForSingleObjectEx` `GetExitCodeThread` `EncodePointer` `DecodePointer` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionEx` `DeleteCriticalSection` `GetLocaleInfoEx` `LCMapStringEx` `GetStringTypeW` `CompareStringEx` `GetCPInfo` `FlsFree` `SetEnvironmentVariableW` `FreeEnvironmentStringsW` `RaiseException` `InterlockedFlushSList` `GetLastError` `SetLastError` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `LoadLibraryExW` `GetCurrentProcess` `TerminateProcess` `CreateThread` `ExitThread` `FreeLibraryAndExitThread` `GetModuleHandleExW` `GetStdHandle` `GetFileType` `GetModuleFileNameW` `WriteConsoleW` `ReadFile` `ExitProcess` `HeapAlloc` `HeapFree` `FlsAlloc` `FlsGetValue` `FlsSetValue` `GetEnvironmentStringsW`

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2024-Jul-26 21:23:15
Version	`0.0`
SizeofData	`968`
AddressOfRawData	`0x340f14`
PointerToRawData	`0x33fd14`

TLS Callbacks

StartAddressOfRawData	`0x180341328`
EndAddressOfRawData	`0x180341330`
AddressOfIndex	`0x18039310c`
AddressOfCallbacks	`0x180304650`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x180381700`

RICH Header

XOR Key	`0x45b97426`
Unmarked objects	`0`
C++ objects (33136)	`182`
C objects (33136)	`32`
ASM objects (33136)	`23`
Imports (33136)	`6`
ASM objects (33731)	`10`
C objects (33731)	`15`
C++ objects (33731)	`90`
Imports (VS2015 UPD3.1 build 24215)	`3`
Total imports	`169`
Unmarked objects (#2)	`14`
Linker (33812)	`1`

Errors

Leave a comment

No comments yet.