Manalyze report for b8c7edd65b5f4aea86180ffaca88230e0c8f78229d4a3ba30a3375025c277e72

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-Mar-16 14:58:15
TLS Callbacks	1 callback(s) detected.
Debug artifacts	microservice.pdb

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to security software: MSApp.exe` Contains domain names: GoDaddy.com L.style.top Z-google.golang.org auth0.com birthpopuptypesapplyImagebeinguppernoteseveryshowsmeansextramatchtrackknownearlybegansuperpapernorthlearngivennamedendedTermspartsGroupbrandusingwomanfalsereadyaudiotakeswhile.com bugzilla.mozilla.org code.google.com component.es cssfontstack.com developer.mozilla.org developers.google.com e.specSelectors.info example.com facebook.com feross.org genretrucklooksValueFrame.net github.com gmail.com golang.org google.com google.golang.org http://127.0.0.1 http://cssfontstack.com http://fb.me http://nicolasgallagher.com http://pajhome.org.uk http://pajhome.org.uk/crypt/md5 http://snook.ca http://stackoverflow.com http://tachyons.io http://tobiasahlin.com http://www.C http://www.a http://www.css http://www.hortcut http://www.icon http://www.interpretation http://www.language http://www.style http://www.text-decoration http://www.w3.org http://www.w3.org/1998/Math/MathML http://www.w3.org/1999/xhtml http://www.w3.org/1999/xlink http://www.w3.org/1999/xlink\ http://www.w3.org/2000/svg http://www.w3.org/2000/svg' http://www.w3.org/2000/svg\ http://www.w3.org/TR/CSS2/zindex.html\n http://www.w3.org/XML/1998/namespace http://www.w3.org/shortcut http://www.wencodeURIComponent http://www.years https://auth0.com https://bugzilla.mozilla.org https://bugzilla.mozilla.org/show_bug.cgi?id https://code.google.com https://code.google.com/p/chromium/issues/detail?id https://developer.mozilla.org https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getRandomValues\nvar https://developer.mozilla.org/en-US/docs/Web/API/window.crypto.getRandomValues\n https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Common_types\nconst https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/endsWith\n\n\nfunction https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/includes\n\n\nfunction https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/startsWith\n\n\nfunction https://developer.mozilla.org/en/docs/Web/CSS/z-index\n https://developers.google.com https://developers.google.com/protocol-buffers/ https://developers.google.com/protocol-buffers/docs/proto#options https://docs.rs https://example.com https://feross.org https://github.com https://instagram.com https://json-schema.org https://opentelemetry.io https://philipwalton.com https://reactjs.org https://redux.js.org https://redux.js.org/Errors?code https://soundcloud.com https://spdx.org https://spec.openapis.org https://spec.openapis.org/oas/3.1/dialect/base https://spec.openapis.org/oas/3.1/dialect/base\ https://stackoverflow.com https://swagger.io https://tools.ietf.org https://tools.ietf.org/html/rfc9110#section-15.5.1application/problem+jsonhttps https://tools.ietf.org/html/rfc9110#section-15.5.2WWW-AuthenticateBearer https://tools.ietf.org/html/rfc9110#section-15.5.30Too https://tools.ietf.org/html/rfc9110#section-15.6.1Internal https://tools.ietf.org/html/rfc9110#section-15.6.4Service https://twitter.com https://validator.swagger.io https://validator.swagger.io/validator https://validator.swagger.io/validator\ https://www.World https://www.facebook.com https://www.facebook.com/hashtag/ https://www.recent https://www.tiktok.com https://www.tiktok.com/ https://www.tiktok.com/tag/ https://www.w3.org https://www.w3.org/TR/trace-context/#key https://www.w3.org/TR/trace-context/#list https://www.w3.org/TR/trace-context/#value immutable-pure-component.es instagram.com json-schema.org mozilla.org nicolasgallagher.com o.specSelectors.info openapis.org openssl.org pajhome.org.uk philipwalton.com pure-component.es react-immutable-pure-component.es reactjs.org redux.js.org schema.org smartbear.com snook.ca soundcloud.com spec.openapis.org specSelectors.info stackoverflow.com style.top system.specSelectors.info thing.org tiktok.com tobiasahlin.com tools.ietf.org twitter.com www.facebook.com www.tiktok.com www.w3.org zloirock.ru
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to RC5 or RC6`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Uses Windows's Native API: NtReadFile NtWriteFile NtCancelIoFileEx NtDeviceIoControlFile NtCreateFile` `Leverages the raw socket API to access the Internet: setsockopt accept getpeername getsockname send WSASend getsockopt bind recv WSASocketW WSACleanup WSAStartup WSAIoctl socket WSAGetLastError connect shutdown freeaddrinfo getaddrinfo listen ioctlsocket closesocket`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`aeac741ef35e5548e84e93dfd7897c04`
SHA1	`3dd24f3ede1828ab72bf488e22bdbc9f986c0c00`
SHA256	`b8c7edd65b5f4aea86180ffaca88230e0c8f78229d4a3ba30a3375025c277e72`
SHA3	`1eb7b820384b48fb7a966d3420ea138f88f45f2836f2752b37575c863dd0a283`
SSDeep	`196608:9P+vXh7GZjjsluMkXyJrTu0lkCdRrEMRV01G9k2pmW:s8jsIo00Xi+VH9jp5`
Imports Hash	`674fbdc2e2b121cdc1bd8bff061e3b9a`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`5`
TimeDateStamp	2026-Mar-16 14:58:15
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x96e400`
SizeOfInitializedData	`0xfbec00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000094515C (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x1930000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f7d4743bf74e26b5bf9dd076cf29a05c`
SHA1	`53368989f985cb28abea7673c059988c9ceca4ee`
SHA256	`3abe5b78000a24397f298efeafc5c716b22f31362128d0ccc41326a4845f8ace`
SHA3	`022120af38563214f266d47f70e73896c0d745bb519a79ff77321be9ccb35c9b`
VirtualSize	`0x96e394`
VirtualAddress	`0x1000`
SizeOfRawData	`0x96e400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.25819`

.rdata

MD5	`f27c261b0bc233e9542cb4ab125381bc`
SHA1	`b9a0fd28c450c72baf5bbcd10c54e5d09de887eb`
SHA256	`71413d67b8fa77aaf61906e890104a3197f815ccfdade925a521bf9fae88d754`
SHA3	`4185a4362cbdb508076cfd7735bb3ec34753e2388c30a392aa929d6ad9f5bcd6`
VirtualSize	`0xf32a52`
VirtualAddress	`0x970000`
SizeOfRawData	`0xf32c00`
PointerToRawData	`0x96e800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.17835`

.data

MD5	`8542eadd58a82243f1b975021837ba6d`
SHA1	`71d268acec8da98b657b04a5a2dfd7e6929115a6`
SHA256	`9f051e5c8b88de2aac114a5b0ac0d4629561e97485bbd49e0fd694eb3071581f`
SHA3	`610147be97d0c8a4016d3f279b6d6837ac143d2abefc1489bacecd985f6a1b2d`
VirtualSize	`0x4818`
VirtualAddress	`0x18a3000`
SizeOfRawData	`0x4600`
PointerToRawData	`0x18a1400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.28763`

.pdata

MD5	`549cf843937ef9403ad73a3947bc39a8`
SHA1	`e63d93b76bdd6cfbb03d23fb43d7d3539da9cd7b`
SHA256	`b0801700d3863bdd157e9a73aa3cb1e4df0f75544b753676c6efe40c7a14b24a`
SHA3	`faf47650d30fd19dcf607529c237c73bd7276ce85c88838358a6aee261f070af`
VirtualSize	`0x7458c`
VirtualAddress	`0x18a8000`
SizeOfRawData	`0x74600`
PointerToRawData	`0x18a5a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.75578`

.reloc

MD5	`2346afd61b4857b81d0adf74d627c7ab`
SHA1	`d61580f1bbe60dd0d14f4a976a1cfe862dea3966`
SHA256	`b129aeb150aa7bdf471a9858dd38e815bc52d080605ac3746682dfa16b9b0b3e`
SHA3	`9c98083c4b7c8d9eb545d0f16d724414d0619cb09b01037ad47315cbdb6c8af6`
VirtualSize	`0x12e88`
VirtualAddress	`0x191d000`
SizeOfRawData	`0x13000`
PointerToRawData	`0x191a000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.47664`

Imports

kernel32.dll	`GetSystemTimeAsFileTime` `GetModuleHandleA` `Sleep` `GetProcAddress` `GetConsoleMode` `GetQueuedCompletionStatusEx` `CancelIoEx` `WriteFile` `ReadFile` `PostQueuedCompletionStatus` `CreateFileW` `GetLastError` `CloseHandle` `SetNamedPipeHandleState` `GetOverlappedResult` `SetFileCompletionNotificationModes` `CreateIoCompletionPort` `SetConsoleCtrlHandler` `GetCurrentProcess` `SetHandleInformation`
bcryptprimitives.dll	`ProcessPrng`
ws2_32.dll	`setsockopt` `accept` `getpeername` `getsockname` `send` `WSASend` `getsockopt` `bind` `recv` `WSASocketW` `WSACleanup` `WSAStartup` `WSAIoctl` `socket` `WSAGetLastError` `connect` `shutdown` `freeaddrinfo` `getaddrinfo` `listen` `ioctlsocket` `closesocket`
api-ms-win-core-synch-l1-2-0.dll	`WakeByAddressSingle` `WaitOnAddress` `WakeByAddressAll`
advapi32.dll	`GetUserNameW`
shell32.dll	`SHGetKnownFolderPath`
combase.dll	`CoTaskMemFree`
ntdll.dll	`NtReadFile` `NtWriteFile` `NtCancelIoFileEx` `NtDeviceIoControlFile` `RtlNtStatusToDosError` `NtCreateFile`
KERNEL32.dll	`InitializeSListHead` `RtlLookupFunctionEntry` `RtlCaptureContext` `GetSystemInfo` `GetCurrentThreadId` `GetSystemTimePreciseAsFileTime` `CreateThread` `GetConsoleOutputCP` `GetStdHandle` `WriteConsoleW` `MultiByteToWideChar` `HeapAlloc` `ExitProcess` `FormatMessageW` `GetModuleHandleW` `GetFullPathNameW` `SetEnvironmentVariableW` `SetUnhandledExceptionFilter` `FindClose` `FindFirstFileExW` `GetFinalPathNameByHandleW` `GetFileInformationByHandle` `SwitchToThread` `GetFileInformationByHandleEx` `GetEnvironmentVariableW` `GetCurrentDirectoryW` `SetLastError` `GetCurrentThread` `SetThreadStackGuarantee` `AddVectoredExceptionHandler` `WaitForSingleObject` `QueryPerformanceCounter` `QueryPerformanceFrequency` `RtlVirtualUnwind` `GetProcessHeap` `HeapFree` `HeapReAlloc` `lstrlenW` `WideCharToMultiByte` `WaitForSingleObjectEx` `LoadLibraryA` `GetCurrentProcessId` `CreateMutexA` `ReleaseMutex` `SetFileInformationByHandle`
ADVAPI32.dll	`SystemFunction036`
bcrypt.dll	`BCryptGenRandom`
VCRUNTIME140.dll	`__current_exception_context` `memcpy` `__CxxFrameHandler3` `memcmp` `memset` `__current_exception` `_CxxThrowException` `memmove` `__C_specific_handler`
api-ms-win-crt-math-l1-1-0.dll	`log2f` `trunc` `pow` `round` `__setusermatherr`
api-ms-win-crt-string-l1-1-0.dll	`strlen` `wcslen`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `free` `malloc`
api-ms-win-crt-stdio-l1-1-0.dll	`_set_fmode` `__p__commode`
api-ms-win-crt-runtime-l1-1-0.dll	`_configure_narrow_argv` `_get_initial_narrow_environment` `_initterm` `_seh_filter_exe` `_initterm_e` `exit` `_exit` `_initialize_narrow_environment` `terminate` `_set_app_type` `__p___argc` `__p___argv` `_crt_atexit` `_cexit` `_c_exit` `_register_thread_local_exe_atexit_callback` `_initialize_onexit_table` `_register_onexit_function`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Mar-16 14:58:15
Version	`0.0`
SizeofData	`41`
AddressOfRawData	`0x171b774`
PointerToRawData	`0x1719f74`
Referenced File	microservice.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Mar-16 14:58:15
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x171b7a0`
PointerToRawData	`0x1719fa0`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Mar-16 14:58:15
Version	`0.0`
SizeofData	`816`
AddressOfRawData	`0x171b7b4`
PointerToRawData	`0x1719fb4`

TLS Callbacks

StartAddressOfRawData	`0x14171bb08`
EndAddressOfRawData	`0x14171bed8`
AddressOfIndex	`0x1418a7788`
AddressOfCallbacks	`0x140970578`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`0x00000001408B5C40`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1418a74c0`

RICH Header

XOR Key	`0x83ebd58`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`16`
Imports (35403)	`2`
ASM objects (35403)	`4`
C objects (35403)	`10`
C++ objects (35403)	`24`
Imports (33145)	`9`
Total imports	`226`
C objects (35724)	`45`
Unmarked objects (#2)	`874`
Linker (35724)	`1`

Errors

Leave a comment

No comments yet.