Manalyze report for c8793cc86fada037f955c5f5c6234b164aaf2a5907eed34fa2ab168d6c2cae3f

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Mar-21 02:38:52
Detected languages	English - United States

Plugin Output

Suspicious	This PE is packed with VMProtect	`Section .textbss is both writable and executable.` `Unusual section name found: .msvcjmc` `Unusual section name found: .fptable` `Unusual section name found: .vmp0` `Unusual section name found: .vmp1`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW LoadLibraryA LoadLibraryW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Code injection capabilities: OpenProcess WriteProcessMemory VirtualAlloc` `Can access the registry: RegCloseKey RegQueryValueExA RegOpenKeyExA` `Can create temporary files: CreateFileW GetTempPathW CreateFileA` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc` `Leverages the raw socket API to access the Internet: recv connect send setsockopt closesocket freeaddrinfo getaddrinfo WSACleanup WSAStartup socket` `Enumerates local disk drives: GetLogicalDriveStringsA` `Manipulates other processes: OpenProcess Process32Next Process32First WriteProcessMemory`
Malicious	VirusTotal score: 18/70 (Scanned on 2026-03-31 18:31:04)	`Bkav: W32.AIDetectMalware` `CrowdStrike: win/malicious_confidence_70% (D)` `Cylance: Unsafe` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `ESET-NOD32: Win32/Packed.VMProtect.ACR trojan` `Elastic: malicious (high confidence)` `Gridinsoft: Trojan.Heur!.03296020` `MaxSecure: Trojan.Malware.300983.susgen` `McAfeeD: ti!C8793CC86FAD` `Microsoft: Trojan:Win32/Sabsik.EN.A!ml` `Sangfor: Trojan.Win32.Save.a` `SentinelOne: Static AI - Malicious PE` `Skyhigh: BehavesLike.Win32.Injector.rc` `Sophos: Generic ML PUA (PUA)` `Symantec: ML.Attribute.HighConfidence` `Trapmine: malicious.high.ml.score` `VBA32: BScope.Trojan.Ymacco`

Hashes

MD5	`abc4f03496a57bcc6be1c7200907cbea`
SHA1	`5810c7a14b503989659c981e08f03196c194d5f3`
SHA256	`c8793cc86fada037f955c5f5c6234b164aaf2a5907eed34fa2ab168d6c2cae3f`
SHA3	`249dedec62adb49969a44fea8d2656fbd5caf705ad090e90f037417a6603e1af`
SSDeep	`98304:S3ejD8g8Z8LJzKGJk74Pj6MDqDeuCD5i/bZaU4y0wneDHz279:S+8g8Z89zpEI6MYeh5i/8y9neDz2J`
Imports Hash	`2f574a2750e79b4e629bc28cc9c2aa0b`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`12`
TimeDateStamp	2026-Mar-21 02:38:52
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x17ce00`
SizeOfInitializedData	`0x4a400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x007E0E56 (Section: .vmp1)`
BaseOfCode	`0x1000`
BaseOfData	`0x1000`
ImageBase	`0x10000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x8d3000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.textbss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xb2fda`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.text

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x17cc10`
VirtualAddress	`0xb4000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.rdata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x39b35`
VirtualAddress	`0x231000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.data

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x3d34`
VirtualAddress	`0x26b000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x1374`
VirtualAddress	`0x26f000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.msvcjmc

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x277`
VirtualAddress	`0x271000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.00cfg

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x10e`
VirtualAddress	`0x272000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.fptable

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x199`
VirtualAddress	`0x273000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.vmp0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x23200f`
VirtualAddress	`0x274000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.vmp1

MD5	`12f68f50c52801a9837c35ea35f6f8b1`
SHA1	`1fb82744bdfe7af27a9f297293586483823c951c`
SHA256	`df8d96b0896d6898ba80dff840cb49268fba42bb8ba914287f7d98adc18c98ed`
SHA3	`39b31af5690f6946315382713b9e290438ae145b95465a817466a63f07eb36e7`
VirtualSize	`0x429d80`
VirtualAddress	`0x4a7000`
SizeOfRawData	`0x429e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.93073`

.reloc

MD5	`52922da26f06268d1786d2a9a28f3a5f`
SHA1	`89835c5a515716e2ba0e58da56aa937c373706a0`
SHA256	`da7b1797442e59236949b6323269096cd2786861f3e6d5a00c9c34185f98d6c0`
SHA3	`6f11e43b39a13dd81db4e897976d637db4cdd73938c1151aac0cab081fd759f8`
VirtualSize	`0x5bc`
VirtualAddress	`0x8d1000`
SizeOfRawData	`0x600`
PointerToRawData	`0x42a200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.28625`

.rsrc

MD5	`5400aa205c8312f14018c8c7c5f8e44d`
SHA1	`042a700ef95fab5ee514849701b080b01752555d`
SHA256	`3234864623833c6852ce9dee8a2c930fb9d8d1145403471e143267448002a5dc`
SHA3	`a8856d4c52e005901a116f077e640fb787798d2586ecce8b501bae1c0483dfbb`
VirtualSize	`0x1d5`
VirtualAddress	`0x8d2000`
SizeOfRawData	`0x200`
PointerToRawData	`0x42a800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.71141`

Imports

WS2_32.dll	`recv` `connect` `send` `setsockopt` `closesocket` `freeaddrinfo` `getaddrinfo` `WSACleanup` `WSAStartup` `socket`
KERNEL32.dll	`ReadFile` `GetConsoleMode` `GetConsoleOutputCP` `FlushFileBuffers` `GetDiskFreeSpaceExA` `CloseHandle` `QueryPerformanceCounter` `QueryPerformanceFrequency` `CreateThread` `OpenProcess` `DisableThreadLibraryCalls` `GetLogicalDriveStringsA` `QueryFullProcessImageNameA` `GetComputerNameA` `CreateToolhelp32Snapshot` `ReadConsoleW` `Process32Next` `EnumSystemLocalesW` `SetStdHandle` `SetFilePointerEx` `GetFileSizeEx` `SetEnvironmentVariableW` `FreeEnvironmentStringsW` `CreateFileW` `GetTimeZoneInformation` `FindClose` `FindFirstFileExW` `FindNextFileW` `GetEnvironmentStringsW` `GetCommandLineW` `GetCommandLineA` `GetOEMCP` `GetUserDefaultLCID` `IsValidLocale` `GetLocaleInfoW` `GetACP` `Process32First` `GetLastError` `FormatMessageA` `WideCharToMultiByte` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionEx` `DeleteCriticalSection` `LocalFree` `GetLocaleInfoEx` `EncodePointer` `DecodePointer` `MultiByteToWideChar` `LCMapStringEx` `GetStringTypeW` `CompareStringEx` `GetCPInfo` `GetCurrentThreadId` `IsProcessorFeaturePresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsDebuggerPresent` `RaiseException` `GetCurrentProcessId` `GetSystemTimeAsFileTime` `InitializeSListHead` `GetStartupInfoW` `GetModuleHandleW` `LCMapStringW` `HeapAlloc` `HeapFree` `GetProcessHeap` `VirtualQuery` `FreeLibrary` `GetProcAddress` `RtlUnwind` `InterlockedPushEntrySList` `InterlockedFlushSList` `GetModuleFileNameW` `LoadLibraryExW` `SetLastError` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `HeapValidate` `GetSystemInfo` `GetModuleHandleExW` `ExitProcess` `GetCurrentThread` `HeapReAlloc` `HeapSize` `HeapQueryInformation` `GetStdHandle` `GetFileType` `WriteFile` `OutputDebugStringW` `WriteConsoleW` `SetConsoleCtrlHandler` `GetTempPathW` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `IsThreadAFiber` `VirtualProtect` `GetDateFormatW` `GetTimeFormatW` `CompareStringW` `IsValidCodePage`
USER32.dll	`GetWindowTextA` `EnumWindows` `GetWindowThreadProcessId` `IsWindowVisible`
ADVAPI32.dll	`RegCloseKey` `RegQueryValueExA` `RegOpenKeyExA` `GetUserNameA`
ole32.dll	`CoCreateInstance` `CoInitializeSecurity` `CoInitializeEx`
OLEAUT32.dll	`SysAllocString` `SysFreeString` `VariantClear` `GetErrorInfo` `VariantInit` `VariantChangeType` `SetErrorInfo` `CreateErrorInfo`
IPHLPAPI.DLL	`GetAdaptersInfo`
WTSAPI32.dll	`WTSSendMessageW`
KERNEL32.dll (#2)	`ReadFile` `GetConsoleMode` `GetConsoleOutputCP` `FlushFileBuffers` `GetDiskFreeSpaceExA` `CloseHandle` `QueryPerformanceCounter` `QueryPerformanceFrequency` `CreateThread` `OpenProcess` `DisableThreadLibraryCalls` `GetLogicalDriveStringsA` `QueryFullProcessImageNameA` `GetComputerNameA` `CreateToolhelp32Snapshot` `ReadConsoleW` `Process32Next` `EnumSystemLocalesW` `SetStdHandle` `SetFilePointerEx` `GetFileSizeEx` `SetEnvironmentVariableW` `FreeEnvironmentStringsW` `CreateFileW` `GetTimeZoneInformation` `FindClose` `FindFirstFileExW` `FindNextFileW` `GetEnvironmentStringsW` `GetCommandLineW` `GetCommandLineA` `GetOEMCP` `GetUserDefaultLCID` `IsValidLocale` `GetLocaleInfoW` `GetACP` `Process32First` `GetLastError` `FormatMessageA` `WideCharToMultiByte` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionEx` `DeleteCriticalSection` `LocalFree` `GetLocaleInfoEx` `EncodePointer` `DecodePointer` `MultiByteToWideChar` `LCMapStringEx` `GetStringTypeW` `CompareStringEx` `GetCPInfo` `GetCurrentThreadId` `IsProcessorFeaturePresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsDebuggerPresent` `RaiseException` `GetCurrentProcessId` `GetSystemTimeAsFileTime` `InitializeSListHead` `GetStartupInfoW` `GetModuleHandleW` `LCMapStringW` `HeapAlloc` `HeapFree` `GetProcessHeap` `VirtualQuery` `FreeLibrary` `GetProcAddress` `RtlUnwind` `InterlockedPushEntrySList` `InterlockedFlushSList` `GetModuleFileNameW` `LoadLibraryExW` `SetLastError` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `HeapValidate` `GetSystemInfo` `GetModuleHandleExW` `ExitProcess` `GetCurrentThread` `HeapReAlloc` `HeapSize` `HeapQueryInformation` `GetStdHandle` `GetFileType` `WriteFile` `OutputDebugStringW` `WriteConsoleW` `SetConsoleCtrlHandler` `GetTempPathW` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `IsThreadAFiber` `VirtualProtect` `GetDateFormatW` `GetTimeFormatW` `CompareStringW` `IsValidCodePage`
USER32.dll (#2)	`GetWindowTextA` `EnumWindows` `GetWindowThreadProcessId` `IsWindowVisible`
KERNEL32.dll (#3)	`ReadFile` `GetConsoleMode` `GetConsoleOutputCP` `FlushFileBuffers` `GetDiskFreeSpaceExA` `CloseHandle` `QueryPerformanceCounter` `QueryPerformanceFrequency` `CreateThread` `OpenProcess` `DisableThreadLibraryCalls` `GetLogicalDriveStringsA` `QueryFullProcessImageNameA` `GetComputerNameA` `CreateToolhelp32Snapshot` `ReadConsoleW` `Process32Next` `EnumSystemLocalesW` `SetStdHandle` `SetFilePointerEx` `GetFileSizeEx` `SetEnvironmentVariableW` `FreeEnvironmentStringsW` `CreateFileW` `GetTimeZoneInformation` `FindClose` `FindFirstFileExW` `FindNextFileW` `GetEnvironmentStringsW` `GetCommandLineW` `GetCommandLineA` `GetOEMCP` `GetUserDefaultLCID` `IsValidLocale` `GetLocaleInfoW` `GetACP` `Process32First` `GetLastError` `FormatMessageA` `WideCharToMultiByte` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionEx` `DeleteCriticalSection` `LocalFree` `GetLocaleInfoEx` `EncodePointer` `DecodePointer` `MultiByteToWideChar` `LCMapStringEx` `GetStringTypeW` `CompareStringEx` `GetCPInfo` `GetCurrentThreadId` `IsProcessorFeaturePresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsDebuggerPresent` `RaiseException` `GetCurrentProcessId` `GetSystemTimeAsFileTime` `InitializeSListHead` `GetStartupInfoW` `GetModuleHandleW` `LCMapStringW` `HeapAlloc` `HeapFree` `GetProcessHeap` `VirtualQuery` `FreeLibrary` `GetProcAddress` `RtlUnwind` `InterlockedPushEntrySList` `InterlockedFlushSList` `GetModuleFileNameW` `LoadLibraryExW` `SetLastError` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `HeapValidate` `GetSystemInfo` `GetModuleHandleExW` `ExitProcess` `GetCurrentThread` `HeapReAlloc` `HeapSize` `HeapQueryInformation` `GetStdHandle` `GetFileType` `WriteFile` `OutputDebugStringW` `WriteConsoleW` `SetConsoleCtrlHandler` `GetTempPathW` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `IsThreadAFiber` `VirtualProtect` `GetDateFormatW` `GetTimeFormatW` `CompareStringW` `IsValidCodePage`
USER32.dll (#3)	`GetWindowTextA` `EnumWindows` `GetWindowThreadProcessId` `IsWindowVisible`

Delayed Imports

DllMain

Ordinal	`1`
Address	`0xb6d82`

Initialize

Ordinal	`2`
Address	`0xb598c`

Run

Ordinal	`3`
Address	`0xb6a80`

RunWithIp

Ordinal	`4`
Address	`0xb6f44`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

TLS Callbacks

Load Configuration

Size	`0xc0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1026b040`
SEHandlerTable	`0`
SEHandlerCount	`0`

RICH Header

Errors

[*] Warning: Section .textbss has a size of 0!
[*] Warning: Section .text has a size of 0!
[*] Warning: Section .rdata has a size of 0!
[*] Warning: Section .data has a size of 0!
[*] Warning: Section .idata has a size of 0!
[*] Warning: Section .msvcjmc has a size of 0!
[*] Warning: Section .00cfg has a size of 0!
[*] Warning: Section .fptable has a size of 0!
[*] Warning: Section .vmp0 has a size of 0!
[*] Warning: 1 invalid export(s) not shown.

Leave a comment

No comments yet.