Manalyze report for c89b8eeb77231b481859263b40d8a46f4de5d0b4a3e1a0c10b99b08c831619d1

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Mar-19 05:42:27
Detected languages	English - United States

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: cmd.exe` `Contains domain names: github.com https://github.com https://www.qnbtalesmatematikmuzesi.com https://www.qnbtalesmatematikmuzesi.com/images/EvdeAtolyeCalismalari/TurkiyeHaritasi_Renksiz.pdf qnbtalesmatematikmuzesi.com www.qnbtalesmatematikmuzesi.com`
Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Possibly launches other programs: ShellExecuteA`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`224d2b4e9c9a08b2840173325fbb8184`
SHA1	`241e8dcf098d9a868e69f9d8f244c5d10780cd66`
SHA256	`c89b8eeb77231b481859263b40d8a46f4de5d0b4a3e1a0c10b99b08c831619d1`
SHA3	`6a49f0dee612c57a33c4a3e0adde20b54faf9e2c3ac0d45b1bc95ab4abc592de`
SSDeep	`3072:nTCBRMBx5JuIX8SGKuipOGrUf/0Z80Sjk/umMXfkpE/kxHIJSvr66Jq+8K:TaRML59JuiYGaPTmefn4oJQW6Je`
Imports Hash	`25f0bb44d795ca4185010139631e4427`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2026-Mar-19 05:42:27
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x11a00`
SizeOfInitializedData	`0x33c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000023DC (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x4a000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d23573b996c0a078cbcad5d2a785f6cf`
SHA1	`49fcec0458a9cf617c4385d3417576dcddbe1132`
SHA256	`04a37c907d63b026e3ee524584fa4c6217c7e88107e052a6e1bc4b5c70a4fd7d`
SHA3	`72d9a50e0ec0ca0a3ce20f71cae266c4267f8a521e89032c614f027187b11bb1`
VirtualSize	`0x11830`
VirtualAddress	`0x1000`
SizeOfRawData	`0x11a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.43113`

.rdata

MD5	`301703c9ae8b546000ef8d99cbe88188`
SHA1	`3a4048d8fd7c7839296935241b42532a63a421f0`
SHA256	`6eb8a3854549de873343e2c2d1943fa15bfcbac824b897c45a420590a320028d`
SHA3	`eae1ec3cd87c4f082b47b6f9eaaf56d19c1196d0b237050f2eda8365179ba50d`
VirtualSize	`0xa4ac`
VirtualAddress	`0x13000`
SizeOfRawData	`0xa600`
PointerToRawData	`0x11e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.70639`

.data

MD5	`089a0ac6143918627849e0d897d396c9`
SHA1	`58d48881405de2c480964fd99af1c6b9c8291e88`
SHA256	`bcd2e85802dfea747f42f6b6b98a4a078ae10b15e601fada861e38a07bc98694`
SHA3	`4263fed9b5f82a23c9b91c2ca17017019b0653be4b011fe68b4b0117cf7db295`
VirtualSize	`0x1c08`
VirtualAddress	`0x1e000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x1c400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.18867`

.pdata

MD5	`2994c7dc58d39a1aa91be8ba39c128ee`
SHA1	`83797899f5e6c396c38c01776c5b3ea43d7113b4`
SHA256	`f0ee7e4b8f5fff41bcc1bbc6ccd8d80ed1a6b91dd8782afe871968c79f3a6a8f`
SHA3	`3e325b9cf56c5468ad0e9d11c4df9a15890f20dd3fd619c330216e3272efb918`
VirtualSize	`0x11dc`
VirtualAddress	`0x20000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x1d000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.93353`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x100`
VirtualAddress	`0x22000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1e200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`476fda138a687acb90c2b8955287a169`
SHA1	`d67574b43d07e74a2394d2943de764d29b9c7491`
SHA256	`4bc06a07a7a41de7a6bdb9294534b330fc9006b1bce4d4cf4b3f585927b67223`
SHA3	`ed27050d4b5904a3c363482bfddc5f5781a9e86f1011435b551e02ac8d8c4948`
VirtualSize	`0x25ab0`
VirtualAddress	`0x23000`
SizeOfRawData	`0x25c00`
PointerToRawData	`0x1e400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.73738`

.reloc

MD5	`1e96b5a613a5cff43bc6402713d22939`
SHA1	`7c64f5eae4a38e51588245eaffd9237fe2bba597`
SHA256	`5e15699c0053f92fba4b361cfb7d449c33e63b5576b486fa0c5fdcf01c70893c`
SHA3	`2bafab7af8b0f7fbda6dc6bb3c102667ae208dd0e1874b2f377bf85eb3532e52`
VirtualSize	`0x684`
VirtualAddress	`0x49000`
SizeOfRawData	`0x800`
PointerToRawData	`0x44000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.93682`

Imports

USER32.dll	`ShowWindow`
SHELL32.dll	`ShellExecuteExA` `ShellExecuteA`
KERNEL32.dll	`GetModuleFileNameW` `WriteConsoleW` `CreateFileW` `GetEnvironmentVariableA` `CreateDirectoryA` `GetFileAttributesA` `SetFileAttributesA` `CloseHandle` `GetLastError` `ReleaseMutex` `WaitForSingleObject` `CreateMutexA` `GetModuleFileNameA` `GetConsoleWindow` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `GetCurrentProcess` `TerminateProcess` `SetFilePointerEx` `RtlPcToFileHeader` `RaiseException` `RtlUnwindEx` `SetLastError` `EncodePointer` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `GetStdHandle` `WriteFile` `ExitProcess` `GetModuleHandleExW` `GetCommandLineA` `GetCommandLineW` `HeapAlloc` `HeapFree` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetEnvironmentVariableW` `SetStdHandle` `GetFileType` `GetStringTypeW` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `InitializeCriticalSectionEx` `VirtualProtect` `CompareStringW` `LCMapStringW` `GetProcessHeap` `HeapSize` `HeapReAlloc` `FlushFileBuffers` `GetConsoleOutputCP` `GetConsoleMode`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xd391`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98958`
Detected Filetype	PNG graphic file
MD5	`e1c8a9a068ff6b86612dea354b22220f`
SHA1	`01d4fe696f13570bb2e273834a7c7af030f641d8`
SHA256	`855a84779261a9de2e97aa56e0ccbd0c5a0ecb98808d95715599ec6c97f6ae97`
SHA3	`1081c94eddaac4b2bc5ff28296007a5d1064c8891ee54687938ebcf27cdee068`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.58634`
MD5	`f40917adbb5d165463a74e2100cce073`
SHA1	`1ea15becf0c126f9609e5c42ed8e026284f18e7c`
SHA256	`df438c5731fb91ae18696169e7df24e3819429c595f771393016e406e131a3b4`
SHA3	`3f0a72a86d38b352777da847dee55a44db8c7f2d5c0fb995cd8d78ec07d4c33b`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.08644`
MD5	`b991e1bbca97a40ac5583a1367289a7a`
SHA1	`88087983f1dd2916f12cdee7e98f793ae9a1732a`
SHA256	`0ac47ee5c04ce4ac0530ce152e50024a650ac6b81144fa6193dd0facdb85de5b`
SHA3	`3acc05d030be390176ae66996569c2461f231c4f12cd1028f0221ed1a11eaabc`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.29113`
MD5	`5ae0610a32260c4aed9ec40f1953b3a1`
SHA1	`e3c2a6fafb3f4582ac8158a4a300186d9b842ea7`
SHA256	`00498f3b942e4eb0d8d0dd28bd0a7ed756a6966b7c53c9f5ba15073cb0e5e92b`
SHA3	`a622f93c6986daa1880ec8e36c9875f1d0010a74faf3c0e67bc32d1d4ae31899`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.55849`
MD5	`c25dff11a3363e7e43caaa00bea3820c`
SHA1	`c58514eb14332db176343cfdeddd9f9c93f8d5e9`
SHA256	`7e7b955e79477b05f17e58232829ff2661cdf2f01591595a096c60b5b8711820`
SHA3	`6de7e8d4c0e3e3930ab0424387975b597cfea43d86150f2bcbc7dc8bb82b5604`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.80871`
MD5	`4eaad2e3782cae912d8914d968c11f87`
SHA1	`1fd31c4ec66dd312f01660eb73ada2a50be411d9`
SHA256	`02c5c2d39ac3d3c521eaf58819f7e7d08b0691755f23570cde4ac25f88028d9c`
SHA3	`6a45e7f6f56e6b8b9789c04af9c093ac900a9a4b06c1cff2274c81d726504ec5`

MAINICON

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.79908`
Detected Filetype	Icon file
MD5	`f76295b8abfce014c7e019e49f79aeda`
SHA1	`021c41ab2c4e0e8ac01af9c02fd0142407908e86`
SHA256	`8deeed610c133f33971844cf6c860a6ee2b76ae7c570c4ffc40109f86c6b1ac3`
SHA3	`bc1f3b9b708e26b1a75472bdc815c42b751e12563325f1b1eb9c9729a92eaea8`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Mar-19 05:42:27
Version	`0.0`
SizeofData	`840`
AddressOfRawData	`0x1b410`
PointerToRawData	`0x1a210`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14001e000`

RICH Header

XOR Key	`0xf518dace`
Unmarked objects	`0`
C++ objects (33140)	`141`
C objects (33140)	`12`
ASM objects (33140)	`8`
ASM objects (35207)	`9`
C objects (35207)	`16`
C++ objects (35207)	`44`
Imports (33140)	`7`
Total imports	`104`
C++ objects (35217)	`1`
Resource objects (35217)	`1`
Linker (35217)	`1`

Errors

Leave a comment

No comments yet.