Manalyze report for c8c83590de1e9e97367491af7096d69f2ad3fc143928e91b5a035cf8bd79efb1

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-May-22 07:37:35
TLS Callbacks	3 callback(s) detected.

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5`
Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata`
Suspicious	The PE contains functions most legitimate programs don't use.	`Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Uses Windows's Native API: NtReadFile NtWriteFile`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`8b5251f7c8109f88f4fc6730b10bc1d3`
SHA1	`276c23e1255434e539ee425eccd93dddd1e61ae9`
SHA256	`c8c83590de1e9e97367491af7096d69f2ad3fc143928e91b5a035cf8bd79efb1`
SHA3	`2bea2b75833d05fd41755c780645d2a89baa6ec05197c10b06a8311b727b5d39`
SSDeep	`12288:yh2AgAye63akRJ43sT9qlj3ZABasxlh7DglKcs5Kl5XR4z4gdcGM2eoZmSBdGVt:yhTuVjBK2Basb5DI3RtYxM2eoh+Vt`
Imports Hash	`1369c0406f77dff972cb0e94c65c2b5d`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`10`
TimeDateStamp	2026-May-22 07:37:35
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0x3b000`
SizeOfInitializedData	`0xa0000`
SizeOfUninitializedData	`0x200`
AddressOfEntryPoint	`0x00000000000013F0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0xe1000`
SizeOfHeaders	`0x400`
Checksum	`0xdcdab`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`88db34e90bcd4bb6a66a7a0349d6448b`
SHA1	`370f493dbdd51bdf98eff9c38025cc7a84d4581d`
SHA256	`70fe6f6ee3c18f259611bb805fba65d85b67b288a8a610f7003daf72224e4791`
SHA3	`9ea15e0526a22e61ff31e57be0b69bd351e727129718c86c3e4ecfa374958fc8`
VirtualSize	`0x3ae28`
VirtualAddress	`0x1000`
SizeOfRawData	`0x3b000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.33915`

.data

MD5	`a3cb2c5c118b887a2243164deb49e301`
SHA1	`000f963a39efa9b3fd178bb6b8dee7bc47caf1a0`
SHA256	`315f02c4c5962a627c1a170136a8f0218e612fc61fbb11cebe89d5d2957d4368`
SHA3	`94da5ebb0e062e0ee5a98445a676dc8e00b7210d314c9a2bac9d2e8c9510c200`
VirtualSize	`0x9a0`
VirtualAddress	`0x3c000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x3b400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.137761`

.rdata

MD5	`78b5bf804a62e715247e8a2e7bd70782`
SHA1	`6f6179c87057b1eab4c335a13467920b60870d96`
SHA256	`3ae80d9de0093dcd694629c5ad5a7f96239d6fbe95a553f1c6ce1b4388f51681`
SHA3	`a92ba2c3304d91f87f6e90ce4e90def3209ad64cc142d1d5a7997d188f1888eb`
VirtualSize	`0x99fc8`
VirtualAddress	`0x3d000`
SizeOfRawData	`0x9a000`
PointerToRawData	`0x3be00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.96181`

.pdata

MD5	`1728835ffbb1c1a94030243bc2037b55`
SHA1	`1ca0c3cc5ec6ac7e454cb16108ecfcfbbd1efa52`
SHA256	`5a127babdf33110f2d60c17235d04cfb3a6a7d31e71e7c3b0d24e77e618ef893`
SHA3	`686f1b0c858491b7ced5f625969f3af74d09d851115f60464984e5123c3889f3`
VirtualSize	`0x1398`
VirtualAddress	`0xd7000`
SizeOfRawData	`0x1400`
PointerToRawData	`0xd5e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.4195`

.xdata

MD5	`4e8e24bc9794910786e614178aadb9f9`
SHA1	`400c6aacc8737ab424aa63fff9a7aa0513dd460b`
SHA256	`821fca425556816e95c10aa6c2f8aa0cacbfba9f8d86b42be31025a12a013079`
SHA3	`fa399293e18d413d6e41aff628cf0c6bb79b18c4d886c308e0c156b3f6ce5992`
VirtualSize	`0x2970`
VirtualAddress	`0xd9000`
SizeOfRawData	`0x2a00`
PointerToRawData	`0xd7200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.49044`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x1e0`
VirtualAddress	`0xdc000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`3dae99966606fc4a7ff64864e868b945`
SHA1	`926aa68cf0554f3b724dfa9c61fecec7bd5f153d`
SHA256	`d240526b46f43e8a627c166da7581784be18ae96182ada8615e2251ffecabb50`
SHA3	`a39c86f939b653ed10a998fa6fddb5dcba2fd94e9c911e1ed6bb91f72c174459`
VirtualSize	`0x1000`
VirtualAddress	`0xdd000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xd9c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.57164`

.CRT

MD5	`b4db8e373c1fecb1c82343cedeeca7a4`
SHA1	`c117b35a4174d697fdcfc8ed1352892c3aff4ecd`
SHA256	`c0eb66e37fc09f40b5c94368c912b67e197454b3464cca03dcfd154efddb018f`
SHA3	`0867e092871ec604e09d957c94607c1253286657b9de51e2084719027e61a93f`
VirtualSize	`0x68`
VirtualAddress	`0xde000`
SizeOfRawData	`0x200`
PointerToRawData	`0xdac00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.386578`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x10`
VirtualAddress	`0xdf000`
SizeOfRawData	`0x200`
PointerToRawData	`0xdae00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.reloc

MD5	`355ca40d543c9f43d0449dec299e46d7`
SHA1	`51e9e5b161bf5f85e034910799eff769b8577541`
SHA256	`df480b252c62a0aee4a122435292f46da686cb9b87732a4246c54065847bb9a6`
SHA3	`7b7a8ab41470ee3a4ee0d90b26e764b0148248f14072a3e0c3a22943424bac28`
VirtualSize	`0x2e0`
VirtualAddress	`0xe0000`
SizeOfRawData	`0x400`
PointerToRawData	`0xdb000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.43029`

Imports

KERNEL32.dll	`AddVectoredExceptionHandler` `CloseHandle` `CreateFileMappingA` `CreateFileW` `CreateToolhelp32Snapshot` `CreateWaitableTimerExW` `DeleteCriticalSection` `DeleteFileW` `DuplicateHandle` `EnterCriticalSection` `ExitProcess` `FindClose` `FindFirstFileExW` `FormatMessageW` `GetConsoleMode` `GetConsoleOutputCP` `GetCurrentDirectoryW` `GetCurrentProcess` `GetCurrentThread` `GetCurrentThreadId` `GetEnvironmentVariableW` `GetFileInformationByHandle` `GetFileInformationByHandleEx` `GetFullPathNameW` `GetLastError` `GetModuleHandleA` `GetModuleHandleW` `GetProcAddress` `GetProcessHeap` `GetStdHandle` `HeapAlloc` `HeapFree` `HeapReAlloc` `InitOnceBeginInitialize` `InitOnceComplete` `InitializeCriticalSection` `IsDebuggerPresent` `LeaveCriticalSection` `MapViewOfFile` `Module32FirstW` `Module32NextW` `MultiByteToWideChar` `QueryPerformanceCounter` `QueryPerformanceFrequency` `RaiseException` `RemoveDirectoryW` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlUnwindEx` `RtlVirtualUnwind` `SetConsoleMode` `SetFileInformationByHandle` `SetFilePointerEx` `SetFileTime` `SetLastError` `SetThreadStackGuarantee` `SetUnhandledExceptionFilter` `SetWaitableTimer` `Sleep` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `UnmapViewOfFile` `VirtualProtect` `VirtualQuery` `WaitForSingleObject` `WriteConsoleW` `__C_specific_handler`
msvcrt.dll	`__getmainargs` `__initenv` `__iob_func` `__set_app_type` `__setusermatherr` `_amsg_exit` `_cexit` `_commode` `_exit` `_fmode` `_fpreset` `_initterm` `_onexit` `abort` `calloc` `exit` `fprintf` `free` `fwrite` `malloc` `memcmp` `memcpy` `memmove` `memset` `signal` `strlen` `strncmp` `vfprintf`
ntdll.dll	`NtReadFile` `NtWriteFile` `RtlNtStatusToDosError`
api-ms-win-core-synch-l1-2-0.dll	`WaitOnAddress` `WakeByAddressAll` `WakeByAddressSingle`

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData	`0x1400df000`
EndAddressOfRawData	`0x1400df008`
AddressOfIndex	`0x1400dc10c`
AddressOfCallbacks	`0x1400de038`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x00000001400131F0` `0x000000014003AE00` `0x000000014003ADD0`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!

Leave a comment

No comments yet.