Manalyze report for cd68f3789536d3b572e1aafbdbc4c19e65c10c3ad0102b338daa618ca3ed289d

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Feb-20 11:40:19
Detected languages	English - United States
CompanyName	com.haronerp
FileDescription	marakipos
FileVersion	`5.1.6+11`
InternalName	marakipos
LegalCopyright	Copyright (C) 2025 com.haronerp. All rights reserved.
OriginalFilename	marakipos.exe
ProductName	Maraki POS
ProductVersion	`5.1.6+11`

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Can access the registry: RegGetValueW`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`122c1875dcb964b3c066a3de08a1ab22`
SHA1	`6734ad0abac1d39abd28ea20d33b4b8e8330e74f`
SHA256	`cd68f3789536d3b572e1aafbdbc4c19e65c10c3ad0102b338daa618ca3ed289d`
SHA3	`fe9fc6d44f4938589c1fef81a0fbea9b78453236dffe862909c2288c55342268`
SSDeep	`1536:sa29HkjBIAh4U6MM2xKMgWDX2VsXArWlch5rgQ:sa29Hmai6fmDmVsXArCch50Q`
Imports Hash	`2878c5070a6c85bebb54758d2806e406`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2026-Feb-20 11:40:19
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x6400`
SizeOfInitializedData	`0xb000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000006334 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x15000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`245a62b2b0ee51eab7af695f450a9f44`
SHA1	`3f9e4e2b2845d4453b34545addd9bd967729610f`
SHA256	`4f88effa40eff512c88a6bc8dc94791a9dcd944a3773714ea635eed5e2a519cf`
SHA3	`d9ab44c6c169776735d64f23576b4c0bcc185747b49323eb5a7e3a32decf3817`
VirtualSize	`0x6330`
VirtualAddress	`0x1000`
SizeOfRawData	`0x6400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.11859`

.rdata

MD5	`03370282cc6d75b86772b8b74d3602bf`
SHA1	`2d14ccd902754348fb2c1ea4ad2b33a93c0b4c42`
SHA256	`5cc75fd95104026ecfa36ccdae97833e6fd2fcf4347f7f252f4d4a408b780f51`
SHA3	`68166e0ecd1edc29abe1565cc95f0c70107d5e794006b51b689ae371f84ac40a`
VirtualSize	`0x6790`
VirtualAddress	`0x8000`
SizeOfRawData	`0x6800`
PointerToRawData	`0x6800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.0469`

.data

MD5	`ebb16fbf9be1461579380da3940ddb33`
SHA1	`63bb8808449c526e9e2105bf8243da768f482601`
SHA256	`797512ef36566544ed260ddc3b0ee0421aa343de2bb6df7b2858776d328bed66`
SHA3	`c9195babb51af8ed264a43b3f400e720eac7f1e138f41e1f9200c31698ba0506`
VirtualSize	`0xc38`
VirtualAddress	`0xf000`
SizeOfRawData	`0x800`
PointerToRawData	`0xd000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.60926`

.pdata

MD5	`014433e487c99e5ee1894e0e70422591`
SHA1	`48d8d3a1fba9c660abe69b0d4d259d6d82165ec3`
SHA256	`6e48949ab2d0ca048ca80bb5629990f4b680f9ba066f8052d336f73b5790be57`
SHA3	`52994275722bb580f1b29141d9dcf4865606abdb1e645474eebd75a09a93f175`
VirtualSize	`0x780`
VirtualAddress	`0x10000`
SizeOfRawData	`0x800`
PointerToRawData	`0xd800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.22699`

.rsrc

MD5	`e5e64d8f26256bb6c22af83fd020a90b`
SHA1	`5dd84e313ae7709a3994db1a699c7948779b8ceb`
SHA256	`f2dcee9337380434c3627db120eeb759395504a19d62d185d8a95ab519b79fd5`
SHA3	`1d7b42197b46c88afaacc5aa377746613022bf219d73504543bb7139b23f9b4a`
VirtualSize	`0x2e10`
VirtualAddress	`0x11000`
SizeOfRawData	`0x3000`
PointerToRawData	`0xe000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.157`

.reloc

MD5	`a1e40c3d6aad70e00b7290feee43520e`
SHA1	`bf80a96c70f6fb99b842211ac3253977d66bbbfc`
SHA256	`827c756396e5ade970b0155fd16fb536e77a7d52293c87cde86009ecce07bf43`
SHA3	`ac87b5a74b8ceff7b8c3045de9f30f17f2e6c41c5b61ad4267a6f8768e41c095`
VirtualSize	`0xfc`
VirtualAddress	`0x14000`
SizeOfRawData	`0x200`
PointerToRawData	`0x11000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.26686`

Imports

dwmapi.dll	`DwmSetWindowAttribute`
connectivity_plus_plugin.dll	`ConnectivityPlusWindowsPluginRegisterWithRegistrar`
file_selector_windows_plugin.dll	`FileSelectorWindowsRegisterWithRegistrar`
flutter_secure_storage_windows_plugin.dll	`FlutterSecureStorageWindowsPluginRegisterWithRegistrar`
hotkey_manager_windows_plugin.dll	`HotkeyManagerWindowsPluginCApiRegisterWithRegistrar`
permission_handler_windows_plugin.dll	`PermissionHandlerWindowsPluginRegisterWithRegistrar`
printing_plugin.dll	`PrintingPluginRegisterWithRegistrar`
screen_retriever_windows_plugin.dll	`ScreenRetrieverWindowsPluginCApiRegisterWithRegistrar`
url_launcher_windows_plugin.dll	`UrlLauncherWindowsRegisterWithRegistrar`
window_manager_plugin.dll	`WindowManagerPluginRegisterWithRegistrar`
flutter_windows.dll	`FlutterDesktopEngineCreate` `FlutterDesktopEngineDestroy` `FlutterDesktopEngineReloadSystemFonts` `FlutterDesktopEngineGetPluginRegistrar` `FlutterDesktopEngineGetMessenger` `FlutterDesktopEngineSetNextFrameCallback` `FlutterDesktopResyncOutputStreams` `FlutterDesktopViewControllerCreate` `FlutterDesktopViewControllerDestroy` `FlutterDesktopViewControllerGetView` `FlutterDesktopViewControllerForceRedraw` `FlutterDesktopViewControllerHandleTopLevelWindowProc` `FlutterDesktopViewGetHWND` `FlutterDesktopMessengerSendWithReply` `FlutterDesktopMessengerSendResponse` `FlutterDesktopGetDpiForMonitor` `FlutterDesktopMessengerSetCallback` `FlutterDesktopMessengerAddRef` `FlutterDesktopMessengerRelease` `FlutterDesktopMessengerIsAvailable` `FlutterDesktopMessengerLock` `FlutterDesktopMessengerUnlock` `FlutterDesktopMessengerSend`
KERNEL32.dll	`GetSystemTimeAsFileTime` `GetCurrentThreadId` `GetCurrentProcessId` `QueryPerformanceCounter` `IsProcessorFeaturePresent` `TerminateProcess` `GetCurrentProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `InitializeSListHead` `AttachConsole` `GetCommandLineW` `LocalFree` `WideCharToMultiByte` `AllocConsole` `FreeLibrary` `GetModuleHandleW` `GetProcAddress` `IsDebuggerPresent` `LoadLibraryA` `GetStartupInfoW`
USER32.dll	`MonitorFromPoint` `LoadIconW` `LoadCursorW` `SetParent` `SetWindowLongPtrW` `GetWindowLongPtrW` `GetClientRect` `SetWindowPos` `SetWindowLongW` `MonitorFromWindow` `GetMonitorInfoW` `GetMessageW` `TranslateMessage` `DispatchMessageW` `DefWindowProcW` `PostQuitMessage` `RegisterClassW` `UnregisterClassW` `CreateWindowExW` `DestroyWindow` `ShowWindow` `MoveWindow` `SetFocus`
SHELL32.dll	`CommandLineToArgvW`
ole32.dll	`CoInitializeEx` `CoUninitialize`
ADVAPI32.dll	`RegGetValueW`
MSVCP140.dll	`?width@ios_base@std@@QEAA_J_J@Z` `?width@ios_base@std@@QEBA_JXZ` `?flags@ios_base@std@@QEBAHXZ` `?good@ios_base@std@@QEBA_NXZ` `?_Xbad_function_call@std@@YAXXZ` `?sync_with_stdio@ios_base@std@@SA_N_N@Z` `?_Raise_handler@std@@3P6AXAEBVexception@stdext@@@ZEA` `?_Xlength_error@std@@YAXPEBD@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ` `?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ` `?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`__std_exception_copy` `__std_exception_destroy` `_CxxThrowException` `memcpy` `__current_exception_context` `__C_specific_handler` `memset` `__std_terminate` `__current_exception` `memcmp` `__std_type_info_compare` `memmove`
api-ms-win-crt-runtime-l1-1-0.dll	`_initterm_e` `_initterm` `_get_wide_winmain_command_line` `_initialize_wide_environment` `_configure_wide_argv` `exit` `_set_app_type` `_seh_filter_exe` `_exit` `_invoke_watson` `terminate` `_initialize_onexit_table` `_register_onexit_function` `_cexit` `_crt_atexit` `_register_thread_local_exe_atexit_callback` `_c_exit`
api-ms-win-crt-string-l1-1-0.dll	`strlen` `wcslen`
api-ms-win-crt-stdio-l1-1-0.dll	`_dup2` `__acrt_iob_func` `_fileno` `freopen_s` `_set_fmode` `__p__commode`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `malloc` `free` `_callnewh`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.44348`
MD5	`f52a57e3b0c37b9b38e89715dda21b80`
SHA1	`78425cbde131a5d9aec747f68462bf313ccfac8b`
SHA256	`43bb9c78574372df5a233bd31bddaf36e08fc2ab54980d6b026550135373408e`
SHA3	`fbe284aa0acff66511c9a8dd5760ff2d4d37dfb0c5ffa8b1653ff8531601fb49`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91924`
Detected Filetype	Icon file
MD5	`6da8e7d5ae1d5d15e0230a67a7c16c6d`
SHA1	`678db52cbe5d617c33c6269bfd4b6d8d1a17f956`
SHA256	`6eb54801f91b6d8effccbfaefe6b2d7705a274a75940e6226e24e0d4ec58c396`
SHA3	`994fc217c7b8bc8008ac262ff58044403206de6eceafd424d4640ecad395eb2f`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x300`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.40691`
MD5	`9a792960d6b2d72a6259272d1d2c2be3`
SHA1	`63371c428c33e7fc974c832d1a8cc9b492e7418a`
SHA256	`d9339a2ecc78063c1525f549667b9db5f7f1d6ad5400bf8a0928f6436d78329e`
SHA3	`4cad7c9d4de1d34c9bdced01bbacf59f1a27242ffb63c58a5cb5d928098c162f`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x41a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.05432`
MD5	`03395896369b9f4d54afe96da59504a0`
SHA1	`2ed56089540e69abed7a1301e805acd46b2fd790`
SHA256	`ad004b008efc9493f914a11d76fa9869e8e10222ae9a276859456af8aa17cf1b`
SHA3	`1301031d7d35879e3c236cbbf6b349dcc3aa44f886a1e004c99944a5014a3384`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	5.1.6.11
ProductVersion	5.1.6.11
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	com.haronerp
FileDescription	marakipos
FileVersion (#2)	5.1.6+11
InternalName	marakipos
LegalCopyright	Copyright (C) 2025 com.haronerp. All rights reserved.
OriginalFilename	marakipos.exe
ProductName	Maraki POS
ProductVersion (#2)	5.1.6+11

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Feb-20 11:40:19
Version	`0.0`
SizeofData	`832`
AddressOfRawData	`0xbe08`
PointerToRawData	`0xa608`

TLS Callbacks

StartAddressOfRawData	`0x14000c168`
EndAddressOfRawData	`0x14000c170`
AddressOfIndex	`0x14000f678`
AddressOfCallbacks	`0x1400085e0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14000f000`

RICH Header

XOR Key	`0x46885a0b`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`12`
ASM objects (35207)	`3`
C objects (35207)	`10`
C++ objects (35207)	`30`
Imports (35207)	`6`
Imports (VS2022 Update 4 (17.4.3-4) compiler 31937)	`2`
Imports (35222)	`18`
Imports (33145)	`13`
Total imports	`168`
C++ objects (35222)	`9`
Resource objects (35222)	`1`
151	`1`
Linker (35222)	`1`

Errors

Leave a comment

No comments yet.