Manalyze report for cf9e844309d987976724a9ec04856d1b856fccb45aa636f8c90c9094d68dcda4

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2025-Apr-14 22:08:51
Debug artifacts	verifier.exe.pdb

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .gxfg`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Info	The PE is digitally signed.	`Signer: TeamDev Management O\xC3\x9C` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Safe	VirusTotal score: 0/72 (Scanned on 2026-04-23 16:41:23)	`All the AVs think this file is safe.`

Hashes

MD5	`d088a9759705037fbe43fd4d7435a9fc`
SHA1	`c32424e0a7707e734a1f4712b96a6feafdbc36d9`
SHA256	`cf9e844309d987976724a9ec04856d1b856fccb45aa636f8c90c9094d68dcda4`
SHA3	`43f364e5899835764f780e67aa38a659a01f36f271da867fa35c98596682d71b`
SSDeep	`6144:1/+qdYt0UT/B/UX/IeKk0YFzEun8CoFModiJwLTtuy/HLF5f/qwWtp:12qdK0UDB/UAvYz8CoFMyiJKuy/HLFC`
Imports Hash	`dcb7732668faca44fe9cd729e26c9701`

DOS Header

e_magic	`MZ`
e_cblp	`0x78`
e_cp	`0x1`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0`
e_ss	`0`
e_sp	`0`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x78`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`8`
TimeDateStamp	2025-Apr-14 22:08:51
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x58200`
SizeOfInitializedData	`0x21c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000000F7E0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`A.0`
ImageVersion	`0.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0x82000`
SizeOfHeaders	`0x400`
Checksum	`0x86929`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d0415cafe379fea92347be3681a41bf3`
SHA1	`6320e871c9cb0edbf609ee68743cabf0fc9c5850`
SHA256	`06c1cd8478936532ddf21237bb44427b896d2597072650c7263fa1e29071cd07`
SHA3	`1e29371b47c6af75971c2041b294eff7c3e01d81b89a6601dfdd62d4b8777ff2`
VirtualSize	`0x58034`
VirtualAddress	`0x1000`
SizeOfRawData	`0x58200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.49278`

.rdata

MD5	`727a4875ccd5187e0935af7c2480567f`
SHA1	`2b83eeb903a9e13e6bbc756856c5f0872359f2a2`
SHA256	`64e07c24228c6c452214c0877ad1b3a6d4206b89bb6bf064ab56e2bca167b3c8`
SHA3	`56ca845eddd9f72ef6a1840cf39091d89b71da5f5c44aeb71a52890c2ab7d9cb`
VirtualSize	`0x17984`
VirtualAddress	`0x5a000`
SizeOfRawData	`0x17a00`
PointerToRawData	`0x58600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.01336`

.data

MD5	`c938a1c54dcf3b96eec1fec2a60447b0`
SHA1	`6ac0a95859ce1719963e1310cbf17847f1ef95fb`
SHA256	`d1fcd99ca302dcd18e00c300a5283f15bd4878be5cb2acc3799db65b6a407393`
SHA3	`64e106f83a1bd02cba1316f4156022a523c776aa99f9f8cb0cc07d3d6a65f49b`
VirtualSize	`0x4c38`
VirtualAddress	`0x72000`
SizeOfRawData	`0x2400`
PointerToRawData	`0x70000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.62238`

.pdata

MD5	`cabaf559c5cbb3ac9af593224ea94e38`
SHA1	`78cae2b71f9c6dbb0a5dd7c888798356cfe8a830`
SHA256	`944489ec7c975fdd1d58b3273ade3b6389a78248b04d216dca8e9b11e40a9069`
SHA3	`dd7aea6c54637fab9bdeb7165b29ed09666121cc41fad3680ac0e008caf8263d`
VirtualSize	`0x4224`
VirtualAddress	`0x77000`
SizeOfRawData	`0x4400`
PointerToRawData	`0x72400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.65491`

.gxfg

MD5	`d436ee0bb357310f85f905f9e896772b`
SHA1	`36ee77d6969a696d355fb2d0266a8be9802219dc`
SHA256	`b765bcfbb97bc6c42f8ae3035591c5d305223626d13428f0975c89b05822dd8c`
SHA3	`d9125970d4e8b50ef0944385ca9bd290875a00b71e85a19be09b57a23de2e668`
VirtualSize	`0x27b0`
VirtualAddress	`0x7c000`
SizeOfRawData	`0x2800`
PointerToRawData	`0x76800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.19774`

.tls

MD5	`1f354d76203061bfdd5a53dae48d5435`
SHA1	`aa0d33a0c854e073439067876e932688b65cb6a9`
SHA256	`4c6474903705cb450bb6434c29e8854f17d8324efca1fdb9ee9008599060883a`
SHA3	`991fbbd46bbd69198269fe6c247d440e0f8a7d38259b7a1e04b74790301d1d2b`
VirtualSize	`0x9`
VirtualAddress	`0x7f000`
SizeOfRawData	`0x200`
PointerToRawData	`0x79000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0203931`

_RDATA

MD5	`f7585b860957069bc97a3a324a05e90d`
SHA1	`c72ae24761241cf2ba9e44da28817307bd725e36`
SHA256	`b6edba4a2180913d1fc58a836fde5893d433d89fee36dd108e281f9ffd6061e7`
SHA3	`2f9aeebae155d8fbd72713454b18fb3d504274cbe66e6424f7c774036e981ab4`
VirtualSize	`0x1f4`
VirtualAddress	`0x80000`
SizeOfRawData	`0x200`
PointerToRawData	`0x79200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.23781`

.reloc

MD5	`d5450ade94a1976fcd4dd94351f8e9e2`
SHA1	`e451abf49e7902384ad7d460b42de12ce946d0e7`
SHA256	`fd2a2c00b311984d83d4b57817fd7ef31d75e7e75ed5550ec6ce3faa40657977`
SHA3	`fc07a279a166434ad6afc77c60523a4c28aa4b0a66422106cd8d2a0dc82056a4`
VirtualSize	`0xc70`
VirtualAddress	`0x81000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x79400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.20162`

Imports

KERNEL32.dll	`AcquireSRWLockExclusive` `AreFileApisANSI` `CloseHandle` `CompareStringW` `CreateFileW` `DeleteCriticalSection` `EncodePointer` `EnterCriticalSection` `EnumSystemLocalesW` `ExitProcess` `FindClose` `FindFirstFileExW` `FindNextFileW` `FlsAlloc` `FlsFree` `FlsGetValue` `FlsSetValue` `FlushFileBuffers` `FormatMessageA` `FreeEnvironmentStringsW` `FreeLibrary` `GetACP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `GetConsoleMode` `GetConsoleOutputCP` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThreadId` `GetDateFormatW` `GetEnvironmentStringsW` `GetFileInformationByHandle` `GetFileInformationByHandleEx` `GetFileSizeEx` `GetFileType` `GetLastError` `GetLocaleInfoW` `GetModuleFileNameW` `GetModuleHandleExW` `GetModuleHandleW` `GetOEMCP` `GetProcAddress` `GetProcessHeap` `GetStartupInfoW` `GetStdHandle` `GetStringTypeW` `GetSystemTimeAsFileTime` `GetTimeFormatW` `GetTimeZoneInformation` `GetUserDefaultLCID` `HeapAlloc` `HeapFree` `HeapReAlloc` `HeapSize` `InitializeCriticalSectionAndSpinCount` `InitializeSListHead` `IsDebuggerPresent` `IsProcessorFeaturePresent` `IsValidCodePage` `IsValidLocale` `LCMapStringW` `LeaveCriticalSection` `LoadLibraryExW` `LocalFree` `MultiByteToWideChar` `QueryPerformanceCounter` `RaiseException` `ReadConsoleW` `ReadFile` `ReleaseSRWLockExclusive` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlPcToFileHeader` `RtlUnwind` `RtlUnwindEx` `RtlVirtualUnwind` `SetEndOfFile` `SetEnvironmentVariableW` `SetFilePointerEx` `SetLastError` `SetStdHandle` `SetUnhandledExceptionFilter` `SleepConditionVariableSRW` `TerminateProcess` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `UnhandledExceptionFilter` `WakeAllConditionVariable` `WideCharToMultiByte` `WriteConsoleW` `WriteFile`

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Apr-14 22:08:51
Version	`0.0`
SizeofData	`41`
AddressOfRawData	`0x67e84`
PointerToRawData	`0x66484`
Referenced File	verifier.exe.pdb

UNKNOWN

Characteristics	`0`
TimeDateStamp	2025-Apr-14 22:08:51
Version	`0.0`
SizeofData	`4`
AddressOfRawData	`0x67eb0`
PointerToRawData	`0x664b0`

TLS Callbacks

StartAddressOfRawData	`0x14007f000`
EndAddressOfRawData	`0x14007f008`
AddressOfIndex	`0x140074298`
AddressOfCallbacks	`0x1400684a0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140072040`
GuardCFCheckFunctionPointer	`5369136112`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

Errors

Leave a comment

No comments yet.