Manalyze report for d08fababcba8661ce164f6b2b3c98130

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Jan-03 16:09:45
Detected languages	English - United States

Plugin Output

Info	Libraries used to perform cryptographic operations:	`Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Section .data is both writable and executable.` `Unusual section name found: .MrH0` `Unusual section name found: .MrH1` `Unusual section name found: .MrH2`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Uses Microsoft's cryptographic API: CryptDestroyKey` `Leverages the raw socket API to access the Internet: gethostname`
Info	The PE is digitally signed.	`Signer: IP Petrov Pavel Alekseevich` `Issuer: GlobalSign GCC R45 CodeSigning CA 2020`
Suspicious	VirusTotal score: 1/72 (Scanned on 2025-01-03 17:19:18)	`Cylance: Unsafe`

Hashes

MD5	`d08fababcba8661ce164f6b2b3c98130`
SHA1	`2f1b1d03bbbac48e8176a615db48d3919fe0de73`
SHA256	`9b0f31dd24d0d4045010378d9b7543058c58241a8a24ffbe7bc1a8b226b863bf`
SHA3	`06e016cdf3378d00a36bade5ebbbf7e249096e6cb6a197849982782d1b27ecff`
SSDeep	`393216:kPeNJD5LGEL36qxv++EU4ViMgTX6f5PNSlOdwlXQhVoOTEZmAPGqy:FJGaJ++hIiti2Odwl2oOIho`
Imports Hash	`8cafa66af7c49d7ae3f945ad519e2365`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`7`
TimeDateStamp	2025-Jan-03 16:09:45
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x15c600`
SizeOfInitializedData	`0x39fc00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x028D86A2 (Section: .MrH2)`
BaseOfCode	`0x1000`
BaseOfData	`0x15e000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x298c000`
SizeOfHeaders	`0x400`
Checksum	`0x14acc65`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x15c4af`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.rdata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x14912a`
VirtualAddress	`0x15e000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.data

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x24b26c`
VirtualAddress	`0x2a8000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.MrH0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xff9f45`
VirtualAddress	`0x4f4000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.MrH1

MD5	`0a307fed0aa5f2539ea2a1fa472466de`
SHA1	`63adebddff42df255639f62eb338c22dd765ca50`
SHA256	`e75c549e2e6c1da4ed23ccffd524f4c5d21acaedf62d7d5eac4e04890aa2fd54`
SHA3	`357f994fe81373256b2c5391d61c667b21d0714485620f579851b03e6d1f88b1`
VirtualSize	`0x8b8`
VirtualAddress	`0x14ee000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.519596`

.MrH2

MD5	`a5adf226ad8e9d93490f40ccf1dbd27f`
SHA1	`cf64fecc74e5f43df5eab52c4cde960a054db807`
SHA256	`4c6699020f67524fd71881db11752f3b95423ef9059e1dcc631cb349736c5168`
SHA3	`f26ec579ef79e2c1693f9ee47483c87512550e73a1b50e5b9c45656199f9ef8d`
VirtualSize	`0x149bec0`
VirtualAddress	`0x14ef000`
SizeOfRawData	`0x149c000`
PointerToRawData	`0xe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99694`

.rsrc

MD5	`7b0bc080331986f84a95db5320d42f30`
SHA1	`7206b7dc15965c06bce02594591778c56cfac23a`
SHA256	`c6898fe750327183184e3c9bb4d4ba95099cb765fe86113644ee7d1f659b48db`
SHA3	`9b052231626112d275471d75098056145ec5497267f188c532399e3734c8416b`
VirtualSize	`0x1e0`
VirtualAddress	`0x298b000`
SizeOfRawData	`0x200`
PointerToRawData	`0x149ce00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.7879`

Imports

WS2_32.dll	`gethostname`
CRYPT32.dll	`CertGetCertificateChain`
KERNEL32.dll	`ExpandEnvironmentStringsW`
USER32.dll	`MessageBoxA`
ADVAPI32.dll	`CryptDestroyKey`
SHELL32.dll	`CommandLineToArgvW`
ole32.dll	`CoSetProxyBlanket`
OLEAUT32.dll	`VariantClear`
IPHLPAPI.DLL	`GetIpNetTable`
ntdll.dll	`RtlInitUnicodeString`
dxgi.dll	`CreateDXGIFactory`
snmpapi.dll	`SnmpUtilMemAlloc`
SETUPAPI.dll	`SetupDiDestroyDeviceInfoList`
d3d9.dll	`Direct3DCreate9`
d3dx9_43.dll	`D3DXCreateTextureFromFileInMemory`
IMM32.dll	`ImmSetCompositionWindow`
bcrypt.dll	`BCryptGenRandom`
KERNEL32.dll (#2)	`ExpandEnvironmentStringsW`
USER32.dll (#2)	`MessageBoxA`
KERNEL32.dll (#3)	`ExpandEnvironmentStringsW`

Delayed Imports

??0Assembler@asmjit@@QAE@PAURuntime@1@@Z

Ordinal	`1`
Address	`0x100aa0`

??0CodeGen@asmjit@@QAE@PAURuntime@1@@Z

Ordinal	`2`
Address	`0x118a80`

??0HostRuntime@asmjit@@QAE@XZ

Ordinal	`3`
Address	`0x118ee0`

??0JitRuntime@asmjit@@QAE@XZ

Ordinal	`4`
Address	`0x118f10`

??0Runtime@asmjit@@QAE@XZ

Ordinal	`5`
Address	`0x118f80`

??0StaticRuntime@asmjit@@QAE@PAXI@Z

Ordinal	`6`
Address	`0x118fe0`

??0VMemMgr@asmjit@@QAE@PAX@Z

Ordinal	`7`
Address	`0x1136a0`

??0X86Assembler@asmjit@@QAE@PAURuntime@1@I@Z

Ordinal	`8`
Address	`0x129690`

??0Zone@asmjit@@QAE@I@Z

Ordinal	`9`
Address	`0x118680`

??1Assembler@asmjit@@UAE@XZ

Ordinal	`10`
Address	`0x100be0`

??1CodeGen@asmjit@@UAE@XZ

Ordinal	`11`
Address	`0x118b20`

??1HostRuntime@asmjit@@UAE@XZ

Ordinal	`12`
Address	`0x119020`

??1JitRuntime@asmjit@@UAE@XZ

Ordinal	`13`
Address	`0x119040`

??1Runtime@asmjit@@UAE@XZ

Ordinal	`14`
Address	`0x119070`

??1StaticRuntime@asmjit@@UAE@XZ

Ordinal	`15`
Address	`0x119090`

??1VMemMgr@asmjit@@QAE@XZ

Ordinal	`16`
Address	`0x113770`

??1X86Assembler@asmjit@@UAE@XZ

Ordinal	`17`
Address	`0x1297f0`

??1Zone@asmjit@@QAE@XZ

Ordinal	`18`
Address	`0x1186b0`

??_FVMemMgr@asmjit@@QAEXXZ

Ordinal	`19`
Address	`0xee690`

?_alloc@Zone@asmjit@@QAEPAXI@Z

Ordinal	`20`
Address	`0x1186f0`

?_emit@X86Assembler@asmjit@@UAEIIABUOperand@2@000@Z

Ordinal	`21`
Address	`0x1298b0`

?_grow@Assembler@asmjit@@QAEII@Z

Ordinal	`22`
Address	`0x100d80`

?_grow@PodVectorBase@asmjit@@IAEIII@Z

Ordinal	`23`
Address	`0x118d10`

?_newLabel@Assembler@asmjit@@QAEIPAULabel@2@@Z

Ordinal	`24`
Address	`0x100e50`

?_newLabelLink@Assembler@asmjit@@QAEPAULabelLink@2@XZ

Ordinal	`25`
Address	`0x100ed0`

?_nullData@PodVectorBase@asmjit@@2UPodVectorData@2@B

Ordinal	`26`
Address	`0x174d70`

?_registerIndexedLabels@Assembler@asmjit@@QAEII@Z

Ordinal	`27`
Address	`0x100f50`

?_relocCode@X86Assembler@asmjit@@UBEIPAX_K@Z

Ordinal	`28`
Address	`0x129930`

?_reserve@Assembler@asmjit@@QAEII@Z

Ordinal	`29`
Address	`0x100fe0`

?_reserve@PodVectorBase@asmjit@@IAEIII@Z

Ordinal	`30`
Address	`0x118de0`

?_x86CondToCmovcc@asmjit@@3QBIB

Ordinal	`31`
Address	`0x178e10`

?_x86CondToJcc@asmjit@@3QBIB

Ordinal	`32`
Address	`0x178e60`

?_x86CondToSetcc@asmjit@@3QBIB

Ordinal	`33`
Address	`0x178eb0`

?_x86InstExtendedInfo@asmjit@@3QBUX86InstExtendedInfo@1@B

Ordinal	`34`
Address	`0x175220`

?_x86InstInfo@asmjit@@3QBUX86InstInfo@1@B

Ordinal	`35`
Address	`0x176c90`

?_x86ReverseCond@asmjit@@3QBIB

Ordinal	`36`
Address	`0x178dc0`

?add@JitRuntime@asmjit@@UAEIPAPAXPAUAssembler@2@@Z

Ordinal	`37`
Address	`0x119330`

?add@StaticRuntime@asmjit@@UAEIPAPAXPAUAssembler@2@@Z

Ordinal	`38`
Address	`0x119400`

?align@X86Assembler@asmjit@@UAEIII@Z

Ordinal	`39`
Address	`0x129b90`

?alloc@VMemMgr@asmjit@@QAEPAXII@Z

Ordinal	`40`
Address	`0x1138b0`

?alloc@VMemUtil@asmjit@@SAPAXIPAII@Z

Ordinal	`41`
Address	`0x1138f0`

?allocProcessMemory@VMemUtil@asmjit@@SAPAXPAXIPAII@Z

Ordinal	`42`
Address	`0x113910`

?allocZeroed@Zone@asmjit@@QAEPAXI@Z

Ordinal	`43`
Address	`0x118800`

?bind@Assembler@asmjit@@UAEIABULabel@2@@Z

Ordinal	`44`
Address	`0x101160`

?callCpuId@X86CpuUtil@asmjit@@SAXIIPATX86CpuId@2@@Z

Ordinal	`45`
Address	`0x12cd50`

?detect@X86CpuUtil@asmjit@@SAXPAUX86CpuInfo@2@@Z

Ordinal	`46`
Address	`0x12cd90`

?detectHwThreadsCount@CpuInfo@asmjit@@SAIXZ

Ordinal	`47`
Address	`0x12c350`

?dup@Zone@asmjit@@QAEPAXPBXI@Z

Ordinal	`48`
Address	`0x118840`

?embed@Assembler@asmjit@@UAEIPBXI@Z

Ordinal	`49`
Address	`0x1012f0`

?embedLabel@X86Assembler@asmjit@@QAEIABULabel@2@@Z

Ordinal	`50`
Address	`0x12a000`

?emit@Assembler@asmjit@@QAEII@Z

Ordinal	`51`
Address	`0x101370`

?emit@Assembler@asmjit@@QAEIIABUOperand@2@00@Z

Ordinal	`52`
Address	`0x1013b0`

?emit@Assembler@asmjit@@QAEIIABUOperand@2@00H@Z

Ordinal	`53`
Address	`0x1013f0`

?emit@Assembler@asmjit@@QAEIIABUOperand@2@00_K@Z

Ordinal	`54`
Address	`0x101440`

?emit@Assembler@asmjit@@QAEIIABUOperand@2@0@Z

Ordinal	`55`
Address	`0x101490`

?emit@Assembler@asmjit@@QAEIIABUOperand@2@0H@Z

Ordinal	`56`
Address	`0x1014d0`

?emit@Assembler@asmjit@@QAEIIABUOperand@2@0_K@Z

Ordinal	`57`
Address	`0x101520`

?emit@Assembler@asmjit@@QAEIIABUOperand@2@@Z

Ordinal	`58`
Address	`0x101570`

?emit@Assembler@asmjit@@QAEIIABUOperand@2@H@Z

Ordinal	`59`
Address	`0x1015b0`

?emit@Assembler@asmjit@@QAEIIABUOperand@2@_K@Z

Ordinal	`60`
Address	`0x101600`

?emit@Assembler@asmjit@@QAEIIH@Z

Ordinal	`61`
Address	`0x101650`

?emit@Assembler@asmjit@@QAEII_K@Z

Ordinal	`62`
Address	`0x1016a0`

?flush@HostRuntime@asmjit@@UAEXPAXI@Z

Ordinal	`63`
Address	`0xe5df0`

?getCpuInfo@HostRuntime@asmjit@@UAEPBUCpuInfo@2@XZ

Ordinal	`64`
Address	`0x119510`

?getHost@CpuInfo@asmjit@@SAPBU12@XZ

Ordinal	`65`
Address	`0x12c370`

?getPageGranularity@VMemUtil@asmjit@@SAIXZ

Ordinal	`66`
Address	`0x113a90`

?getPageSize@VMemUtil@asmjit@@SAIXZ

Ordinal	`67`
Address	`0x113ab0`

?getStackAlignment@HostRuntime@asmjit@@UAEIXZ

Ordinal	`68`
Address	`0x119520`

?make@Assembler@asmjit@@UAEPAXXZ

Ordinal	`69`
Address	`0x101820`

?noOperand@asmjit@@3UOperand@1@B

Ordinal	`70`
Address	`0x174d78`

?ptr_abs@x86@asmjit@@YA?AUX86Mem@2@_KABUX86Reg@2@IHI@Z

Ordinal	`71`
Address	`0x119630`

?ptr_abs@x86@asmjit@@YA?AUX86Mem@2@_KHI@Z

Ordinal	`72`
Address	`0x1196e0`

?release@JitRuntime@asmjit@@UAEIPAX@Z

Ordinal	`73`
Address	`0x119540`

?release@StaticRuntime@asmjit@@UAEIPAX@Z

Ordinal	`74`
Address	`0x119570`

?release@VMemMgr@asmjit@@QAEIPAX@Z

Ordinal	`75`
Address	`0x113c50`

?release@VMemUtil@asmjit@@SAIPAXI@Z

Ordinal	`76`
Address	`0x113ef0`

?releaseProcessMemory@VMemUtil@asmjit@@SAIPAX0I@Z

Ordinal	`77`
Address	`0x113f10`

?relocCode@Assembler@asmjit@@QBEIPAX_K@Z

Ordinal	`78`
Address	`0x101890`

?reset@Assembler@asmjit@@QAEX_N@Z

Ordinal	`79`
Address	`0x101930`

?reset@PodVectorBase@asmjit@@QAEX_N@Z

Ordinal	`80`
Address	`0x118e90`

?reset@VMemMgr@asmjit@@QAEXXZ

Ordinal	`81`
Address	`0x113f60`

?reset@Zone@asmjit@@QAEX_N@Z

Ordinal	`82`
Address	`0x1188c0`

?sdup@Zone@asmjit@@QAEPADPBD@Z

Ordinal	`83`
Address	`0x118980`

?setArch@X86Assembler@asmjit@@QAEII@Z

Ordinal	`84`
Address	`0x12a7f0`

?setError@CodeGen@asmjit@@QAEIIPBD@Z

Ordinal	`85`
Address	`0x118c50`

?setErrorHandler@CodeGen@asmjit@@QAEIPAUErrorHandler@2@@Z

Ordinal	`86`
Address	`0x118cc0`

?sformat@Zone@asmjit@@QAAPADPBDZZ

Ordinal	`87`
Address	`0x118a10`

?shrink@VMemMgr@asmjit@@QAEIPAXI@Z

Ordinal	`88`
Address	`0x113f80`

?x86RegData@asmjit@@3UX86RegData@1@B

Ordinal	`89`
Address	`0x172ab0`

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

Version Info

TLS Callbacks

Load Configuration

Size	`0xc0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x6a8600`
SEHandlerTable	`0x2d8a970`
SEHandlerCount	`338`

RICH Header

Errors

[!] Error: Could not reach the TLS callback table.
[*] Warning: Section .text has a size of 0!
[*] Warning: Section .rdata has a size of 0!
[*] Warning: Section .data has a size of 0!
[*] Warning: Section .MrH0 has a size of 0!
[*] Warning: 1 invalid export(s) not shown.