Manalyze report for d0c8bcb3c5f523d61fdad52430411deef618558b7e28b9ee626c2741fb2d98a7

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2025-Jun-25 16:44:44
Detected languages	English - United States
Debug artifacts	C:\Omar\Work\imgui\examples\example_win32_directx11\Release\example_win32_directx11.pdb

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ v6.0 DLL` `Microsoft Visual C++ 6.0 - 8.0` `MASM/TASM - sig1(h)`
Info	Interesting strings found in the binary:	`Contains domain names: dearimgui.com github.com https://github.com https://www.dearimgui.com https://www.dearimgui.com/faq/ www.dearimgui.com`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Possibly launches other programs: ShellExecuteW` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	VirusTotal score: 2/72 (Scanned on 2025-07-30 18:17:16)	`APEX: Malicious` `CrowdStrike: win/grayware_confidence_60% (D)`

Hashes

MD5	`188c36bf2848898f3462e48b8183d497`
SHA1	`023bfa2026602052b2f7b05dcf6068fd3aa3f584`
SHA256	`d0c8bcb3c5f523d61fdad52430411deef618558b7e28b9ee626c2741fb2d98a7`
SHA3	`6b8589f1b5a86c83906e811d3f7f87a1ef3d9562f22ae916a744e8bc6f76cc29`
SSDeep	`24576:BNBQsXjd3ckpa6G61+kL1Tr2WDf7Lw7IXsLiHo9Ute4t3rZG:PCMT0QDswHYQHo9Ute4t3rZG`
Imports Hash	`4ee3fdcfbe4787ee3b28d95bfcd1f4a1`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`7`
TimeDateStamp	2025-Jun-25 16:44:44
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0xb7000`
SizeOfInitializedData	`0x3c800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000B6F4E (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xb8000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xf8000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`4ca7fbbf1e38b4a164f54cb426b3f8ea`
SHA1	`cf6b0bfb3ddedecf6ac04017d932ba783c0d07e9`
SHA256	`5f0686e5745c347c9a682b942cefac794f18bfb2c01a801a162136f9cdbe33be`
SHA3	`8d99489d16735d395e6ec8b3b94afeeea4c25a9e331adc255076238d2bda790e`
VirtualSize	`0xb6fae`
VirtualAddress	`0x1000`
SizeOfRawData	`0xb7000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.46563`

.rdata

MD5	`2b42a6159f88120d6b095d7d23ffc9db`
SHA1	`9b767faa48fcffe9ea1ff405b5e79620d9d59e00`
SHA256	`55a90c5010dd14c7f121545df7febf7e7c83bcb39651c2d8d0fb305a6724f94c`
SHA3	`9e21170d4d0dec2d44b63f0f07c67cc284e3cefa8b418964ea5bdd50a7a39186`
VirtualSize	`0x2bb36`
VirtualAddress	`0xb8000`
SizeOfRawData	`0x2bc00`
PointerToRawData	`0xb7400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.22856`

.data

MD5	`b359a999b9019e73d066b471448c51f1`
SHA1	`7bdfd24f860b66e9b35c2b641814aefab8c318e4`
SHA256	`1e825fb453a7dde64e1d85c3ab87f00c078b1e0d33a25a812b987e3c28917bc1`
SHA3	`09bb34b7f518b8a034f3f63adabba2d263c8fe37f9e02ca5e5b7d1bc21c30da5`
VirtualSize	`0x6598`
VirtualAddress	`0xe4000`
SizeOfRawData	`0x4a00`
PointerToRawData	`0xe3000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.698229`

.tls

MD5	`1f354d76203061bfdd5a53dae48d5435`
SHA1	`aa0d33a0c854e073439067876e932688b65cb6a9`
SHA256	`4c6474903705cb450bb6434c29e8854f17d8324efca1fdb9ee9008599060883a`
SHA3	`991fbbd46bbd69198269fe6c247d440e0f8a7d38259b7a1e04b74790301d1d2b`
VirtualSize	`0x9`
VirtualAddress	`0xeb000`
SizeOfRawData	`0x200`
PointerToRawData	`0xe7a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0203931`

.gfids

MD5	`f2af1ae2c0304f8d119b95f0e687370d`
SHA1	`bad5bb20e2112d852f8e80adcee295ebdda28d7a`
SHA256	`bf8fad18c2b83a36fc414726522f61ed3a0c92c160676ef71230c39493e95b17`
SHA3	`495027c093b4c6956477e40b1e92b71f1fd079d75ebd7fc85c530a181c5f63e0`
VirtualSize	`0x28`
VirtualAddress	`0xec000`
SizeOfRawData	`0x200`
PointerToRawData	`0xe7c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.194395`

.rsrc

MD5	`e004de00c8e4161f9a8b96a63f27f057`
SHA1	`1c420537092d1249592e37a50b9a6b766832d0f5`
SHA256	`d4b1654db7aeeefb897b62ae8f7cce82191e83c1293cae3c55989395bf45e255`
SHA3	`d0f0ae426d240ec16481b7d31fa3c45ecfefff2077a2bdb2d01ed46cfda6a688`
VirtualSize	`0x1e0`
VirtualAddress	`0xed000`
SizeOfRawData	`0x200`
PointerToRawData	`0xe7e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.71768`

.reloc

MD5	`79b0ad9361df052a463be7c77d7f0421`
SHA1	`b106ebeaf7bfa21f7b9cb95616998f836175e52e`
SHA256	`ce6de63c01ed0227d93296a753b679a1c4b152393037710ea7ee64ebffd5a356`
SHA3	`f398d17b4d962c9fa45752fc8c5175f0d0ccdad3d4768e5135e7cdcf502b051b`
VirtualSize	`0x9f94`
VirtualAddress	`0xee000`
SizeOfRawData	`0xa000`
PointerToRawData	`0xe8000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.83452`

Imports

d3d11.dll	`D3D11CreateDeviceAndSwapChain`
D3DCOMPILER_47.dll	`D3DCompile`
KERNEL32.dll	`GetLocaleInfoA` `LoadLibraryA` `QueryPerformanceFrequency` `GetProcAddress` `VerSetConditionMask` `FreeLibrary` `QueryPerformanceCounter` `Sleep` `GetModuleHandleW` `IsProcessorFeaturePresent` `GetCurrentProcessId` `GetModuleHandleA` `UnhandledExceptionFilter` `IsDebuggerPresent` `CreateEventW` `WaitForSingleObjectEx` `ResetEvent` `SetEvent` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `GetCurrentProcess` `GlobalUnlock` `WideCharToMultiByte` `GlobalLock` `GlobalAlloc` `GlobalFree` `MultiByteToWideChar` `TerminateProcess` `SetUnhandledExceptionFilter` `CloseHandle`
USER32.dll	`PeekMessageW` `DispatchMessageW` `ShowWindow` `RegisterClassExW` `UnregisterClassW` `CreateWindowExW` `TranslateMessage` `MonitorFromPoint` `DefWindowProcW` `UpdateWindow` `GetKeyState` `GetMessageExtraInfo` `DestroyWindow` `PostQuitMessage` `ScreenToClient` `GetCapture` `ClientToScreen` `TrackMouseEvent` `GetKeyboardLayout` `GetForegroundWindow` `LoadCursorW` `SetCapture` `SetCursor` `GetClientRect` `SetProcessDPIAware` `IsWindowUnicode` `ReleaseCapture` `SetCursorPos` `ReleaseDC` `GetCursorPos` `OpenClipboard` `CloseClipboard` `EmptyClipboard` `GetClipboardData` `SetClipboardData` `GetDC`
GDI32.dll	`GetDeviceCaps`
SHELL32.dll	`ShellExecuteW`
IMM32.dll	`ImmSetCandidateWindow` `ImmReleaseContext` `ImmGetContext` `ImmSetCompositionWindow`
VCRUNTIME140.dll	`_except_handler4_common` `memset` `__CxxFrameHandler3` `strchr` `strstr` `__std_terminate` `memchr` `memmove` `__vcrt_InitializeCriticalSectionEx` `memcpy`
api-ms-win-crt-stdio-l1-1-0.dll	`fwrite` `_wfopen` `__stdio_common_vfprintf` `fseek` `fclose` `fflush` `__acrt_iob_func` `ftell` `__stdio_common_vsprintf` `fread` `_set_fmode` `__stdio_common_vsscanf` `__p__commode`
api-ms-win-crt-utility-l1-1-0.dll	`qsort`
api-ms-win-crt-string-l1-1-0.dll	`strncpy` `strncmp` `toupper`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `free` `malloc`
api-ms-win-crt-runtime-l1-1-0.dll	`_exit` `__p___argc` `__p___argv` `_c_exit` `_register_thread_local_exe_atexit_callback` `exit` `_initterm_e` `_initterm` `_controlfp_s` `_configure_narrow_argv` `_get_initial_narrow_environment` `_wassert` `_set_app_type` `_seh_filter_exe` `_cexit` `terminate` `_initialize_narrow_environment` `_crt_atexit` `_initialize_onexit_table` `_register_onexit_function`
api-ms-win-crt-convert-l1-1-0.dll	`atof`
api-ms-win-crt-math-l1-1-0.dll	`_libm_sse2_pow_precise` `_libm_sse2_log_precise` `_libm_sse2_sin_precise` `_libm_sse2_sqrt_precise` `ceil` `floor` `_CIfmod` `__setusermatherr` `_CIatan2` `_except1` `_libm_sse2_acos_precise` `_libm_sse2_cos_precise`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Jun-25 16:44:44
Version	`0.0`
SizeofData	`112`
AddressOfRawData	`0xe2428`
PointerToRawData	`0xe1828`
Referenced File	C:\Omar\Work\imgui\examples\example_win32_directx11\Release\example_win32_directx11.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Jun-25 16:44:44
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0xe2498`
PointerToRawData	`0xe1898`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Jun-25 16:44:44
Version	`0.0`
SizeofData	`784`
AddressOfRawData	`0xe24ac`
PointerToRawData	`0xe18ac`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2025-Jun-25 16:44:44
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x4eb000`
EndAddressOfRawData	`0x4eb008`
AddressOfIndex	`0x4e8858`
AddressOfCallbacks	`0x4b82a0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x5c`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x4e400c`
SEHandlerTable	`0x4e23e0`
SEHandlerCount	`18`

RICH Header

XOR Key	`0x7877881`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`16`
Imports (24237)	`2`
ASM objects (24237)	`4`
C++ objects (24237)	`25`
C objects (24237)	`13`
Imports (65501)	`17`
Total imports	`153`
C++ objects (LTCG) (24245)	`8`
Resource objects (24245)	`1`
Linker (24245)	`1`

Errors

Leave a comment

No comments yet.