Manalyze report for d364ebb23b106d01202a9bbe3516bec24efe8691270ece85ac88d25de996d6fc

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Feb-05 10:18:05
Detected languages	English - United States
FileDescription	Firestorm Launcher
FileVersion	`2.0.13`
LegalCopyright	Copyright Â© 2026 Firestorm
ProductName	Firestorm Launcher
ProductVersion	`2.0.13`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: http://nsis.sf.net http://nsis.sf.net/NSIS_Error nsis.sf.net`
Suspicious	The PE is an NSIS installer	`Unusual section name found: .ndata`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Can access the registry: RegCloseKey RegCreateKeyExW RegDeleteKeyW RegDeleteValueW RegEnumKeyW RegEnumValueW RegOpenKeyExW RegQueryValueExW RegSetValueExW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: CreateFileW GetTempPathW` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Can shut the system down or lock the screen: ExitWindowsEx`
Info	The PE is digitally signed.	`Signer: FAT` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Safe	VirusTotal score: 0/68 (Scanned on 2026-06-11 16:23:01)	`All the AVs think this file is safe.`

Hashes

MD5	`369290095d5e3db5fc60d0c15c6ec597`
SHA1	`0cd53cf25660ef7211ee73b0c6bf707742036064`
SHA256	`d364ebb23b106d01202a9bbe3516bec24efe8691270ece85ac88d25de996d6fc`
SHA3	`1cf431a9fce3876a3eb0204637ce2711da5c932af4e460ea86aa0c5df51e4ed9`
SSDeep	`196608:nyI7znOycHR1+HEVQvqKzCokSx7nHaYlJJu3JcJ:yenOySLeEGCKzCokSxb500`
Imports Hash	`6f9fd465750a0db68adce98869da7d3c`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`7`
TimeDateStamp	2024-Feb-05 10:18:05
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0xaa00`
SizeOfInitializedData	`0xd200`
SizeOfUninitializedData	`0x1f800`
AddressOfEntryPoint	`0x00004590 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xc000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`6.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x6d000`
SizeOfHeaders	`0x400`
Checksum	`0x69faaa`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`aa0b52866ec47f215e0f5423c46cd5d3`
SHA1	`362b6783325f042a997dd676e33ee45a9e30ce95`
SHA256	`3faf1c3e785acf1e978d34c0d61ca335d85ba59084db09ed441850e007ddeb3d`
SHA3	`7c26f5931d2e5b1687310785e9931576155f0845d361a8e9c230ba4b343c5532`
VirtualSize	`0xa9fc`
VirtualAddress	`0x1000`
SizeOfRawData	`0xaa00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.03745`

.data

MD5	`b9637ccf3cc0945b6ff437906fe5883e`
SHA1	`3cc9c97df95a8f3445bd0a8aa76f2dbfe04eb523`
SHA256	`ba50d8c7cd705db494a316b174c0189bce36811e0fef04669fe9482a740ef88d`
SHA3	`cb3912a6a5c126d7c7568086a23419d62cc1b925615b50a106a384048f8a8529`
VirtualSize	`0xe0`
VirtualAddress	`0xc000`
SizeOfRawData	`0x200`
PointerToRawData	`0xae00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.51629`

.rdata

MD5	`00c0fa113d8ad1b42cbaff5333d347de`
SHA1	`7926dbd47e5013f54c69711390528ca49a954289`
SHA256	`d16d8f682aac32f78e105d4c9d9227cbbd96bf11ba5df4067cb9cfc7cd0d9263`
SHA3	`e50c17c6f54d6342b333194118f4787eae5f5d936c3352074c1cd5b49a99a0e1`
VirtualSize	`0xa7b4`
VirtualAddress	`0xd000`
SizeOfRawData	`0xa800`
PointerToRawData	`0xb000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.13313`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x1f620`
VirtualAddress	`0x18000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`e9126fa6690629e5a5b7a05e46c95dfe`
SHA1	`fa15cd9dff76f71d63de83aacc93714f5ba39e00`
SHA256	`5edc1e0598e496bbf6a19d8285c8d25c6010b245b4f5ed7a5f2941d702073243`
SHA3	`5a4427e6ae0ad318b951416c260b55633c333a6c0938cab588334c3d777350e4`
VirtualSize	`0x13dc`
VirtualAddress	`0x38000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x15800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.41796`

.ndata

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x2e000`
VirtualAddress	`0x3a000`
SizeOfRawData	`0x200`
PointerToRawData	`0x16c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`a831dc2366cff544e9e2d6fa2d4ac526`
SHA1	`432bb2088c5b9a0a93be5dffb2ce8700a695932c`
SHA256	`af7fcfa98107f2391deb989119bb91abe1892ea62ae9781eccebf20bf0741bdd`
SHA3	`00fd0f461b2ce0218cbbc57a1d6f1c99aad7a1ac4c4f60eefcff5aa44256267a`
VirtualSize	`0x4748`
VirtualAddress	`0x68000`
SizeOfRawData	`0x4800`
PointerToRawData	`0x16e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.91838`

Imports

ADVAPI32.dll	`AdjustTokenPrivileges` `LookupPrivilegeValueW` `OpenProcessToken` `RegCloseKey` `RegCreateKeyExW` `RegDeleteKeyW` `RegDeleteValueW` `RegEnumKeyW` `RegEnumValueW` `RegOpenKeyExW` `RegQueryValueExW` `RegSetValueExW`
COMCTL32.DLL	`ImageList_AddMasked` `ImageList_Create` `ImageList_Destroy` `InitCommonControls`
GDI32.dll	`CreateBrushIndirect` `CreateFontIndirectW` `DeleteObject` `GetDeviceCaps` `SelectObject` `SetBkColor` `SetBkMode` `SetTextColor`
KERNEL32.dll	`CloseHandle` `CompareFileTime` `CopyFileW` `CreateDirectoryW` `CreateFileW` `CreateProcessW` `CreateThread` `DeleteFileW` `ExitProcess` `ExpandEnvironmentStringsW` `FindClose` `FindFirstFileW` `FindNextFileW` `FreeLibrary` `GetCommandLineW` `GetCurrentProcess` `GetDiskFreeSpaceW` `GetExitCodeProcess` `GetFileAttributesW` `GetFileSize` `GetFullPathNameW` `GetLastError` `GetModuleFileNameW` `GetModuleHandleA` `GetModuleHandleW` `GetPrivateProfileStringW` `GetProcAddress` `GetShortPathNameW` `GetSystemDirectoryW` `GetTempFileNameW` `GetTempPathW` `GetTickCount` `GetVersionExW` `GetWindowsDirectoryW` `GlobalAlloc` `GlobalFree` `GlobalLock` `GlobalUnlock` `LoadLibraryExW` `MoveFileExW` `MoveFileW` `MulDiv` `MultiByteToWideChar` `ReadFile` `RemoveDirectoryW` `SearchPathW` `SetCurrentDirectoryW` `SetEnvironmentVariableW` `SetErrorMode` `SetFileAttributesW` `SetFilePointer` `SetFileTime` `Sleep` `WaitForSingleObject` `WideCharToMultiByte` `WriteFile` `WritePrivateProfileStringW` `lstrcatW` `lstrcmpW` `lstrcmpiA` `lstrcmpiW` `lstrcpyA` `lstrcpynW` `lstrlenA` `lstrlenW`
ole32.dll	`CoCreateInstance` `CoTaskMemFree` `IIDFromString` `OleInitialize` `OleUninitialize`
SHELL32.dll	`SHBrowseForFolderW` `SHFileOperationW` `SHGetFileInfoW` `SHGetPathFromIDListW` `SHGetSpecialFolderLocation` `ShellExecuteExW`
USER32.dll	`AppendMenuW` `BeginPaint` `CallWindowProcW` `CharNextA` `CharNextW` `CharPrevW` `CheckDlgButton` `CloseClipboard` `CreateDialogParamW` `CreatePopupMenu` `CreateWindowExW` `DefWindowProcW` `DestroyWindow` `DialogBoxParamW` `DispatchMessageW` `DrawTextW` `EmptyClipboard` `EnableMenuItem` `EnableWindow` `EndDialog` `EndPaint` `ExitWindowsEx` `FillRect` `FindWindowExW` `GetClassInfoW` `GetClientRect` `GetDC` `GetDlgItem` `GetDlgItemTextW` `GetMessagePos` `GetSysColor` `GetSystemMenu` `GetSystemMetrics` `GetWindowLongW` `GetWindowRect` `InvalidateRect` `IsWindow` `IsWindowEnabled` `IsWindowVisible` `LoadCursorW` `LoadImageW` `MessageBoxIndirectW` `OpenClipboard` `PeekMessageW` `PostQuitMessage` `RegisterClassW` `ReleaseDC` `ScreenToClient` `SendMessageTimeoutW` `SendMessageW` `SetClassLongW` `SetClipboardData` `SetCursor` `SetDlgItemTextW` `SetForegroundWindow` `SetTimer` `SetWindowLongW` `SetWindowPos` `SetWindowTextW` `ShowWindow` `SystemParametersInfoW` `TrackPopupMenu` `wsprintfA` `wsprintfW`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.89581`
Detected Filetype	PNG graphic file
MD5	`602a2366f2e584add6de864cc5b579fd`
SHA1	`ecec315d300d15307d78896663e9a29c3a96b9b4`
SHA256	`14804da9452b6452a4a1eb1b0c4cf268cfd738a694223bccff4f1dde72972b61`
SHA3	`a31ea855f153a02dfa22e1ca5a969d786a4e4b1d4f25014a65d4e8c7081d0128`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`0d3a12fd3f68decc694da04b57e61d8c`
SHA1	`f73d4d591f6ef0b2b04fc90d2e840329f7590743`
SHA256	`ee0352f75df1009fa6f5eaf323a1ed55c127cc679ac6b9de70b1b3f8dc9ece76`
SHA3	`42ec79da319d9c0b1f8ee21fbb28002d15857d9af0c8a1f2db5e41f6c5e23c88`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`28f8d082df931688124f25f23c688904`
SHA1	`2f057655ecdd3ab25cfe985714e270786ce16cae`
SHA256	`4e7a8c59942ff527ff680aa88cc66bb8c8e7b6c02a018bc85ba36794e278670f`
SHA3	`99f004163a598b6df87372bd9b7d5e7704dbfdf7cfb3ec96da9e31c0275f7465`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`a42b23f1c58701e073db2e9de0b27333`
SHA1	`f22232cbadff165ceb212527a6d77124312d0688`
SHA256	`e253c6a87bdd62e771c0ef1b9850dbc9523c51408ca282f994d3530dbbad9b11`
SHA3	`bc93a26ac3218cac12b89fa3242b509e44b087d2c22a54d9a47c63692dc8dc57`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`7e1b34650fb04bc15a494a1d712cffee`
SHA1	`43e1808e4308baf093556946552f4fabc05278d8`
SHA256	`3731b0a75ab19d96b774da62d37eccacd517c6593af20aa66525dc0b951cdba9`
SHA3	`79a9c096a1a56ae4f98f1e8ad4c44fa5c08e5d98e745898df9031e3b3a13c46c`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`809457c05fe696f5d34ac5ac8768cdd4`
SHA1	`a2c3e4966415100c7d24f7f3dc7e27d2a60d20c9`
SHA256	`1b66520d471367f736d50c070a2e2bba8ad88ac58743394a764b888e9cb6f6be`
SHA3	`002d1b10f28d74c7572fc7c5b403eb32f2a0540c4958d7878ef67edfd17c8109`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`982079681d7ad12766abc44f06946f3e`
SHA1	`50f73ed0787bf5911bb907e487efbc84a9714e48`
SHA256	`250f52cb2d6f1966a29f6ac771fa1cd185b8f8531396c8a4026c0fe635617e0c`
SHA3	`b8805d45012d79cfa8bb45e23c9b4a4421cd91538d569e58437efa0f545cf4d4`

103

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x144`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.62375`
MD5	`1d958df872e65e9a04f929c89155e3f3`
SHA1	`5fff638c5caa7a6f598bfbafd8d8e7fe4f5764cd`
SHA256	`e6065cad9c0f4a4c7ec1de33c05b192b04cb96ad6cfb0e2ae0188fcaea6ea7c3`
SHA3	`b29b01b665ef63d2e0f362ce3bf145b41d860ddb989398de87df16d48ac8483b`

105

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x23e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.72007`
MD5	`4e06b9c226906d7d31f90453697d36c0`
SHA1	`5d9a8b5dd5fe583227a0ab81fba83d98c4eb5452`
SHA256	`4b8679b0520596391355fd3b18c8b5979337aaa321c322f951fde6c053a6d845`
SHA3	`c3546d405a8722220c4e5652e54350941e3f2cadc30fdfc258fe377d9fef6354`

106

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x104`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.84976`
MD5	`b756cf50afdc5a248bf9f3ff865177a6`
SHA1	`267b0f95a9f852b7af09e5d909a3febc24ca3ccb`
SHA256	`c47426270cabd4199bbff8e4fc363265990a8a935c023a8c7d6597a0378e5f5f`
SHA3	`1fb62d573cc8b6fdf137fd2c44249ba4f1c6d687bd878a786a395448d6069438`

107

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.52183`
MD5	`6ffba239dcfcab2080195f23947b70aa`
SHA1	`bcda1ca8ee9bb9878bde83aa06c670bb5a4d5843`
SHA256	`a7e5ea849cb343e9b58de221aeb25c9dd4a3748070bfba879a30c4265fc39023`
SHA3	`a75544b4c3fcbcb32fe4e02d1a631e045b2e58516aa1065bb96cce681aea7030`

111

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xee`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.85529`
MD5	`f90fecb69f0cde5d64f508884dcb0404`
SHA1	`4baf5e55965823176fa6910a5ec9fdca077995f9`
SHA256	`45ac0526fc85b64bcbb69ca682b0ca4d866a5e42709deaed11ce79395fec63d7`
SHA3	`8e5819e3997885152c58d0ec124c1b14288188081f3719777d414d72f5b13e5a`

103 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.467829`
Detected Filetype	Icon file
MD5	`94b2ac4072573ecee993d4a829019b19`
SHA1	`6390da0d7038bbeefae938415870f21ea1979134`
SHA256	`a9e59d878882ef23254d5dd2f9a42a05265c2a5107fea514ce39c206c8c9cdd2`
SHA3	`c48dd6b3e5729741651ed7b9f4005b4ee4d2c478f2b21e93db46f92a1693743f`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x234`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.22556`
MD5	`d1859ff4d7492db42895ebccebec44f9`
SHA1	`742a71699d8524b0ad7df557842d74cd7d5b9ca3`
SHA256	`b26a3d7f63370677f6c931a55263fa4b5cbbbb2ead6289bbdb920d84deff5ac9`
SHA3	`b54ab7d256102158b31dac5df451237a436e9391c221eef288918d4735194792`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x553`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.29404`
MD5	`1cc4d4305221c4baaa2060ab6430bd3f`
SHA1	`b24cb6fb39c096ff4bb03f5d0936c47c119ef194`
SHA256	`e6a4e51902531e38ce18fe1cc336b241b244aa920c940ca2339e19e2d3bdb612`
SHA3	`ff7ad05907546c60c62f47aabf9b7036b3e249969b77cb8fe5dc4730da2bf5e3`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0`
FileVersion	2.0.13.0
ProductVersion	2.0.13.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
FileDescription	Firestorm Launcher
FileVersion (#2)	2.0.13
LegalCopyright	Copyright Â© 2026 Firestorm
ProductName	Firestorm Launcher
ProductVersion (#2)	2.0.13

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!

Leave a comment

No comments yet.