Manalyze report for d58ef4ef53fec24b03dc2033665923702658a08cc4ca317a80a00342ebb5709b

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Jun-15 02:01:54
Detected languages	English - United States
Debug artifacts	C:\Users\uid\Desktop\past\mixcodes\x64\Release\Fivem-External.pdb

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to internet browsers: chrome.exe firefox.exe` `Contains another PE executable: This program cannot be run in DOS mode.` Contains domain names: acutedotcomb.cn breveacutecomb.cn brevegravecomb.cn brevetildecomb.cn casedieresis.cn circumflexacutecomb.cn circumflexgravecomb.cn circumflexhookcomb.cn circumflextildecomb.cn commaaccentright.cn commaaccentrotate.cn discord.com github.com https://discord.com https://github.com https://openfontlicense.orgThis https://openfontlicense.orghttps https://rsms.me https://scripts.sil.org https://scripts.sil.org/OFLJetBrains https://scripts.sil.org/OFLhttps https://www.jetbrains.comThis macrondieresiscomb.cn scripts.sil.org tildecross.cn tonos.top uni02E5.cn uni02E6.cn uni02E7.cn uni02E8.cn uni02E9.cn
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses known Mersenne Twister constants`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Code injection capabilities: VirtualAllocEx CreateRemoteThread OpenProcess WriteProcessMemory` `Can access the registry: RegQueryValueExW` `Possibly launches other programs: CreateProcessAsUserW ShellExecuteA` `Uses functions commonly found in keyloggers: CallNextHookEx GetForegroundWindow GetAsyncKeyState` `Has Internet access capabilities: WinHttpCloseHandle WinHttpOpenRequest WinHttpReadData WinHttpOpen WinHttpReceiveResponse WinHttpSendRequest WinHttpConnect WinHttpQueryDataAvailable` `Functions related to the privilege level: OpenProcessToken DuplicateTokenEx` `Manipulates other processes: OpenProcess Process32NextW Process32FirstW ReadProcessMemory WriteProcessMemory` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`0efac5ae5d36f3771e1719eeee71c678`
SHA1	`32175928f78220c285d6404d965cbb70c7cfc709`
SHA256	`d58ef4ef53fec24b03dc2033665923702658a08cc4ca317a80a00342ebb5709b`
SHA3	`9aa6c53e158b9fef74395b3603b140e63e2d52ee28caf5e7b8ca061bdbde40b5`
SSDeep	`98304:pmPqj8idhRh3/Psql/mxww/78jVqxdAGTZuJ0t1xR:4+8oRhXsqluV/7qVGdAGS+F`
Imports Hash	`53a7e4c54296b324abcecd556cec817c`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2026-Jun-15 02:01:54
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xb9e00`
SizeOfInitializedData	`0x567800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000B2A40 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x625000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`cee79de9f61427f43a07d738433fe441`
SHA1	`8e49097d52df86858a1a64ff7d71a88df87b832a`
SHA256	`094a0db660b0e10cc652af8a18d31cdad6fced370c59817a81fe56f35cf3ccd4`
SHA3	`c16e78237250c1686e8ff2ec3593c362b238380f97eab45745152ef9bd95a184`
VirtualSize	`0xb9c91`
VirtualAddress	`0x1000`
SizeOfRawData	`0xb9e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.49428`

.rdata

MD5	`eb9486fed25eb1687e1628ad931b45e5`
SHA1	`c146b4fef641c62d289b7bd8fd404a706520873e`
SHA256	`b26379183c70ba5223a337dbefdf16610c7ff305c0b99ab079f47239e7fde7e0`
SHA3	`9ff4576eb50f1be47091fce135ff568e008e7dfe8c3dfefab5333ebdda16b62e`
VirtualSize	`0x47e7b8`
VirtualAddress	`0xbb000`
SizeOfRawData	`0x47e800`
PointerToRawData	`0xba200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.36874`

.data

MD5	`7b44422e1118977a1b08c613f2bd1136`
SHA1	`861a449afb6add46ccef231498598c82ecc3c8c8`
SHA256	`e39223f55a07e6b082415231d70ed42d7419dabc31036e22fc04cf6622a6d164`
SHA3	`b40614e021c7acbf0138c085f3c6eb04960b68012504348736b214163b64cddf`
VirtualSize	`0xe19c0`
VirtualAddress	`0x53a000`
SizeOfRawData	`0xe1000`
PointerToRawData	`0x538a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.33275`

.pdata

MD5	`1a459e576ec034620d053de52f2fff2a`
SHA1	`e4909cb28225609deb771900c3a160e48fbb396b`
SHA256	`359edd2372cb47263be37f959414e913a3d2cc2085d3594be9ac3968a7d93b1f`
SHA3	`f80542a78431e006f08eff82845f42a676d3b48afa9a5abeb85bb979102ac52f`
VirtualSize	`0x6c48`
VirtualAddress	`0x61c000`
SizeOfRawData	`0x6e00`
PointerToRawData	`0x619a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.01298`

.rsrc

MD5	`8be504f027498f7b5a35a5f13f49fc2b`
SHA1	`96a5b60228083e0c91a9a37d14a60c96fcad1e82`
SHA256	`854bfffa8ae58b622f0757a26c8c3d4feea6e89ed9fef0f7328efe23f86847c4`
SHA3	`5921b2b5234a55b3fe11eac2df3ee114e5f1207fd68b582da34a4d8c5a23968c`
VirtualSize	`0x1e8`
VirtualAddress	`0x623000`
SizeOfRawData	`0x200`
PointerToRawData	`0x620800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.76032`

.reloc

MD5	`e4554f80359ff521d648f52911953aae`
SHA1	`4cadc2f2950f1cf97869619d72dc81ba7d316527`
SHA256	`d0e9b24a55c3085039abfe29a9a13d762da3a8f8e44eb4744fd8cf0602431027`
SHA3	`982da04650bf45903f7f5c1a38c9c6cd77e876de220a873e7514ff9501575054`
VirtualSize	`0x454`
VirtualAddress	`0x624000`
SizeOfRawData	`0x600`
PointerToRawData	`0x620a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.4346`

Imports

dwmapi.dll	`DwmExtendFrameIntoClientArea`
d3d11.dll	`D3D11CreateDeviceAndSwapChain`
ADVAPI32.dll	`GetTokenInformation` `RevertToSelf` `PrivilegeCheck` `SetTokenInformation` `OpenProcessToken` `SetThreadToken` `CreateProcessAsUserW` `RegQueryValueExW` `LookupPrivilegeValueW` `DuplicateTokenEx`
d3dx11_43.dll	`D3DX11CreateShaderResourceViewFromMemory`
WINHTTP.dll	`WinHttpCloseHandle` `WinHttpOpenRequest` `WinHttpReadData` `WinHttpOpen` `WinHttpReceiveResponse` `WinHttpSendRequest` `WinHttpConnect` `WinHttpQueryDataAvailable`
KERNEL32.dll	`AcquireSRWLockExclusive` `SetUnhandledExceptionFilter` `InitializeSListHead` `WakeAllConditionVariable` `SleepConditionVariableSRW` `GetCurrentProcessId` `GetCurrentThreadId` `ReleaseSRWLockExclusive` `Sleep` `GetTickCount64` `WaitForSingleObject` `CloseHandle` `VirtualAllocEx` `CreateRemoteThread` `VirtualFreeEx` `CompareFileTime` `K32GetMappedFileNameA` `Thread32Next` `Thread32First` `ResumeThread` `GetModuleHandleA` `OpenProcess` `CreateToolhelp32Snapshot` `GetProcAddress` `LocalFree` `GetThreadTimes` `OpenThread` `VirtualQueryEx` `Process32NextW` `Process32FirstW` `Module32FirstW` `ReadProcessMemory` `Module32NextW` `GlobalLock` `WideCharToMultiByte` `GlobalUnlock` `GetStartupInfoW` `GetCommandLineW` `GetCurrentProcess` `GetLastError` `ExitProcess` `MultiByteToWideChar` `GlobalAlloc` `GlobalFree` `GetLocaleInfoA` `LoadLibraryA` `QueryPerformanceFrequency` `FreeLibrary` `QueryPerformanceCounter` `GetModuleHandleW` `WriteProcessMemory` `K32GetModuleInformation` `GetSystemTimeAsFileTime` `SuspendThread`
USER32.dll	`TranslateMessage` `OpenClipboard` `DefWindowProcW` `PostMessageW` `PeekMessageW` `CallNextHookEx` `GetMonitorInfoW` `MapWindowPoints` `MoveWindow` `SetWindowsHookExW` `SetWindowLongW` `SetForegroundWindow` `GetMessageExtraInfo` `MonitorFromWindow` `ScreenToClient` `GetCapture` `ClientToScreen` `TrackMouseEvent` `GetKeyboardLayout` `GetForegroundWindow` `LoadCursorW` `SetCapture` `SetCursor` `GetClientRect` `IsWindowUnicode` `ReleaseCapture` `SetCursorPos` `GetCursorPos` `EmptyClipboard` `SetClipboardData` `GetKeyState` `DispatchMessageW` `CloseClipboard` `GetClipboardData` `GetAsyncKeyState`
SHELL32.dll	`ShellExecuteA`
ole32.dll	`CoInitializeEx`
MSVCP140.dll	`?_Xinvalid_argument@std@@YAXPEBD@Z` `_Mtx_unlock` `_Mtx_lock` `?good@ios_base@std@@QEBA_NXZ` `??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z` `?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z` `_Query_perf_frequency` `?_Throw_Cpp_error@std@@YAXH@Z` `?_Xlength_error@std@@YAXPEBD@Z` `_Cnd_do_broadcast_at_thread_exit` `_Query_perf_counter` `_Thrd_detach` `?uncaught_exceptions@std@@YAHXZ` `?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?_Xout_of_range@std@@YAXPEBD@Z` `?_Xbad_function_call@std@@YAXXZ` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z`
IMM32.dll	`ImmSetCandidateWindow` `ImmReleaseContext` `ImmGetContext` `ImmSetCompositionWindow`
D3DCOMPILER_43.dll	`D3DCompile`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`memset` `_CxxThrowException` `__current_exception` `memmove` `memcpy` `memcmp` `memchr` `__current_exception_context` `__C_specific_handler` `__std_exception_destroy` `__std_exception_copy` `__std_terminate` `strchr` `strstr`
api-ms-win-crt-heap-l1-1-0.dll	`_callnewh` `free` `_set_new_mode` `malloc`
api-ms-win-crt-runtime-l1-1-0.dll	`_errno` `terminate` `_beginthreadex` `_register_thread_local_exe_atexit_callback` `_c_exit` `_exit` `exit` `_initterm_e` `_initterm` `_get_wide_winmain_command_line` `_initialize_wide_environment` `_initialize_onexit_table` `_register_onexit_function` `_crt_atexit` `_cexit` `_seh_filter_exe` `_set_app_type` `_configure_wide_argv`
api-ms-win-crt-stdio-l1-1-0.dll	`__acrt_iob_func` `__stdio_common_vsscanf` `fflush` `fclose` `_set_fmode` `_wfopen` `fwrite` `__p__commode` `ftell` `__stdio_common_vfprintf` `fread` `fseek` `__stdio_common_vsprintf`
api-ms-win-crt-math-l1-1-0.dll	`ceilf` `atan2f` `sqrtf` `sqrt` `floorf` `sinf` `__setusermatherr` `fmodf` `roundf` `log` `logf` `powf` `cosf` `pow` `acosf`
api-ms-win-crt-convert-l1-1-0.dll	`strtoull` `strtol` `strtoul` `atof` `atoi` `strtoll` `strtod`
api-ms-win-crt-locale-l1-1-0.dll	`localeconv` `_configthreadlocale`
api-ms-win-crt-utility-l1-1-0.dll	`qsort` `rand`
api-ms-win-crt-string-l1-1-0.dll	`strcpy_s` `_wcsicmp` `tolower` `towlower` `strcmp` `strlen` `strncmp` `strncpy` `wcslen` `strncpy_s`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Jun-15 02:01:54
Version	`0.0`
SizeofData	`90`
AddressOfRawData	`0x52a770`
PointerToRawData	`0x529970`
Referenced File	C:\Users\uid\Desktop\past\mixcodes\x64\Release\Fivem-External.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Jun-15 02:01:54
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x52a7cc`
PointerToRawData	`0x5299cc`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Jun-15 02:01:54
Version	`0.0`
SizeofData	`912`
AddressOfRawData	`0x52a7e0`
PointerToRawData	`0x5299e0`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2026-Jun-15 02:01:54
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x14052ab90`
EndAddressOfRawData	`0x14052ab98`
AddressOfIndex	`0x14061af84`
AddressOfCallbacks	`0x1400bb970`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14053a040`

RICH Header

XOR Key	`0x9b3f0e93`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`18`
Imports (35721)	`6`
ASM objects (35721)	`4`
C objects (35721)	`10`
C++ objects (35721)	`34`
Imports (21202)	`6`
Imports (33145)	`21`
Total imports	`334`
C++ objects (LTCG) (36247)	`45`
Resource objects (36247)	`1`
Linker (36247)	`1`

Errors

Leave a comment

No comments yet.