Manalyze report for d667061e727fead14a2bddc85b864a1a7409815f351105ac178432ad10fb8ccd

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-May-28 19:51:13
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 8.0`
Malicious	VirusTotal score: 19/70 (Scanned on 2026-06-19 16:31:31)	`ALYac: Gen:Variant.Yogi.6288` `Antiy-AVL: RiskWare/Win64.Agent` `Arcabit: Trojan.Yogi.D1890` `BitDefender: Gen:Variant.Yogi.6288` `CTX: dll.trojan.ulise` `DeepInstinct: MALICIOUS` `Emsisoft: Gen:Variant.Yogi.6288 (B)` `GData: Gen:Variant.Yogi.6288` `Google: Detected` `McAfeeD: ti!D667061E727F` `MicroWorld-eScan: Gen:Variant.Yogi.6288` `Sophos: Mal/Generic-S` `Symantec: Trojan.Gen.MBT` `TrellixENS: Artemis!A96789121F3F` `TrendMicro: Trojan.Win64.ULISE.TL0101FA26ZU` `TrendMicro-HouseCall: Trojan.Win64.ULISE.TL0101FA26ZU` `VIPRE: Gen:Variant.Yogi.6288` `Varist: W64/ABTrojan.NFCK-1270` `alibabacloud: Trojan:Win/Ulise.Gen`

Hashes

MD5	`a96789121f3f3cb5b4376a1a6a66a4a4`
SHA1	`09f562a66f9677de281aacb8ad0639b31c04ec55`
SHA256	`d667061e727fead14a2bddc85b864a1a7409815f351105ac178432ad10fb8ccd`
SHA3	`65a152414c3b9adcaedc4fb08661d922b3e428459a20c30a28014c9478bec8df`
SSDeep	`3072:ykNSAgWiNXCUT8iBY66PUtC2eU/x2DCa7k95J45k:d+NXXYTMtCVDy4`
Imports Hash	`91525912d16a856e8029ccf78b6919b7`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2026-May-28 19:51:13
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x16000`
SizeOfInitializedData	`0x8c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000016380 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x22000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f189a3817da90bb32a40322f57245298`
SHA1	`5bc928557df97641c50ba048f1d15e42ec3cfb0d`
SHA256	`b88be48b94aee0416d987b786834acf2a58ed3dd6c930e6b57feca11ff559ee1`
SHA3	`b590858940af3bc1e24a48129c0713700fdaeb0e34c7f2c588b84bb5f7131567`
VirtualSize	`0x15f58`
VirtualAddress	`0x1000`
SizeOfRawData	`0x16000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.0427`

.rdata

MD5	`c7bf85659edfebbe3e0691a7665f04eb`
SHA1	`284e2ed523ff1f777ee3bfc6775830ba2927ca83`
SHA256	`21e2d20a18dc81700e39d4f1c0a17a7e6ff8c89fccd638b735b776d1371e81aa`
SHA3	`910e2db4085077c28726939bc27320e9e604d005d9ff0a65dc4fbc815bcda0ec`
VirtualSize	`0x5d2a`
VirtualAddress	`0x17000`
SizeOfRawData	`0x5e00`
PointerToRawData	`0x16400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.6314`

.data

MD5	`717c55fcd3d80a225507b1f6f2780b57`
SHA1	`78461ce697b1d7edbd7ea3f0f6d385f387fd0f5e`
SHA256	`20c6ca04e87447db78126ec220657b71611e5d65d86edef3699536d6ac5b2ead`
SHA3	`685815d022d45e5fbbb5c5448ceaa9e029bd3aafe78b83c52b958d504285a13c`
VirtualSize	`0x1b88`
VirtualAddress	`0x1d000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x1c200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.81056`

.pdata

MD5	`ac3e9ab97096e762242bcd074be4fdfd`
SHA1	`052df44c28a7bfaec668b559095616ff5cd66e32`
SHA256	`319c2113cdb060903c97ff3c8209bc5587c717b9f3ecf7c55c8833f9fb40547b`
SHA3	`61f4e8163a88f6ce53bba12a5602738d06a4ab4c057090d4d38dbfc1277d82aa`
VirtualSize	`0xca8`
VirtualAddress	`0x1f000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x1d400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.72148`

.rsrc

MD5	`9f59a1f7f3b6dfefbfe8605086b5888e`
SHA1	`a9768452f3168c7ee4ba4ca023d35ee639699eee`
SHA256	`06f21286e8237709cff5bcbbdc5435bc23ec67ab63abf122feb60df04cb6686e`
SHA3	`3aded1c5c06fc198248c24f08f91b19e5985699672e1cf83985f49417dd5ee4a`
VirtualSize	`0xf8`
VirtualAddress	`0x20000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1e200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.50806`

.reloc

MD5	`c188f444081e6f337669f1fb507ccba3`
SHA1	`b95d6b8da9ea849cd7e7d3acff072550d4585346`
SHA256	`72f4b64e20b9186b1d82ca20dd9b9c259a90a5e78fa09071facddbebd5d4ef70`
SHA3	`ac6f2c2f2d51c169482eff9f3713d3971ef8f1f6be22c5a77bf8e1f4686de3f6`
VirtualSize	`0x1f0`
VirtualAddress	`0x21000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1e400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.29585`

Imports

python314.dll	`PyTraceBack_Here` `PyList_SetSlice` `PyExc_RuntimeError` `PyMethod_New` `PyObject_SetAttrString` `PyObject_GC_UnTrack` `PyObject_Hash` `PyUnicode_Concat` `PyExc_UnboundLocalError` `PyDict_GetItemWithError` `PyInterpreterState_GetID` `PyObject_GetAttr` `PyModule_GetName` `PyObject_HasAttr` `_Py_NoneStruct` `PyTuple_New` `PyObject_GenericSetDict` `PyObject_VisitManagedDict` `PyDict_SetItemString` `PyDict_Size` `PyDict_SetDefaultRef` `PyGC_Disable` `PyExc_AttributeError` `PyTuple_GetSlice` `PyUnicode_New` `PyErr_SetString` `PyIter_Next` `PyObject_GetIter` `PyErr_WarnFormat` `PyExc_ValueError` `PyUnicode_InternInPlace` `PyDict_Next` `PyErr_Format` `PyDict_Type` `PyThreadState_GetUnchecked` `PyObject_RichCompare` `PyTuple_Type` `_Py_FalseStruct` `PyImport_GetModule` `PyModule_NewObject` `PyMethod_Type` `PyType_IsSubtype` `PyExc_OverflowError` `_Py_Dealloc` `PyTuple_GetItem` `PyImport_GetModuleDict` `PyModule_GetDict` `PyObject_Format` `PyErr_ExceptionMatches` `PyObject_ClearManagedDict` `PyCapsule_GetPointer` `PyUnicode_FindChar` `PyObject_GC_Del` `PyObject_CallFunctionObjArgs` `PyObject_GenericGetDict` `PyObject_ClearWeakRefs` `PyObject_Vectorcall` `PyUnicode_FromFormat` `Py_Version` `PyExc_RuntimeWarning` `PyObject_GC_IsFinalized` `PyType_Ready` `PyObject_GetAttrString` `PyErr_Clear` `PyList_Append` `PyObject_RichCompareBool` `PyException_SetTraceback` `PyObject_GenericGetAttr` `PyObject_VectorcallDict` `PyDict_SetItem` `PyDict_New` `PyUnicode_Type` `PyObject_CallFinalizerFromDealloc` `_PyDict_GetItem_KnownHash` `PyObject_VectorcallMethod` `PyObject_IsInstance` `PyMem_Free` `PyExc_StopIteration` `PyObject_GetOptionalAttr` `PyFrozenSet_New` `PyUnstable_Object_IsUniquelyReferenced` `PyCMethod_New` `PyList_Type` `PyErr_NoMemory` `PyDict_GetItemString` `PyObject_GetItem` `PyModuleDef_Init` `PyObject_GC_Track` `PyBytes_FromStringAndSize` `_Py_NotImplementedStruct` `PyExc_NotImplementedError` `PyUnstable_Code_NewWithPosOnlyArgs` `PyDict_GetItemRef` `PyExc_TypeError` `PyMem_Realloc` `PyType_FromMetaclass` `PyObject_IsTrue` `PyObject_Str` `PyExc_NameError` `PyTuple_Pack` `PyMem_Malloc` `PyList_AsTuple` `Py_EnterRecursiveCall` `PyExc_ImportError` `PyObject_CallMethodObjArgs` `_Py_TrueStruct` `PyMemoryView_FromMemory` `PyExc_SystemError` `PyObject_SetItem` `_PyObject_GC_New` `PyType_Modified` `PyMethodDescr_Type` `PyUnicode_FromString` `_PyType_Lookup` `PyUnicode_Format` `PyObject_Call` `PyObject_Repr` `PyType_Type` `PyUnicode_Substring` `PyUnicode_FromStringAndSize` `PyErr_WarnEx` `PyErr_GivenExceptionMatches` `PyObject_HasAttrWithError` `PyCode_NewEmpty` `PyDict_SetDefault` `PyErr_SetObject` `PyException_GetTraceback` `PyThreadState_Get` `PyOS_snprintf` `PyCFunction_Type` `PyUnicode_InternFromString` `PyObject_SetAttr` `PyGC_Enable` `PyBaseObject_Type` `PySequence_List` `PyUnstable_Object_EnableDeferredRefcount` `PyUnicode_CopyCharacters` `PyNumber_Remainder` `PyUnicode_DecodeUTF8` `PyLong_FromSsize_t` `PyArg_ValidateKeywordArguments` `PyErr_Occurred` `PyImport_ImportModuleLevelObject` `PyBytes_AsString` `PyImport_ImportModule` `PyImport_AddModuleRef` `Py_LeaveRecursiveCall` `PyCapsule_New` `PyFrame_New` `PyList_New` `PyFrozenSet_Type`
KERNEL32.dll	`GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `DisableThreadLibraryCalls` `InitializeSListHead` `QueryPerformanceCounter`
VCRUNTIME140.dll	`strrchr` `__C_specific_handler` `__std_type_info_destroy_list` `memset` `strchr` `memcpy` `memcmp`
api-ms-win-crt-runtime-l1-1-0.dll	`_cexit` `_execute_onexit_table` `_initialize_onexit_table` `_initialize_narrow_environment` `_configure_narrow_argv` `_seh_filter_dll` `_initterm_e` `_initterm`

Delayed Imports

PyInit_execution

Ordinal	`1`
Address	`0xd850`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x91`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.8858`
MD5	`f7ad1eab748bc07570a57ec87787cf90`
SHA1	`0b1608da9fef218386e825db575c65616826d9f4`
SHA256	`d2952e57023848a37fb0f21f0dfb38c9000f610ac2b00c2f128511dfd68bde04`
SHA3	`6c9541b36948c19ae507d74223621875b3af4064f7cd8200bdb97e15a047e96a`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-May-28 19:51:13
Version	`0.0`
SizeofData	`600`
AddressOfRawData	`0x1a6d4`
PointerToRawData	`0x19ad4`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x18001d000`

RICH Header

XOR Key	`0x82d76f6`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`2`
Imports (35721)	`2`
Imports (33145)	`2`
ASM objects (35721)	`3`
C objects (35721)	`8`
C++ objects (35721)	`12`
Imports (35222)	`3`
Total imports	`192`
C objects (LTCG) (36244)	`1`
Exports (36244)	`1`
Resource objects (36244)	`1`
Linker (36244)	`1`

Errors

Leave a comment

No comments yet.