Manalyze report for d881ff28ed099ee4ffa00b23f113f880b48018c483fa93f38c8d63ace08c55e4

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-Apr-12 14:15:17
TLS Callbacks	3 callback(s) detected.

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: cmd.exe`
Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot SwitchToThread` `Possibly launches other programs: CreateProcessW` `Uses Windows's Native API: NtCreateFile NtCreateNamedPipeFile NtOpenFile NtReadFile NtWriteFile` `Can create temporary files: CreateFileW GetTempPathW` `Leverages the raw socket API to access the Internet: GetHostNameW WSACleanup WSADuplicateSocketW WSAGetLastError WSARecv WSASend WSASocketW WSAStartup accept bind closesocket connect freeaddrinfo getaddrinfo getpeername getsockname getsockopt ioctlsocket listen recv recvfrom select send sendto setsockopt shutdown`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`3b08dfcb0cf26a9ea33380055a06e4c1`
SHA1	`1856b3fbd1f0caf2fe6cb82611b56c25996eaf85`
SHA256	`d881ff28ed099ee4ffa00b23f113f880b48018c483fa93f38c8d63ace08c55e4`
SHA3	`af62ec1f748189f8be7e9d8cd2b94b31203856d1407736a97386a15bdf78e832`
SSDeep	`12288:7ic+ZMOEJr8kOCYp3e71vHzJ8ny1d+STH3k8SssN3p:b+ZMOm7lTJ8ny1d+S7k8/sD`
Imports Hash	`cdb60690ae00dba0aca743f66be9c69d`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`10`
TimeDateStamp	2026-Apr-12 14:15:17
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0x9a000`
SizeOfInitializedData	`0x37800`
SizeOfUninitializedData	`0x400`
AddressOfEntryPoint	`0x000000000000105F (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0xd6000`
SizeOfHeaders	`0x400`
Checksum	`0xd344b`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`6e6f95bc3bd60a6564379dab6dff50bf`
SHA1	`3c33df4f482ba07de6048d161e61b28a93ef823a`
SHA256	`25297e7acfa4ea43504e4240a5a61351186b030b40530675624cdbc35c27253c`
SHA3	`d63098e9f048ca52fafa64b87bac67793f52a83fa500568ae6d5269da1fa8ee2`
VirtualSize	`0x9a000`
VirtualAddress	`0x1000`
SizeOfRawData	`0x9a000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.37272`

.data

MD5	`02f1b168583c1e38dbdc5c52a2e04ddb`
SHA1	`805f92ca3f9785c26f7dded06f9a3cb44b1f7646`
SHA256	`4ead5e3a6f70095c8ccf9a803c3b37fc98ecc52b9f0d447bce89e9416498a006`
SHA3	`131840542352a183d40a78373817cb48acf6093fc5bdc68199bfdcef64b84d79`
VirtualSize	`0xc00`
VirtualAddress	`0x9b000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x9a400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.791043`

.rdata

MD5	`4f6fd266f54df0a4d1d8778705dfcd95`
SHA1	`070f88a0920ece4fdb5f990ef10c6217b4dbd0a1`
SHA256	`9e7c2e473ed990ce7d5e6cee24a9891ff97817f8a099e0077d50957aee99c2a2`
SHA3	`34fabaf61e01907457014ad017e88cadc80f9c95a2d4f0d36dba675cae253859`
VirtualSize	`0x24db8`
VirtualAddress	`0x9c000`
SizeOfRawData	`0x24e00`
PointerToRawData	`0x9b000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.97854`

.eh_fram

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x4`
VirtualAddress	`0xc1000`
SizeOfRawData	`0x200`
PointerToRawData	`0xbfe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.pdata

MD5	`53bd6b8fd68708578f1f0b2dff4cf96a`
SHA1	`42b42d4edd42697e2274a92e3582777e7e75b6a6`
SHA256	`8556448126ae02f35e921365515f1836db38bc665dbfff80e804fd157d7d2263`
SHA3	`12092d0160607e8b24a24d1134b9e7662dc51cbf86d7f59da1ceebff4e5dc344`
VirtualSize	`0x4d40`
VirtualAddress	`0xc2000`
SizeOfRawData	`0x4e00`
PointerToRawData	`0xc0000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.87025`

.xdata

MD5	`2cdd6e9baf6abe924178663771225d60`
SHA1	`62a4a2a14401ff4e7edbddcfc4a1b97dee66b0e4`
SHA256	`e7aca412783ec9af5442f71acf09171fdd49771c54026d5848f6af86dc27a54f`
SHA3	`c6db2afe1220acb32d111f7eba433449b453dd022de115bfb2b102ecb04905e7`
VirtualSize	`0x9f20`
VirtualAddress	`0xc7000`
SizeOfRawData	`0xa000`
PointerToRawData	`0xc4e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.41074`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x240`
VirtualAddress	`0xd1000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`b669c14d7059d1cf99f4df25e643297c`
SHA1	`218ee995dada19e40aa1627cff83a287b0b5ec03`
SHA256	`680b83eef7069300841ff49c70da03430c3d3bb1bed5bde7da70090331ecbeb4`
SHA3	`bef88a0868d784a728a37d87a522d6bcf364a96eb07b16346b9cfce5a48a1652`
VirtualSize	`0x1ff0`
VirtualAddress	`0xd2000`
SizeOfRawData	`0x2000`
PointerToRawData	`0xcee00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.72288`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x10`
VirtualAddress	`0xd4000`
SizeOfRawData	`0x200`
PointerToRawData	`0xd0e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.reloc

MD5	`34529704ff0e6acea270aa844f5876f8`
SHA1	`bfab1f135197ebb14e01edad7b59a948eccae699`
SHA256	`8989618fa2184ae3b6840a4687ad9538da5616e0d89240a6c7ec7edb9f7a9d61`
SHA3	`8f432a3ea58ea301a9aaf772db55691415f198bce36d2c16dc95e10595161db9`
VirtualSize	`0xbfc`
VirtualAddress	`0xd5000`
SizeOfRawData	`0xc00`
PointerToRawData	`0xd1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.41348`

Imports

api-ms-win-core-synch-l1-2-0.dll	`WaitOnAddress` `WakeByAddressAll` `WakeByAddressSingle`
bcryptprimitives.dll	`ProcessPrng`
user32.dll	`MessageBoxW`
KERNEL32.dll	`AddVectoredExceptionHandler` `CancelIo` `CloseHandle` `CompareStringOrdinal` `CopyFileExW` `CreateDirectoryW` `CreateEventW` `CreateFileMappingA` `CreateFileW` `CreateHardLinkW` `CreatePipe` `CreateProcessW` `CreateSymbolicLinkW` `CreateThread` `CreateToolhelp32Snapshot` `CreateWaitableTimerExW` `DeleteCriticalSection` `DeleteFileW` `DeleteProcThreadAttributeList` `DeviceIoControl` `DuplicateHandle` `EnterCriticalSection` `ExitProcess` `FindClose` `FindFirstFileExW` `FindNextFileW` `FlushFileBuffers` `FormatMessageW` `FreeEnvironmentStringsW` `FreeLibrary` `GetCommandLineW` `GetConsoleMode` `GetConsoleOutputCP` `GetCurrentDirectoryW` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThread` `GetCurrentThreadId` `GetEnvironmentStringsW` `GetEnvironmentVariableW` `GetExitCodeProcess` `GetFileAttributesW` `GetFileInformationByHandle` `GetFileInformationByHandleEx` `GetFileSizeEx` `GetFileType` `GetFinalPathNameByHandleW` `GetFullPathNameW` `GetLastError` `GetModuleFileNameW` `GetModuleHandleA` `GetModuleHandleW` `GetOverlappedResult` `GetProcAddress` `GetProcessHeap` `GetProcessId` `GetStdHandle` `GetSystemDirectoryW` `GetSystemInfo` `GetSystemTimePreciseAsFileTime` `GetTempPathW` `GetWindowsDirectoryW` `HeapAlloc` `HeapFree` `HeapReAlloc` `InitOnceBeginInitialize` `InitOnceComplete` `InitializeCriticalSection` `InitializeProcThreadAttributeList` `LeaveCriticalSection` `LoadLibraryA` `LockFileEx` `MapViewOfFile` `Module32FirstW` `Module32NextW` `MoveFileExW` `MultiByteToWideChar` `QueryPerformanceCounter` `QueryPerformanceFrequency` `RaiseException` `ReadConsoleW` `ReadFile` `ReadFileEx` `RemoveDirectoryW` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlUnwindEx` `RtlVirtualUnwind` `SetCurrentDirectoryW` `SetEnvironmentVariableW` `SetFileAttributesW` `SetFileInformationByHandle` `SetFilePointerEx` `SetFileTime` `SetHandleInformation` `SetLastError` `SetThreadStackGuarantee` `SetUnhandledExceptionFilter` `SetWaitableTimer` `Sleep` `SleepEx` `SwitchToThread` `TerminateProcess` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `UnlockFile` `UnmapViewOfFile` `UpdateProcThreadAttribute` `VirtualProtect` `VirtualQuery` `WaitForMultipleObjects` `WaitForSingleObject` `WideCharToMultiByte` `WriteConsoleW` `WriteFileEx` `__C_specific_handler` `lstrlenW`
api-ms-win-crt-environment-l1-1-0.dll	`__p__environ`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `calloc` `free` `malloc`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-private-l1-1-0.dll	`memcmp` `memcpy` `memmove`
api-ms-win-crt-runtime-l1-1-0.dll	`__p___argc` `__p___argv` `_cexit` `_configure_narrow_argv` `_crt_atexit` `_exit` `_fpreset` `_initialize_narrow_environment` `_set_app_type` `_initterm` `_initterm_e` `_set_invalid_parameter_handler` `abort` `exit` `signal`
api-ms-win-crt-stdio-l1-1-0.dll	`__acrt_iob_func` `__p__commode` `__p__fmode` `__stdio_common_vfprintf` `fflush` `setvbuf`
api-ms-win-crt-string-l1-1-0.dll	`memset` `strlen` `strncmp`
ntdll.dll	`NtCreateFile` `NtCreateNamedPipeFile` `NtOpenFile` `NtReadFile` `NtWriteFile` `RtlNtStatusToDosError`
USERENV.dll	`GetUserProfileDirectoryW`
WS2_32.dll	`GetHostNameW` `WSACleanup` `WSADuplicateSocketW` `WSAGetLastError` `WSARecv` `WSASend` `WSASocketW` `WSAStartup` `accept` `bind` `closesocket` `connect` `freeaddrinfo` `getaddrinfo` `getpeername` `getsockname` `getsockopt` `ioctlsocket` `listen` `recv` `recvfrom` `select` `send` `sendto` `setsockopt` `shutdown`

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData	`0x1400d4000`
EndAddressOfRawData	`0x1400d4008`
AddressOfIndex	`0x1400d1190`
AddressOfCallbacks	`0x1400c0d88`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x00000001400102B0` `0x0000000140099750` `0x0000000140099809`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!

Leave a comment

No comments yet.