Manalyze report for dac20e1236e6876a93fa5684c761f3b5

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2024-Dec-13 21:46:56
Detected languages	English - United States
Debug artifacts	C:\Users\rythe\OneDrive\Desktop\cm_internal\output\Release\ambition_Release.pdb
CompanyName	Tsuda Kageyu
FileDescription	MinHook - The Minimalistic API Hook Library for x64/x86
FileVersion	`1.3.3.0`
InternalName	MinHookD
LegalCopyright	Copyright (C) 2009-2017 Tsuda Kageyu. All rights reserved.
LegalTrademarks	Tsuda Kageyu
ProductName	MinHook DLL
ProductVersion	`1.3.3.0`

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Info	Interesting strings found in the binary:	`Contains domain names: creativecommons.org fontstruct.com github.com http://creativecommons.org https://fontstruct.com https://fontstruct.comStagnatio https://fontstruct.comStagnation https://github.com`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Possibly launches other programs: ShellExecuteA` `Uses functions commonly found in keyloggers: GetAsyncKeyState GetForegroundWindow` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	VirusTotal score: 1/71 (Scanned on 2025-01-10 10:26:52)	`Cynet: Malicious (score: 100)`

Hashes

MD5	`dac20e1236e6876a93fa5684c761f3b5`
SHA1	`b1047acfbc1f3a249ea8d20f0060e856399c65c1`
SHA256	`dbe22a0236f75ab84559ad4e2eb5d977f5db60a0acf6298ef8083a9fcf22265f`
SHA3	`1cee9ca760584b68902cb3ef08f792af2a3dbe3a2ec3ba8c8c7fc5e1b8560e2c`
SSDeep	`24576:tT0iM1E/gvrApy5s6lZ4U64ZjiOnLxSx:tO6gvrAY5XyDOn`
Imports Hash	`a21b1829e7bcbf580a70c21999169bb3`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2024-Dec-13 21:46:56
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xcea00`
SizeOfInitializedData	`0x49e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000CD88C (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x11b000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`2047ddc5c31fd3149e47b982055d889c`
SHA1	`7530c84685c52b9116081d1f29cf2ce3f8da90ff`
SHA256	`dca8d0a6c0be2269b6f42a55344f8ba4a58614df5d42b0bb9dcea9a548e618e4`
SHA3	`05a6564822a0be9c682d954214a018be4646bc3a763bc00d4dea100ef567bb7a`
VirtualSize	`0xce91c`
VirtualAddress	`0x1000`
SizeOfRawData	`0xcea00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.52199`

.rdata

MD5	`6250574ceba5e75fdd0c86062f15a531`
SHA1	`1c084747ef4dab3dcf50da7dd748ce4231a520f4`
SHA256	`2b895397546fd81fceb50b6c5d160139c0dd84b2df894fa21760c100830b1d1b`
SHA3	`f3da077f5d9c3a3346dbbc23742d80ad850bcfc9444025ee6106608cf080a2e2`
VirtualSize	`0x35f48`
VirtualAddress	`0xd0000`
SizeOfRawData	`0x36000`
PointerToRawData	`0xcee00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.18076`

.data

MD5	`fc219af508820495ab60213b2450f737`
SHA1	`752941833b8ea7700b6a04d710992ab07e43dc53`
SHA256	`06cf54e5fc1c305688269e8d46401b95225ef304563814b75e16fe3089ff569f`
SHA3	`c35cdb6274954e6b4889e1e0403e9a6b08a3c3dc70522c4b809118b925042a6f`
VirtualSize	`0x8de8`
VirtualAddress	`0x106000`
SizeOfRawData	`0x8400`
PointerToRawData	`0x104e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.0495`

.pdata

MD5	`885916cb6f6242de551d1d49afffbc15`
SHA1	`fc8a0dbf9a0a06b4779aedce8112a5c3e1685a8e`
SHA256	`c7c32a8c0c732dc2fed7204f6af73e373846e5bbca2445f8a38c7eb2dbcae99a`
SHA3	`f51f0d0d95911614904cb89b5728ba1ceb7941633a77bde97023b4efbc86535b`
VirtualSize	`0x9a08`
VirtualAddress	`0x10f000`
SizeOfRawData	`0x9c00`
PointerToRawData	`0x10d200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.03976`

.rsrc

MD5	`fc88282660bffef3657c32f6dce897c5`
SHA1	`1d439b492cb55e69a07e10580a5cf5a14ea09b99`
SHA256	`92f45c9919cf5ec2d5bd68e2f900fe6814d1139a00727d58fac51e3a72a0b0af`
SHA3	`2acb8708b70b6a5b847be2c46f04f4ae61be7fab6f50b1e6304bb59b0e945361`
VirtualSize	`0x580`
VirtualAddress	`0x119000`
SizeOfRawData	`0x600`
PointerToRawData	`0x116e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.94809`

.reloc

MD5	`f518659450bce22b51acf70c807bc6bc`
SHA1	`75ff8aa04c48ad1fda8fc063701d1c2712275f83`
SHA256	`9c4b2b2c35bdb5665633c9f1c90828c2c15a2e440b6e8ecabf03c307f4ff1bb5`
SHA3	`71d899b0d8afadc0e3a2421e999bde8568c137c483f466b6ce39eb1969f88249`
VirtualSize	`0xcc4`
VirtualAddress	`0x11a000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x117400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.2392`

Imports

KERNEL32.dll	`FreeLibrary` `QueryPerformanceCounter` `VirtualFree` `VirtualAlloc` `GetSystemInfo` `VirtualQuery` `HeapCreate` `VirtualProtect` `HeapFree` `GetCurrentProcess` `Thread32Next` `Thread32First` `GetCurrentThreadId` `SuspendThread` `ResumeThread` `CreateToolhelp32Snapshot` `Sleep` `HeapReAlloc` `CloseHandle` `HeapAlloc` `HeapDestroy` `GetThreadContext` `GetCurrentProcessId` `GlobalUnlock` `QueryPerformanceFrequency` `SetThreadContext` `OpenThread` `FreeLibraryAndExitThread` `DisableThreadLibraryCalls` `FreeConsole` `CreateThread` `Beep` `AllocConsole` `WideCharToMultiByte` `InitializeSListHead` `GetSystemTimeAsFileTime` `IsDebuggerPresent` `IsProcessorFeaturePresent` `TerminateProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `SleepConditionVariableSRW` `WakeAllConditionVariable` `AcquireSRWLockExclusive` `ReleaseSRWLockExclusive` `GlobalLock` `GlobalFree` `GetProcAddress` `LoadLibraryA` `GetLocaleInfoA` `FlushInstructionCache` `GetModuleHandleA` `GlobalAlloc` `MultiByteToWideChar`
USER32.dll	`CallWindowProcA` `SetWindowLongPtrA` `GetAsyncKeyState` `DestroyWindow` `CreateWindowExA` `UnregisterClassA` `RegisterClassExA` `GetKeyState` `GetMessageExtraInfo` `LoadCursorA` `DefWindowProcA` `ScreenToClient` `GetCapture` `ClientToScreen` `TrackMouseEvent` `GetKeyboardLayout` `SetClipboardData` `GetClipboardData` `EmptyClipboard` `CloseClipboard` `GetForegroundWindow` `GetClientRect` `IsWindowUnicode` `ReleaseCapture` `SetCursorPos` `GetCursorPos` `OpenClipboard` `SetCursor` `SetCapture`
SHELL32.dll	`ShellExecuteA`
MSVCP140.dll	`??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?good@ios_base@std@@QEBA_NXZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `?_Xlength_error@std@@YAXPEBD@Z` `?uncaught_exceptions@std@@YAHXZ` `?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z` `?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z`
IMM32.dll	`ImmSetCandidateWindow` `ImmReleaseContext` `ImmGetContext` `ImmSetCompositionWindow`
D3DCOMPILER_43.dll	`D3DCompile`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`memchr` `memcmp` `__C_specific_handler` `__current_exception` `__current_exception_context` `__intrinsic_setjmp` `_CxxThrowException` `__std_type_info_destroy_list` `memmove` `memcpy` `longjmp` `strrchr` `strchr` `strstr` `__std_terminate` `__std_exception_copy` `memset` `__std_exception_destroy`
api-ms-win-crt-stdio-l1-1-0.dll	`__stdio_common_vsprintf` `__stdio_common_vfprintf` `fseek` `fclose` `fflush` `__acrt_iob_func` `ftell` `fread` `__stdio_common_vsscanf` `fopen` `fwrite` `_wfopen` `freopen_s`
api-ms-win-crt-utility-l1-1-0.dll	`qsort`
api-ms-win-crt-string-l1-1-0.dll	`strcmp` `strncpy` `strncmp`
api-ms-win-crt-heap-l1-1-0.dll	`free` `calloc` `_callnewh` `malloc`
api-ms-win-crt-runtime-l1-1-0.dll	`terminate` `_initterm` `_initterm_e` `_cexit` `_execute_onexit_table` `_register_onexit_function` `_initialize_onexit_table` `_crt_atexit` `_invalid_parameter_noinfo_noreturn` `_seh_filter_dll` `_configure_narrow_argv` `_initialize_narrow_environment`
api-ms-win-crt-math-l1-1-0.dll	`fmaxf` `asinf` `sinf` `roundf` `atan2f` `fminf` `ceilf` `cosf` `fmodf` `sqrtf` `powf` `acosf`
api-ms-win-crt-convert-l1-1-0.dll	`strtol` `atof`

Delayed Imports

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x360`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.51516`
MD5	`6133d34191b3631158eaf46b84c9f6f4`
SHA1	`9db4a422c61de5b1881feef5f07578b386594b6d`
SHA256	`5f0666da060d981d5589902ca714dca703a7f6e1085ed8d28f9f6f4a4394d5c7`
SHA3	`57dffca21850b5e2d8b6501d45dbbe117f9b98b6cad24630e09fa7c0b151cc22`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.3.3.0
ProductVersion	1.3.3.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	Tsuda Kageyu
FileDescription	MinHook - The Minimalistic API Hook Library for x64/x86
FileVersion (#2)	1.3.3.0
InternalName	MinHookD
LegalCopyright	Copyright (C) 2009-2017 Tsuda Kageyu. All rights reserved.
LegalTrademarks	Tsuda Kageyu
ProductName	MinHook DLL
ProductVersion (#2)	1.3.3.0

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2024-Dec-13 21:46:56
Version	`0.0`
SizeofData	`104`
AddressOfRawData	`0xf59f8`
PointerToRawData	`0xf47f8`
Referenced File	C:\Users\rythe\OneDrive\Desktop\cm_internal\output\Release\ambition_Release.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2024-Dec-13 21:46:56
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0xf5a60`
PointerToRawData	`0xf4860`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2024-Dec-13 21:46:56
Version	`0.0`
SizeofData	`832`
AddressOfRawData	`0xf5a74`
PointerToRawData	`0xf4874`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2024-Dec-13 21:46:56
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x1800f5dd8`
EndAddressOfRawData	`0x1800f5de0`
AddressOfIndex	`0x18010e974`
AddressOfCallbacks	`0x1800d0660`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x180106040`

RICH Header

XOR Key	`0x506f3d0`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`16`
Imports (21202)	`2`
253 (33731)	`1`
ASM objects (33731)	`4`
C objects (33731)	`8`
C++ objects (33731)	`22`
Imports (33731)	`6`
C objects (VS2022 Update 7 (17.7.4) compiler 32825)	`24`
Imports (33136)	`13`
Total imports	`208`
C++ objects (LTCG) (33811)	`26`
Resource objects (33811)	`1`
151	`1`
Linker (33811)	`1`

dac20e1236e6876a93fa5684c761f3b5

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

1

2

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors