Manalyze report for dd316a27c638662bb7edce8ca88299a65e8f64c753576395648e455ee025193f

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Feb-28 22:19:49
Detected languages	English - United States

Plugin Output

Suspicious	The PE contains functions most legitimate programs don't use.	`Functions which can be used for anti-debugging purposes: NtQuerySystemInformation` `Possibly launches other programs: CreateProcessW` `Uses Windows's Native API: NtMapViewOfSection NtCreateFile NtUnmapViewOfSection NtSetSystemEnvironmentValueEx NtClose NtQuerySystemInformation NtCreateSection` `Interacts with services: OpenSCManagerW DeleteService ControlService OpenServiceW QueryServiceStatusEx CreateServiceW` `Manipulates other processes: OpenProcess`
Malicious	VirusTotal score: 6/70 (Scanned on 2026-05-03 07:00:43)	`Bkav: W64.AIDetectMalware` `CrowdStrike: win/malicious_confidence_60% (W)` `DeepInstinct: MALICIOUS` `MaxSecure: Trojan.Malware.300983.susgen` `McAfeeD: ti!DD316A27C638` `TrendMicro-HouseCall: Trojan.Win64.Gen.TL0101DI26Z1`

Hashes

MD5	`3b9ec9e3b3f5dd1be9aae3cac07f6fb0`
SHA1	`0fcd7998ac18ab4f40972451c5c9b22eb2647e83`
SHA256	`dd316a27c638662bb7edce8ca88299a65e8f64c753576395648e455ee025193f`
SHA3	`7ee07ae55d3b300ad70c3d56098194797fb2e5d49bfdcd5eca39f1370820fdc5`
SSDeep	`384:+VK058XBDwRC3XwMsn9uurs88b2Yv131BrR5G+miJnbXtYY:+d58XNT/i9uqY1lRuInbXt`
Imports Hash	`0b9ce00c5baaa7e25429f01aec435e9b`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2026-Feb-28 22:19:49
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x3000`
SizeOfInitializedData	`0x3800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000031E8 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xb000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`6f665c9337a7f1c64651b0b16808e703`
SHA1	`81f8e9fcb5c1d1406b8fd6202ba6ebf29413865a`
SHA256	`19cc1f2b5f1ce02167905f695d616c42b95cddcddb913afd763324320b148802`
SHA3	`5ddb1fbbd8a7f44a6ca768ea9abf2d9c722522b7090d18981390227b1df594d9`
VirtualSize	`0x2ef2`
VirtualAddress	`0x1000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.20139`

.rdata

MD5	`ff24eb5401aa1fdbab0f255674d84bc0`
SHA1	`6cfd24474b2dbaa08430fb81ef1480d69cc564f3`
SHA256	`900db701cd3fe112ae5d0011c322f3641a16f51b53dd27592575b84cc4363d77`
SHA3	`ba3e88d24568980c3fc5ee3d405479211c644066090d657a5a0fd092a318b01e`
VirtualSize	`0x2102`
VirtualAddress	`0x4000`
SizeOfRawData	`0x2200`
PointerToRawData	`0x3400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.38646`

.data

MD5	`f85a1ffee53d720d7342d2679fb23d4b`
SHA1	`1d3ca71c1924088b2cdf7dfc3d507022c73e68db`
SHA256	`f871828e4f4ae9d6e8b83b0fccd245b3d284bbfd2a99f7e9cb64c80c4435bffd`
SHA3	`130895b7509b78bbce58c7cd4b25fe6be4f61d0ca51db4517d339a7b037c326d`
VirtualSize	`0xd60`
VirtualAddress	`0x7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x5600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.34684`

.pdata

MD5	`33e0463719e70e12cca93d1cc572f1a8`
SHA1	`368abaf9b1ff33e36011ba9cb073a4aaecc7dbc0`
SHA256	`240dfc49da153465d7fde80e8b81a230714a4d7f9786ea579f1ac88d6b535bda`
SHA3	`a77b83ddcd721895f79fc8a1be0c42e65578632d628731613738d465762f932c`
VirtualSize	`0x360`
VirtualAddress	`0x8000`
SizeOfRawData	`0x400`
PointerToRawData	`0x5800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.58711`

.rsrc

MD5	`b62c408e2a33a54eed41bd643e2fddee`
SHA1	`25359da070b6b64e5caddd1a09957a43a83b5c07`
SHA256	`478c467be30ddc4a9f1f6e8dd852fe4a9a5c093c39d7ff273914c614e568b0ee`
SHA3	`152d31060946d696f143585412fba5cc2cb77afb1932fbdd1e4b941aeafdd0c4`
VirtualSize	`0x1e8`
VirtualAddress	`0x9000`
SizeOfRawData	`0x200`
PointerToRawData	`0x5c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.75615`

.reloc

MD5	`6294dd67aea6be464f22273590b99fde`
SHA1	`7f5ff93d4c148ffa38b337a2e5927455e3d99088`
SHA256	`7a003ebd6785356c115fa784448dcc167bcbb66b7b4bc71e862601241329c2e0`
SHA3	`0f6847303b390f0faa8a0eb7546e9e1c8774149a600a3fb7a97ba3808b54dc59`
VirtualSize	`0x58`
VirtualAddress	`0xa000`
SizeOfRawData	`0x200`
PointerToRawData	`0x5e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.20279`

Imports

KERNEL32.dll	`CreateProcessW` `UnhandledExceptionFilter` `ExitProcess` `GetCurrentProcess` `TerminateProcess` `CreateThread` `CloseHandle` `GetLastError` `Sleep` `GetPrivateProfileStringW` `OpenProcess` `WaitForSingleObject` `SetUnhandledExceptionFilter` `GetModuleFileNameW` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetModuleHandleW` `GetStartupInfoW` `IsDebuggerPresent` `InitializeSListHead` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `GetCurrentProcessId`
USER32.dll	`MessageBoxA` `MessageBoxW`
ADVAPI32.dll	`CloseServiceHandle` `OpenSCManagerW` `DeleteService` `ControlService` `StartServiceW` `OpenServiceW` `QueryServiceStatusEx` `CreateServiceW`
ntdll.dll	`RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `NtMapViewOfSection` `NtCreateFile` `NtUnmapViewOfSection` `RtlFreeHeap` `NtSetSystemEnvironmentValueEx` `RtlAdjustPrivilege` `NtClose` `RtlImageNtHeader` `RtlReleaseRelativeName` `RtlDosPathNameToRelativeNtPathName_U_WithStatus` `NtQuerySystemInformation` `NtCreateSection` `RtlAllocateHeap`
SHLWAPI.dll	`PathFileExistsW` `PathAppendW` `PathRemoveFileSpecW`
MSVCP140.dll	`?_Xlength_error@std@@YAXPEBD@Z`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`__current_exception_context` `memcpy` `__current_exception` `memmove` `__std_exception_destroy` `__std_exception_copy` `__C_specific_handler` `_CxxThrowException` `memset`
api-ms-win-crt-runtime-l1-1-0.dll	`_set_app_type` `_seh_filter_exe` `terminate` `_configure_narrow_argv` `_invoke_watson` `_crt_atexit` `_initterm` `_initterm_e` `exit` `_exit` `_initialize_onexit_table` `_cexit` `_c_exit` `_register_thread_local_exe_atexit_callback` `_get_narrow_winmain_command_line` `_initialize_narrow_environment` `_register_onexit_function`
api-ms-win-crt-string-l1-1-0.dll	`wcscpy_s` `_stricmp` `strcmp` `strncmp`
api-ms-win-crt-stdio-l1-1-0.dll	`__p__commode` `__stdio_common_vsnwprintf_s` `_set_fmode`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `_callnewh` `malloc` `free`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Feb-28 22:19:49
Version	`0.0`
SizeofData	`720`
AddressOfRawData	`0x4c7c`
PointerToRawData	`0x407c`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140007000`

RICH Header

XOR Key	`0x3cacadf1`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`12`
Imports (35207)	`6`
ASM objects (35207)	`3`
C objects (35207)	`10`
C++ objects (35207)	`25`
Imports (33145)	`11`
Total imports	`98`
C objects (LTCG) (35222)	`2`
Resource objects (35222)	`1`
Linker (35222)	`1`

Errors

Leave a comment

No comments yet.