Manalyze report for e0a403bc026a47c0f829d04df76a743c6c41b2de4cb87bd19b51da9856d91d75

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-May-09 18:11:33

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to SHA256` `Uses constants related to AES` `Uses constants related to Blowfish`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: GetTempPathW CreateFileW` `Manipulates other processes: OpenProcess`
Suspicious	The PE is possibly a dropper.	`Resource 27 is possibly compressed or encrypted.` `Resources amount for 98.967% of the executable.`
Malicious	VirusTotal score: 9/70 (Scanned on 2026-05-09 18:22:30)	`AhnLab-V3: Malware/Win.Generic.R730076` `CrowdStrike: win/malicious_confidence_60% (D)` `ESET-NOD32: Python/Packed.Nuitka.AL suspicious application` `Elastic: malicious (high confidence)` `MaxSecure: Trojan.Malware.300983.susgen` `McAfeeD: ti!E0A403BC026A` `Microsoft: Trojan:Win32/Wacatac.B!ml` `SentinelOne: Static AI - Suspicious PE` `Symantec: ML.Attribute.HighConfidence`

Hashes

MD5	`875f76a081b56f8848e9a86e145cf685`
SHA1	`1026aafd608039a462c9b9e153df3be3e67672bd`
SHA256	`e0a403bc026a47c0f829d04df76a743c6c41b2de4cb87bd19b51da9856d91d75`
SHA3	`018bcd2b7388049d6cb38748676f940ece2af4509bf1525195969164710f82b4`
SSDeep	`393216:qwBrMwjWWufvm//ddLwXDHcTzkTrYDhDRPpH:qYfpovm/sz8coDhDj`
Imports Hash	`de605787fb44e191db06d72d91087a4e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2026-May-09 18:11:33
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x24e00`
SizeOfInitializedData	`0x14b1200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000000CCB4 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x1501000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`2a3329b5478c1d32f17db0fc60c8f8fe`
SHA1	`cfc4853ed971f8c599e306e750d28b01e6b7b588`
SHA256	`393f8e5808fe4f32152b8c031e2a956fb7e1a614e158984eb9da2ce81bc7e09f`
SHA3	`55ce28b8914da2ac027d1b1a92fbef9ad152e27f0a96fd2443cbdf2e876747ef`
VirtualSize	`0x24d90`
VirtualAddress	`0x1000`
SizeOfRawData	`0x24e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.51696`

.rdata

MD5	`5f7b922506804e826832ec3fef78a8cc`
SHA1	`565f1205e92f034560a60e27be005390a17611d3`
SHA256	`e2029719763197f8774f30e8a883922bc4cd389defeb779d12c8bbc7b7a62d09`
SHA3	`689bfdd328ea9f97eb65544bc19872de35deb2cfa66096b5ed6937a9a3646f91`
VirtualSize	`0xed3a`
VirtualAddress	`0x26000`
SizeOfRawData	`0xee00`
PointerToRawData	`0x25200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.70251`

.data

MD5	`6ddf93f1ca5ddce92d155f9905f201ff`
SHA1	`b1e34cf0196aaa72cb00a072c09ddf4180f4afa9`
SHA256	`5571ca8afde1d9f77508d5ee6850e8ee7ccb8b95bdc0670391cda549861d7c3b`
SHA3	`2bb0671aec681facd5639641ac9ed3d8d0f0497aa1cebecfecfde6c42c0b6c9b`
VirtualSize	`0x28e38`
VirtualAddress	`0x35000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x34000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.96196`

.pdata

MD5	`37762d68087119013f852e5be4c36f18`
SHA1	`97729b9651a65b2f1d3f5e4dbb0f883748befab9`
SHA256	`09ae2a7154a6d93384a7b760feb9ffdd16454e8e56ac2e8482d28c638c7d2c84`
SHA3	`8423f7e53aa05cc3701e78e03929d825486156e3f3efe130d5ecf1c1e2f15e17`
VirtualSize	`0x1a1c`
VirtualAddress	`0x5e000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0x34c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.16701`

.rsrc

MD5	`181a8aa056f110a25370b109463127a9`
SHA1	`64e2751eef733e838c494157e0f79da28face786`
SHA256	`7b345e6c107f0e5c0596204adcf7fdb1948e38f393d6fb507dea0fd29bd747fe`
SHA3	`80a474bce7f08f6e11f37b17972fdc97915a704bac82424c770e8a332c149a00`
VirtualSize	`0x149f2fc`
VirtualAddress	`0x60000`
SizeOfRawData	`0x149f400`
PointerToRawData	`0x36800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.99892`

.reloc

MD5	`7e8d895d2a26b36406ccbc07ffd65d21`
SHA1	`ebe4e1a71a2b3cfc3dbd1342d425465cf40f5126`
SHA256	`820a91d894d5f4a3c69012565739a923d7a49daaa34e39886e7bb1d24bf4bcd8`
SHA3	`afc33d90c25448c354e03f4a0bcfb08f1eab6262cf71e6039fb7638062e73728`
VirtualSize	`0x68c`
VirtualAddress	`0x1500000`
SizeOfRawData	`0x800`
PointerToRawData	`0x14d5c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.95765`

Imports

SHELL32.dll	`SHFileOperationW` `SHGetFolderPathW` `CommandLineToArgvW`
KERNEL32.dll	`GetStartupInfoW` `WriteConsoleW` `SetEndOfFile` `ReadConsoleW` `CreateDirectoryW` `ReadFile` `SizeofResource` `SetConsoleCtrlHandler` `AddDllDirectory` `GetCommandLineW` `GetStdHandle` `WriteFile` `GetShortPathNameW` `TerminateProcess` `GetModuleFileNameW` `SetEnvironmentVariableW` `K32GetModuleFileNameExW` `GetEnvironmentVariableW` `GetTempPathW` `FindResourceA` `WaitForSingleObject` `CreateFileW` `GetFileAttributesW` `GetModuleHandleA` `OpenProcess` `Sleep` `GetConsoleMode` `GetLastError` `AttachConsole` `LockResource` `CloseHandle` `LoadResource` `SetStdHandle` `GetProcAddress` `GetCurrentProcessId` `CreateProcessW` `WideCharToMultiByte` `GetSystemTimeAsFileTime` `FormatMessageA` `SetDllDirectoryW` `LoadLibraryExW` `GetExitCodeProcess` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentThreadId` `InitializeSListHead` `IsDebuggerPresent` `GetModuleHandleW` `HeapReAlloc` `RtlUnwindEx` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `EncodePointer` `RaiseException` `RtlPcToFileHeader` `ExitProcess` `GetModuleHandleExW` `GetFileType` `GetCommandLineA` `HeapAlloc` `HeapFree` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `LCMapStringW` `MultiByteToWideChar` `GetStringTypeW` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `GetProcessHeap` `FlushFileBuffers` `GetConsoleOutputCP` `GetFileSizeEx` `SetFilePointerEx` `HeapSize`

Delayed Imports

27

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x149ed68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99892`
MD5	`a1374d87069909eceb84a670ec69b990`
SHA1	`ca34aca67867aecc62f59f37d3e4003db9c0b52d`
SHA256	`189ea22077b744840e30c8d736d7be3065b959ceb0b94b1ba533082aa2441021`
SHA3	`441764166fa42411676e0295b8970b98668d21ec42ca1f272ada5dd496abe160`

1

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x4f1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.27584`
MD5	`9175a1fabff80fec23018fdfc1dc274b`
SHA1	`be8f32edef4e9f4aa514fa34f36ca9ee0204139b`
SHA256	`94b146eac0a80f5089ac9e57303515ddf9087d9d88fd4d47f27df8f3cf14cbb4`
SHA3	`934768e038a5727d347f31840aaab3de69c96e1d4bca3c9e726bae6be020edf3`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-May-09 18:11:33
Version	`0.0`
SizeofData	`780`
AddressOfRawData	`0x32468`
PointerToRawData	`0x31668`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140035000`

RICH Header

XOR Key	`0x857e43d9`
Unmarked objects	`0`
ASM objects (30795)	`8`
C++ objects (30795)	`151`
C objects (30795)	`10`
253 (35207)	`3`
ASM objects (35207)	`9`
C objects (35207)	`16`
C++ objects (35207)	`40`
Imports (30795)	`5`
Total imports	`122`
C objects (LTCG) (35222)	`1`
Linker (35222)	`1`

Errors

Leave a comment

No comments yet.