Manalyze report for e297b344fa002a5690bbcd632bb2a435681ec50e4da3a1b8c7924bfc6d1ae43b

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2022-Oct-05 19:25:21
Detected languages	English - United States

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .ZPa0` `Unusual section name found: .ZPa1` `Unusual section name found: .ZPa2`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress`
Info	The PE is digitally signed.	`Signer: HP Tuners LLC` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Suspicious	VirusTotal score: 1/70 (Scanned on 2026-03-16 11:48:39)	`Bkav: W32.AIDetectMalware`

Hashes

MD5	`8ea163f573bed5fcc9726b1c404f6aa9`
SHA1	`4dd16babdfca92ffe80c72464b84708a090c2b72`
SHA256	`e297b344fa002a5690bbcd632bb2a435681ec50e4da3a1b8c7924bfc6d1ae43b`
SHA3	`f1461371749f579bbd9ba3d67a85110814cfb95cd3becae9cc648314846fc9af`
SSDeep	`196608:BPAQUJTNsr7kocsfLHQ+ZZ41WXJ8ULtfIvgAO+vMdF9Wu0C:9ypsjcsfLHQr1a8ULWvxO6ggLC`
Imports Hash	`782444dd27c1bb1ab012b56904fad7fd`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	2022-Oct-05 19:25:21
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x81800`
SizeOfInitializedData	`0x3c400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0078E90C (Section: .ZPa2)`
BaseOfCode	`0x1000`
BaseOfData	`0x83000`
ImageBase	`0x10000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xeb8000`
SizeOfHeaders	`0x400`
Checksum	`0x8ac734`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x81799`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.rdata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x2655c`
VirtualAddress	`0x83000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.data

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xb488`
VirtualAddress	`0xaa000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.ZPa0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x55ba3f`
VirtualAddress	`0xb6000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.ZPa1

MD5	`61c056db2113aa975487b6549ee54f69`
SHA1	`a7bec08bef8aca385e05045496dbd1cdf04279f9`
SHA256	`000505f8087216172a0d8f3d1d14909786922ec7273b597fa06d3a95ba008fac`
SHA3	`75d28ddd33357d08b5a36cb34103789eb31c4b7b42505bd1b706669ea0c985b2`
VirtualSize	`0x540`
VirtualAddress	`0x612000`
SizeOfRawData	`0x600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.351737`

.ZPa2

MD5	`36b6cf648d97cb5118199b7dbfb65ff4`
SHA1	`aef3a158646e0d3d83a59b4010c57f3e71b2caa0`
SHA256	`3f158c076e5f54bb7ccf7db3d7529a6401b1d90df0cc658089897684a7fe4980`
SHA3	`a2d6f44da5a873164681cbe58e140640bf8435263738ac2532d073144ab07812`
VirtualSize	`0x8a2280`
VirtualAddress	`0x613000`
SizeOfRawData	`0x8a2400`
PointerToRawData	`0xa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.98171`

.reloc

MD5	`0a5120f70b818b73ce443ad376e97e9b`
SHA1	`37c6a2b8046eb6c2a948d26ae0d77205266fca3d`
SHA256	`15ca95a5346b09ec3b32d029852ba54984ae06f17ba9c89c1dfb191c6764f52b`
SHA3	`a9a7c70c3c7b6f94a77c13b23efdbec834ab09b50f4217161e550b1c55593ab6`
VirtualSize	`0x654`
VirtualAddress	`0xeb6000`
SizeOfRawData	`0x800`
PointerToRawData	`0x8a2e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.65939`

.rsrc

MD5	`db116534583f1146b168dfd03f448eec`
SHA1	`4815bdb5eca4cf6d2109c240c38d130a858d0ed5`
SHA256	`078f0f7be7070fd73286a2416f27a101d10acc90891b66a4f1d2b7d3bfe38070`
SHA3	`4883b010068df25b0e0fa1588235a8b36fabf672ce7712064f30e85eb3eaade8`
VirtualSize	`0x1d5`
VirtualAddress	`0xeb7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x8a3600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.72473`

Imports

KERNEL32.dll	`GetTickCount64`
USER32.dll	`MessageBoxW`
ole32.dll	`CoTaskMemFree`
NETAPI32.dll	`DsRoleFreeMemory`
CRYPT32.dll	`CertCloseStore`
imagehlp.dll	`ImageEnumerateCertificates`
KERNEL32.dll (#2)	`GetTickCount64`
USER32.dll (#2)	`MessageBoxW`
KERNEL32.dll (#3)	`GetTickCount64`

Delayed Imports

?a41fe5da@@YAIPBD@Z

Ordinal	`1`
Address	`0x19510`

?a7d31d10@@YA_KXZ

Ordinal	`2`
Address	`0x18bc0`

?a8547dd7@@YAIXZ

Ordinal	`3`
Address	`0x18a10`

?b32fb08c@@YAPAEPBEI0IIHIIPAI@Z

Ordinal	`4`
Address	`0x18fa0`

?bb524f50@@YAPAEHPBEIPAIPAPAE1@Z

Ordinal	`5`
Address	`0x198a0`

?bdc9dd0d@@YAPAEPAI@Z

Ordinal	`6`
Address	`0x18af0`

?c504801c@@YAPBEIEPBEIPAI@Z

Ordinal	`7`
Address	`0x19200`

?cc623062@@YAPAEHPBEIPAIPAPAE1@Z

Ordinal	`8`
Address	`0x195c0`

?dd4b00b5@@YAIXZ

Ordinal	`9`
Address	`0x18ac0`

?dd624167@@YAPAEHPBEI0IPAH@Z

Ordinal	`10`
Address	`0x1a240`

?ec227325@@YAIXZ

Ordinal	`11`
Address	`0x1a6c0`

?ee62726b@@YAHHHH@Z

Ordinal	`12`
Address	`0x193c0`

?ee746541@@YAPAEHPBEIPAIPAPAE1@Z

Ordinal	`13`
Address	`0x19f80`

?f16c0321@@YAPAEPBEI0IIIIPAI@Z

Ordinal	`14`
Address	`0x18be0`

?ff574450@@YAXPAX@Z

Ordinal	`15`
Address	`0x1a7a0`

?x13464db@@YAPAEHPBEI0IPAH@Z

Ordinal	`16`
Address	`0x19bb0`

?xdea1584@@YAPAEPAH@Z

Ordinal	`17`
Address	`0x1a570`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

TLS Callbacks

Load Configuration

Size	`0xc0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x100aa020`
SEHandlerTable	`0x10eb4d60`
SEHandlerCount	`325`

RICH Header

Errors

[!] Error: Could not reach the TLS callback table.
[*] Warning: Section .text has a size of 0!
[*] Warning: Section .rdata has a size of 0!
[*] Warning: Section .data has a size of 0!
[*] Warning: Section .ZPa0 has a size of 0!

Leave a comment

No comments yet.