Manalyze report for e5549e654e3bec60ef23c57ea13d66f8d52da68c04304684878e1d7e91055f4f

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Jun-16 11:14:34
Detected languages	English - United States
Debug artifacts	C:\Users\tylor\Downloads\roblox-external-main\roblox-external-main\x64\Release\roblox external.pdb

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Info	Interesting strings found in the binary:	`Contains domain names: assetdelivery.roblox.com http://www.roblox.com http://www.roblox.com/asset/?id https://assetdelivery.roblox.com https://assetdelivery.roblox.com/v1/asset/?id roblox.com www.roblox.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowA` `Code injection capabilities: WriteProcessMemory OpenProcess VirtualAllocEx` `Possibly launches other programs: ShellExecuteA` `Uses functions commonly found in keyloggers: GetForegroundWindow MapVirtualKeyA GetAsyncKeyState` `Manipulates other processes: WriteProcessMemory OpenProcess ReadProcessMemory Process32NextW Process32FirstW` `Can take screenshots: GetDC FindWindowA` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`1d95d701200723f472a7728b840818a8`
SHA1	`6c57077b19b37fa7b3c8be694bf09d03ffb1d378`
SHA256	`e5549e654e3bec60ef23c57ea13d66f8d52da68c04304684878e1d7e91055f4f`
SHA3	`1dea006b7948c49cffd48c2aa2766191392bc6675e3ecf261ca52054f65b08b0`
SSDeep	`12288:75Rvn7YvgAwN4/EtE0sEhW6Fj5eGfEM4A5Y0/kd:7Tn7+gA8OEhpFkGF5Y08d`
Imports Hash	`8a3cd012914effde76c65298b897c221`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2026-Jun-16 11:14:34
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x8da00`
SizeOfInitializedData	`0x25e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000008C260 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xb7000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a8fbf36957a665949c1d738b661a0b00`
SHA1	`5d78a6e0560a9c570bb5203405148d3dc35a369b`
SHA256	`66838b5fd533a0fc7835cc7fb303cce8474227ca2d7c038896b08f01629add6f`
SHA3	`7f59590cf9273af9875e472e55e164b84c006db7c3290e8baf7609b8dab2ef54`
VirtualSize	`0x8d951`
VirtualAddress	`0x1000`
SizeOfRawData	`0x8da00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.50679`

.rdata

MD5	`ccb293dd150a2e8e313d96d2817caeea`
SHA1	`9dcbaefceee1cdb77aa90fb45b444156cf7d4a64`
SHA256	`ed4337318d8e2b0f77088607ff6db13e9a99f919515100348cb4bc6a9f5cf67f`
SHA3	`6822d88d425e7f0e987b5d8d6c49ad8bfb4023b08616073b6681f389a261dedf`
VirtualSize	`0x1ac44`
VirtualAddress	`0x8f000`
SizeOfRawData	`0x1ae00`
PointerToRawData	`0x8de00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.1178`

.data

MD5	`e23dded404ccceaca6e884785a4bc01f`
SHA1	`f6aee9b0c0fe91b79ff900fb7feaa577992b60ef`
SHA256	`8c6c8ceeedf3fbffbe4ecdf94dafe146c2fb38dc6dec1e601294a47eac07d097`
SHA3	`effb02443b0e19e9975082ae565d263ac46c3bbaa0e1e0d95ea652b61549339a`
VirtualSize	`0x4a50`
VirtualAddress	`0xaa000`
SizeOfRawData	`0xa00`
PointerToRawData	`0xa8c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.478`

.pdata

MD5	`b2f56e06f58080495fec2efcee184242`
SHA1	`fcef3c56484a3357318faecc61908d9adbdc1e90`
SHA256	`b5127fbe7b77b0f40b09a8bf07f7a6917fe7fb02aba625fec9fa22f6412d55ef`
SHA3	`7a67a6d049fd2b36657c88840c551b8b2b1a357b9c8420738756fbcc99c924d9`
VirtualSize	`0x5b38`
VirtualAddress	`0xaf000`
SizeOfRawData	`0x5c00`
PointerToRawData	`0xa9600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.97966`

.rsrc

MD5	`518fdd07ec5e6312dca945568a1235c0`
SHA1	`ac250aae43c1571880f28b570cd4364db8334139`
SHA256	`b8cf4857d66132518f8ecb8c1c26a16605b273439cd959983e150512c9a69dc4`
SHA3	`404a3f00b9f7c3363138111aea5299ae715c704c9a57771be24235310ce3d733`
VirtualSize	`0x1e0`
VirtualAddress	`0xb5000`
SizeOfRawData	`0x200`
PointerToRawData	`0xaf200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.7123`

.reloc

MD5	`4f4552e73eef239520b30403c97aa00b`
SHA1	`1987aaf58f92fd959de7afc006d33f4286884dfc`
SHA256	`3759c1f2e5537724774f5a0db174ba0a827b2fb5cd7fbbc85483536519a0cb96`
SHA3	`30743723455dab0fb371c7f44e8532eb431a9c583f37e668bb881c8ba392f24d`
VirtualSize	`0x4ac`
VirtualAddress	`0xb6000`
SizeOfRawData	`0x600`
PointerToRawData	`0xaf400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.64831`

Imports

d3d11.dll	`D3D11CreateDeviceAndSwapChain`
dwmapi.dll	`DwmExtendFrameIntoClientArea`
KERNEL32.dll	`WriteProcessMemory` `OpenProcess` `CloseHandle` `ReadProcessMemory` `CreateToolhelp32Snapshot` `Process32NextW` `Process32FirstW` `Module32FirstW` `Module32NextW` `WaitForSingleObject` `GetTickCount` `VirtualAllocEx` `MoveFileA` `FindFirstFileA` `FindNextFileA` `FindClose` `DeleteFileA` `CreateDirectoryA` `GetModuleHandleW` `CreateThread` `GlobalFree` `GlobalLock` `WideCharToMultiByte` `GlobalUnlock` `GetLocaleInfoA` `LoadLibraryA` `QueryPerformanceFrequency` `GetProcAddress` `FreeLibrary` `QueryPerformanceCounter` `InitializeSListHead` `SetUnhandledExceptionFilter` `SleepConditionVariableSRW` `WakeAllConditionVariable` `AcquireSRWLockExclusive` `ReleaseSRWLockExclusive` `GetCurrentProcessId` `GetCurrentThreadId` `AllocConsole` `FreeConsole` `Sleep` `GlobalAlloc` `GetStartupInfoW` `GetSystemTimeAsFileTime` `MultiByteToWideChar`
USER32.dll	`GetKeyState` `ScreenToClient` `ClientToScreen` `TranslateMessage` `GetKeyboardLayout` `GetForegroundWindow` `LoadCursorW` `SetForegroundWindow` `GetClientRect` `SetCursorPos` `OpenClipboard` `CloseClipboard` `EmptyClipboard` `GetClipboardData` `SetClipboardData` `mouse_event` `GetDC` `ReleaseDC` `SendInput` `SetCursor` `WindowFromPoint` `GetKeyNameTextA` `MapVirtualKeyA` `GetAsyncKeyState` `DispatchMessageW` `PeekMessageW` `SetLayeredWindowAttributes` `SetWindowLongW` `FindWindowA` `GetCursorPos`
GDI32.dll	`GetDeviceCaps`
SHELL32.dll	`ShellExecuteA`
MSVCP140.dll	`?good@ios_base@std@@QEBA_NXZ` `??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z` `?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z` `??Bios_base@std@@QEBA_NXZ` `?always_noconv@codecvt_base@std@@QEBA_NXZ` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?_Xbad_alloc@std@@YAXXZ` `?_Xlength_error@std@@YAXPEBD@Z` `?_Throw_Cpp_error@std@@YAXH@Z` `_Mtx_lock` `_Mtx_unlock` `_Query_perf_frequency` `_Query_perf_counter` `?_Xinvalid_argument@std@@YAXPEBD@Z` `?_Xout_of_range@std@@YAXPEBD@Z` `??1_Lockit@std@@QEAA@XZ` `??0_Lockit@std@@QEAA@H@Z` `?uncaught_exceptions@std@@YAHXZ` `?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ` `?_Id_cnt@id@locale@std@@0HA` `?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z` `?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ` `?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ` `??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z`
IMM32.dll	`ImmSetCandidateWindow` `ImmReleaseContext` `ImmGetContext` `ImmSetCompositionWindow`
D3DCOMPILER_47.dll	`D3DCompile`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`strstr` `memchr` `memcmp` `memcpy` `memmove` `__std_terminate` `__C_specific_handler` `_CxxThrowException` `__current_exception` `__current_exception_context` `__std_exception_destroy` `memset` `__std_exception_copy`
api-ms-win-crt-heap-l1-1-0.dll	`malloc` `_callnewh` `_set_new_mode` `free`
api-ms-win-crt-stdio-l1-1-0.dll	`ftell` `fseek` `_fseeki64` `fread` `_set_fmode` `__stdio_common_vsscanf` `fsetpos` `__acrt_iob_func` `ungetc` `__p__commode` `setvbuf` `fgetpos` `_wfopen` `fwrite` `fflush` `fputc` `fclose` `_get_stream_buffer_pointers` `__stdio_common_vsprintf_s` `__stdio_common_vsprintf` `__stdio_common_vfprintf` `freopen_s` `fgetc`
api-ms-win-crt-string-l1-1-0.dll	`strncmp` `strcmp` `isdigit` `tolower` `isspace` `_wcsicmp` `strlen` `strncpy` `strncpy_s`
api-ms-win-crt-runtime-l1-1-0.dll	`terminate` `_register_thread_local_exe_atexit_callback` `_c_exit` `_configure_narrow_argv` `_initialize_narrow_environment` `_initialize_onexit_table` `_register_onexit_function` `_crt_atexit` `_cexit` `_seh_filter_exe` `_set_app_type` `_exit` `_get_narrow_winmain_command_line` `_initterm` `_initterm_e` `exit` `_errno`
api-ms-win-crt-convert-l1-1-0.dll	`strtoull` `atof` `strtol` `strtof`
api-ms-win-crt-filesystem-l1-1-0.dll	`_unlock_file` `_lock_file`
api-ms-win-crt-math-l1-1-0.dll	`sinf` `sqrtf` `logf` `powf` `floorf` `fmodf` `__setusermatherr` `nearbyint` `acosf` `atan2f` `ceilf` `cosf`
api-ms-win-crt-utility-l1-1-0.dll	`qsort`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Jun-16 11:14:34
Version	`0.0`
SizeofData	`123`
AddressOfRawData	`0x9d15c`
PointerToRawData	`0x9bf5c`
Referenced File	C:\Users\tylor\Downloads\roblox-external-main\roblox-external-main\x64\Release\roblox external.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Jun-16 11:14:34
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x9d1d8`
PointerToRawData	`0x9bfd8`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Jun-16 11:14:34
Version	`0.0`
SizeofData	`912`
AddressOfRawData	`0x9d1ec`
PointerToRawData	`0x9bfec`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2026-Jun-16 11:14:34
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x14009d5a0`
EndAddressOfRawData	`0x14009d5a8`
AddressOfIndex	`0x1400aa8f4`
AddressOfCallbacks	`0x14008f8b0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1400aa040`

RICH Header

XOR Key	`0xc2ad17f3`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`18`
ASM objects (35721)	`4`
C objects (35721)	`10`
C++ objects (35721)	`36`
Imports (35721)	`6`
Imports (33145)	`17`
Total imports	`276`
C++ objects (LTCG) (36247)	`29`
Resource objects (36247)	`1`
Linker (36247)	`1`

Errors

Leave a comment

No comments yet.