Manalyze report for e646398e37fa11d5809defbfdc0454a30257f3fdf1e836ed08a2879948d381d9

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Apr-15 06:18:13
Detected languages	English - United States
Debug artifacts	E:\randomm\hmm Nice\x64\Release\Noxyfree.pdb

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: https://MAGICBULLET.re https://discord.gg`
Malicious	The PE contains functions mostly used by malware.	`Possibly launches other programs: system` `Uses functions commonly found in keyloggers: MapVirtualKeyW GetAsyncKeyState CallNextHookEx` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Has Internet access capabilities: InternetReadFile InternetCloseHandle InternetOpenUrlA InternetOpenA` `Reads the contents of the clipboard: GetClipboardData`
Info	The PE is digitally signed.	`Signer: \xE7\xA6\x8F\xE5\xBB\xBA\xE5\x85\xAD\xE5\xA3\xAC\xE7\xBD\x91\xE5\xAE\x89\xE8\x82\xA1\xE4\xBB\xBD\xE6\x9C\x89\xE9\x99\x90\xE5\x85\xAC\xE5\x8F\xB8` `Issuer: Thawte Code Signing CA - G2`
Malicious	VirusTotal score: 23/71 (Scanned on 2026-04-17 16:32:08)	`AVG: Win64:MalwareX-gen [Trj]` `AhnLab-V3: Trojan/Win.Generic.C5865393` `Antiy-AVL: Trojan/Win32.Agent` `Avast: Win64:MalwareX-gen [Trj]` `CTX: dll.trojan.generic` `Cynet: Malicious (score: 99)` `DeepInstinct: MALICIOUS` `ESET-NOD32: Win64/GenKryptik_AGen.DCD trojan` `GData: Win64.Trojan.Agent.5S02X6` `Google: Detected` `Gridinsoft: Trojan.Win64.Agent.sd!c` `Ikarus: PUA.Generic` `K7AntiVirus: Trojan ( 006d9f181 )` `K7GW: Trojan ( 006d9f181 )` `MaxSecure: Trojan.Malware.328690006.susgen` `McAfeeD: ti!E646398E37FA` `Microsoft: Trojan:Win32/Wacatac.B!ml` `Paloalto: generic.ml` `Rising: Trojan.Kryptik!8.8 (LESS:bWQ1Ov8udWVKzGFN)` `Sophos: Mal/Generic-S` `TrellixENS: Artemis!5B7A766F5ECA` `TrendMicro-HouseCall: Trojan.Win64.Gen.TL0101DG26YZ` `Varist: W64/ABTrojan.ONHI-1100`

Hashes

MD5	`5b7a766f5ecaf9eee8ff73e4d03f3581`
SHA1	`cb96584fad3541544e3e5ba966627f7a717aa6e4`
SHA256	`e646398e37fa11d5809defbfdc0454a30257f3fdf1e836ed08a2879948d381d9`
SHA3	`40bd9f6d7f6e3c5c63a06fd2794a779c188596b07f2594f2771def8399d9c71f`
SSDeep	`12288:ZcoseKpkEJMjYkcN2qYhjZeG2+XL7n08MLi68xZA+GJ:aos9kdcNkjhtA+GJ`
Imports Hash	`8ac43fb579b33ab2d82b56eb4fb04e5a`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2026-Apr-15 06:18:13
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x53c00`
SizeOfInitializedData	`0x27400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000520E0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x7f000`
SizeOfHeaders	`0x400`
Checksum	`0x70de2`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`162b17ba7dbcfa1d00d3efa4ddb907e4`
SHA1	`a495eace32a09c9fab8b6c1570219ab08f6c4141`
SHA256	`cd1adb806b236e490d01214e565c033a9c763736479533b63270e137e19921f0`
SHA3	`440b451a6f1eb1287fd6c3017b69f010ea1ceea73cc5d3c06c2d72ff500ffcb1`
VirtualSize	`0x53b70`
VirtualAddress	`0x1000`
SizeOfRawData	`0x53c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.48832`

.rdata

MD5	`7a0e90925cb60c0788590497bf89ec4c`
SHA1	`3c223992a9c3fc8748e265dfe1b5acbd862fc314`
SHA256	`dc1fd9757dcf0f4d86152e0616227c5eb284c9f154a7c2a125d47bd8df635540`
SHA3	`b14835173e197d301bea51d211b5fb7204a8dc9199a5ffd08ffed84861d97d63`
VirtualSize	`0x156ca`
VirtualAddress	`0x55000`
SizeOfRawData	`0x15800`
PointerToRawData	`0x54000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.22038`

.data

MD5	`191a09d0d73fe87ceed455c1edaaaced`
SHA1	`a9d31dc30133bb13785e4b07cb20cd1d62db40f7`
SHA256	`424ea355ade1246570e664b76ee025e8af2d73308bd44cc18571923a12dd977b`
SHA3	`44690624f3ed197c4f5992c956390a988a73449c2f69eadaee645ff41766b90c`
VirtualSize	`0xe7e0`
VirtualAddress	`0x6b000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x69800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.10345`

.pdata

MD5	`db309638e6f5f1d473509cfcc3a447a2`
SHA1	`ffc2dd414a2e885e2a5cf11629b04955eea2626c`
SHA256	`93ad1363d47f6a55f88800d4984f706e7db4f2ce44259ef7e8d1fc592b3ce30c`
SHA3	`d943a00c553261dc93980adfe2112f49fc3cbb807204de455790edde5b39e7ac`
VirtualSize	`0x2e20`
VirtualAddress	`0x7a000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x6a400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.51487`

.rsrc

MD5	`ed86ad78fcaec60f2471d097d935b2cd`
SHA1	`7923ed009f98442dbad3de56191cc6dccedc2d33`
SHA256	`3479aef1597d2a933739e6cc69b6a04b72bef56fb1c60ae8c1727c8f5f6f7b2b`
SHA3	`524e980567959ab90df43e36a6a536a9b2ce53538a3dc338be40343c7891664c`
VirtualSize	`0x1e0`
VirtualAddress	`0x7d000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6d400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.72473`

.reloc

MD5	`c1be92d178ca434abc1e06ce330531cb`
SHA1	`b4db212c1efcfb94ee0468c5d3ddecfb4ee63bd6`
SHA256	`c59f73b2f03665133f2c07b590b9d97890eae1a1f95415bda5c6c00e04b29326`
SHA3	`e6f24b52e4ca8c6358fd8727bac6ea769cd05477684be19731029dff372e3a4b`
VirtualSize	`0x1dc`
VirtualAddress	`0x7e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6d600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.97006`

Imports

KERNEL32.dll	`Sleep` `GetLastError` `DisableThreadLibraryCalls` `Beep` `DeleteCriticalSection` `VirtualQuery` `WriteFile` `GetTickCount64` `GetFileAttributesA` `CreateFileA` `CloseHandle` `GlobalLock` `GetTickCount` `GlobalUnlock` `FormatMessageA` `InitializeSListHead` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `GetCurrentProcessId` `QueryPerformanceCounter` `SleepConditionVariableSRW` `WakeAllConditionVariable` `AcquireSRWLockExclusive` `ReleaseSRWLockExclusive` `OutputDebugStringW` `IsDebuggerPresent` `InitializeCriticalSectionEx` `VirtualAlloc` `GetModuleHandleExW` `WideCharToMultiByte` `VirtualProtect` `GetLocaleInfoEx` `CreateDirectoryW` `FindClose` `FindFirstFileW` `GetFileAttributesExW` `CreateFile2` `AreFileApisANSI` `GetFileInformationByHandleEx` `MultiByteToWideChar` `LocalFree`
USER32.dll	`GetKeyNameTextA` `GetKeyboardState` `GetSystemMetrics` `MapVirtualKeyW` `MessageBoxA` `OpenClipboard` `CloseClipboard` `GetClipboardData` `GetCursorPos` `ToUnicode` `GetAsyncKeyState` `CallNextHookEx`
MSVCP140.dll	`?always_noconv@codecvt_base@std@@QEBA_NXZ` `?_Throw_Cpp_error@std@@YAXH@Z` `?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z` `?id@?$ctype@_W@std@@2V0locale@2@A` `?_Xinvalid_argument@std@@YAXPEBD@Z` `?_Winerror_map@std@@YAHH@Z` `?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z` `?_Syserror_map@std@@YAPEBDH@Z` `_Cnd_do_broadcast_at_thread_exit` `_Thrd_detach` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ` `?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ` `?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z` `?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z` `?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z` `??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z` `?getloc@ios_base@std@@QEBA?AVlocale@2@XZ` `??7ios_base@std@@QEBA_NXZ` `??Bios_base@std@@QEBA_NXZ` `?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?narrow@?$ctype@_W@std@@QEBAPEB_WPEB_W0DPEAD@Z` `?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?uncaught_exceptions@std@@YAHXZ` `?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z` `??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z` `?good@ios_base@std@@QEBA_NXZ` `?_Xlength_error@std@@YAXPEBD@Z` `?_Xout_of_range@std@@YAXPEBD@Z` `?_Id_cnt@id@locale@std@@0HA` `?_Xbad_alloc@std@@YAXXZ` `?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ` `??0_Lockit@std@@QEAA@H@Z` `??1_Lockit@std@@QEAA@XZ` `?id@?$ctype@D@std@@2V0locale@2@A`
WININET.dll	`InternetReadFile` `InternetCloseHandle` `InternetOpenUrlA` `InternetOpenA`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`_CxxThrowException` `__std_type_info_destroy_list` `__current_exception_context` `__C_specific_handler` `__current_exception` `memset` `memmove` `memcpy` `__std_exception_destroy` `__std_exception_copy` `memcmp` `__std_terminate`
api-ms-win-crt-heap-l1-1-0.dll	`free` `malloc` `_callnewh`
api-ms-win-crt-stdio-l1-1-0.dll	`ungetc` `fgetc` `fclose` `fflush` `fwrite` `fsetpos` `fread` `_fseeki64` `_get_stream_buffer_pointers` `__stdio_common_vfprintf` `fputc` `__stdio_common_vsprintf_s` `__stdio_common_vswprintf_s` `__acrt_iob_func` `fgetpos` `setvbuf`
api-ms-win-crt-utility-l1-1-0.dll	`rand` `srand`
api-ms-win-crt-runtime-l1-1-0.dll	`_errno` `abort` `terminate` `_beginthreadex` `system` `_seh_filter_dll` `_configure_narrow_argv` `_initialize_narrow_environment` `_initterm_e` `_initterm` `_cexit` `_crt_atexit` `_execute_onexit_table` `_register_onexit_function` `_initialize_onexit_table`
api-ms-win-crt-filesystem-l1-1-0.dll	`_unlock_file` `_lock_file`
api-ms-win-crt-string-l1-1-0.dll	`isdigit` `iswprint` `strlen` `tolower` `toupper` `wcslen`
api-ms-win-crt-convert-l1-1-0.dll	`strtol` `strtof` `mbstowcs` `strtod`
api-ms-win-crt-math-l1-1-0.dll	`cosf` `powf` `sin` `fmod` `ceilf` `fmodf` `atan2` `atan` `cos` `sinf` `sqrt` `acos` `fmin` `roundf` `fmax`
api-ms-win-crt-environment-l1-1-0.dll	`getenv`
api-ms-win-crt-locale-l1-1-0.dll	`___lc_codepage_func`

Delayed Imports

sfsqofsjqjfsqdnsqnfdsqoif

Ordinal	`1`
Address	`0x3070`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Apr-15 06:18:13
Version	`0.0`
SizeofData	`69`
AddressOfRawData	`0x629bc`
PointerToRawData	`0x619bc`
Referenced File	E:\randomm\hmm Nice\x64\Release\Noxyfree.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Apr-15 06:18:13
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x62a04`
PointerToRawData	`0x61a04`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Apr-15 06:18:13
Version	`0.0`
SizeofData	`868`
AddressOfRawData	`0x62a18`
PointerToRawData	`0x61a18`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2026-Apr-15 06:18:13
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x180062da0`
EndAddressOfRawData	`0x180062da8`
AddressOfIndex	`0x18006bafc`
AddressOfCallbacks	`0x180055850`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x18006b140`

RICH Header

XOR Key	`0x3386296`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`20`
ASM objects (35403)	`4`
C objects (35403)	`8`
C++ objects (35403)	`31`
Imports (35403)	`6`
Imports (33145)	`11`
Total imports	`309`
C++ objects (LTCG) (35728)	`4`
ASM objects (35728)	`1`
Exports (35728)	`1`
Resource objects (35728)	`1`
Linker (35728)	`1`

Errors

Leave a comment

No comments yet.