Manalyze report for e90cdf5d6daba7868cbca09fa17d3066f2a085f515d76ef1a9830b0b31b974cd

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Jun-10 17:15:52

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: GetTempPathW CreateFileW` `Functions related to the privilege level: OpenProcessToken` `Enumerates local disk drives: GetDriveTypeW`
Suspicious	The file contains overlay data.	`21533915 bytes of data starting at offset 0x6e400.` `The overlay data has an entropy of 7.99861 and is possibly compressed or encrypted.` `Overlay data amounts for 97.946% of the executable.`
Malicious	VirusTotal score: 13/70 (Scanned on 2026-06-11 06:48:41)	`ALYac: Gen:Variant.Adware.Tedy.11030` `APEX: Malicious` `Arcabit: Trojan.Adware.Tedy.D2B16` `BitDefender: Gen:Variant.Adware.Tedy.11030` `Bkav: W32.Malware.BD27910E` `CTX: exe.trojan.tedy` `Cylance: Unsafe` `Emsisoft: Gen:Variant.Adware.Tedy.11030 (B)` `GData: Gen:Variant.Adware.Tedy.11030` `McAfeeD: ti!E90CDF5D6DAB` `MicroWorld-eScan: Gen:Variant.Adware.Tedy.11030` `Microsoft: Trojan:Win32/Wacatac.B!ml` `VIPRE: Gen:Variant.Adware.Tedy.11030`

Hashes

MD5	`6841454d57e68ea39d962ebee4c37fed`
SHA1	`7ac7154fd4940f26f1c640e7e583a9ca98f5a980`
SHA256	`e90cdf5d6daba7868cbca09fa17d3066f2a085f515d76ef1a9830b0b31b974cd`
SHA3	`6494e6d44a6bb9f3312ccde658dbc6698bf0af2ca171c268cafcf942422f9682`
SSDeep	`393216:x1biodjs14bMgLc9zGdPF7Ge1yNdq1B7irhkS5Hsn4qSnc/ZiI/2:a2G4TLcNOPZx1yNg14tVdgzSc/ZO`
Imports Hash	`dcaf48c1f10b0efa0a4472200f3850ed`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2026-Jun-10 17:15:52
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x2c600`
SizeOfInitializedData	`0x41a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000000DFC0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x77000`
SizeOfHeaders	`0x400`
Checksum	`0x14f9672`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x1e8480`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e0c77dbbcbcab802310739b87b1cb097`
SHA1	`10eafc7c2241b49e98c00f013fb74650f3854120`
SHA256	`b6384a19c8e7951b27929ff0febeef11246d385ee5f6e0f3931b7e985597b701`
SHA3	`3f5b56135638f16b13c4c8a490e720e61de121c52bba72fbd451ae835e632e2f`
VirtualSize	`0x2c490`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2c600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.4654`

.rdata

MD5	`fa9bc69ef2fc0bccfcaa0786918b50c6`
SHA1	`e3490321ca1375b4d0f3148de5fc89cbee3de1d9`
SHA256	`3ba5501f716c54e659b39d44bffd9e5105bdef57b142fa85a05b262b724215ad`
SHA3	`909a63e1c7caef389b3e9107c9f932b5e31a05a53e83da188835a399d36bf560`
VirtualSize	`0x13b68`
VirtualAddress	`0x2e000`
SizeOfRawData	`0x13c00`
PointerToRawData	`0x2ca00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.75348`

.data

MD5	`480ab7be9be730afcebb349cd1d2328a`
SHA1	`ded45b1e3b731c13795e36c5d7e8f3dac03f9634`
SHA256	`5bf16564eab136ff8a49b29867918b49a778978cd4c5acf2fb5ccdd19340831c`
SHA3	`665776fd9e8a604af79a90d67204a109fae9ce0d6a01405a4d85231867f7a494`
VirtualSize	`0x50b0`
VirtualAddress	`0x42000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x40600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.8161`

.pdata

MD5	`375cd8e9e26fc1b25836640492a05048`
SHA1	`891f2e3ab5a219364450e77d8c8a80ef3074fa42`
SHA256	`520b0ee170e11e6d90932f9eca616049f1bbd16f36f0f9299325574c3077d010`
SHA3	`475e9b70a96d08c08df845b116e9c2218b1ae2cf08b189d000ec155e6a10b731`
VirtualSize	`0x240c`
VirtualAddress	`0x48000`
SizeOfRawData	`0x2600`
PointerToRawData	`0x41400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.31534`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x100`
VirtualAddress	`0x4b000`
SizeOfRawData	`0x200`
PointerToRawData	`0x43a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`d36a41f10d921cae6bbf2054c3e911e6`
SHA1	`a472a72214667100de4bad38b517a727f4ff6fc1`
SHA256	`64682b7929e94afc9835f1da7ee6804b2dc6724e90982ae4d297d23ab42c394a`
SHA3	`1de0aa1e49ff6a73fea393a3bbf537898d2b3cd31c6dc439278ee9ed08681834`
VirtualSize	`0x29f10`
VirtualAddress	`0x4c000`
SizeOfRawData	`0x2a000`
PointerToRawData	`0x43c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.97726`

.reloc

MD5	`2b6e08476851652d83b5fd30f90f9ad7`
SHA1	`b61504ed73820ed543f7df51e5227d17e517badb`
SHA256	`c80cd8828e3293d84bf4a1764b2d6611ca75492eef2fbf318645b9dbe3731db6`
SHA3	`403fee35fd8e088c0269d849358d33217081fa4c577a1530a25d0911ed5bcf3e`
VirtualSize	`0x774`
VirtualAddress	`0x76000`
SizeOfRawData	`0x800`
PointerToRawData	`0x6dc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.26439`

Imports

USER32.dll	`CreateWindowExW` `ShutdownBlockReasonCreate` `MsgWaitForMultipleObjects` `ShowWindow` `DestroyWindow` `RegisterClassW` `DefWindowProcW` `PeekMessageW` `DispatchMessageW` `TranslateMessage` `PostMessageW` `GetMessageW` `MessageBoxW` `MessageBoxA` `SystemParametersInfoW` `DestroyIcon` `SetWindowLongPtrW` `GetWindowLongPtrW` `GetClientRect` `InvalidateRect` `ReleaseDC` `GetDC` `DrawTextW` `GetDialogBaseUnits` `EndDialog` `DialogBoxIndirectParamW` `MoveWindow` `SendMessageW`
COMCTL32.dll	`#380`
KERNEL32.dll	`GetACP` `IsValidCodePage` `GetStringTypeW` `GetFileAttributesExW` `SetEnvironmentVariableW` `FlushFileBuffers` `LCMapStringW` `CompareStringW` `VirtualProtect` `InitializeCriticalSectionEx` `GetOEMCP` `GetCPInfo` `GetLastError` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `GetModuleHandleW` `MulDiv` `FormatMessageW` `GetModuleFileNameW` `SetDllDirectoryW` `GetEnvironmentStringsW` `SetErrorMode` `CreateDirectoryW` `GetCommandLineW` `GetEnvironmentVariableW` `ExpandEnvironmentStringsW` `DeleteFileW` `FindClose` `FindFirstFileW` `FindNextFileW` `GetDriveTypeW` `RemoveDirectoryW` `GetTempPathW` `CloseHandle` `QueryPerformanceCounter` `QueryPerformanceFrequency` `WaitForSingleObject` `Sleep` `GetCurrentProcess` `TerminateProcess` `GetExitCodeProcess` `CreateProcessW` `GetStartupInfoW` `LocalFree` `SetConsoleCtrlHandler` `K32EnumProcessModules` `K32GetModuleFileNameExW` `CreateFileW` `FindFirstFileExW` `GetFinalPathNameByHandleW` `MultiByteToWideChar` `WideCharToMultiByte` `FlsFree` `FreeEnvironmentStringsW` `GetProcessHeap` `GetTimeZoneInformation` `HeapSize` `HeapReAlloc` `WriteConsoleW` `SetEndOfFile` `CreateSymbolicLinkW` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsProcessorFeaturePresent` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `RtlUnwindEx` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `EncodePointer` `RaiseException` `RtlPcToFileHeader` `GetCommandLineA` `GetFileInformationByHandle` `GetFileType` `PeekNamedPipe` `SystemTimeToTzSpecificLocalTime` `FileTimeToSystemTime` `ReadFile` `GetFullPathNameW` `SetStdHandle` `GetStdHandle` `WriteFile` `ExitProcess` `GetModuleHandleExW` `HeapFree` `GetConsoleMode` `ReadConsoleW` `SetFilePointerEx` `GetConsoleOutputCP` `GetFileSizeEx` `HeapAlloc` `GetCurrentDirectoryW` `FlsAlloc` `FlsGetValue` `FlsSetValue`
ADVAPI32.dll	`OpenProcessToken` `GetTokenInformation` `ConvertStringSecurityDescriptorToSecurityDescriptorW` `ConvertSidToStringSidW`
GDI32.dll	`SelectObject` `DeleteObject` `CreateFontIndirectW`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x29901`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.97905`
Detected Filetype	PNG graphic file
MD5	`11b0127c7a1124b97b916cc711c6459a`
SHA1	`6de520155a9621edab7c4cc8f35476e7a837e45a`
SHA256	`91b1faeaf15e2598768d2bb9c3a8c65421088ebcc1e1668060d587d6634b0a0d`
SHA3	`02392d9f175490c12d028fd9e800bd1129804338f0523cf5d7f2f86e18a49a8f`

1 (#2)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.59047`
Detected Filetype	Icon file
MD5	`33b9c72edae650c0828bac2dafc8e5b7`
SHA1	`5a81435ca901833f454e7d4cf16806a39c2dea31`
SHA256	`e9996e889b6d6ec6041ba44acdbdbbb5d2073b0bc9d88392d6fb23a5aeebeeb8`
SHA3	`618f7ce1fb5b4e6a30b36b2d7a446eb34b38c8cea70b489813702170975936f4`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x50d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.25791`
MD5	`84da8dee6b319ea0b10b6de5489c6aae`
SHA1	`5f8991f3e065fd95614859a293f88b9c70e4bb23`
SHA256	`abf8f2022f12f350789d961aceaf9ccfd53e7ec58d8c9934cfce77779b4eac11`
SHA3	`08f0562915b54bedce5a84e9d32cb2efcc538268785103b1852338e20a3b4606`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Jun-10 17:15:52
Version	`0.0`
SizeofData	`816`
AddressOfRawData	`0x3e178`
PointerToRawData	`0x3cb78`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140042040`
GuardCFCheckFunctionPointer	`5368898744`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0xa6a371c3`
Unmarked objects	`0`
C++ objects (33145)	`183`
C objects (33145)	`12`
ASM objects (33145)	`11`
253 (35207)	`3`
ASM objects (35207)	`9`
C objects (35207)	`17`
C++ objects (35207)	`40`
Imports (33145)	`11`
Total imports	`159`
C objects (35225)	`27`
Linker (35225)	`1`

Errors

Leave a comment

No comments yet.