Manalyze report for f448658e8f9c26eb09b683595cd90d61

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Feb-01 12:04:43
Detected languages	English - United States
Debug artifacts	ninjeye.pdb
CompanyName	NinjEye
FileDescription	Anti-cheat module - https://ninjeye.net
FileVersion	`1.2.1.3`
InternalName	ninjeye.dll
LegalCopyright	Copyright (C) 2018-2026
OriginalFilename	ninjeye.dll
ProductName	NinjEye
ProductVersion	`1.2.1.3`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: https://ninjeye.net ninjeye.net`
Info	Libraries used to perform cryptographic operations:	`Microsoft's Cryptography API`
Suspicious	This PE is packed with Themida	`Unusual section name found: .fptable` `Unusual section name found: .debug` `Unusual section name found: .themida` `Section .themida is both writable and executable.` `Unusual section name found: .boot`
Suspicious	The PE contains functions most legitimate programs don't use.	`Uses Microsoft's cryptographic API: CryptCATAdminAcquireContext` `Leverages the raw socket API to access the Internet: closesocket` `Interacts with the certificate store: CertOpenStore`
Info	The PE is digitally signed.	`Signer: Mihai Panduru` `Issuer: Certum Code Signing 2021 CA`
Suspicious	VirusTotal score: 2/72 (Scanned on 2026-02-01 12:05:59)	`Gridinsoft: Trojan.Heur!.012100A0` `VBA32: BScope.TrojanPSW.Coins`

Hashes

MD5	`f448658e8f9c26eb09b683595cd90d61`
SHA1	`dd4974de9d3277e5750d70d20d3288331cf6ddac`
SHA256	`c7cca5c5784ff04f24a1b253586ba3fea31b765267d4f22dccc93cf5954570ad`
SHA3	`adec8516fea5e8c0b4da864cb4ff8aaab4569399738a6f56e6dfcafe63683d40`
SSDeep	`196608:51LC2mD9QVDh+t42FnLdN1EqazsE5RWkucFwkC:5dNgmVd+t42hHSeETQTk`
Imports Hash	`465d320c62045a03c5b7789301cbaa19`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x130`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`14`
TimeDateStamp	2026-Feb-01 12:04:43
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x4dc600`
SizeOfInitializedData	`0x1f5800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00E47058 (Section: .boot)`
BaseOfCode	`0x1000`
BaseOfData	`0x4de000`
ImageBase	`0x10000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x12d6000`
SizeOfHeaders	`0x600`
Checksum	`0x75b3df`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_NO_BIND`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`c6f62ab071fa54b016a98077d8511e9a`
SHA1	`84649afa934cd59dbfbe78a67503db885965cb78`
SHA256	`f9c7fb895325cb42a1b18f6878365c00c1f9d48bf51a1cc5693c283d5f487c94`
SHA3	`9898034d20f47cb064732f2f6dd768fd2e9293aa612eca57b05aafdb4ee8dc26`
VirtualSize	`0x4dc508`
VirtualAddress	`0x1000`
SizeOfRawData	`0x214400`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.98329`

.rdata

MD5	`e3629d48520439b94901cdd63dbe7386`
SHA1	`aca3b4a6ecd63f027055aff361f0fb8f1f76cbc6`
SHA256	`71d91ce01c8585104b95ff4143ec3984b0737b335708e82d5d485a9b85e80d23`
SHA3	`65277e396a91d89adc18cf25c1f6696b2ad7d5b4c6ba1c58a4b5a883100225c3`
VirtualSize	`0x18f816`
VirtualAddress	`0x4de000`
SizeOfRawData	`0x6ae00`
PointerToRawData	`0x214a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.97736`

.data

MD5	`14a4e48bb5664792d8e32422770acd36`
SHA1	`552e8f44aaad62849df3ab37fb391ac8141aa758`
SHA256	`60de0b352a9b87d1c2581eb5ba4a90a323697ae5101e311faab6db859c52640c`
SHA3	`6d0631c69e5419066c30a780040c48569ae83d8ac7e0c7e11a20d86a8ce3d488`
VirtualSize	`0x12dd0`
VirtualAddress	`0x66e000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0x27f800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.71926`

.detourc

MD5	`c0600256e8304241dc35f89587dc4a84`
SHA1	`a74f8bdf4c5160ec80ed8cf538f44a072bce1f94`
SHA256	`0f5ca9ac2f26094d348523d5dd7fbff7f0b7c642e318f5333b8baf06e0908525`
SHA3	`089b74a27c119bcd6e79c6dbca6a67127c852f8d6550759e55d2b017970c23db`
VirtualSize	`0x11b0`
VirtualAddress	`0x681000`
SizeOfRawData	`0x200`
PointerToRawData	`0x281400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.10785`

.detourd

MD5	`26268bb20a9f4bd9d7437e598d1d222b`
SHA1	`3890d14dc8fd793d910226d46e6348ef631ae7f2`
SHA256	`a369e447a5b93a35c27f0d1086c41069e4335ea87412f9b45894371d7e17be2d`
SHA3	`9d1fdcd50650b34957e8abd51de2f5484a765fe31dddb793095bf4e17d514566`
VirtualSize	`0xc`
VirtualAddress	`0x683000`
SizeOfRawData	`0x200`
PointerToRawData	`0x281600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.16299`

.fptable

MD5	`f6fd1ac275352abe1cf22adf0fd291aa`
SHA1	`d50ba42d5aa29d1a04039b6df4a6ba954a7f0430`
SHA256	`36ff34f60e3327564c9f53f8fd686f6843fc275cb79f36c9bd56d7c455b7b32f`
SHA3	`cc5269bea49b7df1c519451c04cfc04be28bcf6b8504637f2ed292cf4b7b1cd3`
VirtualSize	`0x80`
VirtualAddress	`0x684000`
SizeOfRawData	`0x200`
PointerToRawData	`0x281800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.10191`

.rsrc

MD5	`6df6c0c4e55a28eb838c2f399a6e2da1`
SHA1	`8e70dd7c3144e40e3bc1f5bea702d7d60a20c24e`
SHA256	`34dfa744db6c47096609b5745c2cbf6ca4eedcfc456590fef0e43b2521f43c8c`
SHA3	`5b28ba6362aa8d3bbb754034afe9ff435bca8c8f5ed1c89b708c0624b50815ee`
VirtualSize	`0x284a0`
VirtualAddress	`0x685000`
SizeOfRawData	`0x28600`
PointerToRawData	`0x281a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.28882`

.reloc

MD5	`d0f0f6bd97fa3164de5186acdff771d3`
SHA1	`d0cc3fffaa85fc9ddbf1d7449da36f49baf12435`
SHA256	`5693d4092180ff37e210278f77aee1523852d75d3c1faea87b02f151f44c9139`
SHA3	`18668170aecff4cf62d29f4ec2557fd94b0dcdf584b2bee22f679302b781f756`
VirtualSize	`0x292b0`
VirtualAddress	`0x6ae000`
SizeOfRawData	`0x1d000`
PointerToRawData	`0x2aa000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.93837`

.debug

MD5	`8e29bcc7c9ef673e5628d8ae160b38d8`
SHA1	`22eceefb755322e2a4993a763f03d1442c2a0644`
SHA256	`49fe5091881a5d04abc7c30258555299674c7ad437f040148815b3fc1a8fef96`
SHA3	`7e7dde1c38571483c7c2de1514b9ba95c856c45c8bc423be8709c5b95df49c75`
VirtualSize	`0x1000`
VirtualAddress	`0x6d8000`
SizeOfRawData	`0x600`
PointerToRawData	`0x2c7000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.64503`

.idata

MD5	`db92c7bda788827afdbda81f4855f97d`
SHA1	`b6bc974ad7c008165d339b433b3ac6a243e6221b`
SHA256	`23bbde09263b385cb883a8513df044ece9a3db817173cf8d48b07408bfc1b732`
SHA3	`3f20b83237eff241135baa01bf99ed51906852fd9e80de4f9a20fb77e32b306d`
VirtualSize	`0x1000`
VirtualAddress	`0x6d9000`
SizeOfRawData	`0x400`
PointerToRawData	`0x2c7600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.92625`

.tls

MD5	`9e389d0a28eb623f9f50b317f2fa05d1`
SHA1	`a5c0438c819d88421915898fa5c652d89d3d6356`
SHA256	`c4fe37d2e87b9948437fb05d4a8f0aad7187a795d2e408dbe67ed990a4994ebe`
SHA3	`57adde38f2846b856c7b281ad20b7c23f18c72e60b1dc682738aaeaf049e7901`
VirtualSize	`0x1000`
VirtualAddress	`0x6da000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2c7a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.232911`

.themida

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x76c000`
VirtualAddress	`0x6db000`
SizeOfRawData	`0`
PointerToRawData	`0x2c7c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.boot

MD5	`d8d58964e3c026f6b9a156cfd0f11f25`
SHA1	`95ef9b4ff9965d753db9c8ff1759e41d60d79e5d`
SHA256	`240f7d59e6b812ef097a888368ea3aeb540ef264a257a9404a58a0359093630b`
SHA3	`f410be3676f44c851379bb4c987078754d77cf1a3fff2f9b0cfd5c5135be2b6f`
VirtualSize	`0x48dc00`
VirtualAddress	`0xe47000`
SizeOfRawData	`0x48dc00`
PointerToRawData	`0x2c7c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.957`

.reloc (#2)

MD5	`7a5daa5171ff81154ab6047ac997a841`
SHA1	`f5f2ac96ea23a37a447b475b36904abbccbc3aae`
SHA256	`dd887bf3d38daca4b23f69a46692f5167593965ddb076090937ffeaee9eec4f2`
SHA3	`af56d87048c900bf8f8ed6e4be2b2c300cbefc013a4d9274d9de795905e27fe3`
VirtualSize	`0x1000`
VirtualAddress	`0x12d5000`
SizeOfRawData	`0x10`
PointerToRawData	`0x755800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ`
Entropy	`2.27178`

Imports

kernel32.dll	`GetModuleHandleA`
dwmapi.dll	`DwmGetWindowAttribute`
PROPSYS.dll	`PropVariantToString`
USERENV.dll	`GetUserProfileDirectoryW`
VERSION.dll	`GetFileVersionInfoExW`
WINTRUST.dll	`CryptCATAdminAcquireContext`
CRYPT32.dll	`CertOpenStore`
USER32.dll	`GetProcessWindowStation`
GDI32.dll	`GetObjectW`
ADVAPI32.dll	`SetEntriesInAclW`
SHELL32.dll	`SetCurrentProcessExplicitAppUserModelID`
ole32.dll	`PropVariantClear`
WS2_32.dll	`closesocket`
api-ms-win-core-synch-l1-2-0.dll	`WaitOnAddress`

Delayed Imports

101

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2802a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.30717`
MD5	`08230f14032a55e3c29cdd474405f2f1`
SHA1	`c645614c68ce3dd5b5210d329c03b46d3035879a`
SHA256	`95f7537cfdd0a5254c835f6bbf20ba90d5519e8ad54d0919ddece7fff3a64e94`
SHA3	`4ef9d6126d58fcc7945b33c5ec5c444703041fcc679b41198798479d8a137bc8`
Preview

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.45537`
MD5	`a7365f341ee5b61da006d304fbc6fe07`
SHA1	`57a1a39c83dd1e79be32a2e01e04dd6cbe084b59`
SHA256	`73ee36a22d043ddea8dbb6691d257d829978af10945fdde20df1a943059640cd`
SHA3	`64c9c1850b933983cce362e9816fdc182a75141af0a21324424a7ac1424fae06`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x91`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.8858`
MD5	`f7ad1eab748bc07570a57ec87787cf90`
SHA1	`0b1608da9fef218386e825db575c65616826d9f4`
SHA256	`d2952e57023848a37fb0f21f0dfb38c9000f610ac2b00c2f128511dfd68bde04`
SHA3	`6c9541b36948c19ae507d74223621875b3af4064f7cd8200bdb97e15a047e96a`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.2.1.3
ProductVersion	1.2.1.3
FileFlags	`VS_FF_PRERELEASE` `VS_FF_SPECIALBUILD`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	NinjEye
FileDescription	Anti-cheat module - https://ninjeye.net
FileVersion (#2)	1.2.1.3
InternalName	ninjeye.dll
LegalCopyright	Copyright (C) 2018-2026
OriginalFilename	ninjeye.dll
ProductName	NinjEye
ProductVersion (#2)	1.2.1.3

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Feb-01 12:04:43
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x6d8054`
PointerToRawData	`0x2c7054`
Referenced File	ninjeye.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Feb-01 12:04:43
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x6d8078`
PointerToRawData	`0x2c7078`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Feb-01 12:04:43
Version	`0.0`
SizeofData	`980`
AddressOfRawData	`0x6d808c`
PointerToRawData	`0x2c708c`

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xd7029537`
Unmarked objects	`0`
ASM objects (33145)	`15`
C++ objects (33145)	`199`
Imports (VS2008 SP1 build 30729)	`2`
C objects (35403)	`17`
ASM objects (35403)	`27`
C++ objects (35403)	`94`
C objects (33145)	`28`
C++ objects (33813)	`3`
Unmarked objects (#2)	`22`
C objects (33813)	`783`
Imports (33145)	`27`
Total imports	`332`
C++ objects (35723)	`34`
ASM objects (35723)	`5`
Resource objects (35723)	`1`
151	`1`
Linker (35723)	`1`

Errors

[!] Error: Could not reach the TLS callback table.
[*] Warning: Section .themida has a size of 0!