Manalyze report for f465d0b5496f3a49ef4c4d6c99700704

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2022-Jun-24 11:28:19
Detected languages	English - United States
Debug artifacts	C:\code\app-player\out\winnt\x64\Release\hd\Source\Tool\ForceGPU\Release\HD-ForceGPU.pdb

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains obfuscated function names: 6a 48 59 7d 5f 42 4e 6c 49 49 5f 48 5e 5e` `Contains a XORed PE executable: 79 45 44 5e 0d 5d 5f 42 4a 5f 4c 40 0d 4e 4c 43 43 42 59 0d ...`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Can access the registry: RegCreateKeyExW RegSetValueExW RegCloseKey` `Possibly launches other programs: CreateProcessW CreateProcessA`
Suspicious	The file contains overlay data.	`2546260 bytes of data starting at offset 0x2a8c0.` `Overlay data amounts for 93.5942% of the executable.`
Info	The PE is digitally signed.	`Signer: Bluestack Systems` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Malicious	VirusTotal score: 15/72 (Scanned on 2025-01-20 06:37:33)	`Bkav: W64.AIDetectMalware` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `ESET-NOD32: Win64/Filesponger.E` `GData: Win64.Trojan.Agent.UX8TBE` `Google: Detected` `Ikarus: Trojan.Win64.Filesponger` `Kingsoft: Win64.Troj.Filesponger.E` `McAfee: Artemis!F465D0B5496F` `McAfeeD: ti!C1F258C2F8DC` `Rising: Trojan.Filesponger!8.184DB (CLOUD)` `Skyhigh: BehavesLike.Win64.Generic.vm` `Sophos: Mal/Generic-S` `Symantec: ML.Attribute.HighConfidence` `TrendMicro: TrojanSpy.Win64.VIPERSOFTX.SMTH`

Hashes

MD5	`f465d0b5496f3a49ef4c4d6c99700704`
SHA1	`1e7215a4c3dee0db60591bb268542e8dbed24e7a`
SHA256	`c1f258c2f8dc2a8f9d0185cd9510ba8ad801aff46d6beb69e2e323fc7f67b5b0`
SHA3	`295710b28cf76b2a2fe27e436b4077dbbb26d9f8eb35a6143f8d8aa4f6c7f7f4`
SSDeep	`49152:ZpeQfT9H41pxehKlHv1uHgM+vTWPYqvBwBoE+mpFxkF34TZ/2:ZpeQfT9H41pxehKl9GgM+vTaYq8oE+mg`
Imports Hash	`c37009ba3fc4db0cec9f59a95d7c7f22`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2022-Jun-24 11:28:19
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x22000`
SizeOfInitializedData	`0x7200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000021B74 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x2d000`
SizeOfHeaders	`0x400`
Checksum	`0x2b754`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`8305b048798415c960e942fba8c841dd`
SHA1	`ac035474b2cc0a89ff403ef05f38a2493e3ddd6e`
SHA256	`cdae5fcc97f90ed880cf1a88468b153b31501b7dc2e0284973f4fdec8ffe57db`
SHA3	`d29357d0b3e7a7633e04c4f7ddef110488e6a793ca437e934cf32f557e1f1897`
VirtualSize	`0x21fb2`
VirtualAddress	`0x1000`
SizeOfRawData	`0x22000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.85665`

.rdata

MD5	`3a162272f4d3a4301018736b9a9a37b3`
SHA1	`58d6ab684e596a1fded00038f9cdea614504f4b3`
SHA256	`961cad0de65162a792d8024f919ab7fd1a316f94af0338cf2cdb796496948aa0`
SHA3	`c9490249881793d3d7461c4e856c33b5b299148e4c4506e0ea348f1aebf8fec5`
VirtualSize	`0x3966`
VirtualAddress	`0x23000`
SizeOfRawData	`0x3a00`
PointerToRawData	`0x22400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.98293`

.data

MD5	`a4f441cc3e58dcb1e38832a5a1435e6c`
SHA1	`c320918f349fff890d13e85327fef658af0ef99f`
SHA256	`2cc1949d6a6c9e4827ff4df5b8fda72a5bd5a5d4f183ae3754c64b333f7e5436`
SHA3	`031ef006455d1f53a012eb9e36c358adfa59218937a65492b82e078b87c708cf`
VirtualSize	`0x1de8`
VirtualAddress	`0x27000`
SizeOfRawData	`0x600`
PointerToRawData	`0x25e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.92814`

.pdata

MD5	`766d2f9f2f9c91d607d840f40bf84376`
SHA1	`d3ccdda0201011bad8685c33ff00052f63d8afb5`
SHA256	`e0285c0ceb7351844b189fbc8fc71b6a111038c5243f0db8780791fb342bac93`
SHA3	`5ff6f3199263fae1de1d3f7406010aa9e73f2a7c4a5f1eee16d71196c3fbcba6`
VirtualSize	`0x153c`
VirtualAddress	`0x29000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x26400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.14425`

.rsrc

MD5	`8ec89d4b60516043011e1465be9419d1`
SHA1	`ab7001811df4b08ff4fa926a9a984adf8f690f73`
SHA256	`045735a0f679ae2c3b935c0ffb0dcd77928cdde1a437492a8463aa6836080f80`
SHA3	`66551a13c9a6c686c1325b8e6bfe357427a5c3bbb00a36a8dda9c57fc9ff36ba`
VirtualSize	`0x1e0`
VirtualAddress	`0x2b000`
SizeOfRawData	`0x200`
PointerToRawData	`0x27a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.71768`

.reloc

MD5	`e559b0c6d4f2dcf358a4c1e4d4670d29`
SHA1	`3ded070e12791f65bb59fedad10f8d76010207cb`
SHA256	`ba85defec12039504877dbfdcf8a8dec9ff998e56d5e4f58da974ad1580127d9`
SHA3	`cb7aab29ef1b656c6c1a738a5cb93bf1df36f73220829adebce7aa09d4a13b47`
VirtualSize	`0x54`
VirtualAddress	`0x2c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x27c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.19302`

Imports

ADVAPI32.dll	`RegCreateKeyExW` `RegSetValueExW` `RegCloseKey`
KERNEL32.dll	`lstrlenW` `MultiByteToWideChar` `WideCharToMultiByte` `InitializeCriticalSection` `FreeLibrary` `GetProcAddress` `LeaveCriticalSection` `EnterCriticalSection` `GetModuleHandleA` `Sleep` `LocalFree` `GetModuleHandleW` `SetLastError` `LoadLibraryExW` `GetLastError` `CreateProcessW` `LocalAlloc` `CreateProcessA` `GetSystemDirectoryW` `GetFullPathNameW` `VerifyVersionInfoW` `VerSetConditionMask` `GetModuleFileNameW` `CloseHandle` `CreateFileW` `lstrcmpA` `OutputDebugStringW` `IsDebuggerPresent` `InitializeSListHead` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `GetCurrentProcessId` `QueryPerformanceCounter` `IsProcessorFeaturePresent` `TerminateProcess` `GetCurrentProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `GetStartupInfoW`
MSVCP140.dll	`?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ` `?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ` `?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ` `_Mbrtowc` `?uncaught_exceptions@std@@YAHXZ` `?_Xout_of_range@std@@YAXPEBD@Z` `?_Xlength_error@std@@YAXPEBD@Z` `?_Xbad_alloc@std@@YAXXZ` `?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z`
VCRUNTIME140.dll	`__current_exception_context` `__std_exception_destroy` `memmove` `_CxxThrowException` `__current_exception` `__std_type_info_destroy_list` `__C_specific_handler` `memset` `__std_exception_copy` `memcpy` `memcmp` `memchr` `__std_terminate`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
api-ms-win-crt-runtime-l1-1-0.dll	`exit` `_exit` `_initterm_e` `__p___argc` `__p___argv` `_set_app_type` `_c_exit` `_initterm` `_configure_narrow_argv` `_seh_filter_exe` `_get_initial_narrow_environment` `_seh_filter_dll` `_initialize_onexit_table` `_register_onexit_function` `_execute_onexit_table` `_crt_atexit` `_crt_at_quick_exit` `terminate` `_register_thread_local_exe_atexit_callback` `_cexit` `_initialize_narrow_environment` `_invalid_parameter_noinfo_noreturn`
api-ms-win-crt-heap-l1-1-0.dll	`_callnewh` `_set_new_mode` `free` `calloc` `malloc`
api-ms-win-crt-convert-l1-1-0.dll	`atoi`
api-ms-win-crt-stdio-l1-1-0.dll	`__p__commode` `_set_fmode` `__stdio_common_vfprintf` `__stdio_common_vsprintf` `__stdio_common_vsscanf` `__acrt_iob_func`
api-ms-win-crt-string-l1-1-0.dll	`wcstok` `strncmp` `tolower` `toupper` `isspace` `isalpha` `_wcsnicmp` `_stricmp` `strncpy`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2022-Jun-24 11:28:19
Version	`0.0`
SizeofData	`113`
AddressOfRawData	`0x23f28`
PointerToRawData	`0x23328`
Referenced File	C:\code\app-player\out\winnt\x64\Release\hd\Source\Tool\ForceGPU\Release\HD-ForceGPU.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2022-Jun-24 11:28:19
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x23f9c`
PointerToRawData	`0x2339c`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2022-Jun-24 11:28:19
Version	`0.0`
SizeofData	`808`
AddressOfRawData	`0x23fb0`
PointerToRawData	`0x233b0`

TLS Callbacks

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140027468`

RICH Header

XOR Key	`0xa355e79b`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`14`
C++ objects (30034)	`25`
C objects (30034)	`10`
ASM objects (30034)	`4`
Imports (30034)	`6`
Imports (27412)	`5`
Total imports	`121`
C objects (VS2008 SP1 build 30729)	`1`
C++ objects (VS2008 SP1 build 30729)	`1`
C++ objects (VS2019 Update 11 (16.11.0-3) compiler 30133)	`4`
Resource objects (VS2019 Update 11 (16.11.0-3) compiler 30133)	`1`
Linker (VS2019 Update 11 (16.11.0-3) compiler 30133)	`1`

f465d0b5496f3a49ef4c4d6c99700704

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors