Manalyze report for f6fa1293a6823f3e6994e40280580bc0a38d29b141b21b28279c80c26f8fabcc

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-May-30 18:10:33
TLS Callbacks	1 callback(s) detected.
Debug artifacts	RustynnelPE.pdb

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: exploit` `Contains domain names: https://docs.rs openssl.org`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to RC5 or RC6`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Uses Windows's Native API: NtReadFile NtCreateFile NtDeviceIoControlFile NtCancelIoFileEx NtWriteFile` `Leverages the raw socket API to access the Internet: connect send recv WSAIoctl ioctlsocket getsockname freeaddrinfo getaddrinfo WSASocketW WSACleanup WSAStartup closesocket sendto recvfrom bind WSAGetLastError`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`5453c72a0c21c7fbef0151978ad693cd`
SHA1	`5fa2991f4e5ca0b640359a84bc4e58119230a2fa`
SHA256	`f6fa1293a6823f3e6994e40280580bc0a38d29b141b21b28279c80c26f8fabcc`
SHA3	`102effd372fb22ff97907c1a915cf31f08d6c67c7870961958d8e910e0e11234`
SSDeep	`49152:CLp+LJ2svCepGEST1mDAav/+OD1o9sIkGULMgsB3Y69qL/QIL5l8Pkm5zSXXQ7D:COKNbz3Py7qwW2MJKw+xDbc`
Imports Hash	`9fe76418056e4345f305f70795cbe704`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`5`
TimeDateStamp	2026-May-30 18:10:33
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x396200`
SizeOfInitializedData	`0x18cc00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000373A3C (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x527000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`fb3f43102b0b653d799f1b76e7092bff`
SHA1	`b163f9872eff7bfbfba070701af450c9258c6f75`
SHA256	`87bace31b8009a10db6a682d5e46a9ad45118f732328ca9f28fca312fab4ad08`
SHA3	`4f7f8c34da9f5c09f945dfd8a678b5aa38d80d23c6fcfd154d29d4c63e7f33e4`
VirtualSize	`0x39602d`
VirtualAddress	`0x1000`
SizeOfRawData	`0x396200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.29473`

.rdata

MD5	`c9c04b28455ed210ffcf723c9104e368`
SHA1	`b114cfddc735ea72dba9bb11a4465fec5f6a249c`
SHA256	`907edb54fbb9ac4e96010c525499f81d828a02c6e0252187a21a19f034a995aa`
SHA3	`b2e43ca67d2f08e34f5e1589dab6fb4ebb9e432cf11350013072ff9bdd20cd31`
VirtualSize	`0x164d34`
VirtualAddress	`0x398000`
SizeOfRawData	`0x164e00`
PointerToRawData	`0x396600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.07658`

.data

MD5	`f26ea69d26539da0986e9f3456e8f15a`
SHA1	`80532ce28ee2aaec0c0bf3106fa6385f0e13d669`
SHA256	`e0e4338d1cb77e99e297cf211a0e66773fd6fe005d81076757d62a8a47697289`
SHA3	`4533db2eb43c79dbb1d8cffeff489f520adb05b62dc0b105f337f1a57c4b3f3a`
VirtualSize	`0x4650`
VirtualAddress	`0x4fd000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0x4fb400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.2249`

.pdata

MD5	`2cbb3b2837737ebfe75e6b828ebd1191`
SHA1	`0b86c758e4149f2ae8108330408591dc336e39a3`
SHA256	`87719a390dfad79fe92336075f73083bd26e95b03e88fccb13890ca6aac432eb`
SHA3	`1574ae7f061143b5ed4ee03c76dc72cda24e202ae4b7bca1fd91a4da4e92cfd5`
VirtualSize	`0x210fc`
VirtualAddress	`0x502000`
SizeOfRawData	`0x21200`
PointerToRawData	`0x4fd200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.4021`

.reloc

MD5	`db08558ae77aa27ddaa353e086a820ec`
SHA1	`587aeb8a94f19da88714db7506d1912e868af9c2`
SHA256	`a1ada9b2d61e5d8d7f3d7405af82fd736d00db8807fd650a7ea00bd095b44835`
SHA3	`38e18592be4663f1a214f1c3eff821a7e7ae397ce06cdd3f5434d0462efa9672`
VirtualSize	`0x23b4`
VirtualAddress	`0x524000`
SizeOfRawData	`0x2400`
PointerToRawData	`0x51e400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.45485`

Imports

bcryptprimitives.dll	`ProcessPrng`
kernel32.dll	`CreateWaitableTimerExW` `GetConsoleMode` `GetStdHandle` `FindFirstFileExW` `FindClose` `GetQueuedCompletionStatusEx` `Sleep` `SetLastError` `GetProcAddress` `SwitchToThread` `GetModuleHandleA` `FindNextFileW` `CreateSymbolicLinkW` `SetWaitableTimer` `WaitForSingleObject` `ExitProcess` `DeleteFileW` `SetHandleInformation` `TerminateProcess` `GetCurrentThread` `ReadConsoleW` `GetFileInformationByHandleEx` `GetFileInformationByHandle` `SetFileInformationByHandle` `SetFileTime` `PostQueuedCompletionStatus` `CreateFileW` `GetFullPathNameW` `CreateDirectoryW` `WriteConsoleW` `CloseHandle` `GetConsoleOutputCP` `ReleaseMutex` `CreateMutexA` `GetCurrentProcessId` `GetCurrentProcess` `WaitForSingleObjectEx` `GetCurrentThreadId` `GetFinalPathNameByHandleW` `SetFileCompletionNotificationModes` `CreateIoCompletionPort` `CreateThread` `GetLastError` `IsProcessorFeaturePresent` `SetThreadStackGuarantee`
api-ms-win-core-synch-l1-2-0.dll	`WakeByAddressSingle` `WakeByAddressAll` `WaitOnAddress`
ws2_32.dll	`connect` `send` `recv` `WSAIoctl` `ioctlsocket` `getsockname` `freeaddrinfo` `getaddrinfo` `WSASocketW` `WSACleanup` `WSAStartup` `closesocket` `sendto` `recvfrom` `bind` `WSAGetLastError`
ntdll.dll	`NtReadFile` `NtCreateFile` `NtDeviceIoControlFile` `RtlNtStatusToDosError` `NtCancelIoFileEx` `NtWriteFile`
bcrypt.dll	`BCryptGenRandom`
ADVAPI32.dll	`SystemFunction036`
KERNEL32.dll	`GetSystemTimeAsFileTime` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `GetSystemInfo` `FormatMessageW` `GetModuleHandleW` `GetEnvironmentVariableW` `HeapAlloc` `MultiByteToWideChar` `RtlVirtualUnwind` `lstrlenW` `LoadLibraryA` `InitializeSListHead` `RtlCaptureContext` `GetCurrentDirectoryW` `AddVectoredExceptionHandler` `QueryPerformanceFrequency` `WideCharToMultiByte` `GetModuleFileNameW` `GetCommandLineW` `HeapReAlloc` `GetSystemTimePreciseAsFileTime` `IsDebuggerPresent` `HeapFree` `GetProcessHeap` `RtlLookupFunctionEntry` `QueryPerformanceCounter`
VCRUNTIME140.dll	`__current_exception` `memcpy` `__CxxFrameHandler3` `memmove` `memset` `memcmp` `_CxxThrowException` `__C_specific_handler` `__current_exception_context`
api-ms-win-crt-math-l1-1-0.dll	`floorf` `__setusermatherr` `pow` `cosf` `sinf`
api-ms-win-crt-string-l1-1-0.dll	`strlen`
api-ms-win-crt-heap-l1-1-0.dll	`malloc` `free` `_set_new_mode`
api-ms-win-crt-runtime-l1-1-0.dll	`_c_exit` `_initterm_e` `exit` `_exit` `_initialize_narrow_environment` `_seh_filter_exe` `_initialize_onexit_table` `_get_initial_narrow_environment` `__p___argc` `__p___argv` `terminate` `_set_app_type` `_crt_atexit` `_cexit` `_wassert` `_register_thread_local_exe_atexit_callback` `_initterm` `_register_onexit_function` `_configure_narrow_argv`
api-ms-win-crt-stdio-l1-1-0.dll	`_set_fmode` `__p__commode`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-May-30 18:10:33
Version	`0.0`
SizeofData	`40`
AddressOfRawData	`0x480808`
PointerToRawData	`0x47ee08`
Referenced File	RustynnelPE.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-May-30 18:10:33
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x480830`
PointerToRawData	`0x47ee30`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-May-30 18:10:33
Version	`0.0`
SizeofData	`816`
AddressOfRawData	`0x480844`
PointerToRawData	`0x47ee44`

TLS Callbacks

StartAddressOfRawData	`0x140480b98`
EndAddressOfRawData	`0x140480de0`
AddressOfIndex	`0x140501040`
AddressOfCallbacks	`0x140398550`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`0x00000001402B19A0`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1404feb80`

RICH Header

XOR Key	`0x225b947e`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`12`
Imports (35207)	`2`
ASM objects (35207)	`4`
C objects (35207)	`10`
C++ objects (35207)	`24`
Imports (33145)	`7`
Total imports	`146`
C objects (35219)	`53`
Unmarked objects (#2)	`25`
Linker (35219)	`1`

Errors

Leave a comment

No comments yet.