Manalyze report for f73fe6cd9cd6a50039d3d2e6d353fcb6

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Feb-03 23:58:29

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: backdoor` `Contains domain names: android.jclass.net jclass.net platforms.android.jclass.net webview.platforms.android.jclass.net`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: GetTempPathW CreateFileW` `Functions related to the privilege level: OpenProcessToken` `Enumerates local disk drives: GetDriveTypeW`
Suspicious	The file contains overlay data.	`12086989 bytes of data starting at offset 0x84000.` `The overlay data has an entropy of 7.99925 and is possibly compressed or encrypted.` `Overlay data amounts for 95.7184% of the executable.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`f73fe6cd9cd6a50039d3d2e6d353fcb6`
SHA1	`d8e1b35090745dc7a4c5a640b44f88f2afdc98cd`
SHA256	`5d7d1c8a7aa412f30846442d5b95d3457bc98db0b63de8ec270d24b50b70c7bf`
SHA3	`dbfa9b1e41e6a97b42ed0ac08bb4b3e7e0ebf293fe3d14a909947b82e175206b`
SSDeep	`196608:SzL0r+U1pzhOFPM+5GeY5wKHBrFB2dhY1oGr6d0drP/HQ/hST:Sz2+gpzU++oesbgTwoGrK0tX0ST`
Imports Hash	`dcaf48c1f10b0efa0a4472200f3850ed`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2026-Feb-03 23:58:29
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x2c600`
SizeOfInitializedData	`0x57600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000000DFA0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x8d000`
SizeOfHeaders	`0x400`
Checksum	`0xc0dcd5`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x1e8480`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`fe1a4732883ce431166d66ecb765b28e`
SHA1	`2110e916aac8ceca0aff8fac71279a4404d1204b`
SHA256	`bf1ad991c2350ab9408ca71f2c82d95b410b3b5a8c323514ea841adcf9478194`
SHA3	`685b4b9bb824ff236223b93263bf11304f1f36249fbd6f937dca11891c9386a1`
VirtualSize	`0x2c470`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2c600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.46276`

.rdata

MD5	`196ad065dd82516ae9b1722ecc146aa3`
SHA1	`0a7e160b2b9b0f3f65628a13b359d472a9f720f7`
SHA256	`58f18370a9fe1d98010901524e89491e18b459f4860e7d410b8b15d22f4f4710`
SHA3	`60d4889c84a85acf5c3fee7b119bf680f57aba4ef679b56827b93126d8dd52df`
VirtualSize	`0x13b78`
VirtualAddress	`0x2e000`
SizeOfRawData	`0x13c00`
PointerToRawData	`0x2ca00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.75512`

.data

MD5	`480ab7be9be730afcebb349cd1d2328a`
SHA1	`ded45b1e3b731c13795e36c5d7e8f3dac03f9634`
SHA256	`5bf16564eab136ff8a49b29867918b49a778978cd4c5acf2fb5ccdd19340831c`
SHA3	`665776fd9e8a604af79a90d67204a109fae9ce0d6a01405a4d85231867f7a494`
VirtualSize	`0x50b0`
VirtualAddress	`0x42000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x40600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.8161`

.pdata

MD5	`181207c9744a54a87a1d6cff3cfa9919`
SHA1	`a670345ff2911f8f6763c1973ac4c5fd29f132a9`
SHA256	`52b9b4d42f0b332e55608f6bf5446fcb11f6f9fc4e3267b5b0e64d86b6d099f8`
SHA3	`ee1eb803cb2d9711d7b3affe83928dd572cd4d05c8211457c0f274200abc1623`
VirtualSize	`0x2424`
VirtualAddress	`0x48000`
SizeOfRawData	`0x2600`
PointerToRawData	`0x41400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.31997`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x100`
VirtualAddress	`0x4b000`
SizeOfRawData	`0x200`
PointerToRawData	`0x43a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`2fed6527b4d5d6d26bc1a3d814cb03d6`
SHA1	`db77182a501bd1f42c9abed728d8405c36f8fd84`
SHA256	`ffead2be4dd8d3304fb040080036ef80fc4245fe05feb307d78b3e7e9ce519ae`
SHA3	`15ba00fa55bd0296e890e0e0b1be78cf39f288f34db06faea96aba562f7ebcf3`
VirtualSize	`0x3fb68`
VirtualAddress	`0x4c000`
SizeOfRawData	`0x3fc00`
PointerToRawData	`0x43c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.98612`

.reloc

MD5	`2b6e08476851652d83b5fd30f90f9ad7`
SHA1	`b61504ed73820ed543f7df51e5227d17e517badb`
SHA256	`c80cd8828e3293d84bf4a1764b2d6611ca75492eef2fbf318645b9dbe3731db6`
SHA3	`403fee35fd8e088c0269d849358d33217081fa4c577a1530a25d0911ed5bcf3e`
VirtualSize	`0x774`
VirtualAddress	`0x8c000`
SizeOfRawData	`0x800`
PointerToRawData	`0x83800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.26439`

Imports

USER32.dll	`CreateWindowExW` `ShutdownBlockReasonCreate` `MsgWaitForMultipleObjects` `ShowWindow` `DestroyWindow` `RegisterClassW` `DefWindowProcW` `PeekMessageW` `DispatchMessageW` `TranslateMessage` `PostMessageW` `GetMessageW` `MessageBoxW` `MessageBoxA` `SystemParametersInfoW` `DestroyIcon` `SetWindowLongPtrW` `GetWindowLongPtrW` `GetClientRect` `InvalidateRect` `ReleaseDC` `GetDC` `DrawTextW` `GetDialogBaseUnits` `EndDialog` `DialogBoxIndirectParamW` `MoveWindow` `SendMessageW`
COMCTL32.dll	`#380`
KERNEL32.dll	`GetACP` `IsValidCodePage` `GetStringTypeW` `GetFileAttributesExW` `SetEnvironmentVariableW` `FlushFileBuffers` `LCMapStringW` `CompareStringW` `VirtualProtect` `InitializeCriticalSectionEx` `GetOEMCP` `GetCPInfo` `GetLastError` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `GetModuleHandleW` `MulDiv` `FormatMessageW` `GetModuleFileNameW` `SetDllDirectoryW` `GetEnvironmentStringsW` `SetErrorMode` `CreateDirectoryW` `GetCommandLineW` `GetEnvironmentVariableW` `ExpandEnvironmentStringsW` `DeleteFileW` `FindClose` `FindFirstFileW` `FindNextFileW` `GetDriveTypeW` `RemoveDirectoryW` `GetTempPathW` `CloseHandle` `QueryPerformanceCounter` `QueryPerformanceFrequency` `WaitForSingleObject` `Sleep` `GetCurrentProcess` `TerminateProcess` `GetExitCodeProcess` `CreateProcessW` `GetStartupInfoW` `LocalFree` `SetConsoleCtrlHandler` `K32EnumProcessModules` `K32GetModuleFileNameExW` `CreateFileW` `FindFirstFileExW` `GetFinalPathNameByHandleW` `MultiByteToWideChar` `WideCharToMultiByte` `FlsFree` `FreeEnvironmentStringsW` `GetProcessHeap` `GetTimeZoneInformation` `HeapSize` `HeapReAlloc` `WriteConsoleW` `SetEndOfFile` `CreateSymbolicLinkW` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsProcessorFeaturePresent` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `RtlUnwindEx` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `EncodePointer` `RaiseException` `RtlPcToFileHeader` `GetCommandLineA` `GetFileInformationByHandle` `GetFileType` `PeekNamedPipe` `SystemTimeToTzSpecificLocalTime` `FileTimeToSystemTime` `ReadFile` `GetFullPathNameW` `SetStdHandle` `GetStdHandle` `WriteFile` `ExitProcess` `GetModuleHandleExW` `HeapFree` `GetConsoleMode` `ReadConsoleW` `SetFilePointerEx` `GetConsoleOutputCP` `GetFileSizeEx` `HeapAlloc` `GetCurrentDirectoryW` `FlsAlloc` `FlsGetValue` `FlsSetValue`
ADVAPI32.dll	`OpenProcessToken` `GetTokenInformation` `ConvertStringSecurityDescriptorToSecurityDescriptorW` `ConvertSidToStringSidW`
GDI32.dll	`SelectObject` `DeleteObject` `CreateFontIndirectW`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.68371`
MD5	`0ba5ffbb4ccb7ee4a659b886e739deaf`
SHA1	`352ee51256cbec87a7a53710a5812e18507079dd`
SHA256	`79524a84317932512fdf9d082685628be251b8a38c6f7f13f22070e94cabcebb`
SHA3	`8b6decdffeb7646d20b5e448055d6368d1d8c5900eb0f64c42f3916d0c572b8d`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.76402`
MD5	`f4f6b062443f91ef839fc9b469b7d679`
SHA1	`0ab474c779a2dbf72c47731b4cb689d08a8fe0c3`
SHA256	`2b067740e0bf85d663bee753d3b370c36de5dc210e6cabca8fa3fcdb33e95667`
SHA3	`38b66247ea62e25e162943b162ce109c52b5fb1bc4f095f6cd68924f11b03b7a`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.59774`
MD5	`ad559aa1cefe984b5a102ccaa4b64107`
SHA1	`8f3d04f11bf45a6a6c20495bf591d74fe2c4cee5`
SHA256	`0e5d8c4469fb8c84b6941f6774e87c678d168832a21d0d6d38a8e7cd01f1e337`
SHA3	`c753bc22e7cc52ad6f8df8040adb8f5f1df684a634873e23842d293204615c42`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.33227`
MD5	`247c90d832a5fd38f900b444acf89505`
SHA1	`31339dbb35735cdc1a71272860f8a94feb80c17a`
SHA256	`f1fc6d43408f3bfabe3db3fb866ac4d5b7beffe40b41de0d5a6a828e0e613a1b`
SHA3	`48f9d8c9052cb11515d03328b3e7f150cff3db28a7fa14a194fc548aa4d19f70`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.20241`
MD5	`26030abaf195a68684ceafa9bbae83e3`
SHA1	`b71912f820e53891e0e58bdd920e0ee7740c7c41`
SHA256	`cd84613e7cc09dfb3a4fd7c9cd83802c7ff4ded07814dba6b17d59df340d1cfc`
SHA3	`69e329c31a3710fc3620d16fbda3f9cdbde35f695de116de79d593762f9bb97e`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x5488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.083`
MD5	`73f8c9910c40a0480da7a81c4b281114`
SHA1	`35a01096ab76aa2b879e31f333c99fd2888f3a45`
SHA256	`7452b5015e21ee0d2e6a43d80502d7e4aa7c28b4cabb8c2a74c06dcab804190a`
SHA3	`c3c8b6131d5773c7fc4d19a0c0a840f131ed2ab7459271d69cd20ba119e27c6c`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.97907`
MD5	`bdddcee0c27e0e9a9157a858459d13d6`
SHA1	`61d37f89fc9124613f1903bab61be9afd67ab1a6`
SHA256	`58973db566cd9e4550c840253ff12d0e33d8fbca5159cfeb006417543a7217e1`
SHA3	`ee662c3560f4dd64a49661e439fe32ee61e16362ba5139f639e25a8addd3dc64`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.87202`
MD5	`8ea8c997c8e63221b48c829865ce8b1e`
SHA1	`ab6684d62ad17668f4600c516c1c23fc6af03a42`
SHA256	`520abb21bd27c7e5880396a5a70cd88b234b21e0f9a60904bf1a0eeda5e58a96`
SHA3	`c4eea6b726ad5bfd374263ac202bb642db440a1557c4127a6c87579b331bae9f`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x17bac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99101`
Detected Filetype	PNG graphic file
MD5	`e7432895d4198fda50f9214cf430af14`
SHA1	`33e198c82d8576cd347c292c1815b99dd38e79e2`
SHA256	`cc645fca420565e2c37f4dc34c9a582dcedbf95c6434007c31dd812417d50ad2`
SHA3	`897a49e08758d6d78f8d8ba7d2f5ca08f6be49c9aad61e464a349fa76c0dbb62`

1 (#2)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.05309`
Detected Filetype	Icon file
MD5	`f0947f673ec19785d12a8a3e455cbe02`
SHA1	`8846b9f22f5c3c3b9a3b18d3294916e0fb52013a`
SHA256	`ec14047f805093cbb4ea744f3d8ed5eb31729984006fa3efe01a81e2e79d7c71`
SHA3	`2741c2c00ff2cd133cb418fc4f8a12678d3d70803996aad70bd761969f5b357f`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x50d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.25791`
MD5	`84da8dee6b319ea0b10b6de5489c6aae`
SHA1	`5f8991f3e065fd95614859a293f88b9c70e4bb23`
SHA256	`abf8f2022f12f350789d961aceaf9ccfd53e7ec58d8c9934cfce77779b4eac11`
SHA3	`08f0562915b54bedce5a84e9d32cb2efcc538268785103b1852338e20a3b4606`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Feb-03 23:58:29
Version	`0.0`
SizeofData	`816`
AddressOfRawData	`0x3e178`
PointerToRawData	`0x3cb78`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140042040`
GuardCFCheckFunctionPointer	`5368898744`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x8ea371bd`
Unmarked objects	`0`
C++ objects (33145)	`183`
C objects (33145)	`12`
ASM objects (33145)	`11`
253 (35207)	`3`
ASM objects (35207)	`9`
C objects (35207)	`17`
C++ objects (35207)	`40`
Imports (33145)	`11`
Total imports	`159`
C objects (35222)	`27`
Linker (35222)	`1`

f73fe6cd9cd6a50039d3d2e6d353fcb6

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.fptable

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

7

8

9

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors