Manalyze report for f784b4b85b627c7ea541bd2a90c9fc6e9736a0731707c31265aa86fe684dc2df

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2023-Sep-04 12:13:32
Detected languages	English - United States German - Germany
CompanyName	Online-Fix.Me
FileDescription	Steam Overlay Loader
FileVersion	`1.0.0.1`
LegalCopyright	Copyright (C) 2019-2023, 0xdeadc0de
ProductVersion	`1.0.0.1`

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress` `Can access the registry: RegOpenKeyExW RegQueryValueExW RegCloseKey`
Malicious	VirusTotal score: 4/72 (Scanned on 2026-04-03 20:16:48)	`APEX: Malicious` `Gridinsoft: Risk.Win64.GameHack.bot` `Malwarebytes: RiskWare.GameHack` `Webroot: W32.Malware.Gen`

Hashes

MD5	`0a5429b888c75f6525e1100e32dd2b69`
SHA1	`8ae224580aa0838a7b1570c79d4d8f27a1b46d19`
SHA256	`f784b4b85b627c7ea541bd2a90c9fc6e9736a0731707c31265aa86fe684dc2df`
SHA3	`a1a03542867aa6366342170fd53b95850eb093b71ef71b960b0e0ebc79d94ae7`
SSDeep	`1536:h1iaPnCtV4+1/IGiaA7bSMhP3rOy843NxnpWJtRsWkd09dl38s6BtcBRXh4:h1iaPn5+uGi/7bpxaX43Ni3aMLJB1h`
Imports Hash	`fd9c9736fbc202d1a20e83d97ea0979b`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2023-Sep-04 12:13:32
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xfa00`
SizeOfInitializedData	`0xde00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000002DF8 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x22000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e54eebb77d0fc34eaebb84349e67194e`
SHA1	`0727ec44ef75af6a1ea131a0333d7011676d127c`
SHA256	`34d9768a780144152efb3b836ad342a638e13c99ab71b4db1191d788b59b4c8d`
SHA3	`272ab3d4023a1be45727ee70a4ea7d86f9bf6667157fe3b4e86b74bd301291a6`
VirtualSize	`0xfa00`
VirtualAddress	`0x1000`
SizeOfRawData	`0xfa00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.44042`

.rdata

MD5	`4075b5c0b515fff91fd8a7202499f5ac`
SHA1	`34fd4e0ac18353c0ec70956f070a595a769cb8c8`
SHA256	`9e1e46890a0008ccd8230c09c5c30662d1c7ee28bf188fb9d77bec446a32fca0`
SHA3	`d6428ee66d49dfdce5dbab563e0c0cf32050ed516c6f598d5a38d0b3f67e0921`
VirtualSize	`0x9d6e`
VirtualAddress	`0x11000`
SizeOfRawData	`0x9e00`
PointerToRawData	`0xfe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.67669`

.data

MD5	`8458fd66bde298b076d742fe48113e79`
SHA1	`a9be4f60f91bc0c7430fed34a009144d4dab1a91`
SHA256	`4ed6cfc937f1f27719c962821086cf8e465ef35383d3eb67ccc4559b0e0343b5`
SHA3	`081ccb95a75a580120730559ad34149e7899d73d501bf3271aec726e6a740d0b`
VirtualSize	`0x1cd8`
VirtualAddress	`0x1b000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x19c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.18889`

.pdata

MD5	`78049985e3011348fa15d92f2fb7c433`
SHA1	`29c29b4f3446e906b2da64759841e4231e1ec836`
SHA256	`f9ea42708c12a3cb385111ec647d00d35adbb866bcbf7e40d4b7bf40a3f7c81b`
SHA3	`9c88d402cf5d78f7ab433a11e8800f44661e1720f8a0656a6829f30ba9f7fdfb`
VirtualSize	`0x1350`
VirtualAddress	`0x1d000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x1a800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.72103`

_RDATA

MD5	`a1e2a5c99f85b171ca19668874a9e867`
SHA1	`15541cb7a5aadb2e34e5909c083f42b2a39b124b`
SHA256	`69fc580b76cbb5d338026c795aec4bce1cb2f30f8ffe6386d78fcd52e2861764`
SHA3	`c4bdd875eb6ba908f027f72e5f579b9fc8b930a12102ee59a888f09a0dd30c27`
VirtualSize	`0x15c`
VirtualAddress	`0x1f000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1bc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.79799`

.rsrc

MD5	`a44d6d4da2079dc4ec3d3f2284fe48a8`
SHA1	`bbbd5fd2ca8d346625944166e8bae1223c4886ee`
SHA256	`450fa28e0ff6f049fa41e7bd24059fee08a7b2ae56969bd5fecf432577c19208`
SHA3	`c867af3487836a119d5951d3a4fb8594a6ed82d69f455de8dfb394b7dd9d21b3`
VirtualSize	`0x2a0`
VirtualAddress	`0x20000`
SizeOfRawData	`0x400`
PointerToRawData	`0x1be00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.2664`

.reloc

MD5	`337ab482a17d16806dbeaab7e69dc2c4`
SHA1	`f2e8641d05e2da06e291027dd8fea923ee1de158`
SHA256	`f27b8831288e70aed2b6d76c7a0e7efbf92cd417dc07e06bae145d657d508050`
SHA3	`883954b92380ad3332a8448d15c1ff90e64eb0ca5109a6a982f829157dd4d12e`
VirtualSize	`0x678`
VirtualAddress	`0x21000`
SizeOfRawData	`0x800`
PointerToRawData	`0x1c200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.93709`

Imports

KERNEL32.dll	`CreateFileW` `LoadLibraryExW` `ExitProcess` `CloseHandle` `WriteConsoleW` `GetLastError` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `GetStartupInfoW` `GetModuleHandleW` `RtlUnwindEx` `RtlPcToFileHeader` `RaiseException` `InterlockedFlushSList` `SetLastError` `EncodePointer` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `GetModuleHandleExW` `GetModuleFileNameW` `HeapFree` `HeapAlloc` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `LCMapStringW` `GetProcessHeap` `GetStdHandle` `GetFileType` `GetStringTypeW` `HeapSize` `HeapReAlloc` `SetStdHandle` `FlushFileBuffers` `WriteFile` `GetConsoleOutputCP` `GetConsoleMode` `SetFilePointerEx`
USER32.dll	`MessageBoxW`
ADVAPI32.dll	`RegOpenKeyExW` `RegQueryValueExW` `RegCloseKey`

Delayed Imports

OnlineFix

Ordinal	`1`
Address	`0x1650`

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x23c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.37204`
MD5	`f1460356fe8c905570b8e4038cc93ab7`
SHA1	`a01843c76f06ba8d0fe5b03dad59a9d43e33099a`
SHA256	`aecac240afb6b0cbba5c3ad28b6643d78766261566857b2ccdb9b7000482693e`
SHA3	`d393fdf1204fd884f88eaeb7c7dcf22ada55cf88725fb1fdedf3ad9411abdbc6`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.1
ProductVersion	1.0.0.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	German - Germany
CompanyName	Online-Fix.Me
FileDescription	Steam Overlay Loader
FileVersion (#2)	1.0.0.1
LegalCopyright	Copyright (C) 2019-2023, 0xdeadc0de
ProductVersion (#2)	1.0.0.1

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2023-Sep-04 12:13:32
Version	`0.0`
SizeofData	`752`
AddressOfRawData	`0x18fec`
PointerToRawData	`0x17dec`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2023-Sep-04 12:13:32
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x18001b008`

RICH Header

XOR Key	`0xc02eccb1`
Unmarked objects	`0`
C objects (27412)	`11`
ASM objects (27412)	`5`
C++ objects (27412)	`133`
C objects (VS 2015-2022 runtime 32533)	`15`
ASM objects (VS 2015-2022 runtime 32533)	`9`
C++ objects (VS 2015-2022 runtime 32533)	`34`
Imports (27412)	`7`
Total imports	`88`
C++ objects (LTCG) (VS2022 Update 7 (17.7.0-3) compiler 32822)	`1`
Exports (VS2022 Update 7 (17.7.0-3) compiler 32822)	`1`
Resource objects (VS2022 Update 7 (17.7.0-3) compiler 32822)	`1`
Linker (VS2022 Update 7 (17.7.0-3) compiler 32822)	`1`

Errors

Leave a comment

No comments yet.