Manalyze report for f82bf0042bcf499a769a5f11759ca389

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Feb-05 14:12:47

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig2(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: exploit`
Malicious	The PE contains functions mostly used by malware.	`Uses functions commonly found in keyloggers: CallNextHookEx MapVirtualKeyA GetAsyncKeyState` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc`
Info	The PE is digitally signed.	`Signer: Guangzhou Kingteller Technology Co.` `Issuer: VeriSign Class 3 Code Signing 2010 CA`
Malicious	VirusTotal score: 9/63 (Scanned on 2026-02-06 10:00:22)	`Bkav: W64.AIDetectMalware` `Cylance: Unsafe` `ESET-NOD32: Win64/GenKryptik_AGen.CBW trojan` `Elastic: malicious (moderate confidence)` `GData: Win64.Trojan.Agent.KBA0V5` `McAfeeD: ti!EE42F0CFED07` `Microsoft: PUA:Win32/ClickAthlete` `Sophos: Generic Reputation PUA (PUA)` `TrellixENS: Artemis!F82BF0042BCF`

Hashes

MD5	`f82bf0042bcf499a769a5f11759ca389`
SHA1	`b90c3a66a28d079fcdd0b55ffa5898b57abbefea`
SHA256	`ee42f0cfed07689d03d53bbb07a7d1736d073351e2913c89972dd5f4446ce364`
SHA3	`85d96000d93e53b88bc9e7550d3681b320289a64d49c9eda4aed22e732aed8b2`
SSDeep	`24576:Z7+YbzdnYbUfvIB/sLwByYqxDrBOVQxevz/q43UV+uC:Z7+YbzdYbUIULwByvrwVQxevz/X`
Imports Hash	`82640004fe04226af85d82b33a46a590`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`5`
TimeDateStamp	2026-Feb-05 14:12:47
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xf9400`
SizeOfInitializedData	`0x53a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000C4610 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x151000`
SizeOfHeaders	`0x400`
Checksum	`0x14136f`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`4c669bfb265b36eafd59aa1294689d9e`
SHA1	`d82b4f0042f2e73f961bfe49f011c4a708918a29`
SHA256	`ef74299d385559dc60437d407738cbea17682b1d8c75c8df76a1a05e92ff1109`
SHA3	`dba775d1f34496ff0e5b35ae3788ee84aa1a15cc26fab0cac590a26075d87d44`
VirtualSize	`0xf9257`
VirtualAddress	`0x1000`
SizeOfRawData	`0xf9400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.4871`

.rdata

MD5	`9dfc230486df4a91bc5d7029f95f0275`
SHA1	`504b7b36b5ea5036acda8f5f0595e52ac3364342`
SHA256	`e38b0f0888d8c766ac3f9b37291a620f76b61aa192ddfa69e17b071af9c44a22`
SHA3	`aaeb797cd02b140327437a3a50cda7dd926b5aae32c06dee19d1f9edca4ebc5f`
VirtualSize	`0x320da`
VirtualAddress	`0xfb000`
SizeOfRawData	`0x32200`
PointerToRawData	`0xf9800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.26819`

.data

MD5	`c5309cc0992c9fb64184f704f11ee647`
SHA1	`dfcc3b79009f66ab23a8c9fadcc74ae96baaf67e`
SHA256	`111ff04d74dbdb3807530fe0ed72c536452e5755ec3dc8e5203c7727c27b04d9`
SHA3	`cc21ddb2313325a85701c4b3b21606cf1cd021dcac88c40dc4aa42faac10a84d`
VirtualSize	`0x16830`
VirtualAddress	`0x12e000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x12ba00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.51923`

.pdata

MD5	`4ee420bc2ea87103fe1b647f596f351c`
SHA1	`8f5ef7844aa8d4c22f63d7f78dd86ffd05466858`
SHA256	`f3558d5d41666166c99f4c762119dab5d22b3d4e4fa199b8b14aa4150b5fb102`
SHA3	`1777c8ece54cefc60de9ba483c1dd4dcb1ff7f824e6a1430d8e1ca9aa5e695fd`
VirtualSize	`0xa824`
VirtualAddress	`0x145000`
SizeOfRawData	`0xaa00`
PointerToRawData	`0x12ca00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.0534`

.reloc

MD5	`73000497e41a9dfecd071732f05c8199`
SHA1	`a88788929dbd1cd103ee3310b305d2b376282602`
SHA256	`84aca78d0583c0052b8943e2646c3d6562c23e33b379a7ea02e2ace82c393139`
SHA3	`4ed1adcf58214d8f7492671b3dc6cd0af905c8ea8c38d0b9f125697599bdafb9`
VirtualSize	`0x24c`
VirtualAddress	`0x150000`
SizeOfRawData	`0x400`
PointerToRawData	`0x137400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.6314`

Imports

KERNEL32.dll	`VirtualProtect` `GetCurrentProcess` `VirtualAlloc` `GetModuleHandleA` `Sleep` `GetTickCount64` `DisableThreadLibraryCalls` `K32GetModuleInformation` `CreateThread` `Beep` `CreateDirectoryA` `GetTickCount` `VirtualQuery` `GetProcAddress` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `WakeAllConditionVariable` `SleepConditionVariableSRW` `SetUnhandledExceptionFilter` `GetStartupInfoW` `GetModuleHandleW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetLastError` `CreateDirectoryExW` `CopyFile2` `CloseHandle` `MoveFileExW` `CreateHardLinkW` `GetFileInformationByHandleEx` `AreFileApisANSI` `CreateSymbolicLinkW` `CreateFile2` `MultiByteToWideChar` `GetTempPathW` `WideCharToMultiByte` `SetFileTime` `SetFileInformationByHandle` `SetFileAttributesW` `GetFullPathNameW` `GetFinalPathNameByHandleW` `GetFileAttributesExW` `GetFileAttributesW` `GetDiskFreeSpaceExW` `FindNextFileW` `FindFirstFileExW` `FindFirstFileW` `FindClose` `CreateDirectoryW` `GetCurrentDirectoryW` `SetCurrentDirectoryW` `GetLocaleInfoEx` `FormatMessageA` `LocalFree` `InitializeSListHead` `GetSystemTimeAsFileTime` `DeviceIoControl`
USER32.dll	`CallNextHookEx` `GetCursorPos` `keybd_event` `MapVirtualKeyA` `MessageBoxA` `SendInput` `GetSystemMetrics` `GetAsyncKeyState` `GetKeyNameTextA`
MSVCP140.dll	`?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z` `?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z` `?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ` `?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ` `?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z` `?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ` `?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ` `??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z` `?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z` `?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z` `??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z` `??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?width@ios_base@std@@QEAA_J_J@Z` `?width@ios_base@std@@QEBA_JXZ` `?flags@ios_base@std@@QEBAHXZ` `?good@ios_base@std@@QEBA_NXZ` `?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?narrow@?$ctype@_W@std@@QEBAPEB_WPEB_W0DPEAD@Z` `?always_noconv@codecvt_base@std@@QEBA_NXZ` `?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ` `?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ` `?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ` `?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ` `?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ` `?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ` `_Query_perf_counter` `?_Syserror_map@std@@YAPEBDH@Z` `?_Xlength_error@std@@YAXPEBD@Z` `?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z` `?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `?_Xbad_function_call@std@@YAXXZ` `?_Winerror_map@std@@YAHH@Z` `?_Xout_of_range@std@@YAXPEBD@Z` `?_Id_cnt@id@locale@std@@0HA` `?_Xinvalid_argument@std@@YAXPEBD@Z` `?id@?$ctype@_W@std@@2V0locale@2@A` `?_Xbad_alloc@std@@YAXXZ` `?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z` `?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ` `?uncaught_exceptions@std@@YAHXZ` `??0_Lockit@std@@QEAA@H@Z` `??1_Lockit@std@@QEAA@XZ` `_Query_perf_frequency` `?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z`
WINMM.dll	`PlaySoundW`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`memmove` `__std_exception_destroy` `memcmp` `memchr` `__std_type_info_destroy_list` `memset` `_CxxThrowException` `__C_specific_handler` `__current_exception_context` `__current_exception` `__std_terminate` `__std_exception_copy` `memcpy` `_purecall`
api-ms-win-crt-stdio-l1-1-0.dll	`fgetc` `__stdio_common_vsprintf_s` `fread` `fclose` `fflush` `__stdio_common_vswprintf` `fwrite` `__acrt_iob_func` `fgetpos` `__stdio_common_vswprintf_s` `fputc` `setvbuf` `ungetc` `_get_stream_buffer_pointers` `fsetpos` `_fseeki64` `__stdio_common_vfprintf` `__stdio_common_vsprintf`
api-ms-win-crt-heap-l1-1-0.dll	`_callnewh` `malloc` `free` `calloc`
api-ms-win-crt-convert-l1-1-0.dll	`strtol` `strtof` `mbstowcs` `strtod` `strtoll` `strtoull`
api-ms-win-crt-string-l1-1-0.dll	`wcslen` `isdigit` `strlen` `towlower`
api-ms-win-crt-math-l1-1-0.dll	`cos` `fmodf` `ceilf` `atanf` `sqrtf` `cosf` `atan2f` `atan2` `atan` `asin` `acosf` `_dclass` `_dsign` `sin` `truncf` `sinf` `pow` `sqrt` `fmaxf` `fminf`
api-ms-win-crt-utility-l1-1-0.dll	`rand`
api-ms-win-crt-filesystem-l1-1-0.dll	`_unlock_file` `_lock_file`
api-ms-win-crt-locale-l1-1-0.dll	`localeconv` `___lc_codepage_func`
api-ms-win-crt-runtime-l1-1-0.dll	`_initialize_onexit_table` `_initterm` `_cexit` `_crt_at_quick_exit` `_crt_atexit` `terminate` `_seh_filter_dll` `_execute_onexit_table` `abort` `_register_onexit_function` `_errno` `_initterm_e` `_initialize_narrow_environment` `_configure_narrow_argv`
api-ms-win-crt-time-l1-1-0.dll	`_localtime64` `_time64`
api-ms-win-crt-environment-l1-1-0.dll	`getenv`

Delayed Imports

Functionsaasa

Ordinal	`1`
Address	`0x760a0`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Feb-05 14:12:47
Version	`0.0`
SizeofData	`900`
AddressOfRawData	`0x1156c4`
PointerToRawData	`0x113ec4`

TLS Callbacks

StartAddressOfRawData	`0x180115a68`
EndAddressOfRawData	`0x180115a70`
AddressOfIndex	`0x18012ee9c`
AddressOfCallbacks	`0x1800fb9d8`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x18012e140`

RICH Header

XOR Key	`0xc0c22a9b`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`22`
Imports (35403)	`6`
ASM objects (35403)	`3`
C objects (35403)	`8`
C++ objects (35403)	`27`
Imports (33145)	`7`
Total imports	`240`
C++ objects (LTCG) (35723)	`3`
ASM objects (35723)	`2`
Exports (35723)	`1`
Linker (35723)	`1`

f82bf0042bcf499a769a5f11759ca389

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.reloc

Imports

Delayed Imports

Functionsaasa

Version Info

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors