Manalyze report for f8be8dbf8f3294108678efd13054f8b65f9de587be38d9c01c731e0a310e299d

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Feb-24 15:19:12
Detected languages	English - United States Russian - Russia
Debug artifacts	ui.pdb
FileVersion	`1.0.0.1`
ProductVersion	`1.0.0.1`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress LoadLibraryExW`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`48723814dcb13aeaa523257b63ec3f3c`
SHA1	`654a81ea5a8602c15353fe001a1a7d817982e423`
SHA256	`f8be8dbf8f3294108678efd13054f8b65f9de587be38d9c01c731e0a310e299d`
SHA3	`2a839ae3c0ed9c4d5c0ed7dd17116d55adeadd20c86452be373cc5bc339980e8`
SSDeep	`6144:ZTVpTI1QHRQuRiNn3/eVira8d0i4TzIDFB173+kRepA5o3N0:ZxpTI1ORiN31bWiNxDJE0`
Imports Hash	`86551c19056fe9f19bcfaf85464d62d9`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2026-Feb-24 15:19:12
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x47a00`
SizeOfInitializedData	`0x8c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00007A46 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x49000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x54000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`1ac86895378c454adf658b5ad447ef93`
SHA1	`21277b3744dacc0e887701ec855e76422feb27a1`
SHA256	`02f0054e08cc4e1ffa43846ccb45aba89c01080c0a8ad8bf265f9a8461486cf7`
SHA3	`706d10abfc9d29bab354cadb89bed1d2967b08071b3354020a8472ddfbd4ee54`
VirtualSize	`0x47868`
VirtualAddress	`0x1000`
SizeOfRawData	`0x47a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.67068`

.rdata

MD5	`a633a7aab93ca700553052f4725beb01`
SHA1	`59120271fd5702aca36ee9dfa6468c669211b163`
SHA256	`0b0eb5dddd34b73bdb2afb078e266cc83d06a6f827e0b304f16cf43dd12cf554`
SHA3	`4f357b33cc97ad7531754757a6f93939b7ac97e4591537848b854bd01d39f93d`
VirtualSize	`0x5f2e`
VirtualAddress	`0x49000`
SizeOfRawData	`0x6000`
PointerToRawData	`0x47e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.83915`

.data

MD5	`4e680ab8e4b617cab46c16d2e6ebe660`
SHA1	`c9d7a2e23c7d75a984b79f64e427faf36ef6ba88`
SHA256	`455a18d78a50b5cfcd062c53a45a94ff0c4f83708920c396ad4aed8bdd3e5a4f`
SHA3	`b99a0c80d79d6fd39d15f91253c9ef121fce1f94b93ec72804fc608d02eb5b40`
VirtualSize	`0x14b0`
VirtualAddress	`0x4f000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x4de00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.44435`

.rsrc

MD5	`5900a62ef1146128a73c6a41a1f082ff`
SHA1	`d97aca070d5eb5c396a47be03a455a1def58eba0`
SHA256	`57d442f7806891aa9e1453fa201c360390364709efa17b6edf0eb08f28bffe4f`
SHA3	`b2d57eb906fb389a0a9093134d9bc73df926759fb3a96780657080c60138efc5`
VirtualSize	`0x360`
VirtualAddress	`0x51000`
SizeOfRawData	`0x400`
PointerToRawData	`0x4e800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.91416`

.reloc

MD5	`b4ff699212d1e75d22ee216e7624b686`
SHA1	`3aadc49864c3a78d06b40c93fd73b288511e650b`
SHA256	`2899154a7689680e8d9e6d71163322e4456948a1e826e5da154d969b8964178c`
SHA3	`af0e213907f413a719a7551177f9ab060f482724e0e1fe64eaa56cfa41a00d55`
VirtualSize	`0x101c`
VirtualAddress	`0x52000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x4ec00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.1626`

Imports

KERNEL32.dll	`CloseHandle` `CreateFileW` `WriteConsoleW` `GetModuleHandleW` `LoadLibraryA` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetCurrentProcess` `TerminateProcess` `RtlUnwind` `RaiseException` `GetLastError` `SetLastError` `EncodePointer` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `ExitProcess` `GetModuleHandleExW` `HeapReAlloc` `HeapAlloc` `HeapFree` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetFileType` `GetStringTypeW` `LCMapStringW` `GetProcessHeap` `HeapSize` `FlushFileBuffers` `GetConsoleCP` `GetConsoleMode` `SetFilePointerEx` `DecodePointer`
USER32.dll	`TranslateMessage` `DispatchMessageW` `GetMessageW`
ADVAPI32.dll	`GetUserNameA`

Delayed Imports

1

Type	`RT_VERSION`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x140`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.03462`
MD5	`d4ad3978ab5a98c811a848e148ada73f`
SHA1	`f2b3f52156613e5d296a6de5210026aa3b0e51b7`
SHA256	`336009dfc764a1f71106340e96c2f27d855c64e7d37fa9c4f11711074d2ff694`
SHA3	`1763ea193d77e92f3f111241d6765d88e6c2def970a381323f8913145f42c40f`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.1
ProductVersion	1.0.0.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
FileVersion (#2)	1.0.0.1
ProductVersion (#2)	1.0.0.1

Resource LangID	Russian - Russia

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Feb-24 15:19:12
Version	`0.0`
SizeofData	`31`
AddressOfRawData	`0x4dfc4`
PointerToRawData	`0x4cdc4`
Referenced File	ui.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Feb-24 15:19:12
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x4dfe4`
PointerToRawData	`0x4cde4`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2026-Feb-24 15:19:12
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0xa0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x44f018`
SEHandlerTable	`0x44df90`
SEHandlerCount	`13`

RICH Header

XOR Key	`0x16923b2e`
Unmarked objects	`0`
ASM objects (26213)	`10`
C++ objects (26213)	`141`
C objects (26213)	`18`
C objects (VS 2015/2017 runtime 26706)	`17`
ASM objects (VS 2015/2017 runtime 26706)	`17`
C++ objects (VS 2015/2017 runtime 26706)	`41`
Imports (26213)	`7`
Total imports	`85`
C++ objects (LTCG) (27054)	`3`
Resource objects (27054)	`1`
151	`1`
Linker (27054)	`1`

Errors

Leave a comment

No comments yet.