Manalyze report for fa7149160a338451975260925bea7986802a06a9441d8afc6a899352194532eb

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Oct-07 13:59:36
Detected languages	English - United States
TLS Callbacks	1 callback(s) detected.
Debug artifacts	src_win.pdb

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: github.com https://github.com`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryW LoadLibraryExA` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Possibly launches other programs: ShellExecuteW` `Can take screenshots: GetDC CreateCompatibleDC`
Malicious	VirusTotal score: 3/70 (Scanned on 2026-05-23 10:54:48)	`MaxSecure: Trojan.Malware.300983.susgen` `Skyhigh: BehavesLike.Win64.Dropper.dh` `TrellixENS: Artemis!AE36D2ABC77A`

Hashes

MD5	`ae36d2abc77abdffb33f1f452a9fbe97`
SHA1	`394bbc7a3e4d46032caa35b6454e1f6ac7a3cbd3`
SHA256	`fa7149160a338451975260925bea7986802a06a9441d8afc6a899352194532eb`
SHA3	`ef5f385f13378d970fba99726551d90ece81b7d1e5d29fdab2383f2f5ae98bfe`
SSDeep	`3072:1sO4TKkzF1VOmMaTovXttn3tCk9hhNVt1yK75ooO9mAn/j:+O4TKkzFH0/vb9DhvUKKsO`
Imports Hash	`c962431a5f5a539ae8ff885b7074d106`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2025-Oct-07 13:59:36
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x25400`
SizeOfInitializedData	`0x1b400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000024200 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x44000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`fd430bffde663d57c965b37e08d2d2c6`
SHA1	`e1790bdf57436ee5fdc07dfcbdabd03d27f5cbbb`
SHA256	`a9c346b5cd1e3ae1661037701f2e9e302f7a46953283f1a101a641880a13f1d1`
SHA3	`f2b0c6a472b510ce8df4e65df45c395f6dd33e526daef0f11a2a89dbddd147a6`
VirtualSize	`0x253bb`
VirtualAddress	`0x1000`
SizeOfRawData	`0x25400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.35624`

.rdata

MD5	`c9ff45c3d91897e3740b25d326c3dfb7`
SHA1	`88fc081c4a9b514016a28598c89ffa7075d16974`
SHA256	`89b16a5d84ee8810630903dcf3493246ef89d0455c29eac6e670db0740dcd9bf`
SHA3	`26adbe1cbdebc23b9cc1e7b3be42a9de0c48d9049440a8af8693ac6649f413da`
VirtualSize	`0xe646`
VirtualAddress	`0x27000`
SizeOfRawData	`0xe800`
PointerToRawData	`0x25800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.25383`

.data

MD5	`fc52b6d69dc97684e2ec8032fb66f4fc`
SHA1	`8167a4f3dd0a2da828b08a932ca23a55126e7b86`
SHA256	`cbb271cd8013316f269a8a37f2f2c5a987c5ea4f0a6b7f035fd34d5e2ced02cb`
SHA3	`0abc1471076c464657abcdb7e62d1dd011992a0490de336948f55c9442ff74fd`
VirtualSize	`0x2630`
VirtualAddress	`0x36000`
SizeOfRawData	`0x400`
PointerToRawData	`0x34000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.07054`

.pdata

MD5	`7b1318ffec7e426c7a9ee15572a4709e`
SHA1	`a8525bfecbd029638b09ae98f285abf7faa07748`
SHA256	`f815b4ca2159b7dbaba21b50eaa75ac2197cd3c4b4606de2a4f9c46511fabe4b`
SHA3	`80f2ee2325fb11bae2f0fd37ea24119c0533f52a2a60af76f665c6213d5aef5c`
VirtualSize	`0x1a10`
VirtualAddress	`0x39000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0x34400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.21729`

.rsrc

MD5	`471723eb78d3511f3635513ccb00b4c1`
SHA1	`d797bdbf5a76691f8eeb0ea6851059b8244e4542`
SHA256	`fb808e52af45b787d676bbafdab8a96871c306d32111d71198aaf9fa2d1c783e`
SHA3	`b49ccc267e25548e09374fc57936e88988feb78522983aa65b0d4c9c92c852d8`
VirtualSize	`0x7e40`
VirtualAddress	`0x3b000`
SizeOfRawData	`0x8000`
PointerToRawData	`0x36000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.89509`

.reloc

MD5	`53934513b0a310f28ed3cc93939566b6`
SHA1	`2c72208a671490da6fd51ad075d75e56cd786d9a`
SHA256	`95fabbaafed6cf98c992ddbb3c6b334e90fb96b1db096f7e9261d6a6cb15f275`
SHA3	`b8142bafb5767245512424e62aac2c5b22ebc20728ac372bcc461a2a8160d18f`
VirtualSize	`0x6f0`
VirtualAddress	`0x43000`
SizeOfRawData	`0x800`
PointerToRawData	`0x3e000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.09739`

Imports

user32.dll	`DefWindowProcW` `GetDC` `RegisterWindowMessageA` `IsProcessDPIAware` `MonitorFromWindow` `TrackPopupMenu` `ClientToScreen` `GetCursorPos` `GetWindowDC` `OffsetRect` `GetWindowRect` `MapWindowPoints` `GetMenuBarInfo` `ReleaseDC` `GetClientRect` `SetWindowPos` `DefWindowProcA` `GetMenuItemInfoW` `CreateWindowExA` `SystemParametersInfoA` `CreateAcceleratorTableW` `DestroyAcceleratorTable` `SendMessageW` `CheckMenuItem` `DestroyIcon` `DestroyMenu` `RemoveMenu` `SetMenu` `MessageBoxW` `DispatchMessageA` `TranslateMessage` `GetMessageA` `SetForegroundWindow` `ShowWindow` `SetWindowLongPtrA` `GetWindowLongPtrA` `RegisterClassA` `CreateWindowExW` `RegisterClassW` `LoadImageW` `DrawMenuBar` `SetMenuItemInfoW` `DrawIconEx` `AppendMenuW` `CreatePopupMenu` `CreateMenu` `PostQuitMessage` `SendInput` `DestroyWindow`
gdi32.dll	`CreateSolidBrush` `GetTextExtentPoint32A` `DeleteDC` `SelectObject` `CreateDIBSection` `CreateCompatibleDC` `GetDeviceCaps` `GetStockObject` `SetBkMode`
shell32.dll	`Shell_NotifyIconW` `ShellExecuteW` `Shell_NotifyIconGetRect`
kernel32.dll	`GetProcAddress` `LoadLibraryA` `LoadLibraryW` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `GetModuleFileNameW` `QueryPerformanceFrequency` `GetLastError` `GetCurrentThreadId` `GetModuleHandleW` `GetEnvironmentVariableW` `RtlVirtualUnwind` `WideCharToMultiByte` `ReleaseMutex` `lstrlenW` `GetCurrentProcess` `LoadLibraryExA` `WaitForSingleObjectEx` `QueryPerformanceCounter` `CreateMutexA` `GetCurrentProcessId` `GetModuleHandleA` `RtlLookupFunctionEntry` `RtlCaptureContext` `GetCurrentDirectoryW` `IsProcessorFeaturePresent` `HeapFree` `HeapAlloc` `FormatMessageW` `SetLastError` `UnhandledExceptionFilter` `CloseHandle` `SetUnhandledExceptionFilter` `GetProcessHeap` `SwitchToThread` `GetCommandLineW` `AddVectoredExceptionHandler` `SetThreadStackGuarantee` `GetCurrentThread` `HeapReAlloc` `CreateThread` `GetStdHandle` `GetConsoleMode` `GetConsoleOutputCP` `WriteConsoleW` `WaitForSingleObject` `MultiByteToWideChar`
comctl32.dll	`DefSubclassProc` `RemoveWindowSubclass` `SetWindowSubclass`
uxtheme.dll	`CloseThemeData` `DrawThemeText` `DrawThemeBackground` `OpenThemeData`
ntdll.dll	`RtlNtStatusToDosError` `NtWriteFile`
oleaut32.dll	`SysFreeString` `SysStringLen`
api-ms-win-core-synch-l1-2-0.dll	`WakeByAddressAll` `WaitOnAddress` `WakeByAddressSingle`
bcryptprimitives.dll	`ProcessPrng`
VCRUNTIME140.dll	`__current_exception_context` `__current_exception` `__C_specific_handler` `memmove` `memset` `memcpy` `__CxxFrameHandler3` `memcmp`
api-ms-win-crt-math-l1-1-0.dll	`round` `__setusermatherr`
api-ms-win-crt-runtime-l1-1-0.dll	`_seh_filter_exe` `_get_initial_narrow_environment` `terminate` `_crt_atexit` `_set_app_type` `_exit` `_configure_narrow_argv` `_register_onexit_function` `_initialize_onexit_table` `__p___argc` `exit` `_initterm` `_register_thread_local_exe_atexit_callback` `_c_exit` `_cexit` `_initialize_narrow_environment` `__p___argv` `_initterm_e`
api-ms-win-crt-stdio-l1-1-0.dll	`_set_fmode` `__p__commode`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-heap-l1-1-0.dll	`free` `_set_new_mode`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x7e5`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.82371`
Detected Filetype	PNG graphic file
MD5	`a830a17a6f40461eaa76a775df6fd4a5`
SHA1	`9421d0caae14f9c69d553dd9f733b0673cd86ce5`
SHA256	`4f15cabdb7b3bf8c0c28b802fc5c51b993067eea030e86e05c57408eef5eec9f`
SHA3	`5e77c56f6f22630ae5b9f1c076542f7e200133b3e80ebe9237c82c00bf23f24c`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x32c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.54376`
Detected Filetype	PNG graphic file
MD5	`68eb77d2159809bd8010042d041a9885`
SHA1	`90571a7dd2e6344c2734728b32ec8879f690d4d0`
SHA256	`4f207c68580a5f5ebc92f682da3851262ccd6d3947eb90c5e023787f7ddac1ff`
SHA3	`7df3faa412a7538c49a717feff78fd496753ab3ab8e2b47ec843e88b6014b81f`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x57a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.75989`
Detected Filetype	PNG graphic file
MD5	`0baaf0aad76547bf9a6957ea20aef3c9`
SHA1	`3e000c0f8df23bc732aa959787ee3a8cd9940f4b`
SHA256	`b7e94ed89ae28a254527cfed107844a6132708381a7893f42832bd589b130484`
SHA3	`1a6aca976a0fcbd21d080ccca7440332b275dce70bf5cbe37fa8259e1f31db1a`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xcff`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.86492`
Detected Filetype	PNG graphic file
MD5	`954897b405d47b188b6a1314955f6bed`
SHA1	`3a49c5bf60e30e77a4d2903b7aec7ba15c903c87`
SHA256	`e1e08954bda36ca3befa85501588af5e43d4784ea05641cc85dc819368e8c266`
SHA3	`1949dc2f6a8fb48d56c026f638457d06f34eee5a7d8b9907985fb1c8b03417ac`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x12ab`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.89539`
Detected Filetype	PNG graphic file
MD5	`fbf55aaf65a49b6f5f1a59b7f4ac1905`
SHA1	`255beb58eb2b8f683bfe636f9d4fc66f950372e7`
SHA256	`5363f1df249ed207394076ec102b05d1a41548ab99b25720c99ad0c45a2d8602`
SHA3	`df56719d1b2029f4b80a28ebbfe1d3fb6ba7a6a8c90eb7a1eb6f8d4cd6dbe372`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4c07`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.96575`
Detected Filetype	PNG graphic file
MD5	`31991e700c04cfb020ec3e6aa37d2b67`
SHA1	`16074b693a721ada41ccd6a396cef6c5ef3df13c`
SHA256	`6f2d9ab1faddf929f0129e8196ce62c7efe37c241f7d12b5466a7a38804f3870`
SHA3	`6fea05a0f911350671dfcbf2fcceb3c7428959d0d7de26f884472914f91afc9e`

1 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.8021`
Detected Filetype	Icon file
MD5	`96661e9afe4cd4ebeb0f9d7fda2c6f6c`
SHA1	`ed7ee22cc94e37a67ba53715d100ac271b2b1b24`
SHA256	`d2f645951fb89f58a2ef395c9ba59dacdbc2b8cd08fbd5dbd36dbee5c765bf99`
SHA3	`f413e55b2e809eda60b4883460ff18948e0971d6627357b419c628d10cbdb737`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Oct-07 13:59:36
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x30ef4`
PointerToRawData	`0x2f6f4`
Referenced File	src_win.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Oct-07 13:59:36
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x30f18`
PointerToRawData	`0x2f718`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Oct-07 13:59:36
Version	`0.0`
SizeofData	`856`
AddressOfRawData	`0x30f2c`
PointerToRawData	`0x2f72c`

TLS Callbacks

StartAddressOfRawData	`0x1400312a8`
EndAddressOfRawData	`0x140031338`
AddressOfIndex	`0x140038598`
AddressOfCallbacks	`0x1400275e0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`0x000000014001C8C0`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140036200`

RICH Header

XOR Key	`0xb6f3a79d`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`10`
Imports (35207)	`3`
ASM objects (35207)	`3`
C objects (35207)	`9`
C++ objects (35207)	`23`
Total imports	`162`
Unmarked objects (#2)	`31`
Resource objects (35217)	`1`
Linker (35217)	`1`

Errors

Leave a comment

No comments yet.