Manalyze report for fe9401de61e1b1f65b14b42f3f810154412b25a963760ea2bfd402fa11cdbe0c

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Jun-11 04:12:13
Debug artifacts	mod_uploader.pdb

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: cmd.exe` Contains domain names: GoDaddy.com api.github.com daltonmaag.com github.com google.com http://scripts.sil.org http://scripts.sil.org/OFL http://www.daltonmaag.com http://www.daltonmaag.com/http http://www.daltonmaag.comUbuntuLight http://www.google.com http://www.google.com/get/noto/http http://www.monotype.com http://www.monotype.com/studioThis https://api.github.com https://api.github.com/repos/teamsamoyed/TeamfightManager2Mod/releases?per_page https://docs.rs https://github.com https://steamcommunity.com monotype.com openssl.org scripts.sil.org steamcommunity.com www.daltonmaag.com www.google.com www.monotype.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to RC5 or RC6`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW LoadLibraryW LoadLibraryA` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Possibly launches other programs: CreateProcessW` `Uses Windows's Native API: NtCreateNamedPipeFile NtOpenFile NtReadFile NtWriteFile` `Can create temporary files: CreateFileW GetTempPathW` `Uses functions commonly found in keyloggers: GetForegroundWindow GetAsyncKeyState MapVirtualKeyW` `Leverages the raw socket API to access the Internet: WSAStartup WSACleanup freeaddrinfo listen bind getsockname WSADuplicateSocketW accept closesocket select connect WSASend WSARecv getpeername send recv ioctlsocket getsockopt setsockopt WSAGetLastError getaddrinfo WSASocketW` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`79406b938fb77d9bd2440102a31e9b51`
SHA1	`ebd7659492b632f1d7267d27ca3a7080d01bea41`
SHA256	`fe9401de61e1b1f65b14b42f3f810154412b25a963760ea2bfd402fa11cdbe0c`
SHA3	`ad62a969c157d7ad8b2b781472093837b5114d4a37128c914e6e0a586ec27b7a`
SSDeep	`98304:MYyL7EJgC9y1Wn3WdO8PHWpi+s+bOO2jMs:MFFxd3TtjM`
Imports Hash	`4f3fe21d9b1a4e1bf0271decc4b9a6b1`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`5`
TimeDateStamp	2026-Jun-11 04:12:13
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x388e00`
SizeOfInitializedData	`0x2d3e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000036ECA8 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x660000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x1000000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`c403d180540dd66936b58909eb719ad3`
SHA1	`f180d5d041cc9e2bb05e79b92e20e475927db128`
SHA256	`ca3b42a9ce9654e95b157ad6a1f5cd5fe5f777d3df92ea8a8176c6735aeaa0de`
SHA3	`6f3dc45ccbfc8e0bcdd201bb77bcf8299f52301cd25544749e72ba7c4aece242`
VirtualSize	`0x388ca9`
VirtualAddress	`0x1000`
SizeOfRawData	`0x388e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.38841`

.rdata

MD5	`3c746a77c8fdb1711cd7dfecac29a491`
SHA1	`fb9a603d8d5658bffd9d18f7170a878ca5bd2341`
SHA256	`96d70ac8a17d83c51c995bde546b2edd100e5b954243bc7b60615eca94fe315d`
SHA3	`7f1c0cf3d9522e479a4193f8ea649301526c070384c53f880cc14b50e059962d`
VirtualSize	`0x2abd64`
VirtualAddress	`0x38a000`
SizeOfRawData	`0x2abe00`
PointerToRawData	`0x389200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.59884`

.data

MD5	`5cfeb157b739916a9c151168645f2fd3`
SHA1	`ccc80692e5e40ff5e021e38405de373abd52bd51`
SHA256	`b95b42ae4a9fb0c13f58fe6b9ea50c8525b285c66d8c9543064df20de1eaa463`
SHA3	`04257c66975f273fa07f4730db83d6e6783f1e477414edf5849ee56011ff3d46`
VirtualSize	`0x1478`
VirtualAddress	`0x636000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x635000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.39007`

.pdata

MD5	`39b50e1fe12ef1a13e79efa4a78604e9`
SHA1	`4350143bc01c580719ecf09fa8078dec1ff4e8ad`
SHA256	`1a6380a3576fd9e0c383a85ea5ed3e35344852a8cf592cbe5139c9abd3bc68e4`
SHA3	`c033fccef54b4b15cdd5eba1597e4f256436c085935a4cb01624879ea983ff20`
VirtualSize	`0x23304`
VirtualAddress	`0x638000`
SizeOfRawData	`0x23400`
PointerToRawData	`0x635e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.39993`

.reloc

MD5	`afc6fbbb852de6462df880f1a5797b1f`
SHA1	`ce544d2ca12e06f059e50ed0571c5bb77625080f`
SHA256	`fb21c37480a40a6c9f6f24d9cff204e28d164d5fbdae5367244a72b4aab53a37`
SHA3	`f71cca6b89191abc0877a38906101d23398aeafe9759200407efec024bc3bfe8`
VirtualSize	`0x3508`
VirtualAddress	`0x65c000`
SizeOfRawData	`0x3600`
PointerToRawData	`0x659200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.43159`

Imports

api-ms-win-core-synch-l1-2-0.dll	`WaitOnAddress` `WakeByAddressSingle` `WakeByAddressAll`
bcryptprimitives.dll	`ProcessPrng`
bcrypt.dll	`BCryptGenRandom`
ADVAPI32.dll	`RevertToSelf` `SystemFunction036` `ImpersonateAnonymousToken`
steam_api64.dll	`SteamAPI_SteamUser_v023` `SteamAPI_ISteamUser_GetSteamID` `SteamAPI_GetHSteamPipe` `SteamAPI_SteamUGC_v018` `SteamAPI_ISteamUGC_StartItemUpdate` `SteamAPI_ISteamUGC_GetItemUpdateProgress` `SteamAPI_ISteamUGC_CreateItem` `SteamAPI_ISteamUGC_SetItemTags` `SteamAPI_ISteamUGC_SetItemVisibility` `SteamAPI_ISteamUGC_SetItemDescription` `SteamAPI_ISteamUGC_SetItemContent` `SteamAPI_ISteamUGC_SetItemPreview` `SteamAPI_ISteamUGC_AddItemKeyValueTag` `SteamAPI_ISteamUGC_RemoveAllItemKeyValueTags` `SteamAPI_ISteamUGC_SetItemTitle` `SteamAPI_ISteamUGC_SetItemMetadata` `SteamInternal_SteamAPI_Init` `SteamAPI_ManualDispatch_RunFrame` `SteamAPI_ManualDispatch_GetNextCallback` `SteamAPI_ManualDispatch_Init` `SteamAPI_ManualDispatch_GetAPICallResult` `SteamAPI_ISteamUGC_GetQueryUGCResult` `SteamAPI_ISteamUGC_SubmitItemUpdate` `SteamAPI_ISteamNetworkingSockets_CloseConnection` `SteamAPI_ISteamNetworkingSockets_CloseListenSocket` `SteamAPI_ManualDispatch_FreeLastCallback` `SteamAPI_ISteamUGC_ReleaseQueryUGCRequest` `SteamAPI_ISteamUGC_CreateQueryUGCDetailsRequest` `SteamAPI_Shutdown` `SteamAPI_ISteamUGC_SendQueryUGCRequest`
OPENGL32.dll	`wglDeleteContext` `wglGetCurrentContext` `wglShareLists` `wglMakeCurrent` `wglGetCurrentDC` `wglGetProcAddress` `wglCreateContext`
kernel32.dll	`FlsAlloc` `FlsFree` `GetFileAttributesW` `FlsSetValue` `IsThreadAFiber` `SetWaitableTimer` `CreateWaitableTimerExW` `GetConsoleOutputCP` `GetConsoleMode` `WriteConsoleW` `SetEnvironmentVariableW` `GetEnvironmentVariableW` `DeleteFileW` `ReleaseMutex` `CreateMutexA` `GetCurrentThreadId` `WaitForSingleObjectEx` `SwitchToThread` `ExitProcess` `FindClose` `FindFirstFileExW` `CopyFileExW` `lstrlenW` `GetCurrentDirectoryW` `SetThreadStackGuarantee` `CloseHandle` `AddVectoredExceptionHandler` `SetFilePointerEx` `GetSystemTimeAsFileTime` `InitializeSListHead` `GetProcAddress` `LoadLibraryExW` `GetLastError` `LoadLibraryW` `FreeLibrary` `SetThreadErrorMode` `GetModuleFileNameW` `CreateDirectoryW` `GetStdHandle` `GetEnvironmentStringsW` `GetExitCodeProcess` `GlobalLock` `GlobalAlloc` `SetLastError` `GetFinalPathNameByHandleW` `IsDebuggerPresent` `GlobalUnlock` `CreateProcessW` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GlobalSize` `WideCharToMultiByte` `GetWindowsDirectoryW` `GetSystemDirectoryW` `GetFileInformationByHandleEx` `GlobalFree` `MultiByteToWideChar` `GetFileInformationByHandle` `CancelIo` `GetSystemTimePreciseAsFileTime` `GetCurrentThread` `RtlLookupFunctionEntry` `FormatMessageW` `RtlCaptureContext` `DuplicateHandle` `GetCurrentProcess` `GetOverlappedResult` `ReadFile` `ReadFileEx` `GetCurrentProcessId` `SetHandleInformation` `CreateThread` `GetProcessHeap` `HeapFree` `LoadLibraryA` `QueryPerformanceCounter` `HeapReAlloc` `SetFileTime` `HeapAlloc` `CreateFileW` `SetFileInformationByHandle` `CreateEventW` `WaitForSingleObject` `GetFullPathNameW` `SleepEx` `WriteFileEx` `FreeEnvironmentStringsW` `CompareStringOrdinal` `GetModuleHandleA` `Sleep` `GetModuleHandleW` `WaitForMultipleObjects` `GetTempPathW` `QueryPerformanceFrequency` `FindNextFileW` `TerminateProcess` `IsProcessorFeaturePresent` `RtlVirtualUnwind`
ole32.dll	`CoInitializeEx` `OleInitialize` `CoCreateInstance` `RegisterDragDrop` `RevokeDragDrop` `CoTaskMemFree` `CoUninitialize`
user32.dll	`GetTouchInputInfo` `MonitorFromRect` `ScreenToClient` `GetMenu` `GetClassInfoExW` `ValidateRect` `DispatchMessageW` `TranslateMessage` `SetWindowPlacement` `GetWindowPlacement` `ClientToScreen` `PeekMessageW` `ChangeDisplaySettingsExW` `DefWindowProcW` `SetWindowLongPtrW` `GetWindowLongPtrW` `ReleaseDC` `RedrawWindow` `InvalidateRgn` `SetWindowPos` `GetClientRect` `SetWindowDisplayAffinity` `SetCursorPos` `GetForegroundWindow` `TrackMouseEvent` `CreateWindowExW` `RegisterClassExW` `DestroyWindow` `PostMessageW` `FlashWindowEx` `EmptyClipboard` `CreateIconFromResourceEx` `SendMessageW` `GetSystemMetrics` `OpenClipboard` `GetActiveWindow` `IsClipboardFormatAvailable` `GetClipboardData` `SetClipboardData` `RegisterClipboardFormatW` `CloseClipboard` `SetCursor` `SetPropW` `CloseTouchInputHandle` `GetPropW` `GetCursorPos` `CallWindowProcW` `RemovePropW` `MonitorFromWindow` `GetClassNameW` `GetMonitorInfoW` `GetDC` `RegisterTouchWindow` `ReleaseCapture` `GetWindowRect` `RegisterWindowMessageA` `SetCapture` `IsIconic` `GetClipCursor` `ClipCursor` `GetAsyncKeyState` `GetKeyboardState` `MapVirtualKeyExW` `ToUnicodeEx` `GetKeyState` `GetKeyboardLayout` `ShowCursor` `RegisterRawInputDevices` `GetRawInputData` `SetTimer` `GetMessageW` `KillTimer` `DestroyIcon` `AdjustWindowRectEx` `GetWindowLongW` `SetWindowLongW` `ShowWindow` `SystemParametersInfoA` `SetForegroundWindow` `SendInput` `MapVirtualKeyW` `CreateIcon` `EnumDisplayMonitors` `MonitorFromPoint` `SetWindowTextW` `GetWindowTextLengthW` `EnableMenuItem` `GetSystemMenu` `LoadCursorW` `IsProcessDPIAware` `GetWindowTextW`
shell32.dll	`DragFinish` `DragQueryFileW` `SHCreateItemFromParsingName`
ws2_32.dll	`WSAStartup` `WSACleanup` `freeaddrinfo` `listen` `bind` `getsockname` `WSADuplicateSocketW` `accept` `closesocket` `select` `connect` `WSASend` `WSARecv` `getpeername` `send` `recv` `ioctlsocket` `getsockopt` `setsockopt` `WSAGetLastError` `getaddrinfo` `WSASocketW`
gdi32.dll	`SetPixelFormat` `DescribePixelFormat` `DeleteObject` `ChoosePixelFormat` `CreateRectRgn` `SwapBuffers` `GetDeviceCaps`
dwmapi.dll	`DwmEnableBlurBehindWindow`
shlwapi.dll	`AssocQueryStringW`
uiautomationcore.dll	`UiaLookupId` `UiaHostProviderFromHwnd` `UiaRaiseAutomationPropertyChangedEvent` `UiaRaiseAutomationEvent` `UiaReturnRawElementProvider` `UiaGetReservedNotSupportedValue`
oleaut32.dll	`SysStringLen` `SetErrorInfo` `SafeArrayPutElement` `SysAllocStringLen` `SysFreeString` `SafeArrayCreateVector` `GetErrorInfo`
uxtheme.dll	`SetWindowTheme`
imm32.dll	`ImmGetCompositionStringW` `ImmGetContext` `ImmReleaseContext` `ImmAssociateContextEx` `ImmSetCandidateWindow` `ImmSetCompositionWindow`
ntdll.dll	`NtCreateNamedPipeFile` `NtOpenFile` `NtReadFile` `RtlNtStatusToDosError` `NtWriteFile`
VCRUNTIME140.dll	`memcpy` `_CxxThrowException` `memset` `memcmp` `memmove` `__current_exception_context` `__current_exception` `__CxxFrameHandler3` `__C_specific_handler`
api-ms-win-crt-string-l1-1-0.dll	`wcslen` `strlen`
api-ms-win-crt-math-l1-1-0.dll	`round` `roundf` `floorf` `ceilf` `expf` `sinf` `floor` `trunc` `cos` `sin` `ceil` `powf` `__setusermatherr` `_hypotf` `atan2f` `cbrtf` `acosf` `exp2f` `cosf`
api-ms-win-crt-runtime-l1-1-0.dll	`_configure_narrow_argv` `_initialize_narrow_environment` `_set_app_type` `_seh_filter_exe` `strerror` `_get_initial_narrow_environment` `_initterm` `_initterm_e` `exit` `_exit` `terminate` `__p___argc` `__p___argv` `_cexit` `_c_exit` `_register_thread_local_exe_atexit_callback` `_crt_atexit` `_initialize_onexit_table` `_register_onexit_function`
api-ms-win-crt-stdio-l1-1-0.dll	`_set_fmode` `__p__commode`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `free`

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Jun-11 04:12:13
Version	`0.0`
SizeofData	`41`
AddressOfRawData	`0x5ba290`
PointerToRawData	`0x5b9490`
Referenced File	mod_uploader.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Jun-11 04:12:13
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x5ba2bc`
PointerToRawData	`0x5b94bc`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Jun-11 04:12:13
Version	`0.0`
SizeofData	`816`
AddressOfRawData	`0x5ba2d0`
PointerToRawData	`0x5b94d0`

TLS Callbacks

StartAddressOfRawData	`0x1405ba620`
EndAddressOfRawData	`0x1405ba791`
AddressOfIndex	`0x140636e68`
AddressOfCallbacks	`0x14038ac60`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140636c00`

RICH Header

XOR Key	`0x3caafb19`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`12`
Imports (35207)	`2`
ASM objects (35207)	`4`
C objects (35207)	`10`
C++ objects (35207)	`24`
Imports (30148)	`2`
Imports (33145)	`7`
Total imports	`452`
C objects (35227)	`12`
Unmarked objects (#2)	`390`
Linker (35227)	`1`

Errors

Leave a comment

No comments yet.