Manalyze report for b5d6cd81bd6abada25f5a64d399deafc

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2024-Apr-28 04:16:09
Detected languages	English - United States
TLS Callbacks	1 callback(s) detected.
CompanyName	www.koala.com
FileDescription	Koala app
FileVersion	`6.31.4`
LegalCopyright	Copyright (C) 2011-2024 Koalancha
OriginalFilename	koala.exe
ProductName	Koala
ProductVersion	`6.31.4`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to mining pools: stratum+tcp://` `Contains domain names: https://xmrig.com koala.com randomx.xmrig.com www.koala.com xmrig.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses constants related to Blowfish` `Uses constants related to base58` `Uses known Diffie-Helman primes` `Uses known Mersenne Twister constants` `Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found: _RANDOMX` `Unusual section name found: _TEXT_CN` `Unusual section name found: _TEXT_CN`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryW LoadLibraryExW LoadLibraryExA` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Uses Microsoft's cryptographic API: CryptEnumProvidersW CryptSignHashW CryptDestroyHash CryptCreateHash CryptDecrypt CryptExportKey CryptGetUserKey CryptGetProvParam CryptSetHashParam CryptDestroyKey CryptReleaseContext CryptAcquireContextW` `Can create temporary files: CreateFileW CreateFileA GetTempPathW` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc` `Leverages the raw socket API to access the Internet: WSASetLastError send recv ntohs htons htonl inet_addr inet_ntoa gethostbyaddr WSAGetLastError WSAIoctl gethostbyname WSARecvFrom WSASocketW WSASend WSARecv gethostname WSADuplicateSocketW getpeername FreeAddrInfoW GetAddrInfoW shutdown socket setsockopt listen connect closesocket bind WSACleanup WSAStartup select getsockopt getsockname ioctlsocket getservbyname getservbyport` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Interacts with services: CreateServiceW QueryServiceStatus OpenSCManagerW QueryServiceConfigA DeleteService ControlService OpenServiceW` `Enumerates local disk drives: GetDriveTypeW` `Interacts with the certificate store: CertOpenStore`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`b5d6cd81bd6abada25f5a64d399deafc`
SHA1	`6f71458df5dca62626b479abd666569e846a0539`
SHA256	`a355f754b2a6ea51f59c58554053eb089e84e9942fecc525b320a0e9789ca2d9`
SHA3	`c158c61e68307df12182ce3accd07d941de704203fbbb1005e4cd5964ab125f2`
SSDeep	`98304:/OLOkwuLAKqzrRZWQSn8d+L8BRqH4u/ukBC62oX1DmHzvuUOSZ6ABkKAxHdwpg:/awJK8oX1D+zlZ6ACKwCpg`
Imports Hash	`8a0d1b9b9d9e05fac54ce8d93601b26c`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x120`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`10`
TimeDateStamp	2024-Apr-28 04:16:09
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x41f800`
SizeOfInitializedData	`0x49a800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000003E676C (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x8c0000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`91a60a8506907830c81ac633c24b53d1`
SHA1	`1f8f9bf3194c6066062db1c4e05fb9a7e51ce03c`
SHA256	`fbf76669cc881d00a4c6bcebc7d6386d4da04fa1c46377dc68fdf9a1ebf74534`
SHA3	`dbaedef9ba168d1961466fe7769ed534bee1cfddef1267229f0b3cb012e83e2e`
VirtualSize	`0x41f6c4`
VirtualAddress	`0x1000`
SizeOfRawData	`0x41f800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.52421`

.rdata

MD5	`d25b109a6f61fdeb2ca91ef5f50fa279`
SHA1	`7650a31f0d52ae40a64879384cedcb2c860d7601`
SHA256	`a293c4765ce39d80958cc032bc365bc38f9d14269a3192e04153950a9b77976b`
SHA3	`adeaf312767033a17494b2288cdcf44427e8edb528b8d42c9d782f4771ab2b6b`
VirtualSize	`0x1a1d76`
VirtualAddress	`0x421000`
SizeOfRawData	`0x1a1e00`
PointerToRawData	`0x41fc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.16153`

.data

MD5	`34c7e0ae1053de155153b49ebdf0a20b`
SHA1	`7458783f47320b144b11f701f02bd7866fcaf359`
SHA256	`957d35da8515302032f50e39f2bf1c9456b4db38db534c770ffd41bf834f5dcf`
SHA3	`214f48019e9985785c65aaccb8ad5032591147cbe6e3aac39c3d35c8ccccc998`
VirtualSize	`0x2af474`
VirtualAddress	`0x5c3000`
SizeOfRawData	`0x10200`
PointerToRawData	`0x5c1a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.01753`

.pdata

MD5	`49a1e9ad928720202044a8a8c3546393`
SHA1	`0a4c93fb01042119154e375637017a82e3d441d0`
SHA256	`e0f24f2116f92f84f2fd7885cd0454ed3213a3e7ab27e185573de7367381e9a1`
SHA3	`a7276e190177fd00c6feed37cf75dbe4b9e39317d67ed2aa993424af283a1f84`
VirtualSize	`0x2a720`
VirtualAddress	`0x873000`
SizeOfRawData	`0x2a800`
PointerToRawData	`0x5d1c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.32335`

_RANDOMX

MD5	`9ee63642b94966ecb630ee0843e46b26`
SHA1	`11bd5b6446d56158259a24b938f7c4959bd56e21`
SHA256	`a0e8dcaf970131535f4e5292a291692b43dc1fe5112d3fa7540a851de29664ea`
SHA3	`3340b30c98f35504dbecd4eff4680013fe534c1f1e5df6ea50f6fe41274e85ff`
VirtualSize	`0xc56`
VirtualAddress	`0x89e000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x5fc400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.68241`

_TEXT_CN

MD5	`afea7882aa31e5987db2f12b8933de56`
SHA1	`91d62ae67c7e250650c5d785cffb0a794da2f085`
SHA256	`22da176111a6792ee42e810c4381316e710e95c28567224e7c5b5d4d703400fe`
SHA3	`45f964cd6a8a2b7d2570bc7d428bc928e75fa4ee11032f599a5f7f02435d9ed3`
VirtualSize	`0x26d1`
VirtualAddress	`0x89f000`
SizeOfRawData	`0x2800`
PointerToRawData	`0x5fd200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.07727`

_TEXT_CN (#2)

MD5	`409bf3f918f2402291cb56c2e9354b47`
SHA1	`4992a8b9c3e33a7f8659bd20066f907134f7c337`
SHA256	`97edf367117028c754aed0c10748bfa55d73a87af588af16d5b24610e1652b08`
SHA3	`a8379e211aa90421ff01b9567092fde1be282d339ea986b42067baed4539be96`
VirtualSize	`0x1184`
VirtualAddress	`0x8a2000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x5ffa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.04792`

_RDATA

MD5	`4dce2764241f31b65d68cca6b6f4aafa`
SHA1	`0482094bc5240aabc4311a1e066644ae26e29cc9`
SHA256	`9aaf1bf2edbe5c09f527c69b9eff87e4d29700651bfa26953eb49115a8654ad8`
SHA3	`dfeff41d4a0c590cd3f3a2a1ab2a1a91a63076cf2a663cb9cbfe63caba6db7a7`
VirtualSize	`0x1f4`
VirtualAddress	`0x8a4000`
SizeOfRawData	`0x200`
PointerToRawData	`0x600c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.20901`

.rsrc

MD5	`56c69b07d1779cccda75d96261a0db37`
SHA1	`5c28d9659f22c9301d501dbe3e5a477e35d45295`
SHA256	`3130897388556be28f8cf4b95fee66096cffb1463d8303834a5bda19f28908d5`
SHA3	`74a22f547abd856db34b8cffffa0f0f8b500ded27cbd854fe0b038855a31b995`
VirtualSize	`0xead0`
VirtualAddress	`0x8a5000`
SizeOfRawData	`0xec00`
PointerToRawData	`0x600e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.31062`

.reloc

MD5	`2ee026055e810c6f490f835606cec427`
SHA1	`0710d5d7c799373d357fb18186e1dd8c9b023a82`
SHA256	`79df842a5e7ee9ca872cc26510ca2783e5f8bb50947475413e27e1691db742a3`
SHA3	`7cfbbea21ef46e430a818f7ab1b46e8f22d02720159bb882d845a28f8c127357`
VirtualSize	`0xb54c`
VirtualAddress	`0x8b4000`
SizeOfRawData	`0xb600`
PointerToRawData	`0x60fa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.45487`

Imports

WS2_32.dll	`WSASetLastError` `send` `recv` `ntohs` `htons` `htonl` `inet_addr` `inet_ntoa` `gethostbyaddr` `WSAGetLastError` `WSAIoctl` `gethostbyname` `WSARecvFrom` `WSASocketW` `WSASend` `WSARecv` `gethostname` `WSADuplicateSocketW` `getpeername` `FreeAddrInfoW` `GetAddrInfoW` `shutdown` `socket` `setsockopt` `listen` `connect` `closesocket` `bind` `WSACleanup` `WSAStartup` `select` `getsockopt` `getsockname` `ioctlsocket` `getservbyname` `getservbyport`
IPHLPAPI.DLL	`GetAdaptersAddresses`
USERENV.dll	`GetUserProfileDirectoryW`
CRYPT32.dll	`CertFreeCertificateContext` `CertFindCertificateInStore` `CertEnumCertificatesInStore` `CertCloseStore` `CertOpenStore` `CertGetCertificateContextProperty` `CertDuplicateCertificateContext`
KERNEL32.dll	`RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `WriteConsoleW` `SetConsoleTitleA` `GetStdHandle` `SetConsoleMode` `GetConsoleMode` `QueryPerformanceFrequency` `QueryPerformanceCounter` `SizeofResource` `LockResource` `LoadResource` `FindResourceW` `ExpandEnvironmentStringsA` `GetConsoleWindow` `GetSystemFirmwareTable` `HeapFree` `HeapAlloc` `GetProcessHeap` `MultiByteToWideChar` `SetPriorityClass` `GetCurrentProcess` `SetThreadPriority` `GetSystemPowerStatus` `GetCurrentThread` `GetProcAddress` `GetModuleHandleW` `GetTickCount` `CloseHandle` `FreeConsole` `VirtualProtect` `VirtualFree` `VirtualAlloc` `GetLargePageMinimum` `LocalAlloc` `GetLastError` `LocalFree` `FlushInstructionCache` `GetCurrentThreadId` `AddVectoredExceptionHandler` `DeviceIoControl` `GetModuleFileNameW` `CreateFileW` `SetLastError` `GetSystemTime` `SystemTimeToFileTime` `GetModuleHandleExW` `Sleep` `InitializeSRWLock` `ReleaseSRWLockExclusive` `ReleaseSRWLockShared` `AcquireSRWLockExclusive` `AcquireSRWLockShared` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `GetSystemInfo` `SwitchToFiber` `DeleteFiber` `CreateFiberEx` `FindClose` `FindFirstFileW` `FindNextFileW` `WideCharToMultiByte` `GetSystemDirectoryA` `FreeLibrary` `LoadLibraryA` `FormatMessageA` `GetFileType` `WriteFile` `GetEnvironmentVariableW` `GetACP` `ConvertFiberToThread` `ConvertThreadToFiberEx` `GetCurrentProcessId` `GetSystemTimeAsFileTime` `LoadLibraryW` `ReadConsoleA` `ReadConsoleW` `PostQueuedCompletionStatus` `CreateFileA` `DuplicateHandle` `SetEvent` `ResetEvent` `WaitForSingleObject` `CreateEventA` `QueueUserWorkItem` `RegisterWaitForSingleObject` `UnregisterWait` `GetNumberOfConsoleInputEvents` `ReadConsoleInputW` `FillConsoleOutputCharacterW` `FillConsoleOutputAttribute` `GetConsoleCursorInfo` `SetConsoleCursorInfo` `GetConsoleScreenBufferInfo` `SetConsoleCursorPosition` `SetConsoleTextAttribute` `WriteConsoleInputW` `CreateDirectoryW` `FlushFileBuffers` `GetDiskFreeSpaceW` `GetFileAttributesW` `GetFileInformationByHandle` `SetUnhandledExceptionFilter` `IsProcessorFeaturePresent` `GetFullPathNameW` `ReadFile` `RemoveDirectoryW` `SetFilePointerEx` `SetFileTime` `MapViewOfFile` `FlushViewOfFile` `UnmapViewOfFile` `CreateFileMappingA` `ReOpenFile` `CopyFileW` `MoveFileExW` `CreateHardLinkW` `GetFileInformationByHandleEx` `CreateSymbolicLinkW` `TryAcquireSRWLockExclusive` `InitializeCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeConditionVariable` `WakeConditionVariable` `WakeAllConditionVariable` `SleepConditionVariableCS` `ReleaseSemaphore` `ResumeThread` `GetNativeSystemInfo` `GetProcessAffinityMask` `SetThreadAffinityMask` `CreateSemaphoreA` `SetConsoleCtrlHandler` `RtlUnwind` `GetLongPathNameW` `GetShortPathNameW` `CreateIoCompletionPort` `ReadDirectoryChangesW` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetEnvironmentVariableW` `SetCurrentDirectoryW` `GetTempPathW` `GlobalMemoryStatusEx` `FileTimeToSystemTime` `K32GetProcessMemoryInfo` `SetHandleInformation` `CancelIoEx` `CancelIo` `SwitchToThread` `SetFileCompletionNotificationModes` `LoadLibraryExW` `SetErrorMode` `GetQueuedCompletionStatus` `ConnectNamedPipe` `SetNamedPipeHandleState` `PeekNamedPipe` `CreateNamedPipeW` `CancelSynchronousIo` `GetNamedPipeHandleStateA` `GetNamedPipeClientProcessId` `GetNamedPipeServerProcessId` `TerminateProcess` `GetExitCodeProcess` `UnregisterWaitEx` `LCMapStringW` `DebugBreak` `GetModuleHandleA` `LoadLibraryExA` `GetStartupInfoW` `GetModuleFileNameA` `GetVersionExA` `SetProcessAffinityMask` `GetComputerNameA` `RtlCaptureContext` `GetStringTypeW` `GetCPInfo` `CompareStringEx` `LCMapStringEx` `DecodePointer` `EncodePointer` `IsDebuggerPresent` `GetFinalPathNameByHandleW` `InitializeSListHead` `RtlUnwindEx` `RtlPcToFileHeader` `RaiseException` `InitializeCriticalSectionAndSpinCount` `SetStdHandle` `GetCommandLineA` `GetCommandLineW` `CreateThread` `ExitThread` `FreeLibraryAndExitThread` `GetDriveTypeW` `SystemTimeToTzSpecificLocalTime` `ExitProcess` `GetFileAttributesExW` `SetFileAttributesW` `GetConsoleOutputCP` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `CompareStringW` `GetLocaleInfoW` `IsValidLocale` `GetUserDefaultLCID` `EnumSystemLocalesW` `HeapReAlloc` `GetTimeZoneInformation` `HeapSize` `SetEndOfFile` `FindFirstFileExW` `IsValidCodePage` `GetOEMCP` `GetFileSizeEx` `GetCurrentDirectoryW` `InitializeCriticalSectionEx` `SleepConditionVariableSRW` `WaitForSingleObjectEx` `GetExitCodeThread`
USER32.dll	`GetLastInputInfo` `MessageBoxW` `GetProcessWindowStation` `TranslateMessage` `GetUserObjectInformationW` `ShowWindow` `DispatchMessageA` `GetSystemMetrics` `MapVirtualKeyW` `GetMessageA`
SHELL32.dll	`SHGetSpecialFolderPathA`
ole32.dll	`CoInitializeEx` `CoUninitialize` `CoCreateInstance`
ADVAPI32.dll	`SystemFunction036` `GetUserNameW` `ReportEventW` `RegisterEventSourceW` `DeregisterEventSource` `CryptEnumProvidersW` `CryptSignHashW` `CryptDestroyHash` `CryptCreateHash` `CryptDecrypt` `CryptExportKey` `CryptGetUserKey` `CryptGetProvParam` `CryptSetHashParam` `CryptDestroyKey` `CryptReleaseContext` `CryptAcquireContextW` `CreateServiceW` `QueryServiceStatus` `CloseServiceHandle` `OpenSCManagerW` `QueryServiceConfigA` `DeleteService` `ControlService` `StartServiceW` `OpenServiceW` `LookupPrivilegeValueW` `AdjustTokenPrivileges` `OpenProcessToken` `LsaOpenPolicy` `LsaAddAccountRights` `LsaClose` `GetTokenInformation`
bcrypt.dll	`BCryptGenRandom`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xaa0b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.77369`
Detected Filetype	PNG graphic file
MD5	`1455b312f622f0cf7e1f088cbd2d5f11`
SHA1	`2903f35b7ee02f7bb8828bb5d9db9651510f97cb`
SHA256	`d6b42c7b15c5a2113ebf6d6c123e834fdb9bd0ae90317935c24f64fd962b6897`
SHA3	`abc4e74bb996bccfec4e6631f2aabdb2b12632f788e9ff7f7adb29319a391f9c`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.78978`
MD5	`32fd63f2b2c4b339012a6d6146a59282`
SHA1	`18303678cce95df2e9a7ca882a381377bed1f0f1`
SHA256	`393a6a8a561dafa04e8e26e1284c7b3825c605f5af29d63d58fbef517e1bc592`
SHA3	`f96a93f5228b7183bb17a2d3584a806a510c4c010926cea0e2884474b7f726e8`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.6163`
MD5	`a63c6442c2ae762caad7fe587a487beb`
SHA1	`e59ada662682e9fca9ceca3dde4449df28546564`
SHA256	`4eeef38bad138c951815141c554b81d2993f344872d558f4c636cb57c549764d`
SHA3	`b1e7eb27f5b8649c1f5ab09093adf177435335bbf94a889e898296e353607cd7`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.68401`
MD5	`ba19677cc797efe004a30eefcceb723d`
SHA1	`d5c36ffb1aae054d5c9978d3dd3e6f19996843e4`
SHA256	`2a86089cd22773eee01b5765e808d3b97d656b4f7dabfa26830045c63818dc9e`
SHA3	`ceb3ec290bf6aa5e2e4490626af33a8ebfa85b05267ce57dc2e83a3c2615093a`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.44608`
Detected Filetype	Icon file
MD5	`93177e12cde9f7749717fa184407367c`
SHA1	`d3f78bdc5107b376e4e7c49b9aa803aa3b61405a`
SHA256	`4346348e65158c956fc7c9fcffb249c91efb761848980b04b33df15f14f3f8ef`
SHA3	`73bcae3113498139bd13574319f03e6e11f3a93375a8f9c4369854824a37a81f`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x288`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.37322`
MD5	`801d7a962e61f7cbc83c9476fce79126`
SHA1	`d7d9e478cee17f58894d1c76534ed8c3cb684e75`
SHA256	`557bce64df478a427690461f55470d72cce2e23b439041f5e3c32e4c9ec0a7ae`
SHA3	`3112a4dc2a99fb2da6ab8529952bc2964a12fdf95e492a9f57f7c04a339140fb`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	6.31.4.0
ProductVersion	6.31.4.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	www.koala.com
FileDescription	Koala app
FileVersion (#2)	6.31.4
LegalCopyright	Copyright (C) 2011-2024 Koalancha
OriginalFilename	koala.exe
ProductName	Koala
ProductVersion (#2)	6.31.4

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2024-Apr-28 04:16:09
Version	`0.0`
SizeofData	`1216`
AddressOfRawData	`0x58ff28`
PointerToRawData	`0x58eb28`

TLS Callbacks

StartAddressOfRawData	`0x140590430`
EndAddressOfRawData	`0x140590458`
AddressOfIndex	`0x14085f304`
AddressOfCallbacks	`0x140421df8`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`0x00000001403E6494`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1405c9140`

RICH Header

XOR Key	`0xd6a46f06`
Unmarked objects	`0`
ASM objects (30795)	`7`
C++ objects (30795)	`204`
Unmarked objects (#2)	`1`
C objects (33218)	`19`
ASM objects (33218)	`18`
C++ objects (33218)	`98`
C objects (30795)	`22`
C objects (33523)	`18`
Total imports	`386`
Imports (30795)	`23`
C objects (30154)	`800`
C++ objects (LTCG) (33523)	`264`
ASM objects (33523)	`3`
Resource objects (33523)	`1`
151	`1`
Linker (33523)	`1`

b5d6cd81bd6abada25f5a64d399deafc

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

_RANDOMX

_TEXT_CN

_TEXT_CN (#2)

_RDATA

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

101

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors