{ "2a9bd1798d3841c7592d995c87fd1fb92397cdb700f076c51b9e9e722f9eb82c": { "DOS Header": { "e_magic": "MZ", "e_cblp": 120, "e_cp": 1, "e_crlc": 0, "e_cparhdr": 4, "e_minalloc": 0, "e_maxalloc": 0, "e_ss": 0, "e_sp": 0, "e_csum": 0, "e_ip": 0, "e_cs": 0, "e_ovno": 0, "e_oemid": 0, "e_oeminfo": 0, "e_lfanew": 120 }, "Debug Info": { "IMAGE_DEBUG_TYPE_CODEVIEW": { "Characteristics": 0, "TimeDateStamp": "1990-Aug-31 14:44:07", "Version": "0.0", "SizeofData": 25, "AddressOfRawData": 1568824, "PointerToRawData": 1560632 }, "UNKNOWN": { "Characteristics": 0, "TimeDateStamp": "1990-Aug-31 14:44:07", "Version": "0.0", "SizeofData": 0, "AddressOfRawData": 0, "PointerToRawData": 0 } }, "Hashes": { "MD5": "a7944d392f439c722c55e2f09410d494", "SHA1": "c83f2a27564ac35440d10e51f5264ebc645d526e", "SHA256": "2a9bd1798d3841c7592d995c87fd1fb92397cdb700f076c51b9e9e722f9eb82c", "SHA3": "2fd8d368f05f6c7fb681204470b7a48db131e3c5003244d4abc544ff04c1f765", "SSDeep": "24576:w8jQPE/YsdIFnS72VazmcoMjGpgCR7+ppja6XQ1+kWrSs5ekxYDiHZVyrPVBC2qT:uE/OFnS7tbCues5OK/oVO", "Imports Hash": "69d30a6ce520a337e0286a5112ece6e5" }, "Image Optional Header": { "Magic": "PE32", "LinkerVersion": "14.0", "SizeOfCode": 1348096, "SizeOfInitializedData": 284672, "SizeOfUninitializedData": 0, "AddressOfEntryPoint": "0x00001480 (Section: .text)", "BaseOfCode": 4096, "BaseOfData": 0, "ImageBase": 4194304, "SectionAlignment": 4096, "FileAlignment": 512, "OperatingSystemVersion": "6.0", "ImageVersion": "0.0", "SubsystemVersion": "6.0", "Win32VersionValue": 0, "SizeOfImage": 1662976, "SizeOfHeaders": 1024, "Checksum": 1695017, "Subsystem": "IMAGE_SUBSYSTEM_WINDOWS_CUI", "DllCharacteristics": [ "IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE", "IMAGE_DLLCHARACTERISTICS_NX_COMPAT", "IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE" ], "SizeofStackReserve": 1048576, "SizeofStackCommit": 4096, "SizeofHeapReserve": 1048576, "SizeofHeapCommit": 4096, "LoaderFlags": 0, "NumberOfRvaAndSizes": 16 }, "Imports": { "KERNEL32.dll": [ "AcquireSRWLockExclusive", "AddVectoredExceptionHandler", "CloseHandle", "CreateEventA", "CreateFileMappingA", "CreateFileMappingW", "CreateMutexA", "CreateSemaphoreA", "CreateThread", "DeleteCriticalSection", "DuplicateHandle", "EnterCriticalSection", "FindFirstVolumeW", "FindNextVolumeW", "FindVolumeClose", "FlsAlloc", "FlsGetValue", "FlsSetValue", "GetCurrentProcess", "GetCurrentProcessId", "GetCurrentThread", "GetCurrentThreadId", "GetDiskFreeSpaceExW", "GetFileAttributesA", "GetFileInformationByHandle", "GetFileSizeEx", "GetFileType", "GetHandleInformation", "GetLastError", "GetModuleFileNameA", "GetProcessAffinityMask", "GetStartupInfoA", "GetSystemInfo", "GetSystemTimeAsFileTime", "GetTempPathW", "GetThreadContext", "GetThreadId", "GetThreadPriority", "GetTickCount", "GetTimeZoneInformation", "GetVolumeInformationW", "InitOnceExecuteOnce", "InitializeCriticalSection", "IsDBCSLeadByteEx", "IsDebuggerPresent", "LeaveCriticalSection", "MapViewOfFile", "MultiByteToWideChar", "OutputDebugStringA", "QueryPerformanceCounter", "QueryPerformanceFrequency", "RaiseException", "ReadFile", "ReleaseMutex", "ReleaseSRWLockExclusive", "ReleaseSemaphore", "RemoveVectoredExceptionHandler", "ResetEvent", "ResumeThread", "SetEndOfFile", "SetEvent", "SetFilePointer", "SetLastError", "SetProcessAffinityMask", "SetThreadContext", "SetThreadPriority", "SetUnhandledExceptionFilter", "SignalObjectAndWait", "Sleep", "SleepConditionVariableSRW", "SuspendThread", "SwitchToThread", "TerminateProcess", "TlsAlloc", "TlsGetValue", "TlsSetValue", "TryAcquireSRWLockExclusive", "TryEnterCriticalSection", "UnhandledExceptionFilter", "UnmapViewOfFile", "VirtualProtect", "VirtualQuery", "WaitForMultipleObjects", "WaitForSingleObject", "WaitForSingleObjectEx", "WakeAllConditionVariable", "WakeConditionVariable", "WideCharToMultiByte", "WriteFile" ], "api-ms-win-crt-convert-l1-1-0.dll": [ "_strtod_l", "_strtoi64_l", "_strtoui64_l", "_ultoa", "atof", "atoi", "mbstowcs", "strtol", "strtoul", "wcrtomb_s", "wcstol", "wcstombs", "wcstoul" ], "api-ms-win-crt-environment-l1-1-0.dll": [ "__p__environ", "__p__wenviron", "getenv" ], "api-ms-win-crt-filesystem-l1-1-0.dll": [ "_findclose", "_findfirst32", "_findnext32", "_fstat32i64", "_fullpath", "_lock_file", "_mkdir", "_stat32", "_stat32i64", "_unlock_file", "_wmkdir", "_wunlink", "remove", "_unlink", "_rmdir", "_access" ], "api-ms-win-crt-heap-l1-1-0.dll": [ "_aligned_free", "_aligned_malloc", "calloc", "free", "malloc", "realloc" ], "api-ms-win-crt-math-l1-1-0.dll": [ "__setusermatherr", "frexp", "_fdopen" ], "api-ms-win-crt-stdio-l1-1-0.dll": [ "__acrt_iob_func", "__p__fmode", "__stdio_common_vfprintf", "__stdio_common_vfwprintf", "__stdio_common_vsprintf", "__stdio_common_vsscanf", "_get_osfhandle", "_lseeki64", "_telli64", "_wfopen", "_wmktemp_s", "_wopen", "fclose", "feof", "ferror", "fflush", "fgets", "fgetwc", "fopen", "fputc", "fputs", "fputwc", "fread", "fseek", "ftell", "fwrite", "getc", "rewind", "ungetc", "_write", "_read", "_open", "_fileno", "_dup", "_close" ], "api-ms-win-crt-locale-l1-1-0.dll": [ "___lc_codepage_func", "___mb_cur_max_func", "__pctype_func", "_configthreadlocale", "_create_locale", "_free_locale", "localeconv", "setlocale", "__initialize_lconv_for_unsigned_char" ], "api-ms-win-crt-string-l1-1-0.dll": [ "_isctype_l", "_iswalpha_l", "_iswcntrl_l", "_iswdigit_l", "_iswlower_l", "_iswprint_l", "_iswpunct_l", "_iswspace_l", "_iswupper_l", "_iswxdigit_l", "_strcoll_l", "_strnicmp", "_strxfrm_l", "_tolower_l", "_toupper_l", "_towlower_l", "_towupper_l", "_wcscoll_l", "_wcsxfrm_l", "isalpha", "islower", "isspace", "isupper", "iswctype", "isxdigit", "memset", "strcmp", "strcpy", "strcpy_s", "strlen", "strncmp", "strncpy", "strtok", "tolower", "toupper", "wcslen", "_stricmp", "_strdup" ], "api-ms-win-crt-private-l1-1-0.dll": [ "_setjmp3", "longjmp", "memchr", "memcmp", "memcpy", "memmove", "strchr", "strrchr", "strstr" ], "api-ms-win-crt-time-l1-1-0.dll": [ "__daylight", "__timezone", "__tzname", "_gmtime32", "_localtime32", "_localtime32_s", "_mktime32", "_strftime_l", "_time32", "_tzset", "strftime" ], "api-ms-win-crt-utility-l1-1-0.dll": [ "rand_s" ], "api-ms-win-crt-runtime-l1-1-0.dll": [ "_set_app_type", "__p___argc", "__p___argv", "__p___wargv", "__p__acmdln", "__sys_nerr", "_beginthreadex", "_cexit", "_configure_narrow_argv", "_configure_wide_argv", "_crt_atexit", "_endthreadex", "_errno", "_initialize_narrow_environment", "_initialize_wide_environment", "_initterm", "_set_invalid_parameter_handler", "abort", "exit", "signal", "strerror", "strerror_s", "_getpid" ], "api-ms-win-crt-multibyte-l1-1-0.dll": [ "_mbtowc_l" ] }, "PE Header": { "Signature": "PE", "Machine": "IMAGE_FILE_MACHINE_I386", "NumberofSections": 7, "TimeDateStamp": "1990-Aug-31 14:44:07", "PointerToSymbolTable": 0, "NumberOfSymbols": 0, "SizeOfOptionalHeader": 224, "Characteristics": [ "IMAGE_FILE_32BIT_MACHINE", "IMAGE_FILE_EXECUTABLE_IMAGE", "IMAGE_FILE_LARGE_ADDRESS_AWARE" ] }, "Plugins": { "strings": { "level": 1, "plugin_output": { "Contains domain names": [ "android.com", "http://schemas.android.com", "http://schemas.android.com/aapt", "http://schemas.android.com/apk/prv/res/", "http://schemas.android.com/apk/res-auto", "http://schemas.android.com/apk/res/", "http://schemas.android.com/apk/res/android", "http://schemas.android.com/tools", "http://www.w3.org", "http://www.w3.org/2000/xmlns/", "http://www.w3.org/XML/1998/namespace", "schemas.android.com", "www.w3.org" ] }, "summary": "Interesting strings found in the binary:" }, "findcrypt": { "level": 1, "plugin_output": { "info_0": "Uses constants related to CRC32" }, "summary": "Cryptographic algorithms detected in the binary:" }, "packer": { "level": 2, "plugin_output": { "info_0": "Unusual section name found: .buildid", "info_1": "Unusual section name found: .gcc_exc" }, "summary": "The PE is possibly packed." }, "imports": { "level": 2, "plugin_output": { "Functions which can be used for anti-debugging purposes": [ "SwitchToThread" ], "Enumerates local disk drives": [ "GetVolumeInformationW" ] }, "summary": "The PE contains functions most legitimate programs don't use." }, "authenticode": { "level": 1, "plugin_output": { "info_0": "Signer: Google LLC", "info_1": "Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1" }, "summary": "The PE is digitally signed." }, "virustotal": { "level": 0, "plugin_output": { "info_0": "All the AVs think this file is safe." }, "summary": "VirusTotal score: 0/75 (Scanned on 2024-08-07 17:30:59)" } }, "Sections": { ".text": { "MD5": "1bd9a2f72b723ef5f27184d1f1bcb2ed", "SHA1": "cbabdc73f880f0480ebd4a7228f4f429bbd66290", "SHA256": "45adba5017e657006062e8d11960fc4f0cbe1ea0dd4b02bfcc052a83241ff303", "SHA3": "0cf37e60bf1569a4d65fc10f7b79bd2189ced65815374d8a274426c3d1d877fa", "VirtualSize": 1348076, "VirtualAddress": 4096, "SizeOfRawData": 1348096, "PointerToRawData": 1024, "PointerToRelocations": 0, "PointerToLineNumbers": 0, "NumberOfLineNumbers": 0, "NumberOfRelocations": 0, "Characteristics": [ "IMAGE_SCN_CNT_CODE", "IMAGE_SCN_MEM_EXECUTE", "IMAGE_SCN_MEM_READ" ], "Entropy": 6.51746 }, ".rdata": { "MD5": "1cea271dc527be24a05ebb1fae9892ca", "SHA1": "a8062861243803a2334d6ee134c1894aa43db3ca", "SHA256": "863218e5b40bcc90ecd4ddc950b707afb5eafd6e7d8707646c33f1e9ebbc0d4b", "SHA3": "6ab96a3805d98275bf9d948555f5f116fc63fa567bf7090d054ef9bea70884c5", "VirtualSize": 211072, "VirtualAddress": 1355776, "SizeOfRawData": 211456, "PointerToRawData": 1349120, "PointerToRelocations": 0, "PointerToLineNumbers": 0, "NumberOfLineNumbers": 0, "NumberOfRelocations": 0, "Characteristics": [ "IMAGE_SCN_CNT_INITIALIZED_DATA", "IMAGE_SCN_MEM_READ" ], "Entropy": 6.14861 }, ".buildid": { "MD5": "cb7d4bd1812fc3cf884002ddea9f69b6", "SHA1": "b228fe1154e99fc009ce8fdecc2b7583670c3f33", "SHA256": "060a1328a776c4b6974f8e9d10df21bad52439e682c1fede15c55b9313c1579b", "SHA3": "8846e1b60891cd3def23b38fd8fc5cf4e202ba053a7979b99914cd6e1d71aee4", "VirtualSize": 81, "VirtualAddress": 1568768, "SizeOfRawData": 512, "PointerToRawData": 1560576, "PointerToRelocations": 0, "PointerToLineNumbers": 0, "NumberOfLineNumbers": 0, "NumberOfRelocations": 0, "Characteristics": [ "IMAGE_SCN_CNT_INITIALIZED_DATA", "IMAGE_SCN_MEM_READ" ], "Entropy": 0.708909 }, ".data": { "MD5": "bf0ff2d4a189fa427e4f5d0c97eaf824", "SHA1": "97e495308d37b3a4a00b526b095763fd5d47ad51", "SHA256": "6a95ce58ac286348684af1142431c4289e95bc325ba59dc4992040952a51bef4", "SHA3": "2de9de3f533604e45d626dc20d33de5e4b060aeef0cb685b58bb00461cc7045e", "VirtualSize": 12260, "VirtualAddress": 1572864, "SizeOfRawData": 3584, "PointerToRawData": 1561088, "PointerToRelocations": 0, "PointerToLineNumbers": 0, "NumberOfLineNumbers": 0, "NumberOfRelocations": 0, "Characteristics": [ "IMAGE_SCN_CNT_INITIALIZED_DATA", "IMAGE_SCN_MEM_READ", "IMAGE_SCN_MEM_WRITE" ], "Entropy": 3.10841 }, ".gcc_exc": { "MD5": "d217d07317b032e69d099a6e7db17d83", "SHA1": "2fd1a23cd9e10d10e851f00da902988ae31dc02f", "SHA256": "ca8e7993121a98f137b042eb8c46e97b65338545d8f1bf5f62c25760c237b2fc", "SHA3": "b8623089c2ca4f7b85803da0ce0b9c2ddb0d3001ae5fcdfa5ec409b34e1daf2b", "VirtualSize": 8836, "VirtualAddress": 1585152, "SizeOfRawData": 9216, "PointerToRawData": 1564672, "PointerToRelocations": 0, "PointerToLineNumbers": 0, "NumberOfLineNumbers": 0, "NumberOfRelocations": 0, "Characteristics": [ "IMAGE_SCN_CNT_INITIALIZED_DATA", "IMAGE_SCN_MEM_READ" ], "Entropy": 2.89934 }, ".tls": { "MD5": "bf619eac0cdf3f68d496ea9344137e8b", "SHA1": "5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5", "SHA256": "076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560", "SHA3": "622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59", "VirtualSize": 8, "VirtualAddress": 1597440, "SizeOfRawData": 512, "PointerToRawData": 1573888, "PointerToRelocations": 0, "PointerToLineNumbers": 0, "NumberOfLineNumbers": 0, "NumberOfRelocations": 0, "Characteristics": [ "IMAGE_SCN_CNT_INITIALIZED_DATA", "IMAGE_SCN_MEM_READ", "IMAGE_SCN_MEM_WRITE" ], "Entropy": 0 }, ".reloc": { "MD5": "2733b6fedc25ecd9f2bacab3748ed45b", "SHA1": "fa2c36592b8127480a58c83fc82bc3ffe2d9c6ab", "SHA256": "a36ec6583b5c7e623c56470546e44856747809046708446375ca427a075daa54", "SHA3": "e1774846deb26d3ebcdb2dfefd055e8322511f10dde0845c7639f6c2abc1bc6f", "VirtualSize": 58940, "VirtualAddress": 1601536, "SizeOfRawData": 59392, "PointerToRawData": 1574400, "PointerToRelocations": 0, "PointerToLineNumbers": 0, "NumberOfLineNumbers": 0, "NumberOfRelocations": 0, "Characteristics": [ "IMAGE_SCN_CNT_INITIALIZED_DATA", "IMAGE_SCN_MEM_DISCARDABLE", "IMAGE_SCN_MEM_READ" ], "Entropy": 6.59061 } }, "Summary": { "Architecture": "IMAGE_FILE_MACHINE_I386", "Subsystem": "IMAGE_SUBSYSTEM_WINDOWS_CUI", "Compilation Date": "1990-Aug-31 14:44:07", "TLS Callbacks": "3 callback(s) detected." }, "TLS Callbacks": { "StartAddressOfRawData": 5791744, "EndAddressOfRawData": 5791748, "AddressOfIndex": 5771568, "AddressOfCallbacks": 5753096, "SizeOfZeroFill": 0, "Characteristics": "IMAGE_SCN_ALIGN_4BYTES", "Callbacks": [ "0x0041FB60", "0x0041FB10", "0x004FB911" ] } } }