Manalyze report for 0a9b140bfbf14d4be59d16d7dcb685f0

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2020-Sep-16 22:34:54
TLS Callbacks	2 callback(s) detected.
Debug artifacts	Embedded COFF debugging symbols

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata` `Unusual section name found: /4` `Unusual section name found: /19` `Unusual section name found: /31` `Unusual section name found: /45` `Unusual section name found: /57` `Unusual section name found: /70` `Unusual section name found: /81` `Unusual section name found: /92`
Suspicious	The PE contains functions most legitimate programs don't use.	`Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Leverages the raw socket API to access the Internet: WSACleanup WSAStartup closesocket connect gethostbyname htons recv socket`
Suspicious	The file contains overlay data.	`36126 bytes of data starting at offset 0x45c00.`
Malicious	VirusTotal score: 45/71 (Scanned on 2023-05-25 19:09:30)	`Elastic: malicious (high confidence)` `MicroWorld-eScan: Gen:Variant.Ursu.781880` `FireEye: Generic.mg.0a9b140bfbf14d4b` `ALYac: Gen:Variant.Ursu.781880` `Cylance: unsafe` `Zillya: Trojan.Shelma.Win32.6481` `Sangfor: Trojan.Win32.Save.a` `K7AntiVirus: Trojan ( 0053911b1 )` `Alibaba: Trojan:Win32/Shelma.e4ba6d69` `K7GW: Trojan ( 0053911b1 )` `CrowdStrike: win/malicious_confidence_100% (D)` `Symantec: Hacktool` `ESET-NOD32: a variant of Win64/Rozena.HH` `Kaspersky: Trojan.Win32.Shelma.ayyq` `BitDefender: Gen:Variant.Ursu.781880` `Avast: Win64:Trojan-gen` `Tencent: Win32.Trojan.Shelma.Jflw` `Emsisoft: Gen:Variant.Ursu.781880 (B)` `VIPRE: Gen:Variant.Ursu.781880` `McAfee-GW-Edition: Artemis!Trojan` `Trapmine: suspicious.low.ml.score` `Sophos: Troj/Swrort-CI` `SentinelOne: Static AI - Suspicious PE` `GData: Gen:Variant.Ursu.781880` `Jiangmin: Trojan.Shelma.flr` `Google: Detected` `Antiy-AVL: Trojan/Win32.Shelma` `Xcitium: Malware@#2clfcpo1awo39` `Arcabit: Trojan.Ursu.DBEE38` `ZoneAlarm: Trojan.Win32.Shelma.ayyq` `Microsoft: Trojan:Win32/Wacatac.B!ml` `Cynet: Malicious (score: 100)` `AhnLab-V3: Malware/Gen.RL_Generic.R330144` `Acronis: suspicious` `McAfee: Artemis!0A9B140BFBF1` `MAX: malware (ai score=86)` `Malwarebytes: Malware.AI.2255565799` `TrendMicro-HouseCall: TROJ_GEN.R002C0OEP23` `Rising: Trojan.Rozena!8.6D (TFE:5:yNXWvgjvjN)` `Yandex: Trojan.GenAsa!OlCZmY5Kpvg` `MaxSecure: Trojan.Malware.300983.susgen` `Fortinet: W64/Rozena.Y!tr` `AVG: Win64:Trojan-gen` `Cybereason: malicious.bfbf14` `DeepInstinct: MALICIOUS`

Hashes

MD5	`0a9b140bfbf14d4be59d16d7dcb685f0`
SHA1	`e0c6ea9baea4bd4f3146b81f0553511c876ba7ce`
SHA256	`a7d113b8b88d2d61d39102096cd1d8276684af88257c6c7c3ad88ad0624e3aab`
SHA3	`6c3f61281ceb0c792f33b803ab406b6422ea0467a63cba759c7ebf0aeba1dec1`
SSDeep	`6144:9G6Tiv8liK4KCkp2Uuu2cPyY6FcWqx4ygiAh7O6KUTwDKT:TUMnsTNcanNwn2Ot8T`
Imports Hash	`5c590e0212f998fdae6ec5bd0b7749f3`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`17`
TimeDateStamp	2020-Sep-16 22:34:54
PointerToSymbolTable	`0x45c00`
NumberOfSymbols	`1638`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0x2200`
SizeOfInitializedData	`0x4400`
SizeOfUninitializedData	`0xa00`
AddressOfEntryPoint	`0x00000000000014F0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x50000`
SizeOfHeaders	`0x600`
Checksum	`0x58654`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`16674e7e949a22ce16c04b21560db781`
SHA1	`cbe2e31c7729f362d412fd08e6b12244804ca08e`
SHA256	`82feeb638f4d954f1aa1a22d91b85f87c19d3fefcb9ef25a88544c7bf99ba880`
SHA3	`50de032e117841044bbf60694d2d4c7e69c4fcf23aedd5b24bbde9631100e1ee`
VirtualSize	`0x2078`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2200`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.87642`

.data

MD5	`e7062aeddca004a579eedd0ffbe6fe87`
SHA1	`55d20a61dc1d408b94e15c14612bd1f0445f6103`
SHA256	`66c5eccd5eccffa3566c2b24b2c6ebf86bde8bfa01ab3347dc11adf22e4014f8`
SHA3	`f5d2013cef3923c470893d7249a5a6b4af2174bf2eab7b6e58bddb8ed6bb4d89`
VirtualSize	`0xe0`
VirtualAddress	`0x4000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.05484`

.rdata

MD5	`3b3d16d6d4c8e7d96b8fa11a99df4966`
SHA1	`44dd9b29ad181b974a4222f5eefc8c5cc9426862`
SHA256	`4d44bb6eb613d318c8082e561f2897a46b6381c98a33482f3142f1b9d970c076`
SHA3	`08f8c57385687b55a1cf8f5c52bac4df9d3b30d2922f7a2e1ee2290dfa65be38`
VirtualSize	`0x940`
VirtualAddress	`0x5000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x2a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.53706`

.pdata

MD5	`7d1ccd6e9888457b6dfeed430cb91d70`
SHA1	`200b6948cd5e6beeb7fa538a243d46b31e9a45c2`
SHA256	`e3d51d524f0aee9a400351beadd1ed74cddfa6f6645341d9d752644eaf6ac233`
SHA3	`87e4203f8ee690aa608422e1c608c7fde80bf726de3c5b2e4d0871bc077acb25`
VirtualSize	`0x288`
VirtualAddress	`0x6000`
SizeOfRawData	`0x400`
PointerToRawData	`0x3400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.77239`

.xdata

MD5	`36abeba22a304e4cbd203a731c3171bb`
SHA1	`632dd032c4af4f0a8a0c1490cf274c3ffd1274f5`
SHA256	`63c80ec3cdcd5b5c29a3cce80ccc86c300fc52e36a8cbb96dd967d420ba044df`
SHA3	`dd48e6a1c3a2e41a2f2a14521c0749ba749409d1c2e2eef982525390f346d9a7`
VirtualSize	`0x218`
VirtualAddress	`0x7000`
SizeOfRawData	`0x400`
PointerToRawData	`0x3800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.54356`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x9a0`
VirtualAddress	`0x8000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`e5185671356c72c0afd9fb097fb51983`
SHA1	`af9fbc66655d43b9a0a1e4108cdbcb19454b5e93`
SHA256	`a955aaa7020cdf171b39a632b209a04433525f4ca1cdccba8b54e1c471504019`
SHA3	`3606ddfecdf1212c8fae209773993e50fd6eac50e08998be1e24dfafc7d9b759`
VirtualSize	`0x918`
VirtualAddress	`0x9000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x3c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.76434`

.CRT

MD5	`fd417b54ef66defeae62ce93227c7f89`
SHA1	`2cf37cae2582537cdf9234021bde6ed2db6065e1`
SHA256	`c6b00c487edb80b5b0e5b0fca787979b8169f999377a3b75a0c9456b9d1f6e24`
SHA3	`93a38fd977792dda82035c686b3f5b49d9aa9a3122ec99479a1d9afb9a711ecc`
VirtualSize	`0x68`
VirtualAddress	`0xa000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.270919`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x10`
VirtualAddress	`0xb000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

/4

MD5	`183af14984794476ca0f20d81793ba79`
SHA1	`b8a90f6cabfdd37c40a1747ac10904691cf84da4`
SHA256	`38c62d8d88441ce963b9d2a9864ebfcca488c0f055c867165d43804067f8823a`
SHA3	`9120d720b9b3ddf4cc2c581bac92ef8cad5d001fbd8a8e163a7c7d01b81bad93`
VirtualSize	`0x450`
VirtualAddress	`0xc000`
SizeOfRawData	`0x600`
PointerToRawData	`0x4a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.32096`

/19

MD5	`329bae744f48fb80c39a2830f956d49f`
SHA1	`19a79a7cf05b829c844d3f967571333fe9ea2dd5`
SHA256	`196a7b9022791be2d593d378c7f88213b1ea6f0aeaac6868dd861f944ff6939d`
SHA3	`45a0577186391845f4426c81f1a7eb28e67218c7c33c0c3a6b00877c278e8461`
VirtualSize	`0x36cc8`
VirtualAddress	`0xd000`
SizeOfRawData	`0x36e00`
PointerToRawData	`0x5000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.00921`

/31

MD5	`c62533c18de56db10e7fc32670272301`
SHA1	`46218fd6e9110ccdf9f264bd0571ea98e3a69da4`
SHA256	`77ba1845c81c313450c7a6b375626ce270731edaab03d42bfef9c2a58ba70df2`
SHA3	`92b40cc788161cf41ddd1269981aed712475e366812fb16db954cb02cd19141a`
VirtualSize	`0x259b`
VirtualAddress	`0x44000`
SizeOfRawData	`0x2600`
PointerToRawData	`0x3be00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.64973`

/45

MD5	`e0202b80edb19da964e09694b1ccf559`
SHA1	`7688b461515acd99eedd2cc0436caaa6d834624f`
SHA256	`74f6a730dbb26b945852d7cd5ff0f58372c301a1aa5a715b0060993cef788919`
SHA3	`fc30e26b68999d55cf21021c0fe3427f89212549a43aba2ea14855cd9aa6c4d2`
VirtualSize	`0x2f7f`
VirtualAddress	`0x47000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x3e400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.42592`

/57

MD5	`1d695de5130468c5a44b513a91b3424c`
SHA1	`5bc0726da9d0a76e37a49bb4a573e4d5039922aa`
SHA256	`ceea622ecf44f0604d4539dc178f7d8177ba514cec29148b436644e589d4a68a`
SHA3	`3f752ab280399a6ecfb4305345800bf52911cfde8636b98c148ec24907bd896b`
VirtualSize	`0x9f0`
VirtualAddress	`0x4a000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x41400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.20524`

/70

MD5	`7a9ba5fa02276475d09c15952c0c7f37`
SHA1	`a6cdb06c3b2b1b50f0bf465f3dd31ceaf77d4269`
SHA256	`7385c52f7ff2e2b0d1877503bd0e38d4c5b8c5f71619921db82c79002614962d`
SHA3	`17bcd47e0ec7ddfe31107358d1ff6eaa18ab81bf1733366d3cd5a05410b56475`
VirtualSize	`0x732`
VirtualAddress	`0x4b000`
SizeOfRawData	`0x800`
PointerToRawData	`0x41e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.60614`

/81

MD5	`88542f980dfe0bfe409a91bfa79926e4`
SHA1	`fae780d5e2c79273cc37269646d6ce3b31f28908`
SHA256	`b73dbe6fa4bdf2a764717a635b14aa11631604d0f1724031bfd0a6cb474c743e`
SHA3	`0a3661ca72d97cd7a6e5ce954e8300ab7ee68ebdfd897a1cb42bd419009a27a9`
VirtualSize	`0x2fb9`
VirtualAddress	`0x4c000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x42600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.20764`

/92

MD5	`3ef820e8da944a9b49034cccc6288d68`
SHA1	`f8f64748bc80082ae7942e7874e676b86124ad6b`
SHA256	`88035f3ee28acc8b597f815265641bb46656c805f8a2a56e8aa4b043946ae5ba`
SHA3	`8b4f8c23c9a4a7aa252fb66c57cdb1725e8cf9cf857a6c1d5932224c5be3bdf0`
VirtualSize	`0x4d0`
VirtualAddress	`0x4f000`
SizeOfRawData	`0x600`
PointerToRawData	`0x45600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.33656`

Imports

KERNEL32.dll	`DeleteCriticalSection` `EnterCriticalSection` `FreeConsole` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThreadId` `GetLastError` `GetStartupInfoA` `GetSystemTimeAsFileTime` `GetTickCount` `InitializeCriticalSection` `LeaveCriticalSection` `QueryPerformanceCounter` `RtlAddFunctionTable` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `SetUnhandledExceptionFilter` `Sleep` `TerminateProcess` `TlsGetValue` `UnhandledExceptionFilter` `VirtualAlloc` `VirtualProtect` `VirtualQuery`
msvcrt.dll	`__C_specific_handler` `__getmainargs` `__initenv` `__iob_func` `__lconv_init` `__set_app_type` `__setusermatherr` `_acmdln` `_amsg_exit` `_cexit` `_fmode` `_initterm` `_onexit` `abort` `atoi` `calloc` `exit` `fprintf` `free` `fwrite` `malloc` `memcpy` `printf` `puts` `signal` `strlen` `strncmp` `vfprintf`
WS2_32.dll	`WSACleanup` `WSAStartup` `closesocket` `connect` `gethostbyname` `htons` `recv` `socket`

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData	`0x40b000`
EndAddressOfRawData	`0x40b008`
AddressOfIndex	`0x4085fc`
AddressOfCallbacks	`0x40a040`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x0000000000401BD0` `0x0000000000401BA0`

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Tried to read outside the COFF string table to get the name of section /19!
[*] Warning: Tried to read outside the COFF string table to get the name of section /31!
[*] Warning: Tried to read outside the COFF string table to get the name of section /45!
[*] Warning: Tried to read outside the COFF string table to get the name of section /57!
[*] Warning: Tried to read outside the COFF string table to get the name of section /70!
[*] Warning: Tried to read outside the COFF string table to get the name of section /81!
[*] Warning: Tried to read outside the COFF string table to get the name of section /92!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF String Table's reported size is bigger than the remaining bytes!
[*] Warning: Section .bss has a size of 0!