Manalyze report for 125770df8e20dce3480496e23ce7479c

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	1970-Jan-01 00:00:00
TLS Callbacks	2 callback(s) detected.

Plugin Output

Suspicious	PEiD Signature:	`HQR data file`
Info	Interesting strings found in the binary:	`Contains domain names: .eq.github.com RetroUSB.com eq.github.com github.com raylib.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to RC5 or RC6`
Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryExW LoadLibraryW` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Possibly launches other programs: system` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`125770df8e20dce3480496e23ce7479c`
SHA1	`478fee8e0ad74d14eadbcb164ade6936175fcba8`
SHA256	`e7da1eb7e58f34b169c0301378c1b26dda7070f91e069cfc1ef5d6b17853eb06`
SHA3	`50dfe06680b31a2bf485653b2be00b6fa6a9a7f7bff5d135c09132839bd9aa57`
SSDeep	`49152:o3ZbX+r2H8QNHD01qNvgwjwv7oU+GYoaVWTt8qhAO7CjXn:kYa8eHOh+bbOm`
Imports Hash	`ac9a6ff71f26449095a04f934160e856`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`11`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0x1e1600`
SizeOfInitializedData	`0x318a00`
SizeOfUninitializedData	`0x5a200`
AddressOfEntryPoint	`0x00000000000014F0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.1`
ImageVersion	`0.0`
SubsystemVersion	`6.1`
Win32VersionValue	`0`
SizeOfImage	`0x37b000`
SizeOfHeaders	`0x400`
Checksum	`0x32308d`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`ba700a5bd0d0689d3bee5cd316354161`
SHA1	`5fa12161ef2058f9c4cfeb0917914d7d057e8909`
SHA256	`9f276f05eb5b24928638e6a896848ede89350c4136c632806e69e8b967b75a0a`
SHA3	`ba11935312b49b8d7d2ff10746dc78102f406c44609dfc9d06cad610ed22f025`
VirtualSize	`0x1e1530`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1e1600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.40379`

.data

MD5	`72b2e03f600398e7883e942d62f62b89`
SHA1	`de5841069549de481139cd410c787bfd4db14ccb`
SHA256	`014db95c0f9cb0ebecc26d309882c3ac66fdeb09cec5f75722cee35273ffd871`
SHA3	`8753dacea07eee90a535efb00ed8570419d41cc852d68d78293ff78078bb1fc5`
VirtualSize	`0x102e0`
VirtualAddress	`0x1e3000`
SizeOfRawData	`0x10400`
PointerToRawData	`0x1e1a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.12377`

.rdata

MD5	`513c714f3224f0ea57a6703b1101b201`
SHA1	`c18db1b1225dbce0fafd26a81154974f3ea31814`
SHA256	`459f71249060324d549f2193a85f355a9a3e1ae2919c92e000d38ed90a47e3e0`
SHA3	`fd8af5f8e4831a8002f8e6d6836b7744ea7313814a41bb5258a8870ead487ae2`
VirtualSize	`0x1033a0`
VirtualAddress	`0x1f4000`
SizeOfRawData	`0x103400`
PointerToRawData	`0x1f1e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.78012`

.pdata

MD5	`aeb7a0f8717dc4ca5a0f4b997e793a13`
SHA1	`c12dd70a143cd9e1566f81694ab5ca77c6bdd1e6`
SHA256	`cd8ca66e4b91aa54bc850ccfe0e68a1cf7ea8a210a2c3c66bf29f012063bbe79`
SHA3	`8582b03f52677d63c83351c1c83572b2325a241861a3098b553141aaad7e34d7`
VirtualSize	`0x1059c`
VirtualAddress	`0x2f8000`
SizeOfRawData	`0x10600`
PointerToRawData	`0x2f5200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.03074`

.xdata

MD5	`d1aa13c872db6a6e56b0dedfb233538b`
SHA1	`9fb63dc7ff83e0b413d7516f5b1e32941e54e339`
SHA256	`082bb7f3248eeb85fd08d8372b95647a0c063ea1454192757a4577a4dcf407e4`
SHA3	`c2366c7cafca8f6a8b7ee3ceb189a060b5793e5af8e019a0547d4a5e8a34445f`
VirtualSize	`0xc800`
VirtualAddress	`0x309000`
SizeOfRawData	`0xc800`
PointerToRawData	`0x305800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.77677`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x5a0f0`
VirtualAddress	`0x316000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.edata

MD5	`28571719567d7f400b5c124da6a19a51`
SHA1	`e23ae47e0cc90a8124e5b4667726932da25aa836`
SHA256	`b1b43cb3529a398077de848cdb369fdba142f4d2012bb4f0a0f4601bc0cbb4bc`
SHA3	`63632f581947904d51dacbf75bca0dac58cc07d674be3b6eb8e8c848dcd92ec6`
VirtualSize	`0xc3`
VirtualAddress	`0x371000`
SizeOfRawData	`0x200`
PointerToRawData	`0x312000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.40337`

.idata

MD5	`61417a0ef6a927eecf7beb832aa2dda1`
SHA1	`fb5e477b3aefa76796050cee15403705b62273e4`
SHA256	`5fc3cbb32ee0ddb61848388fee46d74b1383d15c776f11e44962dd3c8655a369`
SHA3	`421ee302983ed300811d7500417de8846a650eb8944a6e31a94e7314e227c3ba`
VirtualSize	`0x28c8`
VirtualAddress	`0x372000`
SizeOfRawData	`0x2a00`
PointerToRawData	`0x312200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.59908`

.CRT

MD5	`af0653b772138bfa59664ddc58dbe6fe`
SHA1	`e92a59dbdd76d0f70560bd62474a0654096de354`
SHA256	`e9f85d869a90401ba959bd7fac9e389e3be8672b50ee84a7ce08f77a94b05348`
SHA3	`fcead4260dc367b8d51788d4a1466d6ee5b38457e24d2832d998167158a92822`
VirtualSize	`0x68`
VirtualAddress	`0x375000`
SizeOfRawData	`0x200`
PointerToRawData	`0x314c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.39756`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x10`
VirtualAddress	`0x376000`
SizeOfRawData	`0x200`
PointerToRawData	`0x314e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.reloc

MD5	`550480a8dd5ec0404de78e1f7c80162a`
SHA1	`3baa717d978d0d158ee35a7a3f08c560dd7be8a4`
SHA256	`fcb13ab94f51518c0f56e45fdc1a62ba35466a4260efe5620b9199cdd0b18ca8`
SHA3	`23e0ae8674068aa0212ebe31f19642671d575e22f92f3ba2a0bd1a437bde6534`
VirtualSize	`0x3da8`
VirtualAddress	`0x377000`
SizeOfRawData	`0x3e00`
PointerToRawData	`0x315000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.42123`

Imports

GDI32.dll	`ChoosePixelFormat` `CreateBitmap` `CreateDCW` `CreateDIBSection` `CreateRectRgn` `DeleteDC` `DeleteObject` `DescribePixelFormat` `GetDeviceCaps` `GetDeviceGammaRamp` `SetDeviceGammaRamp` `SetPixelFormat` `SwapBuffers`
KERNEL32.dll	`AddVectoredContinueHandler` `AddVectoredExceptionHandler` `CloseHandle` `CreateEventA` `CreateFileA` `CreateFileW` `CreateIoCompletionPort` `CreateSemaphoreW` `CreateThread` `CreateWaitableTimerExW` `DeleteCriticalSection` `DuplicateHandle` `EnterCriticalSection` `ExitProcess` `FormatMessageW` `FreeEnvironmentStringsW` `FreeLibrary` `GetConsoleMode` `GetCurrentThreadId` `GetEnvironmentStringsW` `GetErrorMode` `GetFileInformationByHandle` `GetLastError` `GetModuleFileNameA` `GetModuleHandleExW` `GetModuleHandleW` `GetProcAddress` `GetProcessAffinityMask` `GetQueuedCompletionStatusEx` `GetStartupInfoA` `GetStartupInfoW` `GetStdHandle` `GetSystemDirectoryA` `GetSystemInfo` `GetThreadContext` `GlobalAlloc` `GlobalFree` `GlobalLock` `GlobalSize` `GlobalUnlock` `InitializeCriticalSection` `IsDBCSLeadByteEx` `LeaveCriticalSection` `LoadLibraryA` `LoadLibraryExW` `LoadLibraryW` `MultiByteToWideChar` `PostQueuedCompletionStatus` `QueryPerformanceCounter` `QueryPerformanceFrequency` `RaiseFailFastException` `ReadFile` `ReleaseSemaphore` `ResetEvent` `ResumeThread` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `SetConsoleCtrlHandler` `SetErrorMode` `SetEvent` `SetProcessPriorityBoost` `SetThreadContext` `SetThreadExecutionState` `SetThreadPriority` `SetUnhandledExceptionFilter` `SetWaitableTimer` `Sleep` `SuspendThread` `SwitchToThread` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `VerSetConditionMask` `VirtualAlloc` `VirtualFree` `VirtualProtect` `VirtualQuery` `WaitForMultipleObjects` `WaitForSingleObject` `WerGetFlags` `WerSetFlags` `WideCharToMultiByte` `WriteConsoleW` `WriteFile` `__C_specific_handler`
msvcrt.dll	`___lc_codepage_func` `___mb_cur_max_func` `__getmainargs` `__initenv` `__iob_func` `__lconv_init` `__set_app_type` `__setusermatherr` `_access` `_acmdln` `_amsg_exit` `_assert` `_atoi64` `_beginthread` `_cexit` `_chdir` `_commode` `_errno` `_findclose` `_findfirst64` `_findnext64` `_fmode` `_getcwd` `_hypot` `_initterm` `_lock` `_mkdir` `_onexit` `_stat64` `_time64` `_unlock` `_wassert` `_wfopen` `abort` `acos` `atof` `atoi` `calloc` `div` `exit` `fclose` `feof` `ferror` `fflush` `fgetc` `fgets` `fopen` `fopen_s` `fprintf` `fputc` `fread` `free` `frexp` `fseek` `ftell` `fwrite` `getc` `islower` `isspace` `isupper` `isxdigit` `localeconv` `malloc` `memchr` `memcmp` `memcpy` `memmove` `memset` `puts` `qsort` `rand` `realloc` `rewind` `signal` `strchr` `strcmp` `strcpy` `strcspn` `strerror` `strlen` `strncmp` `strncpy` `strpbrk` `strrchr` `strspn` `strstr` `strtok` `strtol` `strtoul` `system` `tan` `tolower` `ungetc` `vfprintf` `wcscmp` `wcscpy` `wcslen`
SHELL32.dll	`DragAcceptFiles` `DragFinish` `DragQueryFileW` `DragQueryPoint`
USER32.dll	`AdjustWindowRectEx` `BringWindowToTop` `ChangeDisplaySettingsExW` `ClientToScreen` `ClipCursor` `CloseClipboard` `CreateIconIndirect` `CreateWindowExW` `DefWindowProcW` `DestroyIcon` `DestroyWindow` `DispatchMessageW` `EmptyClipboard` `EnumDisplayDevicesW` `EnumDisplayMonitors` `EnumDisplaySettingsExW` `EnumDisplaySettingsW` `FlashWindow` `GetActiveWindow` `GetClassLongPtrW` `GetClientRect` `GetClipboardData` `GetCursorPos` `GetDC` `GetKeyState` `GetLayeredWindowAttributes` `GetMessageTime` `GetMonitorInfoW` `GetPropW` `GetRawInputData` `GetRawInputDeviceInfoA` `GetRawInputDeviceList` `GetSystemMetrics` `GetWindowLongW` `GetWindowPlacement` `GetWindowRect` `IsIconic` `IsWindowVisible` `IsZoomed` `LoadCursorW` `LoadImageW` `MapVirtualKeyW` `MonitorFromWindow` `MoveWindow` `MsgWaitForMultipleObjects` `OffsetRect` `OpenClipboard` `PeekMessageW` `PostMessageW` `PtInRect` `RegisterClassExW` `RegisterDeviceNotificationW` `RegisterRawInputDevices` `ReleaseCapture` `ReleaseDC` `RemovePropW` `ScreenToClient` `SendMessageW` `SetCapture` `SetClipboardData` `SetCursor` `SetCursorPos` `SetFocus` `SetForegroundWindow` `SetLayeredWindowAttributes` `SetPropW` `SetRect` `SetWindowLongW` `SetWindowPlacement` `SetWindowPos` `SetWindowTextW` `ShowWindow` `SystemParametersInfoW` `ToUnicode` `TrackMouseEvent` `TranslateMessage` `UnregisterClassW` `UnregisterDeviceNotification` `WaitMessage` `WindowFromPoint`
WINMM.dll	`timeBeginPeriod` `timeEndPeriod`

Delayed Imports

_cgo_dummy_export

Ordinal	`1`
Address	`0x36f3f0`

internalAudioMixedProcessorGo

Ordinal	`2`
Address	`0x9f8d0`

internalAudioStreamCallbackGo

Ordinal	`3`
Address	`0x9f880`

internalTraceLogCallbackGo

Ordinal	`4`
Address	`0x9f920`

Version Info

TLS Callbacks

StartAddressOfRawData	`0x140376000`
EndAddressOfRawData	`0x140376008`
AddressOfIndex	`0x14036feac`
AddressOfCallbacks	`0x140375040`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x00000001401E0520` `0x00000001401E04F0`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!