Manalyze report for 1564ba084b73aee3bafbdaf2491d9e05fe03a9240ea0aa92f31190a71c2db459

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	1970-Jan-01 00:00:00

Plugin Output

Suspicious	PEiD Signature:	`HQR data file`
Info	Interesting strings found in the binary:	`Contains domain names: .eq.golang.org .hash.net eq.golang.org github.com golang.org`
Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata` `Unusual section name found: .symtab`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryW LoadLibraryExW GetProcAddress` `Functions which can be used for anti-debugging purposes: SwitchToThread`
Malicious	VirusTotal score: 27/71 (Scanned on 2026-04-24 22:44:01)	`ALYac: Gen:Variant.Application.Tedy.52546` `Arcabit: Trojan.Application.Tedy.DCD42` `BitDefender: Gen:Variant.Application.Tedy.52546` `CTX: exe.trojan.artemis` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `ESET-NOD32: WinGo/GameHack.A potentially unsafe application` `Emsisoft: Gen:Variant.Application.Tedy.52546 (B)` `Fortinet: Adware/GameHack` `GData: Gen:Variant.Application.Tedy.52546` `Google: Detected` `Gridinsoft: Trojan.Win64.Agent.cl` `Lionic: Trojan.Win32.GameHack.4!c` `MaxSecure: Trojan.Malware.8328611.susgen` `McAfeeD: ti!1564BA084B73` `MicroWorld-eScan: Gen:Variant.Application.Tedy.52546` `Microsoft: PUA:Win32/GameHack` `Paloalto: generic.ml` `Sangfor: PUP.Win32.Gamehack.V6hx` `Skyhigh: Artemis!Trojan` `Sophos: Generic Reputation PUA (PUA)` `Symantec: ML.Attribute.HighConfidence` `TrellixENS: Artemis!AF2A2F6DF598` `VIPRE: Gen:Variant.Application.Tedy.52546` `Varist: W64/ABApplication.OBNA-1101` `ViRobot: PUP.GameHack.2422784` `Zillya: Trojan.GameHack.Win32.21235`

Hashes

MD5	`af2a2f6df598f31c0ef1db53f6d60ff2`
SHA1	`ea70e190b904e89b9669cd591b70fa4502b33c90`
SHA256	`1564ba084b73aee3bafbdaf2491d9e05fe03a9240ea0aa92f31190a71c2db459`
SHA3	`af9836d2861f9363be40bc46da2dd81adf27007d67a2bbca5dc7bed9619d8929`
SSDeep	`24576:3Q46p/48sI9Ruuq/R00i7hgKFGFBX7AkWqZj5EmgM6S6elejC9zEEXICubrW0Zz:3Q469/sHuqp7OlAx8khj55WQUP`
Imports Hash	`d42595b695fc008ef2c56aabd8efd68e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0x8b`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`8`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0x24f600`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`3.0`
SizeOfCode	`0xfba00`
SizeOfInitializedData	`0x19a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000076C60 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.1`
ImageVersion	`1.0`
SubsystemVersion	`6.1`
Win32VersionValue	`0`
SizeOfImage	`0x29e000`
SizeOfHeaders	`0x600`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`64f66aaadefada6bc9ec79b3b7c39872`
SHA1	`cfbade012fdf44b19c37003e6fdc62809ccbb81d`
SHA256	`61c8305df5a8a96483d0d98d3c10423da2fd848e0912c6e62097ebb6db700caa`
SHA3	`836bd1b51a401bc140ff6b1114cae417a9fef19747609bbd3ad916c7b42cdcb6`
VirtualSize	`0xfb911`
VirtualAddress	`0x1000`
SizeOfRawData	`0xfba00`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.22704`

.rdata

MD5	`d986a7fc8121bb3d186246d0a14ea994`
SHA1	`d94a522141321accf1da11c1f0c47f99bfc680c4`
SHA256	`7969c476f9975ff2f79f70e534c72ed017f2b0910f0a6b147348be18c3e7e9d0`
SHA3	`ac43aacd917391cc78017f6980998065793fcb6507c7c8d7c07d1de4898df25a`
VirtualSize	`0x12cd70`
VirtualAddress	`0xfd000`
SizeOfRawData	`0x12ce00`
PointerToRawData	`0xfc000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.54259`

.data

MD5	`306dae8aa14fe5c847ea85ee2b81c4ef`
SHA1	`188c2c274c45935df58b5d56bde10d587dc2c215`
SHA256	`4a6510f5a799ad4989b9aa8f6ffd8a997d577e21dba8facdd1170e565a3edd18`
SHA3	`1153d0e987e2c528a0135f242067ee6f8f3ab545c85c774b0006e69c2fce7c0f`
VirtualSize	`0x63ca8`
VirtualAddress	`0x22a000`
SizeOfRawData	`0x19a00`
PointerToRawData	`0x228e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.43583`

.pdata

MD5	`58414777c33996e72832a0151d8d2155`
SHA1	`1fb335962c322d26fc083663f6bfcf05129c6df5`
SHA256	`445fdcdc0a1a9d464fbc1945993fc9f407581e8a25217a1ec5a721f106adf200`
SHA3	`d6e9b350383c5c11afe2cb2b9ba0da53e36e339977574ee882ce5a513f5b910b`
VirtualSize	`0x66d8`
VirtualAddress	`0x28e000`
SizeOfRawData	`0x6800`
PointerToRawData	`0x242800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.2894`

.xdata

MD5	`f04a7939f7f3806f2a955e9642cedc98`
SHA1	`663eba15525c99a39a0bc52fe64e2f62d6be48c8`
SHA256	`8d0ea5437798293a47b4db30a71c597b9a9130dd78f5aaacb5fb9a0375e80ccb`
SHA3	`61b575fd2887715edbd97cfdc6a6fe965a9ce4f8411002b4a032e06c38a00337`
VirtualSize	`0xb4`
VirtualAddress	`0x295000`
SizeOfRawData	`0x200`
PointerToRawData	`0x249000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.78321`

.idata

MD5	`869dec33ecb5582861a9abd6ce394b8c`
SHA1	`277c23c13be85308a7f9db19090e38a7a57e82a4`
SHA256	`64711e5a02ece583ef15d6ee273f7daeec5d2115fc9880ddf08f3d2b0db26844`
SHA3	`2179f667b8be71e7d59488e59f69d4a587bcd683b455511b18cb8ed7e787155a`
VirtualSize	`0x53e`
VirtualAddress	`0x296000`
SizeOfRawData	`0x600`
PointerToRawData	`0x249200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.95681`

.reloc

MD5	`ff69d042dda93ccdda2ef59dbe82317c`
SHA1	`1cfb722b6d4bea810a5dbd48976623a47dfd4651`
SHA256	`d36752fa9996fe20b86671fedad3fed9a9101e72ddcfc548906fa6f2bf14305c`
SHA3	`6084d3723de05dba2cf1f99e4011aaa43bfc670ce76aedbb39d10a5372e95691`
VirtualSize	`0x5e00`
VirtualAddress	`0x297000`
SizeOfRawData	`0x5e00`
PointerToRawData	`0x249800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.40854`

.symtab

MD5	`07b5472d347d42780469fb2654b7fc54`
SHA1	`943ae54f4818e52409fbbaf60ffd71318d966b0d`
SHA256	`3e67f4a7d14b832ff2a2433e9cf0f6f5720821f67148a87c0ee2595a20c96c68`
SHA3	`a70a3e18515c06557b62676f2a8eb6d7d41962d8c9c7c49f4641c429cc65b977`
VirtualSize	`0x4`
VirtualAddress	`0x29d000`
SizeOfRawData	`0x200`
PointerToRawData	`0x24f600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0203931`

Imports

kernel32.dll	`WriteFile` `WriteConsoleW` `WerSetFlags` `WerGetFlags` `WaitForMultipleObjects` `WaitForSingleObject` `VirtualQuery` `VirtualFree` `VirtualAlloc` `TlsAlloc` `SwitchToThread` `SuspendThread` `SetWaitableTimer` `SetProcessPriorityBoost` `SetEvent` `SetErrorMode` `SetConsoleCtrlHandler` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `ResumeThread` `RaiseFailFastException` `PostQueuedCompletionStatus` `LoadLibraryW` `LoadLibraryExW` `SetThreadContext` `GetThreadContext` `GetSystemInfo` `GetSystemDirectoryA` `GetStdHandle` `GetQueuedCompletionStatusEx` `GetProcessAffinityMask` `GetProcAddress` `GetErrorMode` `GetEnvironmentStringsW` `GetCurrentThreadId` `GetConsoleMode` `FreeEnvironmentStringsW` `ExitProcess` `DuplicateHandle` `CreateWaitableTimerExW` `CreateThread` `CreateIoCompletionPort` `CreateEventA` `CloseHandle` `AddVectoredExceptionHandler` `AddVectoredContinueHandler`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.