Manalyze report for 36857235d281d583f9cf3ce5244e957bbdc3009aaea342d3061030be73a49106

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	1970-Jan-01 00:00:00

Plugin Output

Suspicious	PEiD Signature:	`Crunch/PE v5.0` `PeStubOEP v1.x` `HQR data file`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: cmd.exe` Contains domain names: -github.com .eq.github.com .eq.go.uber.org .eq.golang.org .github.com .hash.github.com .hash.golang.org .hash.net 0github.com 1github.com 2github.com 3github.com 4github.com 5github.com 8github.com 9876discordapp.com 9github.com STRhts.lambdatest.comedgedl.me.gvt1.com birthpopuptypesapplyImagebeinguppernoteseveryshowsmeansextramatchtrackknownearlybegansuperpapernorthlearngivennamedendedTermspartsGroupbrandusingwomanfalsereadyaudiotakeswhile.com cases.info comedgedl.me.gvt1.com details.net developer.mozilla.org downloads.lambdatest.com downloads.lambdatestinternal.com eq.github.com eq.go.uber.org eq.golang.org expressiongithub.com genretrucklooksValueFrame.net github.com go.uber.org golang.org hash.github.com hash.golang.org http://www.C http://www.a http://www.css http://www.hortcut http://www.icon http://www.interpretation http://www.language http://www.style http://www.text-decoration http://www.w3.org http://www.w3.org/shortcut http://www.wencodeURIComponent http://www.years https://developer.mozilla.org https://developer.mozilla.org/en-US/docs/Glossary/percent-encoding https://downloads.lambdatest.com https://downloads.lambdatest.com/tunnel/v3/freebsd/386/LTcan't https://downloads.lambdatest.com/tunnel/v3/freebsd/amd64/LThttps https://downloads.lambdatest.com/tunnel/v3/freebsd/arm64/LThttps https://downloads.lambdatest.com/tunnel/v3/linux/386/LThttps https://downloads.lambdatest.com/tunnel/v3/linux/amd64/LThttps https://downloads.lambdatest.com/tunnel/v3/linux/arm64/LThttps https://downloads.lambdatest.com/tunnel/v3/mac/386/LTerror https://downloads.lambdatest.com/tunnel/v3/mac/amd64/LThttps https://downloads.lambdatest.com/tunnel/v3/mac/arm64/LTError https://downloads.lambdatest.com/tunnel/v3/solaris/amd64/LTinvalid https://downloads.lambdatest.com/tunnel/v3/windows/386/LT.exereflect https://downloads.lambdatest.com/tunnel/v3/windows/amd64/LT.exehttp2 https://downloads.lambdatest.commissing https://github.com https://preprod-downloads.lambdatest.com https://preprod-downloads.lambdatest.com/tunnel/v3/freebsd/386/LTreflect https://preprod-downloads.lambdatest.com/tunnel/v3/freebsd/amd64/LThttps https://preprod-downloads.lambdatest.com/tunnel/v3/freebsd/arm64/LThttps https://preprod-downloads.lambdatest.com/tunnel/v3/linux/386/LThttps https://preprod-downloads.lambdatest.com/tunnel/v3/linux/amd64/LThttps https://preprod-downloads.lambdatest.com/tunnel/v3/linux/arm64/LThttps https://preprod-downloads.lambdatest.com/tunnel/v3/mac/386/LThttps https://preprod-downloads.lambdatest.com/tunnel/v3/mac/amd64/LThttps https://preprod-downloads.lambdatest.com/tunnel/v3/mac/arm64/LThttps https://preprod-downloads.lambdatest.com/tunnel/v3/solaris/amd64/LTError https://preprod-downloads.lambdatest.com/tunnel/v3/windows/386/LT.exereflect https://preprod-downloads.lambdatest.com/tunnel/v3/windows/amd64/LT.exenon https://preprod-downloads.lambdatest.comFailed https://preprod.ts.lambdatest.com https://preprod.ts.lambdatest.com/download/binary/freebsd/386/LTReading https://preprod.ts.lambdatest.com/download/binary/freebsd/amd64/LThttps https://preprod.ts.lambdatest.com/download/binary/freebsd/arm64/LThttps https://preprod.ts.lambdatest.com/download/binary/linux/386/LThttps https://preprod.ts.lambdatest.com/download/binary/linux/amd64/LThttps https://preprod.ts.lambdatest.com/download/binary/linux/arm64/LThttps https://preprod.ts.lambdatest.com/download/binary/mac/386/LThttps https://preprod.ts.lambdatest.com/download/binary/mac/amd64/LThttps https://preprod.ts.lambdatest.com/download/binary/solaris/amd64/LTreflect https://preprod.ts.lambdatest.com/download/binary/windows/386/LT.exereflect https://preprod.ts.lambdatest.com/download/binary/windows/amd64/LT.exebytes.Buffer https://stage-downloads.lambdatestinternal.com https://stage-downloads.lambdatestinternal.com/tunnel/v3/freebsd/386/LThttps https://stage-downloads.lambdatestinternal.com/tunnel/v3/freebsd/amd64/LThttps https://stage-downloads.lambdatestinternal.com/tunnel/v3/freebsd/arm64/LThttps https://stage-downloads.lambdatestinternal.com/tunnel/v3/linux/386/LThttps https://stage-downloads.lambdatestinternal.com/tunnel/v3/linux/amd64/LThttps https://stage-downloads.lambdatestinternal.com/tunnel/v3/linux/arm64/LThttps https://stage-downloads.lambdatestinternal.com/tunnel/v3/mac/386/LThttps https://stage-downloads.lambdatestinternal.com/tunnel/v3/mac/amd64/LThttps https://stage-downloads.lambdatestinternal.com/tunnel/v3/mac/arm64/LThttps https://stage-downloads.lambdatestinternal.com/tunnel/v3/solaris/amd64/LTtls https://stage-downloads.lambdatestinternal.com/tunnel/v3/windows/386/LT.exeUnable https://stage-downloads.lambdatestinternal.com/tunnel/v3/windows/amd64/LT.exeMapIter.Next https://stage-downloads.lambdatestinternal.comerror https://stage-ts.lambdatestinternal.com https://stage-ts.lambdatestinternal.com/download/binary/freebsd/386/LThttps https://stage-ts.lambdatestinternal.com/download/binary/freebsd/amd64/LThttps https://stage-ts.lambdatestinternal.com/download/binary/freebsd/arm64/LThttps https://stage-ts.lambdatestinternal.com/download/binary/linux/386/LThttps https://stage-ts.lambdatestinternal.com/download/binary/linux/amd64/LThttps https://stage-ts.lambdatestinternal.com/download/binary/linux/arm64/LThttps https://stage-ts.lambdatestinternal.com/download/binary/mac/386/LThttps https://stage-ts.lambdatestinternal.com/download/binary/mac/amd64/LThttps https://stage-ts.lambdatestinternal.com/download/binary/solaris/amd64/LT%s https://stage-ts.lambdatestinternal.com/download/binary/windows/386/LT.exebytes.Buffer https://stage-ts.lambdatestinternal.com/download/binary/windows/amd64/LT.exeunable https://ts.lambdatest.com https://ts.lambdatest.com/download/binary/freebsd/386/LTmTLS https://ts.lambdatest.com/download/binary/freebsd/amd64/LThttps https://ts.lambdatest.com/download/binary/freebsd/arm64/LThttps https://ts.lambdatest.com/download/binary/linux/386/LThttps https://ts.lambdatest.com/download/binary/linux/amd64/LThttps https://ts.lambdatest.com/download/binary/linux/arm64/LThttps https://ts.lambdatest.com/download/binary/mac/386/LTTo https://ts.lambdatest.com/download/binary/mac/amd64/LTTunnel https://ts.lambdatest.com/download/binary/solaris/amd64/LTerror https://ts.lambdatest.com/download/binary/windows/386/LT.exeTunnel https://ts.lambdatest.com/download/binary/windows/amd64/LT.exeSSH https://www.World https://www.recent lambdatest.com lambdatest.comedgedl.me.gvt1.com lambdatestinternal.com me.gvt1.com mozilla.org openssh.com preprod-downloads.lambdatest.com preprod.ts.lambdatest.com redirector.gvt1.com sgithub.com stage-downloads.lambdatestinternal.com stage-ts.lambdatestinternal.com thing.org ts.lambdatest.com ts.lambdatestinternal.com www.w3.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses constants related to base58` `Uses known Diffie-Helman primes`
Suspicious	The PE is possibly packed.	`Unusual section name found: .symtab`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryW LoadLibraryExW GetProcAddress` `Functions which can be used for anti-debugging purposes: SwitchToThread`
Info	The PE is digitally signed.	`Signer: Lambdatest` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`17e5a035cc61f8efee3f126c75f41bd0`
SHA1	`f058d0d10da3bd93a8627f0eb238e6246daa475f`
SHA256	`36857235d281d583f9cf3ce5244e957bbdc3009aaea342d3061030be73a49106`
SHA3	`e106c99437ae0aa3ff88a7a8b3949d73ad2c2ae698bbf4c46d73552e69c76c2c`
SSDeep	`98304:azD7R9SbLNscCdxTwP33haAK0gHiQ4YjRsjBO2fOGFn3bOCTRzeWtwZFpRkWoAxI:IGGFkI0gHiVUsvpn3bOCkzZEAO`
Imports Hash	`1aae8bf580c846f39c71c05898e57e88`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0x8b`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0x11a1a00`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`3.0`
SizeOfCode	`0x7e9000`
SizeOfInitializedData	`0x1c4400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00077370 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xf77000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.1`
ImageVersion	`1.0`
SubsystemVersion	`6.1`
Win32VersionValue	`0`
SizeOfImage	`0x11d8000`
SizeOfHeaders	`0x400`
Checksum	`0x11af48b`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d105b894937002702a67d5541be89518`
SHA1	`1462e0764f2488274bf4d7066b7f577777e3c939`
SHA256	`766cea2a8b002f6acf765d313a7049e5ad495259be6207a4b4f3d1b4abebe9b9`
SHA3	`74025db0add6e090f23d40edcbbe80e8bcaddfd4b7c2f2eca4a62caed818d7db`
VirtualSize	`0x7e8eee`
VirtualAddress	`0x1000`
SizeOfRawData	`0x7e9000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.11508`

.rdata

MD5	`ebf8341d6b656ec479daa5b74c7a7acd`
SHA1	`3b754f6189d5d5fc8be58f73406c2ed6df5007a8`
SHA256	`0f44c69a724fdbba2c3339d9a83971ee7141f258782f2ba98eb68e3ccbe61113`
SHA3	`4c6a5753da10efa94dfe7e3c04ac8ed2b51f7d1559860a8a2008205edab2ce0d`
VirtualSize	`0x78cf48`
VirtualAddress	`0x7ea000`
SizeOfRawData	`0x78d000`
PointerToRawData	`0x7e9400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.90597`

.data

MD5	`4c6cb9fcb3f79ceec8f180543b6886e4`
SHA1	`c550e9ac6ee2304c18b0cc8ef7a294e8a15bc6bf`
SHA256	`3a513019c49be82f97a96be8f7486873db16be9b021fb4d050a913433e024efb`
SHA3	`c568965d68877cea46bda868108c6d67861d624ac371900db92340970f4918ed`
VirtualSize	`0x1f76ac`
VirtualAddress	`0xf77000`
SizeOfRawData	`0x1c4400`
PointerToRawData	`0xf76400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.70745`

.idata

MD5	`d89186e80d74c2824ff02c90e3fe135d`
SHA1	`949d18c3454d2c82d48668cbd86767c788115d52`
SHA256	`812b40b07b44821b9fcd10de1976210c2077c4be0fddfdf728c561410a1057de`
SHA3	`5847964102e01629a8cb5a2b47c48e2d688413698d1b2914bc757120e3b19787`
VirtualSize	`0x44c`
VirtualAddress	`0x116f000`
SizeOfRawData	`0x600`
PointerToRawData	`0x113a800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.0354`

.reloc

MD5	`b3abc52792d6693c9047a924b2cc749d`
SHA1	`834db367c87e0afe4d172231ebcae6772ca1acc9`
SHA256	`cb8eccfff87e007d04908ab151aae2d305003d0c01d513895a3c588076c8f86c`
SHA3	`73c5649137638238e015cdbc552003598e194164abf0cc744e56be23b1341e2d`
VirtualSize	`0x66b68`
VirtualAddress	`0x1170000`
SizeOfRawData	`0x66c00`
PointerToRawData	`0x113ae00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.6407`

.symtab

MD5	`07b5472d347d42780469fb2654b7fc54`
SHA1	`943ae54f4818e52409fbbaf60ffd71318d966b0d`
SHA256	`3e67f4a7d14b832ff2a2433e9cf0f6f5720821f67148a87c0ee2595a20c96c68`
SHA3	`a70a3e18515c06557b62676f2a8eb6d7d41962d8c9c7c49f4641c429cc65b977`
VirtualSize	`0x4`
VirtualAddress	`0x11d7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x11a1a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0203931`

Imports

kernel32.dll	`WriteFile` `WriteConsoleW` `WerSetFlags` `WerGetFlags` `WaitForMultipleObjects` `WaitForSingleObject` `VirtualQuery` `VirtualFree` `VirtualAlloc` `TlsAlloc` `SwitchToThread` `SuspendThread` `SetWaitableTimer` `SetUnhandledExceptionFilter` `SetProcessPriorityBoost` `SetEvent` `SetErrorMode` `SetConsoleCtrlHandler` `ResumeThread` `RaiseFailFastException` `PostQueuedCompletionStatus` `LoadLibraryW` `LoadLibraryExW` `SetThreadContext` `GetThreadContext` `GetSystemInfo` `GetSystemDirectoryA` `GetStdHandle` `GetQueuedCompletionStatusEx` `GetProcessAffinityMask` `GetProcAddress` `GetErrorMode` `GetEnvironmentStringsW` `GetCurrentThreadId` `GetConsoleMode` `FreeEnvironmentStringsW` `ExitProcess` `DuplicateHandle` `CreateWaitableTimerExW` `CreateThread` `CreateIoCompletionPort` `CreateEventA` `CloseHandle` `AddVectoredExceptionHandler`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.