Manalyze report for 2ad5686edb94c3de4209c85601185b8b

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	1970-Jan-01 00:00:00
Debug artifacts	Embedded COFF debugging symbols

Plugin Output

Suspicious	PEiD Signature:	`HQR data file`
Info	Interesting strings found in the binary:	`Contains domain names: .eq.runtime.net eq.runtime.net go.itab.net golang.org runtime.net type..eq.net type..eq.runtime.net`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES`
Suspicious	The PE is possibly packed.	`Unusual section name found: /4` `Unusual section name found: /19` `Unusual section name found: /32` `Unusual section name found: /46` `Unusual section name found: /65` `Unusual section name found: /78` `Unusual section name found: /90` `Unusual section name found: .symtab`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA LoadLibraryW GetProcAddress` `Functions which can be used for anti-debugging purposes: SwitchToThread`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`2ad5686edb94c3de4209c85601185b8b`
SHA1	`6ee643db1a86f4e4300a65b069f4d75ce86b1f75`
SHA256	`0ab348ee576404f6efd9baa3ae054d6eb60f5f1abbb41723cb6da3b290cf038e`
SHA3	`7d9ec14d37863271819113df10fe8e545e4f5a5c833c17524a184a0725c4b139`
SSDeep	`98304:MLrAb6AcICEYsV7ov9lPw4YKhB0kuPQFWHr:ML0b68CEYsV7ovrY4fB0LQ4H`
Imports Hash	`4035d2883e01d64f3e7a9dccb1d63af5`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0x4`
e_cparhdr	`0`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0x8b`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`13`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0x58ec00`
NumberOfSymbols	`5938`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`3.0`
SizeOfCode	`0x21fc00`
SizeOfInitializedData	`0x39e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000006DDE0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.1`
ImageVersion	`1.0`
SubsystemVersion	`6.1`
Win32VersionValue	`0`
SizeOfImage	`0x627000`
SizeOfHeaders	`0x600`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`fa6b1827ff18838dbc1ba8178bae8af0`
SHA1	`cb6de025516a2438a5ae6bb7ad60482824ae2e47`
SHA256	`95fb85f672740384493c37edb5999f9209659dbcfb5b38ba1e394cd0e71ad6a5`
SHA3	`7818af8bc7f0aa7a32f0ed6200923e1a6791b065864a82ce25d30d165835d555`
VirtualSize	`0x21fb11`
VirtualAddress	`0x1000`
SizeOfRawData	`0x21fc00`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.93655`

.rdata

MD5	`66a718a470b9848d6a7883273c4d9e25`
SHA1	`be50f2e66374f7a670b574ec6cb94b4d26288e6e`
SHA256	`dd7c0647c3c3daca485ae6d8d88506ead72a3bec266600684ee960915c77a44b`
SHA3	`eb3036ee120ff0ab0bebdc00d0a20106a5638577b8d1340de750f898dce09f0b`
VirtualSize	`0x1d65e0`
VirtualAddress	`0x221000`
SizeOfRawData	`0x1d6600`
PointerToRawData	`0x220200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.32234`

.data

MD5	`4a2b6bd7e6bb698ba42f7057f205765b`
SHA1	`ad46c79b79fc4c3815b93beef0b4a89e8e5c6c05`
SHA256	`dc5a79fb10e26f58d6fda9bfb816b1c469be7ab949cdf2a0499ca4a2ce7ac91d`
SHA3	`3275f9151d188fc41f195a41d3fbd1518e56de4bcb6d2565518b29b79bfac141`
VirtualSize	`0x85990`
VirtualAddress	`0x3f8000`
SizeOfRawData	`0x39e00`
PointerToRawData	`0x3f6800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.16563`

/4

MD5	`28a3e9c96b9bb43e6541a26c8f68899b`
SHA1	`d5055422d0b8c4494eb8e58fccfc0c1ceafbeed3`
SHA256	`975598b01533b812dcfde96cc17be963bfef2aff01d84eeec67fa3f71e2f0658`
SHA3	`af7ac55943731d23db6ba4a312b7176306d760c6f0209d7f9ff38da1a33fdcce`
VirtualSize	`0x119`
VirtualAddress	`0x47e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x430600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.82922`

/19

MD5	`1ec1802dd1ec586ff7720f04dd9c9041`
SHA1	`523602752df76f023ffa9cdf9d713ef11d1a6089`
SHA256	`76b2b923dcd22b458428888a8b9a95f6542b7a7b4dafcc59415cbcd6699f32c7`
SHA3	`b0d1d50bafa8c182ea5ba1eeffeb751307f0547e46144f8c0d34974f5397da04`
VirtualSize	`0x50073`
VirtualAddress	`0x47f000`
SizeOfRawData	`0x50200`
PointerToRawData	`0x430800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99651`

/32

MD5	`fa4029dfa7012b0c5f8ef65e54888ebb`
SHA1	`8e95f594913ca9a7a2a0d22305fe210bec040735`
SHA256	`8799ab8c46bd9b5b6448f7df176bf510a3480b1711752123017812b5b852bf80`
SHA3	`42ab1a3f7c17b6e0cb6f94a73a5d9b4f7c87330f9a5403ef1d9f47266181c2bc`
VirtualSize	`0x10a69`
VirtualAddress	`0x4d0000`
SizeOfRawData	`0x10c00`
PointerToRawData	`0x480a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.93045`

/46

MD5	`14cea2cfeea2e401f94846319c93e309`
SHA1	`d64ff3036d2acf5e6324a5671ad4f1a1cdb42c5c`
SHA256	`46e6a74fb0dd7780004d5d55ff89cdea196ff3861f781696bcd89e59e0319dbe`
SHA3	`149751d60965cc38dc25f6b263997ab6d2d28bc8cc968a674c940d5584fca030`
VirtualSize	`0x46`
VirtualAddress	`0x4e1000`
SizeOfRawData	`0x200`
PointerToRawData	`0x491600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.16233`

/65

MD5	`e122e52037c9e20eec2ad80b6bdab145`
SHA1	`7a3af9e1656377ffb60d8e99198ec21719f6ca67`
SHA256	`77d8e87d505cb9a5e2e438175cc24be8ff5ef34f371320a223deb2036db04db5`
SHA3	`b98f4b9622c207fd81f7d2db1f6f6339395bbbfb8ae61705406c90665ef0aded`
VirtualSize	`0x7d94f`
VirtualAddress	`0x4e2000`
SizeOfRawData	`0x7da00`
PointerToRawData	`0x491800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99797`

/78

MD5	`d4b99c835f9e70ada57a7b0652ec14e6`
SHA1	`1c9c844a6fbf47dfb583da170b499af57c20f3f6`
SHA256	`3867baa1c6a935d488e750625e4111cff9234075ef4cdcf2033d5c04a8fbe71d`
SHA3	`21594d1968229ac779cd7e510c85115937dd4dca5be7ccb5c7a6781dea12579c`
VirtualSize	`0x501f5`
VirtualAddress	`0x560000`
SizeOfRawData	`0x50200`
PointerToRawData	`0x50f200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.9968`

/90

MD5	`6a1b91779362a4f7105b6d5077090e2f`
SHA1	`4e93f23dd8e07e941e14f2e971404d852172037b`
SHA256	`b4a3ecd8c358dca4067e575c3f955ea38ca360ca1abcf4815138e9bd97ab110e`
SHA3	`6e9b33662cc981a4a0613af2d22be893a9455dbf83b325e4f70c5e8bb8c04f0e`
VirtualSize	`0x1b6c5`
VirtualAddress	`0x5b1000`
SizeOfRawData	`0x1b800`
PointerToRawData	`0x55f400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.81491`

.idata

MD5	`294af492ea54d9dbdee2ddc5f2f44a2a`
SHA1	`7a7f7f28b90a5a462d978109e3dd483366c71589`
SHA256	`f8faad5756d3eec7c10a868b4fd95be0b56bafaf66322b221599ec1b032f3e6d`
SHA3	`cb6d045bf541f8cef0f03d55a4b7d7bfa10117c47c1e211300838f10b0319fa1`
VirtualSize	`0x476`
VirtualAddress	`0x5cd000`
SizeOfRawData	`0x600`
PointerToRawData	`0x57ac00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.56407`

.reloc

MD5	`7e2fd4a8662b66f819c4ff93a1e22a3b`
SHA1	`cc44889798cd16e14f45a4843a8937b30caca8b7`
SHA256	`e857b656ed5e60e4dda30256cd3dddf7589b35f5fcf27f369e5338c710709288`
SHA3	`6a1ccdf5fe825d83df3a7586e478e4268642f78330fbfad2fc9a9244d5986a22`
VirtualSize	`0x13838`
VirtualAddress	`0x5ce000`
SizeOfRawData	`0x13a00`
PointerToRawData	`0x57b200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.44424`

.symtab

MD5	`3c812387fce8e89757931d7101dbee16`
SHA1	`6d78250ad069cffe7b8b62a6bc727cb1da620c39`
SHA256	`6f2c66bf6e0587af17b4fa691285d439caafa30dd0dbcf053e13452af462c0dc`
SHA3	`20de052ab0c34f5c1d4f71bff010769738822239d88e680e05acbc7d899c5777`
VirtualSize	`0x4400c`
VirtualAddress	`0x5e2000`
SizeOfRawData	`0x44200`
PointerToRawData	`0x58ec00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.34529`

Imports

kernel32.dll	`WriteFile` `WriteConsoleW` `WaitForMultipleObjects` `WaitForSingleObject` `VirtualQuery` `VirtualFree` `VirtualAlloc` `SwitchToThread` `SuspendThread` `Sleep` `SetWaitableTimer` `SetUnhandledExceptionFilter` `SetProcessPriorityBoost` `SetEvent` `SetErrorMode` `SetConsoleCtrlHandler` `ResumeThread` `PostQueuedCompletionStatus` `LoadLibraryA` `LoadLibraryW` `SetThreadContext` `GetThreadContext` `GetSystemInfo` `GetSystemDirectoryA` `GetStdHandle` `GetQueuedCompletionStatusEx` `GetProcessAffinityMask` `GetProcAddress` `GetEnvironmentStringsW` `GetConsoleMode` `FreeEnvironmentStringsW` `ExitProcess` `DuplicateHandle` `CreateWaitableTimerExW` `CreateThread` `CreateIoCompletionPort` `CreateEventA` `CloseHandle` `AddVectoredExceptionHandler`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Tried to read outside the COFF string table to get the name of section /19!
[*] Warning: Tried to read outside the COFF string table to get the name of section /32!
[*] Warning: Tried to read outside the COFF string table to get the name of section /46!
[*] Warning: Tried to read outside the COFF string table to get the name of section /65!
[*] Warning: Tried to read outside the COFF string table to get the name of section /78!
[*] Warning: Tried to read outside the COFF string table to get the name of section /90!