Manalyze report for 2b04eeee845633b1806090e0384ee960

Summary

Suspicious	The PE is packed with UPX	`Unusual section name found: UPX0` `Section UPX0 is both writable and executable.` `Unusual section name found: UPX1` `Section UPX1 is both writable and executable.`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress`
Info	The PE's resources present abnormal characteristics.	`Resource 104 is possibly compressed or encrypted.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

MD5	`2b04eeee845633b1806090e0384ee960`
SHA1	`35a6bff2965f73a8502f794556cd1c4ee6bb9be8`
SHA256	`96a91c22692792b0fad6b46a5d96621a7ed9bb1803abe3465d57239947ecb765`
SHA3	`c013fe40e68d330d54ebf1cc49c95ebf5f4bb1bcf0255496fa6af5b57195cb9b`
SSDeep	`3072:OStFKxtp8Ka169CbzL3AQedmXtCvU1o1b3b3Tq:OrtptCbH3AQeK18f`
Imports Hash	`39da4e86dccdc4c39a359c66374de278`

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`3`
TimeDateStamp	2023-Nov-20 19:57:34
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x23000`
SizeOfInitializedData	`0x1000`
SizeOfUninitializedData	`0x77000`
AddressOfEntryPoint	`0x000000000009A1C0 (Section: UPX1)`
BaseOfCode	`0x78000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x9c000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x77000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

MD5	`a7c3a4863f7de6709a0d383a1ec85d0e`
SHA1	`0b08b093ed2f9216977d8538b32e5f487504aa6b`
SHA256	`7a0b65c7e38a6428b068fa21e33a49e7c29e39b64271b2b576269251dc642ca3`
SHA3	`b66a989508a71435ab67b88c69a2faf748ec0001f8ad95e29186d4070fadcbbe`
VirtualSize	`0x23000`
VirtualAddress	`0x78000`
SizeOfRawData	`0x23000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99341`

MD5	`5489d805eaa54ee753f2bb593c13eb48`
SHA1	`147c974284a0759d19f9043cc6778ffc81a90415`
SHA256	`00589c7d3e4ab1ef613880c2a3269c6ef7c45a7a417836e65e3aafdcfff18a29`
SHA3	`72701027154d51f31176adae7f7cbc5b31d9490a174785dd3de20a89ee28a63a`
VirtualSize	`0x1000`
VirtualAddress	`0x9b000`
SizeOfRawData	`0x800`
PointerToRawData	`0x23400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.08522`

api-ms-win-crt-convert-l1-1-0.dll	`strtol`
api-ms-win-crt-heap-l1-1-0.dll	`free`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-math-l1-1-0.dll	`pow`
api-ms-win-crt-runtime-l1-1-0.dll	`exit`
api-ms-win-crt-stdio-l1-1-0.dll	`feof`
api-ms-win-crt-string-l1-1-0.dll	`strcmp`
api-ms-win-crt-time-l1-1-0.dll	`_time64`
api-ms-win-crt-utility-l1-1-0.dll	`rand`
GDI32.dll	`DeleteDC`
KERNEL32.DLL	`LoadLibraryA` `ExitProcess` `GetProcAddress` `VirtualProtect`
SHELL32.dll	`DragFinish`
USER32.dll	`GetDC`
VCRUNTIME140.dll	`strchr`
WINMM.dll	`timeEndPeriod`

Type	`ASSETS_PACK`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x328`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.71199`
MD5	`399537bad51eeae609952c07a51a9a6f`
SHA1	`238a833e141fe1c945b5e945857449b0013142bb`
SHA256	`e8ace9c597b49ec180d5e4a6f659a79eff102667d4b08c9c3c80160f14773a0f`
SHA3	`98915dcbbc78d9ec542e34d1e7aa5241c354cd9754205a26db280dee53b9ef19`

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140084b60`

[!] Error: Could not reach the TLS callback table.
[*] Warning: Section UPX0 has a size of 0!