Manalyze report for 31cd3162824d83e6e973e3f28429e0a4

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	1970-Jan-01 00:00:00
Debug artifacts	Embedded COFF debugging symbols

Plugin Output

Suspicious	PEiD Signature:	`HQR data file`
Info	Interesting strings found in the binary:	`Contains domain names: .eq.runtime.net .hash.runtime.net eq.runtime.net hash.runtime.net runtime.net type..eq.runtime.net type..hash.runtime.net`
Suspicious	The PE is possibly packed.	`Unusual section name found: /4` `Unusual section name found: /19` `Unusual section name found: /32` `Unusual section name found: /46` `Unusual section name found: /63` `Unusual section name found: /80` `Unusual section name found: /99` `Unusual section name found: /112` `Unusual section name found: /124` `Unusual section name found: .symtab`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA LoadLibraryW GetProcAddress` `Functions which can be used for anti-debugging purposes: SwitchToThread`
Suspicious	VirusTotal score: 1/72 (Scanned on 2024-04-02 07:57:33)	`Bkav: W64.AIDetectMalware`

Hashes

MD5	`31cd3162824d83e6e973e3f28429e0a4`
SHA1	`772fa4961fcd47c3bce298cd16aac15595e5f2d8`
SHA256	`8d0201f9fed05f2fe830982ff75fd8a87701ed57f6026718ccad779d92e5751e`
SHA3	`33cb0704a68694202d753eb2a2c1b2da077388033f290c6200c88f261f282eaf`
SSDeep	`24576:CnLVaJTlLz9Zm0gge7vXfV46ITCfsohZdIb0n2GV6GJ8/DI:CnLVOlL5Zm0ggKvd46IT8zIbLY6GWLI`
Imports Hash	`1cd364a9e949d5ecebd6c614e64bc545`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0x4`
e_cparhdr	`0`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0x8b`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`14`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0x1e8000`
NumberOfSymbols	`2943`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`3.0`
SizeOfCode	`0x9b200`
SizeOfInitializedData	`0x13c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000056950 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.1`
ImageVersion	`1.0`
SubsystemVersion	`6.1`
Win32VersionValue	`0`
SizeOfImage	`0x231000`
SizeOfHeaders	`0x600`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`c38fe066ecdad8e7e2158bef4d1af177`
SHA1	`fa5c840ac6bbb8b2c7a210e4dedf39e5bc4f1daa`
SHA256	`df41c5069e22cf3e322a022bf63232fed3dc561bb568074d37668d8f27abf3cb`
SHA3	`165a4b294754a13c0a6ddd94cf2eeebdd9f785af76a2ce687a6088864a0532b3`
VirtualSize	`0x9b1a0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x9b200`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.91054`

.rdata

MD5	`c6c69334c8b4edf3c683026ba316b2b8`
SHA1	`76f06c9339d2d46e2fe2fee0727b1b2260f3fb57`
SHA256	`9e8ac4abe1e396c675ebd79ce4247a9f92b1f9172df22565bd39a530b1e87d20`
SHA3	`7e0abd620339b378ec53a7d076e90a5857788d45472a779a8afa643beb8ac4cc`
VirtualSize	`0xc901d`
VirtualAddress	`0x9d000`
SizeOfRawData	`0xc9200`
PointerToRawData	`0x9b800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.166`

.data

MD5	`6724dd792389ba8bcbf641b190827623`
SHA1	`6665ea3cd6af52acc9d06e86a857cb3c94f4af40`
SHA256	`2ebd3fa255114dc123a3d0558b1dbcb604bfe67e2de6940bfe10b3e1eabe6707`
SHA3	`b13a3df85fdfa1dad5f1e42e976b3d2fa9c50cbba343c5745b5b54fff93a7603`
VirtualSize	`0x34848`
VirtualAddress	`0x167000`
SizeOfRawData	`0x13c00`
PointerToRawData	`0x164a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.14698`

/4

MD5	`28a3e9c96b9bb43e6541a26c8f68899b`
SHA1	`d5055422d0b8c4494eb8e58fccfc0c1ceafbeed3`
SHA256	`975598b01533b812dcfde96cc17be963bfef2aff01d84eeec67fa3f71e2f0658`
SHA3	`af7ac55943731d23db6ba4a312b7176306d760c6f0209d7f9ff38da1a33fdcce`
VirtualSize	`0x119`
VirtualAddress	`0x19c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x178600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.82922`

/19

MD5	`a683a69a5880edb47defc8917187eee5`
SHA1	`e8d09e492a86ff1f444aafd236d0bb482a75eb1b`
SHA256	`caac82b584d780989acb29319cdc125c5fe92ed187ab40f51be9e2a06be40f3c`
SHA3	`396ad8286e203739834b50b20dfd1c2efa766de569a651afa3e75752d084c35f`
VirtualSize	`0x16d90`
VirtualAddress	`0x19d000`
SizeOfRawData	`0x16e00`
PointerToRawData	`0x178800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99057`

/32

MD5	`eb680a996a66cbbe109dcc14cb5fcca7`
SHA1	`8e7f25d7a4d88f38e651a80ea8b08f5ba256adaa`
SHA256	`c076c0fe7f3149943479593c671f59c2327de2a24432ed57939c175e880711d7`
SHA3	`0d95bb71ca455538854b27f57158bfde4a764343fbcdfdcd15678e92854673cd`
VirtualSize	`0x63c9`
VirtualAddress	`0x1b4000`
SizeOfRawData	`0x6400`
PointerToRawData	`0x18f600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.92167`

/46

MD5	`cdb7cc8d65a75453b993d24011ecf608`
SHA1	`da4bd9a4eb1166dd20257062f8396b96c43d20ef`
SHA256	`f4e69e8b593684b7bed675c0378acbee6c9ebff709051516ce9bd59dcc1ea26d`
SHA3	`48585dea9cbc5052386bb2f4c472ce6610b4792b56f37bf7169586ebe2e781e8`
VirtualSize	`0x1d2a`
VirtualAddress	`0x1bb000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0x195a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.89679`

/63

MD5	`870357a8bb1897e9a7746bce1581de46`
SHA1	`ee9b4963c654361e8525bf1ff9a98bcb9a9cf156`
SHA256	`5194a40984ff981c0cf05dacc88517b33cd1e42f1629d9486e292c90a90bf43d`
SHA3	`8182b6b5e59cad967a2e7e51335ce10870200a58ad5d0cbd4719f4589a40d8db`
VirtualSize	`0x33eb`
VirtualAddress	`0x1bd000`
SizeOfRawData	`0x3400`
PointerToRawData	`0x197800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.97944`

/80

MD5	`373ec90673bdad25dd1041401d92fef4`
SHA1	`c9e867765dbe19ee0c12a77f945d5bbebb3dabfc`
SHA256	`af9123c990d840be9dd1e375543a68c9dde085470a611f9f8e412c28c71adfbf`
SHA3	`4fb5142fe042cc8fd11cff3c98d3c7986d99aa6f2284bd38f9a9eecd7278b178`
VirtualSize	`0x2d`
VirtualAddress	`0x1c1000`
SizeOfRawData	`0x200`
PointerToRawData	`0x19ac00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.788378`

/99

MD5	`c6826a9ad10dfedd4685cfeaa6c3af27`
SHA1	`36f460a3e67f7ff4b76109c5e3a6f3193aeb7934`
SHA256	`269a7d14389cf2af40255e9ce08c5124660e4b50d886cd15a164359124cfb15a`
SHA3	`54ae444ca16fdffc3c9c91ce341e5cf808b3ed8ed66d8a97270ceabc2d2c53a6`
VirtualSize	`0x2e901`
VirtualAddress	`0x1c2000`
SizeOfRawData	`0x2ea00`
PointerToRawData	`0x19ae00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99618`

/112

MD5	`27986d9cf8eb04a041ee1a26ee2a6bf7`
SHA1	`84ea99f5403814e981d3015648b8e7c2f105f246`
SHA256	`813e2e07b9f936c67b20e5b8700320ab0bfd9170d6ef71c3321eccb91149665b`
SHA3	`1cdac14d6db993d031561504249e7484e9c7638b9e469511dc9199431600e62f`
VirtualSize	`0x163bf`
VirtualAddress	`0x1f1000`
SizeOfRawData	`0x16400`
PointerToRawData	`0x1c9800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99103`

/124

MD5	`8fb0ee9887c191e4db5ae351c500e3a1`
SHA1	`9cf4fa4a12b303fab58f4b29db1f10a67db9ccb6`
SHA256	`b8a829380494ec330b7d24e3b33cb409072dae3eaac685892f6a86f828cf900a`
SHA3	`11aa7e9547958b814454bdcd7d96cfc377fb6d0b40b0d87f71a7e65f7b808f8c`
VirtualSize	`0x7ef0`
VirtualAddress	`0x208000`
SizeOfRawData	`0x8000`
PointerToRawData	`0x1dfc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.7963`

.idata

MD5	`4845d7a04f0d3a30ce751760f82ee230`
SHA1	`dedd4b32dc8ca8cc510678e9e5f4f0740a5300fe`
SHA256	`63e942e9158c54cecc5757e2d4fc492523c27cca1a041873a2460c537c7b5b08`
SHA3	`6fa2a37b674a281b64a0d1f3a3dccc0530160a13a2a705a6ead007425b004a70`
VirtualSize	`0x3b4`
VirtualAddress	`0x210000`
SizeOfRawData	`0x400`
PointerToRawData	`0x1e7c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.04414`

.symtab

MD5	`9646939512f9769601e7d47493726579`
SHA1	`04cec1e548b55a914c307c525967df8ba07cb179`
SHA256	`64c1219003c0ad1d2df48579567b1176ca108aaeb767ed63d3d706b7ed281338`
SHA3	`c957a4ed9c3b55199450df4e76b3d48d9611c60ac1dda87958cfd9aa306e5791`
VirtualSize	`0x1fb7e`
VirtualAddress	`0x211000`
SizeOfRawData	`0x1fc00`
PointerToRawData	`0x1e8000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.22351`

Imports

kernel32.dll	`WriteFile` `WriteConsoleW` `WaitForMultipleObjects` `WaitForSingleObject` `VirtualQuery` `VirtualFree` `VirtualAlloc` `SwitchToThread` `SetWaitableTimer` `SetUnhandledExceptionFilter` `SetProcessPriorityBoost` `SetEvent` `SetErrorMode` `SetConsoleCtrlHandler` `LoadLibraryA` `LoadLibraryW` `GetSystemInfo` `GetSystemDirectoryA` `GetStdHandle` `GetQueuedCompletionStatus` `GetProcessAffinityMask` `GetProcAddress` `GetEnvironmentStringsW` `GetConsoleMode` `FreeEnvironmentStringsW` `ExitProcess` `DuplicateHandle` `CreateThread` `CreateIoCompletionPort` `CreateEventA` `CloseHandle` `AddVectoredExceptionHandler`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Tried to read outside the COFF string table to get the name of section /19!
[*] Warning: Tried to read outside the COFF string table to get the name of section /32!
[*] Warning: Tried to read outside the COFF string table to get the name of section /46!
[*] Warning: Tried to read outside the COFF string table to get the name of section /63!
[*] Warning: Tried to read outside the COFF string table to get the name of section /80!
[*] Warning: Tried to read outside the COFF string table to get the name of section /99!
[*] Warning: Tried to read outside the COFF string table to get the name of section /112!
[*] Warning: Tried to read outside the COFF string table to get the name of section /124!