Manalyze report for 3594feea1ae53f744944075c9576eac5

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	1970-Jan-01 00:00:00
Debug artifacts	Embedded COFF debugging symbols

Plugin Output

Suspicious	PEiD Signature:	`HQR data file`
Info	Interesting strings found in the binary:	`Contains domain names: .hash.net golang.org textproto.nl`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES`
Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata` `Unusual section name found: /4` `Unusual section name found: /19` `Unusual section name found: /32` `Unusual section name found: /46` `Unusual section name found: /65` `Unusual section name found: /78` `Unusual section name found: /90` `Unusual section name found: .symtab`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryW LoadLibraryExW GetProcAddress` `Functions which can be used for anti-debugging purposes: SwitchToThread`
Suspicious	VirusTotal score: 1/73 (Scanned on 2024-10-21 10:05:27)	`Bkav: W64.AIDetectMalware`

Hashes

MD5	`3594feea1ae53f744944075c9576eac5`
SHA1	`53f20f645cbc2201a994c76f76d719f4b5c570d8`
SHA256	`ae99310e67fd3c8b12d4911da6cac48db9073c71a19db35d5073ca48e20de0b4`
SHA3	`b8ad560869c49b0fbcad2c142e0cc74e3a208327cd57dde0687ca1ada5bbe849`
SSDeep	`98304:tgkLBFnyKc2TEv8QSRwD91zsFjoJxaNvJOYuS:tgyyKc2AL7sFojW`
Imports Hash	`d42595b695fc008ef2c56aabd8efd68e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0x8b`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`15`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0x733c00`
NumberOfSymbols	`7495`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`3.0`
SizeOfCode	`0x26a200`
SizeOfInitializedData	`0x36400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000744C0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.1`
ImageVersion	`1.0`
SubsystemVersion	`6.1`
Win32VersionValue	`0`
SizeOfImage	`0x7e7000`
SizeOfHeaders	`0x600`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`02346a067b5922a68e825b56caee5459`
SHA1	`b0a914406103f6c398b03256ccf6070de6742efc`
SHA256	`4e9a0e926fa5a2a5744cbc82b87de95a0a5bc1a0b12dcaeafe0b791290c8f9ac`
SHA3	`842e8948ce9a870db4620a112876f5835c36db44b0ecdddb5df0f3bc7f75b34f`
VirtualSize	`0x26a14e`
VirtualAddress	`0x1000`
SizeOfRawData	`0x26a200`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.21683`

.rdata

MD5	`acb8ca37e2975a84942c6ab7b1faff87`
SHA1	`6d6cd03ea2dc0aeaa647c354b306b78eae05daab`
SHA256	`567f84ed8241d968e4315c8b5903cd643565bd86ab1e99936e4612d800700b57`
SHA3	`637dec5b0c6d06e1fd3052128acfee26c52fef4045738b9f91a2b5b1a7f7e5eb`
VirtualSize	`0x27eb40`
VirtualAddress	`0x26c000`
SizeOfRawData	`0x27ec00`
PointerToRawData	`0x26a800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.67138`

.data

MD5	`92d454a91874a179222f5ef2f13b8435`
SHA1	`2a05af7f46b89ded900e021c4bc4316f4ecff835`
SHA256	`cf1c4bb0376fc13e4e9c8e814847192bd2e2bcbdc103ef3ab5926114ac94120c`
SHA3	`1385e69d810bed095bf7788342bcb588e5614cb0fe04d8816304a33736819610`
VirtualSize	`0x835c0`
VirtualAddress	`0x4eb000`
SizeOfRawData	`0x36400`
PointerToRawData	`0x4e9400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.09372`

.pdata

MD5	`b3858d72908b48c3a9ede93bf4ec47d5`
SHA1	`144c5b11affe6c5836495ae432a2b8fa92ed07f2`
SHA256	`9c66eb725f8397551fbfe997211450830cf3419f8c785aaeb5a67952d93c07fb`
SHA3	`0c6da3b8aff13d21c9fd9bfb17c311991960b8eb9d3cf10efb13ccfec8695873`
VirtualSize	`0xe3c4`
VirtualAddress	`0x56f000`
SizeOfRawData	`0xe400`
PointerToRawData	`0x51f800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.45279`

.xdata

MD5	`7bcb33eb79de36cf8f526b021c74edc7`
SHA1	`8d73ed27f226b45d3c4f840ac9ef313c9a5e585b`
SHA256	`64db2058e1390a110390ddbf6141ff9992d6546837106ab36894a5abf53e0e83`
SHA3	`65279cf8e02cd61cfac6bc574daa6f316bc458197b253fbfa3a3d6fc69959a27`
VirtualSize	`0xb4`
VirtualAddress	`0x57e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x52dc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.78321`

/4

MD5	`aaf28638a5fca2ae9b61c2d0ecb5c6e7`
SHA1	`7c8a92013db6c2753a6f41874618942e06fa8475`
SHA256	`3e036fb5019af1d8f5f7a2fe0c26b2023065aea5dca228cceaba7b21fd1a93ab`
SHA3	`e00e06a4d4c8eeae595df0ce089b05de44d89e769398c9968499f1ec2111951d`
VirtualSize	`0x14c`
VirtualAddress	`0x57f000`
SizeOfRawData	`0x200`
PointerToRawData	`0x52de00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.61048`

/19

MD5	`481e0ea8d2eaed763ca187d9baffc17f`
SHA1	`011b352abf41a50c802deff9d98fbf49cc34e4c8`
SHA256	`02d5c460a265332b6a20b0761355bd5bcb0bce706897fc34bbedfe0efee9c6d7`
SHA3	`fea8aeae7916110cbf09bf1a359f77c69123e54f0dd7ae16936540a1dbfbcc11`
VirtualSize	`0x6d222`
VirtualAddress	`0x580000`
SizeOfRawData	`0x6d400`
PointerToRawData	`0x52e000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99609`

/32

MD5	`6e931285b03be251fd68dca67de323a6`
SHA1	`ca91ac49cb30cfd8623f2096e782135da79963aa`
SHA256	`17eee5920d362c62a8b753a2ad62a33254e0566d813386758eeef5de692e0f03`
SHA3	`718d9ba878d79d735d28706393121fff6fa8eb08cb0036bcab4885c46040350a`
VirtualSize	`0x1707c`
VirtualAddress	`0x5ee000`
SizeOfRawData	`0x17200`
PointerToRawData	`0x59b400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.93586`

/46

MD5	`40cca7c46fc713b4f088e5d440ca7931`
SHA1	`3aaa1650bfaf5325fa9cb3a1a284aebcc92aebf4`
SHA256	`3e3c5f5d419b70e588da0ef0e3d9ce1a5863a5624febc16cd0c007cd14e89015`
SHA3	`a0e18fe9f6ac46417d52cdc99cf9ae56edb5a53f788995a085b10f88f348a0e4`
VirtualSize	`0x30`
VirtualAddress	`0x606000`
SizeOfRawData	`0x200`
PointerToRawData	`0x5b2600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.855685`

/65

MD5	`01221f4bcfe2ce219f7e03f617da75db`
SHA1	`2c0f14de34a82f50c355b2348acdffaa1dfe7d4d`
SHA256	`7ee1b71ec94907ddb2dce44c0c927b0d10a4cf6d9c13cbb353a619bd30860f4c`
SHA3	`b1427bb24d26da7480da8911d37637a473b41eda27c2e862b68434ffc82d664d`
VirtualSize	`0xbfe0b`
VirtualAddress	`0x607000`
SizeOfRawData	`0xc0000`
PointerToRawData	`0x5b2800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99838`

/78

MD5	`41225ce637a5be2fa0d664fd764277b5`
SHA1	`0e162acff9e7510c36c64f0c00043e9ace8a2047`
SHA256	`7501ad7aa08c115579ff23400623e057597d2e946857cfc82888c87d46fa7b6a`
SHA3	`53d3a0b1d856539374a4e0682bf447fc49da49ccf59a8824bf3f2321db5e1113`
VirtualSize	`0x8c7aa`
VirtualAddress	`0x6c7000`
SizeOfRawData	`0x8c800`
PointerToRawData	`0x672800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99442`

/90

MD5	`b95c23d0ae90122e7939cc5b715752d9`
SHA1	`2746fbce19115d0c9e63a06ffc38a39ea6b76dfd`
SHA256	`f1f4c15ea1df641a9f7b07740e53104ea5f28aa5e628500023397532bc9dc0ca`
SHA3	`c117fa75d12d0b4213ebfe7a71c895cb9ccb089ccad88b62768ec9e954c605b8`
VirtualSize	`0x28e22`
VirtualAddress	`0x754000`
SizeOfRawData	`0x29000`
PointerToRawData	`0x6ff000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.80445`

.idata

MD5	`d3663e0a4b692107c0ddc4c8dd28b52f`
SHA1	`efd89a99825ac4c3f0647fcace160c6196ca6561`
SHA256	`09af5b43a1fe3573c1b2fcea3bebe63b23e567e543330832bead3569f1336350`
SHA3	`1ff5e8271d89f7b7613b37e543b82aa54d18a33be78837e7a142c9d1a69c4f55`
VirtualSize	`0x53e`
VirtualAddress	`0x77d000`
SizeOfRawData	`0x600`
PointerToRawData	`0x728000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.00599`

.reloc

MD5	`44de05995959c485a3b6230f1fcf3cd0`
SHA1	`d7c52599d37dd16b798926e3b93fc7d65d7f1369`
SHA256	`99140ee6b8d9f00983db164d6c54cec3b834df39838d28968cce4b021bce75a9`
SHA3	`094392630014fb0aa977982f8f456ca5b22982437b62fae7eb64b0791d7181d9`
VirtualSize	`0xb450`
VirtualAddress	`0x77e000`
SizeOfRawData	`0xb600`
PointerToRawData	`0x728600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.42489`

.symtab

MD5	`c12b3dd56c0f1e7747ccb87b735a9080`
SHA1	`19f9c7175e20e4e55f680adc493cad7e62393d80`
SHA256	`ee4b346373ceb2a3467ae39c13db990a768141f8fec2e6ccb08e775fc133ced4`
SHA3	`e17d9a9f2c83d5a3218dda6332b66c34ba6f559548365e166a3e89f2e5d1846d`
VirtualSize	`0x5c0f8`
VirtualAddress	`0x78a000`
SizeOfRawData	`0x5c200`
PointerToRawData	`0x733c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.29079`

Imports

kernel32.dll	`WriteFile` `WriteConsoleW` `WerSetFlags` `WerGetFlags` `WaitForMultipleObjects` `WaitForSingleObject` `VirtualQuery` `VirtualFree` `VirtualAlloc` `TlsAlloc` `SwitchToThread` `SuspendThread` `SetWaitableTimer` `SetProcessPriorityBoost` `SetEvent` `SetErrorMode` `SetConsoleCtrlHandler` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `ResumeThread` `RaiseFailFastException` `PostQueuedCompletionStatus` `LoadLibraryW` `LoadLibraryExW` `SetThreadContext` `GetThreadContext` `GetSystemInfo` `GetSystemDirectoryA` `GetStdHandle` `GetQueuedCompletionStatusEx` `GetProcessAffinityMask` `GetProcAddress` `GetErrorMode` `GetEnvironmentStringsW` `GetCurrentThreadId` `GetConsoleMode` `FreeEnvironmentStringsW` `ExitProcess` `DuplicateHandle` `CreateWaitableTimerExW` `CreateThread` `CreateIoCompletionPort` `CreateEventA` `CloseHandle` `AddVectoredExceptionHandler` `AddVectoredContinueHandler`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Tried to read outside the COFF string table to get the name of section /19!
[*] Warning: Tried to read outside the COFF string table to get the name of section /32!
[*] Warning: Tried to read outside the COFF string table to get the name of section /46!
[*] Warning: Tried to read outside the COFF string table to get the name of section /65!
[*] Warning: Tried to read outside the COFF string table to get the name of section /78!
[*] Warning: Tried to read outside the COFF string table to get the name of section /90!