Manalyze report for 3ce764f17825cd55aac7d176edcbeb11

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1970-Jan-01 00:00:00
Detected languages	English - United States
Debug artifacts	Embedded COFF debugging symbols

Plugin Output

Info	Interesting strings found in the binary:	Contains domain names: -Inf-inf.bat.cmd.com .eq.github.com .eq.runtime.net .hash.github.com .hash.net .hash.runtime.net Inf-inf.bat.cmd.com bat.cmd.com coloros.com eq.github.com eq.runtime.net feedback.coloros.com feedback.foreign.coloros.com foreign.coloros.com github.com go.itab.github.com go.itab.net golang.org hash.github.com hash.runtime.net http://i.feedback.coloros.com http://i.feedback.coloros.com/Secrecy_authorityimage http://i.feedback.foreign.coloros.com http://i.feedback.foreign.coloros.com/Secrecy_authoritynet/http i.feedback.coloros.com i.feedback.foreign.coloros.com inf.bat.cmd.com itab.github.com runtime.net type..eq.github.com type..eq.net type..eq.runtime.net type..hash.github.com type..hash.net type..hash.runtime.net
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES`
Suspicious	The PE is possibly packed.	`Unusual section name found: /4` `Unusual section name found: /18` `Unusual section name found: /30` `Unusual section name found: /43` `Unusual section name found: /59` `Unusual section name found: /75` `Unusual section name found: /94` `Unusual section name found: /106` `Unusual section name found: .symtab`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA LoadLibraryW GetProcAddress` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Leverages the raw socket API to access the Internet: WSAGetOverlappedResult`
Suspicious	VirusTotal score: 1/71 (Scanned on 2023-05-29 20:25:53)	`APEX: Malicious`

Hashes

MD5	`3ce764f17825cd55aac7d176edcbeb11`
SHA1	`9fb62b16626290786516b189be09c7ef9943c746`
SHA256	`d989b30cdd48b48752420813bb06b510b8487db6416315e83719e2cfbddb75eb`
SHA3	`6ff3524e0a29581f442191d184aca38842d7288d374c51d116c1a828c5ede934`
SSDeep	`98304:MIfeQFqIj4MR3rBVodaf1kkoKKJwAONSNXFcYWyagAUlT:MI2QFqC4MRp+E`
Imports Hash	`96c44fa1eee2c4e9b9e77d7bf42d59e6`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0x4`
e_cparhdr	`0`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0x8b`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`13`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0x9e2e00`
NumberOfSymbols	`14829`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`3.0`
SizeOfCode	`0x658000`
SizeOfInitializedData	`0x36200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000056930 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xacb000`
SizeOfHeaders	`0x600`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`4c66157ae5c7a1c388af3d8c5e7eb391`
SHA1	`0437d053a894fbf4e50ca7e161c58c843331bf0b`
SHA256	`b87ff89010dd4868b2b4ca431dbcc16860741d0bb269de63da9a39e6715014f9`
SHA3	`925b19729ccaa26df44445497f61c3875979d653607c9be71badfe5c55a6efb8`
VirtualSize	`0x657e3c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x658000`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.87801`

.data

MD5	`06b46509785d2c94cce5e8ca2bc1d1c8`
SHA1	`2d5411b9072564401c0b96d99fbb7b666fe37330`
SHA256	`a58d5b3a9dd46912190cfbe006f8ae6ed084819eeee83bd98b205eccbfbd9354`
SHA3	`3ea8073dadf5e655a498e99ad9fa6c3a77b696f1c63a7784c8ae58659fd8132d`
VirtualSize	`0x5b6b8`
VirtualAddress	`0x659000`
SizeOfRawData	`0x36200`
PointerToRawData	`0x658600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.41531`

/4

MD5	`5297c917947d98d48aa44033a6f61bb4`
SHA1	`2bd5ade2e7b4f92b3449bac367ede6eacf41ff97`
SHA256	`f08eec20b7dc1a292a88976cc2169472e930495a36f7ca7101f408b08a4f9611`
SHA3	`4dcbc1c7615a794f528676a6eab593f555840a251f425fdd86b10ba7bad57606`
VirtualSize	`0x1b5`
VirtualAddress	`0x6b5000`
SizeOfRawData	`0x200`
PointerToRawData	`0x68e800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.23636`

/18

MD5	`3693c1e3cd0aea6cd1bbc1b350b99eb8`
SHA1	`b12d47883afa3a85bf73079918c09a9459ce19bc`
SHA256	`4a9461b4f3efd426ee47e78b242ae03e8b38cd3581745c9c4531cd11f86b4cf8`
SHA3	`050f2584a9a10c0a493633600ebd6648ad0efbe9fb4456c363a7bc28058bc1ed`
VirtualSize	`0x528ee`
VirtualAddress	`0x6b6000`
SizeOfRawData	`0x52a00`
PointerToRawData	`0x68ea00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.56497`

/30

MD5	`651e7f398f773c03f53a747501e04764`
SHA1	`791b7c97a53b28a58c39cc983b1f954c165807b4`
SHA256	`9d8a44f58bccea0da093883c91c4136cd600c3c0af585899c80539b09866ca43`
SHA3	`c12a945f185a3e87cfc67f4287da72cd3133d4ef0fc4f039d7478670f728cdcb`
VirtualSize	`0x706a4`
VirtualAddress	`0x709000`
SizeOfRawData	`0x70800`
PointerToRawData	`0x6e1400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.49233`

/43

MD5	`e4f2416bb7dba9c20ab07c6ecc4d0855`
SHA1	`84069ddb236b9f376ee08ea4f2ba1508030d918c`
SHA256	`af59d522a363a992f85bfd350406ef507445e662236af010e08900f3046ba03c`
SHA3	`460a4541e0f9fe8c698a7d9ab2664b9bbad7126cf5b39f0cf7ea9fd9ea9cdb24`
VirtualSize	`0x1e88c`
VirtualAddress	`0x77a000`
SizeOfRawData	`0x1ea00`
PointerToRawData	`0x751c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.50536`

/59

MD5	`dde684f3aa4e3742a2bf91fc9a585779`
SHA1	`3240719f9887c73860966a5a1472f3e0e9969a74`
SHA256	`f629213c6116af74a7686a12525791b690ae9b20097d60299531c38e0f3cfd5d`
SHA3	`007fb78386eafad9c911272d394ab22855003af33f290b808b9c40845a4116bb`
VirtualSize	`0x37ace`
VirtualAddress	`0x799000`
SizeOfRawData	`0x37c00`
PointerToRawData	`0x770600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.56622`

/75

MD5	`ec0622a3ed8ec85447fc6cadca0c5ec4`
SHA1	`6ce23dbeaf41de6d72c61c7fbdfd390cdc905698`
SHA256	`f75a7ee92be68f67f7ae13612d535aa743e2377f65d6cfcfd01e706fceca89d1`
SHA3	`f7ed0245ad1e0a12e03f2775db8622751cb71a78dadb7e7efca9340cdfee0372`
VirtualSize	`0x22`
VirtualAddress	`0x7d1000`
SizeOfRawData	`0x200`
PointerToRawData	`0x7a8200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.621652`

/94

MD5	`19765deb0a055eb8c2b8f84806160a72`
SHA1	`8f451d8c0a30d9eac8322a031c9cb98e5784e3bc`
SHA256	`925ca2f52151a206cf9d3691fba503b3eacd9ebd77baa83a77eb26827c0d5aae`
SHA3	`82ac5b7ae931b8d12c06c150a0d75b1908aa1a1b79a7cd264b480e15f11aacda`
VirtualSize	`0x21527a`
VirtualAddress	`0x7d2000`
SizeOfRawData	`0x215400`
PointerToRawData	`0x7a8400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.80237`

/106

MD5	`3d10d63c6e4228f151ddd6b0bb2f01b9`
SHA1	`95cd9e858d2dbcd97dce34d6cb91942ea1519271`
SHA256	`d365a876b3d5aa41dc66f7f6780772ee2eec2aa72fe5cc33a2ae5fe23d4d0bbf`
SHA3	`35c7ac74d151910f6f53249743e84bfff85dfd09d09713571e36679bd5940966`
VirtualSize	`0x250c0`
VirtualAddress	`0x9e8000`
SizeOfRawData	`0x25200`
PointerToRawData	`0x9bd800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.30253`

.idata

MD5	`442a4213601db07d3d39309b98d2a7fb`
SHA1	`2fe1789537643234e3dd04fd4b032fa0dd392016`
SHA256	`1f6a51e7c21e977648a38e7dfd38e49123d34f8db38bfd236a4baf11e1e65108`
SHA3	`5792191f06ca9b59163a86a9ed87f91482077c8ef75e82b79d859ffccb0f1d0d`
VirtualSize	`0x3fe`
VirtualAddress	`0xa0e000`
SizeOfRawData	`0x400`
PointerToRawData	`0x9e2a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.29595`

.symtab

MD5	`fbbde254c911639248e74b1f23ec2b0b`
SHA1	`33e0b18ffbc073f2ae6b841488425de599204343`
SHA256	`6b215434c5bf48332e194f466f7e377114c0dba418d9b3882783d1836e0d8a8e`
SHA3	`3c020ba50c119b754c646952806ab77ec3c87c0f61ce0d909e2f168c6af21fc9`
VirtualSize	`0xba9f5`
VirtualAddress	`0xa0f000`
SizeOfRawData	`0xbaa00`
PointerToRawData	`0x9e2e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.49894`

.rsrc

MD5	`3bfbeb0c9519e4801264391e7c3c4f6a`
SHA1	`6fa601c3a89593e76ab64880c4d4044ced318914`
SHA256	`719967ad8c5a621b959f1c786a6f6886feae1b61dcaf93eb0224f89dbffc6230`
SHA3	`467c2e1cfd02a709b55686858c60fa1713f034f794298e9229941edf38dc4831`
VirtualSize	`0x284`
VirtualAddress	`0xaca000`
SizeOfRawData	`0x400`
PointerToRawData	`0xa9d800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.82323`

Imports

winmm.dll	`timeEndPeriod` `timeBeginPeriod`
ws2_32.dll	`WSAGetOverlappedResult`
kernel32.dll	`WriteFile` `WriteConsoleW` `WaitForSingleObject` `VirtualFree` `VirtualAlloc` `SwitchToThread` `SetWaitableTimer` `SetUnhandledExceptionFilter` `SetProcessPriorityBoost` `SetEvent` `SetErrorMode` `SetConsoleCtrlHandler` `LoadLibraryA` `LoadLibraryW` `GetSystemInfo` `GetStdHandle` `GetQueuedCompletionStatus` `GetProcessAffinityMask` `GetProcAddress` `GetEnvironmentStringsW` `GetConsoleMode` `FreeEnvironmentStringsW` `ExitProcess` `DuplicateHandle` `CreateThread` `CreateIoCompletionPort` `CreateEventA` `CloseHandle` `AddVectoredExceptionHandler`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.92826`
MD5	`610a01d4b713c70c08b5d57b9c140c0d`
SHA1	`3271ae714e2eba76350d4bcc8ca2b9c6905a1ef7`
SHA256	`972636b90b25b2dc4bfbda71ec82c4feac18d18c880c16a5bfb6b28aadfe3fa1`
SHA3	`393763013140c43c22719fdc065d0330118129bb1ee4e716f0c96ecd18b1147a`

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Tried to read outside the COFF string table to get the name of section /18!
[*] Warning: Tried to read outside the COFF string table to get the name of section /30!
[*] Warning: Tried to read outside the COFF string table to get the name of section /43!
[*] Warning: Tried to read outside the COFF string table to get the name of section /59!
[*] Warning: Tried to read outside the COFF string table to get the name of section /75!
[*] Warning: Tried to read outside the COFF string table to get the name of section /94!
[*] Warning: Tried to read outside the COFF string table to get the name of section /106!