Manalyze report for 3d9632c4f9b86244ea6d25cf7369f7e5

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2024-Sep-12 19:31:00
TLS Callbacks	3 callback(s) detected.
Debug artifacts	Embedded COFF debugging symbols

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: CurrentVersion\Run` `Miscellaneous malware strings: cmd.exe` `Contains domain names: .pal..windows..net .sys..pal..windows..net .windows..net common..net core..net pal..windows..net std..sys..pal..windows..net sys..pal..windows..net windows..net`
Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata` `Unusual section name found: /4` `Unusual section name found: /19` `Unusual section name found: /35` `Unusual section name found: /47` `Unusual section name found: /61` `Unusual section name found: /73` `Unusual section name found: /86` `Unusual section name found: /97` `Unusual section name found: /108` `Unusual section name found: /124` `Unusual section name found: /138` `Unusual section name found: /154` `Unusual section name found: /170`
Suspicious	The PE contains functions most legitimate programs don't use.	`Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot SwitchToThread` `Can access the registry: RegCloseKey RegCreateKeyExW RegEnumKeyExW RegEnumValueW RegQueryInfoKeyW RegSetValueExW` `Possibly launches other programs: CreateProcessW` `Uses Windows's Native API: NtCreateFile NtReadFile NtWriteFile` `Can create temporary files: CreateFileW GetTempPathW` `Leverages the raw socket API to access the Internet: WSACleanup WSADuplicateSocketW WSAGetLastError WSARecv WSASend WSASocketW WSAStartup accept bind closesocket connect freeaddrinfo getaddrinfo getpeername getsockname getsockopt ioctlsocket listen recv recvfrom select send sendto setsockopt shutdown`
Suspicious	The file contains overlay data.	`390120 bytes of data starting at offset 0x5d2400.`
Malicious	VirusTotal score: 5/74 (Scanned on 2024-09-13 12:54:14)	`APEX: Malicious` `Bkav: W64.AIDetectMalware` `Google: Detected` `Ikarus: Trojan.Win64.Krypt` `McAfeeD: ti!20B17C5D1FE2`

Hashes

MD5	`3d9632c4f9b86244ea6d25cf7369f7e5`
SHA1	`f084e4647dffaf788a5a54104231c32a81278e39`
SHA256	`20b17c5d1fe2e4a34ac8603ed2087215ac56d3c5cd5797525b09be0aa3cee721`
SHA3	`e14f95de576165af4f43150e524a514431c188bf01b38fa824c408c311b7d719`
SSDeep	`49152:4RnANjammYDPzv98PFGzesPQKkStizTcEHPB1UAjwqbMVaydWfOHSCyN78/NW6gd:2KD3AAbrkStizTfHJMz4c5rN8Ws`
Imports Hash	`9078ee2f6737671cd1323b5fae6f773f`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`23`
TimeDateStamp	2024-Sep-12 19:31:00
PointerToSymbolTable	`0x5d2400`
NumberOfSymbols	`6479`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0xb2400`
SizeOfInitializedData	`0xf1c00`
SizeOfUninitializedData	`0x400`
AddressOfEntryPoint	`0x00000000000014D0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x5df000`
SizeOfHeaders	`0x600`
Checksum	`0x639639`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`93aebce7b04790117f2b35064deb1a37`
SHA1	`00c362a2e44ac63beac7be041a7c1d5d0f9e0423`
SHA256	`b1e9c9d417291fbd0ec72276e4396439747c8ac8d7cb89df9c144632ec4e0676`
SHA3	`11de3e0b3d5fa7c9bc17ccd30cf88db92a238394a0004f99eb506f9476924d4e`
VirtualSize	`0xb2268`
VirtualAddress	`0x1000`
SizeOfRawData	`0xb2400`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.25786`

.data

MD5	`3dd9472a818cca7503687b25e058cea4`
SHA1	`0d23c1180641ace2bc68a2b998cbd1f0fc16b33a`
SHA256	`8ed0d69c9d17c0153de687d8ca41d70b2aa9397b190bc7200e70c4a815a578b1`
SHA3	`23cfdaaf3e4d3aba4f6aca8d5741d072e48d74c6d956822edc9a9ccfef34ac3e`
VirtualSize	`0x1c0`
VirtualAddress	`0xb4000`
SizeOfRawData	`0x200`
PointerToRawData	`0xb2a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.5814`

.rdata

MD5	`2e6f24a4a47e5a8150afef015246c0ec`
SHA1	`94ee257f8ef5409219630ace4059ef553a5d89d3`
SHA256	`b046e8d448dc085ca46ced7e9c37c7cf4ea995742d4cf6d381e4538a2c8c8f42`
SHA3	`7b1d9d0c9ace2b4a449156e4aa7786b702ee863f763d8d8e33284af22317f91d`
VirtualSize	`0x28320`
VirtualAddress	`0xb5000`
SizeOfRawData	`0x28400`
PointerToRawData	`0xb2c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.89714`

.pdata

MD5	`e1cb0b4c913f950c97052dbdd11f9cb9`
SHA1	`228841b070e98e6929aaf989a9e47af93cfc560c`
SHA256	`08497e37330aabc51484c05411ba6ba2cca1e5d8fc9eff42f2a0eea3bdb9dff0`
SHA3	`5e3383cbd2f1154940dfaa3549a26cb0c2e9ecad54ace1c75a50a0f627ec259c`
VirtualSize	`0x7b6c`
VirtualAddress	`0xde000`
SizeOfRawData	`0x7c00`
PointerToRawData	`0xdb000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.91021`

.xdata

MD5	`6ad09e7022441352d4ad24ecde8d7486`
SHA1	`2ea91c5ea7279c2b7ee3b021dd3baa9825f4713f`
SHA256	`dc3a28f600b935905885ab17641d7f2c521bc6011dff71dc75bd21fef011eb05`
SHA3	`598aa16f01603969b3698c8bd9c5a652a49d28239c831d57eaf622ccb48e147d`
VirtualSize	`0xc3f8`
VirtualAddress	`0xe6000`
SizeOfRawData	`0xc400`
PointerToRawData	`0xe2c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.29577`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x2a0`
VirtualAddress	`0xf3000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`d14d4d4fc9059fa5050c9e0f0486f363`
SHA1	`9ecde34c22e186a298be83c26dc1415744e7e93d`
SHA256	`401dc4815592b226d739cbc82a59c4a2add73f3132658bdfae9d315cfe192c96`
SHA3	`03b03bdcb0b5df2058d93974d8239f44f22ec8b7eabd6f5ebef950141e667502`
VirtualSize	`0x1c78`
VirtualAddress	`0xf4000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0xef000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.1952`

.CRT

MD5	`2ce712fbeccc02dced72bc1d3c34afa8`
SHA1	`8ea07d0a4d841201988a662a04ac622e7acc4504`
SHA256	`72507882e543a35699b0278209f41cf03591af4529facf0cab26b7420972e24d`
SHA3	`2c0068334c4215a3fdc16dd1d8c257e6ba7ddba48d4cd38d7e609542398283d1`
VirtualSize	`0x68`
VirtualAddress	`0xf6000`
SizeOfRawData	`0x200`
PointerToRawData	`0xf0e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.402941`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x10`
VirtualAddress	`0xf7000`
SizeOfRawData	`0x200`
PointerToRawData	`0xf1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.reloc

MD5	`e53dd2ef2378ae5792dd918beb6aa564`
SHA1	`50596aeef9e1fd34d198044925800002eed880fe`
SHA256	`7d25daff2541b6f62aa2a87a8c9ce3e42aed9e35ee03f0e7d3d701707626e6ea`
SHA3	`b4d5642cd869aac8b670d21e9d724c5a702faa2867a47fd1ad65af5bafe48d47`
VirtualSize	`0xee8`
VirtualAddress	`0xf8000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xf1200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.28005`

/4

MD5	`fef1f11eca90f3e22b5c9df19b02a65f`
SHA1	`404c72259dc7010c50f9b9e5b930bb2cb6fe0cf9`
SHA256	`d05175da4906f77c018e10c182c12eec6e9a6208d6e651250eaa4dc9e3b14ad6`
SHA3	`44fb836d688ae8d816b2aab7f89dd70c481e8537484b8b58eeab300fc2f97b6f`
VirtualSize	`0xeb0`
VirtualAddress	`0xf9000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xf2200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.30736`

/19

MD5	`5779c222411b5ecdefe1c0376b744049`
SHA1	`878fc0a41093c2587ed4584e1d2ff6e46b0e080a`
SHA256	`516fedfd99d46d07f9a2a62be0ee73cc35c3955bf0e241fff7ddf73a747001f3`
SHA3	`5e34d149b931f348acaf4cd75813257d48910594b40f8b4e512cd5b66b15d6d1`
VirtualSize	`0xc0345`
VirtualAddress	`0xfa000`
SizeOfRawData	`0xc0400`
PointerToRawData	`0xf3200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.12625`

/35

MD5	`2f12b13539b30d01921cc082be328c9e`
SHA1	`9de7dccd5da1d2fa548453b073395665cefb4c23`
SHA256	`fdb615760b8f80d24ea439f22f4c3a5501a8fc49e8c0d678f1cc19a7df7f955e`
SHA3	`2bda1e8da3300c7c40677a7244a383cc53cf3fddc2f6e0263fa55c3af4027d95`
VirtualSize	`0x133ea2`
VirtualAddress	`0x1bb000`
SizeOfRawData	`0x134000`
PointerToRawData	`0x1b3600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.54005`

/47

MD5	`6eaaf73aa5cf4e904b86805ca96d89a5`
SHA1	`4573e43d61778884cc30520bcc6859f5c311a8de`
SHA256	`4cd3020be6c53ea625c787ae1052d497f079e0058dab36a2a959f3e1e4ce62f3`
SHA3	`2a1af661e40195c565defd7d2677f9f15497e2c3a7f7bb2fd055914928c15716`
VirtualSize	`0x743e`
VirtualAddress	`0x2ef000`
SizeOfRawData	`0x7600`
PointerToRawData	`0x2e7600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.84427`

/61

MD5	`f38e5f754af63aab75ebc25921371084`
SHA1	`def4ed3afa9859d749a41fba5baccfedbe8e2ecc`
SHA256	`cb87bceac3db4f62ef63ecf5159cac9405e9700c269b928a411d7f762967b6b9`
SHA3	`9dcfffeff475f8eefeb3b18d54421d964c56090cc8d4140a33eeb739bbd7c867`
VirtualSize	`0x6a96d`
VirtualAddress	`0x2f7000`
SizeOfRawData	`0x6aa00`
PointerToRawData	`0x2eec00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.09642`

/73

MD5	`d7320fc5824c94f4898e0c5fdceda64d`
SHA1	`4bb1a6b24f9c3b813e4cf6fe61c5056fbbcc0266`
SHA256	`4be40fee73bc2cad22d53999ee679a774a8063c5218b3e9ff00db4bcbb5ad91e`
SHA3	`9f7346429bab7276a2aa589c6c8507315fe2adcf16db5a0134d3adbb15389dda`
VirtualSize	`0xac0`
VirtualAddress	`0x362000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x359600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.24705`

/86

MD5	`1227f56c57b62c488f506342d0163737`
SHA1	`80e4a9ce205c02be8830f0a2ad23104db1ed54b2`
SHA256	`5300e32ddb60f07b0d364850dffd595994cb54ec074058da7bee60d024dc6d3c`
SHA3	`6d5249ed81700f0c6442717b1ee09807efdd682f517ede97a9a875e03951b0e5`
VirtualSize	`0x1bb786`
VirtualAddress	`0x363000`
SizeOfRawData	`0x1bb800`
PointerToRawData	`0x35a200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.37183`

/97

MD5	`2c7bbd7f7383521dc101b20ef9da28a1`
SHA1	`9027275a9eaafad00a1a7fe20ff6477a174182bc`
SHA256	`9b6db1b6cca01f5d856ec280dd31cb04ce6c7a871d512ac6c94fcfa4b602608d`
SHA3	`774d2bdfa9dcc27107b115a33104ceb959fd22c6c9fa91d143c7fc9678b1f1aa`
VirtualSize	`0x133c`
VirtualAddress	`0x51f000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x515a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.075`

/108

MD5	`608ec402ad7f3d7a6769f35a5471e157`
SHA1	`3f57d71ecaed45e61300263fe1c996cff2d795ab`
SHA256	`bf61e2372592dda05d085c60a6ccf78a2da8cfe6dfe507c66ff8697cb3a83997`
SHA3	`1cc367fd7bd581e129a883ed97c45d0eb25c065089122bfecd8d2d5e32f2a87f`
VirtualSize	`0x28a1e`
VirtualAddress	`0x521000`
SizeOfRawData	`0x28c00`
PointerToRawData	`0x516e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.06002`

/124

MD5	`9a611e54c7f9d3a4192a67bbcdd6afcc`
SHA1	`a7daefc62a335fc13ec2d266fd95a3ec8d222f42`
SHA256	`6fe4719c74a1f38c09d12f7464be0fcaac44f7177099982aacc4d09518847442`
SHA3	`de1b00dfee29480c6193aae902081c905739ce240181554fbbf608c58f08eaec`
VirtualSize	`0x90380`
VirtualAddress	`0x54a000`
SizeOfRawData	`0x90400`
PointerToRawData	`0x53fa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.45006`

/138

MD5	`2fb6a8526ffedc25cab42c6b4c71f9cb`
SHA1	`3af7b421640495ddc3d69a20c8b0e5aa7f273c9e`
SHA256	`0b0611d57d12d509bf96c92f2ac5456bf9177023fdeaece009a2af8356a115fa`
SHA3	`e0584b7f83c74f12a18997043beb0ebff7e40c979df0f58083996e44d6efc518`
VirtualSize	`0xea0`
VirtualAddress	`0x5db000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x5cfe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.55947`

/154

MD5	`a484d18e6693dfecb127e2585182c35c`
SHA1	`1ca69ad51b7c29d0ca1ebc77fd07ae2928314645`
SHA256	`52979614b129909ae485b4e60893447078ffc8770995494cdbd92c0c6807f884`
SHA3	`1389085604aca1503daf092e9c613827052449f1d7e18abcda8621b18ef3f37d`
VirtualSize	`0x127c`
VirtualAddress	`0x5dc000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x5d0e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.91185`

/170

MD5	`2194016901751fb350f29ca68805278d`
SHA1	`6d1c69f63ec9aab34849801964367ee740d576a2`
SHA256	`4c7fd2d2cfeede6dcf2348f4ef58b3a7ae26e7f0625b8289e0010ec670d0406d`
SHA3	`9858c060be0e39749d561ba4c6705a63ddb2def83194d4b8ef5ce6b6df4128fd`
VirtualSize	`0x18e`
VirtualAddress	`0x5de000`
SizeOfRawData	`0x200`
PointerToRawData	`0x5d2200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.1413`

Imports

advapi32.dll	`RegCloseKey` `RegCreateKeyExW` `RegEnumKeyExW` `RegEnumValueW` `RegQueryInfoKeyW` `RegSetValueExW`
kernel32.dll	`AddVectoredExceptionHandler` `CancelIo` `CloseHandle` `CompareStringOrdinal` `CopyFileExW` `CreateDirectoryW` `CreateEventW` `CreateFileMappingA` `CreateFileW` `CreateHardLinkW` `CreateNamedPipeW` `CreateProcessW` `CreateSymbolicLinkW` `CreateThread` `CreateToolhelp32Snapshot` `CreateWaitableTimerExW` `DeleteFileW` `DeleteProcThreadAttributeList` `DeviceIoControl` `DuplicateHandle` `ExitProcess` `FileTimeToSystemTime` `FindClose` `FindFirstFileW` `FindNextFileW` `FlushFileBuffers` `FormatMessageW` `FreeEnvironmentStringsW` `GetCommandLineW` `GetConsoleMode` `GetCurrentDirectoryW` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThread` `GetEnvironmentStringsW` `GetEnvironmentVariableW` `GetExitCodeProcess` `GetFileAttributesW` `GetFileInformationByHandle` `GetFileInformationByHandleEx` `GetFileType` `GetFinalPathNameByHandleW` `GetFullPathNameW` `GetLastError` `GetModuleFileNameW` `GetModuleHandleA` `GetModuleHandleW` `GetOverlappedResult` `GetProcAddress` `GetProcessHeap` `GetProcessId` `GetStartupInfoA` `GetStdHandle` `GetSystemDirectoryW` `GetSystemInfo` `GetSystemTimePreciseAsFileTime` `GetTempPathW` `GetWindowsDirectoryW` `HeapAlloc` `HeapFree` `HeapReAlloc` `InitOnceBeginInitialize` `InitOnceComplete` `InitializeProcThreadAttributeList` `MapViewOfFile` `Module32FirstW` `Module32NextW` `MoveFileExW` `MultiByteToWideChar` `QueryPerformanceCounter` `QueryPerformanceFrequency` `ReadConsoleW` `ReadFile` `ReadFileEx` `RemoveDirectoryW` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `SetCurrentDirectoryW` `SetEnvironmentVariableW` `SetFileAttributesW` `SetFileInformationByHandle` `SetFilePointerEx` `SetFileTime` `SetHandleInformation` `SetLastError` `SetThreadStackGuarantee` `SetUnhandledExceptionFilter` `SetWaitableTimer` `Sleep` `SleepEx` `SwitchToThread` `TerminateProcess` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `UnmapViewOfFile` `UpdateProcThreadAttribute` `WaitForMultipleObjects` `WaitForSingleObject` `WideCharToMultiByte` `WriteConsoleW` `WriteFileEx`
ntdll.dll	`NtCreateFile` `NtReadFile` `NtWriteFile` `RtlNtStatusToDosError`
userenv.dll	`GetUserProfileDirectoryW`
ws2_32.dll	`WSACleanup` `WSADuplicateSocketW` `WSAGetLastError` `WSARecv` `WSASend` `WSASocketW` `WSAStartup` `accept` `bind` `closesocket` `connect` `freeaddrinfo` `getaddrinfo` `getpeername` `getsockname` `getsockopt` `ioctlsocket` `listen` `recv` `recvfrom` `select` `send` `sendto` `setsockopt` `shutdown`
api-ms-win-core-synch-l1-2-0.dll	`WaitOnAddress` `WakeByAddressAll` `WakeByAddressSingle`
bcryptprimitives.dll	`ProcessPrng`
KERNEL32.dll	`DeleteCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `LeaveCriticalSection` `RaiseException` `RtlUnwindEx` `VirtualProtect` `VirtualQuery` `__C_specific_handler`
msvcrt.dll	`__getmainargs` `__initenv` `__iob_func` `__set_app_type` `__setusermatherr` `_acmdln` `_amsg_exit` `_cexit` `_commode` `_fmode` `_fpreset` `_initterm` `_onexit` `abort` `calloc` `exit` `fprintf` `free` `fwrite` `malloc` `memcmp` `memcpy` `memmove` `memset` `signal` `strlen` `strncmp` `vfprintf`

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData	`0x1400f7000`
EndAddressOfRawData	`0x1400f7008`
AddressOfIndex	`0x1400f31dc`
AddressOfCallbacks	`0x1400f6038`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x00000001400651C0` `0x00000001400B2270` `0x00000001400B2240`

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Tried to read outside the COFF string table to get the name of section /19!
[*] Warning: Tried to read outside the COFF string table to get the name of section /35!
[*] Warning: Tried to read outside the COFF string table to get the name of section /47!
[*] Warning: Tried to read outside the COFF string table to get the name of section /61!
[*] Warning: Tried to read outside the COFF string table to get the name of section /73!
[*] Warning: Tried to read outside the COFF string table to get the name of section /86!
[*] Warning: Tried to read outside the COFF string table to get the name of section /97!
[*] Warning: Tried to read outside the COFF string table to get the name of section /108!
[*] Warning: Tried to read outside the COFF string table to get the name of section /124!
[*] Warning: Tried to read outside the COFF string table to get the name of section /138!
[*] Warning: Tried to read outside the COFF string table to get the name of section /154!
[*] Warning: Tried to read outside the COFF string table to get the name of section /170!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF String Table's reported size is bigger than the remaining bytes!
[*] Warning: Section .bss has a size of 0!
[*] Warning: Raw bytes from section .text could not be obtained.