4318c4c54996aab8ccf5cecab765c6d1

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2023-Dec-27 00:11:06
TLS Callbacks 1 callback(s) detected.
Debug artifacts C:\RedactedRedactedRedactedRedactedRedactedReda\target\release\deps\night_light.pdb

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: Accesses the WMI:
  • ROOT\CIMV2
 Contains domain names:
  • github.com
  • https://github.com
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
  • LoadLibraryExA
 Can access the registry:
  • RegQueryValueExW
  • RegDeleteValueW
  • RegSetValueExW
  • RegCloseKey
  • RegOpenKeyExW
 Functions related to the privilege level:
  • OpenProcessToken
Suspicious VirusTotal score: 1/69 (Scanned on 2024-01-28 01:32:08) Cynet: Malicious (score: 100)

Hashes

MD5 4318c4c54996aab8ccf5cecab765c6d1
SHA1 aa3b3351bf6b2c1ac57f136de51fbbcc6258350a
SHA256 294d7146ecc981ec3dd49de64b643f5f91f293524dc9277af80e64a8c3f9be3e
SHA3 37b1da2124aa22bd429705020f9b8b0d7ec46dde34ec8a02b042549bb5b16bd1
SSDeep 24576:0V5BsFISoT+tFLE0dtPZg/fwzMX563ssaMgVfS8Nk:0V5WFIS8+tFjdtPZ0fwzMX563ssazV
Imports Hash 8beda584de7724e42a83106f7ca075e6

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 5
TimeDateStamp 2023-Dec-27 00:11:06
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0xeb200
SizeOfInitializedData 0x66600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00000000000E885C (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x156000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 14a8488c4c97bb958faf12b2b19c7826
SHA1 a430d0c6dde4bd9f3ccc0e8866222566800c7003
SHA256 5d1c972d06804262c78146583583e39564f38dcee5f7332fc7475befb6174350
SHA3 dfaede384b0757442eb0eb872919ba9935e3683aa6044b1b5037b11941cb2c51
VirtualSize 0xeb06b
VirtualAddress 0x1000
SizeOfRawData 0xeb200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.24906

.rdata

MD5 6c337164b841c21b8775c385ff324f0c
SHA1 74c433d6b64f7532c8ec38b69fa55f244d17cd6f
SHA256 b4df5253bb3b85a1ea214be048203dfd1cf1f67c1d8795585cb5946b5b729c3d
SHA3 27a48e714bc8a9493e783f57b5b42b57dc2aabe6abe7d9c036250d05beb78fed
VirtualSize 0x595c8
VirtualAddress 0xed000
SizeOfRawData 0x59600
PointerToRawData 0xeb600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.69789

.data

MD5 d881a15a0612834a9a9228b0fcccc35d
SHA1 498cd6da37fa3142d220473cddd27e8c4f8dda54
SHA256 b1ce175274f2a16a569c846daa7e4f6887c17cae7c027803e3284de61d4df264
SHA3 171779db9c73a0b9302df3fad5eb0986c90f317977e625fcdd37de069d1faecc
VirtualSize 0x3f8
VirtualAddress 0x147000
SizeOfRawData 0x200
PointerToRawData 0x144c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.62252

.pdata

MD5 75605dbe91b9b0e360c6fcc7f210dee9
SHA1 13ceb12d9c75132749dd5cfdf6fc8cb1b8fdef80
SHA256 7d42a5bcd8b8e89830daf71f187534ae72c040c5bce78a418b80854926d6f605
SHA3 adc8be79e201871d42e64d3638ce927d1184e4b786dba22941dd7c7160e3eaab
VirtualSize 0xb3e8
VirtualAddress 0x148000
SizeOfRawData 0xb400
PointerToRawData 0x144e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.08727

.reloc

MD5 741a3eee60646af1c9f63f88caf0702e
SHA1 7e790fb3602a6f0bdccab06bb049d5ea44f91399
SHA256 dad1e5bce51a612fef57201735addadc6866e6ee65a845d8e3f463aca5d1a0bf
SHA3 61f865d953fdc6631183233047b2a9ce393a9de6eff8da86950076fcd3cdbc24
VirtualSize 0x1688
VirtualAddress 0x154000
SizeOfRawData 0x1800
PointerToRawData 0x150200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.34419

Imports

user32.dll PostQuitMessage
DestroyWindow
RegisterClassExW
PostMessageW
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
GetMessageW
TranslateMessage
DispatchMessageW
GetWindowLongPtrW
DefWindowProcW
RegisterWindowMessageW
SendNotifyMessageW
CreateWindowExW
UnregisterClassW
SetWindowLongPtrW
kernel32.dll GetProcessHeap
LoadLibraryA
GetProcAddress
FreeLibrary
HeapAlloc
GetLastError
HeapFree
GetCurrentProcess
LocalFree
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
LoadLibraryExA
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
SetConsoleMode
GetConsoleMode
GetStdHandle
ReleaseSemaphore
GetCurrentThreadId
InitializeSListHead
RtlVirtualUnwind
ReleaseMutex
ReleaseSRWLockShared
AddVectoredExceptionHandler
SetThreadStackGuarantee
Sleep
SetLastError
RtlCaptureContext
RtlLookupFunctionEntry
GetCurrentDirectoryW
GetEnvironmentVariableW
GetCommandLineW
FormatMessageW
CloseHandle
SetConsoleCtrlHandler
CreateSemaphoreA
ReleaseSRWLockExclusive
IsDebuggerPresent
WaitForSingleObject
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetConsoleProcessList
AcquireSRWLockExclusive
FreeConsole
GetCurrentProcessId
IsProcessorFeaturePresent
TryAcquireSRWLockExclusive
QueryPerformanceFrequency
GetCurrentThread
HeapReAlloc
AcquireSRWLockShared
WaitForSingleObjectEx
CreateMutexA
GetModuleHandleA
CreateFileW
GetFileInformationByHandleEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetFileType
CreateThread
GetModuleFileNameW
ExitProcess
GetFullPathNameW
GetModuleHandleW
MultiByteToWideChar
WriteConsoleW
advapi32.dll SystemFunction036
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
RegCloseKey
RegOpenKeyExW
ole32.dll CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
oleaut32.dll SysStringLen
SafeArrayGetUBound
SysAllocStringLen
SafeArrayAccessData
GetErrorInfo
SetErrorInfo
SafeArrayGetLBound
SysFreeString
SafeArrayUnaccessData
VariantClear
ntdll.dll NtWriteFile
RtlNtStatusToDosError
bcrypt.dll BCryptGenRandom
VCRUNTIME140.dll memset
__current_exception_context
memcmp
__CxxFrameHandler3
memcpy
memmove
_CxxThrowException
__C_specific_handler
__current_exception
api-ms-win-crt-math-l1-1-0.dll roundf
powf
__setusermatherr
api-ms-win-crt-string-l1-1-0.dll wcslen
api-ms-win-crt-runtime-l1-1-0.dll _seh_filter_exe
_set_app_type
_initterm_e
exit
_exit
_initterm
_get_initial_narrow_environment
terminate
_crt_atexit
__p___argc
__p___argv
_cexit
_register_onexit_function
_initialize_onexit_table
_c_exit
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_initialize_narrow_environment
api-ms-win-crt-stdio-l1-1-0.dll _set_fmode
__p__commode
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll _set_new_mode
free

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2023-Dec-27 00:11:06
Version 0.0
SizeofData 108
AddressOfRawData 0x11f064
PointerToRawData 0x11d664
Referenced File C:\RedactedRedactedRedactedRedactedRedactedReda\target\release\deps\night_light.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2023-Dec-27 00:11:06
Version 0.0
SizeofData 20
AddressOfRawData 0x11f0d0
PointerToRawData 0x11d6d0

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2023-Dec-27 00:11:06
Version 0.0
SizeofData 836
AddressOfRawData 0x11f0e4
PointerToRawData 0x11d6e4

TLS Callbacks

StartAddressOfRawData 0x14011f448
EndAddressOfRawData 0x14011f530
AddressOfIndex 0x140147370
AddressOfCallbacks 0x1400ed578
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_8BYTES
Callbacks 0x00000001400CECF0

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140147140

RICH Header

XOR Key 0x28f47cdd
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 12
Imports (32420) 2
C++ objects (32420) 23
C objects (32420) 9
ASM objects (32420) 3
Total imports 244
Unmarked objects (#2) 218
Linker (VS2022 Update 6 (17.6.4) compiler 32537) 1

Errors

<-- -->