Manalyze report for 47a7a16a683ead8d8e2ac76d74cb65fd

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Jan-12 23:04:35
Detected languages	English - United States German - Germany
Debug artifacts	C:\Users\tnt\source\repos\WatermelonExecutor\x64\Release\WatermelonExecutor.pdb
CompanyName	Watermelon GmbH
FileDescription	WatermelonExecutor
FileVersion	`1.0.0.1`
InternalName	WatermelonExecutor
LegalCopyright	Copyright (C) Watermelon GmbH 2021-2024
OriginalFilename	WatermelonExecutor
ProductName	WatermelonExecutor
ProductVersion	`1.0.0.1`

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Info	Interesting strings found in the binary:	`Contains domain names: 928adujkduahwdua9dk.pythonanywhere.com https://928adujkduahwdua9dk.pythonanywhere.com https://928adujkduahwdua9dk.pythonanywhere.com/rk pythonanywhere.com`
Malicious	The PE contains functions mostly used by malware.	`Can access the registry: RegCloseKey RegSetValueExA RegDeleteKeyA RegCreateKeyExA` `Possibly launches other programs: system` `Has Internet access capabilities: WinHttpReceiveResponse WinHttpOpen WinHttpQueryDataAvailable WinHttpOpenRequest WinHttpCloseHandle WinHttpSendRequest WinHttpReadData WinHttpConnect WinHttpCrackUrl` `Functions related to the privilege level: CheckTokenMembership`
Safe	VirusTotal score: 0/72 (Scanned on 2025-01-12 23:12:26)	`All the AVs think this file is safe.`

Hashes

MD5	`47a7a16a683ead8d8e2ac76d74cb65fd`
SHA1	`537aee73fff40a7de2e2f98ad263b8a5ff70ce1f`
SHA256	`e81f83ebc03df8213bc957cdf0e9bf0c4cfd3e2359ac3a8bc6404388f72a4b71`
SHA3	`94b286dc126e04916d2d6ec10c93640daf9a4bd06e3e28e442cf5c3c9ff4f5ae`
SSDeep	`384:hZEREi2i0TYianprnmqOL0UyyohyHhECQk1p4IT5ff8syeo7KfEIGNv5FiELcOG:h5ji2UI05FbPG/9jlT0O1pMsxU8W7DE`
Imports Hash	`e0e1ae4514138c07e238564f2ab32ddf`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2025-Jan-12 23:04:35
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x5200`
SizeOfInitializedData	`0x4600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000005170 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xe000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f49e50e01d6cf78bebe794f5d9484dce`
SHA1	`aaf559353ed623bb4e59b28de0de9a0e8bc2a80d`
SHA256	`dbcb592be8b5016577d2f5520b9e50e8b32e9bec3b89e0a3027622dbfe6d9fd2`
SHA3	`5dc7c99831c55e5adc03e4f41e9827ba7cf29c6afe7a762b28e51ab1984c6075`
VirtualSize	`0x5109`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.06681`

.rdata

MD5	`f6fc1bca7b7bfea7bbcbbdd34801938b`
SHA1	`80eaa8bf1d37d68405c6b2c8dc7fe89e89ca59e7`
SHA256	`d9d1e5eebd5af1d0552ada1604d6b5e1e2f05ba69ac72ea45a80b057bf0af573`
SHA3	`e3183f5ec7ecc8c0584d04043c19cf6312d33c08c8bc62e0f1b7acabc6c6c639`
VirtualSize	`0x2d5c`
VirtualAddress	`0x7000`
SizeOfRawData	`0x2e00`
PointerToRawData	`0x5600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.58988`

.data

MD5	`6a69d2b2027b557d80e2ae63a1d413a2`
SHA1	`0486d0eac267e8e97caf42a77c00324cfa0da6e9`
SHA256	`987059faadb1cf3c56cd2325c0526c4407413b5981b9238c0c71e46c32ed1de9`
SHA3	`1386f7106d0180441c4e4fa143df08e326b6af121f513a9172bd3b88f206d750`
VirtualSize	`0x948`
VirtualAddress	`0xa000`
SizeOfRawData	`0x400`
PointerToRawData	`0x8400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.3497`

.pdata

MD5	`fe2c69072cdb07a509c2de418c6f4abb`
SHA1	`da65d97d795c8838f64ab2a0f332649c691dd8f4`
SHA256	`c45e75fc8a2b0060ba6aa5e7017fee90ee2a7c34cb687ec051573c6c6b48e35c`
SHA3	`c54ff0cec07298a3561e687b362023d3078cf05dcbfa4181b03aaf675c989b06`
VirtualSize	`0x4f8`
VirtualAddress	`0xb000`
SizeOfRawData	`0x600`
PointerToRawData	`0x8800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.73184`

.rsrc

MD5	`77799527da58ef58162ab2abf3a5d36c`
SHA1	`692d20d381d59df2b1d81ec49b94ab36b0355f5d`
SHA256	`d5dd7a64dc1c9d40d9f4b98a3f5469dceeca89337413ef4a6e177994afc6e98f`
SHA3	`344c6a2849fb0cd62f8100969cf62473dcf4f77ad314881d7c57f83c7ae6c684`
VirtualSize	`0x548`
VirtualAddress	`0xc000`
SizeOfRawData	`0x600`
PointerToRawData	`0x8e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.7735`

.reloc

MD5	`3b79bab12371de5e9c51e770671e2959`
SHA1	`d5acbea007967e77ed7df98dfac853843ba1e19d`
SHA256	`e38bdc615c5e14a2a36ddc1903a94c93e5fddcb9ff85f99d6d438d18f7b85e6b`
SHA3	`4c70d716dcb1b60b9fdcd1f8b020e7cf8e72e010a79963d4818a88ca35f78370`
VirtualSize	`0x90`
VirtualAddress	`0xd000`
SizeOfRawData	`0x200`
PointerToRawData	`0x9400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.99263`

Imports

KERNEL32.dll	`GetModuleFileNameA` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `GetStartupInfoW` `GetModuleHandleW` `RtlCaptureContext`
ADVAPI32.dll	`RegCloseKey` `CheckTokenMembership` `FreeSid` `RegSetValueExA` `RegDeleteKeyA` `AllocateAndInitializeSid` `RegCreateKeyExA`
MSVCP140.dll	`?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z` `?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `?good@ios_base@std@@QEBA_NXZ` `??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ` `??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z` `?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z` `?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ` `?_Incref@facet@locale@std@@UEAAXXZ` `??Bid@locale@std@@QEAA_KXZ` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A` `?_Xlength_error@std@@YAXPEBD@Z` `?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?uncaught_exception@std@@YA_NXZ` `?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z` `?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z` `?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z`
WINHTTP.dll	`WinHttpReceiveResponse` `WinHttpOpen` `WinHttpQueryDataAvailable` `WinHttpOpenRequest` `WinHttpCloseHandle` `WinHttpSendRequest` `WinHttpReadData` `WinHttpConnect` `WinHttpCrackUrl`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`__C_specific_handler` `_CxxThrowException` `__current_exception` `memcpy` `memset` `__std_terminate` `__std_exception_copy` `__std_exception_destroy` `__current_exception_context` `memmove`
api-ms-win-crt-heap-l1-1-0.dll	`malloc` `_callnewh` `free` `_set_new_mode`
api-ms-win-crt-stdio-l1-1-0.dll	`fwrite` `__p__commode` `_set_fmode` `fopen_s` `fclose`
api-ms-win-crt-runtime-l1-1-0.dll	`_initialize_onexit_table` `_register_onexit_function` `_cexit` `_c_exit` `terminate` `_initterm` `_initialize_wide_environment` `_configure_wide_argv` `_get_wide_winmain_command_line` `_register_thread_local_exe_atexit_callback` `system` `_crt_atexit` `_initterm_e` `_set_app_type` `_seh_filter_exe` `_exit` `exit` `_invalid_parameter_noinfo_noreturn`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`

Delayed Imports

1

Type	`RT_VERSION`
Language	German - Germany
Codepage	UNKNOWN
Size	`0x324`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.33962`
MD5	`4ffe3627b1a0052e4bf7389afb698b30`
SHA1	`2064b464343477e9e86d4297f12a0f7f424bac1f`
SHA256	`950b88035bea14d8ef313aa4e536f0c65e7c3af1400042c917cacc361f76e56b`
SHA3	`0c535446ff656d4702c1532debea31f60bc83d77f5e38b07050b4878eedba5af`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.1
ProductVersion	1.0.0.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	German - Germany
CompanyName	Watermelon GmbH
FileDescription	WatermelonExecutor
FileVersion (#2)	1.0.0.1
InternalName	WatermelonExecutor
LegalCopyright	Copyright (C) Watermelon GmbH 2021-2024
OriginalFilename	WatermelonExecutor
ProductName	WatermelonExecutor
ProductVersion (#2)	1.0.0.1

Resource LangID	German - Germany

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Jan-12 23:04:35
Version	`0.0`
SizeofData	`104`
AddressOfRawData	`0x8080`
PointerToRawData	`0x6680`
Referenced File	C:\Users\tnt\source\repos\WatermelonExecutor\x64\Release\WatermelonExecutor.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Jan-12 23:04:35
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x80e8`
PointerToRawData	`0x66e8`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Jan-12 23:04:35
Version	`0.0`
SizeofData	`720`
AddressOfRawData	`0x80fc`
PointerToRawData	`0x66fc`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2025-Jan-12 23:04:35
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14000a040`

RICH Header

XOR Key	`0xb8deb2eb`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`10`
ASM objects (33808)	`3`
C objects (33808)	`10`
C++ objects (33808)	`29`
Imports (33808)	`6`
Imports (30795)	`7`
Total imports	`119`
C++ objects (LTCG) (34123)	`1`
Resource objects (34123)	`1`
151	`1`
Linker (34123)	`1`

47a7a16a683ead8d8e2ac76d74cb65fd

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

1

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors