Manalyze report for 4e11136789991f354037a11c4706531b

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Nov-02 18:23:27
TLS Callbacks	2 callback(s) detected.

Plugin Output

Suspicious	PEiD Signature:	`HQR data file`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: schtask` `Contains references to internet browsers: IEXPLORE.EXE chrome.exe` `Miscellaneous malware strings: VIRUS cmd.exe exploit` Contains domain names: .acme.com .example.org BeOpen.com HList.info TList.info a.b.c.com addinfo.info apple.com blog.cryptographyengineering.com bugs.python.org cam.ac.uk cl.cam.ac.uk cryptographyengineering.com cs.ucdavis.edu csrc.nist.gov curl.haxx.se demon.nl docs.python.org eGenix.com editor.org egenix.com en.wikipedia.org example.com example.net example.org felt.demon.nl flak.tedunangst.com ftp.python.org ftp://dkuug.dk github.com gmail.com gustaebel.de here.my.org http://blog.cryptographyengineering.com http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html http://bugs.python.org http://bugs.python.org/issue14443z http://csrc.nist.gov http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf http://curl.haxx.se http://curl.haxx.se/rfc/cookie_spec.html http://docs.python.org http://docs.python.org/3/library/subprocess#subprocess.Popen.kill http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode http://docs.python.org/3/library/subprocess#subprocess.Popen.terminate http://docs.python.org/library/unittest.html http://en.wikipedia.org http://en.wikipedia.org/wiki/Cache_replacement_policies#Least_recently_used_ http://en.wikipedia.org/wiki/IEEE_854-1987 http://en.wikipedia.org/wiki/Triangular_distribution http://json.org http://lists.sourceforge.net http://lists.sourceforge.net/lists/listinfo/optik-users http://nvlpubs.nist.gov http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf http://opensource.apple.com http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c http://purl.org http://schemas.xmlsoap.org http://schemas.xmlsoap.org/wsdl/z http://speleotrove.com http://support.microsoft.com http://support.microsoft.com/kb/118623 http://tip.tcl.tk http://tip.tcl.tk/48 http://tools.ietf.org http://tools.ietf.org/html/rfc4880 http://tools.ietf.org/html/rfc5297 http://tools.ietf.org/html/rfc5869 http://web.cs.ucdavis.edu http://web.cs.ucdavis.edu/ http://www.apple.com http://www.apple.com/DTDs/PropertyList-1.0.dtd http://www.cl.cam.ac.uk http://www.cl.cam.ac.uk/ http://www.cs.ucdavis.edu http://www.cs.ucdavis.edu/ http://www.iana.org http://www.iana.org/assignments/character-sets http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6 http://www.iana.org/time-zones/repository/tz-link.html http://www.ibiblio.org http://www.ibiblio.org/xml/examples/shakespeare/hamlet.xml http://www.ietf.org http://www.ietf.org/rfc/rfc1421.txt http://www.ietf.org/rfc/rfc1423.txt http://www.ietf.org/rfc/rfc2898.txt http://www.ietf.org/rfc/rfc2898.txt. http://www.ietf.org/rfc/rfc3447.txt http://www.ietf.org/rfc/rfc5208.txt http://www.megginson.com http://www.megginson.com/SAX/. http://www.nightmare.com http://www.nightmare.com/squirl/python-ext/misc/syslog.py http://www.ocert.org http://www.ocert.org/advisories/ocert-2011-003.html http://www.phys.uu.nl http://www.phys.uu.nl/ http://www.python.org http://www.python.org/' http://www.python.org/dev/peps/pep-%04d/r http://www.python.org/dev/peps/pep-%04d/r7 http://www.python.org/dev/peps/pep-0205/ http://www.python.org/download/releases/2.3/mro/. http://www.python.org/sax/properties/encodingz3http http://www.python.org/sax/properties/interning-dictN http://www.rfc-editor.org http://www.rfc-editor.org/info/rfc7253 http://www.rfc-editor.org/rfc/rfc%d.txtz http://www.robotstxt.org http://www.robotstxt.org/norobots-rfc.txt http://www.tarsnap.com http://www.tarsnap.com/scrypt/scrypt-slides.pdf http://www.w3.org http://www.w3.org/1999/02/22-rdf-syntax-ns#z http://www.w3.org/1999/xhtmlN http://www.w3.org/1999/xhtmlz+http http://www.w3.org/2000/xmlns/r# http://www.w3.org/2000/xmlns/z http://www.w3.org/2001/XInclude http://www.w3.org/2001/XMLSchema-instancez http://www.w3.org/2001/XMLSchemaz http://www.w3.org/TR/NOTE-datetime http://www.w3.org/TR/html4/strict.dtd http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd http://www.w3.org/XML/1998/namespace http://www.w3.org/XML/1998/namespacez http://www.xmlrpc.com http://www.xmlrpc.com/discuss/msgReader$1208 http://www.xmlrpc.com/discuss/msgReader$1208z http://wwwsearch.sf.net http://wwwsearch.sf.net/ http://xml.org http://xml.python.org http://xml.python.org/entities/fragment-builder/internalz http://xmlrpc.usefulinc.com http://xmlrpc.usefulinc.com/doc/reserved.html https://docs.python.org https://docs.python.org/ https://docs.python.org/%d.%d/libraryNr https://docs.python.org/X.Y/library/ https://flak.tedunangst.com https://flak.tedunangst.com/post/new-openssh-key-format-and-bcrypt-pbkdf https://github.com https://packaging.python.org https://packaging.python.org/specifications/entry-points/ https://tools.ietf.org https://tools.ietf.org/html/rfc3610 https://tools.ietf.org/html/rfc5297 https://upload.pypi.org https://upload.pypi.org/legacy/ https://www.ibm.com https://www.ibm.com/support/knowledgecenter/en/ssw_aix_61/com.ibm.aix.basetrf1/dlopen.htm https://www.ibm.com/support/knowledgecenter/en/ssw_aix_61/com.ibm.aix.basetrf1/load.htm https://www.ietf.org https://www.ietf.org/rfc/rfc2898.txt https://www.python.org https://www.python.org/dev/peps/pep-0506/ https://www.python.org/download/releases/2.3/mro/. https://www.python.org/psf/license/ https://www.unicode.org https://www.unicode.org/Public/13.0.0/ucd/DerivedCoreProperties.txt https://www.usenix.org https://www.usenix.org/legacy/events/usenix99/provos/provos_html/node4.html ibiblio.org jython.org la.mastaler.com lemburg.com lists.sourceforge.net logger.info mastaler.com megginson.com microsoft.com nightmare.com nightshade.la.mastaler.com nvlpubs.nist.gov ocert.org opensource.apple.com packaging.python.org phys.uu.nl pitrou.net python.net python.org pythoncom.com red-dove.com redivi.com rfc-editor.org robotstxt.org samba.org schemas.xmlsoap.org sendmail.org skippinet.com.au sockets.ru sourceforge.net speleotrove.com sprymix.com support.microsoft.com sweetapp.com tarsnap.com tedunangst.com three.org tip.tcl.tk tools.ietf.org ucdavis.edu unicode.org upload.pypi.org usefulinc.com usenix.org web.cs.ucdavis.edu wikipedia.org www.acme.com www.apple.com www.cl.cam.ac.uk www.cs.ucdavis.edu www.example.com www.iana.org www.ibiblio.org www.ibm.com www.ietf.org www.jython.org www.megginson.com www.nightmare.com www.ocert.org www.phys.uu.nl www.python.org www.rfc-editor.org www.robotstxt.org www.tarsnap.com www.unicode.org www.usenix.org www.w3.org www.xmlrpc.com wwwsearch.sf.net xml.python.org xmlrpc.com xmlrpc.usefulinc.com xmlsoap.org zen.co.uk zesty.ca
Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryExW` `Manipulates other processes: OpenProcess`
Info	The PE is digitally signed.	`Signer: PAN Software` `Issuer: PAN Software`
Suspicious	VirusTotal score: 1/66 (Scanned on 2021-12-15 10:49:50)	`Ikarus: Trojan.Python.Agent`

Hashes

MD5	`4e11136789991f354037a11c4706531b`
SHA1	`774ebc1fdc1d54cfd48528413c91cb558568dc30`
SHA256	`5269bd4ec5ee72c07a23d95b47650c2a62c0d168a453aaa1560c21da34f736d6`
SHA3	`fa02491cb95b1fd871146b2f3b21806ca1d3bc5be5538b1387a473d7788b3b33`
SSDeep	`98304:QdOULkVGJNARHhRuc1qufhfa44xg9qlwpmVHbMiLD3uyKLVyHkjxsgt24Cmns9Cj:MU5frnRnLXIDdqKljx0`
Imports Hash	`18555826a95cb62f7e014d08f075cef9`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`11`
TimeDateStamp	2021-Nov-02 18:23:27
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0x508400`
SizeOfInitializedData	`0xd21800`
SizeOfUninitializedData	`0x33400`
AddressOfEntryPoint	`0x00000000000010ED (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0xd5c000`
SizeOfHeaders	`0x400`
Checksum	`0xd24a10`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x968000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`bc2560fb2737f45f2024e37c59a6f9f4`
SHA1	`2f376b8dca45b640a819771bc5454719901cde23`
SHA256	`224f4c4acc89af6861dfced027ab21857dbd2277fc550a1798c0db1a50ccfdd2`
SHA3	`9875f1d278fd6ee58fd773fbe34f4f767817e93f2ae0fd770bb6009d7f830261`
VirtualSize	`0x5082c8`
VirtualAddress	`0x1000`
SizeOfRawData	`0x508400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.92071`

.data

MD5	`f0dbba77dc685e4adad5ad7e6e1593e6`
SHA1	`172671918daa3f961881a80df5a7c71553b967c5`
SHA256	`ffdf4df597d9e2a0f4f548cd2b6f0e72294c0e703928be29d6d7d16077f6ba22`
SHA3	`d3efaf34b8933efa6f9037b75e50a71f78a873d37a2178835eca4d290ca210b9`
VirtualSize	`0xda00`
VirtualAddress	`0x50a000`
SizeOfRawData	`0xda00`
PointerToRawData	`0x508800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.22555`

.rdata

MD5	`76c9d3ef2282b952ce236090459c5325`
SHA1	`526a85a78492ada8504d5c716bba64f5b542fb43`
SHA256	`cad1eb6069892bd4b928bf71c9691e29bc316f259770bdd72d4eda0ffa702e46`
SHA3	`e36da5786e8669db1c34ad660b0b56f9f03e53a0233ec6f17aebe5312e233686`
VirtualSize	`0x12140`
VirtualAddress	`0x518000`
SizeOfRawData	`0x12200`
PointerToRawData	`0x516200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.029`

.eh_fram

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x4`
VirtualAddress	`0x52b000`
SizeOfRawData	`0x200`
PointerToRawData	`0x528400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.pdata

MD5	`3c81205e1c44e4eade48a68cae470fa1`
SHA1	`2c2a9cbcd88e7e126ca8c6f09721a950574ca191`
SHA256	`81b2450877dfdc3ed95f0c5cabc58939698118a263d4ffc8a45021b49d4f3c37`
SHA3	`de3b926240744b404671fb1f1a00f721406d6bf6ce038af5559b9d3cd4d9f285`
VirtualSize	`0x8d78`
VirtualAddress	`0x52c000`
SizeOfRawData	`0x8e00`
PointerToRawData	`0x528600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.19195`

.xdata

MD5	`90daa99edd96ce101a5e59c1d4824a8d`
SHA1	`7a57967787fb6778cc1072fbf4b2340e6cd2ed3f`
SHA256	`2479c558f3271c66ba73039481817d9f79e4f666a2b0b5719b14e304ecbbac22`
SHA3	`155abd664787d07a16a3c5b1f281bf59fafefa1d7f63996bb08c11fd22119a65`
VirtualSize	`0xbf70`
VirtualAddress	`0x535000`
SizeOfRawData	`0xc000`
PointerToRawData	`0x531400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.70565`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x33220`
VirtualAddress	`0x541000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`8587eaf48d91fac50a4729ee2986474b`
SHA1	`d5437aade36cd5ec77f7960bdb21092407155b35`
SHA256	`ac07819b1ea8b9c2919d2ae76a2dacbdd2c2d6c09040d6fc71b20612e363b5e9`
SHA3	`2b60be40ded60aaca64b728e013c59484b81b7a1d577d3c006586418e95c5b59`
VirtualSize	`0x35bc`
VirtualAddress	`0x575000`
SizeOfRawData	`0x3600`
PointerToRawData	`0x53d400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.6458`

.CRT

MD5	`8e43e457475467759ba8db837d3cd6a4`
SHA1	`c452eddde0b025ffcad29cec54027c36899e713a`
SHA256	`8282bf0e8d016a884bc6315dcdf52c1f582f8dbd21bfb85245263865c8c997fe`
SHA3	`22f18d5d3d3f47974a196fd09a44de23d9988c36011853410e4961f022aeea87`
VirtualSize	`0x68`
VirtualAddress	`0x579000`
SizeOfRawData	`0x200`
PointerToRawData	`0x540a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.284307`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x10`
VirtualAddress	`0x57a000`
SizeOfRawData	`0x200`
PointerToRawData	`0x540c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`c72f49b95381f5f9f6dd2edd2d5860d4`
SHA1	`5569b4cf7413feaabc61d2aa0e5db2e587a14e7f`
SHA256	`6e79e801a8b34e119e4121fdea73b1a8a4fe4a6339725ec80bdda239c47cb024`
SHA3	`9a47a0b18736457477a3a93c95ba810fa2009469978ee55336bf850497b19808`
VirtualSize	`0x7e0db4`
VirtualAddress	`0x57b000`
SizeOfRawData	`0x7e0e00`
PointerToRawData	`0x540e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.60259`

Imports

KERNEL32.dll	`CloseHandle` `CreateThread` `DeleteCriticalSection` `EnterCriticalSection` `FindResourceA` `FormatMessageA` `FreeLibrary` `GetCommandLineW` `GetCurrentProcessId` `GetEnvironmentVariableA` `GetLastError` `GetModuleFileNameW` `GetModuleHandleA` `GetProcAddress` `GetShortPathNameW` `GetStartupInfoA` `GetSystemTimeAsFileTime` `GetTempPathW` `InitializeCriticalSection` `IsDBCSLeadByteEx` `LeaveCriticalSection` `LoadLibraryA` `LoadLibraryExW` `LoadResource` `LockResource` `MultiByteToWideChar` `OpenProcess` `SetDllDirectoryW` `SetErrorMode` `SetUnhandledExceptionFilter` `Sleep` `TlsGetValue` `VirtualProtect` `VirtualQuery` `WaitForSingleObject` `WideCharToMultiByte`
msvcrt.dll	`__C_specific_handler` `___lc_codepage_func` `___mb_cur_max_func` `__argc` `__argv` `__getmainargs` `__initenv` `__iob_func` `__lconv_init` `__set_app_type` `__setusermatherr` `_acmdln` `_amsg_exit` `_cexit` `_commode` `_errno` `_fmode` `_initterm` `_lock` `_onexit` `_snprintf` `_unlock` `_wcsicmp` `abort` `atol` `calloc` `exit` `fprintf` `fputc` `free` `fwrite` `localeconv` `malloc` `mbstowcs` `memcmp` `memcpy` `memset` `puts` `signal` `strchr` `strcmp` `strerror` `strlen` `strncmp` `strncpy` `strrchr` `vfprintf` `wcscmp` `wcslen`
SHELL32.dll	`CommandLineToArgvW`
python38.dll	`PyObject_GC_Del` `_PyObject_GC_Resize` `_PyObject_GC_New` `_PyObject_GC_Malloc` `PyObject_GC_UnTrack` `PyObject_GC_Track` `PyErr_SetInterrupt` `_PyTraceMalloc_NewReference` `PyIter_Next` `PyObject_GetIter` `PyObject_IsSubclass` `PyObject_IsInstance` `PyMapping_Check` `PySequence_Contains` `PySequence_Tuple` `PySequence_GetItem` `PySequence_InPlaceConcat` `PySequence_Check` `PyNumber_ToBase` `PyNumber_Long` `PyNumber_AsSsize_t` `PyNumber_Index` `PyNumber_Invert` `PyNumber_Negative` `PyNumber_InPlaceMultiply` `PyNumber_InPlaceAdd` `PyNumber_InPlaceLshift` `PyNumber_FloorDivide` `PyNumber_Add` `PyNumber_Subtract` `PyBuffer_Release` `PyObject_GetBuffer` `PyObject_DelItem` `PyObject_SetItem` `PyObject_GetItem` `PyObject_LengthHint` `_PyObject_HasLen` `PyObject_Size` `PyBool_Type` `_Py_FalseStruct` `_Py_TrueStruct` `_PyByteArray_empty_string` `PyByteArray_Type` `PyByteArray_FromStringAndSize` `PyByteArray_FromObject` `PyBytes_Type` `_PyBytes_Resize` `PyBytes_FromString` `PyBytes_FromStringAndSize` `PyObject_CallFunctionObjArgs` `PyObject_CallMethodObjArgs` `PyObject_CallObject` `PyObject_Call` `PyCapsule_New` `PyMethod_Type` `PyCode_Type` `PyCode_NewWithPosOnlyArgs` `PyComplex_Type` `PyComplex_FromDoubles` `PyProperty_Type` `PyDict_Type` `PyDict_DelItemString` `PyDict_SetItemString` `PyDict_GetItemString` `PyDict_Copy` `PyDict_Merge` `PyDict_MergeFromSeq2` `PyDict_Next` `PyDict_DelItem` `PyDict_SetItem` `PyDict_GetItem` `_PyDict_NewPresized` `PyDict_New` `PyEnum_Type` `PyExc_ImportWarning` `PyExc_KeyError` `PyExc_RuntimeError` `PyExc_IOError` `PyExc_UnboundLocalError` `PyExc_AttributeError` `PyExc_ZeroDivisionError` `PyExc_ValueError` `PyExc_BaseException` `PyExc_OverflowError` `PyExc_SyntaxError` `PyExc_StopIteration` `PyExc_OSError` `PyExc_NotImplementedError` `PyExc_StopAsyncIteration` `PyExc_TypeError` `PyExc_NameError` `PyExc_IndexError` `PyExc_ImportError` `PyExc_SystemError` `PyExc_AssertionError` `PyExc_GeneratorExit` `PyException_SetContext` `PyException_GetContext` `PyException_SetCause` `PyException_GetTraceback` `PyFloat_Type` `PyFloat_FromDouble` `PyFrame_Type` `PyFrame_New` `PyFrame_GetLineNumber` `PyFunction_Type` `_PyAsyncGenWrappedValue_Type` `PyCoro_Type` `PyGen_Type` `PyAsyncGen_Type` `_PyGen_FetchStopIterationValue` `_PyGen_SetStopIterationValue` `PySeqIter_Type` `PyCallIter_Type` `PyList_Type` `PyList_Insert` `PyList_SetItem` `PyList_New` `PyLong_Type` `PyLong_FromUnicodeObject` `PyLong_FromString` `PyLong_FromSsize_t` `PyLong_FromUnsignedLongLong` `PyLong_FromLongLong` `PyLong_FromVoidPtr` `PyLong_AsLong` `PyLong_AsLongAndOverflow` `PyLong_FromLong` `_PyLong_New` `PyMemoryView_Type` `PyCFunction_Type` `PyCFunction_NewEx` `PyModule_Type` `PyModuleDef_Type` `PyModule_GetDef` `PyModule_GetFilenameObject` `PyModule_GetName` `PyModule_GetDict` `PyModule_ExecDef` `PyModule_FromDefAndSpec2` `PyModule_NewObject` `_Py_NoneStruct` `_Py_NotImplementedStruct` `_Py_Dealloc` `PyCallable_Check` `PyObject_IsTrue` `PyObject_GenericSetAttr` `PyObject_GenericGetAttr` `PyObject_SelfIter` `PyObject_SetAttr` `PyObject_GetAttr` `PyObject_SetAttrString` `PyObject_HasAttrString` `PyObject_GetAttrString` `PyObject_RichCompareBool` `PyObject_RichCompare` `PyObject_Str` `PyObject_Repr` `_PyObject_New` `_Py_tracemalloc_config` `PyObject_Free` `PyObject_Realloc` `PyObject_Malloc` `PyMem_Realloc` `PyMem_Malloc` `PyRange_Type` `PyFrozenSet_Type` `PySet_Type` `_PySet_NextEntry` `PySet_Add` `PyFrozenSet_New` `PySet_New` `PySlice_Type` `_Py_EllipsisObject` `PyEllipsis_Type` `PySlice_New` `PyStructSequence_InitType` `PyStructSequence_SetItem` `PyStructSequence_New` `PyTuple_Type` `PyTuple_Pack` `PyTuple_New` `PyBaseObject_Type` `PySuper_Type` `PyType_Type` `PyType_Ready` `_PyType_Lookup` `PyType_GetFlags` `PyType_IsSubtype` `PyUnicode_Type` `PyUnicode_InternInPlace` `PyUnicode_Format` `PyUnicode_Substring` `PyUnicode_Concat` `PyUnicode_FindChar` `PyUnicode_Find` `PyUnicode_DecodeUTF8` `PyUnicode_GetLength` `PyUnicode_AsUnicode` `PyUnicode_AsUTF8` `PyUnicode_FromOrdinal` `PyUnicode_FromFormat` `PyUnicode_FromString` `PyUnicode_FromStringAndSize` `PyUnicode_FromWideChar` `_PyUnicode_Ready` `PyUnicode_New` `PyObject_ClearWeakRefs` `_PyWarnings_Init` `PyErr_WarnEx` `PyMap_Type` `PyFilter_Type` `PyZip_Type` `PyEval_GetFuncName` `PyEval_GetFrame` `PyEval_EvalCodeEx` `PyEval_EvalFrameEx` `PyEval_EvalCode` `Py_MakePendingCalls` `PyEval_SaveThread` `PyEval_AcquireThread` `PyErr_WriteUnraisable` `PyErr_Format` `PyErr_SetFromErrno` `PyErr_NoMemory` `PyErr_BadArgument` `_PyErr_FormatFromCause` `PyErr_NormalizeException` `PyErr_ExceptionMatches` `PyErr_GivenExceptionMatches` `PyImport_FrozenModules` `_PyArg_NoKeywords` `PyArg_UnpackTuple` `PyArg_ParseTupleAndKeywords` `PyArg_ParseTuple` `PyImport_ImportModule` `PyImport_ImportFrozenModule` `PyImport_ExecCodeModuleEx` `PyImport_ExecCodeModule` `_PyImport_FixupExtensionObject` `PyImport_GetModule` `PyImport_GetModuleDict` `Py_NoSiteFlag` `Py_NoUserSiteDirectory` `Py_DontWriteBytecodeFlag` `Py_DebugFlag` `Py_BytesWarningFlag` `Py_VerboseFlag` `Py_OptimizeFlag` `Py_UTF8Mode` `Py_InteractiveFlag` `Py_InspectFlag` `Py_IgnoreEnvironmentFlag` `Py_FrozenFlag` `PyMarshal_ReadObjectFromString` `_Py_PackageContext` `PyModule_AddObject` `Py_BuildValue` `PyOS_snprintf` `Py_SetPythonHome` `Py_SetPath` `_PyRuntime` `Py_Exit` `Py_Initialize` `Py_CompileStringExFlags` `PyErr_Print` `PyErr_PrintEx` `PySys_WriteStderr` `PySys_SetArgv` `PySys_SetPath` `PySys_SetObject` `PySys_GetObject` `PyTraceBack_Type`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1910`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.84265`
Detected Filetype	PNG graphic file
MD5	`1e53ccde62fe394f6f9605c3189dee1f`
SHA1	`188f872330e2786fd9d0159c0ec21a682361d90e`
SHA256	`6261d3c3e8338ca6b3991ad5cdd2eb880994fa2c55da2bbd371fd5d0a87a08fc`
SHA3	`9367791f4eef23e8519f553b760bc3fa887977e50e5df5a91f6785e792f1688f`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.06302`
MD5	`bc45a1de4fb5e9baf8e863e7b95fe7a6`
SHA1	`a0031af50eb4133d8be8e422fe12992166c7a350`
SHA256	`d5ed60cb1893302e46f3cc3bca68f64b01d06b864d6b130f1bf23ad37ec5f862`
SHA3	`0309a682033df43875e9d1dd62306354a74a232c51a02dfb88672eb2b54dfceb`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.72277`
MD5	`5a69c5446f1f162b659a52870aebdb3e`
SHA1	`cde97c775fa44269b44d5ac45a402935adc1204a`
SHA256	`c739f1e1f09c0054d8274258d9057a7db8b45e3d4c87d2352748ff87641693b2`
SHA3	`b9f34c17939642ff72c06ec09590fb3d7fb86b7f96755748610fd7197527aca9`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x5488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.76658`
MD5	`8ed5b3cae6a0332dec90e7ac8ef179c0`
SHA1	`fcaadc2e2714a31b41d876c89115b82b29f672a7`
SHA256	`848afa460f553eae2443a67cc3d16c1319a342bd85a12e015b2f80a5f4db234a`
SHA3	`f398c2c94ff9597e50e10358df606c3c3197bfb9d05c7b7fa56d0ac5db87d580`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.27191`
MD5	`9ff588c5a875c433b4da1216e93e9697`
SHA1	`3f5326c86853eb8b582c40a2ed7b0b8547ac6cf2`
SHA256	`6fceb9c7960ff4c4ebf7a0d839bfd776591a7c2d97165e12737212cb97273664`
SHA3	`7a6927176aeabf94f272d67d15ca045a7c0570c96a2223a1b2b2d41132c3e4be`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.87529`
MD5	`9a58e0508437da19f640e12f30735bf5`
SHA1	`7a7c6b03b07f090862c949c0ebacdfaed3ab7bbe`
SHA256	`cc510fda33dc87c06f2f2c1d76d6a8d6e569c5eb7ca0425feb12c134baf3ec35`
SHA3	`93dd3cd88b4939ca7490cbe4a3d8dc087df32e86049b33021b739cadbe77c3f7`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.68301`
MD5	`b166f04f31f6f1576b2d2d2f3f5157c0`
SHA1	`3f350adf8668f1c36d707cb9f0670b939e78e93b`
SHA256	`b7ec8496829066030db8ec9597199ab54808e469e554b7f21056288d9a0e4bca`
SHA3	`b908077a0b0430469eec73bb0bdc2bc9055864c5a3aea9a571db92601651884b`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.15098`
MD5	`ee5de13c7147e36736aeb262f142982c`
SHA1	`d177126bfd80ce33e8935d51cf22c29e5c92b059`
SHA256	`3ece311425ddd2104b4a0e3e2127964ec6c2444fd8c1180fc303b42f129917ca`
SHA3	`b4de7f7238a863d85468f9fd89ff9f2cda76d3e752dc2319a0293410c6740c53`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.16518`
MD5	`feb768a22028f92110c3f14f36e457d5`
SHA1	`1a1d90e3c12ddefd525e4ebe6ab56235447cc40e`
SHA256	`fcfa664a94e78263480e7c8994dedc769f4e2df090bbe052a1d82db5b2450d9d`
SHA3	`1c097ae28abc34f81a476d70746ec5ffa334d5b8ac81237c761fa02e503ffbc4`

3 (#2)

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x7b79f6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.55331`
MD5	`ec6aefa279160e35b753a7ea0adb2a46`
SHA1	`9ff9d65b6a7c3324ae6cc2f23cd8746e1e7ac4ea`
SHA256	`de7b2f19adb58c54351c6dafe147f54f043a134f4a6ee7b100f523cde0289a60`
SHA3	`069eb15583dc9a079d2dfc6473f72ce6a18dbb35597d1f06628883c2e018c319`

1 (#2)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.01007`
Detected Filetype	Icon file
MD5	`8d6cf5d5598e4c4c8b26821dceb0f558`
SHA1	`3ed0c851395e445ae3f5cc4ea80169e190e9f2d8`
SHA256	`f8cd0da64e84695fe320a2bd988c03ab1acd7d08066d7fc3d018332ad5ec72a5`
SHA3	`68ae230440741a448a58776833a8dbd219fee677a3fa6882d42c67a09b5b5407`

Version Info

TLS Callbacks

StartAddressOfRawData	`0x97a000`
EndAddressOfRawData	`0x97a008`
AddressOfIndex	`0x973700`
AddressOfCallbacks	`0x979040`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x00000000008FF690` `0x00000000008FF74F`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!