Manalyze report for 523613a7b9dfa398cbd5ebd2dd0f4f38

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2011-Sep-16 22:46:10

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: eternallybored.org http://eternallybored.org`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Possibly launches other programs: CreateProcessA`
Info	The PE is digitally signed.	`Signer: Jernej Simoncic` `Issuer: GlobalSign ObjectSign CA`
Malicious	VirusTotal score: 25/67 (Scanned on 2021-10-07 17:50:40)	`Lionic: Riskware.Win32.NetCat.1!c` `Cynet: Malicious (score: 100)` `CAT-QuickHeal: HackTool.Netcat.E1` `ALYac: Misc.HackTool.NetCat` `Sangfor: Hacktool.Win32.NetCat.bnr` `Alibaba: RiskWare:Win32/NetCat.3feb6f0a` `CrowdStrike: win/malicious_confidence_60% (D)` `Symantec: NetCat` `ESET-NOD32: a variant of Win64/RemoteAdmin.NetCat.A potentially unsafe` `Kaspersky: not-a-virus:RemoteAdmin.Win32.NetCat.bnr` `NANO-Antivirus: Trojan.Win64.RemoteAdmin.iupctw` `TrendMicro: HKTL_NETCAT` `FireEye: Generic.mg.523613a7b9dfa398` `Sophos: NetCat (PUA)` `Ikarus: PUA.Netcat` `Jiangmin: RemoteAdmin.NetCat.cx` `MAX: malware (ai score=94)` `Antiy-AVL: Trojan/Generic.ASMalwS.27CB1B6` `Microsoft: PUA:Win32/Presenoker` `Cylance: Unsafe` `TrendMicro-HouseCall: HKTL_NETCAT` `Yandex: Riskware.RemoteAdmin!dALKdVU+LqQ` `Fortinet: Riskware/NetCat` `Panda: Hacktool/Netcat` `MaxSecure: Trojan.Malware.73885908.susgen`

Hashes

MD5	`523613a7b9dfa398cbd5ebd2dd0f4f38`
SHA1	`3e92f697d642d68bb766cc93e3130b36b2da2bab`
SHA256	`3e59379f585ebf0becb6b4e06d0fbbf806de28a4bb256e837b4555f1b4245571`
SHA3	`b4a214caf65e084bd6a6bf8ae751af4a074a46da565453449b4fe5c68f0ca3d5`
SSDeep	`768:gaGHu/aKUAvRCXA/e6PfVVCJrxg/KKjMozd6jSemG0nf2Fcc5C+qLaVp:CuSzAvRCxmNVCgi+IjNmDO15C+qLaVp`
Imports Hash	`d4d9d129e54b5325aa7c659caf24b195`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2011-Sep-16 22:46:10
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0x6600`
SizeOfInitializedData	`0x2c00`
SizeOfUninitializedData	`0xc00`
AddressOfEntryPoint	`0x0000000000001710 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x10000`
SizeOfHeaders	`0x400`
Checksum	`0xef39`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e2b1cd470ac63d157e4c65e232c07adf`
SHA1	`f09cf54f2203238ec25dca5243662d179ba8afd9`
SHA256	`8afc4eb80ad8fa67ced496266c19bf522cbd98877e3cf1a99c49538922e0708e`
SHA3	`11afb2525bb435607d09af56e0bdd092fe950d11664d467203a38529a82eae63`
VirtualSize	`0x6600`
VirtualAddress	`0x1000`
SizeOfRawData	`0x6600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.9017`

.data

MD5	`c5407141c3fdbdff8172a329e9384d18`
SHA1	`7c8a8260106f209809aa476ad6dc0dca392c4309`
SHA256	`474441e44ceb063f9373da62c4423c3c03423fc3549d1c087cda385c25c4a180`
SHA3	`fe647ec01aec91ef9c752eb8c8a3a0c648f442de546a3cf06899e4404cee93c7`
VirtualSize	`0xf0`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.61807`

.rdata

MD5	`57e82d7c7851e8632411901e03ba61be`
SHA1	`60a26fe72f2cdf2dc61413bc4f83f1097e67005e`
SHA256	`b0c9d02a43c12949e7d6fea95368752afe49d3c58829f56c08ccfaa0e3e970c4`
SHA3	`b2a3f50d321460bb4aea7a218693a9101ab2a3e202f3f453c3ee152438ef5506`
VirtualSize	`0x1210`
VirtualAddress	`0x9000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x6c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.00775`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xc00`
VirtualAddress	`0xb000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`d2a0f7d3008f5d537376c1a482dcb11e`
SHA1	`81e5f18ae667e65033e936ccd7cda2ce93d9fdfd`
SHA256	`e8c242f320bee3985fdca93eed41154983385b71ba864c85e21b1781fd600f6f`
SHA3	`7ab178b9fd2b2d361a9ee05b1cf6602b5bc199ab97be1341eb8888ac0084d365`
VirtualSize	`0x1130`
VirtualAddress	`0xc000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x8000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.91403`

.CRT

MD5	`58729826accb6b45d872788e51ad82c7`
SHA1	`be61882235ee1c6d6b063d0061a0b703fce56c14`
SHA256	`1367a2dd6f482e5db041579b254378304216bfaafac0a82fec0cb34bf596f6ec`
SHA3	`d05b73a416d335245599b9a8ca4168993603cbb68f0d20d5d3c492be6cdfcbbe`
VirtualSize	`0x68`
VirtualAddress	`0xe000`
SizeOfRawData	`0x200`
PointerToRawData	`0x9200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.2592`

.tls

MD5	`87bd9ed859278120552d9cd12f0ab113`
SHA1	`53000fb17a576ef8f35af35c63d9b46b7c786491`
SHA256	`79d39be7663a941844324d3200faee0c130f7852b7c6d8ce68cafa3947d5f02b`
SHA3	`655dfac3eda2ea9b9995ed191084cd38303711939b8613aa815bc8855cb1ded6`
VirtualSize	`0x48`
VirtualAddress	`0xf000`
SizeOfRawData	`0x200`
PointerToRawData	`0x9400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.21777`

Imports

KERNEL32.dll	`CloseHandle` `CreatePipe` `CreateProcessA` `CreateThread` `DeleteCriticalSection` `DisconnectNamedPipe` `DuplicateHandle` `EnterCriticalSection` `ExitThread` `FreeConsole` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThreadId` `GetLastError` `GetModuleHandleA` `GetProcAddress` `GetStartupInfoA` `GetStdHandle` `GetSystemTimeAsFileTime` `GetTickCount` `InitializeCriticalSection` `LeaveCriticalSection` `LoadLibraryA` `PeekNamedPipe` `QueryPerformanceCounter` `ReadFile` `RtlAddFunctionTable` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `SetUnhandledExceptionFilter` `Sleep` `TerminateProcess` `TerminateThread` `TlsGetValue` `UnhandledExceptionFilter` `VirtualProtect` `VirtualQuery` `WaitForMultipleObjects` `WriteFile`
msvcrt.dll	`_close` `_dup` `_itoa` `_kbhit` `_open` `_read` `_strcmpi` `_strnicmp` `_write`
msvcrt.dll (#2)	`_close` `_dup` `_itoa` `_kbhit` `_open` `_read` `_strcmpi` `_strnicmp` `_write`
WSOCK32.dll	`WSACleanup` `WSAGetLastError` `WSASetLastError` `WSAStartup` `__WSAFDIsSet` `accept` `bind` `closesocket` `connect` `gethostbyaddr` `gethostbyname` `getservbyname` `getservbyport` `getsockname` `htons` `inet_addr` `inet_ntoa` `listen` `ntohs` `recv` `recvfrom` `select` `send` `setsockopt` `shutdown` `socket`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!