Manalyze report for 560f38c9ccbee65449d49dfc1363cc64

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	1970-Jan-01 00:00:00
TLS Callbacks	2 callback(s) detected.

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to security software: rshell.exe` `Contains domain names: github.com https://github.com`
Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata`
Suspicious	The PE contains functions most legitimate programs don't use.	`Possibly launches other programs: CreateProcessA system` `Can take screenshots: BitBlt CreateCompatibleDC GetDC`
Safe	VirusTotal score: 0/69 (Scanned on 2023-03-01 15:04:19)	`All the AVs think this file is safe.`

Hashes

MD5	`560f38c9ccbee65449d49dfc1363cc64`
SHA1	`f6fafa35755fe341120dc7d253898f5f277dcc00`
SHA256	`789412d588c3791e1b651135756131ac4b822f6afd0a2ac1597d521e1e2f6ab3`
SHA3	`cc65fdcb6988680cfd63039525bd6cb6b4ef42ebae3514d6b2fcd0c1baec24a3`
SSDeep	`196608:h9kbjYbeawjkFNXtdA2bbbbmxBUuqVvbbbb:nkbjY9Nw2bbbbRuqVvbbbb`
Imports Hash	`2a9dd184f0670ce198e6fe7e0750bc72`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`11`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0x5c6200`
SizeOfInitializedData	`0x742200`
SizeOfUninitializedData	`0x1000`
AddressOfEntryPoint	`0x00000000000014D0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x74a000`
SizeOfHeaders	`0x400`
Checksum	`0x74edda`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x1000000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f00501148d48af80823a0058658299f4`
SHA1	`1a7eeb15b9c28a6c9753977e1e5ef7073e6a23cc`
SHA256	`ad17e857da6033e6dc89fbf025dacaa48a078bc7a4ec50b7b61db8e020a611d1`
SHA3	`4961fa07993c6a85f0c3ed06c1ddb09d5b38a03127be92e99fdcf7ecebd8e78b`
VirtualSize	`0x5c6198`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5c6200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.2205`

.data

MD5	`95eddeb1fb4c9ec580e22dc15d9c425c`
SHA1	`df43e53509fc733e1f2199e552396811a90deb24`
SHA256	`5d4502b32659d8838d0d05f93fc8fc8402569bdba843ad99dc2ed89a4fb35a22`
SHA3	`9e2d78598762d16eab2e5e990f90cd7e8bc4acc19962d57660d3b75d905f0584`
VirtualSize	`0x2f00`
VirtualAddress	`0x5c8000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x5c6600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.57212`

.rdata

MD5	`c4c96c76bb5cf120e2d38e57b12e195b`
SHA1	`487d702323f666ec432fe37b08af9cdd617dee9f`
SHA256	`589207de8aadbe5ec3987808b0790c22ef305a067d02577080ae919aedf95e4c`
SHA3	`972c58aa83cf19a3d673d683de05e0606b2afbdf24e0dbd217b48a8d7abaf0f6`
VirtualSize	`0x13696c`
VirtualAddress	`0x5cb000`
SizeOfRawData	`0x136a00`
PointerToRawData	`0x5c9600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.15938`

.pdata

MD5	`c2e3621a67d28988778fa78e4a771669`
SHA1	`f8959cdea71374b98c695eccd2723ce7d23b908b`
SHA256	`76008504ea3bc23ae12ddb0fe8170abc89c6e238ecdd3fe964049a1200df1c34`
SHA3	`01884606533d7832cc479f45d0e9340715f67d5b67429c7a83a19780283d6aa4`
VirtualSize	`0x8340`
VirtualAddress	`0x702000`
SizeOfRawData	`0x8400`
PointerToRawData	`0x700000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.3007`

.xdata

MD5	`1b055486db149047876e109f676e211c`
SHA1	`ff387d2d340a78ea9ac54f61cb147b6a3d36342b`
SHA256	`16d9f82a2cb31b2e2eaebfa0955db7e0f0385aaacd44c0233008eace1f6ad125`
SHA3	`9de67a78b9a399e94dc5ba6a45726b016f944b8df9cb330df5700f00fc5300c4`
VirtualSize	`0x36568`
VirtualAddress	`0x70b000`
SizeOfRawData	`0x36600`
PointerToRawData	`0x708400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.33826`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xe28`
VirtualAddress	`0x742000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`963c5531fb4f225023ac963b55a5d8fc`
SHA1	`c2404781eda8aed648c95602c04ce4e229d3eba8`
SHA256	`a567fd1c987befb7b6860a873f08d23da2f99522437ad3e6fae264336a1089d4`
SHA3	`715b4aa0002dd8ad38f93e0a400cfd2aaf7cfecc043e3234de4fcbdc730eed89`
VirtualSize	`0x2af4`
VirtualAddress	`0x743000`
SizeOfRawData	`0x2c00`
PointerToRawData	`0x73ea00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.46265`

.CRT

MD5	`24dd6a1e5f790cdc3f18f2a7540da96e`
SHA1	`02e258580be7a048478841e75042060697f57ba8`
SHA256	`1535ed60384078f55bd7a96122e957343cdca708f80c43477b9b343ebc332c6d`
SHA3	`0604df49c76bffa4080ab44f3e6ed1b51d6ccec7013f924ed54e01c62b1ba044`
VirtualSize	`0x60`
VirtualAddress	`0x746000`
SizeOfRawData	`0x200`
PointerToRawData	`0x741600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.316205`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x10`
VirtualAddress	`0x747000`
SizeOfRawData	`0x200`
PointerToRawData	`0x741800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`5b1e6fc97ce5e3bcee6092e8477a17e5`
SHA1	`bdf01aaa651073d136443e01dd44d1e078fad3d6`
SHA256	`0b853e0780b1b24a181b15f5c233a18847727da010b9d1e74ce29b2687c9d609`
SHA3	`ec57dfbe56c4a5957427ae41054bec8d8b8d308ca9deb4bf524f8bbce75e3fb9`
VirtualSize	`0x4e8`
VirtualAddress	`0x748000`
SizeOfRawData	`0x600`
PointerToRawData	`0x741a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.77863`

.reloc

MD5	`6cae4b407635ad6defda9e2ec825d50b`
SHA1	`8a0caf76c91b6905ad1d29cdf6c5885e57e6096c`
SHA256	`ea2d508285dc847c3219201000be7d3668ff462d464a725fa3deaf8f612cc849`
SHA3	`69be1392c63a6905bdb48926c51063395f91786da5f26e778d0a7c8c90218492`
VirtualSize	`0x488`
VirtualAddress	`0x749000`
SizeOfRawData	`0x600`
PointerToRawData	`0x742000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.52795`

Imports

GDI32.dll	`BitBlt` `CreateCompatibleBitmap` `CreateCompatibleDC` `DeleteDC` `DeleteObject` `GetDIBits` `GetDeviceCaps` `SelectObject` `SetDIBitsToDevice`
KERNEL32.dll	`CloseHandle` `CreateDirectoryA` `CreateDirectoryW` `CreateEventA` `CreateFileA` `CreateMutexA` `CreateProcessA` `CreateThread` `DeleteCriticalSection` `DeleteFileA` `DeleteFileW` `EnterCriticalSection` `FileTimeToSystemTime` `FindClose` `FindFirstFileA` `FindNextFileA` `FormatMessageA` `GetCurrentThreadId` `GetEnvironmentVariableW` `GetFileAttributesA` `GetFileAttributesW` `GetFileTime` `GetLastError` `GetLocalTime` `GetShortPathNameA` `GetStartupInfoA` `GetSystemInfo` `GetSystemTimeAsFileTime` `InitializeCriticalSection` `IsDBCSLeadByteEx` `LeaveCriticalSection` `MultiByteToWideChar` `ReleaseMutex` `SearchPathA` `SetEvent` `SetUnhandledExceptionFilter` `Sleep` `TerminateThread` `TlsGetValue` `VirtualProtect` `VirtualQuery` `WaitForSingleObject` `WideCharToMultiByte`
msvcrt.dll	`__C_specific_handler` `___lc_codepage_func` `___mb_cur_max_func` `__getmainargs` `__initenv` `__iob_func` `__set_app_type` `__setusermatherr` `_acmdln` `_amsg_exit` `_cexit` `_commode` `_errno` `_filelengthi64` `_fileno` `_fmode` `_getpid` `_initterm` `_lock` `_onexit` `_setjmp` `_setmode` `_unlock` `_wfopen` `abort` `acos` `asin` `atan` `calloc` `cosh` `exit` `fclose` `fflush` `fgetc` `fgetpos` `fopen` `fprintf` `fputc` `fread` `free` `fseek` `fsetpos` `ftell` `fwrite` `getc` `getenv` `islower` `isspace` `isupper` `isxdigit` `localeconv` `log10` `longjmp` `malloc` `memchr` `memcpy` `memmove` `memset` `qsort` `realloc` `remove` `rename` `rewind` `setlocale` `signal` `sinh` `strchr` `strcmp` `strcpy` `strerror` `strlen` `strncmp` `strncpy` `strrchr` `strstr` `strtol` `strtoul` `system` `tan` `tanh` `tolower` `ungetc` `vfprintf` `wcslen`
libwinpthread-1.dll	`pthread_create` `pthread_exit` `pthread_join`
SHELL32.dll	`SHGetSpecialFolderPathA`
USER32.dll	`AdjustWindowRect` `ChangeDisplaySettingsA` `CreateWindowExA` `DefWindowProcA` `DestroyWindow` `DispatchMessageA` `EnumDisplaySettingsA` `GetDC` `GetDesktopWindow` `GetMessageA` `GetWindowLongPtrA` `GetWindowRect` `PeekMessageA` `ReleaseDC` `SetForegroundWindow` `SetWindowLongPtrA` `SetWindowPos` `SetWindowTextA` `ShowCursor` `ShowWindow` `TrackMouseEvent`
libgcc_s_seh-1.dll	`_Unwind_Resume`
libgomp-1.dll	`GOMP_atomic_end` `GOMP_atomic_start` `GOMP_barrier` `GOMP_critical_end` `GOMP_critical_name_end` `GOMP_critical_name_start` `GOMP_critical_start` `GOMP_parallel` `omp_get_max_threads` `omp_get_num_threads` `omp_get_thread_num` `omp_set_num_threads`
libstdc++-6.dll	`_ZNSt9exceptionD2Ev` `_ZSt9terminatev` `_ZTVN10__cxxabiv117__class_type_infoE` `_ZTVN10__cxxabiv120__si_class_type_infoE` `_ZdaPv` `_ZdlPv` `_Znay` `_Znwy` `__cxa_allocate_exception` `__cxa_begin_catch` `__cxa_end_catch` `__cxa_free_exception` `__cxa_guard_abort` `__cxa_guard_acquire` `__cxa_guard_release` `__cxa_rethrow` `__cxa_throw` `__cxa_throw_bad_array_new_length` `__gxx_personality_seh0`
libcurl-4.dll	`curl_easy_cleanup` `curl_easy_init` `curl_easy_perform` `curl_easy_setopt`
libfftw3-3.dll	`fftw_cleanup_threads` `fftw_destroy_plan` `fftw_execute` `fftw_free` `fftw_init_threads` `fftw_malloc` `fftw_plan_dft_1d` `fftw_plan_dft_2d` `fftw_plan_dft_3d` `fftw_plan_many_dft` `fftw_plan_with_nthreads`
libjpeg-8.dll	`jpeg_CreateCompress` `jpeg_CreateDecompress` `jpeg_destroy` `jpeg_destroy_compress` `jpeg_destroy_decompress` `jpeg_finish_compress` `jpeg_finish_decompress` `jpeg_read_header` `jpeg_read_scanlines` `jpeg_set_defaults` `jpeg_set_quality` `jpeg_start_compress` `jpeg_start_decompress` `jpeg_std_error` `jpeg_stdio_dest` `jpeg_stdio_src` `jpeg_write_scanlines`
libpng16-16.dll	`png_create_info_struct` `png_create_read_struct` `png_create_write_struct` `png_destroy_read_struct` `png_destroy_write_struct` `png_get_IHDR` `png_get_valid` `png_init_io` `png_read_end` `png_read_image` `png_read_info` `png_read_update_info` `png_set_IHDR` `png_set_expand_gray_1_2_4_to_8` `png_set_filler` `png_set_gray_to_rgb` `png_set_interlace_handling` `png_set_longjmp_fn` `png_set_palette_to_rgb` `png_set_sig_bytes` `png_set_tRNS_to_alpha` `png_sig_cmp` `png_write_end` `png_write_image` `png_write_info`
libtiff-5.dll	`TIFFClose` `TIFFComputeStrip` `TIFFDefaultStripSize` `TIFFFileName` `TIFFGetField` `TIFFGetFieldDefaulted` `TIFFIsTiled` `TIFFOpen` `TIFFReadDirectory` `TIFFReadEncodedStrip` `TIFFReadRGBAImage` `TIFFReadTile` `TIFFSetDirectory` `TIFFSetErrorHandler` `TIFFSetField` `TIFFSetWarningHandler` `TIFFStripSize` `TIFFTileSize` `TIFFWriteDirectory` `TIFFWriteEncodedStrip` `_TIFFfree` `_TIFFmalloc`
zlib1.dll	`compress` `compressBound` `uncompress`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x48f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.13793`
MD5	`5aa04ce935e78505e230765e85c34355`
SHA1	`6c93b8c5fde8be4b2231dca6b8ec513cdc82c991`
SHA256	`a73f26a8d504043f785d7360e8febf2eeb8522ec873a0d4dd5d1d4bfd1e67d3d`
SHA3	`149467cafc03ba34b33cd8076fc2771413760822357952de205dbae2b5cb8059`

Version Info

TLS Callbacks

StartAddressOfRawData	`0x140747000`
EndAddressOfRawData	`0x140747008`
AddressOfIndex	`0x1407421dc`
AddressOfCallbacks	`0x140746038`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x0000000140339370` `0x0000000140339340`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!