Manalyze report for 62e353f839e25b3d68092c7a70869a79

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2024-Jul-09 23:20:27
TLS Callbacks	2 callback(s) detected.
Debug artifacts	Embedded COFF debugging symbols

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata` `Unusual section name found: /4` `Unusual section name found: /19` `Unusual section name found: /31` `Unusual section name found: /45` `Unusual section name found: /57` `Unusual section name found: /70`
Malicious	The PE contains functions mostly used by malware.	`Code injection capabilities: CreateRemoteThread OpenProcess VirtualAllocEx WriteProcessMemory` `Memory manipulation functions often used by packers: VirtualAllocEx VirtualProtect` `Manipulates other processes: OpenProcess WriteProcessMemory`
Suspicious	The file contains overlay data.	`29143 bytes of data starting at offset 0x7200.`
Malicious	VirusTotal score: 30/74 (Scanned on 2024-07-10 09:42:16)	`ALYac: Generic.ShellCode.Marte.4.7EC52E2E` `AVG: Win32:MsfShell-V [Hack]` `Arcabit: Generic.ShellCode.Marte.4.7EC52E2E` `Avast: Win32:MsfShell-V [Hack]` `BitDefender: Generic.ShellCode.Marte.4.7EC52E2E` `Bkav: W64.AIDetectMalware` `CrowdStrike: win/malicious_confidence_100% (D)` `Cybereason: malicious.839e25` `Cylance: Unsafe` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `Elastic: Windows.Trojan.Metasploit` `Emsisoft: Generic.ShellCode.Marte.4.7EC52E2E (B)` `FireEye: Generic.mg.62e353f839e25b3d` `Fortinet: W64/Rozena.CF!tr` `GData: Generic.ShellCode.Marte.4.7EC52E2E` `Google: Detected` `Ikarus: Trojan.Win64.Meterpreter` `Kaspersky: HEUR:Trojan.Win32.Generic` `MAX: malware (ai score=81)` `MicroWorld-eScan: Generic.ShellCode.Marte.4.7EC52E2E` `Microsoft: Trojan:Win64/Meterpreter.B` `Rising: Trojan.ShellCode!1.F671 (CLASSIC)` `SentinelOne: Static AI - Suspicious PE` `Symantec: Meterpreter` `Tencent: Trojan.Win32.Metasploit_heur.16000691` `Trapmine: suspicious.low.ml.score` `VIPRE: Generic.ShellCode.Marte.4.7EC52E2E` `Varist: W64/Rozena.DM.gen!Eldorado` `ZoneAlarm: HEUR:Trojan.Win32.Generic`

Hashes

MD5	`62e353f839e25b3d68092c7a70869a79`
SHA1	`5cdc0986a83c2ca44a8389c94595890810fdd592`
SHA256	`1151fac018e72c9f42d3171a8a35566846dcf106d05d71772727d054f6a7eda5`
SHA3	`192875fc7250cb2aa21307cedcb5e4e8fc53c4b4f001ef27a9fbc61f71b6fac4`
SSDeep	`768:Ei/jNDybNITxDfEqTIYv4gKNwFPXiAMkNfM/33+H:Ei/J2y5EqTIm4gKN2PXiAMkN0fc`
Imports Hash	`e78605269e6198866ce7805a74fa11f0`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`15`
TimeDateStamp	2024-Jul-09 23:20:27
PointerToSymbolTable	`0x7200`
NumberOfSymbols	`1252`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0x2200`
SizeOfInitializedData	`0x4200`
SizeOfUninitializedData	`0xa00`
AddressOfEntryPoint	`0x00000000000014E0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x13000`
SizeOfHeaders	`0x400`
Checksum	`0x1dd3b`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f1d44ae1397f42275922aec705c4fdf7`
SHA1	`3a042730782c252abe1f508492d16ebd386cd618`
SHA256	`9951fe14e9e0e36582f653fdfc5a4ebbb8c534e7459a4717033586a34dc0997c`
SHA3	`2e6e2d22b993f48648d401176f142e9b7810fa7819e80f30ac285f6fb5c39024`
VirtualSize	`0x20e8`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.85113`

.data

MD5	`25d0fc48a4e3def950a3a81eda50721d`
SHA1	`186b544ea2e44e2fe2e4ff063f53a529e7c2d979`
SHA256	`91d6da0b42bfb1c579b120b67042752b6aad400f8148744be5926933fb4fea21`
SHA3	`3d6f17c342563930fd2979cfa722e1825bb27f489d27bab752683c478cdd482c`
VirtualSize	`0x320`
VirtualAddress	`0x4000`
SizeOfRawData	`0x400`
PointerToRawData	`0x2600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.27791`

.rdata

MD5	`af07aee0dc150322f58e5be7e4b069ea`
SHA1	`153ae359cc167689d5e3315218858555e89b24ec`
SHA256	`a3999cf920f2a31ddbdd480f4813460952effee6e10ac29b02767baea80ca11a`
SHA3	`ed088447640af0782c43af608412ee2a60b88e8035feb6f4a123889f0164922d`
VirtualSize	`0x730`
VirtualAddress	`0x5000`
SizeOfRawData	`0x800`
PointerToRawData	`0x2a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.24582`

.pdata

MD5	`00748bb9285677d2381686bb6ed5f68f`
SHA1	`0749720b52b5ee05010adc81bdfb006fbeb53aa0`
SHA256	`1fc89a2353561519a2bf91db46c2141d33418c71faa317f1baa8a838dc278656`
SHA3	`b4d2e045f19af00f1b44524b82b29794cc16b03a8a9439f8b1d8105f7e34aa94`
VirtualSize	`0x270`
VirtualAddress	`0x6000`
SizeOfRawData	`0x400`
PointerToRawData	`0x3200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.63534`

.xdata

MD5	`74d2c2e4cc4a2e2523fc810340453c02`
SHA1	`07fc1ba6d50fa69dd67df92d202b79ceb699a9b1`
SHA256	`b1a7b6e258ae641aba8943a9684eebebbfaef5054ca96f613fa5dc0eaf90fa18`
SHA3	`d6594c08adedeaedcf192249af8f364abca974baf260313852be1995ea63870b`
VirtualSize	`0x1f4`
VirtualAddress	`0x7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.74817`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x9a0`
VirtualAddress	`0x8000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`0879a71858db0b923e6bdc2d54574378`
SHA1	`70627b33649b6bdb182ed217005b2526e35e9388`
SHA256	`43f202d71b22d01f74c61c2dade4f90c19464f81d7b76f0f38d316afbc266e43`
SHA3	`813de72b4d91e4f2bcf9d26d98cd6edb2dea92361952ec768860e02a871cf7fc`
VirtualSize	`0x894`
VirtualAddress	`0x9000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x3800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.63731`

.CRT

MD5	`e3ba850d00829091753e6f9a4c423377`
SHA1	`4d2ba7a54f00cdb3f186a4d7d0fd5552472e7ca2`
SHA256	`32e669275d235e0f24416cecd970624aa201dff387b78290d78fb791236a950c`
SHA3	`86b61d1584eb3bf47afe658e4705afbb88113d7f883a6ecf0761d04a02d86f3f`
VirtualSize	`0x68`
VirtualAddress	`0xa000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.265539`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x10`
VirtualAddress	`0xb000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

/4

MD5	`fef5e04dc66093a83a54c94125e3febc`
SHA1	`70ffdf15bb47ba4f3df6aa63e39e74f3d1fb806a`
SHA256	`250cac405990fdd42f276738fcb62414ab25412880d5e62e07790230ec6e032c`
SHA3	`a4ab1e77f737f1acb0480e25a5b68167d60c183228094f92e62be523c6ea0d49`
VirtualSize	`0x50`
VirtualAddress	`0xc000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.216207`

/19

MD5	`170d508de35785378d843c114d6547d1`
SHA1	`5d06ee697c1ff2b20f83d994d6f621fa362799b5`
SHA256	`565f0c19651a422a2dd49c7e39ef9ff4d9d3baa9cbf48f93d038167d1f39b51d`
SHA3	`20061f6a5159bbcac8cf165148cf8b8d3df820542a8ce8ed202556dbf40dbdfb`
VirtualSize	`0x1f08`
VirtualAddress	`0xd000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x4800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.82215`

/31

MD5	`5d291f74219487bffd06356d36f3a0e4`
SHA1	`040adf5044a3051a3c904d09ca8e2aa0490d4e36`
SHA256	`914f6d7f279865e35f2e5e2b1f83c81dc4fbb7960d496b393a756a806b2821b3`
SHA3	`2e03a4b95360efdfb9316d8b410541191728d1a11d611e2a52902ac43792454d`
VirtualSize	`0x149`
VirtualAddress	`0xf000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.28729`

/45

MD5	`f47ace2318f1635730a8ebe4a735ff9b`
SHA1	`5224ee9c1dbb70e935637a4e81ec203c44d94c2c`
SHA256	`4aa3e1a2e1693c2e82889cd58cc8e8cd5dfea7091ef8bd867af837ca82ada8ab`
SHA3	`fde2ec76e23efe8393d390136d7deddebcc57306117daff2f7f6fc2a3b0fc85d`
VirtualSize	`0x222`
VirtualAddress	`0x10000`
SizeOfRawData	`0x400`
PointerToRawData	`0x6a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.22344`

/57

MD5	`5374a4c2d7892887b6a701e4323b0bf5`
SHA1	`ca0aa87874c9811f184866bc265c763d6cb5be0e`
SHA256	`b9960aa09481be4c31d894bf8bb98c19934284e307bee91f157cad8991508685`
SHA3	`f30ae6d28df513be00c603e680e15a1efa5d65282ee761c708325de829b222c8`
VirtualSize	`0x48`
VirtualAddress	`0x11000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.69315`

/70

MD5	`406b70665a5983d1f1682455c669f732`
SHA1	`cd4948c16f5c1f704094631efdae20e951f63b2d`
SHA256	`7e05ddbff0b1130bbd8deab9f81bcdb16a63c8372520701bafca61b32adb62d5`
SHA3	`07a4212c103160e3798a7098c4fe23139d052bde8311ed7c5fac365ff818d409`
VirtualSize	`0x9b`
VirtualAddress	`0x12000`
SizeOfRawData	`0x200`
PointerToRawData	`0x7000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.32078`

Imports

KERNEL32.dll	`CloseHandle` `CreateRemoteThread` `DeleteCriticalSection` `EnterCriticalSection` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThreadId` `GetLastError` `GetStartupInfoA` `GetSystemTimeAsFileTime` `GetTickCount` `InitializeCriticalSection` `LeaveCriticalSection` `OpenProcess` `QueryPerformanceCounter` `RtlAddFunctionTable` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `SetUnhandledExceptionFilter` `Sleep` `TerminateProcess` `TlsGetValue` `UnhandledExceptionFilter` `VirtualAllocEx` `VirtualFreeEx` `VirtualProtect` `VirtualQuery` `WaitForSingleObject` `WriteProcessMemory`
msvcrt.dll	`__C_specific_handler` `__getmainargs` `__initenv` `__iob_func` `__lconv_init` `__set_app_type` `__setusermatherr` `_acmdln` `_amsg_exit` `_cexit` `_fmode` `_initterm` `_onexit` `abort` `atoi` `calloc` `exit` `fprintf` `free` `fwrite` `malloc` `memcpy` `printf` `signal` `strlen` `strncmp` `vfprintf`

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData	`0x40b000`
EndAddressOfRawData	`0x40b008`
AddressOfIndex	`0x4085fc`
AddressOfCallbacks	`0x40a040`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x0000000000401C60` `0x0000000000401C30`

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Tried to read outside the COFF string table to get the name of section /19!
[*] Warning: Tried to read outside the COFF string table to get the name of section /31!
[*] Warning: Tried to read outside the COFF string table to get the name of section /45!
[*] Warning: Tried to read outside the COFF string table to get the name of section /57!
[*] Warning: Tried to read outside the COFF string table to get the name of section /70!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF String Table's reported size is bigger than the remaining bytes!
[*] Warning: Section .bss has a size of 0!