Manalyze report for 65fec14cb05af374c6f2a79dffc3a8f5

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-Dec-20 22:30:17
Detected languages	English - United States

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	VirusTotal score: 2/69 (Scanned on 2023-01-16 20:47:30)	`APEX: Malicious` `MaxSecure: Trojan.Malware.300983.susgen`

Hashes

MD5	`65fec14cb05af374c6f2a79dffc3a8f5`
SHA1	`3dd8c589898e4d51b0ad4ee0aef2948cb82dbc2b`
SHA256	`872752df74432b96b7f52ee1f57928d674d662a6a7c6f0b96aba9f452ffe99b3`
SHA3	`40a14930a199976f419cf892913fcccdf36bdf982cb7bca0dca3467ea6099877`
SSDeep	`3072:OWbOaa6W8spm7hqlxtfn26yyHlZXJtcVkXS:zRa6Epm76rfXyOV`
Imports Hash	`6c77e7bcd60831da4508de1dbad275e4`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2020-Dec-20 22:30:17
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x12e00`
SizeOfInitializedData	`0xe200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001894 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x26000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b85d17039c0f9253231a387b4e948359`
SHA1	`20dc903f485239119fae6fa78b85d01304201e6f`
SHA256	`1d71bf8354a2e8aa5474930fe3c9ea3a7bf9959b56d2329c1e91f2cd78cc38b5`
SHA3	`b5bcdfb76c28ee27f8b456eff9468039b0a7689813bf640045740b1f5a85589f`
VirtualSize	`0x12da0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x12e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.51058`

.rdata

MD5	`a21129ac4b5e47716888e50b3b31b0a9`
SHA1	`a241d39b8da9c0df9cc77e6111de1444f294b972`
SHA256	`bd6fda1e02fbbef211ca38d16e2729505a9fe23aebf18382f035edf172489b1d`
SHA3	`12c21f89f13dcb67d9774b180177beb6608e681599a6dd7387cac866ecb1e984`
VirtualSize	`0xa54e`
VirtualAddress	`0x14000`
SizeOfRawData	`0xa600`
PointerToRawData	`0x13200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.94192`

.data

MD5	`40fa97ea1586efe4055d3be41f230288`
SHA1	`265129ef420ce5f10a88145656802de688324331`
SHA256	`1b2c124cb66392b6a2ddc37b5964cd25ed4134f45c1da574bf018a52a4854817`
SHA3	`dafe0df66e154f44a7081cfd674e59a969434c6df7f0ae28d5083f6ebf6e97a6`
VirtualSize	`0x1c48`
VirtualAddress	`0x1f000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x1d800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.74439`

.pdata

MD5	`5baa42af45c6619d931172bb864bf727`
SHA1	`de49f48e90aad682a7bb8de065278bde295d1ee9`
SHA256	`38feb3adb664f3a9be06100afd7e4efd35a518b9384bf6c8c1927528bea8e04d`
SHA3	`a60e9a82307137e0fdfb31543cdc159dfe89bc7d8b6c769a50d13dd3080aa7bc`
VirtualSize	`0x11ac`
VirtualAddress	`0x21000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x1e400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.89803`

_RDATA

MD5	`92fc90218dab5da7ac63e88d1a2f8c43`
SHA1	`ab78f1b3c903ba91f079a2716de0716800ba5ac0`
SHA256	`84177f13f82e3f1eda968ecdc791a7e1c0d605bc06bac9e195f3c075b5012136`
SHA3	`3b642119c99b6738b39f728360b24a3a2db8a0bc7a0e93db81d40ae987cecf20`
VirtualSize	`0x94`
VirtualAddress	`0x23000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1f600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.11049`

.rsrc

MD5	`671cbb53ef3fdb74dc2878b4f475bc5d`
SHA1	`a4bfd1db27e49769fba1f1892b02bb705dab1848`
SHA256	`2cfa240908f5610ff28ffeebad56d90886b780edbb80c141cb0f0a30c2b0d52e`
SHA3	`8ed5327f89a50b3014e6a5d9e948913c4694bba26a8dba1af071c63c38ae01d0`
VirtualSize	`0xf8`
VirtualAddress	`0x24000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1f800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.52739`

.reloc

MD5	`c2bae8b2aabe702d8004828a459e9bd9`
SHA1	`092d4d443c8d71a182215a332192548b53342ffa`
SHA256	`523e1d6cf44d6e33b39d51165ad785f956d59e2aa84933745245d71ffad29c83`
SHA3	`105b80616d162edb79166ad2fd6545ba54cfbe720d7b28605093858befad69cc`
VirtualSize	`0x654`
VirtualAddress	`0x25000`
SizeOfRawData	`0x800`
PointerToRawData	`0x1fa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.855`

Imports

KERNEL32.dll	`SetConsoleTitleA` `AllocConsole` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `RtlUnwindEx` `InterlockedFlushSList` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `RaiseException` `GetCurrentProcess` `ExitProcess` `TerminateProcess` `GetModuleHandleExW` `GetModuleFileNameW` `GetConsoleCP` `HeapAlloc` `HeapFree` `LCMapStringW` `GetStdHandle` `GetFileType` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `GetProcessHeap` `CreateFileW` `CloseHandle` `GetConsoleMode` `SetConsoleMode` `ReadConsoleInputW` `ReadConsoleW` `FlushFileBuffers` `WriteFile` `GetConsoleOutputCP` `SetStdHandle` `GetFileSizeEx` `SetFilePointerEx` `GetStringTypeW` `HeapSize` `HeapReAlloc` `SetEndOfFile` `ReadFile` `WriteConsoleW`

Delayed Imports

SECRETPASSWORD

Ordinal	`1`
Address	`0x1070`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x91`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.8858`
MD5	`f7ad1eab748bc07570a57ec87787cf90`
SHA1	`0b1608da9fef218386e825db575c65616826d9f4`
SHA256	`d2952e57023848a37fb0f21f0dfb38c9000f610ac2b00c2f128511dfd68bde04`
SHA3	`6c9541b36948c19ae507d74223621875b3af4064f7cd8200bdb97e15a047e96a`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2020-Dec-20 22:30:17
Version	`0.0`
SizeofData	`652`
AddressOfRawData	`0x1cb00`
PointerToRawData	`0x1bd00`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2020-Dec-20 22:30:17
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x18001f010`

RICH Header

XOR Key	`0xfa96f939`
Unmarked objects	`0`
C objects (27412)	`11`
ASM objects (27412)	`5`
C++ objects (27412)	`147`
253 (28518)	`1`
C++ objects (29429)	`29`
C objects (29429)	`14`
ASM objects (29429)	`9`
Imports (27412)	`3`
Total imports	`92`
C++ objects (LTCG) (29515)	`1`
Exports (29515)	`1`
Resource objects (29515)	`1`
Linker (29515)	`1`

65fec14cb05af374c6f2a79dffc3a8f5

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

_RDATA

.rsrc

.reloc

Imports

Delayed Imports

SECRETPASSWORD

2

Version Info

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors