Manalyze report for 6a022e937a774f6da038da4634b0fc40

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2023-Jul-31 12:08:33
Detected languages	English - United States
TLS Callbacks	1 callback(s) detected.
FileVersion	`0.1.0`
FileDescription	badapple
CompanyName	https://github.com/mon
ProductVersion	`0.1.0`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: github.com https://github.com`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Functions which can be used for anti-debugging purposes: SwitchToThread`
Malicious	VirusTotal score: 10/72 (Scanned on 2026-02-14 23:26:36)	`APEX: Malicious` `AhnLab-V3: Trojan/Win.Joke.C5600458` `Alibaba: RiskWare:Win64/BadJoke.a0014e4d` `Kaspersky: Hoax.Win64.BadJoke.aj` `MaxSecure: Trojan.Malware.232980218.susgen` `McAfeeD: ti!6927CB724565` `Paloalto: generic.ml` `Rising: Trojan.Generic!8.C3 (KTSE)` `TrellixENS: Artemis!6A022E937A77` `huorong: Joke/CrazyScreen.af`

Hashes

MD5	`6a022e937a774f6da038da4634b0fc40`
SHA1	`f204d69f3a78629a85f10bd7d2768b6fc3cbd7db`
SHA256	`6927cb7245652a3b66f1a4517189c7cd08056875e09e267a29fe13f1d3bd4d1d`
SHA3	`2a770a98cdffde060a77f1bb9dea8aaaa88276a92485f049e9cb954661bd0d1b`
SSDeep	`98304:a8/kJbJDGSdmWaeGzkbqrR7uO3kHQHgHCPfF72yt+7o7W9XXn7z8:a8/k3DGc6QqrZHgHC3LtvS9Hn7`
Imports Hash	`30f731cca9cc3ab87b86f180728ab4b5`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2023-Jul-31 12:08:33
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x70c00`
SizeOfInitializedData	`0x4e3200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000006E080 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x557000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b9ec0d2967c7901ca8040e079406140f`
SHA1	`80840fc96529473b916a789d1aa34af22d3e2678`
SHA256	`170eaf376d54b11699ff5792ede3285f9624671ba0eb607e3bec26cce8482b5c`
SHA3	`7e8a18c8a5bfdc844566409e92c4a3cad19bd9d58d8f392062430558c9c0b795`
VirtualSize	`0x70b0f`
VirtualAddress	`0x1000`
SizeOfRawData	`0x70c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.35722`

.rdata

MD5	`ed23791ddd9d31e4a720c385b1451b76`
SHA1	`bf237dd1aa777a610e2c5c66a9d5b5cfbc9a2213`
SHA256	`39ae4c120e7841cb76e0dd0386266e78c9ff7b818c16c5e3d3e530c7aa28831b`
SHA3	`0adbc4b65869ee807c75f30990045352bebd71ca06fa1a2d75305be25e773fe4`
VirtualSize	`0x448fee`
VirtualAddress	`0x72000`
SizeOfRawData	`0x449000`
PointerToRawData	`0x71000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.85003`

.data

MD5	`20915adf683c7322891efbdf7062b732`
SHA1	`2d43140f101b81b556c35e6321a312e18de4b8a8`
SHA256	`158918b9af99c17aa8165cfdb615235b3ab3d1ba9606b0717e1ec47ce841f0f8`
SHA3	`b420d091d0eb34ef6dbab2c8e5c5a9337d0441a4136bdcb4d8ddd2a3c837e586`
VirtualSize	`0x803a8`
VirtualAddress	`0x4bb000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4ba000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.62064`

.pdata

MD5	`c3f754145db1dc42fcaa239c2cface50`
SHA1	`b60143690ffabf7a3c2d2086334a65499e2909d0`
SHA256	`a34c176b57926dbc555ab0eaaa011745dd0e9921c7d5862bd8dbf03c989261fa`
SHA3	`f80503608f40ebc8eb90913eaca2686132cd576c1bd96638825cffbf4648af7e`
VirtualSize	`0x34f8`
VirtualAddress	`0x53c000`
SizeOfRawData	`0x3600`
PointerToRawData	`0x4ba200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.68908`

.rsrc

MD5	`7785bde51bef6668ae3f113b01620a93`
SHA1	`3ea81216c05ac1fd677f933f28b30cca317dd273`
SHA256	`9096cb2292f1f2645554bac648cdc35c5a175f8bdb6ec84db7bae4878f2aefa8`
SHA3	`7a2f7d1067740d0daf54cec1d42740df156744c55c51e4ea8c6ea145e3ced434`
VirtualSize	`0x156e0`
VirtualAddress	`0x540000`
SizeOfRawData	`0x15800`
PointerToRawData	`0x4bd800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.64087`

.reloc

MD5	`0569b1a2b5386226d4d9d554b986c5a0`
SHA1	`5e18ad6656862a0f41426417d18586d7303daa43`
SHA256	`e797bb803df86610f1eace0ffe99d3fb3028361eefcb220d9faa30d42d84e0fb`
SHA3	`c62fa519a7760ba74e148d4b81f310dec5718e485bb430ceba3b2f9c7b2ba08d`
VirtualSize	`0xe88`
VirtualAddress	`0x556000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x4d3000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.25361`

Imports

kernel32.dll	`ReleaseSRWLockShared` `RtlCaptureContext` `ReleaseMutex` `FreeLibrary` `GetCurrentProcess` `CreateMutexA` `LoadLibraryA` `CreateThread` `AcquireSRWLockShared` `IsProcessorFeaturePresent` `WaitForSingleObjectEx` `SetLastError` `GetCurrentDirectoryW` `WriteConsoleW` `MultiByteToWideChar` `GetConsoleMode` `QueryPerformanceFrequency` `TryAcquireSRWLockExclusive` `GetCurrentThread` `GetProcAddress` `FormatMessageW` `WaitForMultipleObjectsEx` `WaitForSingleObject` `SetEvent` `CreateEventA` `ReleaseSRWLockExclusive` `SwitchToThread` `AcquireSRWLockExclusive` `GetModuleHandleW` `HeapReAlloc` `HeapFree` `GetProcessHeap` `HeapAlloc` `SetThreadStackGuarantee` `AddVectoredExceptionHandler` `GetLastError` `GetStdHandle` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlVirtualUnwind` `CloseHandle` `QueryPerformanceCounter` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetEnvironmentVariableW` `GetModuleHandleA` `AttachConsole` `RtlLookupFunctionEntry` `Sleep`
user32.dll	`EndDeferWindowPos` `DeferWindowPos` `BeginDeferWindowPos` `DispatchMessageA` `DefWindowProcA` `PeekMessageA` `SetTimer` `SystemParametersInfoA` `CreateWindowExA` `RegisterClassA` `LoadIconW` `TranslateMessage`
gdi32.dll	`CreateSolidBrush`
ole32.dll	`CoCreateInstance` `CoTaskMemFree` `PropVariantClear` `CoUninitialize` `CoInitializeEx`
ntdll.dll	`NtWriteFile` `RtlNtStatusToDosError`
advapi32.dll	`SystemFunction036`
bcrypt.dll	`BCryptGenRandom`
oleaut32.dll	`GetErrorInfo` `SysFreeString` `SysStringLen`
VCRUNTIME140.dll	`memcmp` `__current_exception_context` `memcpy` `memset` `memmove` `__CxxFrameHandler3` `__C_specific_handler` `__current_exception`
api-ms-win-crt-math-l1-1-0.dll	`powf` `expf` `floorf` `sin` `floor` `atan` `cos` `log2` `cosf` `log10` `pow` `round` `__setusermatherr` `exp2`
api-ms-win-crt-runtime-l1-1-0.dll	`_set_app_type` `_seh_filter_exe` `_configure_narrow_argv` `_initialize_narrow_environment` `_get_initial_narrow_environment` `_initterm` `_initterm_e` `exit` `_exit` `__p___argc` `_crt_atexit` `_register_thread_local_exe_atexit_callback` `__p___argv` `terminate` `_initialize_onexit_table` `_register_onexit_function` `_c_exit` `_cexit`
api-ms-win-crt-stdio-l1-1-0.dll	`_set_fmode` `__p__commode`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-heap-l1-1-0.dll	`free` `_set_new_mode`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.86302`
MD5	`89a7885db3fbbcaf845defe82c88848d`
SHA1	`cf301f6f08048e37dab012d5dbaf7d5ab4760450`
SHA256	`acae0caf084ae414abe90835bb9091816ea20068e8ec0f0dad7bc2d3bb99af60`
SHA3	`75b427dab2bfc7f1ee56b3d806a7d07eb19d3fff6d4161b1b3cc3c3fba0bd513`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.6266`
MD5	`1b901dae2e223330393c7afe769360b5`
SHA1	`bfe72020dfdd340324de11756f35dbb29f0e385f`
SHA256	`d75df0f289c2dc6cedc8018039e34a4e19f2dfbabafb84c949caae3529b1b8b2`
SHA3	`d4d2a09364c5f058bf04ee0052aa3338dc2641569cce1f364cb93d5adb3e2e93`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.27762`
MD5	`e4e602ee06ec10af9c1326fae9c044b6`
SHA1	`12e66b76f1638fe9046f2bb1aed333d783cebd45`
SHA256	`471269d168be6b6855f9619dba286d1013c83b167c37cd671f1d68362c29f1f4`
SHA3	`834f192b5e7ee19da3d54089e5f6c72ccaccb1ebb5d74c1e1c9acc910c6a2632`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89577`
MD5	`02781099360a1416ce07f49fcb552708`
SHA1	`212d0b58c1fda44115bfcf041e8ffb2fc4f6f9dc`
SHA256	`a71e35bef5532a7ccefee7855f34b50e2a3173eb8958d14abfec613a6b204c92`
SHA3	`7dc455f4a2ea4849bcb44b762c487d315cc6fc05d1d9945c19630c5dd2831ec4`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10d3d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99061`
Detected Filetype	PNG graphic file
MD5	`5189c3ffd7b1f9fe771d639b7c5127d2`
SHA1	`3f6969a46fc6051683e122b6c0b79c22d3cfb0c0`
SHA256	`a22ca2926065dd79616515b10bf6966101e52840b9e1281a8f2b80f031f88075`
SHA3	`9920c1b9edc3bc2e580246fd01697f1255fc7e8d43b98c4438adaa677007f617`

1 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.67841`
Detected Filetype	Icon file
MD5	`a0afab03c56d681944e350e48534e3cf`
SHA1	`bbae2e223d5734f7f60270650e183f8c65b9a45e`
SHA256	`3aabcb71eae2bc39ba5ab9ee00b114b1ecb2d6a839746698ca6d90950990533c`
SHA3	`b46f7d71f2e050f3a326d466e790f40c74a7efac65a1f1d585756d390c1f3316`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1c4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.13272`
MD5	`00e319092c8977aca955a5b78edd54cf`
SHA1	`a76625a635302426a40443fb56f55ac7217f3227`
SHA256	`a48f6e3f2b6870fe813890b742f6b5212d1470f5454cb1913531dfb686a381e2`
SHA3	`0925edefa70b31d176dcea467a2260c31b0ef185d2f8e1e3e961adf0401b7bbd`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x152`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.94201`
MD5	`e42fb69f84dcd211e8d82859608eda47`
SHA1	`6a4ca4a8c1f155a5902628e777dfedf1d9b5950b`
SHA256	`0b160dfd3f0e27db02cdd00c5b201425068a332cfceb2519f3811e6feaa44448`
SHA3	`2158f498ec91d82d2d8dbe5cf4bfc818b3514c49241e52b02a7d1aaca83c8458`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.1.0.0
ProductVersion	0.1.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
FileVersion (#2)	0.1.0
FileDescription	badapple
CompanyName	https://github.com/mon
ProductVersion (#2)	0.1.0

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2023-Jul-31 12:08:33
Version	`0.0`
SizeofData	`876`
AddressOfRawData	`0x4b6734`
PointerToRawData	`0x4b5734`

TLS Callbacks

StartAddressOfRawData	`0x1404b6ac0`
EndAddressOfRawData	`0x1404b6b78`
AddressOfIndex	`0x14053b314`
AddressOfCallbacks	`0x1400724b0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`0x0000000140038930`

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1404bb0b0`

RICH Header

XOR Key	`0x2f481678`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`10`
Imports (30034)	`2`
C++ objects (30034)	`22`
C objects (30034)	`9`
ASM objects (30034)	`3`
Total imports	`127`
Imports (30148)	`17`
Unmarked objects (#2)	`6`
Resource objects (30151)	`1`
Linker (30151)	`1`

6a022e937a774f6da038da4634b0fc40

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

1 (#2)

1 (#3)

1 (#4)

Version Info

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors