Manalyze report for 76fad3f02eb45d3bfc22275a3874a6b6aa44b29669313e9b2618c7792087f547

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1970-Jan-01 00:00:00

Plugin Output

Suspicious	PEiD Signature:	`Crunch/PE v5.0`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: Backdoor` `Contains domain names: Z-github.com github.com golang.org`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES`
Suspicious	The PE is possibly packed.	`Unusual section name found: .symtab`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA LoadLibraryW GetProcAddress` `Functions which can be used for anti-debugging purposes: SwitchToThread`
Malicious	VirusTotal score: 22/69 (Scanned on 2023-01-11 09:14:53)	`MicroWorld-eScan: DeepScan:Generic.Sliver.E.8BB85E7B` `FireEye: DeepScan:Generic.Sliver.E.8BB85E7B` `Cylance: Unsafe` `VIPRE: DeepScan:Generic.Sliver.E.8BB85E7B` `Symantec: ML.Attribute.HighConfidence` `Elastic: Multi.Trojan.Sliver` `ESET-NOD32: a variant of WinGo/HackTool.Sliver.G` `ClamAV: Win.File.Sliver-9942542-0` `Kaspersky: HEUR:Trojan.Multi.MalGO.gen` `BitDefender: DeepScan:Generic.Sliver.E.8BB85E7B` `Cynet: Malicious (score: 100)` `Sophos: ATK/Sliver-B` `Emsisoft: DeepScan:Generic.Sliver.E.8BB85E7B (B)` `APEX: Malicious` `GData: DeepScan:Generic.Sliver.E.8BB85E7B` `MAX: malware (ai score=85)` `Arcabit: DeepScan:Generic.Sliver.E.8BB85E7B` `ZoneAlarm: HEUR:Trojan.Multi.MalGO.gen` `Microsoft: VirTool:Win32/Splinter.D!MTB` `Google: Detected` `Malwarebytes: Malware.AI.3707052570` `Ikarus: Trojan.WinGo.Hacktool`

Hashes

MD5	`50b17bdfeed43ef16be45a4b067082cb`
SHA1	`f8ff58d84d03a0c0a94eab689f17b9002a85e949`
SHA256	`76fad3f02eb45d3bfc22275a3874a6b6aa44b29669313e9b2618c7792087f547`
SHA3	`4e025201952a9ad6e015ea30851dec9df204ef3661bf5e76fbdfbb532a3a0e7e`
SSDeep	`98304:L9DI/Vd8D/zUtdR3vSfOCgLeetgbYRKEJjWF+9gKHaN6d/:L9DDbUt7qfnCekgEXJSTW`
Imports Hash	`9cbefe68f395e67356e2a5d8d1b285c0`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0x4`
e_cparhdr	`0`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0x8b`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0x1177600`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`3.0`
SizeOfCode	`0x9d7800`
SizeOfInitializedData	`0x47800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000067060 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.1`
ImageVersion	`1.0`
SubsystemVersion	`6.1`
Win32VersionValue	`0`
SizeOfImage	`0x11e9000`
SizeOfHeaders	`0x600`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`8b7545f0332a42ed9e0587ab0124e527`
SHA1	`6d71f78ca6577ea475ad1412aa62eb532556254c`
SHA256	`35881e6135436b0a4040fc4e6305a686b04da2a8d26bfa33fc83335215686b04`
SHA3	`422d937f66989aaa50f4564f273d1f97309f17a0443c12732eb31b14fafe7abc`
VirtualSize	`0x9d76da`
VirtualAddress	`0x1000`
SizeOfRawData	`0x9d7800`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.18414`

.rdata

MD5	`7dbd0a72e7ba6f6506c299dadbffcec3`
SHA1	`c3e2292ba11568e6c4b1ce93ed5de839938edf72`
SHA256	`0d0d1d1cff0593fcb5b6c8eafd966a645e7266bb8e9d837dc89c1ffca3ba7cc4`
SHA3	`497485bd68b02bb0bf65ef862392b6866c2434c46aea177c01206e28663b1718`
VirtualSize	`0x739a58`
VirtualAddress	`0x9d9000`
SizeOfRawData	`0x739c00`
PointerToRawData	`0x9d7e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.97942`

.data

MD5	`dbab4837a8efb6907009675233716171`
SHA1	`885f454a627971cfd4e1f988356869cd600d463a`
SHA256	`7381b30b98e4d958fdb1784afbac6b7813e0467f2b9384e1b492f1a5f64f9d99`
SHA3	`cca5c4cca1d194dcf0e45cea0a1005a46b67ea6d92f964584b7db0a49f3db71e`
VirtualSize	`0xb5cb0`
VirtualAddress	`0x1113000`
SizeOfRawData	`0x47800`
PointerToRawData	`0x1111a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.30707`

.idata

MD5	`c66daece9a9fa963f7b069abbe1a7a98`
SHA1	`74292b765cedce680563311de86456f6d3c18024`
SHA256	`ea55e8ccc1f624d0f586a719be9f76c6d41aab04750c523758b35860b0f4c777`
SHA3	`bae27d6b024cf8a669b55d8b3493f2c6e0e84632843c537febaf6e0b0d11a27d`
VirtualSize	`0x47c`
VirtualAddress	`0x11c9000`
SizeOfRawData	`0x600`
PointerToRawData	`0x1159200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.71855`

.reloc

MD5	`9e6974e36714cf5087b5e5dcacaaa133`
SHA1	`157df7e0e622173d543bc6266a9c261115fc76e9`
SHA256	`63e1516699d18d38e9aeacce6af55058019c6921c54df67fd684de3ef528f6a4`
SHA3	`b56e171767b9cb03fb8bcf80c33ea5432f8e6994fb23033ef15a731d2944e8a8`
VirtualSize	`0x1dcac`
VirtualAddress	`0x11ca000`
SizeOfRawData	`0x1de00`
PointerToRawData	`0x1159800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.44042`

.symtab

MD5	`07b5472d347d42780469fb2654b7fc54`
SHA1	`943ae54f4818e52409fbbaf60ffd71318d966b0d`
SHA256	`3e67f4a7d14b832ff2a2433e9cf0f6f5720821f67148a87c0ee2595a20c96c68`
SHA3	`a70a3e18515c06557b62676f2a8eb6d7d41962d8c9c7c49f4641c429cc65b977`
VirtualSize	`0x4`
VirtualAddress	`0x11e8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1177600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0203931`

Imports

kernel32.dll	`WriteFile` `WriteConsoleW` `WaitForMultipleObjects` `WaitForSingleObject` `VirtualQuery` `VirtualFree` `VirtualAlloc` `SwitchToThread` `SuspendThread` `SetWaitableTimer` `SetUnhandledExceptionFilter` `SetProcessPriorityBoost` `SetEvent` `SetErrorMode` `SetConsoleCtrlHandler` `ResumeThread` `PostQueuedCompletionStatus` `LoadLibraryA` `LoadLibraryW` `SetThreadContext` `GetThreadContext` `GetSystemInfo` `GetSystemDirectoryA` `GetStdHandle` `GetQueuedCompletionStatusEx` `GetProcessAffinityMask` `GetProcAddress` `GetEnvironmentStringsW` `GetConsoleMode` `FreeEnvironmentStringsW` `ExitProcess` `DuplicateHandle` `CreateWaitableTimerExW` `CreateThread` `CreateIoCompletionPort` `CreateFileA` `CreateEventA` `CloseHandle` `AddVectoredExceptionHandler`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.