Manalyze report for 7bb392aea53dae09dea35df0ec692e0c

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2022-Sep-08 08:54:54

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress` `Possibly launches other programs: CreateProcessW` `Can create temporary files: GetTempPathW CreateFileW` `Functions related to the privilege level: OpenProcessToken` `Enumerates local disk drives: GetDriveTypeW`
Suspicious	The file contains overlay data.	`24311455 bytes of data starting at offset 0x5ca00.` `The overlay data has an entropy of 7.99607 and is possibly compressed or encrypted.` `Overlay data amounts for 98.4634% of the executable.`
Safe	VirusTotal score: 0/70 (Scanned on 2022-09-19 01:10:12)	`All the AVs think this file is safe.`

Hashes

MD5	`7bb392aea53dae09dea35df0ec692e0c`
SHA1	`162cf6abef2ee378b26627514d4e0dd018f2ec4d`
SHA256	`8442f1816480a3c7b6cdab33dd5dba64f77869e953f6c73567bd1dc70620fe81`
SHA3	`3a77b38faa4fbb38020ad0b91c75dba4742d4b3be45552d18409ea52a98cb747`
SSDeep	`393216:GPXCEDLMufh9BnZte+ugSzLUJKQ4O+OAOkL2ciIrHWRpeD7LapkvWlLA+:UCEDLMufBZ4MKjAk4ILEsD7L8kOlLA`
Imports Hash	`69eb46a9f63edcc604b0bdaaa8e0f2f5`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2022-Sep-08 08:54:54
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x28800`
SizeOfInitializedData	`0x33e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000000A340 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x71000`
SizeOfHeaders	`0x400`
Checksum	`0x178e64e`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x1e8480`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`fefe4e599097ab831fbfbb6e5e421906`
SHA1	`66627b34050b5970380041c8e130597250820d89`
SHA256	`090d10c0738d71cdb791f886521aa5ea4489847690a828299858b914e5cdbf20`
SHA3	`7b223789c43b85db9a7553116dc1b4b74da3b9e8c80ba187ac151b36632f630e`
VirtualSize	`0x287b0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x28800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.49532`

.rdata

MD5	`9f9383a9b9a8e13321dbfa0ed633448b`
SHA1	`27114251ed3bbf5ae02bb8b2278a6a4831a27bf7`
SHA256	`10cee4bdfe6abce807d6a03c1e13f07cbc5909b1bec77ab8d48c826f35be7548`
SHA3	`f9d9cdf1e6536f5be0a515e791d879044c778d93c4d22a720fb1f814541bda23`
VirtualSize	`0x12722`
VirtualAddress	`0x2a000`
SizeOfRawData	`0x12800`
PointerToRawData	`0x28c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.84393`

.data

MD5	`198b8ebb04e4f12594d5daeaf5d617cf`
SHA1	`80f5788e735627cc05cc6ffb9758e5ff54871f0a`
SHA256	`75043a6c1eb1637dd41569a9bb99961ea7721c9a3ff8cf3efc50f441dd4664f5`
SHA3	`bc02be93ef0dc1979a872128643a05e3a653dd3f29cb97341ca5b799873e5e4e`
VirtualSize	`0x103e8`
VirtualAddress	`0x3d000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x3b400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.809`

.pdata

MD5	`37b002a7ba292cc39f35bc72b05e2902`
SHA1	`a542523398863786da818b144adceeb610180498`
SHA256	`01156344720c4fe48e60dc41d83ff9edaf9ceb2ae0cfbf6b79434d0ac1e1d022`
SHA3	`a61e787ca948b450492944ff913cbf217cabf6e62898cead76fe3de2dd6324e6`
VirtualSize	`0x20e8`
VirtualAddress	`0x4e000`
SizeOfRawData	`0x2200`
PointerToRawData	`0x3c200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.33184`

_RDATA

MD5	`f8536c2f41bb71662396f3d0c02d4998`
SHA1	`350e1a6e9f47112a23b71916fb037d87f57123d7`
SHA256	`9ab74cbe6efe05eb51ccd73392ddd650f02a9aff543a98340da107189fb2c7f4`
SHA3	`d1eba1152b8aa113de6e5e6162df698d28045f359e998e989b0dba2cf4e81aff`
VirtualSize	`0x15c`
VirtualAddress	`0x51000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3e400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.7962`

.rsrc

MD5	`06ed26e283dc7f3e22f08739995f67a8`
SHA1	`0b3eaad2eda501f4efc3a0949e786795ce653bb5`
SHA256	`80759b09703a2b483316b7b4cde3ae1772d67aaa8e7430eca36210815ba689c1`
SHA3	`4d9297ebe5009398c936e2cbfd8bc54dc61bfd76ba009493d8d31bb04f52cc59`
VirtualSize	`0x1da14`
VirtualAddress	`0x52000`
SizeOfRawData	`0x1dc00`
PointerToRawData	`0x3e600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.30365`

.reloc

MD5	`ec5e61bcd7cb7409135ac14ccef8b759`
SHA1	`6d48e50f228984112d3a7774a1d3a9528a9f1dcb`
SHA256	`2e534c83e7c8ffd8b8acbf25d37feb78d1fec6a47ee7ce7da1f202cfd4604f0c`
SHA3	`45e1ae439dbf196435bf4b0efa20cefe2138a1643c20ee5c8da8c6bf10251032`
VirtualSize	`0x758`
VirtualAddress	`0x70000`
SizeOfRawData	`0x800`
PointerToRawData	`0x5c200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.2319`

Imports

KERNEL32.dll	`GetCommandLineW` `GetEnvironmentVariableW` `SetEnvironmentVariableW` `ExpandEnvironmentStringsW` `CreateDirectoryW` `GetTempPathW` `WaitForSingleObject` `Sleep` `GetExitCodeProcess` `CreateProcessW` `GetStartupInfoW` `LoadLibraryExW` `SetConsoleCtrlHandler` `FindClose` `FindFirstFileExW` `CloseHandle` `GetCurrentProcess` `LocalFree` `FormatMessageW` `MultiByteToWideChar` `WideCharToMultiByte` `SetEndOfFile` `GetProcAddress` `GetModuleFileNameW` `SetDllDirectoryW` `FreeLibrary` `GetLastError` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `GetModuleHandleW` `RtlUnwindEx` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `EncodePointer` `RaiseException` `RtlPcToFileHeader` `GetCommandLineA` `CreateFileW` `GetDriveTypeW` `GetFileInformationByHandle` `GetFileType` `PeekNamedPipe` `SystemTimeToTzSpecificLocalTime` `FileTimeToSystemTime` `GetFullPathNameW` `RemoveDirectoryW` `FindNextFileW` `SetStdHandle` `DeleteFileW` `ReadFile` `GetStdHandle` `WriteFile` `ExitProcess` `GetModuleHandleExW` `HeapFree` `GetConsoleMode` `ReadConsoleW` `SetFilePointerEx` `GetConsoleOutputCP` `GetFileSizeEx` `HeapAlloc` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `CompareStringW` `LCMapStringW` `GetCurrentDirectoryW` `FlushFileBuffers` `HeapReAlloc` `GetFileAttributesExW` `GetStringTypeW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `GetProcessHeap` `GetTimeZoneInformation` `HeapSize` `WriteConsoleW`
ADVAPI32.dll	`ConvertSidToStringSidW` `GetTokenInformation` `OpenProcessToken` `ConvertStringSecurityDescriptorToSecurityDescriptorW`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x4d49`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.9661`
Detected Filetype	PNG graphic file
MD5	`aa6de8a4c4deb28a6a3f9d2d6e82b03e`
SHA1	`e973d2bff1bec1cbc804ae98d99d191a21cbf86a`
SHA256	`1d24bd5d6d75cf270551634c18bdc12a0eed2805c269b7e1c3904a49915e1dbd`
SHA3	`dc2aabbe6aec06670aa7adb133fe37454d60a8b6ccf815d8fe00188898c6bb7d`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.73097`
MD5	`3eb3b1958a208a1d5a7f4d77d9cfa787`
SHA1	`65288cff954daac897b104b758250a90ce4425e1`
SHA256	`51b528476cdfdaeac2f064d07adfb2a1c830e46bad8b1e377836ee3497bb7e53`
SHA3	`23758a8936d48f8ae3623926063ada5c3b1b20ec69275fb9cd0050f38811f1a6`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.11951`
MD5	`f38d9f743b6f5a5637d17013cfbe6d35`
SHA1	`8436a2cc93fa224e9e8b291493164f8cf08b638b`
SHA256	`be34409dfac80d0b095a3a4636842f2f204b954c36978a7423bb0de6b276f8dc`
SHA3	`3c5ef14fc7a34807626756589f5f1c06bc51f66249f1bcfa35101fe94ffaaa3b`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.58061`
MD5	`f19d821f00ef5df9ee8a56d8718afc71`
SHA1	`eb875d0304bfc90cc274c7b2fad17cd258301806`
SHA256	`316b21422b4d4c9f8aff6a86265952fdc34fe4179b5ce8a48740b134e9cdedd6`
SHA3	`6047a48071d6ea4e8ed34377af68e6013707e4d23b931224d121b8724be0b41a`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.85329`
MD5	`53672c7ad5a007cc43b0aafbf96dcfff`
SHA1	`44be60967840fd16c8175d0277325c836761b2f4`
SHA256	`64a5c19aa38ec84960e3018556db8fc4298c410b2004f2c5f1ffc207cbad3db2`
SHA3	`b170661eef58e6956fdd6006f378e732f8643b84f4b26b00da25f83f101b65c7`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.50596`
MD5	`bdcaf3f13233d37d8e0b56b567581d23`
SHA1	`de2dfbc833a8ca202ac04421cf245af6673ef975`
SHA256	`16de7350a690ebbac5ae648b13d119ffdd52938064f39d01b2a35e441ed1a8b2`
SHA3	`22b573f9040245927d5baead0fc77a445e0cfde292e101438c643744543fc0f6`

0

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.79908`
Detected Filetype	Icon file
MD5	`92606faa7b5bf746e9db0a6d3d717668`
SHA1	`1145d202808736f9b4aa8b8d073cf3f239180b6e`
SHA256	`3c0d94c128936fb5f9ec0519372c53c81c7b7213d475b9121dae1a35d31acccd`
SHA3	`ddc2f086ec2105cc46b0f0f616313166cc257bacf4efd1d8a13329957d6d9b49`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x58c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.2842`
MD5	`3db93c8ad33e1e801152665ddec19d76`
SHA1	`cc1ac02e7a4734b5fb91775898f049cf2a3690ac`
SHA256	`d919d7515695f5b59ccfc866d461b88e976ee71794ee59bf414d671bc6a3ab56`
SHA3	`a8c8d939e85225e3ef3d5b7f47abdcdb5407cbc460376d7a03385cd6a04d8585`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2022-Sep-08 08:54:54
Version	`0.0`
SizeofData	`772`
AddressOfRawData	`0x39884`
PointerToRawData	`0x38484`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14003d000`
GuardCFCheckFunctionPointer	`5368882000`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0xadbce751`
Unmarked objects	`0`
ASM objects (30795)	`7`
C++ objects (30795)	`190`
C objects (30795)	`10`
253 (VS2022 Update 2 (17.2.0-1) compiler 31328)	`3`
C++ objects (VS2022 Update 2 (17.2.0-1) compiler 31328)	`40`
C objects (VS2022 Update 2 (17.2.0-1) compiler 31328)	`17`
ASM objects (VS2022 Update 2 (17.2.0-1) compiler 31328)	`9`
Imports (30795)	`5`
Total imports	`117`
C objects (VS2022 Update 2 (17.2.5-6) compiler 31332)	`20`
Linker (VS2022 Update 2 (17.2.5-6) compiler 31332)	`1`

7bb392aea53dae09dea35df0ec692e0c

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

_RDATA

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

0

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors