Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2022-Sep-08 08:54:54 |
Info | Cryptographic algorithms detected in the binary: | Uses constants related to CRC32 |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Suspicious | The file contains overlay data. |
24311455 bytes of data starting at offset 0x5ca00.
The overlay data has an entropy of 7.99607 and is possibly compressed or encrypted. Overlay data amounts for 98.4634% of the executable. |
Safe | VirusTotal score: 0/70 (Scanned on 2022-09-19 01:10:12) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x100 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 7 |
TimeDateStamp | 2022-Sep-08 08:54:54 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x28800 |
SizeOfInitializedData | 0x33e00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000000000000A340 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.2 |
ImageVersion | 0.0 |
SubsystemVersion | 5.2 |
Win32VersionValue | 0 |
SizeOfImage | 0x71000 |
SizeOfHeaders | 0x400 |
Checksum | 0x178e64e |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x1e8480 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
GetCommandLineW
GetEnvironmentVariableW SetEnvironmentVariableW ExpandEnvironmentStringsW CreateDirectoryW GetTempPathW WaitForSingleObject Sleep GetExitCodeProcess CreateProcessW GetStartupInfoW LoadLibraryExW SetConsoleCtrlHandler FindClose FindFirstFileExW CloseHandle GetCurrentProcess LocalFree FormatMessageW MultiByteToWideChar WideCharToMultiByte SetEndOfFile GetProcAddress GetModuleFileNameW SetDllDirectoryW FreeLibrary GetLastError RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind UnhandledExceptionFilter SetUnhandledExceptionFilter TerminateProcess IsProcessorFeaturePresent QueryPerformanceCounter GetCurrentProcessId GetCurrentThreadId GetSystemTimeAsFileTime InitializeSListHead IsDebuggerPresent GetModuleHandleW RtlUnwindEx SetLastError EnterCriticalSection LeaveCriticalSection DeleteCriticalSection InitializeCriticalSectionAndSpinCount TlsAlloc TlsGetValue TlsSetValue TlsFree EncodePointer RaiseException RtlPcToFileHeader GetCommandLineA CreateFileW GetDriveTypeW GetFileInformationByHandle GetFileType PeekNamedPipe SystemTimeToTzSpecificLocalTime FileTimeToSystemTime GetFullPathNameW RemoveDirectoryW FindNextFileW SetStdHandle DeleteFileW ReadFile GetStdHandle WriteFile ExitProcess GetModuleHandleExW HeapFree GetConsoleMode ReadConsoleW SetFilePointerEx GetConsoleOutputCP GetFileSizeEx HeapAlloc FlsAlloc FlsGetValue FlsSetValue FlsFree CompareStringW LCMapStringW GetCurrentDirectoryW FlushFileBuffers HeapReAlloc GetFileAttributesExW GetStringTypeW IsValidCodePage GetACP GetOEMCP GetCPInfo GetEnvironmentStringsW FreeEnvironmentStringsW GetProcessHeap GetTimeZoneInformation HeapSize WriteConsoleW |
---|---|
ADVAPI32.dll |
ConvertSidToStringSidW
GetTokenInformation OpenProcessToken ConvertStringSecurityDescriptorToSecurityDescriptorW |
Characteristics |
0
|
---|---|
TimeDateStamp | 2022-Sep-08 08:54:54 |
Version | 0.0 |
SizeofData | 772 |
AddressOfRawData | 0x39884 |
PointerToRawData | 0x38484 |
Size | 0x140 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x14003d000 |
GuardCFCheckFunctionPointer | 5368882000 |
GuardCFDispatchFunctionPointer | 0 |
GuardCFFunctionTable | 0 |
GuardCFFunctionCount | 0 |
GuardFlags | (EMPTY) |
CodeIntegrity.Flags | 0 |
CodeIntegrity.Catalog | 0 |
CodeIntegrity.CatalogOffset | 0 |
CodeIntegrity.Reserved | 0 |
GuardAddressTakenIatEntryTable | 0 |
GuardAddressTakenIatEntryCount | 0 |
GuardLongJumpTargetTable | 0 |
GuardLongJumpTargetCount | 0 |
XOR Key | 0xadbce751 |
---|---|
Unmarked objects | 0 |
ASM objects (30795) | 7 |
C++ objects (30795) | 190 |
C objects (30795) | 10 |
253 (VS2022 Update 2 (17.2.0-1) compiler 31328) | 3 |
C++ objects (VS2022 Update 2 (17.2.0-1) compiler 31328) | 40 |
C objects (VS2022 Update 2 (17.2.0-1) compiler 31328) | 17 |
ASM objects (VS2022 Update 2 (17.2.0-1) compiler 31328) | 9 |
Imports (30795) | 5 |
Total imports | 117 |
C objects (VS2022 Update 2 (17.2.5-6) compiler 31332) | 20 |
Linker (VS2022 Update 2 (17.2.5-6) compiler 31332) | 1 |