Manalyze report for 7d23c054fdb9120f0abbf48c101fdb6c

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	1970-Jan-01 00:00:00
Debug artifacts	Embedded COFF debugging symbols

Plugin Output

Suspicious	PEiD Signature:	`HQR data file`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Looks for Qemu presence: QeMU QeMu qemu` `Miscellaneous malware strings: cmd.Exe cmd.exe` Contains domain names: .eq.github.com .eq.golang.org 1github.com 3github.com eq.github.com eq.golang.org fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2ffffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036414179be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b800000000000000000000000000000000000000000000000000000000000000077ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501eegithub.com github.com golang.org https://github.com itab.github.com textproto.nl
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES`
Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata` `Unusual section name found: /4` `Unusual section name found: /19` `Unusual section name found: /32` `Unusual section name found: /46` `Unusual section name found: /65` `Unusual section name found: /78` `Unusual section name found: /90` `Unusual section name found: .symtab`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryW LoadLibraryExW GetProcAddress` `Functions which can be used for anti-debugging purposes: SwitchToThread`
Suspicious	VirusTotal score: 2/71 (Scanned on 2024-05-18 23:46:11)	`Bkav: W64.AIDetectMalware` `Elastic: malicious (moderate confidence)`

Hashes

MD5	`7d23c054fdb9120f0abbf48c101fdb6c`
SHA1	`f71be2d28942a8349d2ec51aa0cc0c81137defdb`
SHA256	`08c1ec92bd6a2bc664e013c9d8423908ca1c0bdd65f8b9d13ea93f2f10da7c93`
SHA3	`bfcc387965efb691d00a2138b80fa01831674d4ee258b51c7055e8e4a3883646`
SSDeep	`98304:WCHlQn0dZXKkx98/+Kc5oEwBogJ1tTfest6SWBxh8Kn3InM/Rvd5mCCcceCU:fH5okx98/+Bw5Jptd08DImCCGCU`
Imports Hash	`4f2f006e2ecf7172ad368f8289dc96c1`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0x8b`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`15`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0xd17a00`
NumberOfSymbols	`13758`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`3.0`
SizeOfCode	`0x41e400`
SizeOfInitializedData	`0x4d800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000006C6A0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.1`
ImageVersion	`1.0`
SubsystemVersion	`6.1`
Win32VersionValue	`0`
SizeOfImage	`0xe39000`
SizeOfHeaders	`0x600`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`554c6a3a48836582ac9e61b756fa4e06`
SHA1	`0d41fa5d0da0ff395177e596ba2930bd4ec06ca7`
SHA256	`b70489ba771437602b405ae5eef3717b21edb53137b78338daf62fa65de3290b`
SHA3	`f79aff8b2cc814341a631b8e05b504ab2f7e71fc68905ebc15d795043ef40ab9`
VirtualSize	`0x41e279`
VirtualAddress	`0x1000`
SizeOfRawData	`0x41e400`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.16621`

.rdata

MD5	`d2b822da7105663e3b8cbcb36bb5399a`
SHA1	`ab409cc861ff67b94af87c20af951ef337d1848b`
SHA256	`32401a89b6254c5ab2f94e11000997921e601ca36768a2ec2a5069cedd9f6a32`
SHA3	`9beb975c40168841bcdc5f608ab605b9eb7cf64b394419cb35a532f2f5617e51`
VirtualSize	`0x50df08`
VirtualAddress	`0x420000`
SizeOfRawData	`0x50e000`
PointerToRawData	`0x41ea00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.00051`

.data

MD5	`b19d9af90a285da59076f705cc00ab49`
SHA1	`206f513738f0113c770adbbc357d06256ae6d1fd`
SHA256	`d565d602f4c8965540fcc8d74406b72cef4ac824d88176fcb4712ab1ac10a392`
SHA3	`0557c21268303eb59a7400ae2322aacf09092c2dbda56b8a34cfb26bae1cb8c5`
VirtualSize	`0xb2e10`
VirtualAddress	`0x92e000`
SizeOfRawData	`0x4d800`
PointerToRawData	`0x92ca00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.76366`

.pdata

MD5	`d957d8d9012b945d141313d9671e78cd`
SHA1	`6c9c56440c77d11a9a9e28c090fbaa8c8067ed36`
SHA256	`0299d00cd0b1b4b64e8ed0fc2d5638867e00295f70249120cc3be9402fb136c1`
SHA3	`fa2da7a1a64fe8f8e1c35a83b15597256ddb7bf23ea2a80fa4a62c43acc08583`
VirtualSize	`0x1b3a8`
VirtualAddress	`0x9e1000`
SizeOfRawData	`0x1b400`
PointerToRawData	`0x97a200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.6051`

.xdata

MD5	`673eb0cb30fca49fc02d73a2fcc681bc`
SHA1	`ed5aa0f235f93ed1b62738a9b835fcde9ba233c2`
SHA256	`d5cf92e7afc67f11807d96c6e57b033a60a36a37badccf37e8723df3536089c8`
SHA3	`4b65cf3478e82e927b9880a99b100f13e47d0f37df21d82991ff537a38f5ad04`
VirtualSize	`0xa8`
VirtualAddress	`0x9fd000`
SizeOfRawData	`0x200`
PointerToRawData	`0x995600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.63451`

/4

MD5	`17f62672c8506464ae13eccc2eb6cb94`
SHA1	`65d9dc4d3d6c051bd184fe655ee41925f867957c`
SHA256	`1a10e5433f8443dbc22881c2c0dff8772c75b2382304652b801b3f67b6693306`
SHA3	`45e64e05e8d2850a83d419611c4945ca99645fecf96647c4b0f0b602bff5c6b3`
VirtualSize	`0x129`
VirtualAddress	`0x9fe000`
SizeOfRawData	`0x200`
PointerToRawData	`0x995800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.08195`

/19

MD5	`8066ebbc25c01e16e197597c1b4368bc`
SHA1	`7e1b4685938ee559ad16442f56bd899a7c65c1af`
SHA256	`a5d1b813531fb8ecac318e438a9ed4ff5d2c09cf5b15f25d9d54e4e7847174a6`
SHA3	`9f0ce287f14a44d7788564e59a2c4a06da3aa67f67c1f8fc9f1c8b00b3d8103c`
VirtualSize	`0xb0a47`
VirtualAddress	`0x9ff000`
SizeOfRawData	`0xb0c00`
PointerToRawData	`0x995a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99687`

/32

MD5	`42588a6232decd89c43b397badd7e920`
SHA1	`b7af9fa88115ae95f8f98d5af6db9d8995f375a2`
SHA256	`582ef1108e0f1e395767ac323b672f2d05e1553c60a7d5027b6eb9a5ccd92edf`
SHA3	`111b7098e5d8f4469766c69e3992c42b58ff8678bf4faaa2fee11f7b0d491238`
VirtualSize	`0x2a46a`
VirtualAddress	`0xab0000`
SizeOfRawData	`0x2a600`
PointerToRawData	`0xa46600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.93894`

/46

MD5	`40cca7c46fc713b4f088e5d440ca7931`
SHA1	`3aaa1650bfaf5325fa9cb3a1a284aebcc92aebf4`
SHA256	`3e3c5f5d419b70e588da0ef0e3d9ce1a5863a5624febc16cd0c007cd14e89015`
SHA3	`a0e18fe9f6ac46417d52cdc99cf9ae56edb5a53f788995a085b10f88f348a0e4`
VirtualSize	`0x30`
VirtualAddress	`0xadb000`
SizeOfRawData	`0x200`
PointerToRawData	`0xa70c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.855685`

/65

MD5	`ce10867ddf63318a0babcf20d17305e7`
SHA1	`b2f5579874a58957da1ceac1d1ff64ad177a842d`
SHA256	`bdaf51a6c5984fcf15c4d4ef01b675e7b5f9344902175900571cf7c00226d6e7`
SHA3	`3505067eb9881ccce3fdc5b9d299c623f4612edca70541c724832a7566b7d571`
VirtualSize	`0x15d4d1`
VirtualAddress	`0xadc000`
SizeOfRawData	`0x15d600`
PointerToRawData	`0xa70e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99821`

/78

MD5	`ac6bd5d8c8bcb1cb35b5022ffa7c75fa`
SHA1	`366481665563f41ed848e0eccce09411d25edd9a`
SHA256	`a2a5f08a653e07dd051adb21ebb3776a0f1948745c6f2c084b9d13d0a258ed91`
SHA3	`eb1dd2f4e9f4f1a2f7de3e3461a91e19ae3163f702d9a5222f9a55b01d04bae0`
VirtualSize	`0xf5e55`
VirtualAddress	`0xc3a000`
SizeOfRawData	`0xf6000`
PointerToRawData	`0xbce400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99568`

/90

MD5	`8782890bd708bb15f4e4a8d057c94e77`
SHA1	`dea87e1b95aefdaf3323e61f9bc8629a524ce733`
SHA256	`fd89937e16cb9fc552100721b1d86499520837159a70173a6e9fb899a2b6edd0`
SHA3	`a044449740868784a1a65ec600e390b867f857c4a74b0cad1031a11391a0dd8a`
VirtualSize	`0x3fc2a`
VirtualAddress	`0xd30000`
SizeOfRawData	`0x3fe00`
PointerToRawData	`0xcc4400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.80441`

.idata

MD5	`d6fe574402099c3f8c17e7a0c4c0fe56`
SHA1	`d95afcccddc4510b856264886ef5c677254a7c8e`
SHA256	`735676afb12cc8117686bc3ac20f751a52f3760e30f56a7ac1e2910b27a31331`
SHA3	`1ce7086c117d6732bce370a26cb9fdae30a27e19979591cdb1a6b27081e36df2`
VirtualSize	`0x516`
VirtualAddress	`0xd70000`
SizeOfRawData	`0x600`
PointerToRawData	`0xd04200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.85789`

.reloc

MD5	`e2ebf82a30ce02942e43c6ce56827ba1`
SHA1	`3349d291e10d85e98ad4b3b8282b1f96a15fa2ca`
SHA256	`56f28dfe8389afc414d056f21458e9c155f35a3565429e01295f8a578d4e5163`
SHA3	`a8104c0d7810629d9629bee3a1b1bd53a19728364a7419885fb26fadfbaa2428`
VirtualSize	`0x13142`
VirtualAddress	`0xd71000`
SizeOfRawData	`0x13200`
PointerToRawData	`0xd04800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.44008`

.symtab

MD5	`ef6e60a0d7f44cb40d82fb4f2af7b96e`
SHA1	`e56b297167b4c567cc4188645b7352e250c70dba`
SHA256	`cba5ecc5f0693deed47f48054d60b9759b40e65ebb8c54270d4e1f12118791d0`
SHA3	`56a1aadacb31d0993938dc61340650ea04ff7aa18b9060a408e927bb7561d73e`
VirtualSize	`0xb35c6`
VirtualAddress	`0xd85000`
SizeOfRawData	`0xb3600`
PointerToRawData	`0xd17a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.39016`

Imports

kernel32.dll	`WriteFile` `WriteConsoleW` `WerSetFlags` `WerGetFlags` `WaitForMultipleObjects` `WaitForSingleObject` `VirtualQuery` `VirtualFree` `VirtualAlloc` `TlsAlloc` `SwitchToThread` `SuspendThread` `SetWaitableTimer` `SetUnhandledExceptionFilter` `SetProcessPriorityBoost` `SetEvent` `SetErrorMode` `SetConsoleCtrlHandler` `ResumeThread` `RaiseFailFastException` `PostQueuedCompletionStatus` `LoadLibraryW` `LoadLibraryExW` `SetThreadContext` `GetThreadContext` `GetSystemInfo` `GetSystemDirectoryA` `GetStdHandle` `GetQueuedCompletionStatusEx` `GetProcessAffinityMask` `GetProcAddress` `GetErrorMode` `GetEnvironmentStringsW` `GetCurrentThreadId` `GetConsoleMode` `FreeEnvironmentStringsW` `ExitProcess` `DuplicateHandle` `CreateWaitableTimerExW` `CreateThread` `CreateIoCompletionPort` `CreateFileA` `CreateEventA` `CloseHandle` `AddVectoredExceptionHandler`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Tried to read outside the COFF string table to get the name of section /19!
[*] Warning: Tried to read outside the COFF string table to get the name of section /32!
[*] Warning: Tried to read outside the COFF string table to get the name of section /46!
[*] Warning: Tried to read outside the COFF string table to get the name of section /65!
[*] Warning: Tried to read outside the COFF string table to get the name of section /78!
[*] Warning: Tried to read outside the COFF string table to get the name of section /90!