Manalyze report for 876bb79b23707c6ce16fcf4945d04bd8

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2022-Dec-06 08:37:42
TLS Callbacks	2 callback(s) detected.
Debug artifacts	Embedded COFF debugging symbols

Plugin Output

Suspicious	PEiD Signature:	`PolyEnE 0.01+ by Lennart Hedlund`
Info	Interesting strings found in the binary:	`Contains domain names: cdn.metro-online.com https://cdn.metro-online.com https://cdn.metro-online.com/-/media/Project/MCW/shared/Bucket-Header/makro.svg https://www.spse.cz https://www.spse.cz/template/images/background.jpg metro-online.com online.com`
Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata` `Unusual section name found: /4` `Unusual section name found: /19` `Unusual section name found: /31` `Unusual section name found: /45` `Unusual section name found: /57` `Unusual section name found: /70` `Unusual section name found: /81` `Unusual section name found: /92`
Info	The PE contains common functions which appear in legitimate applications.	`Has Internet access capabilities: URLDownloadToFileA`
Suspicious	The file contains overlay data.	`1122205 bytes of data starting at offset 0x16d800.`
Suspicious	VirusTotal score: 2/72 (Scanned on 2023-11-06 11:16:58)	`Bkav: W64.AIDetectMalware` `CrowdStrike: win/malicious_confidence_70% (D)`

Hashes

MD5	`876bb79b23707c6ce16fcf4945d04bd8`
SHA1	`36c76e8b2a8bf8c0921947f9e74dabda35540e64`
SHA256	`7c916026b88c95ceb5ff92dd5f2e4c80f05b22502794addf64a551b8b8cb4e4c`
SHA3	`f819e005cfd15b110eea86da3414e64de587a7a61826338fe1e2f44d9648d25c`
SSDeep	`49152:qugxXg7mNrV0lKRrv2Aa1qoO7XOeQNX26E2KIPT/KOLXj/efiml:qo7mNrV0tqoO7XOeQNX26E2KIPT/KOLY`
Imports Hash	`f0dd4ebc9eb898c418c56b9f6b3a3106`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`17`
TimeDateStamp	2022-Dec-06 08:37:42
PointerToSymbolTable	`0x16d800`
NumberOfSymbols	`23298`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0xa0c00`
SizeOfInitializedData	`0xce000`
SizeOfUninitializedData	`0x1600`
AddressOfEntryPoint	`0x0000000000001500 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x178000`
SizeOfHeaders	`0x600`
Checksum	`0x282227`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`563488228e6f73a552cde6e1e0794c09`
SHA1	`c89dc19d3040ded104994238c8a93a517af10983`
SHA256	`b3ca187b1b195b01b4ef41988190205b3aeb4004dee436d02ac43858e05e9fe0`
SHA3	`b094fc8cfb955a91b4d973daea8b96176618e67e5255274bc1b6a40848a1ad3c`
VirtualSize	`0xa0b28`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa0c00`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.09904`

.data

MD5	`efee6f1f70f07a06b151a5cf2505777c`
SHA1	`68c7e0fa80090c0bbf931c477a99e74dc8aa5f05`
SHA256	`3b364f9f0e845454fd744c49e18030d76b229fa10bfc391790e22704b41f9e0d`
SHA3	`871419efb89b3a7105f89e2a135e446e5be5d98918e0eec5f93d89a9ce0fb56f`
VirtualSize	`0x3240`
VirtualAddress	`0xa2000`
SizeOfRawData	`0x3400`
PointerToRawData	`0xa1200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.297249`

.rdata

MD5	`1324b3ff696bbf2df79d4e855f9b442e`
SHA1	`265d30e411b097429e20a4e1c475c1d79e7daa01`
SHA256	`8a16bbfd01f98f58af83c912217be6230cf0e27d91f45233b27e4c6f1c7d06ce`
SHA3	`aa7286c64d8e1eb13573786779bcecf08ea45f593bfb08c3e336aa00b3a6a899`
VirtualSize	`0xf4a0`
VirtualAddress	`0xa6000`
SizeOfRawData	`0xf600`
PointerToRawData	`0xa4600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.46026`

.pdata

MD5	`a9bdd11d231c193e2dc28c1687e35e63`
SHA1	`ba285440a519304f4c35efc0f30ce518ff6effc4`
SHA256	`cf5ce2d9b54c29ec613987a6a99d99f16b72bc038202ebdb95c491d6f7c550c9`
SHA3	`6be97d541a4cd9d6e49125c37091594075ed0aa743e4d409014ca8dc67571d4b`
VirtualSize	`0xaaa0`
VirtualAddress	`0xb6000`
SizeOfRawData	`0xac00`
PointerToRawData	`0xb3c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.88175`

.xdata

MD5	`4d35c55669e19f3689addeaa93a0f25e`
SHA1	`0ab7830169fc6351d767f7ef240d119534181f0a`
SHA256	`21a5795fbb99b4ca8a0d9a112db6e8f20c329cc3cc125c9395ea8958c7e1a018`
SHA3	`87638bd2cee2e154f779f9519e281fe4bc9914ab01a8c7f9baa9bf8c55867c1c`
VirtualSize	`0xe650`
VirtualAddress	`0xc1000`
SizeOfRawData	`0xe800`
PointerToRawData	`0xbe800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.82276`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x14c0`
VirtualAddress	`0xd0000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`f6559848ea5759c256097c06fb5e4491`
SHA1	`822ee0b6c164a5c3218b5fe0e30b1a76e918f888`
SHA256	`5b961025f6a11a29d8859258295b648acdfbc038a32ba70086950f00b75e35d9`
SHA3	`df2d8364666eb5404888ee93a3ba06f75d42f8297a8d07e41576862962cacc44`
VirtualSize	`0x10d0`
VirtualAddress	`0xd2000`
SizeOfRawData	`0x1200`
PointerToRawData	`0xcd000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.21001`

.CRT

MD5	`ed13f4ad19dd137ecb1c276af9b77fcb`
SHA1	`9685419bee8dac9091595202db8ce2c1c66f607f`
SHA256	`cae7216ac8aab2101d245e397296b81e9055b8e32c10725c61581b7c45c89827`
SHA3	`c0f068d3c8ef05f504c9920a249e0cd6ddfb05a217f34eb2d5f4bc27f5bf6f9c`
VirtualSize	`0x68`
VirtualAddress	`0xd4000`
SizeOfRawData	`0x200`
PointerToRawData	`0xce200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.255489`

.tls

MD5	`855c60922dfae1dfc16ff25cb5f9a663`
SHA1	`cde937917f4fbb2d30ad42c5a9068d29f41b9ab7`
SHA256	`2f95ea07cbfb3a4d380c8816b102872467f77da38a464c4cfdb1d58c5f4f3f97`
SHA3	`19fd70819689c6cbeea4fe11f0ac8c5f0ae86d1b4b93f59c54cea4fcbc0c1258`
VirtualSize	`0x68`
VirtualAddress	`0xd5000`
SizeOfRawData	`0x200`
PointerToRawData	`0xce400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.200582`

/4

MD5	`ac2f3b43eaf4266362dd401524b84a5f`
SHA1	`db7d39480ffad6183e1577bb5a82b131e696fa37`
SHA256	`1819db9c3da6e77d995a1ce18799f9515e0a9331b6f995a5e4439c398f89bd64`
SHA3	`850e041c7124db7b094315a8df49213e6d7768154ed2f08acb061f88b86fd117`
VirtualSize	`0x940`
VirtualAddress	`0xd6000`
SizeOfRawData	`0xa00`
PointerToRawData	`0xce600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.82672`

/19

MD5	`2317cc1746308f4c8714078a09683d82`
SHA1	`4b0f019a61e99447d7f7d7b1e3611ee21cadf695`
SHA256	`a712628a62b58022968009fa387efbe7396c1d9e4bf718aa4e1c47905d522b84`
SHA3	`bc41104177b1670e16c109a21690e7229193494ad7e6252601a0aac13fc7a596`
VirtualSize	`0x6d9f5`
VirtualAddress	`0xd7000`
SizeOfRawData	`0x6da00`
PointerToRawData	`0xcf000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.00338`

/31

MD5	`36a1d536ac8b5a679c1bafeab11fd5cd`
SHA1	`dff8e114c264996df872e451fa9546664dcb3748`
SHA256	`29b2912a92d3d7c82945ad527acb131cc747eb1414725d77a2d69b42b97c586a`
SHA3	`ba833091ce825ac1a2961f235eda66d077618abf251f45ea41adca256ceef587`
VirtualSize	`0x5812`
VirtualAddress	`0x145000`
SizeOfRawData	`0x5a00`
PointerToRawData	`0x13ca00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.58391`

/45

MD5	`719a6bf0b45526b2d2973b6ff2f5a645`
SHA1	`64037f03bd43fbcb9bf80c3bf5979a2f217296ac`
SHA256	`698077c9cd8940b617076f26f8908536b87dc81eadcfecd9f0743caea883b161`
SHA3	`c1e93d6d6a456ddb26fb320da2774f5d50754b596c12579353be0c6db5f569a1`
VirtualSize	`0x6a45`
VirtualAddress	`0x14b000`
SizeOfRawData	`0x6c00`
PointerToRawData	`0x142400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.97067`

/57

MD5	`bcfd34014c3fccc787cdb0f6bece88df`
SHA1	`76f56f5734cca3effd5b62bac0a440b975fae8a4`
SHA256	`75abde65f3227d6e36d8c9766d62cfc6f7276ce28694c0a3a524c2aa73d84cc2`
SHA3	`df422cd786035df92bd6f73a8365a7c4b35817d742fb1d3e17e42fb625982c5a`
VirtualSize	`0x25a0`
VirtualAddress	`0x152000`
SizeOfRawData	`0x2600`
PointerToRawData	`0x149000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.54662`

/70

MD5	`496a646e0f347dbb4c223f46b35b896a`
SHA1	`b13664affc8a3069250d893c2448f0c6d2dbaad1`
SHA256	`b9070099cc1d033b4fea9fcb73209332f716f5330d03f50ec124acecd209eb97`
SHA3	`0d0e3cfb76fac2f8968267338713168b51fb5924c25b0230a6d1195341423d89`
VirtualSize	`0xe6c`
VirtualAddress	`0x155000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x14b600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.60993`

/81

MD5	`e9dac83a1d3ba1bed0a626dcc61e9ff4`
SHA1	`d541e4c41540c0f19a577de3263a598e905c05bb`
SHA256	`691bdb8d9ec05057f877cc830382d92b149b9619b3bafa910abb6c92450b71ad`
SHA3	`e990d66f198ecd085488c809d8aff33d87b10ba8cca157409ae804a793e34a78`
VirtualSize	`0x1f927`
VirtualAddress	`0x156000`
SizeOfRawData	`0x1fa00`
PointerToRawData	`0x14c600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.89129`

/92

MD5	`e282cb4e7e332737432631c6939eaf89`
SHA1	`2762361a30fee321b41fbfb4bb215975ac95a77e`
SHA256	`0d0c88e06f0fb93d7281b672016c846c3945fd445351e69788befa75dcfb9ba5`
SHA3	`3b47a554a6c2133db853aadc0b0a8cf475da9efeddab519eef3360723b216132`
VirtualSize	`0x1750`
VirtualAddress	`0x176000`
SizeOfRawData	`0x1800`
PointerToRawData	`0x16c000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.77603`

Imports

KERNEL32.dll	`CloseHandle` `CreateSemaphoreW` `DeleteCriticalSection` `EnterCriticalSection` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThreadId` `GetLastError` `GetModuleHandleW` `GetProcAddress` `GetStartupInfoA` `GetSystemTimeAsFileTime` `GetTickCount` `InitializeCriticalSection` `IsDBCSLeadByteEx` `LeaveCriticalSection` `MultiByteToWideChar` `QueryPerformanceCounter` `RaiseException` `ReleaseSemaphore` `RtlAddFunctionTable` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlUnwindEx` `RtlVirtualUnwind` `SetLastError` `SetUnhandledExceptionFilter` `Sleep` `TerminateProcess` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `UnhandledExceptionFilter` `VirtualProtect` `VirtualQuery` `WaitForSingleObject` `WideCharToMultiByte`
msvcrt.dll	`__C_specific_handler` `___lc_codepage_func` `__dllonexit` `__doserrno` `__getmainargs` `__initenv` `__iob_func` `__lconv_init` `__mb_cur_max` `__pioinfo` `__set_app_type` `__setusermatherr` `_acmdln` `_amsg_exit` `_cexit` `_errno` `_filelengthi64` `_fileno` `_fmode` `_fstat64` `_initterm` `_lock` `_lseeki64` `_onexit` `_strnicmp` `_unlock` `_write` `abort` `calloc` `exit` `fclose` `fflush` `fgetpos` `fopen` `fprintf` `fputc` `fputs` `fread` `free` `fsetpos` `fwrite` `getc` `getenv` `getwc` `isspace` `iswctype` `localeconv` `malloc` `memchr` `memcmp` `memcpy` `memmove` `memset` `putc` `putwc` `realloc` `setlocale` `setvbuf` `signal` `sprintf` `strcat` `strcmp` `strcoll` `strcpy` `strerror` `strftime` `strlen` `strncmp` `strtoul` `strxfrm` `towlower` `towupper` `ungetc` `ungetwc` `vfprintf` `wcscoll` `wcsftime` `wcslen` `wcsxfrm` `_write` `_read` `_fileno` `_fdopen`
urlmon.dll	`URLDownloadToFileA`

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData	`0x4d5000`
EndAddressOfRawData	`0x4d5060`
AddressOfIndex	`0x4d061c`
AddressOfCallbacks	`0x4d4040`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x000000000040B440` `0x000000000040B410`

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Tried to read outside the COFF string table to get the name of section /19!
[*] Warning: Tried to read outside the COFF string table to get the name of section /31!
[*] Warning: Tried to read outside the COFF string table to get the name of section /45!
[*] Warning: Tried to read outside the COFF string table to get the name of section /57!
[*] Warning: Tried to read outside the COFF string table to get the name of section /70!
[*] Warning: Tried to read outside the COFF string table to get the name of section /81!
[*] Warning: Tried to read outside the COFF string table to get the name of section /92!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF String Table's reported size is bigger than the remaining bytes!
[*] Warning: Section .bss has a size of 0!