| Suspicious |
PEiD Signature: |
HQR data file
|
| Suspicious |
Strings found in the binary may indicate undesirable behavior: |
Contains references to internet browsers:
Accesses the WMI:
- root\Microsoft
- root\cimv2
Contains domain names:
- 22.uefa.com
- 25252Fchampionsleague-sales.tickets.uefa.com
- 252Fchampionsleague-sales.tickets.uefa.com
- AudioOutputDeviceRequestedJavaScriptInterfaceRemovedPrefetchNotUsedProbeFailedinsufficientSourceCapacitynoMatchingSourceFilterDatagoogle.golang.org
- activate.org
- api.pushover.net
- apigoogle.golang.org
- assets.queue-it.net
- auth.ticketmaster.com
- banquetrecords.com
- birthpopuptypesapplyImagebeinguppernoteseveryshowsmeansextramatchtrackknownearlybegansuperpapernorthlearngivennamedendedTermspartsGroupbrandusingwomanfalsereadyaudiotakeswhile.com
- cdn.discordapp.com
- championsleague-sales.tickets.uefa.com
- connect.paris2024.org
- dd.tickets.uefa.com
- discord.com
- discordapp.com
- dot.style.top
- epsf.ticketmaster.co.uk
- europaleague-sales.tickets.uefa.com
- eventim.co.uk
- eventim.de
- genretrucklooksValueFrame.net
- gigya.connect.paris2024.org
- github.com
- golang.org
- google.golang.org
- hostname.com
- http://127.0.0.1
- http://85.10.204.199
- http://shop.api.eventix.io
- http://shop.api.eventix.io/3.0.0/%v/data?nocache
- http://shop.api.eventix.io/3.0.0/%v/order?nocache
- http://shop.api.eventix.io/3.0.0/%v/reserve/ticket/%v?nocache
- http://tibbaa.com
- http://www.C
- http://www.a
- http://www.css
- http://www.hortcut
- http://www.ibm.com
- http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtdabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\p
- http://www.icon
- http://www.interpretation
- http://www.language
- http://www.style
- http://www.text-decoration
- http://www.w3.org
- http://www.w3.org/XML/1998/namespacexml
- http://www.w3.org/shortcut
- http://www.wencodeURIComponent
- http://www.years
- https://api.2captcha.cominvalid
- https://api.capmonster.cloudFailed
- https://api.capsolver.comRecaptchaV3EnterpriseTaskNew
- https://api.line-up.tickets
- https://api.line-up.tickets/api/performance/%v/Max
- https://api.line-up.tickets/api/performance/%v/seating-object/?code
- https://api.line-up.tickets/api/transaction/https
- https://api.pushover.net
- https://api.pushover.net/1pushover
- https://api.tickio.eu
- https://api.tickio.eu/api/akamai/gethttps
- https://api.tickio.eu/api/authenticatehttps
- https://api.tickio.eu/api/cartix/download/windows?key
- https://api.tickio.eu/api/collect/logshttps
- https://api.tickio.eu/api/create/queueiterrors
- https://api.tickio.eu/api/eventix/gethttps
- https://api.tickio.eu/api/extension/%sEventim/4.24.2
- https://api.tickio.eu/api/healthhttps
- https://api.tickio.eu/api/incapsula/gethttps
- https://api.tickio.eu/api/initialreflect
- https://api.tickio.eu/api/px/getAsset
- https://api.tickio.eu/api/v2/authenticatehttps
- https://api.tickio.eu/api/v2/collect/logshttps
- https://api.tickio.eu/api/v2/initialhttps
- https://api.tickio.eu/api/v2/share/getreflect.typeptrdata
- https://api.tickio.eu/api/v2/shareError
- https://api.tickio.eu/api/v2/statsError
- https://assets.queue-it.net
- https://assets.queue-it.net/Failed
- https://auth.ticketmaster.com
- https://auth.ticketmaster.com/Account
- https://auth.ticketmaster.com/json/accounts/dual-verify/completeFailed
- https://auth.ticketmaster.com/json/accounts/dual-verify/token/validate/%vtls
- https://auth.ticketmaster.com/json/accounts/dual-verify/token?deliveryType
- https://auth.ticketmaster.com/json/pre-sign-up
- https://auth.ticketmaster.com/json/reset-passwordMax
- https://auth.ticketmaster.com/json/sign-inMax
- https://auth.ticketmaster.com/verify-otp/json/%v/verify?otp
- https://auth.ticketmaster.com/verify-otp/json/init?clientToken
- https://auth.ticketmaster.com/verify-otp/json/send/otp/
- https://auth.ticketmaster.comFailed
- https://backup.tickio.eu
- https://backup.tickio.eu/api/authenticatehttps
- https://backup.tickio.eu/api/collect/logsunexpected
- https://backup.tickio.eu/api/create/queueitmultiple
- https://backup.tickio.eu/api/eventix/gethttps
- https://backup.tickio.eu/api/incapsula/getreflect
- https://backup.tickio.eu/api/initialf859188a-875b-4478-8b54-25c12b9514e1method
- https://backup.tickio.eu/api/swap/getreflect
- https://backup.tickio.eu/api/v2/authenticatehttps
- https://backup.tickio.eu/api/v2/collect/logsreflect
- https://backup.tickio.eu/api/v2/initialreflect.MakeMapWithSize
- https://backup.tickio.eu/api/v2/sharehttps
- https://cdn.discordapp.com
- https://cdn.discordapp.com/attachments/1261328556559171625/1261328577425702973/IMG_0618.webp?ex
- https://championsleague-sales.tickets.uefa.com
- https://championsleague-sales.tickets.uefa.com/account/lotteryApplicationstls
- https://connect.paris2024.org
- https://connect.paris2024.org/failed
- https://connect.paris2024.org/oidc/OP_LoginPage.php?client_id
- https://connect.paris2024.orgFailed
- https://dd.tickets.uefa.com
- https://dd.tickets.uefa.com/js/Successfully
- https://discord.com
- https://epsf.ticketmaster
- https://epsf.ticketmaster.co.uk
- https://epsf.ticketmaster.co.uk/eps-d?d
- https://epsf.ticketmaster.co.uk/gec/v2/www.ticketmaster.co.uk/6LdWxZEkAAAAAIHtgtxW_lIfRHlcLWzZMMiwx9E1/TM_UK_intent_to_purchase_ismAvailable/%vHTTP/1.1
- https://epsf.ticketmaster.co.ukpattern
- https://europaleague-sales.tickets.uefa.com
- https://europaleague-sales.tickets.uefa.com/account/lotteryApplications
- https://europaleague-sales.tickets.uefa.com/tls
- https://europaleague-sales.tickets.uefa.comFailed
- https://gigya.connect.paris2024.org
- https://gigya.connect.paris2024.org/accounts.identifier.createTokentls
- https://gigya.connect.paris2024.org/accounts.loginUnauthorized
- https://gigya.connect.paris2024.org/accounts.webSdkBootstrap?apiKey
- https://gigya.connect.paris2024.org/oidc/op/v1.0/4_NJJrXj3BQz34ffVpp1d8eg/authorize/continue?context
- https://github.com
- https://i.imgur.com
- https://i.imgur.com/kalBqtW.pngSuccessfully
- https://identity.ticketmaster
- https://identity.ticketmaster.co.uk
- https://identity.ticketmaster.co.uk/json/signed-in?hard
- https://identity.ticketmaster.co.uk/sign-in?doNotTrack
- https://identity2.ticketmaster
- https://idpassets.uefa.com
- https://idpassets.uefa.com/saml/ticket-login.htmlcrypto/tls
- https://mg.eventim.de
- https://mg.eventim.de/Queue
- https://mg.oeticket.com
- https://mg.oeticket.com/Found
- https://pdc.seetickets.com
- https://pdc.seetickets.com/Passed
- https://pdc.seetickets.cominput
- https://protobuf.dev
- https://queue.ticketmaster.co.ukinvalid
- https://queue.ticketmaster.eu
- https://queue.ticketmaster.eu/?c
- https://queue.ticketmaster.eu/Payment
- https://queue.ticketmaster.euQueue
- https://secure.ticketmaster
- https://secure.ticketmaster.at
- https://secure.ticketmaster.at/20617/ls17c9wmw?qty
- https://secure.ticketmaster.co.uk
- https://secure.ticketmaster.co.uk/%v/%v?qty
- https://secure.ticketmaster.co.uk/2300609AC6820B19/l5n78cszj?qty
- https://secure.ticketmaster.co.uk/prepay?brand
- https://secure.ticketmaster.co.ukCheckout
- https://secure.ticketmaster.de
- https://secure.ticketmaster.de/517067/lr2hf0d9?qty
- https://secure.ticketmaster.es
- https://secure.ticketmaster.es/39487/l00ts5ls?qty
- https://secure.ticketmaster.https
- https://secure.ticketmaster.nl
- https://secure.ticketmaster.nl/294871/l3bhb5mw?qty
- https://services.ticketmaster.co.uk
- https://services.ticketmaster.co.uk/api/ismds/host/limiterEvent.stop
- https://shop.eventix.io
- https://shop.eventix.io/%v/ticketsSuccessfully
- https://sms-activate.org
- https://tibbaa.com
- https://ticketing.lwtheatres.co.uk
- https://ticketing.lwtheatres.co.uk/a
- https://ticketing.lwtheatres.co.uk/event/364/performance/%vsync/atomic
- https://ticketing.lwtheatres.co.uk/event/364/transaction/%v/productshttps
- https://ticketing.lwtheatres.co.ukNoDefaultCurrentDirectoryInExePathunexpected
- https://tickets.paris2024.org
- https://tickets.paris2024.org/?affiliate
- https://tickets.paris2024.org/?pass_through
- https://tickets.paris2024.org/EWTSrXOpc/2T/F_eNJfg/u5uY4zL9uY2fiS/VHwrOQRU/Kyx9dS/MHPBchttps
- https://tickets.paris2024.org/api/login/ssoProvider?redirectUrl
- https://tickets.paris2024.org/obj/media/FR-Paris2024/teaser/Failed
- https://upload.wikimedia.org
- https://upload.wikimedia.org/wikipedia/de/7/77/UEFA_Logo.pngsync/atomic
- https://whop.com
- https://www.World
- https://www.banquetrecords.com
- https://www.banquetrecords.com/Proxy
- https://www.banquetrecords.com/cartFailed
- https://www.banquetrecords.com/eventsexec
- https://www.eventim.co.uk
- https://www.eventim.co.uk/Ra1KXi1PL/Yu/CITEVVg/i7zEwJiwuapb9i/QC9EKwE/C3NfEQsH/S30refusing
- https://www.eventim.co.uk/obj/media/UK-eventim/teaser/
- https://www.eventim.co.ukchildReservations.ProductError
- https://www.eventim.de
- https://www.eventim.de/obj/media/DE-eventim/teaser/Unauthorized
- https://www.eventim.de/y_kZI/N/_0/xHui/4kKY9swm/GY7JD6imEODNaEm5/Zmw1TEs/Axp/0QD8xVBUhttps
- https://www.eventim.dedata-discount-level-idxsrfToken
- https://www.lippu.fi
- https://www.lippu.fi/MLW4J3L3_/RXiSExFs/gQgsvGl2/hw/Yr7GkziSX94Q/VRFBOFZ1QQM/Fjc/JMkdaaxIhttps
- https://www.lippu.fi/obj/media/FI-eventim/teaser/%v/api/promocode/?affiliate
- https://www.lippu.fiWrong
- https://www.oeticket.com
- https://www.oeticket.com/_Hivpg/ce4G/R/I/S_fz9ASk6iXqfUk/VEY5QfXE5Gbu/eVAlAg/Eg/NHaD4dLiQhttps
- https://www.oeticket.com/obj/media/AT-eventim/teaser/https
- https://www.oeticket.comhttps
- https://www.recent
- https://www.ticketcorner.ch
- https://www.ticketcorner.ch/obj/media/CH-eventim/teaser/Unauthorized
- https://www.ticketcorner.ch/pUIiNGM8/Ozr14Wo/aF52b0w/jN/iLfYhkk9z3Dt/Zmw1TEs/Pik0YiYc/YQUBhttps
- https://www.ticketcorner.chFailed
- https://www.ticketmaster
- https://www.ticketmaster.Invoking
- https://www.ticketmaster.co.uk
- https://www.ticketmaster.co.uk/Cartix
- https://www.ticketmaster.co.uk/api/cookieshttps
- https://www.ticketmaster.co.uk/api/eventinfo/%v?language
- https://www.ticketmaster.co.uk/api/quickpicks/%v/list?%vd
- https://www.ticketmaster.co.uk/api/quickpicks/%v/resale?qty
- https://www.ticketmaster.co.uk/api/seatmap/seatmapoffered/%v?primary
- https://www.ticketmaster.co.uk/api/unlockToken/%v?%serrors
- https://www.ticketmaster.co.uk/bba/checkout/reserve/captcha?%sreflect.ArrayOf
- https://www.ticketmaster.co.uk/bba/checkout/reserve/polling?%shttps
- https://www.ticketmaster.co.uk/checkout/order?v
- https://www.ticketmaster.co.uk/checkout/orderreflect
- https://www.ticketmaster.co.uk/json/isc?%shttps
- https://www.ticketmaster.co.ukFailed
- https://www.ticketmaster.nl
- https://www.ticketmaster.nl/api/unlock/294875?password
- https://www.ticketone.it
- https://www.ticketone.it.event-list-item-wrapperNo
- https://www.ticketone.it/VRLSqA5JiNlO6NpDQQ/Ep3hhQEOOEhw/MmhnbHgB/dgV0SU/9IeTEreflect
- https://www.ticketone.it/obj/media/IT-eventim/teaser/Unauthorized
- https://www.ticketswap
- https://www.tickio.euPushover
- https://www.uefa.com
- https://www.uefa.com/%s
- i.imgur.com
- identity.ticketmaster.co.uk
- idpassets.uefa.com
- imgur.com
- kindgoogle.golang.org
- lwtheatres.co.uk
- messagegoogle.golang.org
- mg.eventim.de
- mg.oeticket.com
- oeticket.com
- paris2024.org
- pdc.seetickets.com
- pushover.net
- queue-it.net
- sTERM.com
- sales.tickets.uefa.com
- secure.ticketmaster.co.uk
- secure.ticketmaster.de
- secure.ticketmaster.es
- secure.ticketmaster.nl
- seetickets.com
- services.ticketmaster.co.uk
- sms-activate.org
- style.top
- thing.org
- tibbaa.com
- ticketcorner.ch
- ticketing.lwtheatres.co.uk
- ticketmaster.co.uk
- ticketmaster.com
- ticketmaster.de
- ticketmaster.es
- ticketmaster.nl
- ticketone.it
- tickets.paris2024.org
- tickets.uefa.com
- unknowngoogle.golang.org
- upload.wikimedia.org
- wikimedia.org
- www.banquetrecords.com
- www.eventim.co.uk
- www.eventim.de
- www.ibm.com
- www.oeticket.com
- www.ticketcorner.ch
- www.ticketmaster.co.uk
- www.ticketmaster.nl
- www.ticketone.it
- www.uefa.com
- www.w3.org
|
| Info |
Cryptographic algorithms detected in the binary: |
Uses constants related to MD5
Uses constants related to SHA1
Uses constants related to SHA256
Uses constants related to SHA512
Uses constants related to AES
|
| Suspicious |
The PE is possibly packed. |
Unusual section name found: .xdata
Unusual section name found: .symtab
|
| Suspicious |
The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
- LoadLibraryW
- LoadLibraryExW
- GetProcAddress
Functions which can be used for anti-debugging purposes:
|
| Suspicious |
No VirusTotal score. |
This file has never been scanned on VirusTotal.
|
788a1c56dc633b273cec6cb5553fd6c095c410f27aaa17853157e581edbe9f05