Manalyze report for 99c44a2c2a8a28bdc9f3894930444316

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	1970-Jan-01 00:00:00
Debug artifacts	Embedded COFF debugging symbols

Plugin Output

Info	Interesting strings found in the binary:	Contains domain names: .eq.github.com .eq.gitlab.com .eq.golang.org .eq.google.golang.org .eq.runtime.net .hash.github.com .hash.golang.org .hash.google.golang.org .hash.net 0github.com 0google.golang.org 1golang.org 2google.golang.org 4gitlab.com 53google-public-dns-b.google.com a.google.com acme-v02.api.letsencrypt.org api.letsencrypt.org b.google.com dns-a.google.com dns-b.google.com eq.github.com eq.gitlab.com eq.golang.org eq.google.golang.org eq.runtime.net example.com failuregolang.org fonts.googleapis.com github.com gitlab.com go.itab.github.com go.itab.golang.org go.itab.google.golang.org go.itab.net golang.org google.com google.golang.org googleapis.com hash.github.com hash.golang.org hash.google.golang.org http://127.0.0.1 http://www.w3.org http://www.w3.org/XML/1998/namespaceinternal https://acme-v02.api.letsencrypt.org https://acme-v02.api.letsencrypt.org/directoryinternal https://fonts.googleapis.com https://fonts.googleapis.com/css?family https://github.com https://localxpose.io https://loclx.iohuissier-justiceiglesiascarboniainteger itab.github.com itab.golang.org itab.google.golang.org letsencrypt.org public-dns-a.google.com public-dns-b.google.com runtime.net spangoogle-public-dns-a.google.com type..eq.github.com type..eq.gitlab.com type..eq.golang.org type..eq.google.golang.org type..eq.net type..eq.runtime.net type..hash.github.com type..hash.golang.org type..hash.google.golang.org type..hash.net type.googleapis.com v02.api.letsencrypt.org www.w3.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES`
Suspicious	The PE is possibly packed.	`Unusual section name found: /4` `Unusual section name found: /19` `Unusual section name found: /32` `Unusual section name found: /46` `Unusual section name found: /63` `Unusual section name found: /80` `Unusual section name found: /99` `Unusual section name found: /112` `Unusual section name found: /124` `Unusual section name found: .symtab`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA LoadLibraryW GetProcAddress` `Functions which can be used for anti-debugging purposes: SwitchToThread`
Suspicious	VirusTotal score: 1/67 (Scanned on 2020-09-16 20:25:59)	`MaxSecure: Trojan.Malware.300983.susgen`

Hashes

MD5	`99c44a2c2a8a28bdc9f3894930444316`
SHA1	`2e046d9aab76720cc2caf09c36d30300ff2df2d8`
SHA256	`872f7bcb928ffc9610adae2690cbc65cbce1cd27b36469d085686e4056571bb6`
SHA3	`e00bd41ed4cbfa3d4d9866418352ad863cb56460773d9683dd08dfb98ea735e0`
SSDeep	`196608:ORYXSo5sl8DfIiuTxguTUUV+0l/1d2pEu6EpooaQXKrTkPz6h3Wkn:Co5slwnslXCvpoo4F`
Imports Hash	`91802a615b3a5c4bcc05bc5f66a5b219`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0x4`
e_cparhdr	`0`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0x8b`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`14`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0x10a6c00`
NumberOfSymbols	`18682`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`3.0`
SizeOfCode	`0x620e00`
SizeOfInitializedData	`0x6d400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000651D0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.1`
ImageVersion	`1.0`
SubsystemVersion	`6.1`
Win32VersionValue	`0`
SizeOfImage	`0x11eb000`
SizeOfHeaders	`0x600`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`28b06481205a41cce5b2b8c596d30fec`
SHA1	`cee17ace68bad5a5e83cb598b356b97b94ae0526`
SHA256	`2db046e31785d56948c1cca3c9aea5437193a1de39b6802a8a9c58fa428e8f06`
SHA3	`26c1dffaf10d7e7dcb89f987821891b57be5748b7d1f6993bc41eb3accd6c4fe`
VirtualSize	`0x620c1a`
VirtualAddress	`0x1000`
SizeOfRawData	`0x620e00`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.82012`

.rdata

MD5	`aacf8e35a51b3a4cb7d6b2a98f03a687`
SHA1	`e26629437e70f69785bcead7e4b3dd6e55476722`
SHA256	`2637b7c3a967d9d3ff6966fcd28844f74287f4d139bbf68ddab5f93534f58b3a`
SHA3	`23ffcfc47c2da2ed4f47262266a967bda9d95b826d29db20cf2b9d6884bcc2b2`
VirtualSize	`0x69e3fa`
VirtualAddress	`0x622000`
SizeOfRawData	`0x69e400`
PointerToRawData	`0x621400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.40966`

.data

MD5	`54a16a150b29788fb76237d5f56ac256`
SHA1	`2827b785f65465984345171ae9a91106b536f326`
SHA256	`dc3e588d11c7f6213b70eef507767aaf439692f18653f8c71b1de05f53427dc3`
SHA3	`696f19f4dbea2fd4a6136f0b0d132fb58d829de0d7947fb3e57d4ce4538e99de`
VirtualSize	`0xa23a8`
VirtualAddress	`0xcc1000`
SizeOfRawData	`0x6d400`
PointerToRawData	`0xcbf800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.28632`

/4

MD5	`28a3e9c96b9bb43e6541a26c8f68899b`
SHA1	`d5055422d0b8c4494eb8e58fccfc0c1ceafbeed3`
SHA256	`975598b01533b812dcfde96cc17be963bfef2aff01d84eeec67fa3f71e2f0658`
SHA3	`af7ac55943731d23db6ba4a312b7176306d760c6f0209d7f9ff38da1a33fdcce`
VirtualSize	`0x119`
VirtualAddress	`0xd64000`
SizeOfRawData	`0x200`
PointerToRawData	`0xd2cc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.82922`

/19

MD5	`84e4375f315d6c467997621a6f6a649b`
SHA1	`005f6e883291745f37e54a86356d19f683d212d8`
SHA256	`b015da2e50b02cff5e30fd7789ba16155bb414d5b2e9a9cbbb9c8ae00404a99c`
SHA3	`c18fd59995510ff5fcecc87c1d4852d775410f03eb79cc863cc37d954ab1e2c7`
VirtualSize	`0xd0370`
VirtualAddress	`0xd65000`
SizeOfRawData	`0xd0400`
PointerToRawData	`0xd2ce00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99711`

/32

MD5	`4c48ddc17bff350787fb5d3dfa336a41`
SHA1	`09366b756df874d963adf0b072115fca4605204b`
SHA256	`9d72ef600f92a3fef10c3b634c48f48fd9215ab7aff7ddd213b1f91c94e52de5`
SHA3	`88e8e77f44c4dc17d23b8ff6bf6a32259c734a8176e4694cc9524cd4d86c6d16`
VirtualSize	`0x312ca`
VirtualAddress	`0xe36000`
SizeOfRawData	`0x31400`
PointerToRawData	`0xdfd200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.94273`

/46

MD5	`73ed4859879debb178df0a8d7a199271`
SHA1	`8109691f88d96856511191491f3edad420c57d9b`
SHA256	`b658727b7578fed79ce9e72eca5c5cf0b70a521d77c42ded4cd1a144111f75f0`
SHA3	`e3b5c7510710ee84025bdfdf4001b4f8f6143a6baa92540493cb234e17e95661`
VirtualSize	`0x70d4`
VirtualAddress	`0xe68000`
SizeOfRawData	`0x7200`
PointerToRawData	`0xe2e600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.97379`

/63

MD5	`3538fc9a1a64e54ad5cdb83bf4e4d14a`
SHA1	`398eebed8de911634b55dcb27ebb2b3fc3b5de75`
SHA256	`d86eff0dc75c66ec6802144a77182b5e3a320db6d8190d4b8112390a201f0c82`
SHA3	`562e4dd02f79e480d98ca237a6b31cd8219c31fbc6ea343dbb783942b7ec5546`
VirtualSize	`0x16caa`
VirtualAddress	`0xe70000`
SizeOfRawData	`0x16e00`
PointerToRawData	`0xe35800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99511`

/80

MD5	`56d08c10aa9e5c0c3680f67f8992b3d4`
SHA1	`5c31bb8cb4724831186f4adf11b6a46cba1b7936`
SHA256	`3edf472b3815ca8cab6b3efd8773b22c8a567a0ec7f5ce7b1a9b30e2a22b0258`
SHA3	`0e65aaf1cebf5c5fcda0ebafc01834bf7378c916495ab10752a8a034209a6034`
VirtualSize	`0x2a`
VirtualAddress	`0xe87000`
SizeOfRawData	`0x200`
PointerToRawData	`0xe4c600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.73721`

/99

MD5	`0838dca36005cbad88453aa49a9dfb65`
SHA1	`b8778ffcde533f4018cd9d3b2f8572acd5088808`
SHA256	`2f054cd405387ae16dea72184358199b9c1abc25c7b55b1709ae983a16c38d2f`
SHA3	`75b677412c9e48e1634d5db6819380e4bfa65899a1b064b56bf3e31b68fb2d1b`
VirtualSize	`0x13a060`
VirtualAddress	`0xe88000`
SizeOfRawData	`0x13a200`
PointerToRawData	`0xe4c800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99834`

/112

MD5	`13ffd85f846944bf5ec0e84e5486ae62`
SHA1	`cf33d1c8a912275b9274818170f288bd5f0936e4`
SHA256	`26b6dd77e04e662bacb681388466902e2d6dfb048d0b8c56e80081b99751b3ef`
SHA3	`e77899154797b04b840ae305f539d1f2e6a520d47940cbaf6fc2d349ad139836`
VirtualSize	`0xd69e2`
VirtualAddress	`0xfc3000`
SizeOfRawData	`0xd6a00`
PointerToRawData	`0xf86a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99704`

/124

MD5	`3469c6a5c79ba91de8091acd275db863`
SHA1	`5bf67becde04eea1f112a8984dd70a821f03d196`
SHA256	`09d0ec256d8c9f23820b3290932a4fb18460dda385f369d24d08860c82b1e337`
SHA3	`cbd1de64d61630c96532c063ca1217e608a57b53e97145da6bc7fea34089a9e1`
VirtualSize	`0x4909f`
VirtualAddress	`0x109a000`
SizeOfRawData	`0x49200`
PointerToRawData	`0x105d400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.82299`

.idata

MD5	`83a5643ce2c7cb93c741b74d472fd297`
SHA1	`bfefa415688467535766f62119e6dd55a0e08377`
SHA256	`0720d0b66ff5884edc22c3a905e47276d17734d43a67e394d22c604d79bdba14`
SHA3	`c843d29faff6b84cabcc5dc85ca2030c63e29f2434d06197559e1352658bfc3d`
VirtualSize	`0x442`
VirtualAddress	`0x10e4000`
SizeOfRawData	`0x600`
PointerToRawData	`0x10a6600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.57246`

.symtab

MD5	`3d097d3431bf47beb267a1709c15af94`
SHA1	`106a9a197b0c08105c12d2a16881176b6db6e2df`
SHA256	`26ebc4210d6e94fd90e6d9df8f49c9b073a47c4f0636a6173b3ee32874c056bc`
SHA3	`9c956a32f54e3bf27b9d73c8b2414e728a8092111e3e5ef498940a06d97af7bd`
VirtualSize	`0x10539b`
VirtualAddress	`0x10e5000`
SizeOfRawData	`0x105400`
PointerToRawData	`0x10a6c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.48703`

Imports

kernel32.dll	`WriteFile` `WriteConsoleW` `WaitForMultipleObjects` `WaitForSingleObject` `VirtualQuery` `VirtualFree` `VirtualAlloc` `SwitchToThread` `SuspendThread` `SetWaitableTimer` `SetUnhandledExceptionFilter` `SetProcessPriorityBoost` `SetEvent` `SetErrorMode` `SetConsoleCtrlHandler` `ResumeThread` `PostQueuedCompletionStatus` `LoadLibraryA` `LoadLibraryW` `SetThreadContext` `GetThreadContext` `GetSystemInfo` `GetSystemDirectoryA` `GetStdHandle` `GetQueuedCompletionStatus` `GetProcessAffinityMask` `GetProcAddress` `GetEnvironmentStringsW` `GetConsoleMode` `FreeEnvironmentStringsW` `ExitProcess` `DuplicateHandle` `CreateThread` `CreateIoCompletionPort` `CreateEventA` `CloseHandle` `AddVectoredExceptionHandler`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Tried to read outside the COFF string table to get the name of section /19!
[*] Warning: Tried to read outside the COFF string table to get the name of section /32!
[*] Warning: Tried to read outside the COFF string table to get the name of section /46!
[*] Warning: Tried to read outside the COFF string table to get the name of section /63!
[*] Warning: Tried to read outside the COFF string table to get the name of section /80!
[*] Warning: Tried to read outside the COFF string table to get the name of section /99!
[*] Warning: Tried to read outside the COFF string table to get the name of section /112!
[*] Warning: Tried to read outside the COFF string table to get the name of section /124!