9a674383ab42418d987ccbd0d2a1aaba

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2024-Dec-25 14:40:34
Detected languages English - United States
TLS Callbacks 2 callback(s) detected.

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: Miscellaneous malware strings:
  • cmd.exe
Contains domain names:
  • command.com
  • haskell.org
  • https://www.haskell.org
  • https://www.haskell.org/ghc/reportabug
  • www.haskell.org
Info Cryptographic algorithms detected in the binary: Uses constants related to MD5
Suspicious The PE is possibly packed. Unusual section name found: .buildid
Malicious The PE contains functions mostly used by malware. Functions which can be used for anti-debugging purposes:
  • CreateToolhelp32Snapshot
Code injection capabilities:
  • OpenProcess
  • VirtualAlloc
  • VirtualAllocExNuma
Possibly launches other programs:
  • CreateProcessW
Can create temporary files:
  • CreateFileW
  • GetTempPathW
Memory manipulation functions often used by packers:
  • VirtualAlloc
  • VirtualProtect
Leverages the raw socket API to access the Internet:
  • WSACreateEvent
  • WSAEventSelect
Manipulates other processes:
  • OpenProcess
  • Process32FirstW
  • Process32NextW
Can shut the system down or lock the screen:
  • ExitWindowsEx
Safe VirusTotal score: 0/72 (Scanned on 2025-01-10 14:04:48) All the AVs think this file is safe.

Hashes

MD5 9a674383ab42418d987ccbd0d2a1aaba
SHA1 c6c772133d5dae62cd7b9a7fc483e46ce5a00544
SHA256 9da46e477b1a15c0884c9e43a56e6cbf122e9a053f1682a98a57c45bdbafa81d
SHA3 122d7df9017c61022bf7924d47e74afbda61c60b2ac697b85a16799175b4c2ab
SSDeep 49152:FSOPUP8oV5uMYcq94H5crkLoe6iLmiCU1fSWqXus2+yA2Jk81eEtT4UQ3TkM9ln:dbkeEFBSZAIAwyLyS
Imports Hash 79eabfeb677e32ccbaee8394a0b50382

DOS Header

e_magic MZ
e_cblp 0x78
e_cp 0x1
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0
e_ss 0
e_sp 0
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x78

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 9
TimeDateStamp 2024-Dec-25 14:40:34
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0xa10600
SizeOfInitializedData 0x2ad800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000001430 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0xcd3000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 32ab558989271f5661512b895ac2fd6e
SHA1 b6d5741a7dd3e5c8a5dddef28898acd0e60c8ba6
SHA256 e7bdd5264474cedafe83aeed56ef4efd3b6144260c03278ac175b47ea6c66cae
SHA3 85a201c96d4e09faa084572383fb479417cdf4348ea145ac59c0e7030999663e
VirtualSize 0xa105d6
VirtualAddress 0x1000
SizeOfRawData 0xa10600
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.55278

.rdata

MD5 ed9e5d90c256378e474a196b35b64955
SHA1 a5e99571c04fbf600eff0be8fa450161f530005e
SHA256 ccda6e43f3363fb8def1fb5689c3fff7b618685ca034a2290840119cb3da0c61
SHA3 f0767be0f3e9d59e748ea8400034d2cce22347b68834bbd5ffec6219ce3f26ae
VirtualSize 0xe788
VirtualAddress 0xa12000
SizeOfRawData 0xe800
PointerToRawData 0xa10a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.60282

.buildid

MD5 a28b59c8aecb33b836210419472a22a9
SHA1 f8e1132cab7f7d5f5ca2c646aca31fcebfbe52b4
SHA256 2d23637d26a9dafc1c6559af375effd2055db634bfbe2ed9e0b374763ac4affe
SHA3 8bdc29dcc7d57c9bb8601672fdbb1bb14e0c5c50c0c8893e8564277af8b4891d
VirtualSize 0x35
VirtualAddress 0xa21000
SizeOfRawData 0x200
PointerToRawData 0xa1f200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.645089

.data

MD5 a0ee8ce9bf287426d90d418844c018c5
SHA1 9de42642039a737773a650054fe7b47780a3f788
SHA256 198cf14af36132035134809931e78e056c65cf941bc5cd35e2efe3d3c2687d62
SHA3 505f3992f7b73c80992e833064e961a19cefaf55122f6730a7c0126f39cfd5dd
VirtualSize 0x1fb0cc
VirtualAddress 0xa22000
SizeOfRawData 0x1ed400
PointerToRawData 0xa1f400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.78993

.pdata

MD5 7d08c549f29bc7e0e74f392662707a4f
SHA1 68a51e82126b7b3725b3e721b4cd00b09f4d17a7
SHA256 147a6eb020fd85fd179e35b2535881e1afed892328f7cbc235fb3d75dfb32ac6
SHA3 ceeb15fb50bfa15b1369c90272b87e85a04da4d540bbafb122e63c75ab8b85da
VirtualSize 0x22a4
VirtualAddress 0xc1e000
SizeOfRawData 0x2400
PointerToRawData 0xc0c800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.46314

.rdata (#2)

MD5 1d68dab6a718c38e04753c55815f9994
SHA1 0ddf1cf21097049ab13e834e77ecdac1be3395c4
SHA256 7ff695b0c5a691f8ce9b2ae783c5b4ff94ce5cb328d98fcd8b3bc2bddee4584f
SHA3 b5106e5e259fc33a3147ab6be8642ee7400f176fae1fb228507799aac6869b9e
VirtualSize 0x50b48
VirtualAddress 0xc21000
SizeOfRawData 0x50c00
PointerToRawData 0xc0ec00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.37419

.tls

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x10
VirtualAddress 0xc72000
SizeOfRawData 0x200
PointerToRawData 0xc5f800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.rsrc

MD5 dd80325f1362707a407d05397fdb5ae6
SHA1 8704cc9ae233223128ef03d2e5b09f89d69afd4e
SHA256 a67909d6ce4499bae74dd2379433a26ddb5b3c522e720c479a4bbf1c69921ce8
SHA3 52c3a57c7a11668c01af819db0412b57dcb72d74aaea9a0ebce7c162cfe11215
VirtualSize 0x260
VirtualAddress 0xc73000
SizeOfRawData 0x400
PointerToRawData 0xc5fa00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.56346

.reloc

MD5 98bd73749a4e9c04ac1d1e49a9d0f0ea
SHA1 ebf75e0ef367c5cea2274e4c181781f96a0b557d
SHA256 4fceae099d92daa340f19eb16d3b104c7d09ed97fba196b5bfd6deb87e6032eb
SHA3 f09f6afbf0d83fe2d34397e4991722fb6d793159dba81acf36d848176e4efdd6
VirtualSize 0x5e3f0
VirtualAddress 0xc74000
SizeOfRawData 0x5e400
PointerToRawData 0xc5fe00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.43657

Imports

KERNEL32.dll AcquireSRWLockExclusive
AddVectoredContinueHandler
AreFileApisANSI
AssignProcessToJobObject
Beep
CancelIoEx
CloseHandle
CopyFileW
CreateDirectoryExW
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileW
CreateIoCompletionPort
CreateJobObjectW
CreateNamedPipeW
CreatePipe
CreateProcessW
CreateSemaphoreA
CreateSymbolicLinkW
CreateThread
CreateTimerQueue
CreateTimerQueueTimer
CreateToolhelp32Snapshot
DefineDosDeviceW
DeleteCriticalSection
DeleteFileW
DeleteTimerQueueEx
DeleteTimerQueueTimer
DeviceIoControl
DuplicateHandle
EnterCriticalSection
ExitThread
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstFileW
FindNextChangeNotification
FindNextFileW
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GenerateConsoleCtrlEvent
GetACP
GetBinaryTypeW
GetCPInfo
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetConsoleScreenBufferInfoEx
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileSizeEx
GetFileTime
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetLocalTime
GetLogicalDrives
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetNumaHighestNodeNumber
GetNumberOfConsoleInputEvents
GetOEMCP
GetOverlappedResult
GetProcessId
GetProcessTimes
GetQueuedCompletionStatusEx
GetShortPathNameW
GetStartupInfoA
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetTempFileNameW
GetTempPathW
GetThreadTimes
GetTickCount
GetTickCount64
GetTimeFormatEx
GetTimeFormatW
GetTimeZoneInformation
GetWindowsDirectoryW
GlobalMemoryStatusEx
InitializeConditionVariable
InitializeCriticalSection
InitializeSRWLock
IsDBCSLeadByteEx
K32EnumProcessModules
K32GetModuleFileNameExW
K32GetModuleInformation
LeaveCriticalSection
LocalFileTimeToFileTime
LocalFree
LockFileEx
Module32FirstW
Module32NextW
MoveFileExW
MoveFileW
MultiByteToWideChar
OpenProcess
OutputDebugStringA
PeekConsoleInputA
PeekNamedPipe
PostQueuedCompletionStatus
Process32FirstW
Process32NextW
QueryInformationJobObject
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleInputA
ReadConsoleInputW
ReadConsoleW
ReadFile
ReleaseSRWLockExclusive
ReleaseSemaphore
RemoveDirectoryW
RemoveVectoredContinueHandler
ResetEvent
ResumeThread
RtlDeleteFunctionTable
SearchPathW
SetConsoleCP
SetConsoleCtrlHandler
SetConsoleCursorPosition
SetConsoleMode
SetConsoleOutputCP
SetConsoleScreenBufferSize
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFileApisToANSI
SetFileApisToOEM
SetFileAttributesW
SetFileCompletionNotificationModes
SetFilePointerEx
SetFileTime
SetHandleCount
SetHandleInformation
SetInformationJobObject
SetLastError
SetLocalTime
SetNamedPipeHandleState
SetSystemTime
SetSystemTimeAdjustment
SetUnhandledExceptionFilter
SetVolumeLabelW
Sleep
SleepConditionVariableSRW
SystemTimeToFileTime
TerminateJobObject
TerminateProcess
TlsGetValue
UnlockFileEx
VirtualAlloc
VirtualAllocExNuma
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
__C_specific_handler
api-ms-win-crt-heap-l1-1-0.dll _set_new_mode
calloc
free
malloc
realloc
api-ms-win-crt-private-l1-1-0.dll memchr
memcmp
memcpy
memmove
strrchr
api-ms-win-crt-runtime-l1-1-0.dll __p___argc
__p___argv
__p___wargv
__p__acmdln
_beginthreadex
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_errno
_fpreset
_getpid
_initialize_narrow_environment
_initialize_wide_environment
_initterm
_set_app_type
_set_invalid_parameter_handler
_wassert
abort
exit
signal
strerror
strerror_s
api-ms-win-crt-stdio-l1-1-0.dll __acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vswprintf
__stdio_common_vswprintf_s
_chsize_s
_close
_creat
_dup
_dup2
_fileno
_get_osfhandle
_isatty
_lseeki64
_open_osfhandle
_pipe
_read
_setmode
_wfdopen
_write
fclose
fflush
fputc
fputwc
fwrite
getc
puts
ungetc
api-ms-win-crt-string-l1-1-0.dll _strdup
_wcsdup
islower
isspace
isupper
isxdigit
mbrlen
memset
strcmp
strcpy
strlen
strncmp
strncpy
tolower
wcscat
wcscpy
wcslen
wcsncmp
SHLWAPI.dll PathFileExistsW
SHELL32.dll CommandLineToArgvW
SHGetFolderPathW
api-ms-win-crt-environment-l1-1-0.dll __p__environ
__p__wenviron
getenv
api-ms-win-crt-convert-l1-1-0.dll atof
mbrtowc
mbstowcs
strtol
strtoul
wcrtomb
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale
localeconv
setlocale
api-ms-win-crt-math-l1-1-0.dll __setusermatherr
acos
asin
atan
cosh
sinh
tan
tanh
api-ms-win-crt-time-l1-1-0.dll __daylight
__timezone
__tzname
_ctime64
_time64
_tzset
_utime64
ole32.dll CoCreateGuid
RPCRT4.dll RpcStringFreeW
UuidToStringW
api-ms-win-crt-filesystem-l1-1-0.dll _access
_chmod
_fstat64
_lock_file
_mkdir
_umask
_unlink
_unlock_file
_wsplitpath_s
_wstat64
USER32.dll ClipCursor
ExitWindowsEx
GetClipCursor
GetCursorPos
GetLastInputInfo
KillTimer
LoadAcceleratorsW
LoadCursorW
LoadIconW
MessageBeep
MessageBoxA
MessageBoxW
SetCursorPos
SetTimer
dbghelp.dll MiniDumpWriteDump
StackWalk64
SymFromAddr
SymFunctionTableAccess64
SymGetLineFromAddr64
SymGetModuleBase64
SymInitialize
api-ms-win-crt-utility-l1-1-0.dll qsort
WSOCK32.dll WSAGetLastError
closesocket
recv
select
send
WINMM.dll timeBeginPeriod
timeEndPeriod
timeGetDevCaps
timeGetTime
ntdll.dll NtQueryObject
GDI32.dll DeleteObject
Polygon
WS2_32.dll WSACreateEvent
WSAEventSelect
ADVAPI32.dll GetUserNameW

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x1f9
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.89371
MD5 c06906cf4c6bdce05772307d6a484c3e
SHA1 03d4aabf2597c3a22b37ef1de664bafa0ec965b9
SHA256 2ccd2b87fb50e969e26649bc3e8d3464a0c5fe426909d81553b3439a538b29d6
SHA3 aee7bfb12235531faec9384111709aa1b9dbde4b9438281a494fdb269f594e9f

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2024-Dec-25 14:40:34
Version 0.0
SizeofData 25
AddressOfRawData 0xa2101c
PointerToRawData 0xa1f21c

TLS Callbacks

StartAddressOfRawData 0x140c72000
EndAddressOfRawData 0x140c72008
AddressOfIndex 0x140c0f414
AddressOfCallbacks 0x140a1ab30
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_8BYTES
Callbacks 0x0000000140006CD0
0x0000000140006D50

Load Configuration

RICH Header

Errors

<-- -->