Manalyze report for a3e2d54aadcbdf09e42acf848fe253e001aa91127bc2ef2d004c013eda4dd744

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	1970-Jan-01 00:00:00

Plugin Output

Suspicious	PEiD Signature:	`HQR data file`
Info	Interesting strings found in the binary:	Contains domain names: api.github.com api.telegram.org bitbucket.org cloudflare-dns.com content.dropboxapi.com dropboxapi.com enabledgithub.com falsegithub.com github.com gitlab.com golang.org http://www.principalproductize.biz http://www.principalproductize.biz/targetPronoun http://www.w3.org http://www.w3.org/2000/svg http://www.w3.org/XML/1998/namespacexml https://api.github.com https://api.github.com/repos/failed https://api.telegram.org https://api.telegram.org/bot%s/%sinvalid https://cloudflare-dns.com https://content.dropboxapi.com https://content.dropboxapi.com/2/files/upload https://g.api.mega.co.nzerror https://github.com https://go.dev https://pastebin.com https://picsum.photos murphy.net openssh.com pastebin.com telegram.org www.w3.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses constants related to base58` `Uses known Diffie-Helman primes`
Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata` `Unusual section name found: .symtab`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryW LoadLibraryExW GetProcAddress` `Functions which can be used for anti-debugging purposes: SwitchToThread`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`81d1e72492561016d186580705b540fd`
SHA1	`d3d585c54d0e13e3ccf4d8d3b3fa35418e697b26`
SHA256	`a3e2d54aadcbdf09e42acf848fe253e001aa91127bc2ef2d004c013eda4dd744`
SHA3	`5ea18acfa3310487f83fe2dc58d48e758e49f98366039386f60656d76c0149da`
SSDeep	`98304:zyyUGBgYIOosu6FDGBkwCKWEFaYN2tx0QR9qAbKF1pA2E:zyywt6FDGiSaYNomarq1pAz`
Imports Hash	`d42595b695fc008ef2c56aabd8efd68e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0x8b`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`8`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0xba4400`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`3.0`
SizeOfCode	`0x540e00`
SizeOfInitializedData	`0x84e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000074660 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.1`
ImageVersion	`1.0`
SubsystemVersion	`6.1`
Win32VersionValue	`0`
SizeOfImage	`0xc00000`
SizeOfHeaders	`0x600`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`38f1a53634ca37b4c7b38fb9f3bce7c6`
SHA1	`90013ed8d16435552944d7f05facb68c16bb274c`
SHA256	`7c60edf10b1d9ddf6965657fde95d90e1f9d3bf38296f0ef5235cb0c55f0edc9`
SHA3	`dd93d36c60a94bf5a317ae2924e8ded1a5be7913092c0484170283afc5556f93`
VirtualSize	`0x540cd1`
VirtualAddress	`0x1000`
SizeOfRawData	`0x540e00`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.1628`

.rdata

MD5	`83dbef329b0778ba7061cbe95d482f07`
SHA1	`df3089e032fefaf1088d7a5c8f1ccc474a17c716`
SHA256	`a8f8229500765326f23ac94921a32528fb798fdddadd17c4415e4fffcdb3f58c`
SHA3	`c505e00f9f06919b2c9aed066536e74e8f3df3e0bec96dcb02ec8dc376174366`
VirtualSize	`0x590990`
VirtualAddress	`0x542000`
SizeOfRawData	`0x590a00`
PointerToRawData	`0x541400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.36947`

.data

MD5	`96bbbfd25e6f79bd352010b89bdbae10`
SHA1	`9da376e9ab42109e81b0754663a175550e58a2ba`
SHA256	`9a99d2d639c93fa4403372bd21a5f823ed1dcb7f069e827b285d57f6bc71c23e`
SHA3	`7d1a4d8c6447b1fe7fbf7fbffef776ef8500674c490ff080ed80114e9f953606`
VirtualSize	`0xdb710`
VirtualAddress	`0xad3000`
SizeOfRawData	`0x84e00`
PointerToRawData	`0xad1e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.2521`

.pdata

MD5	`d45f532370320451fd239d26e9165e5f`
SHA1	`5d3b8ef0ef60ff54eb3f881518ba7f2916b03538`
SHA256	`1b35c1a0903bd58c0074488dfafdb2f523643871c63b44ebbacda0d5422aa3ec`
SHA3	`41380262b5d4fe2ccb5f5406350fd12296395236884623abb1ae9a19c524ae78`
VirtualSize	`0x225cc`
VirtualAddress	`0xbaf000`
SizeOfRawData	`0x22600`
PointerToRawData	`0xb56c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.59113`

.xdata

MD5	`0d29c59ccc36ba50ab9b27c70efa4ffd`
SHA1	`e63d0a226f0b010e9980c577e0456a24f2a72a05`
SHA256	`6f66c15469f012fa450f2634a9511ceb3792a5cd4701e5b9c340c68e62f3061b`
SHA3	`80444b13ef85c6c83e2e7dd6b5fd06112ef6f746bf0d49e1b79d4cf259d6a7da`
VirtualSize	`0xb4`
VirtualAddress	`0xbd2000`
SizeOfRawData	`0x200`
PointerToRawData	`0xb79200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.78321`

.idata

MD5	`ba084d30e7bb90662ba70784daef45f5`
SHA1	`f511130c8a054f22605049c39dfe087ffcccee7e`
SHA256	`fa807b0b7974dc6cf210cd6804ee59b9fddba00115f174d98c2c035a36e27f5c`
SHA3	`d3651e608fc32cc6faef12cf6604156b13584ef072b4a99bed4fc79c8365b290`
VirtualSize	`0x53e`
VirtualAddress	`0xbd3000`
SizeOfRawData	`0x600`
PointerToRawData	`0xb79400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.00728`

.reloc

MD5	`7aa5c3d38c6c808236f088e20a3edc86`
SHA1	`744b1faebe646d02303f977fdf5c204a0a07ff0f`
SHA256	`d8f2cb89dc3225861d72a66e6c55a611dbc52be843e4d547d39c3c155022955c`
SHA3	`f9d2e997df28c1e94623e4fa65574edad8d0c47952f180badb5b507c2a000e8e`
VirtualSize	`0x2a884`
VirtualAddress	`0xbd4000`
SizeOfRawData	`0x2aa00`
PointerToRawData	`0xb79a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.43548`

.symtab

MD5	`07b5472d347d42780469fb2654b7fc54`
SHA1	`943ae54f4818e52409fbbaf60ffd71318d966b0d`
SHA256	`3e67f4a7d14b832ff2a2433e9cf0f6f5720821f67148a87c0ee2595a20c96c68`
SHA3	`a70a3e18515c06557b62676f2a8eb6d7d41962d8c9c7c49f4641c429cc65b977`
VirtualSize	`0x4`
VirtualAddress	`0xbff000`
SizeOfRawData	`0x200`
PointerToRawData	`0xba4400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0203931`

Imports

kernel32.dll	`WriteFile` `WriteConsoleW` `WerSetFlags` `WerGetFlags` `WaitForMultipleObjects` `WaitForSingleObject` `VirtualQuery` `VirtualFree` `VirtualAlloc` `TlsAlloc` `SwitchToThread` `SuspendThread` `SetWaitableTimer` `SetProcessPriorityBoost` `SetEvent` `SetErrorMode` `SetConsoleCtrlHandler` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `ResumeThread` `RaiseFailFastException` `PostQueuedCompletionStatus` `LoadLibraryW` `LoadLibraryExW` `SetThreadContext` `GetThreadContext` `GetSystemInfo` `GetSystemDirectoryA` `GetStdHandle` `GetQueuedCompletionStatusEx` `GetProcessAffinityMask` `GetProcAddress` `GetErrorMode` `GetEnvironmentStringsW` `GetCurrentThreadId` `GetConsoleMode` `FreeEnvironmentStringsW` `ExitProcess` `DuplicateHandle` `CreateWaitableTimerExW` `CreateThread` `CreateIoCompletionPort` `CreateEventA` `CloseHandle` `AddVectoredExceptionHandler` `AddVectoredContinueHandler`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.