Manalyze report for a814f356ad4061dcec4eb4a07558c9ee

Summary

Suspicious	The PE is possibly packed.	`The PE only has 8 import(s).`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA`
Suspicious	VirusTotal score: 1/72 (Scanned on 2024-04-02 06:38:43)	`APEX: Malicious`

MD5	`a814f356ad4061dcec4eb4a07558c9ee`
SHA1	`61aa0bbb10904033ace49bd511d3b887a4e72e71`
SHA256	`effee5d56ee23683bde67d995a72ef3d2eba8ecb454366e80c07545f0993644f`
SHA3	`e7e9070564edfee9b6931f7a07c727d2e2e8eca22a866fb1c3a9dc7cde4d9218`
SSDeep	`48:igr7MoLqgWH26SB/Is7H7eiY3QEKThahpyjn:5r7MUygAme33Q`
Imports Hash	`ecef33b4bcc1c5f2be9c2220820a5773`

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`4`
TimeDateStamp	2024-Apr-01 17:31:47
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x400`
SizeOfInitializedData	`0x800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001250 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x5000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x100000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

MD5	`7e499ff2d22d5c26c4042961e5c7e35a`
SHA1	`1f10b3c705801df565e8f6b6ce91c1c11feaf4d5`
SHA256	`a1b3ab2e23168ea16fe5852d4caaf88b8c30e08f0b5bc6897a16ae2c250d8614`
SHA3	`8c087174361500b19ec244c2b5d621aeadc4f59d8a50237510d8da1947c6f533`
VirtualSize	`0x2e0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`4.88113`

MD5	`85a23506178ecffab4c48fcd007d8c6d`
SHA1	`c0982d9ca0d3479df68ba5b7907de2c916edffa2`
SHA256	`ae3e45363fa304e99f36c0c7c01e20e52ac974b7e49d62ee1d47e4370ab36afa`
SHA3	`333c9db6396528e04658115cecbb1da168bb6f930bedb54ac23b5a9b23a0bc68`
VirtualSize	`0x35e`
VirtualAddress	`0x2000`
SizeOfRawData	`0x400`
PointerToRawData	`0x800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.8167`

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x4`
VirtualAddress	`0x3000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

MD5	`62983343d0356c7e5761622ec706afc8`
SHA1	`99e4983a01008c3b9e270a41052831bf8cb625bd`
SHA256	`f4c685e9ea21d9b2e128ab758e07174e955b6fab7a47f2b35e186f3124d900c8`
SHA3	`014d143b38c2a23324a8bc56b6437f3f23e89d67c47fc7f970c8e857063f947b`
VirtualSize	`0x18`
VirtualAddress	`0x4000`
SizeOfRawData	`0x200`
PointerToRawData	`0xc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.210826`

KERNEL32.dll	`GetStdHandle` `CreateFileA` `GetFileSizeEx` `ReadFile` `GetCurrentThread` `GetProcAddress` `LoadLibraryA` `WriteConsoleA`

[*] Warning: Section .data has a size of 0!