Manalyze report for a8bd4a6b2f1d00928e61870a5688c13d

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2100-Oct-12 11:12:05
Comments
CompanyName
FileDescription	Wave
FileVersion	`1.0.0.0`
InternalName	Wave.exe
LegalCopyright	Copyright © 2024
LegalTrademarks
OriginalFilename	Wave.exe
ProductName	Wave
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Interesting strings found in the binary:	Contains domain names: apple.com ezgif.com http://schemas.microsoft.com http://schemas.microsoft.com/expression/blend/2008 http://schemas.microsoft.com/winfx/2006/xaml http://schemas.microsoft.com/winfx/2006/xaml/presentation http://schemas.openxmlformats.org http://schemas.openxmlformats.org/markup-compatibility/2006 http://www.apple.com http://www.apple.com/This https://discord.gg https://ezgif.com https://getwave.gg https://publisher.linkvertise.com https://publisher.linkvertise.com/ac/1138912 https://scriptblox.com https://thumbnails.roblox.com https://thumbnails.roblox.com/v1/users/avatar-headshot?userIds linkvertise.com microsoft.com openxmlformats.org publisher.linkvertise.com roblox.com schemas.microsoft.com schemas.openxmlformats.org scriptblox.com thumbnails.roblox.com www.apple.com
Suspicious	The PE is possibly packed.	`The PE only has 0 import(s).`
Malicious	VirusTotal score: 20/69 (Scanned on 2024-04-19 05:34:25)	`ALYac: Trojan.GenericFCA.Agent.119221` `AhnLab-V3: Trojan/Win.MalwareX-gen.C5611032` `Antiy-AVL: Trojan/Win32.Znyonm` `Arcabit: Trojan.GenericFCA.Agent.D1D1B5` `BitDefender: Trojan.GenericFCA.Agent.119221` `Bkav: W64.AIDetectMalware.CS` `CAT-QuickHeal: Trojan.Acll` `DeepInstinct: MALICIOUS` `FireEye: Trojan.GenericFCA.Agent.119221` `Fortinet: PossibleThreat` `GData: Trojan.GenericFCA.Agent.119221` `Gridinsoft: Trojan.Win64.ServStart.zv!n` `Kingsoft: Win32.Troj.Generic.v` `MAX: malware (ai score=89)` `MaxSecure: Trojan.Malware.238911779.susgen` `MicroWorld-eScan: Trojan.GenericFCA.Agent.119221` `TrendMicro-HouseCall: TROJ_GEN.R011H09DE24` `VIPRE: Trojan.GenericFCA.Agent.119221` `VirIT: Trojan.Win64.MSIL.GNP` `Webroot: W32.Malware.Gen`

Hashes

MD5	`a8bd4a6b2f1d00928e61870a5688c13d`
SHA1	`e17646d5279534f2e3eb0e0cfc8b6c536bc0c095`
SHA256	`2c51f67e236cf95e2d51df4178699da09869ab077924cff0b3df1c512878ef2f`
SHA3	`89345f682e667e17b94e6b2d87ca158f5353327ab4468e56c0dce8cad42470f2`
SSDeep	`98304:37//YITF8r2n8TevxbFKVlXk34tZ+t4+aNG5Lhd+2G4Op0cN+hmdYkvsFLL:37//1xBVqvG5dQ2m0cN+hmdYkvsFLL`
Imports Hash	`d41d8cd98f00b204e9800998ecf8427e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`2`
TimeDateStamp	2100-Oct-12 11:12:05
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`48.0`
SizeOfCode	`0x703000`
SizeOfInitializedData	`0x1800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000000000 (Section: ?)`
BaseOfCode	`0x2000`
ImageBase	`0x140000000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x708000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x400000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x2000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`91b62d08d0cd69695c83574ef258041e`
SHA1	`51006cb76d684815f92b05988edbc421fdfb3bea`
SHA256	`5000860d57d9ddb7e29a4fe07693bd7a85340e063c3ce8a8f96bba9798d9efeb`
SHA3	`44cccea049a92144565122ce40336aced4324b10b9de811c445ab7c2e7431e38`
VirtualSize	`0x702ebc`
VirtualAddress	`0x2000`
SizeOfRawData	`0x703000`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.37977`

.rsrc

MD5	`cc71ea2f54ac25330895b55e946f5ecc`
SHA1	`64bc221bcdc053c76fcee9d4dd052980bc9d120a`
SHA256	`55da31d10a3cf12864de828792d28433e5549fe191eff1604d12d1d9a7f5be53`
SHA3	`22136f2403a05f24fa4799ed4f773b055d30ce657dd15b4456e9417759a9616a`
VirtualSize	`0x16d8`
VirtualAddress	`0x706000`
SizeOfRawData	`0x1800`
PointerToRawData	`0x703200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.13554`

Imports

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.577`
MD5	`c242c1bc69821cb639dffc812f024e8a`
SHA1	`6729547be9e5827e2b3febd2a2b4950fbb2277de`
SHA256	`77dfb5cfd2c9a2e918a05f374a814af5ae54dc06590d57701e9d9713ca8ba370`
SHA3	`bfaf0610b66cb0ed0255a88def4a49db7793c5ab695aba78a9ef841c4fb01f00`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.7815`
Detected Filetype	Icon file
MD5	`3c68f77c35c26ff079a1c410ee44fa62`
SHA1	`0b40150c95fc2c6414c90d44ee78b8d8814b3393`
SHA256	`a14e70ed824f3f17d3a51136aa08839954d6d3ccadaa067415c7bfc08e6636b0`
SHA3	`590dcbf2ec3f485a6c24e3e627f383ee7588eb49978321f12c07d8190a6c1396`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2fc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.23782`
MD5	`345c3c20956e22c803c5a4f9fd54744a`
SHA1	`25db2c154beaa9aadf1a116fee6c6b96a7606d84`
SHA256	`b03456671408d709e4553d3b89c77f01251d3828e46fceee32a811d08acee517`
SHA3	`f6779d58d4daf31b1d373495c24b89d607237b926ecff8b3588b5475d3e4d4e6`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName
FileDescription	Wave
FileVersion (#2)	1.0.0.0
InternalName	Wave.exe
LegalCopyright	Copyright © 2024
LegalTrademarks
OriginalFilename	Wave.exe
ProductName	Wave
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

UNKNOWN

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

RICH Header

a8bd4a6b2f1d00928e61870a5688c13d

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

Imports

Delayed Imports

1

32512

1 (#2)

1 (#3)

Version Info

UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors