Manalyze report for a99e25ab17fdd920b2e31d784bc8a634

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2022-Sep-07 20:30:49
Detected languages	English - United States

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains another PE executable: This program cannot be run in DOS mode.`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Manipulates other processes: Process32First Process32Next`
Malicious	The PE is possibly a dropper.	`Resource BLOBDATA detected as a PE Executable.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`a99e25ab17fdd920b2e31d784bc8a634`
SHA1	`46353661a58e630892155e03905446f6da5fb5e2`
SHA256	`b0d310ed0a1648771a9f005a75d4d02000f973c55d608da7c5986595c8602220`
SHA3	`55694570bad121cedaa58bba930c47324f6334dc1d6beab45abe40c383b94b1b`
SSDeep	`3072:uLnvP6W657/ENcMIZ2i1ChD3fzaXVy9s+owKQ4uPNUmjGhn8gR5fGM5p5:MvP16FcbIgiw3fz5oC4QUBn8g`
Imports Hash	`6fad902762a6989207222f1d46fccf00`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2022-Sep-07 20:30:49
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x11a00`
SizeOfInitializedData	`0x25400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000016C0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x3b000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d3a450d86aa122ae13f84c075144a0cd`
SHA1	`59843c5ffe67368cffa5ac70702a06e49d75c65f`
SHA256	`3419be3cbd9deab489c3930052dddf161dfedfad2423d4e79d2b1e3ea0f53cb7`
SHA3	`5b7a3ae2d08cf8353a8cd840082ab272005b50f91873794dd353ac07291303c2`
VirtualSize	`0x11920`
VirtualAddress	`0x1000`
SizeOfRawData	`0x11a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.48946`

.rdata

MD5	`99fb262eede39d07e8d26b731a88c1ef`
SHA1	`6404488f8ff23d749aab6e899d4cd1aac6a43a6e`
SHA256	`d4709de5709ec7843cf0871355f5b7e1ea4fe2c7fc913ff6e27145f4519ec04e`
SHA3	`736b4b559de1fab268049ab6abd676270c33c9e3af95a4c6a671cd612c0ae296`
VirtualSize	`0x9fa0`
VirtualAddress	`0x13000`
SizeOfRawData	`0xa000`
PointerToRawData	`0x11e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.93519`

.data

MD5	`4ca1f26d3fb35150bde86238d3a6ef04`
SHA1	`ea818d2ef226701251fb7248fff4eb2f3700562b`
SHA256	`6ab5f793ae79630d716a2003ea2c28759f51df1109c6483f7e9de4423d79b3d4`
SHA3	`f779b6e5476eb86c5f14035db01504fc5285c7b5e980710d3f9a21f734796114`
VirtualSize	`0x1c70`
VirtualAddress	`0x1d000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x1be00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.9459`

.pdata

MD5	`03539b1691f7ab6bb23f4800293b451f`
SHA1	`da08233a7acd7449dde44e418010f5d62745d23f`
SHA256	`954b8a561d8476670ebb55be3ee763885d003f67a9d14e96fad29b2ea013688f`
SHA3	`05384358d9045b86e2c70ced3ea4c8752a8c227990999dd3016d502eb0498e10`
VirtualSize	`0x1068`
VirtualAddress	`0x1f000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x1ca00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.64718`

_RDATA

MD5	`b313d7cd76493c24d3e1718e300c92b1`
SHA1	`f49ccabdea2239819cf278cbcffccba33dde8d7f`
SHA256	`bc21b02b253474e052df830c9a647900a5b524467e0dac1f47193afae60dc216`
SHA3	`29badf77942920e5faea0d987c3df5d208004626784a9c9427a2f7d2a2b8916f`
VirtualSize	`0xfc`
VirtualAddress	`0x21000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1dc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.99741`

.rsrc

MD5	`831828b929f0da811843fcf412258e1d`
SHA1	`7943dca1ff0ca1918c4420e0e7807e01db6af637`
SHA256	`d5f48be7eda2c6c336899a6bfe2a8ca999e7949561f3a489bae7b9f5808faaea`
SHA3	`f022642e0a6ebab29bf7e1924db8732711cce41d246dce38413f6b7c0d5b7dfe`
VirtualSize	`0x17890`
VirtualAddress	`0x22000`
SizeOfRawData	`0x17a00`
PointerToRawData	`0x1de00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.87749`

.reloc

MD5	`9dbbb2b550d808c97bf819472760ab1b`
SHA1	`2c6b75d0f5618b8d7d29c41fd1c7f266217cbb2f`
SHA256	`821914a07d21c915f23ddcd03a6b03616ab8682b3e0794618523f26e4cbe4cf6`
SHA3	`33db8c6e38ac2290351c1223728aee57f6783c15abfd72652f4dcdbc474fa839`
VirtualSize	`0x65c`
VirtualAddress	`0x3a000`
SizeOfRawData	`0x800`
PointerToRawData	`0x35800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.86707`

Imports

KERNEL32.dll	`GetStdHandle` `CreateFileA` `WriteFile` `CloseHandle` `Sleep` `GetConsoleScreenBufferInfo` `SetConsoleTextAttribute` `CreateToolhelp32Snapshot` `Process32First` `Process32Next` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `GetStartupInfoW` `GetModuleHandleW` `WriteConsoleW` `RtlUnwindEx` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `RaiseException` `GetModuleFileNameW` `ExitProcess` `GetModuleHandleExW` `GetCommandLineA` `GetCommandLineW` `HeapAlloc` `HeapFree` `CompareStringW` `LCMapStringW` `GetFileType` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetEnvironmentVariableW` `SetStdHandle` `GetStringTypeW` `GetProcessHeap` `FlushFileBuffers` `GetConsoleOutputCP` `GetConsoleMode` `GetFileSizeEx` `SetFilePointerEx` `HeapSize` `HeapReAlloc` `CreateFileW`

Delayed Imports

BLOBDATA

Type	`VERSION_INFO`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17800`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.89675`
Detected Filetype	PE Executable
MD5	`05aed870fd2dcbc6bd5f36d78cfff319`
SHA1	`7a169db95ce60ff66e700afde028f9e7894d6dff`
SHA256	`d12b425756811490e3b3afa3970990364747bb274a05dffecf1a86aeb7b27a7f`
SHA3	`d4167aeb4df3ce0c6525c4e08e6dc4c292c116870112368f33b40192b3b80420`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2022-Sep-07 20:30:49
Version	`0.0`
SizeofData	`720`
AddressOfRawData	`0x1b6b8`
PointerToRawData	`0x1a4b8`

TLS Callbacks

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14001d068`

RICH Header

XOR Key	`0xe336f89d`
Unmarked objects	`0`
C objects (27412)	`11`
ASM objects (27412)	`7`
C++ objects (27412)	`137`
Imports (27412)	`3`
Total imports	`91`
C++ objects (30034)	`37`
C objects (30034)	`16`
ASM objects (30034)	`9`
C objects (30146)	`1`
Resource objects (30146)	`1`
Linker (30146)	`1`

a99e25ab17fdd920b2e31d784bc8a634

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

_RDATA

.rsrc

.reloc

Imports

Delayed Imports

BLOBDATA

Version Info

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors