Manalyze report for a9f8b061a59cc092ccb99f7da527dc61

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2024-Feb-24 18:42:26
TLS Callbacks	2 callback(s) detected.

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: https://gnu.org https://wimlib.net wimlib.net`
Suspicious	The PE is possibly packed.	`Unusual section name found: /4` `Unusual section name found: .xdata`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA`
Suspicious	The file contains overlay data.	`14 bytes of data starting at offset 0x21800.`
Suspicious	VirusTotal score: 2/74 (Scanned on 2024-09-05 10:16:05)	`AVG: Win64:AdwareX-gen [Adw]` `Avast: Win64:AdwareX-gen [Adw]`

Hashes

MD5	`a9f8b061a59cc092ccb99f7da527dc61`
SHA1	`64ff9a79a22b3369995c276c73e45085b316fe48`
SHA256	`401bf99d6dec2b749b464183f71d146327ae0856a968c309955f71a0c398a348`
SHA3	`0b1ab3dd36fb838c37d8b87863c281f249311c08f0c865847740b9ecee91ff27`
SSDeep	`3072:ThjdlZuGzqh+TgyCG4L9KNA7ldJltQ/a131sEDr:flZuugPNpkAf2g`
Imports Hash	`dadfa57ce93a7b0d7a8cf903fc9f2fe3`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`11`
TimeDateStamp	2024-Feb-24 18:42:26
PointerToSymbolTable	`0x21800`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0x14800`
SizeOfInitializedData	`0x21400`
SizeOfUninitializedData	`0xe00`
AddressOfEntryPoint	`0x00000000000013F0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x2a000`
SizeOfHeaders	`0x400`
Checksum	`0x2a90f`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`7b0a610ce15226a1cdb05e19df355849`
SHA1	`cbb3932901eedc818b6b5c63081a88c132d3e379`
SHA256	`8c4e97e54a732fab452f0710f38a470ec44376b3930113ac8d7298766b2aef80`
SHA3	`a9e406b2e47da729e5eea8c303d8063627af6d289f9e7aa5f7085a7139caeff8`
VirtualSize	`0x14678`
VirtualAddress	`0x1000`
SizeOfRawData	`0x14800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.24064`

.data

MD5	`8bb0d0934f8716d466bbe8e20c89fad6`
SHA1	`9284995cfd765b2c5479b90a0fa30474fff7aa1c`
SHA256	`8593d845c683278d0bc04a51c48d7e5cc98c88c6c7a57075f8a6b14d11762d0b`
SHA3	`5bada48e4d3f93cf7cbb3b196b9a709d266d08f6c5ffc55bc82ad126d728d21e`
VirtualSize	`0x150`
VirtualAddress	`0x16000`
SizeOfRawData	`0x200`
PointerToRawData	`0x14c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.38263`

.rdata

MD5	`8c2fb065c19613105c6a1c70b1b84c29`
SHA1	`5cdfa0f42c91da77804488bc8822c8aa181fdca8`
SHA256	`71c1c42a52f0e69eeb07960ef015a03826b8f7f5b93cf49b5cefd6ab64e70f0c`
SHA3	`d7118c0844bbc77dadecfa696bad11560c7e44ede215acdef31b24cd03eafe25`
VirtualSize	`0x95c0`
VirtualAddress	`0x17000`
SizeOfRawData	`0x9600`
PointerToRawData	`0x14e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.85089`

/4

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x4`
VirtualAddress	`0x21000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1e400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.pdata

MD5	`7d6a33fc5ba3e2f1eb99508a94853e99`
SHA1	`a478462ff660666840039aba44070c49e3308741`
SHA256	`4cf22f47da6c52c74452c186ec5535e99298bed53fc994deb421c4641f4a833d`
SHA3	`a75915fa59dc2a7f45e182fbe412919c6f1656fdb570359d7fe5693b7ff928cc`
VirtualSize	`0x87c`
VirtualAddress	`0x22000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x1e600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.39356`

.xdata

MD5	`f6889c49e5d672ac7c839e92cf895511`
SHA1	`d2499dc4a4d57713aa96941d7950bfa6077af1b3`
SHA256	`e73f6bcf9c22efc1e85d910ab31d4ad5e176083f32ce9eb0eeb8ca4ab1983c3f`
SHA3	`0f1b43507bc8e3f5dacef195dfec074384b595dbea13b0acf323f433c4734d1a`
VirtualSize	`0x980`
VirtualAddress	`0x23000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x1f000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.4688`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xe00`
VirtualAddress	`0x24000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`74bee9d1b4a7c88a3f8aa779f5023041`
SHA1	`aac89d1b3b132cd3f67e3fa9faa1edc30852a1c4`
SHA256	`800d2192bb284c1b818fe00f98e6db5d086e4713c91c23c40995041edf72574c`
SHA3	`1ab7f5a0799e2bdf7ca88e41567e23d1173c204a65f9afb315a0939cf76006be`
VirtualSize	`0x1410`
VirtualAddress	`0x25000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x1fa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.183`

.CRT

MD5	`96a0bdf0efa4cb7b1888d38e44cee397`
SHA1	`61bb6b0fd58fabceb2d19f006d60da3d2704c577`
SHA256	`99bfa27221e2202aa76a86489fa9033cef14ec25da9dfe43c1a477037b80afc0`
SHA3	`c584472a4ec5fbda85627f842f794e6d591122dd02da254a69fbdff77b9f9dfe`
VirtualSize	`0x60`
VirtualAddress	`0x27000`
SizeOfRawData	`0x200`
PointerToRawData	`0x21000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.282654`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x10`
VirtualAddress	`0x28000`
SizeOfRawData	`0x200`
PointerToRawData	`0x21200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.reloc

MD5	`58e9f18c150129eba55a398ca6f4f5d9`
SHA1	`1608b1e1f163d9ba06feadf46e23cac5ad9580a4`
SHA256	`782f6d3ad11988ff1360da7c2b98d5c7c7e5d9c0360cf9204039c80dcddff695`
SHA3	`d85fbb231f7f27d93f277981d3edbeaadb5bbc3e7b4ed20578b754f51f9d4425`
VirtualSize	`0x224`
VirtualAddress	`0x29000`
SizeOfRawData	`0x400`
PointerToRawData	`0x21400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.42663`

Imports

libwim-15.dll	`wimlib_add_image_multisource` `wimlib_create_new_wim` `wimlib_delete_image` `wimlib_export_image` `wimlib_extract_image` `wimlib_extract_image_from_pipe_with_progress` `wimlib_extract_pathlist` `wimlib_extract_paths` `wimlib_extract_xml_data` `wimlib_free` `wimlib_get_compression_type_string` `wimlib_get_error_string` `wimlib_get_image_property` `wimlib_get_version_string` `wimlib_get_wim_info` `wimlib_global_cleanup` `wimlib_global_init` `wimlib_image_name_in_use` `wimlib_iterate_dir_tree` `wimlib_iterate_lookup_table` `wimlib_join_with_progress` `wimlib_load_text_file` `wimlib_open_wim_with_progress` `wimlib_overwrite` `wimlib_print_available_images` `wimlib_print_header` `wimlib_reference_resource_files` `wimlib_reference_resources` `wimlib_reference_template_image` `wimlib_register_progress_function` `wimlib_resolve_image` `wimlib_set_default_compression_level` `wimlib_set_image_property` `wimlib_set_output_chunk_size` `wimlib_set_output_compression_type` `wimlib_set_output_pack_chunk_size` `wimlib_set_output_pack_compression_type` `wimlib_set_print_errors` `wimlib_set_wim_info` `wimlib_split` `wimlib_update_image` `wimlib_verify_wim` `wimlib_write` `wimlib_write_to_fd`
ADVAPI32.dll	`ConvertSecurityDescriptorToStringSecurityDescriptorW`
KERNEL32.dll	`DeleteCriticalSection` `EnterCriticalSection` `FreeLibrary` `GetLastError` `GetModuleHandleA` `GetModuleHandleW` `GetProcAddress` `InitializeCriticalSection` `IsDBCSLeadByteEx` `LeaveCriticalSection` `LoadLibraryA` `LocalFree` `MultiByteToWideChar` `SetUnhandledExceptionFilter` `Sleep` `TlsGetValue` `VirtualProtect` `VirtualQuery` `WideCharToMultiByte`
msvcrt.dll	`__C_specific_handler` `___lc_codepage_func` `___mb_cur_max_func` `__iob_func` `__set_app_type` `__setusermatherr` `__wgetmainargs` `__winitenv` `_amsg_exit` `_cexit` `_commode` `_errno` `fwprintf` `_fmode` `_gmtime64` `_initterm` `_lock` `_onexit` `_putws` `_setmode` `_unlock` `_wcserror` `_wcsicmp` `_wfopen` `_wgetenv` `_wstat64` `abort` `calloc` `exit` `fclose` `ferror` `fflush` `fprintf` `fputc` `fputwc` `fputws` `free` `fwrite` `getenv` `iswctype` `localeconv` `malloc` `memcpy` `memmove` `memset` `realloc` `signal` `strerror` `strlen` `strncmp` `vfprintf` `wcscat` `wcschr` `wcscmp` `wcscpy` `wcsftime` `wcslen` `wcsncmp` `wcsrchr` `wcstoul` `_wcsdup` `_isatty`

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData	`0x140028000`
EndAddressOfRawData	`0x140028008`
AddressOfIndex	`0x1400241ec`
AddressOfCallbacks	`0x140027038`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x0000000140009060` `0x0000000140009030`

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Section .bss has a size of 0!
[*] Warning: Raw bytes from section .text could not be obtained.