ac0ab9e82b90540f095fdbb7ac351f84fdd1f1ffda5521de3633ffe9f36030b3

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2024-Nov-07 22:53:30
Detected languages English - United States
CompanyName Microsoft Corporation
FileDescription waitfor - wait/send a signal over a network
FileVersion 10.0.22621.1 (WinBuild.160101.0800)
InternalName waitfor.exe
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename waitfor.exe
ProductName Microsoft® Windows® Operating System
ProductVersion 10.0.22621.1

Plugin Output

Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryExW
  • GetProcAddress
 Possibly launches other programs:
  • CreateProcessW
 Can create temporary files:
  • GetTempPathW
  • CreateFileW
 Functions related to the privilege level:
  • OpenProcessToken
 Enumerates local disk drives:
  • GetDriveTypeW
Malicious The PE's digital signature is invalid. Signer: Akeo Consulting
Issuer: Sectigo Public Code Signing CA EV R36
The file was modified after it was signed.
Malicious VirusTotal score: 45/72 (Scanned on 2026-04-23 18:28:17) ALYac: Gen:Variant.Application.FCA.3351
APEX: Malicious
AVG: Win32:Agent-BDOJ [Trj]
AhnLab-V3: Trojan/Win.Generic.R683382
Arcabit: Trojan.Application.FCA.DD17
Avast: Win32:Agent-BDOJ [Trj]
Avira: TR/Crypt.FKM.Gen
BitDefender: Gen:Variant.Application.FCA.3351
Bkav: W64.AIDetectMalware
CTX: exe.trojan.generic
CrowdStrike: win/malicious_confidence_100% (W)
Cylance: Unsafe
Cynet: Malicious (score: 100)
DeepInstinct: MALICIOUS
DrWeb: Python.Packed.104
ESET-NOD32: Win64/Packed.PyInstaller.O suspicious application
Elastic: malicious (high confidence)
Emsisoft: Gen:Variant.Application.FCA.3351 (B)
F-Secure: Trojan.TR/Crypt.FKM.Gen
Fortinet: Python/Blank.C!tr
GData: Gen:Variant.Application.FCA.3351
Google: Detected
Ikarus: Trojan-Spy.BlankC
K7AntiVirus: Trojan ( 005c34b91 )
K7GW: Trojan ( 005c34b91 )
Kaspersky: Trojan-Spy.Win32.Agent.dffz
Kingsoft: Win32.Trojan-Spy.Agent.dffz
Lionic: Trojan.Win32.Agent.Y!c
Malwarebytes: Spyware.BlankGrabber
McAfeeD: Trojan:Win/InfoStealer.AB
MicroWorld-eScan: Gen:Variant.Application.FCA.3351
Microsoft: Trojan:Win32/Wacatac.B!ml
Paloalto: generic.ml
Rising: Spyware.Agent/PYC!1.EA8F (CLOUD)
SentinelOne: Static AI - Malicious PE
Skyhigh: BehavesLike.Win64.Dropper.rc
Sophos: Mal/Generic-S
Symantec: Scr.Malcode!gen129
Tencent: Trojan.Python.Agent.16001322
TrellixENS: Artemis!E8198192AC0C
VBA32: TrojanSpy.Agent
VIPRE: Gen:Variant.Application.FCA.3351
Varist: W64/Agent.IMI.gen!Eldorado
alibabacloud: Trojan[spy]:Win/Sabsik.TA
huorong: Trojan/Python.ShellLoader.cx

Hashes

MD5 e8198192ac0c7fbb97eaf4e096afe978
SHA1 90b0bfb9c1ee5e2c518b30ecde3fc15a9a5f5218
SHA256 ac0ab9e82b90540f095fdbb7ac351f84fdd1f1ffda5521de3633ffe9f36030b3
SHA3 b700025223f913f8c086816f27ffb022fd2930d43525e8473efa172d74bec382
SSDeep 196608:GZuCoYVwfI9jUCzi4H1qSiXLGVi7DMgpZkrl7Q0VMwICEc/jk:fFIHziK1piXLGVE4UqC0VJo
Imports Hash 72c4e339b7af8ab1ed2eb3821c98713a

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2024-Nov-07 22:53:30
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x2a000
SizeOfInitializedData 0x17000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000000CDB0 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x49000
SizeOfHeaders 0x400
Checksum 0x866093
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x1e8480
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 2a7ae207b6295492e9da088072661752
SHA1 4b9dd6ce59b74c6cdd32d6c8c5220b840deda06f
SHA256 9905b8e33be130e2334e7e466ec7c17cd9a70341c62e598f8a8eb1c4edb51260
SHA3 03b74f20464a20b8f95429363a5f106bd66d65e8563f06adfedb89cbf16afa13
VirtualSize 0x29f00
VirtualAddress 0x1000
SizeOfRawData 0x2a000
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.48745

.rdata

MD5 c392f9ad8b3f57b5fd49a01f3e25e23f
SHA1 8a8ae2f26f10c31bbb60703ce43f0f958b0b8e02
SHA256 107d213246525d696ee387fa20e413ee680448ee375a78c829b6f81d531eebd0
SHA3 8d8ee229508b985371ffa413970070b021e9da69cabe59fb570db570ddfa1030
VirtualSize 0x12a50
VirtualAddress 0x2b000
SizeOfRawData 0x12c00
PointerToRawData 0x2a400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.75264

.data

MD5 dba0caeecab624a0ccc0d577241601d1
SHA1 069fd3959f91e690643115a296bf21044144de01
SHA256 17a374764a97598eeb35b9f9e96bad505b780b2a64a325822e5c002f7fdc1966
SHA3 6f4a62f5b3771451f1409b76e8ad2c44d754c804580f1209eff1f5a96fb6decd
VirtualSize 0x53f8
VirtualAddress 0x3e000
SizeOfRawData 0xe00
PointerToRawData 0x3d000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.83922

.pdata

MD5 f5559f14427a02f0a5dbd0dd026cae54
SHA1 7c99e9eef727460fa972b018290913ecf7f108f2
SHA256 bad1c17f5cc6093b572f8bb58444dae0a0a16362daf607673b0757313f4c73d5
SHA3 682c7293333f8762a384431b543c50e58668689e5a1cea2c6dfb32bf3d52913f
VirtualSize 0x2250
VirtualAddress 0x44000
SizeOfRawData 0x2400
PointerToRawData 0x3de00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.29167

.rsrc

MD5 701116ea76793448adb2fc915ac4f6ea
SHA1 3dee578d7855067967e775ce9fba1bf362988a08
SHA256 f4d606d0c0a450e9508ecf1577f67554abab6778a73793261b8f4c7b992013be
SHA3 6a3936d7d30ecbccc5725c7e8f4a90becd5c4f01ca3afcce464a9a1fd8ac9105
VirtualSize 0x964
VirtualAddress 0x47000
SizeOfRawData 0xa00
PointerToRawData 0x40200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.074

.reloc

MD5 816c68eeb419ee2c08656c31c06a0fff
SHA1 d73caf6099972c4407ac22954a7454e922084dc0
SHA256 b6f0828ba5501d261d26c59b0f79c32c6638d04e3c645417a5fa7e400a5016af
SHA3 62d280821f21ecb72eb7058070711484d2bae903b66ceb7cdbbf8f2b3bde274a
VirtualSize 0x764
VirtualAddress 0x48000
SizeOfRawData 0x800
PointerToRawData 0x40c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.28095

Imports

USER32.dll CreateWindowExW
ShutdownBlockReasonCreate
MsgWaitForMultipleObjects
ShowWindow
DestroyWindow
RegisterClassW
DefWindowProcW
PeekMessageW
DispatchMessageW
TranslateMessage
PostMessageW
GetMessageW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW
COMCTL32.dll #380
KERNEL32.dll GetACP
IsValidCodePage
GetStringTypeW
GetFileAttributesExW
SetEnvironmentVariableW
FlushFileBuffers
GetCurrentDirectoryW
LCMapStringW
CompareStringW
FlsFree
GetOEMCP
GetCPInfo
GetModuleHandleW
MulDiv
FormatMessageW
GetLastError
GetModuleFileNameW
LoadLibraryExW
SetDllDirectoryW
CreateSymbolicLinkW
GetProcAddress
GetEnvironmentStringsW
GetCommandLineW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetDriveTypeW
RemoveDirectoryW
GetTempPathW
CloseHandle
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
Sleep
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LocalFree
SetConsoleCtrlHandler
K32EnumProcessModules
K32GetModuleFileNameExW
CreateFileW
FindFirstFileExW
GetFinalPathNameByHandleW
MultiByteToWideChar
WideCharToMultiByte
FlsSetValue
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
HeapReAlloc
WriteConsoleW
SetEndOfFile
CreateDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ReadFile
GetFullPathNameW
SetStdHandle
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
ADVAPI32.dll OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
GDI32.dll SelectObject
DeleteObject
CreateFontIndirectW

Delayed Imports

1

Type RT_VERSION
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x3b4
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.50312
MD5 5246a0d3669829fe675501bfa9c50bc4
SHA1 7bdc44f582ed315c6ee55895274d2952588d63d7
SHA256 46244a78e89006cfecf1729113c9f09fb3987cd16855de034948d14947d276bb
SHA3 0f2f0e6465e986818f2e901088c5b37087718ea6c61b1177edaa208a3a05132d

1 (#2)

Type RT_MANIFEST
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x50d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.25791
MD5 84da8dee6b319ea0b10b6de5489c6aae
SHA1 5f8991f3e065fd95614859a293f88b9c70e4bb23
SHA256 abf8f2022f12f350789d961aceaf9ccfd53e7ec58d8c9934cfce77779b4eac11
SHA3 08f0562915b54bedce5a84e9d32cb2efcc538268785103b1852338e20a3b4606

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 10.0.22621.1
ProductVersion 10.0.22621.1
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName Microsoft Corporation
FileDescription waitfor - wait/send a signal over a network
FileVersion (#2) 10.0.22621.1 (WinBuild.160101.0800)
InternalName waitfor.exe
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename waitfor.exe
ProductName Microsoft® Windows® Operating System
ProductVersion (#2) 10.0.22621.1
Resource LangID UNKNOWN

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2024-Nov-07 22:53:30
Version 0.0
SizeofData 796
AddressOfRawData 0x3a474
PointerToRawData 0x39874

TLS Callbacks

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x14003e040
GuardCFCheckFunctionPointer 5368886432
GuardCFDispatchFunctionPointer 0
GuardCFFunctionTable 0
GuardCFFunctionCount 0
GuardFlags (EMPTY)
CodeIntegrity.Flags 0
CodeIntegrity.Catalog 0
CodeIntegrity.CatalogOffset 0
CodeIntegrity.Reserved 0
GuardAddressTakenIatEntryTable 0
GuardAddressTakenIatEntryCount 0
GuardLongJumpTargetTable 0
GuardLongJumpTargetCount 0

RICH Header

XOR Key 0x5afe5c2a
Unmarked objects 0
ASM objects (30795) 7
C++ objects (30795) 180
C objects (30795) 10
253 (33808) 3
ASM objects (33808) 9
C objects (33808) 17
C++ objects (33808) 40
Imports (30795) 11
Total imports 155
C objects (34120) 25
Linker (34120) 1

Errors

Leave a comment

No comments yet.