Manalyze report for b6e8712d59bdcbfe9fdb45aaa77249266208ea6062465688fa4e732588f38381

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2025-Jan-22 03:49:06
Detected languages	English - United States
TLS Callbacks	1 callback(s) detected.

Plugin Output

Malicious	The file headers were tampered with.	`Unusual section name found: .xdata1` `Unusual section name found: .rdata1` `Unusual section name found: .idata2` `Unusual section name found: .data2` `Unusual section name found: .pdata2` `Unusual section name found: .xdata1` `Unusual section name found: .tls1` `The RICH header checksum is invalid.` `The number of imports reported in the RICH header is inconsistent.`
Malicious	The PE contains functions mostly used by malware.	`Possibly launches other programs: system` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`808d98c45ccb10da42bb719dcff953f2`
SHA1	`854fe7793c291458ac756783d36f79490bfe255e`
SHA256	`b6e8712d59bdcbfe9fdb45aaa77249266208ea6062465688fa4e732588f38381`
SHA3	`023f0db199dc1bfaf68283de0c703b10611c17fd0964276aa4809b9b627d8d2f`
SSDeep	`3072:edA6d1IkAMIR2gib2ohIz0uFSigUFPGQ+A2aBOk+tnr1CfypRD1Izh00lwG+gLk:edA6d1IkAMIR2gib2ohIz0uFSigUFPG`
Imports Hash	`3c9a48370ce35c12a1792c28c0ab9c75`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`13`
TimeDateStamp	2025-Jan-22 03:49:06
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x1c600`
SizeOfInitializedData	`0x13400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000038000 (Section: .tls1)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x39000`
SizeOfHeaders	`0x600`
Checksum	`0x31726`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`7578812c4f8541bd62d725b26bcfb6ab`
SHA1	`6381d623959ec9340775884ca07e0defcc2e2cc8`
SHA256	`9bb6c89cd9f7773ddfb5c130b17036daf614466a700bdc20c34a9f3a27683ab9`
SHA3	`9f09872f8c6af85c694ba63c1284ce302a4923f8413331a1c2c114834a52bbcd`
VirtualSize	`0x7567`
VirtualAddress	`0x1000`
SizeOfRawData	`0x7600`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.83388`

.rdata

MD5	`c7a5bb925154b565f8e2d8afc638dbf0`
SHA1	`7907aa179d03ae06f0272b4b1f4ab3dc6f7cf51d`
SHA256	`c5c0a1fc27897ff4cffbf6b8cb1ddcc6adeb6537efbc40ef5c16ab69082ff246`
SHA3	`8cef9bebaf52ed7c2b18bd19c9bb3e12e0f9e48723e0d79cf2926f26900b8336`
VirtualSize	`0x66a6`
VirtualAddress	`0x9000`
SizeOfRawData	`0x6800`
PointerToRawData	`0x7c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.71528`

.data

MD5	`5ee413636a9f18784b26557e94a07e31`
SHA1	`3e36ecd9fdcd3c7fd6dd08d5f8ae40e8cdde3f75`
SHA256	`751082ebd8cdcac581ac3566d595709ca8ab60815c7ed7970f1dec874dd3a50a`
SHA3	`421c775667c0b73f0148c2e89e236a398ac24f55462b5b75d7d032f1956171b3`
VirtualSize	`0x3e8`
VirtualAddress	`0x10000`
SizeOfRawData	`0x400`
PointerToRawData	`0xe400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.39095`

.pdata

MD5	`ba36c1ca93a75fd8be4c6a94495f6089`
SHA1	`138d3a66b63eec9102fee4ba0d2f54aede279676`
SHA256	`1fc36d83486bde7ce705d7e0c9750175a28d5319d9bd0370089943e7196884bb`
SHA3	`3a01e1a94003890a12583c2975b119028a61851b47b3fc2347edd3e84de05b84`
VirtualSize	`0x528`
VirtualAddress	`0x11000`
SizeOfRawData	`0x600`
PointerToRawData	`0xe800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.78006`

.rsrc

MD5	`535e6c34b4922862f1fdcd161b767a6a`
SHA1	`43f7a89f92849bfa89e58c0eb22188e3c676156c`
SHA256	`7e695b97f076251694a0c44e307210e854fca43cca85eb6f75bf6ad3ac2e788c`
SHA3	`103d2c47f30944cd9474ce3ee170d826f795d60c35f4d08024e91505523818c9`
VirtualSize	`0x1e8`
VirtualAddress	`0x12000`
SizeOfRawData	`0x200`
PointerToRawData	`0xee00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.7511`

.reloc

MD5	`522c093d8899a2f2a5b71894a9cfafec`
SHA1	`8068135e0a7a27670cd0fa415e80f940d4347783`
SHA256	`55ce7caafcb274a40f6beae38c4e2f31679ebe63317700b91f7e9794506a0320`
SHA3	`c852fee47a3bcf34f565fdfa8afbd38b716860e3945610797ee9fda8f46cb9db`
VirtualSize	`0xa0`
VirtualAddress	`0x13000`
SizeOfRawData	`0x200`
PointerToRawData	`0xf000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.06689`

.xdata1

MD5	`2dc2afe91bd64939630b7dd8d31ed95a`
SHA1	`dcce8a1296a3cc487fad1f7497232121065f4ee2`
SHA256	`764c49b52f15a775622c48a1ec23e3c5942f56935cf7ca8294f2214d0fbe3691`
SHA3	`3c34617a780ef66f7a3b1b85d1096b0fcd64ecedfa03134c7d28b5fd8385f1b7`
VirtualSize	`0xad90`
VirtualAddress	`0x14000`
SizeOfRawData	`0xae00`
PointerToRawData	`0xf200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.44597`

.rdata1

MD5	`05aef90f4a5fd82c470ef7a701c74167`
SHA1	`c4e12c27534f54bae52f4df1c446e3717e8e80ae`
SHA256	`7416b3747d319b3945ad666b3a8b59f92ae8cdb0529ab8bc479285f6d10af4f8`
SHA3	`c8fe52b1ace75f6e0de1cbdc082d411c5e40e61f81be15737061c7218e792af6`
VirtualSize	`0x14dd7`
VirtualAddress	`0x1f000`
SizeOfRawData	`0x14e00`
PointerToRawData	`0x1a000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.15352`

.idata2

MD5	`71901cbeb597ce8de659caecfa65dfd9`
SHA1	`feb9a729412210301daa8697b5f4808cf392dcea`
SHA256	`2576831517361e6e71845818c53ce09f9cca5bf3055b6c3601009529e0083ca7`
SHA3	`69350aaa1040f5d1cea57b861b3eb3d4af5ee49f66e554211b2d8cf94355c873`
VirtualSize	`0x268`
VirtualAddress	`0x34000`
SizeOfRawData	`0x400`
PointerToRawData	`0x2ee00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.146838`

.data2

MD5	`10fe5582b8ab728645eb2d6f323fca36`
SHA1	`78751d133cc0352552fa0d08415d1baef1c2d4f9`
SHA256	`ee6e88cbcc4d34e8e828f6ebc86ab2d382bf5211bacb6e8ef78121d26ee77dd7`
SHA3	`42fd17b02102eebf272e0a6519c195edf67432a6fae0e2068289655c67c0765b`
VirtualSize	`0x118`
VirtualAddress	`0x35000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2f200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.36526`

.pdata2

MD5	`bcc2c00dea8459dea52330ba23453b3f`
SHA1	`b08253b16a0415c9ea5ba2638a1a69266ea8ad25`
SHA256	`7a748a39a9f07fc47db47911698a57ffcef696c086a1fa8c6ac208e0a2830742`
SHA3	`b820073418de2387011cfa0ee6cacb8c177805e1d592a7eda87143ab08a78e5a`
VirtualSize	`0x6cc`
VirtualAddress	`0x36000`
SizeOfRawData	`0x800`
PointerToRawData	`0x2f400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.36207`

.xdata1 (#2)

MD5	`fd741ae59298736beddf6f146be27708`
SHA1	`217f13f8ca605eebd24fd189356bc4f701483c51`
SHA256	`dc3d29b8d6674913a6d248c8bb76c168a51edf90bb1eb95ac5c6b5dca99e289d`
SHA3	`fcdb945d3ff354ad911ed4abe89071123f4661ae6f4e94bbee741a5e84020e27`
VirtualSize	`0xb0`
VirtualAddress	`0x37000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2fc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.20366`

.tls1

MD5	`c38b3080149b1792051bc92252265667`
SHA1	`f43c2ae13c89e9973f8a422552d9b2c3b39fbf6e`
SHA256	`652d486962a6766a57e9ec8f1e6d3391340e71481c8a4eca8cb6e79aa76da2fa`
SHA3	`0a086b2ecf99508438f1ce7d49ce142c519fc998a5dc5bea77b5cbbf28f3fa28`
VirtualSize	`0x18`
VirtualAddress	`0x38000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2fe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`0.460547`

Imports

KERNEL32.dll	`MultiByteToWideChar` `WideCharToMultiByte` `GetTickCount` `GetTickCount64` `QueryPerformanceCounter` `QueryPerformanceFrequency` `GetSystemTime` `CloseHandle` `GetLocalTime` `FileTimeToSystemTime` `SystemTimeToFileTime` `lstrlenA` `GetCurrentProcess` `SetConsoleTitleA` `lstrlenW` `SetConsoleTextAttribute` `lstrcpyA` `lstrcpyW` `lstrcatA` `lstrcatW` `lstrcmpA` `lstrcmpW`
ADVAPI32.dll	`AdjustTokenPrivileges` `OpenProcessToken` `LookupPrivilegeValueW`
MSVCP140.dll	`?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z` `?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z` `?_Xbad_alloc@std@@YAXXZ` `_Xtime_get_ticks` `?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ` `?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z` `?_Xinvalid_argument@std@@YAXPEBD@Z` `?_Xlength_error@std@@YAXPEBD@Z` `?_Xout_of_range@std@@YAXPEBD@Z` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?_Xoverflow_error@std@@YAXPEBD@Z` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?_Xruntime_error@std@@YAXPEBD@Z` `?_Lock_shared_ptr_spin_lock@std@@YAXXZ` `?_Unlock_shared_ptr_spin_lock@std@@YAXXZ` `??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `?_Random_device@std@@YAIXZ` `?_Throw_C_error@std@@YAXH@Z` `?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?_Throw_Cpp_error@std@@YAXH@Z` `?_Throw_future_error@std@@YAXAEBVerror_code@2@@Z` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `?_Syserror_map@std@@YAPEBDH@Z` `?always_noconv@codecvt_base@std@@QEBA_NXZ` `?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `?_Xbad_alloc@std@@YAXXZ` `?always_noconv@codecvt_base@std@@QEBA_NXZ` `?_Xinvalid_argument@std@@YAXPEBD@Z` `?_Xlength_error@std@@YAXPEBD@Z` `?_Xout_of_range@std@@YAXPEBD@Z` `?_Xoverflow_error@std@@YAXPEBD@Z` `?_Xruntime_error@std@@YAXPEBD@Z` `?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?_Lock_shared_ptr_spin_lock@std@@YAXXZ`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`__C_specific_handler` `__C_specific_handler` `__CxxFrameHandler3` `_CxxThrowException` `memcpy` `memmove` `__std_terminate` `memset` `__std_exception_destroy` `memcmp` `__current_exception`
api-ms-win-crt-stdio-l1-1-0.dll	`fputs` `_get_stream_buffer_pointers` `fputc` `fgetc` `fgets` `fflush` `fwrite` `fread` `fopen` `fclose` `feof` `ungetc` `ferror` `fgetc` `fseek` `ftell` `fsetpos`
api-ms-win-crt-heap-l1-1-0.dll	`malloc` `malloc` `free` `realloc` `free`
api-ms-win-crt-string-l1-1-0.dll	`strlen` `_wcsicmp`
api-ms-win-crt-time-l1-1-0.dll	`strftime` `_localtime64_s`
api-ms-win-crt-runtime-l1-1-0.dll	`_initialize_onexit_table` `system` `exit` `_exit` `abort` `_set_invalid_parameter_handler` `_get_initial_narrow_environment` `_initialize_narrow_environment` `_get_initial_wide_environment` `_initialize_wide_environment` `__p___argc` `__p___argv` `__p___wargv` `__p__commode` `_initterm` `_c_exit` `_initterm_e` `_register_thread_local_exe_atexit_callback` `_cexit`
api-ms-win-crt-filesystem-l1-1-0.dll	`_lock_file` `_unlock_file`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

Version Info

TLS Callbacks

StartAddressOfRawData	`0`
EndAddressOfRawData	`0`
AddressOfIndex	`0x140034028`
AddressOfCallbacks	`0x140034030`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x00000001400314D0`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140010040`

RICH Header

XOR Key	`0xa65e45dc`
Unmarked objects	`0`
Total imports	`1`
Linker (33523)	`60`
ASM objects (33523)	`280`
ASM objects (33523) (#2)	`2`
ASM objects (33523) (#3)	`1`
Resource objects (33523)	`350`

Errors

Leave a comment

No comments yet.