Suspicious |
PEiD Signature: |
HQR data file
|
Suspicious |
Strings found in the binary may indicate undesirable behavior: |
Contains references to security software:
Looks for Qemu presence:
May have dropper capabilities:
- CurrentControlSet\services
Contains domain names:
- .dev.azure.com
- .eq.dev.azure.com
- .eq.github.com
- .eq.go.mongodb.org
- .eq.golang.org
- .github.com
- .golang.org
- .hash.dev.azure.com
- .hash.net
- 0dev.azure.com
- 1dev.azure.com
- 2dev.azure.com
- 4dev.azure.com
- 5.in.applicationinsights.azure.com
- 5github.com
- 6dev.azure.com
- 7github.com
- 8dev.azure.com
- Agithub.com
- Bdev.azure.com
- Cdev.azure.com
- Ddev.azure.com
- Idev.azure.com
- a11yproject.com
- abrechnungsrouter.haevg-rz.de
- apimgmt-vhok-dev.azure-api.net
- apimgmt-vhok-prod.azure-api.net
- applicationinsights.azure.com
- archive.org
- auth0.com
- az.haevg-rz.net
- azure-api.net
- azure.com
- bottom-e.top
- bound.top
- boundaries.top
- bugs.chromium.org
- bugs.webkit.org
- bugzilla.mozilla.org
- c.style.top
- caniuse.com
- childrenRect.top
- chromium.org
- cloudfoundry.org
- code.cloudfoundry.org
- code.google.com
- component.es
- css-discuss.incutio.com
- cssfontstack.com
- dc.services.visualstudio.com
- dev.azure-api.net
- dev.azure.com
- dev.ssl.abrechnungsrouter.haevg-rz.de
- developer.mozilla.org
- developer.paciellogroup.com
- discuss.incutio.com
- docs.haevg-rz.de
- e.bottom-e.top
- e.specSelectors.info
- e.top-a.top
- en.wikipedia.org
- eq.dev.azure.com
- eq.github.com
- eq.go.mongodb.org
- eq.golang.org
- example.com
- facebook.com
- feross.org
- func.az.haevg-rz.net
- getbootstrap.com
- github.com
- gmail.com
- go.mongodb.org
- golang.org
- google.com
- haevg-rz.de
- haevg-rz.net
- hash.dev.azure.com
- html.spec.whatwg.org
- http://127.0.0.1
- http://css-discuss.incutio.com
- http://css-discuss.incutio.com/wiki/Printing_Tables\n
- http://cssfontstack.com
- http://fb.me
- http://haevg-rz.de
- http://microsoft.com
- http://nicolasgallagher.com
- http://pajhome.org.uk
- http://pajhome.org.uk/crypt/md5
- http://schemas.xmlsoap.org
- http://schemas.xmlsoap.org/soap/encoding/
- http://schemas.xmlsoap.org/soap/envelope/BasicAuth
- http://schemas.xmlsoap.org/soap/http
- http://schemas.xmlsoap.org/wsdl/
- http://schemas.xmlsoap.org/wsdl/http/
- http://schemas.xmlsoap.org/wsdl/mime/
- http://schemas.xmlsoap.org/wsdl/soap/
- http://schemas.xmlsoap.org/wsdl/soap12/
- http://snook.ca
- http://stackoverflow.com
- http://tachyons.io
- http://tobiasahlin.com
- http://url.spec.whatwg.org
- http://url.spec.whatwg.org/#urlutils
- http://ws-i.org
- http://www.google.com
- http://www.w3.org
- http://www.w3.org/1998/Math/MathML
- http://www.w3.org/1999/xhtml
- http://www.w3.org/1999/xlink
- http://www.w3.org/1999/xlink\
- http://www.w3.org/2000/svg
- http://www.w3.org/2000/svg'
- http://www.w3.org/2000/svg\
- http://www.w3.org/2001/XMLSchema
- http://www.w3.org/2001/XMLSchema-instance
- http://www.w3.org/2001/XMLSchema-instanceidna
- http://www.w3.org/2001/XMLSchemaDie
- http://www.w3.org/2003/05/soap-envelope
- http://www.w3.org/2003/05/soap-envelopeEs
- http://www.w3.org/TR/CSS2/zindex.html\n
- http://www.w3.org/XML/1998/namespace
- http://www.w3.org/XML/1998/namespacexml
- https://WMIC.exeX-Hash-DDownloadfont
- https://apimgmt-vhok-dev.azure-api.net
- https://apimgmt-vhok-dev.azure-api.net/func-vhok-deverrors
- https://apimgmt-vhok-prod.azure-api.net
- https://apimgmt-vhok-prod.azure-api.net/func-vhok-prodping
- https://auth0.com
- https://bugs.chromium.org
- https://bugs.chromium.org/p/v8/issues/detail?id
- https://bugs.webkit.org
- https://bugs.webkit.org/show_bug.cgi?id
- https://bugzilla.mozilla.org
- https://bugzilla.mozilla.org/show_bug.cgi?id
- https://caniuse.com
- https://code.google.com
- https://code.google.com/p/chromium/issues/detail?id
- https://dc.services.visualstudio.com
- https://dc.services.visualstudio.com/v2/trackFehler
- https://dev.ssl.abrechnungsrouter.haevg-rz.de
- https://dev.ssl.abrechnungsrouter.haevg-rz.de/healthTlsAuthsync
- https://developer.mozilla.org
- https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getRandomValues\nvar
- https://developer.mozilla.org/en-US/docs/Web/API/window.crypto.getRandomValues\n
- https://developer.mozilla.org/en-US/docs/Web/CSS/
- https://developer.mozilla.org/en-US/docs/Web/Events/click#Safari_Mobile\n\n//
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Common_types\nconst
- https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/endsWith\n\n\nfunction
- https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/includes\n\n\nfunction
- https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/startsWith\n\n\nfunction
- https://developer.mozilla.org/en/docs/Web/CSS/z-index\n
- https://developer.paciellogroup.com
- https://developer.paciellogroup.com/blog/2018/03/focus-visible-and-backwards-compatibility/\n
- https://docs.haevg-rz.de
- https://docs.haevg-rz.de/haevg-pruefmodul-anleitung/
- https://en.wikipedia.org
- https://en.wikipedia.org/wiki/Base64#URL_applications
- https://example.com
- https://feross.org
- https://getbootstrap.com
- https://github.com
- https://goo.gl
- https://html.spec.whatwg.org
- https://html.spec.whatwg.org/multipage/#the-fieldset-and-legend-elements\n
- https://hugogiraudel.com
- https://instagram.com
- https://itv.haevg-rz.de
- https://itv.haevg-rz.de/healthRandom.binio.File
- https://itv.haevg-rz.de/healthTlsAuthkonnte
- https://json-schema.org
- https://nodejs.org
- https://petstore.swagger.io
- https://petstore.swagger.io/v2/swagger.json
- https://philipwalton.com
- https://popper.js.org
- https://popper.js.org/
- https://popper.js.org\n
- https://primer.github.io
- https://primer.github.io/.\n//\n\n.custom-select
- https://reactjs.org
- https://redux.js.org
- https://redux.js.org/Errors?code
- https://registry.npmjs.org
- https://registry.npmjs.org/
- https://registry.npmjs.org/jsencrypt/-/jsencrypt-3.3.2.tgz
- https://registry.npmjs.org/undici-types/-/undici-types-6.19.8.tgz
- https://requirejs.org
- https://smartbear.com
- https://soundcloud.com
- https://spdx.org
- https://spec.openapis.org
- https://spec.openapis.org/oas/3.1/dialect/base
- https://spec.openapis.org/oas/3.1/dialect/base\
- https://ssl.abrechnungsrouter.haevg-rz.de
- https://ssl.abrechnungsrouter.haevg-rz.de%time%
- https://ssl.abrechnungsrouter.haevg-rz.de/healthRandom.bincannot
- https://ssl.abrechnungsrouter.haevg-rz.de/healthTlsAuthreflect
- https://stackoverflow.com
- https://tc39.es
- https://test.itv.haevg-rz.de
- https://test.itv.haevg-rz.de/healthTlsAuthder
- https://test.ssl.abrechnungsrouter.haevg-rz.de
- https://test.ssl.abrechnungsrouter.haevg-rz.de/healthTlsAuthsync/atomic
- https://test.ssl.abrechnungsrouter.haevg-rz.dekonnte
- https://twitter.com
- https://useiconic.com
- https://validator.swagger.io
- https://validator.swagger.io/validator
- https://validator.swagger.io/validator\
- https://web.archive.org
- https://web.archive.org/web/20180815150934/http
- https://westeurope-5.in.applicationinsights.azure.com
- https://westeurope-5.in.applicationinsights.azure.com/v2/trackreflect.ArrayOf
- https://www.a11yproject.com
- https://www.a11yproject.com/posts/2013-01-11-how-to-hide-content/\n//
- https://www.facebook.com
- https://www.facebook.com/hashtag/
- https://www.haevg-rz.de
- https://www.haevg-rz.de/Konnte
- https://www.haevg-rz.de/haevg-pruefmodul-hilfestellung/only
- https://www.haevg-rz.de/kontakt/
- https://www.phpied.com
- https://www.phpied.com/delay-loading-your-print-css/\n//
- https://www.quirksmode.org
- https://www.quirksmode.org/blog/archives/2014/02/mouse_event_bub.html\n
- https://www.tiktok.com
- https://www.tiktok.com/
- https://www.tiktok.com/tag/
- https://www.w3.org
- https://www.w3.org/TR/2013/NOTE-WCAG20-TECHS-20130905/G1\n//\n//
- https://www.w3.org/TR/mediaqueries-4/#mq-min-max\n//
- hugogiraudel.com
- immutable-pure-component.es
- in.applicationinsights.azure.com
- incutio.com
- instagram.com
- itv.haevg-rz.de
- jquery.org
- json-schema.org
- microsoft.com
- mongodb.org
- mozilla.org
- nicolasgallagher.com
- nodejs.org
- npmjs.org
- offsets.top
- openapis.org
- paciellogroup.com
- padding.top
- pajhome.org.uk
- parentRect.top
- philipwalton.com
- phpied.com
- popper.js.org
- popper.style.top
- popper.top
- popperOffsets.top
- popperStyles.top
- prod.azure-api.net
- pure-component.es
- quirksmode.org
- r.top-a.top
- react-immutable-pure-component.es
- reactjs.org
- redux.js.org
- refOffsets.top
- refRect.top
- registry.npmjs.org
- relativeOffset.top
- requirejs.org
- s-func.az.haevg-rz.net
- schema.org
- schemas.xmlsoap.org
- services.visualstudio.com
- smartbear.com
- snook.ca
- soundcloud.com
- spec.openapis.org
- spec.whatwg.org
- specSelectors.info
- ssl.abrechnungsrouter.haevg-rz.de
- stackoverflow.com
- style.top
- system.specSelectors.info
- t.top-i.top
- t.top-s.top
- test.itv.haevg-rz.de
- test.ssl.abrechnungsrouter.haevg-rz.de
- this.popper.style.top
- tiktok.com
- tobiasahlin.com
- top-a.top
- top-i.top
- top-s.top
- twitter.com
- url.spec.whatwg.org
- useiconic.com
- vhok-dev.azure-api.net
- vhok-prod.azure-api.net
- visualstudio.com
- web.archive.org
- webkit.org
- westeurope-5.in.applicationinsights.azure.com
- whatwg.org
- wikipedia.org
- www.a11yproject.com
- www.facebook.com
- www.google.com
- www.haevg-rz.de
- www.phpied.com
- www.quirksmode.org
- www.tiktok.com
- www.w3.org
- xmlsoap.org
- zloirock.ru
|
Info |
Cryptographic algorithms detected in the binary: |
Uses constants related to MD5
Uses constants related to SHA1
Uses constants related to SHA256
Uses constants related to SHA512
Uses constants related to AES
|
Suspicious |
The PE is possibly packed. |
Unusual section name found: .xdata
Unusual section name found: .symtab
|
Suspicious |
The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
- LoadLibraryW
- LoadLibraryExW
- GetProcAddress
Functions which can be used for anti-debugging purposes:
|
Info |
The PE is digitally signed. |
Signer: H\xC3\x84VG Rechenzentrum GmbH
Issuer: GlobalSign GCC R45 EV CodeSigning CA 2020
|
Suspicious |
No VirusTotal score. |
This file has never been scanned on VirusTotal.
|