Manalyze report for ba11b066faedce897f210ff1fc8adc01

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2025-Aug-26 04:37:19
Debug artifacts	Embedded COFF debugging symbols

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .buildid` `Unusual section name found: /4` `Unusual section name found: /18` `Unusual section name found: /31` `Unusual section name found: /43` `Unusual section name found: /55` `Unusual section name found: /66` `Unusual section name found: /80` `Unusual section name found: .stub` `Section .stub is both writable and executable.`

Hashes

MD5	`ba11b066faedce897f210ff1fc8adc01`
SHA1	`009e66e77d2d4fcd2ceb1b3b1bc59dc16cbe836f`
SHA256	`cd74bd9a66c768d1055aa1b5de61045b9b319c116fb430cf52c5df684023f137`
SHA3	`ca84abde7a8c5d96c500a9c73c5d70751759739e61c780d71a1e602dc539fca5`
SSDeep	`1536:LursW7TRH/RjANskhhcDjg9MOIh99SGVG2YaXo7PAGeAb32Vdj0pgTAk0sWscdw:qHy3McIKK0p61gwEb9ruAtZeO7yQO7x`
Imports Hash	`8466d58c1e788b0d96503df8f28f5af6`

DOS Header

e_magic	`MZ`
e_cblp	`0x78`
e_cp	`0x1`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0`
e_ss	`0`
e_sp	`0`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x78`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`14`
TimeDateStamp	2025-Aug-26 04:37:19
PointerToSymbolTable	`0x11800`
NumberOfSymbols	`214`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x1800`
SizeOfInitializedData	`0xfc00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00020C30 (Section: .stub)`
BaseOfCode	`0x1000`
BaseOfData	`0`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x2f000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`9ea828202c3799537f11b6bdfff30457`
SHA1	`32df0c9593ec878a3a63cb2e8d5df31e5d9ea1af`
SHA256	`da2f52f2ab5b40cef2183fe12c70f5c7436d77649b6fa70126742fbefa8007a2`
SHA3	`ae87e5cf08646b8b76a3e13b49f2cf987f3b3929e387342bab055a61b5b086ae`
VirtualSize	`0x1654`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.17362`

.rdata

MD5	`e60241b319355798d4d42c3e871d35d4`
SHA1	`100165db5148c1752bf0cfad58b040085d1b10e9`
SHA256	`bd94fb2fe88300c18c6b5c8cfa2a799d7bc0beb8985c05e1b64906222351ef9c`
SHA3	`bac323280d6c6f67b2140a419bd7b3f49ef9a5364e534c834580bb15f05e8dcd`
VirtualSize	`0xa97`
VirtualAddress	`0x3000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x1c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.39548`

.buildid

MD5	`4067a29b118c8d87b23364a67631db95`
SHA1	`b795250310ae3cb5ee4f1e05b976986e07ae1b16`
SHA256	`b20beaca06643abcdfdcb36bf1af6f6601de76fdb02f3be6f03afa91043d0171`
SHA3	`2657ae1654e0dc0de43c469aa3b8b57ab13bcec1986a6c969cce90ea2db6966c`
VirtualSize	`0x35`
VirtualAddress	`0x4000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.603187`

.data

MD5	`24ccee6a46cbc6f9244e9d392e73b0dc`
SHA1	`d418e9214d894fbfad9614fda80fcfe6b26d7a34`
SHA256	`67a671c9488e930f6c597991d56dec39670f20f2cb53223beb133da6242c6d93`
SHA3	`ed4337f82a240ae5d0173d0a1e7097f091c033b2d30f689869f3d3a7a07c8023`
VirtualSize	`0x13c`
VirtualAddress	`0x5000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.13834`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x8`
VirtualAddress	`0x6000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.reloc

MD5	`e383f9950e1a1153197fd4e8c68618d7`
SHA1	`ee8220c6250520873af23e44512456d0b32d257a`
SHA256	`4bc7e09c36afed8d2e36d06170f10f10b8c2eeffcb048d9571d38d1b6185886e`
SHA3	`6a6d3bee0beb1fd17634e1a986bbdd17cb730bd29a237b0a748bb7de90e05b9d`
VirtualSize	`0x244`
VirtualAddress	`0x7000`
SizeOfRawData	`0x400`
PointerToRawData	`0x2e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.27882`

/4

MD5	`e7155c16cf2954ca8819b76dbd8ba344`
SHA1	`4ffd2af69e616052edf0ca1a33513463b3847fed`
SHA256	`61095d779208785cbd34d7b47dc1c2e8eaa7f74e5b1fef5d49dfdb1f62dfc632`
SHA3	`a40abbf22cc71c51851f6575bef62c25c99cbd4a66c1e182839be36026b237e0`
VirtualSize	`0x1882`
VirtualAddress	`0x8000`
SizeOfRawData	`0x1a00`
PointerToRawData	`0x3200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.50113`

/18

MD5	`063e4736b7381e45b920e895f1a7e77c`
SHA1	`96c14eb1e9b0378c30e979b1e56f80e710c5dfc6`
SHA256	`c5a6d2c6d4dbf51f97624fcb6b4060f89f5bcc117381ff97f218cd502950345f`
SHA3	`08187624a1ac0413ad2663f0625b689cbaa3edc055c456e26cb19ca11aca3d12`
VirtualSize	`0x738`
VirtualAddress	`0xa000`
SizeOfRawData	`0x800`
PointerToRawData	`0x4c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.27213`

/31

MD5	`b2381cb0eb956cf63fb4e005000532d0`
SHA1	`91ea7488b039041c176dcea7b7d74c1db4a83dd0`
SHA256	`8fff1308ae025f80b22d73b92ef63cad1164ff0cd78c4a95c4c7b93510dc341b`
SHA3	`5e44d3785c8e551a28ffecd2d7fdd355dd4660ae90fd00e5cb3afeac478abe82`
VirtualSize	`0x4452`
VirtualAddress	`0xb000`
SizeOfRawData	`0x4600`
PointerToRawData	`0x5400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.0384`

/43

MD5	`33b118e06123a76a3494e842eed56d46`
SHA1	`f2a1c94d7ce426ce7be5e133948d1ead8c73118e`
SHA256	`dee2d107cb060829ead72f4df1aa6185d3c814a83ce185c6d7bb84af6be46411`
SHA3	`1d2025b020ad49cb4a3b25112c6e71f9ba4801032cb859c7099bf05b48e05036`
VirtualSize	`0x25ca`
VirtualAddress	`0x10000`
SizeOfRawData	`0x2600`
PointerToRawData	`0x9a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.64501`

/55

MD5	`5d7e006b4b91a584f39d5fc680bbb5dd`
SHA1	`d85e88f5d68945a43dcf32b2d8de7a368856d923`
SHA256	`1a2d41633daf6486a397a82f304aff807e1d704899f0ab45ecf96c6d8b7fb296`
SHA3	`10d0ce60d0a7cf605dae8170b7f4093ccfc5a8c1b83ded46f0ba93c39711ad7e`
VirtualSize	`0x102d`
VirtualAddress	`0x13000`
SizeOfRawData	`0x1200`
PointerToRawData	`0xc000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.67354`

/66

MD5	`beea7c46e10050aadf855fa6028d8843`
SHA1	`dc83fc3153e9f021d626cf63758b477a2e3255fe`
SHA256	`56b2a1166e88adb7d0ffa9168fcebcae132c15727feda6741830d489bc8e8440`
SHA3	`eb3b83af99c240230a16fa7fe744602140c8854bae40140b87b88ca1c3790c65`
VirtualSize	`0x120`
VirtualAddress	`0x15000`
SizeOfRawData	`0x200`
PointerToRawData	`0xd200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.4511`

/80

MD5	`e59ce4f085c0fa49535951c5816f5673`
SHA1	`7aad71a01cae55ec1960758c3ddf745798467000`
SHA256	`1c80412135cc373a3b841777da77abe4177987ed15f3a2d31cf64589a83776e6`
SHA3	`2daf5302f4302431cce0e19fcb473fb26fecc94a789a36085ff95cee40887f86`
VirtualSize	`0x43ff`
VirtualAddress	`0x16000`
SizeOfRawData	`0x4400`
PointerToRawData	`0xd400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.39637`

.stub

MD5	`3b0c613e727cb10481710f490ca05a7a`
SHA1	`b1ae2a76bdfd7b8747900694a8356d4f61e198f4`
SHA256	`eda2c62a4b37e38398c66564f22dfd04a10f394cbedc6bc9d06350abcd3882ca`
SHA3	`e618137c4703c8b27091d3f6f84ea8d0442260aaecc51e9705651b81a696e683`
VirtualSize	`0x13600`
VirtualAddress	`0x1b000`
SizeOfRawData	`0x13600`
PointerToRawData	`0x11800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.04792`

Imports

api-ms-win-crt-stdio-l1-1-0.dll	`__acrt_iob_func` `__p__commode` `__p__fmode` `__stdio_common_vfprintf` `__stdio_common_vfscanf` `puts`
api-ms-win-crt-runtime-l1-1-0.dll	`__p___argc` `__p___argv` `_cexit` `_configure_narrow_argv` `_crt_atexit` `_exit` `_initialize_narrow_environment` `_initterm` `_initterm_e` `_set_app_type` `_set_invalid_parameter_handler` `abort` `exit` `signal`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `calloc` `free` `malloc`
api-ms-win-crt-private-l1-1-0.dll	`memcmp` `memcpy`
api-ms-win-crt-string-l1-1-0.dll	`memset` `strlen` `strncmp`
KERNEL32.dll	`DeleteCriticalSection` `EnterCriticalSection` `GetLastError` `InitializeCriticalSection` `LeaveCriticalSection` `SetUnhandledExceptionFilter` `Sleep` `TlsGetValue` `VirtualProtect` `VirtualQuery`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-environment-l1-1-0.dll	`__p__environ`

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Aug-26 04:37:19
Version	`0.0`
SizeofData	`25`
AddressOfRawData	`0x401c`
PointerToRawData	`0x281c`

TLS Callbacks

Load Configuration

Size	`0xbc`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0`
SEHandlerTable	`0`
SEHandlerCount	`0`

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Tried to read outside the COFF string table to get the name of section /18!
[*] Warning: Tried to read outside the COFF string table to get the name of section /31!
[*] Warning: Tried to read outside the COFF string table to get the name of section /43!
[*] Warning: Tried to read outside the COFF string table to get the name of section /55!
[*] Warning: Tried to read outside the COFF string table to get the name of section /66!
[*] Warning: Tried to read outside the COFF string table to get the name of section /80!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF String Table's reported size is bigger than the remaining bytes!
[*] Warning: Please edit the configuration file with your VirusTotal API key.
[!] Error: Could not load yara_rules/bitcoin.yara!
[!] Error: Could not load yara_rules/monero.yara!
[!] Error: Could not load yara_rules/compilers.yara!
[!] Error: Could not load yara_rules/findcrypt.yara!
[!] Error: Could not load yara_rules/suspicious_strings.yara!
[!] Error: Could not load yara_rules/domains.yara!
[!] Error: Could not load yara_rules/peid.yara!