Manalyze report for bb44bfac4a340c8dccef4bc27a18379b

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	1970-Jan-01 00:00:00
Debug artifacts	Embedded COFF debugging symbols

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: /4` `Unusual section name found: /19` `Unusual section name found: /32` `Unusual section name found: /46` `Unusual section name found: /63` `Unusual section name found: /80` `Unusual section name found: /99` `Unusual section name found: /112` `Unusual section name found: /124` `Unusual section name found: .symtab`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA LoadLibraryW GetProcAddress` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Leverages the raw socket API to access the Internet: WSAGetOverlappedResult`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`bb44bfac4a340c8dccef4bc27a18379b`
SHA1	`27f9fa826d11e3040ccf5ce36aa4a3cd05324a1e`
SHA256	`e80076bf561928c3ad0f2aac959e88c30172289003466ba8ccf0db154ccc0b4a`
SHA3	`bd33015a9473968f4bbb597ef7e451488d826925d6e8c87fef7a7733294f6a54`
SSDeep	`24576:gixQ1c+QuQtm6Rpwz01aAR5gvNx1XnvL3vCaFYl97Tbkk:gix0PQuQtmCpwz01aWgvNx1XbPYlhl`
Imports Hash	`1c2a6fbef41572f4c9ce8acb5a63cde7`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0x4`
e_cparhdr	`0`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0x8b`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`14`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0x1ba400`
NumberOfSymbols	`3335`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`3.0`
SizeOfCode	`0x8d200`
SizeOfInitializedData	`0x13200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000052480 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x202000`
SizeOfHeaders	`0x600`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`8388aa6b78701f85c1c4c59000d145db`
SHA1	`5a8a4570e16aeea8fcd690123ec555e592c3701a`
SHA256	`06675f6885cd532f3ff0db8b3dd5b1dfa034c0690e7665a94ca5f8ee7d7337f3`
SHA3	`2e30112a290640731287f678b2b0054e07854a73f07999d33da3bbb0783de5ef`
VirtualSize	`0x8d173`
VirtualAddress	`0x1000`
SizeOfRawData	`0x8d200`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.86616`

.rdata

MD5	`34bef63d87247ca522e08e997f2112f3`
SHA1	`df7153d884c8627bbeed281cdd4dd86266d51170`
SHA256	`cdc704408fea282496b77fa75de6d8e89a130b96c29ed405310c881c901b867c`
SHA3	`8f2e15dcd08f88efa06897401497af98fe860b685db0e9bc7166052bc31ffe12`
VirtualSize	`0xb7b3a`
VirtualAddress	`0x8f000`
SizeOfRawData	`0xb7c00`
PointerToRawData	`0x8d800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.09417`

.data

MD5	`ba3b3df9678d299ffdab776ab1690ffe`
SHA1	`a35b582af6604da9a3d846909c68522227290a70`
SHA256	`70ff88f4a4c783f0198e6ac422e247c9cec5e1197e0d3244d975aba8d9de8e6a`
SHA3	`4216551e4db69205bf6437520e119e438c941c925bb9e6f19d0bf2a99c1b8942`
VirtualSize	`0x30bb8`
VirtualAddress	`0x147000`
SizeOfRawData	`0x13200`
PointerToRawData	`0x145400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.18464`

/4

MD5	`22b64d2fda5f7ecbbdeaa349e1ceee01`
SHA1	`72c8604af6367d669f6eea1062dc0f551cc85517`
SHA256	`d7d432bd92e4f643749c1eab81bbf7ec6e3b76affcd489039385c75050ef346a`
SHA3	`7f3b8c26b8dcb0a8f677e385f7914766478778ce7ec4dc121158e6b2c36b3246`
VirtualSize	`0x112`
VirtualAddress	`0x178000`
SizeOfRawData	`0x200`
PointerToRawData	`0x158600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.75112`

/19

MD5	`4ca015f199d1614c20e796fa4c42208b`
SHA1	`e811561ac140c01fd6cc0632829c5e24191f92b8`
SHA256	`b88144803b754737da4f19feb31d8c7946be15b70ad14169e68982dc5c957893`
SHA3	`e4c07c8ced279137c167893e167142c74b1ea40d9af484949c9bdf4ad03eef9b`
VirtualSize	`0x13011`
VirtualAddress	`0x179000`
SizeOfRawData	`0x13200`
PointerToRawData	`0x158800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.98778`

/32

MD5	`e0119d8b29c3726868017dc088acc661`
SHA1	`65b8dd313f708029e4ae136df18749a32f86bf9e`
SHA256	`6c5b8f87cc0ec21ea6a92e00b8f3567f78d40bc2532c0796ee120b34f79868a6`
SHA3	`a265f2c17e8da336c515d5571b257f745035df89b61a8f70f798518f349162a2`
VirtualSize	`0x5da5`
VirtualAddress	`0x18d000`
SizeOfRawData	`0x5e00`
PointerToRawData	`0x16ba00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.92501`

/46

MD5	`1454d7e9b06416606561dd0dd36af48d`
SHA1	`79efe31098634388342288ef9483b548ed1a2fc2`
SHA256	`39e17419dd6cb2706e568a692840628383e8119cf35dcc73956fb319a33b731b`
SHA3	`aebbe0fedec4fe32c3e755393731abaf746ad051383ec8bd3d2afc575cdb47fa`
VirtualSize	`0x2dfa`
VirtualAddress	`0x193000`
SizeOfRawData	`0x2e00`
PointerToRawData	`0x171800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.94558`

/63

MD5	`1a3c6ffbfb31279a01994159bf8d4e57`
SHA1	`bc142b1253459b8abe1412bff8b269f27e68d198`
SHA256	`eaf245bdc42e966cc4a489079f9d8ddee08d86ff6f5df4b284bc80528b3dc8ba`
SHA3	`ce3a4474aab5f5a76d5282d8a2a2cfc3bed2078edc8b5fc33024a383bf38c9c8`
VirtualSize	`0x2ff8`
VirtualAddress	`0x196000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x174600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.97473`

/80

MD5	`f541f01abd62e0d388f85f46cf0618cb`
SHA1	`df2c38eff0fbe289eab7bdd9e95c6c7103c38c87`
SHA256	`85d62c6215c2e346dd4473dadbcfec300ebcfd49ee76d43b0970c4ed80fafe35`
SHA3	`520597a6335584c01ed1c9b5574660853c7e50e10244d331c6ac09b9967e68ba`
VirtualSize	`0x22`
VirtualAddress	`0x199000`
SizeOfRawData	`0x200`
PointerToRawData	`0x177600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.621652`

/99

MD5	`fa20744177e6f2e4e62b83609c18ee3a`
SHA1	`5b9cdaff82acdf56ce9ab37186b4d8296cc734aa`
SHA256	`1c0ae6d741615c5023704757022ec90635d8ac773b0d176547b2b73b22363570`
SHA3	`bcd82a2011c5fb5bc63b6b1478d8e58e1fbb336d10f93b544e549ff986a8b133`
VirtualSize	`0x2a464`
VirtualAddress	`0x19a000`
SizeOfRawData	`0x2a600`
PointerToRawData	`0x177800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99557`

/112

MD5	`fe78f5890da6233e1ed20b25f6d476ae`
SHA1	`d67c132e43417b1417c74602a5f87a2a00b00bba`
SHA256	`b833c03d9baf9a7941257715e0af6afa7e2a9ad65b81e3c71fc95381f27e1b37`
SHA3	`e1a27df73e6365df95f0e2e59c327ab38df9aff807761cfeaa14257eb5adc74b`
VirtualSize	`0x11814`
VirtualAddress	`0x1c5000`
SizeOfRawData	`0x11a00`
PointerToRawData	`0x1a1e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.97732`

/124

MD5	`f69cc9aa2f6d32559bb4cc69165adead`
SHA1	`080a957543dd3b0b46a378a1892147e843d8208a`
SHA256	`a1d6a2e893c269a05884647cd2b3ea7118fa0107f42edb6f94fc964e4a8e3867`
SHA3	`7c34055abecd8dc854a1024dc4b355f2ef2299fc2df60bd2a2470b88a63bb5ab`
VirtualSize	`0x64d3`
VirtualAddress	`0x1d7000`
SizeOfRawData	`0x6600`
PointerToRawData	`0x1b3800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.76142`

.idata

MD5	`1a1d0d3b1785521cd3dc34bf6800f84f`
SHA1	`562796471bd2d92fe4890ede8ebd9cf425296d89`
SHA256	`22efe1d91bc8da010dcf18e7cbd8b3caad7126502931e134b2c8dfef42259fb6`
SHA3	`17564c8ecd8e7088b248ed19880e51af025ff4cf3deaf112b6f355a27c4b2caa`
VirtualSize	`0x416`
VirtualAddress	`0x1de000`
SizeOfRawData	`0x600`
PointerToRawData	`0x1b9e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.28933`

.symtab

MD5	`5f87af84b726444b6b252feaf0e6339d`
SHA1	`35717d223e8a2aa2994944f09366dd9244d2d373`
SHA256	`197d51adfe342f5659b0b6dc071d08516a3ed60c374187ea0e86262b094599a8`
SHA3	`adca8bf531a33cdebf1fdcfc25850c6e7bf0e78dc1908b748c18572a87da889d`
VirtualSize	`0x22d33`
VirtualAddress	`0x1df000`
SizeOfRawData	`0x22e00`
PointerToRawData	`0x1ba400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.18104`

Imports

winmm.dll	`timeEndPeriod` `timeBeginPeriod`
ws2_32.dll	`WSAGetOverlappedResult`
kernel32.dll	`WriteFile` `WriteConsoleW` `WaitForSingleObject` `VirtualQuery` `VirtualFree` `VirtualAlloc` `SwitchToThread` `SetWaitableTimer` `SetUnhandledExceptionFilter` `SetProcessPriorityBoost` `SetEvent` `SetErrorMode` `SetConsoleCtrlHandler` `LoadLibraryA` `LoadLibraryW` `GetSystemInfo` `GetStdHandle` `GetQueuedCompletionStatus` `GetProcessAffinityMask` `GetProcAddress` `GetEnvironmentStringsW` `GetConsoleMode` `FreeEnvironmentStringsW` `ExitProcess` `DuplicateHandle` `CreateThread` `CreateIoCompletionPort` `CreateEventA` `CloseHandle` `AddVectoredExceptionHandler`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Tried to read outside the COFF string table to get the name of section /19!
[*] Warning: Tried to read outside the COFF string table to get the name of section /32!
[*] Warning: Tried to read outside the COFF string table to get the name of section /46!
[*] Warning: Tried to read outside the COFF string table to get the name of section /63!
[*] Warning: Tried to read outside the COFF string table to get the name of section /80!
[*] Warning: Tried to read outside the COFF string table to get the name of section /99!
[*] Warning: Tried to read outside the COFF string table to get the name of section /112!
[*] Warning: Tried to read outside the COFF string table to get the name of section /124!