c5ca0bff678edad332f627271a4f3b47

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2021-May-29 18:21:54
TLS Callbacks 2 callback(s) detected.

Plugin Output

Info Interesting strings found in the binary: Contains domain names:
  • .eq.github.com
  • .eq.runtime.net
  • eq.github.com
  • eq.runtime.net
  • github.com
  • golang.org
  • runtime.net
  • type..eq.github.com
  • type..eq.runtime.net
Info Cryptographic algorithms detected in the binary: Uses constants related to MD5
Uses constants related to SHA1
Uses constants related to SHA256
Uses constants related to SHA512
Uses constants related to AES
Suspicious The PE is possibly packed. Unusual section name found: .xdata
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
  • LoadLibraryW
Functions which can be used for anti-debugging purposes:
  • SwitchToThread
Memory manipulation functions often used by packers:
  • VirtualAlloc
  • VirtualProtect
Malicious VirusTotal score: 6/69 (Scanned on 2021-06-10 12:23:42) Cybereason: malicious.f678ed
APEX: Malicious
Sophos: Generic ML PUA (PUA)
DrWeb: Trojan.Siggen13.53324
Cynet: Malicious (score: 100)
Malwarebytes: Malware.AI.4251449620

Hashes

MD5 c5ca0bff678edad332f627271a4f3b47
SHA1 f68d1fd3bcd47969db044cba635bee73b9abcb3c
SHA256 8d4d4609f0ff5ed2d4516cac3cae5d31d7ed1f3eb4c78d66c37dd614168e902c
SHA3 828c91bdb7cb1c6382e6c467b2d94e6147a4f977a0a3ab14d0b922a825eabea0
SSDeep 24576:tW/Yo1fw1UxvGRzLg8oCjD83KE1QVhxoTy20gWo5fi:QQoe1MGRzLg8oCjwKE187oOp
Imports Hash 117a573cc4404f879c51e79307279fb4

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 11
TimeDateStamp 2021-May-29 18:21:54
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32+
LinkerVersion 2.0
SizeOfCode 0x10d800
SizeOfInitializedData 0x21aa00
SizeOfUninitializedData 0x4ae00
AddressOfEntryPoint 0x00000000000014E0 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.1
ImageVersion 0.0
SubsystemVersion 6.1
Win32VersionValue 0
SizeOfImage 0x26c000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 3ea8dab3cc2453deb6891491c24eaac7
SHA1 71f44010e42e3957e7197f25c8322d798c9b59e4
SHA256 592496c37fa0bd06c556871e30b068a2096137f292b65f9feeb3eff412b0ec9b
SHA3 4e9ff5bf211e11d4a7744473307394282e3239a55fb9d783818684d392d13597
VirtualSize 0x10d740
VirtualAddress 0x1000
SizeOfRawData 0x10d800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.99271

.data

MD5 e268a7ad8aa43485a17102bd691a6090
SHA1 1c58a187bab809e1e46595ced0281f638ad9aec5
SHA256 fed0d183c4887ab794ba50cd8c7277e4c0fd3bd2576e8c3f4655703b702d86eb
SHA3 bd6233ca2e466ea06966dcd15244a4e872523fa3af5f38c4eefa2d7b0d21a8c6
VirtualSize 0x1aa60
VirtualAddress 0x10f000
SizeOfRawData 0x1ac00
PointerToRawData 0x10dc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.6241

.rdata

MD5 484dd88a3fe2e3139d8d926fb28f92dd
SHA1 64f3e5ff38188c03e3ea23be73cb9a718a3929f8
SHA256 7a3a4310237368b359c0d5bbbb30c7ddebba77aa52b9fc582d2188c5035d2392
SHA3 ae88dcb6a63ac688f403f4b51c7b91c661b894724e8eb469b732a09dd402cb84
VirtualSize 0xe6e10
VirtualAddress 0x12a000
SizeOfRawData 0xe7000
PointerToRawData 0x128800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.15843

.pdata

MD5 cc5df7533f492db273855bce8d12741b
SHA1 89fc9248fefe382d1371f9bd7e3746245747e87a
SHA256 d39d7b531cc0222ce26e6ae76a8dae1a76f85b4d4919456d4300a6ce5a60150b
SHA3 db1b44c6364c91799179811dec2602e853c51d479a836997cc619744c2bd6fec
VirtualSize 0x324
VirtualAddress 0x211000
SizeOfRawData 0x400
PointerToRawData 0x20f800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.92897

.xdata

MD5 ef76013c72eb7888e7869244e363818a
SHA1 b8410779c4f83cc30237edddf680af4a36afc9eb
SHA256 ca598cf00bcecd0565d36ca67714c82c91d429ef98448c22d2de1cf4afb0b82d
SHA3 b65925941bd0c53b50fa7113e314290cb83c5363fddfac4a1f9c6924bb599caa
VirtualSize 0x284
VirtualAddress 0x212000
SizeOfRawData 0x400
PointerToRawData 0x20fc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.879

.bss

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x4ace4
VirtualAddress 0x213000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata

MD5 2ee0323a371d60c355ab8273e1d96050
SHA1 227bcaaf783f350ac6cd581909eb70b8702a7186
SHA256 a55b007476115c23fa76a0fafc22cb3e7c5c6b8656503bc5cbb96ba003e8fc82
SHA3 35497ca213fb5ca18d5a4520b6297a25c2b79e515b391f09c009a2d56942963a
VirtualSize 0x4e
VirtualAddress 0x25e000
SizeOfRawData 0x200
PointerToRawData 0x210000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.923136

.idata

MD5 c6ddfdb28da2dbb16483e644a7f9c502
SHA1 dd131d0624fa01dfef2debcbcad88892b18e6ac7
SHA256 6c960cf193b25f9bfba61ab4fa3f2cef4d3edcb82656865d666e00768c2af594
SHA3 a99cb0ddc2c1170b3a32f4bd88d71dae1f0a73575cce99c9116933035e394da8
VirtualSize 0xd80
VirtualAddress 0x25f000
SizeOfRawData 0xe00
PointerToRawData 0x210200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.9905

.CRT

MD5 1bfd23f1377307a896d44bdf431e90e6
SHA1 ca33c3e46d22fbac3f9c5ef46eb19caf1656769c
SHA256 0067a596d5bbf7c1dd29010dfd86dae55ed9ee7bd7e6e8674e1f529db1f1792e
SHA3 6e3ad8251da158bf76ddc4f0caad04421a984b55962bf0ac98e3cc7149436e3d
VirtualSize 0x68
VirtualAddress 0x260000
SizeOfRawData 0x200
PointerToRawData 0x211000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.280401

.tls

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x10
VirtualAddress 0x261000
SizeOfRawData 0x200
PointerToRawData 0x211200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.reloc

MD5 90a9157cbd7dab381d6c39c843e43dc0
SHA1 f135993d525e18273e5caad97e219ca7faf34ce4
SHA256 87e0ae0d3dfded1149ef5a27f13677e82bd9066899102820a1b1e438b53c6df5
SHA3 40ef7268e8968f189965cff45890db9eaec4101d7bc0c677c09911228c37d513
VirtualSize 0x99c4
VirtualAddress 0x262000
SizeOfRawData 0x9a00
PointerToRawData 0x211400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0

Imports

KERNEL32.DLL AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateIoCompletionPort
CreateThread
CreateWaitableTimerExW
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FreeEnvironmentStringsW
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetLastError
GetProcAddress
GetProcessAffinityMask
GetQueuedCompletionStatusEx
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
PostQueuedCompletionStatus
QueryPerformanceCounter
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetProcessPriorityBoost
SetThreadContext
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SuspendThread
SwitchToThread
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WriteConsoleW
WriteFile
__C_specific_handler
msvcrt.dll __getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthread
_cexit
_errno
_fmode
_initterm
_onexit
abort
calloc
exit
fclose
fopen
fprintf
free
fseek
fwrite
malloc
memcpy
signal
strlen
strncmp
vfprintf

Delayed Imports

_cgo_dummy_export

Ordinal 1
Address 0x25dcd0

Version Info

TLS Callbacks

StartAddressOfRawData 0x661000
EndAddressOfRawData 0x661008
AddressOfIndex 0x65d95c
AddressOfCallbacks 0x660040
SizeOfZeroFill 0
Characteristics IMAGE_SCN_TYPE_REG
Callbacks 0x000000000050D1B0
0x000000000050D180

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!
<-- -->