c6bf01d8129ae714404bf4c39175a862d1ae17c116ca180cf9c2a3ffc208af13

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1970-Jan-01 00:00:00
TLS Callbacks 2 callback(s) detected.
Debug artifacts Embedded COFF debugging symbols

Plugin Output

Suspicious PEiD Signature: HQR data file
Suspicious The PE is possibly packed. Unusual section name found: .xdata
Unusual section name found: /4
Unusual section name found: /19
Unusual section name found: /31
Unusual section name found: /45
Unusual section name found: /57
Unusual section name found: /70
Unusual section name found: /81
Unusual section name found: /92
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
  • LoadLibraryW
Functions which can be used for anti-debugging purposes:
  • SwitchToThread
Memory manipulation functions often used by packers:
  • VirtualAlloc
  • VirtualProtect
Info The PE is digitally signed. Signer: www.pakistani.org
Issuer: www.pakistani.org
Malicious VirusTotal score: 17/70 (Scanned on 2026-07-01 03:41:04) AhnLab-V3: Trojan/Win.Generic.R773315
Bkav: W32.Malware.8F251ADB
CrowdStrike: win/malicious_confidence_90% (D)
ESET-NOD32: Win64/GenKryptik.HRGN trojan
Elastic: malicious (high confidence)
Fortinet: W64/GenKryptik.HRGN!tr
Google: Detected
Ikarus: Trojan.WinGo.Crypt
Kaspersky: UDS:Backdoor.Win64.Gsb.ckq
Malwarebytes: Trojan.Loader
McAfeeD: Trojan:Win/Dllhijack.EAT
Microsoft: Trojan:Win32/Malgent
Rising: Trojan.Kryptik!8.8 (TFE:6:nlUeWyQgXpI)
SentinelOne: Static AI - Suspicious PE
Symantec: ML.Attribute.HighConfidence
Tencent: Backdoor.Win64.Gsb.16004167
Varist: W64/Agent.MMK.gen!Eldorado

Hashes

MD5 d5dd27ae5148c9f32996ac09d58090d7
SHA1 84e0c82febd808dbe2551792f0093ae0d7fc6a08
SHA256 c6bf01d8129ae714404bf4c39175a862d1ae17c116ca180cf9c2a3ffc208af13
SHA3 02b74055089c0935c3fe742db2d374d9806206ebf597b438956c5a6c1b7825ca
SSDeep 24576:M7kd7LH+sjZVYJabce3Vo9eB/JD5zcZwvNnNkHmCEDxT0Yo42LwX6/u9U9Zz1u0:M7kFLdjZbplqkr4wFKFS9EU4s2+s
Imports Hash d8b31f8c03e0c76ff245ed05a15ffe6c

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 19
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0x355200
NumberOfSymbols 5210
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED

Image Optional Header

Magic PE32+
LinkerVersion 2.0
SizeOfCode 0x118c00
SizeOfInitializedData 0x31f000
SizeOfUninitializedData 0x4a000
AddressOfEntryPoint 0x0000000000001350 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x1e5ce0000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.1
ImageVersion 0.0
SubsystemVersion 6.1
Win32VersionValue 0
SizeOfImage 0x3a8000
SizeOfHeaders 0x600
Checksum 0x390fe3
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 6a1d1ec7842fe53b52dbf57a31687f25
SHA1 1e2c9419d1a10ca74f5119a68663f78ddb0575db
SHA256 87d76c58ef67e568ee05694c660c2d7b2965b0d5ce0c6d8604a61a0d29ffe19b
SHA3 27daf46cdc9b7c51050027c8e4f510be6a5201a06dacdea8c7c59eafa11788f5
VirtualSize 0x118c00
VirtualAddress 0x1000
SizeOfRawData 0x118c00
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.33807

.data

MD5 2a788463bbdeb8c4f88f4826590b08bf
SHA1 0cf6b1d9c1d46b8ecd3756594077318867b8e063
SHA256 d62a1d6fac7702731904325feb936f15a96c26badcb0f5a27dff17cfeb2f8fc2
SHA3 47ad1e3c0726d23fddc6cc6f81d4a9dbbcc640c1b6501ac4f11dfadeb1e3d7d4
VirtualSize 0xd700
VirtualAddress 0x11a000
SizeOfRawData 0xd800
PointerToRawData 0x119200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.13378

.rdata

MD5 08915bf0abae2d69bf8bc43f662240b1
SHA1 a0dad38f01f1fc7d5cd378dc3467f640ef5d8a82
SHA256 a7903824e39c37919855c13056d30ddf6f70548c5d780f2b49aa2b937304419c
SHA3 f798e6933d74f665e108340d6897e61cebe425e52fbc13fdae3beb4a3027b55b
VirtualSize 0x1edf00
VirtualAddress 0x128000
SizeOfRawData 0x1ee000
PointerToRawData 0x126a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.24713

.pdata

MD5 da3f919030b6af3053debd4ed9cea4cc
SHA1 89bf2bb19f1c15bebbad6fda773ef63dffab70bc
SHA256 5cdd5046d4839c2f34e6aa0762f99fd9afdefee57414982c7162216e11262181
SHA3 b77f97aed8a30112c1d2acbfaa8e6e8f622124a6c39a6e6f72719b7c7c064fa0
VirtualSize 0x52bc
VirtualAddress 0x316000
SizeOfRawData 0x5400
PointerToRawData 0x314a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.31107

.xdata

MD5 cd27f0e6ae6ff88c29943ae347627d3a
SHA1 61c50b3d96e4df185cb6e63e0173f35ff2800fe1
SHA256 ed0d5ea6779eabc2a684d090c9b5c13f3a9ad0ab83b9e6ca5998cba1956c95fc
SHA3 b602a0e96543fc6aa3c9425bec8c3e3c645e1440a7a8bed13de3e1556d661e84
VirtualSize 0x55c
VirtualAddress 0x31c000
SizeOfRawData 0x600
PointerToRawData 0x319e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.08901

.bss

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x49f20
VirtualAddress 0x31d000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata

MD5 3ee770e3d231f79d7e4feeaa631ffe39
SHA1 676a1b121019401190d46bfdc48c1f9476049f3e
SHA256 b3ed64ffa0e663420c27c4f2313e1fc7de8a13e3d5007e58b5bdfdb3c1fd2acf
SHA3 72a70c297617e3e43fc9fe9fe50cd9e9cd02128ad5c9177d23698d307e302099
VirtualSize 0x1b8
VirtualAddress 0x367000
SizeOfRawData 0x200
PointerToRawData 0x31a400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.56036

.idata

MD5 5a2ee9c934698e92ffa079d6714f242d
SHA1 50d85fd03cda8608c01d9198d110a7c90066058c
SHA256 039bb84e91513f34be153b9ec6733b05119ee08e136022aadeed82e77176cf7c
SHA3 cadf210596cdc9dfa24df4a119209556575edbf5829d6f2f47d5efaca57c243a
VirtualSize 0xc2c
VirtualAddress 0x368000
SizeOfRawData 0xe00
PointerToRawData 0x31a600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.11423

.CRT

MD5 17c2869926d3833a596d32b4857b9970
SHA1 2e7e976baf38979f11ee20979f8123536e3520b9
SHA256 7e6beccc9d1a6366ec220d403043389459971cd9f433bc49dd303585a247b6d4
SHA3 e438d93e3211538897f805dfc90a2f9bf4c42fa88f8d29cdc2019f2232d91c92
VirtualSize 0x58
VirtualAddress 0x369000
SizeOfRawData 0x200
PointerToRawData 0x31b400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.258612

.tls

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x10
VirtualAddress 0x36a000
SizeOfRawData 0x200
PointerToRawData 0x31b600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.reloc

MD5 ad9dd6b5fae540062621e3137428b340
SHA1 c3b0b848e714f88686590fb6e805629d2121c94c
SHA256 1cee1999f5531332529efa43549dfaa3cf3d8f8387349c3a6f3ab472193cc1e5
SHA3 3a15aa6891dada96f464341fa2350fc573f290448b03306598ca34a8527f73ef
VirtualSize 0x3c80
VirtualAddress 0x36b000
SizeOfRawData 0x3e00
PointerToRawData 0x31b800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.40915

/4

MD5 9e9d46466ab56990899c043a73ef6659
SHA1 9ffca81335dba9c14e39764ae7fac9b00ce9a2d2
SHA256 457553d5fcc1ebb56532337f8404e49bf204bb02aaff84e5e261451396694fd7
SHA3 c2bc3b1376fc1bb58f96fa2e841a78b5163ef8b1e9e3f93b9ab730e4b148f5bc
VirtualSize 0x6c0
VirtualAddress 0x36f000
SizeOfRawData 0x800
PointerToRawData 0x31f600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 1.72388

/19

MD5 fbcd134b436a598de5233d052b6761d2
SHA1 d58fa3ead704715f316c7b41aab33a0563161b7c
SHA256 b75b6704139187626b7a743f3099be82008ecc98811193290ca9f4f1fc5b3fca
SHA3 c2d0fb5902796f101cb466b377c01b4a1a8d3f2b69eda40e501ab11f99cd7564
VirtualSize 0x12a56
VirtualAddress 0x370000
SizeOfRawData 0x12c00
PointerToRawData 0x31fe00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.97484

/31

MD5 02016ae1efb636f79636a65f70165efe
SHA1 98030351e2b29af4d398601114260b0480b27144
SHA256 19a7d2280138465b9ee423a05ed5f9e2a635035cd9f8daf3c26be98b5029136b
SHA3 4d10eb032f45eb607a7999e896015d403984c8b00366f5f7c50cbe8516e3e1c1
VirtualSize 0x32c5
VirtualAddress 0x383000
SizeOfRawData 0x3400
PointerToRawData 0x332a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.714

/45

MD5 879d2cfa2cf8250e9971f4029f06f5ed
SHA1 aa89429b066bce1edc6edca65678fb453138cc5a
SHA256 783ff82dab0017637f4255c099b76e964362a3d166156e455feb7d0468866920
SHA3 7984764ef5926426a4d81b660ac314081cc92f6221ac925c3410f1ec34b63bde
VirtualSize 0x7dbe
VirtualAddress 0x387000
SizeOfRawData 0x7e00
PointerToRawData 0x335e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.44962

/57

MD5 a7f61dcc54cd41eef9e899780ab648ac
SHA1 d949fe99163b59bafa6c0463dcc77d5ccee9e75c
SHA256 5b8425b523d2c89d722485ce49a6e63c3fd1599bd2459c1b1d6561c5ced29a92
SHA3 5f6380e4ad55b06aeb3db10b141491be9275e16c91cb2bbdf4be939760b9157f
VirtualSize 0x2800
VirtualAddress 0x38f000
SizeOfRawData 0x2800
PointerToRawData 0x33dc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 3.71064

/70

MD5 76d0d9bc97bde6acc2ae8fdf02d98131
SHA1 a2b0477948ed608bbb53842e3a86a7c5e0753ce1
SHA256 a94a1251bb702a4ae31666502b0dd3986706254a439530683586dfbf322d718e
SHA3 0da576afbfb6032cdd7a2613ed336621ee8cbdd080a6ea143489885b7edfd69c
VirtualSize 0x83a
VirtualAddress 0x392000
SizeOfRawData 0xa00
PointerToRawData 0x340400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.51512

/81

MD5 70cc3dc6217bd7847853890b154111ab
SHA1 9b55332b4a2762a953f93b98e3de7becd44762ba
SHA256 8c0efc7a9753a2980f625b4d60983d623e401c15ee5c3bbdef690f42830dcd28
SHA3 cd9a386431357ef29e16b90056cafa9f7ed6d6a7115b9efd2e4680d1be517c99
VirtualSize 0x12d5d
VirtualAddress 0x393000
SizeOfRawData 0x12e00
PointerToRawData 0x340e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 2.68329

/92

MD5 11db53c01ba2d4c5e0480f4b9d1e6ba3
SHA1 9644ba235e7497bf70c34b86b7c2f69568cb5a13
SHA256 75ff021e4fdaca3504de876ccca09ebff41fbec56872603c548ff8fc48e4eb57
SHA3 2851d127e6cbe9aaf55387ab48260ac86ed7efb72d5a449e06164fb8c95b909f
VirtualSize 0x1590
VirtualAddress 0x3a6000
SizeOfRawData 0x1600
PointerToRawData 0x353c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 1.78704

Imports

KERNEL32.dll AddVectoredContinueHandler
AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateIoCompletionPort
CreateThread
CreateWaitableTimerExW
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FreeEnvironmentStringsW
GetConsoleMode
GetCurrentThreadId
GetEnvironmentStringsW
GetErrorMode
GetLastError
GetProcAddress
GetProcessAffinityMask
GetQueuedCompletionStatusEx
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetThreadContext
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
MultiByteToWideChar
PostQueuedCompletionStatus
RaiseFailFastException
ResumeThread
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetProcessPriorityBoost
SetThreadContext
SetWaitableTimer
Sleep
SuspendThread
SwitchToThread
TlsAlloc
TlsGetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WerGetFlags
WerSetFlags
WideCharToMultiByte
WriteConsoleW
WriteFile
msvcrt.dll ___lc_codepage_func
___mb_cur_max_func
__iob_func
_amsg_exit
_errno
_initterm
_lock
_unlock
abort
calloc
fputc
free
fwrite
localeconv
malloc
memcpy
memset
realloc
strerror
strlen
strncmp
vfprintf
wcslen

Delayed Imports

MpAllocMemory

Ordinal 1
Address 0x112f00

MpClientUtilExportFunctions

Ordinal 2
Address 0x112e80

MpConfigClose

Ordinal 3
Address 0x113040

MpConfigGetValue

Ordinal 4
Address 0x112f80

MpConfigGetValueAlloc

Ordinal 5
Address 0x113080

MpConfigInitialize

Ordinal 6
Address 0x113100

MpConfigOpen

Ordinal 7
Address 0x112fc0

MpConfigRegisterForNotifications

Ordinal 8
Address 0x112f40

MpConfigSetValue

Ordinal 9
Address 0x1130c0

MpConfigUninitialize

Ordinal 10
Address 0x112e40

MpConfigUnregisterNotifications

Ordinal 11
Address 0x113000

MpFreeMemory

Ordinal 12
Address 0x112ec0

_cgo_dummy_export

Ordinal 13
Address 0x3663b0

Version Info

TLS Callbacks

StartAddressOfRawData 0x1e604a000
EndAddressOfRawData 0x1e604a008
AddressOfIndex 0x1e6046e4c
AddressOfCallbacks 0x1e6049030
SizeOfZeroFill 0
Characteristics IMAGE_SCN_TYPE_REG
Callbacks 0x00000001E5DF85D0
0x00000001E5DF85A0

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4! [*] Warning: Tried to read outside the COFF string table to get the name of section /19! [*] Warning: Tried to read outside the COFF string table to get the name of section /31! [*] Warning: Tried to read outside the COFF string table to get the name of section /45! [*] Warning: Tried to read outside the COFF string table to get the name of section /57! [*] Warning: Tried to read outside the COFF string table to get the name of section /70! [*] Warning: Tried to read outside the COFF string table to get the name of section /81! [*] Warning: Tried to read outside the COFF string table to get the name of section /92! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: Section .bss has a size of 0!
Leave a comment

No comments yet.