Manalyze report for c794f4ba9e51f999050716cf8dc25df0

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2024-Apr-27 00:07:25
Detected languages	English - United States
TLS Callbacks	1 callback(s) detected.
CompanyName	www.koala.com
FileDescription	Koala app
FileVersion	`6.31.4`
LegalCopyright	Copyright (C) 2011-2024 Koalancha
OriginalFilename	koala.exe
ProductName	Koala
ProductVersion	`6.31.4`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: koala.com www.koala.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses constants related to Blowfish` `Uses constants related to base58` `Uses known Diffie-Helman primes` `Uses known Mersenne Twister constants` `Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found: _RANDOMX` `Unusual section name found: _TEXT_CN` `Unusual section name found: _TEXT_CN`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryW LoadLibraryExW LoadLibraryExA` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Uses Microsoft's cryptographic API: CryptEnumProvidersW CryptSignHashW CryptDestroyHash CryptCreateHash CryptDecrypt CryptExportKey CryptGetUserKey CryptGetProvParam CryptSetHashParam CryptDestroyKey CryptReleaseContext CryptAcquireContextW` `Can create temporary files: CreateFileW CreateFileA GetTempPathW` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc` `Leverages the raw socket API to access the Internet: WSASetLastError send recv ntohs htons htonl inet_addr inet_ntoa gethostbyaddr WSAGetLastError WSAIoctl gethostbyname WSARecvFrom WSASocketW WSASend WSARecv gethostname WSADuplicateSocketW getpeername FreeAddrInfoW GetAddrInfoW shutdown socket setsockopt listen connect closesocket bind WSACleanup WSAStartup select getsockopt getsockname ioctlsocket getservbyname getservbyport` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Interacts with services: CreateServiceW QueryServiceStatus OpenSCManagerW QueryServiceConfigA DeleteService ControlService OpenServiceW` `Enumerates local disk drives: GetDriveTypeW` `Interacts with the certificate store: CertOpenStore`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`c794f4ba9e51f999050716cf8dc25df0`
SHA1	`78cc2758096536e319fcd8245fcf5bc0555ec198`
SHA256	`d3e0d89782a065d11b8cd4b3aca617201901fc27ecef13c516fa2f4559eff10a`
SHA3	`bccecb80d986cae5dd9d4be37da4d1012cc6917a72b1f863338474e88ba896d5`
SSDeep	`98304:VaekNkONEyX+rMsNv33xW+LNnC16QxXVkIl+Dbs3hT0u8YesNIBm4vk7fGw/VJz:V6kXyCbs3hT98iYm4v+XNJz`
Imports Hash	`8a0d1b9b9d9e05fac54ce8d93601b26c`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x120`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`10`
TimeDateStamp	2024-Apr-27 00:07:25
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x41f800`
SizeOfInitializedData	`0x49b000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000003E686C (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x8c1000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`1cb83e72d2dcee3973d8a5f5ae740e44`
SHA1	`c57410f48f48998761e5b65221ba670dcc285df3`
SHA256	`a963f62ab05c197287abb647b7ddab608a35026a73658de0f124e7d710f52056`
SHA3	`42b1803dd92ce983bdf5f2d97b6e92e2562c90e7446d29f64b9bffb4df6f39e9`
VirtualSize	`0x41f7e4`
VirtualAddress	`0x1000`
SizeOfRawData	`0x41f800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.5255`

.rdata

MD5	`441ab3daf809bbb10fd085b0da01b0cc`
SHA1	`77a0b38e1941b96fc8a7484f1a0a80270d87b90b`
SHA256	`f36d21ed7d890a82fb7f78bd1716d1b0c51b76282f15e9ab7104215e4ea9bfb9`
SHA3	`1efa16f2a82577c3fd1655f5d25f36fb5abb0e040e20f95dd4265337e697ce3e`
VirtualSize	`0x1a257e`
VirtualAddress	`0x421000`
SizeOfRawData	`0x1a2600`
PointerToRawData	`0x41fc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.16215`

.data

MD5	`40c2783983a5684d9f70be5e655a621b`
SHA1	`62c9875724f0a27b0f2fe28d407f3468cf54beea`
SHA256	`491fbe4da456535583d4f087313b3b43baa148270e6e105ddc06fa6dba2ba57f`
SHA3	`3a42d46f24f6d1add7a12326465dd04388f1060c3a35d127ce415350e31aa34b`
VirtualSize	`0x2af474`
VirtualAddress	`0x5c4000`
SizeOfRawData	`0x10200`
PointerToRawData	`0x5c2200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.01333`

.pdata

MD5	`2d0da547854e65253acabee20a6f14a5`
SHA1	`eb6f8114acf15285f9b1a3616ebc292e02dad21e`
SHA256	`8534977a5ee38b91e6cd6cd47832680d759b9155a96aff97467ebd5f9b78f9f3`
SHA3	`f95431930a77574fd41bc095e8981c5c4473c98fad49d76b05c051e3e82094cb`
VirtualSize	`0x2a720`
VirtualAddress	`0x874000`
SizeOfRawData	`0x2a800`
PointerToRawData	`0x5d2400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.32253`

_RANDOMX

MD5	`9ee63642b94966ecb630ee0843e46b26`
SHA1	`11bd5b6446d56158259a24b938f7c4959bd56e21`
SHA256	`a0e8dcaf970131535f4e5292a291692b43dc1fe5112d3fa7540a851de29664ea`
SHA3	`3340b30c98f35504dbecd4eff4680013fe534c1f1e5df6ea50f6fe41274e85ff`
VirtualSize	`0xc56`
VirtualAddress	`0x89f000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x5fcc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.68241`

_TEXT_CN

MD5	`afea7882aa31e5987db2f12b8933de56`
SHA1	`91d62ae67c7e250650c5d785cffb0a794da2f085`
SHA256	`22da176111a6792ee42e810c4381316e710e95c28567224e7c5b5d4d703400fe`
SHA3	`45f964cd6a8a2b7d2570bc7d428bc928e75fa4ee11032f599a5f7f02435d9ed3`
VirtualSize	`0x26d1`
VirtualAddress	`0x8a0000`
SizeOfRawData	`0x2800`
PointerToRawData	`0x5fda00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.07727`

_TEXT_CN (#2)

MD5	`409bf3f918f2402291cb56c2e9354b47`
SHA1	`4992a8b9c3e33a7f8659bd20066f907134f7c337`
SHA256	`97edf367117028c754aed0c10748bfa55d73a87af588af16d5b24610e1652b08`
SHA3	`a8379e211aa90421ff01b9567092fde1be282d339ea986b42067baed4539be96`
VirtualSize	`0x1184`
VirtualAddress	`0x8a3000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x600200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.04792`

_RDATA

MD5	`5802f1620694037868d54524ed7f1963`
SHA1	`68d3da4a500cc0fa0f597c4e7dcbc56c93bf3e4b`
SHA256	`6a14f9e5eece2ccd365db5caac99922fe8202039bd07b19592661a081579efa9`
SHA3	`c88a36c24e2a1903a1beed4dfb3a9e7d028f5e5acb88a2aaaf3ccfd0b215efbd`
VirtualSize	`0x1f4`
VirtualAddress	`0x8a5000`
SizeOfRawData	`0x200`
PointerToRawData	`0x601400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.20944`

.rsrc

MD5	`33034766f9e762def678c0bc56403f59`
SHA1	`2b56be8926c726741c21725d683351afd25d7d6d`
SHA256	`95dbba3029d57164e7ea8e8277903a7478b2c9d463445ec779191f6cf77a8356`
SHA3	`fc6695771c233939b1a502025b062d0c9cf9d963c1df65f60500c1e578e9685d`
VirtualSize	`0xead0`
VirtualAddress	`0x8a6000`
SizeOfRawData	`0xec00`
PointerToRawData	`0x601600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.31059`

.reloc

MD5	`26aed52d68d3eafaa2e4aecd9c48bca0`
SHA1	`37eada391bc92e40e183af01397bca0eaf4cd7b1`
SHA256	`c157e1e89e135264a09c1885da45d6c2134a63bc3a2cc098abd5b820dd2ea5cf`
SHA3	`05ba14c766280d63d1b8ab9551380e8a112985491de565370f33c9a297cba898`
VirtualSize	`0xb558`
VirtualAddress	`0x8b5000`
SizeOfRawData	`0xb600`
PointerToRawData	`0x610200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.45287`

Imports

WS2_32.dll	`WSASetLastError` `send` `recv` `ntohs` `htons` `htonl` `inet_addr` `inet_ntoa` `gethostbyaddr` `WSAGetLastError` `WSAIoctl` `gethostbyname` `WSARecvFrom` `WSASocketW` `WSASend` `WSARecv` `gethostname` `WSADuplicateSocketW` `getpeername` `FreeAddrInfoW` `GetAddrInfoW` `shutdown` `socket` `setsockopt` `listen` `connect` `closesocket` `bind` `WSACleanup` `WSAStartup` `select` `getsockopt` `getsockname` `ioctlsocket` `getservbyname` `getservbyport`
IPHLPAPI.DLL	`GetAdaptersAddresses`
USERENV.dll	`GetUserProfileDirectoryW`
CRYPT32.dll	`CertFreeCertificateContext` `CertFindCertificateInStore` `CertEnumCertificatesInStore` `CertCloseStore` `CertOpenStore` `CertGetCertificateContextProperty` `CertDuplicateCertificateContext`
KERNEL32.dll	`RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `WriteConsoleW` `SetConsoleTitleA` `GetStdHandle` `SetConsoleMode` `GetConsoleMode` `QueryPerformanceFrequency` `QueryPerformanceCounter` `SizeofResource` `LockResource` `LoadResource` `FindResourceW` `ExpandEnvironmentStringsA` `GetConsoleWindow` `GetSystemFirmwareTable` `HeapFree` `HeapAlloc` `GetProcessHeap` `MultiByteToWideChar` `SetPriorityClass` `GetCurrentProcess` `SetThreadPriority` `GetSystemPowerStatus` `GetCurrentThread` `GetProcAddress` `GetModuleHandleW` `GetTickCount` `CloseHandle` `FreeConsole` `VirtualProtect` `VirtualFree` `VirtualAlloc` `GetLargePageMinimum` `LocalAlloc` `GetLastError` `LocalFree` `FlushInstructionCache` `GetCurrentThreadId` `AddVectoredExceptionHandler` `DeviceIoControl` `GetModuleFileNameW` `CreateFileW` `SetLastError` `GetSystemTime` `SystemTimeToFileTime` `GetModuleHandleExW` `Sleep` `InitializeSRWLock` `ReleaseSRWLockExclusive` `ReleaseSRWLockShared` `AcquireSRWLockExclusive` `AcquireSRWLockShared` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `GetSystemInfo` `SwitchToFiber` `DeleteFiber` `CreateFiberEx` `FindClose` `FindFirstFileW` `FindNextFileW` `WideCharToMultiByte` `GetSystemDirectoryA` `FreeLibrary` `LoadLibraryA` `FormatMessageA` `GetFileType` `WriteFile` `GetEnvironmentVariableW` `GetACP` `ConvertFiberToThread` `ConvertThreadToFiberEx` `GetCurrentProcessId` `GetSystemTimeAsFileTime` `LoadLibraryW` `ReadConsoleA` `ReadConsoleW` `PostQueuedCompletionStatus` `CreateFileA` `DuplicateHandle` `SetEvent` `ResetEvent` `WaitForSingleObject` `CreateEventA` `QueueUserWorkItem` `RegisterWaitForSingleObject` `UnregisterWait` `GetNumberOfConsoleInputEvents` `ReadConsoleInputW` `FillConsoleOutputCharacterW` `FillConsoleOutputAttribute` `GetConsoleCursorInfo` `SetConsoleCursorInfo` `GetConsoleScreenBufferInfo` `SetConsoleCursorPosition` `SetConsoleTextAttribute` `WriteConsoleInputW` `CreateDirectoryW` `FlushFileBuffers` `GetDiskFreeSpaceW` `GetFileAttributesW` `GetFileInformationByHandle` `SetUnhandledExceptionFilter` `IsProcessorFeaturePresent` `GetFullPathNameW` `ReadFile` `RemoveDirectoryW` `SetFilePointerEx` `SetFileTime` `MapViewOfFile` `FlushViewOfFile` `UnmapViewOfFile` `CreateFileMappingA` `ReOpenFile` `CopyFileW` `MoveFileExW` `CreateHardLinkW` `GetFileInformationByHandleEx` `CreateSymbolicLinkW` `TryAcquireSRWLockExclusive` `InitializeCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeConditionVariable` `WakeConditionVariable` `WakeAllConditionVariable` `SleepConditionVariableCS` `ReleaseSemaphore` `ResumeThread` `GetNativeSystemInfo` `GetProcessAffinityMask` `SetThreadAffinityMask` `CreateSemaphoreA` `SetConsoleCtrlHandler` `RtlUnwind` `GetLongPathNameW` `GetShortPathNameW` `CreateIoCompletionPort` `ReadDirectoryChangesW` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetEnvironmentVariableW` `SetCurrentDirectoryW` `GetTempPathW` `GlobalMemoryStatusEx` `FileTimeToSystemTime` `K32GetProcessMemoryInfo` `SetHandleInformation` `CancelIoEx` `CancelIo` `SwitchToThread` `SetFileCompletionNotificationModes` `LoadLibraryExW` `SetErrorMode` `GetQueuedCompletionStatus` `ConnectNamedPipe` `SetNamedPipeHandleState` `PeekNamedPipe` `CreateNamedPipeW` `CancelSynchronousIo` `GetNamedPipeHandleStateA` `GetNamedPipeClientProcessId` `GetNamedPipeServerProcessId` `TerminateProcess` `GetExitCodeProcess` `UnregisterWaitEx` `LCMapStringW` `DebugBreak` `GetModuleHandleA` `LoadLibraryExA` `GetStartupInfoW` `GetModuleFileNameA` `GetVersionExA` `SetProcessAffinityMask` `GetComputerNameA` `RtlCaptureContext` `GetStringTypeW` `GetCPInfo` `CompareStringEx` `LCMapStringEx` `DecodePointer` `EncodePointer` `IsDebuggerPresent` `GetFinalPathNameByHandleW` `InitializeSListHead` `RtlUnwindEx` `RtlPcToFileHeader` `RaiseException` `InitializeCriticalSectionAndSpinCount` `SetStdHandle` `GetCommandLineA` `GetCommandLineW` `CreateThread` `ExitThread` `FreeLibraryAndExitThread` `GetDriveTypeW` `SystemTimeToTzSpecificLocalTime` `ExitProcess` `GetFileAttributesExW` `SetFileAttributesW` `GetConsoleOutputCP` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `CompareStringW` `GetLocaleInfoW` `IsValidLocale` `GetUserDefaultLCID` `EnumSystemLocalesW` `HeapReAlloc` `GetTimeZoneInformation` `HeapSize` `SetEndOfFile` `FindFirstFileExW` `IsValidCodePage` `GetOEMCP` `GetFileSizeEx` `GetCurrentDirectoryW` `InitializeCriticalSectionEx` `SleepConditionVariableSRW` `WaitForSingleObjectEx` `GetExitCodeThread`
USER32.dll	`GetLastInputInfo` `MessageBoxW` `GetProcessWindowStation` `TranslateMessage` `GetUserObjectInformationW` `ShowWindow` `DispatchMessageA` `GetSystemMetrics` `MapVirtualKeyW` `GetMessageA`
SHELL32.dll	`SHGetSpecialFolderPathA`
ole32.dll	`CoInitializeEx` `CoUninitialize` `CoCreateInstance`
ADVAPI32.dll	`SystemFunction036` `GetUserNameW` `ReportEventW` `RegisterEventSourceW` `DeregisterEventSource` `CryptEnumProvidersW` `CryptSignHashW` `CryptDestroyHash` `CryptCreateHash` `CryptDecrypt` `CryptExportKey` `CryptGetUserKey` `CryptGetProvParam` `CryptSetHashParam` `CryptDestroyKey` `CryptReleaseContext` `CryptAcquireContextW` `CreateServiceW` `QueryServiceStatus` `CloseServiceHandle` `OpenSCManagerW` `QueryServiceConfigA` `DeleteService` `ControlService` `StartServiceW` `OpenServiceW` `LookupPrivilegeValueW` `AdjustTokenPrivileges` `OpenProcessToken` `LsaOpenPolicy` `LsaAddAccountRights` `LsaClose` `GetTokenInformation`
bcrypt.dll	`BCryptGenRandom`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xaa0b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.77369`
Detected Filetype	PNG graphic file
MD5	`1455b312f622f0cf7e1f088cbd2d5f11`
SHA1	`2903f35b7ee02f7bb8828bb5d9db9651510f97cb`
SHA256	`d6b42c7b15c5a2113ebf6d6c123e834fdb9bd0ae90317935c24f64fd962b6897`
SHA3	`abc4e74bb996bccfec4e6631f2aabdb2b12632f788e9ff7f7adb29319a391f9c`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.78978`
MD5	`32fd63f2b2c4b339012a6d6146a59282`
SHA1	`18303678cce95df2e9a7ca882a381377bed1f0f1`
SHA256	`393a6a8a561dafa04e8e26e1284c7b3825c605f5af29d63d58fbef517e1bc592`
SHA3	`f96a93f5228b7183bb17a2d3584a806a510c4c010926cea0e2884474b7f726e8`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.6163`
MD5	`a63c6442c2ae762caad7fe587a487beb`
SHA1	`e59ada662682e9fca9ceca3dde4449df28546564`
SHA256	`4eeef38bad138c951815141c554b81d2993f344872d558f4c636cb57c549764d`
SHA3	`b1e7eb27f5b8649c1f5ab09093adf177435335bbf94a889e898296e353607cd7`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.68401`
MD5	`ba19677cc797efe004a30eefcceb723d`
SHA1	`d5c36ffb1aae054d5c9978d3dd3e6f19996843e4`
SHA256	`2a86089cd22773eee01b5765e808d3b97d656b4f7dabfa26830045c63818dc9e`
SHA3	`ceb3ec290bf6aa5e2e4490626af33a8ebfa85b05267ce57dc2e83a3c2615093a`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.44608`
Detected Filetype	Icon file
MD5	`93177e12cde9f7749717fa184407367c`
SHA1	`d3f78bdc5107b376e4e7c49b9aa803aa3b61405a`
SHA256	`4346348e65158c956fc7c9fcffb249c91efb761848980b04b33df15f14f3f8ef`
SHA3	`73bcae3113498139bd13574319f03e6e11f3a93375a8f9c4369854824a37a81f`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x288`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.37322`
MD5	`801d7a962e61f7cbc83c9476fce79126`
SHA1	`d7d9e478cee17f58894d1c76534ed8c3cb684e75`
SHA256	`557bce64df478a427690461f55470d72cce2e23b439041f5e3c32e4c9ec0a7ae`
SHA3	`3112a4dc2a99fb2da6ab8529952bc2964a12fdf95e492a9f57f7c04a339140fb`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	6.31.4.0
ProductVersion	6.31.4.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	www.koala.com
FileDescription	Koala app
FileVersion (#2)	6.31.4
LegalCopyright	Copyright (C) 2011-2024 Koalancha
OriginalFilename	koala.exe
ProductName	Koala
ProductVersion (#2)	6.31.4

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2024-Apr-27 00:07:25
Version	`0.0`
SizeofData	`1216`
AddressOfRawData	`0x590728`
PointerToRawData	`0x58f328`

TLS Callbacks

StartAddressOfRawData	`0x140590c30`
EndAddressOfRawData	`0x140590c58`
AddressOfIndex	`0x140860304`
AddressOfCallbacks	`0x140421df8`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`0x00000001403E6594`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1405ca140`

RICH Header

XOR Key	`0xd6a46f06`
Unmarked objects	`0`
ASM objects (30795)	`7`
C++ objects (30795)	`204`
Unmarked objects (#2)	`1`
C objects (33218)	`19`
ASM objects (33218)	`18`
C++ objects (33218)	`98`
C objects (30795)	`22`
C objects (33523)	`18`
Total imports	`386`
Imports (30795)	`23`
C objects (30154)	`800`
C++ objects (LTCG) (33523)	`264`
ASM objects (33523)	`3`
Resource objects (33523)	`1`
151	`1`
Linker (33523)	`1`

c794f4ba9e51f999050716cf8dc25df0

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

_RANDOMX

_TEXT_CN

_TEXT_CN (#2)

_RDATA

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

101

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors