Manalyze report for cd7b7799830eedfd770ff21db7a5610c

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Jun-27 22:41:25

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: components.widgets.info qfluentwidgets.components.widgets.info widgets.info`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: GetTempPathW CreateFileW` `Functions related to the privilege level: OpenProcessToken` `Enumerates local disk drives: GetDriveTypeW`
Suspicious	The file contains overlay data.	`7549770 bytes of data starting at offset 0x73a00.` `The overlay data has an entropy of 7.99949 and is possibly compressed or encrypted.` `Overlay data amounts for 94.0972% of the executable.`
Malicious	VirusTotal score: 10/71 (Scanned on 2024-10-02 11:34:23)	`APEX: Malicious` `AVG: Win64:PUP-gen [PUP]` `Avast: Win64:PUP-gen [PUP]` `Bkav: W64.AIDetectMalware` `Cynet: Malicious (score: 100)` `Elastic: malicious (high confidence)` `FireEye: Generic.mg.cd7b7799830eedfd` `SentinelOne: Static AI - Suspicious PE` `Skyhigh: BehavesLike.Win64.Agent.wc` `Zillya: Backdoor.Agent.Win32.94723`

Hashes

MD5	`cd7b7799830eedfd770ff21db7a5610c`
SHA1	`83f3e507a0ab73d5d524992cf98325debfc10855`
SHA256	`d9433f264a3d6ed84ac3c43916d8a044a2a4a3405cc5881bd5e102d4df3adc39`
SHA3	`2ee0947760d933efd9d138e9671c5ffb9ff5fb59fc7092b1958337154939dcfc`
SSDeep	`196608:Qv0lR/UniMsQXXjWTvvy0D4FXJL0tw5m81RnsM19K:9vgrs2jWT3y0DIL0aBRnsMfK`
Imports Hash	`2ac23c52e7647c5bbea38e98bb68c652`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2024-Jun-27 22:41:25
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x29000`
SizeOfInitializedData	`0x4a600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000000BE20 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x7e000`
SizeOfHeaders	`0x400`
Checksum	`0x7a8797`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x1e8480`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`de5b7deeb13436557c4ba84aa3d5b3fb`
SHA1	`9af3ac31c4802ba52e00e68c4efbcd5859303d64`
SHA256	`10cce597a4e765da3fbf104bea15ff9de160f62ad6f7433a8926bae52c9a7b2d`
SHA3	`c76acd9408791a0deb6e9167a5f54a3d443e737eaa125f423459f15a671de9f3`
VirtualSize	`0x28f60`
VirtualAddress	`0x1000`
SizeOfRawData	`0x29000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.4824`

.rdata

MD5	`3fc3391a7210ea38b4e6ffea62c797f4`
SHA1	`06906be7a68fbf2bdb8f873796aa6f296b78f795`
SHA256	`201dd60da22f1ebbd4c6eaafa34a20696ff5796bd6d56611f7aa659ab9c31199`
SHA3	`824d2cda34faf7ed88cd8e8290f6f3f0175db515515522512a3e428a5c1fea09`
VirtualSize	`0x12510`
VirtualAddress	`0x2a000`
SizeOfRawData	`0x12600`
PointerToRawData	`0x29400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.76084`

.data

MD5	`8013c58834a08435a779ff436ff10eb7`
SHA1	`bff1deccf2bdd1c4b6294184e2b6564d9c40d705`
SHA256	`ff6c19e9e35ada39779fc4e36f1705569a20fa663bf8828270228b9f4ab6a567`
SHA3	`b09f348176c11795f25541fe04ad50c956c579927f4e4b83f4800143898b2869`
VirtualSize	`0x73c8`
VirtualAddress	`0x3d000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x3ba00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.83468`

.pdata

MD5	`d16e38966953c987eb484ac72e115d6c`
SHA1	`1bc2eed6b0b5934232bd6fba9ae488d704d64c3b`
SHA256	`5bd5a50c0eacf4d435c0c6cb244f580fab75fa7125bc020cea8bd993664571de`
SHA3	`77da4bce961707504bc6cdf7f80078401f3797f91a71dc0e4d09ae75cd0d5752`
VirtualSize	`0x21c0`
VirtualAddress	`0x45000`
SizeOfRawData	`0x2200`
PointerToRawData	`0x3c800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.42765`

.rsrc

MD5	`e6589978f8c588b396616574b0d6ad4b`
SHA1	`39f11bf1a80ee3b5d424d472061808bc02db9709`
SHA256	`4fafb04d207dd6b22231126b7bced64100ff04e698d27c7dd7669d41ece0ff41`
SHA3	`8eb3d4d3fa01be871c68c3b6fa75aee3afdbbaf7a537c09a7e3291d085f62053`
VirtualSize	`0x34774`
VirtualAddress	`0x48000`
SizeOfRawData	`0x34800`
PointerToRawData	`0x3ea00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.17301`

.reloc

MD5	`be4464056c7d34453c1e26c7294816ee`
SHA1	`a786e82ae4489b2b15a68a21fa49d6179643a699`
SHA256	`c48c2a069e2d53d5a2b023bc5e37d290ff3f92d9d52545d4b5eadd8ccdc4d652`
SHA3	`5023c3320f690d55a71556759f90805ed711be3d6b4e64f646f20c5af5455e2a`
VirtualSize	`0x768`
VirtualAddress	`0x7d000`
SizeOfRawData	`0x800`
PointerToRawData	`0x73200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.28498`

Imports

USER32.dll	`CreateWindowExW` `PostMessageW` `GetMessageW` `MessageBoxW` `MessageBoxA` `SystemParametersInfoW` `DestroyIcon` `SetWindowLongPtrW` `GetWindowLongPtrW` `GetClientRect` `InvalidateRect` `ReleaseDC` `GetDC` `DrawTextW` `GetDialogBaseUnits` `EndDialog` `DialogBoxIndirectParamW` `MoveWindow` `SendMessageW`
COMCTL32.dll	`#380`
KERNEL32.dll	`GetACP` `IsValidCodePage` `GetStringTypeW` `GetFileAttributesExW` `SetEnvironmentVariableW` `FlushFileBuffers` `GetCurrentDirectoryW` `GetOEMCP` `GetCPInfo` `GetModuleHandleW` `MulDiv` `GetLastError` `FormatMessageW` `GetModuleFileNameW` `SetDllDirectoryW` `CreateSymbolicLinkW` `GetProcAddress` `CreateDirectoryW` `GetCommandLineW` `GetEnvironmentVariableW` `GetEnvironmentStringsW` `DeleteFileW` `FindClose` `FindFirstFileW` `FindNextFileW` `GetDriveTypeW` `RemoveDirectoryW` `GetTempPathW` `CloseHandle` `WaitForSingleObject` `Sleep` `GetCurrentProcess` `GetExitCodeProcess` `CreateProcessW` `GetStartupInfoW` `FreeLibrary` `LoadLibraryExW` `LocalFree` `SetConsoleCtrlHandler` `CreateFileW` `FindFirstFileExW` `GetFinalPathNameByHandleW` `MultiByteToWideChar` `WideCharToMultiByte` `FreeEnvironmentStringsW` `GetProcessHeap` `GetTimeZoneInformation` `HeapSize` `HeapReAlloc` `WriteConsoleW` `SetEndOfFile` `ExpandEnvironmentStringsW` `QueryPerformanceCounter` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `TerminateProcess` `IsProcessorFeaturePresent` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `RtlUnwindEx` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `EncodePointer` `RaiseException` `RtlPcToFileHeader` `GetCommandLineA` `GetFileInformationByHandle` `GetFileType` `PeekNamedPipe` `SystemTimeToTzSpecificLocalTime` `FileTimeToSystemTime` `ReadFile` `GetFullPathNameW` `SetStdHandle` `GetStdHandle` `WriteFile` `ExitProcess` `GetModuleHandleExW` `HeapFree` `GetConsoleMode` `ReadConsoleW` `SetFilePointerEx` `GetConsoleOutputCP` `GetFileSizeEx` `HeapAlloc` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `CompareStringW` `LCMapStringW`
ADVAPI32.dll	`OpenProcessToken` `GetTokenInformation` `ConvertStringSecurityDescriptorToSecurityDescriptorW` `ConvertSidToStringSidW`
GDI32.dll	`SelectObject` `DeleteObject` `CreateFontIndirectW`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x34168`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.1325`
MD5	`00072406706d3a38548177546fd08e3f`
SHA1	`6d728b9b4e83129707c487d6063f2eec782639e1`
SHA256	`a3972f389412efb6e32662377d47a4b0e4185c255b36e1573f3ecbbdd7e80700`
SHA3	`6f06b24eb7ba31749d58cb4c1be329ef6a7836621c35d4fbe698174415ecc216`

1 (#2)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Icon file
MD5	`5a6a7f7da123bd544e4568956430456a`
SHA1	`df2a41e76374e29fbc10a6c5c74ba0d284c505ac`
SHA256	`dc67bf286e9aca3667178a1e2f2ebd0feead16a0a699ea62d1f938009161c1a8`
SHA3	`69fac02d18655f62d9f1b70f04442c12b4f831e035cb399f8b09eee39da89a48`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x50d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.25791`
MD5	`84da8dee6b319ea0b10b6de5489c6aae`
SHA1	`5f8991f3e065fd95614859a293f88b9c70e4bb23`
SHA256	`abf8f2022f12f350789d961aceaf9ccfd53e7ec58d8c9934cfce77779b4eac11`
SHA3	`08f0562915b54bedce5a84e9d32cb2efcc538268785103b1852338e20a3b4606`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2024-Jun-27 22:41:25
Version	`0.0`
SizeofData	`796`
AddressOfRawData	`0x39174`
PointerToRawData	`0x38574`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14003d040`
GuardCFCheckFunctionPointer	`5368882240`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x70636856`
Unmarked objects	`0`
ASM objects (30795)	`7`
C++ objects (30795)	`180`
C objects (30795)	`10`
253 (33731)	`3`
ASM objects (33731)	`9`
C objects (33731)	`17`
C++ objects (33731)	`40`
Imports (30795)	`11`
Total imports	`143`
C objects (33811)	`25`
Linker (33811)	`1`

cd7b7799830eedfd770ff21db7a5610c

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

1

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors