Manalyze report for cf48c63abacde7311b043d8a648403b7

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Jul-10 17:06:24
TLS Callbacks	2 callback(s) detected.

Plugin Output

Suspicious	PEiD Signature:	`HQR data file`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to internet browsers: IEXPLORE.EXE key3.db signons.sqlite` `May have dropper capabilities: CurrentVersion\Run` `Miscellaneous malware strings: VIRUS cmd.exe exploit` Contains domain names: .acme.com .example.org 2Fwww.facebook.com BeOpen.com Demos.PySimpleGUI.org HList.info Issues.PySimpleGUI.org PySimpleGUI.org TList.info a.b.c.com activestate.com addinfo.info apple.com blog.cryptographyengineering.com bugs.python.org business.facebook.com buymeacoffee.com cam.ac.uk cl.cam.ac.uk cloud.google.com code.activestate.com crummy.com cryptographyengineering.com cs.ucdavis.edu csrc.nist.gov curl.haxx.se demon.nl docs.python.org eGenix.com editor.org egenix.com en.wikipedia.org example.com example.net example.org facebook.com felt.demon.nl freedesktop.org ftp.python.org ftp://dkuug.dk github.com githubusercontent.com gmail.com google.com graph.facebook.com gustaebel.de here.my.org hg.python.org http://Demos.PySimpleGUI.org http://Issues.PySimpleGUI.org http://blog.cryptographyengineering.com http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html http://bugs.python.org http://bugs.python.org/issue14443z http://code.activestate.com http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/ http://csrc.nist.gov http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf http://curl.haxx.se http://curl.haxx.se/rfc/cookie_spec.html http://docs.python.org http://docs.python.org/3/library/subprocess#subprocess.Popen.kill http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode http://docs.python.org/3/library/subprocess#subprocess.Popen.terminate http://docs.python.org/library/unittest.html http://en.wikipedia.org http://en.wikipedia.org/wiki/Cache_replacement_policies#Least_recently_used_ http://en.wikipedia.org/wiki/IEEE_854-1987 http://en.wikipedia.org/wiki/Triangular_distribution http://example.com http://google.com http://hg.python.org http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535 http://httpbin.org http://json.org http://lists.sourceforge.net http://lists.sourceforge.net/lists/listinfo/optik-users http://opensource.apple.com http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c http://purl.org http://schemas.xmlsoap.org http://schemas.xmlsoap.org/wsdl/z http://speleotrove.com http://support.microsoft.com http://support.microsoft.com/kb/118623 http://tip.tcl.tk http://tip.tcl.tk/48 http://tools.ietf.org http://tools.ietf.org/html/rfc4880 http://tools.ietf.org/html/rfc5297 http://tools.ietf.org/html/rfc5869 http://tools.ietf.org/html/rfc6125#section-6.4.3 http://users.rcn.com http://users.rcn.com/python/download/Descriptor.htm http://web.cs.ucdavis.edu http://web.cs.ucdavis.edu/ http://www.apple.com http://www.apple.com/DTDs/PropertyList-1.0.dtd http://www.cl.cam.ac.uk http://www.cl.cam.ac.uk/ http://www.crummy.com http://www.crummy.com/software/BeautifulSoup/ http://www.crummy.com/software/BeautifulSoup/bs4/doc/ http://www.crummy.com/software/BeautifulSoup/bs4/doc/#installing-a-parser http://www.cs.ucdavis.edu http://www.cs.ucdavis.edu/ http://www.iana.org http://www.iana.org/assignments/character-sets http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6 http://www.iana.org/time-zones/repository/tz-link.html http://www.ibiblio.org http://www.ibiblio.org/xml/examples/shakespeare/hamlet.xml http://www.megginson.com http://www.megginson.com/SAX/. http://www.nightmare.com http://www.nightmare.com/squirl/python-ext/misc/syslog.py http://www.ocert.org http://www.ocert.org/advisories/ocert-2011-003.html http://www.phys.uu.nl http://www.phys.uu.nl/ http://www.python.org http://www.python.org/' http://www.python.org/dev/peps/pep-%04d/r http://www.python.org/dev/peps/pep-%04d/r7 http://www.python.org/dev/peps/pep-0205/ http://www.python.org/download/releases/2.3/mro/. http://www.python.org/sax/properties/encodingz3http http://www.python.org/sax/properties/interning-dictN http://www.rfc-editor.org http://www.rfc-editor.org/info/rfc7253 http://www.rfc-editor.org/rfc/rfc%d.txtz http://www.robotstxt.org http://www.robotstxt.org/norobots-rfc.txt http://www.tarsnap.com http://www.tarsnap.com/scrypt/scrypt-slides.pdf http://www.w3.org http://www.w3.org/1999/02/22-rdf-syntax-ns#z http://www.w3.org/1999/xhtml http://www.w3.org/1999/xhtmlN http://www.w3.org/1999/xhtmlz+http http://www.w3.org/2000/xmlns/ http://www.w3.org/2000/xmlns/r http://www.w3.org/2000/xmlns/z http://www.w3.org/2001/XInclude http://www.w3.org/2001/XMLSchema-instancez http://www.w3.org/2001/XMLSchemaz http://www.w3.org/TR/NOTE-datetime http://www.w3.org/TR/html4/strict.dtd http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd' http://www.w3.org/XML/1998/namespace http://www.w3.org/XML/1998/namespacez http://www.xmlrpc.com http://www.xmlrpc.com/discuss/msgReader$1208 http://www.xmlrpc.com/discuss/msgReader$1208z http://wwwsearch.sf.net http://wwwsearch.sf.net/ http://xml.org http://xml.python.org http://xml.python.org/entities/fragment-builder/internalz http://xmlrpc.usefulinc.com http://xmlrpc.usefulinc.com/doc/reserved.html http://yahoo.com httpbin.org https://business.facebook.com https://business.facebook.com/business/adaccount/limits/?business_id https://business.facebook.com/business_locations/ https://business.facebook.com/settings/info?business_id https://cloud.google.com https://cloud.google.com/appengine/docs/flexible/ https://cloud.google.com/appengine/docs/python/sockets/ https://cloud.google.com/appengine/docs/python/urlfetch https://cloud.google.com/appengine/docs/python/urlfetch/#Python_Quotas_and_limits https://cloud.google.com/appengine/docs/standard/runtimes https://cryptography.io https://docs.python.org https://docs.python.org/ https://docs.python.org/%d.%d/libraryNr https://docs.python.org/X.Y/library/ https://en.wikipedia.org https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher-block_chaining_.28CBC.29 https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_feedback_.28CFB.29 https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_.28CTR.29 https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_codebook_.28ECB.29 https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Output_feedback_.28OFB.29 https://en.wikipedia.org/wiki/CRIME_ https://en.wikipedia.org/wiki/Server_Name_Indication https://github.com https://google.com https://graph.facebook.com https://graph.facebook.com/v7.0/act_ https://graph.facebook.com/v7.0/me/personal_ad_accounts?fields https://httpbin.org https://m.facebook.com https://m.facebook.com/login/reauth.php?next https://mbasic.facebook.com https://mbasic.facebook.com/ https://mbasic.facebook.com/friends/center/requests/#friends_center_main https://packaging.python.org https://packaging.python.org/specifications/entry-points/ https://pypi.org https://pysimplegui.readthedocs.io https://pysimplegui.readthedocs.io/en/latest/call%20reference/#button-element https://pysimplegui.readthedocs.io/en/latest/call%20reference/#buttonmenu-element https://pysimplegui.readthedocs.io/en/latest/call%20reference/#canvas-element https://pysimplegui.readthedocs.io/en/latest/call%20reference/#checkbox-element https://pysimplegui.readthedocs.io/en/latest/call%20reference/#column-element https://pysimplegui.readthedocs.io/en/latest/call%20reference/#combo-element https://pysimplegui.readthedocs.io/en/latest/call%20reference/#frame-element https://pysimplegui.readthedocs.io/en/latest/call%20reference/#graph-element https://pysimplegui.readthedocs.io/en/latest/call%20reference/#horizontalseparator-element https://pysimplegui.readthedocs.io/en/latest/call%20reference/#image-element https://pysimplegui.readthedocs.io/en/latest/call%20reference/#input-element https://pysimplegui.readthedocs.io/en/latest/call%20reference/#listbox-element https://pysimplegui.readthedocs.io/en/latest/call%20reference/#menu-element https://pysimplegui.readthedocs.io/en/latest/call%20reference/#multiline-element https://pysimplegui.readthedocs.io/en/latest/call%20reference/#optionmenu-element https://pysimplegui.readthedocs.io/en/latest/call%20reference/#output-element https://pysimplegui.readthedocs.io/en/latest/call%20reference/#pane-element https://pysimplegui.readthedocs.io/en/latest/call%20reference/#progressbar-element https://pysimplegui.readthedocs.io/en/latest/call%20reference/#radio-element https://pysimplegui.readthedocs.io/en/latest/call%20reference/#slider-element https://pysimplegui.readthedocs.io/en/latest/call%20reference/#spin-element https://pysimplegui.readthedocs.io/en/latest/call%20reference/#statusbar-element https://pysimplegui.readthedocs.io/en/latest/call%20reference/#tab-element https://pysimplegui.readthedocs.io/en/latest/call%20reference/#tabgroup-element https://pysimplegui.readthedocs.io/en/latest/call%20reference/#table-element https://pysimplegui.readthedocs.io/en/latest/call%20reference/#text-element https://pysimplegui.readthedocs.io/en/latest/call%20reference/#tree-element https://pysimplegui.readthedocs.io/en/latest/call%20reference/#verticalseparator-element https://pysimplegui.readthedocs.io/en/latest/call%20reference/#window https://raw.githubusercontent.com https://raw.githubusercontent.com/ https://raw.githubusercontent.com/PySimpleGUI/PySimpleGUI/master/ https://requests.readthedocs.io https://rss.imagemakeup.net https://rss.imagemakeup.net/rss/popular_youtube https://stackoverflow.com https://tools.ietf.org https://tools.ietf.org/html/rfc2388#section-4.4 https://tools.ietf.org/html/rfc3610 https://tools.ietf.org/html/rfc5297 https://twitter.com https://upload.pypi.org https://upload.pypi.org/legacy/ https://urllib3.readthedocs.io https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings https://urllib3.readthedocs.io/en/1.26.x/contrib.html#socks-proxies https://urllib3.readthedocs.io/en/1.26.x/reference/urllib3.contrib.html. https://w3c.github.io https://w3c.github.io/html/sec-forms.html#multipart-form-data https://www.buymeacoffee.com https://www.buymeacoffee.com/PySimpleGUI https://www.facebook.com https://www.facebook.com/ https://www.facebook.com/ads/manager/account_settings/information/?act https://www.facebook.com/ads/manager/account_settings/notification_preferences/?act https://www.facebook.com/ads/manager/post_all_adaccount_notifications/ https://www.facebook.com/security/2fac/factors/recovery-code/ https://www.facebook.com/security/2fac/settings https://www.facebook.com/settings?tab https://www.ibm.com https://www.ibm.com/support/knowledgecenter/en/ssw_aix_61/com.ibm.aix.basetrf1/dlopen.htm https://www.ibm.com/support/knowledgecenter/en/ssw_aix_61/com.ibm.aix.basetrf1/load.htm https://www.ietf.org https://www.ietf.org/rfc/rfc2898.txt https://www.paypal.me https://www.paypal.me/psgui https://www.pyopenssl.org https://www.python.org https://www.python.org' https://www.python.org/dev/peps/pep-0506/ https://www.python.org/download/releases/2.3/mro/. https://www.python.org/psf/license/ https://www.unicode.org https://www.unicode.org/Public/13.0.0/ucd/DerivedCoreProperties.txt https://www.usenix.org https://www.usenix.org/legacy/events/usenix99/provos/provos_html/node4.html https://www.youtube.com https://www.youtube.com/watch?v ibiblio.org imagemakeup.net jython.org kennethreitz.org la.mastaler.com lemburg.com lists.sourceforge.net logger.info m.facebook.com mastaler.com mbasic.facebook.com megginson.com microsoft.com nightmare.com nightshade.la.mastaler.com ocert.org opensource.apple.com packaging.python.org phys.uu.nl pitrou.net pyopenssl.org python.net python.org pythoncom.com raw.githubusercontent.com red-dove.com redivi.com rfc-editor.org robotstxt.org rss.imagemakeup.net samba.org schemas.xmlsoap.org segfault.org sendmail.org shazow.net skippinet.com.au sockets.ru sourceforge.net speleotrove.com sprymix.com stackoverflow.com support.microsoft.com sweetapp.com tarsnap.com three.org tip.tcl.tk tools.ietf.org twitter.com uCanvas.tk uGraph.tk uHTTPResponse.info uMockResponse.info uOutput.tk ucdavis.edu ufacebook.com unicode.org upload.pypi.org usefulinc.com usenix.org users.rcn.com uwww.PySimpleGUI.org uwww.facebook.com web.cs.ucdavis.edu wikipedia.org www.PySimpleGUI.org www.acme.com www.apple.com www.buymeacoffee.com www.cl.cam.ac.uk www.crummy.com www.cs.ucdavis.edu www.example.com www.facebook.com www.iana.org www.ibiblio.org www.ibm.com www.ietf.org www.jython.org www.megginson.com www.nightmare.com www.ocert.org www.phys.uu.nl www.pyopenssl.org www.python.org www.rfc-editor.org www.robotstxt.org www.tarsnap.com www.unicode.org www.usenix.org www.w3.org www.xmlrpc.com www.youtube.com wwwsearch.sf.net xml.python.org xmlrpc.com xmlrpc.usefulinc.com xmlsoap.org yahoo.com youtube.com zen.co.uk zesty.ca
Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Info	The PE is digitally signed.	`Signer: LGN Software` `Issuer: LGN Software`
Malicious	VirusTotal score: 6/68 (Scanned on 2021-09-16 04:05:20)	`ESET-NOD32: a variant of Python/Agent.MU.gen` `Sophos: Mal/Generic-R + Mal/BadCert-Gen` `McAfee-GW-Edition: Artemis` `McAfee: Artemis!CF48C63ABACD` `Ikarus: Trojan.Python.Agent` `Fortinet: W32/Agent.MU!tr`

Hashes

MD5	`cf48c63abacde7311b043d8a648403b7`
SHA1	`3757f55b5638039a1c0a02a47d86dee9bf9cf7a1`
SHA256	`b72ff7d5b908fb4a0c0074d5eac92411d061a213d74f6af0e34cf918fd077b98`
SHA3	`22a7753f6529c0ce1c66b0ce760e242f4b2296050728732a738a3d2417f48101`
SSDeep	`98304:8rZsgy/1HXeCIMM71B1//m+9EKpMgvq3yiMPjuYNbgR+7gbROXFhqRuCnzjj7Zpy:8BEHhYevDkOYUbrinc1FMQIDnqjRjxa`
Imports Hash	`21b31d0d4d5f788667bff7bb27a9c9d6`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`10`
TimeDateStamp	2021-Jul-10 17:06:24
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0x1285c00`
SizeOfInitializedData	`0x1c95400`
SizeOfUninitializedData	`0x72a00`
AddressOfEntryPoint	`0x00000000000014B0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x1d0d000`
SizeOfHeaders	`0x400`
Checksum	`0x1c9ab54`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x968000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`61501ccabebe16a5ea1bb9372883a4f9`
SHA1	`0714c694566dac20b5204923c4b9e4c00dc8245b`
SHA256	`e5a96deecdce8094b8999a76d958601ca4a35ae260c9e56a48d4de02bddc6988`
SHA3	`0ecd8d5d4630d3d2807dc2a0255d97e8edc23ada966fd316d2e5383d55ba54a9`
VirtualSize	`0x1285af8`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1285c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.86145`

.data

MD5	`20e156f46444ba54ebf46151a8efab7a`
SHA1	`bc9d9aaf9a554a0b1f6250ec4b23a3f6db3527b4`
SHA256	`9f85ad548a4b0ab2fb90fd4b67aa087606e94b014f0b6b1065cecd9e9a202077`
SHA3	`9205778c250185765759309ff2561a14be0673d68304bd62e1e6b0edbcb31e9d`
VirtualSize	`0xed50`
VirtualAddress	`0x1287000`
SizeOfRawData	`0xee00`
PointerToRawData	`0x1286000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.38947`

.rdata

MD5	`d73caa9e3894b4c8cdfe6a86500fe6f8`
SHA1	`69421d35a48f640a517533fff63ebacf3ae1e2b9`
SHA256	`37c712a2037bf92a2f5c2e6e3efe3a655db368bec6ec67eef73524475984c9ec`
SHA3	`c6f1392291ca497fdd783d7c5af41491de5e0b6deb91d695cadc68b1f4999a47`
VirtualSize	`0x20c80`
VirtualAddress	`0x1296000`
SizeOfRawData	`0x20e00`
PointerToRawData	`0x1294e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.90515`

.pdata

MD5	`f5451c2cea08fad7c6d6a2b1b4173d83`
SHA1	`25268725c185f4c4e52efdf6d609b06af92e1aa2`
SHA256	`2b76283ad307b995d53783a1d0040185c8e1335812f01bc2f020a9cb790518b5`
SHA3	`28a002114c88895c8fb24dfb7c8e3cd838a2d43670e2b93b7a89e8266e6023bb`
VirtualSize	`0x15eb8`
VirtualAddress	`0x12b7000`
SizeOfRawData	`0x16000`
PointerToRawData	`0x12b5c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.59294`

.xdata

MD5	`b8a3d8f9bb80516fe746e5e52e18d3ac`
SHA1	`726a533047b9c2bfde42e97d4ca0f453bfe1f4b6`
SHA256	`e0465e8d15cfd32eca3fec4ae3b3bbbbed1acefecb73cb6d1473cc67889e4c7e`
SHA3	`81e841317f5af090889af65c766fd3b36e2accb1b3c3478737a8c2a8b45e21f1`
VirtualSize	`0x204d4`
VirtualAddress	`0x12cd000`
SizeOfRawData	`0x20600`
PointerToRawData	`0x12cbc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.73697`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x72968`
VirtualAddress	`0x12ee000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`926c55154439f94f317a50a6a7a400cc`
SHA1	`ecadd66264412f75ae0f0398db0f9f1227483a14`
SHA256	`53adeaa9d77c94b0718787f05c8411771a4a43e3af700ff65a07b3d12a82d42c`
SHA3	`db1d465b05786e089df56adeba12ab25ffde0987889f7db72da41792d5e1e5c6`
VirtualSize	`0x37c4`
VirtualAddress	`0x1361000`
SizeOfRawData	`0x3800`
PointerToRawData	`0x12ec200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.96574`

.CRT

MD5	`4e12b296a34f92a918cd1f0a88a7208f`
SHA1	`2ac4492ddf53b05d833079bcebc161769eddeb97`
SHA256	`197370ba4aaca6ef7782f3c5da7491b13d44f24c2919b54e33405846308c8e09`
SHA3	`84b98ed87361ce8c701bf887c1c80f58d1aaa2afa5761a63b8a4cc1a4f248745`
VirtualSize	`0x68`
VirtualAddress	`0x1365000`
SizeOfRawData	`0x200`
PointerToRawData	`0x12efa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.332025`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x10`
VirtualAddress	`0x1366000`
SizeOfRawData	`0x200`
PointerToRawData	`0x12efc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`a412cd4d5c3872cae807801ef7f7ab8a`
SHA1	`1f3699264a6212ef3d62a6ee1adfeb490dfe49ab`
SHA256	`da83b20c2903a9a586b45ffee8b182d0eaf1703643d9b6fb8c04ed3ec3a8e158`
SHA3	`436acc93f4671aa5396c90a227ce1f71047fc62bca5d3c12f993416cc7209dac`
VirtualSize	`0x9a596c`
VirtualAddress	`0x1367000`
SizeOfRawData	`0x9a5a00`
PointerToRawData	`0x12efe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.64749`

Imports

python38.dll	`PyObject_GC_Del` `_PyObject_GC_Resize` `_PyObject_GC_New` `_PyObject_GC_Malloc` `PyObject_GC_UnTrack` `PyObject_GC_Track` `_PyTraceMalloc_NewReference` `PyIter_Next` `PyObject_GetIter` `PyObject_IsSubclass` `PyObject_IsInstance` `PyMapping_Check` `PySequence_Contains` `PySequence_List` `PySequence_Tuple` `PySequence_GetItem` `PySequence_InPlaceConcat` `PySequence_Check` `PyNumber_ToBase` `PyNumber_Float` `PyNumber_Long` `PyNumber_AsSsize_t` `PyNumber_Index` `PyNumber_Invert` `PyNumber_Positive` `PyNumber_Negative` `PyNumber_InPlaceMultiply` `PyNumber_InPlaceAdd` `PyNumber_InPlaceLshift` `PyNumber_FloorDivide` `PyNumber_Add` `PyNumber_Subtract` `PyBuffer_Release` `PyObject_GetBuffer` `PyObject_DelItem` `PyObject_SetItem` `PyObject_GetItem` `PyObject_LengthHint` `PyObject_Size` `PyBool_Type` `_Py_FalseStruct` `_Py_TrueStruct` `_PyByteArray_empty_string` `PyByteArray_Type` `PyByteArray_FromStringAndSize` `PyByteArray_FromObject` `PyBytes_Type` `_PyBytes_Resize` `PyBytes_FromString` `PyBytes_FromStringAndSize` `PyObject_CallFunctionObjArgs` `PyObject_CallMethodObjArgs` `PyObject_CallObject` `PyObject_Call` `PyCapsule_New` `PyMethod_Type` `PyCode_Type` `PyCode_NewWithPosOnlyArgs` `PyComplex_Type` `PyComplex_FromDoubles` `PyProperty_Type` `PyDict_Type` `PyDict_DelItemString` `PyDict_SetItemString` `PyDict_GetItemString` `PyDict_Copy` `PyDict_Merge` `PyDict_MergeFromSeq2` `PyDict_Next` `PyDict_DelItem` `PyDict_SetItem` `PyDict_GetItem` `_PyDict_NewPresized` `PyDict_New` `PyEnum_Type` `PyReversed_Type` `PyExc_ImportWarning` `PyExc_Exception` `PyExc_KeyError` `PyExc_RuntimeError` `PyExc_IOError` `PyExc_UnboundLocalError` `PyExc_PermissionError` `PyExc_AttributeError` `PyExc_ZeroDivisionError` `PyExc_ValueError` `PyExc_BaseException` `PyExc_OverflowError` `PyExc_UnicodeError` `PyExc_UnicodeDecodeError` `PyExc_IsADirectoryError` `PyExc_SyntaxError` `PyExc_StopIteration` `PyExc_OSError` `PyExc_NotImplementedError` `PyExc_StopAsyncIteration` `PyExc_TypeError` `PyExc_NameError` `PyExc_LookupError` `PyExc_IndexError` `PyExc_UnicodeEncodeError` `PyExc_ImportError` `PyExc_SystemError` `PyExc_AssertionError` `PyExc_GeneratorExit` `PyExc_FileNotFoundError` `PyExc_ModuleNotFoundError` `PyException_SetContext` `PyException_GetContext` `PyException_SetCause` `PyException_GetTraceback` `PyFloat_Type` `PyFloat_FromString` `PyFloat_FromDouble` `PyFrame_Type` `PyFrame_New` `PyFrame_GetLineNumber` `PyFunction_Type` `_PyAsyncGenWrappedValue_Type` `PyCoro_Type` `PyGen_Type` `PyAsyncGen_Type` `_PyGen_FetchStopIterationValue` `_PyGen_SetStopIterationValue` `PySeqIter_Type` `PyCallIter_Type` `PyList_Type` `PyList_Insert` `PyList_SetItem` `PyList_New` `PyLong_Type` `PyLong_FromUnicodeObject` `PyLong_FromString` `PyLong_FromSsize_t` `PyLong_FromUnsignedLongLong` `PyLong_FromLongLong` `PyLong_FromVoidPtr` `PyLong_AsLong` `PyLong_AsLongAndOverflow` `PyLong_FromLong` `_PyLong_New` `PyMemoryView_Type` `PyCFunction_Type` `PyCFunction_NewEx` `PyModule_Type` `PyModuleDef_Type` `PyModule_GetDef` `PyModule_GetFilenameObject` `PyModule_GetName` `PyModule_GetDict` `PyModule_ExecDef` `PyModule_FromDefAndSpec2` `PyModule_NewObject` `_Py_NoneStruct` `_Py_NotImplementedStruct` `_Py_Dealloc` `PyObject_Dir` `PyCallable_Check` `PyObject_IsTrue` `PyObject_GenericSetAttr` `PyObject_GenericGetAttr` `PyObject_SelfIter` `PyObject_SetAttr` `PyObject_GetAttr` `PyObject_SetAttrString` `PyObject_HasAttrString` `PyObject_GetAttrString` `PyObject_RichCompareBool` `PyObject_RichCompare` `PyObject_Str` `PyObject_Repr` `_PyObject_New` `_Py_tracemalloc_config` `PyObject_Free` `PyObject_Realloc` `PyObject_Malloc` `PyMem_Realloc` `PyMem_Malloc` `PyRange_Type` `PyFrozenSet_Type` `PySet_Type` `_PySet_NextEntry` `PySet_Add` `PyFrozenSet_New` `PySet_New` `PySlice_Type` `_Py_EllipsisObject` `PyEllipsis_Type` `PySlice_New` `PyStructSequence_InitType` `PyStructSequence_SetItem` `PyStructSequence_New` `PyTuple_Type` `PyTuple_Pack` `PyTuple_New` `PyBaseObject_Type` `PySuper_Type` `PyType_Type` `PyType_Ready` `_PyType_Lookup` `PyType_GetFlags` `PyType_IsSubtype` `PyUnicode_Type` `PyUnicode_InternInPlace` `PyUnicode_Format` `PyUnicode_Substring` `PyUnicode_Concat` `PyUnicode_Join` `PyUnicode_FindChar` `PyUnicode_Find` `PyUnicode_DecodeUTF8` `PyUnicode_GetLength` `PyUnicode_AsUnicode` `PyUnicode_AsUTF8` `PyUnicode_FromEncodedObject` `PyUnicode_FromOrdinal` `PyUnicode_FromFormat` `PyUnicode_FromString` `PyUnicode_FromStringAndSize` `PyUnicode_FromWideChar` `_PyUnicode_Ready` `PyUnicode_New` `PyObject_ClearWeakRefs` `_PyWarnings_Init` `PyErr_WarnEx` `PyMap_Type` `PyFilter_Type` `PyZip_Type` `PyEval_GetFuncName` `PyEval_GetFrame` `PyEval_EvalCodeEx` `PyEval_EvalFrameEx` `PyEval_EvalCode` `Py_MakePendingCalls` `PyEval_SaveThread` `PyEval_AcquireThread` `PyEval_ThreadsInitialized` `PyErr_WriteUnraisable` `PyErr_Format` `PyErr_SetFromErrno` `PyErr_NoMemory` `PyErr_BadArgument` `_PyErr_FormatFromCause` `PyErr_NormalizeException` `PyErr_ExceptionMatches` `PyErr_GivenExceptionMatches` `PyImport_FrozenModules` `_PyArg_NoKeywords` `PyArg_UnpackTuple` `PyArg_ParseTupleAndKeywords` `PyArg_ParseTuple` `PyImport_ImportModule` `PyImport_ImportFrozenModule` `PyImport_ExecCodeModuleEx` `PyImport_ExecCodeModule` `_PyImport_FixupExtensionObject` `PyImport_GetModule` `PyImport_GetModuleDict` `Py_NoSiteFlag` `Py_NoUserSiteDirectory` `Py_DontWriteBytecodeFlag` `Py_DebugFlag` `Py_BytesWarningFlag` `Py_VerboseFlag` `Py_OptimizeFlag` `Py_UTF8Mode` `Py_InteractiveFlag` `Py_InspectFlag` `Py_IgnoreEnvironmentFlag` `Py_FrozenFlag` `PyMarshal_ReadObjectFromString` `_Py_PackageContext` `PyModule_AddObject` `Py_BuildValue` `PyOS_snprintf` `Py_SetPythonHome` `Py_SetPath` `Py_Exit` `Py_Initialize` `PyThreadState_Get` `Py_CompileStringExFlags` `PyErr_Print` `PyErr_PrintEx` `PySys_WriteStderr` `PySys_SetArgv` `PySys_SetPath` `PySys_SetObject` `PySys_GetObject` `PyTraceBack_Type`
KERNEL32.dll	`DeleteCriticalSection` `EnterCriticalSection` `FindResourceA` `FormatMessageA` `GetCommandLineW` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThreadId` `GetLastError` `GetModuleFileNameW` `GetProcAddress` `GetShortPathNameW` `GetStartupInfoA` `GetSystemTimeAsFileTime` `GetTempPathW` `GetTickCount` `InitializeCriticalSection` `LeaveCriticalSection` `LoadLibraryExW` `LoadResource` `LockResource` `QueryPerformanceCounter` `RtlAddFunctionTable` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `SetDllDirectoryW` `SetErrorMode` `SetUnhandledExceptionFilter` `Sleep` `TerminateProcess` `TlsGetValue` `UnhandledExceptionFilter` `VirtualProtect` `VirtualQuery`
msvcrt.dll	`__C_specific_handler` `__argc` `__argv` `__getmainargs` `__initenv` `__iob_func` `__lconv_init` `__set_app_type` `__setusermatherr` `_acmdln` `_amsg_exit` `_cexit` `_errno` `_fmode` `_initterm` `_itoa_s` `_onexit` `_snprintf` `_wcsicmp` `abort` `atoi` `calloc` `exit` `fprintf` `free` `fwrite` `getenv` `malloc` `mbstowcs` `memcmp` `memcpy` `memset` `printf` `puts` `signal` `strchr` `strcmp` `strlen` `strncmp` `strncpy` `strrchr` `vfprintf` `vsprintf` `wcscmp` `wcslen`
SHELL32.dll	`CommandLineToArgvW`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.56667`
MD5	`d73877eabb6690c13bbdae19771bdd73`
SHA1	`d4172526c7569acba4ef76b08c39dd5549cc084d`
SHA256	`fe8e6047958004a178d2a4c121a7e5308268d75d9d307b6ae1e24233fbd52d99`
SHA3	`bf8ed9add6f280e369a7e42c5069ad20ecc0212c178d5b0a33cda4bd1d9ba1bf`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.7655`
MD5	`d8b13ce23156fb8785f9eca1e9369212`
SHA1	`01c29b99736ea54560355f170f7cfbd3eee6ad93`
SHA256	`73588cb6e9195d1a49b2a27a616216dd6a5a667117d23eb457a6050ad8c3eddb`
SHA3	`e1788d3d5537c105d415419fe65b51e99303da257b25d9c31d36191ab9b59bbe`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.84624`
MD5	`a24cdfe7bad9ee4b7642fd07d01b43dd`
SHA1	`78d4b0ac45d0a5a6985c2f75fddddbc14a5f065f`
SHA256	`98aa73630ce708b652a8c71cdc4b0c9ced431702fccdbcc3a92bbf1e689b257d`
SHA3	`50fb31ee5caace745bdf3bd483227bcec8f002cb76a632e5c0709c1edc470bef`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.78644`
MD5	`08a0db42153a8512cb745595eb8b0094`
SHA1	`d5252a69c128219eb983611247a302411207668d`
SHA256	`23e26404ff0f39ddf6f8be20b025ce96405256c825c84535569e5548321bf78f`
SHA3	`2a17502ae80783aa4f66399f515c3d5e80cb7c40b3c7d3f2c346a5a9fc870b5e`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x20e77`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99239`
Detected Filetype	PNG graphic file
MD5	`461f254ce0b4da1e788628b137a2ecae`
SHA1	`0ba03fa1892876e5331035fae9f7c80f2d7edcea`
SHA256	`84d753221f7b755c95e4c04c6cba5938a2417c23030c0a7ce26b8abc258144f9`
SHA3	`319b3107b35fd2cd29627a2247b54c998cb00995f57e449bffa73f7ed97cde41`

3 (#2)

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x9804c0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.57447`
MD5	`bd2d67cf34ba4cde4641f9096de29afc`
SHA1	`a40905f1979169f303a463a4d2a65ad5366707ff`
SHA256	`b20860eb92baa256f37528597e3e0a106ed887fb1c85211a80ea4348db1f55d5`
SHA3	`37f19f754bfe636375f869efa7c00c95dda3241de028d87e07ee68e12fa8b874`

1 (#2)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.70931`
Detected Filetype	Icon file
MD5	`c6fd0c844ca25074adf89cd0ec80a96d`
SHA1	`84dcb0c4a3e8e6c00a42158ff8b5d8c98c4976f2`
SHA256	`852764fe7d8a5188b566e1e76447a6ea292a1228af773d5847b138bbaaccf45e`
SHA3	`a452f5127a10452913131fd4b0788e0c5e626cdcfed99aa37bb339b3e7c12aa4`

Version Info

TLS Callbacks

StartAddressOfRawData	`0x1766000`
EndAddressOfRawData	`0x1766008`
AddressOfIndex	`0x175ec3c`
AddressOfCallbacks	`0x1765040`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x0000000001684AB0` `0x0000000001684A80`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!