Manalyze report for d46b8c3309d91c93769bd2cab14447eec6c114268b90e08c48d61c3197a6f37a

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	1970-Jan-01 00:00:00
Debug artifacts	Embedded COFF debugging symbols

Plugin Output

Suspicious	PEiD Signature:	`HQR data file`
Info	Interesting strings found in the binary:	`Contains domain names: .eq.github.com .eq.golang.org .hash.net eq.github.com eq.golang.org github.com golang.org https://go.dev https://myapp.trapdoor.shptrEncoder.encode https://trapdoor.sh https://tunnel.trapdoor.shreflect.Value.CanInterfacereflect.Value.OverflowUintencountered itab.github.com textproto.nl`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES`
Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata` `Unusual section name found: /4` `Unusual section name found: /19` `Unusual section name found: /32` `Unusual section name found: /46` `Unusual section name found: /65` `Unusual section name found: /78` `Unusual section name found: /95` `Unusual section name found: /112` `Unusual section name found: .symtab`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryW LoadLibraryExW GetProcAddress` `Functions which can be used for anti-debugging purposes: SwitchToThread`
Suspicious	VirusTotal score: 1/72 (Scanned on 2026-02-24 12:04:08)	`Bkav: W64.AIDetectMalware`

Hashes

MD5	`2a32dd15e2d72e56bbee62f344a65f01`
SHA1	`1e92ae1266e9ea573ed61eac8eac438fd5e3d18a`
SHA256	`d46b8c3309d91c93769bd2cab14447eec6c114268b90e08c48d61c3197a6f37a`
SHA3	`7ae521b36772fccbcd838cfcc2e7acb2d3ef660d341f1a7914463fcec73c916c`
SSDeep	`98304:OsMemHL8CdNaEB09xbpEyUYvihbAQbJ360+Va4npFNIko:OJ3LzdNfBs0yTKhc+3f8aKO`
Imports Hash	`d42595b695fc008ef2c56aabd8efd68e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0x8b`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`16`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0x815600`
NumberOfSymbols	`8535`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`3.0`
SizeOfCode	`0x2b7200`
SizeOfInitializedData	`0x4e000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000007BB00 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.1`
ImageVersion	`1.0`
SubsystemVersion	`6.1`
Win32VersionValue	`0`
SizeOfImage	`0x8e6000`
SizeOfHeaders	`0x600`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`88a8b71fb14c38dd3e3b4c407b3921f1`
SHA1	`538fd2990add35ff27844124ff27f11a37ec9f85`
SHA256	`a873067fabd4ccb3956cce9ba0b7dddf29b437e06e93a0fb8e372deb1d1a0f4a`
SHA3	`2d579e04353fecd69828890ad03782c8ec28b676062587782e3f40a2fc2c5935`
VirtualSize	`0x2b7171`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2b7200`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.1944`

.rdata

MD5	`8b70c835962e820411478d3428b4018f`
SHA1	`af26ece256f71bba7af9acc2b8cd8bbd23d82bf1`
SHA256	`c6c438d18d6910ff4c3fe3820fcf1f682fad80525edce5e7c109344cef95db6f`
SHA3	`24443e4acf8333d5cd5c5190a58a0c85fedaf24a7557490037d859d3e29b4bac`
VirtualSize	`0x2da688`
VirtualAddress	`0x2b9000`
SizeOfRawData	`0x2da800`
PointerToRawData	`0x2b7800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.61412`

.data

MD5	`80e54487debfe9b49b8b431d774ec493`
SHA1	`32c7c3d1557db5e437de2bb88eb1d2ab38d8022c`
SHA256	`e5605e70bad79dda7415cc4a6563c3f78274d0f50e09d5a2b8149efbc2d4849f`
SHA3	`eae0e2b6b37e85a592eba5627a2aa29218572bdd8a99d3f92767435d07e33e8f`
VirtualSize	`0xa42b0`
VirtualAddress	`0x594000`
SizeOfRawData	`0x4e000`
PointerToRawData	`0x592000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.24709`

.pdata

MD5	`0d7afa353b67d5478957a0468249302f`
SHA1	`0591be39b58f3ab3d6fd3b2771f5c985284df941`
SHA256	`0e4c00fd67fca32e1afa6c69f8f6501e19b2c5274699c491e1d2a699cd4d7587`
SHA3	`c45bb57287ed1626b685e4c9a9fd490c654bdaf1c5d9baf1a31f404901af9eaa`
VirtualSize	`0xffcc`
VirtualAddress	`0x639000`
SizeOfRawData	`0x10000`
PointerToRawData	`0x5e0000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.53238`

.xdata

MD5	`f76dff2d3d6184a26dbc3c0236f54fdf`
SHA1	`486e1e134a21f8ac8e36817e27e43bc0f9fe6800`
SHA256	`3f471322da1a3647a307b6cace908eb3181ec29474fe3992a395be155a0ec43b`
SHA3	`5389859f8340c8cf3f56be5071523a13c46e75e3d51494d31fd438599f10e413`
VirtualSize	`0xb4`
VirtualAddress	`0x649000`
SizeOfRawData	`0x200`
PointerToRawData	`0x5f0000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.78321`

/4

MD5	`bcddef00414a946919302442928e542e`
SHA1	`b0fbeae40093e8241edcbdeae94ba06880dedf04`
SHA256	`fb7bf682d27ba8920146a9b134a183cd2109b202916488b9b3a4f7d623f0b484`
SHA3	`7d5b252590738bde977b6dfab9c3034c2ad82b952980a3585c1dc88e1f06f005`
VirtualSize	`0x154`
VirtualAddress	`0x64a000`
SizeOfRawData	`0x200`
PointerToRawData	`0x5f0200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.67257`

/19

MD5	`5f63f7ef7e43f4473e2c2386076a20a6`
SHA1	`fa5311b8ff026b3e4b5a88a1d64e159fc9adc1b3`
SHA256	`58839900b3df236a1f56814425b86399d79f4d046bbd945894bf2e0e9b19aca0`
SHA3	`fc5e79b7102d3f837e91441901f3cab27da8bb48662c777a32ccb2dc63e4cf5b`
VirtualSize	`0x803db`
VirtualAddress	`0x64b000`
SizeOfRawData	`0x80400`
PointerToRawData	`0x5f0400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99522`

/32

MD5	`7827ef68d1cd0eb8abb1b7b177a815cc`
SHA1	`2ab4d9261083dbebbd155c290111f7ac607e83d3`
SHA256	`21e0e6c08292a88b3c4eb2af5612dba0dcdf0d57da7373fa3f68346f165fcb7a`
SHA3	`20d3cb65b34f779d9f4fed9fba3c7f80e12a87d4f37a477515bd7012ee9ffb72`
VirtualSize	`0x19fd5`
VirtualAddress	`0x6cc000`
SizeOfRawData	`0x1a000`
PointerToRawData	`0x670800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.93816`

/46

MD5	`40cca7c46fc713b4f088e5d440ca7931`
SHA1	`3aaa1650bfaf5325fa9cb3a1a284aebcc92aebf4`
SHA256	`3e3c5f5d419b70e588da0ef0e3d9ce1a5863a5624febc16cd0c007cd14e89015`
SHA3	`a0e18fe9f6ac46417d52cdc99cf9ae56edb5a53f788995a085b10f88f348a0e4`
VirtualSize	`0x30`
VirtualAddress	`0x6e6000`
SizeOfRawData	`0x200`
PointerToRawData	`0x68a800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.855685`

/65

MD5	`e35d6ed07a98675c13df5e842e6ff6af`
SHA1	`8ded6a7b362b5543039dc800cab0c466c48009b3`
SHA256	`133e2f31a2be45a5e037bf54245df41faf992ad258d0297bdcbf62bb2ea5b982`
SHA3	`4c9c802f7654d63776dee75248f5a6e9b5e4a142bfa437f546e7f547942d2620`
VirtualSize	`0xcc4ba`
VirtualAddress	`0x6e7000`
SizeOfRawData	`0xcc600`
PointerToRawData	`0x68aa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99802`

/78

MD5	`d10021f0e261832416bcf531be343d15`
SHA1	`9a378acad6621361d3bc7f94062fbd8793142f83`
SHA256	`8c29cb67df122100f111ff206add2704a279acb48c9e0e4064386c7aee61fc8d`
SHA3	`271685fe611150a08a75fe06b8497d05951603e1dbcbbb278aa88904467fc186`
VirtualSize	`0x7b21f`
VirtualAddress	`0x7b4000`
SizeOfRawData	`0x7b400`
PointerToRawData	`0x757000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99756`

/95

MD5	`a6ee0ecc06a3c0763bf9514b092e9d68`
SHA1	`c5b46bb80bfa8e00f4e29012221d6f65b77f4920`
SHA256	`aea34732ea46f9ab9aa0066cc43ff505783af52f745221c7bed8972d4c766613`
SHA3	`eb521ff702fa00293264db8e92a6a4f8c5f73dc6420b8cd051bdff32adb00cde`
VirtualSize	`0x321e5`
VirtualAddress	`0x830000`
SizeOfRawData	`0x32200`
PointerToRawData	`0x7d2400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99527`

/112

MD5	`e176160aa65788a2282c7b1a4a644dca`
SHA1	`1a0de3b8f3181944e9f546e4304e840f6601fa00`
SHA256	`b046f2ccaa9e49d8a843074be259cbced8a62ebc3de7cf776e78a840d5b345fc`
SHA3	`3a1262a0d06eb8173b34dd4a7f92b0978a0d36d443b53a97420df989fd0b0c61`
VirtualSize	`0x3361`
VirtualAddress	`0x863000`
SizeOfRawData	`0x3400`
PointerToRawData	`0x804600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.77214`

.idata

MD5	`a06ec5065b9b3872c5c459a02aa2f59d`
SHA1	`abb00b3a69a1272231999e3d164b8dc94918d770`
SHA256	`8b20a5043e82f92332aacd73313f9c444ed4ee39368878d89aef6b429bd7b51d`
SHA3	`f0ff42e0b3ce86b0336b33c1c4aaee0bd87fed4a8fe1ec773a054e4c9dfe51fe`
VirtualSize	`0x53e`
VirtualAddress	`0x867000`
SizeOfRawData	`0x600`
PointerToRawData	`0x807a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.94765`

.reloc

MD5	`e98525ef706c573cbf43217a81c28109`
SHA1	`5946212fafa18b76f2d07f0ddce208696763f38b`
SHA256	`8bb7dd1d4117dac7078df84ff913a6c2a2540de6e631afa5931a9bec9a2f5022`
SHA3	`4b56c12ff63d38f6e8147754e00c1e3a42b0bee03b5449282e09fc73fa4443e3`
VirtualSize	`0xd440`
VirtualAddress	`0x868000`
SizeOfRawData	`0xd600`
PointerToRawData	`0x808000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.43404`

.symtab

MD5	`d114b4d89a2eba8e1f1e43bdc24455fa`
SHA1	`c2df49b0179b08f651c97c28f53b940248f3ea22`
SHA256	`03cfb4284964a57a3c6a575228cd3d861f1caeec5471617fb53bae1c07c933b9`
SHA3	`da09b96d22278eea623141464975345ee68ecf41dc5835e0022def30b48b6084`
VirtualSize	`0x6f18e`
VirtualAddress	`0x876000`
SizeOfRawData	`0x6f200`
PointerToRawData	`0x815600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.34856`

Imports

kernel32.dll	`WriteFile` `WriteConsoleW` `WerSetFlags` `WerGetFlags` `WaitForMultipleObjects` `WaitForSingleObject` `VirtualQuery` `VirtualFree` `VirtualAlloc` `TlsAlloc` `SwitchToThread` `SuspendThread` `SetWaitableTimer` `SetProcessPriorityBoost` `SetEvent` `SetErrorMode` `SetConsoleCtrlHandler` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `ResumeThread` `RaiseFailFastException` `PostQueuedCompletionStatus` `LoadLibraryW` `LoadLibraryExW` `SetThreadContext` `GetThreadContext` `GetSystemInfo` `GetSystemDirectoryA` `GetStdHandle` `GetQueuedCompletionStatusEx` `GetProcessAffinityMask` `GetProcAddress` `GetErrorMode` `GetEnvironmentStringsW` `GetCurrentThreadId` `GetConsoleMode` `FreeEnvironmentStringsW` `ExitProcess` `DuplicateHandle` `CreateWaitableTimerExW` `CreateThread` `CreateIoCompletionPort` `CreateEventA` `CloseHandle` `AddVectoredExceptionHandler` `AddVectoredContinueHandler`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Tried to read outside the COFF string table to get the name of section /19!
[*] Warning: Tried to read outside the COFF string table to get the name of section /32!
[*] Warning: Tried to read outside the COFF string table to get the name of section /46!
[*] Warning: Tried to read outside the COFF string table to get the name of section /65!
[*] Warning: Tried to read outside the COFF string table to get the name of section /78!
[*] Warning: Tried to read outside the COFF string table to get the name of section /95!
[*] Warning: Tried to read outside the COFF string table to get the name of section /112!

Leave a comment

No comments yet.