e4fe9c6583cc6f250412cab24621e300f852cb55927e0d15168d6f1a1935d3cd

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 1970-Jan-01 00:00:00

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 8.0
Suspicious Strings found in the binary may indicate undesirable behavior: May have dropper capabilities:
  • CurrentVersion\Run
 Contains domain names:
  • .eq.golang.org
  • eq.golang.org
  • golang.org
Suspicious The PE is possibly packed. Unusual section name found: .xdata
Unusual section name found: .symtab
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryW
  • LoadLibraryExW
  • GetProcAddress
 Functions which can be used for anti-debugging purposes:
  • SwitchToThread
Malicious VirusTotal score: 8/71 (Scanned on 2025-05-27 03:07:04) CrowdStrike: win/malicious_confidence_60% (W)
DeepInstinct: MALICIOUS
Elastic: malicious (high confidence)
Google: Detected
Ikarus: Trojan.WinGo.Agent
McAfeeD: ti!E4FE9C6583CC
SentinelOne: Static AI - Suspicious PE
Trapmine: malicious.moderate.ml.score

Hashes

MD5 be5657e274f1549f8c97fb4fde4d7286
SHA1 05a4698d39fa937680010f89d6c3b8324c47b3c2
SHA256 e4fe9c6583cc6f250412cab24621e300f852cb55927e0d15168d6f1a1935d3cd
SHA3 ecaa2187f643f549f95787b94adc6e0729012fdcb834641d6a96589cd9f3ad91
SSDeep 12288:D7JX5DYMTgVqOgWXuzo2flFL5xfCqVFaqEdSVFgbgF2L:D7JXFYlVXrXKRfzL5xfznVFgR
Imports Hash d42595b695fc008ef2c56aabd8efd68e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0x8b
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 8
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0x254a00
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 3.0
SizeOfCode 0xf7200
SizeOfInitializedData 0x18200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000074740 (Section: .text)
BaseOfCode 0x1000
ImageBase 0xc60000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.1
ImageVersion 1.0
SubsystemVersion 6.1
Win32VersionValue 0
SizeOfImage 0x2a3000
SizeOfHeaders 0x600
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 4201d40255a7324ad8f74e265715f22c
SHA1 b777d9ccd8e15f82854aa4f33750bab0d0308397
SHA256 ca352a749491e1b202238636809f8e5742ea479f773911da7a1eaba791a24c85
SHA3 16ec377cc32518f1cf7ebcb12b26ac094a24ad095d1c9ddaaa28eb1440dbca49
VirtualSize 0xf7151
VirtualAddress 0x1000
SizeOfRawData 0xf7200
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.10739

.rdata

MD5 2585988c0001af8dde9760a71cbd86eb
SHA1 b0c08902884a0c6a718834dec4c011c9f5350a5e
SHA256 59a6107ef177eaedc3523f7d108ba281a95cc3400cfce8dfee2fa9d667ab887c
SHA3 dc2e970605aa2d9e7262dd25144427bc8d03f309379c02b1982e30b63bf883d4
VirtualSize 0x136ee8
VirtualAddress 0xf9000
SizeOfRawData 0x137000
PointerToRawData 0xf7800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.05408

.data

MD5 4656e7fbe9005f00640a53336644c773
SHA1 b912d685e46e62233fa28955572381af6307d981
SHA256 81ba001063d896e52664c7a7e93e65e497df88dbe450986582195e8917314233
SHA3 b439bb85af2cd620401d4756a2e399bc001bc9604f25e1ce1c45b61e93bf40f5
VirtualSize 0x617a0
VirtualAddress 0x230000
SizeOfRawData 0x18200
PointerToRawData 0x22e800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.02574

.pdata

MD5 5c0bb538531acaa92779b8d90898e643
SHA1 351a45b2f1d8596ef30cfb7f7b5ad188735b728a
SHA256 bad072eb920590c75eaceeb750703b358da4e3e06540fc110b846c6a59027f12
SHA3 449f06fe2de542b675913142e983f17fb822c74702f63ee7810a11ea000a876f
VirtualSize 0x6e34
VirtualAddress 0x292000
SizeOfRawData 0x7000
PointerToRawData 0x246a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.72292

.xdata

MD5 50b02797b8df000677254b348088a475
SHA1 7bc8d7c11d00c7a11f783dee457ff1fa925ca4ae
SHA256 aeed8531d95cba9be91d5cecb6dffb4ecb05c472cf66aaa881bff562912dec02
SHA3 eb99e221a593bccba3a6e0e7d937e48c5e2c700d329be6575c5fa34cdcac023b
VirtualSize 0xb4
VirtualAddress 0x299000
SizeOfRawData 0x200
PointerToRawData 0x24da00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.77783

.idata

MD5 0bc423a3a7015a75ad2a582179981789
SHA1 b3bec41764ba52e7a11b5f9d9a0482c4bb112f9c
SHA256 dd33e723936506e59af6b8bef884709387f56ddeebbe015d051fb3a5ec082776
SHA3 0afa295862679a98442f5a8a1999e4484b74592b6a4a3fb6b5d71581c15358e3
VirtualSize 0x53e
VirtualAddress 0x29a000
SizeOfRawData 0x600
PointerToRawData 0x24dc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.01719

.reloc

MD5 a3d7983aba25a30a72a2ef804db5623b
SHA1 809ad7dadbfc46988dd8138a81fcba4f652e3b20
SHA256 0c35865eec2cf793b54c4c420887951a56ee651be16a620d880ea7bd9772bb26
SHA3 48a6e87f2348f62ad63f89777ccafbf94d17124151158c7d7e30742f332d2e3f
VirtualSize 0x6620
VirtualAddress 0x29b000
SizeOfRawData 0x6800
PointerToRawData 0x24e200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0

.symtab

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x4
VirtualAddress 0x2a2000
SizeOfRawData 0x200
PointerToRawData 0x254a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0

Imports

kernel32.dll WriteFile
WriteConsoleW
WerSetFlags
WerGetFlags
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
RtlVirtualUnwind
RtlLookupFunctionEntry
ResumeThread
RaiseFailFastException
PostQueuedCompletionStatus
LoadLibraryW
LoadLibraryExW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetErrorMode
GetEnvironmentStringsW
GetCurrentThreadId
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler
AddVectoredContinueHandler

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Yara callback received an unhandled message (6).
Leave a comment

No comments yet.