Manalyze report for ec7d80cf9687d5aef1c60a3fbe7718fa

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2024-Apr-19 18:17:41
Detected languages	English - United States
TLS Callbacks	1 callback(s) detected.

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .retplne`
Malicious	VirusTotal score: 5/71 (Scanned on 2024-04-22 13:46:38)	`APEX: Malicious` `Bkav: W64.AIDetectMalware` `Elastic: malicious (high confidence)` `FireEye: Generic.mg.ec7d80cf9687d5ae` `Trapmine: malicious.moderate.ml.score`

Hashes

MD5	`ec7d80cf9687d5aef1c60a3fbe7718fa`
SHA1	`758e599e163131061e982b5e91e8304c75c472a0`
SHA256	`876030c5c6a013679efa8f84bfc2f735b625c44ff13b32bfd78aff62cbf46910`
SHA3	`d644228d0981c8e0f93cf391603258dca297c0dba6c32621e3c7f8fd3ab2b7ee`
SSDeep	`768:p6PFd/RFZSE8udmadB9bAdBhEj5C6eJVm1Z72aS1kfgIHI/DQZOH5P:p6FSE8BWsdkAjVWAbWYIHIm6P`
Imports Hash	`a30e4921d0e4b214d026b626fd74c244`

DOS Header

e_magic	`MZ`
e_cblp	`0x78`
e_cp	`0x1`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0`
e_ss	`0`
e_sp	`0`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x78`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`9`
TimeDateStamp	2024-Apr-19 18:17:41
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x9000`
SizeOfInitializedData	`0x3000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000094CC (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x13000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`6f1a18a50e336981667a6482567575d3`
SHA1	`122bb91e4e7649460845c6a2bf5024b0d93eddcb`
SHA256	`77ad0a8ebedd635d53f642745008135972440b228794a60b6340da277bb6954e`
SHA3	`427ad66c6f9baa2b196a16ddc39480d40392af3f5fbbef54b369e82ce07c274e`
VirtualSize	`0x8ee6`
VirtualAddress	`0x1000`
SizeOfRawData	`0x9000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.98292`

.rdata

MD5	`2a6372d42891ca995cbaf1263f0b10a4`
SHA1	`073d9fbb5c7d0aefdeb6403139fd49dc99233aa2`
SHA256	`f401e11ba3a276433e5ab2166392d1c3c795ea00e9767a5d7b17d544c3fd585f`
SHA3	`3cb85e92de43c2434b9bd012d276a2590cfdf1271ae3c3e19c16505d8016cc33`
VirtualSize	`0x15b4`
VirtualAddress	`0xa000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x9400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.41054`

.data

MD5	`711ed0d0c1c3d24550368bb5422152a8`
SHA1	`5d3d6840b8dd8638e6ac360310200a982bfa4fa7`
SHA256	`ec8e4bd8a0d7fa3c32181ef24fcf4d8a78638cc97c472360e4fd9b09eab84418`
SHA3	`13ca01501d8afadb4a7da8e8157ce9da6d7210e2c0098f16517f36b23c0e6cb4`
VirtualSize	`0xcf4`
VirtualAddress	`0xc000`
SizeOfRawData	`0xe00`
PointerToRawData	`0xaa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.42688`

.pdata

MD5	`19ae34b464946200c66b7d9077666522`
SHA1	`65c2c6630cf3ab73a4c40a78bc6c8c05c2476349`
SHA256	`4dee6f056a7b6e5c5e43dc6ce67d191d5e6f83f8e9aa6d89f7368f613b462a81`
SHA3	`21dac6343da58fa98491c10c6ca17da29084641f954d6934e66a4b8f1087650e`
VirtualSize	`0x234`
VirtualAddress	`0xd000`
SizeOfRawData	`0x400`
PointerToRawData	`0xb800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.39342`

.00cfg

MD5	`9ad0059e46fd359d313a49e91595c8ff`
SHA1	`4348cd7d07f4e29fdaf725d3e8bc804ef6b6ddd4`
SHA256	`ba067fd6dcdd4b1f40aae0fdf388630ddb1a18c4eac55ff061bf27b03b32c08a`
SHA3	`fcb1fbdf150b80eb00556a498ad20c461389a7882f69c1ee8e241314716c2dac`
VirtualSize	`0x38`
VirtualAddress	`0xe000`
SizeOfRawData	`0x200`
PointerToRawData	`0xbc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.396818`

.retplne

MD5	`8c950f651287cbc1296bcb4e8cd7e990`
SHA1	`018fcd27ff9f8487c792aecf902a516f00c03d18`
SHA256	`15163cfff9feb802c2e7699f17e01245e54304d28a1650c79f9237de661774e0`
SHA3	`5b66ec3ad2d5f760e44bb32dd7acc837d5364d21154bccafc1c375d2993cd545`
VirtualSize	`0x8c`
VirtualAddress	`0xf000`
SizeOfRawData	`0x200`
PointerToRawData	`0xbe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`(EMPTY)`
Entropy	`1.05058`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x2`
VirtualAddress	`0x10000`
SizeOfRawData	`0x200`
PointerToRawData	`0xc000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`9898eebc3232519900c23a16a1fffba3`
SHA1	`b8ad8e9388e0fb086d59e21c55f1ba05fbab3cb6`
SHA256	`3871fb068d9ab21a736a643edf57a7cfd6ebf7580e244e3b36cec5559a4e817d`
SHA3	`c9235b9bfce7b4fed31e24541a3d43c6e4fb721709ebfcf9f827c6c3c424773a`
VirtualSize	`0xe8`
VirtualAddress	`0x11000`
SizeOfRawData	`0x200`
PointerToRawData	`0xc200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.33787`

.reloc

MD5	`8e167b80d65eb883b15116e8bce6d15c`
SHA1	`c6993de3cba281f588db2d69036393f098f79553`
SHA256	`e3ec2662d397b3efee246ba15107c77e49024fed158a9f2fcd6af224c7c5ab6f`
SHA3	`c24c12729bbe075ac1828a9e3eb9215c201171c570df1d9cab7b70a92a5fa039`
VirtualSize	`0x3c`
VirtualAddress	`0x12000`
SizeOfRawData	`0x200`
PointerToRawData	`0xc400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.794402`

Imports

KERNEL32.dll	`AddVectoredExceptionHandler` `GetCurrentProcessId` `GetCurrentThreadId` `GetModuleHandleW` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter`
VCRUNTIME140.dll	`__C_specific_handler` `__current_exception` `__current_exception_context` `memcpy` `memset`
api-ms-win-crt-stdio-l1-1-0.dll	`__acrt_iob_func` `__p__commode` `__stdio_common_vfprintf` `__stdio_common_vfscanf` `_set_fmode` `getchar`
api-ms-win-crt-runtime-l1-1-0.dll	`__p___argc` `__p___argv` `_c_exit` `_cexit` `_configure_narrow_argv` `_crt_atexit` `_exit` `_get_initial_narrow_environment` `_initialize_narrow_environment` `_initialize_onexit_table` `_initterm` `_initterm_e` `_register_onexit_function` `_register_thread_local_exe_atexit_callback` `_seh_filter_exe` `_set_app_type` `exit` `terminate`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `free` `malloc`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-utility-l1-1-0.dll	`rand`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x87`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.66463`
MD5	`d531bf1544c19ee7c3dc477d8fd9c302`
SHA1	`3120b5f05a48d41b42e8542d23725c98e1af83b9`
SHA256	`39abce8cd98964b342942a3770e2ce865cda054577ddc4b790ccc0ece897a371`
SHA3	`892e36cfcac6e08d443805d5b103b9b2be2f46665b35309eb4561d0f8bb18d88`

Version Info

TLS Callbacks

StartAddressOfRawData	`0x140010000`
EndAddressOfRawData	`0x140010001`
AddressOfIndex	`0x14000cc70`
AddressOfCallbacks	`0x14000aaf8`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_1BYTES`
Callbacks	`0x0000000140008910`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14000cc28`

RICH Header

ec7d80cf9687d5aef1c60a3fbe7718fa

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.00cfg

.retplne

.tls

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors