Manalyze report for f3897d2b83f8ec347c46e7b79a715796

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	1970-Jan-01 00:00:00

Plugin Output

Suspicious	PEiD Signature:	`HQR data file`
Info	Interesting strings found in the binary:	`Contains domain names: .eq.runtime.net eq.runtime.net runtime.net type..eq.runtime.net`
Suspicious	The PE is possibly packed.	`Unusual section name found: .symtab`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA LoadLibraryW GetProcAddress` `Functions which can be used for anti-debugging purposes: SwitchToThread`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`f3897d2b83f8ec347c46e7b79a715796`
SHA1	`7e5dae089e4c372fbf0c83a48054ee209366410e`
SHA256	`dc9c1263dee024cfcf29df3e8f4ded9e84e7b27c906fba50a42ad63ae772b620`
SHA3	`7caec8d3adbaa8b5dbe82a124ff08c733ca012189221bcb28c2cd51a7f145d4a`
SSDeep	`12288:QUDEpG8/Aw6Pn3g5fq+YmoIF36dWqgjuLehwoP9I13NiM92roT8XSYHwylK19:XD4rxQnQfVjWNcPro4CkwyU19`
Imports Hash	`4035d2883e01d64f3e7a9dccb1d63af5`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0x4`
e_cparhdr	`0`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0x8b`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0x15a200`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`3.0`
SizeOfCode	`0x99e00`
SizeOfInitializedData	`0x15200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000005A6C0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.1`
ImageVersion	`1.0`
SubsystemVersion	`6.1`
Win32VersionValue	`0`
SizeOfImage	`0x1a7000`
SizeOfHeaders	`0x600`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`ff2185903a4b7a7f64692e04b04b01f1`
SHA1	`4543eb94bbd6eb6ceda4f36574eb9f2f3fb07398`
SHA256	`12e6b2c1b19e36aa6929cab6f1e00cd06cec2545881c888d00c5e7d153f61513`
SHA3	`63fc588d6de9c535587b07ad6641184be968ce51ea78cf27019b8535f008ab6f`
VirtualSize	`0x99d4a`
VirtualAddress	`0x1000`
SizeOfRawData	`0x99e00`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.92991`

.rdata

MD5	`550402ea92a8a15190322f001541ad72`
SHA1	`7bf208a4a95f465f297290fc7b2963ec93934098`
SHA256	`6f9dc21363f345560a053d8a3e32e3a40eccf7c193926cfe1ba96062785c8718`
SHA3	`c59898de6c8f4773d099578c7099371993f1431a255d20a7e2670ae1e2dd3a30`
VirtualSize	`0xa3690`
VirtualAddress	`0x9b000`
SizeOfRawData	`0xa3800`
PointerToRawData	`0x9a400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.17183`

.data

MD5	`d3bb715bd7ca8645d40191f9a9e9879f`
SHA1	`15d1a61896fcfe442ab4bd2b99ca8fdcb7bc0937`
SHA256	`7553fd331e1e86082c3f7f23813d176e9ec38cde834464b6f31b3ded93af6f0b`
SHA3	`0d7607ff0532cee139b2ee997146cc61a3cc58cc94a2c1f7ab8ace594c3c2cd0`
VirtualSize	`0x5e210`
VirtualAddress	`0x13f000`
SizeOfRawData	`0x15200`
PointerToRawData	`0x13dc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.03906`

.idata

MD5	`952d352e6b583b5dfa444920ed19e676`
SHA1	`0105931a74021e6ba9accfc950ef58867ee87638`
SHA256	`72d47488bacdc2ce2d0ab6252e36934af37ca6151c271ae3e5880de41094551f`
SHA3	`80b5802b5fa5dddaf06faf547eb3f254ace66143a5e8188389d4ebf1786b640a`
VirtualSize	`0x476`
VirtualAddress	`0x19e000`
SizeOfRawData	`0x600`
PointerToRawData	`0x152e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.56738`

.reloc

MD5	`8ed0b25a86f02975006d247cfa37b36c`
SHA1	`8a36ec31a2c31fd39dcd2512c7733b911c64f72e`
SHA256	`cf6e35241cb002bd2d6bcfb8ca5f4ff968187827d74092c952e774f92ee32c96`
SHA3	`3573cbf4276990cfc4a13cbbd87c28d908d2716c7b18b8227478afafad5572e8`
VirtualSize	`0x6d94`
VirtualAddress	`0x19f000`
SizeOfRawData	`0x6e00`
PointerToRawData	`0x153400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.44965`

.symtab

MD5	`07b5472d347d42780469fb2654b7fc54`
SHA1	`943ae54f4818e52409fbbaf60ffd71318d966b0d`
SHA256	`3e67f4a7d14b832ff2a2433e9cf0f6f5720821f67148a87c0ee2595a20c96c68`
SHA3	`a70a3e18515c06557b62676f2a8eb6d7d41962d8c9c7c49f4641c429cc65b977`
VirtualSize	`0x4`
VirtualAddress	`0x1a6000`
SizeOfRawData	`0x200`
PointerToRawData	`0x15a200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0203931`

Imports

kernel32.dll	`WriteFile` `WriteConsoleW` `WaitForMultipleObjects` `WaitForSingleObject` `VirtualQuery` `VirtualFree` `VirtualAlloc` `SwitchToThread` `SuspendThread` `Sleep` `SetWaitableTimer` `SetUnhandledExceptionFilter` `SetProcessPriorityBoost` `SetEvent` `SetErrorMode` `SetConsoleCtrlHandler` `ResumeThread` `PostQueuedCompletionStatus` `LoadLibraryA` `LoadLibraryW` `SetThreadContext` `GetThreadContext` `GetSystemInfo` `GetSystemDirectoryA` `GetStdHandle` `GetQueuedCompletionStatusEx` `GetProcessAffinityMask` `GetProcAddress` `GetEnvironmentStringsW` `GetConsoleMode` `FreeEnvironmentStringsW` `ExitProcess` `DuplicateHandle` `CreateWaitableTimerExW` `CreateThread` `CreateIoCompletionPort` `CreateEventA` `CloseHandle` `AddVectoredExceptionHandler`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

f3897d2b83f8ec347c46e7b79a715796

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.idata

.reloc

.symtab

Imports

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors