Manalyze report for f5314c8a47bd027575a55bb27c531965

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2019-Aug-06 14:36:49
TLS Callbacks	2 callback(s) detected.
Debug artifacts	Embedded COFF debugging symbols

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES`
Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata` `Unusual section name found: /4` `Unusual section name found: /19` `Unusual section name found: /35` `Unusual section name found: /51` `Unusual section name found: /63` `Unusual section name found: /77` `Unusual section name found: /89` `Unusual section name found: /102` `Unusual section name found: /113` `Unusual section name found: /124` `Unusual section name found: /138`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryW` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Leverages the raw socket API to access the Internet: WSAGetOverlappedResult`
Suspicious	The file contains overlay data.	`220953 bytes of data starting at offset 0x39c800.`
Suspicious	VirusTotal score: 2/69 (Scanned on 2019-09-05 02:13:31)	`APEX: Malicious` `DrWeb: Trojan.Ebowla.3`

Hashes

MD5	`f5314c8a47bd027575a55bb27c531965`
SHA1	`2f475341d94eaf561877917575233ea003ef69d3`
SHA256	`772c5f597415c554636e9318b523bcd7ca4b12195238578f5d9c414729b712c3`
SHA3	`26994a92202c4d4213f77b265d2d16554fab03848e34027bdeb49247d6f29568`
SSDeep	`98304:sMtHPgix2Gbv3nhXN4vrNYnin4SP5dAQx6dAQxvbxUuH:p5PgigE3b`
Imports Hash	`aa63209e6bb0fe62c7c11760320f9b5a`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`20`
TimeDateStamp	2019-Aug-06 14:36:49
PointerToSymbolTable	`0x39c800`
NumberOfSymbols	`6220`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0xb0400`
SizeOfInitializedData	`0x1aca00`
SizeOfUninitializedData	`0x1e000`
AddressOfEntryPoint	`0x00000000000014E0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x3c7000`
SizeOfHeaders	`0x600`
Checksum	`0x3dc397`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`468e8f9a14f7f61c1030777b2689d334`
SHA1	`66758dce44a6316eac539c92e2a056906a94bafa`
SHA256	`30263e2c6d45beaffd645315c9df0d20fa014088d9e4f06356b749472badd89e`
SHA3	`e655938138aadb896c9be41550e909fd37c5e95e9ccd8036444f2ea433502a8c`
VirtualSize	`0xb0380`
VirtualAddress	`0x1000`
SizeOfRawData	`0xb0400`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.95387`

.data

MD5	`045f69a3e6c95bf2b8584594173f9a60`
SHA1	`3a8ca696ebb33a17e44c0ebd25f7b35d7cabbb81`
SHA256	`f0854f428d065519eda0a7fc907c77705a9ccaf9f91afd2b13446ae5ebd9ce89`
SHA3	`5979fa2cb6b0a7908f54cf54d21a455104d58d1d1de3e0a2dad69a14f0dd868f`
VirtualSize	`0x170b0`
VirtualAddress	`0xb2000`
SizeOfRawData	`0x17200`
PointerToRawData	`0xb0a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.68363`

.rdata

MD5	`9b97aba6f633a913a440ccdf4206c0cb`
SHA1	`5c2e76c70534a81097b875352358c283602dd742`
SHA256	`4005261352976606cf6e0893475f5caae12dc309de8a71f73e6bd13212f78731`
SHA3	`175724a97df89777a3398ff4948508f98177950e206b9604cb212b3bdb12f453`
VirtualSize	`0xe3510`
VirtualAddress	`0xca000`
SizeOfRawData	`0xe3600`
PointerToRawData	`0xc7c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.13279`

.pdata

MD5	`d6df3abfa2e32d5b2cdd4d57ae93f056`
SHA1	`b407a073b357e7cbc1555c00c6b0bbdaa376cbac`
SHA256	`440d72870e3ccff2069002f0aad7922da1cb1626d6e3c66868cb347ab7483387`
SHA3	`3c77b268ce3d987bffd5e18239ab8b08789eeac91012756238201b70f59e9af5`
VirtualSize	`0x438`
VirtualAddress	`0x1ae000`
SizeOfRawData	`0x600`
PointerToRawData	`0x1ab200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.92301`

.xdata

MD5	`8509655355f40c47cb768206055253f0`
SHA1	`8f9c190c58b0f948ebce2453934483ad3abe9082`
SHA256	`1dbce112aeb35be5652b33442a8c151276c44212897b32176d446d1433af70b2`
SHA3	`af1ef58977fd45442d2ddade0d48bb0bfe6658dc7805b74ee246f26184a1d75d`
VirtualSize	`0x38c`
VirtualAddress	`0x1af000`
SizeOfRawData	`0x400`
PointerToRawData	`0x1ab800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.70014`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x1defc`
VirtualAddress	`0x1b0000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`2aff1c96b652778b5d559aabe713bfa1`
SHA1	`c0da58a1e66ffa210db091547ee3296e9495704f`
SHA256	`f570d6c279373dcdd91d2f11828e0f57d94afd904fea4ad085269e017f6d3dd3`
SHA3	`0afbf113f2a4e41af5067df5fccc79b1c719a0ad8f3942a185f2fe741709c83f`
VirtualSize	`0xecc`
VirtualAddress	`0x1ce000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x1abc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.24772`

.CRT

MD5	`e8b0e537a95876c11b1b47daff45e7b5`
SHA1	`efba7e5e357fcf725c477c4157525918129f4922`
SHA256	`da2d2b094ed342b7ea7035e0a4b047a01eb5b9b99df807ba1dde95fbd1cf99ac`
SHA3	`aa5a3b20a0f0b8e0908707470403eb77e5a7913e4c9e480ed6d2c70636893174`
VirtualSize	`0x68`
VirtualAddress	`0x1cf000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1acc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.272589`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x10`
VirtualAddress	`0x1d0000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1ace00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

/4

MD5	`0c9b5d207d970a0919fb450a0e9c6792`
SHA1	`824ef1e7259ed529d446a60407e43cd9b527fcf3`
SHA256	`34d440918aa010db9c75e8f45ec9b17617cf24ec0c990496c7d15cca2a854a90`
SHA3	`9ed67cbcb719241c6fbb7bc17356dc62f5f606cb843b581426c48900c27a7c29`
VirtualSize	`0x5c0`
VirtualAddress	`0x1d1000`
SizeOfRawData	`0x600`
PointerToRawData	`0x1ad000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.79169`

/19

MD5	`24812b41f6d1894c1dbf5e59c2c40c92`
SHA1	`58311365db04732c9d7e5fe530183e9547cdb266`
SHA256	`b4ceed362bbcbd3e34bc51b2131b3b9108add68103ee4541cc3ef0d8369195b7`
SHA3	`41c3e35eed2c0d47aff9fd285cbd4901863ec5a0b36f316a60f45a754b4376ed`
VirtualSize	`0x8f95`
VirtualAddress	`0x1d2000`
SizeOfRawData	`0x9000`
PointerToRawData	`0x1ad600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.4361`

/35

MD5	`a31c39edbf6c5c42b8ba65241be394c2`
SHA1	`ebca7de7d9163b9b69a7ffe92881e55539ecb188`
SHA256	`5f08dbdff701e982824d1f6ed109396883ea3bddd5dc24aff14be2cfe851187a`
SHA3	`e0d22ad849193b91d896cc832d7488f9a7ce21f8c0f8252df419b3344fe781e6`
VirtualSize	`0xc5e9`
VirtualAddress	`0x1db000`
SizeOfRawData	`0xc600`
PointerToRawData	`0x1b6600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.45157`

/51

MD5	`fad6b6723431f49aa11a3a6a51007192`
SHA1	`856fc5f247aab8ef231959f71d912899edf5b575`
SHA256	`589ab59f54667d5d620735dfeef9fe166490ac543fc6c4293a566ee9b09e5b3c`
SHA3	`e7603dae21a8fc86a654b061e52bed8adba7fa2b08170881a9bda8d3d0b026eb`
VirtualSize	`0xd0180`
VirtualAddress	`0x1e8000`
SizeOfRawData	`0xd0200`
PointerToRawData	`0x1c2c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.06527`

/63

MD5	`6500489694967d3c24966a6620ac45f5`
SHA1	`8ce309410124cb9bfdb6eed75e0737eac901809d`
SHA256	`1c7526abe1cca4e8b293323958ea0254e4eb06dd1f8eab0172015b73aba33ed3`
SHA3	`1a17f1e34fb6b05c5bdaf17910c17666bd4a38bce657aa9dc36b4c428962dd28`
VirtualSize	`0x32ae`
VirtualAddress	`0x2b9000`
SizeOfRawData	`0x3400`
PointerToRawData	`0x292e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.63286`

/77

MD5	`14e51ca132777713e50d53a2439c09c4`
SHA1	`b45c1476f4ba78a90ccd6250b5817b5ca5e876ca`
SHA256	`fb4c7311776c797e412b60c0af121d33c6b34982911f3d1ca1cc108a186aa2bb`
SHA3	`312fec963e11ae8ce5f7b4aca6271ac21ef91fa678a9bd8fe2a9be2b249ed697`
VirtualSize	`0x320c0`
VirtualAddress	`0x2bd000`
SizeOfRawData	`0x32200`
PointerToRawData	`0x296200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.71759`

/89

MD5	`c491bb7307fbee6ccf34c5b334073f5a`
SHA1	`521ce54c8ef1edd6639a1ae3d35ceb7345fbed49`
SHA256	`c112c858a61bef0857d7b5833f277d0eb3b859d0c920daba1388a501ff382fa1`
SHA3	`aaba988d0ea24afe49ebfbe9aef6d82294e5629c5594c3f1884331fc9eb29008`
VirtualSize	`0x16300`
VirtualAddress	`0x2f0000`
SizeOfRawData	`0x16400`
PointerToRawData	`0x2c8400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.82247`

/102

MD5	`ac2951700df7fc63330afb030850d2f7`
SHA1	`dbe9ac5958a041dbf67a1bde0c25b8e8c56df8c5`
SHA256	`1b38cce341ab66b2518546c78e5ca52488c4118eb8d6992a7e600e9331818d8e`
SHA3	`722dcd01400f8e069056c721aac8ab66d88361359fbe6b782f9ff254dd5ba0d9`
VirtualSize	`0x954`
VirtualAddress	`0x307000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x2de800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.69422`

/113

MD5	`7e7a90aa4b3e0076a109dad600bc62f1`
SHA1	`827f89ce389bf0a721d741ed29d664d3858ac427`
SHA256	`33a468d62339b9ae32e7c5a3972a70fcf5760c992edca6bd14bf967b5a19e952`
SHA3	`86be73dfb00ecbe2be1edcd50be165b827aa03af7b67947d687f98098bf12719`
VirtualSize	`0x8e869`
VirtualAddress	`0x308000`
SizeOfRawData	`0x8ea00`
PointerToRawData	`0x2df200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.57933`

/124

MD5	`73b158953d8e18ef7f16139a14b59a20`
SHA1	`5b731f422a0fef1097d247cb94c0afe2adfc4a2d`
SHA256	`b2a594162baf53e4e0fad58e68f0b03a87d44e4b71406bb9ddacdea80035a78f`
SHA3	`5c01fde83919d408a670bf6049506630b1b879dd5623c0b0aa95ba768dc705a8`
VirtualSize	`0x2e9c0`
VirtualAddress	`0x397000`
SizeOfRawData	`0x2ea00`
PointerToRawData	`0x36dc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.25836`

/138

MD5	`56d08c10aa9e5c0c3680f67f8992b3d4`
SHA1	`5c31bb8cb4724831186f4adf11b6a46cba1b7936`
SHA256	`3edf472b3815ca8cab6b3efd8773b22c8a567a0ec7f5ce7b1a9b30e2a22b0258`
SHA3	`0e65aaf1cebf5c5fcda0ebafc01834bf7378c916495ab10752a8a034209a6034`
VirtualSize	`0x2a`
VirtualAddress	`0x3c6000`
SizeOfRawData	`0x200`
PointerToRawData	`0x39c600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.73721`

Imports

KERNEL32.dll	`AddVectoredExceptionHandler` `CloseHandle` `CreateEventA` `CreateIoCompletionPort` `CreateThread` `DeleteCriticalSection` `DuplicateHandle` `EnterCriticalSection` `ExitProcess` `FreeEnvironmentStringsW` `FreeLibrary` `GetConsoleMode` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThreadId` `GetEnvironmentStringsW` `GetLastError` `GetNativeSystemInfo` `GetProcAddress` `GetProcessAffinityMask` `GetProcessHeap` `GetQueuedCompletionStatus` `GetStartupInfoA` `GetStdHandle` `GetSystemInfo` `GetSystemTimeAsFileTime` `GetThreadLocale` `GetTickCount` `HeapAlloc` `HeapFree` `InitializeCriticalSection` `IsBadReadPtr` `LeaveCriticalSection` `LoadLibraryA` `LoadLibraryW` `QueryPerformanceCounter` `RtlAddFunctionTable` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `SetConsoleCtrlHandler` `SetErrorMode` `SetEvent` `SetLastError` `SetProcessPriorityBoost` `SetUnhandledExceptionFilter` `SetWaitableTimer` `Sleep` `SwitchToThread` `TerminateProcess` `TlsGetValue` `UnhandledExceptionFilter` `VirtualAlloc` `VirtualFree` `VirtualProtect` `VirtualQuery` `WaitForSingleObject` `WriteConsoleW` `WriteFile` `__C_specific_handler` `lstrlenA`
msvcrt.dll	`__getmainargs` `__initenv` `__iob_func` `__lconv_init` `__set_app_type` `__setusermatherr` `_acmdln` `_amsg_exit` `_beginthread` `_cexit` `_errno` `_fmode` `_initterm` `_onexit` `_stricmp` `_wcsnicmp` `abort` `calloc` `exit` `fprintf` `free` `fwrite` `malloc` `mbstowcs` `memcpy` `memset` `realloc` `signal` `strlen` `strncmp` `strtol` `vfprintf` `wcstombs`
WINMM.dll	`timeBeginPeriod` `timeEndPeriod`
WS2_32.dll	`WSAGetOverlappedResult`

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData	`0x5d0000`
EndAddressOfRawData	`0x5d0008`
AddressOfIndex	`0x5cdb7c`
AddressOfCallbacks	`0x5cf040`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x00000000004AFD70` `0x00000000004AFD40`

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Tried to read outside the COFF string table to get the name of section /19!
[*] Warning: Tried to read outside the COFF string table to get the name of section /35!
[*] Warning: Tried to read outside the COFF string table to get the name of section /51!
[*] Warning: Tried to read outside the COFF string table to get the name of section /63!
[*] Warning: Tried to read outside the COFF string table to get the name of section /77!
[*] Warning: Tried to read outside the COFF string table to get the name of section /89!
[*] Warning: Tried to read outside the COFF string table to get the name of section /102!
[*] Warning: Tried to read outside the COFF string table to get the name of section /113!
[*] Warning: Tried to read outside the COFF string table to get the name of section /124!
[*] Warning: Tried to read outside the COFF string table to get the name of section /138!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF String Table's reported size is bigger than the remaining bytes!
[*] Warning: Section .bss has a size of 0!