Manalyze report for f980e10a1b5e4639a299f2eec911a0aa

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2023-Sep-13 17:47:34
Detected languages	English - United States

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: github.com https://github.com`
Suspicious	The PE is possibly packed.	`The PE only has 1 import(s).`
Suspicious	The PE is possibly a dropper.	`Resources amount for 98.507% of the executable.`
Safe	VirusTotal score: 0/71 (Scanned on 2023-09-19 01:02:08)	`All the AVs think this file is safe.`

Hashes

MD5	`f980e10a1b5e4639a299f2eec911a0aa`
SHA1	`9567ca4d7fabf97d534dadcceaf06b48972dd0bf`
SHA256	`d7c8c9070ee14893f0d803e7c14ba0cc1db06e848f4566e018e9a7e0b0c933f9`
SHA3	`dac20cf9027d6a48fc1783fcd7a035802c6062a8512ad91917cb044237c2ebee`
SSDeep	`384:uN7ziSmUj6Q/0Baxc8IcbUi+7AOv6HMf82utc2NECzXpQT34aOe9sRS872UVTSI:uN7ziSmUjzfE6y34arSlay34abmn`
Imports Hash	`f12299573f995fc0c70b04fabebb3e6c`

DOS Header

e_magic	`MZ`
e_cblp	`0`
e_cp	`0`
e_crlc	`0`
e_cparhdr	`0`
e_minalloc	`0`
e_maxalloc	`0`
e_ss	`0`
e_sp	`0`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x40`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`4`
TimeDateStamp	2023-Sep-13 17:47:34
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`11.0`
SizeOfCode	`0x200`
SizeOfInitializedData	`0x46ca0`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000004A000 (Section: .text)`
BaseOfCode	`0x4a000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.2`
ImageVersion	`0.0`
SubsystemVersion	`6.2`
Win32VersionValue	`0`
SizeOfImage	`0x4b000`
SizeOfHeaders	`0x600`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_APPCONTAINER` `IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0`
SizeofHeapCommit	`0`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.rdata

MD5	`a09d30fda6eb7db955068128b608f20e`
SHA1	`b85fad8950c066459c1142c88f036778cdc3405a`
SHA256	`b19a857936fdb2553ef590c57b9649dd9bfc17337926be316de7e7f4301d5438`
SHA3	`28f38b5d35d0abf8ee09d7b8690ae01f9e3f7345fe2b5d2c76173bc418ce4bcc`
VirtualSize	`0x7c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x200`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_128BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.994329`

.data

MD5	`5db8dfa7fc0ca4cabe12dc6b56bb78ad`
SHA1	`145acd611afcbc7139995ee96eefd09b47698ef8`
SHA256	`ebe6b959826ef4f646102e8ebb40669c590333e29cf99d0d759c6275d060a8cc`
SHA3	`50f3ad57c8071f1218a0508639a26bdb06984ff9aa16e2b78985e684267f5f87`
VirtualSize	`0x18`
VirtualAddress	`0x2000`
SizeOfRawData	`0x200`
PointerToRawData	`0x800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0407808`

.rsrc

MD5	`bc83acb2cd2b1e749550593e68fe0b85`
SHA1	`fbc536909932f9d786f2cb3f3a6ff10aedfa31b9`
SHA256	`c0b986ac9adf37a234a898876dfc89b47da486e91fc1f6f00725341b22794ce9`
SHA3	`a0323a669b07f93761d8cf1146a5e9b6d3b96c63169430493304c1baa680bc3a`
VirtualSize	`0x46c0c`
VirtualAddress	`0x3000`
SizeOfRawData	`0x46e00`
PointerToRawData	`0xa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.7713`

.text

MD5	`e7ea2cfd88fec5b59f7b0198829e911a`
SHA1	`922e614a05aa472f3bc46b15f48272d2ff6a6dd7`
SHA256	`2272d18a4af708be7f023a4e6eb4c5191d05cf159dc7afd32d85a3d9a8a4ead8`
SHA3	`2512db94629aa6f7e1f74558a4c7c8f24f4993eb602a063881b0467d577687c6`
VirtualSize	`0x8`
VirtualAddress	`0x4a000`
SizeOfRawData	`0x200`
PointerToRawData	`0x47800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`0.155178`

Imports

WhatsApp.dll	`RHBinder__ShimExeMain`

Delayed Imports

1

Type	`NETNATIVEBUILDINFO`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3d94`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.11029`
MD5	`a331819a3b77f45c0477f8fdc2a4f83a`
SHA1	`f2027cd3709bbfa1e125a802840873c8827c5b56`
SHA256	`5834a7cfb1c05bf52439002632325adf14daa46cd76d276a39ec7560b8efce4c`
SHA3	`cf5738a54c40f42d90116319598660dfc25ebce3da57c0de10cbc4b40f58428d`

1 (#2)

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1082c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.31362`
MD5	`65258bfa6dda4c1344b551cfc132715a`
SHA1	`0a972555abbe0229cae0e1f51d30ff36af2aa54a`
SHA256	`fa2fd28057660c7b60fc04732bc65556641fcefe10828f59a392e7068ec8f58b`
SHA3	`53b9f98cb6855761b2e872c0b3fbd92e98ddebe5c85a289442e98f88a07bb357`

2

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.2677`
MD5	`9a67d86f841108519494e6ecad25559d`
SHA1	`fec972549db1fa0e2a63ee29c67b99a2eb696be7`
SHA256	`483a59dfcd7e315ce968151f6ae97631733b55ffb5061f2fcb5cdd292df4b9d6`
SHA3	`74f2b596f7a55c21e64ae4ad300d54d1f2f91383550e1964c66be64e994dd48b`

3

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x422c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.43487`
MD5	`cb40dfac1067dba9df6a1b02fc515d67`
SHA1	`9a8978766a65abbb46efd8e2b481a2dc7200a8a3`
SHA256	`675e24259053419f74e0bb9b97de3da4bfada4ef808356d3fae6c5fc8aa1ae5d`
SHA3	`94bb26e658ef4456d7f4618b7fd5095fbdf1aaf09bca95edad8fe2195aad384f`

4

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.432`
MD5	`72ce65c8653dc809c63a021d93b5ca2d`
SHA1	`4b5a0f66f083d0fd8fa7f6d4b613ef52a5cfece2`
SHA256	`f2a5f99250ac2daf7e4697011e461d3d4fd0e87a90f2f05096f6b8aaafc92368`
SHA3	`72a6840839c71de08d81a71fd0d1734a20784c1dd8c9e08d463e1fed5f978047`

5

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.87674`
MD5	`e670ff2c43887f8f22df5511df958924`
SHA1	`c5b4b22eadfe622228b71e0d2133a8e673b15313`
SHA256	`27e602c7ae6160568707042ec6f32c8288b0a1c143513e35691b03e1a7328ced`
SHA3	`db345f2872e25b4dc6bf49f461bcb9955b38b153d87a510f4f7ced7e3bcdc2d4`

6

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1082c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.22292`
MD5	`4e1597a4a6915c7d8ed1ca02dc61aeeb`
SHA1	`0232d1bd6b1acf038c65ebe87aaa4de508722211`
SHA256	`1464b71f656c132e076d8ffa98f4a8fe088873a67e352a29638d24d24ca41270`
SHA3	`8c627c1274401249e8808ee9c386e58015bdc9f451f7ea42b64dcc1991e9fe8e`

7

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.11599`
MD5	`4081ac62499f4eaad9b9f7cb2f943d39`
SHA1	`66bd466e14c14a114806f8d9192bf5250320af6e`
SHA256	`3863ab82cc06e95820b8fd36c5dbafef20d89ffae585c51cfcd0ec776db044fb`
SHA3	`ab104770f7d20282632651a6acda8f0933d2b1fd30f933e905ca6d0721ef4c3d`

8

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x422c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.29518`
MD5	`78819ffc440057fd1c4dbe620c23bdd9`
SHA1	`fa1e94329cfcc2dd82b8d0ad02ff066385d3da79`
SHA256	`544c9d95a8aa21b51d58ee45a6735bc02f6c19587c3d006cf5e081745edc4353`
SHA3	`d9f36c345f65f62a8bbfffd8910bfbd805978bcff02dd4dc9617b8f0f01e3efd`

9

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.26074`
MD5	`1d3234f27a270ddb8d1f4c953efef2ab`
SHA1	`61f8070becb3da2f4b393d2909d5b0a6f6609279`
SHA256	`9c877c640ec9adad54531b653e081e3f309e4acaa5273c287bd7eae5715713da`
SHA3	`8cacead45f10af9e1812df5f4e837bcc4b20915ad971c3cbaedde03c0f271df6`

10

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.69652`
MD5	`01f91b2810bf5bb1e8fa2fc5e3914b09`
SHA1	`f0c4d2ccdc7ec23d19f6566a9bb3880402f54a9f`
SHA256	`de82f94b17d246c9e9b176f15dbe87ecc0e00a60ddf0b1e2f59089c050e2ae5c`
SHA3	`3220a2bf8c1182036707139bd10f206ed60661310630ca3d7a6a2add6d35075b`

101

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.88364`
Detected Filetype	Cursor file
MD5	`64be80bc62d82d6e4c471c39d5822349`
SHA1	`3191a41cfb1a8860f705477d9744227bb2897fe5`
SHA256	`20ec7252448061aaf0681fdf25bf361584bb435df29709a17a6a361446633d25`
SHA3	`cca8c7c1323751c9f4ac44521a25c91cd3d8e7e758e645d9185f31ef1f58ce0d`
Preview

102

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.96717`
Detected Filetype	Cursor file
MD5	`5f89a56356a16fffa14a4bb4f6cf7cdd`
SHA1	`dadcbea5245122d052f2218a1c3a4110be1a926c`
SHA256	`10ec750b10afb8ade7d9a9e1bb3dce76f3dfd8a1ef5a198545ab870842421c2a`
SHA3	`284ee77fc7ad003d61eadc4468a293ee9d5358caa1e79ef6b93ca9c4a849f52c`
Preview

Version Info

TLS Callbacks

Load Configuration

RICH Header

f980e10a1b5e4639a299f2eec911a0aa

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.rdata

.data

.rsrc

.text

Imports

Delayed Imports

1

1 (#2)

2

3

4

5

6

7

8

9

10

101

102

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors