Manalyze report for ff3b802e386ae4b65924a57c1ff166ec

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2024-Jun-20 08:02:30
Detected languages	English - United States

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses known Diffie-Helman primes` `Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found: .gxfg` `Unusual section name found: .retplne` `Unusual section name found: .7Db`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Can access the registry: RegGetValueA` `Uses Microsoft's cryptographic API: CryptAcquireContextW CryptGenRandom CryptReleaseContext` `Leverages the raw socket API to access the Internet: WSAGetLastError closesocket getsockopt recv recvfrom send sendto setsockopt`
Malicious	VirusTotal score: 12/74 (Scanned on 2024-07-07 14:22:54)	`APEX: Malicious` `Antiy-AVL: GrayWare/Win32.Wacapew` `Bkav: W64.AIDetectMalware` `CrowdStrike: win/malicious_confidence_60% (D)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `Gridinsoft: PUP.Win64.Wacapew.cl` `Malwarebytes: Malware.AI.4293925754` `Microsoft: PUA:Win32/Packunwan` `Skyhigh: BehavesLike.Win64.Downloader.tc` `Sophos: Generic ML PUA (PUA)` `Symantec: ML.Attribute.HighConfidence`

Hashes

MD5	`ff3b802e386ae4b65924a57c1ff166ec`
SHA1	`17a9b4dbb7fbee10a7efa09616799af7b5ea0e46`
SHA256	`d88fd0eb47dc0dbeae83debc504d19ef6ccc17ef4e35c567a376b00ca753a6f1`
SHA3	`f9fb39c800c01bd6a355d24681e2e9785e1b34c1b60726fd2b3bbc07f38e5b0d`
SSDeep	`49152:7f9RWb2ny+KmcFRVy0dd917yrr7rbQJy4kPFM8:7fGb2BKmcEjzk`
Imports Hash	`9b587d8a7b9a60c05d446bccfb3a2bcd`

DOS Header

e_magic	`MZ`
e_cblp	`0x78`
e_cp	`0x1`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0`
e_ss	`0`
e_sp	`0`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x78`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`11`
TimeDateStamp	2024-Jun-20 08:02:30
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xd1200`
SizeOfInitializedData	`0x35400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000A6AD0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x1cf000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`8a056fa9ffb8d60a533dc49642280510`
SHA1	`a9a35e3bed0b4647c589b2fec63c403bc73a1b30`
SHA256	`3e53799fefa50a3b87f64a915014eeed34fcd4b314f3cfc6ce1e6119a41f43cd`
SHA3	`1a9a574faab87a5b90c78dda5954e33289c521519edbbcaad3dcc068fc9f834b`
VirtualSize	`0xd119a`
VirtualAddress	`0x1000`
SizeOfRawData	`0xd1200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.75159`

.rdata

MD5	`47635cba8a6dc66170346024d9d5ec4f`
SHA1	`bc5a0046c1a334e2d46de22d7f8782961f3824fa`
SHA256	`a10af492a760047a71330556b1f3094789368a457aace5a385b1275ed98d3c9c`
SHA3	`e913508e2221ffcf50da8ed92d02caa1d40e5901371660538ff7cf644a0e7294`
VirtualSize	`0x2a1ac`
VirtualAddress	`0xd3000`
SizeOfRawData	`0x2a200`
PointerToRawData	`0xd1600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.96659`

.data

MD5	`d22c90d60440349065a3f71e63d30ba9`
SHA1	`e4cc8fbaaebceccad5041f38f6fb6f168b2e2cc2`
SHA256	`189055783b70fbf286badd6fb4eb8af8becc14092ba40446cf8707f6c36205fa`
SHA3	`9c7bbe02fea704fbf30405e317e76ffb85c6c37b1ebce0894b31f17e37d9d1fa`
VirtualSize	`0xa3c0`
VirtualAddress	`0xfe000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0xfb800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.30375`

.pdata

MD5	`5edf07f72326d5fed10cee347f44d7cf`
SHA1	`3cbd0deb5621f592d5175391d744988e397d90c0`
SHA256	`bb3f549ac4f2d7427f25d1f5d49cd40904291d56b1c15262b4eaea613b6c2d26`
SHA3	`e0df9f2704711944d669f28112374b64c2df58a86f606d4ed535149be6973105`
VirtualSize	`0x507c`
VirtualAddress	`0x109000`
SizeOfRawData	`0x5200`
PointerToRawData	`0xfd400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.8946`

.00cfg

MD5	`5242a5f47dd1f839e8ac73da6e1f94e8`
SHA1	`6f363eea475dec0b0fe3aa91f7fae0d6ad7bbd60`
SHA256	`fd6a3c55084c16b9f728bb8fec3d78325562f858e6875e3ab021f0dc7e484be0`
SHA3	`c581d95c1e16739be5a297b2f531c3560697c930921f8f146ca2d95c28adaece`
VirtualSize	`0x38`
VirtualAddress	`0x10f000`
SizeOfRawData	`0x200`
PointerToRawData	`0x102600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.498746`

.gxfg

MD5	`44950bda6daf202acd22a2a9f3e54b90`
SHA1	`54e7c8b5f2d0404f49eebddbd0ee047627ecac9a`
SHA256	`6575ce9d19aa12716d9edd221ace8a548b2048cc0707bec89b37233dd85ce100`
SHA3	`8464cee9b10e0ad9e204893410eba4831b37278ff5f440331ce03e78e9425ad2`
VirtualSize	`0x2540`
VirtualAddress	`0x110000`
SizeOfRawData	`0x2600`
PointerToRawData	`0x102800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.13313`

.retplne

MD5	`8c950f651287cbc1296bcb4e8cd7e990`
SHA1	`018fcd27ff9f8487c792aecf902a516f00c03d18`
SHA256	`15163cfff9feb802c2e7699f17e01245e54304d28a1650c79f9237de661774e0`
SHA3	`5b66ec3ad2d5f760e44bb32dd7acc837d5364d21154bccafc1c375d2993cd545`
VirtualSize	`0x8c`
VirtualAddress	`0x113000`
SizeOfRawData	`0x200`
PointerToRawData	`0x104e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`(EMPTY)`
Entropy	`1.05058`

_RDATA

MD5	`bf29ff7ea94d7b2e3454b49bac2d1fb9`
SHA1	`cbf0ccf2cf39494f966aeacb6846ba441df4e10a`
SHA256	`5c1f62866aef7e93637bf306e9405bec390a4367db5f506fea6ae7b3509b4b35`
SHA3	`c5783e68a7daab59b2d9c92ec29f9cf7d88a66ce7dc6cf31d184d33561abc0cb`
VirtualSize	`0x1f4`
VirtualAddress	`0x114000`
SizeOfRawData	`0x200`
PointerToRawData	`0x105000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.23061`

.7Db

MD5	`7b1cf4445f9db42041fa6da6ebf4479c`
SHA1	`bb5dbf93083eb3750dedcae53ed3b9331bf2d333`
SHA256	`1feb469ed5e4cb7c4535b25d3ed4ba46d460fbe1b01089ad22a9d6c0981481ba`
SHA3	`a5bdd0a2aa288432ae060c078025694a087104144329fc2e807cc5e0a757ea7f`
VirtualSize	`0xb6610`
VirtualAddress	`0x115000`
SizeOfRawData	`0xb6800`
PointerToRawData	`0x105200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`7.26724`

.rsrc

MD5	`bba7f71a746cc140d7209ee5d00cf3b0`
SHA1	`3ea43002764426f95e247980bc22c6c7b1d3991b`
SHA256	`c56533ecef40650329631d6cc67a2a8671191a13105b05f151db431a800f3555`
SHA3	`40049f7222574a29d5ff2bb594e0564e129be59173324ac8fadfdf6712c5bc5f`
VirtualSize	`0x1a6`
VirtualAddress	`0x1cc000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1bba00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.25559`

.reloc

MD5	`ee48d0f3e37588b5ba4e0f73cc5bb61c`
SHA1	`0fcee2a9924a438b8a1d3d3f634a608b666a6a17`
SHA256	`889dd45fc31a72a9a977b4d4b425b6286ab39d0b75bad3b189c4d799c8cc10a9`
SHA3	`002f07098243151b726e1c7795d4e816e1c839e7818fe301a4416dad4613f80b`
VirtualSize	`0x1778`
VirtualAddress	`0x1cd000`
SizeOfRawData	`0x1800`
PointerToRawData	`0x1bbc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.46114`

Imports

ADVAPI32.dll	`CryptAcquireContextW` `CryptGenRandom` `CryptReleaseContext` `RegGetValueA`
KERNEL32.dll	`CloseHandle` `CompareStringW` `CreateFileA` `CreateFileW` `DecodePointer` `DeleteCriticalSection` `DeviceIoControl` `EncodePointer` `EnterCriticalSection` `EnumSystemLocalesW` `ExitProcess` `FindClose` `FindFirstFileExW` `FindNextFileW` `FlsAlloc` `FlsFree` `FlsGetValue` `FlsSetValue` `FlushFileBuffers` `FreeEnvironmentStringsW` `FreeLibrary` `GetACP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `GetConsoleMode` `GetConsoleOutputCP` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThreadId` `GetEnvironmentStringsW` `GetFileSizeEx` `GetFileType` `GetLastError` `GetLocaleInfoW` `GetModuleFileNameW` `GetModuleHandleExW` `GetModuleHandleW` `GetOEMCP` `GetProcAddress` `GetProcessHeap` `GetStartupInfoW` `GetStdHandle` `GetStringTypeW` `GetSystemTimeAsFileTime` `GetUserDefaultLCID` `HeapAlloc` `HeapFree` `HeapReAlloc` `HeapSize` `InitializeCriticalSection` `InitializeCriticalSectionAndSpinCount` `InitializeCriticalSectionEx` `InitializeSListHead` `IsDebuggerPresent` `IsProcessorFeaturePresent` `IsValidCodePage` `IsValidLocale` `LCMapStringEx` `LCMapStringW` `LeaveCriticalSection` `LoadLibraryExW` `MultiByteToWideChar` `QueryPerformanceCounter` `QueryPerformanceFrequency` `RaiseException` `ReadConsoleW` `ReadFile` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlPcToFileHeader` `RtlUnwind` `RtlUnwindEx` `RtlVirtualUnwind` `SetEndOfFile` `SetEnvironmentVariableW` `SetFilePointerEx` `SetLastError` `SetStdHandle` `SetUnhandledExceptionFilter` `TerminateProcess` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `UnhandledExceptionFilter` `WideCharToMultiByte` `WriteConsoleW` `WriteFile`
WS2_32.dll	`WSAGetLastError` `closesocket` `getsockopt` `recv` `recvfrom` `send` `sendto` `setsockopt`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.69958`
MD5	`90f737e4b755f2b64400295bcd1ea45b`
SHA1	`1e4860322acf7345dc475bf766f18b87a2b3fa5c`
SHA256	`7217e97adba147797eea3111892da065eec4af2ad69c75650c33e4ff5af4a5b2`
SHA3	`dfc62b050bb8954118644f5d1027259e2164a33ec5ec906f0741693f7af17c48`

Version Info

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1400fe980`

RICH Header

ff3b802e386ae4b65924a57c1ff166ec

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.00cfg

.gxfg

.retplne

_RDATA

.7Db

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors