Manalyze report for ca373bbab6309dc931e3bfa3812c41d7

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2024-Apr-22 05:18:51
TLS Callbacks	3 callback(s) detected.

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`ca373bbab6309dc931e3bfa3812c41d7`
SHA1	`e8ef8a0ca9ecd98126cb419af9096ea366c5f9ec`
SHA256	`4d802cc99b5aba90591220a3333b82fc8c9a7dbbcfdc5226b539948d172e5531`
SHA3	`ee92ab6c7b1da96b53bbb803603870185d53b3cde65c5466f738b579ef971b90`
SSDeep	`24576:9f2zm8m5fbzSB+D3fEa6g/h/wX2RAyTBdkoToDkO:18m5T2wp/h/wGRAy3`
Imports Hash	`c9c5bbacfe548e4e3db362d2d1702e06`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`9`
TimeDateStamp	2024-Apr-22 05:18:51
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0xa1200`
SizeOfInitializedData	`0xcda00`
SizeOfUninitializedData	`0x1800`
AddressOfEntryPoint	`0x00000000000014E0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0xd5000`
SizeOfHeaders	`0x400`
Checksum	`0xcfe5f`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a9b257e81106a96d1719bd60fd34955e`
SHA1	`6c6bb3a8ba36b2253929dbced8e84693e17ff018`
SHA256	`8d4240ed72637cdbe8a7ec4e423138f1aaba6e167e4002d23d583d4c5acef51f`
SHA3	`a5df5a1ba5de31052930f17a3695f41ee60362b983108ae255069cfa08ec6fe6`
VirtualSize	`0xa1120`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa1200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.11944`

.data

MD5	`1cb4bd182b303cb02632b5432fa9ee2d`
SHA1	`f63dc62633388daafb6db392245a49bd08320c70`
SHA256	`0ecb96ba3405f9e0dcd8aa6ff873d0e8637d4fd72bdc3c7ba7deab856d60d1f6`
SHA3	`a6b319240bfb09c609d387ccca1072760246b1dee47d0eb2c5aa788743291e4a`
VirtualSize	`0x2ee0`
VirtualAddress	`0xa3000`
SizeOfRawData	`0x3000`
PointerToRawData	`0xa1600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.248391`

.rdata

MD5	`1b3027882631832128e6e2322f76b411`
SHA1	`338b3054974fb2e09598bcf761e91e0cf0d97dcd`
SHA256	`60246c17bc1892df4023c71d010db7589453a58cfa510db35c32f5bd579c9692`
SHA3	`d8c7965a2bb488a975f2a38b875f495471ce26b29f3b4e7f3afa151d7e1b22f9`
VirtualSize	`0xe580`
VirtualAddress	`0xa6000`
SizeOfRawData	`0xe600`
PointerToRawData	`0xa4600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.27136`

.pdata

MD5	`5d8d66a9c5e87357d6ddeea6fe88b24b`
SHA1	`4ed31c4236db24ead6ccbb9b3231a24e50563b9f`
SHA256	`9e6902ef7d3a278b9cf90b0b434e0dbe9a0fa8b8cd02dbc45ffea34b4f652eb8`
SHA3	`5f4a0e1588092663e22941cc6305b3b1c1ad936c0bed8dc5b9237d7c21c66e2d`
VirtualSize	`0xaf20`
VirtualAddress	`0xb5000`
SizeOfRawData	`0xb000`
PointerToRawData	`0xb2c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.86402`

.xdata

MD5	`4cbae23c7848cb513970ebfae102b611`
SHA1	`c3e6679156faa9437cb315996ff0b97f393fb657`
SHA256	`1c2ba55a547e83fe839d481161203a0f1efba215c76dedd20f7a8b6cb7911b8c`
SHA3	`e7ed5b970e953ae26abac6061ac6146e689b4201b007f849dac9eb2bd380c4ed`
VirtualSize	`0xe9ec`
VirtualAddress	`0xc0000`
SizeOfRawData	`0xea00`
PointerToRawData	`0xbdc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.80011`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x1620`
VirtualAddress	`0xcf000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`09fdbe15e01d638b191b5988d0ce8955`
SHA1	`2b1e4397e34a4a1493095dc51255288ac7fc75ec`
SHA256	`774549dfe9150aa2dd39052b7f5d7e05dc96f80df99eca87ff0b85051784ba23`
SHA3	`6f7f7b2a6e7b21a1e9696aeaac326e92ede1b44b1be2a3830c22cb000cece0a4`
VirtualSize	`0x13ac`
VirtualAddress	`0xd1000`
SizeOfRawData	`0x1400`
PointerToRawData	`0xcc600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.46013`

.CRT

MD5	`92383561c921f4da8788a66b02b246a2`
SHA1	`eb34f8351315c5e7a3070a0dee60fce1df2384fc`
SHA256	`fc083db519db5fbf6be2bd81fc57aa6cd65adfee17b0d1d4fbae09bd3f33c5ec`
SHA3	`7ef9bb680e3220dbe65c4dcc1fd86f8910810011050311781f56766b4542dec5`
VirtualSize	`0x70`
VirtualAddress	`0xd3000`
SizeOfRawData	`0x200`
PointerToRawData	`0xcda00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.326449`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x10`
VirtualAddress	`0xd4000`
SizeOfRawData	`0x200`
PointerToRawData	`0xcdc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

Imports

KERNEL32.dll	`AddVectoredExceptionHandler` `CloseHandle` `CreateEventA` `CreateSemaphoreA` `DeleteCriticalSection` `DuplicateHandle` `EnterCriticalSection` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThread` `GetCurrentThreadId` `GetHandleInformation` `GetLastError` `GetProcessAffinityMask` `GetStartupInfoA` `GetSystemTimeAsFileTime` `GetThreadContext` `GetThreadPriority` `GetTickCount` `InitializeCriticalSection` `IsDBCSLeadByteEx` `IsDebuggerPresent` `LeaveCriticalSection` `MultiByteToWideChar` `OutputDebugStringA` `QueryPerformanceCounter` `RaiseException` `ReleaseSemaphore` `RemoveVectoredExceptionHandler` `ResetEvent` `ResumeThread` `RtlAddFunctionTable` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlUnwindEx` `RtlVirtualUnwind` `SetEvent` `SetLastError` `SetProcessAffinityMask` `SetThreadContext` `SetThreadPriority` `SetUnhandledExceptionFilter` `Sleep` `SuspendThread` `TerminateProcess` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TryEnterCriticalSection` `UnhandledExceptionFilter` `VirtualProtect` `VirtualQuery` `WaitForMultipleObjects` `WaitForSingleObject` `WideCharToMultiByte`
msvcrt.dll	`__C_specific_handler` `___lc_codepage_func` `___mb_cur_max_func` `__doserrno` `__getmainargs` `__initenv` `__iob_func` `__lconv_init` `__pioinfo` `__set_app_type` `__setusermatherr` `_acmdln` `_amsg_exit` `_beginthreadex` `_cexit` `_endthreadex` `_errno` `_fdopen` `_filelengthi64` `_fileno` `_fileno` `_fmode` `_fstat64` `_getch` `_initterm` `_lseeki64` `_onexit` `_read` `_setjmp` `_strdup` `_strnicmp` `_ultoa` `_write` `_write` `abort` `calloc` `exit` `fclose` `fflush` `fgetpos` `fopen` `fprintf` `fputc` `fputs` `fread` `free` `fsetpos` `fwrite` `getc` `getwc` `isspace` `iswctype` `localeconv` `longjmp` `malloc` `memchr` `memcmp` `memcpy` `memmove` `memset` `printf` `putc` `putwc` `rand` `realloc` `setlocale` `setvbuf` `signal` `sprintf` `strcmp` `strcoll` `strerror` `strftime` `strlen` `strncmp` `strtoul` `strxfrm` `towlower` `towupper` `ungetc` `ungetwc` `vfprintf` `wcscoll` `wcsftime` `wcslen` `wcsxfrm`

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData	`0x4d4000`
EndAddressOfRawData	`0x4d4008`
AddressOfIndex	`0x4cf6fc`
AddressOfCallbacks	`0x4d3040`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x000000000040B3C0` `0x000000000040B390` `0x0000000000419510`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!