Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 1970-Jan-01 00:00:00 |
TLS Callbacks | 2 callback(s) detected. |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
May have dropper capabilities:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 Uses constants related to SHA1 Uses constants related to SHA256 Uses constants related to SHA512 Uses constants related to AES Uses constants related to Blowfish Uses known Diffie-Helman primes Microsoft's Cryptography API |
Suspicious | The PE is possibly packed. | Unusual section name found: .buildid |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Safe | VirusTotal score: 0/71 (Scanned on 2024-04-23 12:23:49) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x78 |
e_cp | 0x1 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0 |
e_ss | 0 |
e_sp | 0 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x78 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 7 |
TimeDateStamp | 1970-Jan-01 00:00:00 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x6cc200 |
SizeOfInitializedData | 0x1c3400 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000000000001350 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x89f000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
api-ms-win-crt-heap-l1-1-0.dll |
_set_new_mode
calloc free malloc realloc |
---|---|
api-ms-win-crt-private-l1-1-0.dll |
__C_specific_handler
memchr memcmp memcpy memmove strchr strrchr strstr wcsstr |
api-ms-win-crt-runtime-l1-1-0.dll |
__p___argc
__p___argv __p___wargv _assert _beginthread _cexit _configure_narrow_argv _configure_wide_argv _crt_at_quick_exit _crt_atexit _endthread _errno _exit _getpid _initialize_narrow_environment _initialize_wide_environment _initterm _set_app_type _set_invalid_parameter_handler abort exit raise signal strerror |
api-ms-win-crt-stdio-l1-1-0.dll |
__acrt_iob_func
__p__commode __p__fmode __stdio_common_vfprintf __stdio_common_vfwprintf __stdio_common_vsprintf __stdio_common_vsscanf __stdio_common_vswprintf _chsize _close _fileno _getcwd _locking _lseek _lseeki64 _open _read _setmode _wfopen _write fclose feof ferror fflush fgetc fgets fopen fputc fputs fread fseek ftell fwrite getc puts setvbuf ungetc |
api-ms-win-crt-string-l1-1-0.dll |
_strdup
_stricmp _strnicmp isdigit isspace isxdigit mbrlen memset strcat strcmp strcpy strcspn strlen strncmp strncpy strpbrk strspn tolower wcscpy wcslen |
KERNEL32.dll |
AcquireSRWLockExclusive
AcquireSRWLockShared CloseHandle ConvertFiberToThread ConvertThreadToFiberEx CreateFiberEx CreateFileA CreateFileMappingA CreateIoCompletionPort CreateNamedPipeA CreateProcessA CreateSemaphoreA CreateWaitableTimerA DeleteCriticalSection DeleteFiber EnterCriticalSection FindClose FindFirstFileA FindFirstFileW FindNextFileA FindNextFileW FormatMessageA FormatMessageW FreeLibrary GetACP GetConsoleMode GetCurrentProcess GetCurrentProcessId GetCurrentThreadId GetEnvironmentVariableW GetExitCodeProcess GetFileSize GetFileType GetLastError GetModuleFileNameA GetModuleHandleA GetModuleHandleExW GetModuleHandleW GetProcAddress GetQueuedCompletionStatus GetStdHandle GetSystemDirectoryA GetSystemInfo GetSystemTime GetSystemTimeAsFileTime GetTickCount GetTimeZoneInformation GetVersion GetVersionExA GlobalMemoryStatusEx HeapSetInformation InitializeConditionVariable InitializeCriticalSection InitializeCriticalSectionAndSpinCount InitializeSRWLock IsProcessorFeaturePresent LeaveCriticalSection LoadLibraryA LoadLibraryW LocalAlloc LocalFree MapViewOfFile MultiByteToWideChar OpenProcess PostQueuedCompletionStatus QueryPerformanceCounter QueryPerformanceFrequency ReadConsoleA ReadConsoleW ReadFileEx ReleaseSRWLockExclusive ReleaseSRWLockShared ReleaseSemaphore RtlVirtualUnwind SetConsoleCtrlHandler SetConsoleMode SetHandleInformation SetLastError SetUnhandledExceptionFilter SetWaitableTimer Sleep SleepConditionVariableSRW SleepEx SwitchToFiber SystemTimeToFileTime TerminateProcess TlsAlloc TlsFree TlsGetValue TlsSetValue UnmapViewOfFile VirtualAlloc VirtualFree VirtualLock VirtualProtect VirtualQuery WaitForSingleObject WakeAllConditionVariable WakeConditionVariable WideCharToMultiByte WriteFile WriteFileEx |
WS2_32.dll |
WSACleanup
WSAGetLastError WSAIoctl WSASetLastError WSAStartup accept bind closesocket connect freeaddrinfo getaddrinfo gethostbyaddr gethostbyname gethostname getprotobynumber getservbyname getservbyport getsockname getsockopt htonl htons inet_addr inet_ntoa ioctlsocket listen ntohl ntohs recv recvfrom select send sendto setsockopt shutdown socket |
api-ms-win-crt-math-l1-1-0.dll |
__setusermatherr
_fdopen frexp |
api-ms-win-crt-utility-l1-1-0.dll |
abs
labs qsort rand_s |
api-ms-win-crt-environment-l1-1-0.dll |
__p__environ
__p__wenviron getenv |
api-ms-win-crt-time-l1-1-0.dll |
__daylight
__timezone __tzname _gmtime64 _gmtime64_s _localtime64 _mktime64 _time64 _tzset _utime64 strftime |
api-ms-win-crt-convert-l1-1-0.dll |
atoi
mbrtowc strtol strtoll strtoul strtoull wcrtomb wcstombs |
SHELL32.dll |
SHGetMalloc
SHGetPathFromIDListA SHGetSpecialFolderLocation SHGetSpecialFolderPathA |
api-ms-win-crt-filesystem-l1-1-0.dll |
_fstat64
_fullpath _lock_file _mkdir _stat64 _unlink _unlock_file rename |
SHLWAPI.dll |
PathMatchSpecA
|
ADVAPI32.dll |
CryptAcquireContextA
CryptAcquireContextW CryptGenRandom CryptReleaseContext DeregisterEventSource RegCloseKey RegOpenKeyExA RegQueryValueExA RegisterEventSourceW ReportEventW |
IPHLPAPI.DLL |
GetAdaptersAddresses
if_nametoindex |
api-ms-win-crt-locale-l1-1-0.dll |
localeconv
|
api-ms-win-crt-conio-l1-1-0.dll |
_getwch
_putch |
USER32.dll |
GetProcessWindowStation
GetUserObjectInformationW MessageBoxW |
Characteristics |
0
|
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
SizeofData | 25 |
AddressOfRawData | 0x84501c |
PointerToRawData | 0x842c1c |
StartAddressOfRawData | 0x140892000 |
---|---|
EndAddressOfRawData | 0x140892008 |
AddressOfIndex | 0x1408593c0 |
AddressOfCallbacks | 0x140818bd0 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_8BYTES
|
Callbacks |
0x0000000140001B20
0x0000000140001BA0 |