0869ce0585a681b8055ec9a6c4286dfd4041994ef983ea8452fd1695aa8bf284

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 1970-Jan-01 00:00:00

Plugin Output

Suspicious PEiD Signature: HQR data file
Suspicious Strings found in the binary may indicate undesirable behavior: Contains references to internet browsers:
  • chrome.exe
 Contains domain names:
  • .eq.golang.org
  • .eq.modernc.org
  • .hash.net
  • eq.golang.org
  • eq.modernc.org
  • github.com
  • golang.org
  • https://go.dev
  • modernc.org
Info Cryptographic algorithms detected in the binary: Uses constants related to SHA256
Uses constants related to SHA512
Uses constants related to AES
Suspicious The PE is possibly packed. Unusual section name found: .xdata
Unusual section name found: .symtab
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryW
  • LoadLibraryExW
  • GetProcAddress
 Functions which can be used for anti-debugging purposes:
  • SwitchToThread
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 0ee0188b52bdf9b49bc4eea5e31d840a
SHA1 e6c5eb3cfa5081ba7a13daac1e05e440229dee1a
SHA256 0869ce0585a681b8055ec9a6c4286dfd4041994ef983ea8452fd1695aa8bf284
SHA3 b871abb84af6f14c78e151ac0726d779bea1e435d7f41af5c6a195e9e1f76036
SSDeep 49152:IynsFc45ZrRlapJkxVRpAKrqh0m8i+gHTDpzFR3qel7Nums2cnaK5gkF5mN38EC:INft7pAK5m8UaZ11gAQcNayN0pue
Imports Hash d42595b695fc008ef2c56aabd8efd68e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0x8b
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 8
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0x707800
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 3.0
SizeOfCode 0x38bc00
SizeOfInitializedData 0x41e00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000007A400 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.1
ImageVersion 1.0
SubsystemVersion 6.1
Win32VersionValue 0
SizeOfImage 0x75d000
SizeOfHeaders 0x600
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 de2ab5e0f80c8ff69ef43f634007fcfc
SHA1 35b31e632769f8ef898d4d82915d8c25e3e3ed4c
SHA256 c0c51d379902fda9a59b6332215b40294487cb9312f1db76a5ce56ab3f4a13fe
SHA3 3596c59d3ac8a4d33acb0b0a4d3ceb43c6d65c63367a5ce922bd85865748060d
VirtualSize 0x38ba11
VirtualAddress 0x1000
SizeOfRawData 0x38bc00
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.16065

.rdata

MD5 da9d76734360527160438f1ac0a9817b
SHA1 70cee1f95e5441bd55473b91e88ee267c5c00763
SHA256 36718dbe17dd1991b43d4ca13b3984902290ff7eade4e29ddd8b4b7d33eb482f
SHA3 bdde913f8641f488ad4d85e08ba25a0a538448f0d34534dd5107181784593561
VirtualSize 0x319268
VirtualAddress 0x38d000
SizeOfRawData 0x319400
PointerToRawData 0x38c200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.81053

.data

MD5 1092022b7148486cc16868fe4049fd76
SHA1 34bf26cb4dd3fa80fbbe05b14840faebc29d49e1
SHA256 50d6fdd7d5b8d6d512c7d6a6c2537618ca5568e3c400a897f1e4788c6e97b144
SHA3 13c7d06892b4a0d02bc7ac35dd5911d192f6547b15ee07099d2d0d2ebe767e29
VirtualSize 0x91348
VirtualAddress 0x6a7000
SizeOfRawData 0x41e00
PointerToRawData 0x6a5600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.35774

.pdata

MD5 d6145824080fec0e34c2636b01adf36e
SHA1 eb0b655f31f7a88a5c6b898c406ea6caec281273
SHA256 2a16a896d1424a8ab12e7159b679b5fa58a1392d1c924f9363b45eca8018d939
SHA3 46d487c7aa1e4ec08f9400eab79a31a9ffeb4cc85f52200f6c520218a81cfe50
VirtualSize 0x155dc
VirtualAddress 0x739000
SizeOfRawData 0x15600
PointerToRawData 0x6e7400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.57982

.xdata

MD5 6382a3f42bdc96d327c0cf02c1e448ac
SHA1 2c651449138af9719020410ab062242945e37652
SHA256 af46ce24b116d85c2fc9c969391ff6298bdc1484c9e31aef3a004fe20be6ab0d
SHA3 9ed76e758840543989e43bda5b58a3e731c7c062f90dd360bf5265e2d4eafd15
VirtualSize 0xb4
VirtualAddress 0x74f000
SizeOfRawData 0x200
PointerToRawData 0x6fca00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.78321

.idata

MD5 75b6167bef529b17db28bfc9bcfa1e59
SHA1 1de83260b95fe375a58d682d32effb0d3ca9ca1b
SHA256 db598c23aee0c5f2ba249450e172d8796bac589be40b8663108d150ab58dc2f3
SHA3 683bb56ea3b1df5a477cc3ce48395f562919db1deb0d5e4d8c87d88220fd168a
VirtualSize 0x53e
VirtualAddress 0x750000
SizeOfRawData 0x600
PointerToRawData 0x6fcc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.90958

.reloc

MD5 8941bc9db158e481586289b4a35f3950
SHA1 54c11a0a18b65b25027823210bcc5b099a2e97d8
SHA256 39c00a394e5eafae759bb49fd32e5855b8eb8e8dc8ede23901efc64b638ebb6c
SHA3 9100597ae173b553ce502ad073443f49530054b41806b290de0abff2f28c63b3
VirtualSize 0xa508
VirtualAddress 0x751000
SizeOfRawData 0xa600
PointerToRawData 0x6fd200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.42667

.symtab

MD5 07b5472d347d42780469fb2654b7fc54
SHA1 943ae54f4818e52409fbbaf60ffd71318d966b0d
SHA256 3e67f4a7d14b832ff2a2433e9cf0f6f5720821f67148a87c0ee2595a20c96c68
SHA3 a70a3e18515c06557b62676f2a8eb6d7d41962d8c9c7c49f4641c429cc65b977
VirtualSize 0x4
VirtualAddress 0x75c000
SizeOfRawData 0x200
PointerToRawData 0x707800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.0203931

Imports

kernel32.dll WriteFile
WriteConsoleW
WerSetFlags
WerGetFlags
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
RtlVirtualUnwind
RtlLookupFunctionEntry
ResumeThread
RaiseFailFastException
PostQueuedCompletionStatus
LoadLibraryW
LoadLibraryExW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetErrorMode
GetEnvironmentStringsW
GetCurrentThreadId
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler
AddVectoredContinueHandler

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.