Manalyze report for 3fa7ebe7d6e745c67e46bcf4931fcfca

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	1970-Jan-01 00:00:00
Debug artifacts	Embedded COFF debugging symbols

Plugin Output

Suspicious	PEiD Signature:	`HQR data file`
Info	Interesting strings found in the binary:	`Contains domain names: .eq.github.com .eq.golang.org .hash.net api.uncoverit.org eq.github.com eq.golang.org github.com golang.org https://api.uncoverit.org https://api.uncoverit.org/private/sample/bytes.Buffer.WriteTo https://api.uncoverit.org/private/uploadhttp2 https://go.dev https://www.uncoverit.org https://www.uncoverit.org/api/balancebytes.Buffer https://www.uncoverit.org/results/%s itab.github.com textproto.nl uncoverit.org www.uncoverit.org`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES`
Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata` `Unusual section name found: /4` `Unusual section name found: /19` `Unusual section name found: /32` `Unusual section name found: /46` `Unusual section name found: /65` `Unusual section name found: /78` `Unusual section name found: /95` `Unusual section name found: /112` `Unusual section name found: .symtab`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryW LoadLibraryExW GetProcAddress` `Functions which can be used for anti-debugging purposes: SwitchToThread`
Suspicious	VirusTotal score: 1/72 (Scanned on 2026-02-12 07:23:32)	`Bkav: W64.AIDetectMalware`

Hashes

MD5	`3fa7ebe7d6e745c67e46bcf4931fcfca`
SHA1	`70c4bae2bb2908d5ed21b62c8c3d3487c57306c4`
SHA256	`864b13e8c78b3c8e04d5aafe9ebfa4e2fbea481cb991e59da8668f279e7a91fd`
SHA3	`fa08dade62ba16f69fad2067ed9858e494e802cf9c5acc318a2176e2e0c1d681`
SSDeep	`98304:yjoTglOCNJYWQI2QCqbx2EP9LI4GuaCN6rv8vklrHJ:ysKOCXYWoVoPS4GuaCNUv88R`
Imports Hash	`d42595b695fc008ef2c56aabd8efd68e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0x8b`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`16`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0x818400`
NumberOfSymbols	`8549`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`3.0`
SizeOfCode	`0x2b9200`
SizeOfInitializedData	`0x4e000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000007B960 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.1`
ImageVersion	`1.0`
SubsystemVersion	`6.1`
Win32VersionValue	`0`
SizeOfImage	`0x8e6000`
SizeOfHeaders	`0x600`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`31e4a8b9a6ec416855a66c85940a25e9`
SHA1	`4b4fa1893e27aabbc6e26fce2f5ce4e23659989e`
SHA256	`14e5ebae389df8c66f61aa482aacc18e05266edcc8c0f04e3848b5e6402a48af`
SHA3	`e85a86e7d58591ab71e0b8a7347a0fabde3c300f7aa84d86c7067359df2545b0`
VirtualSize	`0x2b90d1`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2b9200`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.1939`

.rdata

MD5	`7d9a4dc809892935253919213da6c55a`
SHA1	`2f06748ddc9b83727358375bef747c8a39dcc39a`
SHA256	`a9938b0063f259a224e5ea00a7c2212c1086e4e849828b81e977a4a7807bc821`
SHA3	`b6ea5e1cb013e542700525bce5304346e1f20eed19cba3ab4b703655cbbb1253`
VirtualSize	`0x2d9610`
VirtualAddress	`0x2bb000`
SizeOfRawData	`0x2d9800`
PointerToRawData	`0x2b9800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.61364`

.data

MD5	`d10df5973731a96d47d9520f7ee58e11`
SHA1	`79a1b0980d9305edbc54c3aa82bbaa5bd8fdd595`
SHA256	`3520a2fabdb69d5a69aad03c67d55b93bcee7851de3a7f09766d04a24c6f552e`
SHA3	`af182aa2a6dd267901ac25f308df572acae943e36a1b442f538e09995e8e4389`
VirtualSize	`0xa3f10`
VirtualAddress	`0x595000`
SizeOfRawData	`0x4e000`
PointerToRawData	`0x593000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.24222`

.pdata

MD5	`97d7f98a8b777fe75382cdc33e5d7b39`
SHA1	`1296599861a5a6344a81e5f6660c35fa16989384`
SHA256	`384517cb9ad1e3144b892eb473ece7d3c55cb61bb417637aff5f83ab85a643a2`
SHA3	`288d6eff909661ecd713629392afdbd07806fab5043e2e8344a03adf283c9fb4`
VirtualSize	`0xff3c`
VirtualAddress	`0x639000`
SizeOfRawData	`0x10000`
PointerToRawData	`0x5e1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.51935`

.xdata

MD5	`1b1b08c9e8b85a81400f04a68da37797`
SHA1	`75221a0913d3c4af3c301b29a40eca7748df37b4`
SHA256	`825776201f8a8b7d2a41c50cdd5f3d0c83094fee9bf519036ec4c4dd9e360f16`
SHA3	`90baad40428c35401c4e41a207bd7aacabf70de0837074becfa93f8a01c2efab`
VirtualSize	`0xb4`
VirtualAddress	`0x649000`
SizeOfRawData	`0x200`
PointerToRawData	`0x5f1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.78321`

/4

MD5	`bcddef00414a946919302442928e542e`
SHA1	`b0fbeae40093e8241edcbdeae94ba06880dedf04`
SHA256	`fb7bf682d27ba8920146a9b134a183cd2109b202916488b9b3a4f7d623f0b484`
SHA3	`7d5b252590738bde977b6dfab9c3034c2ad82b952980a3585c1dc88e1f06f005`
VirtualSize	`0x154`
VirtualAddress	`0x64a000`
SizeOfRawData	`0x200`
PointerToRawData	`0x5f1200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.67257`

/19

MD5	`ac54fe769942c96a9c7d56d40f146951`
SHA1	`9b911b07d5886b5b5f2eb92a86a81ab5aba7ec83`
SHA256	`039ce418a3910772cd576630f472c146e16b10e23a0f6b34eacd33e29d8400bb`
SHA3	`5b65f1a08a6d93c0a6d56aec1135f87ff1b0dd0647178e8120c319c8a37032a6`
VirtualSize	`0x80903`
VirtualAddress	`0x64b000`
SizeOfRawData	`0x80a00`
PointerToRawData	`0x5f1400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99589`

/32

MD5	`440d30d94679656a4ceaeed932d52424`
SHA1	`a966173092847339801ef885b5c4f440ad8b14e4`
SHA256	`c1d5659a26c1bbcde0fce747026c47c67384f4f802b14a5bdfe48fa8c48ab890`
SHA3	`3ddc0a195896bc2af1f255e775ef71c245d7e178e6c6fd2f8d8fd7e15f93c6ef`
VirtualSize	`0x1a091`
VirtualAddress	`0x6cc000`
SizeOfRawData	`0x1a200`
PointerToRawData	`0x671e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.93857`

/46

MD5	`56d08c10aa9e5c0c3680f67f8992b3d4`
SHA1	`5c31bb8cb4724831186f4adf11b6a46cba1b7936`
SHA256	`3edf472b3815ca8cab6b3efd8773b22c8a567a0ec7f5ce7b1a9b30e2a22b0258`
SHA3	`0e65aaf1cebf5c5fcda0ebafc01834bf7378c916495ab10752a8a034209a6034`
VirtualSize	`0x2a`
VirtualAddress	`0x6e7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x68c000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.73721`

/65

MD5	`db0e792c99fc0ddeeb7b9125179efbb0`
SHA1	`440382eb8ec9eb23ed580a373ac12aeabc14caa9`
SHA256	`c44e541ff11298c8f51d634416a1c92dba93452bf86e31a6ec68df707420a4bd`
SHA3	`5ff6cd22c01e6b18f3db6e15f2b33334ef4681fa4bd4cf9cc288b6e6406e38e5`
VirtualSize	`0xccd14`
VirtualAddress	`0x6e8000`
SizeOfRawData	`0xcce00`
PointerToRawData	`0x68c200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99814`

/78

MD5	`debe552a3fa7cb0fbb30fc3d09a2a255`
SHA1	`0ae719311888acf50ccde18bf7333cf2f383b6be`
SHA256	`2190b1bbaf1433a458ed2b1108baf89ba4efbe8bb14e8b9662d7a754db745524`
SHA3	`a4bd6af56eb84cc8740f168835209b87b843bda9f2e23e692229617f66e36728`
VirtualSize	`0x7bdef`
VirtualAddress	`0x7b5000`
SizeOfRawData	`0x7be00`
PointerToRawData	`0x759000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99719`

/95

MD5	`dbd166aa881e3763e38a855200062b1c`
SHA1	`cb70cd46ba2051f0fac2c57a24d7c5fafa30171e`
SHA256	`e2bfc8f19b59643807c64416e54f409c03bced469a4b1ac3e7a052a79d76379a`
SHA3	`1d5b68103b36cf0937c35d2c787167c5ed23dd8ad8f23e24186e4269d3242701`
VirtualSize	`0x32449`
VirtualAddress	`0x831000`
SizeOfRawData	`0x32600`
PointerToRawData	`0x7d4e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99581`

/112

MD5	`134dee0b07edb06398ed3433b3f8f143`
SHA1	`11362480acd790bea6bb7febf52cab91be02fda4`
SHA256	`64c2f3534f435b6c5aa040c323d39067873bbbee58d0e4cb3933ea093382bea3`
SHA3	`bb39ee4614cac15aca1c4352b7a19bc9a1852625afa792991925149df03f4530`
VirtualSize	`0x334c`
VirtualAddress	`0x864000`
SizeOfRawData	`0x3400`
PointerToRawData	`0x807400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.76985`

.idata

MD5	`b89b56ab672a9a963f0470937fd11e21`
SHA1	`a0a0a9acb3e4dad1e20d326c83df3ed9b4faf471`
SHA256	`f6704cb602ec2621e036d58de325e4fcff325ca9ca37eb10e8a047fbf11ea3f6`
SHA3	`39f795ffa04b4663245930d19adc4b1854153ae199ac067bfb870f2f995191c2`
VirtualSize	`0x53e`
VirtualAddress	`0x868000`
SizeOfRawData	`0x600`
PointerToRawData	`0x80a800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.01356`

.reloc

MD5	`eebdade3ddc335e5cbbf3ee5a6779b2f`
SHA1	`e5ddf43e05de7a4c98f8cd638ab82ceaeea9bc19`
SHA256	`7875e5fb1c748b1a44c2a4fab75a676a12cbd3eedf2811d50b8f9943c04faaf7`
SHA3	`641db90faee0466c67f37becc4b11d0f96a7e8a98acda20af51988f647c83b0e`
VirtualSize	`0xd4ec`
VirtualAddress	`0x869000`
SizeOfRawData	`0xd600`
PointerToRawData	`0x80ae00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.43638`

.symtab

MD5	`cc703adc7d5afb1031327c4c3f445809`
SHA1	`52eae58901979720f5deacf9520a610313f87571`
SHA256	`1bda26ec05390188c08f8c9c1596e2ed77359bf5fc83a9eb207d31a7b219debe`
SHA3	`90c43b18ad3e2ad8a0f8c46497edd2e89bcf663595a594e07052d14c0eeb8ee6`
VirtualSize	`0x6ee86`
VirtualAddress	`0x877000`
SizeOfRawData	`0x6f000`
PointerToRawData	`0x818400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.34955`

Imports

kernel32.dll	`WriteFile` `WriteConsoleW` `WerSetFlags` `WerGetFlags` `WaitForMultipleObjects` `WaitForSingleObject` `VirtualQuery` `VirtualFree` `VirtualAlloc` `TlsAlloc` `SwitchToThread` `SuspendThread` `SetWaitableTimer` `SetProcessPriorityBoost` `SetEvent` `SetErrorMode` `SetConsoleCtrlHandler` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `ResumeThread` `RaiseFailFastException` `PostQueuedCompletionStatus` `LoadLibraryW` `LoadLibraryExW` `SetThreadContext` `GetThreadContext` `GetSystemInfo` `GetSystemDirectoryA` `GetStdHandle` `GetQueuedCompletionStatusEx` `GetProcessAffinityMask` `GetProcAddress` `GetErrorMode` `GetEnvironmentStringsW` `GetCurrentThreadId` `GetConsoleMode` `FreeEnvironmentStringsW` `ExitProcess` `DuplicateHandle` `CreateWaitableTimerExW` `CreateThread` `CreateIoCompletionPort` `CreateEventA` `CloseHandle` `AddVectoredExceptionHandler` `AddVectoredContinueHandler`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Tried to read outside the COFF string table to get the name of section /19!
[*] Warning: Tried to read outside the COFF string table to get the name of section /32!
[*] Warning: Tried to read outside the COFF string table to get the name of section /46!
[*] Warning: Tried to read outside the COFF string table to get the name of section /65!
[*] Warning: Tried to read outside the COFF string table to get the name of section /78!
[*] Warning: Tried to read outside the COFF string table to get the name of section /95!
[*] Warning: Tried to read outside the COFF string table to get the name of section /112!