Manalyze report for 6c0f76edc7b5669428b651cc1e03660fe0c01756d9f8ae53447799abbb028b25

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2046-Apr-18 22:30:50
TLS Callbacks	2 callback(s) detected.
Debug artifacts	a.out.pdb

Plugin Output

Suspicious	PEiD Signature:	`HQR data file`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Looks for VMWare presence: VMware` `Contains domain names: .eq.github.com .eq.golang.org .hash.golang.org .hash.net Firstgolang.org allowedgolang.org btcmole.org btctest.inetstar.ru catmsg.Firstgolang.org dgolang.org eq.github.com eq.golang.org github.com golang.org hash.golang.org https://btcmole.org https://btctest.inetstar.ru https://btctest.inetstar.ru/api/en/js/init.jsclose https://btctest.inetstar.ru/api/store/addunexpected https://go.dev inetstar.ru matchgolang.org`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses constants related to base58`
Suspicious	The PE is possibly packed.	`Unusual section name found: .buildid`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryExW LoadLibraryW` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`13cf74451e0e965fe38140ab46e860eb`
SHA1	`3114e3884c666f436e20b743a435bff0d35e2c81`
SHA256	`6c0f76edc7b5669428b651cc1e03660fe0c01756d9f8ae53447799abbb028b25`
SHA3	`a1efcd6af16f496e21d2da66c62ce146a89d4436f43519ac83f774769370d8e9`
SSDeep	`98304:jcV+GPbzXYlEnWKE6TrxasuDryt1Nb6f8E:jcVlXiEnWKAjw14N`
Imports Hash	`9574b76c91796ce7133445ce879858ff`

DOS Header

e_magic	`MZ`
e_cblp	`0x78`
e_cp	`0x1`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0`
e_ss	`0`
e_sp	`0`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x78`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2046-Apr-18 22:30:50
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x3c2200`
SizeOfInitializedData	`0x52d000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000003A2150 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x966000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x1000000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`cd21a39560c92ebdbb27937157a1e3ec`
SHA1	`470eda2c41fc22a3fbf8bd1ed19b5a9ff22d3ee0`
SHA256	`bf53e1efccd7fdcbc4bd5783bc92f205c59306dc301ba6673ff4b97f54177059`
SHA3	`63491451bf1cde9588d6ec62df5c52198487bef160afb95cab411ba3cadd89c4`
VirtualSize	`0x3c2026`
VirtualAddress	`0x1000`
SizeOfRawData	`0x3c2200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.22863`

.rdata

MD5	`8e075ff3580a8341b7b4e398653b1907`
SHA1	`5fa37f7446393b7e04b7459aefb58c340a502059`
SHA256	`0be39813fb8bded798745c00b8b760e5b07f94e2441666b02db6e6031e6d3206`
SHA3	`de24570eec41d07a59a497663f4d74796bf19465a18681f1e52b1dc05e485459`
VirtualSize	`0x489248`
VirtualAddress	`0x3c4000`
SizeOfRawData	`0x489400`
PointerToRawData	`0x3c2600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.04784`

.buildid

MD5	`0614103a96d3f6d382b4981ae4fdc048`
SHA1	`9c143529864bc4971f336899605acf923b983044`
SHA256	`fb215c5de6784fdcb8af12c25cea623db9bec28a890b07ca0e9298aeb9200ad9`
SHA3	`7bf5c611ebca713119d9223ec03c5d6c8188d7eeca703349cad7dcb5117eb64a`
VirtualSize	`0x5a`
VirtualAddress	`0x84e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x84ba00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.902509`

.data

MD5	`1ecb590343a32aaecc29c69eda236e7b`
SHA1	`7190d29fa0eb1a765d7027627ec8b1e695da288f`
SHA256	`bfd7a82d4e7920dd95c1a848e1ffbe96b0ecaf1a6fdfd864fb1245395d539857`
SHA3	`db6618fbfb325eade29f0a92ffcb944b40e1338f57b0ee07105ed42534a437b4`
VirtualSize	`0xeac80`
VirtualAddress	`0x84f000`
SizeOfRawData	`0x7a200`
PointerToRawData	`0x84bc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.1882`

.pdata

MD5	`d8512a27eec8e9eab4f968b3081d700a`
SHA1	`40c3efb379bd422938173a534155f909d95cb9dc`
SHA256	`3eb6872f59217ed8b89a853d17418739d0c145317f7d11d71f03a89bd51b8a57`
SHA3	`63045029e960b726180d58d787b9ffbe03fab30320acd3a39fec54f7964f76d7`
VirtualSize	`0x160f8`
VirtualAddress	`0x93a000`
SizeOfRawData	`0x16200`
PointerToRawData	`0x8c5e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.70123`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x10`
VirtualAddress	`0x951000`
SizeOfRawData	`0x200`
PointerToRawData	`0x8dc000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.reloc

MD5	`0a7319852bd2cd8241c5bba61cd7a00e`
SHA1	`cd61f438378dee7395cee6bf1d08db0ceeaf89fe`
SHA256	`444d1d9634db56090b600e8e4ed28507130be21c57f3a4f566ca3d5906e4a2f5`
SHA3	`bc1baea1f64a8aa7d73799dc850e90bc09215b2d6950df56a70880e42e8b5bb8`
VirtualSize	`0x13210`
VirtualAddress	`0x952000`
SizeOfRawData	`0x13400`
PointerToRawData	`0x8dc200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.43874`

Imports

KERNEL32.dll	`AddVectoredContinueHandler` `AddVectoredExceptionHandler` `CloseHandle` `CreateEventA` `CreateIoCompletionPort` `CreateThread` `CreateWaitableTimerA` `CreateWaitableTimerExW` `DeleteCriticalSection` `DuplicateHandle` `EnterCriticalSection` `ExitProcess` `FreeEnvironmentStringsW` `FreeLibrary` `GetConsoleMode` `GetCurrentThreadId` `GetEnvironmentStringsW` `GetErrorMode` `GetLastError` `GetProcAddress` `GetProcessAffinityMask` `GetQueuedCompletionStatusEx` `GetStdHandle` `GetSystemDirectoryA` `GetSystemInfo` `GetThreadContext` `InitializeCriticalSection` `LeaveCriticalSection` `LoadLibraryA` `LoadLibraryExW` `LoadLibraryW` `PostQueuedCompletionStatus` `RaiseFailFastException` `ResumeThread` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `SetConsoleCtrlHandler` `SetErrorMode` `SetEvent` `SetProcessPriorityBoost` `SetThreadContext` `SetThreadPriority` `SetUnhandledExceptionFilter` `SetWaitableTimer` `Sleep` `SuspendThread` `SwitchToThread` `TlsAlloc` `TlsGetValue` `VirtualAlloc` `VirtualFree` `VirtualProtect` `VirtualQuery` `WaitForMultipleObjects` `WaitForSingleObject` `WerGetFlags` `WerSetFlags` `WriteConsoleW` `WriteFile` `__C_specific_handler`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `calloc` `free` `malloc`
api-ms-win-crt-private-l1-1-0.dll	`strchr`
api-ms-win-crt-runtime-l1-1-0.dll	`__p___argc` `__p___argv` `_cexit` `_configure_narrow_argv` `_crt_atexit` `_exit` `_initialize_narrow_environment` `_initterm` `_initterm_e` `_set_app_type` `_set_invalid_parameter_handler` `abort` `exit` `signal`
api-ms-win-crt-stdio-l1-1-0.dll	`__acrt_iob_func` `__p__commode` `__p__fmode` `__stdio_common_vfprintf` `fclose` `fopen` `fread` `fseek` `ftell` `fwrite`
api-ms-win-crt-string-l1-1-0.dll	`strlen` `strncmp` `strncpy`
api-ms-win-crt-environment-l1-1-0.dll	`__p__environ`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`

Delayed Imports

_cgo_dummy_export

Ordinal	`1`
Address	`0x938b88`

bm_ctrl_handler

Ordinal	`2`
Address	`0x39f520`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2046-Apr-18 22:30:50
Version	`0.0`
SizeofData	`34`
AddressOfRawData	`0x84e038`
PointerToRawData	`0x84ba38`
Referenced File	a.out.pdb

UNKNOWN

Characteristics	`0`
TimeDateStamp	2046-Apr-18 22:30:50
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x140951000`
EndAddressOfRawData	`0x140951008`
AddressOfIndex	`0x140938bd8`
AddressOfCallbacks	`0x14084a538`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`0x00000001403A21A0` `0x00000001403A2230`

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.