Manalyze report for a7ad1a8ad2e7ec17abd0b9fd179ee9a7a636d825a0e5bd5096374525e50fce9f

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1970-Jan-01 00:00:00
Detected languages	English - United States

Plugin Output

Suspicious	PEiD Signature:	`HQR data file`
Info	Interesting strings found in the binary:	`Contains domain names: golang.org https://go.dev https://panel.cheatprovider.store https://panel.cheatprovider.store/api/ldr.phpcannot`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES`
Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata` `Unusual section name found: .symtab`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryW LoadLibraryExW GetProcAddress` `Functions which can be used for anti-debugging purposes: SwitchToThread`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`28d986d76a3b255c66e8f48d86cb9acb`
SHA1	`6b04e4f6e0ca7a94fe05882de576fe1a053fef25`
SHA256	`a7ad1a8ad2e7ec17abd0b9fd179ee9a7a636d825a0e5bd5096374525e50fce9f`
SHA3	`e79c59badc6caa9c1ab91a43075868df25c90a8f78320b5e01a9ea497c9ff5ad`
SSDeep	`49152:6s8p2tq5vAnohJ9ZaDsMtF6rJTGNNXKlRcbIBR+kIvkIqwlAjqi+NbuK7f7usGN:6dR7xIXKlubuskjwBi7U9jK0hE`
Imports Hash	`d42595b695fc008ef2c56aabd8efd68e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0x8b`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`9`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0x68be00`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`3.0`
SizeOfCode	`0x29d600`
SizeOfInitializedData	`0x5c600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000007B880 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.1`
ImageVersion	`1.0`
SubsystemVersion	`6.1`
Win32VersionValue	`0`
SizeOfImage	`0x718000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`0708569e108b3de34ce5d0497247b752`
SHA1	`66e5365300b69c2e306e29cd24157723e21efa53`
SHA256	`e851ded60aad86fbe4f3aa90b811ab0f1d14f7b13ded5e98d1f50bc8576f226d`
SHA3	`f1298c1c65afffa93ff7e12ff63a15a8e6f9bacc882992ebcb0b05420e24a967`
VirtualSize	`0x29d4f1`
VirtualAddress	`0x1000`
SizeOfRawData	`0x29d600`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.20834`

.rdata

MD5	`2d3d350fb2b0ab47e2e11b72cb79ad68`
SHA1	`21f31bd377eb97ea7b174f7b84ade55293d00972`
SHA256	`c6cba2c0ea9ddd811c64d6514b4e3d690778b66bf171a5db5d7482e61862fb42`
SHA3	`8af1c3d9f30eab56acbb4ffabfcc5f4cb1f93fafd767ae096bad22a659110608`
VirtualSize	`0x373438`
VirtualAddress	`0x29f000`
SizeOfRawData	`0x373600`
PointerToRawData	`0x29dc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.87727`

.data

MD5	`f42d479187086fbdf44ee49cde797f08`
SHA1	`f825d63df34525b847ca04645637863cdd99ef81`
SHA256	`6b7ccca2e66778535e40d2801d45889b7588c55967c60f35e9d77d7670b60add`
SHA3	`c5b37e5ffba3c212b7b30328e5e2e96a391e197816b352afa8751309388899d1`
VirtualSize	`0xb2190`
VirtualAddress	`0x613000`
SizeOfRawData	`0x5c600`
PointerToRawData	`0x611200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.66655`

.pdata

MD5	`6c65166c9bdb5a35dc4d938167333d81`
SHA1	`ab0cf8b86374e0b6bb5ccebe853cafd97e39bbd7`
SHA256	`d8446c5184606626f46d9576ade8ed20ca4480c5c7c1619e3f4a107a5a882ce2`
SHA3	`366e06d87d29bc009cbaede5542972cf34f3db6cc4bce44eda47b37341023d38`
VirtualSize	`0xf534`
VirtualAddress	`0x6c6000`
SizeOfRawData	`0xf600`
PointerToRawData	`0x66d800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.46557`

.xdata

MD5	`5a8b10b4ef63013e36583a3ac27565f7`
SHA1	`14d81aa367e1ca38b58f925c32f04128c29a469d`
SHA256	`f62b8d91e0ec25c799002abdda5a1196029d51b1696d7586486128c60be13477`
SHA3	`d4d63ab7da93d2b755e9d8759a9a5f84bf2dfaee6df0db85ac66f7b748f34b94`
VirtualSize	`0xb4`
VirtualAddress	`0x6d6000`
SizeOfRawData	`0x200`
PointerToRawData	`0x67ce00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.78321`

.idata

MD5	`76fb10e853d5478431154edc1e8d1ed5`
SHA1	`5e62aa8456873cbb77d1149e14b4e5efa01b3cdc`
SHA256	`63817af4474a0a6f38f4539349d07cc3f4bfe5027645f99041e47703b3c41356`
SHA3	`50cfce5e56922a23d92deda739d59cde0e52b74e5eb89569896fd3b0e22f5f82`
VirtualSize	`0x53e`
VirtualAddress	`0x6d7000`
SizeOfRawData	`0x600`
PointerToRawData	`0x67d000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.92876`

.reloc

MD5	`731dbff1d67d5f5c8f621f180ee8dbe3`
SHA1	`9eb291b84d1a3593ccc63ed31fb71831b5592e72`
SHA256	`4eb573b1b63dc60b69bf6243c64327ce31e3a01d44d3c517081db2461d831633`
SHA3	`7097c7031cb8e8ed410b83116cb75bfa45478abdb8a0d2e5b8b2da85932c5bfb`
VirtualSize	`0xe680`
VirtualAddress	`0x6d8000`
SizeOfRawData	`0xe800`
PointerToRawData	`0x67d600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.42013`

.symtab

MD5	`07b5472d347d42780469fb2654b7fc54`
SHA1	`943ae54f4818e52409fbbaf60ffd71318d966b0d`
SHA256	`3e67f4a7d14b832ff2a2433e9cf0f6f5720821f67148a87c0ee2595a20c96c68`
SHA3	`a70a3e18515c06557b62676f2a8eb6d7d41962d8c9c7c49f4641c429cc65b977`
VirtualSize	`0x4`
VirtualAddress	`0x6e7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x68be00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0203931`

.rsrc

MD5	`e2d1c295740d6c9d0093da46c0049d7e`
SHA1	`c02adf78a0db5a7a2a44dbf4111e43bc02cbf2cd`
SHA256	`5a42f288d1a2ddc517e3a300e1c72b051024c3e7308e3fa7e4104d4bf603f465`
SHA3	`edc5776f04cf82b5094f38dffabdc48b2b4ba8e868a6bf204f04ec34a45330be`
VirtualSize	`0x2fef8`
VirtualAddress	`0x6e8000`
SizeOfRawData	`0x30000`
PointerToRawData	`0x68c000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.05015`

Imports

KERNEL32.DLL	`WriteFile` `WriteConsoleW` `WerSetFlags` `WerGetFlags` `WaitForMultipleObjects` `WaitForSingleObject` `VirtualQuery` `VirtualFree` `VirtualAlloc` `TlsAlloc` `SwitchToThread` `SuspendThread` `SetWaitableTimer` `SetProcessPriorityBoost` `SetEvent` `SetErrorMode` `SetConsoleCtrlHandler` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `ResumeThread` `RaiseFailFastException` `PostQueuedCompletionStatus` `LoadLibraryW` `LoadLibraryExW` `SetThreadContext` `GetThreadContext` `GetSystemInfo` `GetSystemDirectoryA` `GetStdHandle` `GetQueuedCompletionStatusEx` `GetProcessAffinityMask` `GetProcAddress` `GetErrorMode` `GetEnvironmentStringsW` `GetCurrentThreadId` `GetConsoleMode` `FreeEnvironmentStringsW` `ExitProcess` `DuplicateHandle` `CreateWaitableTimerExW` `CreateThread` `CreateIoCompletionPort` `CreateEventA` `CloseHandle` `AddVectoredExceptionHandler` `AddVectoredContinueHandler`

Delayed Imports

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.5283`
MD5	`d537ac444c34e16fe47c45722cb74d06`
SHA1	`ea2ea834c326eabf25712928183aad1021d6a33c`
SHA256	`1f8c46aa5be056123c2cbc3d829be00d9b2ec7001518474f75681a5727d968be`
SHA3	`5d5641200b17e6d96e8f329d7dc315959fad7a310f3c652d9b948c883b3b226a`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.15499`
MD5	`187196dd7df8d57f405e128c6c69afc5`
SHA1	`d0c60ea0cc35946cc450db1f103f23b739a38509`
SHA256	`ac71a3c3dd64301da8fb28a29ddeb4b03380e893db180ef9564c38a3fec336fc`
SHA3	`522c71772811df810aceca1557807d543152dbc9896301ef12055f229bec2915`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.86188`
MD5	`8b24b0e9b7671846c700eb80e5f444e7`
SHA1	`ea18dd56dfdfa9193216c0d02fe5298674129306`
SHA256	`a1065ab4290ca2121b22a551eb6685024f5dd94432aeb232156ea950461e324c`
SHA3	`069230650e752c8f7510c57d62f1d9ec5a6c9a16ce52850d87363377106d196a`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34172`
MD5	`36e411cb740407be0c2cde6cea119981`
SHA1	`9f696be54b0aeb7d77465c93ada300437c679c6e`
SHA256	`0ea20da1a1e33a2ae74a601a950eaec5c5f63efcf14d32848a52097b519eaa61`
SHA3	`3871a1e69f1e97dc3b171dad8b70aaded4143a4946e068a124c287f7e8d44404`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.10983`
MD5	`dfb89f36c3ba58b09aea2ec40d57127d`
SHA1	`ceb1fce3150bc99dcd12bbc23dbd2096ec12f97d`
SHA256	`5ce39d857fe67594e96d3d5a72944841744e008c39fbfea530736db20dacd76c`
SHA3	`f08e82996c91c2a860472693b8d71d6f15486b0fc76230ea1b91e8e0dc56fe80`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.91404`
MD5	`fa2485a8b3a1beec291a289db323833e`
SHA1	`303c62a32f53d336729e50d257294b9ce8c20bad`
SHA256	`b221771aa9ec2f5d4ea025ec6fd7d3a64a321b878b6be03df2ae891e836d040a`
SHA3	`47eac111619eea5a7c38d29dc04e9497f355880ba6c6cd2b45d155a611095fac`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.69426`
MD5	`c590f46d4147710c78aae91a4f0edd5e`
SHA1	`cf0e39ed9d615ba9868a8b5d627d9aacc67c751e`
SHA256	`2f64bfda7ce52c2ff98c90c45e041b90f0b7c52de9670c017acf1e2e6f55be32`
SHA3	`63c633fdc0989d20d229611c7c341da07868156922b50cabadccd940f04caf6f`

10

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.57948`
MD5	`2f51e19e2deeac21586ccaef2f2be406`
SHA1	`4d606cfa39f5a2c1dd0b0a00b076165a4a711857`
SHA256	`bc2eb684e0057a33632ca42f722cc4b65b5192c4191fdee7a236f91ad776bee3`
SHA3	`91a869b2c015014ea85ff8576b8ccea91682c9b9dc5af49c29e0762fd48ca8dd`

11

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x82c2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.96577`
Detected Filetype	PNG graphic file
MD5	`a06efa395a999431e83817a44c8f0ab5`
SHA1	`54287b175a082961e89cba31bc69e1ed1cd7e5ff`
SHA256	`14464d7880dd3d569855df3b55d2e03c69b8106209d89dbfd122ef83c112c107`
SHA3	`0f36f2fbe8fbe6abb9c31e6c42570d04b097160fe6a7760f085f5cb8dc263762`

2

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.07228`
Detected Filetype	Icon file
MD5	`da48474d09d93f7fe836652864070350`
SHA1	`4574a0fd0a0f25e8fe6be182733c0d51a8e10523`
SHA256	`fb598d93f6a3bedd6d76f5dff57786d2d3ff1bb886da75a25ac2359ab11cdf4a`
SHA3	`433190c61bdf495f310fc8b205d927aeb663fa1c55e6ba95a86716501c879cce`

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.82998`
MD5	`dd1fdfe0c015f3ab8df826baace667fd`
SHA1	`a2969a073b49366b2dc47055175b6441533209bf`
SHA256	`33d1dfeeed77eef0d24bab6d19c2987b4d16edb4458235d91cc17218f82aa924`
SHA3	`a83cfc1aca446b194891e38b4a037667f46303cb4589fb18eece661f963de861`

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.