aab809aa2f8cca462f97d06cbfb4de01ceed0be28f1fca871495088cc1d36580

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 1970-Jan-01 00:00:00
Debug artifacts Embedded COFF debugging symbols

Plugin Output

Suspicious PEiD Signature: PeStubOEP v1.x
HQR data file
Info Interesting strings found in the binary: Contains domain names:
  • .hash.net
  • golang.org
  • https://check-tls.akamai.io
  • https://check-tls.akamai.io/v1/tlsv.pnghttp
  • https://go.dev
  • textproto.nl
Info Cryptographic algorithms detected in the binary: Uses constants related to MD5
Uses constants related to SHA1
Uses constants related to SHA256
Uses constants related to SHA512
Uses constants related to AES
Suspicious The PE is possibly packed. Unusual section name found: /4
Unusual section name found: /19
Unusual section name found: /32
Unusual section name found: /46
Unusual section name found: /65
Unusual section name found: /78
Unusual section name found: /90
Unusual section name found: .symtab
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • LoadLibraryW
  • LoadLibraryExW
  • GetProcAddress
Functions which can be used for anti-debugging purposes:
  • SwitchToThread
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 efc76af058c1b6b2efafc10d283e0583
SHA1 86e46e2e9c9758194645cc50a2bdf6f4ae2ab46f
SHA256 aab809aa2f8cca462f97d06cbfb4de01ceed0be28f1fca871495088cc1d36580
SHA3 510582cc49e4ab11763155346bdede5dc62931ab147cfd5bab56594d1e1b6129
SSDeep 98304:m03JumQnP4xcRsgbX0FinEPgFh1HEgK0qVxTzwQZbDrABgDcxHbc1:96nTLX0JPgbhEgcVNB/ACIA
Imports Hash a37406231bd7f22b7968de7d05b5cb31

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0x8b
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 13
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0x76b600
NumberOfSymbols 7708
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 3.0
SizeOfCode 0x28e400
SizeOfInitializedData 0x42600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00078010 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x4ec000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.1
ImageVersion 1.0
SubsystemVersion 6.1
Win32VersionValue 0
SizeOfImage 0x808000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 b6fbbb49c270fd545e6edf5c683e8f63
SHA1 12d476384e4a6ed1801961ab15547bf2ef0d0467
SHA256 9f55f4d554a2236fff55ddc4d23bc4df48dbf70673f5344b931b1a5bab7c9fbf
SHA3 82d95569956227a8f60de4d91e32be2342fcb89e0f2f159bf21f8d8b6cd8391b
VirtualSize 0x28e2c0
VirtualAddress 0x1000
SizeOfRawData 0x28e400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.04349

.rdata

MD5 bb4d3e848ce2bec690641c53027512ab
SHA1 7618df222819718968bbcc580dbd4f62e8bf3d6e
SHA256 3d35ed175bf9a40d660bc8823bb56ca9d43bbf8fe2cde818ca943985613d13d7
SHA3 9c8fa39cc2ac4e74932a8c37f541fe4dc9a987fb4b506681fb540f119f2228e2
VirtualSize 0x25b87c
VirtualAddress 0x290000
SizeOfRawData 0x25ba00
PointerToRawData 0x28e800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.75166

.data

MD5 02952a4af366c6186295b846bc8f599e
SHA1 59f66c5529075cfc4841edb06435c8db9ec70bc5
SHA256 a119b865d4fd29f62431af8e23ef9cf4d0f7e5f9d62dcdab8a1ae7eb8e14bc52
SHA3 268fb2656e31358f7b7f32f44aad9996d58d4c51ad6825028408cbcb4140eb75
VirtualSize 0x726ec
VirtualAddress 0x4ec000
SizeOfRawData 0x42600
PointerToRawData 0x4ea200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.77851

/4

MD5 523eaecd9190dfd8860c76496fe54d39
SHA1 4c150439725d926e90f25a2382a6fc0423f39c53
SHA256 55238d963c4c3315a9cda822f9392abe52bf62ca63d002c243df2fa55c8de088
SHA3 4a9b57bfc11367efc2692a9e762223f2e0362f9a8943e8c4d57a823353b1de6e
VirtualSize 0x14b
VirtualAddress 0x55f000
SizeOfRawData 0x200
PointerToRawData 0x52c800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.57872

/19

MD5 37dbd0ef4d0275e3dd6c38c938e9f8a3
SHA1 d95824d69fb9c2fe58bf9122b6b4ae5428851bea
SHA256 14d2eb0f54823af46805a88af5c84800751964cd3df1405379ac7819f06270a8
SHA3 5ab5d69d57a452c26122267bf23a640774128eae0188977f0be7b7c9c5ce77a3
VirtualSize 0x70948
VirtualAddress 0x560000
SizeOfRawData 0x70a00
PointerToRawData 0x52ca00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 7.99701

/32

MD5 7ccf777b7c0f5ab971e61ef25f11b3ca
SHA1 5367fb2db18d24f3a5fedaedd8b46d8c5b325af7
SHA256 6f6bab7b1cf356d071cf3c28f40419ea992d2a223e1dabd5d6c5a8f8e6a36104
SHA3 edfbfe97b893671c58ad2cc927a06fae057e7550c56b0f9f153df322393f82fa
VirtualSize 0x142fe
VirtualAddress 0x5d1000
SizeOfRawData 0x14400
PointerToRawData 0x59d400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 7.97982

/46

MD5 0e80c9de4ce14357ccb721f8f54df86b
SHA1 e7191451b555569ceb8989dbb4867fb80f7a2655
SHA256 f09c728f019754967204347adbbcd6ad0f7fd88adcabe64a3c0462916aceb206
SHA3 719b1a2d963b22da2ec3abbafcbd3473bdc9d67a5bd55665bd0fe912c30a3e49
VirtualSize 0x4b
VirtualAddress 0x5e6000
SizeOfRawData 0x200
PointerToRawData 0x5b1800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 1.26491

/65

MD5 6651e4260ed01a9c6ecd975d124653e8
SHA1 c153410267e880c2f84459f25f240beb4ef4d57e
SHA256 e336d3a9e85f0ce61347082391582cf67837ac36bf6709a8a0532a62988895aa
SHA3 fdc708c431fda19ec799075505d5f07a06d4e32648e5167a82319408d53c20b4
VirtualSize 0xcc01b
VirtualAddress 0x5e7000
SizeOfRawData 0xcc200
PointerToRawData 0x5b1a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 7.99779

/78

MD5 d7566c38222c5b5a4ca33b1cef0ad2d5
SHA1 070783edd0ced26df5d3a5716f56df42314e5255
SHA256 989cc80ce2110e179c56ef6403697b971e86cf63f52bb723a20025aa921cf19a
SHA3 f37e8530fd1c94e0834002c98519ac9bd3fc129bc7a39e5a576a160dd9a00e73
VirtualSize 0xa2be4
VirtualAddress 0x6b4000
SizeOfRawData 0xa2c00
PointerToRawData 0x67dc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 7.99554

/90

MD5 e7af3b1e8a2ce3934af4fcd50cad42b6
SHA1 6cea9b0d6bdc29194fab474e7adb7870e15fb8c3
SHA256 a2adf40966f132acdeaa0dae3c92675703a449ba29f3c7b5bf13e5b98026fbd5
SHA3 14b6d7b43035175030391a9f2741b3ad8a6297ece11c08e404ee03d28b466676
VirtualSize 0x2d002
VirtualAddress 0x757000
SizeOfRawData 0x2d200
PointerToRawData 0x720800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 7.92156

.idata

MD5 80c4f3592c5696c58eaabc10fa4105c5
SHA1 ec467c1219738cbb996b87aab1bd99f19d55baab
SHA256 031e73a8790b81bef637c469aa84325fb7730613d8b92ebde8e8c3742bcd3fd9
SHA3 6b33afc5e33799757ac98d342b1a74e96ba55aeb0be6b9c1ba68c189f5287f73
VirtualSize 0x460
VirtualAddress 0x785000
SizeOfRawData 0x600
PointerToRawData 0x74da00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.85649

.reloc

MD5 0748e4159f2106c644e8ada7b9d97586
SHA1 78c8bcb6956d8515f16d0e38296ae47c8557e33e
SHA256 501785655e03fbf295d2e2102463f4531140548eef0cee3fbb095e431b9dcbc2
SHA3 36cb76f4e0a418d4cf58192cc501d876efc332b2571c7b46247e7b4cb9c4a0e5
VirtualSize 0x1d480
VirtualAddress 0x786000
SizeOfRawData 0x1d600
PointerToRawData 0x74e000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.62504

.symtab

MD5 77267db15b66e59ae37841b87366a48a
SHA1 366e03c3d44d34b3ffaea50a5ea48fa988ff5499
SHA256 8d6a5671620603a01d9f964b07105b40d079bb14a935067372c38a59b393abd2
SHA3 f2cf210984a0938aab4a35152d1dcc0de8eb4ec6860613cb17e8bfa14b355682
VirtualSize 0x63202
VirtualAddress 0x7a4000
SizeOfRawData 0x63400
PointerToRawData 0x76b600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.34125

Imports

kernel32.dll WriteFile
WriteConsoleW
WerSetFlags
WerGetFlags
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
RaiseFailFastException
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
LoadLibraryExW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetErrorMode
GetEnvironmentStringsW
GetCurrentThreadId
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4! [*] Warning: Tried to read outside the COFF string table to get the name of section /19! [*] Warning: Tried to read outside the COFF string table to get the name of section /32! [*] Warning: Tried to read outside the COFF string table to get the name of section /46! [*] Warning: Tried to read outside the COFF string table to get the name of section /65! [*] Warning: Tried to read outside the COFF string table to get the name of section /78! [*] Warning: Tried to read outside the COFF string table to get the name of section /90!
Leave a comment

No comments yet.