Manalyze report for b3e7e1eae4bfb1e6704e7839fe5810490b70e551e11cd4c697333cca2956736d

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	1970-Jan-01 00:00:00
Debug artifacts	Embedded COFF debugging symbols

Plugin Output

Suspicious	PEiD Signature:	`HQR data file`
Info	Interesting strings found in the binary:	Contains domain names: -google.golang.org .eq.github.com .eq.golang.org .eq.google.golang.org .google.golang.org .hash.golang.org .hash.google.golang.org .hash.net 0google.golang.org 1google.golang.org 2google.golang.org 4google.golang.org 5google.golang.org 7github.com 9github.com Agithub.com Cgithub.com Egithub.com Fgithub.com GCoffgoogle.golang.org Igithub.com Lgithub.com Ogithub.com Pgithub.com Rgithub.com Sgithub.com UDPAddr.net Ugithub.com Wgithub.com Z-google.golang.org Z.google.golang.org Z1google.golang.org Z2google.golang.org Z7google.golang.org ZCgithub.com ZEgithub.com ZFgithub.com ZIgithub.com ZLgithub.com ZOgithub.com ZPgithub.com ZRgithub.com ZSgithub.com ZUgithub.com Zgithub.com apigoogle.golang.org developers.google.com duration.protoB5Z3github.com eq.github.com eq.golang.org eq.google.golang.org error3940200619639447921227904010014361380507973927046544666794690527962765939911326356939895630815229491355443365394264339402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112319publicsuffix.org failuregolang.org github.com golang.org google.com google.golang.org googleapis.com hash.golang.org hash.google.golang.org http://www.w3.org http://www.w3.org/XML/1998/namespaceinternal https://developers.google.com https://developers.google.com/protocol-buffers/docs/reference/go/faq#namespace-conflictinvalid https://github.com itab.github.com itab.golang.org itab.google.golang.org net.UDPAddr.net nilgoogle.golang.org protoB5Z3github.com protoB7Z5github.com textproto.nl timestamp.protoB7Z5github.com type.googleapis.com www.w3.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES`
Suspicious	The PE is possibly packed.	`Unusual section name found: /4` `Unusual section name found: /19` `Unusual section name found: /32` `Unusual section name found: /46` `Unusual section name found: /65` `Unusual section name found: /78` `Unusual section name found: /90` `Unusual section name found: .symtab`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA LoadLibraryW GetProcAddress` `Functions which can be used for anti-debugging purposes: SwitchToThread`
Info	The PE is digitally signed.	`Signer: Qoria Holdings Pty Ltd` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`98c3b02b96ab0cd2b53b558fb3ac08e9`
SHA1	`d08f4542f30ba829691a1063f3c04c3081cd661d`
SHA256	`b3e7e1eae4bfb1e6704e7839fe5810490b70e551e11cd4c697333cca2956736d`
SHA3	`a95934cfa17fb769abb5948b3e3854851ff8f40d51032347c38e08444f7b1c33`
SSDeep	`196608:qjFW0RScMfxxG+enN/GWY7gNMT9SBWRu40BwxcXKGLDWcJ+:ORSjZZenN/qkMT9SeBtUK5`
Imports Hash	`f0ea7b7844bbc5bfa9bb32efdcea957c`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0x4`
e_cparhdr	`0`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0x8b`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`13`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0x1006600`
NumberOfSymbols	`19568`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`3.0`
SizeOfCode	`0x581400`
SizeOfInitializedData	`0x64e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000682A0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.1`
ImageVersion	`1.0`
SubsystemVersion	`6.1`
Win32VersionValue	`0`
SizeOfImage	`0x11b6000`
SizeOfHeaders	`0x600`
Checksum	`0x1152a38`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a1620ece4afc3a1a9849ad9c21f5f1b4`
SHA1	`58455814d9fcc77e37200227add7100487d68900`
SHA256	`6963b64b026b9f3c3bc2dde0dce71d19759ed16ccfd3970a5c2e177faf0a1b5e`
SHA3	`812a08df4e5f5cdd50b78728feb89628d008f5f60684166458add886321d86ba`
VirtualSize	`0x581276`
VirtualAddress	`0x1000`
SizeOfRawData	`0x581400`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.09462`

.rdata

MD5	`1b91a9176dd96e6c18647f6b73d2ecbd`
SHA1	`b9c301ac960280dc206a39b61bd7594787586cb4`
SHA256	`20363f8edb6879ef0c245b6962d2dc26744711662662ee01f197e4865c626ee2`
SHA3	`c4801f36b28cc9827437355f2de56a50711031746a4789b0db8d4eac3d4e9fcb`
VirtualSize	`0x5e6be0`
VirtualAddress	`0x583000`
SizeOfRawData	`0x5e6c00`
PointerToRawData	`0x581a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.67205`

.data

MD5	`9d8dee991fa78eaba7c5a3bc6e732879`
SHA1	`f7beb7b9b43846dbe71d2f2f1a29588ed7b0de6b`
SHA256	`bf74f10df903f035aea7603f9749502de8bdc9e313759e0a0ac47466dafff680`
SHA3	`cc781926270656090f2ba7c7de41d938814451b00fc13b659e1239afbff6ef6f`
VirtualSize	`0xcd710`
VirtualAddress	`0xb6a000`
SizeOfRawData	`0x64e00`
PointerToRawData	`0xb68600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.21135`

/4

MD5	`43dc7a0ae5a7067502907db800396667`
SHA1	`9deaf2c97a5dd8decc2049a28a95fa273bd89d2e`
SHA256	`b195563d9754524516369f5f72a9b361b2b003f75efe1e497b5549a99220a76b`
SHA3	`6e84c69337963b66a039934c7f9df84d807b67bfd05904d9d3705be164a1e54f`
VirtualSize	`0x127`
VirtualAddress	`0xc38000`
SizeOfRawData	`0x200`
PointerToRawData	`0xbcd400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.09787`

/19

MD5	`668d1daee0fe67c5215a53af8fa14d8a`
SHA1	`4d1b436a9b0d01afa6bd47a064b614bdd60193df`
SHA256	`a35bfdda9e83a7ae3c1efe4ea084cc22df60130cbc7bc9b3f866bcb3a92aec3f`
SHA3	`dd0b4bea29f5c8f2bb080d3a8f9eb7c182133aaba3f797b7a139d0b9dd3b85b9`
VirtualSize	`0xde651`
VirtualAddress	`0xc39000`
SizeOfRawData	`0xde800`
PointerToRawData	`0xbcd600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99707`

/32

MD5	`6dc14768174499e6e71735d71e2c3f89`
SHA1	`2de1e660f36eebc10dca057b68177cff50bef93d`
SHA256	`1a8f3b2dbd6df905cd559f984fbae5b9b034e743797468b226c90b5a742223fb`
SHA3	`8f0c8d123bba1c6bf2aac2d6fd82b24e55e8367883a6e6765678375edc2e9359`
VirtualSize	`0x3298a`
VirtualAddress	`0xd18000`
SizeOfRawData	`0x32a00`
PointerToRawData	`0xcabe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.93928`

/46

MD5	`27a7636d7789bbb5822ba8e944ed43d2`
SHA1	`1a4511980e4d281f7498362c209114d8aad28f5d`
SHA256	`d6fbd95b8f725e9c58a656809aee0fa8b9c475225096f36e40cbb5f300d85eb3`
SHA3	`8c5f68c660ce2735596754957a788f2377374395898e3a047b3e11bc0fca777f`
VirtualSize	`0x40`
VirtualAddress	`0xd4b000`
SizeOfRawData	`0x200`
PointerToRawData	`0xcde800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.0814`

/65

MD5	`e587d9a7603807aa8aad56c62af30e25`
SHA1	`d19e31d1c86438814bc3e3dff71ba3aada85fe13`
SHA256	`cc4b02cc8a2e3805c5dd6d6d89720e2c6fda6d734ea92650002c1a71b6b36692`
SHA3	`35a781eb707f2d2195615e82985c0063c0bbce8a6654fcd1c21b6974e181875b`
VirtualSize	`0x19ba85`
VirtualAddress	`0xd4c000`
SizeOfRawData	`0x19bc00`
PointerToRawData	`0xcdea00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99841`

/78

MD5	`19fa64a510f227ca3f0521b027ae94ae`
SHA1	`7fa03eafd30d562bfc2ad2f1b9248c075fad740d`
SHA256	`4c9c6a2c1516784385f599a5142a190afc0a1395c7639a80efec999cb3866d9e`
SHA3	`d58fecb04f706e5813c3a51a536b094bede3a43a2fa5e5794f52cd89488024ca`
VirtualSize	`0x127529`
VirtualAddress	`0xee8000`
SizeOfRawData	`0x127600`
PointerToRawData	`0xe7a600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99616`

/90

MD5	`1f3cb6ccda259b1ba941f06d70a9739f`
SHA1	`f1a345b0e36917bfc70424ffa94b9840a0c322e6`
SHA256	`bc1e5327f475659129a23b8fe6bac9e14061baa4bbee7c7a47fdf1abdc4a7de3`
SHA3	`1df58b8664ed6859e4eccf1b06ede56aca75326e6a48cf481e18abe0a45967e5`
VirtualSize	`0x4787b`
VirtualAddress	`0x1010000`
SizeOfRawData	`0x47a00`
PointerToRawData	`0xfa1c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.80723`

.idata

MD5	`723aa31efb690473303c3b1bca0ac003`
SHA1	`52ff8ff3b2c1387183e3eb0afd2fa487760da97d`
SHA256	`2cc49f3469cc417332c9288c0b115e08e1d159187371e93d123cddd7fb90f03f`
SHA3	`16a2b9ad3aef74c96a576771159407c2b8089b8b3a698096b95e208c90b295f2`
VirtualSize	`0x490`
VirtualAddress	`0x1058000`
SizeOfRawData	`0x600`
PointerToRawData	`0xfe9600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.76482`

.reloc

MD5	`87deabdc255409ed7cb131df864bf7a8`
SHA1	`282b181d96a1b97ffd8abd2ca210195839f16254`
SHA256	`2c473e95b6f20414bc5b48d660c7faae7f3480ecc3ae988fd848be788cf156c1`
SHA3	`aa31e185335842a2f9286d6de55e3ed5b5c127de0614a5597f88c181a3521194`
VirtualSize	`0x1c960`
VirtualAddress	`0x1059000`
SizeOfRawData	`0x1ca00`
PointerToRawData	`0xfe9c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.44579`

.symtab

MD5	`d54da99264229445e82a8cfc43e9d46b`
SHA1	`06641ab5d3ee6271058f13cec6a5b4b3682890dd`
SHA256	`b5e0ccef75aa203b5afbca4a1926db21ab60c3421b18311b035730c986e3e6f7`
SHA3	`47fdb0890ad12766d14a168ae9ce6ab4e4db8953dc8bc4e884422b576e203c4e`
VirtualSize	`0x13fc23`
VirtualAddress	`0x1076000`
SizeOfRawData	`0x13fe00`
PointerToRawData	`0x1006600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.42913`

Imports

kernel32.dll	`WriteFile` `WriteConsoleW` `WaitForMultipleObjects` `WaitForSingleObject` `VirtualQuery` `VirtualFree` `VirtualAlloc` `TlsAlloc` `SwitchToThread` `SuspendThread` `SetWaitableTimer` `SetUnhandledExceptionFilter` `SetProcessPriorityBoost` `SetEvent` `SetErrorMode` `SetConsoleCtrlHandler` `ResumeThread` `PostQueuedCompletionStatus` `LoadLibraryA` `LoadLibraryW` `SetThreadContext` `GetThreadContext` `GetSystemInfo` `GetSystemDirectoryA` `GetStdHandle` `GetQueuedCompletionStatusEx` `GetProcessAffinityMask` `GetProcAddress` `GetEnvironmentStringsW` `GetConsoleMode` `FreeEnvironmentStringsW` `ExitProcess` `DuplicateHandle` `CreateWaitableTimerExW` `CreateThread` `CreateIoCompletionPort` `CreateFileA` `CreateEventA` `CloseHandle` `AddVectoredExceptionHandler`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Tried to read outside the COFF string table to get the name of section /19!
[*] Warning: Tried to read outside the COFF string table to get the name of section /32!
[*] Warning: Tried to read outside the COFF string table to get the name of section /46!
[*] Warning: Tried to read outside the COFF string table to get the name of section /65!
[*] Warning: Tried to read outside the COFF string table to get the name of section /78!
[*] Warning: Tried to read outside the COFF string table to get the name of section /90!

Leave a comment

No comments yet.