Manalyze report for eac304176a2186fece9506d7d22fa6c5781990fc0a212b54017788ca0b38c907

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	1970-Jan-01 00:00:00

Plugin Output

Suspicious	PEiD Signature:	`HQR data file`
Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata` `Unusual section name found: .symtab`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress` `Functions which can be used for anti-debugging purposes: SwitchToThread`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`5a921b915db74c729d0ee8ad4d3f51f5`
SHA1	`e22940a184d21ed5b2eb58086c1334b83dc857d2`
SHA256	`eac304176a2186fece9506d7d22fa6c5781990fc0a212b54017788ca0b38c907`
SHA3	`d866ca2f98312281193f33778857cd15c559c12c70a70f97cbf0b2755e5c1b08`
SSDeep	`24576:iLfl6DoL/z4+lARVpHhliQEe7hk2yPHMtPEtdgjipPR:iLflgoL/z4+evlD1k2qHPqU`
Imports Hash	`ebc247a77b4d4a804b261f97a1fd075c`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0x8b`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`9`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0x198a00`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`3.0`
SizeOfCode	`0xa3e00`
SizeOfInitializedData	`0xe200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000007D400 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.1`
ImageVersion	`1.0`
SubsystemVersion	`6.1`
Win32VersionValue	`0`
SizeOfImage	`0x1e8000`
SizeOfHeaders	`0x600`
Checksum	`0x1a0bb1`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`9af4714b3383f6bbc924e354b6ff67e1`
SHA1	`390ebba9d85eec5b32100e18bd0d919d8341d0cb`
SHA256	`112363f58fbae23e08913fec3f1b3ed9d487cd9590727ee7629b5ed22c28e039`
SHA3	`9257297e6732055b7bd629d76028e0ce032dc18bdb5184310a649195918cd54e`
VirtualSize	`0xa3d51`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa3e00`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.25561`

.rdata

MD5	`6c07c596dfd690fcbb32e898420aafc7`
SHA1	`e5c6b7256f2b4246e0815ee307ad27af32333dbe`
SHA256	`1f54255979ff7bb5888e74ed97be9e5650347edef3ee737d3d757a776edb9614`
SHA3	`82d8b821f79b34abb2cd79fa211cc6cf1cac2498d139d45f8810aca391272b16`
VirtualSize	`0xdd6c8`
VirtualAddress	`0xa5000`
SizeOfRawData	`0xdd800`
PointerToRawData	`0xa4400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.51073`

.data

MD5	`d17186b416161403080eb231b1f4209a`
SHA1	`6471ec681fd3c8459ff219ef62bce468caaaf4b9`
SHA256	`cec18e0c4ab95f3ccba5a465901023880e69acddda375e1f5e6a4a19c060a07e`
SHA3	`fb8de126965aa7b12e6b26594e78e5d058602370a3452df45eac8730efb762d5`
VirtualSize	`0x57828`
VirtualAddress	`0x183000`
SizeOfRawData	`0xda00`
PointerToRawData	`0x181c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.12817`

.pdata

MD5	`0edd2178eeb6041232cf60cc84394cf9`
SHA1	`88a0c6314a665ea2dfb0c56f2275c38466802575`
SHA256	`76c5678d56db8c2f29c3b2629cfb3de1460ec6e2a48972d995d46f4c5cac9cef`
SHA3	`7db3ee599205a7e030acd70db6564d2ed1b9432305cee870e70c5bf4fc5c5781`
VirtualSize	`0x4c08`
VirtualAddress	`0x1db000`
SizeOfRawData	`0x4e00`
PointerToRawData	`0x18f600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.77766`

.xdata

MD5	`3f337d2572ea9beb7f47f58dac5feb0c`
SHA1	`554783d4c50f15949706e35060f5e415dc80be33`
SHA256	`8ca8cff0fffbd5c0489b5339f4352dab98f5fdbebc23bfe2e4c26f59f0b19000`
SHA3	`39ab8950e8a7a3ca1eeafb1b8ca1ddd716902f2596e5308ff4e7b253de32ffcb`
VirtualSize	`0xa8`
VirtualAddress	`0x1e0000`
SizeOfRawData	`0x200`
PointerToRawData	`0x194400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.67294`

.idata

MD5	`9692b2dae8a26c05e5908e3e58faaf05`
SHA1	`9205f79765ab27a114d050dc1fd415d4875535df`
SHA256	`70846d7ee3292fdf727fdd31348b7edef38080dce5fb2943e3118130227299ff`
SHA3	`51729fd3d06f2a106eac6b297aa18b29f3353d71834a329ce6958f7657f3653a`
VirtualSize	`0x55a`
VirtualAddress	`0x1e1000`
SizeOfRawData	`0x600`
PointerToRawData	`0x194600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.08024`

.reloc

MD5	`cf2ff43a653d25efa849e5e63089da66`
SHA1	`48bd367cb73818470976de88840261b46eafe80d`
SHA256	`ecac83592a4e8a3f1e79b4fb29470752558eef0802db3287ec1814501e4dfb4b`
SHA3	`7a6a32bfbf621af2d2eac757800cccc7e17654719ec47c6ab4bdd726234ab26c`
VirtualSize	`0x3d58`
VirtualAddress	`0x1e2000`
SizeOfRawData	`0x3e00`
PointerToRawData	`0x194c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.42498`

.symtab

MD5	`07b5472d347d42780469fb2654b7fc54`
SHA1	`943ae54f4818e52409fbbaf60ffd71318d966b0d`
SHA256	`3e67f4a7d14b832ff2a2433e9cf0f6f5720821f67148a87c0ee2595a20c96c68`
SHA3	`a70a3e18515c06557b62676f2a8eb6d7d41962d8c9c7c49f4641c429cc65b977`
VirtualSize	`0x4`
VirtualAddress	`0x1e6000`
SizeOfRawData	`0x200`
PointerToRawData	`0x198a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0203931`

.rsrc

MD5	`e4c8054797926e68e3f031016f372516`
SHA1	`5c9129a0d5d52313d058e41fec531838aa3bcf46`
SHA256	`37a58181797e3c1490b0b56de0894cb855cab05deb59c6d6ab64e39b8e42fc1d`
SHA3	`775592cd5e1d87b15186bc6f00e82fbc3704de558c031197ec383c1a24c5d84c`
VirtualSize	`0x633`
VirtualAddress	`0x1e7000`
SizeOfRawData	`0x800`
PointerToRawData	`0x198c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.72478`

Imports

kernel32.dll	`WriteFile` `WriteConsoleW` `WerSetFlags` `WerGetFlags` `WaitForMultipleObjects` `WaitForSingleObject` `VirtualQuery` `VirtualFree` `VirtualAlloc` `TlsAlloc` `SwitchToThread` `SuspendThread` `SetWaitableTimer` `SetProcessPriorityBoost` `SetEvent` `SetErrorMode` `SetConsoleCtrlHandler` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `ResumeThread` `RaiseFailFastException` `PostQueuedCompletionStatus` `LoadLibraryExW` `SetThreadContext` `GetThreadContext` `GetSystemInfo` `GetSystemDirectoryA` `GetStdHandle` `GetQueuedCompletionStatusEx` `GetProcessAffinityMask` `GetProcAddress` `GetErrorMode` `GetEnvironmentStringsW` `GetCurrentThreadId` `GetConsoleMode` `FreeEnvironmentStringsW` `ExitProcess` `DuplicateHandle` `CreateWaitableTimerExW` `CreateThread` `CreateIoCompletionPort` `CreateEventA` `CloseHandle` `AddVectoredExceptionHandler` `AddVectoredContinueHandler` `GetProcAddress` `LoadLibraryExW`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5db`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.22`
MD5	`cc5f24bf41b0c2cb7d441d0f07cd74e7`
SHA1	`38e5c2df563b22a201f98fcada5c80cce3f396bf`
SHA256	`a6bfbf8d5bca6033c9eac8aa511bf4d7d6655f6c9a6046e63c3dc57b10ff3902`
SHA3	`3f5f45a1cb69fe836312190630162b2d88569d9b999d682ae01dce6f9696681b`

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.