Manalyze report for f9898ff6597b7e6a3c80b7f21866806061ca47f86983983a75c1aadec8440e86

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2024-May-31 18:28:59
Detected languages	English - United States

Plugin Output

Info	Libraries used to perform cryptographic operations:	`Microsoft's Cryptography API`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress` `Uses Microsoft's cryptographic API: CRYPTO_zalloc CRYPTO_strdup CRYPTO_secure_malloc CRYPTO_secure_free CRYPTO_memcmp CRYPTO_malloc CRYPTO_free CRYPTO_set_mem_functions`
Info	The PE is digitally signed.	`Signer: TECHNOLOGIAE MILL` `Issuer: GlobalSign GCC R45 CodeSigning CA 2020`
Safe	VirusTotal score: 0/72 (Scanned on 2024-11-20 14:15:18)	`All the AVs think this file is safe.`

Hashes

MD5	`66f94d3019fe5e0084d8b42e7b9311a0`
SHA1	`745b723627767be3d16b660e764bb2b2107cdfea`
SHA256	`f9898ff6597b7e6a3c80b7f21866806061ca47f86983983a75c1aadec8440e86`
SHA3	`caab2f4f95d17cae5d2489f032647347455f358740d210fcbf2b0806d77062ee`
SSDeep	`24576:BXw0gNYihVAmV2D4I8Qjpdh6EijeQXjk0oGb6bksGq2NaSAgW9AxOW2zHXEccO:VpgNYEVAma8qpdhRijeQXjoGb6bkY6a7`
Imports Hash	`246309ffec4efdb26bd678661d1d104f`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2024-May-31 18:28:59
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x64a00`
SizeOfInitializedData	`0x86000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000050F5C (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xee000`
SizeOfHeaders	`0x400`
Checksum	`0xf2add`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`5bf7e2e0fdb9d24392b707fb95b7799d`
SHA1	`adfd528c4627d6ac495e0aa1efca7c723ec34047`
SHA256	`9fe3f83a99dd4a91942e8d953cd9f55721292c8541bbd91b0a40334e1c701311`
SHA3	`ca28ec140f61ecbe33f0676a987b754c1d9569f7893c06fa724d7dfeea8665c2`
VirtualSize	`0x648c0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x64a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.33287`

.rdata

MD5	`80b5cb824b10df910a43a2294faece7d`
SHA1	`c6514437015165c40b474a31f01a6327641b7952`
SHA256	`afcb9b5b8601e92db448cf7c3f3548d851e3213aa63391769ac464a7d62fe685`
SHA3	`5566c2a3dc8763e9b75020f400e0a456af5ebc30f5683af6141e0c4ca53dd4bd`
VirtualSize	`0x7ea8e`
VirtualAddress	`0x66000`
SizeOfRawData	`0x7ec00`
PointerToRawData	`0x64e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.5746`

.data

MD5	`a91468a844c1a47c27f21192fa87c0d8`
SHA1	`1d5c5f8916fc9a0a0e67d8cf8aafa551a13f1d93`
SHA256	`e7aed03156cacb4735308fbbc32b04ac786e47a2c1c84d3bced6cc49b00cb3f8`
SHA3	`50d72dfd918d05c94024505e0dcf5813c19e79b7e51a4d05477523cd60125a6d`
VirtualSize	`0x3b88`
VirtualAddress	`0xe5000`
SizeOfRawData	`0x2a00`
PointerToRawData	`0xe3a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.20998`

.pdata

MD5	`a60d2e0feadbd50abd61e198a6946e45`
SHA1	`acd30847bff0a68320b9480ce8628995f08d4695`
SHA256	`7ad17593e2be16bea9d7cc74b236751673b5b3218f5e63723339af8856ee0bfe`
SHA3	`201a18e8de8dd48bc92864d3b90e1f16972e80d0e474b5f02c58bff84deb5c4d`
VirtualSize	`0x2afc`
VirtualAddress	`0xe9000`
SizeOfRawData	`0x2c00`
PointerToRawData	`0xe6400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.54221`

.rsrc

MD5	`5a55831cb7143cc1b386cf2023a0d2da`
SHA1	`1b99de770c61aaa7584a8daf243a938a9651a79e`
SHA256	`f528255ee6bce79437a40bb7404a210587a09580af5c6b816d6c356fbecfd6bc`
SHA3	`cf945420986dd2d52b030c5b633633c309c1d02942a0abb3256cf98bd9628102`
VirtualSize	`0x1e0`
VirtualAddress	`0xec000`
SizeOfRawData	`0x200`
PointerToRawData	`0xe9000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.72473`

.reloc

MD5	`385c65ca012f10ebceebc39c011ce866`
SHA1	`105c0f586614036a4abe93a2ed8d9d494205bd23`
SHA256	`5d0e9d3607ae316eb6113fe3a18eba132ccf195bed268b6b9f6ad0f86e40e004`
SHA3	`6144e39bb997edd347666394c9c1614d191f4324434b80c52292f46501a0179a`
VirtualSize	`0x9a0`
VirtualAddress	`0xed000`
SizeOfRawData	`0xa00`
PointerToRawData	`0xe9200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.37539`

Imports

libcrypto-3-x64.dll	`HMAC_Init_ex` `HMAC_Update` `HMAC_Final` `OBJ_NAME_add` `OBJ_NAME_remove` `EVP_MD_meth_new` `EVP_MD_meth_free` `EVP_MD_meth_set_input_blocksize` `EVP_MD_meth_set_result_size` `EVP_MD_meth_set_app_datasize` `EVP_MD_meth_set_flags` `EVP_MD_meth_set_init` `EVP_MD_meth_set_update` `EVP_MD_meth_set_final` `EVP_MD_meth_set_copy` `EVP_MD_meth_set_cleanup` `EVP_MD_meth_set_ctrl` `EVP_MD_get0_name` `EVP_MD_is_a` `EVP_CIPHER_fetch` `EVP_CIPHER_free` `CMAC_CTX_new` `CMAC_CTX_free` `CMAC_CTX_copy` `CMAC_Init` `CMAC_Update` `CMAC_Final` `CRYPTO_zalloc` `OSSL_PARAM_construct_size_t` `EVP_MD_get_block_size` `EVP_CIPHER_is_a` `EVP_CIPHER_get0_provider` `EVP_CIPHER_get_key_length` `EVP_CIPHER_CTX_get_block_size` `EVP_CIPHER_CTX_copy` `EVP_Cipher` `EVP_EncryptInit_ex` `EVP_CIPHER_CTX_reset` `EVP_CIPHER_CTX_set_key_length` `EVP_CIPHER_CTX_ctrl` `EVP_CIPHER_CTX_set_params` `BN_is_zero` `BN_CTX_new` `BN_CTX_secure_new` `BN_CTX_free` `BN_CTX_start` `BN_CTX_get` `BN_CTX_end` `BN_rand_range` `BN_new` `BN_secure_new` `BN_lebin2bn` `BN_sub` `BN_is_negative` `BN_div` `BN_nnmod` `BN_mod_add` `BN_mod_mul` `BN_set_word` `BN_cmp` `BN_free` `BN_dup` `BN_ucmp` `BN_hex2bn` `BN_mod_inverse` `EC_GROUP_free` `EC_GROUP_set_generator` `EC_GROUP_get_order` `EC_GROUP_set_curve_name` `EC_GROUP_get_curve_name` `EC_GROUP_new_curve_GFp` `EC_POINT_new` `EC_POINT_free` `EC_POINT_set_affine_coordinates` `EC_POINT_get_affine_coordinates` `EC_POINT_mul` `EC_KEY_get0_group` `EC_KEY_set_group` `EC_KEY_get0_private_key` `EC_KEY_set_private_key` `EC_KEY_get0_public_key` `EC_KEY_set_public_key` `ECDSA_SIG_new` `ECDSA_SIG_free` `ECDSA_SIG_get0` `ECDSA_SIG_set0` `CRYPTO_strdup` `CRYPTO_secure_malloc` `CRYPTO_secure_free` `BIO_indent` `BIO_printf` `BN_num_bits` `BN_bin2bn` `BN_bn2bin` `BN_print` `d2i_ASN1_OBJECT` `i2d_ASN1_OBJECT` `ASN1_STRING_new` `ASN1_STRING_free` `ASN1_STRING_set` `ASN1_STRING_length` `HMAC_CTX_reset` `ASN1_BIT_STRING_free` `ASN1_INTEGER_free` `d2i_ASN1_INTEGER` `ASN1_OCTET_STRING_free` `d2i_ASN1_OCTET_STRING` `i2d_ASN1_OCTET_STRING` `ASN1_INTEGER_to_BN` `EC_POINT_cmp` `EC_KEY_new` `EC_KEY_free` `OBJ_nid2ln` `EVP_DecryptInit_ex` `EVP_PKEY_get_id` `EVP_PKEY_get_base_id` `EVP_PKEY_set_type` `EVP_PKEY_assign` `EVP_PKEY_get0` `EVP_PKEY_new` `EVP_PKEY_free` `EVP_PKEY_missing_parameters` `EVP_PKEY_asn1_new` `EVP_PKEY_asn1_set_public` `EVP_PKEY_asn1_set_private` `EVP_PKEY_asn1_set_param` `EVP_PKEY_asn1_set_free` `EVP_PKEY_asn1_set_ctrl` `EVP_PKEY_asn1_set_security_bits` `EVP_PKEY_CTX_ctrl` `EVP_PKEY_CTX_get_data` `EVP_PKEY_derive_set_peer` `EVP_PKEY_derive` `BUF_reverse` `PKCS7_SIGNER_INFO_get0_algs` `PKCS7_RECIP_INFO_get0_alg` `X509_ALGOR_set0` `X509_ALGOR_get0` `X509_PUBKEY_new` `X509_PUBKEY_free` `PKCS8_pkey_set0` `PKCS8_pkey_get0` `X509_PUBKEY_set0_param` `X509_PUBKEY_get0_param` `CMS_RecipientInfo_type` `CMS_RecipientInfo_get0_pkey_ctx` `CMS_RecipientInfo_ktri_get0_algs` `CMS_SignerInfo_get0_algs` `CMS_RecipientInfo_kari_get0_alg` `CMS_RecipientInfo_kari_get0_orig_id` `CMS_RecipientInfo_kari_get0_ctx` `OPENSSL_hexstr2buf` `OBJ_txt2obj` `EVP_MD_meth_get_ctrl` `EVP_MD_get_type` `EVP_DigestFinal_ex` `EVP_PKEY_meth_new` `EVP_PKEY_CTX_set_data` `EVP_PKEY_CTX_get0_pkey` `EVP_PKEY_meth_set_init` `EVP_PKEY_meth_set_copy` `EVP_PKEY_meth_set_cleanup` `EVP_PKEY_meth_set_paramgen` `EVP_PKEY_meth_set_keygen` `EVP_PKEY_meth_set_sign` `EVP_PKEY_meth_set_verify` `EVP_PKEY_meth_set_signctx` `EVP_PKEY_meth_set_encrypt` `EVP_PKEY_meth_set_decrypt` `EVP_PKEY_meth_set_derive` `EVP_PKEY_meth_set_ctrl` `EVP_PKEY_meth_set_check` `EVP_PKEY_meth_set_public_check` `EC_KEY_check_key` `X509_PUBKEY_it` `ASN1_OBJECT_it` `ASN1_OCTET_STRING_it` `ASN1_item_new` `ASN1_item_free` `ASN1_item_d2i` `ASN1_item_i2d` `EVP_DigestSignInit` `EVP_DigestSignFinal` `EVP_PKEY_new_mac_key` `X509at_add1_attr_by_OBJ` `X509at_get0_data_by_OBJ` `RAND_bytes` `BN_bn2lebinpad` `EC_POINT_set_to_infinity` `EVP_MD_get_size` `EVP_MD_CTX_reset` `EVP_PKEY_copy_parameters` `EVP_PKEY_get_default_digest_nid` `EVP_PKEY_CTX_get0_peerkey` `EC_GROUP_get0_order` `EC_GROUP_get0_field` `X509_PUBKEY_set` `X509_PUBKEY_get` `ERR_new` `ERR_set_debug` `ERR_set_error` `ERR_load_strings` `ERR_unload_strings` `ERR_get_next_error_library` `HMAC_CTX_free` `HMAC_CTX_new` `EVP_get_digestbyname` `EVP_get_cipherbyname` `EVP_CIPHER_CTX_free` `EVP_CIPHER_CTX_new` `EVP_CipherFinal_ex` `EVP_CipherUpdate` `EVP_CipherInit_ex` `EVP_CIPHER_CTX_set_flags` `EVP_DigestFinalXOF` `EVP_DigestUpdate` `EVP_DigestInit_ex` `OBJ_nid2sn` `CRYPTO_memcmp` `RAND_priv_bytes` `EVP_DigestSignUpdate` `EVP_MD_CTX_copy` `EVP_MD_CTX_set_flags` `EVP_MD_CTX_free` `EVP_MD_CTX_new` `EVP_CIPHER_CTX_get_cipher_data` `EVP_CIPHER_CTX_set_app_data` `EVP_CIPHER_CTX_get_app_data` `EVP_CIPHER_CTX_set_num` `EVP_CIPHER_CTX_get_num` `EVP_CIPHER_CTX_buf_noconst` `EVP_CIPHER_CTX_iv_noconst` `EVP_CIPHER_CTX_original_iv` `EVP_CIPHER_CTX_iv` `EVP_CIPHER_CTX_cipher` `EVP_CIPHER_CTX_get_iv_length` `EVP_CIPHER_CTX_get_key_length` `EVP_CIPHER_CTX_get_nid` `EVP_CIPHER_CTX_is_encrypting` `EVP_CIPHER_CTX_get0_cipher` `EVP_CIPHER_get_mode` `EVP_CIPHER_get_iv_length` `EVP_MD_CTX_get0_md_data` `EVP_MD_CTX_md` `EVP_CIPHER_meth_set_ctrl` `EVP_CIPHER_meth_set_get_asn1_params` `EVP_CIPHER_meth_set_set_asn1_params` `EVP_CIPHER_meth_set_cleanup` `EVP_CIPHER_meth_set_do_cipher` `EVP_CIPHER_meth_set_init` `EVP_CIPHER_meth_set_impl_ctx_size` `EVP_CIPHER_meth_set_flags` `EVP_CIPHER_meth_set_iv_length` `EVP_CIPHER_meth_free` `EVP_CIPHER_meth_new` `EVP_MD_meth_get_init` `OBJ_txt2nid` `OBJ_obj2nid` `OBJ_nid2obj` `ASN1_OCTET_STRING_set` `ASN1_OCTET_STRING_new` `ASN1_TYPE_set` `ASN1_TYPE_get` `ERR_add_error_data` `OPENSSL_die` `OPENSSL_cleanse` `CRYPTO_malloc` `ENGINE_get_static_state` `ENGINE_set_cmd_defns` `ENGINE_set_pkey_asn1_meths` `ENGINE_set_pkey_meths` `ENGINE_set_digests` `ENGINE_set_ciphers` `ENGINE_set_ctrl_function` `ENGINE_set_finish_function` `ENGINE_set_init_function` `ENGINE_set_destroy_function` `ENGINE_set_name` `ENGINE_set_id` `ENGINE_register_all_complete` `ENGINE_register_pkey_meths` `ENGINE_register_digests` `ENGINE_register_ciphers` `EVP_add_digest` `EVP_add_cipher` `OBJ_add_object` `OBJ_new_nid` `ASN1_OBJECT_create` `ASN1_OBJECT_free` `OPENSSL_init_crypto` `CRYPTO_free` `ASN1_STRING_get0_data` `CRYPTO_set_mem_functions`
KERNEL32.dll	`WriteConsoleW` `CreateFileW` `CloseHandle` `HeapReAlloc` `HeapSize` `GetStringTypeW` `SetFilePointerEx` `GetFileSizeEx` `SetStdHandle` `GetConsoleMode` `GetConsoleOutputCP` `WriteFile` `FlushFileBuffers` `GetProcessHeap` `SetEnvironmentVariableW` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `WideCharToMultiByte` `MultiByteToWideChar` `GetCommandLineW` `GetCommandLineA` `GetCPInfo` `GetOEMCP` `GetACP` `IsValidCodePage` `FindNextFileW` `FindFirstFileExW` `FindClose` `GetFileType` `GetStdHandle` `LCMapStringW` `CompareStringW` `FlsFree` `FlsSetValue` `FlsGetValue` `FlsAlloc` `HeapFree` `HeapAlloc` `GetModuleFileNameW` `GetModuleHandleExW` `ExitProcess` `RtlPcToFileHeader` `RaiseException` `EncodePointer` `LoadLibraryExW` `GetProcAddress` `FreeLibrary` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `InitializeCriticalSectionAndSpinCount` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `SetLastError` `GetLastError` `InterlockedFlushSList` `RtlUnwindEx` `TerminateProcess` `GetCurrentProcess` `GetModuleHandleW` `IsProcessorFeaturePresent` `GetStartupInfoW` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `IsDebuggerPresent` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `InitializeSListHead` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `GetCurrentProcessId` `QueryPerformanceCounter`

Delayed Imports

bind_engine

Ordinal	`1`
Address	`0x1010`

v_check

Ordinal	`2`
Address	`0x1960`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2024-May-31 18:28:59
Version	`0.0`
SizeofData	`776`
AddressOfRawData	`0xdedec`
PointerToRawData	`0xddbec`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1800e6d40`

RICH Header

XOR Key	`0x1e8353af`
Unmarked objects	`0`
ASM objects (28900)	`6`
C++ objects (28900)	`136`
C objects (28900)	`10`
ASM objects (33731)	`9`
C objects (33731)	`14`
C++ objects (33731)	`33`
Imports (28900)	`2`
Imports (33811)	`3`
Total imports	`381`
C objects (33811)	`33`
Exports (33811)	`1`
Resource objects (33811)	`1`
Linker (33811)	`1`

Errors

Leave a comment

No comments yet.