Advanced File Analysis System

Packer

The binary likely contains encrypted or compressed data. Show sources

packer_section	name: .rdata, entropy: 7.68, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ, raw_size: 0x0000c000, virtual_size: 0x0000bd18
packer_section	name: .code, entropy: 7.65, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_LNK_COMDAT\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE, raw_size: 0x0000b000, virtual_size: 0x0000aa3e
packer_section	name: .crt, entropy: 6.96, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_LNK_COMDAT\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE, raw_size: 0x00004000, virtual_size: 0x00003572

Networking

Attempts to connect to a dead IP:Port (1 unique times) Show sources

network_host_ip

184.26.44.97:80 (United States)

Hooking and other Techniques for Hiding Protection

Creates RWX memory Show sources

injection_rwx_memory

0x00000040, NtAllocateVirtualMemory or VirtualProtectEx