The binary likely contains encrypted or compressed data. Show sources
| packer_section | name: &9\x17nFiL$, entropy: 7.99, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x00005c00, virtual_size: 0x00005b8c |
| packer_section | name: .text, entropy: 7.81, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x001ee800, virtual_size: 0x001ee7c8 |
Reads data out of its own binary image Show sources
| api_process_name | process: 97cf21650dfc7e50972bf09a2760fe8b78d367b8.exe, pid: 2336, offset: 0x00000000, length: 0x00001000 |
| api_process_name | process: 97cf21650dfc7e50972bf09a2760fe8b78d367b8.exe, pid: 2336, offset: 0x00000000, length: 0x0020da00 |
| api_process_name | process: 97cf21650dfc7e50972bf09a2760fe8b78d367b8.exe, pid: 2336, offset: 0x00000080, length: 0x00000200 |
| api_process_name | process: 97cf21650dfc7e50972bf09a2760fe8b78d367b8.exe, pid: 2336, offset: 0x0020da00, length: 0x00000010 |
Anomalous binary characteristics Show sources
| static_pe_section_name | Unprintable characters found in section name |
| static_pe_anomaly | Actual checksum does not match that reported in PE header |
Attempts to connect to a dead IP:Port (1 unique times) Show sources
| network_host_ip | 13.107.4.50:80 (United States) |
Creates RWX memory Show sources
| injection_rwx_memory | 0x00000040, NtAllocateVirtualMemory or VirtualProtectEx |