Architecture |
IMAGE_FILE_MACHINE_AMD64
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date |
2024-Mar-28 12:06:50
|
Info |
Libraries used to perform cryptographic operations: |
Microsoft's Cryptography API
|
Suspicious |
This PE is packed with Themida |
Unusual section name found:
Unusual section name found:
Unusual section name found:
Unusual section name found: .themida
Section .themida is both writable and executable.
Unusual section name found: .boot
|
Suspicious |
The PE contains functions most legitimate programs don't use. |
Uses Microsoft's cryptographic API:
Leverages the raw socket API to access the Internet:
|
Suspicious |
No VirusTotal score. |
This file has never been scanned on VirusTotal.
|
MD5 |
b2c6cabbae57845cd855ac211777dc81
|
SHA1 |
6f23ffdcc48a5953e279df8a061f184de061fddd
|
SHA256 |
0f811a96a0123a2279730a7faa42b687234b5dfa56437f8f7082f899ce50d195
|
SHA3 |
1f88575c40e0854823a6c268e29e87a3d9764e4e9285d17a81c24f4dcadfd473
|
SSDeep |
393216:XXBua3iQqcFNALT8aGbJlQD12K/VnmjrCHbDQvZ:MhPcqG9lS2WVmvCE
|
Imports Hash |
460366be90a24c440708375ea1b869ae
|
e_magic |
MZ
|
e_cblp |
0x90
|
e_cp |
0x3
|
e_crlc |
0
|
e_cparhdr |
0x4
|
e_minalloc |
0
|
e_maxalloc |
0xffff
|
e_ss |
0
|
e_sp |
0xb8
|
e_csum |
0
|
e_ip |
0
|
e_cs |
0
|
e_ovno |
0
|
e_oemid |
0
|
e_oeminfo |
0
|
e_lfanew |
0x130
|
Signature |
PE
|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections |
7
|
TimeDateStamp |
2024-Mar-28 12:06:50
|
PointerToSymbolTable |
0
|
NumberOfSymbols |
0
|
SizeOfOptionalHeader |
0xf0
|
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic |
PE32+
|
LinkerVersion |
14.0
|
SizeOfCode |
0x1d9200
|
SizeOfInitializedData |
0x10a800
|
SizeOfUninitializedData |
0
|
AddressOfEntryPoint |
0x0000000001AEF058 (Section: .boot)
|
BaseOfCode |
0x1000
|
ImageBase |
0x140000000
|
SectionAlignment |
0x1000
|
FileAlignment |
0x200
|
OperatingSystemVersion |
6.0
|
ImageVersion |
0.0
|
SubsystemVersion |
6.0
|
Win32VersionValue |
0
|
SizeOfImage |
0x2a20000
|
SizeOfHeaders |
0x400
|
Checksum |
0x10aa8fa
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve |
0x100000
|
SizeofStackCommit |
0x1000
|
SizeofHeapReserve |
0x100000
|
SizeofHeapCommit |
0x1000
|
LoaderFlags |
0
|
NumberOfRvaAndSizes |
16
|
MD5 |
a9e6e6f8ea9356e19f68b4dee62438d0
|
SHA1 |
1621fa738fab2222b8de07bea83810e63c0737dd
|
SHA256 |
ed4e33234227677b1087fae78bdb63ffa2e8adac89648d6580324c9d3b84606f
|
SHA3 |
4c2368e4a071c458ef2e77065a2cb7e35a1572b0a74827da25aba17843a2cd9a
|
VirtualSize |
0x1d902e
|
VirtualAddress |
0x1000
|
SizeOfRawData |
0x104000
|
PointerToRawData |
0x400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
Entropy |
7.98432
|
MD5 |
cdfe997dab8e95a62506fca3583978fe
|
SHA1 |
cba0cb80283d26016f0d92aff2a57928f29597b0
|
SHA256 |
96d9cf2012c5706f6f171e96091a97b6309e7aec5d2488194837946caa28e70c
|
SHA3 |
2b6ad0075b696b427fa48b19cc9dbc88568751151e0eec8d843a1c65935105e9
|
VirtualSize |
0x108284
|
VirtualAddress |
0x1db000
|
SizeOfRawData |
0x6ee00
|
PointerToRawData |
0x104400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
7.981
|
MD5 |
78cf1af1911a6c55975029acb32c042a
|
SHA1 |
db7b95cdfe10c3508bacc047bb3209a67cfa867c
|
SHA256 |
f1a28168041a44821977c8c31c8c7f44530ba67c0a4d85ebda4c70d7d70ede38
|
SHA3 |
2225a2177b03fb4888440e650c128946607efebdabf00e1d1c329b411ac7c105
|
VirtualSize |
0x22ac
|
VirtualAddress |
0x2e4000
|
SizeOfRawData |
0x400
|
PointerToRawData |
0x173200
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
Entropy |
5.58861
|
MD5 |
e15e8746ddaa3cc4c93ef522568994a3
|
SHA1 |
72a40bad67d2db8848f9c6e6b71d42eeeb07dd40
|
SHA256 |
add55fe1919207292ae5cbfd2d84c09576912cb70c841ce17e4768b79e90dfa0
|
SHA3 |
2dab7ae1146404ada6fda950390d1aebb5aef303edf1378c012ca2c0600e3bbd
|
VirtualSize |
0x1000
|
VirtualAddress |
0x2e7000
|
SizeOfRawData |
0x400
|
PointerToRawData |
0x173600
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
3.55639
|
MD5 |
34713013265019f6a755275156e9afdb
|
SHA1 |
471c716fe907a9c744d91de4bcab14bb4450f388
|
SHA256 |
aabca8f4d6b22f243f1b62af046478fa2b2645c850ba8a1af7ac65b0cf6830a3
|
SHA3 |
55996803e9956e6b2cfc4ff1418a3ac19c26c43f075ca0695034ea7cbffb66fb
|
VirtualSize |
0x1000
|
VirtualAddress |
0x2e8000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0x173a00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
0.27823
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
VirtualSize |
0x1806000
|
VirtualAddress |
0x2e9000
|
SizeOfRawData |
0
|
PointerToRawData |
0x173c00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
MD5 |
05aca57efa5fcd0ceb01830aba9413cd
|
SHA1 |
0832175bedc493f3fdfe3f21a0864df35ad6d78e
|
SHA256 |
2cbbec48ed6559fd7df02a4a6b33bcdd58e156838a6c841376fe0955e28b6b57
|
SHA3 |
6e05a490449fd6df50c21cfffb6d717828c0d4b142173c1edfe0535516c4dc81
|
VirtualSize |
0xf30600
|
VirtualAddress |
0x1aef000
|
SizeOfRawData |
0xf30600
|
PointerToRawData |
0x173c00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
Entropy |
7.95858
|
kernel32.dll |
GetModuleHandleA
|
ntdll.dll |
RtlLookupFunctionEntry
|
dwmapi.dll |
DwmExtendFrameIntoClientArea
|
d3d11.dll |
D3D11CreateDeviceAndSwapChain
|
d3dx11_43.dll |
D3DX11CreateShaderResourceViewFromMemory
|
WINMM.dll |
timeBeginPeriod
|
USER32.dll |
GetWindowThreadProcessId
|
ADVAPI32.dll |
CryptReleaseContext
|
ole32.dll |
CoCreateInstance
|
OLEAUT32.dll |
SysAllocString
|
WS2_32.dll |
WSARecv
|
IMM32.dll |
ImmGetContext
|
D3DCOMPILER_43.dll |
D3DCompile
|
XOR Key |
0xbf28c238
|
Unmarked objects |
0
|
ASM objects (30795) |
26
|
C++ objects (30795) |
192
|
C objects (30795) |
27
|
Unmarked objects (#2) |
1
|
253 (VS 2015-2022 runtime 33030) |
1
|
C objects (VS 2015-2022 runtime 33030) |
18
|
ASM objects (VS 2015-2022 runtime 33030) |
20
|
C++ objects (VS 2015-2022 runtime 33030) |
113
|
Imports (21202) |
6
|
Imports (30795) |
23
|
Total imports |
307
|
ASM objects (VS2022 Update 8 (17.8.3) compiler 33133) |
1
|
C++ objects (VS2022 Update 8 (17.8.3) compiler 33133) |
43
|
C objects (VS2022 Update 1 (17.1.6) compiler 31107) |
26
|
C++ objects (LTCG) (33134) |
36
|
Linker (33134) |
1
|
[!] Error: Could not reach the TLS callback table.
[*] Warning: Section .themida has a size of 0!