| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date |
2024-Mar-28 12:06:50
|
| Info |
Libraries used to perform cryptographic operations: |
Microsoft's Cryptography API
|
| Suspicious |
This PE is packed with Themida |
Unusual section name found:
Unusual section name found:
Unusual section name found:
Unusual section name found: .themida
Section .themida is both writable and executable.
Unusual section name found: .boot
|
| Suspicious |
The PE contains functions most legitimate programs don't use. |
Uses Microsoft's cryptographic API:
Leverages the raw socket API to access the Internet:
|
| Suspicious |
No VirusTotal score. |
This file has never been scanned on VirusTotal.
|
| MD5 |
b2c6cabbae57845cd855ac211777dc81
|
| SHA1 |
6f23ffdcc48a5953e279df8a061f184de061fddd
|
| SHA256 |
0f811a96a0123a2279730a7faa42b687234b5dfa56437f8f7082f899ce50d195
|
| SHA3 |
1f88575c40e0854823a6c268e29e87a3d9764e4e9285d17a81c24f4dcadfd473
|
| SSDeep |
393216:XXBua3iQqcFNALT8aGbJlQD12K/VnmjrCHbDQvZ:MhPcqG9lS2WVmvCE
|
| Imports Hash |
460366be90a24c440708375ea1b869ae
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x130
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections |
7
|
| TimeDateStamp |
2024-Mar-28 12:06:50
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xf0
|
| Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_RELOCS_STRIPPED
|
| Magic |
PE32+
|
| LinkerVersion |
14.0
|
| SizeOfCode |
0x1d9200
|
| SizeOfInitializedData |
0x10a800
|
| SizeOfUninitializedData |
0
|
| AddressOfEntryPoint |
0x0000000001AEF058 (Section: .boot)
|
| BaseOfCode |
0x1000
|
| ImageBase |
0x140000000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
6.0
|
| ImageVersion |
0.0
|
| SubsystemVersion |
6.0
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x2a20000
|
| SizeOfHeaders |
0x400
|
| Checksum |
0x10aa8fa
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve |
0x100000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
a9e6e6f8ea9356e19f68b4dee62438d0
|
| SHA1 |
1621fa738fab2222b8de07bea83810e63c0737dd
|
| SHA256 |
ed4e33234227677b1087fae78bdb63ffa2e8adac89648d6580324c9d3b84606f
|
| SHA3 |
4c2368e4a071c458ef2e77065a2cb7e35a1572b0a74827da25aba17843a2cd9a
|
| VirtualSize |
0x1d902e
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0x104000
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
7.98432
|
| MD5 |
cdfe997dab8e95a62506fca3583978fe
|
| SHA1 |
cba0cb80283d26016f0d92aff2a57928f29597b0
|
| SHA256 |
96d9cf2012c5706f6f171e96091a97b6309e7aec5d2488194837946caa28e70c
|
| SHA3 |
2b6ad0075b696b427fa48b19cc9dbc88568751151e0eec8d843a1c65935105e9
|
| VirtualSize |
0x108284
|
| VirtualAddress |
0x1db000
|
| SizeOfRawData |
0x6ee00
|
| PointerToRawData |
0x104400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
7.981
|
| MD5 |
78cf1af1911a6c55975029acb32c042a
|
| SHA1 |
db7b95cdfe10c3508bacc047bb3209a67cfa867c
|
| SHA256 |
f1a28168041a44821977c8c31c8c7f44530ba67c0a4d85ebda4c70d7d70ede38
|
| SHA3 |
2225a2177b03fb4888440e650c128946607efebdabf00e1d1c329b411ac7c105
|
| VirtualSize |
0x22ac
|
| VirtualAddress |
0x2e4000
|
| SizeOfRawData |
0x400
|
| PointerToRawData |
0x173200
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
5.58861
|
| MD5 |
e15e8746ddaa3cc4c93ef522568994a3
|
| SHA1 |
72a40bad67d2db8848f9c6e6b71d42eeeb07dd40
|
| SHA256 |
add55fe1919207292ae5cbfd2d84c09576912cb70c841ce17e4768b79e90dfa0
|
| SHA3 |
2dab7ae1146404ada6fda950390d1aebb5aef303edf1378c012ca2c0600e3bbd
|
| VirtualSize |
0x1000
|
| VirtualAddress |
0x2e7000
|
| SizeOfRawData |
0x400
|
| PointerToRawData |
0x173600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
3.55639
|
| MD5 |
34713013265019f6a755275156e9afdb
|
| SHA1 |
471c716fe907a9c744d91de4bcab14bb4450f388
|
| SHA256 |
aabca8f4d6b22f243f1b62af046478fa2b2645c850ba8a1af7ac65b0cf6830a3
|
| SHA3 |
55996803e9956e6b2cfc4ff1418a3ac19c26c43f075ca0695034ea7cbffb66fb
|
| VirtualSize |
0x1000
|
| VirtualAddress |
0x2e8000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x173a00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.27823
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x1806000
|
| VirtualAddress |
0x2e9000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0x173c00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
05aca57efa5fcd0ceb01830aba9413cd
|
| SHA1 |
0832175bedc493f3fdfe3f21a0864df35ad6d78e
|
| SHA256 |
2cbbec48ed6559fd7df02a4a6b33bcdd58e156838a6c841376fe0955e28b6b57
|
| SHA3 |
6e05a490449fd6df50c21cfffb6d717828c0d4b142173c1edfe0535516c4dc81
|
| VirtualSize |
0xf30600
|
| VirtualAddress |
0x1aef000
|
| SizeOfRawData |
0xf30600
|
| PointerToRawData |
0x173c00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
7.95858
|
| kernel32.dll |
GetModuleHandleA
|
| ntdll.dll |
RtlLookupFunctionEntry
|
| dwmapi.dll |
DwmExtendFrameIntoClientArea
|
| d3d11.dll |
D3D11CreateDeviceAndSwapChain
|
| d3dx11_43.dll |
D3DX11CreateShaderResourceViewFromMemory
|
| WINMM.dll |
timeBeginPeriod
|
| USER32.dll |
GetWindowThreadProcessId
|
| ADVAPI32.dll |
CryptReleaseContext
|
| ole32.dll |
CoCreateInstance
|
| OLEAUT32.dll |
SysAllocString
|
| WS2_32.dll |
WSARecv
|
| IMM32.dll |
ImmGetContext
|
| D3DCOMPILER_43.dll |
D3DCompile
|
| XOR Key |
0xbf28c238
|
| Unmarked objects |
0
|
| ASM objects (30795) |
26
|
| C++ objects (30795) |
192
|
| C objects (30795) |
27
|
| Unmarked objects (#2) |
1
|
| 253 (VS 2015-2022 runtime 33030) |
1
|
| C objects (VS 2015-2022 runtime 33030) |
18
|
| ASM objects (VS 2015-2022 runtime 33030) |
20
|
| C++ objects (VS 2015-2022 runtime 33030) |
113
|
| Imports (21202) |
6
|
| Imports (30795) |
23
|
| Total imports |
307
|
| ASM objects (VS2022 Update 8 (17.8.3) compiler 33133) |
1
|
| C++ objects (VS2022 Update 8 (17.8.3) compiler 33133) |
43
|
| C objects (VS2022 Update 1 (17.1.6) compiler 31107) |
26
|
| C++ objects (LTCG) (33134) |
36
|
| Linker (33134) |
1
|
[!] Error: Could not reach the TLS callback table.
[*] Warning: Section .themida has a size of 0!