| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date |
2024-Mar-28 11:08:28
|
| Info |
Libraries used to perform cryptographic operations: |
Microsoft's Cryptography API
|
| Suspicious |
This PE is packed with Themida |
Unusual section name found:
Unusual section name found:
Unusual section name found:
Unusual section name found: .themida
Section .themida is both writable and executable.
Unusual section name found: .boot
|
| Suspicious |
The PE contains functions most legitimate programs don't use. |
Uses Microsoft's cryptographic API:
Leverages the raw socket API to access the Internet:
|
| Suspicious |
No VirusTotal score. |
This file has never been scanned on VirusTotal.
|
| MD5 |
df47c9dbc4a8438bdb43f9ba51419f98
|
| SHA1 |
dce8c9b69362be1cc91a4f47b94a6b0eaced0407
|
| SHA256 |
a8b046b5eea06635595a9344999425254b0a0bd52447462ace239833a363614b
|
| SHA3 |
12710406b4af806a5832a3b8b20dbb5ed69b6b90107197bcf539600cfb55493e
|
| SSDeep |
393216:F2+uEpjciBypHmU+PPI7SHVYy5u51KPhAiyDq7SIPob5yDHlfgZ9q+sP5qTm:FLu6o7+470iau5giiyDq7syDmq+A5
|
| Imports Hash |
460366be90a24c440708375ea1b869ae
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x130
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections |
7
|
| TimeDateStamp |
2024-Mar-28 11:08:28
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xf0
|
| Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_RELOCS_STRIPPED
|
| Magic |
PE32+
|
| LinkerVersion |
14.0
|
| SizeOfCode |
0x1da200
|
| SizeOfInitializedData |
0x124e00
|
| SizeOfUninitializedData |
0
|
| AddressOfEntryPoint |
0x0000000001CCC058 (Section: .boot)
|
| BaseOfCode |
0x1000
|
| ImageBase |
0x140000000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
6.0
|
| ImageVersion |
0.0
|
| SubsystemVersion |
6.0
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x2d79000
|
| SizeOfHeaders |
0x400
|
| Checksum |
0x123a5ee
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve |
0x100000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
a5281c1da25bc2e990a5883ebe9e664d
|
| SHA1 |
f35f1683aef03f6ae83b5709d4dc897cec71466b
|
| SHA256 |
c7abb13eac8422f96bb7a047b84ba073059cd52c505fe03af0e88f35806b9d90
|
| SHA3 |
23ea723c5b91b1f016fa4bd4eb8cf7c1ab347e37da19764e9f0b4b0a62f4d1a5
|
| VirtualSize |
0x1da04e
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0x106200
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
7.98315
|
| MD5 |
2f2d34b61af0fe913ea0dc00e8cd53fc
|
| SHA1 |
fd6186e42034ab4b70ae3d49bff5728885098f21
|
| SHA256 |
c2d03a53f440a2e19b744b4a31f26bdadede5392bbe2029b66f8ca407ad94ef4
|
| SHA3 |
14cc0e1386d55803cfa98f59a9330828251f5a70db46781e012b3a09d05a5206
|
| VirtualSize |
0x1228e4
|
| VirtualAddress |
0x1dc000
|
| SizeOfRawData |
0x7aa00
|
| PointerToRawData |
0x106600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
7.96468
|
| MD5 |
3973e2cee633ac2d0d97daeaddb66cbb
|
| SHA1 |
6bf7002a1ddd97fa6be46b17c7b30ea6bb010de7
|
| SHA256 |
e193dd7cebfe850f73d2a2b67111c19f859f0baf24743395615865dfe7e61f97
|
| SHA3 |
381baa93d7597d8a3057b9d420b3578a2d3ffbeb31d7bf3331d0f11573bd9b35
|
| VirtualSize |
0x22ac
|
| VirtualAddress |
0x2ff000
|
| SizeOfRawData |
0x400
|
| PointerToRawData |
0x181000
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
5.66499
|
| MD5 |
5bc6fcf8443ae9d267705b0335fe2d56
|
| SHA1 |
1af53f2caa22a6766bedcefa076c61cdf238345b
|
| SHA256 |
37cc0632ecbd50a4160c9bba0c19f3eb8c8bbe1d896ce357f4638df7fe32e1cf
|
| SHA3 |
93f928bcec326b7d4c3a3233930b675dabaac63295fe0f505345113ed1f96b7e
|
| VirtualSize |
0x1000
|
| VirtualAddress |
0x302000
|
| SizeOfRawData |
0x400
|
| PointerToRawData |
0x181400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
3.63406
|
| MD5 |
4198b852e2ede007c6082be9d3ff426e
|
| SHA1 |
5a71479b78d073577109fa35f0d6f6d233a4c671
|
| SHA256 |
da491db11f51c6725798e452160ffec0160557425f006534fb024d16b8da7fde
|
| SHA3 |
5eaead464bade3014fe1e3b88de38d09080cd5d275daf3c8b08d08f993bbfe17
|
| VirtualSize |
0x1000
|
| VirtualAddress |
0x303000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x181800
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.26476
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x19c8000
|
| VirtualAddress |
0x304000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0x181a00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
cc81eb7bb45773477583e252729ebf43
|
| SHA1 |
f0a06570c61ac703d500527f0b2034bf2fd04715
|
| SHA256 |
1d9697d4a386662995ed880657e34181515b99f49e4643d36e57312f8ffde508
|
| SHA3 |
6931d0d564e97652bc19ab22dd67238702902e513de3498ad9d9c71540b7cedd
|
| VirtualSize |
0x10ac800
|
| VirtualAddress |
0x1ccc000
|
| SizeOfRawData |
0x10ac800
|
| PointerToRawData |
0x181a00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
7.9527
|
| kernel32.dll |
GetModuleHandleA
|
| ntdll.dll |
RtlLookupFunctionEntry
|
| dwmapi.dll |
DwmExtendFrameIntoClientArea
|
| d3d11.dll |
D3D11CreateDeviceAndSwapChain
|
| d3dx11_43.dll |
D3DX11CreateShaderResourceViewFromMemory
|
| WINMM.dll |
timeBeginPeriod
|
| USER32.dll |
GetWindowThreadProcessId
|
| ADVAPI32.dll |
CryptReleaseContext
|
| ole32.dll |
CoCreateInstance
|
| OLEAUT32.dll |
SysAllocString
|
| WS2_32.dll |
WSARecv
|
| IMM32.dll |
ImmGetContext
|
| D3DCOMPILER_43.dll |
D3DCompile
|
| XOR Key |
0xbf28c238
|
| Unmarked objects |
0
|
| ASM objects (30795) |
26
|
| C++ objects (30795) |
192
|
| C objects (30795) |
27
|
| Unmarked objects (#2) |
1
|
| 253 (VS 2015-2022 runtime 33030) |
1
|
| C objects (VS 2015-2022 runtime 33030) |
18
|
| ASM objects (VS 2015-2022 runtime 33030) |
20
|
| C++ objects (VS 2015-2022 runtime 33030) |
113
|
| Imports (21202) |
6
|
| Imports (30795) |
23
|
| Total imports |
307
|
| ASM objects (VS2022 Update 8 (17.8.3) compiler 33133) |
1
|
| C++ objects (VS2022 Update 8 (17.8.3) compiler 33133) |
43
|
| C objects (VS2022 Update 1 (17.1.6) compiler 31107) |
26
|
| C++ objects (LTCG) (33134) |
36
|
| Linker (33134) |
1
|
[!] Error: Could not reach the TLS callback table.
[*] Warning: Section .themida has a size of 0!