Architecture |
IMAGE_FILE_MACHINE_AMD64
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date |
2024-Mar-28 11:08:28
|
Info |
Libraries used to perform cryptographic operations: |
Microsoft's Cryptography API
|
Suspicious |
This PE is packed with Themida |
Unusual section name found:
Unusual section name found:
Unusual section name found:
Unusual section name found: .themida
Section .themida is both writable and executable.
Unusual section name found: .boot
|
Suspicious |
The PE contains functions most legitimate programs don't use. |
Uses Microsoft's cryptographic API:
Leverages the raw socket API to access the Internet:
|
Suspicious |
No VirusTotal score. |
This file has never been scanned on VirusTotal.
|
MD5 |
df47c9dbc4a8438bdb43f9ba51419f98
|
SHA1 |
dce8c9b69362be1cc91a4f47b94a6b0eaced0407
|
SHA256 |
a8b046b5eea06635595a9344999425254b0a0bd52447462ace239833a363614b
|
SHA3 |
12710406b4af806a5832a3b8b20dbb5ed69b6b90107197bcf539600cfb55493e
|
SSDeep |
393216:F2+uEpjciBypHmU+PPI7SHVYy5u51KPhAiyDq7SIPob5yDHlfgZ9q+sP5qTm:FLu6o7+470iau5giiyDq7syDmq+A5
|
Imports Hash |
460366be90a24c440708375ea1b869ae
|
e_magic |
MZ
|
e_cblp |
0x90
|
e_cp |
0x3
|
e_crlc |
0
|
e_cparhdr |
0x4
|
e_minalloc |
0
|
e_maxalloc |
0xffff
|
e_ss |
0
|
e_sp |
0xb8
|
e_csum |
0
|
e_ip |
0
|
e_cs |
0
|
e_ovno |
0
|
e_oemid |
0
|
e_oeminfo |
0
|
e_lfanew |
0x130
|
Signature |
PE
|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections |
7
|
TimeDateStamp |
2024-Mar-28 11:08:28
|
PointerToSymbolTable |
0
|
NumberOfSymbols |
0
|
SizeOfOptionalHeader |
0xf0
|
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic |
PE32+
|
LinkerVersion |
14.0
|
SizeOfCode |
0x1da200
|
SizeOfInitializedData |
0x124e00
|
SizeOfUninitializedData |
0
|
AddressOfEntryPoint |
0x0000000001CCC058 (Section: .boot)
|
BaseOfCode |
0x1000
|
ImageBase |
0x140000000
|
SectionAlignment |
0x1000
|
FileAlignment |
0x200
|
OperatingSystemVersion |
6.0
|
ImageVersion |
0.0
|
SubsystemVersion |
6.0
|
Win32VersionValue |
0
|
SizeOfImage |
0x2d79000
|
SizeOfHeaders |
0x400
|
Checksum |
0x123a5ee
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve |
0x100000
|
SizeofStackCommit |
0x1000
|
SizeofHeapReserve |
0x100000
|
SizeofHeapCommit |
0x1000
|
LoaderFlags |
0
|
NumberOfRvaAndSizes |
16
|
MD5 |
a5281c1da25bc2e990a5883ebe9e664d
|
SHA1 |
f35f1683aef03f6ae83b5709d4dc897cec71466b
|
SHA256 |
c7abb13eac8422f96bb7a047b84ba073059cd52c505fe03af0e88f35806b9d90
|
SHA3 |
23ea723c5b91b1f016fa4bd4eb8cf7c1ab347e37da19764e9f0b4b0a62f4d1a5
|
VirtualSize |
0x1da04e
|
VirtualAddress |
0x1000
|
SizeOfRawData |
0x106200
|
PointerToRawData |
0x400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
Entropy |
7.98315
|
MD5 |
2f2d34b61af0fe913ea0dc00e8cd53fc
|
SHA1 |
fd6186e42034ab4b70ae3d49bff5728885098f21
|
SHA256 |
c2d03a53f440a2e19b744b4a31f26bdadede5392bbe2029b66f8ca407ad94ef4
|
SHA3 |
14cc0e1386d55803cfa98f59a9330828251f5a70db46781e012b3a09d05a5206
|
VirtualSize |
0x1228e4
|
VirtualAddress |
0x1dc000
|
SizeOfRawData |
0x7aa00
|
PointerToRawData |
0x106600
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
7.96468
|
MD5 |
3973e2cee633ac2d0d97daeaddb66cbb
|
SHA1 |
6bf7002a1ddd97fa6be46b17c7b30ea6bb010de7
|
SHA256 |
e193dd7cebfe850f73d2a2b67111c19f859f0baf24743395615865dfe7e61f97
|
SHA3 |
381baa93d7597d8a3057b9d420b3578a2d3ffbeb31d7bf3331d0f11573bd9b35
|
VirtualSize |
0x22ac
|
VirtualAddress |
0x2ff000
|
SizeOfRawData |
0x400
|
PointerToRawData |
0x181000
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
Entropy |
5.66499
|
MD5 |
5bc6fcf8443ae9d267705b0335fe2d56
|
SHA1 |
1af53f2caa22a6766bedcefa076c61cdf238345b
|
SHA256 |
37cc0632ecbd50a4160c9bba0c19f3eb8c8bbe1d896ce357f4638df7fe32e1cf
|
SHA3 |
93f928bcec326b7d4c3a3233930b675dabaac63295fe0f505345113ed1f96b7e
|
VirtualSize |
0x1000
|
VirtualAddress |
0x302000
|
SizeOfRawData |
0x400
|
PointerToRawData |
0x181400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
3.63406
|
MD5 |
4198b852e2ede007c6082be9d3ff426e
|
SHA1 |
5a71479b78d073577109fa35f0d6f6d233a4c671
|
SHA256 |
da491db11f51c6725798e452160ffec0160557425f006534fb024d16b8da7fde
|
SHA3 |
5eaead464bade3014fe1e3b88de38d09080cd5d275daf3c8b08d08f993bbfe17
|
VirtualSize |
0x1000
|
VirtualAddress |
0x303000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0x181800
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
0.26476
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
VirtualSize |
0x19c8000
|
VirtualAddress |
0x304000
|
SizeOfRawData |
0
|
PointerToRawData |
0x181a00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
MD5 |
cc81eb7bb45773477583e252729ebf43
|
SHA1 |
f0a06570c61ac703d500527f0b2034bf2fd04715
|
SHA256 |
1d9697d4a386662995ed880657e34181515b99f49e4643d36e57312f8ffde508
|
SHA3 |
6931d0d564e97652bc19ab22dd67238702902e513de3498ad9d9c71540b7cedd
|
VirtualSize |
0x10ac800
|
VirtualAddress |
0x1ccc000
|
SizeOfRawData |
0x10ac800
|
PointerToRawData |
0x181a00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
Entropy |
7.9527
|
kernel32.dll |
GetModuleHandleA
|
ntdll.dll |
RtlLookupFunctionEntry
|
dwmapi.dll |
DwmExtendFrameIntoClientArea
|
d3d11.dll |
D3D11CreateDeviceAndSwapChain
|
d3dx11_43.dll |
D3DX11CreateShaderResourceViewFromMemory
|
WINMM.dll |
timeBeginPeriod
|
USER32.dll |
GetWindowThreadProcessId
|
ADVAPI32.dll |
CryptReleaseContext
|
ole32.dll |
CoCreateInstance
|
OLEAUT32.dll |
SysAllocString
|
WS2_32.dll |
WSARecv
|
IMM32.dll |
ImmGetContext
|
D3DCOMPILER_43.dll |
D3DCompile
|
XOR Key |
0xbf28c238
|
Unmarked objects |
0
|
ASM objects (30795) |
26
|
C++ objects (30795) |
192
|
C objects (30795) |
27
|
Unmarked objects (#2) |
1
|
253 (VS 2015-2022 runtime 33030) |
1
|
C objects (VS 2015-2022 runtime 33030) |
18
|
ASM objects (VS 2015-2022 runtime 33030) |
20
|
C++ objects (VS 2015-2022 runtime 33030) |
113
|
Imports (21202) |
6
|
Imports (30795) |
23
|
Total imports |
307
|
ASM objects (VS2022 Update 8 (17.8.3) compiler 33133) |
1
|
C++ objects (VS2022 Update 8 (17.8.3) compiler 33133) |
43
|
C objects (VS2022 Update 1 (17.1.6) compiler 31107) |
26
|
C++ objects (LTCG) (33134) |
36
|
Linker (33134) |
1
|
[!] Error: Could not reach the TLS callback table.
[*] Warning: Section .themida has a size of 0!