00ddf9ae2efaec5a79b91d7cc60513b2ce463dee533dab1ced723c44cf522934

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2026-Jul-04 19:53:57
TLS Callbacks 2 callback(s) detected.

Plugin Output

Info Libraries used to perform cryptographic operations: Microsoft's Cryptography API
Suspicious The PE is possibly packed. Unusual section name found: .xdata
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
Possibly launches other programs:
  • CreateProcessA
Uses Microsoft's cryptographic API:
  • CryptAcquireContextW
  • CryptGenRandom
  • CryptReleaseContext
Leverages the raw socket API to access the Internet:
  • WSAStartup
  • closesocket
  • connect
  • htonl
  • htons
  • inet_pton
  • ioctlsocket
  • ntohl
  • recv
  • send
  • sendto
  • setsockopt
  • socket
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 cbbc60c7c419b6ed57ea6966e444a9de
SHA1 c5cd572c92d7fb85aafef99152579a5667dca9a4
SHA256 00ddf9ae2efaec5a79b91d7cc60513b2ce463dee533dab1ced723c44cf522934
SHA3 ba78bbb248d2a29708d253386848880704f2ac0a431a117f70a6e187ca5a9f59
SSDeep 384:ULph2dWxfksQj4h9v9JWjeyHHAtHtxPg9cnw0WPbZKIE+moDTU+hL:4/2dWxfkn4h19Y8PxPg9cw06Z6oDTJZ
Imports Hash f52ad7f1f89cbd164c0cf0b200125056

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 10
TimeDateStamp 2026-Jul-04 19:53:57
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32+
LinkerVersion 2.0
SizeOfCode 0x4a00
SizeOfInitializedData 0x2a00
SizeOfUninitializedData 0x200
AddressOfEntryPoint 0x0000000000001030 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 5.2
Win32VersionValue 0
SizeOfImage 0xf000
SizeOfHeaders 0x400
Checksum 0x11f5b
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 b0d809616965521b4294d6a3b016a2a1
SHA1 8c4b9985472dfe92cb53fa2a7f9f832272ff263b
SHA256 d7baab65cd105145c4c0d687cea07e50708d4d95ef2e0a8da1919627d05202ef
SHA3 aa480ee03d6c4da74f0d30b66456234021cd5faa997b5a67b03603ec477731c3
VirtualSize 0x4910
VirtualAddress 0x1000
SizeOfRawData 0x4a00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.96355

.data

MD5 0ff92933942db609e7f197fbe75a889a
SHA1 16f4f612bcfd90ebcfd575a26e655b1db61c9bc2
SHA256 3ef4b5bd77217a3bda52f42e175a491016b131d9c2367d6e1ee848b5cc18d2a7
SHA3 af8dcf712deaa59a0404c325908d9bc0daf10615a7a559ef0882a0c771b4308f
VirtualSize 0xd0
VirtualAddress 0x6000
SizeOfRawData 0x200
PointerToRawData 0x4e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.653369

.rdata

MD5 a67f54ab94c141161790f530749f8784
SHA1 d304c68531d8c118989055451cb56bf25b3a1e5f
SHA256 6f5d20d239d25c66c0c963032d682ed58ab91eedb75e440679efae7ae209ba77
SHA3 837ceb9db0d45043d34103a2e72846af04d629b6040a4bc2fddd070e34240f31
VirtualSize 0x828
VirtualAddress 0x7000
SizeOfRawData 0xa00
PointerToRawData 0x5000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.22817

.eh_fram

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x4
VirtualAddress 0x8000
SizeOfRawData 0x200
PointerToRawData 0x5a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.pdata

MD5 0d8f7ab43c2c64033a9aaaf70dc68810
SHA1 89809f5446b29a88f453dc66565310f23976a85c
SHA256 2a9e97ebfbe465648a8b4a89634324840017a020b87593c439c6b40ee87e08b3
SHA3 d5e5f22be0eeb2d830bd3984dfdf25487e8f268f3d001cf39adf94d23c3237c1
VirtualSize 0x354
VirtualAddress 0x9000
SizeOfRawData 0x400
PointerToRawData 0x5c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.59047

.xdata

MD5 f14a96f3ebbf28ceb04f9214df66cb89
SHA1 bf9e63106749948e9eb6eb9e5c78d66aacfba0b6
SHA256 ed20bddb807663e4412502d9cfa293c9fbd5019dd88e5fc5a55baa5e4cca414f
SHA3 90a63470cbf33641c66ed0772a2746426ac303608c6696599a4ce379e4a20d70
VirtualSize 0x3d0
VirtualAddress 0xa000
SizeOfRawData 0x400
PointerToRawData 0x6000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.28137

.bss

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x200
VirtualAddress 0xb000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata

MD5 5d69492436097d1dda003d62204b6a4d
SHA1 00d20d96fded9e34f27b1a27581c149f332fa687
SHA256 c4697f309e8ebb58a540d23c0e82a02e384f491b0ac4e237631047b1901bebdd
SHA3 974e850577891cbc52685d264958039fa207cada539a128647d33368917e5491
VirtualSize 0xe90
VirtualAddress 0xc000
SizeOfRawData 0x1000
PointerToRawData 0x6400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.92964

.tls

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x10
VirtualAddress 0xd000
SizeOfRawData 0x200
PointerToRawData 0x7400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.reloc

MD5 ba5e9454e20c3b148c177ee2dfb27b2b
SHA1 95d98f3f99a95a90a511b2413f6ff2c20c60d27e
SHA256 d00164fc01c0055abbc99ac104dfe3a99184db07a0f1120664e4a58932c3e74e
SHA3 c3dfd078a9103cf2b7321d49605b666ed99bdc4e29167533e92b7fcfc476d647
VirtualSize 0x60
VirtualAddress 0xe000
SizeOfRawData 0x200
PointerToRawData 0x7600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 1.27497

Imports

ADVAPI32.dll CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
KERNEL32.dll CloseHandle
CreatePipe
CreateProcessA
CreateThread
DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetNativeSystemInfo
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetSystemInfo
GetTickCount
GlobalMemoryStatusEx
HeapAlloc
HeapFree
InitializeCriticalSection
IsDBCSLeadByte
LeaveCriticalSection
LoadLibraryA
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
SetHandleInformation
SetUnhandledExceptionFilter
Sleep
TerminateThread
TlsGetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
api-ms-win-crt-environment-l1-1-0.dll __p__environ
api-ms-win-crt-heap-l1-1-0.dll _set_new_mode
calloc
free
malloc
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale
api-ms-win-crt-math-l1-1-0.dll __setusermatherr
api-ms-win-crt-private-l1-1-0.dll __C_specific_handler
memcpy
memmove
api-ms-win-crt-runtime-l1-1-0.dll __p___argc
__p___argv
__p__acmdln
_cexit
_configure_narrow_argv
_crt_atexit
_exit
_initialize_narrow_environment
_set_app_type
_initterm
_initterm_e
_set_invalid_parameter_handler
abort
exit
signal
api-ms-win-crt-stdio-l1-1-0.dll __acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
fflush
setvbuf
api-ms-win-crt-string-l1-1-0.dll memset
strlen
strncmp
WS2_32.dll WSAStartup
closesocket
connect
htonl
htons
inet_pton
ioctlsocket
ntohl
recv
send
sendto
setsockopt
socket

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData 0x14000d000
EndAddressOfRawData 0x14000d008
AddressOfIndex 0x14000b110
AddressOfCallbacks 0x140007800
SizeOfZeroFill 0
Characteristics IMAGE_SCN_TYPE_REG
Callbacks 0x0000000140003D00
0x0000000140003DB9

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!
Leave a comment

No comments yet.