0151d029f79e5fa13efc148b50eeb976436b13ebf0d177627aab13427244b426

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2026-Feb-08 17:49:28

Plugin Output

Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 1f9fe1ea1e1424ecd6f5b881f5b25cd6
SHA1 da017bfff9601c1b228fb9ad83ba576f6769f9c7
SHA256 0151d029f79e5fa13efc148b50eeb976436b13ebf0d177627aab13427244b426
SHA3 9b88e41c1fe1bb0f2ce5c77da702edf1e151804a1e5a808664a8970c406bca36
SSDeep 1536:9yhlMSFZ8/+RO4Pe+XtyRPGljdaUErJrkT9ICznIxe0WGgFIGAGsGAGpmmA1VfK:NS3+4m+XwMjqJrHCzngedInzn4mmAzf
Imports Hash 03f3e081d6c2273874cc25c27c5ee94c

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2026-Feb-08 17:49:28
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0xde00
SizeOfInitializedData 0x8e00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000015AF (Section: .text)
BaseOfCode 0x1000
BaseOfData 0xf000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x19000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 1cfa06e954429f9681e22380d221554b
SHA1 1f519d4544d136df1bf152c5fb18cba56de2e292
SHA256 09e6ddcc8a002cbae4d5226ff21c8c23487d325a34fbe4bb74da2fe2a630c10e
SHA3 1033e0ff5c19da0653a1096b8cae40c6a6c35a9d6ef1ac9e89a9c43c0260f82e
VirtualSize 0xdcd3
VirtualAddress 0x1000
SizeOfRawData 0xde00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.59042

.rdata

MD5 ea94be71ba1a9a5e7815135e95e5e453
SHA1 b82223ff79ddec7c8f5c633765e634dd9bde1cc3
SHA256 de13080b0e0c2e13fdeb6f6d49f1f99a629e1d557d58465758be10aafc3994c3
SHA3 23486ffec35f2ed94e27169960d4d4956273d5c62252de2b88c56f3307079dc0
VirtualSize 0x681c
VirtualAddress 0xf000
SizeOfRawData 0x6a00
PointerToRawData 0xe200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.05577

.data

MD5 7c2a2e103ee076bea57e9d127d4aef64
SHA1 b8a91d63d55125504364dc6eefe5773cd14dc99c
SHA256 66d817469a5dbdfa904adce73e4dbc25e8e55b90829a03600de75ac3e947a147
SHA3 5c17659c9b5333ec30d1faa87e1ef94542f49b83e75ce3fbf5d47f1c16265237
VirtualSize 0x13d0
VirtualAddress 0x16000
SizeOfRawData 0xa00
PointerToRawData 0x14c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.06777

.reloc

MD5 ef2b48eca1fb0eabd45c8028cd053152
SHA1 534351c8f5d9e365d84c8a18dd2eaf32f13592d1
SHA256 ccef0e6779bd327bc1693fc7993308f230480020d8a6c30cbde7fe4865090c44
SHA3 7383c5f0677697d9712e80c01ab17247add23467838e13b13889ca9d416326ec
VirtualSize 0xf68
VirtualAddress 0x18000
SizeOfRawData 0x1000
PointerToRawData 0x15600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.45814

Imports

KERNEL32.dll UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
WriteConsoleW
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
GetFileSizeEx
SetFilePointerEx
GetFileType
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
CompareStringW
LCMapStringW
GetProcessHeap
GetConsoleOutputCP
GetConsoleMode
HeapSize
HeapReAlloc
FlushFileBuffers
CloseHandle
CreateFileW
DecodePointer

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2026-Feb-08 17:49:28
Version 0.0
SizeofData 712
AddressOfRawData 0x14924
PointerToRawData 0x13b24

TLS Callbacks

Load Configuration

Size 0xc0
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x416040
SEHandlerTable 0x41471c
SEHandlerCount 10

RICH Header

XOR Key 0x47a843de
Unmarked objects 0
ASM objects (30795) 10
C++ objects (30795) 143
C objects (30795) 20
Imports (30795) 3
Total imports 81
C++ objects (33218) 38
C objects (33218) 18
ASM objects (33218) 20
C objects (33523) 1
Linker (33523) 1

Errors

Leave a comment

No comments yet.