035f9866e88781cbe5254ea9dcc3a7a05dab678bb72af21f643215db227afeee

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2026-May-26 00:00:55

Plugin Output

Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Uses constants related to SHA256
Uses constants related to Blowfish
Suspicious The PE is possibly packed. Unusual section name found: .fptable
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
 Possibly launches other programs:
  • CreateProcessW
 Can create temporary files:
  • GetTempPathW
  • CreateFileW
 Manipulates other processes:
  • OpenProcess
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 e5e897208e19da7273e8bea8b616a959
SHA1 db58a3e03a58b224f2548d7c42ae111338f4924f
SHA256 035f9866e88781cbe5254ea9dcc3a7a05dab678bb72af21f643215db227afeee
SHA3 f74b682eb4464970a349af11c5a44a4a2071d7803183df080cd1ba39a33e339a
SSDeep 98304:I4AZXGU33JFpF+8sd7fW7lFSDd/JXFK+I9aarni4X1v15ZGbgSV43uawItPh2VA:fEWm1sVGlSXi9Ti4XXTwgSu38I
Imports Hash e54efe6dacd688e3a821a1efa4413915

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x110

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2026-May-26 00:00:55
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x22e00
SizeOfInitializedData 0x7f9200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000000C780 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x849000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 c8b9b0eaaa6832d4789f62453f8488f5
SHA1 ca03c5dcc395e0f1f1675293406c892cb3a68f9d
SHA256 be9e848c1d97a6c28c6b1dd93493aa0d103a57b4de549d3ca2aaf4371a9153db
SHA3 f6a4c498264a92de028cc04665aebe4af36bf4a64e5153875ad3f408dc479f2b
VirtualSize 0x22c10
VirtualAddress 0x1000
SizeOfRawData 0x22e00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.5143

.rdata

MD5 e47326bd6e19d6827d1ea6c579dc43c7
SHA1 d18fdbfc6c3053aaa9ba0ad4d5d6c6b8e6e9accb
SHA256 f4c382a71b575c011ccb9e6ac595314be5dfa54f6cc0e74fe5c3f25aa1a32f82
SHA3 44c8fe0ee5b3086a9e13feb4785f8c1e9aea7f43873301c028286ca09a799dd5
VirtualSize 0x7dd852
VirtualAddress 0x24000
SizeOfRawData 0x7dda00
PointerToRawData 0x23200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.99731

.data

MD5 190a60d04eaddfd8df492834345b0600
SHA1 9444bbaed5df992d7cc4ff209ba2f4b40e8e2c76
SHA256 7f4aa996eb6a505b11bad33cce4672b4d4170d9d8749e4f96b0b7b93cf193bdb
SHA3 9f62ddbc9c889abdd1333bef7c31e5551e1659d2a7bdee2fbb898543634bea8e
VirtualSize 0x29fb0
VirtualAddress 0x802000
SizeOfRawData 0xc00
PointerToRawData 0x800c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.97341

.pdata

MD5 2870249d313d095b9a73d7965454e2c2
SHA1 f4f268e334cf5d363673ef313d1046fa48cfa01b
SHA256 42271df1d003adc4f70a38168d04c8700b20cd379df7c86145431941ac7a77b1
SHA3 7725148836e0257c60a7a04814684a4af794268467e3fbe8ca4a7d8cf675b2fc
VirtualSize 0x1a64
VirtualAddress 0x82c000
SizeOfRawData 0x1c00
PointerToRawData 0x801800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.20189

.fptable

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x100
VirtualAddress 0x82e000
SizeOfRawData 0x200
PointerToRawData 0x803400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.rsrc

MD5 68f27d22fefcd4473a9dfd0d22044b37
SHA1 8924c3b9c352f2c8813c7c01b1442ba85606c021
SHA256 11753e0a6ce595d0a082b531a7775d2e66119471836df60828704c6c21238005
SHA3 8f4a07e72f1999ddebde9bb306976710a41788bfd9001934315194b1f05fdb8e
VirtualSize 0x18504
VirtualAddress 0x82f000
SizeOfRawData 0x18600
PointerToRawData 0x803600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.98909

.reloc

MD5 63ea353c6260ecbfc24edf22a5ff45ca
SHA1 991a575ccb3a4f2e5b2b31d922cc3705ee55e2c2
SHA256 1e304ce00298b4932074f51092dca6fa7b9b4dad9cff90b55ffbc00043466700
SHA3 277591980776270f4fa76eaec587dcb7d6a9cf0eb0b7fdb0831e7b3eb31e2bf1
VirtualSize 0x690
VirtualAddress 0x848000
SizeOfRawData 0x800
PointerToRawData 0x81bc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.96377

Imports

SHELL32.dll SHFileOperationW
SHGetFolderPathW
CommandLineToArgvW
KERNEL32.dll FlsFree
WriteConsoleW
HeapReAlloc
CreateDirectoryW
SetConsoleCtrlHandler
AddDllDirectory
GetCommandLineW
GetStdHandle
WriteFile
GetShortPathNameW
TerminateProcess
GetModuleFileNameW
SetEnvironmentVariableW
K32GetModuleFileNameExW
GetEnvironmentVariableW
GetTempPathW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetModuleHandleA
OpenProcess
Sleep
GetLastError
CloseHandle
GetProcAddress
GetCurrentProcessId
CreateProcessW
WideCharToMultiByte
GetSystemTimeAsFileTime
FormatMessageA
QueryPerformanceCounter
SetDllDirectoryW
LoadLibraryExW
GetExitCodeProcess
GetCurrentThreadId
InitializeSListHead
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
HeapSize
RtlUnwindEx
SetLastError
FlsAlloc
FlsGetValue
FlsSetValue
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
RtlLookupFunctionEntry
EncodePointer
RaiseException
RtlPcToFileHeader
GetCurrentProcess
ExitProcess
FreeLibrary
GetModuleHandleExW
IsProcessorFeaturePresent
GetCommandLineA
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
HeapAlloc
MultiByteToWideChar
HeapFree
VirtualProtect
LCMapStringW
GetFileType
GetStringTypeW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetProcessHeap
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x353
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.74379
Detected Filetype PNG graphic file
MD5 8497f7289fbd20dcfc0f49ef441c6f2d
SHA1 e7fa9b834bb0a13aeed4948890de737c25cab461
SHA256 037dd17d6d337ca1385db8c6f80b4a76bece6df64fed7c29494b8aa567466192
SHA3 730477a3e007a4a57beae5692c53a9479df4835e7bd7b608ace4f544795d7d0e

2

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x633
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.83622
Detected Filetype PNG graphic file
MD5 a7e3dd1b60774544cd457d8c9a1c195e
SHA1 12cf5a0cf63f97a06be6c48045a33dd78b3edb94
SHA256 04e9939027a8ea17c98e5f8bd27cfcc88150e43e3a5986197ef55b971fc27781
SHA3 72c43a834b01e27413498e8da6880f4ae7b3456756884fe7b399d2842e061bd0

3

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x943
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.89374
Detected Filetype PNG graphic file
MD5 b4ff5104a373638d2e611b4583160788
SHA1 8f48c7e01de675f4c7d674296ed4073594842286
SHA256 d6f0b2f8601007e1a3d783b9144c372b0905befc809b2b5968721b73dc70ab7c
SHA3 baee86d828a32cddc3162a1ebe10246845c8bda3d52734e705fb302e0fcca50b

4

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x1162
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.94601
Detected Filetype PNG graphic file
MD5 e3d5ffe3d3f295063d0b3c5201e7e57c
SHA1 a2752b6a75f904c341117f3a3091c75e52f1571d
SHA256 89faf64e45e334b8f4c11a86b253570d5b03c6408717d478924247adffbbb266
SHA3 5f1a35b598ce138b6c2c2c697a95d9593ec0bf26ef320c8e9a7b57ea33c0ce45

5

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x19ff
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.95956
Detected Filetype PNG graphic file
MD5 c30ebda41f576adcd8c9753c29221887
SHA1 9b3ccf72fa3a61e5dd29b6e75b6ce8995f5a44f6
SHA256 674c4332a8f2618ae58aec4dfd9aacba4efba27c0ab4c1416737869c8809d984
SHA3 d733e5c7b809c8794d9a601caa7bebb59b62bc64bcf667e37ff05c1690b371de

6

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x4b20
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.98656
Detected Filetype PNG graphic file
MD5 556b23dae0150702f12f8f349fb7d5e0
SHA1 a70921e1510a8f4049b8ded3a31d5f987453b161
SHA256 7e27084a51caa83c3228232237d0d7ac06ad296ee0225fbd111e51f6da49e205
SHA3 7edd1e047c4492ce2ff1fe7671b243f3c4c08e4093c5b819431c7d2b1aa47e87

7

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0xf44f
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.99341
Detected Filetype PNG graphic file
MD5 ffcfa8427e0b411724631bd6d956201a
SHA1 c00d0b26b1e7df7806461c8eaeed84fb951cdf8d
SHA256 91ea4d6a6a0df8458a776841d1161dde7308fe52e256d16514c3a2c90fa3ce14
SHA3 e2096bdfd9830748cf0dbc4592b88413e23972e1831ebc3d4eaf2c2e7b57f6db

1 (#2)

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x68
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.65833
Detected Filetype Icon file
MD5 5c311c4e95270dda69e5e99592ec73f6
SHA1 c586a03d86add9fa55f2f4523fd524b3e78f7f80
SHA256 0e26be47600d49cd8b805308b5a674df7aa2e4e2a9250ddf25a2a7687305f566
SHA3 da3bb1c16bbe39a2c7692c0eb1b74cdbc384b27728315ccfddd52874cb277bfa

1 (#3)

Type RT_MANIFEST
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x4f1
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.27584
MD5 9175a1fabff80fec23018fdfc1dc274b
SHA1 be8f32edef4e9f4aa514fa34f36ca9ee0204139b
SHA256 94b146eac0a80f5089ac9e57303515ddf9087d9d88fd4d47f27df8f3cf14cbb4
SHA3 934768e038a5727d347f31840aaab3de69c96e1d4bca3c9e726bae6be020edf3

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2026-May-26 00:00:55
Version 0.0
SizeofData 800
AddressOfRawData 0x7fedb8
PointerToRawData 0x7fdfb8

TLS Callbacks

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140802000

RICH Header

XOR Key 0x66799de7
Unmarked objects 0
C++ objects (33145) 148
C objects (33145) 12
ASM objects (33145) 6
253 (35721) 2
ASM objects (35721) 9
C objects (35721) 16
C++ objects (35721) 39
Imports (33145) 5
Total imports 114
Unmarked objects (#2) 1
C objects (LTCG) (36244) 1
Linker (36244) 1

Errors

Leave a comment

No comments yet.