04c89f19efee2a22660fd4650ff9add88e962d102b1b713e535f4e32a07c5185

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_EFI_APPLICATION
Compilation Date 1970-Jan-01 00:00:00

Plugin Output

Suspicious The PE is possibly packed. Unusual section name found:
Unusual section name found: .xdata
The PE only has 0 import(s).
Safe VirusTotal score: 0/72 (Scanned on 2026-02-08 16:27:58) All the AVs think this file is safe.

Hashes

MD5 63e2e5fbfb5e1a888a8485adaf97c288
SHA1 88d9289dc5f500391d1c0fd99f7905a24aa577af
SHA256 04c89f19efee2a22660fd4650ff9add88e962d102b1b713e535f4e32a07c5185
SHA3 d716b745190e227863164ab1c5d3effe54b73171ce2b5686d24d102aa2fa0d6e
SSDeep 6144:p5h7mEEzKjbGpC11S462dAVTmq9LpfCPIzGJhItM3UZSbmgXKVcfFSm+uoX46ut:p5lmEhuvHVCcVfoIiUGgOG
Imports Hash d41d8cd98f00b204e9800998ecf8427e

DOS Header

e_magic MZ
e_cblp 0
e_cp 0
e_crlc 0
e_cparhdr 0
e_minalloc 0
e_maxalloc 0
e_ss 0
e_sp 0
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xb0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 5
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x66e00
SizeOfInitializedData 0x81540
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000000280 (Section: .text)
BaseOfCode 0x280
ImageBase 0
SectionAlignment 0x20
FileAlignment 0x20
OperatingSystemVersion 0.0
ImageVersion 0.0
SubsystemVersion 0.0
Win32VersionValue 0
SizeOfImage 0xe85c0
SizeOfHeaders 0x280
Checksum 0
Subsystem IMAGE_SUBSYSTEM_EFI_APPLICATION
SizeofStackReserve 0
SizeofStackCommit 0
SizeofHeapReserve 0
SizeofHeapCommit 0
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 597474c20ec03883d1b9a3906ab0fa76
SHA1 5683a461244e813f078b7384ce817ff91dfda72b
SHA256 c7fd4091e89d8f7be9651420aa6b9d9d4717a548d0114aef80dd6fc77694744f
SHA3 dae85ed56b15a17b1bdf64ff505834a7693aa3fc6864ba79fb5b1a8962e1a13f
VirtualSize 0x66dea
VirtualAddress 0x280
SizeOfRawData 0x66e00
PointerToRawData 0x280
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
Entropy 6.42138

.data

MD5 68e95988a089079221ca4c114b6d523b
SHA1 152b583f581cf115845b240de48d0d105f3d7631
SHA256 1386ae5d3eeb7f3f4b491a1b466d271d7e278a5f398f4d538a6942f317e210a5
SHA3 f53e617251d1f8e1ed79d7082c071ba1924cdc06ebc5c106066f37678ba3dba3
VirtualSize 0x7c148
VirtualAddress 0x67080
SizeOfRawData 0x7c160
PointerToRawData 0x67080
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.49285

Section_3

MD5 6e0ec58dadf2d510d7e5ad963e703a09
SHA1 91be3e99d4eb1a5ec33a5b3e6ed0e0286605abae
SHA256 e4cd21e7848cc565301f0e950ac69eebc584e7703390460305c960bcf2d1227d
SHA3 f28671da46d2594927bc6013a654adcbf443f683ee1fe85564647fb6ae573292
VirtualSize 0x28bc
VirtualAddress 0xe31e0
SizeOfRawData 0x28c0
PointerToRawData 0xe31e0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0

.xdata

MD5 c580b2b19bb2561d77f4da59cdea2907
SHA1 d60e58c357cb15942f5885d419b9397114fdc992
SHA256 822c2cdfbc7a6e5f4dd355251f4dfc9af1b1a64152464b9b83c5007eeed0f346
SHA3 8c2e4d940a612f9a461a3b60011b022b0acdcb07fa7651f09d955a32e56f27e3
VirtualSize 0x18bc
VirtualAddress 0xe5aa0
SizeOfRawData 0x18c0
PointerToRawData 0xe5aa0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0

.reloc

MD5 c7cd6250ec0c83403b3d7aae4e068f05
SHA1 c5b9b7dc11e066098e69768f2f2ec088b50bb9ad
SHA256 d25751ca609c7137c566a8480edd55e9afc39eee989f6e882c9bccdc03ab62a7
SHA3 7cdf32e88ad846f59194280455bdfd0de519983a51c5cf1c278f4a316e47b7e1
VirtualSize 0x1254
VirtualAddress 0xe7360
SizeOfRawData 0x1260
PointerToRawData 0xe7360
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.42524

Imports

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_UNKNOWN

Characteristics 0
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.