08d9528408d03e0da2328347d72b38376a78d4fbd985ecfa4da5178cfdfeccd2

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2026-Jun-09 13:53:08
Detected languages Italian - Italy

Plugin Output

Info The PE contains common functions which appear in legitimate applications. Can access the registry:
  • RegOpenKeyExW
  • RegCloseKey
  • RegQueryValueExW
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 21269f13c55ec5b77c91bba2180f4ad7
SHA1 a94cd433f64e4ee24fee729604acf58ce9a7ba14
SHA256 08d9528408d03e0da2328347d72b38376a78d4fbd985ecfa4da5178cfdfeccd2
SHA3 a4c7acea5c1caaae46d88319af18375f262d114a0f03f7d92fa9880ab9d315a3
SSDeep 384:ttmmOi2HcyZg9+SJTlzjmTuBk5J9SJUmIfE+YK9s:2i4Zg9+SjGZ5yyyl
Imports Hash edaf81c541294bdba77fac87302e39ad

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xd0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 5
TimeDateStamp 2026-Jun-09 13:53:08
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x2c00
SizeOfInitializedData 0x2a00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00000000000021B0 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x9a000
SizeOfHeaders 0x400
Checksum 0xa2e4c
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 48f89400c75b8a5bf06c6e9a4c03f119
SHA1 ffbdba324aa7b7cec892f3fe6c1b56abd3aa2c5c
SHA256 22e50d6781941e785b729d50c53705c276e9dfd85cfc2f045a1222196c051a90
SHA3 382c58e843d43d145663b988bcb0ac5e0a8b3c0eed7948abb2ea8176244ad61f
VirtualSize 0x2bb9
VirtualAddress 0x1000
SizeOfRawData 0x2c00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.94472

.rdata

MD5 6ab4374812a3b31c1c6326f3345f1b02
SHA1 ce856f601315a71682612b0f6a956a0a93cabb60
SHA256 697db866a63b0196dea1aeb7b64aa88d38a0a7015ab5d942ffe8698ff8215265
SHA3 30ba4b9f72b3943659aeb4ed85efe944e800455f6aa6c6614345dc1b6c90c90b
VirtualSize 0x1976
VirtualAddress 0x4000
SizeOfRawData 0x1a00
PointerToRawData 0x3000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.30003

.data

MD5 0654b61762ac51f4a1ed65d4bb7037eb
SHA1 b27a271017cb64062f8b68291742ba03ebf0cdd0
SHA256 ee9c9b6861ea75efcae93304b084a5fbaa5615dfc262b7ad5f49e35e82ba4c78
SHA3 d8eec113fdd6ed34f50b6594893adee15e2f9e496f163e191932862fa4355fdd
VirtualSize 0x54c
VirtualAddress 0x6000
SizeOfRawData 0x200
PointerToRawData 0x4a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.116115

.pdata

MD5 8826de4bc46266ac5ecd33a7ddf63d31
SHA1 d23bb15d8d569b5415dbe7d85fb75aa19bbc3ed7
SHA256 16b40ae3893b86efa8e860aa43c5acd54876130fa356fed7352a2e67cbd17430
SHA3 278083c4fa43fdbf36439d2adeac794acc90f8e4ad5e55470a66581c7b74fb05
VirtualSize 0x1e0
VirtualAddress 0x7000
SizeOfRawData 0x200
PointerToRawData 0x4c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.75561

.rsrc

MD5 a89193d43579bdcad1f1a8a163167002
SHA1 30ec6f695dcf703af897554eac7a9c3ba82b698a
SHA256 d7b384f682c118637a1798cb0d51bf8f473bfb89541d09c19bf8cca3cde0413d
SHA3 1aa98469717fcec5fe0277db022359e0b5895878fdf4ae9eb00b4dd060613206
VirtualSize 0x6e8
VirtualAddress 0x8000
SizeOfRawData 0x91200
PointerToRawData 0x4e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.0404358

Imports

USER32.dll IsWindowVisible
SystemParametersInfoW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowLongPtrW
GetCursorPos
SetCursorPos
GetSystemMetrics
GetDoubleClickTime
ADVAPI32.dll RegOpenKeyExW
RegCloseKey
RegQueryValueExW
SETUPAPI.dll SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
KERNEL32.dll MultiByteToWideChar
SwitchToFiber
CreateFiber
ConvertThreadToFiber
ExitProcess
SleepEx
HeapAlloc
HeapFree
GetProcessHeap
Sleep
GetModuleHandleW

Delayed Imports

101

Type RT_RCDATA
Language Italian - Italy
Codepage UNKNOWN
Size 0x684
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.31325
MD5 dd051025448d01f72e8b08f5d547543b
SHA1 1fc9a2476294eece26144b79040ccdccdce1c583
SHA256 86b86db9f8f27aa1456e2716df76d8d7e832a116aea847e89ed6290445061761
SHA3 eeac5005b610d47f49f4493696c1113827248da02e7f575a8c548be4a164b51f

Version Info

IMAGE_DEBUG_TYPE_UNKNOWN

Characteristics 0
TimeDateStamp 2026-Jun-09 13:53:08
Version 0.0
SizeofData 292
AddressOfRawData 0x527c
PointerToRawData 0x427c

IMAGE_DEBUG_TYPE_UNKNOWN (#2)

Characteristics 0
TimeDateStamp 2026-Jun-09 13:53:08
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

UNKNOWN

Characteristics 0
TimeDateStamp 2026-Jun-09 13:53:08
Version 0.0
SizeofData 4
AddressOfRawData 0x53a0
PointerToRawData 0x43a0

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.