0fc35dcc6d19fadb29bfb2e0aa720c77711d4258d27da902c3592db3f76027f5

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2026-Apr-23 08:22:20
TLS Callbacks 1 callback(s) detected.
Debug artifacts attack_02_pe_injection.pdb

Plugin Output

Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
 Uses Windows's Native API:
  • NtWriteFile
  • NtReadFile
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 06dd4bfd9cb15a44dded7e549a7a0847
SHA1 5b0d6293af3ce5e3dc9fc9039b5a885ceee91cee
SHA256 0fc35dcc6d19fadb29bfb2e0aa720c77711d4258d27da902c3592db3f76027f5
SHA3 caee24fb802c7fe7db72f5ae9227d62c1080e74c5eb34782d7c1f558f1a7ae76
SSDeep 3072:Kg+kAP2ZgwbvgWjScfcgmM4mLh5YbPGd1QBbzBI9:KBkAP2KcIW+ckgx3URG9
Imports Hash a7b6d8596ef6e53e3c72a527868aa3f3

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 5
TimeDateStamp 2026-Apr-23 08:22:20
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x20600
SizeOfInitializedData 0xf000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000001F510 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x33000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 709868c1b8647bf80403e1185081bd1e
SHA1 7869fbeba55fdff12e1d7a67a0d16c471ce4fd0c
SHA256 69cc136d193d0e5ee13a9caf795751f3732052e793e267167915bbbe082e6744
SHA3 2f3a0b1c3208fc25f6113d0a705d183b4f338acb722e30de53e521e03c010780
VirtualSize 0x20404
VirtualAddress 0x1000
SizeOfRawData 0x20600
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.30123

.rdata

MD5 3f43c65b4b83d83cdcee13949950fcfd
SHA1 7e1e60c83f301023d3feeae46cdee3a8ea402bf2
SHA256 45df5b8af4aa878644f90853e493dc5a17df0adaedaa9ebbf243f8b2e9d576a5
SHA3 0ebefeb175ae2628e9932b57c0b080b6f9eabb49c8d2b1fdda6b8bf6022e85fd
VirtualSize 0xca94
VirtualAddress 0x22000
SizeOfRawData 0xcc00
PointerToRawData 0x20a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.46421

.data

MD5 1f83384ad65dea7d498fe084233b87e2
SHA1 c79afddc291ce2376b0f119511d452509a042890
SHA256 562700dfd09fbb6484a608d27216865472976f4de7a67709ca7eb9bf2dbf53c2
SHA3 26df2455ea3ce48a60a4f4819f8eb1611197fcb155dd63c29dc95aef35318af8
VirtualSize 0x2d0
VirtualAddress 0x2f000
SizeOfRawData 0x200
PointerToRawData 0x2d600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.65197

.pdata

MD5 04761f79bc0aeb35981530d5613abb50
SHA1 e9fadcd78c8ee3a471bb18c2e2eb369529fc8489
SHA256 d1cedbb22a1e1e8d9dd6118fa393bdb478fd3ac7cf099bf6f270a1847703564c
SHA3 6f7dd3acd6b385f31dded0cf067a8c36adcf30c3166afec3af3530fced0e12f3
VirtualSize 0x1b78
VirtualAddress 0x30000
SizeOfRawData 0x1c00
PointerToRawData 0x2d800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.21891

.reloc

MD5 4090a4cba0600dd80c1aa3eea8c8a5ae
SHA1 c3a486e578dbe4761f3095d710ee10c37189399f
SHA256 109023b2221d2941b1c6ce33af4551e1ca9cf4a7db2f11badc64f38c79e6c106
SHA3 dc1a72a485c02d810b64f0cd29d337f334be35fd90fd883c95da211adf06a33f
VirtualSize 0x344
VirtualAddress 0x32000
SizeOfRawData 0x400
PointerToRawData 0x2f400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.81494

Imports

kernel32.dll GetProcAddress
CloseHandle
IsProcessorFeaturePresent
IsDebuggerPresent
VirtualFree
VirtualAlloc
LoadLibraryA
GetSystemTimeAsFileTime
api-ms-win-core-synch-l1-2-0.dll WakeByAddressAll
WaitOnAddress
WakeByAddressSingle
KERNEL32.dll QueryPerformanceCounter
UnhandledExceptionFilter
InitializeSListHead
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThreadId
SetUnhandledExceptionFilter
GetProcessHeap
HeapFree
HeapReAlloc
lstrlenW
GetCurrentProcess
WideCharToMultiByte
WaitForSingleObjectEx
GetCurrentProcessId
CreateMutexA
ReleaseMutex
GetLastError
SetFileInformationByHandle
WaitForSingleObject
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
GetCommandLineW
GetFileInformationByHandleEx
CreateFileW
GetFileInformationByHandle
GetFinalPathNameByHandleW
GetConsoleMode
GetFullPathNameW
GetModuleHandleA
GetModuleFileNameW
GetModuleHandleW
FormatMessageW
HeapAlloc
MultiByteToWideChar
WriteConsoleW
GetStdHandle
GetConsoleOutputCP
CreateWaitableTimerExW
SetWaitableTimer
Sleep
ntdll.dll RtlNtStatusToDosError
NtWriteFile
NtReadFile
VCRUNTIME140.dll __current_exception
__C_specific_handler
__current_exception_context
memcmp
memmove
__CxxFrameHandler3
memcpy
_CxxThrowException
memset
api-ms-win-crt-string-l1-1-0.dll strlen
api-ms-win-crt-runtime-l1-1-0.dll _initialize_onexit_table
terminate
_register_thread_local_exe_atexit_callback
_crt_atexit
_c_exit
_seh_filter_exe
_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
_cexit
__p___argc
__p___argv
_register_onexit_function
api-ms-win-crt-math-l1-1-0.dll __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll __p__commode
_set_fmode
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll free
_set_new_mode

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2026-Apr-23 08:22:20
Version 0.0
SizeofData 51
AddressOfRawData 0x294fc
PointerToRawData 0x27efc
Referenced File attack_02_pe_injection.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2026-Apr-23 08:22:20
Version 0.0
SizeofData 20
AddressOfRawData 0x29530
PointerToRawData 0x27f30

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2026-Apr-23 08:22:20
Version 0.0
SizeofData 816
AddressOfRawData 0x29544
PointerToRawData 0x27f44

TLS Callbacks

StartAddressOfRawData 0x140029898
EndAddressOfRawData 0x1400298f0
AddressOfIndex 0x14002f240
AddressOfCallbacks 0x1400223c0
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_8BYTES
Callbacks 0x000000014000B620

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x14002f100

RICH Header

XOR Key 0x9d8dcd72
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 12
Imports (35207) 2
ASM objects (35207) 3
C objects (35207) 9
C++ objects (35207) 23
Imports (33145) 9
Total imports 184
Unmarked objects (#2) 75
Linker (35222) 1

Errors

Leave a comment

No comments yet.