156c7cd6cadee25ebe2578af5a783269

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2024-Jul-26 18:08:08

Plugin Output

Suspicious PEiD Signature: PeStubOEP v1.x
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Uses constants related to MD5
Suspicious The PE is possibly packed. Unusual section name found: .fptable
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryExW
  • LoadLibraryA
  • GetProcAddress
  • LoadLibraryExA
 Functions which can be used for anti-debugging purposes:
  • NtQuerySystemInformation
  • FindWindowA
 Can access the registry:
  • RegCreateKeyA
  • RegOpenKeyExA
  • RegCloseKey
  • RegSetValueExA
  • RegQueryValueExA
 Uses Windows's Native API:
  • NtClose
  • NtQuerySystemInformation
  • ZwMapViewOfSection
 Can create temporary files:
  • CreateFileA
  • GetTempPathW
  • CreateFileW
 Memory manipulation functions often used by packers:
  • VirtualProtect
  • VirtualAlloc
 Has Internet access capabilities:
  • URLDownloadToFileA
 Manipulates other processes:
  • OpenProcess
 Can take screenshots:
  • GetDC
  • FindWindowA
 Reads the contents of the clipboard:
  • GetClipboardData
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 156c7cd6cadee25ebe2578af5a783269
SHA1 6ed852b0a7f6f1a88b21f0e59e020d2595c5e406
SHA256 bf8c167d1185706b900b96a3b8db41f45ef76387cc4518e56b4549af80baa9b2
SHA3 8151d4bef005a5d63ab07f33d04e3567456bb43d30f47435a8871d45fd8d9be1
SSDeep 49152:iTJuLPaKEA8UKyez6KsZ/ORSaICVSx+RxxLK/O7k1ia+KA6TxiAvnluSzCt+Drc:Cu22Ad7qJfHEQ88Mr9wwAfk2
Imports Hash 73479a9ff9fdee07b26fcdf933fe1e54

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2024-Jul-26 18:08:08
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x536600
SizeOfInitializedData 0x1b9200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00000000004D9070 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x180000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x6f4000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 c543f6005a9977745ec120027c753122
SHA1 b897dd8845770bfb93bd6cc9a5c602178f96fd81
SHA256 cd3630aa8ec2617eb87e40f3f41998a15c46656952b86dfe7f86cefdb043edd6
SHA3 256a315d53616077b6a251adb29ab92769f9a4925355b529d4357c8253930c2d
VirtualSize 0x536414
VirtualAddress 0x1000
SizeOfRawData 0x536600
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.74326

.rdata

MD5 35f2b9d8218190ff4e81cf70628cf7f4
SHA1 7e7e315c0bf2d3e431c306a1135da970544f8447
SHA256 068524cfdb320371237221bf70e6a2af6ba511f082a8901a90887a959c136a3a
SHA3 f151f28a054a7ae605e90da132ed6c13f39b30eb6f4bda1d102f8ca00cd8e5fd
VirtualSize 0x722e6
VirtualAddress 0x538000
SizeOfRawData 0x72400
PointerToRawData 0x536a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.1971

.data

MD5 ca15863049dce003ed552aa64708327f
SHA1 c744d48a4c5064e592692db05600c1a49960a6b9
SHA256 96441a1982abf4cbc0f7831c666937846d5efdbe2aa4a1de37f60b1387ac235a
SHA3 5467e700dda51bd1f8334ca06cd645928864578b30b1441ce95416b02b3b6f3c
VirtualSize 0x10184c
VirtualAddress 0x5ab000
SizeOfRawData 0xdec00
PointerToRawData 0x5a8e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.8866

.pdata

MD5 4df1e46ecff3a64d653458d476c4f674
SHA1 072cd22b229782228cb669e2fcbfe8e645df58a8
SHA256 7a81cde1efecab5d61e0b28c97c582f59d72ec56d2c5c745d6108bb006f30004
SHA3 28ca0ccd457bee9590466efc88bdd4bea032a83196c1524af20352a3bb177f74
VirtualSize 0xe52c
VirtualAddress 0x6ad000
SizeOfRawData 0xe600
PointerToRawData 0x687a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.18712

.fptable

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x100
VirtualAddress 0x6bc000
SizeOfRawData 0x200
PointerToRawData 0x696000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.reloc

MD5 9b518fbf1464dc4328700f90ea40832b
SHA1 4a7914777e016a71503c0896f4bae06eb5843562
SHA256 0c4429bd0953fb7a2fcf992a20f6435656a2d068da470152f2b5fe8628c6d23b
SHA3 55633ecac96f0a0d86b49ac048862b0a9076a57aa4175a6d8e9b3022d302c6ac
VirtualSize 0x36bc0
VirtualAddress 0x6bd000
SizeOfRawData 0x36c00
PointerToRawData 0x696200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.43487

Imports

VMProtectSDK64.dll VMProtectDecryptStringW
VMProtectDecryptStringA
SHLWAPI.dll PathFileExistsA
ADVAPI32.dll RegCreateKeyA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
ole32.dll StringFromGUID2
ntdll.dll RtlPcToFileHeader
RtlUnwindEx
NtClose
NtQuerySystemInformation
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
VerSetConditionMask
ZwMapViewOfSection
RtlInitUnicodeString
RtlUnwind
dbghelp.dll SymLoadModuleEx
SymCleanup
SymUnloadModule64
SymGetTypeFromName
SymSetOptions
SymInitialize
SymGetTypeInfo
SymFromName
urlmon.dll URLDownloadToFileA
USER32.dll ReleaseDC
GetDC
SetProcessDPIAware
GetKeyboardLayout
GetKeyState
GetMessageExtraInfo
MonitorFromWindow
ReleaseCapture
SetCapture
GetCapture
TrackMouseEvent
LoadCursorA
SetCursor
IsWindowUnicode
ScreenToClient
SetCursorPos
ClientToScreen
GetForegroundWindow
GetClientRect
SetClipboardData
EmptyClipboard
CloseClipboard
GetClipboardData
OpenClipboard
GetWindowThreadProcessId
FindWindowA
GetCursorPos
KERNEL32.dll GetDateFormatW
SetEndOfFile
WriteConsoleW
HeapSize
GetTimeZoneInformation
HeapReAlloc
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FlushFileBuffers
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
WriteFile
VirtualProtect
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapAlloc
HeapFree
GetModuleFileNameW
ExitProcess
ReadFile
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
TerminateProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RaiseException
InterlockedFlushSList
GetLocaleInfoW
Sleep
VirtualFree
GetFileAttributesExA
CreateFileA
GetCurrentProcessId
OpenProcess
CloseHandle
LoadLibraryA
GetProcAddress
GetTempPathW
CreateDirectoryA
GetLastError
SetLastError
DeleteFileA
VirtualAlloc
LocalFree
GetCurrentProcess
CreateFileW
DeviceIoControl
LoadLibraryExA
MultiByteToWideChar
GlobalLock
GetTimeFormatW
GlobalUnlock
GlobalAlloc
GlobalFree
QueryPerformanceFrequency
QueryPerformanceCounter
FreeLibrary
GetLocaleInfoA
GetModuleHandleA
AllocConsole
SetStdHandle
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
FormatMessageA
TryAcquireSRWLockExclusive
FindClose
FindFirstFileExW
FindNextFileW
IsValidLocale
GetFullPathNameW
AreFileApisANSI
GetLocaleInfoEx
WaitForSingleObjectEx
GetExitCodeThread
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
LCMapStringEx
GetStringTypeW
CompareStringEx
GetCPInfo
GetUserDefaultLCID
CompareStringW
WideCharToMultiByte
GetFileType
GetStdHandle
EnumSystemLocalesW
LCMapStringW
GDI32.dll GetDeviceCaps
CreateRectRgn
DeleteObject
dwmapi.dll DwmGetColorizationColor
DwmEnableBlurBehindWindow
DwmIsCompositionEnabled

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2024-Jul-26 18:08:08
Version 0.0
SizeofData 968
AddressOfRawData 0x58f024
PointerToRawData 0x58da24

TLS Callbacks

StartAddressOfRawData 0x18058f438
EndAddressOfRawData 0x18058f440
AddressOfIndex 0x1806aa510
AddressOfCallbacks 0x1805387d8
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x1806880c0

RICH Header

XOR Key 0x9a629076
Unmarked objects 0
C++ objects (33136) 180
C objects (33136) 33
ASM objects (33136) 24
ASM objects (33731) 10
C objects (33731) 15
C++ objects (33731) 91
Imports (33136) 20
Imports (VS2015 UPD3.1 build 24215) 3
Total imports 223
Unmarked objects (#2) 16
Linker (33812) 1

Errors

<-- -->