1bdb8f8a07106458dd5de350c27b46664f0176335b7a52cb29a0195a782348ef

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2026-Jun-15 20:42:04
Detected languages English - United States

Plugin Output

Info Matching compiler(s): MASM/TASM - sig1(h)
Suspicious Strings found in the binary may indicate undesirable behavior: Contains another PE executable:
  • This program cannot be run in DOS mode.
 Miscellaneous malware strings:
  • cmd.exe
Suspicious The PE is possibly packed. Unusual section name found: .fptable
Unusual section name found: .rcd7cb
Section .rcd7cb is both writable and executable.
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryExW
  • GetProcAddress
 Can access the registry:
  • RegOpenKeyExW
  • RegQueryValueExW
  • RegCloseKey
 Possibly launches other programs:
  • CreateProcessW
 Has Internet access capabilities:
  • WinHttpSetTimeouts
  • WinHttpReceiveResponse
  • WinHttpOpen
  • WinHttpReadData
  • WinHttpOpenRequest
  • WinHttpSetOption
  • WinHttpCloseHandle
  • WinHttpSendRequest
  • WinHttpConnect
 Enumerates local disk drives:
  • GetVolumeInformationW
Malicious VirusTotal score: 54/71 (Scanned on 2026-06-28 15:09:52) ALYac: Trojan.GenericKD.80606067
APEX: Malicious
AVG: Win64:MalwareX-gen [Misc]
AhnLab-V3: Trojan/Win.Lazy.R720011
Alibaba: TrojanDownloader:Win64/MalwareX.7439ad16
Antiy-AVL: Trojan/Win32.Phonzy
Arcabit: Trojan.Generic.D4CDF373
Avast: Win64:MalwareX-gen [Misc]
Avira: TR/Patched.Gen
BitDefender: Trojan.GenericKD.80606067
Bkav: W32.Malware.EE6CB6E3
CAT-QuickHeal: Trojan.Win64
CTX: exe.trojan.generic
ClamAV: Win.Malware.Malwarex-10058788-0
CrowdStrike: win/malicious_confidence_100% (W)
Cylance: Unsafe
Cynet: Malicious (score: 100)
DeepInstinct: MALICIOUS
DrWeb: Trojan.DownLoader49.35384
ESET-NOD32: Win64/TrojanDownloader.Agent.CQY trojan
Elastic: malicious (high confidence)
Emsisoft: Trojan.GenericKD.80606067 (B)
F-Secure: Trojan.TR/Patched.Gen
Fortinet: W64/Agent.BPJ!tr
GData: Win64.Virus.Fidxinf.A
Google: Detected
Gridinsoft: Trojan.Heur!.03012023
Ikarus: Trojan.Patched
Jiangmin: Trojan.Generic.hssry
K7AntiVirus: Trojan-Downloader ( 006dab321 )
K7GW: Trojan-Downloader ( 006d9c241 )
Kaspersky: Trojan.Win64.Patched.t
Kingsoft: malware.kb.a.972
Malwarebytes: Malware.Heuristic.2003
MaxSecure: Trojan.Malware.300983.susgen
McAfeeD: Real Protect-LS!667C83E1DE7C
MicroWorld-eScan: Trojan.GenericKD.80606067
Microsoft: Trojan:Win32/Sabsik.FL.A!ml
Paloalto: generic.ml
Rising: Trojan.Midie!8.12D29 (TFE:1:WvQqQDUantJ)
Sangfor: Trojan.Win32.Save.a
SentinelOne: Static AI - Malicious PE
Sophos: Mal/Generic-S
Symantec: ML.Attribute.HighConfidence
Tencent: Trojan-DL.Win64.Agent.cbd
Trapmine: malicious.high.ml.score
TrellixENS: Artemis!667C83E1DE7C
TrendMicro: Trojan.Win32.ZYX.USBLFM26
TrendMicro-HouseCall: Trojan.Win32.ZYX.USBLFM26
VBA32: TrojanDownloader.Win64.Agent
VIPRE: Trojan.GenericKD.80606067
Varist: W64/Agent.LXR.gen!Eldorado
Zoner: Probably Heur.ExeHeaderL
alibabacloud: Trojan[downloader]:Win/Zusy.Gen

Hashes

MD5 667c83e1de7cdd8d0e6ff1d26a0f1c96
SHA1 87083642732901774c3f4697a6e56757f4438f51
SHA256 1bdb8f8a07106458dd5de350c27b46664f0176335b7a52cb29a0195a782348ef
SHA3 322881cbfd5d55f7893c840fd4894b6dd3df14ae1ababe441f48a674a5ed69d4
SSDeep 24576:lbJLz9ZxWaYN6Y26m6VcyVFz3nhuaqywD:lVv9GjaW/DRgyw
Imports Hash ffb20708629306c569223baac161d570

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 8
TimeDateStamp 2026-Jun-15 20:42:04
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x17600
SizeOfInitializedData 0x95600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00000000000B2000 (Section: .rcd7cb)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0xce000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 f6d5730326c0ce2074425ad32a4a4157
SHA1 b143b7cdbf8971a7c489ccfdbac2db96a70bb119
SHA256 fd2918cbc30b77343cb3c4e274d67b39db72c93272c53e8a234e9fb004a57961
SHA3 1386f710ae90db1b074af98be188a2a65c7156ce74a8d265e31dd0a50bee1116
VirtualSize 0x17590
VirtualAddress 0x1000
SizeOfRawData 0x17600
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.50582

.rdata

MD5 932b07e9fea40e388c5c21f00a546382
SHA1 e406c3bd226de7322808d94c80c4631cdc479ae0
SHA256 e71c9ffd11464bd078b47f43c8cace7a7cd59ec443019ca46d292d9b150e78bd
SHA3 d22a5b1c31720fe63798a3cd6970570f6534b09fdeb4d9b120641395a22022d7
VirtualSize 0x91cb8
VirtualAddress 0x19000
SizeOfRawData 0x91e00
PointerToRawData 0x19000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.91265

.data

MD5 fcca79dd624bc2a28afafad99eaf0855
SHA1 ec91fdf9ebd3581a8c97744f18563f2a2ca618b1
SHA256 f453feca4cccbce032df8851166a7791d907a42959ecb7486908ead9880109e3
SHA3 f9efc2256aa82e840cc21565034d838ec5ffa1bb964a053ce2015adb29936f32
VirtualSize 0x15c8
VirtualAddress 0xab000
SizeOfRawData 0xc00
PointerToRawData 0xab000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.93877

.pdata

MD5 ea0066f45275be60bcdde5244f390980
SHA1 8f70288495227a420f7fd9fa8bb977b262ff19f9
SHA256 a1819ddd08e1b2c1ba45a25983cedd61fd1a6c700dce3f734c75affebc73de6f
SHA3 c635b4be38eba854cf4c7d7008cc0bceffc91d0e327c956cc49bd6645623803b
VirtualSize 0x147c
VirtualAddress 0xad000
SizeOfRawData 0x1600
PointerToRawData 0xad000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.87419

.fptable

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x100
VirtualAddress 0xaf000
SizeOfRawData 0x200
PointerToRawData 0xaf000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.rsrc

MD5 f80e065a529f31bffd544bbaf3cee0ca
SHA1 2d444ae8fdc029bf046802398d0032d6bc6e0c1c
SHA256 231abffad4032498457ee15c34f8224dd8ef1557697cebb2db536ea25f23df22
SHA3 8849c014cc35c10535bdf265d00c5d48bf103cff7710ed0654ed193ca1ca5ea2
VirtualSize 0x1e8
VirtualAddress 0xb0000
SizeOfRawData 0x200
PointerToRawData 0xb0000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.75615

.reloc

MD5 1643856ad5a51d361eafa2b3c0454ac4
SHA1 d59ff9af2cdeef9c489176f579f475967a84adb2
SHA256 34fc0b8b1916315fc03c5bbd2a5ab16d42b336b96a65d11f486983f1dae24288
SHA3 5435e55ffe876e7ba71de6da0b75ce42f290e6a8829772cd7a1dc8a4f2f9c0d5
VirtualSize 0x690
VirtualAddress 0xb1000
SizeOfRawData 0x800
PointerToRawData 0xb1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.97144

.rcd7cb

MD5 c07ce146bf106848b6793aa7b722b6f4
SHA1 d0f4cbd0497a7885e7bf0c42993fe169230f6779
SHA256 dd7d9792473cc50b5c9853da819dc59202916b4496eaffabd45c9ecdecec6949
SHA3 5a3e7ec924836ee668ec2552b29e18357ba10f855b6c5aea4d49c2c8d0b6b8ad
VirtualSize 0x1c000
VirtualAddress 0xb2000
SizeOfRawData 0x1c000
PointerToRawData 0xb2000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.54831

Imports

WINHTTP.dll WinHttpSetTimeouts
WinHttpReceiveResponse
WinHttpOpen
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpSendRequest
WinHttpConnect
ADVAPI32.dll RegOpenKeyExW
RegQueryValueExW
RegCloseKey
USER32.dll MessageBoxA
wsprintfW
SHELL32.dll CommandLineToArgvW
KERNEL32.dll HeapReAlloc
HeapSize
FlushFileBuffers
LCMapStringW
GetConsoleOutputCP
SetFilePointerEx
FlsAlloc
CompareStringW
LoadLibraryExW
VirtualProtect
GetVolumeInformationW
HeapFree
SetConsoleTextAttribute
GetCommandLineW
GetCurrentProcess
GetStdHandle
WriteConsoleA
WriteFile
WaitForSingleObject
CreateFileW
SetFileAttributesW
MultiByteToWideChar
Sleep
GetCurrentThread
ReadConsoleW
CloseHandle
FreeConsole
HeapAlloc
FlushConsoleInputBuffer
WriteConsoleW
GetProcAddress
LocalFree
MoveFileExW
ExitProcess
GetProcessHeap
CreateProcessW
GetModuleHandleW
WideCharToMultiByte
SetConsoleOutputCP
AllocConsole
SetConsoleTitleW
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
SetUnhandledExceptionFilter
GetStartupInfoW
RtlUnwindEx
GetLastError
SetLastError
FlsGetValue
FlsSetValue
FlsFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
RtlLookupFunctionEntry
EncodePointer
RaiseException
RtlPcToFileHeader
GetConsoleCP
GetModuleFileNameW
TerminateProcess
FreeLibrary
GetModuleHandleExW
IsProcessorFeaturePresent
GetConsoleMode
SetConsoleMode
ReadConsoleInputW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
GetExitCodeProcess
GetFileAttributesExW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x188
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.89623
MD5 b8e76ddb52d0eb41e972599ff3ca431b
SHA1 fc12d7ad112ddabfcd8f82f290d84e637a4d62f8
SHA256 165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8
SHA3 37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2026-Jun-15 20:42:04
Version 0.0
SizeofData 840
AddressOfRawData 0xa8838
PointerToRawData 0xa7238

TLS Callbacks

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x1400ab000

RICH Header

XOR Key 0x9549d2e5
Unmarked objects 0
C++ objects (33145) 156
C objects (33145) 12
ASM objects (33145) 7
ASM objects (35721) 9
C objects (35721) 17
C++ objects (35721) 39
Imports (33145) 11
Total imports 123
C++ objects (LTCG) (36247) 1
Resource objects (36247) 1
Linker (36247) 1

Errors

Leave a comment

No comments yet.