| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date |
2026-Feb-14 16:01:42
|
| Detected languages |
English - United States
|
| Info |
The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
- LoadLibraryA
- GetProcAddress
Has Internet access capabilities:
|
| Suspicious |
No VirusTotal score. |
This file has never been scanned on VirusTotal.
|
| MD5 |
1e7bbfdf43625f25d04e91c08e213629
|
| SHA1 |
a442d20aa5e87f8b19f9f12e8bd5623a2a74e7f7
|
| SHA256 |
4c0327edacc62d02e258931ca6e208bc6f2d54a50771638233bd825ac0f4da75
|
| SHA3 |
f2370cf272b4343029e7fdb616f8cdc11b47c45adae0173e9f6b9ac011c93811
|
| SSDeep |
196608:TnSlbx7jTQVtKcAZJn7ToyWA7IBIAvyZFnT3xUOL5+df1iQGQN:TnSfCtKcUB7TbWA7KIAqZFNUWas
|
| Imports Hash |
190e6a09c77efcfe5d4daf0e75ed6965
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x80
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections |
9
|
| TimeDateStamp |
2026-Feb-14 16:01:42
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xf0
|
| Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
| Magic |
PE32+
|
| LinkerVersion |
14.0
|
| SizeOfCode |
0xa7c00
|
| SizeOfInitializedData |
0x2d000
|
| SizeOfUninitializedData |
0
|
| AddressOfEntryPoint |
0x0000000000683895 (Section: .tls)
|
| BaseOfCode |
0x1000
|
| ImageBase |
0x140000000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
6.0
|
| ImageVersion |
0.0
|
| SubsystemVersion |
6.0
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x1013000
|
| SizeOfHeaders |
0x400
|
| Checksum |
0
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve |
0x100000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0xa7a63
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x25620
|
| VirtualAddress |
0xa9000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x14a0
|
| VirtualAddress |
0xcf000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x5a9c
|
| VirtualAddress |
0xd1000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x5a3cf9
|
| VirtualAddress |
0xd7000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| MD5 |
6f97e8a9668e97985b42ab32eab08cdf
|
| SHA1 |
f35036ec6cf2eeaa222eddf83efc2dc3b4ffc771
|
| SHA256 |
c2c4ca2187ca1dac01251e32df9d12e75658a4a43c846a25d21b00f0e2109c5c
|
| SHA3 |
1a359fb9d1cf15e3aea96729ca8a8e26d1949622837bb5ae2e5a7de0b604635d
|
| VirtualSize |
0xe48
|
| VirtualAddress |
0x67b000
|
| SizeOfRawData |
0x1000
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.280587
|
| MD5 |
bb11b02c985608e2e5fd523eb0246d7a
|
| SHA1 |
d99fbdfc7c1666531c3dda418d193fa938e55b6b
|
| SHA256 |
22fdb301e21a18228b88677403baaa14005c2bd5e1a1e7a0bb6079efe9d5b929
|
| SHA3 |
9b9c5dec4f883ef399750efb7e79a2a1b493b697233f341ea30663c069e7a74e
|
| VirtualSize |
0x9947ac
|
| VirtualAddress |
0x67c000
|
| SizeOfRawData |
0x994800
|
| PointerToRawData |
0x1400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
|
| Entropy |
7.79291
|
| MD5 |
b8ce9953fd9b55bdf55668d6f2f62a68
|
| SHA1 |
b109405616c56617af12ffc2167703002a712780
|
| SHA256 |
d8ce46a5c5f8ee4db6660a346bb1532e92a6c99ba06a67bfc5705ad8c84ed6e4
|
| SHA3 |
59a49d56250bf76717f88200f788c0f8de8e98c735a924d7ee6bc0e286020000
|
| VirtualSize |
0x128
|
| VirtualAddress |
0x1011000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x995c00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
2.60839
|
| MD5 |
2e0c89750d30975b45926a70dcb1e4e2
|
| SHA1 |
2b86fd460f5f3b2e7e434a92bbd165ff83345dcd
|
| SHA256 |
a0ca7bc03f5f7dc20d14e299daf5e5ab15182966bf5e9ccb39f31ce35f270942
|
| SHA3 |
985002b4910e6161c2fc1eb7ea895d6f367069a025bda842ca9947c434dc111d
|
| VirtualSize |
0x1e0
|
| VirtualAddress |
0x1012000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x995e00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
4.75888
|
| ntdll.dll |
RtlCaptureStackBackTrace
|
| KERNEL32.dll |
Module32First
|
| USER32.dll |
UnregisterClassA
|
| GDI32.dll |
GetDeviceCaps
|
| ADVAPI32.dll |
GetTokenInformation
|
| ole32.dll |
CoCreateInstance
|
| OLEAUT32.dll |
SysAllocString
|
| MSVCP140.dll |
??1facet@locale@std@@MEAA@XZ
|
| WINHTTP.dll |
WinHttpOpen
|
| IMM32.dll |
ImmSetCompositionWindow
|
| d3d9.dll |
Direct3DCreate9
|
| VCRUNTIME140_1.dll |
__CxxFrameHandler4
|
| VCRUNTIME140.dll |
__std_type_info_compare
|
| api-ms-win-crt-heap-l1-1-0.dll |
_callnewh
|
| api-ms-win-crt-stdio-l1-1-0.dll |
_wfopen
|
| api-ms-win-crt-time-l1-1-0.dll |
_mktime64
|
| api-ms-win-crt-runtime-l1-1-0.dll |
terminate
|
| api-ms-win-crt-math-l1-1-0.dll |
sinf
|
| api-ms-win-crt-convert-l1-1-0.dll |
strtod
|
| api-ms-win-crt-filesystem-l1-1-0.dll |
_lock_file
|
| api-ms-win-crt-locale-l1-1-0.dll |
___lc_collate_cp_func
|
| api-ms-win-crt-environment-l1-1-0.dll |
getenv
|
| api-ms-win-crt-string-l1-1-0.dll |
strcat_s
|
| api-ms-win-crt-utility-l1-1-0.dll |
qsort
|
| KERNEL32.dll (#2) |
Module32First
|
| Type |
RT_MANIFEST
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x188
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
4.89623
|
| MD5 |
b8e76ddb52d0eb41e972599ff3ca431b
|
| SHA1 |
fc12d7ad112ddabfcd8f82f290d84e637a4d62f8
|
| SHA256 |
165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8
|
| SHA3 |
37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd
|
| Size |
0x140
|
| TimeDateStamp |
1970-Jan-01 00:00:00
|
| Version |
0.0
|
| GlobalFlagsClear |
(EMPTY)
|
| GlobalFlagsSet |
(EMPTY)
|
| CriticalSectionDefaultTimeout |
0
|
| DeCommitFreeBlockThreshold |
0
|
| DeCommitTotalFreeThreshold |
0
|
| LockPrefixTable |
0
|
| MaximumAllocationSize |
0
|
| VirtualMemoryThreshold |
0
|
| ProcessAffinityMask |
0
|
| ProcessHeapFlags |
(EMPTY)
|
| CSDVersion |
0
|
| Reserved1 |
0
|
| EditList |
0
|
| SecurityCookie |
0x1400cf040
|
[!] Error: Could not reach the TLS callback table.
[*] Warning: Section .text has a size of 0!
[*] Warning: Section .rdata has a size of 0!
[*] Warning: Section .data has a size of 0!
[*] Warning: Section .rsrc has a size of 0!
[*] Warning: Section .reloc has a size of 0!