23c16ec907ff13ff7ae9188722629f86

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2025-Dec-01 20:20:34

Plugin Output

Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
 Possibly launches other programs:
  • CreateProcessW
 Can create temporary files:
  • GetTempPathW
  • CreateFileW
 Functions related to the privilege level:
  • OpenProcessToken
 Enumerates local disk drives:
  • GetDriveTypeW
Suspicious The file contains overlay data. 9020323 bytes of data starting at offset 0x49800.
The overlay data has an entropy of 7.99299 and is possibly compressed or encrypted.
Overlay data amounts for 96.7703% of the executable.
Suspicious VirusTotal score: 2/66 (Scanned on 2026-02-13 06:05:53) APEX: Malicious
Bkav: W64.AIDetectMalware

Hashes

MD5 23c16ec907ff13ff7ae9188722629f86
SHA1 6c69729cce212b343683357fe154eab91b7d4964
SHA256 76247bbe515e2718ae72990074d1f2971716496e0b8bea9132cb934a3e7f4ba6
SHA3 49b3b44ed698071ad256f86df0a4d4a9b53382f46a9e0cf4668fced497ef2398
SSDeep 196608:goDDy9onJ5hrZEK3e9tGPqKM48RmU/3ZlsPvzhTbyTvN8CisIRnqdHv:ny9c5hlEK/PNMtN3ZWzh3yTUnmv
Imports Hash c5640c7a22008f949f9bc94a27623f95

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2025-Dec-01 20:20:34
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x23600
SizeOfInitializedData 0x25e00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000000A8C8 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.2
ImageVersion 0.0
SubsystemVersion 5.2
Win32VersionValue 0
SizeOfImage 0x5d000
SizeOfHeaders 0x400
Checksum 0x8e80dd
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x1e8480
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 050ad070d74c0ab2baca6ee9c3b61b5d
SHA1 6d0e9653451629a1ca0dd2275a462618f9809547
SHA256 62e33d4423a4bc161f56e4ed7600cea9f96a7ac9de6b9f9097be3b0d185fd1b5
SHA3 21e6206c26cd6ca31ad9d911ddc97c00c663e84de236b29e7b01f26eab47d648
VirtualSize 0x235d0
VirtualAddress 0x1000
SizeOfRawData 0x23600
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.47151

.rdata

MD5 5bdad5a56f6361bc6fe88b4eb609be88
SHA1 61665896d4badf37c4803bb95a93e097c5fc34bd
SHA256 1fd268db129877398fc951e5d62000fec7834439f8c4c10e2b46250eca5b918b
SHA3 886e61342fef9f49e83610e4775a0cd853c39f3232ef444cc11495caf4d4255b
VirtualSize 0x11898
VirtualAddress 0x25000
SizeOfRawData 0x11a00
PointerToRawData 0x23a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.71175

.data

MD5 b88590ca230f956ba7b5bffcbee69475
SHA1 a4ef906bff3cc026f8d4abeacf5157d6e6d47ed7
SHA256 7983742383926237f4280145e36e5debfe636f3dd3bc93e123b282934b83c3f8
SHA3 61bd319c225da8969aec4cdb92b04f437125e466ad27c38674493bb2115ecd98
VirtualSize 0x10398
VirtualAddress 0x37000
SizeOfRawData 0xc00
PointerToRawData 0x35400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.85899

.pdata

MD5 626ab1518bc3687e03dacd39bbfde649
SHA1 9642b8e7c249e069f4c38e184edf6d8435259d21
SHA256 3eb854d761e56ec304c7b2932e7960cfbff808ef363968727f0bb03bebf7cab0
SHA3 294a263f11fac00f4fe049d94898625d6c20fba4f7ad46684435b163a13b1ae7
VirtualSize 0x1de8
VirtualAddress 0x48000
SizeOfRawData 0x1e00
PointerToRawData 0x36000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.39229

_RDATA

MD5 3fa4bb815d2865eb13ca6b140ccf210f
SHA1 efa716d4856fbcc5996d4b52f82341ff916cef2d
SHA256 f1de4262611282afd132e4296e86a5764b0d701b2813348102d3a8e1fe5a84f5
SHA3 1bdc84d0339794baeb54c8977e635a98429866bc8bbe8666071dc2c63785cdc2
VirtualSize 0xf4
VirtualAddress 0x4a000
SizeOfRawData 0x200
PointerToRawData 0x37e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.96168

.rsrc

MD5 527f58256779e49a47a9844df6d3db8a
SHA1 4148982af8203655beef09e02030220cd35a5d8c
SHA256 d38b080f1d49dec3cc7617eb905ca618e1cfed4ad24e0b85c43807144ef42ce1
SHA3 7b89b77883dbb711477c0ae75495cd4b0d3d5fbc9a8f6c7d5d2e889ee26b5ad3
VirtualSize 0x10ec8
VirtualAddress 0x4b000
SizeOfRawData 0x11000
PointerToRawData 0x38000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.38766

.reloc

MD5 ab10229e6319ea5b4dde9f2a80ec60f0
SHA1 654912404552d473e7942e854865a7f30af25913
SHA256 6ffb170df7594c6af7cae1faed3cf3f71dff625311fa58bab9c33fc801635149
SHA3 f6f629310adb48b792a551445117575e28888c9490098d6b5e8eef0b465dcb8b
VirtualSize 0x748
VirtualAddress 0x5c000
SizeOfRawData 0x800
PointerToRawData 0x49000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.22226

Imports

USER32.dll CreateWindowExW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW
COMCTL32.dll #380
KERNEL32.dll GetACP
IsValidCodePage
GetStringTypeW
GetFileAttributesExW
FlushFileBuffers
GetCurrentDirectoryW
GetOEMCP
GetCPInfo
GetModuleHandleW
MulDiv
GetLastError
SetDllDirectoryW
GetModuleFileNameW
GetProcAddress
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
HeapReAlloc
WriteConsoleW
SetEndOfFile
GetCommandLineW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RaiseException
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
SetStdHandle
SetConsoleCtrlHandler
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
CompareStringW
LCMapStringW
ADVAPI32.dll OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
GDI32.dll SelectObject
DeleteObject
CreateFontIndirectW

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x10828
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.30725
MD5 0e825c462a24a596a132f65e8741c00a
SHA1 1544a8c92bb4fcd7f68a6f4a8b6ad4db597fb80d
SHA256 e74724cb5cf1775aea2879ee101e4f42cc5fe545d634f184a62e168d4328269a
SHA3 76aa970d3c2a2bd39a51501186e65766c8093e964ec2ac72f9b0a28cdfec0749

0

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.98048
Detected Filetype Icon file
MD5 38388dda6548693f4d42f2241a4218d7
SHA1 78bedd12a20f97e31e58742381f3d0ca1edb4715
SHA256 cd0991dd595a1392452a8c7ccf089e73626bc6eed1fd3f54ee4c6aa7ffbaedba
SHA3 9ace1e9f008d60580379cdfdcd4119706c82d52d2e5fdb9e5745fa00864cc1a8

1 (#2)

Type RT_MANIFEST
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x5a4
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.28877
MD5 9fb73fc58e2442598beaf413bf4351c9
SHA1 e4d0f4510c1417e02aab580a7bfff545252806cf
SHA256 725bb6051f8a60ba212b46c0743f749e272042ce6b99cf9118e21a053559378d
SHA3 309ec77c81a1b9f2755b39821656494a372c7d7773c40b8568b34ba0ded3a77b

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2025-Dec-01 20:20:34
Version 0.0
SizeofData 680
AddressOfRawData 0x33aa0
PointerToRawData 0x324a0

TLS Callbacks

Load Configuration

Size 0x138
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140037008

RICH Header

XOR Key 0x6bde3963
Unmarked objects 0
C objects (27412) 11
ASM objects (27412) 7
C++ objects (27412) 188
253 (28518) 4
C++ objects (30034) 38
C objects (30034) 17
ASM objects (30034) 9
Imports (27412) 11
Total imports 135
C objects (VS2019 Update 11 (16.11.8) compiler 30138) 19
Linker (VS2019 Update 11 (16.11.8) compiler 30138) 1

Errors