2ba2d60267aa881d754bc32dcf84468e9c05e5605b2b30c1e3ab91bffa4c756f

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2026-Apr-22 13:17:44
Detected languages English - United States

Plugin Output

Info Libraries used to perform cryptographic operations: Microsoft's Cryptography API
Suspicious The PE is possibly packed. Unusual section name found: .0NL
Unusual section name found: .r9U
Unusual section name found: .)/?
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
 Uses Microsoft's cryptographic API:
  • CryptGetHashParam
Malicious VirusTotal score: 45/71 (Scanned on 2026-05-24 11:44:22) ALYac: QD:Trojan.GenericKDQ.695C1AC4EE
APEX: Malicious
AVG: Win64:MalwareX-gen [Misc]
AhnLab-V3: Trojan/Win.Generic.C5878599
Alibaba: Packed:Win32/VMProtect.fa14959c
Arcabit: QD:Trojan.GenericQ.695C1AC4EE
Avast: Win64:MalwareX-gen [Misc]
Avira: TR/W64.Agent
BitDefender: QD:Trojan.GenericKDQ.695C1AC4EE
Bkav: W32.Malware.F1D632F4
CAT-QuickHeal: Trojan.Agent
CTX: exe.trojan.generic
CrowdStrike: win/malicious_confidence_100% (D)
Cylance: Unsafe
Cynet: Malicious (score: 100)
DeepInstinct: MALICIOUS
ESET-NOD32: Win32/Packed.VMProtect.ACX trojan
Elastic: malicious (high confidence)
Emsisoft: QD:Trojan.GenericKDQ.695C1AC4EE (B)
F-Secure: Trojan.TR/W64.Agent
Fortinet: W32/PossibleThreat
GData: QD:Trojan.GenericKDQ.695C1AC4EE
Google: Detected
Gridinsoft: Trojan.Heur!.02212023
Ikarus: Trojan.Win32.VMProtect
Kaspersky: Trojan.Win32.Agent.xcdpaf
Lionic: Trojan.Win32.GenericKDQ.4!c
Malwarebytes: Malware.Heuristic.2108
MaxSecure: Trojan.Malware.328690006.susgen
McAfeeD: Real Protect-LS!77C165D0417A
MicroWorld-eScan: QD:Trojan.GenericKDQ.695C1AC4EE
Microsoft: Trojan:Win32/Wacatac.B!ml
Paloalto: generic.ml
Sangfor: Suspicious.Win32.Save.a
SentinelOne: Static AI - Malicious PE
Skyhigh: Artemis
Sophos: Mal/Generic-S
Symantec: ML.Attribute.HighConfidence
Tencent: Win32.Trojan.Agent.Swhl
TrellixENS: Artemis!77C165D0417A
TrendMicro: Trojan.Win32.ZYX.USBLEM26
TrendMicro-HouseCall: Trojan.Win32.ZYX.USBLEM26
VIPRE: QD:Trojan.GenericKDQ.695C1AC4EE
Varist: W64/ABTrojan.ETWF-6711
alibabacloud: VirTool:Win/Sabsik.ET

Hashes

MD5 77c165d0417a41be855113c1ebe638f8
SHA1 3e168c67c1b4f4415ac892d2a2b5e6ea90ab67f0
SHA256 2ba2d60267aa881d754bc32dcf84468e9c05e5605b2b30c1e3ab91bffa4c756f
SHA3 091cd477c10013ce2e5627c9262e82d2edaa6887fce1e372da18ff6baf03def1
SSDeep 393216:PNbAxWTC32TzSvBTYJ8W5yp59MP6Y4MxMfaCO:axWO3wM5MP6YJy
Imports Hash 39c85267dd7c30b847c383aceb2e0e49

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 9
TimeDateStamp 2026-Apr-22 13:17:44
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x13200
SizeOfInitializedData 0x9000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000001B37F3D (Section: .)/?)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x23df000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x1308c
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x6f42
VirtualAddress 0x15000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0xb18
VirtualAddress 0x1c000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0xf30
VirtualAddress 0x1d000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.0NL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0xd9a60b
VirtualAddress 0x1e000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.r9U

MD5 94bf4743da7582aa7ca934d514df4980
SHA1 b6c65fc4a482bc793ec1a3c44350ec054eb08ba0
SHA256 1677560d1b6b92aa28b4601bc3b1577784450e21205afb67eff0508ab30671b3
SHA3 cd9897c8403d90f97eb4aea4e1bdbb279fdd18f132551f7ccc813117a1e5617f
VirtualSize 0xbf8
VirtualAddress 0xdb9000
SizeOfRawData 0xc00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.345076

.)/?

MD5 f8cb91a43aeba7510cba8f24a34fd9c8
SHA1 61edfb8f7920762fbed412c4f2722a12b1de229d
SHA256 ecd5f7020b2dbbaebbc94047ef11cc60338f693573d9cb1d6e6cde8998f720b0
SHA3 e61a8cfecdf7be9f52582f02a8bf6b4739429d03b4cab2acf15840f24b072f5f
VirtualSize 0x1622238
VirtualAddress 0xdba000
SizeOfRawData 0x1622400
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
Entropy 7.78253

.reloc

MD5 c1d91d6a2c178bc674e0beac23869ced
SHA1 075a22230a4e63ad1903c4bbc2631438034777ba
SHA256 12a9fed29dc00152efe59b79b785a9b52f823b7dcad1650a59d1d7bdffa9be5f
SHA3 c4a1b2ea2a15cfbef24ebd30ee87ec6f9682b5c94c5774e8978e795e3457c8aa
VirtualSize 0x118
VirtualAddress 0x23dd000
SizeOfRawData 0x200
PointerToRawData 0x1623400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.73668

.rsrc

MD5 0af3161855cf5e974306a63e955322c7
SHA1 a708dc85949b8a83859245648315bf99776e62d7
SHA256 9315307754d6f31227af9287e829201eb17b5f0ed352152eb4b1b5d000b1c46f
SHA3 344fa279eacbf61c702dc6400bbae0a2916c7da00b429fab13266977105afa4a
VirtualSize 0x1e0
VirtualAddress 0x23de000
SizeOfRawData 0x200
PointerToRawData 0x1623600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.77905

Imports

KERNEL32.dll Sleep
USER32.dll MessageBoxW
ADVAPI32.dll CryptGetHashParam
ole32.dll CoSetProxyBlanket
OLEAUT32.dll VariantClear
MSVCP140.dll ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
WININET.dll HttpSendRequestA
IPHLPAPI.DLL GetAdaptersInfo
VCRUNTIME140_1.dll __CxxFrameHandler4
VCRUNTIME140.dll __std_exception_copy
api-ms-win-crt-heap-l1-1-0.dll free
api-ms-win-crt-utility-l1-1-0.dll srand
api-ms-win-crt-stdio-l1-1-0.dll fclose
api-ms-win-crt-runtime-l1-1-0.dll _crt_atexit
api-ms-win-crt-string-l1-1-0.dll wcscat_s
api-ms-win-crt-time-l1-1-0.dll _time64
api-ms-win-crt-locale-l1-1-0.dll ___lc_codepage_func
api-ms-win-crt-math-l1-1-0.dll __setusermatherr
KERNEL32.dll (#2) Sleep
KERNEL32.dll (#3) Sleep

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x188
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.89623
MD5 b8e76ddb52d0eb41e972599ff3ca431b
SHA1 fc12d7ad112ddabfcd8f82f290d84e637a4d62f8
SHA256 165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8
SHA3 37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd

Version Info

TLS Callbacks

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x14001c040

RICH Header

Errors

[*] Warning: Section .text has a size of 0! [*] Warning: Section .rdata has a size of 0! [*] Warning: Section .data has a size of 0! [*] Warning: Section .pdata has a size of 0! [*] Warning: Section .0NL has a size of 0!
Leave a comment

No comments yet.