2de5c598b9993e40b64f2643d4a3a702c17a66d0fed176f2811ee187c57cb0eb

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2026-May-06 13:20:31

Plugin Output

Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Uses constants related to SHA256
Uses constants related to AES
Uses constants related to Blowfish
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
 Possibly launches other programs:
  • CreateProcessW
 Can create temporary files:
  • GetTempPathW
  • CreateFileW
Suspicious The PE is possibly a dropper. Resource 27 is possibly compressed or encrypted.
Resources amount for 98.3716% of the executable.
Malicious VirusTotal score: 10/70 (Scanned on 2026-05-07 13:42:57) AhnLab-V3: Trojan/Win.Generic.R685599
CrowdStrike: win/malicious_confidence_60% (D)
DeepInstinct: MALICIOUS
Elastic: malicious (high confidence)
Jiangmin: Trojan.PE.kz
McAfeeD: ti!2DE5C598B999
Microsoft: Trojan:Win32/Wacatac.B!ml
SentinelOne: Static AI - Suspicious PE
Symantec: ML.Attribute.HighConfidence
Zillya: Trojan.Agent.Win64.72838

Hashes

MD5 a3efdd821de1aca601a08cc4b39e127c
SHA1 a231830efecb876864b46797d4f4904916ef42fd
SHA256 2de5c598b9993e40b64f2643d4a3a702c17a66d0fed176f2811ee187c57cb0eb
SHA3 d5c64e63e0bc6d634780258249ca68e11fe5d44c632106343b4420bf47268b7c
SSDeep 196608:ICcpecq0xygXYeFXB/FyzF7WZczCKjRBb+BFJdgcN32XeYnu96rX3:Seb0xyaF4VWunRBb+BRUnlX3
Imports Hash 8e3dad4d4ea6736338bcc4aca7b446c9

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2026-May-06 13:20:31
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x20000
SizeOfInitializedData 0xb52600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000000C90C (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0xb9b000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 b5a42118cb0519f332dad3a6d897d7a6
SHA1 f7adc413a41b1554e20d024de4dd429bdbb4e39e
SHA256 20a0b47683f8166113ef4fdd826104890917ef112828ff9df91854f6217a8a4e
SHA3 57630b2efd1e26e104bfc62d5d2e99c544cf4ba5d78030e24f278bd3592151d0
VirtualSize 0x20000
VirtualAddress 0x1000
SizeOfRawData 0x20000
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.50938

.rdata

MD5 ed7502dca3472ff7a248068d03a54372
SHA1 f539bea6bcd73430a5df7fde08d3597b4ee0946b
SHA256 094ea9b5203e8d906444c63f3cf8bff69385e3628a9da027fe8f78f99b960fbc
SHA3 cba4353f62a9d934bb9b480b935f2e8dae0d8e926582d90455600097d94dab94
VirtualSize 0xc8c0
VirtualAddress 0x21000
SizeOfRawData 0xca00
PointerToRawData 0x20400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.13885

.data

MD5 13836853af6571d6bcfdaa7382b29597
SHA1 69de4c7b19626211bb3429a1819251a86c2abe95
SHA256 7b327aa8ccf11e00dce996da59cb366d480ad70dc6ee37842e0f501329d7aed5
SHA3 286de44c3117718d03bcb5c08787334555240f8e9dbd1e9cce46c7c7d7be2941
VirtualSize 0x26e80
VirtualAddress 0x2e000
SizeOfRawData 0xc00
PointerToRawData 0x2ce00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.95704

.pdata

MD5 11ddd8ee334b30fe0180076a288244d7
SHA1 697e17e86fad270ddf6c271cda65315ab8f39f75
SHA256 2c9525897c5e1f478b5e67893442b924543ecb485fe8e3b0df7085ea0024513d
SHA3 112e1ba1b8eedd2a8e631d8bd817ab7922562278b178f808927b0dc1ed543c88
VirtualSize 0x17ac
VirtualAddress 0x55000
SizeOfRawData 0x1800
PointerToRawData 0x2da00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.26331

.rsrc

MD5 73ff0e244ac9f69d00ba8dc83d7c871e
SHA1 44c83cee830900e4ca412a2d43832605e12513c8
SHA256 b3f79155d8c615172dab2316f610e3fe065570e2948aa5f7299fdeee00d63726
SHA3 ace1025f5cb5b22a1342008d06ab30e297655559a52e881f5177d4e6f64e0361
VirtualSize 0xb42fa4
VirtualAddress 0x57000
SizeOfRawData 0xb43000
PointerToRawData 0x2f200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.99887

.reloc

MD5 c59e515213c4154a005629ee6d33e0a1
SHA1 4f1b7ae07288e4233c30b351d71aeb7e99401e6d
SHA256 612e682cd17fc14c9a04e9c806ee354e2e200382ebc4b9b4fee88fd23b7357d6
SHA3 b19afb8e68f5e95b87834353e5cba8dcb65f3bc7e181927476aac46314fd50cc
VirtualSize 0x688
VirtualAddress 0xb9a000
SizeOfRawData 0x800
PointerToRawData 0xb72200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.935

Imports

SHELL32.dll SHFileOperationW
SHGetFolderPathW
CommandLineToArgvW
KERNEL32.dll SetLastError
WriteConsoleW
HeapReAlloc
CreateDirectoryW
SizeofResource
SetConsoleCtrlHandler
GetCommandLineW
GetStdHandle
WriteFile
TerminateProcess
GetModuleFileNameW
SetEnvironmentVariableW
GetTempPathW
FindResourceA
WaitForSingleObject
CreateFileW
GetFileAttributesW
Sleep
GetLastError
LockResource
CloseHandle
LoadResource
GetProcAddress
GetCurrentProcessId
CreateProcessW
WideCharToMultiByte
GetSystemTimeAsFileTime
FormatMessageA
GetExitCodeProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
HeapSize
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
GetCommandLineA
HeapAlloc
MultiByteToWideChar
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x13ca8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.95082
Detected Filetype PNG graphic file
MD5 8d75d5d22d8fc70361e1bee98c36b692
SHA1 a9c38b5b933439f70d5501967b767ef7fbe33aa9
SHA256 e8a872fe02ea0c0524196866e50861d08413c679102949116a597c206cb1c2cb
SHA3 cccfd8b38efab1e25241352395cbc1aa8034f4d9ac967bf357ab6b29ba7c8ea8

27

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0xb2edc0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.99893
MD5 275391ef8a543fedbfcc73d45e1d51e5
SHA1 f337fa96af291fa17633cd3dffdd4b9e5c6086d5
SHA256 ddeb5ba0bc43f5c066334a770673cb194bbd7e8122ddcdc342655701aab38858
SHA3 a12b37a5f34bb4523c6a393fd626809bb8e5723a0afdbe090b4eee02c4a793d4

1 (#2)

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.59047
Detected Filetype Icon file
MD5 c7617a936cf7e8393114fd3fa37df079
SHA1 e1b408d8e0a97bc6671e51d6a89c5cb9e373ee25
SHA256 65fd9ee62a7b0b785afad52487d575b47ea71c0871ad8343a92b9e9b56f0d69e
SHA3 d307de78aaaba9f4f06fb401389e3ecc077d8d34f810b02723c1c44aacbe4cf5

1 (#3)

Type RT_MANIFEST
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x3f8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.27347
MD5 c103fcfaedaf1c1d4cef6906944a3b57
SHA1 15c6028d1c284d49ff279893da7b8d0aa01c2d7a
SHA256 787c0d745a0e0d8ec98b7c93cf3a5e0adcae13a5c1876b7c299e0cf5195cc3d0
SHA3 54b0d2f8b6a31dfd03ab28938a958fa4f87e8563d66b4d643f581867502808aa

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2026-May-06 13:20:31
Version 0.0
SizeofData 780
AddressOfRawData 0x2b368
PointerToRawData 0x2a768

TLS Callbacks

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x14002e000

RICH Header

XOR Key 0xf3ffa2e1
Unmarked objects 0
ASM objects (30795) 6
C++ objects (30795) 142
C objects (30795) 10
253 (34321) 2
ASM objects (34321) 9
C objects (34321) 16
C++ objects (34321) 40
Imports (30795) 5
Total imports 114
C objects (LTCG) (34435) 1
Linker (34435) 1

Errors

Leave a comment

No comments yet.