3130e3749ee3e604a84685e5f5e40d327cd61a185f7bdc43672e0a8f13a6b5b6

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2026-May-26 13:20:24
Detected languages English - United States
TLS Callbacks 3 callback(s) detected.

Plugin Output

Suspicious This PE is packed with VMProtect Unusual section name found: .vmp0
Unusual section name found: .vmp1
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
 Possibly launches other programs:
  • ShellExecuteA
 Has Internet access capabilities:
  • WinHttpQueryDataAvailable
  • InternetOpenA
 Leverages the raw socket API to access the Internet:
  • bind
Malicious VirusTotal score: 36/69 (Scanned on 2026-06-06 04:03:06) APEX: Malicious
AhnLab-V3: Packed/Win.VMProtect.R776384
Alibaba: Packed:Win32/VMProtect.22764f77
Antiy-AVL: Trojan[Packed]/Win32.VMProtect
Bkav: W32.Malware.CF177618
CAT-QuickHeal: Trojan.Win64
CTX: exe.trojan.generic
CrowdStrike: win/malicious_confidence_100% (W)
Cylance: Unsafe
Cynet: Malicious (score: 100)
DeepInstinct: MALICIOUS
DrWeb: Trojan.DownLoader49.49609
ESET-NOD32: Win32/Packed.VMProtect.ACR trojan
Elastic: malicious (high confidence)
Fortinet: W32/PossibleThreat
GData: Win64.Trojan.Agent.SEXL5K
Google: Detected
Kaspersky: UDS:Trojan.Win64.DBadur.gen
Lionic: Trojan.Win32.VMProtect.4!c
Malwarebytes: Malware.AI.3615775214
MaxSecure: Trojan.Malware.218393830.susgen
McAfeeD: Real Protect-LS!012542EE1BFA
Microsoft: Trojan:Win32/Wacatac.B!ml
Paloalto: generic.ml
Panda: Trj/PhxGD.A
Rising: Trojan.DBadur!8.18E88 (CLOUD)
Sangfor: Trojan.Win32.Save.a
SentinelOne: Static AI - Malicious PE
Sophos: Mal/Generic-S
Symantec: ML.Attribute.HighConfidence
Trapmine: malicious.moderate.ml.score
TrellixENS: Artemis!012542EE1BFA
TrendMicro: Trojan.Win32.ZYX.USBLF126
TrendMicro-HouseCall: Trojan.Win32.ZYX.USBLF126
Varist: W64/ABTrojan.ADQU-6872
alibabacloud: VirTool:Win/Wacatac.C9nj

Hashes

MD5 012542ee1bfa585f10a94e6aa15dcb2f
SHA1 77e145c217084dd201e113f9b64a3cfc3de53119
SHA256 3130e3749ee3e604a84685e5f5e40d327cd61a185f7bdc43672e0a8f13a6b5b6
SHA3 976ed8f0ca5f3c5c7b546e7229afc397a5b2bc9455ac8fd2cd9c63a1c9c0ca92
SSDeep 393216:Z24s/7//wWNUTmVINnsaX72ZtH1afgYn2:A4sj//wiDyVsar2ZtHQfXn2
Imports Hash ddb03491343260da6001f8b66b0590a4

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 8
TimeDateStamp 2026-May-26 13:20:24
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0xdf000
SizeOfInitializedData 0x52800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000B10FD9 (Section: .vmp1)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x171f000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0xdeea4
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x462b2
VirtualAddress 0xe0000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x2868
VirtualAddress 0x127000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x8bb0
VirtualAddress 0x12a000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x9c1bbd
VirtualAddress 0x133000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1

MD5 2ecd5517349d1c62c9e124d57e522551
SHA1 413964f5d0db80b64b9f2fa615c6a46c470db8a2
SHA256 d5c7d21ca446e8f2d74628173f07b63e15af6ea3880994644ccae49851855cfe
SHA3 b2d0edc638f81788f2863312611889563082081b33fc5ef715a7d52b8673864a
VirtualSize 0xc27dd8
VirtualAddress 0xaf5000
SizeOfRawData 0xc27e00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
Entropy 7.97666

.reloc

MD5 61de095f6681275b083f9aeeab6122a5
SHA1 c13bad8b5392ed30e7ba0eff0679c8201b43452b
SHA256 e27e0e81ccc62c2845780d6b9a623c6956475b012df4bd6ce509d05ef58d5c4f
SHA3 fa52ec188db1d3aba24da8b85e54d386540d9582f74152224990d36a123b8ac1
VirtualSize 0xd4
VirtualAddress 0x171d000
SizeOfRawData 0x200
PointerToRawData 0xc28200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.31977

.rsrc

MD5 7dfc185134211b028a57c328ddb63448
SHA1 a1532da74f3d5e2d32370c1871207c26c338d72c
SHA256 c7dcd7fa639ae0345d80f8793f004e44ffb1ccf6d4a5483b52981922c58f756e
SHA3 4e7ef395cccf03f169ea54990642887150a351531e6c48faf9f664d9df564362
VirtualSize 0x1e0
VirtualAddress 0x171e000
SizeOfRawData 0x200
PointerToRawData 0xc28400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.77323

Imports

KERNEL32.dll SetFileInformationByHandle
USER32.dll GetSystemMenu
ADVAPI32.dll SystemFunction036
SHELL32.dll ShellExecuteA
MSVCP140.dll ??0_Locinfo@std@@QEAA@PEBD@Z
WINHTTP.dll WinHttpQueryDataAvailable
WININET.dll InternetOpenA
SHLWAPI.dll PathFindFileNameW
PSAPI.DLL GetModuleInformation
WINTRUST.dll WinVerifyTrust
USERENV.dll UnloadUserProfile
bcrypt.dll BCryptGenRandom
VCRUNTIME140_1.dll __CxxFrameHandler4
VCRUNTIME140.dll strrchr
api-ms-win-crt-runtime-l1-1-0.dll _errno
api-ms-win-crt-stdio-l1-1-0.dll fread
api-ms-win-crt-heap-l1-1-0.dll _callnewh
api-ms-win-crt-utility-l1-1-0.dll qsort
api-ms-win-crt-string-l1-1-0.dll wcsncmp
api-ms-win-crt-convert-l1-1-0.dll strtol
api-ms-win-crt-filesystem-l1-1-0.dll _wstat64
api-ms-win-crt-time-l1-1-0.dll strftime
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale
api-ms-win-crt-math-l1-1-0.dll __setusermatherr
api-ms-win-crt-environment-l1-1-0.dll getenv
CRYPT32.dll PFXImportCertStore
WS2_32.dll bind
WTSAPI32.dll WTSSendMessageW
KERNEL32.dll (#2) SetFileInformationByHandle
USER32.dll (#2) GetSystemMenu
KERNEL32.dll (#3) SetFileInformationByHandle
USER32.dll (#3) GetSystemMenu

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x188
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.89623
MD5 b8e76ddb52d0eb41e972599ff3ca431b
SHA1 fc12d7ad112ddabfcd8f82f290d84e637a4d62f8
SHA256 165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8
SHA3 37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd

Version Info

TLS Callbacks

StartAddressOfRawData 0x1414bb1f0
EndAddressOfRawData 0x1414bb360
AddressOfIndex 0x140129170
AddressOfCallbacks 0x1414bb360
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_16BYTES
Callbacks 0x00000001414E15BD
0x00000001400DACE0
0x00000001400DAD58

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140127f40

RICH Header

Errors

[!] Error: Could not read the exported DLL name. [*] Warning: Section .text has a size of 0! [*] Warning: Section .rdata has a size of 0! [*] Warning: Section .data has a size of 0! [*] Warning: Section .pdata has a size of 0! [*] Warning: Section .vmp0 has a size of 0!
Leave a comment

No comments yet.