| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date |
2022-Mar-15 18:03:09
|
| Detected languages |
English - United States
|
| TLS Callbacks |
2 callback(s) detected.
|
| Suspicious |
The PE is possibly packed. |
Unusual section name found: .xdata
|
| Suspicious |
The PE is possibly a dropper. |
Resources amount for 89.9322% of the executable.
|
| Suspicious |
VirusTotal score: 1/73 (Scanned on 2024-10-13 06:39:17) |
APEX:
Malicious
|
| MD5 |
32a797d48fcf157f5b36655c83ebbe2b
|
| SHA1 |
38d30a767a50acdab056f8fb7fa86cd0a460d3ad
|
| SHA256 |
e0c907a971885608e86b62a549fb6f42a594c75003a8c9a60573e35449b438f2
|
| SHA3 |
8239cf0036df5a6b37af4fa34b15b04e2be8fdb003afd531e7c6b5dda7bc4994
|
| SSDeep |
768:E68BJaNazuoBLOw6hW/r4xq7njAElye1XhmZQLUW:EfJjuYMhQ+cnjdy0XWSUW
|
| Imports Hash |
844f5c962e8a520b6fefd732675d6b26
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x80
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections |
11
|
| TimeDateStamp |
2022-Mar-15 18:03:09
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xf0
|
| Characteristics |
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
|
| Magic |
PE32+
|
| LinkerVersion |
2.0
|
| SizeOfCode |
0x1a00
|
| SizeOfInitializedData |
0x26200
|
| SizeOfUninitializedData |
0x200
|
| AddressOfEntryPoint |
0x00000000000014B0 (Section: .text)
|
| BaseOfCode |
0x1000
|
| ImageBase |
0x140000000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
4.0
|
| ImageVersion |
0.0
|
| SubsystemVersion |
5.2
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x2f000
|
| SizeOfHeaders |
0x400
|
| Checksum |
0x2fe26
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
| SizeofStackReserve |
0x200000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
e6e5f7fc67c21111d5d50b280573d2b3
|
| SHA1 |
03956404c420ef4bb52993580f7b0503ab39e8ef
|
| SHA256 |
5d625ca7260f16f52a2a522534629dda02366af3a6f84f745d1dadacfaefbfc1
|
| SHA3 |
57be001246ac49500a1fc7c4a4ffa250943c1d5be8b2fc63d1bd0338b2a00b82
|
| VirtualSize |
0x1868
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0x1a00
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
5.83653
|
| MD5 |
4e7cc1be25b71428264f92d5fb658564
|
| SHA1 |
1e172c91ecb4d762ce77e3883a450d7beac3ab12
|
| SHA256 |
14e42a7edebda252a869912b159cfda9c1d7e65c770b071ba959355e5256b377
|
| SHA3 |
52e054b44aabfa3b43fc83bac9bec797899921281874f3a340574ca8eb0539d8
|
| VirtualSize |
0x50
|
| VirtualAddress |
0x3000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x1e00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.238123
|
| MD5 |
55c38de19c166eb2a50b7c349fdb0bab
|
| SHA1 |
9281f03a6b036767b644bd56638b4f662e7d0306
|
| SHA256 |
32cc88314c0faf88014eb9cc5d189a677c881fc90baebbf1a8b0afa971635e92
|
| SHA3 |
b4796682f12ea901cd32aca467618525a2881b5be778482d84ec06452a581a4b
|
| VirtualSize |
0x510
|
| VirtualAddress |
0x4000
|
| SizeOfRawData |
0x600
|
| PointerToRawData |
0x2000
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
3.74272
|
| MD5 |
b66c91225f66909ff0905bc20ac6d1be
|
| SHA1 |
83905fe7e927be4f080feb426dacf0e58c97a85b
|
| SHA256 |
46bf98da454d09e8eb6170856e99b50fdd4259113ba82e235c7fe9a2427073d8
|
| SHA3 |
1336b82d56e3b6e392cf155798494b85329296ec00f881047dac3f50cf85204c
|
| VirtualSize |
0x228
|
| VirtualAddress |
0x5000
|
| SizeOfRawData |
0x400
|
| PointerToRawData |
0x2600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
2.35877
|
| MD5 |
4d4c8064f5890395994155530161552e
|
| SHA1 |
bc13506ab3b1c101a34136da2af59d8bd6b9377c
|
| SHA256 |
1b306094d40f4ff463667ca98c8f981594d279f258bdbde256b9935ab22e5aa7
|
| SHA3 |
9f59a5a4b37aca95768d3e4bd1ba2d5d885218d6553ce4596c4ba832cbfdbcdb
|
| VirtualSize |
0x1ac
|
| VirtualAddress |
0x6000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x2a00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
3.38082
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x150
|
| VirtualAddress |
0x7000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
d2b0999317ef6cbb843b45c1d41f8470
|
| SHA1 |
d3b864ba864991f2122cd8ea1b61b727e4ecb384
|
| SHA256 |
15fa108e99b820c67bb6b8d3706ab0d6b5df5c469fb1213d469932506c93100c
|
| SHA3 |
ec4b171ccb9b1cef6a38a862344a15cdee4c2eaa5c35f682b5d0e3a3e5799974
|
| VirtualSize |
0x610
|
| VirtualAddress |
0x8000
|
| SizeOfRawData |
0x800
|
| PointerToRawData |
0x2c00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
3.12097
|
| MD5 |
bcefc0d174e8cd6cab4b44fad54e9b64
|
| SHA1 |
c432d1cabdf5ccac249c4a63806fd4ced3bab49b
|
| SHA256 |
de4be259ae5616b1ef0ff42b7ee08deec7416a441e002af7ff10fa27d0767315
|
| SHA3 |
a236ce3fe198a8765c75ba4649bf73731750c39712e71655e56d3d890f7a1b07
|
| VirtualSize |
0x60
|
| VirtualAddress |
0x9000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x3400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.28656
|
| MD5 |
bf619eac0cdf3f68d496ea9344137e8b
|
| SHA1 |
5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
|
| SHA256 |
076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
|
| SHA3 |
622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
|
| VirtualSize |
0x10
|
| VirtualAddress |
0xa000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x3600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0
|
| MD5 |
2d211deec472430ca9525b15210dfb4f
|
| SHA1 |
ab6ccd753d3224095da4f4941099522a14beba96
|
| SHA256 |
0b058723d8aba0e75a79afd4fb46f5366c0abf8061cf3ffeef065047f3cb6851
|
| SHA3 |
73b419032a8de0fe0f35d019c55dfb801916a0068b5407b472a38739beeaf924
|
| VirtualSize |
0x22a60
|
| VirtualAddress |
0xb000
|
| SizeOfRawData |
0x22a60
|
| PointerToRawData |
0x3800
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
2.85434
|
| MD5 |
5a8d2a5ea39c54a6a353061c1e23280f
|
| SHA1 |
f9afcae50353aa3985c26218ddb74f42b4fb13fc
|
| SHA256 |
deef75a763a9a6373935853c02d570365278e02f3d7dac89102a3f9ec566b59c
|
| SHA3 |
9c870c0ab127bc18427d3aa519bce58a307d75c534aeb8b24357bdb6128aa66f
|
| VirtualSize |
0x74
|
| VirtualAddress |
0x2e000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x26400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
| Entropy |
1.30725
|
| KERNEL32.dll |
DeleteCriticalSection
EnterCriticalSection
GetLastError
GetModuleFileNameW
GetStartupInfoA
InitializeCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
__C_specific_handler
|
| msvcrt.dll |
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_commode
_execv
_fmode
_initterm
_onexit
_wchdir
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
signal
strlen
strncmp
vfprintf
wcscat
wcslen
wcsncpy
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x468
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.98223
|
| MD5 |
0b711a2721950a98b88f366336cf6f08
|
| SHA1 |
dd21db0389245c4ab9ce8571e796563dd1b445d3
|
| SHA256 |
b3231b796d7d11ac47c5fcdaf0c8872fe958d43b3ab90f12d278abfb095b0fb2
|
| SHA3 |
bd19de34245188f239c4fe0dee3a21b84462b03d3783f605ea701bde9c283947
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x988
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.8789
|
| MD5 |
23fa0ccea71e0a42777533c231f39d80
|
| SHA1 |
5f5c524033c50a55e1b4ce870b46036d8b872b31
|
| SHA256 |
813c7c19a8e47c1e8ed963f5bf28e87b9bbda85fd2b039b0ebe94a4f9cf91a8d
|
| SHA3 |
30d4a7251e15f32d3ca9a620fc6e607f6e0f5709b82b4188812d023634fd353a
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x10a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.47439
|
| MD5 |
79d064183990c5a7aebc777bbffca295
|
| SHA1 |
7038ff089714e28a976b0b9f41080d63ae5a7d2e
|
| SHA256 |
927a4f6a4a00f377f3a6289a6d6af6c0b8963277a1ec6650c3720f3c596714de
|
| SHA3 |
2ae3bfecc4320d8bbef1697a294ca581627a4a1271dd2dc5a79d3db906d629de
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x25a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.25166
|
| MD5 |
b785f2f0e018db734522f79a87c3f3ea
|
| SHA1 |
4396365cefd75c7cebb03c0a12d8d7e8e9203295
|
| SHA256 |
4122cd24ef87ccb0581f4da7c9cc63e044bce4533b673ed1b161afe338779c4c
|
| SHA3 |
2c3c681daf6c5923c4aa8021187d8d1e11b2df59b52e3f64755592349ec16ef2
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x4228
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.88066
|
| MD5 |
f3a7be7d63abb6cd06457a279693a3f8
|
| SHA1 |
f6a797f09cc7891575a5844733da73daf0172878
|
| SHA256 |
3a53162d97d5245b40f87ea575921136bf7d9b7905526c62db5293e857affb07
|
| SHA3 |
b23dc22866ef539ce26bd251679c8bb9c589e974ed50213b1bfe38e8946db7b0
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x94a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.88059
|
| MD5 |
83c096b99a10ec373bc005442d59dcc7
|
| SHA1 |
3ea3b2b49953fad5b68edd9684e9215452e5b46f
|
| SHA256 |
cdacb3db2f2e00779081affe8fbcc071170e27a2722d7b9299f7fb6003eb08c7
|
| SHA3 |
baf22ca629a1f54e64230e0971f2fa0fbbae25f188661ad36a5c07d4be39a319
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x10828
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.4661
|
| MD5 |
26e8c16199dec117316146d7a36f6d02
|
| SHA1 |
80d51f18a73fe9f01b851fa1b423d044f976badd
|
| SHA256 |
d07b873ba30bf7a29f50ed33a211f6075e41717e13c0d336f9c66c2c8bd67aa3
|
| SHA3 |
ea4283f2e75d5991c5a6dc29b315d9bbae55899395bd340d84a115410dd30577
|
| Type |
RT_GROUP_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x68
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.0112
|
| Detected Filetype |
Icon file
|
| MD5 |
a5a66701ea54a5a504195e4a1594f5f2
|
| SHA1 |
8a6533d058a07be5238810d0e0e4a8c6542b10f3
|
| SHA256 |
d403242134cc2517ba1a8a978db1554832296fc6130b7f142ad0eb7435b4d5ce
|
| SHA3 |
50a8e2a5bf26bf580fcacb3fc99774dbac59ba9254f3e7f1f7860b0f933b6c48
|
| Type |
RT_MANIFEST
|
| Language |
UNKNOWN
|
| Codepage |
UNKNOWN
|
| Size |
0x48f
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.13793
|
| MD5 |
5aa04ce935e78505e230765e85c34355
|
| SHA1 |
6c93b8c5fde8be4b2231dca6b8ec513cdc82c991
|
| SHA256 |
a73f26a8d504043f785d7360e8febf2eeb8522ec873a0d4dd5d1d4bfd1e67d3d
|
| SHA3 |
149467cafc03ba34b33cd8076fc2771413760822357952de205dbae2b5cb8059
|
| StartAddressOfRawData |
0x14000a000
|
| EndAddressOfRawData |
0x14000a008
|
| AddressOfIndex |
0x14000707c
|
| AddressOfCallbacks |
0x140009038
|
| SizeOfZeroFill |
0
|
| Characteristics |
IMAGE_SCN_TYPE_REG
|
| Callbacks |
0x0000000140001650
0x0000000140001620
|
[*] Warning: Section .bss has a size of 0!
32a797d48fcf157f5b36655c83ebbe2b