| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| Compilation Date |
2023-Jan-26 23:47:09
|
| Detected languages |
English - United States
|
| Suspicious |
The PE is possibly packed. |
Unusual section name found: .gxfg
Unusual section name found: .gehcont
Unusual section name found: .HxD0
Unusual section name found: .HxD1
Unusual section name found: .HxD2
|
| Suspicious |
The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
- LoadLibraryA
- GetProcAddress
Leverages the raw socket API to access the Internet:
|
| Suspicious |
No VirusTotal score. |
This file has never been scanned on VirusTotal.
|
| MD5 |
38c429a7ba156b4d956f8668623317ce
|
| SHA1 |
8b49bd073a4176365103c2920226f51c4e643708
|
| SHA256 |
12d927d1f332cf97ddf51f091b673c2d1135bf9c0ecf933154b70a05523a46ff
|
| SHA3 |
8c7275acaedffcf03f44e4c79e0a46257d766e5628e5fdc9606786e0136c0895
|
| SSDeep |
196608:iYCZxlL9mzma3lltcPZNE7patySaaWnQOG:fsLgR3lltgsja6G
|
| Imports Hash |
08637bb2db7e26d9df80a1661386278e
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x80
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections |
11
|
| TimeDateStamp |
2023-Jan-26 23:47:09
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xf0
|
| Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_RELOCS_STRIPPED
|
| Magic |
PE32+
|
| LinkerVersion |
14.0
|
| SizeOfCode |
0x384400
|
| SizeOfInitializedData |
0xb75800
|
| SizeOfUninitializedData |
0
|
| AddressOfEntryPoint |
0x000000000169786A (Section: .HxD2)
|
| BaseOfCode |
0x1000
|
| ImageBase |
0x140000000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
6.0
|
| ImageVersion |
0.0
|
| SubsystemVersion |
6.0
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x1b48000
|
| SizeOfHeaders |
0x400
|
| Checksum |
0
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve |
0x100000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x384288
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x14e10c
|
| VirtualAddress |
0x386000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x9cab5c
|
| VirtualAddress |
0x4d5000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x26ed4
|
| VirtualAddress |
0xea0000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x94
|
| VirtualAddress |
0xec7000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x36f0
|
| VirtualAddress |
0xec8000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x24
|
| VirtualAddress |
0xecc000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x38c320
|
| VirtualAddress |
0xecd000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| MD5 |
0162c0e43fb163edfd2ba2077c097c0f
|
| SHA1 |
1703326008b0678e50240f44f187f85c8b741826
|
| SHA256 |
323e0dc8439dba0979064b1b6643c043a728f986878e5dde63b010ee6bd6bf7b
|
| SHA3 |
8dbc80b25dca68fcb02ee9124b1667f6ad3994465ad9e54685127eb4c91f1f93
|
| VirtualSize |
0x11d8
|
| VirtualAddress |
0x125a000
|
| SizeOfRawData |
0x1200
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.249345
|
| MD5 |
a1712d24cd1ba5d61ef17e22628ea58e
|
| SHA1 |
4bcb517fc09a2bc17fa73b6e6bea7d2e8ab7ddd7
|
| SHA256 |
99cad5276dddfdd7135b9311fadaae6d7098be58c43371657a3602f92d419105
|
| SHA3 |
4df1fc0c574bdb50c4bd9781c62cae99cbda6b82f16c082913c5fe655523b43a
|
| VirtualSize |
0x8c1eec
|
| VirtualAddress |
0x125c000
|
| SizeOfRawData |
0x8c2000
|
| PointerToRawData |
0x1600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
|
| Entropy |
7.95425
|
| MD5 |
95c2ad6257b8ffcff8b49a25035fd8f4
|
| SHA1 |
e99cc627467a8a0b57ee0738ff62ab293ad69232
|
| SHA256 |
1121bed1d2392e33669118654c3f49d4096064cc038b1b2e650016f818f0bfb2
|
| SHA3 |
c4a4a804bf7eb0ec3f4ed07135ffe2550332856af23b6541b225a1d4165bd2e3
|
| VirtualSize |
0x295f0
|
| VirtualAddress |
0x1b1e000
|
| SizeOfRawData |
0x29600
|
| PointerToRawData |
0x8c3600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
6.13691
|
| WS2_32.dll |
WSAIoctl
|
| WLDAP32.dll |
#211
|
| CRYPT32.dll |
CertFreeCertificateContext
|
| ADVAPI32.dll |
GetUserNameA
|
| KERNEL32.dll |
GetVersionExW
|
| USER32.dll |
ShowWindow
|
| SHELL32.dll |
ShellExecuteExA
|
| dwmapi.dll |
DwmExtendFrameIntoClientArea
|
| d3d11.dll |
D3D11CreateDeviceAndSwapChain
|
| D3DCOMPILER_43.dll |
D3DCompile
|
| d3dx11_43.dll |
D3DX11CreateShaderResourceViewFromMemory
|
| IMM32.dll |
ImmGetContext
|
| bcrypt.dll |
BCryptGenRandom
|
| USERENV.dll |
UnloadUserProfile
|
| RPCRT4.dll |
UuidToStringA
|
| KERNEL32.dll (#2) |
GetVersionExW
|
| USER32.dll (#2) |
ShowWindow
|
| KERNEL32.dll (#3) |
GetVersionExW
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x10d27
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.99044
|
| Detected Filetype |
PNG graphic file
|
| MD5 |
b7dcd9ef0d77bf74f80095bf16b2c792
|
| SHA1 |
ed47025a1a56391c697d93d4134313fbb438babb
|
| SHA256 |
7a7d23443f6d434e065f4e31acf4ac57ad6ed1a3cc221267c3696cb698999ba8
|
| SHA3 |
6f4cd362756d00b554788b0cae37cd32ae0b081bd3539a0f0a54839e61a7a86e
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x10828
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.86764
|
| MD5 |
d2dba01d7f21495f79ade7df413ffdb8
|
| SHA1 |
99af7c7312d65f61b7c8269b8090da57e222bab7
|
| SHA256 |
dff0f5fb21258de1de023a2a71fb62217d39579ec41e51a6d6d90aed48248ca0
|
| SHA3 |
fe6e55178e359784173205d6b2d0c9577e25ccb17cfd7733161cbaa5e4acee43
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x4228
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
4.20898
|
| MD5 |
cc1362965666335117fd97dd92acfa68
|
| SHA1 |
a8e2fea5e7f6a069e083554c4de5aabd4835089e
|
| SHA256 |
0c9ef7f0a67612726fc57370afe22d0c60199c72d765285f83883cf43166e708
|
| SHA3 |
a7eb548809fac674e688e96e7e86cbc5ee193b8079c842e775eb7a39d232e6a1
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x25a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
4.43668
|
| MD5 |
162b749171b53fa2aa24a574ee7f1ca9
|
| SHA1 |
f86323f6617da75f534163b632710c32c2efb59b
|
| SHA256 |
5761aad71c3f8efffe64e6f9f01425a75a7db7f3cabf391ac957ca728a6bebbd
|
| SHA3 |
2d57416c64f66fa96066fcee9c73728199c9b3bc7804c55718b6d1d5c249b0ef
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x10a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
4.69547
|
| MD5 |
785a3a4a30ea140ee43eecda65fed3e3
|
| SHA1 |
c027fb5fa25e8e791cde6aa6022c1f0d33565f8b
|
| SHA256 |
148c095ee106c28e0512700c2eca9768158a17e45e4497eb242d01159078b624
|
| SHA3 |
29e5f87cff214c34e9d1315fea62571dc58d520f0fb9b8c707f66eefac5a2bf0
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x468
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.23198
|
| MD5 |
f6c6394462c63df1b63020215fbe5119
|
| SHA1 |
ea3e8c610326fae2ccf8595f830808e3434219f2
|
| SHA256 |
af5f4ae28e6bfda473101ad52549bbcc8d78b0cf9563df2258a427659570132a
|
| SHA3 |
c1cfe604e63e72536c7eec57674bc17a302addd9bfdd665b6c76abc9abf49d21
|
| Type |
RT_GROUP_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x5a
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.93807
|
| Detected Filetype |
Icon file
|
| MD5 |
ad000703da84fcd1c212871aabcea3e1
|
| SHA1 |
90cef820404716021132e0cc6f8ee2706e448923
|
| SHA256 |
9ec3dc6fe7fa957fa9660bb2c9287f95ed22604b22d2d374055735df1eec8a2d
|
| SHA3 |
f6d185a1b8c6d7a77e35259a742cf8451d01220026f58b1dd3c0e4c76dd1e2aa
|
| Type |
RT_MANIFEST
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x188
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
4.89623
|
| MD5 |
b8e76ddb52d0eb41e972599ff3ca431b
|
| SHA1 |
fc12d7ad112ddabfcd8f82f290d84e637a4d62f8
|
| SHA256 |
165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8
|
| SHA3 |
37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd
|
| Size |
0x108
|
| TimeDateStamp |
1970-Jan-01 00:00:00
|
| Version |
0.0
|
| GlobalFlagsClear |
(EMPTY)
|
| GlobalFlagsSet |
(EMPTY)
|
| CriticalSectionDefaultTimeout |
0
|
| DeCommitFreeBlockThreshold |
0
|
| DeCommitTotalFreeThreshold |
0
|
| LockPrefixTable |
0
|
| MaximumAllocationSize |
0
|
| VirtualMemoryThreshold |
0
|
| ProcessAffinityMask |
0
|
| ProcessHeapFlags |
(EMPTY)
|
| CSDVersion |
0
|
| Reserved1 |
0
|
| EditList |
0
|
| SecurityCookie |
0x140e530f8
|
[!] Error: Could not read the exported DLL name.
[!] Error: Could not reach the TLS callback table.
[*] Warning: Section .text has a size of 0!
[*] Warning: Section .rdata has a size of 0!
[*] Warning: Section .data has a size of 0!
[*] Warning: Section .pdata has a size of 0!
[*] Warning: Section _RDATA has a size of 0!
[*] Warning: Section .gxfg has a size of 0!
[*] Warning: Section .gehcont has a size of 0!
[*] Warning: Section .HxD0 has a size of 0!
38c429a7ba156b4d956f8668623317ce