3b2d7f7f9ca41e646f99f1719d348710f9c22d91c56eca0e406dce9b5fb11145

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2025-Jun-19 18:35:54

Plugin Output

Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Suspicious The PE is possibly packed. Unusual section name found: .fptable
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryExW
  • GetProcAddress
 Possibly launches other programs:
  • CreateProcessW
 Can create temporary files:
  • GetTempPathW
  • CreateFileW
 Functions related to the privilege level:
  • OpenProcessToken
 Enumerates local disk drives:
  • GetDriveTypeW
Suspicious The file contains overlay data. 6906378 bytes of data starting at offset 0x46a00.
The overlay data has an entropy of 7.99803 and is possibly compressed or encrypted.
Overlay data amounts for 95.9798% of the executable.
Malicious VirusTotal score: 6/72 (Scanned on 2025-09-30 07:45:59) APEX: Malicious
Bkav: W64.AIDetectMalware
DeepInstinct: MALICIOUS
Sangfor: Trojan.Win32.Save.a
SentinelOne: Static AI - Suspicious PE
Skyhigh: BehavesLike.Win64.Generic.vc

Hashes

MD5 8ba04e0c81d5553bfd809c5222012ded
SHA1 64a49b24ba6c23436e024aa5095e236583e11b67
SHA256 3b2d7f7f9ca41e646f99f1719d348710f9c22d91c56eca0e406dce9b5fb11145
SHA3 56e93883e1f5109827e34c44b28d6167dcad43c6039e2105d6ff7a399ba3c581
SSDeep 196608:B1S8F7urHeD9BKG+5fc2S/ErXKEtw+GoH8MsqfTmd:BxuyDvV+53SM8+HzD+
Imports Hash 33742414196e45b8b306a928e178f844

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x108

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2025-Jun-19 18:35:54
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x2ba00
SizeOfInitializedData 0x1ac00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000000C380 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x50000
SizeOfHeaders 0x400
Checksum 0x6dd0f5
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x1e8480
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 6d644ec07349d1b7351e734f7b04810a
SHA1 3dd6ef84fc6c20d528965389245b00f50aadf18f
SHA256 57eb55521320737fa91641e6c05ad400c58cf9776519655f92dcbacaf899a79e
SHA3 6a53e66c377fa16e3f634aa8339df1d32343c3069fbe0095ad0c70e34884d9a5
VirtualSize 0x2b900
VirtualAddress 0x1000
SizeOfRawData 0x2ba00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.49408

.rdata

MD5 f6d5e819e106d5bdc3a3724df996e431
SHA1 e733edc10f9b12c6285b2eaaae34636f41c5c190
SHA256 4beeb9931d7d2a926a61aea9f5ae27fdbb902f0c407908064ae1c1e2088c9e08
SHA3 bedfed79ab19c7700a91434e5677696feb1bf6feb80b485daa72ffc25405fbeb
VirtualSize 0x12b3a
VirtualAddress 0x2d000
SizeOfRawData 0x12c00
PointerToRawData 0x2be00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.78178

.data

MD5 00758321c33e3c09a8243e456b9d5dd5
SHA1 605c145f0cbecc5b37ece68977e96d51b16e8988
SHA256 b2374b1484461f38ce10b8a704a9e56659cf8958a407d388dab844cfe1adc47f
SHA3 e3509318a66c18cbed1f835d68307b9eb4d37332ff62c9ac874bc88f090e4f67
VirtualSize 0x5350
VirtualAddress 0x40000
SizeOfRawData 0xe00
PointerToRawData 0x3ea00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.81742

.pdata

MD5 3990af19e92fb26a3d66e33c73f15c04
SHA1 9ed57c048a6c4d5abfd3c72fde6afc234e8b9c7e
SHA256 0e5ec3b091f12af870892edcffe5d55317656914d1fbe49c7b730223c02f94fa
SHA3 b9610f19705da9ddeb417caba26024a9aaefc9429f32a21cc797ab1487e28233
VirtualSize 0x22e0
VirtualAddress 0x46000
SizeOfRawData 0x2400
PointerToRawData 0x3f800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.34213

.fptable

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x100
VirtualAddress 0x49000
SizeOfRawData 0x200
PointerToRawData 0x41c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.rsrc

MD5 2bcea3b171e5d5707b28ad87e25b450c
SHA1 f73339068e776aac21aa0a04c1b21922af4568e7
SHA256 e46d8e67ef91dfadf9d7ba2c87101aa773beb1e13a0ad67cafabe6d468a14e20
SHA3 091c3ed88c0d03805a6f3b2821dcde9bb1f8d7edf462a35dbdc4746aa2a75a3a
VirtualSize 0x4280
VirtualAddress 0x4a000
SizeOfRawData 0x4400
PointerToRawData 0x41e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.70378

.reloc

MD5 8f4ea7da830ab1e489c40c02cebb698d
SHA1 13f4c06cca72f3babd32ec78035cef2f67ccf3fc
SHA256 c9ce5f6b1f4a953e70e998828cc4ba3831e2c48db1600bf89a5fb6fcdb5e2e18
SHA3 25701df9c4e6c5670c0e3739cd1fa933a4a0fc3709f43c9cb44369110841d40d
VirtualSize 0x76c
VirtualAddress 0x4f000
SizeOfRawData 0x800
PointerToRawData 0x46200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.26636

Imports

USER32.dll TranslateMessage
ShutdownBlockReasonCreate
GetWindowThreadProcessId
SetWindowLongPtrW
GetWindowLongPtrW
MsgWaitForMultipleObjects
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassW
DefWindowProcW
PeekMessageW
DispatchMessageW
GetMessageW
KERNEL32.dll GetTimeZoneInformation
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetStringTypeW
FormatMessageW
GetLastError
GetModuleFileNameW
LoadLibraryExW
SetDllDirectoryW
CreateSymbolicLinkW
GetProcAddress
CreateDirectoryW
GetCommandLineW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
HeapSize
RemoveDirectoryW
GetTempPathW
CloseHandle
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
Sleep
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LocalFree
SetConsoleCtrlHandler
GetConsoleWindow
K32EnumProcessModules
K32GetModuleFileNameExW
CreateFileW
FindFirstFileExW
GetFinalPathNameByHandleW
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesExW
HeapReAlloc
WriteConsoleW
SetEndOfFile
GetDriveTypeW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ReadFile
GetFullPathNameW
SetStdHandle
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
GetCommandLineA
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionEx
VirtualProtect
CompareStringW
LCMapStringW
GetCurrentDirectoryW
FlushFileBuffers
SetEnvironmentVariableW
ADVAPI32.dll ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.33918
MD5 67dc684f8a439f437319afdb779c8b97
SHA1 da2c958ea9dbcff09824e13ffbc9ff1f98634b5f
SHA256 59bd7cee5a360020c0f81964df90899ca64edc290a029114386f248ffcbce05e
SHA3 24d6c91afc3c6b9de65283cccba9643676271c42c12002ed774a3865b83c08ff

2

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x1128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.03797
MD5 9547391dbad2b166d64156f47fd3cd56
SHA1 b7cc5c1bc0e8c7e28b75bd7a6b63dadd798bc0a5
SHA256 52d000cf172d43ae091e3d8e456192e920a78d9a68bff2a80c011741cd5eccfe
SHA3 e82c5dc3965b2908c5cb465e0e081146869543467444d69c6b9146ecdbbef744

3

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x2668
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.04134
MD5 46dbd841de7e97bbc85c0fed0b197151
SHA1 235f58fed47a4b41a70d3bc3feda81be0ac5fc38
SHA256 cf470ed71b18ee3ceb68a28ac0bb7dea2be34654c2add381ccc8ae9319db5728
SHA3 06fcc4c0041e6e357634e2b46361ea25e6380f443a4afa753f0165b57a9e8b15

1 (#2)

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x30
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.51589
Detected Filetype Icon file
MD5 298232997883411f1ee110d990f9551c
SHA1 4ffeb8f324718a55a88d60510e45437add99e956
SHA256 d688200ab02f6fe049104a3e63ed160087c953b6d812e469db2aa2275e366cec
SHA3 9da59cc538741e621778c8be995153688357f472f6c6a9c481d5f33ff19c500a

1 (#3)

Type RT_MANIFEST
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x50d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.25791
MD5 84da8dee6b319ea0b10b6de5489c6aae
SHA1 5f8991f3e065fd95614859a293f88b9c70e4bb23
SHA256 abf8f2022f12f350789d961aceaf9ccfd53e7ec58d8c9934cfce77779b4eac11
SHA3 08f0562915b54bedce5a84e9d32cb2efcc538268785103b1852338e20a3b4606

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2025-Jun-19 18:35:54
Version 0.0
SizeofData 816
AddressOfRawData 0x3c580
PointerToRawData 0x3b380

TLS Callbacks

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140040040
GuardCFCheckFunctionPointer 5368894480
GuardCFDispatchFunctionPointer 0
GuardCFFunctionTable 0
GuardCFFunctionCount 0
GuardFlags (EMPTY)
CodeIntegrity.Flags 0
CodeIntegrity.Catalog 0
CodeIntegrity.CatalogOffset 0
CodeIntegrity.Reserved 0
GuardAddressTakenIatEntryTable 0
GuardAddressTakenIatEntryCount 0
GuardLongJumpTargetTable 0
GuardLongJumpTargetCount 0

RICH Header

XOR Key 0xd05a49e1
Unmarked objects 0
C++ objects (33140) 182
C objects (33140) 12
ASM objects (33140) 8
253 (34321) 2
ASM objects (34321) 9
C objects (34321) 17
C++ objects (34321) 40
Imports (33140) 7
Total imports 140
C objects (34808) 25
Linker (34808) 1

Errors

Leave a comment

No comments yet.