| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date |
2026-Mar-21 18:15:15
|
| Info |
Interesting strings found in the binary: |
Contains domain names:
- crl.symauth.com
- http://pki-crl.symauth.com
- http://pki-crl.symauth.com/ca_732b6ec148d290c0a071efd1dac8e288/LatestCRL.crl07
- http://pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsEngineersIncIEEERootCA.crl0
- http://pki-ocsp.symauth.com0
- pki-crl.symauth.com
- symauth.com
|
| Suspicious |
The PE is possibly packed. |
Unusual section name found:
Unusual section name found:
Unusual section name found:
Section is both writable and executable.
Unusual section name found:
Section is both writable and executable.
Section .rsrc is both writable and executable.
Unusual section name found:
Section is both writable and executable.
Unusual section name found:
Section is both writable and executable.
|
| Info |
The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
- GetProcAddress
- LoadLibraryA
Can access the registry:
Possibly launches other programs:
|
| Suspicious |
The file contains overlay data. |
6920 bytes of data starting at offset 0x864200.
The overlay data has an entropy of 7.97188 and is possibly compressed or encrypted.
|
| Suspicious |
No VirusTotal score. |
This file has never been scanned on VirusTotal.
|
| MD5 |
77d73f992bc6c414f9c7e2602a1464c3
|
| SHA1 |
1b9a10a4e244aac6fb4cd2e75bdd9c1737900192
|
| SHA256 |
447c4bff1b5206dc8fb180297617f5406c9cffda39e54a70db6d83110f3bf29e
|
| SHA3 |
4b924b061375d57a1ff0681aa290f980f263ed83ce17458a296ea50c682341fd
|
| SSDeep |
196608:nmvH1Reh0DMFQVbe1GpcnsmVCzdnczZxA8FVZzYhx5P0:mPq0gF2kGglVCzezZLVhYhf0
|
| Imports Hash |
5e5ac8ab7be27ac2d1c548e5589378b6
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x80
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections |
7
|
| TimeDateStamp |
2026-Mar-21 18:15:15
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xf0
|
| Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
| Magic |
PE32+
|
| LinkerVersion |
8.0
|
| SizeOfCode |
0x3a6c00
|
| SizeOfInitializedData |
0x9200
|
| SizeOfUninitializedData |
0
|
| AddressOfEntryPoint |
0x00000000015A4318 (Section: )
|
| BaseOfCode |
0x2000
|
| ImageBase |
0x400000
|
| SectionAlignment |
0x2000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
4.0
|
| ImageVersion |
0.0
|
| SubsystemVersion |
4.0
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x15a8000
|
| SizeOfHeaders |
0x2000
|
| Checksum |
0
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve |
0x800000
|
| SizeofStackCommit |
0x8000
|
| SizeofHeapReserve |
0x200000
|
| SizeofHeapCommit |
0x4000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x3a8000
|
| VirtualAddress |
0x2000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x2000
|
| VirtualAddress |
0x3aa000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| MD5 |
f9c7f9af6b5c611f3e322f7cb5999401
|
| SHA1 |
54b89e8baf5f8a1a55a66a9f57b55a3e07726794
|
| SHA256 |
17c49f12923b426cb2a5417145ab3080a9f1f8c4df2b0b6d95a69eb94692e133
|
| SHA3 |
dc2a11af90dad0c4f264e09a4433c7c3180209046dd15497e92ef6427dbde049
|
| VirtualSize |
0x422000
|
| VirtualAddress |
0x3ac000
|
| SizeOfRawData |
0x3d6200
|
| PointerToRawData |
0x2000
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
7.99996
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0xa000
|
| VirtualAddress |
0x7ce000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0x3d8200
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
8c96faba22d70bdf1517d45b49ab9ae8
|
| SHA1 |
f4f5c7aa136d5bef243477f7b3449a6f6a195a0f
|
| SHA256 |
60e321fc892438fa7e5b7c31a72eca287117b24e17273da60f6e59112a523687
|
| SHA3 |
84fa27a58f9bda89853ced0a4c6b8571215c142283209e0bdf37f4a501e55440
|
| VirtualSize |
0xa000
|
| VirtualAddress |
0x7d8000
|
| SizeOfRawData |
0x9200
|
| PointerToRawData |
0x3d8200
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
6.28656
|
| MD5 |
225f4bac6fa27f2d954cba848bc0987f
|
| SHA1 |
a14e4d521cbf6ae79f9e194d7c67476488e15588
|
| SHA256 |
cd4c53a5a3cad40ec0c63c2ee28f3bbf6d6156941d6aea1e5df559d5b167e169
|
| SHA3 |
882dfedd6642747e5e5d4a8c097f0d08f7b024ee41bef96cee87ed783a51f8ad
|
| VirtualSize |
0xb1e000
|
| VirtualAddress |
0x7e2000
|
| SizeOfRawData |
0x1db200
|
| PointerToRawData |
0x3e1400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
7.99977
|
| MD5 |
d6f5e6d2a08ead7ffdb0f1e022db7dbe
|
| SHA1 |
560cab8f20fc487dfe2a1b5c2ee1081f1486e580
|
| SHA256 |
ff3a2da511a3ca57ffdb1d21d77f762e4724f7b508b87f74a63018c8da7854b8
|
| SHA3 |
90f534ef957009bbe5f42f639dc08bb6d3406537b61896633284e0a12d21562c
|
| VirtualSize |
0x2a8000
|
| VirtualAddress |
0x1300000
|
| SizeOfRawData |
0x2a7c00
|
| PointerToRawData |
0x5bc600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
7.96203
|
| kernel32.dll |
GetModuleHandleA
GetProcAddress
ExitProcess
LoadLibraryA
|
| user32.dll |
MessageBoxA
|
| advapi32.dll |
RegCloseKey
|
| oleaut32.dll |
SysFreeString
|
| gdi32.dll |
CreateFontA
|
| shell32.dll |
ShellExecuteA
|
| version.dll |
GetFileVersionInfoA
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
Latin 1 / Western European
|
| Size |
0x2e8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.27565
|
| MD5 |
1a546c976fb067ed28b206eefcd47c3a
|
| SHA1 |
80747e7e872b1140c2fbf3af55989f26c120b095
|
| SHA256 |
9a4d4b25a9aafd41ea35c91f7372be99583b3a6935e11829299f1ba05ebe55c2
|
| SHA3 |
e02a30735444de9cd44fce2dd7e537a2fbd36908a5728ad50e78d21bac017825
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
Latin 1 / Western European
|
| Size |
0x988
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.6078
|
| MD5 |
d73dbbc9edbd9dac72fe96893b4aa017
|
| SHA1 |
104ea28da1967937e875902364d3eca100c98642
|
| SHA256 |
446db3c81d2c20f5fdb6fd39a8bfa13113188df5e0b2cd3e9fac653e3c9f0a19
|
| SHA3 |
0154ee8a753046886e6bdf0b2281e7147d6017e3ed3f0af38cbcb978c5ce7945
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
Latin 1 / Western European
|
| Size |
0x10a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.38838
|
| MD5 |
138459b4228300097f6449322657d01d
|
| SHA1 |
8ac47812747d8d610ed7be7d104a742394f933d6
|
| SHA256 |
f2aeecae34c2107d8dabbd4e52ac22a575a4f89889a5bb20c02dac2c615f14dd
|
| SHA3 |
114c4e9864aeac7387d55e0f3e48aa05b4a6b10d1088556d10437567120c6430
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
Latin 1 / Western European
|
| Size |
0x25a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.08994
|
| MD5 |
8a7e5e33ccebd5e15c50882c0c91311e
|
| SHA1 |
6b94a9410c35b9ffe44ee1d311dbb865b1f2eee8
|
| SHA256 |
fa917064e5d14e2348ea615a062940a58845c28ac8a495cd7f05b337203c61c1
|
| SHA3 |
92721c6e6aed20743ecf1cdb00b2ffd554e53f6eef93bb97f8d0d67ad2f4da7d
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
Latin 1 / Western European
|
| Size |
0x4913
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.96442
|
| Detected Filetype |
PNG graphic file
|
| MD5 |
0987be8f4c6af3b8c8cbc54093db1561
|
| SHA1 |
bc05141643fc78dd24f2169463a1224487177ba3
|
| SHA256 |
a03b2a4a24073595a16a545f3b714a364616e1e09a9cdad5afd610f539c21198
|
| SHA3 |
42ad814d40399d6eaba27e72eb54be0dc16dabe6de3fe99d55e9803cbd17c6c6
|
| Type |
RT_GROUP_ICON
|
| Language |
UNKNOWN
|
| Codepage |
Latin 1 / Western European
|
| Size |
0x14
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.0815
|
| Detected Filetype |
Icon file
|
| MD5 |
a603e440adc86f00a5463060ee772153
|
| SHA1 |
3ff28dcc90b5233bf8c7ac902c0da1af0362ddfc
|
| SHA256 |
9acb4982706f5cdb4f38c1d3d2e4b765747531c73f49a89a09ade970116d8d9c
|
| SHA3 |
41f85b8da1d23645c68bd051703b1fc22b2caf68d9269d260473acffd4ac9777
|
| Type |
RT_GROUP_ICON
|
| Language |
UNKNOWN
|
| Codepage |
Latin 1 / Western European
|
| Size |
0x4c
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.64638
|
| Detected Filetype |
Icon file
|
| MD5 |
794ceaecf438af8640d6cd7c50143a79
|
| SHA1 |
8bc3bf5829f2c502d4d92b34ce74ba19fb5ee69a
|
| SHA256 |
bd862f0f616834401e17e4b3af454aa1ffbb688be311b86164298c28ba0bc62a
|
| SHA3 |
94eeb6dbc52947c0d661b52e5ff8b1e6b69a50260a66ab15ece100a6ad1ef97d
|
| Type |
RT_MANIFEST
|
| Language |
UNKNOWN
|
| Codepage |
Latin 1 / Western European
|
| Size |
0x20f
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
4.92871
|
| MD5 |
a6b301fd1230d8f785ac9bb1002b1430
|
| SHA1 |
416170f8cef184038854a3ab78703c36d7f55523
|
| SHA256 |
d45edd0eb8076a2af262410b6b99f8ebcfe84be1d8f60618e454b7bc8da30213
|
| SHA3 |
f9a6dc26e7bf087b9eac5700db27460de56a4220d2e0441f61623197015e537b
|
[!] Error: Could not read the exported DLL name.
[*] Warning: Section has a size of 0!
[*] Warning: Section has a size of 0!
[*] Warning: Section has a size of 0!
447c4bff1b5206dc8fb180297617f5406c9cffda39e54a70db6d83110f3bf29e