46cb3452dfc81e302ede658d9f9c21bea0848ffd25d131e0ea58fffe8da677e7

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2026-Apr-16 11:31:05
TLS Callbacks 2 callback(s) detected.

Plugin Output

Info Cryptographic algorithms detected in the binary: Uses constants related to SHA256
Uses constants related to AES
Uses constants related to Blowfish
Suspicious The PE is possibly packed. Unusual section name found: .xdata
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
  • LoadLibraryExW
 Possibly launches other programs:
  • CreateProcessW
 Can create temporary files:
  • CreateFileW
  • GetTempPathW
 Manipulates other processes:
  • OpenProcess
Suspicious The PE is possibly a dropper. Resource 27 is possibly compressed or encrypted.
Resources amount for 98.0807% of the executable.
Malicious VirusTotal score: 15/72 (Scanned on 2026-04-16 13:39:24) CrowdStrike: win/malicious_confidence_70% (W)
Cylance: Unsafe
Cynet: Malicious (score: 100)
DeepInstinct: MALICIOUS
ESET-NOD32: Python/Packed.Nuitka_AGen.EW suspicious application
Elastic: malicious (high confidence)
Gridinsoft: Trojan.Win64.Packed.oa!s1
Ikarus: PUA.Python.Nuitka
Jiangmin: Trojan.Redcap.de
McAfeeD: ti!46CB3452DFC8
Microsoft: Trojan:Win32/Kepavll!rfn
SentinelOne: Static AI - Malicious PE
Symantec: ML.Attribute.HighConfidence
Yandex: Trojan.RegRun!FaQ1MbiToow
Zillya: Trojan.Encoder.Win32.4905

Hashes

MD5 65c09e31c3c81760ad4024e8980ed3f0
SHA1 e03ea372eb3ba5a6f9b9f1b5fbf0c8eeadc50e94
SHA256 46cb3452dfc81e302ede658d9f9c21bea0848ffd25d131e0ea58fffe8da677e7
SHA3 4592b7a3d8c7c79cb34fd913fa285db74837b88dfa9b7b851e699f59bda85bbe
SSDeep 196608:RnYeXZMCOp3RUXoUYq5r4OeQ3XHpKhE0EM3ssmMk:+eJMCghs5rDlHgjn3nmM
Imports Hash 8085ab79c9d31d1a8728fccbe61a0f69

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 12
TimeDateStamp 2026-Apr-16 11:31:05
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32+
LinkerVersion 2.0
SizeOfCode 0x1f600
SizeOfInitializedData 0x7b5800
SizeOfUninitializedData 0x27e00
AddressOfEntryPoint 0x00000000000010F6 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 5.2
Win32VersionValue 0
SizeOfImage 0x7e5000
SizeOfHeaders 0x400
Checksum 0x2f596
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 3d22275d456c69a243ce094f5b099687
SHA1 8ee9e9d12179a458d27e34bcc73c470135030813
SHA256 31970c19f1146f02614fec4daff2a4e45c3ca29305e6be3e3e8db9040d09a1bf
SHA3 35f754306d44fbf1539c59a857c20ba1ef5f72f4115d497cbd40374985f96bd5
VirtualSize 0x1f478
VirtualAddress 0x1000
SizeOfRawData 0x1f600
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.32374

.data

MD5 55951eba8e62f9dbfe85e1f5c8e522bb
SHA1 3194f43a58d9242bafd1b1cc815a041e5171419c
SHA256 5c7c34ef079082ff0e2a3bee2c8ebc102b9419516951ec9e43191b4d591ad26d
SHA3 bd5225a7c56eb6aeadca89f07cab7cdc373addadb4472136900653619745a26e
VirtualSize 0x130
VirtualAddress 0x21000
SizeOfRawData 0x200
PointerToRawData 0x1fa00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.34085

.rdata

MD5 6dcb98d8387d3bbe6244a1ebc0ea17a2
SHA1 27fc6c393f183059197ff42cfc1194dde6dbbf05
SHA256 8ef1ada573a86bd479a1fcbf84d02e57df7146b486eba5b11245c7f1fb78af3f
SHA3 de387d38b16263d54b95d78af7f0c01bd1ad9cb4d74dee41c984b3cbe2a1fcd7
VirtualSize 0x2eb0
VirtualAddress 0x22000
SizeOfRawData 0x3000
PointerToRawData 0x1fc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.20641

.eh_fram

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x4
VirtualAddress 0x25000
SizeOfRawData 0x200
PointerToRawData 0x22c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.pdata

MD5 9e8fe435b7a6cd50cd4d150079ba44f7
SHA1 53b730a5d3ebf42e3d2989899dc41ac1ec0ead52
SHA256 8284498428f51e1981c053cc90e86d42115a41804e1182c73bae9066210a8d6a
SHA3 205657da27f84f150fe256b2a2645b3c277c43ab1698186eef8ce7c819ce1db7
VirtualSize 0x954
VirtualAddress 0x26000
SizeOfRawData 0xa00
PointerToRawData 0x22e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.98458

.xdata

MD5 e09c762b86f24fdbb7c929093e524cd8
SHA1 9d3bb9eb06b32d40958892bc83d728f548cbe03e
SHA256 564f3656b8bd58605083c71d2a282d8c8c37c094c392dc37184da0402562084b
SHA3 877e3faaedda6dfbd622b7c1ad70273daf9e4895c8795da00a984d57ff05dbd2
VirtualSize 0xb28
VirtualAddress 0x27000
SizeOfRawData 0xc00
PointerToRawData 0x23800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.47797

.bss

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x27cd0
VirtualAddress 0x28000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata

MD5 6476fd370033b22d1286d1da1d9eeb09
SHA1 90dcb5fb2093736d3b7749c5f4c487ef21864a4d
SHA256 fe599dd45e82e0f24edea46c8e6fe2bf148b85c5b6c748fe4a14ce2616078b45
SHA3 64185a460c6478080e49d59e4d359d50c46a3c9ec8b25a8c5e0fc2569b16135d
VirtualSize 0x1008
VirtualAddress 0x50000
SizeOfRawData 0x1200
PointerToRawData 0x24400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.00973

.CRT

MD5 8cfce82edd33d98c828673c1411335a1
SHA1 27b86af289c7811250d4350faffcc7c488214e0e
SHA256 e2715a93ded165865fc47c932c53fa560bf69b4b43aa794add9819590db7abba
SHA3 fccb841191eba5998eb35273a82a6cb9ac8ae46a93122cabf00e6154c6b1931f
VirtualSize 0x60
VirtualAddress 0x52000
SizeOfRawData 0x200
PointerToRawData 0x25600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.292196

.tls

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x10
VirtualAddress 0x53000
SizeOfRawData 0x200
PointerToRawData 0x25800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.rsrc

MD5 13c632c284d707fcec261595cc3f8979
SHA1 5f7719165bee007861e733086343cec0621749c5
SHA256 a6cc7e57efef001296b41870bcf320b668b0bc24a8f663705ee030a338f1cd6d
SHA3 3e45d8489b5d1ffd18686d78f163c5fd232eff4a7352b28a6ef1f2d9aedbfd36
VirtualSize 0x78fe84
VirtualAddress 0x54000
SizeOfRawData 0x790000
PointerToRawData 0x25a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.9993

.reloc

MD5 86369d40c7cbc968a6729044a7aaaa9e
SHA1 da2dd610b3d110b7d4696f8a8cc815eb65b19d13
SHA256 72b7d3c7a4c162414468614466d19c4b45b7ad2121a857871e6ad59e96a106cf
SHA3 1461bd51f850ab23ef6bd6d08782f03bf39dbf6c52133a2622856cf60a52d8db
VirtualSize 0x94
VirtualAddress 0x7e4000
SizeOfRawData 0x200
PointerToRawData 0x7b5a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 1.83119

Imports

KERNEL32.dll AddDllDirectory
CloseHandle
CopyFileW
CreateDirectoryW
CreateFileMappingW
CreateFileW
CreateProcessW
DeleteCriticalSection
DeleteFileW
EnterCriticalSection
FindResourceA
FormatMessageA
FreeLibrary
GenerateConsoleCtrlEvent
GetCommandLineW
GetCurrentProcessId
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileSize
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExA
GetProcAddress
GetProcessId
GetShortPathNameW
GetStartupInfoW
GetStdHandle
GetSystemTimeAsFileTime
GetTempPathW
InitializeCriticalSection
IsDBCSLeadByteEx
K32GetModuleFileNameExW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadResource
LockResource
MapViewOfFile
MultiByteToWideChar
OpenProcess
ReadFile
SetConsoleCtrlHandler
SetDllDirectoryW
SetEnvironmentVariableW
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
TlsGetValue
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
msvcrt.dll __C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__argc
__iob_func
__set_app_type
__setusermatherr
__wargv
__wgetmainargs
__winitenv
_amsg_exit
_cexit
_commode
_errno
_fmode
_initterm
_lock
_onexit
_unlock
_wcmdln
_wcsdup
_wcsicmp
_wrename
abort
calloc
exit
fwprintf
fprintf
fputc
fputwc
free
fwrite
iswctype
localeconv
malloc
mbstowcs
memcpy
memmove
memset
puts
signal
strerror
strlen
strncmp
vfprintf
wcschr
wcscmp
wcslen
wcsncmp
wcstoul
SHELL32.dll CommandLineToArgvW
SHFileOperationW
SHGetFolderPathW

Delayed Imports

27

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x78f8f0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.9993
MD5 8c88dd9fae8050de5e9c73b6dc3fbd00
SHA1 4d65847dacb83444e9baac6acd40575be902d5dd
SHA256 eb9921c9ed422ad968b66033ecfe2573e8a5d791d8157e407c1848eb36f9253e
SHA3 89669cfe136281954f37322d4faa372d84b42442ac601ec718b0c9ede9d16565

1

Type RT_MANIFEST
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x4f1
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.27584
MD5 9175a1fabff80fec23018fdfc1dc274b
SHA1 be8f32edef4e9f4aa514fa34f36ca9ee0204139b
SHA256 94b146eac0a80f5089ac9e57303515ddf9087d9d88fd4d47f27df8f3cf14cbb4
SHA3 934768e038a5727d347f31840aaab3de69c96e1d4bca3c9e726bae6be020edf3

Version Info

TLS Callbacks

StartAddressOfRawData 0x140053000
EndAddressOfRawData 0x140053008
AddressOfIndex 0x14004f1c0
AddressOfCallbacks 0x140052038
SizeOfZeroFill 0
Characteristics IMAGE_SCN_TYPE_REG
Callbacks 0x0000000140015C00
0x0000000140015CC0

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!
Leave a comment

No comments yet.