55e71eb8d0027f31c9b11c7efabbbe1726191a5f44370dce904134fc1724867e

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2026-Jun-15 01:28:04

Plugin Output

Suspicious The PE is possibly packed. The PE only has 2 import(s).
Suspicious VirusTotal score: 1/69 (Scanned on 2026-06-19 17:20:59) Bkav: W32.Malware.7D98FE55

Hashes

MD5 9cbdb9933fe5ca13ad74b7456e271a87
SHA1 682df425be579ea2bae25b18819d4fc1b9f824a3
SHA256 55e71eb8d0027f31c9b11c7efabbbe1726191a5f44370dce904134fc1724867e
SHA3 2460b7d5dd264a638d150bcca08a0dd3d1234d51ba027b60538d5aa0c96501ed
SSDeep 6:idqGVg3F+X32QY6u9Cu9MEIEZzg5doqp/3/RW3s0wM4kU9GERXxRX1BXKSuyrVV:etGSGQYrV9WNsqp/3/HkUGof1BXJvpV
Imports Hash 98c88d882f01a3f6ac1e5f7dfd761624

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 3
TimeDateStamp 2026-Jun-15 01:28:04
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32+
LinkerVersion 2.0
SizeOfCode 0x200
SizeOfInitializedData 0x400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000001000 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 5.2
Win32VersionValue 0
SizeOfImage 0x4000
SizeOfHeaders 0x400
Checksum 0xcd3
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 f44296c6a2ff4c8587e3eb59a6cfeb4b
SHA1 bbe5ca7cecae6e7cf5a9ec2c75537e9516f9ce99
SHA256 805e44a82d25092e0cd116fbe722f60deb90b3f2d12170eaa6b6a6a08c329072
SHA3 633cde60059696cf347286e45b19cb25b96910a73836d44c8e61b9aa79bcd499
VirtualSize 0x50
VirtualAddress 0x1000
SizeOfRawData 0x200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 0.9417

.rdata

MD5 32f78086473b8acbb893743d46c0947f
SHA1 0711aa6f0e1cd6029e5dcfb09807b9b5a72881f9
SHA256 c9ec8781dba448dbf7818315e10c4e43bec7188f69be4432fe71afadd7c45bd7
SHA3 d4de5180ae93b4ef4a6e8e37eb061f85a2afab0094fcef02245668704ea14905
VirtualSize 0x70
VirtualAddress 0x2000
SizeOfRawData 0x200
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.42192

.idata

MD5 56f7aabb9f40f4568b6530fa09578586
SHA1 ffb62322835a179a64fbc149cc481b1aea969eb4
SHA256 756360be9f46724a95f3f83a2e2d05e93b95dc0986cb729e5d18d977dfa7c008
SHA3 3b89a6b721646bb2ebef6c197541e0ff3a04f5f1b5817eeff31ca7e74b6b452b
VirtualSize 0xc0
VirtualAddress 0x3000
SizeOfRawData 0x200
PointerToRawData 0x800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.24892

Imports

KERNEL32.dll ExitProcess
USER32.dll MessageBoxA

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.