596c9ef8de86be268bdb2ea8579b1fbb

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2025-Nov-26 13:24:15

Plugin Output

Suspicious The PE is possibly packed. Unusual section name found: .buildid
Unusual section name found: .xdata
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 596c9ef8de86be268bdb2ea8579b1fbb
SHA1 ea3d2192a6078f9c1bfa300413464cff549da01d
SHA256 e1fd23fa6f58dd7b3e9ce0b16fc2f135712195a165cfe4941e94f5ff060ade2a
SHA3 1f42d5c37cd9a4990d2291b27054b83215f94a966f68f2f220e4ec7d60b98a9b
SSDeep 96:p2hdCCCEVJWxx7rB33aPuAHLeczz/3vkHoVzk4mAGllfKRqzX:qCCCkqxvJU1HRzPa/nnCsz
Imports Hash 1e7e323c03f9bcd7840a106fd398399a

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 10
TimeDateStamp 2025-Nov-26 13:24:15
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32+
LinkerVersion 2.0
SizeOfCode 0xa00
SizeOfInitializedData 0x1800
SizeOfUninitializedData 0x200
AddressOfEntryPoint 0x0000000000001000 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x100400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 5.2
Win32VersionValue 0
SizeOfImage 0xb000
SizeOfHeaders 0x400
Checksum 0x121fa
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 d22bb424e5a3c11df7ffcc95d68fe1a8
SHA1 50ae7a5918c4865d2769787a82b47dbb0e8c6298
SHA256 dcf7d6e796276beae543706cdcb35216e3968b1cbd7bd5c8b3d8f8657c9b8124
SHA3 5b8a98ac72f44a82f8a14c1de6cee0157b55271423e42074254d7c52f44d792e
VirtualSize 0x850
VirtualAddress 0x1000
SizeOfRawData 0xa00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 4.65637

.data

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x60
VirtualAddress 0x2000
SizeOfRawData 0x200
PointerToRawData 0xe00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.rdata

MD5 e0596469fe78c303e82dda4df513938f
SHA1 2aa067fe1a5227864ae9a8e4dd2c1c69ab809370
SHA256 825ba8651708afe37912bc28e064a50569ccd1d0cc4304ee8b93b2155e6b284a
SHA3 65ff9da88c388106ed912c626af30e1e2076125a48dc00510b42f968424fda63
VirtualSize 0x2e0
VirtualAddress 0x3000
SizeOfRawData 0x400
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.82211

.buildid

MD5 c2e13d71b96e3f76bdc402b7faab1ce6
SHA1 17263ba7d10fbacb0bcd364a005b581a61a06196
SHA256 0a48e88f325e485912a3cad65fbb00e9ae5111af274a09bfeec2728b3e38ad36
SHA3 6700ee5f9a06a10b91bdd1ebb88b0db47729f7f4d92f04e7407f2455b84dd7ae
VirtualSize 0x35
VirtualAddress 0x4000
SizeOfRawData 0x200
PointerToRawData 0x1400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.536928

.pdata

MD5 e25264cac6ec869a2e89bda05319c183
SHA1 addbabfe30bee9af680bdf1fecd22c1fcf5e4e7d
SHA256 5e3c713f1d23ce5ed282a7e81783c9105d7f6b9c2c6e9c10f5cce42217b5f5cb
SHA3 7d19dfa454c0682514f04fdfed2e56ba6983dd98362392b10bb14ebae961491a
VirtualSize 0xfc
VirtualAddress 0x5000
SizeOfRawData 0x200
PointerToRawData 0x1600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.92322

.xdata

MD5 ff33df39c80dac83ddc06eb284a12828
SHA1 954481b57a2e0c1cf5714ed30b127ceeaa84936a
SHA256 2a91007ba770f40ac01abcd498b8e5280dd9951efa262eb10df8215e3d0a5619
SHA3 b85841ee2538420a690cd998d6bbac061a57dad7ee729f8b4036718188193b81
VirtualSize 0xa0
VirtualAddress 0x6000
SizeOfRawData 0x200
PointerToRawData 0x1800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.36557

.bss

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x1c0
VirtualAddress 0x7000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata

MD5 c3ebbabd993f9668ea6495d0889ca0f6
SHA1 e542ec734122b65f89f66d084422a22ecc0f371a
SHA256 164351686ccc669b92c7dcc8b5e470aef5b25b75598c774d0129c64e8480b75a
SHA3 6a324b58ac5d388c985bf252d90f083c93c75f8e78a7d835004555617c681264
VirtualSize 0x3c4
VirtualAddress 0x8000
SizeOfRawData 0x400
PointerToRawData 0x1a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.7616

.rsrc

MD5 974052abdecc7094fb05b50cede8c559
SHA1 ab5d5b73e310bb0c2bfbb2e7d267e5b80b9a986b
SHA256 09dfc97057713a4b7c1cafff1cdb2a1524917cb09d31e1967e6b02abc39c335e
SHA3 f6ef2aeef10420bd696daa2a3069eebd4f4229b1eb8379aaa296864c95cf3aa1
VirtualSize 0x4e8
VirtualAddress 0x9000
SizeOfRawData 0x600
PointerToRawData 0x1e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.77848

.reloc

MD5 f03d3179530e0df7c287737e11b414cd
SHA1 31f490a8c741678018e880a9e2aed560fb860364
SHA256 9cab7d58d4b3f7a1e33b4b05add04a8e7ea6760b05847be7329294eb4cb94efb
SHA3 d7a2eb3e00bb87139fe3f4bde78d35555614254f3c4381ed08c0d47108139c56
VirtualSize 0x10
VirtualAddress 0xa000
SizeOfRawData 0x200
PointerToRawData 0x2400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.153703

Imports

cygwin1.dll __cxa_atexit
__main
_dll_crt0
_impure_ptr
calloc
cygwin_detach_dll
cygwin_internal
dll_dllcrt0
free
malloc
posix_memalign
realloc
strncmp
cygstdc++-6.dll _ZNSolsEi
_ZSt17__istream_extractRSiPcl
_ZSt3cin
_ZSt4cout
_ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc
_ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_c
KERNEL32.dll GetModuleHandleA

Delayed Imports

1

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0x48f
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.13793
MD5 5aa04ce935e78505e230765e85c34355
SHA1 6c93b8c5fde8be4b2231dca6b8ec513cdc82c991
SHA256 a73f26a8d504043f785d7360e8febf2eeb8522ec873a0d4dd5d1d4bfd1e67d3d
SHA3 149467cafc03ba34b33cd8076fc2771413760822357952de205dbae2b5cb8059

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
SizeofData 25
AddressOfRawData 0x401c
PointerToRawData 0x141c

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!