| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| Compilation Date | 2026-Jul-01 20:27:44 |
| Info | Cryptographic algorithms detected in the binary: | Uses constants related to CRC32 |
| Suspicious | The PE is possibly packed. | Unusual section name found: .fptable |
| Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
| Suspicious | The file contains overlay data. |
9093567 bytes of data starting at offset 0x54e00.
The overlay data has an entropy of 7.99782 and is possibly compressed or encrypted. Overlay data amounts for 96.3178% of the executable. |
| Suspicious | No VirusTotal score. | This file has never been scanned on VirusTotal. |
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x100 |
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections | 7 |
| TimeDateStamp | 2026-Jul-01 20:27:44 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xf0 |
| Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
| Magic | PE32+ |
|---|---|
| LinkerVersion | 14.0 |
| SizeOfCode | 0x2dc00 |
| SizeOfInitializedData | 0x26e00 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x000000000000D6C0 (Section: .text) |
| BaseOfCode | 0x1000 |
| ImageBase | 0x140000000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 6.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 6.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x5c000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0x90bec2 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x1e8480 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
| USER32.dll |
GetCursorPos
ShutdownBlockReasonCreate GetWindowThreadProcessId SetWindowLongPtrW GetWindowLongPtrW MsgWaitForMultipleObjects ShowWindow DestroyWindow CreateWindowExW RegisterClassW DefWindowProcW PeekMessageW DispatchMessageW TranslateMessage GetMessageW GetMonitorInfoW MonitorFromPoint GetSystemMetrics |
|---|---|
| KERNEL32.dll |
GetTimeZoneInformation
GetProcessHeap FreeEnvironmentStringsW GetEnvironmentStringsW GetCPInfo GetOEMCP GetACP IsValidCodePage GetStringTypeW GetFileAttributesExW SetEnvironmentVariableW FlushFileBuffers GetLastError FreeLibrary GetProcAddress LoadLibraryExW FormatMessageW GetModuleFileNameW SetDllDirectoryW CreateSymbolicLinkW SetErrorMode CreateDirectoryW GetCommandLineW GetEnvironmentVariableW ExpandEnvironmentStringsW HeapSize FindClose FindFirstFileW FindNextFileW GetDriveTypeW RemoveDirectoryW GetTempPathW CloseHandle QueryPerformanceCounter QueryPerformanceFrequency WaitForSingleObject Sleep GetCurrentProcess GetCurrentProcessId TerminateProcess GetExitCodeProcess CreateProcessW GetStartupInfoW LocalFree SetConsoleCtrlHandler GetConsoleWindow K32EnumProcessModules K32GetModuleFileNameExW CreateFileW FindFirstFileExW GetFinalPathNameByHandleW MultiByteToWideChar WideCharToMultiByte HeapReAlloc WriteConsoleW SetEndOfFile DeleteFileW RtlUnwindEx GetCurrentThreadId GetSystemTimeAsFileTime InitializeSListHead SetUnhandledExceptionFilter GetModuleHandleW SetLastError FlsAlloc FlsGetValue FlsSetValue FlsFree EnterCriticalSection LeaveCriticalSection InitializeCriticalSectionEx DeleteCriticalSection RtlLookupFunctionEntry EncodePointer RaiseException RtlPcToFileHeader GetFileInformationByHandle GetFileType PeekNamedPipe SystemTimeToTzSpecificLocalTime FileTimeToSystemTime ReadFile GetFullPathNameW SetStdHandle GetStdHandle WriteFile ExitProcess GetModuleHandleExW GetCommandLineA IsProcessorFeaturePresent HeapFree RtlCaptureContext RtlVirtualUnwind IsDebuggerPresent UnhandledExceptionFilter GetConsoleMode ReadConsoleW SetFilePointerEx GetConsoleOutputCP GetFileSizeEx HeapAlloc GetCurrentDirectoryW VirtualProtect CompareStringW LCMapStringW |
| ADVAPI32.dll |
ConvertSidToStringSidW
GetTokenInformation OpenProcessToken ConvertStringSecurityDescriptorToSecurityDescriptorW |
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2026-Jul-01 20:27:44 |
| Version | 0.0 |
| SizeofData | 816 |
| AddressOfRawData | 0x3f038 |
| PointerToRawData | 0x3e038 |
| Size | 0x140 |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0 |
| EditList | 0 |
| SecurityCookie | 0x140043040 |
| GuardCFCheckFunctionPointer | 5368902672 |
| GuardCFDispatchFunctionPointer | 0 |
| GuardCFFunctionTable | 0 |
| GuardCFFunctionCount | 0 |
| GuardFlags | (EMPTY) |
| CodeIntegrity.Flags | 0 |
| CodeIntegrity.Catalog | 0 |
| CodeIntegrity.CatalogOffset | 0 |
| CodeIntegrity.Reserved | 0 |
| GuardAddressTakenIatEntryTable | 0 |
| GuardAddressTakenIatEntryCount | 0 |
| GuardLongJumpTargetTable | 0 |
| GuardLongJumpTargetCount | 0 |
| XOR Key | 0x46746bca |
|---|---|
| Unmarked objects | 0 |
| C++ objects (33145) | 182 |
| C objects (33145) | 12 |
| ASM objects (33145) | 11 |
| 253 (35721) | 3 |
| ASM objects (35721) | 9 |
| C objects (35721) | 17 |
| C++ objects (35721) | 39 |
| Imports (33145) | 7 |
| Total imports | 140 |
| C objects (36246) | 29 |
| Linker (36246) | 1 |
No comments yet.