5a65621791cdcbce3cd1ee200454bec87f99a7e46d2aa0ffcb8e15870e378ecd

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2025-May-15 21:28:22
Detected languages English - United States

Plugin Output

Info Libraries used to perform cryptographic operations: Microsoft's Cryptography API
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
 Uses Microsoft's cryptographic API:
  • CryptGetHashParam
  • CryptDestroyHash
  • CryptHashData
  • CryptReleaseContext
  • CryptCreateHash
  • CryptAcquireContextW
Suspicious The file contains overlay data. 6440 bytes of data starting at offset 0x3be00.
Malicious VirusTotal score: 44/69 (Scanned on 2026-03-17 05:57:31) ALYac: Trojan.GenericKD.77040213
APEX: Malicious
AhnLab-V3: Trojan/Win.Generic.C5789004
Antiy-AVL: Trojan/Win32.Agent
Arcabit: Trojan.Generic.D4978A55
Avira: TR/PSW.Agent.jqsix
BitDefender: Trojan.GenericKD.77040213
Bkav: W64.AIDetectMalware
CAT-QuickHeal: Trojan.Ghanarava.17735785178de34f
CTX: dll.trojan.generic
CrowdStrike: win/malicious_confidence_100% (D)
Cylance: Unsafe
Cynet: Malicious (score: 99)
DeepInstinct: MALICIOUS
ESET-NOD32: Win64/PSW.Agent.PR trojan
Elastic: malicious (high confidence)
Emsisoft: Trojan.GenericKD.77040213 (B)
F-Secure: Trojan.TR/PSW.Agent.jqsix
Fortinet: W64/Agent.PR!tr.pws
GData: Trojan.GenericKD.77040213
Google: Detected
Ikarus: Trojan-PSW.Agent
K7AntiVirus: Riskware ( 00584baa1 )
K7GW: Riskware ( 00584baa1 )
Kaspersky: Trojan.Win32.Agent.xbzkbu
Lionic: Trojan.Win32.Agent.Y!c
Malwarebytes: Malware.AI.80050476
MaxSecure: Trojan.Malware.411251904.susgen
McAfeeD: ti!5A65621791CD
MicroWorld-eScan: Trojan.GenericKD.77040213
Microsoft: Trojan:Win32/Alevaul!rfn
Paloalto: generic.ml
Panda: Trj/Chgt.AD
Rising: Stealer.Agent!8.C2 (CLOUD)
Sophos: Mal/Generic-S
Symantec: Trojan.Gen.MBT
Tencent: Malware.Win32.Gencirc.149ba41b
TrellixENS: Artemis!D51B0B861641
TrendMicro-HouseCall: TROJ_GEN.R002H09CD26
VIPRE: Trojan.GenericKD.77040213
Varist: W64/ABTrojan.ZFXZ-1286
ViRobot: Trojan.Win.Z.Agent.251688
Zillya: Trojan.Agent.Win64.100278
alibabacloud: Trojan:Win/Agent.xhwuyv

Hashes

MD5 d51b0b861641f1d6150223e9fd8de34f
SHA1 defbca9a1f97d9c7b6892e99ab09532271192e34
SHA256 5a65621791cdcbce3cd1ee200454bec87f99a7e46d2aa0ffcb8e15870e378ecd
SHA3 6441d201c2b3552bd807d408d2a599772fa7b8f843ae811e068cafc3ac075e74
SSDeep 3072:WQI5QK8oOg2PInVeKYTLLYQCIO6z5STnGip07bv4nhE6eVZ6e:WQI5QYeKYTYQfOKWrZhA
Imports Hash 76571e64bea9e50bebf8d9d5c33fbd9e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2025-May-15 21:28:22
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x27200
SizeOfInitializedData 0x16000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000000B0F8 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x180000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x42000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 3b0a7aa63d5668becc3fe76580117c74
SHA1 be5084d2b8402199c5c70fcbd467fa016b600028
SHA256 a9a0a3de077f074c6787e5f8c52f33220b704a5a152420b0da2fe90bbaddfa9a
SHA3 ca6a37a5b105427da207b35fe759ea9b9b6e492e48e1a05bb9758c95a32a9932
VirtualSize 0x270c4
VirtualAddress 0x1000
SizeOfRawData 0x27200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.48779

.rdata

MD5 5f7ccd9391925482a3551cd862a62c97
SHA1 f8ba387fe5a5de5c29ef516a7556565ce305efcc
SHA256 2e9ae5e9d4e0cedb56041dc0373edc6d596f8010ae879e960264b836dd78bab1
SHA3 bb5ae64c18b07beeaf5286c21852180aad998597f1d4c3279b3048e042e7de39
VirtualSize 0x10346
VirtualAddress 0x29000
SizeOfRawData 0x10400
PointerToRawData 0x27600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.84477

.data

MD5 c519803ba65e9f94ad92ac900f851463
SHA1 f6504853d019f63eb1f4f9c59501e47295afe6c3
SHA256 26f651fa8ad519d8f1ce830b3577d9b51091828ce1c43f6e1624eca8c38d0d2f
SHA3 562ed207cadbe40c315cc632646b9fdf3c8aa74ab1d786eef10cf890249e1ed1
VirtualSize 0x2a24
VirtualAddress 0x3a000
SizeOfRawData 0x1400
PointerToRawData 0x37a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.96249

.pdata

MD5 14dc8e2e429b212ae47661712c617221
SHA1 b4dca2e936c8027502ab881c573833cf26702971
SHA256 920f274da628d8c6d4df48418ec4b5a4dba2d3d1a89348d15eadcf3af908ac8f
SHA3 2c5545cd750a055b4aca0fd60fc60e8da29e7bc2fe03e48069d64e0ebb027305
VirtualSize 0x2298
VirtualAddress 0x3d000
SizeOfRawData 0x2400
PointerToRawData 0x38e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.23023

.rsrc

MD5 cd5146b497517131706555df0a717c5c
SHA1 dcdef0b74ea2b1109fc15755a616c4d546462dc9
SHA256 19e37a815a247208afc0fd76dc1567a5ebfedc3bc7f0026664960e333ae6fe92
SHA3 2c614d5bd7f2d962a95c399c447247820dd62561cb3d11271f9c2b19493c11f2
VirtualSize 0xf8
VirtualAddress 0x40000
SizeOfRawData 0x200
PointerToRawData 0x3b200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.50806

.reloc

MD5 d4e0a04e9f2012233d6ee299d33e6d4a
SHA1 60d2f0becb196584867a72f487474688932ddafe
SHA256 c47b8d3662e4e16a0a70836be602f13d428e52277695d0eb8b254c1575a7afe6
SHA3 561132c7a5f311b51a5c2f285fd71229f636ba2973cb25a74ee072ff425f74df
VirtualSize 0x998
VirtualAddress 0x41000
SizeOfRawData 0xa00
PointerToRawData 0x3b400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.3578

Imports

KERNEL32.dll GetCurrentDirectoryW
ReadFile
WriteFile
WriteConsoleW
GetFileSizeEx
CreateFileA
GetLastError
CloseHandle
CreateFileW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapSize
SetStdHandle
SetFilePointerEx
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
GetStdHandle
GetFileType
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
ADVAPI32.dll CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW
GetUserNameW
SHELL32.dll SHGetKnownFolderPath
SHGetFolderPathA
ole32.dll CoUninitialize
CoTaskMemFree
CoCreateInstance
CoSetProxyBlanket
CoInitializeEx
OLEAUT32.dll SysAllocStringByteLen
SysFreeString
SysStringByteLen

Delayed Imports

2

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x91
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.8858
MD5 f7ad1eab748bc07570a57ec87787cf90
SHA1 0b1608da9fef218386e825db575c65616826d9f4
SHA256 d2952e57023848a37fb0f21f0dfb38c9000f610ac2b00c2f128511dfd68bde04
SHA3 6c9541b36948c19ae507d74223621875b3af4064f7cd8200bdb97e15a047e96a

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2025-May-15 21:28:22
Version 0.0
SizeofData 860
AddressOfRawData 0x359f4
PointerToRawData 0x33ff4

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2025-May-15 21:28:22
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x18003a040

RICH Header

XOR Key 0xbed3ddf1
Unmarked objects 0
ASM objects (30795) 5
C++ objects (30795) 154
C objects (30795) 16
ASM objects (34321) 10
C objects (34321) 14
C++ objects (34321) 75
C objects (CVTCIL) (30795) 1
Imports (30795) 11
Total imports 119
C++ objects (LTCG) (34436) 2
Resource objects (34436) 1
Linker (34436) 1

Errors

Leave a comment

No comments yet.