5d42fb99080e9d345b504bcc5e123223
Summary
| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2025-Dec-14 11:35:20 |
| Detected languages |
English - United States
|
| TLS Callbacks | 1 callback(s) detected. |
| Debug artifacts |
Prestarter.pdb
|
| CompanyName | gravitlauncher |
| FileDescription | prestarter |
| FileVersion | 0.1.0 |
| ProductName | prestarter |
| ProductVersion | 0.1.0 |
Plugin Output
| Suspicious | Strings found in the binary may indicate undesirable behavior: |
Miscellaneous malware strings:
|
| Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to SHA1 Uses constants related to SHA256 Uses constants related to RC5 or RC6 |
| Suspicious | The PE is possibly packed. | Unusual section name found: .taubndl |
| Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
| Info | The PE is digitally signed. |
Signer: NarutoCraft Code Sign
Issuer: NarutoCraft Root CA |
| Malicious | VirusTotal score: 4/72 (Scanned on 2026-02-06 19:28:47) |
Bkav:
W64.AIDetectMalware
Google: Detected Ikarus: Trojan.Win64.Agent Trapmine: suspicious.low.ml.score |
Hashes
DOS Header
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x100 |
PE Header
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections | 7 |
| TimeDateStamp | 2025-Dec-14 11:35:20 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xf0 |
| Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Image Optional Header
| Magic | PE32+ |
|---|---|
| LinkerVersion | 14.0 |
| SizeOfCode | 0x335c00 |
| SizeOfInitializedData | 0x174e00 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x0000000000318588 (Section: .text) |
| BaseOfCode | 0x1000 |
| ImageBase | 0x140000000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 6.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 6.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x4af000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0xc9c10a |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
.text
.rdata
.data
.pdata
.taubndl
.rsrc
.reloc
Imports
| kernel32.dll |
DuplicateHandle
GetWindowsDirectoryW GetSystemDirectoryW CompareStringOrdinal GetSystemTimeAsFileTime IsDebuggerPresent IsProcessorFeaturePresent ExitProcess SetWaitableTimer TerminateProcess RtlPcToFileHeader RaiseException EncodePointer TlsAlloc TlsGetValue TlsSetValue TlsFree GetModuleFileNameW FormatMessageW ReleaseMutex SwitchToThread GetLastError lstrlenW GetSystemTimePreciseAsFileTime HeapReAlloc GetCurrentThread SetThreadStackGuarantee WaitForSingleObject HeapAlloc CloseHandle WideCharToMultiByte GetCurrentProcessId SetFileAttributesW SetFilePointerEx GetFileAttributesW CreateHardLinkW CreateSymbolicLinkW GetFinalPathNameByHandleW GetCurrentProcess DeleteFileW GetTempPathW GetFileInformationByHandleEx GetFileInformationByHandle CreateFileW GetFullPathNameW CreateDirectoryW WriteConsoleW GetConsoleOutputCP GetConsoleMode GetStdHandle WaitForSingleObjectEx RtlLookupFunctionEntry MultiByteToWideChar SleepConditionVariableSRW SetHandleInformation WakeAllConditionVariable AcquireSRWLockExclusive GetCurrentThreadId LCIDToLocaleName GetUserDefaultUILanguage GetModuleHandleW SetLastError GetSystemInfo GetModuleHandleA Sleep SetFileInformationByHandle FindClose GetProcessHeap FindNextFileW FindFirstFileExW SetFileCompletionNotificationModes LoadLibraryExA SetFileTime LoadLibraryW LoadLibraryA OutputDebugStringA OutputDebugStringW LoadLibraryExW HeapFree FreeLibrary GetProcAddress SleepEx ReleaseSRWLockExclusive |
|---|---|
| advapi32.dll |
RegCloseKey
RegOpenKeyExW RegQueryValueExW RegGetValueW |
| ntdll.dll |
NtCreateNamedPipeFile
RtlGetVersion NtCancelIoFileEx RtlNtStatusToDosError NtDeviceIoControlFile NtCreateFile NtWriteFile NtOpenFile NtReadFile |
| shell32.dll |
DragQueryFileW
DragFinish ILCreateFromPathW Shell_NotifyIconGetRect ShellExecuteW ILFree Shell_NotifyIconW SHAppBarMessage ShellExecuteExW SHGetKnownFolderPath SHOpenFolderAndSelectItems |
| ole32.dll |
RegisterDragDrop
RevokeDragDrop CoCreateInstance CoInitializeEx CoTaskMemFree CoTaskMemAlloc CoCreateFreeThreadedMarshaler CoInitialize CoUninitialize OleInitialize |
| api-ms-win-core-synch-l1-2-0.dll |
WakeByAddressSingle
WaitOnAddress WakeByAddressAll |
| gdi32.dll |
CombineRgn
CreateRectRgn SetTextColor DeleteObject BitBlt CreateSolidBrush CreateDIBSection CreateCompatibleDC GetDeviceCaps DeleteDC SelectObject SetBkMode |
| comctl32.dll |
TaskDialogIndirect
RemoveWindowSubclass SetWindowSubclass DefSubclassProc |
| user32.dll |
GetKeyboardState
IsIconic SetWindowTextW GetWindowTextW GetWindowTextLengthW SetWindowDisplayAffinity MonitorFromRect ToUnicodeEx MapVirtualKeyExW GetKeyboardLayout ClipCursor GetSystemMetrics GetClipCursor ShowCursor SystemParametersInfoW SetPropW IsWindowEnabled GetWindowPlacement SetWindowPlacement ChangeDisplaySettingsExW SetWindowLongW GetSystemMenu RegisterRawInputDevices AdjustWindowRectEx GetMenu GetWindowLongW InvalidateRgn ReleaseCapture IsWindow RegisterTouchWindow EnableWindow GetParent GetMonitorInfoW FlashWindowEx SetWindowRgn GetForegroundWindow FindWindowExW SetParent DestroyMenu DestroyIcon DestroyAcceleratorTable CreateAcceleratorTableW CreateMenu CreatePopupMenu DrawMenuBar KillTimer SetTimer SetMenuItemInfoW CreateIcon RemoveMenu LoadCursorW SetMenu GetActiveWindow PostMessageW SystemParametersInfoA SetCursor SetCursorPos InvalidateRect DefWindowProcW RegisterWindowMessageA UpdateWindow GetAsyncKeyState GetKeyState ScreenToClient TranslateAcceleratorW MsgWaitForMultipleObjectsEx MapVirtualKeyW GetUpdateRect PeekMessageW PostThreadMessageW ValidateRect GetRawInputData RegisterClassW SetWindowLongPtrW SetCapture DispatchMessageW GetMessageW DestroyWindow IsWindowVisible GetTouchInputInfo GetWindow EnumChildWindows DispatchMessageA TranslateMessage GetMessageA SetWindowPos CreateWindowExW RegisterClassExW SetFocus GetWindowLongPtrW CloseTouchInputHandle RedrawWindow AdjustWindowRect EnumDisplayMonitors MonitorFromPoint TrackMouseEvent IsProcessDPIAware MonitorFromWindow TrackPopupMenu SetForegroundWindow ClientToScreen GetCursorPos EnableMenuItem DrawIconEx GetDC AppendMenuW InsertMenuW SendInput CheckMenuItem ReleaseDC GetWindowDC OffsetRect GetWindowRect MapWindowPoints GetClientRect GetMenuBarInfo DrawTextW FillRect GetMenuItemInfoW PostQuitMessage ShowWindow SendMessageW |
| oleaut32.dll |
GetErrorInfo
SysFreeString SysStringLen SetErrorInfo |
| shlwapi.dll |
SHCreateMemStream
|
| dwmapi.dll |
DwmGetWindowAttribute
DwmSetWindowAttribute DwmEnableBlurBehindWindow |
| bcryptprimitives.dll |
ProcessPrng
|
| crypt32.dll |
CertVerifyCertificateChainPolicy
CertFreeCertificateChain CertGetCertificateChain CertFreeCertificateContext CertCloseStore CertDuplicateStore CertDuplicateCertificateContext CertEnumCertificatesInStore CertOpenStore CertAddCertificateContextToStore CertDuplicateCertificateChain |
| secur32.dll |
DecryptMessage
FreeCredentialsHandle QueryContextAttributesW EncryptMessage FreeContextBuffer AcceptSecurityContext AcquireCredentialsHandleA ApplyControlToken DeleteSecurityContext InitializeSecurityContextW |
| ADVAPI32.dll |
EventWriteTransfer
EventRegister EventSetInformation EventUnregister |
| KERNEL32.dll |
GetEnvironmentStringsW
CreateProcessW FreeEnvironmentStringsW CreateWaitableTimerExW PostQueuedCompletionStatus DeleteCriticalSection InitializeCriticalSectionAndSpinCount AddVectoredExceptionHandler GetQueuedCompletionStatusEx RtlUnwindEx CreateIoCompletionPort SetEnvironmentVariableW GetCommandLineW QueryPerformanceCounter DeviceIoControl RtlCaptureContext RtlVirtualUnwind SetUnhandledExceptionFilter UnhandledExceptionFilter InitializeSListHead GetCurrentDirectoryW CreateMutexA GetEnvironmentVariableW QueryPerformanceFrequency CreateThread WriteFileEx ReadFileEx |
| ws2_32.dll |
shutdown
send freeaddrinfo WSACleanup WSAStartup getaddrinfo bind getsockopt connect setsockopt WSASocketW WSASend closesocket recv WSAIoctl getsockname WSAGetLastError ioctlsocket getpeername |
| api-ms-win-crt-string-l1-1-0.dll |
wcscmp
strlen wcslen _wcsicmp wcsncmp strcpy_s wcsncat |
| api-ms-win-crt-math-l1-1-0.dll |
pow
floor __setusermatherr roundf round trunc |
| api-ms-win-crt-convert-l1-1-0.dll |
_ultow_s
_wtoi wcstol |
| api-ms-win-crt-heap-l1-1-0.dll |
_set_new_mode
free calloc malloc _callnewh |
| api-ms-win-crt-utility-l1-1-0.dll |
_rotl64
|
| api-ms-win-crt-runtime-l1-1-0.dll |
__p___argc
_exit _seh_filter_exe _set_app_type abort __p___argv terminate _crt_atexit _register_onexit_function _configure_narrow_argv _initialize_narrow_environment _initialize_onexit_table _get_initial_narrow_environment _initterm _initterm_e _cexit exit _c_exit _register_thread_local_exe_atexit_callback |
| api-ms-win-crt-stdio-l1-1-0.dll |
_set_fmode
__p__commode |
| api-ms-win-crt-locale-l1-1-0.dll |
_configthreadlocale
|
Delayed Imports
1
2
3
4
5
6
32512
1 (#2)
1 (#3)
Version Info
| Signature | 0xfeef04bd |
|---|---|
| StructVersion | 0x10000 |
| FileVersion | 0.1.0.0 |
| ProductVersion | 0.1.0.0 |
| FileFlags | (EMPTY) |
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
| FileType |
VFT_APP
|
| Language | UNKNOWN |
| CompanyName | gravitlauncher |
| FileDescription | prestarter |
| FileVersion (#2) | 0.1.0 |
| ProductName | prestarter |
| ProductVersion (#2) | 0.1.0 |
| Resource LangID | English - United States |
|---|
IMAGE_DEBUG_TYPE_CODEVIEW
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2025-Dec-14 11:35:20 |
| Version | 0.0 |
| SizeofData | 39 |
| AddressOfRawData | 0x47a0f4 |
| PointerToRawData | 0x4790f4 |
| Referenced File | Prestarter.pdb |
IMAGE_DEBUG_TYPE_VC_FEATURE
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2025-Dec-14 11:35:20 |
| Version | 0.0 |
| SizeofData | 20 |
| AddressOfRawData | 0x47a11c |
| PointerToRawData | 0x47911c |
IMAGE_DEBUG_TYPE_POGO
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2025-Dec-14 11:35:20 |
| Version | 0.0 |
| SizeofData | 1068 |
| AddressOfRawData | 0x47a130 |
| PointerToRawData | 0x479130 |
TLS Callbacks
| StartAddressOfRawData | 0x14047a5a8 |
|---|---|
| EndAddressOfRawData | 0x14047a744 |
| AddressOfIndex | 0x14048ac5c |
| AddressOfCallbacks | 0x140337d48 |
| SizeOfZeroFill | 0 |
| Characteristics |
IMAGE_SCN_ALIGN_8BYTES
|
| Callbacks |
0x000000014026BD00
|
Load Configuration
| Size | 0x140 |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0 |
| EditList | 0 |
| SecurityCookie | 0x140488780 |
RICH Header
| XOR Key | 0x95669cf5 |
|---|---|
| Unmarked objects | 0 |
| Imports (VS2008 SP1 build 30729) | 16 |
| ASM objects (34918) | 9 |
| C objects (34918) | 13 |
| C++ objects (34918) | 47 |
| Imports (33140) | 5 |
| C objects (35207) | 8 |
| Total imports | 396 |
| Unmarked objects (#2) | 55 |
| Resource objects (35207) | 1 |
| Linker (35207) | 1 |