| Architecture |
IMAGE_FILE_MACHINE_I386
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2026-Jun-30 17:38:29 |
| Detected languages |
English - United States
|
| Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
| Info | Interesting strings found in the binary: |
Contains domain names:
|
| Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 Uses constants related to SHA1 Uses constants related to SHA256 Uses constants related to SHA512 Uses constants related to AES Uses constants related to Blowfish Uses known Diffie-Helman primes Microsoft's Cryptography API |
| Suspicious | The PE is possibly packed. | Unusual section name found: .fptable |
| Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
| Info | The PE is digitally signed. |
Signer: SCRYDE TECH DMCC
Issuer: GlobalSign GCC R45 CodeSigning CA 2020 |
| Suspicious | VirusTotal score: 2/70 (Scanned on 2026-07-02 22:09:25) |
CrowdStrike:
win/grayware_confidence_60% (D)
Jiangmin: Trojan.Alien.sj |
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x120 |
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections | 6 |
| TimeDateStamp | 2026-Jun-30 17:38:29 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xe0 |
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
| Magic | PE32 |
|---|---|
| LinkerVersion | 14.0 |
| SizeOfCode | 0x2eda00 |
| SizeOfInitializedData | 0x498200 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x002BB32C (Section: .text) |
| BaseOfCode | 0x1000 |
| BaseOfData | 0x2ef000 |
| ImageBase | 0x400000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 6.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 6.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x789000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0x789e6a |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
| KERNEL32.dll |
GetCommandLineA
GetOEMCP IsValidCodePage SetEndOfFile SetStdHandle FlushFileBuffers HeapReAlloc GetFileSizeEx EnumSystemLocalesW GetUserDefaultLCID IsValidLocale GetLocaleInfoW LCMapStringW CompareStringW GetTimeFormatW GetDateFormatW FlsFree FlsSetValue FlsGetValue FlsAlloc HeapAlloc HeapFree GetConsoleOutputCP SetConsoleCtrlHandler SetFilePointerEx FileTimeToSystemTime SystemTimeToTzSpecificLocalTime GetDriveTypeW GetTimeZoneInformation DeleteFileW FreeLibraryAndExitThread ExitThread CreateThread ExitProcess LoadLibraryExW InitializeCriticalSectionAndSpinCount RtlUnwind GetCPInfo GetCommandLineW LCMapStringEx DecodePointer EncodePointer SetEnvironmentVariableW WideCharToMultiByte GetFileInformationByHandle FindFirstFileExW CreateFileW GetCurrentDirectoryW GetLocaleInfoEx LocalFree CloseThreadpoolWork SubmitThreadpoolWork CreateThreadpoolWork FreeLibraryWhenCallbackReturns TryAcquireSRWLockExclusive GetEnvironmentStringsW FreeEnvironmentStringsW InitOnceBeginInitialize InitOnceComplete RaiseException GetStringTypeW GetNativeSystemInfo InitializeSListHead GetStartupInfoW IsDebuggerPresent IsProcessorFeaturePresent GetCurrentProcess SetUnhandledExceptionFilter UnhandledExceptionFilter SleepConditionVariableSRW WakeAllConditionVariable ConvertThreadToFiberEx ConvertFiberToThread WriteFile GetACP CreateSemaphoreA GetExitCodeThread WaitForSingleObject ReleaseSemaphore InitializeCriticalSection FormatMessageA LoadLibraryA GetSystemDirectoryA GetModuleHandleExW FindNextFileW FindFirstFileW FindClose SystemTimeToFileTime GetSystemTime CreateFiberEx DeleteFiber SwitchToFiber VirtualFree VirtualProtect TlsFree TlsSetValue TlsGetValue TlsAlloc GetCurrentThreadId GetProcessHeap WriteConsoleW HeapSize TerminateProcess Process32NextW QueryFullProcessImageNameW OpenProcess Process32FirstW CreateToolhelp32Snapshot MultiByteToWideChar GetLastError CreateDirectoryW GetFileAttributesW GetModuleFileNameW WritePrivateProfileStringW GetPrivateProfileIntW GlobalUnlock GlobalFree GlobalLock GlobalAlloc OpenMutexW SizeofResource LockResource LoadResource FindResourceW CloseHandle ReleaseMutex CreateMutexW ReleaseSRWLockExclusive AcquireSRWLockExclusive EnterCriticalSection LeaveCriticalSection InitializeCriticalSectionEx DeleteCriticalSection QueryPerformanceFrequency GetSystemDirectoryW FreeLibrary GetModuleHandleW GetProcAddress LoadLibraryW SleepEx QueryPerformanceCounter GetTickCount Sleep GetFullPathNameW SetLastError FormatMessageW MoveFileExW WaitForSingleObjectEx GetEnvironmentVariableA CompareFileTime GetSystemTimeAsFileTime GetCurrentProcessId GetStdHandle GetFileType ReadFile PeekNamedPipe WaitForMultipleObjects GetModuleHandleA VerifyVersionInfoW GetEnvironmentVariableW GetConsoleMode SetConsoleMode ReadConsoleA ReadConsoleW InitializeSRWLock ReleaseSRWLockShared AcquireSRWLockShared |
|---|---|
| USER32.dll |
GetKeyState
ScreenToClient GetCursorPos SetCursor PostQuitMessage InvalidateRect ReleaseCapture SetCapture MoveWindow EndPaint BeginPaint GetMessagePos GetWindowRect DefWindowProcW SetTimer DispatchMessageW TranslateMessage TranslateAcceleratorW LoadAcceleratorsW LoadStringW GetSystemMetrics ReleaseDC GetDC EnumDisplaySettingsW UpdateWindow SetWindowRgn SetWindowLongW CreateWindowExW RegisterClassExW LoadCursorW GetMessageW KillTimer FlashWindowEx GetWindowLongW LoadIconW MessageBoxA SetForegroundWindow ShowWindow FindWindowW MessageBoxW GetProcessWindowStation GetUserObjectInformationW |
| gdiplus.dll |
GdipCloneFontFamily
GdipDeleteFontFamily GdipDeletePrivateFontCollection GdipNewPrivateFontCollection GdiplusShutdown GdiplusStartup GdipDeleteGraphics GdipDrawCachedBitmap GdipFillRectangleI GdipDrawLineI GdipFillPolygon GdipDrawString GdipFillRectangle GdipDrawRectangle GdipDrawImageRectI GdipFree GdipDisposeImage GdipAlloc GdipCloneImage GdipGetFontCollectionFamilyList GdipDeleteBrush GdipCloneBrush GdipDeleteStringFormat GdipDeleteFont GdipCreateBitmapFromScan0 GdipCreatePen1 GdipCreateSolidFill GdipCreateFont GdipGetImageGraphicsContext GdipSetTextRenderingHint GdipSetStringFormatAlign GdipSetStringFormatLineAlign GdipCreateCachedBitmap GdipDeleteCachedBitmap GdipCreateBitmapFromStream GdipGetImageHeight GdipGetImageWidth GdipGetImagePixelFormat GdipPrivateAddMemoryFont GdipDeletePen GdipCreateFromHDC GdipCreateStringFormat |
| SHELL32.dll |
ShellExecuteA
ShellExecuteW ShellExecuteExW |
| ole32.dll |
CoUninitialize
CreateStreamOnHGlobal CoInitialize |
| ntdll.dll |
VerSetConditionMask
|
| GDI32.dll |
GetStockObject
CreateRectRgn |
| WS2_32.dll |
send
WSACloseEvent WSACreateEvent WSAEnumNetworkEvents WSAEventSelect WSAResetEvent WSAWaitForMultipleEvents closesocket WSAGetLastError inet_pton ntohs WSASetLastError inet_ntop WSAStartup WSACleanup accept bind connect getpeername getsockname htons recv setsockopt socket shutdown WSAIoctl __WSAFDIsSet select htonl listen getaddrinfo freeaddrinfo recvfrom sendto ioctlsocket gethostname ntohl WSASocketA inet_addr inet_ntoa gethostbyaddr gethostbyname getservbyport getservbyname getsockopt |
| CRYPT32.dll |
CertOpenSystemStoreW
CertGetCertificateContextProperty CertDuplicateCertificateContext CertFindCertificateInStore CertOpenStore CertOpenSystemStoreA CertGetIntendedKeyUsage CertGetEnhancedKeyUsage CertFreeCertificateContext CertEnumCertificatesInStore CertCloseStore |
| ADVAPI32.dll |
CryptDestroyKey
CryptEnumProvidersW CryptSignHashW CryptDecrypt CryptExportKey CryptGetUserKey CryptGetProvParam CryptSetHashParam CryptGenRandom ReportEventW RegisterEventSourceW DeregisterEventSource CryptDestroyHash CryptHashData CryptCreateHash CryptGetHashParam CryptReleaseContext CryptAcquireContextW |
| SCRYDE LAUNCHER |
| Scryde_Launcher |
| Scryde_Launcher |
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2026-Jun-30 17:38:29 |
| Version | 0.0 |
| SizeofData | 1000 |
| AddressOfRawData | 0x3b1ff8 |
| PointerToRawData | 0x3b0df8 |
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2026-Jun-30 17:38:29 |
| Version | 0.0 |
| SizeofData | 0 |
| AddressOfRawData | 0 |
| PointerToRawData | 0 |
| StartAddressOfRawData | 0x7b23f0 |
|---|---|
| EndAddressOfRawData | 0x7b23f8 |
| AddressOfIndex | 0x7c1b9c |
| AddressOfCallbacks | 0x6ef60c |
| SizeOfZeroFill | 0 |
| Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
| Callbacks | (EMPTY) |
| Size | 0xc0 |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0 |
| EditList | 0 |
| SecurityCookie | 0x7bd280 |
| SEHandlerTable | 0x7b1354 |
| SEHandlerCount | 146 |
| XOR Key | 0x263637e9 |
|---|---|
| Unmarked objects | 0 |
| ASM objects (33145) | 15 |
| C++ objects (33145) | 197 |
| C objects (33145) | 22 |
| 253 (35207) | 8 |
| ASM objects (35207) | 26 |
| C objects (35207) | 19 |
| C++ objects (35207) | 96 |
| Unmarked objects (#2) | 23 |
| C objects (35221) | 1032 |
| Total imports | 380 |
| Imports (33145) | 23 |
| C++ objects (LTCG) (35221) | 13 |
| Resource objects (35221) | 1 |
| 151 | 1 |
| Linker (35221) | 1 |
No comments yet.