655ec647bcf23d8b6314da110e4ad8827425dcb514e45871dfae27d0877d1e90

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2026-Feb-14 22:41:35
Detected languages English - United States

Plugin Output

Info The PE contains common functions which appear in legitimate applications. Possibly launches other programs:
  • CreateProcessW
  • CreateProcessA
Suspicious VirusTotal score: 1/69 (Scanned on 2026-03-06 02:24:02) Bkav: W64.AIDetectMalware

Hashes

MD5 a2e50dc04697fff1fc62b90fe931064a
SHA1 b520d78a5c83532375078c7e12d4b59240dd55ce
SHA256 655ec647bcf23d8b6314da110e4ad8827425dcb514e45871dfae27d0877d1e90
SHA3 074a6d38eff8010f494de00a5ba9360d592726d30d66fdb5292bfab85e8c3448
SSDeep 384:8ssPJRMXXrt2+Rhll9VBV251A7O2J+vAXbvAmZQTG:jYwXXrt3x2I7xJ+4E06G
Imports Hash b303d5bdf3c3815b917ae6834bb8b10d

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x108

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2026-Feb-14 22:41:35
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x3000
SizeOfInitializedData 0x1c00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000000344C (Section: .text)
BaseOfCode 0x1000
ImageBase 0x180000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0xa000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 f54275899c75d31f631acd2715dc9f46
SHA1 c00455bad1bffe6a4a7822260dc5a7ccccb6b20f
SHA256 8f556e459b101b6caa3fbc479154b32d4a371d7b89e6f0386b9d26b4e4903cc6
SHA3 fc8147ccd4417bb3a925110ef3a601414d92f72c6a05376125ce825db40bacac
VirtualSize 0x2ea8
VirtualAddress 0x1000
SizeOfRawData 0x3000
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.15012

.rdata

MD5 f8440c5e0dd4ed166262128a22e5d91d
SHA1 db990f0be9cce87f4896c13f44b1d3c24166a537
SHA256 c85b70b51fe6473cb46dbffbcb69b9f2001cf9448ff1ab3acdc2851f6ac3572d
SHA3 a74963f0eb3faccec2cd8aa3b0877a8294a3656fbbe913e54d57205386910337
VirtualSize 0x134a
VirtualAddress 0x4000
SizeOfRawData 0x1400
PointerToRawData 0x3400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.37348

.data

MD5 44e3a691dc8b65965036793fb6d81c6b
SHA1 5dae6efe2e7356d13dc44d5d0626d4fa23c6a9ec
SHA256 850a8c7ad557aa53f147be924b7041095cd57f70ce6f95948de69e2fe07c1b31
SHA3 bf1579d2a90f3dfba2e9e0cd0c164466f346c5cf11c5af3e032346c839e3f2ba
VirtualSize 0x150
VirtualAddress 0x6000
SizeOfRawData 0x200
PointerToRawData 0x4800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.517653

.pdata

MD5 f94c72e7fd8ca5a496abf309a25ad4cb
SHA1 47404263824ad3332aa891a1a78d801deb83fa2e
SHA256 ffcea8a03c3675d1bab229e3fb40802a08b32f495a3436f8e149d24de528b409
SHA3 18bea9eb64f679ecadca63aedf216866f210a2a72fd3ee1a0c44fb33f92e5fd3
VirtualSize 0x1d4
VirtualAddress 0x7000
SizeOfRawData 0x200
PointerToRawData 0x4a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.55598

.rsrc

MD5 3d0553075b3988616ad37c22c5b02333
SHA1 ed18de1e5363c4a01a31fb8fea54399cf3d6fbb0
SHA256 b2d6e17eba2da3fe1271ea82f82d676d5398549c6548c9faa0a2507b3886956c
SHA3 082a0d7041d40624e3dd1944519929e919bf7e6232322fea29c8925ab24970a1
VirtualSize 0xf8
VirtualAddress 0x8000
SizeOfRawData 0x200
PointerToRawData 0x4c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.50658

.reloc

MD5 e97486888d7392fbd80c16223716be22
SHA1 6e1377173fa3287aee1be81798c73f2f25eccecd
SHA256 3d0e7596ced692fa2f45c9999739ffc8f28f5cc89dde13422c3cfc283ed452e8
SHA3 ee98ad36e20304e03cf8aa75072e5dccb2abde52c7154e868ca3931d57dbf05c
VirtualSize 0x28
VirtualAddress 0x9000
SizeOfRawData 0x200
PointerToRawData 0x4e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.537461

Imports

KERNEL32.dll ReadFile
SetHandleInformation
RtlCaptureContext
GetCurrentProcess
CreatePipe
WaitForSingleObject
GetModuleHandleA
MultiByteToWideChar
CloseHandle
GetProcAddress
ExitProcess
CreateProcessW
CreateProcessA
DebugBreak
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
USER32.dll MessageBoxA
ntdll.dll RtlLookupFunctionEntry
RtlVirtualUnwind
VCRUNTIME140.dll __C_specific_handler
strrchr
memcpy
__std_type_info_destroy_list
memset
strstr
api-ms-win-crt-heap-l1-1-0.dll free
realloc
malloc
api-ms-win-crt-string-l1-1-0.dll strncmp
tolower
_strdup
api-ms-win-crt-stdio-l1-1-0.dll __stdio_common_vsprintf
api-ms-win-crt-environment-l1-1-0.dll getenv
api-ms-win-crt-runtime-l1-1-0.dll _execute_onexit_table
_initialize_onexit_table
_cexit
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm

Delayed Imports

?DecryptModData@@YAXPEAUJNIEnv_@@PEAV_jlongArray@@PEAV_jintArray@@@Z

Ordinal 1
Address 0x1100

?PerformXOR@@YAXPEA_JPEAJJJ@Z

Ordinal 2
Address 0x10d4

?__scrt_init_timecookie@@YAHXZ

Ordinal 3
Address 0x108c

Java_libs_API_chat

Ordinal 4
Address 0x11d4

2

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x91
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.8858
MD5 f7ad1eab748bc07570a57ec87787cf90
SHA1 0b1608da9fef218386e825db575c65616826d9f4
SHA256 d2952e57023848a37fb0f21f0dfb38c9000f610ac2b00c2f128511dfd68bde04
SHA3 6c9541b36948c19ae507d74223621875b3af4064f7cd8200bdb97e15a047e96a

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2026-Feb-14 22:41:35
Version 0.0
SizeofData 600
AddressOfRawData 0x46d8
PointerToRawData 0x3ad8

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2026-Feb-14 22:41:35
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x180006040

RICH Header

XOR Key 0x5a8c74d
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 10
Imports (35207) 2
ASM objects (35207) 3
C objects (35207) 7
C++ objects (35207) 10
Imports (33145) 7
Total imports 56
C++ objects (LTCG) (35221) 2
Exports (35221) 1
Resource objects (35221) 1
Linker (35221) 1

Errors

Leave a comment

No comments yet.