| Architecture |
IMAGE_FILE_MACHINE_I386
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| Compilation Date |
2025-Jun-27 05:40:17
|
| TLS Callbacks |
3 callback(s) detected.
|
| Suspicious |
The PE is possibly packed. |
Unusual section name found: .Y9d
Unusual section name found: .F+U
Unusual section name found: ..^|
The PE only has 7 import(s).
|
| Info |
The PE contains common functions which appear in legitimate applications. |
Possibly launches other programs:
|
| Malicious |
VirusTotal score: 32/70 (Scanned on 2026-07-01 22:24:35) |
APEX:
Malicious
AVG:
FileRepMalware [Misc]
Antiy-AVL:
Trojan[Packed]/Win32.VMProtect
Avast:
FileRepMalware [Misc]
Bkav:
W32.Malware.59C632D3
CTX:
exe.trojan.generic
CrowdStrike:
win/malicious_confidence_100% (W)
Cylance:
Unsafe
Cynet:
Malicious (score: 100)
ESET-NOD32:
Win32/Packed.VMProtect.BC suspicious application
Elastic:
malicious (high confidence)
Fortinet:
Riskware/Application
Google:
Detected
Lionic:
Trojan.Win32.Generic.4!c
Malwarebytes:
Malware.Heuristic.2003
MaxSecure:
Trojan.Malware.526793590.susgen
McAfeeD:
ti!66A160B8CF6E
Microsoft:
Trojan:Win32/Kepavll!rfn
Paloalto:
generic.ml
Sangfor:
Trojan.Win32.Agent.Vgdy
SentinelOne:
Static AI - Malicious PE
Sophos:
Mal/Generic-S
Symantec:
ML.Attribute.HighConfidence
Trapmine:
malicious.moderate.ml.score
TrellixENS:
Artemis!B5552D1D41AC
TrendMicro:
Trojan.Win32.ZYX.USBLF126
TrendMicro-HouseCall:
Trojan.Win32.ZYX.USBLF126
VBA32:
Malware-Cryptor.Inject.gen
Varist:
W32/ABApplication.WIRP-5213
Zoner:
Probably Heur.ExeHeaderL
alibabacloud:
VirTool:Win/Wacatac.B9nj
tehtris:
Generic.Malware
|
| MD5 |
b5552d1d41ac7352a463a7b5af62c711
|
| SHA1 |
460242b752f4895c1878325171fd3bd79ce1a729
|
| SHA256 |
66a160b8cf6e2b5c7211cafc25f0a5930c551bfd07cab5c97821dc19cf1c4ce7
|
| SHA3 |
f0c416957cd80b98fb2f8e1d9acaa79c967dd3ab0750bdc588609442f76c1f81
|
| SSDeep |
98304:RXFUGiODqEHYNOJAoPMZoVtPVyxHZzgY7H8Ih0tq:RVUGiO+EHYNO6okZIVCH9D7Hat
|
| Imports Hash |
206536e81eae647ec989337279667f41
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x80
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections |
11
|
| TimeDateStamp |
2025-Jun-27 05:40:17
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xe0
|
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
| Magic |
PE32
|
| LinkerVersion |
2.0
|
| SizeOfCode |
0xdc00
|
| SizeOfInitializedData |
0x13800
|
| SizeOfUninitializedData |
0xc00
|
| AddressOfEntryPoint |
0x002F4495 (Section: ..^|)
|
| BaseOfCode |
0x1000
|
| BaseOfData |
0xf000
|
| ImageBase |
0x400000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
5.0
|
| ImageVersion |
1.0
|
| SubsystemVersion |
5.0
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x72d000
|
| SizeOfHeaders |
0x400
|
| Checksum |
0x49796f
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| SizeofStackReserve |
0x200000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0xda54
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x5c
|
| VirtualAddress |
0xf000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x22f4
|
| VirtualAddress |
0x10000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x216c
|
| VirtualAddress |
0x13000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0xa84
|
| VirtualAddress |
0x16000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0xe0c
|
| VirtualAddress |
0x17000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x18
|
| VirtualAddress |
0x18000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x20
|
| VirtualAddress |
0x19000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x286dab
|
| VirtualAddress |
0x1a000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| MD5 |
65f36f62f746e49ba70fade4734aa194
|
| SHA1 |
ec4657e3f7aeae79d5f246fb5e51d50d54e442c5
|
| SHA256 |
7be6d1367f47ec1d2e783f8394560ad45dc443f170e792cbf46b40bf4b355e8b
|
| SHA3 |
9a3a979280b414e73f1ef17370a52623882a1e65149468ca59bbd5e6acc8d9d2
|
| VirtualSize |
0x70
|
| VirtualAddress |
0x2a1000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.949017
|
| MD5 |
67171ba6d2119f14087d6374c1556136
|
| SHA1 |
3614fb4010b428f672da6e7b53857fe22ebed836
|
| SHA256 |
8c62152cbf8d05e2ec866fdeeef39dbab0619968fa4574e101991910cb2ccab1
|
| SHA3 |
7788c527e43060dfe418f4b86d6872a37dd1cde59dc8ed47cb2c04e4416c0885
|
| VirtualSize |
0x48a1d0
|
| VirtualAddress |
0x2a2000
|
| SizeOfRawData |
0x48a200
|
| PointerToRawData |
0x600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
7.9916
|
| GDI32.dll |
BitBlt
|
| KERNEL32.dll |
DeleteCriticalSection
|
| msvcrt.dll |
_kbhit
|
| msvcrt.dll (#2) |
_kbhit
|
| SHELL32.DLL |
ShellExecuteA
|
| USER32.dll |
GetAsyncKeyState
|
| WININET.DLL |
HttpAddRequestHeadersA
|
| StartAddressOfRawData |
0x6a103c
|
| EndAddressOfRawData |
0x6a1057
|
| AddressOfIndex |
0x416098
|
| AddressOfCallbacks |
0xa7da48
|
| SizeOfZeroFill |
0
|
| Characteristics |
IMAGE_SCN_TYPE_REG
|
| Callbacks |
0x00ACBD32
0x00405500
0x004054B0
|
[*] Warning: Section .text has a size of 0!
[*] Warning: Section .data has a size of 0!
[*] Warning: Section .rdata has a size of 0!
[*] Warning: Section .eh_fram has a size of 0!
[*] Warning: Section .bss has a size of 0!
[*] Warning: Section .idata has a size of 0!
[*] Warning: Section .CRT has a size of 0!
[*] Warning: Section .tls has a size of 0!
[*] Warning: Section .Y9d has a size of 0!