684e9fe6cf58558adf418f14f8d8151eff945aba4185421805bafa0127701e9b

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2026-Mar-19 01:27:14

Plugin Output

Suspicious The PE is possibly packed. Unusual section name found: .fptable
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
Suspicious VirusTotal score: 1/71 (Scanned on 2026-04-16 12:26:03) DeepInstinct: MALICIOUS

Hashes

MD5 605ef0c5590e09518b97aac8bac27721
SHA1 d42860fc094ec29a179a2a5a65c15072a42d5ea4
SHA256 684e9fe6cf58558adf418f14f8d8151eff945aba4185421805bafa0127701e9b
SHA3 66d2fb15e44dba0520a768cb30ea01cd4cf0b0dc42bb01ed7214e8d4ac773fc7
SSDeep 3072:JoOtsjf/T30/9veK1mS3r/D4bbbbbbbbdkE3Nh:JVtQr0/92KxkbbbbbbbbdkE3Nh
Imports Hash b03bcca1657c278d9768cae4038162d1

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x110

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2026-Mar-19 01:27:14
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0xd000
SizeOfInitializedData 0xd400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000001280 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x1d000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 1049802a03b5363421b79e3cea11defc
SHA1 6d8987b6b33c919cd3c844ca67ff82c820d2ed2f
SHA256 42ab961ba802e156fd23e91543bc22d050c41e518caa20b35fc6046010de0844
SHA3 aa1f815b43e704a0bb98a7f1897bd1195416de2ade8412675d05e6b494f32509
VirtualSize 0xceb7
VirtualAddress 0x1000
SizeOfRawData 0xd000
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.38294

.rdata

MD5 2efec29ab5e2bf295da862a044ea51e2
SHA1 ffd6ac17b47a207768941c843c9bd6a93ec9948e
SHA256 3c0f80a2f01641860deca388a31f48884b64a029d5a29e1c3a15309f4c13607a
SHA3 11df6e679fd0822d3aa02d609e9e29c9f6cf31de4233a15d268166034b88343c
VirtualSize 0x9a1c
VirtualAddress 0xe000
SizeOfRawData 0x9c00
PointerToRawData 0xd400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.64919

.data

MD5 e8dffc37d411832644ca93905a6c665a
SHA1 d95755432958f456bfb6cb4129fdf98941cbd32d
SHA256 d68705f38a6130a489e89bdb056d9aa9becc679636e412c77317e14757afc604
SHA3 f50245a7ec2cf562044eb3e8896eda929f1752ad968bf7ac62764649125bb43d
VirtualSize 0x1c90
VirtualAddress 0x18000
SizeOfRawData 0xc00
PointerToRawData 0x17000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.89609

.pdata

MD5 66bc92331a73539ab07a19c4c3bee8f2
SHA1 c972ca9c81e1c70b705d665805c53b91dd25db3e
SHA256 c8ef7468da0c3ff7578ad40b1cd5a803afd6cf566e11dcf913ce110e432b75f8
SHA3 793fde9b88bb1dfbf5f9cd493f7017c33109d03b86a30e74fd82b516a6bb48af
VirtualSize 0xee8
VirtualAddress 0x1a000
SizeOfRawData 0x1000
PointerToRawData 0x17c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.62182

.fptable

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x100
VirtualAddress 0x1b000
SizeOfRawData 0x200
PointerToRawData 0x18c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.reloc

MD5 6777217026e7d07b4e389b8534b27819
SHA1 d107be53d3347a2844df630ebe4536bf92328124
SHA256 a67689268e3650ea029bb6f5f609c94b081bfc49bab546d66e6abd5473dc5599
SHA3 96e1a179bea04921ce395166659a7d1608ce2e3bec1263422b4cb5295c7a1c6d
VirtualSize 0x668
VirtualAddress 0x1c000
SizeOfRawData 0x800
PointerToRawData 0x18e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.87611

Imports

WinStore.App.dll __managed__Main
KERNEL32.dll IsValidCodePage
CloseHandle
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
GetCurrentProcess
TerminateProcess
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
CreateFileW
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetFileType
GetStringTypeW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionEx
VirtualProtect
CompareStringW
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
ntdll.dll __chkstk
wcschr
api-ms-win-core-com-l1-1-0.dll CoIncrementMTAUsage

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2026-Mar-19 01:27:14
Version 0.0
SizeofData 836
AddressOfRawData 0x15fd8
PointerToRawData 0x153d8

UNKNOWN

Characteristics 0
TimeDateStamp 2026-Mar-19 01:27:14
Version 0.0
SizeofData 4
AddressOfRawData 0x16344
PointerToRawData 0x15744

TLS Callbacks

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140018040
GuardCFCheckFunctionPointer 5368767128
GuardCFDispatchFunctionPointer 0
GuardCFFunctionTable 0
GuardCFFunctionCount 0
GuardFlags (EMPTY)
CodeIntegrity.Flags 0
CodeIntegrity.Catalog 0
CodeIntegrity.CatalogOffset 0
CodeIntegrity.Reserved 0
GuardAddressTakenIatEntryTable 0
GuardAddressTakenIatEntryCount 0
GuardLongJumpTargetTable 0
GuardLongJumpTargetCount 0

RICH Header

XOR Key 0x7003fdc0
Unmarked objects 0
Imports (33136) 2
Imports (VS2008 SP1 build 30729) 2
Imports (33145) 2
C++ objects (33145) 141
C objects (33145) 12
ASM objects (33145) 8
ASM objects (35207) 7
C objects (35207) 12
C++ objects (35207) 41
Imports (35223) 3
Total imports 99
C objects (35223) 1
Linker (35223) 1

Errors

Leave a comment

No comments yet.