| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date |
1970-Jan-01 00:00:00
|
| Detected languages |
English - United States
|
| TLS Callbacks |
2 callback(s) detected.
|
| Suspicious |
The PE is possibly packed. |
Unusual section name found: .xdata
|
| Info |
The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
- GetProcAddress
- LoadLibraryW
|
| Suspicious |
The PE is possibly a dropper. |
Resources amount for 79.4454% of the executable.
|
| Safe |
VirusTotal score: 0/71 (Scanned on 2026-06-26 13:10:48) |
All the AVs think this file is safe.
|
| MD5 |
8f353c32ed4db7ce1eec06dbe889239d
|
| SHA1 |
4173b370cb59a9a0f44b5acedefd05715e6d1c37
|
| SHA256 |
6f798dd73b35965bc2912d034a4eb7440719e3845187318d788f5c1860b871c1
|
| SHA3 |
e42d50695e520fdaa7e0ef2104048d3e646862fb6a79b0770dcbec8ce3e5d533
|
| SSDeep |
384:uuFrkgLwuZO2cwKbpmbPuo47j71RCnmfaykrEb1ufH87M78EIu8MmV1BSF+c0DD:fRLwwRc2bWoi16W1yx78MnDSP
|
| Imports Hash |
8aca5cbb0f0601373f8e0beb9a1da938
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x80
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections |
10
|
| TimeDateStamp |
1970-Jan-01 00:00:00
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xf0
|
| Characteristics |
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_RELOCS_STRIPPED
|
| Magic |
PE32+
|
| LinkerVersion |
2.0
|
| SizeOfCode |
0x1e00
|
| SizeOfInitializedData |
0x19c00
|
| SizeOfUninitializedData |
0x200
|
| AddressOfEntryPoint |
0x0000000000001500 (Section: .text)
|
| BaseOfCode |
0x1000
|
| ImageBase |
0x140000000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
4.0
|
| ImageVersion |
0.0
|
| SubsystemVersion |
5.2
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x1d000
|
| SizeOfHeaders |
0x400
|
| Checksum |
0x225ce
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
| SizeofStackReserve |
0x200000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
980e8b972d833345dda9aa501045970d
|
| SHA1 |
881860e4b65d35737f0d5c36696616e8fbe6bebe
|
| SHA256 |
87b67a248d83e722468704c46444746746f38190d7d168c00ce7c0e43f8f98c4
|
| SHA3 |
e4003895a5f18568b1f28c9913dfa18a777961b8d5db680beff1dc18a92d858d
|
| VirtualSize |
0x1c98
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0x1e00
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
5.86002
|
| MD5 |
1d1963dcc52de86c66f836f73f6e31d5
|
| SHA1 |
3036670e76e2150999e5b5bfd2c3a44dacee5577
|
| SHA256 |
153a5b3a25ae1f02b517ad54786d3af35d378898896ac9281180ce473a92a377
|
| SHA3 |
4e264cdb99d36a09ea9f0b878514f2936a7f70a8e37ad479c395ecf1e12f30ab
|
| VirtualSize |
0x100
|
| VirtualAddress |
0x3000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x2200
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
1.38106
|
| MD5 |
c9f71d9372d8702238aa48acbf17786b
|
| SHA1 |
0eeeff82f2aabc31ed5b97dbe003b1a4214f46fc
|
| SHA256 |
6733d356252ad875f75ce22abf61685c6684ba66087525f08622e79ab1878e2e
|
| SHA3 |
9ff38d63f6144d8f3af1607f171745ea2dfaf1683438ca4247f344d4dd6365e8
|
| VirtualSize |
0x990
|
| VirtualAddress |
0x4000
|
| SizeOfRawData |
0xa00
|
| PointerToRawData |
0x2400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
4.45328
|
| MD5 |
ae30c363c0ebcedc4ecf7d6bf76f8060
|
| SHA1 |
8584ad5d52c11c716e49af137dc7cafdd7d3c8d9
|
| SHA256 |
d7b0b9492429256b76b35f3b233fd4c58040723ef00a13f34710ef3c4dbfc2f5
|
| SHA3 |
221a2cdb926a71567e78de69a47a4157de9b91ba848d955cbe8b432a6400e0f0
|
| VirtualSize |
0x270
|
| VirtualAddress |
0x5000
|
| SizeOfRawData |
0x400
|
| PointerToRawData |
0x2e00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
2.61645
|
| MD5 |
30076b6944c5815f4ad2d3d59f802b56
|
| SHA1 |
d31042820a0e00b8e939970c701abc6385a9d271
|
| SHA256 |
d88081e606b048fc58defeb0d17346bed7e58defe45c274b8d6fc2ef7dfc4cb1
|
| SHA3 |
52448e1107a32b166902735888a60bbdceae029ab3ce5b312388849d21fad018
|
| VirtualSize |
0x200
|
| VirtualAddress |
0x6000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x3200
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
3.85478
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x1a0
|
| VirtualAddress |
0x7000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
ce97e8ca2d0d32716106ba506f2bafbb
|
| SHA1 |
17c8743407323d7176f9d9f63d78bdc6d087c453
|
| SHA256 |
71206dea1204659915e9e27384363bb72e443d4c03162cc438d4be5204957d4f
|
| SHA3 |
0e9ca2bbee5831481cdfdb1a3c6ba6633c446e0f1b2089ed9576c97ad6848d3c
|
| VirtualSize |
0xb74
|
| VirtualAddress |
0x8000
|
| SizeOfRawData |
0xc00
|
| PointerToRawData |
0x3400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
3.98676
|
| MD5 |
fe5fbff7840d3622715e63dc6dda6fba
|
| SHA1 |
308d041e48014f9815006365f390c003c60e5377
|
| SHA256 |
cdec8404b8885b7d1f8561cd1aa29d27b898493163669728123567b252bc65f7
|
| SHA3 |
b6a367cb357a7a98fac7ae13d9862fac4b004afd854b6cb7e5f03fd141717a34
|
| VirtualSize |
0x68
|
| VirtualAddress |
0x9000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x4000
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.340642
|
| MD5 |
bf619eac0cdf3f68d496ea9344137e8b
|
| SHA1 |
5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
|
| SHA256 |
076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
|
| SHA3 |
622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
|
| VirtualSize |
0x10
|
| VirtualAddress |
0xa000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x4200
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0
|
| MD5 |
dfb00e8fc483272bc4c7fe4fc02b0287
|
| SHA1 |
9b050ded14d64a0dc5411af8caf5f72448fb4432
|
| SHA256 |
79dc714dd36b267ad65e869ea998298f4e8c3352392c922e2da821b8e49f8449
|
| SHA3 |
44c7089ae2a3b7527293c0a36c1ea50ddfa1bf6ba5b32abab3d16404af6eb6ec
|
| VirtualSize |
0x11114
|
| VirtualAddress |
0xb000
|
| SizeOfRawData |
0x11200
|
| PointerToRawData |
0x4400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
2.12961
|
| KERNEL32.dll |
DeleteCriticalSection
EnterCriticalSection
GetLastError
GetProcAddress
GetStartupInfoW
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryW
SetDllDirectoryW
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VerSetConditionMask
VerifyVersionInfoW
VirtualProtect
VirtualQuery
|
| api-ms-win-crt-environment-l1-1-0.dll |
__p__environ
__p__wenviron
|
| api-ms-win-crt-heap-l1-1-0.dll |
_set_new_mode
calloc
free
malloc
|
| api-ms-win-crt-locale-l1-1-0.dll |
__initialize_lconv_for_unsigned_char
|
| api-ms-win-crt-math-l1-1-0.dll |
__setusermatherr
|
| api-ms-win-crt-private-l1-1-0.dll |
__C_specific_handler
memcpy
|
| api-ms-win-crt-runtime-l1-1-0.dll |
_set_app_type
__p___argc
__p___argv
__p___wargv
__p__wcmdln
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_atexit
_initialize_narrow_environment
_initialize_wide_environment
_initterm
_set_invalid_parameter_handler
abort
exit
signal
|
| api-ms-win-crt-stdio-l1-1-0.dll |
__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vswprintf
fwrite
|
| api-ms-win-crt-string-l1-1-0.dll |
strlen
strncmp
wcslen
_wcsdup
|
| api-ms-win-crt-time-l1-1-0.dll |
__daylight
__timezone
__tzname
_tzset
|
| USER32.dll |
MessageBoxW
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x468
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.7495
|
| MD5 |
3a8d4ee183c3b5d80d0a585ccca435e2
|
| SHA1 |
35b21e0c534bb15ec1416c43b94c7d7a33300ca4
|
| SHA256 |
abaeb4809c05b00d43098d30a7d37cb5706962cd885e772b0a68168a46084391
|
| SHA3 |
f2aaefd09f4f4508f3942fb23995580e4c594c1ba2cdd6562a67e315ab19ac83
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x988
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.20936
|
| MD5 |
25aa0f385a132a12ea57eca4e6ad9684
|
| SHA1 |
c23349682991597f9899026ac81792c82a0099b9
|
| SHA256 |
49bbac134339341b4390f8d8c819c3207e94e41ed98531c0799babf2099651a6
|
| SHA3 |
cff777041887e18af609a193a4f3e5c5bac1c1d06dbe78e7d77d4abb2491e798
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x10a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.89531
|
| MD5 |
454b8218a3cac50a88c9b35bc0c47839
|
| SHA1 |
c99d0a0b4960ca98f43b9eb906ec23cf33f3a0fe
|
| SHA256 |
d892e9e5afc0ea8d4190a6c144114689b226178a842dd8653c4f006adf86fcdb
|
| SHA3 |
75ba725517d2963f0944e110851f2aea27943700e1dae82b4e5e5c34dffeab47
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x25a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.487
|
| MD5 |
30848ae62d36f968f67fc1ba635f98fd
|
| SHA1 |
ed804e2068a782fb6ff8fc0cfc58134a7ab4ef8c
|
| SHA256 |
00346c7d2b738caa6bf92cf23a110d1042c70538d1241b3fe53d67d0f4dd968f
|
| SHA3 |
4dc9f60c871290138214470a42e15a03911ccc2301b6ebf85fa599f7f9d304eb
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0xcb28
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
1.85079
|
| MD5 |
2dc2ac3f4259f7ea9c81e7eb8c0b84ed
|
| SHA1 |
8b916cbe6cdec98baac9cfbf796b686a729c69b3
|
| SHA256 |
64452728e5c539c87459dbbf747caac9a7f11f3c5d68bc65e12848aa43e654bf
|
| SHA3 |
ec737cfce1a7ec9a84b5683f3a63c212b7ef9d0bb2d39006a474e05203048419
|
| Type |
RT_GROUP_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x4c
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.79808
|
| Detected Filetype |
Icon file
|
| MD5 |
5b88ee306f63c136087d70d323b4ea50
|
| SHA1 |
d4645fc785e15589cb8ca9c16ff2a5b78dac5bee
|
| SHA256 |
fea6f3d39c70df74d66ab67fe535418c7220088821e423a59e5cff6084da6328
|
| SHA3 |
0017f71b0fe254b720db20fa3480a501ee2bfd16247e2d1b42a47fe751cf5cf2
|
| StartAddressOfRawData |
0x14000a000
|
| EndAddressOfRawData |
0x14000a008
|
| AddressOfIndex |
0x14000707c
|
| AddressOfCallbacks |
0x140009040
|
| SizeOfZeroFill |
0
|
| Characteristics |
IMAGE_SCN_TYPE_REG
|
| Callbacks |
0x0000000140001860
0x0000000140001830
|
[*] Warning: Section .bss has a size of 0!