6f798dd73b35965bc2912d034a4eb7440719e3845187318d788f5c1860b871c1

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1970-Jan-01 00:00:00
Detected languages English - United States
TLS Callbacks 2 callback(s) detected.

Plugin Output

Suspicious The PE is possibly packed. Unusual section name found: .xdata
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryW
Suspicious The PE is possibly a dropper. Resources amount for 79.4454% of the executable.
Safe VirusTotal score: 0/71 (Scanned on 2026-06-26 13:10:48) All the AVs think this file is safe.

Hashes

MD5 8f353c32ed4db7ce1eec06dbe889239d
SHA1 4173b370cb59a9a0f44b5acedefd05715e6d1c37
SHA256 6f798dd73b35965bc2912d034a4eb7440719e3845187318d788f5c1860b871c1
SHA3 e42d50695e520fdaa7e0ef2104048d3e646862fb6a79b0770dcbec8ce3e5d533
SSDeep 384:uuFrkgLwuZO2cwKbpmbPuo47j71RCnmfaykrEb1ufH87M78EIu8MmV1BSF+c0DD:fRLwwRc2bWoi16W1yx78MnDSP
Imports Hash 8aca5cbb0f0601373f8e0beb9a1da938

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 10
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32+
LinkerVersion 2.0
SizeOfCode 0x1e00
SizeOfInitializedData 0x19c00
SizeOfUninitializedData 0x200
AddressOfEntryPoint 0x0000000000001500 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 5.2
Win32VersionValue 0
SizeOfImage 0x1d000
SizeOfHeaders 0x400
Checksum 0x225ce
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 980e8b972d833345dda9aa501045970d
SHA1 881860e4b65d35737f0d5c36696616e8fbe6bebe
SHA256 87b67a248d83e722468704c46444746746f38190d7d168c00ce7c0e43f8f98c4
SHA3 e4003895a5f18568b1f28c9913dfa18a777961b8d5db680beff1dc18a92d858d
VirtualSize 0x1c98
VirtualAddress 0x1000
SizeOfRawData 0x1e00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.86002

.data

MD5 1d1963dcc52de86c66f836f73f6e31d5
SHA1 3036670e76e2150999e5b5bfd2c3a44dacee5577
SHA256 153a5b3a25ae1f02b517ad54786d3af35d378898896ac9281180ce473a92a377
SHA3 4e264cdb99d36a09ea9f0b878514f2936a7f70a8e37ad479c395ecf1e12f30ab
VirtualSize 0x100
VirtualAddress 0x3000
SizeOfRawData 0x200
PointerToRawData 0x2200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.38106

.rdata

MD5 c9f71d9372d8702238aa48acbf17786b
SHA1 0eeeff82f2aabc31ed5b97dbe003b1a4214f46fc
SHA256 6733d356252ad875f75ce22abf61685c6684ba66087525f08622e79ab1878e2e
SHA3 9ff38d63f6144d8f3af1607f171745ea2dfaf1683438ca4247f344d4dd6365e8
VirtualSize 0x990
VirtualAddress 0x4000
SizeOfRawData 0xa00
PointerToRawData 0x2400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.45328

.pdata

MD5 ae30c363c0ebcedc4ecf7d6bf76f8060
SHA1 8584ad5d52c11c716e49af137dc7cafdd7d3c8d9
SHA256 d7b0b9492429256b76b35f3b233fd4c58040723ef00a13f34710ef3c4dbfc2f5
SHA3 221a2cdb926a71567e78de69a47a4157de9b91ba848d955cbe8b432a6400e0f0
VirtualSize 0x270
VirtualAddress 0x5000
SizeOfRawData 0x400
PointerToRawData 0x2e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.61645

.xdata

MD5 30076b6944c5815f4ad2d3d59f802b56
SHA1 d31042820a0e00b8e939970c701abc6385a9d271
SHA256 d88081e606b048fc58defeb0d17346bed7e58defe45c274b8d6fc2ef7dfc4cb1
SHA3 52448e1107a32b166902735888a60bbdceae029ab3ce5b312388849d21fad018
VirtualSize 0x200
VirtualAddress 0x6000
SizeOfRawData 0x200
PointerToRawData 0x3200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.85478

.bss

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x1a0
VirtualAddress 0x7000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata

MD5 ce97e8ca2d0d32716106ba506f2bafbb
SHA1 17c8743407323d7176f9d9f63d78bdc6d087c453
SHA256 71206dea1204659915e9e27384363bb72e443d4c03162cc438d4be5204957d4f
SHA3 0e9ca2bbee5831481cdfdb1a3c6ba6633c446e0f1b2089ed9576c97ad6848d3c
VirtualSize 0xb74
VirtualAddress 0x8000
SizeOfRawData 0xc00
PointerToRawData 0x3400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.98676

.CRT

MD5 fe5fbff7840d3622715e63dc6dda6fba
SHA1 308d041e48014f9815006365f390c003c60e5377
SHA256 cdec8404b8885b7d1f8561cd1aa29d27b898493163669728123567b252bc65f7
SHA3 b6a367cb357a7a98fac7ae13d9862fac4b004afd854b6cb7e5f03fd141717a34
VirtualSize 0x68
VirtualAddress 0x9000
SizeOfRawData 0x200
PointerToRawData 0x4000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.340642

.tls

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x10
VirtualAddress 0xa000
SizeOfRawData 0x200
PointerToRawData 0x4200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.rsrc

MD5 dfb00e8fc483272bc4c7fe4fc02b0287
SHA1 9b050ded14d64a0dc5411af8caf5f72448fb4432
SHA256 79dc714dd36b267ad65e869ea998298f4e8c3352392c922e2da821b8e49f8449
SHA3 44c7089ae2a3b7527293c0a36c1ea50ddfa1bf6ba5b32abab3d16404af6eb6ec
VirtualSize 0x11114
VirtualAddress 0xb000
SizeOfRawData 0x11200
PointerToRawData 0x4400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.12961

Imports

KERNEL32.dll DeleteCriticalSection
EnterCriticalSection
GetLastError
GetProcAddress
GetStartupInfoW
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryW
SetDllDirectoryW
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VerSetConditionMask
VerifyVersionInfoW
VirtualProtect
VirtualQuery
api-ms-win-crt-environment-l1-1-0.dll __p__environ
__p__wenviron
api-ms-win-crt-heap-l1-1-0.dll _set_new_mode
calloc
free
malloc
api-ms-win-crt-locale-l1-1-0.dll __initialize_lconv_for_unsigned_char
api-ms-win-crt-math-l1-1-0.dll __setusermatherr
api-ms-win-crt-private-l1-1-0.dll __C_specific_handler
memcpy
api-ms-win-crt-runtime-l1-1-0.dll _set_app_type
__p___argc
__p___argv
__p___wargv
__p__wcmdln
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_atexit
_initialize_narrow_environment
_initialize_wide_environment
_initterm
_set_invalid_parameter_handler
abort
exit
signal
api-ms-win-crt-stdio-l1-1-0.dll __acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vswprintf
fwrite
api-ms-win-crt-string-l1-1-0.dll strlen
strncmp
wcslen
_wcsdup
api-ms-win-crt-time-l1-1-0.dll __daylight
__timezone
__tzname
_tzset
USER32.dll MessageBoxW

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.7495
MD5 3a8d4ee183c3b5d80d0a585ccca435e2
SHA1 35b21e0c534bb15ec1416c43b94c7d7a33300ca4
SHA256 abaeb4809c05b00d43098d30a7d37cb5706962cd885e772b0a68168a46084391
SHA3 f2aaefd09f4f4508f3942fb23995580e4c594c1ba2cdd6562a67e315ab19ac83

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x988
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.20936
MD5 25aa0f385a132a12ea57eca4e6ad9684
SHA1 c23349682991597f9899026ac81792c82a0099b9
SHA256 49bbac134339341b4390f8d8c819c3207e94e41ed98531c0799babf2099651a6
SHA3 cff777041887e18af609a193a4f3e5c5bac1c1d06dbe78e7d77d4abb2491e798

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.89531
MD5 454b8218a3cac50a88c9b35bc0c47839
SHA1 c99d0a0b4960ca98f43b9eb906ec23cf33f3a0fe
SHA256 d892e9e5afc0ea8d4190a6c144114689b226178a842dd8653c4f006adf86fcdb
SHA3 75ba725517d2963f0944e110851f2aea27943700e1dae82b4e5e5c34dffeab47

4

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.487
MD5 30848ae62d36f968f67fc1ba635f98fd
SHA1 ed804e2068a782fb6ff8fc0cfc58134a7ab4ef8c
SHA256 00346c7d2b738caa6bf92cf23a110d1042c70538d1241b3fe53d67d0f4dd968f
SHA3 4dc9f60c871290138214470a42e15a03911ccc2301b6ebf85fa599f7f9d304eb

5

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0xcb28
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.85079
MD5 2dc2ac3f4259f7ea9c81e7eb8c0b84ed
SHA1 8b916cbe6cdec98baac9cfbf796b686a729c69b3
SHA256 64452728e5c539c87459dbbf747caac9a7f11f3c5d68bc65e12848aa43e654bf
SHA3 ec737cfce1a7ec9a84b5683f3a63c212b7ef9d0bb2d39006a474e05203048419

1 (#2)

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x4c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.79808
Detected Filetype Icon file
MD5 5b88ee306f63c136087d70d323b4ea50
SHA1 d4645fc785e15589cb8ca9c16ff2a5b78dac5bee
SHA256 fea6f3d39c70df74d66ab67fe535418c7220088821e423a59e5cff6084da6328
SHA3 0017f71b0fe254b720db20fa3480a501ee2bfd16247e2d1b42a47fe751cf5cf2

Version Info

TLS Callbacks

StartAddressOfRawData 0x14000a000
EndAddressOfRawData 0x14000a008
AddressOfIndex 0x14000707c
AddressOfCallbacks 0x140009040
SizeOfZeroFill 0
Characteristics IMAGE_SCN_TYPE_REG
Callbacks 0x0000000140001860
0x0000000140001830

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!
Leave a comment

No comments yet.