| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| Compilation Date |
2025-Jan-22 03:49:06
|
| Detected languages |
English - United States
|
| TLS Callbacks |
1 callback(s) detected.
|
| Malicious |
The file headers were tampered with. |
Unusual section name found: .xdata1
Unusual section name found: .rdata1
Unusual section name found: .idata2
Unusual section name found: .data2
Unusual section name found: .pdata2
Unusual section name found: .xdata1
Unusual section name found: .tls1
The RICH header checksum is invalid.
The number of imports reported in the RICH header is inconsistent.
|
| Malicious |
The PE contains functions mostly used by malware. |
Functions related to the privilege level:
- AdjustTokenPrivileges
- OpenProcessToken
|
| Suspicious |
No VirusTotal score. |
This file has never been scanned on VirusTotal.
|
| MD5 |
88dcd9de46beb8a5b3d7b7f5089c1988
|
| SHA1 |
33883aee8d7848034fc20f3485d35a058e9ad334
|
| SHA256 |
74daeb6cc67cf213ef4c6a8dcf3be3dca4f41e60a16d929e2e5a4cd0394f6fa8
|
| SHA3 |
72ede03eed1b01cc0c5ce974def40da0768ed13e8f9428fe84a701748157142d
|
| SSDeep |
3072:4dA6d1IkAMIR2gib2ohIz0uFSigUFPGQ+A2aBOk+tnr1CfypRD1Izh00lwG+gLk:4dA6d1IkAMIR2gib2ohIz0uFSigUFPG
|
| Imports Hash |
60340bc02471168f740ed8b7e38df9c6
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x100
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections |
13
|
| TimeDateStamp |
2025-Jan-22 03:49:06
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xf0
|
| Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
| Magic |
PE32+
|
| LinkerVersion |
14.0
|
| SizeOfCode |
0x1c600
|
| SizeOfInitializedData |
0x13200
|
| SizeOfUninitializedData |
0
|
| AddressOfEntryPoint |
0x0000000000038000 (Section: .tls1)
|
| BaseOfCode |
0x1000
|
| ImageBase |
0x140000000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
6.0
|
| ImageVersion |
0.0
|
| SubsystemVersion |
6.0
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x39000
|
| SizeOfHeaders |
0x600
|
| Checksum |
0x33e0e
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve |
0x100000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
7578812c4f8541bd62d725b26bcfb6ab
|
| SHA1 |
6381d623959ec9340775884ca07e0defcc2e2cc8
|
| SHA256 |
9bb6c89cd9f7773ddfb5c130b17036daf614466a700bdc20c34a9f3a27683ab9
|
| SHA3 |
9f09872f8c6af85c694ba63c1284ce302a4923f8413331a1c2c114834a52bbcd
|
| VirtualSize |
0x7567
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0x7600
|
| PointerToRawData |
0x600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
6.83388
|
| MD5 |
4e076b69c1d7f12124ac95b492d048ec
|
| SHA1 |
c3d888c54b9776ce33f400fbbd6a8a6362d5c3c6
|
| SHA256 |
1215700c77625f05acb299c776cb99664a87c34499800f818b277f4412c66364
|
| SHA3 |
86421730b80215e4627697d86d54eb6e613f04e28dc3144fa474977bf22f7aed
|
| VirtualSize |
0x66a6
|
| VirtualAddress |
0x9000
|
| SizeOfRawData |
0x6800
|
| PointerToRawData |
0x7c00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
5.6979
|
| MD5 |
5ee413636a9f18784b26557e94a07e31
|
| SHA1 |
3e36ecd9fdcd3c7fd6dd08d5f8ae40e8cdde3f75
|
| SHA256 |
751082ebd8cdcac581ac3566d595709ca8ab60815c7ed7970f1dec874dd3a50a
|
| SHA3 |
421c775667c0b73f0148c2e89e236a398ac24f55462b5b75d7d032f1956171b3
|
| VirtualSize |
0x3e8
|
| VirtualAddress |
0x10000
|
| SizeOfRawData |
0x400
|
| PointerToRawData |
0xe400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
4.39095
|
| MD5 |
ba36c1ca93a75fd8be4c6a94495f6089
|
| SHA1 |
138d3a66b63eec9102fee4ba0d2f54aede279676
|
| SHA256 |
1fc36d83486bde7ce705d7e0c9750175a28d5319d9bd0370089943e7196884bb
|
| SHA3 |
3a01e1a94003890a12583c2975b119028a61851b47b3fc2347edd3e84de05b84
|
| VirtualSize |
0x528
|
| VirtualAddress |
0x11000
|
| SizeOfRawData |
0x600
|
| PointerToRawData |
0xe800
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
1.78006
|
| MD5 |
535e6c34b4922862f1fdcd161b767a6a
|
| SHA1 |
43f7a89f92849bfa89e58c0eb22188e3c676156c
|
| SHA256 |
7e695b97f076251694a0c44e307210e854fca43cca85eb6f75bf6ad3ac2e788c
|
| SHA3 |
103d2c47f30944cd9474ce3ee170d826f795d60c35f4d08024e91505523818c9
|
| VirtualSize |
0x1e8
|
| VirtualAddress |
0x12000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0xee00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
4.7511
|
| MD5 |
522c093d8899a2f2a5b71894a9cfafec
|
| SHA1 |
8068135e0a7a27670cd0fa415e80f940d4347783
|
| SHA256 |
55ce7caafcb274a40f6beae38c4e2f31679ebe63317700b91f7e9794506a0320
|
| SHA3 |
c852fee47a3bcf34f565fdfa8afbd38b716860e3945610797ee9fda8f46cb9db
|
| VirtualSize |
0xa0
|
| VirtualAddress |
0x13000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0xf000
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
| Entropy |
2.06689
|
| MD5 |
2dc2afe91bd64939630b7dd8d31ed95a
|
| SHA1 |
dcce8a1296a3cc487fad1f7497232121065f4ee2
|
| SHA256 |
764c49b52f15a775622c48a1ec23e3c5942f56935cf7ca8294f2214d0fbe3691
|
| SHA3 |
3c34617a780ef66f7a3b1b85d1096b0fcd64ecedfa03134c7d28b5fd8385f1b7
|
| VirtualSize |
0xad90
|
| VirtualAddress |
0x14000
|
| SizeOfRawData |
0xae00
|
| PointerToRawData |
0xf200
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
7.44597
|
| MD5 |
05aef90f4a5fd82c470ef7a701c74167
|
| SHA1 |
c4e12c27534f54bae52f4df1c446e3717e8e80ae
|
| SHA256 |
7416b3747d319b3945ad666b3a8b59f92ae8cdb0529ab8bc479285f6d10af4f8
|
| SHA3 |
c8fe52b1ace75f6e0de1cbdc082d411c5e40e61f81be15737061c7218e792af6
|
| VirtualSize |
0x14dd7
|
| VirtualAddress |
0x1f000
|
| SizeOfRawData |
0x14e00
|
| PointerToRawData |
0x1a000
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
6.15352
|
| MD5 |
71901cbeb597ce8de659caecfa65dfd9
|
| SHA1 |
feb9a729412210301daa8697b5f4808cf392dcea
|
| SHA256 |
2576831517361e6e71845818c53ce09f9cca5bf3055b6c3601009529e0083ca7
|
| SHA3 |
69350aaa1040f5d1cea57b861b3eb3d4af5ee49f66e554211b2d8cf94355c873
|
| VirtualSize |
0x268
|
| VirtualAddress |
0x34000
|
| SizeOfRawData |
0x400
|
| PointerToRawData |
0x2ee00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.146838
|
| MD5 |
be8ba89748fc3d56e8e22815e56561ef
|
| SHA1 |
29704b9000b857cf930140afcad85c6396e1b0f3
|
| SHA256 |
345c2970dbee3aa03edafaaa4f69710e32b09f8df4fa843adf855bb3d91f53bb
|
| SHA3 |
5900d7db04581ffe54c31ff1a23b1693c5b5070ab45914d613324bda78e208fe
|
| VirtualSize |
0x59c
|
| VirtualAddress |
0x35000
|
| SizeOfRawData |
0x600
|
| PointerToRawData |
0x2f200
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
3.64212
|
| MD5 |
3440ecad5b5d718c48d8a367b1b042fa
|
| SHA1 |
1e4a23cd529589b92a42bd8fc0fa81cd808d6b94
|
| SHA256 |
6c34c490e41a0310f09eda2accafd29d810a14132cc661b9081c9938125ce72e
|
| SHA3 |
39a2ef40f810378b84a5644b2a167c78f93a86b036c9556c1b4ce31f54fc6757
|
| VirtualSize |
0x134
|
| VirtualAddress |
0x36000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x2f800
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
3.10666
|
| MD5 |
fd741ae59298736beddf6f146be27708
|
| SHA1 |
217f13f8ca605eebd24fd189356bc4f701483c51
|
| SHA256 |
dc3d29b8d6674913a6d248c8bb76c168a51edf90bb1eb95ac5c6b5dca99e289d
|
| SHA3 |
fcdb945d3ff354ad911ed4abe89071123f4661ae6f4e94bbee741a5e84020e27
|
| VirtualSize |
0xb0
|
| VirtualAddress |
0x37000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x2fa00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
| Entropy |
2.20366
|
| MD5 |
c38b3080149b1792051bc92252265667
|
| SHA1 |
f43c2ae13c89e9973f8a422552d9b2c3b39fbf6e
|
| SHA256 |
652d486962a6766a57e9ec8f1e6d3391340e71481c8a4eca8cb6e79aa76da2fa
|
| SHA3 |
0a086b2ecf99508438f1ce7d49ce142c519fc998a5dc5bea77b5cbbf28f3fa28
|
| VirtualSize |
0x18
|
| VirtualAddress |
0x38000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x2fc00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
0.460547
|
| KERNEL32.dll |
MultiByteToWideChar
WideCharToMultiByte
GetTickCount
GetTickCount64
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTime
CloseHandle
GetLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
lstrlenA
GetCurrentProcess
SetConsoleTitleA
lstrlenW
SetConsoleTextAttribute
lstrcpyA
lstrcpyW
lstrcatA
lstrcatW
lstrcmpA
lstrcmpW
|
| ADVAPI32.dll |
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW
|
| MSVCP140.dll |
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
|
| VCRUNTIME140_1.dll |
(EMPTY)
|
| VCRUNTIME140.dll |
(EMPTY)
|
| api-ms-win-crt-stdio-l1-1-0.dll |
(EMPTY)
|
| api-ms-win-crt-heap-l1-1-0.dll |
(EMPTY)
|
| api-ms-win-crt-string-l1-1-0.dll |
(EMPTY)
|
| api-ms-win-crt-time-l1-1-0.dll |
(EMPTY)
|
| api-ms-win-crt-runtime-l1-1-0.dll |
(EMPTY)
|
| api-ms-win-crt-filesystem-l1-1-0.dll |
(EMPTY)
|
| api-ms-win-crt-math-l1-1-0.dll |
(EMPTY)
|
| api-ms-win-crt-locale-l1-1-0.dll |
(EMPTY)
|
| ADVAPI32.dll (#2) |
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW
|
| MSVCP140.dll (#2) |
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
|
| api-ms-win-crt-filesystem-l1-1-0.dll (#2) |
(EMPTY)
|
| api-ms-win-crt-locale-l1-1-0.dll (#2) |
(EMPTY)
|
| api-ms-win-crt-math-l1-1-0.dll (#2) |
(EMPTY)
|
| api-ms-win-crt-runtime-l1-1-0.dll (#2) |
(EMPTY)
|
| api-ms-win-crt-stdio-l1-1-0.dll (#2) |
(EMPTY)
|
| api-ms-win-crt-string-l1-1-0.dll (#2) |
(EMPTY)
|
| api-ms-win-crt-time-l1-1-0.dll (#2) |
(EMPTY)
|
| Type |
RT_MANIFEST
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x188
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
4.89623
|
| MD5 |
b8e76ddb52d0eb41e972599ff3ca431b
|
| SHA1 |
fc12d7ad112ddabfcd8f82f290d84e637a4d62f8
|
| SHA256 |
165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8
|
| SHA3 |
37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd
|
| StartAddressOfRawData |
0
|
| EndAddressOfRawData |
0
|
| AddressOfIndex |
0x140034028
|
| AddressOfCallbacks |
0x140034030
|
| SizeOfZeroFill |
0
|
| Characteristics |
IMAGE_SCN_TYPE_REG
|
| Callbacks |
0x00000001400314D0
|
| Size |
0x140
|
| TimeDateStamp |
1970-Jan-01 00:00:00
|
| Version |
0.0
|
| GlobalFlagsClear |
(EMPTY)
|
| GlobalFlagsSet |
(EMPTY)
|
| CriticalSectionDefaultTimeout |
0
|
| DeCommitFreeBlockThreshold |
0
|
| DeCommitTotalFreeThreshold |
0
|
| LockPrefixTable |
0
|
| MaximumAllocationSize |
0
|
| VirtualMemoryThreshold |
0
|
| ProcessAffinityMask |
0
|
| ProcessHeapFlags |
(EMPTY)
|
| CSDVersion |
0
|
| Reserved1 |
0
|
| EditList |
0
|
| SecurityCookie |
0x140010040
|
| XOR Key |
0xa65e45dc
|
| Unmarked objects |
0
|
| Total imports |
1
|
| Linker (33523) |
60
|
| ASM objects (33523) |
280
|
| ASM objects (33523) (#2) |
2
|
| ASM objects (33523) (#3) |
1
|
| Resource objects (33523) |
350
|
[!] Error: Read the same import twice! This PE was almost certainly crafted manually!
[*] Warning: An error occurred while trying to read functions imported by module MSVCP140.dll.