75d813f71535d8e8643c347af02161b2c860337918132f9c638b802a95c9f6f4

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2026-Jun-07 07:29:58

Plugin Output

Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Uses constants related to SHA1
Uses constants related to SHA256
Uses constants related to SHA512
Uses constants related to AES
Suspicious The PE contains functions most legitimate programs don't use. Can access the registry:
  • RegCloseKey
  • RegOpenKeyExA
  • RegQueryValueExA
 Possibly launches other programs:
  • CreateProcessW
 Uses Windows's Native API:
  • NtClose
  • NtCreateFile
  • NtDeviceIoControlFile
  • NtLockFile
  • NtQueryObject
  • NtSetInformationFile
 Leverages the raw socket API to access the Internet:
  • WSAGetLastError
  • WSASocketW
  • WSAStartup
  • closesocket
  • connect
  • freeaddrinfo
  • getaddrinfo
 Interacts with the certificate store:
  • CertOpenSystemStoreW
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 6bc4074cd7c35000f1253dd8a9cdf970
SHA1 100bf66e0216d93338e443ce642f0c5df1f893fa
SHA256 75d813f71535d8e8643c347af02161b2c860337918132f9c638b802a95c9f6f4
SHA3 4821b00820e5f3ffdbc06243b8469b0d0507dda5736ba73941d0397492d9e635
SSDeep 12288:wZ+OE4MmD6/Oyspc5EEBBBHGBgzGerwGhTvPqItNquB:wcb4M06WpoPrwuvP3f5
Imports Hash 73f461c771aef77ec43d53a0c54f0c8d

DOS Header

e_magic MZ
e_cblp 0x78
e_cp 0x1
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0
e_ss 0
e_sp 0
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x78

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2026-Jun-07 07:29:58
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x75000
SizeOfInitializedData 0xa0c00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000001000 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x11b000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x1000000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 bef1534974f1d0aab505b09820208e71
SHA1 cf5a7c4d01929942ab42743a8b344ca0b7a963af
SHA256 ae0a6e93351d72e38c17fecdd46c5ad18282ed1fc56a586f7d3f45017c29b9e8
SHA3 15fc9b11561471e7d9f35d6dc21677d71b790282ed9530f979ce2977367483a8
VirtualSize 0x74fe6
VirtualAddress 0x1000
SizeOfRawData 0x75000
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.36918

.rdata

MD5 1f81c83e801b8a59327cbe8038fdbe13
SHA1 b1e3d3a3d120378ba6229281da87615574fd33fd
SHA256 86cc65893f50fd2b342f2963516bb3e282c2f861d4822e20ee944d23cc912b3c
SHA3 0ba0cfa3defb30d1640ea3355241bae3cac77f6edeed67aae5ab0b91a9f42b1c
VirtualSize 0x9c590
VirtualAddress 0x76000
SizeOfRawData 0x9c600
PointerToRawData 0x75400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.08445

.data

MD5 5cc7bcdc64e666364f7a2c459cc69bd7
SHA1 90de5b760f5faf25434fd4d7fe2e48489e5a68ca
SHA256 8b8c7556024e3f944db8b4d9ea7c43bd05314f1a578d527ca8faf20043086bf7
SHA3 3237f4eecad1146c987b110e0f03c0c31e2e380eeee0e662223b2a390d01a01e
VirtualSize 0x770
VirtualAddress 0x113000
SizeOfRawData 0x800
PointerToRawData 0x111a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.74344

.pdata

MD5 4a24b3e51bfcc79439eb6fa77fa29969
SHA1 6092748640e45a320260b9c1cbaed5f7393f357b
SHA256 7dbf5a43befed2db10e1cd2ddd038c7504c8ff62b1707b5d1dc5d350bcfeaff1
SHA3 83b11cb1d555726efec9d9c5bf138dd4c105cafe41b6c08e23adf8ce71b4563d
VirtualSize 0x13e0
VirtualAddress 0x114000
SizeOfRawData 0x1400
PointerToRawData 0x112200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.77732

.CRT

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x10
VirtualAddress 0x116000
SizeOfRawData 0x200
PointerToRawData 0x113600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0

.tls

MD5 d4163cd782027139760d0eb803098005
SHA1 8be6c130911dd3328555930f4b13db76d4b65066
SHA256 bf09ac4ea974dffd64ea60096241978f8774580594a40cbba53630fcff37bddd
SHA3 d73b0ce6b63ab03d4bcff3cbda4d2efe32e258bcad61fb32f90083c96758bec1
VirtualSize 0x2219
VirtualAddress 0x117000
SizeOfRawData 0x2400
PointerToRawData 0x113800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.0100799

.reloc

MD5 4a60a2aada7a0b33581ed83a006c33ca
SHA1 e73611197f5541c824643c66bdc45f17bc82b20f
SHA256 f073362d07f9ac617284e42176e80925a4bdf09b54db1167c4d6bc1f38e58036
SHA3 98f37d5123f593df68a324f5de6d5f1fed06dffad77b97adbac59c649a9b9cd0
VirtualSize 0x2bc
VirtualAddress 0x11a000
SizeOfRawData 0x400
PointerToRawData 0x115c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.11379

Imports

ntdll.dll NtClose
NtCreateFile
NtDeviceIoControlFile
NtLockFile
NtQueryObject
NtSetInformationFile
RtlEqualUnicodeString
RtlExitUserProcess
RtlGetFullPathName_U
RtlWaitOnAddress
KERNEL32.dll AcquireSRWLockExclusive
CloseHandle
CreateProcessW
ExitProcess
GetCurrentThreadId
GetDiskFreeSpaceExW
GetExitCodeProcess
GetFileAttributesW
GetLastError
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount64
GlobalMemoryStatusEx
MoveFileW
MultiByteToWideChar
ReadFile
ReleaseSRWLockExclusive
SetEnvironmentVariableA
SetFilePointerEx
Sleep
VirtualAlloc
VirtualFree
WaitForSingleObject
WriteFile
ADVAPI32.dll RegCloseKey
RegOpenKeyExA
RegQueryValueExA
SystemFunction036
CRYPT32.dll CertCloseStore
CertEnumCertificatesInStore
CertOpenSystemStoreW
WS2_32.dll WSAGetLastError
WSASocketW
WSAStartup
closesocket
connect
freeaddrinfo
getaddrinfo

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData 0x517000
EndAddressOfRawData 0x519218
AddressOfIndex 0x513000
AddressOfCallbacks 0x516000
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4096BYTES
Callbacks (EMPTY)

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.