7815c014cf881fac971d19c1c304da804732b1b7b5c220488bfae731b3079632

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2026-Mar-01 13:29:15

Plugin Output

Info Interesting strings found in the binary: Contains domain names:
  • formats.info
  • io.formats.info
  • pandas.io.formats.info
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Suspicious The PE is possibly packed. Unusual section name found: .fptable
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
 Possibly launches other programs:
  • CreateProcessW
 Can create temporary files:
  • GetTempPathW
  • CreateFileW
 Functions related to the privilege level:
  • OpenProcessToken
 Enumerates local disk drives:
  • GetDriveTypeW
Suspicious The file contains overlay data. 24807133 bytes of data starting at offset 0x54000.
The overlay data has an entropy of 7.99933 and is possibly compressed or encrypted.
Overlay data amounts for 98.632% of the executable.
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 63f36238afa10321d4cad63221deb209
SHA1 d3703fe352bd16d1c708aecd66cc2f05fb05da66
SHA256 7815c014cf881fac971d19c1c304da804732b1b7b5c220488bfae731b3079632
SHA3 6af4b126acfa9d7d4905b46e216cb9dc6c2908d508d13792f638420bc3c9429d
SSDeep 393216:BHiSJuOtrIIBjZdsuvKSQkK6u+i10Aw14WiuLa5FF5Hd9Q9T6IZdS5Ycg+f3nd4:BCSJu2XldlK3P2VqWBG5ZQ9LS5YTo3C
Imports Hash dcaf48c1f10b0efa0a4472200f3850ed

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x108

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2026-Mar-01 13:29:15
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x2be00
SizeOfInitializedData 0x27e00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000000DA30 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x5d000
SizeOfHeaders 0x400
Checksum 0x18090fb
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x1e8480
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 588e5055fb224a048e508395bf048644
SHA1 670aa3f54dad88adb11fe4426d4ca10226c0dd91
SHA256 c0c87a7163d2e753cac4c4cd39a229cdab2a951fc5abf048618188dd66e31827
SHA3 f9bdaeb1972b3691a9afdd3c21d39105fa73d557fa4edf4d9a5c16c15b93f474
VirtualSize 0x2bd80
VirtualAddress 0x1000
SizeOfRawData 0x2be00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.47261

.rdata

MD5 17cf6932a841a8ed858bd8793f138dfc
SHA1 93accaaf91aaa89ab8e4250787f1f0d53c6be4d3
SHA256 9122b8e0ab199b5e5568bf3c50170543ffefe34a3f5fa61488c004fca78cc5e3
SHA3 fc7a282ec4b2e83573a48083bed5384821f0cb38e4051e4b959145e72788b95f
VirtualSize 0x13908
VirtualAddress 0x2d000
SizeOfRawData 0x13a00
PointerToRawData 0x2c200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.74405

.data

MD5 2fc88032c47ad8e77ba50142b1d7bacb
SHA1 de3475f9cc4acf58d0ba321b071078462805f523
SHA256 86462ad94449db441ae7a2fa16c6f1543cce53a8acb0960645d4b6039ec73e9f
SHA3 a9fec7f0a0205409366f6982529daf9066fa193a96c17e7a1c94a029351861dd
VirtualSize 0x50b0
VirtualAddress 0x41000
SizeOfRawData 0xe00
PointerToRawData 0x3fc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.82152

.pdata

MD5 f27272e31cd3260dd36a304bc13f6042
SHA1 294e6f201e0a2f112cf24b9ce2439a00320dba39
SHA256 5f962a59cd799c45ce2ef13eefde6f6268c3147ed26438c419fcb9091c1d3395
SHA3 cd442b465805507e665a9bac8d74060333c694fa6aed56b8ca6b3865aced2af3
VirtualSize 0x23f4
VirtualAddress 0x47000
SizeOfRawData 0x2400
PointerToRawData 0x40a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.48773

.fptable

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x100
VirtualAddress 0x4a000
SizeOfRawData 0x200
PointerToRawData 0x42e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.rsrc

MD5 b40bd67a0cde99792889d13987e654f3
SHA1 1c81b050f1e933f9f7791e5e56c1a0c1fe8eb710
SHA256 2c509388f074161ba86523c0167a6313b0462e6f08bdabc28b03e5b5bc8801c7
SHA3 ba4c948911748cc535ab3f8d092197041c52e09c49c907e1f7108e49ca83deb2
VirtualSize 0x10704
VirtualAddress 0x4b000
SizeOfRawData 0x10800
PointerToRawData 0x43000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.958

.reloc

MD5 7b4c05b51855f1fc0294ebfb2ae73776
SHA1 6ce048d0aa8b9ff7e9106fa37a5b6ba6928e7d4b
SHA256 e5a06de48e4c799b28ab7f285feb207cd42f4f4c2837f2fe23838528710a734c
SHA3 b97bcbe7b464730ff82f44b151a5e4e8e20c34eeff35714dfd40112cec55c829
VirtualSize 0x774
VirtualAddress 0x5c000
SizeOfRawData 0x800
PointerToRawData 0x53800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.27827

Imports

USER32.dll CreateWindowExW
ShutdownBlockReasonCreate
MsgWaitForMultipleObjects
ShowWindow
DestroyWindow
RegisterClassW
DefWindowProcW
PeekMessageW
DispatchMessageW
TranslateMessage
PostMessageW
GetMessageW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW
COMCTL32.dll #380
KERNEL32.dll GetACP
IsValidCodePage
GetStringTypeW
GetFileAttributesExW
SetEnvironmentVariableW
FlushFileBuffers
LCMapStringW
CompareStringW
VirtualProtect
InitializeCriticalSectionEx
GetOEMCP
GetCPInfo
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleHandleW
MulDiv
FormatMessageW
GetModuleFileNameW
SetDllDirectoryW
GetEnvironmentStringsW
SetErrorMode
CreateDirectoryW
GetCommandLineW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetDriveTypeW
RemoveDirectoryW
GetTempPathW
CloseHandle
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
Sleep
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
LocalFree
SetConsoleCtrlHandler
K32EnumProcessModules
K32GetModuleFileNameExW
CreateFileW
FindFirstFileExW
GetFinalPathNameByHandleW
MultiByteToWideChar
WideCharToMultiByte
FlsFree
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
HeapReAlloc
WriteConsoleW
SetEndOfFile
CreateSymbolicLinkW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ReadFile
GetFullPathNameW
SetStdHandle
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
GetCurrentDirectoryW
FlsAlloc
FlsGetValue
FlsSetValue
ADVAPI32.dll OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
GDI32.dll SelectObject
DeleteObject
CreateFontIndirectW

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x2d3
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.68
Detected Filetype PNG graphic file
MD5 646f734489d568e6b757e6a5094f89bd
SHA1 c7305a2d69591ba353cd40bb0b8406f02b446335
SHA256 192c4a4f121d07cd9225d27f4ac85723cada15b9d627fc8eff0768485eb8ec21
SHA3 3c5b11db67d2128dd9bea63a97732b215cdf56ae566dcecb46595c815746891d

2

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x4f0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.7906
Detected Filetype PNG graphic file
MD5 1fea47d1668e747426f3840eb81f5192
SHA1 d0df612e9834b01a914cbabbef47500fce508a82
SHA256 c1a797aea71a7fd8f2b5d5ab17a49566550e49453abef331a0dbfde49c2bd0cf
SHA3 5eed65210349a03d10378e2c12c57be540f9c2be194b3620d14b207e4a1959e6

3

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x766
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.88204
Detected Filetype PNG graphic file
MD5 ce3fae31fd532b1b9954dcc1de51a568
SHA1 224ddcd9ada1bbf5deb02a9b452c968de88e12da
SHA256 2cf31acbfb6c60bdc09bb4cb6a4ad9e2cf09799e062debf49c1fc0e825aefef2
SHA3 285f65dcd637ea47cd693c3cacfed5f87c2e5d61a6c78e9185887eefc28b5133

4

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0xd3c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.9284
Detected Filetype PNG graphic file
MD5 935f1c142164b2316d48110cee34a81b
SHA1 698ab9320ec13997ff0fc5715f3a3d8b37399b72
SHA256 68214be667d9ad0630e8a71348bbac0cd7d1434f6376efa0df2bdafc31a9d14e
SHA3 7e62b798ae223dff7cedb805b9799cdcb72f995d116ad5265f7647a03c12fdcf

5

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x14a1
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.93765
Detected Filetype PNG graphic file
MD5 7bbbc1bb56288fc0087d149789372249
SHA1 2c9af3cda751566f83e932ce811dcbb31e6afbb6
SHA256 5b0e599a213165840331a986d7c16f22da5928bd7b89acb4daa013191f163a8e
SHA3 b1ff622ccbb9f2baf361af38451e069a38776956864911c3960903105109dc6d

6

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x3781
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.96197
Detected Filetype PNG graphic file
MD5 3235430a2ee22d9f59242c40c7ef7490
SHA1 d6977df9575eb8203de013b5a713d4411694a4fc
SHA256 31c370743aaeb602f5b353bb433e9e64137bf5d042b80662ae99030e07573770
SHA3 1c57120e8c4567dcad807d055e2cf1e75bbdf9f7ce7d0c52eba326d8eb89522a

7

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x96f2
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.96788
Detected Filetype PNG graphic file
MD5 11bcb93b3ec9c5faa93167f9a0366721
SHA1 9adc6913b5dc3ff4d0ed92d9f343bf7192e436b0
SHA256 b680b3f5dc3e91aa08922687cc7a4a1a45224b5461476586e1e851ee34f2fa81
SHA3 33c245e1e18c4c76bbf9b57ab40fa1ee449c45cd89b846337c092bee4e53f090

1 (#2)

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x68
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.67694
Detected Filetype Icon file
MD5 c824b73db8204695a5d0919740d1775c
SHA1 f7d37c62ab45ad238e490ff3063c0ccd7c45bdab
SHA256 7e0fc86b21517f27db2fd91a513d56e1ff29453a7c920fa27ef4f980db1e784f
SHA3 cec47f76e628d28f36ebc3f3a86faceb0ec5f6dcde76df62588b39a2d3ff16d6

1 (#3)

Type RT_MANIFEST
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x50d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.25791
MD5 84da8dee6b319ea0b10b6de5489c6aae
SHA1 5f8991f3e065fd95614859a293f88b9c70e4bb23
SHA256 abf8f2022f12f350789d961aceaf9ccfd53e7ec58d8c9934cfce77779b4eac11
SHA3 08f0562915b54bedce5a84e9d32cb2efcc538268785103b1852338e20a3b4606

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2026-Mar-01 13:29:15
Version 0.0
SizeofData 816
AddressOfRawData 0x3cf78
PointerToRawData 0x3c178

TLS Callbacks

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140041040
GuardCFCheckFunctionPointer 5368894648
GuardCFDispatchFunctionPointer 0
GuardCFFunctionTable 0
GuardCFFunctionCount 0
GuardFlags (EMPTY)
CodeIntegrity.Flags 0
CodeIntegrity.Catalog 0
CodeIntegrity.CatalogOffset 0
CodeIntegrity.Reserved 0
GuardAddressTakenIatEntryTable 0
GuardAddressTakenIatEntryCount 0
GuardLongJumpTargetTable 0
GuardLongJumpTargetCount 0

RICH Header

XOR Key 0x361d01a7
Unmarked objects 0
C++ objects (33140) 183
C objects (33140) 12
ASM objects (33140) 10
253 (35207) 3
ASM objects (35207) 9
C objects (35207) 17
C++ objects (35207) 40
Imports (33140) 11
Total imports 159
C objects (35213) 27
Linker (35213) 1

Errors

Leave a comment

No comments yet.