| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| Compilation Date |
2026-Jun-19 10:47:24
|
| TLS Callbacks |
3 callback(s) detected.
|
| Suspicious |
Strings found in the binary may indicate undesirable behavior: |
Tries to detect virtualized environments:
- HARDWARE\Description\System
Looks for VMWare presence:
Looks for Qemu presence:
|
| Suspicious |
The PE is possibly packed. |
Unusual section name found: .xdata
|
| Info |
The PE contains common functions which appear in legitimate applications. |
Can access the registry:
- RegCloseKey
- RegOpenKeyExA
- RegQueryValueExA
|
| Suspicious |
No VirusTotal score. |
This file has never been scanned on VirusTotal.
|
| MD5 |
6546c246f193b3253c9f4ed7d94a1776
|
| SHA1 |
f75ff56b702baea2cb60901a3db2a4516ebacde5
|
| SHA256 |
79176bb5aa6db6efd7624c7f18811ee2c45ac3d70f68a4455d07a165c19892c5
|
| SHA3 |
029a92e279a5f7ef385a7561d30e0a630c423574ff1aca22060a57c37b57e3ab
|
| SSDeep |
768:g7IeXWQaO9Z/vcneSIDrHvezlM38+guyjMO6hq9toQj07tcsPkDU+BvQ:4xEeaeSIvHvOIyQq9XM+
|
| Imports Hash |
014378d614e2d0c930a037a940c662a4
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x80
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections |
10
|
| TimeDateStamp |
2026-Jun-19 10:47:24
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xf0
|
| Characteristics |
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
|
| Magic |
PE32+
|
| LinkerVersion |
2.0
|
| SizeOfCode |
0x7a00
|
| SizeOfInitializedData |
0xae00
|
| SizeOfUninitializedData |
0xc00
|
| AddressOfEntryPoint |
0x0000000000001410 (Section: .text)
|
| BaseOfCode |
0x1000
|
| ImageBase |
0x140000000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
4.0
|
| ImageVersion |
0.0
|
| SubsystemVersion |
5.2
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x13000
|
| SizeOfHeaders |
0x400
|
| Checksum |
0x108ca
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
| SizeofStackReserve |
0x200000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
9d4536444415ce40635d050847635a55
|
| SHA1 |
adbe1ffe9b080638dd901e2745d3caf107d8c538
|
| SHA256 |
61d03dc2957d62a680650c5e274cd4a83367bfee461df0d95f29d8df99bc0795
|
| SHA3 |
de707b4a50a75b2d68b2c5728ecd8af0ff48399ed27986defdd4bc3aad782eb7
|
| VirtualSize |
0x7928
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0x7a00
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
6.33669
|
| MD5 |
8eb7565c1d9b2e6369a8b53b66cff37d
|
| SHA1 |
ef0557e937c604cc337aafb42a4f76fa2bd6c292
|
| SHA256 |
bf9d121a2bd909903023def8f880284b92c2347aab5927a54f074d451be0b98d
|
| SHA3 |
af2afa5102cc2d21130dae64c46894856fdc0a55044d011a998862a9f8853ed1
|
| VirtualSize |
0xc0
|
| VirtualAddress |
0x9000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x7e00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.883692
|
| MD5 |
be8e094cae470c283bdf9c3a645db2c7
|
| SHA1 |
6cff99bf389a52f324ea2547a579f765ebefc421
|
| SHA256 |
bf1861f3f870f80129b067dcfd773dcb03c0187d9918f41225a8f32fae8abf39
|
| SHA3 |
c70c281bd40ebfc19fb56160a985b3c2f1c9204a08441c19faf47f6084a24f15
|
| VirtualSize |
0x1520
|
| VirtualAddress |
0xa000
|
| SizeOfRawData |
0x1600
|
| PointerToRawData |
0x8000
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
4.73927
|
| MD5 |
a85756b0d9e4f82fca11815804240cc5
|
| SHA1 |
1bd9141333fd411c7a08065a356fdd92ce46ab26
|
| SHA256 |
e19741facf2e7188c1b207ea0da94ce50f2bdc5edacc82780b565393e4d22e5e
|
| SHA3 |
74119591fb935dacfb9d534f4cabf5e859a54527a564c5f0b1a31818248daeb4
|
| VirtualSize |
0x5f4
|
| VirtualAddress |
0xc000
|
| SizeOfRawData |
0x600
|
| PointerToRawData |
0x9600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
4.29549
|
| MD5 |
8c53f35a9b5df01400dd230e97cd9e74
|
| SHA1 |
7f113256f008385c5921b275fbfc0d3fa76b3346
|
| SHA256 |
b6e55bde5ad932879538364680137681f7ae73e3c07db2069afa888fb1a5bca3
|
| SHA3 |
a58e0924ba28752ba9b4e15fddb6360e4c8598a971fbf50a281732c55b9fb724
|
| VirtualSize |
0x600
|
| VirtualAddress |
0xd000
|
| SizeOfRawData |
0x600
|
| PointerToRawData |
0x9c00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
4.60602
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0xba0
|
| VirtualAddress |
0xe000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
b95c4f08aef5e42c8d6458581e82c96b
|
| SHA1 |
2609671ff002cf9d1c273ca15a817487c63b8b00
|
| SHA256 |
1f9b0481180273c1ba39c9b03b0e486155187771cc718d1fdb89256113d42cec
|
| SHA3 |
28ee5676738cde050592d9e251642e97719a0c5bdbe94c2a7e7e2b6fb716c267
|
| VirtualSize |
0x804
|
| VirtualAddress |
0xf000
|
| SizeOfRawData |
0xa00
|
| PointerToRawData |
0xa200
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
3.44138
|
| MD5 |
d9a3b6efbc34631219211f0b39901358
|
| SHA1 |
0c4f242d69f155c2a7d267f07e0ce2f3f12943e5
|
| SHA256 |
ecf9438724ee2a715c5656a62713f421d6446c623594c5c59c69041f5d7503a5
|
| SHA3 |
02a86dd8e1813a6b3abf4506772a34c8d881c27016bd023e09308fc2b39e9a33
|
| VirtualSize |
0x68
|
| VirtualAddress |
0x10000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0xac00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.325736
|
| MD5 |
bf619eac0cdf3f68d496ea9344137e8b
|
| SHA1 |
5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
|
| SHA256 |
076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
|
| SHA3 |
622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
|
| VirtualSize |
0x10
|
| VirtualAddress |
0x11000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0xae00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0
|
| MD5 |
431b35e6e2c574a2a8bbe8ab3f1d20a0
|
| SHA1 |
7bb7bf89e84d06d0b294beb1e05ee9d8f72c06de
|
| SHA256 |
0ab211258779f405e4f45d9ac30e5a312bfb54c617071f194ac3d914fedf702e
|
| SHA3 |
f00e854a5cc3ee1bc98635ecd3c889fb9ded21b516e397e3a71bc95054761d13
|
| VirtualSize |
0x114
|
| VirtualAddress |
0x12000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0xb000
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
| Entropy |
3.28424
|
| ADVAPI32.dll |
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
|
| KERNEL32.dll |
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte
|
| msvcrt.dll |
__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_commode
_errno
_fmode
_initterm
_lock
_onexit
_unlock
abort
calloc
exit
fprintf
fputc
free
fwrite
localeconv
malloc
memcpy
memset
signal
strerror
strlen
strncmp
toupper
vfprintf
wcslen
|
| StartAddressOfRawData |
0x140011000
|
| EndAddressOfRawData |
0x140011008
|
| AddressOfIndex |
0x14000e08c
|
| AddressOfCallbacks |
0x140010038
|
| SizeOfZeroFill |
0
|
| Characteristics |
IMAGE_SCN_TYPE_REG
|
| Callbacks |
0x0000000140001590
0x0000000140002330
0x0000000140002300
|
[*] Warning: Section .bss has a size of 0!