7a6c15a829fff096dcc652072ef6d4e4

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2024-Oct-17 07:39:54
TLS Callbacks 1 callback(s) detected.

Plugin Output

Suspicious The PE is packed with UPX Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
Unusual section name found: UPX2
The PE only has 8 import(s).
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
 Can take screenshots:
  • BitBlt
  • GetDC
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 7a6c15a829fff096dcc652072ef6d4e4
SHA1 5ff22d57870692e45a7b954cbf8cf3203de5a7ab
SHA256 7aa2ac291894c7310411653d08aa1fd76a692bc612644fa9159b950e62a6541b
SHA3 8f728f506564cbedefec2267d93c87d79bf30681cc5f92409644f321dcd85b17
SSDeep 1536:zV6s+5u0Py97rWhbKtWOwKVQ85Tbnz0wihmM/Up/1dJE4/p:w3gdWRKISQ6bgBhD8p/6
Imports Hash 6dd2ff710ed6cc39e80e86792d67f3a3

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 3
TimeDateStamp 2024-Oct-17 07:39:54
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32+
LinkerVersion 2.0
SizeOfCode 0x10000
SizeOfInitializedData 0x1000
SizeOfUninitializedData 0x2d000
AddressOfEntryPoint 0x000000000003D560 (Section: UPX1)
BaseOfCode 0x2e000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 5.2
Win32VersionValue 0
SizeOfImage 0x3f000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

UPX0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x2d000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1

MD5 1b7498d505c73bb6998aec9add30e30c
SHA1 850dccf8a3e8611c5ac11371be96bdd7370080e7
SHA256 94d8f10a0a2a3c634b8947b9c0450e8d4ca089c6af27de069da50160054838aa
SHA3 78c4633725a5bcb3f3d80b60d1f54572dd4f835b926bcf98ba2e98a38122127d
VirtualSize 0x10000
VirtualAddress 0x2e000
SizeOfRawData 0xfa00
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.92301

UPX2

MD5 8c0b6da5cba7ded6ad0f2d38da899644
SHA1 939cc3444654d0b6770691a15edad40d3e2a3cd1
SHA256 00b4a5d72b7dd0e26f1128e5f62b57edb09b33d7c51a8e0961081c01de20c028
SHA3 36ee3e729aaca6e6ead6c7bba252a4b89da81d6cf6f1cd6ebc681b8a4dd4106f
VirtualSize 0x1000
VirtualAddress 0x3e000
SizeOfRawData 0x200
PointerToRawData 0xfc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.97822

Imports

GDI32.dll BitBlt
KERNEL32.DLL LoadLibraryA
ExitProcess
GetProcAddress
VirtualProtect
msvcrt.dll tan
SHELL32.dll DragFinish
USER32.dll GetDC

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData 0x14003d850
EndAddressOfRawData 0x14003d858
AddressOfIndex 0x140036fdc
AddressOfCallbacks 0x14003d858
SizeOfZeroFill 0
Characteristics IMAGE_SCN_TYPE_REG
Callbacks 0x000000014003D7FB

Load Configuration

RICH Header

Errors

[*] Warning: Section UPX0 has a size of 0!
<-- -->