7d68fa7b81a95b2ad8af9c766e2481425448927e1a2783cb4f04a25d8d6e28f4

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2026-Jun-25 08:07:30
Detected languages Chinese - PRC
Chinese - Singapore
Comments Hextech
CompanyName Hextech
FileDescription 海克斯
FileVersion 8.8.8.8
InternalName Hextech
LegalCopyright Hextech
OriginalFilename Hextech.exe
ProductName Hextech
ProductVersion 8.8.8.8

Plugin Output

Suspicious The PE is possibly packed. Unusual section name found: .tt$
Unusual section name found: ./tS
Unusual section name found: .\<t
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Can access the registry:
  • RegCreateKeyExA
Has Internet access capabilities:
  • InternetCloseHandle
Leverages the raw socket API to access the Internet:
  • inet_addr
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 bb85d1e20bd8b78ca9fa822492cf5959
SHA1 ee0a628b5b10ac03d91fa6fad5466330e9448092
SHA256 7d68fa7b81a95b2ad8af9c766e2481425448927e1a2783cb4f04a25d8d6e28f4
SHA3 579a7c8748d0ca0b53649b2266225b23498dd6ac7126b948e3ca1ce85b6063df
SSDeep 393216:Y4WMysimqdtHYEfkL68CSzXQE4TspUsntCG4MpFB/gHX:Y4WMRAvHPfkLJzgE44pJtWMpvg
Imports Hash b6036426d8de79d5331a5058785058e8

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 7
TimeDateStamp 2026-Jun-25 08:07:30
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0x128000
SizeOfInitializedData 0xd0b000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0200F124 (Section: .\<t)
BaseOfCode 0x1000
BaseOfData 0x129000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 5.1
ImageVersion 0.0
SubsystemVersion 5.1
Win32VersionValue 0
SizeOfImage 0x288c000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x1271d2
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0xc2a8d6
VirtualAddress 0x129000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x136562
VirtualAddress 0xd54000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tt$

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x5fd4f9
VirtualAddress 0xe8b000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

./tS

MD5 156554a20948bee7d454336a723316ef
SHA1 52f78f37d129c3738bfceea647900f1e8f4dc04f
SHA256 144e4c008162830f1adb70d959b0725970ef2b8e2b33134c8745cfd400506ea0
SHA3 61d3b578ccdc85ff5b87753597b50a1565a7174cc550b174bd6d54368cb3dea8
VirtualSize 0xb70
VirtualAddress 0x1489000
SizeOfRawData 0x1000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.297199

.\<t

MD5 d50d4c561b33e74457e8d220048ce55f
SHA1 3278f89cbb7dcab3d153bcd79bc702222193091d
SHA256 27bbfbdcd8b36a7f838f520082624de0a94a2c6d24a03fd771317b08b20047ce
SHA3 444889b226efcf088c9ee14d146f29c9501da55cc39e9652c9ef16e812fef158
VirtualSize 0x13f4620
VirtualAddress 0x148a000
SizeOfRawData 0x13f5000
PointerToRawData 0x2000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.99613

.rsrc

MD5 89da7f2d40df76532f7c56f14d941704
SHA1 d592708092770e6b00c4774b252ecb5bcc66876c
SHA256 87ab920eef7321ceb68b1976f79a261531064e748fd3befc06fd245fc70a0bd0
SHA3 cb6be8064d8d523401408ffeb013acc49b92ec624a0f529ea4f2e9165c510f89
VirtualSize 0xc1f9
VirtualAddress 0x287f000
SizeOfRawData 0xd000
PointerToRawData 0x13f7000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.91915

Imports

MSVFW32.dll DrawDibDraw
AVIFIL32.dll AVIStreamGetFrame
WINMM.dll midiStreamRestart
WS2_32.dll inet_addr
RASAPI32.dll RasHangUpA
KERNEL32.dll GetVersion
GetVersionExA
USER32.dll GetMenuCheckMarkDimensions
GDI32.dll RoundRect
WINSPOOL.DRV DocumentPropertiesA
comdlg32.dll ChooseColorA
ADVAPI32.dll RegCreateKeyExA
SHELL32.dll SHGetSpecialFolderPathA
ole32.dll CLSIDFromProgID
OLEAUT32.dll SafeArrayPutElement
COMCTL32.dll _TrackMouseEvent
WSOCK32.dll shutdown
WININET.dll InternetCloseHandle
KERNEL32.dll (#2) GetVersion
GetVersionExA
USER32.dll (#2) GetMenuCheckMarkDimensions
KERNEL32.dll (#3) GetVersion
GetVersionExA

Delayed Imports

1

Type RT_ICON
Language Chinese - PRC
Codepage Latin 1 / Western European
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.12749
MD5 0cb42696bae18798cb7086367e1c8648
SHA1 c8c1ea6ee6ae4285986c9ef7e3df213a32d76150
SHA256 c70bbabb35024b71265ad0cbc6b6553146b8417e6469c7031b292f87ac7f027c
SHA3 6f2d62a1fa986d2ef581c9c32b9e13c28f1689842f0bb999dd64e6ad58ac8fd3

2

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x668
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.17393
MD5 c599fea9e4656c6c9398571b8638af38
SHA1 47ae8a940aba11bd2e9e4a8435a6327291e9dc11
SHA256 349a696632404224b182879ce16c2ed5a35a45218b5f7e1feba16e2f81568542
SHA3 9e5c7825e413713b59ec764315522c0199af9c2ae3b10d283fc824cbc4261c21

3

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.27823
MD5 8e72b74ea89ecf61cf0a43c97ba5f3e8
SHA1 24b6681117d7054ceb2829bae8825f3696885ca9
SHA256 a608f8181b4e1f5a71445b217eb76c5b48285b67b04dbc0a274c22efe2cb7eef
SHA3 c95c93006c474634050d800632669e8f3c78f0e5ef0146f109e8619b88e64780

4

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x1e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.13701
MD5 ba443c9f8114bd7c92867f5442616200
SHA1 3809db0ea4023e3f737ba8a364231be5542e84b2
SHA256 1d4ef36c3645bae610ae107df2bd08cc126289f4773c0a1f63be7881fdbfb0d7
SHA3 fd394beec9f6941771de4f2a33ed8798a1dcaec7b151d972a4851b8992428147

5

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.71219
MD5 74307e116a74a08bd5a26ef9e8de3a9e
SHA1 99d466aac29043da418d11d307b8bbd60080f3c3
SHA256 2dbd457f8177bde73625f8367108cfbb1d66c34c130559896644ca350dd39f25
SHA3 619c9aa86c45deb2453834d3c2ec7f9ef817e141da686109ccd4ec8d493de40a

6

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0xea8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.171
MD5 d353ec0559ef126dcf17861e1df51725
SHA1 1709a92e178a6499d8928b6a61303c3eb9f329f9
SHA256 7aaccd7003a171f03568591832fbe7f7fefed3f136380f9276e33ac67325e96c
SHA3 d73f13758ee5372e264c1d13ca6e7d4630e4dcb5a3fa1d5af29e8c505a2e69df

7

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x8a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.09321
MD5 42ae4c031514084df1ef37584feaf56a
SHA1 d7e6d0924b47cc70ca636b8242362467ce519e5c
SHA256 5c0408578920ce24b8434a3885bf9e1cdd7b679e859ccae49b4d0e77d5d22ad5
SHA3 3fec64a3edf3d85e8cdfe8e34d11af4d531d5ce7bf0e4a14cb29957ee49cb65f

8

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x6c8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.99997
MD5 9d96b7f12a681bdf909bcfaa687843b3
SHA1 410e6a13a462b199179d1cc45b7e29f91b48fa4b
SHA256 da4a0ceedc12c2a83f15d8a7a0db9231790cf6d6433c1d46cce0c7dde608c990
SHA3 adfc051af62b32274a6f80f2ad1237a3d799543b20821c935ca92e52c21d7e58

9

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x568
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.02733
MD5 62f9c1d1d237f74f8f9f31aed81128dc
SHA1 e6784b01e9b700764ab07339f7c1d7cfaf51d6db
SHA256 28e427e3abd04181d6d448db5d613bc2473d5921a886f400a58b21f4e362ff7d
SHA3 ed5d74e7fdb0743c015afdd68be5d7ead37db091d1224016b81afad78432ee43

10

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x402e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.93554
Detected Filetype PNG graphic file
MD5 b021d6a15d91c7f6a83b1dec25e25525
SHA1 6e86be2dd724d476a66a6ebfd7aa4be7eed27192
SHA256 04dc23f5e3df019369ef42c47bf96720d8691e00e83becad295dbe81c3f9620b
SHA3 257ab72a441439616ec757217ccc22d8a3d1b9ddabcf46ee50b3b1b9c31f7f4a

11

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.52312
MD5 2a1613d0845d00b916aa58adf0d41788
SHA1 9b80e5a340e2b46e6c1d1f5cdc71f70987a6362e
SHA256 c3a9d3b89fe9d0197f5d20a9a00f2e69c9218c57b95f21bd16d193d264725d1d
SHA3 6be13a8f2c46fc7d016e5e1338619a9c6aab8a2538fb392ad95ca1860d53663d

12

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.65168
MD5 9ea19e6905b73670bf173b6ed270f52d
SHA1 0990bc33abfc67bf30fa225c39caac330248ce4e
SHA256 1d07a182ee09e1ae5120d258c03c8cdd17797e00bca1e3c4d923b03c37c7cf1a
SHA3 6f95f1bd2ea42683b37b905d1215789ccae50a552cdf454d0f859234f5789216

13

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x988
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.67226
MD5 ce036ff8358f6c7503e262a2077dbca1
SHA1 2b1e91d84678b137bb5c321e3d91156ac849abaf
SHA256 5c0492484057e0b66718df9fefa6bbff3cd1d0efc2b5ae37eac5c09999e89257
SHA3 b291b4657b77504edf8be67735207603d0598ed877fa8cea701546c2fbcb188f

14

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.30352
MD5 1c1e6cd78d1fcc8ff3ed5ea315e9ac3f
SHA1 51bd9e867d097c01361b2d7e6b8c2510b0f3936d
SHA256 25ecc1cbf3851e7184dc082b835d0cade3d64c94ef67e13632f40468d9e23d34
SHA3 dc14125b15a210e78561a17eb3a743f29f94f70af9449b8c4ceb8cb447e26728

15

Type RT_ICON
Language Chinese - PRC
Codepage Latin 1 / Western European
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.18858
MD5 f7689df1f1046fd3a9329c2bed028a7a
SHA1 5c81380f4db520c34783768d528a1223ccc10298
SHA256 bfd6b9443d835d48f4872879c901fd73a9cb1dcd85ceb44ab769410cf282b756
SHA3 d8707398afb787b830b3e9fdd416041d648fd4ba2e0988a16906f692a85b7dc1

DEFAULT_ICON

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0xbc
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.25434
Detected Filetype Icon file
MD5 812fbc8341ca914a3a5d8c69b88d0bfa
SHA1 d39003851d562a9a4cfe304104504041cf480507
SHA256 e4005c0912833bba02d01ffa94e5343d01bc447a48eebdc069ac4d2c79ba492f
SHA3 870679fbed5000f809b38f022d0aa566521c1d2186d9ac379d409b5f21a809e3

1151

Type RT_GROUP_ICON
Language Chinese - PRC
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.16096
Detected Filetype Icon file
MD5 42cf62b780813706e75fb9f2b2e8c258
SHA1 a022d5c1cfdd8aace0089f3e72f2eedd41bda464
SHA256 a0c9d012e2bf6b2fe05c2d97cb5594d97cf2f539e97935c12abd7a3562f4d9bf
SHA3 0aafc8e3d8b6bde595537da4ffe0efc5fe53f01dafe336a2a5828b6a71283d3c

1152

Type RT_GROUP_ICON
Language Chinese - PRC
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.02322
Detected Filetype Icon file
MD5 12a87a0301e7a1371bac42274737a428
SHA1 395dee591cf83c722f7c9dd2ee4bf9f07447b1d6
SHA256 1f5f4343bf0f80e8092e45a85bb907571a74aaf134c3e95dd49ead0d86163a3a
SHA3 dd13ca24dccbb4d7812944f411f2cf3c04aeac7188f0cb92fa52bc0606d6b746

1 (#2)

Type RT_VERSION
Language Chinese - PRC
Codepage Latin 1 / Western European
Size 0x29c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.30798
MD5 a472b3bd2de159fd12ba3328270eeb6a
SHA1 8d1e5f41c94689f893626692185f126a9a20cf78
SHA256 41dd6b532732e8752665c2f1eb843b118f4ca90339a2243b093d581ef4399fa7
SHA3 66c2eb0b7a4976c560180061096fd4f581e803e8e12b6d462880605bbec802a5

1 (#3)

Type RT_MANIFEST
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x1cd
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.07695
MD5 1f8e637078d78cd17668b33b7949967f
SHA1 e15e16c2983f3b7cde3cbd8eb43d77f34941ede6
SHA256 7579d42f72e8634505b7b2e4aa385721e691566ed73011a9f22eb0f79fc7f362
SHA3 f08a75f6436bc54ab25e27e308ed14a7158cfd45c148d75e7a70f3c20bbcdba1

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 8.8.8.8
ProductVersion 8.8.8.8
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language Chinese - Singapore
Comments Hextech
CompanyName Hextech
FileDescription 海克斯
FileVersion (#2) 8.8.8.8
InternalName Hextech
LegalCopyright Hextech
OriginalFilename Hextech.exe
ProductName Hextech
ProductVersion (#2) 8.8.8.8
Resource LangID Chinese - PRC

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not read the exported DLL name. [*] Warning: Section .text has a size of 0! [*] Warning: Section .rdata has a size of 0! [*] Warning: Section .data has a size of 0! [*] Warning: Section .tt$ has a size of 0!
Leave a comment

No comments yet.