818ed59fa5ef9f446f9152f845366715

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2023-May-29 01:01:54

Plugin Output

Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
 Possibly launches other programs:
  • CreateProcessW
 Can create temporary files:
  • GetTempPathW
  • CreateFileW
 Functions related to the privilege level:
  • OpenProcessToken
 Enumerates local disk drives:
  • GetDriveTypeW
Suspicious The file contains overlay data. 13631892 bytes of data starting at offset 0x4e800.
The overlay data has an entropy of 7.99826 and is possibly compressed or encrypted.
Overlay data amounts for 97.6956% of the executable.
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 818ed59fa5ef9f446f9152f845366715
SHA1 635a8b6ab67ce41037abb8832131d650ea9622f5
SHA256 f06d0529307199a708c26b005a0e5f48b9e32802c4baf316c0dd7d46be17e4c5
SHA3 9cfa36b8c41107e2f4d753eb2321a20768a5de24e0b555fd41e6f11f0a6461ba
SSDeep 393216:qT9xbEXU7kLZcRZ1Rzs8ssFrWz8sq3+d9NDSZW85hmTV:g9xbEEY+1vfl2UOd9NsW85hU
Imports Hash 0b5552dccd9d0a834cea55c0c8fc05be

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2023-May-29 01:01:54
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x28800
SizeOfInitializedData 0x25c00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000000B310 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.2
ImageVersion 0.0
SubsystemVersion 5.2
Win32VersionValue 0
SizeOfImage 0x63000
SizeOfHeaders 0x400
Checksum 0xd5c3e5
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x1e8480
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 443d51fb84559b563832949912f06b00
SHA1 3c309e96b6d97e9933675842786779857dc8d41f
SHA256 f48b0c0c0f0c878e860206cd79baaecae02773a6a5d777c0504d4d60262a7d11
SHA3 367f53222b3cfe5c25c40fcbe29867bb8bedbde03291b68ff7c2ed35f4893981
VirtualSize 0x28800
VirtualAddress 0x1000
SizeOfRawData 0x28800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.48802

.rdata

MD5 cf033a6a48b6a046dd2b71b7f694957c
SHA1 18c8c432227f055eadfcc79afb958a553b587bd2
SHA256 7d41c8229c1c4d73318e749e0d00241cf13d17b0547b84ffa07dad470dc2382f
SHA3 20dae54de55b737ef6e100ef61d65affdfe80062839d568abc7a5c0b82c81cf9
VirtualSize 0x12b16
VirtualAddress 0x2a000
SizeOfRawData 0x12c00
PointerToRawData 0x28c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.82463

.data

MD5 afabb66fdcd2825de5909f10c900fca7
SHA1 46dc5437e76628a304415f5a1f1d214543c40596
SHA256 0d0e6912c4f4c798c683719bd779ecbeb0fc136817076d9a906d589147378581
SHA3 d9929920721df6850e399b8018b413c38877183d04d008d3fe2a52e0ad3d57ed
VirtualSize 0x103f8
VirtualAddress 0x3d000
SizeOfRawData 0xe00
PointerToRawData 0x3b800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.80969

.pdata

MD5 7b210ceebebc00c96d1c55c2b456bbb4
SHA1 1f3c92bc0b282f4065f048c81155cff7b4ac91ab
SHA256 962ad4fb02b4e1b3e4d5fda9f9f4569fd6a973b30fe53024119b8469a4c34bcd
SHA3 24c7bb0147c4b2a7257be90cf7697c575e05b6eae08fb0e0bb4f469570499b81
VirtualSize 0x20c4
VirtualAddress 0x4e000
SizeOfRawData 0x2200
PointerToRawData 0x3c600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.2741

_RDATA

MD5 c059b775abce97446903f3597b027fae
SHA1 f1716bde56ccd54ca04e6f85b3eaa4d42e6eeafb
SHA256 d2e4f87588e5b047bed5a61e5a1a4354eb26b03018a337ad3e8d633d1e170e05
SHA3 f76ee2d35930bfbff87a63cbc393c30bd1bab52ffe9581872c9beb032dfd0a0f
VirtualSize 0x15c
VirtualAddress 0x51000
SizeOfRawData 0x200
PointerToRawData 0x3e800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.80857

.rsrc

MD5 f04165b0d3ade2d33ebbca89c4013dc7
SHA1 d3b4674c385e466ad6aa8219cd6172a654381ddf
SHA256 b7bf89603c24393847a9d567415adb713ac90827e7f5f4865a45802bc5a77bbd
SHA3 44975bf1ac99d178880c7f75bfffe6830a73e06af8761ef28eacdc248c7f82f1
VirtualSize 0xf4a0
VirtualAddress 0x52000
SizeOfRawData 0xf600
PointerToRawData 0x3ea00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.55563

.reloc

MD5 11aaafc72361ec8886a740c3e209ceb3
SHA1 11ceba5d079e853145fb0160fc46e31d118b9f39
SHA256 1476f8627e5fceb6620502bb2675225b284f4ee91add1618a59aeb51181b9003
SHA3 6c8f7f67ce9320254daf24d454aacccb43255475b0799895d9ea457dd2592531
VirtualSize 0x758
VirtualAddress 0x62000
SizeOfRawData 0x800
PointerToRawData 0x4e000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.25766

Imports

USER32.dll CreateWindowExW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW
COMCTL32.dll #380
KERNEL32.dll GetStringTypeW
GetFileAttributesExW
HeapReAlloc
FlushFileBuffers
GetCurrentDirectoryW
IsValidCodePage
GetACP
GetModuleHandleW
MulDiv
GetLastError
SetDllDirectoryW
GetModuleFileNameW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
GetOEMCP
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetEnvironmentVariableW
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
SetEndOfFile
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
ADVAPI32.dll OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
GDI32.dll SelectObject
DeleteObject
CreateFontIndirectW

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0xea8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.15653
MD5 15d6a8563184abef13a1ee75aea262ad
SHA1 d7d896432efd845f283f2b98a66486df05bf5e10
SHA256 7cccfafd00332ac9c9f6ac0112cc0653991eb169943919e55d05f3fa15929821
SHA3 93904dad7224f31021bf8d53753e553f8233c2f40f6dbe25e67b692c6ae378ab

2

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x8a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.44895
MD5 1c06420cfb94514d35c088699a04774d
SHA1 2c23d7df4bc8ce3fb15f33e78c042b12814aea3b
SHA256 d73c1848a067a0fd094423213dc1e855b5b29b0b441f0bcb315feb90d662972e
SHA3 a630c0bd054ccf853d3673897d2a553e10797d288b3f09898503304ecec7d7f3

3

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x568
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.77742
MD5 db1208cf5d76055be1c3a34567af9f5a
SHA1 c5adcd7407c8b18459e4b4ce96fb70ecf5701a97
SHA256 5a008270f7254f5ca861e9936f4b5b7a23c04d63165895234fd1782bc03ec0e5
SHA3 549076010917e74ff3fe656848779d90468b96740184b07016dbf2833e9abf99

4

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x952c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.95095
Detected Filetype PNG graphic file
MD5 f6fbada22d6a6c07ef8fdaa504f117d5
SHA1 591a723501eff1a4920462f8efcaf3715e829450
SHA256 3919b11194f130d310dfe08bdce2891c5b64f2703107f53a5a1cbc016fdb609f
SHA3 ceca597fff3f436773eb9e48be245ce9d24439b9527a0d3aedaa1469e49d3f5c

5

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.0521
MD5 86ce219c337119fe35646823cb56d091
SHA1 74d3090f01f3128bda93a3a7525f139c495bffbd
SHA256 7ef5a24efde1748c0eb12c5817b14cfe1397ae968489a7824a269d02c8223cee
SHA3 8daaa7aab035df895cb478d3b92385d12aebd96c8bbde3a05a615ff56d41aebf

6

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.15081
MD5 58b7700e8f20d0a3c77021eb7e7019dc
SHA1 87f7668b96ab48bd6ba5c8b9968dbb024a028407
SHA256 c5536b396be6dcfc96f4e4f77cc7007b2a56730ee57598a6979cc1c1c71c920a
SHA3 13bb36cea0c569109ddca6560016003d3ce662f8e0bc189e9750019ccdc7bc72

7

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.39466
MD5 9de69c1c4b3a06597da9c275b38bffb6
SHA1 a4ed3bd1bb4edc0eaa187b68929f596906e9ee87
SHA256 ac2e25dc4a4f7bd96a0bcf3ea63cd1bcf26a6f6a05835e32f96ef99cb4323f30
SHA3 6ff197b54509b5c0fa643d6bdbc756cccec2b5bc8495c770883c021e833f7509

0

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x68
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.71858
Detected Filetype Icon file
MD5 cd3a631eace19041876b4c4c6ec8461a
SHA1 d4b3f99c4d648e3446dc05e7fb6e444e42dfed01
SHA256 f5b94a42f1c77c9eef858a0dfd656419fea900b00318c2c0bf49c2fce345d838
SHA3 b6dcbb1b4c262eb5aee12773a52c29ff20fef809a4e61822700d005457944b9f

1 (#2)

Type RT_MANIFEST
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x593
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.2895
MD5 cc6641b44384d63110c361553b69ffc2
SHA1 701bce8d5ffe6ca5468ee0c24bfcd4bfa8003046
SHA256 4320b4391231cab11026431881d328891c5f50cd4f7f1a10165a495772f6f1aa
SHA3 e952343e1926e3a99dc09b5a4a9d3e52130786acbd1bcc984cd9d020c73a9504

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2023-May-29 01:01:54
Version 0.0
SizeofData 772
AddressOfRawData 0x399d8
PointerToRawData 0x385d8

TLS Callbacks

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x14003d018
GuardCFCheckFunctionPointer 5368882200
GuardCFDispatchFunctionPointer 0
GuardCFFunctionTable 0
GuardCFFunctionCount 0
GuardFlags (EMPTY)
CodeIntegrity.Flags 0
CodeIntegrity.Catalog 0
CodeIntegrity.CatalogOffset 0
CodeIntegrity.Reserved 0
GuardAddressTakenIatEntryTable 0
GuardAddressTakenIatEntryCount 0
GuardLongJumpTargetTable 0
GuardLongJumpTargetCount 0

RICH Header

XOR Key 0x939157a2
Unmarked objects 0
ASM objects (30795) 7
C++ objects (30795) 191
C objects (30795) 10
253 (31823) 4
C++ objects (31823) 40
C objects (31823) 17
ASM objects (31823) 9
Imports (30795) 11
Total imports 139
C objects (31943) 20
Linker (31943) 1

Errors

<-- -->