82231b3cfe5e1ce8447f3b3e1abfa72212d6684e4345326dd5d20428eace4faf

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2026-Apr-18 20:16:10

Plugin Output

Info Matching compiler(s): MASM/TASM - sig1(h)
Info The PE contains common functions which appear in legitimate applications. Possibly launches other programs:
  • CreateProcessA
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 d30935708d4a5cb807141b41fe74956b
SHA1 39dbf3da5aabe0755b63e664694e8102d93f12fe
SHA256 82231b3cfe5e1ce8447f3b3e1abfa72212d6684e4345326dd5d20428eace4faf
SHA3 290f4a651ede9c8439fd8c58f3cf1166afb3ed41b0316654bbef9629d729e63f
SSDeep 6144:FwaON8TKRoPA2dYUA+VEPBj0QGMxV2YAVsRnQw17X6JtigxWwak90mcOwEXLYVd:FXO+JO0QjjCS9QwM8kTadOdXLkdB
Imports Hash ce96d2c19b1a34a03eee3c1cbbb19748

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 4
TimeDateStamp 2026-Apr-18 20:16:10
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x60400
SizeOfInitializedData 0x5400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000005E9EC (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x68000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 5149a61b433e8f22ce6d4ae8dfcb2d16
SHA1 47211853c59090c5e35d1327433c72ff65178c6a
SHA256 c571860ecaeb49a6fdcbe363b1ffc0dfa771eca971dcac65aa28def468da9984
SHA3 756cc1968a49ba06c1fb96d72ca5bd2bd9f07e1d2d0b38d3d0f3691b691a674e
VirtualSize 0x60344
VirtualAddress 0x1000
SizeOfRawData 0x60400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.46544

.data

MD5 e409734c3f8bc1f20357881c03d46b48
SHA1 819fc85b491a08cbb30fba6e19e7d2f7d42bdf40
SHA256 e7b9a85e6e9fac06dfebe6bacc8e267339000ef23d3316e6072ec4c9e53ab0f7
SHA3 89badc36a566863a003f090790a433f8c0f60d8325224cdb6dbac29ab73d7b80
VirtualSize 0x2d08
VirtualAddress 0x62000
SizeOfRawData 0x2600
PointerToRawData 0x60800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.52405

.idata

MD5 7f592a57aba16d1745f4d16920264ace
SHA1 a2c37cb355adf67693763073e88855647cb44f84
SHA256 fdeb8008b29635da7a490902eb5b73aa147bced0e57e3e1f53224ba4f09702d4
SHA3 69ebb57d40dc38edf4bacdb7b1770e4b0fd96c45653b0310455aeb20d938ebda
VirtualSize 0x1be8
VirtualAddress 0x65000
SizeOfRawData 0x1c00
PointerToRawData 0x62e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.53849

.reloc

MD5 cb2a9fdda7ae85e2d16820ab6c74332a
SHA1 09807ce4667e96e5019fd7e7f1dc338f38a9b1aa
SHA256 c96e06c874c835c86c33a0ad8fd23873c374f756923aa844e02df56540b8c5a9
SHA3 d792bbb3be544b69bc5ca1784386a4a3d3434554280bd6a81190da40fa2710ae
VirtualSize 0x8d0
VirtualAddress 0x67000
SizeOfRawData 0xa00
PointerToRawData 0x64a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.16301

Imports

USER32.dll GetSystemMetrics
ShowWindow
SetTimer
TrackMouseEvent
EndPaint
SetWindowTextA
GetMonitorInfoA
DefWindowProcA
CreateWindowExA
SetLayeredWindowAttributes
PostMessageA
SendMessageA
SetCursor
SystemParametersInfoA
GetClientRect
PostQuitMessage
RegisterClassExA
UpdateWindow
ReleaseCapture
InvalidateRect
ReleaseDC
BeginPaint
ScreenToClient
MonitorFromWindow
SetWindowPos
GetWindowRect
LoadCursorA
DispatchMessageA
GetMessageA
TranslateMessage
AdjustWindowRectEx
GDI32.dll SelectObject
DeleteDC
GetDeviceCaps
CreateCompatibleBitmap
DeleteObject
gdiplus.dll GdipAlloc
GdipDeletePath
GdipCreateFontFamilyFromName
GdipAddPathArcI
GdipSetSmoothingMode
GdipCreatePath
GdipSetStringFormatLineAlign
GdipCreateFont
GdipCreateSolidFill
GdipSetStringFormatTrimming
GdipFillPath
GdipGraphicsClear
GdipSetSolidFillColor
GdipDrawRectangleI
GdipClosePathFigure
GdipCloneBrush
GdipFree
GdipDrawPath
GdipDrawString
GdipCreateFromHDC
GdipSetTextRenderingHint
GdipGetSolidFillColor
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipCreatePen1
GdipDeleteFontFamily
GdiplusShutdown
GdipDeletePen
GdipDeleteFont
GdipDeleteStringFormat
GdipDeleteGraphics
GdipFillRectangleI
GdiplusStartup
GdipGetStringFormatFlags
GdipDeleteBrush
GdipCreateStringFormat
MSVCP140.dll ?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
SHELL32.dll DragFinish
DragQueryFileA
DragAcceptFiles
KERNEL32.dll CreateThread
CreateProcessA
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetTickCount64
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
CloseHandle
MultiByteToWideChar
QueryPerformanceCounter
OutputDebugStringA
GetModuleFileNameA
GetStartupInfoW
VCRUNTIME140.dll __std_exception_destroy
memmove
memcpy
__std_exception_copy
memset
memcmp
__C_specific_handler
_CxxThrowException
__current_exception
__current_exception_context
VCRUNTIME140_1.dll __CxxFrameHandler4
api-ms-win-crt-stdio-l1-1-0.dll fseek
_set_fmode
fread
__stdio_common_vsprintf
ftell
__stdio_common_vsprintf_s
__stdio_common_vsscanf
__stdio_common_vfprintf
fwrite
__acrt_iob_func
fopen
__p__commode
fclose
api-ms-win-crt-math-l1-1-0.dll tan
pow
ceilf
trunc
log
sqrt
fmod
fabs
nan
floor
cos
ceil
_dtest
sin
__setusermatherr
round
api-ms-win-crt-runtime-l1-1-0.dll _cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_seh_filter_exe
_errno
_get_narrow_winmain_command_line
abort
_initterm
_initterm_e
exit
_exit
_configure_narrow_argv
terminate
_register_thread_local_exe_atexit_callback
_invoke_watson
_c_exit
_set_app_type
api-ms-win-crt-convert-l1-1-0.dll strtoul
strtol
strtod
strtof
api-ms-win-crt-string-l1-1-0.dll isxdigit
toupper
strcmp
isalpha
isdigit
tolower
wcslen
isspace
isalnum
api-ms-win-crt-utility-l1-1-0.dll rand
api-ms-win-crt-heap-l1-1-0.dll free
malloc
_set_new_mode
_callnewh
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2026-Apr-18 20:16:10
Version 0.0
SizeofData 740
AddressOfRawData 0xbfe8
PointerToRawData 0xb3e8

TLS Callbacks

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140062040

RICH Header

XOR Key 0xe34d95ec
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 16
ASM objects (35207) 4
C objects (35207) 10
C++ objects (35207) 28
Imports (35207) 6
Imports (33145) 11
Total imports 186
C++ objects (LTCG) (35225) 1
Linker (35225) 1

Errors

Leave a comment

No comments yet.