881aca5d96b081be34681bc1fbe6792b

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2026-Feb-01 00:45:56
Debug artifacts vixen.pdb

Plugin Output

Info Matching compiler(s): MASM/TASM - sig1(h)
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 881aca5d96b081be34681bc1fbe6792b
SHA1 5bbd21b88302e4383bab9ac346aa34f88601a908
SHA256 b98d093740e1ef5549b1e146baa53618fbdf884c179931d6ea828562bd318445
SHA3 892b8377c4bf3ea6c1d8f76488568da2469964849d07df73e9d7f4c7e3cc52ac
SSDeep 3072:9e6mv5XM7M0ctndkwU3UKWEhtMZk9FK4LaENJ:uBc7Mf25nau/VaEN
Imports Hash de81d02ad48b6efd8f32d074f7ed5dac

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 5
TimeDateStamp 2026-Feb-01 00:45:56
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x19200
SizeOfInitializedData 0x9600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000001851C (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x26000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 120c53c1f0505c83706962e520e2574b
SHA1 43826b1ecccf93cdd9f79e9826d01692e174d53f
SHA256 27cafda0c7b7021270296bec19721cfb09d6b52595f5bf8680b89c035886a89f
SHA3 abd9f3a21104f2c95b224d6dcc6c35016f7f93472bfa1a24d3fb6b093ef965d5
VirtualSize 0x1904b
VirtualAddress 0x1000
SizeOfRawData 0x19200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.40076

.rdata

MD5 a34bfafcbc6b789c919825b039e3e330
SHA1 1e34feb52dc9936ea6a6b6cd7c234111d5185d85
SHA256 11b7f05f081183e9c12f5fb97534f9e90cf80d0a6c32fc75163bbf4ca77afa23
SHA3 201f64f1ae810cdada9797f416edc5cdf76243ac14e50b9ee8269fcd213be07b
VirtualSize 0x7f88
VirtualAddress 0x1b000
SizeOfRawData 0x8000
PointerToRawData 0x19600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.5438

.data

MD5 8c4d7d675ea16f7b561defe615e12cda
SHA1 dfe121d371545850f79a495978550eeda9f401aa
SHA256 671905e8b6ffb6ef789da3b2076bcdc96f3f6ab44b33eada33109d3aa1fd5b4f
SHA3 69ccac37a17275b9a1853eb31c555dd4186a061fd48b4c2f12fa32f70096d51a
VirtualSize 0x270
VirtualAddress 0x23000
SizeOfRawData 0x200
PointerToRawData 0x21600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.30413

.pdata

MD5 da81b3703f4082227c1dae3e6dcb220d
SHA1 3a2743be1084b8ffede4264bcd9d5da6106d8aa2
SHA256 5d6c5065e6f04a85aecbfba6dd6bd3c1a8e6c947a197356b7d6f7c300cba481a
SHA3 9762d22fb86cde33acd0fe4c7ba5b160504120dfde1afb8c620165d39bc0ecd2
VirtualSize 0xccc
VirtualAddress 0x24000
SizeOfRawData 0xe00
PointerToRawData 0x21800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.90828

.reloc

MD5 aa4ea4e6996e680e465fe58944853cec
SHA1 c4b92f78e76645f9e754389adcb760bdb4701ed0
SHA256 a89dd559c6a9275a3604b7902a7719e27a3841da1c9497cf8478a05bfc7f13b8
SHA3 3f6986da6c3ea80557b33913111bbb7b5921e9cf3a149e07d3c5e92111f96590
VirtualSize 0x230
VirtualAddress 0x25000
SizeOfRawData 0x400
PointerToRawData 0x22600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 3.59815

Imports

api-ms-win-core-synch-l1-2-0.dll WakeByAddressAll
WaitOnAddress
WakeByAddressSingle
KERNEL32.dll IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcessHeap
HeapFree
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
HeapReAlloc
GetCurrentThreadId
GetLastError
SetLastError
GetEnvironmentVariableW
GetCurrentDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
WaitForSingleObjectEx
LoadLibraryA
GetProcAddress
GetCurrentProcess
lstrlenW
GetCurrentProcessId
CreateMutexA
CloseHandle
ReleaseMutex
RtlVirtualUnwind
WideCharToMultiByte
GetStdHandle
GetConsoleMode
GetConsoleOutputCP
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
HeapAlloc
GetModuleHandleW
FormatMessageW
GetModuleHandleA
GetSystemTimeAsFileTime
IsDebuggerPresent
InitializeSListHead
QueryPerformanceCounter
ntdll.dll NtWriteFile
RtlNtStatusToDosError
VCRUNTIME140.dll __CxxFrameHandler3
memcpy
memcmp
memset
__C_specific_handler
__current_exception
__current_exception_context
memmove
api-ms-win-crt-runtime-l1-1-0.dll __p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
__p___argc
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_configure_narrow_argv
_exit
_initterm_e
_set_app_type
exit
_seh_filter_exe
api-ms-win-crt-math-l1-1-0.dll __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll __p__commode
_set_fmode
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll _set_new_mode
free

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2026-Feb-01 00:45:56
Version 0.0
SizeofData 34
AddressOfRawData 0x206ec
PointerToRawData 0x1ecec
Referenced File vixen.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2026-Feb-01 00:45:56
Version 0.0
SizeofData 20
AddressOfRawData 0x20710
PointerToRawData 0x1ed10

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2026-Feb-01 00:45:56
Version 0.0
SizeofData 796
AddressOfRawData 0x20724
PointerToRawData 0x1ed24

TLS Callbacks

StartAddressOfRawData 0x140020a60
EndAddressOfRawData 0x140020a80
AddressOfIndex 0x1400231e4
AddressOfCallbacks 0x14001b330
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_8BYTES
Callbacks (EMPTY)

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x1400230c0

RICH Header

XOR Key 0x16125f10
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 10
Imports (34321) 2
ASM objects (34321) 3
C objects (34321) 9
C++ objects (34321) 23
Imports (30795) 5
Total imports 83
Unmarked objects (#2) 4
Linker (34810) 1

Errors