89df544b1ce1bcb0d7b9fa1e8379fad0

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2021-Dec-22 10:37:12

Plugin Output

Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryExW
  • GetProcAddress
  • LoadLibraryA
Malicious VirusTotal score: 3/69 (Scanned on 2023-05-07 09:29:04) Cynet: Malicious (score: 100)
Gridinsoft: Malware.Win64.GenericMC.cc
Panda: Hacktool/PWDump

Hashes

MD5 89df544b1ce1bcb0d7b9fa1e8379fad0
SHA1 630d69fda70ab904c684f46db90ccdae9cb6c922
SHA256 086c0dd96e512212bfb2a4e5f43d5955d25925858c1e0f6410b54bc31613c05b
SHA3 4298229b7791f449068a66bb6075cc123b811986ff9cc53f5330a870710d7f93
SSDeep 24:etGSm2bKMQ51hraaQX9xbf3BMF6m9iGBfpgd72t0nIIV8UZ5p6Vzy:6TKM41o9b4zBfpgdCG3VZL8y
Imports Hash a98966948f0b4fc9d5405576fc70f473

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 2
TimeDateStamp 2021-Dec-22 10:37:12
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 11.0
SizeOfCode 0x600
SizeOfInitializedData 0x400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000001224 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x180000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x3000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 852c389a1dbd3bfae7f2a003611b9ef4
SHA1 e10fd6e2205beaa16073abb21b423de5cab3753a
SHA256 cd1de15f7870d69e4a1dc1f9aeebbc29a66409ad8a5d7ec6795f06cf06fc7173
SHA3 da8c64bd6be8d0bd26edf07bde739f3942a2d906ff503f90f333696751f003fc
VirtualSize 0x5b9
VirtualAddress 0x1000
SizeOfRawData 0x600
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.69677

.data

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x8
VirtualAddress 0x2000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Imports

KERNEL32.dll TlsGetValue
HeapAlloc
LoadLibraryExW
TlsSetValue
GetSystemDirectoryA
GetProcAddress
LoadLibraryA
GetModuleHandleA
VirtualProtect
TlsAlloc

Delayed Imports

AlphaBlend

Ordinal 1
Address 0x1224

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section .data has a size of 0!
<-- -->