9418de97a417b5cd703d72209b87920c19c66c959d83f7f888f3fb137bde8656

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2026-Mar-03 21:03:34
TLS Callbacks 1 callback(s) detected.
Debug artifacts lesson.pdb

Plugin Output

Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryExA
  • GetProcAddress
  • LoadLibraryA
 Uses Windows's Native API:
  • NtWriteFile
  • NtReadFile
 Memory manipulation functions often used by packers:
  • VirtualAlloc
  • VirtualProtect
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 38d55e14f0e5e1ee4db658a7ef95a431
SHA1 a4f3cd56b9dfb73260ccde9d62694b4e0b42454f
SHA256 9418de97a417b5cd703d72209b87920c19c66c959d83f7f888f3fb137bde8656
SHA3 dd45ff92b1b4f5a1622682917a4fe6c88f4c694e53f12b2c10d1d93d99cde921
SSDeep 1536:ejAkmT2ME30ErdQKy5Rd8LNVGeJBxRQYHB/i7lM/F/+wN3exUfQJf+wqb:e0EprdQKy53mLRQqB/oUvfWqb
Imports Hash e078f17e2cd427ec6bdbbf669658c673

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 5
TimeDateStamp 2026-Mar-03 21:03:34
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x19000
SizeOfInitializedData 0xac00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00000000000181D0 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x27000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 a56616ec69ac83e336343574f5a9867c
SHA1 09775c9619b20ea5523b3ece242676f5d968cb1e
SHA256 035be6d2de6b5ccd722a7e70261f457420d57159f802b4314a40546f7a2fda68
SHA3 e9835220ce99e028bf4f900fcc7742e33e41be32da8553d9c2606c90ad8a2e53
VirtualSize 0x18f34
VirtualAddress 0x1000
SizeOfRawData 0x19000
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.38917

.rdata

MD5 43b7d555628a52e9f4064904fc89d747
SHA1 5a61f0d8020caa2bcb1fdfb1d6561c0db2f7552a
SHA256 15447621d777ce4ff2e4d29e35bab4284557a4e0776ee2df1f06fcf3a8e9e51c
SHA3 bffd339909bc9e8c75a76fa9f960f9fd938cc77786a63694922f223a8ad967c9
VirtualSize 0x8f3a
VirtualAddress 0x1a000
SizeOfRawData 0x9000
PointerToRawData 0x19400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.32509

.data

MD5 4071e67a7fd4bdcab236aab257b25aaf
SHA1 6b280e4ebffcca7fe80042566b5ab4adcb0e510f
SHA256 7ebb024600cdf0e0e6ce82c58472e3cb048664e0dca5973ca2bd1add3e056a8d
SHA3 fd01cabe8ee0d4e50ea64b5b7673a89675f3bc8ebc77b6876f3c52d09fc02f1b
VirtualSize 0x2d0
VirtualAddress 0x23000
SizeOfRawData 0x200
PointerToRawData 0x22400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.63842

.pdata

MD5 774833a9363c20e86e76d494c10d0fc7
SHA1 147e08713d3393f0c115b9fb743aa423afee45d5
SHA256 53c8de10ca71e19e9b4307da4a0d406398723bc03171c9f1373ef415813ac80b
SHA3 a85b84a0cc861737f5fd20885ecebdd826793d0db40dc2e87d5ac1d904d3d654
VirtualSize 0x1284
VirtualAddress 0x24000
SizeOfRawData 0x1400
PointerToRawData 0x22600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.92366

.reloc

MD5 164442499dcd3263f13ba92987be87b9
SHA1 4466f98c9d01fbd5176e6c8926e37f04c8a87326
SHA256 568a13fef9835394e76c8c195d9380bcc5cce6aea3e26d3ae066b4c6394e42a6
SHA3 15e50aa0f4d147a12336af0ec09885f82d58b9d2f39620237aea95c5bf93ae61
VirtualSize 0x2d4
VirtualAddress 0x26000
SizeOfRawData 0x400
PointerToRawData 0x23a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.44615

Imports

kernel32.dll VirtualAlloc
GetProcessHeap
FormatMessageW
LoadLibraryExA
GetLastError
WaitForSingleObject
CloseHandle
CreateThread
VirtualProtect
HeapFree
oleaut32.dll SysStringLen
SysFreeString
api-ms-win-core-synch-l1-2-0.dll WakeByAddressSingle
WakeByAddressAll
WaitOnAddress
KERNEL32.dll InitializeSListHead
GetSystemTimeAsFileTime
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThreadId
QueryPerformanceCounter
SetUnhandledExceptionFilter
HeapReAlloc
lstrlenW
GetCurrentProcess
GetProcAddress
WideCharToMultiByte
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
ReleaseMutex
SetFilePointerEx
SetFileInformationByHandle
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
GetFileInformationByHandleEx
CreateFileW
GetFileInformationByHandle
GetConsoleMode
GetFullPathNameW
GetModuleHandleA
GetModuleHandleW
HeapAlloc
MultiByteToWideChar
WriteConsoleW
GetStdHandle
GetConsoleOutputCP
ntdll.dll RtlNtStatusToDosError
NtWriteFile
NtReadFile
VCRUNTIME140.dll __current_exception
__C_specific_handler
_CxxThrowException
memcmp
memset
memcpy
memmove
__CxxFrameHandler3
__current_exception_context
api-ms-win-crt-runtime-l1-1-0.dll _exit
_register_onexit_function
exit
terminate
_initterm_e
_crt_atexit
_c_exit
_initialize_onexit_table
__p___argv
__p___argc
_initterm
_register_thread_local_exe_atexit_callback
_get_initial_narrow_environment
_seh_filter_exe
_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_cexit
api-ms-win-crt-math-l1-1-0.dll __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll _set_fmode
__p__commode
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll free
_set_new_mode

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2026-Mar-03 21:03:34
Version 0.0
SizeofData 35
AddressOfRawData 0x1f46c
PointerToRawData 0x1e86c
Referenced File lesson.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2026-Mar-03 21:03:34
Version 0.0
SizeofData 20
AddressOfRawData 0x1f490
PointerToRawData 0x1e890

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2026-Mar-03 21:03:34
Version 0.0
SizeofData 816
AddressOfRawData 0x1f4a4
PointerToRawData 0x1e8a4

TLS Callbacks

StartAddressOfRawData 0x14001f7f8
EndAddressOfRawData 0x14001f850
AddressOfIndex 0x140023240
AddressOfCallbacks 0x14001a398
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_8BYTES
Callbacks 0x0000000140005DB0

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140023100

RICH Header

XOR Key 0xff8f638f
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 12
Imports (35403) 2
ASM objects (35403) 3
C objects (35403) 9
C++ objects (35403) 23
Imports (33145) 9
Total imports 185
Unmarked objects (#2) 28
Linker (35724) 1

Errors

Leave a comment

No comments yet.