| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date |
1970-Jan-01 00:00:00
|
| TLS Callbacks |
2 callback(s) detected.
|
| Debug artifacts |
Embedded COFF debugging symbols
|
| Suspicious |
The PE is possibly packed. |
Unusual section name found: .xdata
|
| Info |
The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
- GetProcAddress
- LoadLibraryA
|
| Suspicious |
VirusTotal score: 2/72 (Scanned on 2026-02-22 20:09:11) |
MaxSecure:
Trojan.Malware.300983.susgen
Trapmine:
malicious.moderate.ml.score
|
| MD5 |
987a24198e6b132ace1e9dd6ef35e1f4
|
| SHA1 |
b43bac51159b2272b691ef1e0465057a1faed22c
|
| SHA256 |
a0fb04204ec5016ef912795b312bf0af8c50cf9a641afa2b886fcc8426537e0e
|
| SHA3 |
5f6c26c8450aeb31633b1c3e8096e9a230bd680376c0814d6b7081151e2b74cf
|
| SSDeep |
6144:UQf1CVQf1CVQf1CVQf1CVQf1CVQf1CVQf1CVQf1CVQf1CVQf1c:NZZZZZZZZZS
|
| Imports Hash |
3e51386569c4e433a23ad307f651f463
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x80
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections |
10
|
| TimeDateStamp |
1970-Jan-01 00:00:00
|
| PointerToSymbolTable |
0x45c00
|
| NumberOfSymbols |
68
|
| SizeOfOptionalHeader |
0xf0
|
| Characteristics |
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
| Magic |
PE32+
|
| LinkerVersion |
2.0
|
| SizeOfCode |
0x2400
|
| SizeOfInitializedData |
0x45800
|
| SizeOfUninitializedData |
0xa00
|
| AddressOfEntryPoint |
0x00000000000014C0 (Section: .text)
|
| BaseOfCode |
0x1000
|
| ImageBase |
0x400000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
4.0
|
| ImageVersion |
0.0
|
| SubsystemVersion |
5.2
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x4e000
|
| SizeOfHeaders |
0x400
|
| Checksum |
0x4f6ff
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| SizeofStackReserve |
0x200000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
6aba096537e678ded84651955867a56c
|
| SHA1 |
72a40cd145a521e19ae91db22230220cee1fbca7
|
| SHA256 |
afbf1e831d383f0bc594eba2015a6d1d8145844f5dbb76ac1d3aafea73571af9
|
| SHA3 |
b3ea21ec4fda460a2128d9df342b06017159daf0a06efcd1994a576988120d32
|
| VirtualSize |
0x2278
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0x2400
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
5.93694
|
| MD5 |
564393c825328abc439ab37241f6746b
|
| SHA1 |
d87b7c5cafb645e88df13e97b91b01d86999c655
|
| SHA256 |
dd668e68adb5687e8cc76054a3dd64df7611bdfdfeca5251cd612f8c8a1d1619
|
| SHA3 |
0dab35c30d5db0af0985f814b1686b32a60ee7c924ad3f2543dc557d24fa39a9
|
| VirtualSize |
0xc0
|
| VirtualAddress |
0x4000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x2800
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.767922
|
| MD5 |
fe37ac68b7d4abed3aa3e32c4df6afc3
|
| SHA1 |
8234931a762ac4762fadee350328b78cca3e2ef1
|
| SHA256 |
a7bccf018cfae71a5d809ed04e2530b79e3154382a3ca924cdf0eaf31e72e111
|
| SHA3 |
ecb8cb57857d4b2f59996372e407754208591c7ee0dc46170784e570528b8c94
|
| VirtualSize |
0x970
|
| VirtualAddress |
0x5000
|
| SizeOfRawData |
0xa00
|
| PointerToRawData |
0x2a00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
4.65573
|
| MD5 |
c0ce60e4a230b095ebdb378ce0bd4a4e
|
| SHA1 |
309496e82a5a22503cc6134f9366a827b6a825c8
|
| SHA256 |
554e65a75c0ee6f94208e0b0fbf2ebb84292df91c6597a7b7ebfa9ad0f406928
|
| SHA3 |
15e531f9620e03258eb2bfed2ae0dc8132b28102fe8efa92e30f0a9e850fb82a
|
| VirtualSize |
0x27c
|
| VirtualAddress |
0x6000
|
| SizeOfRawData |
0x400
|
| PointerToRawData |
0x3400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
2.70513
|
| MD5 |
c00c401b4ea6b320c24af27e579d087b
|
| SHA1 |
1e8ea36e107c97fa3c1d26505d47d183282ce010
|
| SHA256 |
68a2ceb754bec6177893b5352195dc4b0d6e6b41bcfe4d64e51f0b33df9176bf
|
| SHA3 |
543ea19330ccf40ac945c7ef22555b216f605b986436340abf4d1477ef8cc432
|
| VirtualSize |
0x210
|
| VirtualAddress |
0x7000
|
| SizeOfRawData |
0x400
|
| PointerToRawData |
0x3800
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
2.53389
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x990
|
| VirtualAddress |
0x8000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
bca4f068a8447ac51ebadf80b16fa01b
|
| SHA1 |
be3958d06acd9cb9f346cdd89e24746ee2086a42
|
| SHA256 |
3c9e5ef574bd551f002954d1f3607e59e4b8b56c1e07d9f60c218ec9ce393228
|
| SHA3 |
a464b5064e4c31055c9677f615d889489549e6a4bdd31d19743d36214ac1cf23
|
| VirtualSize |
0x924
|
| VirtualAddress |
0x9000
|
| SizeOfRawData |
0xa00
|
| PointerToRawData |
0x3c00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
3.83774
|
| MD5 |
b08b2bde2a98b977349af5c8d70c9359
|
| SHA1 |
4410ee1088eb49bf40756be9e64ea1d3abfc4ece
|
| SHA256 |
5fdf05e6bce50e02b0894643fa195e8891afc6e3f917359980931d97c55c6b28
|
| SHA3 |
4c7dd858a1f8485eff695843ed877cc474e481ae451f8ebb1b36129d829ee60f
|
| VirtualSize |
0x68
|
| VirtualAddress |
0xa000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x4600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.270919
|
| MD5 |
bf619eac0cdf3f68d496ea9344137e8b
|
| SHA1 |
5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
|
| SHA256 |
076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
|
| SHA3 |
622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
|
| VirtualSize |
0x10
|
| VirtualAddress |
0xb000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x4800
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0
|
| MD5 |
d806717f0636ceac99d0bbf1d9cfc528
|
| SHA1 |
27dfc0c157d1635440c6b21b1a03e238593c0822
|
| SHA256 |
951e9477c93ad29ac527bcab954bf8e65a424d871fc373bade08e6af6bafc25e
|
| SHA3 |
d9e601494a2dcf960528a66e8a6013fbee5956d57ca3f2b853afc097de77186a
|
| VirtualSize |
0x41128
|
| VirtualAddress |
0xc000
|
| SizeOfRawData |
0x41200
|
| PointerToRawData |
0x4a00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
7.94124
|
| KERNEL32.dll |
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetDllDirectoryA
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VerSetConditionMask
VerifyVersionInfoW
VirtualProtect
VirtualQuery
|
| msvcrt.dll |
__C_specific_handler
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_initterm
_onexit
_vsnprintf
abort
calloc
exit
fprintf
free
fwrite
malloc
mbstowcs
memcpy
realloc
setlocale
signal
strlen
strncmp
vfprintf
wcstombs
_strdup
|
| USER32.dll |
MessageBoxA
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
Latin 1 / Western European
|
| Size |
0x6def
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.9517
|
| Detected Filetype |
PNG graphic file
|
| MD5 |
dc29fa916751867e968b5fef30e91d54
|
| SHA1 |
5c1e0d3d2f4d61eee86eb08682abeec697cefd4d
|
| SHA256 |
a004c3e77e2ce03d7e2e48f1e36c3e6305ce0c486dd392128588730d8f6b8131
|
| SHA3 |
d41ddd004139fe6575b18d1251066fe4d1b5b84b32422db7984867c0cc123ebd
|
| Type |
RT_GROUP_ICON
|
| Language |
UNKNOWN
|
| Codepage |
Latin 1 / Western European
|
| Size |
0x14
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
1.51664
|
| Detected Filetype |
Icon file
|
| MD5 |
765999ebb5bf55dd03b3a88644da2d3a
|
| SHA1 |
0ed9f6a1c1df4e777fba469ca5ae49e53472d563
|
| SHA256 |
8f722e50297e11d0152f2f27c1a21a30bf1a6f02fd439f442eb904ac7463b895
|
| SHA3 |
c378e7e4a0c5928fe6381178942d215481556531758bd1b08cc6c2a642c6af3a
|
| StartAddressOfRawData |
0x40b000
|
| EndAddressOfRawData |
0x40b008
|
| AddressOfIndex |
0x4085fc
|
| AddressOfCallbacks |
0x40a040
|
| SizeOfZeroFill |
0
|
| Characteristics |
IMAGE_SCN_TYPE_REG
|
| Callbacks |
0x0000000000401890
0x0000000000401860
|
[!] Error: Could not read a COFF symbol.
[*] Warning: Section .bss has a size of 0!
987a24198e6b132ace1e9dd6ef35e1f4