Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2024-Dec-25 14:40:34 |
Detected languages |
English - United States
|
TLS Callbacks | 2 callback(s) detected. |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Miscellaneous malware strings:
|
Info | Cryptographic algorithms detected in the binary: | Uses constants related to MD5 |
Suspicious | The PE is possibly packed. | Unusual section name found: .buildid |
Malicious | The PE contains functions mostly used by malware. |
Functions which can be used for anti-debugging purposes:
|
Safe | VirusTotal score: 0/72 (Scanned on 2025-01-10 14:04:48) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x78 |
e_cp | 0x1 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0 |
e_ss | 0 |
e_sp | 0 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x78 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 9 |
TimeDateStamp | 2024-Dec-25 14:40:34 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0xa10600 |
SizeOfInitializedData | 0x2ad800 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000000000001430 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0xcd3000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
AcquireSRWLockExclusive
AddVectoredContinueHandler AreFileApisANSI AssignProcessToJobObject Beep CancelIoEx CloseHandle CopyFileW CreateDirectoryExW CreateDirectoryW CreateEventA CreateEventW CreateFileW CreateIoCompletionPort CreateJobObjectW CreateNamedPipeW CreatePipe CreateProcessW CreateSemaphoreA CreateSymbolicLinkW CreateThread CreateTimerQueue CreateTimerQueueTimer CreateToolhelp32Snapshot DefineDosDeviceW DeleteCriticalSection DeleteFileW DeleteTimerQueueEx DeleteTimerQueueTimer DeviceIoControl DuplicateHandle EnterCriticalSection ExitThread FileTimeToLocalFileTime FileTimeToSystemTime FindClose FindCloseChangeNotification FindFirstChangeNotificationW FindFirstFileW FindNextChangeNotification FindNextFileW FlushFileBuffers FormatMessageA FormatMessageW FreeEnvironmentStringsA FreeEnvironmentStringsW GenerateConsoleCtrlEvent GetACP GetBinaryTypeW GetCPInfo GetCommandLineW GetConsoleCP GetConsoleMode GetConsoleOutputCP GetConsoleScreenBufferInfo GetConsoleScreenBufferInfoEx GetCurrentDirectoryW GetCurrentProcess GetCurrentProcessId GetCurrentThread GetCurrentThreadId GetDiskFreeSpaceW GetEnvironmentStrings GetEnvironmentStringsW GetEnvironmentVariableW GetExitCodeProcess GetFileAttributesExW GetFileAttributesW GetFileInformationByHandle GetFileSizeEx GetFileTime GetFileType GetFinalPathNameByHandleW GetFullPathNameW GetLastError GetLocalTime GetLogicalDrives GetLongPathNameW GetModuleFileNameW GetModuleHandleA GetNumaHighestNodeNumber GetNumberOfConsoleInputEvents GetOEMCP GetOverlappedResult GetProcessId GetProcessTimes GetQueuedCompletionStatusEx GetShortPathNameW GetStartupInfoA GetStdHandle GetSystemDirectoryW GetSystemInfo GetSystemTime GetSystemTimeAdjustment GetSystemTimeAsFileTime GetTempFileNameW GetTempPathW GetThreadTimes GetTickCount GetTickCount64 GetTimeFormatEx GetTimeFormatW GetTimeZoneInformation GetWindowsDirectoryW GlobalMemoryStatusEx InitializeConditionVariable InitializeCriticalSection InitializeSRWLock IsDBCSLeadByteEx K32EnumProcessModules K32GetModuleFileNameExW K32GetModuleInformation LeaveCriticalSection LocalFileTimeToFileTime LocalFree LockFileEx Module32FirstW Module32NextW MoveFileExW MoveFileW MultiByteToWideChar OpenProcess OutputDebugStringA PeekConsoleInputA PeekNamedPipe PostQueuedCompletionStatus Process32FirstW Process32NextW QueryInformationJobObject QueryPerformanceCounter QueryPerformanceFrequency ReadConsoleInputA ReadConsoleInputW ReadConsoleW ReadFile ReleaseSRWLockExclusive ReleaseSemaphore RemoveDirectoryW RemoveVectoredContinueHandler ResetEvent ResumeThread RtlDeleteFunctionTable SearchPathW SetConsoleCP SetConsoleCtrlHandler SetConsoleCursorPosition SetConsoleMode SetConsoleOutputCP SetConsoleScreenBufferSize SetCurrentDirectoryW SetEndOfFile SetEnvironmentVariableW SetEvent SetFileApisToANSI SetFileApisToOEM SetFileAttributesW SetFileCompletionNotificationModes SetFilePointerEx SetFileTime SetHandleCount SetHandleInformation SetInformationJobObject SetLastError SetLocalTime SetNamedPipeHandleState SetSystemTime SetSystemTimeAdjustment SetUnhandledExceptionFilter SetVolumeLabelW Sleep SleepConditionVariableSRW SystemTimeToFileTime TerminateJobObject TerminateProcess TlsGetValue UnlockFileEx VirtualAlloc VirtualAllocExNuma VirtualFree VirtualProtect VirtualQuery WaitForMultipleObjects WaitForSingleObject WakeConditionVariable WideCharToMultiByte WriteConsoleW WriteFile __C_specific_handler |
---|---|
api-ms-win-crt-heap-l1-1-0.dll |
_set_new_mode
calloc free malloc realloc |
api-ms-win-crt-private-l1-1-0.dll |
memchr
memcmp memcpy memmove strrchr |
api-ms-win-crt-runtime-l1-1-0.dll |
__p___argc
__p___argv __p___wargv __p__acmdln _beginthreadex _cexit _configure_narrow_argv _configure_wide_argv _crt_at_quick_exit _crt_atexit _errno _fpreset _getpid _initialize_narrow_environment _initialize_wide_environment _initterm _set_app_type _set_invalid_parameter_handler _wassert abort exit signal strerror strerror_s |
api-ms-win-crt-stdio-l1-1-0.dll |
__acrt_iob_func
__p__commode __p__fmode __stdio_common_vfprintf __stdio_common_vfwprintf __stdio_common_vswprintf __stdio_common_vswprintf_s _chsize_s _close _creat _dup _dup2 _fileno _get_osfhandle _isatty _lseeki64 _open_osfhandle _pipe _read _setmode _wfdopen _write fclose fflush fputc fputwc fwrite getc puts ungetc |
api-ms-win-crt-string-l1-1-0.dll |
_strdup
_wcsdup islower isspace isupper isxdigit mbrlen memset strcmp strcpy strlen strncmp strncpy tolower wcscat wcscpy wcslen wcsncmp |
SHLWAPI.dll |
PathFileExistsW
|
SHELL32.dll |
CommandLineToArgvW
SHGetFolderPathW |
api-ms-win-crt-environment-l1-1-0.dll |
__p__environ
__p__wenviron getenv |
api-ms-win-crt-convert-l1-1-0.dll |
atof
mbrtowc mbstowcs strtol strtoul wcrtomb |
api-ms-win-crt-locale-l1-1-0.dll |
_configthreadlocale
localeconv setlocale |
api-ms-win-crt-math-l1-1-0.dll |
__setusermatherr
acos asin atan cosh sinh tan tanh |
api-ms-win-crt-time-l1-1-0.dll |
__daylight
__timezone __tzname _ctime64 _time64 _tzset _utime64 |
ole32.dll |
CoCreateGuid
|
RPCRT4.dll |
RpcStringFreeW
UuidToStringW |
api-ms-win-crt-filesystem-l1-1-0.dll |
_access
_chmod _fstat64 _lock_file _mkdir _umask _unlink _unlock_file _wsplitpath_s _wstat64 |
USER32.dll |
ClipCursor
ExitWindowsEx GetClipCursor GetCursorPos GetLastInputInfo KillTimer LoadAcceleratorsW LoadCursorW LoadIconW MessageBeep MessageBoxA MessageBoxW SetCursorPos SetTimer |
dbghelp.dll |
MiniDumpWriteDump
StackWalk64 SymFromAddr SymFunctionTableAccess64 SymGetLineFromAddr64 SymGetModuleBase64 SymInitialize |
api-ms-win-crt-utility-l1-1-0.dll |
qsort
|
WSOCK32.dll |
WSAGetLastError
closesocket recv select send |
WINMM.dll |
timeBeginPeriod
timeEndPeriod timeGetDevCaps timeGetTime |
ntdll.dll |
NtQueryObject
|
GDI32.dll |
DeleteObject
Polygon |
WS2_32.dll |
WSACreateEvent
WSAEventSelect |
ADVAPI32.dll |
GetUserNameW
|
Characteristics |
0
|
---|---|
TimeDateStamp | 2024-Dec-25 14:40:34 |
Version | 0.0 |
SizeofData | 25 |
AddressOfRawData | 0xa2101c |
PointerToRawData | 0xa1f21c |
StartAddressOfRawData | 0x140c72000 |
---|---|
EndAddressOfRawData | 0x140c72008 |
AddressOfIndex | 0x140c0f414 |
AddressOfCallbacks | 0x140a1ab30 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_8BYTES
|
Callbacks |
0x0000000140006CD0
0x0000000140006D50 |