9af622e632786206e7a89deefc204b2ed679ea21e0a071e3cc82d506cd7fccc8

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1970-Jan-01 00:00:00
Debug artifacts Embedded COFF debugging symbols

Plugin Output

Suspicious PEiD Signature: HQR data file
Suspicious The PE is possibly packed. Unusual section name found: .xdata
Unusual section name found: .symtab
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryExW
  • GetProcAddress
 Functions which can be used for anti-debugging purposes:
  • SwitchToThread
Info The PE is digitally signed. Signer: www.walmart.com
Issuer: GlobalSign ECC OV SSL CA 2018
Malicious VirusTotal score: 22/72 (Scanned on 2026-03-21 06:08:56) AVG: FileRepMalware [Pws]
AhnLab-V3: Trojan/Win.Generic.R758168
Avast: FileRepMalware [Pws]
Avira: TR/AVI.PWS.Agent.nopwk
Bkav: W64.AIDetectMalware
CrowdStrike: win/malicious_confidence_90% (W)
Cynet: Malicious (score: 99)
DeepInstinct: MALICIOUS
Elastic: malicious (high confidence)
F-Secure: Trojan.TR/AVI.PWS.Agent.nopwk
Fortinet: W64/Kryptik_AGen.AB!tr
GData: Win64.Trojan.Agent.KLV2AK
Kaspersky: UDS:Trojan-PSW.Win32.Stealerc.ubu
Malwarebytes: PUP.Optional.ChinAd.DDS
McAfeeD: Trojan:Win/LummaStealer.PC
Microsoft: Trojan:Win32/Wacatac.B!ml
Paloalto: generic.ml
Sangfor: Trojan.Win32.Agent.Vim2
Sophos: Mal/Generic-S
Symantec: ML.Attribute.HighConfidence
TrellixENS: Artemis!F88476801471
TrendMicro-HouseCall: TrojanSpy.Win64.VIDAR.YXGCUZ

Hashes

MD5 f8847680147174aaa2b5ca55255be0fc
SHA1 4993bbbb3e269c132a81ce64a5ae350ab1b0a5ee
SHA256 9af622e632786206e7a89deefc204b2ed679ea21e0a071e3cc82d506cd7fccc8
SHA3 88e7dfc9627504ddab132c14f013c43b8542d0f907840d9fce8b12f608deb8b9
SSDeep 24576:lg13ApyiJb+/uKK8pHIqHm02jlduC6KAL2ITS6H0WtPA9Lz8sEfwR:lg13Iy4b+/uKKhqHmLdG2ITSq0X
Imports Hash ebc247a77b4d4a804b261f97a1fd075c

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0x8b
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 8
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0x22a800
NumberOfSymbols 2254
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 3.0
SizeOfCode 0xb2400
SizeOfInitializedData 0xa600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000077900 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.1
ImageVersion 1.0
SubsystemVersion 6.1
Win32VersionValue 0
SizeOfImage 0x291000
SizeOfHeaders 0x600
Checksum 0x2471c0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 db32b8f5137e2fb7ca01ceac2c3a6164
SHA1 ae8d994b422b1c2b7dbbbfe98cf89158b6f84bbe
SHA256 63cf9474c6dfe2acbfaf050fb5fc5d49405fcca03bab296cc5af3f5f31d03166
SHA3 b59c72ef6fc42ff0d4763716a6179de5966f88e878600bc0f6e69e3d67ee8274
VirtualSize 0xb2211
VirtualAddress 0x1000
SizeOfRawData 0xb2400
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.25579

.rdata

MD5 cf549947d29a9ca02f0e950ef79a8e7d
SHA1 9d8e77d7d2f67e8a40a6b8262636ae3a8d2ee911
SHA256 0a9a7448ccbbc3f7a3c06b28cc72b8cfc2aead357394647d48ce2f00ed6a1b2a
SHA3 e25c56f220e2ec26fed9f882c5eb08c6a15886f40564878a6aad824344fbcf2b
VirtualSize 0x164df8
VirtualAddress 0xb4000
SizeOfRawData 0x164e00
PointerToRawData 0xb2a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.8872

.data

MD5 5f378cf6276915bdf2ce58c151db574c
SHA1 c2d2ff3a1ec545fd7a5ba666a367a5eaa7fc3d00
SHA256 ae337c898d08cf010fda9a6b158941b4fa7d809f1448be04a4ffeef80af18f12
SHA3 121ab1538a2e7fa6cc78941ec9adb5a8eee384cafd17db6b789db4cc33d107c8
VirtualSize 0x540e8
VirtualAddress 0x219000
SizeOfRawData 0xa600
PointerToRawData 0x217800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.35719

.pdata

MD5 5ab6834e757f7efa7c375dc5d2d99b55
SHA1 bc67239d0a0d95f45d86e44a978f19de4e7b22d4
SHA256 ef84971d245d057045712cb9b2ffec870e03f395c6ca871ab6253b285b0367ae
SHA3 425408932482ae0816f41eb69531c523358a5b4c499cbe6867e50d49e74b7eff
VirtualSize 0x402c
VirtualAddress 0x26e000
SizeOfRawData 0x4200
PointerToRawData 0x221e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.01935

.xdata

MD5 1ac6817729b74845c3562fc0a78779b1
SHA1 2018cc4ba24d480c59131a5f62acdf88f139074c
SHA256 8bebdc80bc469cfddd8c3c2f8665c8b2c05d896d4c3cb68d5493506a857afd0a
SHA3 f4a27cb356490430535e837e560ed529efec907a666decc303ab6fd8b018a367
VirtualSize 0x9c
VirtualAddress 0x273000
SizeOfRawData 0x200
PointerToRawData 0x226000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.57546

.idata

MD5 d9b54a7ad30dc552e633dbb00083a6d0
SHA1 d512be9bf4ff3e78fd6ec682686c3210e9007438
SHA256 0a48910e7835adf7ea78fa2b632fbd272bb1c465b76f7e572fa8eb8d255fb244
SHA3 bcee66ff9c6050931c70b4e81314b4bf26364becf001acc4f975302ce5779a20
VirtualSize 0x55a
VirtualAddress 0x274000
SizeOfRawData 0x600
PointerToRawData 0x226200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.04248

.reloc

MD5 bfeebade50d9a2e11601270e9f7e00ea
SHA1 9b6106046943beaf6e80788409935b1083462212
SHA256 696e5394b56d3917f61e9a29407bb9671ac99ce989d0a7cc34f07fb73e5a78bc
SHA3 114e770ddacef48b4a74c61382758a59220f76c71af9d39dddb350f525812ea5
VirtualSize 0x3ff4
VirtualAddress 0x275000
SizeOfRawData 0x4000
PointerToRawData 0x226800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.4188

.symtab

MD5 236f891c8824b1fdb13852541d0b85e8
SHA1 68938002e0f6db36a349e256082a038da0ba3fa7
SHA256 2a218f4db61be18576559f036fdcc5e0d1bdbf035bf35d9998ea707586b6d1fb
SHA3 76a9445945bb3c7bca293314d990fd7d578ef9cdfcdf85d0cd666980fd03df12
VirtualSize 0x178d4
VirtualAddress 0x279000
SizeOfRawData 0x17a00
PointerToRawData 0x22a800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.08829

Imports

kernel32.dll WriteFile
WriteConsoleW
WerSetFlags
WerGetFlags
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
RtlVirtualUnwind
RtlLookupFunctionEntry
ResumeThread
RaiseFailFastException
PostQueuedCompletionStatus
LoadLibraryExW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetErrorMode
GetEnvironmentStringsW
GetCurrentThreadId
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler
AddVectoredContinueHandler
GetProcAddress
LoadLibraryExW

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.