9b6e4c6d0380efcecefb16df73ddfaeb

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2026-Feb-18 10:03:49
Detected languages Chinese - PRC
English - United States

Plugin Output

Info Libraries used to perform cryptographic operations: Microsoft's Cryptography API
Suspicious The PE is possibly packed. Unusual section name found: .Luna0
Unusual section name found: .Luna1
Unusual section name found: .Luna2
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
 Uses Microsoft's cryptographic API:
  • CryptAcquireContextW
 Leverages the raw socket API to access the Internet:
  • getsockopt
Malicious VirusTotal score: 15/72 (Scanned on 2026-02-19 07:28:35) APEX: Malicious
Bkav: W64.AIDetectMalware
CrowdStrike: win/malicious_confidence_100% (D)
Cylance: Unsafe
DeepInstinct: MALICIOUS
ESET-NOD32: Win32/Packed.VMProtect.ACT trojan
Elastic: malicious (high confidence)
Gridinsoft: Trojan.Heur!.02292023
Malwarebytes: Malware.AI.4274583934
McAfeeD: Real Protect-LS!9B6E4C6D0380
Microsoft: Trojan:Win32/Wacatac.B!ml
Sangfor: Suspicious.Win32.Save.a
SentinelOne: Static AI - Suspicious PE
Symantec: ML.Attribute.HighConfidence
Trapmine: malicious.high.ml.score

Hashes

MD5 9b6e4c6d0380efcecefb16df73ddfaeb
SHA1 3db1f6feda81a276da10330c8ec304a2feb46070
SHA256 7968f7c5963873611a42cf002b68637311e258f39f918e5185ac90510245a0c4
SHA3 c7a7c712c489a5ffcfbb4a779134cdb46c6c8389f081430319eb9bb42a412820
SSDeep 393216:Nh54mct6fAopVN8LpCfezT30AmxDVNoifienGh3E/lnPKWRE:I+8LoQr0A0DjoifimhSW
Imports Hash 0c9567dea48786439679f54544ac4f2e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 8
TimeDateStamp 2026-Feb-18 10:03:49
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x8d600
SizeOfInitializedData 0xf4f600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00000000026F50B8 (Section: .Luna2)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x292f000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x8d5d9
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ

.rdata

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0xf26532
VirtualAddress 0x8f000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ

.data

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x1b40
VirtualAddress 0xfb6000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x6750
VirtualAddress 0xfb8000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ

.Luna0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x77f7dd
VirtualAddress 0xfbf000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ

.Luna1

MD5 d1598325c6cba4eee7f5cd1e0a807493
SHA1 eca9978ddb21a5b69876c844eb6da58b22ce7645
SHA256 9d2d29f591ca2b2f488c3b8040a27c6bd6cb144decc825f269ea345f701e25d6
SHA3 3f870bd994449efa80001e65a4bc0421f0518b4c2deadf67ae20d13750213dbd
VirtualSize 0x1a48
VirtualAddress 0x173f000
SizeOfRawData 0x1c00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.260009

.Luna2

MD5 dac0260217b04f1b6014fc9ba4925792
SHA1 d3a6d4bcf2e43ba594d57dac0aaeec0ecff503bf
SHA256 2cd08c7cc55b01bec95722940aefdbe8f8307245c1ec8980074a45992d32d18b
SHA3 9acb92509c7950169b084efd57c454a79ce8e5efaf62d1538e28ad5985bdbd25
VirtualSize 0x11cd1d8
VirtualAddress 0x1741000
SizeOfRawData 0x11cd200
PointerToRawData 0x2000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
Entropy 7.98934

.rsrc

MD5 3fd026a00fd39d7ad1c225861d061c47
SHA1 38db23800d4435201ad0b71005a7a6da315f1e69
SHA256 60ea2b90ea2a534f7cc9bb1350d2fc8bf31e86d083b31199524b53264d89d16d
SHA3 a994878df727ce58be18073013c1246e45e888494bc6de95e4dbea0f6d18666d
VirtualSize 0x1fc21
VirtualAddress 0x290f000
SizeOfRawData 0x1fe00
PointerToRawData 0x11cf200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.98816

Imports

KERNEL32.dll GetComputerNameA
USER32.dll ReleaseDC
GDI32.dll GetDeviceCaps
COMDLG32.dll GetOpenFileNameA
ADVAPI32.dll CryptAcquireContextW
SHELL32.dll SHGetKnownFolderPath
ole32.dll CoTaskMemFree
Qt5Svg.dll ??0QSvgRenderer@@QEAA@AEBVQString@@PEAVQObject@@@Z
Qt5Widgets.dll ??0QApplication@@QEAA@AEAHPEAPEADH@Z
Qt5Multimedia.dll ??0QMediaPlayer@@QEAA@PEAVQObject@@V?$QFlags@W4Flag@QMediaPlayer@@@@@Z
Qt5Gui.dll ?applicationFontFamilies@QFontDatabase@@SA?AVQStringList@@H@Z
Qt5Core.dll ?dynamicMetaObject@QObjectData@@QEBAPEAUQMetaObject@@XZ
MSVCP140.dll ?_Xlength_error@std@@YAXPEBD@Z
VCRUNTIME140.dll memset
VCRUNTIME140_1.dll __CxxFrameHandler4
api-ms-win-crt-runtime-l1-1-0.dll terminate
api-ms-win-crt-heap-l1-1-0.dll _set_new_mode
api-ms-win-crt-stdio-l1-1-0.dll fgets
api-ms-win-crt-string-l1-1-0.dll wcspbrk
api-ms-win-crt-convert-l1-1-0.dll atoi
api-ms-win-crt-utility-l1-1-0.dll qsort
api-ms-win-crt-time-l1-1-0.dll _time64
api-ms-win-crt-locale-l1-1-0.dll localeconv
api-ms-win-crt-math-l1-1-0.dll _dclass
api-ms-win-crt-filesystem-l1-1-0.dll _wstat64
bcrypt.dll BCryptGenRandom
CRYPT32.dll CertFindCertificateInStore
WS2_32.dll getsockopt
KERNEL32.dll (#2) GetComputerNameA
USER32.dll (#2) ReleaseDC
KERNEL32.dll (#3) GetComputerNameA

Delayed Imports

1

Type RT_ICON
Language Chinese - PRC
Codepage UNKNOWN
Size 0x1f898
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.99155
Detected Filetype PNG graphic file
MD5 199e8794fd284668cafc2cebaaf939c8
SHA1 eb1cd949a5e218389037782e8485a97856559d62
SHA256 81348e0b2d55064bdf4cc0f687f2f81d673971f9d9401d01bac66fdedfff2ea8
SHA3 9eb8c141a0bc84c87e943d288287c7ebd6dd1e75d225c2aea2b85fb51802aaee

101

Type RT_GROUP_ICON
Language Chinese - PRC
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.84274
Detected Filetype Icon file
MD5 d82f3879539cdc97e4e194ff9cacc2cb
SHA1 c7818507dac242ea61923677fa3cc84cd0fe6d88
SHA256 5ec64c5d96e620859f2a4b240c40a4ee4a8de482ec56093766c6d4ed1990d684
SHA3 572d542b96d6bc61786654898a565443b14bc22f54a1ddd822ae250e4cc90208

1 (#2)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x289
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.05508
MD5 4c85c61f2dd57d1b1172496450c9b9b2
SHA1 1c71076e55984e713015397930da1a1a3ecb2be0
SHA256 5866ac6ac5139fe3e905f3c06999e1772bb615c72e338cc7fa262ef2932648a0
SHA3 fd09b482570f8fe9c5227e2ecfd7e08b8dfb16a16a9e5d7a24c06c2d43cd22f8

Version Info

TLS Callbacks

Load Configuration

Size 0x138
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140fb61a8

RICH Header

Errors

[!] Error: Could not read the exported DLL name. [!] Error: Could not reach the TLS callback table. [*] Warning: Section .text has a size of 0! [*] Warning: Section .rdata has a size of 0! [*] Warning: Section .data has a size of 0! [*] Warning: Section .pdata has a size of 0! [*] Warning: Section .Luna0 has a size of 0!