9dc3b2260e07dc53159487947d423fa7

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2025-Dec-07 01:40:35

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: Looks for Qemu presence:
  • qemu
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Suspicious The PE is possibly packed. Unusual section name found: .fptable
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
 Possibly launches other programs:
  • CreateProcessW
 Can create temporary files:
  • GetTempPathW
  • CreateFileW
 Functions related to the privilege level:
  • OpenProcessToken
 Enumerates local disk drives:
  • GetDriveTypeW
Suspicious The file contains overlay data. 11986667 bytes of data starting at offset 0x45400.
The overlay data has an entropy of 7.99879 and is possibly compressed or encrypted.
Overlay data amounts for 97.6883% of the executable.
Malicious VirusTotal score: 6/67 (Scanned on 2026-02-16 16:13:39) APEX: Malicious
Bkav: W64.AIDetectMalware
CrowdStrike: win/malicious_confidence_60% (D)
Cylance: Unsafe
Gridinsoft: PUP.Win64.Gen.cl
SentinelOne: Static AI - Suspicious PE

Hashes

MD5 9dc3b2260e07dc53159487947d423fa7
SHA1 1ef21602cc31ed29602831fb209c045cccff50cb
SHA256 6bd1af9cb09d857a37a0b20e42d8ffe332d953f051f9e8cd95d7e5cddd7f8f4e
SHA3 b902833336a7d965699999d276f26a6025cf4c73e8e804523251ca832801700f
SSDeep 196608:3oCnKXrurHmtND9BKG+5fc2S/ErXKEtw+SJo7c+JfPB4sV6RMsqvSHnLwyrE+0n:3YXruCvDvV+53SM8+9fPBESDqHEWE1O
Imports Hash dcaf48c1f10b0efa0a4472200f3850ed

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x108

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2025-Dec-07 01:40:35
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x2be00
SizeOfInitializedData 0x19200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000000DA30 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x4e000
SizeOfHeaders 0x400
Checksum 0xbb448a
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x1e8480
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 588e5055fb224a048e508395bf048644
SHA1 670aa3f54dad88adb11fe4426d4ca10226c0dd91
SHA256 c0c87a7163d2e753cac4c4cd39a229cdab2a951fc5abf048618188dd66e31827
SHA3 f9bdaeb1972b3691a9afdd3c21d39105fa73d557fa4edf4d9a5c16c15b93f474
VirtualSize 0x2bd80
VirtualAddress 0x1000
SizeOfRawData 0x2be00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.47261

.rdata

MD5 c38176c66d331e736ac0cf416f208a41
SHA1 5edb98790ab9d8bf4a819dc907d0f80f70873d9b
SHA256 ee45efe67f3e86e21e07381d6623a5f7502e89c77e259fc8a2834420919dcf69
SHA3 e5d2f0f3c4227ca8c32b200c8a821292f6f22b418e4455586b18aeb8a6aaf760
VirtualSize 0x13908
VirtualAddress 0x2d000
SizeOfRawData 0x13a00
PointerToRawData 0x2c200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.74406

.data

MD5 2fc88032c47ad8e77ba50142b1d7bacb
SHA1 de3475f9cc4acf58d0ba321b071078462805f523
SHA256 86462ad94449db441ae7a2fa16c6f1543cce53a8acb0960645d4b6039ec73e9f
SHA3 a9fec7f0a0205409366f6982529daf9066fa193a96c17e7a1c94a029351861dd
VirtualSize 0x50b0
VirtualAddress 0x41000
SizeOfRawData 0xe00
PointerToRawData 0x3fc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.82152

.pdata

MD5 f27272e31cd3260dd36a304bc13f6042
SHA1 294e6f201e0a2f112cf24b9ce2439a00320dba39
SHA256 5f962a59cd799c45ce2ef13eefde6f6268c3147ed26438c419fcb9091c1d3395
SHA3 cd442b465805507e665a9bac8d74060333c694fa6aed56b8ca6b3865aced2af3
VirtualSize 0x23f4
VirtualAddress 0x47000
SizeOfRawData 0x2400
PointerToRawData 0x40a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.48773

.fptable

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x100
VirtualAddress 0x4a000
SizeOfRawData 0x200
PointerToRawData 0x42e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.rsrc

MD5 7412e9493ab36027ecc4a844844a5e5a
SHA1 e462ec5779d8debd39ac5ed6624dda1042edada3
SHA256 1f6ca8ee925d58765c9734da546df38c210d037db322257f88a9ce9241a99cd2
SHA3 da44b1103426683c0c34e756b90a23bbd1663442e76ba658310852cf1ecdc3f3
VirtualSize 0x1ae4
VirtualAddress 0x4b000
SizeOfRawData 0x1c00
PointerToRawData 0x43000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.66554

.reloc

MD5 7b4c05b51855f1fc0294ebfb2ae73776
SHA1 6ce048d0aa8b9ff7e9106fa37a5b6ba6928e7d4b
SHA256 e5a06de48e4c799b28ab7f285feb207cd42f4f4c2837f2fe23838528710a734c
SHA3 b97bcbe7b464730ff82f44b151a5e4e8e20c34eeff35714dfd40112cec55c829
VirtualSize 0x774
VirtualAddress 0x4d000
SizeOfRawData 0x800
PointerToRawData 0x44c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.27827

Imports

USER32.dll CreateWindowExW
ShutdownBlockReasonCreate
MsgWaitForMultipleObjects
ShowWindow
DestroyWindow
RegisterClassW
DefWindowProcW
PeekMessageW
DispatchMessageW
TranslateMessage
PostMessageW
GetMessageW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW
COMCTL32.dll #380
KERNEL32.dll GetACP
IsValidCodePage
GetStringTypeW
GetFileAttributesExW
SetEnvironmentVariableW
FlushFileBuffers
LCMapStringW
CompareStringW
VirtualProtect
InitializeCriticalSectionEx
GetOEMCP
GetCPInfo
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleHandleW
MulDiv
FormatMessageW
GetModuleFileNameW
SetDllDirectoryW
GetEnvironmentStringsW
SetErrorMode
CreateDirectoryW
GetCommandLineW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetDriveTypeW
RemoveDirectoryW
GetTempPathW
CloseHandle
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
Sleep
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
LocalFree
SetConsoleCtrlHandler
K32EnumProcessModules
K32GetModuleFileNameExW
CreateFileW
FindFirstFileExW
GetFinalPathNameByHandleW
MultiByteToWideChar
WideCharToMultiByte
FlsFree
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
HeapReAlloc
WriteConsoleW
SetEndOfFile
CreateSymbolicLinkW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ReadFile
GetFullPathNameW
SetStdHandle
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
GetCurrentDirectoryW
FlsAlloc
FlsGetValue
FlsSetValue
ADVAPI32.dll OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
GDI32.dll SelectObject
DeleteObject
CreateFontIndirectW

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x14d6
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.83018
Detected Filetype PNG graphic file
MD5 a1d45844f0ae7524571ad85b9facfaf7
SHA1 9657884fe50a7365ef2179817441e22782525946
SHA256 b37b8f3bd9c3660579dce2bc655ab47b7f2c24d19d6e9f1452fc2a28241043fe
SHA3 dc52fd70adee8e4b8c0618c24d2a742f96e2509bd5a37b1615cd08a5a48eaa72

1 (#2)

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.51664
Detected Filetype Icon file
MD5 a5e26bd1c4eedfaa2c074b65083c6f77
SHA1 55ec4f96d3b0b4a9f3a072905db41ff6f468c433
SHA256 45891362ef847244ca91bfc944930b4b338cc31981a1ac1154b488d85b5aedee
SHA3 875b6aadacb7dc63ff24bad463ebee01589ec0c60b571d7624138af28cbb6836

1 (#3)

Type RT_MANIFEST
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x50d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.25791
MD5 84da8dee6b319ea0b10b6de5489c6aae
SHA1 5f8991f3e065fd95614859a293f88b9c70e4bb23
SHA256 abf8f2022f12f350789d961aceaf9ccfd53e7ec58d8c9934cfce77779b4eac11
SHA3 08f0562915b54bedce5a84e9d32cb2efcc538268785103b1852338e20a3b4606

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2025-Dec-07 01:40:35
Version 0.0
SizeofData 816
AddressOfRawData 0x3cf78
PointerToRawData 0x3c178

TLS Callbacks

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140041040
GuardCFCheckFunctionPointer 5368894648
GuardCFDispatchFunctionPointer 0
GuardCFFunctionTable 0
GuardCFFunctionCount 0
GuardFlags (EMPTY)
CodeIntegrity.Flags 0
CodeIntegrity.Catalog 0
CodeIntegrity.CatalogOffset 0
CodeIntegrity.Reserved 0
GuardAddressTakenIatEntryTable 0
GuardAddressTakenIatEntryCount 0
GuardLongJumpTargetTable 0
GuardLongJumpTargetCount 0

RICH Header

XOR Key 0x361d01a7
Unmarked objects 0
C++ objects (33140) 183
C objects (33140) 12
ASM objects (33140) 10
253 (35207) 3
ASM objects (35207) 9
C objects (35207) 17
C++ objects (35207) 40
Imports (33140) 11
Total imports 159
C objects (35213) 27
Linker (35213) 1

Errors