| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2023-Jun-08 01:09:43 |
| Detected languages |
English - United States
|
| TLS Callbacks | 2 callback(s) detected. |
| Suspicious | The PE is possibly packed. | Unusual section name found: .buildid |
| Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
| Suspicious | The PE is possibly a dropper. | Resources amount for 84.8058% of the executable. |
| Safe | VirusTotal score: 0/72 (Scanned on 2026-02-15 22:14:34) | All the AVs think this file is safe. |
| e_magic | MZ |
|---|---|
| e_cblp | 0x78 |
| e_cp | 0x1 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0 |
| e_ss | 0 |
| e_sp | 0 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x78 |
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections | 7 |
| TimeDateStamp | 2023-Jun-08 01:09:43 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xf0 |
| Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_RELOCS_STRIPPED
|
| Magic | PE32+ |
|---|---|
| LinkerVersion | 14.0 |
| SizeOfCode | 0x1e00 |
| SizeOfInitializedData | 0x17600 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x0000000000001140 (Section: .text) |
| BaseOfCode | 0x1000 |
| ImageBase | 0x140000000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 6.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 6.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x1f000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0x2060a |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
| api-ms-win-crt-heap-l1-1-0.dll |
_set_new_mode
calloc free malloc |
|---|---|
| api-ms-win-crt-private-l1-1-0.dll |
__C_specific_handler
memcpy |
| api-ms-win-crt-runtime-l1-1-0.dll |
__p___argc
__p___argv __p___wargv __p__wcmdln _cexit _configure_narrow_argv _configure_wide_argv _crt_at_quick_exit _crt_atexit _initialize_narrow_environment _initialize_wide_environment _initterm _set_app_type _set_invalid_parameter_handler abort exit signal |
| api-ms-win-crt-stdio-l1-1-0.dll |
__acrt_iob_func
__p__commode __p__fmode __stdio_common_vfprintf __stdio_common_vfwprintf __stdio_common_vswprintf fwrite |
| api-ms-win-crt-string-l1-1-0.dll |
_wcsdup
memset strlen strncmp wcslen |
| USER32.dll |
MessageBoxW
|
| KERNEL32.dll |
DeleteCriticalSection
EnterCriticalSection GetLastError GetProcAddress GetStartupInfoW InitializeCriticalSection LeaveCriticalSection LoadLibraryW SetDllDirectoryW SetUnhandledExceptionFilter Sleep TlsGetValue VerSetConditionMask VerifyVersionInfoW VirtualProtect VirtualQuery |
| api-ms-win-crt-math-l1-1-0.dll |
__setusermatherr
|
| api-ms-win-crt-environment-l1-1-0.dll |
__p__environ
__p__wenviron |
| api-ms-win-crt-time-l1-1-0.dll |
__daylight
__timezone __tzname _tzset |
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2023-Jun-08 01:09:43 |
| Version | 0.0 |
| SizeofData | 25 |
| AddressOfRawData | 0x501c |
| PointerToRawData | 0x341c |
| StartAddressOfRawData | 0x140008000 |
|---|---|
| EndAddressOfRawData | 0x140008008 |
| AddressOfIndex | 0x140006128 |
| AddressOfCallbacks | 0x140003530 |
| SizeOfZeroFill | 0 |
| Characteristics |
IMAGE_SCN_ALIGN_8BYTES
|
| Callbacks |
0x0000000140001780
0x0000000140001800 |