a7be5139a0e325aa133d44ad786d401513f8dffb386a6c7c9095830cbd723138

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2025-Feb-19 17:54:27
Detected languages German - Germany

Plugin Output

Info Libraries used to perform cryptographic operations: Microsoft's Cryptography API
Suspicious The PE is possibly packed. Unusual section name found: .be0
Unusual section name found: .be1
Unusual section name found: .be2
The PE only has 5 import(s).
Suspicious The PE contains functions most legitimate programs don't use. Uses Microsoft's cryptographic API:
  • CryptCATAdminAcquireContext
  • CryptQueryObject
 Leverages the raw socket API to access the Internet:
  • htons
 Interacts with services:
  • DeleteService
Info The PE is digitally signed. Signer: BattlEye Innovations e.K.
Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Safe VirusTotal score: 0/64 (Scanned on 2026-05-08 05:08:32) All the AVs think this file is safe.

Hashes

MD5 3ff2ced93b42e3c0bdb118b022ad96df
SHA1 34abbce733ad5848176f89cc98d921e30bd242c1
SHA256 a7be5139a0e325aa133d44ad786d401513f8dffb386a6c7c9095830cbd723138
SHA3 f0394df7a5e3decd91fe6bf64de5729a233d98a7da669b823a7287acd17740a2
SSDeep 393216:IllFqaBp0tnJWRRdYYUKBEzphy96dXjhdjzIF6tlc5ho:AYnJqCPKqz86dNdnm6tlc5S
Imports Hash 0bfd891e6c49b3ef80af8a3e1b358e8d

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 10
TimeDateStamp 2025-Feb-19 17:54:27
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x37e00
SizeOfInitializedData 0xbfb400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00000000017AB8EA (Section: .be2)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.2
ImageVersion 0.0
SubsystemVersion 5.2
Win32VersionValue 0
SizeOfImage 0x26ef000
SizeOfHeaders 0x400
Checksum 0x135e617
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x37d40
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0xc796
VirtualAddress 0x39000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x6968
VirtualAddress 0x46000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x171c
VirtualAddress 0x4d000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x180
VirtualAddress 0x4f000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.be0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x762fef
VirtualAddress 0x50000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.be1

MD5 200baf394f46e5ef04e163db583e842a
SHA1 b64b1c0b5e0a64b82e911acc5a1674381428a367
SHA256 9c85f4ac92cf818af58a9bbfc47a60bbf3d34705126f522c4952ecc1ce08c9ad
SHA3 c1de27131d61db8576180b1166de14dc442d6f18c7d51c54532f7ebbdb2eec29
VirtualSize 0x80
VirtualAddress 0x7b3000
SizeOfRawData 0x200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.346693

.be2

MD5 4b6b29bd3564036361580f60b8d95a35
SHA1 15d60a50720d9cdba0050a5578f85342eba8f8ee
SHA256 b8fa55552f7d494a41c4fcc79372615dfe0fde8d2a3e7c2d33031dfa2338a160
SHA3 c1e3b7626d18545d3410844d643222c9075de870a7c70b44c89eb9beb3fcdcce
VirtualSize 0x13533b8
VirtualAddress 0x7b4000
SizeOfRawData 0x1353400
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
Entropy 7.96992

.rsrc

MD5 3c7beb1a91257a7135fd4d4aaa0699de
SHA1 1ec60d28edf6c8aef9f9f6d4285e69ef17e016bb
SHA256 d1ed020c86d7c52cb35d3d8da862b12376c330cce01f63a0154b3a7092310a9d
SHA3 99ed640021b5540ec3b5683896667c4a6a054ab4a032dbddee1f1bdfbbfe4c0f
VirtualSize 0xbe5fc8
VirtualAddress 0x1b08000
SizeOfRawData 0x200
PointerToRawData 0x1353a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.61922

.reloc

MD5 4750e0a76bf6943a10faf19f576dedc5
SHA1 98cf9e476817abb64a4694dfa602535b2c6b117b
SHA256 874df31d0024ec22cfb0c70359036d1b9fb972fa505a0d0efdfa213d62021671
SHA3 26d6ff87a1e4caceb10c5e0ce706b6d252aeeba0116de5a73f207cddda8db304
VirtualSize 0x108
VirtualAddress 0x26ee000
SizeOfRawData 0x200
PointerToRawData 0x1353c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 2.50825

Imports

WINTRUST.dll CryptCATAdminAcquireContext
CRYPT32.dll CryptQueryObject
WS2_32.dll htons
KERNEL32.dll Thread32First
ADVAPI32.dll DeleteService

Delayed Imports

101

Type RT_RCDATA
Language German - Germany
Codepage UNKNOWN
Size 0x77ee90
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

102

Type RT_RCDATA
Language German - Germany
Codepage UNKNOWN
Size 0x4670b0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

Version Info

TLS Callbacks

Load Configuration

Size 0x138
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140046008

RICH Header

Errors

[*] Warning: Section .text has a size of 0! [*] Warning: Section .rdata has a size of 0! [*] Warning: Section .data has a size of 0! [*] Warning: Section .pdata has a size of 0! [*] Warning: Section _RDATA has a size of 0! [*] Warning: Section .be0 has a size of 0! [!] Error: Resource 101 is bigger than the PE. Not trying to load it in memory. [!] Error: Resource 101 is bigger than the PE. Not trying to load it in memory. [!] Error: Resource 101 is bigger than the PE. Not trying to load it in memory. [!] Error: Resource 102 is bigger than the PE. Not trying to load it in memory. [!] Error: Resource 102 is bigger than the PE. Not trying to load it in memory. [!] Error: Resource 102 is bigger than the PE. Not trying to load it in memory. [!] Error: Resource 101 is bigger than the PE. Not trying to load it in memory. [!] Error: Resource 101 is bigger than the PE. Not trying to load it in memory. [*] Warning: Resource is empty! [!] Error: Resource 102 is bigger than the PE. Not trying to load it in memory. [!] Error: Resource 102 is bigger than the PE. Not trying to load it in memory. [*] Warning: Resource is empty! [!] Error: Resource 101 is bigger than the PE. Not trying to load it in memory. [!] Error: Resource 101 is bigger than the PE. Not trying to load it in memory. [!] Error: Resource 102 is bigger than the PE. Not trying to load it in memory. [!] Error: Resource 102 is bigger than the PE. Not trying to load it in memory.
Leave a comment

No comments yet.