Architecture |
IMAGE_FILE_MACHINE_AMD64
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date |
2024-Apr-01 17:31:47
|
Suspicious |
The PE is possibly packed. |
The PE only has 8 import(s).
|
Info |
The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
- GetProcAddress
- LoadLibraryA
|
Suspicious |
VirusTotal score: 1/72 (Scanned on 2024-04-02 06:38:43) |
APEX:
Malicious
|
MD5 |
a814f356ad4061dcec4eb4a07558c9ee
|
SHA1 |
61aa0bbb10904033ace49bd511d3b887a4e72e71
|
SHA256 |
effee5d56ee23683bde67d995a72ef3d2eba8ecb454366e80c07545f0993644f
|
SHA3 |
e7e9070564edfee9b6931f7a07c727d2e2e8eca22a866fb1c3a9dc7cde4d9218
|
SSDeep |
48:igr7MoLqgWH26SB/Is7H7eiY3QEKThahpyjn:5r7MUygAme33Q
|
Imports Hash |
ecef33b4bcc1c5f2be9c2220820a5773
|
e_magic |
MZ
|
e_cblp |
0x90
|
e_cp |
0x3
|
e_crlc |
0
|
e_cparhdr |
0x4
|
e_minalloc |
0
|
e_maxalloc |
0xffff
|
e_ss |
0
|
e_sp |
0xb8
|
e_csum |
0
|
e_ip |
0
|
e_cs |
0
|
e_ovno |
0
|
e_oemid |
0
|
e_oeminfo |
0
|
e_lfanew |
0xc8
|
Signature |
PE
|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections |
4
|
TimeDateStamp |
2024-Apr-01 17:31:47
|
PointerToSymbolTable |
0
|
NumberOfSymbols |
0
|
SizeOfOptionalHeader |
0xf0
|
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic |
PE32+
|
LinkerVersion |
14.0
|
SizeOfCode |
0x400
|
SizeOfInitializedData |
0x800
|
SizeOfUninitializedData |
0
|
AddressOfEntryPoint |
0x0000000000001250 (Section: .text)
|
BaseOfCode |
0x1000
|
ImageBase |
0x140000000
|
SectionAlignment |
0x1000
|
FileAlignment |
0x200
|
OperatingSystemVersion |
6.0
|
ImageVersion |
0.0
|
SubsystemVersion |
6.0
|
Win32VersionValue |
0
|
SizeOfImage |
0x5000
|
SizeOfHeaders |
0x400
|
Checksum |
0
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve |
0x100000
|
SizeofStackCommit |
0x100000
|
SizeofHeapReserve |
0x100000
|
SizeofHeapCommit |
0x1000
|
LoaderFlags |
0
|
NumberOfRvaAndSizes |
16
|
MD5 |
7e499ff2d22d5c26c4042961e5c7e35a
|
SHA1 |
1f10b3c705801df565e8f6b6ce91c1c11feaf4d5
|
SHA256 |
a1b3ab2e23168ea16fe5852d4caaf88b8c30e08f0b5bc6897a16ae2c250d8614
|
SHA3 |
8c087174361500b19ec244c2b5d621aeadc4f59d8a50237510d8da1947c6f533
|
VirtualSize |
0x2e0
|
VirtualAddress |
0x1000
|
SizeOfRawData |
0x400
|
PointerToRawData |
0x400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
Entropy |
4.88113
|
MD5 |
85a23506178ecffab4c48fcd007d8c6d
|
SHA1 |
c0982d9ca0d3479df68ba5b7907de2c916edffa2
|
SHA256 |
ae3e45363fa304e99f36c0c7c01e20e52ac974b7e49d62ee1d47e4370ab36afa
|
SHA3 |
333c9db6396528e04658115cecbb1da168bb6f930bedb54ac23b5a9b23a0bc68
|
VirtualSize |
0x35e
|
VirtualAddress |
0x2000
|
SizeOfRawData |
0x400
|
PointerToRawData |
0x800
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
Entropy |
3.8167
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
VirtualSize |
0x4
|
VirtualAddress |
0x3000
|
SizeOfRawData |
0
|
PointerToRawData |
0
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
MD5 |
62983343d0356c7e5761622ec706afc8
|
SHA1 |
99e4983a01008c3b9e270a41052831bf8cb625bd
|
SHA256 |
f4c685e9ea21d9b2e128ab758e07174e955b6fab7a47f2b35e186f3124d900c8
|
SHA3 |
014d143b38c2a23324a8bc56b6437f3f23e89d67c47fc7f970c8e857063f947b
|
VirtualSize |
0x18
|
VirtualAddress |
0x4000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0xc00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
Entropy |
0.210826
|
KERNEL32.dll |
GetStdHandle
CreateFileA
GetFileSizeEx
ReadFile
GetCurrentThread
GetProcAddress
LoadLibraryA
WriteConsoleA
|
Characteristics |
0
|
TimeDateStamp |
2024-Apr-01 17:31:47
|
Version |
0.0
|
SizeofData |
236
|
AddressOfRawData |
0x215c
|
PointerToRawData |
0x95c
|
XOR Key |
0x9668edd5
|
Unmarked objects |
0
|
Imports (30795) |
3
|
Total imports |
9
|
C objects (VS2022 Update 5 (17.5.0-2) compiler 32215) |
1
|
Linker (VS2022 Update 5 (17.5.0-2) compiler 32215) |
1
|
[*] Warning: Section .data has a size of 0!