aa8af5fe1ab4064137e4f2cd1137bc8834d0f31e89974c005daff0987a8cafb7

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2024-Dec-06 09:21:09

Plugin Output

Suspicious The PE is possibly packed. Unusual section name found: .dqp7
Unusual section name found: .1ou1
Unusual section name found: .1h
Unusual section name found: .lukd
Unusual section name found: .inj
Unusual section name found: .h1
Unusual section name found: .i8at
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 dcfa3b3f8dd19ea95a6e687845ead25f
SHA1 2d7acf0f673f8d7cfbdaf63725cbd51c15b71e39
SHA256 aa8af5fe1ab4064137e4f2cd1137bc8834d0f31e89974c005daff0987a8cafb7
SHA3 2cfdc868f753abe7e3fd8e137350c3d46f97072ff19519fa3822377ba809fa97
SSDeep 768:3m0GMeGf9l0nLN8s8y828vw+IwuExJKUQ2VA5lucbtF/6OFTCfYQQwQJRh23O:3nGg0L6PI+K6cEOAfYQQw6Rh23O
Imports Hash bddd5e609f771c4808892f87ec4074e5

DOS Header

e_magic MZ
e_cblp 0x78
e_cp 0x1
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0
e_ss 0
e_sp 0
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x78

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2024-Dec-06 09:21:09
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x7c00
SizeOfInitializedData 0x3400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000008730 (Section: .dqp7)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 0.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x11000
SizeOfHeaders 0x400
Checksum 0xe5d0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x2000000
SizeofStackCommit 0x100000
SizeofHeapReserve 0x4000000
SizeofHeapCommit 0x100000
LoaderFlags 0
NumberOfRvaAndSizes 16

.dqp7

MD5 caf7ea90658c1da0352e4a9f1e502d4c
SHA1 5c41ccdd4140c95ecd26c0bb6715bd7df6a4b0c9
SHA256 cacb3cbee9d39e1eb17420d450da113d95b4c84321fc2f1faec0ef948acfc9f2
SHA3 30e4d12ce604620fd85f169c29fe07da5b9202e620e98e813117fc06c5b9a598
VirtualSize 0x7bc6
VirtualAddress 0x1000
SizeOfRawData 0x7c00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.31985

.1ou1

MD5 ce1029f3a7027b26ba73cc20c5fb1a97
SHA1 bd4b29194920c0116813be1f128cd0cd62375c96
SHA256 09da5362b29cdbecc30408bf3e1676346cf700fe6e4410d3c9a879c8f08cf7bb
SHA3 d58865b4e5a432a49ee9ce291663d5ba95ecc8a28db4437818999dcd224fc14e
VirtualSize 0x23e4
VirtualAddress 0x9000
SizeOfRawData 0x2400
PointerToRawData 0x8000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.33354

.1h

MD5 47e11e7cdc7cdcd1769f053bb4b06ee4
SHA1 9dcc7a26edd52b5595dba72edd59a0218d5663f2
SHA256 7fb78267c2ee6717a38570d43761e73c3eaf64e7547a491629b810c9d7ef37c7
SHA3 630fc89094008bf2ebeddc9a3f09d34b7b9aeffc537724bdbb52aa1644b8e40e
VirtualSize 0x7ec
VirtualAddress 0xc000
SizeOfRawData 0x400
PointerToRawData 0xa400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.44446

.lukd

MD5 a2c888039dcfc169d588c0ed678dbfd7
SHA1 315623ac6261b4dcc3159bd24ec85ec0a7ba5a8a
SHA256 205efae4a4c108536464a15cfbe4c121322cc41338552e616716e8151be3925c
SHA3 d29d8e3801e57b0cee2434aee7774bd7695bad49ac309d14abf6a97d835eeea7
VirtualSize 0x5e8
VirtualAddress 0xd000
SizeOfRawData 0x600
PointerToRawData 0xa800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.3146

.inj

MD5 1f354d76203061bfdd5a53dae48d5435
SHA1 aa0d33a0c854e073439067876e932688b65cb6a9
SHA256 4c6474903705cb450bb6434c29e8854f17d8324efca1fdb9ee9008599060883a
SHA3 991fbbd46bbd69198269fe6c247d440e0f8a7d38259b7a1e04b74790301d1d2b
VirtualSize 0x9
VirtualAddress 0xe000
SizeOfRawData 0x200
PointerToRawData 0xae00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.0203931

.h1

MD5 840edc10190d60a7af41194debef06a0
SHA1 6d74b8b86b5ff668e69e44cc255169da45203624
SHA256 f7b488dc47d4fa5414dd6e15de1149c7aa437b04c01e3371db06c8f454d8d6c5
SHA3 3c92be7e29b0b2c42b3a3588a894c31df93411e664069895187873d258e7347b
VirtualSize 0x1a8
VirtualAddress 0xf000
SizeOfRawData 0x200
PointerToRawData 0xb000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.295135

.i8at

MD5 78acfc946d69124e1ff3438f1f1ba663
SHA1 cfd632f0111430dbb61fb20d0f402996780b9555
SHA256 a01048ad112d0e258ffd1fe1451bcfec928564ebee27408af26fe93d27e6963d
SHA3 989803d156d775126a6f4f19cf02318ffb91af27741ae49df88fba7ba7f1eb87
VirtualSize 0x98
VirtualAddress 0x10000
SizeOfRawData 0x600
PointerToRawData 0xb200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.853047

Imports

msVCP140.DLL ?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
?_Xlength_error@std@@YAXPEBD@Z
keRNeL32.DlL AcquireSRWLockExclusive
FormatMessageA
GetCurrentProcessId
GetCurrentThreadId
GetLocaleInfoEx
GetModuleHandleW
GetSystemTimeAsFileTime
InitializeSListHead
LocalFree
QueryPerformanceCounter
ReleaseSRWLockExclusive
SetUnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
VcruntIME140.dLl _CxxThrowException
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
__std_exception_copy
__std_exception_destroy
__std_terminate
memcpy
memmove
aPi-mS-wIn-crt-RuNTiME-L1-1-0.dLl __p___argc
__p___argv
_c_exit
_cexit
_configure_narrow_argv
_crt_atexit
_exit
_get_initial_narrow_environment
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_register_onexit_function
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_set_app_type
exit
terminate
Api-mS-wIN-CRT-StDIO-L1-1-0.dLL __p__commode
_set_fmode
API-ms-wIn-cRt-MAth-l1-1-0.Dll __setusermatherr
ceilf
ApI-Ms-win-crt-heap-l1-1-0.DlL _callnewh
_set_new_mode
free
malloc
api-MS-WIn-cRT-LOcALE-l1-1-0.dll _configthreadlocale
api-MS-Win-CrT-string-l1-1-0.dLL strlen

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData 0x14000e000
EndAddressOfRawData 0x14000e008
AddressOfIndex 0x14000c2f8
AddressOfCallbacks 0x140009948
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x14000c040

RICH Header

Errors

Leave a comment

No comments yet.