b3abdeed3c63297bf495e8abf5f957c6a9de3f6429de152165ad8b2aaf20d632

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2026-Apr-02 22:19:08
Detected languages English - United States

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Suspicious The PE is possibly packed. Unusual section name found: .fptable
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
  • LoadLibraryExW
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 48cdbcfd0813c1a204616b5987e9dac4
SHA1 001bdcb85edfbf3d20f1fb85c64cf38349628f57
SHA256 b3abdeed3c63297bf495e8abf5f957c6a9de3f6429de152165ad8b2aaf20d632
SHA3 a9b337c2a05761c2643f93677dc0bbbce99f06037aba2930ceeca2b32125357c
SSDeep 6144:xnhc+5Kqan8wKEeBiJgiBVQm0qbQJeVsipDZSBz15AkD2GJ23ubVJzQnE:xmqF6hV7QJ4sixZSxv2Vurp
Imports Hash 8f77bff6f73db9088f3b909381a62134

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 6
TimeDateStamp 2026-Apr-02 22:19:08
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x44e00
SizeOfInitializedData 0x1da00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000BF30 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x46000
ImageBase 0x10000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x67000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 335504ef87b5ebbe83561f214280aa87
SHA1 80620d19576dcb2baa944c2a4a62580e366d2b3e
SHA256 2c8f879503bb4af4c564d403c4d32b83dcd35984b8ee40764f0033610e4eee0f
SHA3 0860d723c4ff6436df4b784ddec93707f7462eb351d199a12d52bab7c511fdcb
VirtualSize 0x44e00
VirtualAddress 0x1000
SizeOfRawData 0x44e00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.26761

.rdata

MD5 906f1366df799de2f26dd53e40fe7654
SHA1 1cf9f4de087b2de89cc16fb90eef77e1adb4c153
SHA256 ae7b4e3da897666c9a7d42504fa48e6bc6025090da0ee2c082d4d4d386e3040a
SHA3 43dbabc9583dfc999f093ee5814e07e96d052f16a9b942ffae72b664dd55883d
VirtualSize 0x17f4e
VirtualAddress 0x46000
SizeOfRawData 0x18000
PointerToRawData 0x45200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.86278

.data

MD5 2666a49c654ca8f6cec1db4eba0e4a02
SHA1 fb1dea5a3ce555f5de7d763b62f80a0a4ba2fa8e
SHA256 a0b27222d5ec33ee6407ee5e6401799004b510f6f5a1c06f3dc27c8cb2658822
SHA3 bd51f8c2fbcb5ca9b3ed538291e2fdd086a72083a83efa849328eee2dd819a43
VirtualSize 0x2264
VirtualAddress 0x5e000
SizeOfRawData 0x1000
PointerToRawData 0x5d200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.24174

.fptable

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x80
VirtualAddress 0x61000
SizeOfRawData 0x200
PointerToRawData 0x5e200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.rsrc

MD5 8ed2286a17cac5e598940139a531b450
SHA1 dbc7e411e10a5540ec42fe999ccdbde83761741b
SHA256 c5b8a1c22f17ea9e23a66076cd0c93b678b7135f7b970fbdb3d80db514dbd03d
SHA3 ad572d8685c87446a886e22fec8f8eac32cc0083ede6cb62b6aef7c30bebb7f4
VirtualSize 0x1e0
VirtualAddress 0x62000
SizeOfRawData 0x200
PointerToRawData 0x5e400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.71141

.reloc

MD5 cc3f9c683cb0adb773d672feebc50910
SHA1 52981857e1397567c0d195514d47a283a9dc1667
SHA256 2963a3ab1b0f21c8685db6f4acce0cd56950a6884f0655d7dc119a798c823f3c
SHA3 2de9de7535253d090b23b67bdeca55bc803d5b61ee57b5ca93cdaa7573f735bb
VirtualSize 0x30c0
VirtualAddress 0x63000
SizeOfRawData 0x3200
PointerToRawData 0x5e600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.61589

Imports

KERNEL32.dll VirtualProtect
GetModuleHandleA
Sleep
LoadLibraryA
CloseHandle
CreateThread
GetProcAddress
GetComputerNameA
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapValidate
GetSystemInfo
GetStdHandle
GetFileType
WriteFile
OutputDebugStringW
WriteConsoleW
HeapFree
HeapReAlloc
HeapSize
HeapQueryInformation
GetProcessHeap
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
SetStdHandle
CreateFileW
USER32.dll GetAsyncKeyState

Delayed Imports

2

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2026-Apr-02 22:19:08
Version 0.0
SizeofData 812
AddressOfRawData 0x5c138
PointerToRawData 0x5b338

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2026-Apr-02 22:19:08
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

Size 0xc0
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x1005e040
SEHandlerTable 0x1005bf74
SEHandlerCount 60

RICH Header

XOR Key 0x4829b8c9
Unmarked objects 0
ASM objects (33145) 14
C++ objects (33145) 160
C objects (33145) 22
ASM objects (35207) 19
C objects (35207) 14
C++ objects (35207) 71
Imports (33145) 7
Total imports 107
C++ objects (LTCG) (35219) 1
Resource objects (35219) 1
Linker (35219) 1

Errors

Leave a comment

No comments yet.