b4cdec1527ef7412eb1d9b1fc1ecb75d0cca6da7bbdcd866330927b649f24a48

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2026-Jun-01 18:07:53
Detected languages English - United States

Plugin Output

Suspicious The PE is possibly packed. Unusual section name found: .fptable
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
 Manipulates other processes:
  • WriteProcessMemory
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 c5151ea6520f375f24eccf07c86f8b54
SHA1 e160ce15e993653baf2d730f0e4ff1bc649bf2d8
SHA256 b4cdec1527ef7412eb1d9b1fc1ecb75d0cca6da7bbdcd866330927b649f24a48
SHA3 7d40f27b43682a7b5d8ab663e3b0a19c55f6b137fd5e4c604836f089592dcc55
SSDeep 1536:AUtkIGTCQYQ4WNMP1iiZl0b8VTVgoOVPybQE/wlggQ5sW8kcdw5wAKstq8e:JTGTCW4WN81Ib8rOVPyQFQIFw7Kso8e
Imports Hash 42f4bd0db53e731d7159fa614a4833a0

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 6
TimeDateStamp 2026-Jun-01 18:07:53
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0xcc00
SizeOfInitializedData 0x8a00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001436 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0xe000
ImageBase 0x10000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x1a000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 690d9343dc11b46255b44d2ab42e2159
SHA1 dab094f5390c613f0c1f43529fb0e43ef4666830
SHA256 51619b4a6914f0c12d2bb85fbc391ad6ba260fbf9856deae13062d4bf9992bf7
SHA3 201f5c9e8d5651f926a94112841b058019480245ac7aef4f0ffd7f1a6f1487b6
VirtualSize 0xca9f
VirtualAddress 0x1000
SizeOfRawData 0xcc00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.55548

.rdata

MD5 bc13939163226c074aa91b5bce1b3b09
SHA1 7fc9aee01d601b581cbda088006324285e258c27
SHA256 b79904fd26726af1b5c275d926e47376e47e9af63e4bceddd62afee5bfc9c8bd
SHA3 c442a13aaee138c215aa9ab6a1845b68ba073dffd4630dad209ef15657c2f5e3
VirtualSize 0x61d8
VirtualAddress 0xe000
SizeOfRawData 0x6200
PointerToRawData 0xd000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.89753

.data

MD5 049b859927607a4baf470ccc41fae9b2
SHA1 69c7b69886ef3782396ef90a9f4b380bf5e3a5ce
SHA256 687375a3b3b229a072a7e3464c57cc24040f79e62f7c077875784059dc609cc1
SHA3 d71d4450e27d4407dff860e8ab4d00e8190ab9b3fc9733a5cb10dc55ebec7a86
VirtualSize 0x129c
VirtualAddress 0x15000
SizeOfRawData 0xa00
PointerToRawData 0x13200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.08434

.fptable

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x80
VirtualAddress 0x17000
SizeOfRawData 0x200
PointerToRawData 0x13c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.rsrc

MD5 c7a4e8ec050a078d37fff5197af953e2
SHA1 784777cf91f2e66d2365857920832d0aeb42b2f2
SHA256 0d3b93bdf46bf7f8f95b2d1f0a238f3fbc7a9febff472395d5b94c584dff2a9a
SHA3 efc3694772697746a97b725b084216e6d0148c7db1b1608bd6d592d64ad9e8da
VirtualSize 0x1e0
VirtualAddress 0x18000
SizeOfRawData 0x200
PointerToRawData 0x13e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.7123

.reloc

MD5 0379317b3d52e074b33d1605fee0d1f9
SHA1 15222b1645d97dda624e23670f1db35410e660a9
SHA256 d33dd22a55e4662d26363c7080f865914d89dbc4495f11bd03c146b676d9fe16
SHA3 5cc81c26756aacb588b84d89c0ff47883ccc36ba25cd6fde991c315992e30aff
VirtualSize 0xf50
VirtualAddress 0x19000
SizeOfRawData 0x1000
PointerToRawData 0x14000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.44556

Imports

KERNEL32.dll WriteProcessMemory
VirtualProtect
GetCurrentProcess
FreeLibraryAndExitThread
GetModuleHandleA
Sleep
DisableThreadLibraryCalls
CloseHandle
CreateThread
WriteConsoleW
CreateFileW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionEx
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
DecodePointer
USER32.dll GetAsyncKeyState

Delayed Imports

2

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2026-Jun-01 18:07:53
Version 0.0
SizeofData 712
AddressOfRawData 0x131f8
PointerToRawData 0x121f8

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2026-Jun-01 18:07:53
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

Size 0xc0
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x10015000
SEHandlerTable 0x1001305c
SEHandlerCount 11

RICH Header

XOR Key 0x4d90a492
Unmarked objects 0
ASM objects (35215) 11
C++ objects (35215) 137
C objects (35215) 19
ASM objects (35207) 18
C objects (35207) 15
C++ objects (35207) 30
Imports (35215) 5
Total imports 95
C++ objects (LTCG) (35219) 1
Resource objects (35219) 1
Linker (35219) 1

Errors

Leave a comment

No comments yet.