c5354f847067d37023d71e553c77db2dd6041980fc10d1ac94784c43fc4a8c04

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2026-Apr-18 17:17:33

Plugin Output

Info Matching compiler(s): MASM/TASM - sig1(h)
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 d5a82bd2f5c630cef741af084f9f239e
SHA1 cc657da4f45e1ed2b044efd0307cf83eb869e9d5
SHA256 c5354f847067d37023d71e553c77db2dd6041980fc10d1ac94784c43fc4a8c04
SHA3 4ffa3cd39ac0375762291fab89fe81faf66767aecbe082b9f46711d9697d9f16
SSDeep 6144:OhfksOV1Y4VrI21ScY4fBa28hpYWRim8/J8kmCgOCKw8NnfDgsO6sF:XF1lz8kWQm8/JdDwynrgv6I
Imports Hash 6a1ba2f4740b2bf6b5523b91f4298774

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 4
TimeDateStamp 2026-Apr-18 17:17:33
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x57a00
SizeOfInitializedData 0x5200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000056180 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x5f000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 4fcc3826adddb8217c34f32e76f43787
SHA1 1e3d0ab6068a5c8013a62ea11e55fa37950cf7c7
SHA256 580cf2b85b5957f9d1dc1b675a86b34c22a2a05fed7354c9527acd80b8daa381
SHA3 b6eb0a97719c63c85c70300cfed1b4a19085a68aa126c01f38ae00900051f79b
VirtualSize 0x5785c
VirtualAddress 0x1000
SizeOfRawData 0x57a00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.45739

.data

MD5 286f18cddc68dbf4616b2dfc1a400be4
SHA1 f75a89b3d04a7c5714c4b5b977d75ec52bfa9c96
SHA256 9963178a038078b5be54b1fb329ced6d2f49c0345a57e7d0c9e20007ad50a86e
SHA3 6a9c2a3e462eaa6fb1741a1b6a34b7d818c6540c6796f02cabe3834fed4b98a8
VirtualSize 0x2c00
VirtualAddress 0x59000
SizeOfRawData 0x2600
PointerToRawData 0x57e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.46045

.idata

MD5 a4ff682dd73889a3ebb64850762733fd
SHA1 aba43a97981a55b6dccd2f5c1dfe26910d6767a6
SHA256 7e33eb53c44501e92545cf54b10cdce8ef9fba078c24541e89347d7548931451
SHA3 dd54bae7345c14c870ba614e190a41ae9c4506c13fbaf7a4e78dc0ccd8a0dd06
VirtualSize 0x1a20
VirtualAddress 0x5c000
SizeOfRawData 0x1c00
PointerToRawData 0x5a400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.45181

.reloc

MD5 2d388d7d29603291bcf8dbdfede86646
SHA1 de6fdcad3a5533669a937517147575187a78bd80
SHA256 062cdfe0d60beb435e790671d3f252f4adfed9a4037301b7c33c375ce91930e8
SHA3 c7e24bad8d3feae1e3ddc08c197a0a5ef65259b07422b97121427c55516e5d6d
VirtualSize 0x894
VirtualAddress 0x5e000
SizeOfRawData 0xa00
PointerToRawData 0x5c000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.10344

Imports

USER32.dll SetWindowPos
MonitorFromWindow
PostMessageA
GetSystemMetrics
ShowWindow
EndPaint
SetTimer
TrackMouseEvent
SetWindowTextA
GetMonitorInfoA
DefWindowProcA
CreateWindowExA
GetWindowRect
TranslateMessage
SendMessageA
SetCursor
SystemParametersInfoA
GetClientRect
PostQuitMessage
RegisterClassExA
UpdateWindow
ReleaseCapture
InvalidateRect
ReleaseDC
BeginPaint
LoadCursorA
DispatchMessageA
GetMessageA
AdjustWindowRectEx
SetLayeredWindowAttributes
GDI32.dll GetDeviceCaps
DeleteDC
SelectObject
CreateCompatibleBitmap
DeleteObject
gdiplus.dll GdipDeletePen
GdipDeleteFont
GdipDeleteStringFormat
GdipDeleteGraphics
GdipFillRectangleI
GdipCloneBrush
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipCreatePen1
GdipDrawPath
GdipFree
GdipClosePathFigure
GdipGraphicsClear
GdipFillPath
GdipCreateSolidFill
GdipCreateFont
GdipSetStringFormatLineAlign
GdipCreatePath
GdipSetSmoothingMode
GdipDeletePath
GdipAlloc
GdipDeleteBrush
GdipCreateFontFamilyFromName
GdipSetStringFormatAlign
GdipAddPathArcI
GdipDrawRectangleI
GdipSetStringFormatFlags
GdipDeleteFontFamily
GdipDrawString
GdiplusShutdown
GdiplusStartup
GdipCreateStringFormat
MSVCP140.dll ?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
KERNEL32.dll CreateThread
GetProcAddress
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetTickCount64
IsProcessorFeaturePresent
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
LoadLibraryA
MultiByteToWideChar
GetModuleHandleA
GetCurrentThreadId
OutputDebugStringA
GetStartupInfoW
VCRUNTIME140.dll __std_exception_destroy
memmove
__current_exception_context
__current_exception
_CxxThrowException
__C_specific_handler
memcmp
memcpy
memset
__std_exception_copy
api-ms-win-crt-stdio-l1-1-0.dll __stdio_common_vsprintf_s
__stdio_common_vsscanf
__stdio_common_vfprintf
fseek
fclose
__acrt_iob_func
fopen
fread
__p__commode
_set_fmode
__stdio_common_vsprintf
ftell
api-ms-win-crt-math-l1-1-0.dll floor
cos
tan
_dtest
nan
__setusermatherr
pow
round
fmod
log
sin
fabs
trunc
sqrt
ceil
api-ms-win-crt-runtime-l1-1-0.dll _register_thread_local_exe_atexit_callback
_c_exit
_errno
_exit
exit
abort
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_invoke_watson
_cexit
_seh_filter_exe
_set_app_type
_get_narrow_winmain_command_line
_initterm
_initterm_e
terminate
api-ms-win-crt-string-l1-1-0.dll isspace
isalnum
isxdigit
isalpha
isdigit
toupper
tolower
wcslen
api-ms-win-crt-convert-l1-1-0.dll strtoul
strtod
strtol
api-ms-win-crt-utility-l1-1-0.dll rand
api-ms-win-crt-heap-l1-1-0.dll free
_callnewh
malloc
_set_new_mode
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale
VCRUNTIME140_1.dll __CxxFrameHandler4

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2026-Apr-18 17:17:33
Version 0.0
SizeofData 740
AddressOfRawData 0xb3c4
PointerToRawData 0xa7c4

TLS Callbacks

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140059040

RICH Header

XOR Key 0xc6387974
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 16
ASM objects (35207) 4
C objects (35207) 10
C++ objects (35207) 26
Imports (35207) 6
Imports (33145) 9
Total imports 174
C++ objects (LTCG) (35225) 1
Linker (35225) 1

Errors

Leave a comment

No comments yet.