2c562aa5a8661b3a18e0c5dd007c4632075c104322360a00e958b04f07438460

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2025-Mar-23 00:34:06
Detected languages English - United States
CompanyName Microsoft Corporation
FileDescription
FileVersion 22502.1401.7.0
InternalName WinStore.App.exe
LegalCopyright ©️ Microsoft Corporation. All rights reserved.
OriginalFilename WinStore.App.exe
ProductName Windows Store
ProductVersion 22502.1401.7.0
Assembly Version 0.0.0.0

Plugin Output

Info Interesting strings found in the binary: Contains domain names:
  • github.com
  • https://github.com
Suspicious The PE is possibly packed. The PE only has 1 import(s).
Suspicious The PE is possibly a dropper. Resources amount for 85.9497% of the executable.
Suspicious VirusTotal score: 1/72 (Scanned on 2025-04-07 06:59:18) tehtris: Generic.Malware

Hashes

MD5 c615d31a844f232c726ccbfa688c5caf
SHA1 495c561c34fd053753d9b2a764e7d7376b436985
SHA256 2c562aa5a8661b3a18e0c5dd007c4632075c104322360a00e958b04f07438460
SHA3 fd65713ac7a169fc353deb7c61cfafca206ac77f5e9891beeb96525208b2cc7a
SSDeep 384:cN7+MWCvUmnwP3xah8co8r0i+LQehqHcfMmeNsm9MWlF:cN7hvUmV79
Imports Hash ca878514c158ef3e1c1ee824024717ca

DOS Header

e_magic MZ
e_cblp 0
e_cp 0
e_crlc 0
e_cparhdr 0
e_minalloc 0
e_maxalloc 0
e_ss 0
e_sp 0
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x40

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 4
TimeDateStamp 2025-Mar-23 00:34:06
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 11.0
SizeOfCode 0x200
SizeOfInitializedData 0x542e
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000009000 (Section: .text)
BaseOfCode 0x9000
ImageBase 0x180000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.2
ImageVersion 0.0
SubsystemVersion 6.2
Win32VersionValue 0
SizeOfImage 0xa000
SizeOfHeaders 0x600
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_APPCONTAINER
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0
SizeofHeapCommit 0
LoaderFlags 0
NumberOfRvaAndSizes 16

.rdata

MD5 2303bb6af3978486cfd8d57f5f5a13af
SHA1 dafd0ab12462732b8cea9b9a3a6d8943a8149d25
SHA256 23b2b52c53ad87ae4a421a5424c257a7bf15d42b96bbca09c48959ca06d73eba
SHA3 cc8f4c2eeab2d13ffd305bc7780bed4f8f29028026e81b48e91d123e970511da
VirtualSize 0x7c
VirtualAddress 0x1000
SizeOfRawData 0x200
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_128BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.05753

.data

MD5 e5ca6bac999a465483dd99441cad3522
SHA1 f7891dad135d47715f09b1e6a1d912dd6ea1073e
SHA256 dbb78c8abc9d96e9b3251b92da6f90997417ba76448ed7997ccb318d412a4fca
SHA3 99935935d24165d439ba281f59b3eafed33c8492357e872ef9348f04b9cd6095
VirtualSize 0x18
VirtualAddress 0x2000
SizeOfRawData 0x200
PointerToRawData 0x800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.0407808

.rsrc

MD5 369550ad08c91205819974f109e9fd17
SHA1 4c400879056a1345ad1c274ec952fe644507e857
SHA256 90d03a2e98af4f077dd3bb65f417216615fbe85df60dda031f9c045232eb49d1
SHA3 a2177283aaaabff66c5c9910cc809768fc6f1ea034864cef29c8709b6249c471
VirtualSize 0x539a
VirtualAddress 0x3000
SizeOfRawData 0x5400
PointerToRawData 0xa00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.24089

.text

MD5 75d5ac0869a90a57fe9a9b4484142be5
SHA1 16860caab1d4c8aeb431ef4e50f7dbe5a3fdf4c7
SHA256 25c2146b82afbfa0306e5bb29be7e0359cf8db3349b8664ecc40a321e18d50e7
SHA3 22bd0e616faf0051ab3a8bdbb9345a7155f86456b88a22ed1c2b10dd1e7aee2a
VirtualSize 0x8
VirtualAddress 0x9000
SizeOfRawData 0x200
PointerToRawData 0x5e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 0.149797

Imports

WinStore.App.dll RHBinder__ShimExeMain

Delayed Imports

1

Type NETNATIVEBUILDINFO
Language English - United States
Codepage UNKNOWN
Size 0x4d39
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.02529
MD5 febc791fe3e43921ac73353b91ace6b2
SHA1 bfd2cdf4b1690e97681fd58c9504072ce7c86aef
SHA256 0679a5d7cb14e6dd75e260551c3f753cd511470739af292d258c829f4481621c
SHA3 fb75fef3aafb0ec55bba777fddf560c1a92f9d6111a81cbb8963ccbf3428f397

1 (#2)

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x360
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.45371
MD5 ad055b146e516b9a328c0e5c9c0eaf7c
SHA1 9349e66a1a1d4d574984da71ace860e4b44539df
SHA256 faa1d3f8ed51761a8dbf7b578f2c8bf9e942fdba86fe5117d84b623218ca3c7d
SHA3 207de21351beda1febc56e9901c7510e14e2e55178353a2fa7ff8f6b557cba1f

1 (#3)

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0x1ea
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.00112
MD5 b7db84991f23a680df8e95af8946f9c9
SHA1 cac699787884fb993ced8d7dc47b7c522c7bc734
SHA256 539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a
SHA3 4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 22502.1401.7.0
ProductVersion 22502.1401.7.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
CompanyName Microsoft Corporation
FileDescription
FileVersion (#2) 22502.1401.7.0
InternalName WinStore.App.exe
LegalCopyright ©️ Microsoft Corporation. All rights reserved.
OriginalFilename WinStore.App.exe
ProductName Windows Store
ProductVersion (#2) 22502.1401.7.0
Assembly Version 0.0.0.0
Resource LangID UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.