| Architecture |
IMAGE_FILE_MACHINE_I386
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date |
2026-May-31 19:05:54
|
| TLS Callbacks |
3 callback(s) detected.
|
| Info |
Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
|
| Suspicious |
The PE is possibly packed. |
Unusual section name found:
Unusual section name found:
Unusual section name found:
The PE only has 2 import(s).
|
| Suspicious |
The file contains overlay data. |
525312 bytes of data starting at offset 0xba7000.
|
| Malicious |
VirusTotal score: 14/69 (Scanned on 2026-06-01 23:01:56) |
APEX:
Malicious
Bkav:
W32.Malware.40480A5B
CrowdStrike:
win/malicious_confidence_90% (D)
Cylance:
Unsafe
Cynet:
Malicious (score: 100)
ESET-NOD32:
Win64/GenKryptik.HRNP trojan
Elastic:
malicious (high confidence)
Google:
Detected
McAfeeD:
ti!C9FA34B03FB4
Microsoft:
Trojan:Win32/Wacatac.B!ml
Rising:
Trojan.Kryptik!8.8 (TFE:5:ylTWtAZpILE)
SentinelOne:
Static AI - Suspicious PE
Skyhigh:
BehavesLike.Win32.Trojan.rc
VBA32:
Malware-Cryptor.Inject.gen
|
| MD5 |
4de2bfe44d63e0c4aab1791740e0880e
|
| SHA1 |
0013d3db8c4990383dd0ce339cc533ea6109235e
|
| SHA256 |
c9fa34b03fb4610d903ae3e2552078cf2e18e2c82a5aa87a1306cc3f4f74c39e
|
| SHA3 |
24650e5408389802517316ba16917507dae7b459fd83bef9eb8c4b70cc1c0a38
|
| SSDeep |
196608:SXW4FMt2Flmr/1+qyjNc6SV4yndoKO4TFBSg0GrUgyQDr3AH0zN0W:gW4FM/r/eZc6Udo8eg0GrULUr
|
| Imports Hash |
89cbd0d03f658f7b76d6cfbf08bc6fa4
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x80
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections |
12
|
| TimeDateStamp |
2026-May-31 19:05:54
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xe0
|
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
|
| Magic |
PE32
|
| LinkerVersion |
2.0
|
| SizeOfCode |
0x7200
|
| SizeOfInitializedData |
0x2a8600
|
| SizeOfUninitializedData |
0xc00
|
| AddressOfEntryPoint |
0x0091433B (Section: )
|
| BaseOfCode |
0x1000
|
| BaseOfData |
0x9000
|
| ImageBase |
0x66d00000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
5.0
|
| ImageVersion |
1.0
|
| SubsystemVersion |
5.0
|
| Win32VersionValue |
0
|
| SizeOfImage |
0xbaf000
|
| SizeOfHeaders |
0x400
|
| Checksum |
0xc32ef2
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
| SizeofStackReserve |
0x200000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
a9d3e78238ea266cf92c1c06b8dbf05f
|
| SHA1 |
0e2c4f51e46e81a46c64f511fcf7853f41747f41
|
| SHA256 |
fc2050f26e560e13710dd5248f4750b1739c96e33dc8205362d64b055995ed6c
|
| SHA3 |
c20332c51a9a84ace072ab22a22c6998f00707dc7c1650b1ee38c8956799ab58
|
| VirtualSize |
0x7094
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0x7200
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
6.2458
|
| MD5 |
3d165531f7510a810571abdd2f0d8aa3
|
| SHA1 |
25b8cba531df314ff2b759d8bd7a8694a0aceb5b
|
| SHA256 |
2cbf22348ba4d9167e6d85694355672c6d2c29eb8ce7438963d36e2b098320a7
|
| SHA3 |
0895700d12b8a4ae3f4369eefbf1768baae40648000e2c715ef9cb6a396edb70
|
| VirtualSize |
0x1ded00
|
| VirtualAddress |
0x9000
|
| SizeOfRawData |
0x1dee00
|
| PointerToRawData |
0x7600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
4.11971
|
| MD5 |
97cf0d55cac09bc9f268e59418a9daca
|
| SHA1 |
0c5c688a4d6e8b58ad451a0434ffd9b0506ceacb
|
| SHA256 |
e2d827ba8806e6b15028802a21f4010b84a062a45f68366c4f3b1130d7ebf04f
|
| SHA3 |
68f784b7461ec2d6075e3115b70039be1a40c11a8e20b8e3cf2e69669c17e7f6
|
| VirtualSize |
0xed8
|
| VirtualAddress |
0x1e8000
|
| SizeOfRawData |
0x1000
|
| PointerToRawData |
0x1e6400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
5.09374
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0xa30
|
| VirtualAddress |
0x1e9000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
0b5a6942036c89f78b3a20affbaafa42
|
| SHA1 |
491dc2b87520a4cdb4e787037a134b14f5c940d5
|
| SHA256 |
e3a2fa55326a23b3f74ded2a29e9a28c8953efa993b1a92c55f02402a568c96b
|
| SHA3 |
31fa1f491836a85a3a49684d0f72f41103ffc256392d78fbc56b92d7cab32fa3
|
| VirtualSize |
0x5a
|
| VirtualAddress |
0x1ea000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x1e7400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
1.11928
|
| MD5 |
87332ff62f3fdce41b84705d1b50badf
|
| SHA1 |
41843531fd6492129f5834e1d40e1a7283b657ad
|
| SHA256 |
b3ff4783208866d908dcdef9f0ebb0aa7ad5c258126117e14de363f415637a5b
|
| SHA3 |
9dcf79a3d6e5c850d52c426f1655e7b2743e3b9f31cfcd1ba84dcb7c24951857
|
| VirtualSize |
0x520
|
| VirtualAddress |
0x1eb000
|
| SizeOfRawData |
0x600
|
| PointerToRawData |
0x1e7600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
6.54377
|
| MD5 |
0bee5128c5a280465ce5b94e946d11b2
|
| SHA1 |
5436f78500bc4117d9225ebc0bd954de31631a58
|
| SHA256 |
69f45ed6ceb88055e5e95c6ee001a8c1f52d06d98fc835b3c8ae1e4b38bc2ea8
|
| SHA3 |
85e96db18e39b05705b90c1b6a029b59d92c2e6aa5e230fe2eaa98346dc0ca8a
|
| VirtualSize |
0x2c
|
| VirtualAddress |
0x1ec000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x1e7c00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.205446
|
| MD5 |
bf619eac0cdf3f68d496ea9344137e8b
|
| SHA1 |
5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
|
| SHA256 |
076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
|
| SHA3 |
622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
|
| VirtualSize |
0x8
|
| VirtualAddress |
0x1ed000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x1e7e00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0
|
| MD5 |
f78661c08377fad0651b8112a5b196df
|
| SHA1 |
5be132ff9eb217990d5b70c4462d8ef02e74c446
|
| SHA256 |
c08d286b105644ace025a159de449e715edbf734cad56e2d7477e75e1395259a
|
| SHA3 |
7032aa9c3b4e3ca7af8de2b745c63beb09c10258e9b6103cb2e135d34cc7d7d1
|
| VirtualSize |
0x6f329f
|
| VirtualAddress |
0x1ee000
|
| SizeOfRawData |
0x6f3400
|
| PointerToRawData |
0x1e8000
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
7.90594
|
| MD5 |
f24f00a33093a9b7be53e19fca8cc08e
|
| SHA1 |
c6ba12a4e69b831c50ea259eb54d20bb8f831c60
|
| SHA256 |
297fe6670125f4dd90d45f4f2f3bf9e19691cd295b2b4780d6b2506d212ae411
|
| SHA3 |
960539ca7049ae53c447c4e1e2af9ca319d743fda1a2ae2f2b677477665fb25e
|
| VirtualSize |
0x2c
|
| VirtualAddress |
0x8e2000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x8db400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.179433
|
| MD5 |
6a3435c430ea6887ef23bae82bf6dbee
|
| SHA1 |
e7e0ac82216aa8d4e320b7ab10ebd52d4bc68c33
|
| SHA256 |
2a595c58d3003ee865bdaff6ada984a885869c50d3a14d34c412ee6c915cd428
|
| SHA3 |
8ee3fd42ae306e199c06da20375c5fb0798269048a7e7cae52321c4b9ba9865f
|
| VirtualSize |
0x209c2e
|
| VirtualAddress |
0x8e3000
|
| SizeOfRawData |
0x209e00
|
| PointerToRawData |
0x8db600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
7.96235
|
| MD5 |
7942c968cd6a89a2ded1cf7b03f8aca9
|
| SHA1 |
342155f6c7291b730e2652b6d12663fcdb353e5b
|
| SHA256 |
5a33b22c2afb3812d49ed88521d9a3bac8d06bd51b85b118905bdcc879c45ce8
|
| SHA3 |
785e296e393b0fb748803f316655319fbc77c9768eb49ff1464f37cc65b9dd2a
|
| VirtualSize |
0xc1ac0
|
| VirtualAddress |
0xaed000
|
| SizeOfRawData |
0xc1c00
|
| PointerToRawData |
0xae5400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
| Entropy |
5.91118
|
| KERNEL32.dll |
ConvertThreadToFiber
|
| msvcrt.dll |
__mb_cur_max
|
| StartAddressOfRawData |
0x66eed000
|
| EndAddressOfRawData |
0x66eed004
|
| AddressOfIndex |
0x66ee9028
|
| AddressOfCallbacks |
0x677408f4
|
| SizeOfZeroFill |
0
|
| Characteristics |
IMAGE_SCN_TYPE_REG
|
| Callbacks |
0x67628EC8
0x66D01540
0x66D014F0
|
[*] Warning: Section .bss has a size of 0!