cebc3c93d08150ec3c15e5c74a30bde30733a66bcc1b45ef52ae0146e5fb0ea3

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2026-Mar-19 00:08:57
Detected languages English - United States

Plugin Output

Info Matching compiler(s): MASM/TASM - sig1(h)
Info Interesting strings found in the binary: Contains domain names:
  • http://msdl.microsoft.com
  • http://msdl.microsoft.com/download/symbols/
  • microsoft.com
  • msdl.microsoft.com
Info Cryptographic algorithms detected in the binary: Uses known Mersenne Twister constants
Suspicious The PE contains functions most legitimate programs don't use. Possibly launches other programs:
  • system
 Can create temporary files:
  • CreateFileW
  • GetTempPathA
 Has Internet access capabilities:
  • InternetCloseHandle
  • InternetOpenA
  • InternetReadFile
  • InternetOpenUrlA
 Manipulates other processes:
  • WriteProcessMemory
Malicious VirusTotal score: 10/72 (Scanned on 2026-03-22 14:12:53) APEX: Malicious
Bkav: W64.AIDetectMalware
CrowdStrike: win/malicious_confidence_90% (W)
DeepInstinct: MALICIOUS
Elastic: malicious (high confidence)
Malwarebytes: Malware.AI.4243833521
MaxSecure: Trojan.Malware.300983.susgen
McAfeeD: ti!CEBC3C93D081
Symantec: ML.Attribute.HighConfidence
TrellixENS: Artemis!1682BDAC6744

Hashes

MD5 1682bdac6744d7a884327e3ad9d71bc0
SHA1 54bf8e8a429fb0b34ab28a62a4584f2117b0e17e
SHA256 cebc3c93d08150ec3c15e5c74a30bde30733a66bcc1b45ef52ae0146e5fb0ea3
SHA3 6c1551726a759fe46a7047a460c2f69343309ac812b7b63b6deca63e5c1761c5
SSDeep 12288:BWrkxa7tUCwvm/y+MlLiEibahOKrEIt6kbScObf2EGkuM3WmihtweQHFph0lhSM:0kAZ/74hGe6h0lhSMXlp7e
Imports Hash da72e01bf09230cfd5bdea6cf02ffe87

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2026-Mar-19 00:08:57
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x16f600
SizeOfInitializedData 0x32600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000016D42C (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x1a6000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 200877e30735d7b76b6718e77120f6be
SHA1 08af0a9c4f124bd6a9bf88b2c7312d3f0e3f17ec
SHA256 d9f55a6f6fb6d32fa848c5afbca078de1f2ec835c097d64dca66c605b667c70a
SHA3 31e64fb10005827be0deac26f3159ace384a7bac5d26f501f2e1b4e322a28898
VirtualSize 0x16f413
VirtualAddress 0x1000
SizeOfRawData 0x16f600
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.28157

.rdata

MD5 b87675addcf28d7a4239dbddb064d278
SHA1 83f31977365eb6463f87f5c5064465b03c3697db
SHA256 c9c3e748c7a3a81a3c0fc1a4a8002642fa9406a53df2923d61afa444e97bff11
SHA3 da84a027ab39d709b815e1b8842d8eddffe3af2d5b68993f00381f4ababf55f8
VirtualSize 0x2bfd2
VirtualAddress 0x171000
SizeOfRawData 0x2c000
PointerToRawData 0x16fa00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.65963

.data

MD5 439a3dbb9144a93ddf2ab0ecdbac86f9
SHA1 9111b85b9ae4037fcc74a291aac26983ec0388be
SHA256 7fac095035787806fd8ef5f16b1fa440b681fa8c34f122f0c4fb5b9300809075
SHA3 d2b807ca25f524877aa30176a9ec938ebbe08860d543f19610219de59804127c
VirtualSize 0x2848
VirtualAddress 0x19d000
SizeOfRawData 0xe00
PointerToRawData 0x19ba00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.1335

.pdata

MD5 6e74f92a0a96c29c986b7a659fd296c6
SHA1 c48196df3c17371495d627ba44ea6d4ee6a7d1fc
SHA256 154b11e0bd0e62fff2bd81359cd205e2779f32b4c18ced11103a04431b282297
SHA3 d4d1df77432bc71ba0edd16843f1a23c51010381b8df2befe6c9ac9b16436c53
VirtualSize 0x360c
VirtualAddress 0x1a0000
SizeOfRawData 0x3800
PointerToRawData 0x19c800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.52576

.rsrc

MD5 3c5d285d97b6063882c52a6581e80c38
SHA1 48c07be174c0387ce074ea00fb8c8cc494142188
SHA256 ab9a048f9917356de38bcb3959ac45c345168c1513c3975ab131b33098656a2c
SHA3 9dad39a1d2586dcb3b169564cac84805e69561058e0079e3ea206c84aa4ca730
VirtualSize 0x1e8
VirtualAddress 0x1a4000
SizeOfRawData 0x200
PointerToRawData 0x1a0000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.77204

.reloc

MD5 974eccdafdac15378e5fd11475ed0113
SHA1 d9240d68d5bae6eac7e84ce660e41b6ceca24a18
SHA256 b1745209d21f3e0ae279c2129b66fd10dcf2432806dbbf5f53e463ac218784da
SHA3 1074d0bf9471aad8aac4191d46d5b1e397a69b0e3c53f21c4dff89be424b18a2
VirtualSize 0x1d0
VirtualAddress 0x1a5000
SizeOfRawData 0x200
PointerToRawData 0x1a0200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.92466

Imports

WININET.dll InternetCloseHandle
InternetOpenA
InternetReadFile
InternetOpenUrlA
KERNEL32.dll LocalFree
FormatMessageA
GetLocaleInfoEx
RemoveVectoredExceptionHandler
WriteProcessMemory
WriteFile
CreateFileW
GetLastError
LoadLibraryA
CloseHandle
GetModuleHandleA
GetTempPathA
CreateDirectoryW
FindClose
GetFileInformationByHandleEx
MultiByteToWideChar
WideCharToMultiByte
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SleepConditionVariableSRW
Sleep
GetCurrentThreadId
WakeAllConditionVariable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
GetModuleHandleW
AreFileApisANSI
GetFileAttributesExW
FindFirstFileW
USER32.dll MessageBoxA
MSVCP140.dll ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
??7ios_base@std@@QEBA_NXZ
??Bios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Xbad_function_call@std@@YAXXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$numpunct@D@std@@2V0locale@2@A
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
_Mtx_unlock
_Query_perf_counter
_Mtx_lock
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Winerror_map@std@@YAHH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Id_cnt@id@locale@std@@0HA
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exceptions@std@@YAHXZ
?_Throw_Cpp_error@std@@YAXH@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Query_perf_frequency
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
VCRUNTIME140_1.dll __CxxFrameHandler4
VCRUNTIME140.dll __current_exception_context
_CxxThrowException
__C_specific_handler
memset
memmove
memchr
memcmp
__std_terminate
__current_exception
__std_exception_copy
__std_exception_destroy
memcpy
_purecall
api-ms-win-crt-stdio-l1-1-0.dll __stdio_common_vsprintf
fgetpos
setvbuf
ungetc
__stdio_common_vfprintf
fgetc
fsetpos
fwrite
_set_fmode
fclose
fflush
fread
_fseeki64
__acrt_iob_func
_get_stream_buffer_pointers
fputc
__p__commode
api-ms-win-crt-heap-l1-1-0.dll _callnewh
free
_set_new_mode
malloc
calloc
api-ms-win-crt-math-l1-1-0.dll _ldsign
_dclass
_fdclass
_ldclass
_fdsign
_dsign
__setusermatherr
ceilf
api-ms-win-crt-runtime-l1-1-0.dll _cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_get_initial_narrow_environment
_initterm
abort
_initterm_e
exit
_exit
__p___argc
__p___argv
_c_exit
_invoke_watson
_register_thread_local_exe_atexit_callback
system
_set_app_type
terminate
_seh_filter_exe
_errno
api-ms-win-crt-string-l1-1-0.dll wcscat_s
wcscpy_s
api-ms-win-crt-convert-l1-1-0.dll strtoul
api-ms-win-crt-filesystem-l1-1-0.dll _unlock_file
_lock_file
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale
___lc_codepage_func
localeconv

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x188
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.89623
MD5 b8e76ddb52d0eb41e972599ff3ca431b
SHA1 fc12d7ad112ddabfcd8f82f290d84e637a4d62f8
SHA256 165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8
SHA3 37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2026-Mar-19 00:08:57
Version 0.0
SizeofData 912
AddressOfRawData 0x1969e8
PointerToRawData 0x1953e8

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2026-Mar-19 00:08:57
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

StartAddressOfRawData 0x140196d98
EndAddressOfRawData 0x140196da0
AddressOfIndex 0x14019e360
AddressOfCallbacks 0x140171730
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x14019d040

RICH Header

XOR Key 0x32ca6685
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 16
ASM objects (35207) 4
C objects (35207) 10
C++ objects (35207) 38
Imports (35207) 6
Imports (33145) 7
Total imports 254
C++ objects (LTCG) (35223) 8
Resource objects (35223) 1
Linker (35223) 1

Errors

Leave a comment

No comments yet.