| Architecture |
IMAGE_FILE_MACHINE_I386
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date |
1970-Jan-01 00:00:00
|
| TLS Callbacks |
2 callback(s) detected.
|
| Suspicious |
The PE is possibly a dropper. |
Resources amount for 92.2361% of the executable.
|
| Suspicious |
VirusTotal score: 2/72 (Scanned on 2026-02-27 20:44:06) |
Jiangmin:
Trojan.Heur.aom
MaxSecure:
Trojan.Malware.300983.susgen
|
| MD5 |
59f4715f97404d72320f9414a06faf7d
|
| SHA1 |
71cb919128d94a06de315c72f562b74a2130c182
|
| SHA256 |
d11531eaece77695d187866bed3a4e1404cb20dd3e95b673eb408a68005b5af6
|
| SHA3 |
567c2dfb20f40f268a4c9ebc81d9125a1aafa43aaab16c8e7311ae89ef187748
|
| SSDeep |
3072:JpAZAijoMjNjwD1orEqBbmlfzgv1yyeSIehGIMBvISrDFJxaXMpspK2jOq8rImwS:3AZAiUMjNjwDyrdBbmlfkv1yyeSyIMBv
|
| Imports Hash |
99c7d7362e48495cd32aa3eca4b48100
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x80
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections |
8
|
| TimeDateStamp |
1970-Jan-01 00:00:00
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xe0
|
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
| Magic |
PE32
|
| LinkerVersion |
2.0
|
| SizeOfCode |
0x1c00
|
| SizeOfInitializedData |
0x2d000
|
| SizeOfUninitializedData |
0x600
|
| AddressOfEntryPoint |
0x000014C0 (Section: .text)
|
| BaseOfCode |
0x1000
|
| BaseOfData |
0x3000
|
| ImageBase |
0x400000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
4.0
|
| ImageVersion |
1.0
|
| SubsystemVersion |
4.0
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x33000
|
| SizeOfHeaders |
0x400
|
| Checksum |
0x22d5a
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| SizeofStackReserve |
0x200000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
755d2db4e20f70a564950a332b8ae7b0
|
| SHA1 |
424187df4e7ded8702612d01d551b972437230c0
|
| SHA256 |
77c589de2443149df5d0829c9c42c6ac5b37f3ff6bae0040896b64933cd54337
|
| SHA3 |
fa4c74ff8405e9ea3788b968353dfb0437cb4ef795ea039b9e3a898e156d6e25
|
| VirtualSize |
0x1ba4
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0x1c00
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
5.95228
|
| MD5 |
9854a3d458f5ccae16ca4f8702c438a8
|
| SHA1 |
c42c407c6fb5d80ca120b5feb152049f94601266
|
| SHA256 |
f82940b8977fa962e6d9d9ed030b239ecae3575b7a43c7aaf11f20f7d90fa00a
|
| SHA3 |
8e51cc34ee4ff9786936887728f386410c16b41197caa59d83f6102f417e708b
|
| VirtualSize |
0x30
|
| VirtualAddress |
0x3000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x2000
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.536302
|
| MD5 |
64c52704d1d0ee36a4a008234112795c
|
| SHA1 |
dab215f0a0e55b50bc56688724f7f9e6148f01a9
|
| SHA256 |
580964579b22d38fb771c6c3030bec0fdadb491b4eff1feec25e92fd41140adf
|
| SHA3 |
28cf8047035c33fe74c74b1fa0b4726cf334718c3666769b1eccc86d1c509872
|
| VirtualSize |
0x57c
|
| VirtualAddress |
0x4000
|
| SizeOfRawData |
0x600
|
| PointerToRawData |
0x2200
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
4.60896
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x450
|
| VirtualAddress |
0x5000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
53dff3479068b5080313dcc028f1869b
|
| SHA1 |
b5d23468f5a74a64c808d3122c9fd6c62b79680a
|
| SHA256 |
97da04bfa52aebd5c9a3e58eb8cbaef9b9d669cc0404d841b2629b0038c00881
|
| SHA3 |
74c932cd1c959ce60acd1456a38ca2632c1a692d484cdf4f7b7771bdfc246f83
|
| VirtualSize |
0x68c
|
| VirtualAddress |
0x6000
|
| SizeOfRawData |
0x800
|
| PointerToRawData |
0x2800
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
4.03385
|
| MD5 |
033d761f8a37ebb9f2c04b21e824d0c0
|
| SHA1 |
54a603f3a9ecd11654f077ffc99a3a7a29fdff0c
|
| SHA256 |
a26939ddaf9c20af5f6ff7f7db5014e83ad8a1497cade33307e8d7148986c303
|
| SHA3 |
9ba0d6c4dea7524728cc0c2c40e80011cb5f7f73983cca4786a386fffdd022ee
|
| VirtualSize |
0x34
|
| VirtualAddress |
0x7000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x3000
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.267208
|
| MD5 |
f1db91b86ca0c56dfcbb593282af3f7b
|
| SHA1 |
8bdd29cb91729b0044df1aca9fd0c934961a6c6f
|
| SHA256 |
bd4a931d3d6593020d5d50934fcd5c631399ec99b07cccb1b7babf9c8ed20dbc
|
| SHA3 |
78ff7fe0edbcafde750bb5253f7e9cc172051e31617bc1ba6090230c13b83bf5
|
| VirtualSize |
0x20
|
| VirtualAddress |
0x8000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x3200
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.204488
|
| MD5 |
e38721770f2ba5d10c5f04fedc6ec7aa
|
| SHA1 |
e45a6d0964d1e78b303ec380316033d0bbee0628
|
| SHA256 |
44c7b86860fa80bef31d8e0ded4ab9e8bb8b6012c2253ddc3b6f718167987781
|
| SHA3 |
cf08efa2739e6621637d38f21d2d87987ab54a1333c727cee4dd4d81845157da
|
| VirtualSize |
0x2a000
|
| VirtualAddress |
0x9000
|
| SizeOfRawData |
0x2a000
|
| PointerToRawData |
0x3400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
6.74424
|
| KERNEL32.dll |
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
|
| msvcrt.dll |
__dllonexit
__getmainargs
__initenv
__lconv_init
__set_app_type
__setusermatherr
__wgetmainargs
_acmdln
_amsg_exit
_cexit
_fmode
_initterm
_iob
_lock
_onexit
_unlock
calloc
exit
fprintf
free
fwrite
malloc
memcpy
signal
strlen
strncmp
_wexecv
abort
vfprintf
wcscat
wcscpy
wcslen
wprintf
_wcsdup
|
| USER32.dll |
MessageBoxW
wsprintfW
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
Latin 1 / Western European
|
| Size |
0x468
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.17047
|
| MD5 |
a45401804ea2b1852b9f76b2b53292c8
|
| SHA1 |
aa3108fc7bba42e02f67eca2e7732f3de3726368
|
| SHA256 |
1f4af459e9b3f748ca7b1a13afed25bf2fd2b18a086ac6ae37230457c48e99ef
|
| SHA3 |
770f71191c1bb1d927c5bc7cf0ed229c596e5b9d5f593461118fb9f22c3976bd
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
Latin 1 / Western European
|
| Size |
0x10a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.14512
|
| MD5 |
e09bb714cd1860a741b4023684edd53d
|
| SHA1 |
139026d86860a233a844f720a15bd589d9f5a9a2
|
| SHA256 |
b33e2d94cba49d9fdfcdff3c1370ee2e13ba1ed98d9212bacc6bef3c988a083d
|
| SHA3 |
77dc1e0363047545e8c37b87a579ab7e0b5fc830a58de281160bcf544656f300
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
Latin 1 / Western European
|
| Size |
0x25a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.24752
|
| MD5 |
6c2f6e3c7dcedf8349138865d2fa5156
|
| SHA1 |
05b693c59948d2f1a26b55cad4c68ac491c6153f
|
| SHA256 |
64b4b34ef97a37f68717978daa0de5808be8ffff36c71dd7003ccee9e74d5426
|
| SHA3 |
d73a33c1e9bce54afbdd686f25daa37d86396a6bfda5ce53d832c64bc7fbafc1
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
Latin 1 / Western European
|
| Size |
0x4228
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.216
|
| MD5 |
6db630e4d95cfbd7887e3fb47f9d54d2
|
| SHA1 |
545f9cd3372e508b81c2443fe4e96eecf253fae4
|
| SHA256 |
31f08337cd0b4cd27f04031b250c482b3dd486926b44d894963d068868e89a91
|
| SHA3 |
06595b10fb4f2e14c622c2acde4dfc19b82d450dac6f5c24945d1b23f6880e5f
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
Latin 1 / Western European
|
| Size |
0x10828
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.1515
|
| MD5 |
9c672e948cd4deda187d59f84bdfd6ac
|
| SHA1 |
448293d08a2944276b492b562c15436f7bd24082
|
| SHA256 |
2962193004696badcd4203a22c731b29109fce27f4c75c629c7f6004f734daa8
|
| SHA3 |
c7f380125fe0e11f1dec0942cc9006c729322dbf6d3154dbe09deb7ba6aec826
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
Latin 1 / Western European
|
| Size |
0x11668
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.98544
|
| Detected Filetype |
PNG graphic file
|
| MD5 |
3be77e915be860f9461f220be6c5549e
|
| SHA1 |
bb2c7985760a40338a1920b6c9e68391a60cb630
|
| SHA256 |
0228fb37bce5996cde2ca749b2e9ae732234aa221d15d4633d0d8d743d2e7334
|
| SHA3 |
599ac952911da348692e2043d7a2ac3029d428ba4747b183459ecfb417faa42c
|
| Type |
RT_GROUP_ICON
|
| Language |
UNKNOWN
|
| Codepage |
Latin 1 / Western European
|
| Size |
0x5a
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.80232
|
| Detected Filetype |
Icon file
|
| MD5 |
91ef1b0102558849616c8de3f196a549
|
| SHA1 |
5d0a1df23cd4c835e688d7961d0a96ddd5532555
|
| SHA256 |
d966072f66fcaac63e5aaed2d25b3f0c404da5aba568ca2d9f0f370651a08f1f
|
| SHA3 |
654d2020615184509884f463cf8bb4c6761b87d47b8b293b4cbd0b5a245bb790
|
| StartAddressOfRawData |
0x408000
|
| EndAddressOfRawData |
0x40801c
|
| AddressOfIndex |
0x40502c
|
| AddressOfCallbacks |
0x407020
|
| SizeOfZeroFill |
0
|
| Characteristics |
IMAGE_SCN_TYPE_REG
|
| Callbacks |
0x00401940
0x004018F0
|
[*] Warning: Section .bss has a size of 0!
d11531eaece77695d187866bed3a4e1404cb20dd3e95b673eb408a68005b5af6