dc9f905c0168555f72708983b46dcf07272e28c44750ef14b506ff8f5ce57127

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2025-Dec-01 04:10:30
Detected languages English - United States
Debug artifacts C:\Users\anett\source\repos\ACTUALIZADOR CALLEJERO\x64\Release\ACTUALIZADOR CALLEJERO.pdb

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: Miscellaneous malware strings:
  • cmd.exe
 Contains domain names:
  • gist.githubusercontent.com
  • githubusercontent.com
  • http://ridgecrop.co.uk
  • http://ridgecrop.co.uk/download/fat32format.zip
  • https://gist.githubusercontent.com
  • https://gist.githubusercontent.com/ELCALLEJONGAMER/53cee7633c14ce12f8458143f35f19eb/raw/packsatmos.txt
  • ridgecrop.co.uk
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Suspicious The PE is possibly packed. Unusual section name found: .fptable
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
 Possibly launches other programs:
  • CreateProcessW
 Can create temporary files:
  • CreateFileA
  • CreateFileW
  • GetTempPathW
 Has Internet access capabilities:
  • InternetReadFile
  • InternetOpenUrlA
  • InternetOpenA
  • InternetCloseHandle
 Functions related to the privilege level:
  • CheckTokenMembership
 Enumerates local disk drives:
  • GetVolumeInformationA
  • GetDriveTypeA
Malicious VirusTotal score: 29/72 (Scanned on 2026-02-06 02:45:45) ALYac: Gen:Variant.Application.Tedy.41798
APEX: Malicious
Antiy-AVL: Trojan/Win32.Yomal
Arcabit: Trojan.Application.Tedy.DA346
BitDefender: Gen:Variant.Application.Tedy.41798
Bkav: W64.AIDetectMalware
CAT-QuickHeal: Trojan.Ghanarava.17696915292ab4f2
CTX: exe.trojan.yomal
CrowdStrike: win/malicious_confidence_90% (W)
DeepInstinct: MALICIOUS
Elastic: malicious (high confidence)
Emsisoft: Gen:Variant.Application.Tedy.41798 (B)
GData: Gen:Variant.Application.Tedy.41798
Google: Detected
Lionic: Trojan.Win32.Yomal.4!c
MaxSecure: Trojan.Malware.325937538.susgen
McAfeeD: ti!DC9F905C0168
MicroWorld-eScan: Gen:Variant.Application.Tedy.41798
Microsoft: Trojan:Win32/Yomal!rfn
Paloalto: generic.ml
Sangfor: Trojan.Win32.Agent.Vapg
Symantec: ML.Attribute.HighConfidence
Trapmine: suspicious.low.ml.score
TrellixENS: Artemis!549776BBA0A9
TrendMicro-HouseCall: Trojan.Win32.Gen.TL0101AO26
VIPRE: Gen:Variant.Application.Tedy.41798
Varist: W64/ABTrojan.OCHJ-8427
ViRobot: Trojan.Win.Z.Agent.546304.AE
alibabacloud: Trojan:Win/Yomal.Gen

Hashes

MD5 549776bba0a90eed7ecae4cefd2ab4f2
SHA1 7c07a3909f49247644b664ea9e652f71bbbf7e8e
SHA256 dc9f905c0168555f72708983b46dcf07272e28c44750ef14b506ff8f5ce57127
SHA3 a4af2c01b517de288daff12cd586c78ff8759b9e5c90c4a976cf2ac00a3b7c20
SSDeep 6144:gwuWNtzCXRtrIbqPc5JuHK5wE4htpo682DiwQZBOM29aaDYZHeBs:gwxtXbHezu3e4c
Imports Hash 681384843c6e5d46d5a8768cd8ddc6d9

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x108

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2025-Dec-01 04:10:30
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x61600
SizeOfInitializedData 0x25600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000032F5C (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x8c000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 005c46c6477416531730c2ef41c07b18
SHA1 52ae430ba88cc840e833a6d6625d70ae29299c8f
SHA256 6b488891bbb70f022dd90020ede39ec7ad4849fde187e4e70e4b6f258c77fc7f
SHA3 67f54af3dfc4e963265b6c9430798a9f8933b1c4447f59e7b35b950e45b1e316
VirtualSize 0x61434
VirtualAddress 0x1000
SizeOfRawData 0x61600
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.45613

.rdata

MD5 9389ae97f473da5a25ed23eaac49425b
SHA1 6ea82926b0894c5d7538214977c176b5cf102897
SHA256 13768879a2a96203507d2eb202539d50285a3c1ae6cff36145352b0c850e15ae
SHA3 74e3356a7987520f0c95c6df426dfc9a6c5334d80a8a0dfd75f650143f2fcf98
VirtualSize 0x1c4aa
VirtualAddress 0x63000
SizeOfRawData 0x1c600
PointerToRawData 0x61a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.37229

.data

MD5 a309986890a1fb4864aec1ae35ef9b4a
SHA1 635b5f0b368cb38604f5917a0dd1628681065a50
SHA256 bd321fb6ddab74aa975aa10892883c9fc64c5950626733b72eefa93f3ab2467f
SHA3 3d7bb82981d1ec8aa013e0791df54e0723b0ada728eaff3b7eb9915586edf7b6
VirtualSize 0x3340
VirtualAddress 0x80000
SizeOfRawData 0x1a00
PointerToRawData 0x7e000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.40606

.pdata

MD5 afa739774e2f8fc6007c4596260ba6b8
SHA1 8a489ea8ae7e1081d599bc781f2635329a42d9ca
SHA256 cfe76e6f2409875e8cfe2689c24e273f3df2ab4ec0b41b9c6faf81d3608d59b6
SHA3 5c9346e0f869d1b9450a51b432a779a328aa18edbb77c9eb0cba2a76944d760e
VirtualSize 0x4a28
VirtualAddress 0x84000
SizeOfRawData 0x4c00
PointerToRawData 0x7fa00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.72709

.fptable

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x100
VirtualAddress 0x89000
SizeOfRawData 0x200
PointerToRawData 0x84600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.rsrc

MD5 e2d2f7647d61a156924612e95904ad1f
SHA1 7a47eb909928898bd871e80e9e8519ab0406bb49
SHA256 8f90a332b6d2e797f0776d7994f1572a3eab0df06c6c6407d5e397e93196b316
SHA3 1e1ba072c090753aac4bdc68bc0f53807e5424bcfb2c1a507b290455f1957c1e
VirtualSize 0x1e0
VirtualAddress 0x8a000
SizeOfRawData 0x200
PointerToRawData 0x84800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.71768

.reloc

MD5 ec7b6d40b808077ea08bd42034b272a3
SHA1 5b32a00800b748b4b2d1b4f47b2fbff2a1002437
SHA256 d3da99ca7a2d7ee95f4d1826e9ced5152d8b1dbfdc1d0dbfd04f99f8f55ca7f9
SHA3 3f7f01b0ffeb1767c95dd7ffe24c1dfd3b9320387a18caa59af085af908114b8
VirtualSize 0xb58
VirtualAddress 0x8b000
SizeOfRawData 0xc00
PointerToRawData 0x84a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.34531

Imports

KERNEL32.dll GetModuleFileNameW
SetErrorMode
GetVolumeInformationA
FillConsoleOutputCharacterW
CreateFileA
GetDriveTypeA
CloseHandle
FillConsoleOutputAttribute
SetConsoleOutputCP
SetConsoleCursorPosition
MultiByteToWideChar
WriteConsoleW
DeviceIoControl
GetStdHandle
SetVolumeLabelA
GetConsoleScreenBufferInfo
HeapSize
SetEndOfFile
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFinalPathNameByHandleW
SetFileInformationByHandle
SetFileTime
GetTempPathW
AreFileApisANSI
GetLastError
GetModuleHandleW
GetProcAddress
CopyFileW
CreateHardLinkW
GetFileInformationByHandleEx
CreateSymbolicLinkW
WideCharToMultiByte
LocalFree
FormatMessageA
GetLocaleInfoEx
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
GetCurrentThreadId
LCMapStringEx
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
CompareStringEx
GetCPInfo
GetStringTypeW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetFileType
ReadFile
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
WriteFile
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
GetFileSizeEx
SetFilePointerEx
HeapAlloc
GetTimeZoneInformation
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
HeapFree
HeapReAlloc
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
VirtualProtect
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadConsoleW
SetStdHandle
RtlUnwind
ADVAPI32.dll FreeSid
CheckTokenMembership
AllocateAndInitializeSid
SHELL32.dll ShellExecuteExW
SHChangeNotify
WININET.dll InternetReadFile
InternetOpenUrlA
InternetOpenA
HttpQueryInfoA
InternetCloseHandle

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2025-Dec-01 04:10:30
Version 0.0
SizeofData 114
AddressOfRawData 0x766f4
PointerToRawData 0x750f4
Referenced File C:\Users\anett\source\repos\ACTUALIZADOR CALLEJERO\x64\Release\ACTUALIZADOR CALLEJERO.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2025-Dec-01 04:10:30
Version 0.0
SizeofData 20
AddressOfRawData 0x76768
PointerToRawData 0x75168

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2025-Dec-01 04:10:30
Version 0.0
SizeofData 920
AddressOfRawData 0x7677c
PointerToRawData 0x7517c

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2025-Dec-01 04:10:30
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140080080

RICH Header

XOR Key 0x37382ed6
Unmarked objects 0
C++ objects (33140) 194
C objects (33140) 17
ASM objects (33140) 8
ASM objects (35207) 10
C objects (35207) 17
C++ objects (35207) 91
Imports (33140) 9
Total imports 174
C++ objects (LTCG) (35216) 2
Resource objects (35216) 1
Linker (35216) 1

Errors

Leave a comment

No comments yet.