dd0b6338ec452c5e92379dd24d1d8a61c5eec2708120445ea7164c82898509bf

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1970-Jan-01 00:00:00
Detected languages English - United States

Plugin Output

Suspicious PEiD Signature: XWD graphics format
HQR data file
Info Interesting strings found in the binary: Contains domain names:
  • readopensyncfilepipeStat.com
Info Cryptographic algorithms detected in the binary: Uses constants related to SHA256
Uses constants related to SHA512
Uses constants related to AES
Suspicious The PE is possibly packed. Unusual section name found: .xdata
Unusual section name found: .symtab
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
Functions which can be used for anti-debugging purposes:
  • SwitchToThread
Malicious VirusTotal score: 4/70 (Scanned on 2026-07-05 02:56:39) Bkav: W32.Malware.46BA4FBB
Cylance: Unsafe
McAfeeD: ti!DD0B6338EC45
Symantec: ML.Attribute.HighConfidence

Hashes

MD5 6718146e4031231d773e659160494a79
SHA1 1721c17a8b2fadc4e075375d439d4adc002ff719
SHA256 dd0b6338ec452c5e92379dd24d1d8a61c5eec2708120445ea7164c82898509bf
SHA3 9db493144c5f9dd5b2f58515ecad90b9a71dbfeb6835fd9109b423c6f898fa2a
SSDeep 24576:OJF4FiELz78A5mNQmJTxSJuLgqwcU0ducKEZyYLfdPcPZAspy4jTiWKrzK6Hh:OJF4gELz78A5d8/bQkYQOxKqGh
Imports Hash ed8b780a3ce7ca4aba78a21f6bc3d4e0

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0x8b
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 9
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0x273600
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 3.0
SizeOfCode 0x111600
SizeOfInitializedData 0x188600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000084AC0 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.1
ImageVersion 1.0
SubsystemVersion 6.1
Win32VersionValue 0
SizeOfImage 0x22ea000
SizeOfHeaders 0x600
Checksum 0x2a61e4
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 828137a78015b48dea718d47772cf7e9
SHA1 c4bd23cb6d4cf572343be8940699260bb1ed8000
SHA256 1f0a2af7a6e9a6c1afdfd1851a644bbc565079ce85980dd9a0de72cfc5ea3a39
SHA3 fed0c37d6a9b2e355f8c0b5dee936fdd7f27375f52cbf700a57ad30ee2bd28a6
VirtualSize 0x1115d1
VirtualAddress 0x1000
SizeOfRawData 0x111600
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.26978

.rdata

MD5 d73bf0c08d3ca0c6e4b2788757e6f46c
SHA1 323d27ea8744f4090bbb28fd6d7c97b68766ddf8
SHA256 ec5c9c10846acc52a909d0c37a904fcfcd77636eca2aa6d18821b317a4b1b065
SHA3 f7b3a944ce7e0f4830b279497ec417ae6fb832887778c95f83c5a1a4293b080a
VirtualSize 0x13fe18
VirtualAddress 0x113000
SizeOfRawData 0x140000
PointerToRawData 0x111c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.55611

.data

MD5 99f0ad4e799e71c5e4a83dc77437918a
SHA1 b8142dd7da59889cde3166cc6294da9480e0fde0
SHA256 28db4f3b732fdc4be406a61acee0ab688bb70f09456284dc184496c37be23a90
SHA3 0bf3f846777b77abc955a36ba73f9b60516dd7e7f80097a0927b830598bd546b
VirtualSize 0x205ec40
VirtualAddress 0x253000
SizeOfRawData 0x14800
PointerToRawData 0x251c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.8375

.pdata

MD5 4f4745b3f015e78d85dcaddc8e82cbb7
SHA1 18d754deb93cabd3d0786c0e566d0492e376ee62
SHA256 601fc33da518126b188701c67ebfd55292c70dff15bbe8b3aeb80ddb75039f3e
SHA3 0a959dd2319f62709a7a8a50ad0fdfff10d169069efc1c5d53bf5f9c162864ae
VirtualSize 0x7080
VirtualAddress 0x22b2000
SizeOfRawData 0x7200
PointerToRawData 0x266400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.39875

.xdata

MD5 ff36d22fb98763a02992f4658b8c61d5
SHA1 a1bdbfe959835678bfb4084416b79570ba4833dc
SHA256 5bcf7db4b14e2ece235e84ab4a0a9dc395952c220f5ec405ddc249de203094cd
SHA3 dae471e53fa99d0fec4305b0f170cf6067ddcdfd128c3e8de9584be4ccf5ef86
VirtualSize 0xb4
VirtualAddress 0x22ba000
SizeOfRawData 0x200
PointerToRawData 0x26d600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.78711

.idata

MD5 87c02b532ad0d9c1315f49558deefa3b
SHA1 125ea87c4a5c35a79c4eccf5e6a47bf16edf29fb
SHA256 1d4dd949a230e4670d665f2dab37184376e45c1207706a85e68e20f44db268d3
SHA3 ee394057850e2c91c14ab5284d54a130ec8f138e0794100ed7aad1cd497c6a97
VirtualSize 0x57c
VirtualAddress 0x22bb000
SizeOfRawData 0x600
PointerToRawData 0x26d800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.31501

.rsrc

MD5 f120af4047991d84c2e21849498e944c
SHA1 c9fefd1a71f97ae8ceabaeb4a5613f816d4bd436
SHA256 d5760799addee36611eccf8278571d93dd32bef63e50664f098ab852a48fae29
SHA3 746795bb6de827edf673bd5aa3965dbf056efd4206616e2456048d20215d0f20
VirtualSize 0x26a28
VirtualAddress 0x22bc000
SizeOfRawData 0x26c00
PointerToRawData 0x26de00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.98064

.reloc

MD5 e793d1a36e69a33e13b3b21f6cf978b1
SHA1 82b194e5efa9c317dd3c2494af9102cea8bbe15f
SHA256 be261875f14ce2af8087d7e7092ab17d8c3c9a32911f0da82bdf165b05af8407
SHA3 22e0922184c4e7fcd3f55125cb51d8fd3d1cc7fc7c960524d7d8b793fcd38cd3
VirtualSize 0x5650
VirtualAddress 0x22e3000
SizeOfRawData 0x5800
PointerToRawData 0x294a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.42014

.symtab

MD5 07b5472d347d42780469fb2654b7fc54
SHA1 943ae54f4818e52409fbbaf60ffd71318d966b0d
SHA256 3e67f4a7d14b832ff2a2433e9cf0f6f5720821f67148a87c0ee2595a20c96c68
SHA3 a70a3e18515c06557b62676f2a8eb6d7d41962d8c9c7c49f4641c429cc65b977
VirtualSize 0x4
VirtualAddress 0x22e9000
SizeOfRawData 0x200
PointerToRawData 0x29a200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.0203931

Imports

kernel32.dll GetProcAddress
LoadLibraryExW
WriteFile
WriteConsoleW
WerSetFlags
WerGetFlags
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
RtlVirtualUnwind
RtlLookupFunctionEntry
ResumeThread
RaiseFailFastException
QueryPerformanceCounter
PostQueuedCompletionStatus
LoadLibraryExW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetErrorMode
GetEnvironmentStringsW
GetCurrentThreadId
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler
AddVectoredContinueHandler

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x3ed
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.71737
Detected Filetype PNG graphic file
MD5 1381850bd0efbdd4677a03e7a5aa2dc2
SHA1 3b8bcb216380aea0f77d5228bb20a03ff000579b
SHA256 5c27d7c74af92be2da24ac6625e0acdfc361710905fb278acc7a869e83e15862
SHA3 825e7c302973c2fec7b0c62642b4cd16502dc3a018203f82fbb6a18fa2ffb2a2

2

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x7ac
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.86948
Detected Filetype PNG graphic file
MD5 e6bf79dd6c97d595e1dc31a478ce09b9
SHA1 aa4574ba60106d926972266da6de814cc19a100d
SHA256 ec26be5939946bfdd6b4a048cce00a66a49cab76c7349582c0aeef693d328e85
SHA3 cdcc8031e0494eefd5880bc426dcac250a2ae8a57bc9f86a244ca7d8dc8cc853

3

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0xc2d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.91716
Detected Filetype PNG graphic file
MD5 f22179874b2f94a4971d58e1e331467e
SHA1 222e3c1fcc6cf9f3b5a427b6f824896c8f1cfe27
SHA256 24f6c7e68878cadef6c3f898459f99d50d584df6e8719c1174ffb73d5c302763
SHA3 87b644c401336b90ea7841a038cb7057e0f26243db4e2e6fd9d8c47e801cf417

4

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x17cd
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.96101
Detected Filetype PNG graphic file
MD5 ca4fb92ced27dc5a752b9874125c0316
SHA1 acf4719a7a6e6ef99445dd10b53c012be1e71d16
SHA256 de7300cf9b296011c03521625c217f8d22edc49c69736e680a7d4fe7aaa09841
SHA3 d33987ce824be6008a19be133ba8113fe5f959e1ac92388c7641791dcdb417cb

5

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x24ef
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.9706
Detected Filetype PNG graphic file
MD5 6345bb7aedca9410e3da63e02dedbe13
SHA1 46bccbb1a43ba08660dc17622f23869fddca8ecf
SHA256 59b727ddbf4b1e004fce82813e10ce439777ff698b2944137aa7cd080c81e732
SHA3 46e443b6a37b7df69b4205dc12335d8ef05f02cd36a9c85810eb2fe6042420e7

6

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x7947
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.98143
Detected Filetype PNG graphic file
MD5 9d27202a5475423e4984e36cd660492d
SHA1 8fa9461025d4a4db8f9409c2fb85e0a0753e4784
SHA256 584476517d24841405ffe4658e11d39b8bd5bfe14c3c5fe06a0e294d5c1b7227
SHA3 47b91ed38601b2ea23819c702b505e280480eb5a9eb3c96bb88ab0013df1e8d5

7

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x19a2b
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.97685
Detected Filetype PNG graphic file
MD5 e6fbe1a3fd2b389fb171e2efcec37369
SHA1 e6ceb0cdd9423ec254da2d92b85430dbeaa7ba27
SHA256 e3fcbad6bc01ee3e61ad87b97014813c0e7f37baaefb8b6b497c744e5fa93b12
SHA3 0f28468d6ade0632c555469ec921c2469490856647ad29a1f2af542416ea72b7

0

Type RT_GROUP_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x68
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.93324
Detected Filetype Icon file
MD5 fafc697b9ac8ad0b7721f8a394657f9d
SHA1 c21c4231344a302172efce1a002958e9579e486f
SHA256 2fea2ea5bba5189570661697a4729b1e754e72088dbadc79452801b70cc10567
SHA3 702595569f98e0d415c2f793290187c09a1a029c7ed6c485ecee9310b653490a

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.