| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date |
2026-Jun-20 07:20:42
|
| TLS Callbacks |
2 callback(s) detected.
|
| Suspicious |
Strings found in the binary may indicate undesirable behavior: |
Contains obfuscated function names:
- 56 75 7b 7e 56 73 78 68 7b 68 63
|
| Suspicious |
The PE is possibly packed. |
Unusual section name found: .xdata
|
| Suspicious |
The PE contains functions most legitimate programs don't use. |
Memory manipulation functions often used by packers:
- VirtualAlloc
- VirtualProtect
|
| Suspicious |
No VirusTotal score. |
This file has never been scanned on VirusTotal.
|
| MD5 |
2408f08f64411363695f3b5386e1b51e
|
| SHA1 |
b3e096936e248a22a7c786a9b281162c26283b4f
|
| SHA256 |
df0834dd8022ea1dabb61d5879651ce4d0ece77e6da8fc8823e023e98568e834
|
| SHA3 |
e4280c03dbd4ff7e44f283c30970e3a15d517b203942e742d3eab5766aa98929
|
| SSDeep |
1536:barhyzCTeNqLAYkUh5WqNrKqHAnL54CMJ2v1m4zTyr2uAxs3W:WrhyeTeNqLB55WcrKqqWS1m4zTySuAx
|
| Imports Hash |
fd4501bb11597e6a4f9eb0a273d08434
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x80
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections |
10
|
| TimeDateStamp |
2026-Jun-20 07:20:42
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xf0
|
| Characteristics |
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
|
| Magic |
PE32+
|
| LinkerVersion |
2.0
|
| SizeOfCode |
0xa800
|
| SizeOfInitializedData |
0x4c00
|
| SizeOfUninitializedData |
0xac00
|
| AddressOfEntryPoint |
0x00000000000013E0 (Section: .text)
|
| BaseOfCode |
0x1000
|
| ImageBase |
0x140000000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
4.0
|
| ImageVersion |
0.0
|
| SubsystemVersion |
5.2
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x21000
|
| SizeOfHeaders |
0x400
|
| Checksum |
0x1cff5
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
| SizeofStackReserve |
0x200000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
557b3308ec186b156408777ad8eb4ab6
|
| SHA1 |
49a9772582e7853e576bec6adce3ddf55be799d1
|
| SHA256 |
528b4422eef3f8e37a5502910321919ed56279a5b1879f929e10a300ac72dbd4
|
| SHA3 |
88ec84339bec8760b8775a2fbd2ad6e2c9f2062c256be9360d50c1bf9a8defc4
|
| VirtualSize |
0xa620
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0xa800
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
6.29428
|
| MD5 |
06a3757d8313478713748fc5723e95d6
|
| SHA1 |
a8bc9f642897d82623e086c53bbe323bb04e091b
|
| SHA256 |
59539aa81a107f97bdb617403730524aaba2d8fd23cc16f251a83dd3e4fe755c
|
| SHA3 |
51f8eab3817ce365e76718eaa11cccc7aa7501a4f319766a11aabfbb49a437c7
|
| VirtualSize |
0x70
|
| VirtualAddress |
0xc000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0xac00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.464107
|
| MD5 |
d5e0214124b49bfc6bc44196a68e191e
|
| SHA1 |
d0dc957ad937b15590da828d4aaeeb771e4ff136
|
| SHA256 |
e44bad3cd67f50feaa673e93348427faf506f1d41c605168484a3754b456130f
|
| SHA3 |
d9c0ef6a8a62e0674ffb86ca911fbfbb65832257b13d82b0647c5ce7cc6ec84e
|
| VirtualSize |
0x2478
|
| VirtualAddress |
0xd000
|
| SizeOfRawData |
0x2600
|
| PointerToRawData |
0xae00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
3.643
|
| MD5 |
0d515248ae1f20331e1a6e4c7f2f1318
|
| SHA1 |
3916e2d4258ccd83d3535ac11f1f920c93755eba
|
| SHA256 |
bd626cac1116f0f8239089250f5be6607dee6e95c8faabc39cb5d08cbe28a1e2
|
| SHA3 |
f4f9c3be72673fc62b7a4dbd61155f2df2d1d0a6b8402d439c1c8115d0ff4269
|
| VirtualSize |
0x45c
|
| VirtualAddress |
0x10000
|
| SizeOfRawData |
0x600
|
| PointerToRawData |
0xd400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
3.53668
|
| MD5 |
40c3e831a788850e8d138f63140f84d2
|
| SHA1 |
9193c058b29f7674cbc61000f4ee8fb38e45eb14
|
| SHA256 |
47faffeb132edee4e789aa24f29665bf8ff9cc061ed4a57a2b66e83f44c1cd08
|
| SHA3 |
f286ecd1287e82e3177e1ebae273f4ca2bce7ff1afaa4293981543ba46091fd0
|
| VirtualSize |
0x40c
|
| VirtualAddress |
0x11000
|
| SizeOfRawData |
0x600
|
| PointerToRawData |
0xda00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
3.27544
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0xac00
|
| VirtualAddress |
0x12000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
69cb1caab76c901a09e8a261f854bcc5
|
| SHA1 |
40ef7c03fefdb62613bb9d0ba43794910da075c2
|
| SHA256 |
90c6e1ff509243ebca7d018c198117da3d603f2f8437f1aa4c04a0c335fcebe4
|
| SHA3 |
b509209e51df2d37626a577d843796a26cb4392ec4ae50547385f9b31620e29d
|
| VirtualSize |
0xc04
|
| VirtualAddress |
0x1d000
|
| SizeOfRawData |
0xe00
|
| PointerToRawData |
0xe000
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
3.99877
|
| MD5 |
bf619eac0cdf3f68d496ea9344137e8b
|
| SHA1 |
5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
|
| SHA256 |
076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
|
| SHA3 |
622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
|
| VirtualSize |
0x10
|
| VirtualAddress |
0x1e000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0xee00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0
|
| MD5 |
9d3e2c0d5977fc65bac788ca9c666713
|
| SHA1 |
3258ec03fc6315a87594de229609b3dfb0485a43
|
| SHA256 |
55599d3f7a24e026197893101405b1543c07018cd5c0c6b2848e3328e482a248
|
| SHA3 |
1f68c2aebc70f92ec776c416bee3635222cf00b3a3c8c06dc46dfe3fa106fa1b
|
| VirtualSize |
0x4e8
|
| VirtualAddress |
0x1f000
|
| SizeOfRawData |
0x600
|
| PointerToRawData |
0xf000
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
4.78258
|
| MD5 |
51a2e5d9086fccb410572eb0060cc3da
|
| SHA1 |
0d13a8789824c55cdb47cba0eb56f71462c21f24
|
| SHA256 |
bb9e9d554b1e6fc4fc7a6b01a5e574dcd74cfefe34338f93ee69514ec70783eb
|
| SHA3 |
d9c4a3cd53971575cbbb054622402efa5c48dff7d0c21dfeaa03d74ecccb3c38
|
| VirtualSize |
0x6c
|
| VirtualAddress |
0x20000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0xf600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
| Entropy |
1.3212
|
| KERNEL32.dll |
AllocConsole
CloseHandle
CreateFileA
CreateFileMappingA
CreateWaitableTimerW
DeleteCriticalSection
EnterCriticalSection
GetConsoleMode
GetCurrentProcess
GetCurrentThread
GetFileSize
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcessHeap
GetStdHandle
GetSystemTimeAsFileTime
GetTickCount
GetTickCount64
HeapAlloc
HeapFree
HeapReAlloc
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MapViewOfFile
MultiByteToWideChar
ReadConsoleA
ReadFile
SetConsoleMode
SetConsoleTitleA
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
TlsGetValue
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WideCharToMultiByte
WriteConsoleA
__C_specific_handler
|
| msvcrt.dll |
___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_commode
_errno
_fmode
_initterm
abort
atexit
calloc
exit
fprintf
fputc
free
localeconv
malloc
memcmp
memcpy
memmove
signal
strerror
strlen
strncmp
strstr
vfprintf
wcslen
|
| USER32.dll |
DispatchMessageW
GetCursorPos
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
|
| Type |
RT_MANIFEST
|
| Language |
UNKNOWN
|
| Codepage |
UNKNOWN
|
| Size |
0x48f
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.13793
|
| MD5 |
5aa04ce935e78505e230765e85c34355
|
| SHA1 |
6c93b8c5fde8be4b2231dca6b8ec513cdc82c991
|
| SHA256 |
a73f26a8d504043f785d7360e8febf2eeb8522ec873a0d4dd5d1d4bfd1e67d3d
|
| SHA3 |
149467cafc03ba34b33cd8076fc2771413760822357952de205dbae2b5cb8059
|
| StartAddressOfRawData |
0x14001e000
|
| EndAddressOfRawData |
0x14001e008
|
| AddressOfIndex |
0x14001c12c
|
| AddressOfCallbacks |
0x14000f450
|
| SizeOfZeroFill |
0
|
| Characteristics |
IMAGE_SCN_TYPE_REG
|
| Callbacks |
0x0000000140003AF0
0x0000000140003AD0
|
[*] Warning: Section .bss has a size of 0!