e049ec2276ce4108c6c3a06897935b8c44cd40d1247411a1070a9da341b6389f

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2025-Oct-19 16:05:18
TLS Callbacks 2 callback(s) detected.

Plugin Output

Safe VirusTotal score: 0/67 (Scanned on 2026-03-30 16:44:59) All the AVs think this file is safe.

Hashes

MD5 6484077ffda9689bb8fe72234df40657
SHA1 6c7b94b95c937df46f1c230102ffc6752edcb3e4
SHA256 e049ec2276ce4108c6c3a06897935b8c44cd40d1247411a1070a9da341b6389f
SHA3 cb460728509824f54059a0210e7ec071f7fa92565c044b682475716a7c0f7958
SSDeep 768:HLEzjUSgDTR6hcpgOGJpa85Ji5Gmu5v/fVX3PfpWjNrRZO:HLCUSKTR6hBzk85JiwNv1Ahr
Imports Hash 5651e0557f83681b25001a5ed917a769

DOS Header

e_magic MZ
e_cblp 0x78
e_cp 0x1
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0
e_ss 0
e_sp 0
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x78

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2025-Oct-19 16:05:18
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x5200
SizeOfInitializedData 0x4200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000001350 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0xf000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x1000000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 f82f62a3371b778af8f48c68af5181ec
SHA1 8d4865d0e190a2d3f02ea805a6f3a83d85878cd8
SHA256 bdd93f4342a0b5e22221bc21c8627f80a869d652b1223adf8f6b3bc215d1212b
SHA3 852b313b59ae3412aa548a1b800ddc77929d372eb63818d489a351db342998c6
VirtualSize 0x5186
VirtualAddress 0x1000
SizeOfRawData 0x5200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.38623

.rdata

MD5 92ca6bc2ae313871fadd959c7086c262
SHA1 fecf9ef81dec035717a0e7544e43d86e22d04856
SHA256 4b3fc90424473f7fe0efe6580b751fc8915a1d81bdc5f39e393fb50d78021c93
SHA3 7de098aee02603eba70c5eb67ef52cf2dfb0898261d3bdaac72b5ea21f1bf288
VirtualSize 0x37fc
VirtualAddress 0x7000
SizeOfRawData 0x3800
PointerToRawData 0x5600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.41708

.data

MD5 828bc5a3cdf0c031d755aed961c03151
SHA1 f42bfc3bd7be57e3010848c17b52682e94f6a295
SHA256 348eee8e260a581d49fffa67c9db583a9467bbe902bb8aab8225083a8518e244
SHA3 aa45cdcd8ba1c62b55343e2b61474cab78be8ffec857796a6330673f18cf3e1e
VirtualSize 0xd8
VirtualAddress 0xb000
SizeOfRawData 0x200
PointerToRawData 0x8e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.184151

.pdata

MD5 4f6d03b639000b5e0987c5cd6d41ed0b
SHA1 46e8fb4b57c3093ddb329049fe92188f10cb75a4
SHA256 4e0d844c86ed654cd8b76919260c66a37aa1046a024709d257bf9552260393f3
SHA3 e49bf8902e4b6d0df1218e970810f4a82b95de3d820f176e349884a7e9842845
VirtualSize 0x270
VirtualAddress 0xc000
SizeOfRawData 0x400
PointerToRawData 0x9000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.75787

.tls

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x10
VirtualAddress 0xd000
SizeOfRawData 0x200
PointerToRawData 0x9400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.reloc

MD5 935dbb24f9373b7e661d71ee451cd6c7
SHA1 efb1eaf0a2ff67401c341d54ef75fc679df77801
SHA256 b0265daf247d2e16e88ac4bc8eeebd31b6bbbb4184dce87c84f53540bf5bd65d
SHA3 91932dcf7bee4edcc631fe336abff017ff704fc7232b80944bd8e3f03f90218a
VirtualSize 0x68
VirtualAddress 0xe000
SizeOfRawData 0x200
PointerToRawData 0x9600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 1.2876

Imports

api-ms-win-crt-heap-l1-1-0.dll _set_new_mode
calloc
free
malloc
realloc
api-ms-win-crt-private-l1-1-0.dll __C_specific_handler
strchr
api-ms-win-crt-runtime-l1-1-0.dll __p___argc
__p___argv
_cexit
_configure_narrow_argv
_crt_atexit
_errno
_exit
_fpreset
_initialize_narrow_environment
_initterm
_set_app_type
_set_invalid_parameter_handler
abort
exit
signal
api-ms-win-crt-stdio-l1-1-0.dll __acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vsprintf
fflush
fgetc
fwrite
puts
api-ms-win-crt-string-l1-1-0.dll strcat
strlen
api-ms-win-crt-time-l1-1-0.dll _time64
api-ms-win-crt-utility-l1-1-0.dll rand
srand
KERNEL32.dll DeleteCriticalSection
EnterCriticalSection
GetLastError
InitializeCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
Sleep
VirtualProtect
VirtualQuery
api-ms-win-crt-math-l1-1-0.dll __setusermatherr
frexp
api-ms-win-crt-environment-l1-1-0.dll __p__environ

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData 0x40d000
EndAddressOfRawData 0x40d008
AddressOfIndex 0x40b0b0
AddressOfCallbacks 0x409ca0
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_8BYTES
Callbacks 0x0000000000403F00
0x0000000000403EE0

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.