e4b8f9d742a610cd0fd4aabba4b680ccd8bdaff50c150df7f615c8af5e289382

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2025-Nov-29 18:46:44
Detected languages English - United States

Plugin Output

Malicious The PE contains functions mostly used by malware. Can access the registry:
  • RegOpenKeyExW
  • RegQueryValueExW
  • RegSetValueExW
  • RegCloseKey
  • RegNotifyChangeKeyValue
 Functions related to the privilege level:
  • OpenProcessToken
Malicious VirusTotal score: 6/64 (Scanned on 2026-02-02 10:01:18) APEX: Malicious
CrowdStrike: win/malicious_confidence_60% (W)
DeepInstinct: MALICIOUS
MaxSecure: Trojan.Malware.300983.susgen
McAfeeD: ti!E4B8F9D742A6
TrellixENS: Artemis!E9DE10FB846F

Hashes

MD5 e9de10fb846f323763c93dcc0ab733cd
SHA1 11f2f5c4e6e34ce7449fa54b4404cf5906c11a71
SHA256 e4b8f9d742a610cd0fd4aabba4b680ccd8bdaff50c150df7f615c8af5e289382
SHA3 87df698ca4fd8b0e4a10154cd1aece44b5758e3a0ff9246524df5bd2b328bbb5
SSDeep 96:mMvCtVKUFe/vsyuaJnPBQ7B7TUhjoyM1qGH13XuignjUl8gZcx:mMaPe/0yuaMYq2jq8m
Imports Hash 402d0f0c622db1f08b8d9c74b5a728af

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xd8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2025-Nov-29 18:46:44
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x800
SizeOfInitializedData 0x1600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000001590 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x7000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 ac28a1f98be1b305dfbdd9139cbc88a3
SHA1 2aabad00a927504cc90b3025a458d2201cce4894
SHA256 eda9db47dda4274e1ac5923cf3ae20da132a31b610d98e9f888121be3abe95a2
SHA3 e14dd1033dbabdddd991959c61372846c5a63e1fe8af0643da95603067dc2318
VirtualSize 0x7c0
VirtualAddress 0x1000
SizeOfRawData 0x800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.78966

.rdata

MD5 b86afd42489ffd81588f7d278a0f5d6c
SHA1 fc4a1d0199acb3170dd8aad8895edd049a84921d
SHA256 299a3ddef4a4069356d640e637d5cc196101ce66a69e1bc9342764f15b909b10
SHA3 d642fe6a81252b760e2f12ffee98515934a2811d0a99b35c5b6751cccdf324ff
VirtualSize 0xd00
VirtualAddress 0x2000
SizeOfRawData 0xe00
PointerToRawData 0xc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.66299

.data

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x10
VirtualAddress 0x3000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata

MD5 0e3f5cc4bff036561b7dd44bcedd9483
SHA1 de0615cdd2bc0c824e48fdefa59abd41ee401d8e
SHA256 cb114cb315b8d9ff811fd635d7cf93681394ad0a1d9883f589babe6077280100
SHA3 a08138e9bb28d45973a6800457cbc076d192cd972daba28c46e0535b75893de9
VirtualSize 0x54
VirtualAddress 0x4000
SizeOfRawData 0x200
PointerToRawData 0x1a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.743272

.rsrc

MD5 4dde323af9808a00b376d6895922dc1f
SHA1 bcafff5b6284bc83d01296b1ba160d28faee6ef9
SHA256 79e650fc0d108f0b5cb909904d5cb598b02b04f7c06be6c8622dd073aac8f762
SHA3 d353d855c24ba1ddc170eaeed3be531d0764013724d92ea267b1d5be7264f0d2
VirtualSize 0x1e0
VirtualAddress 0x5000
SizeOfRawData 0x200
PointerToRawData 0x1c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.69612

.reloc

MD5 cd58639a5db1507b81f131344c17e9a2
SHA1 5e824ccc9ad52782a8a2158ceceeb058e36a37e9
SHA256 d753663c529c2ceb23b19d4822de3250b88a8e0ded8a9afcac85d3bcc744aea6
SHA3 acecd807c4bf0bedb0cb92aacdfc12a08ba5ca02fd0156d3f313d3a7fe4d3590
VirtualSize 0xc
VirtualAddress 0x6000
SizeOfRawData 0x200
PointerToRawData 0x1e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.11837

Imports

KERNEL32.dll CreateEventW
Sleep
GetTickCount64
SetEvent
CloseHandle
GetCurrentThreadId
GetLocalTime
WriteConsoleW
ExitProcess
GetCurrentProcessId
GetSystemTime
QueryPerformanceCounter
CompareStringOrdinal
WaitForMultipleObjects
GetModuleFileNameW
GetStdHandle
lstrlenW
GetCurrentProcess
ResetEvent
SetConsoleCtrlHandler
SHELL32.dll ShellExecuteExW
ADVAPI32.dll RegOpenKeyExW
RegQueryValueExW
GetTokenInformation
RegSetValueExW
RegCloseKey
RegNotifyChangeKeyValue
OpenProcessToken

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2025-Nov-29 18:46:44
Version 0.0
SizeofData 276
AddressOfRawData 0x2828
PointerToRawData 0x1428

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2025-Nov-29 18:46:44
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0xf2545cb
Unmarked objects 0
Imports (33145) 7
Total imports 28
C objects (LTCG) (35719) 1
Resource objects (35719) 1
Linker (35719) 1

Errors

[*] Warning: Section .data has a size of 0!
Leave a comment

No comments yet.