e5f106f97a14e8e9e18cb042be2f35d7358ad1461ed869e28dab3d39cea93a3b

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2025-Oct-08 17:55:29
Detected languages English - United States

Plugin Output

Info The PE contains common functions which appear in legitimate applications. Possibly launches other programs:
  • CreateProcessA
 Has Internet access capabilities:
  • URLDownloadToFileA

Hashes

MD5 be982c2ecb1528feff6d2793734464bf
SHA1 ab04164467790f4b16419a308091b58d65db71ba
SHA256 e5f106f97a14e8e9e18cb042be2f35d7358ad1461ed869e28dab3d39cea93a3b
SHA3 2244f226a4a7d0d1aeceb84107db8a3ab348dc479d0c6a7dab67a676e96ee8e2
SSDeep 192:L1K7DRGnJvi05bA3allLGZ3MVySmm0dSeW5tfWL5X5ogV:BgGJvi0hLGVSmm0d9ry
Imports Hash 4ab57d86b820828741fceb834ca28e3b

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2025-Oct-08 17:55:29
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x1a00
SizeOfInitializedData 0x2400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000001BF0 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x9000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 9bc473ae19cfc511816ba9dfd548854f
SHA1 9b17846d9c35e01c88699302d3b52f662f7d9ae2
SHA256 5a618fc6a01b9b13f24d3ffa5d9c2d8da28f16e2f539e159ddbaebdaca6747b3
SHA3 a19f0ace4591c0e496ba51d104ecbded3413585496ed48c0a1d75f2317f70cff
VirtualSize 0x182c
VirtualAddress 0x1000
SizeOfRawData 0x1a00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.82356

.rdata

MD5 890cbdd324ac25bf1af7dc81e74d32fa
SHA1 b211e9cfcead6d81e03c609162a80a98d6665e04
SHA256 8e03d7d2b48687331f14802e9921c65867a8987d552a8d74e887c9d6b1ab94fa
SHA3 887fe003ad7edf0ae57fe66c938f0aa91dc5c98d75cc4cb6f11376fa0e7b95cd
VirtualSize 0x1384
VirtualAddress 0x3000
SizeOfRawData 0x1400
PointerToRawData 0x1e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.39577

.data

MD5 c9a4f930ca45eafc75fb3eec3629994d
SHA1 cd3e202a2c41fe8ef3a89d4b31c2a9a0f4818b24
SHA256 3cd11f1905df2c6f34b40950e11e496a2470a90c20da69c980b02de9ada5d1d8
SHA3 65a45a4a66bbe8e2b49733024dbcb08d9c7ea9e713597bf9c7700fe0007dd38c
VirtualSize 0x870
VirtualAddress 0x5000
SizeOfRawData 0x400
PointerToRawData 0x3200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.03429

.pdata

MD5 4f803c478598b80bcfe70c86a0eb4507
SHA1 b378f025ebe6aad39e01d011614f3f7f16ee28a3
SHA256 5a7635d0e78a4fe337fcb2e800e8ab2d0a4eef777cce852627d1611811843f89
SHA3 e370b93cfd13deba7e6f94cfbf052f3a427dd701791c4a3c75c8cfddb5a678b8
VirtualSize 0x1d4
VirtualAddress 0x6000
SizeOfRawData 0x200
PointerToRawData 0x3600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.53665

.rsrc

MD5 0b35de07beeb30d1d6013cbca2846303
SHA1 c98626ce4d587471d115df6f42cb0f5221f13689
SHA256 c9ed38ed40cfe8c1718cbf78be16bb4aa76b76097a449f9ea315aee9fd20df0d
SHA3 76678b071daa4ec33980be3b819260aea5ade31193b0580e19b41e16156137cf
VirtualSize 0x1e0
VirtualAddress 0x7000
SizeOfRawData 0x200
PointerToRawData 0x3800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.7015

.reloc

MD5 a268454f6d261336cd8f06fdb49bfa4e
SHA1 3624a200f65301326bed51652e8d97c020d84ae1
SHA256 d0de88dd36fbe199c4c09fdf17d6a97f7b3211ef47172d5b276f29be2eaf00dc
SHA3 b01b32def55ed1acaa7004d9b83b41e1fadcf5c80d082ebc118987f25777f8a4
VirtualSize 0x30
VirtualAddress 0x8000
SizeOfRawData 0x200
PointerToRawData 0x3a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.69386

Imports

KERNEL32.dll MoveFileA
WriteFile
WaitForSingleObject
GetLastError
MoveFileExA
CreateFileA
DeleteFileA
CloseHandle
SetFilePointerEx
CreateProcessA
GetExitCodeProcess
RtlLookupFunctionEntry
GetModuleHandleW
RtlVirtualUnwind
UnhandledExceptionFilter
RtlCaptureContext
SetUnhandledExceptionFilter
GetCurrentProcess
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
urlmon.dll URLDownloadToFileA
VCRUNTIME140.dll __C_specific_handler
__current_exception_context
__current_exception
memset
memcpy
api-ms-win-crt-string-l1-1-0.dll strncat_s
api-ms-win-crt-stdio-l1-1-0.dll _set_fmode
__p__commode
__stdio_common_vfprintf
__stdio_common_vsprintf_s
__stdio_common_vfwprintf
__acrt_iob_func
api-ms-win-crt-runtime-l1-1-0.dll exit
__p___wargv
_seh_filter_exe
__p___argc
_register_thread_local_exe_atexit_callback
_register_onexit_function
_crt_atexit
terminate
_set_app_type
_initialize_onexit_table
_cexit
_c_exit
_exit
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
api-ms-win-crt-math-l1-1-0.dll __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll _set_new_mode

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2025-Oct-08 17:55:29
Version 0.0
SizeofData 644
AddressOfRawData 0x36e4
PointerToRawData 0x24e4

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2025-Oct-08 17:55:29
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140005000

RICH Header

XOR Key 0x58bc0ecc
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 12
Imports (35207) 2
ASM objects (35207) 4
C objects (35207) 10
C++ objects (35207) 19
Imports (33140) 5
Total imports 67
C++ objects (LTCG) (35217) 1
Resource objects (35217) 1
Linker (35217) 1

Errors

[*] Warning: Please edit the configuration file with your VirusTotal API key. [!] Error: Could not load yara_rules/bitcoin.yara! [!] Error: Could not load yara_rules/monero.yara! [!] Error: Could not load yara_rules/compilers.yara! [!] Error: Could not load yara_rules/findcrypt.yara! [!] Error: Could not load yara_rules/suspicious_strings.yara! [!] Error: Could not load yara_rules/domains.yara! [!] Error: Could not load yara_rules/peid.yara!
Leave a comment

No comments yet.