e9f898cb9d93252f690d95968839e8c3a6bf54dc6a0add79d0776b2a16d9e76c

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2026-Jun-09 13:23:40
Detected languages Italian - Italy

Plugin Output

Info The PE contains common functions which appear in legitimate applications. Can access the registry:
  • RegOpenKeyExW
  • RegCloseKey
  • RegQueryValueExW
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 f0a91d2bac0f75e1c6e72348da3995da
SHA1 a435895f2b104a343177f93327beea9d4aee8ddb
SHA256 e9f898cb9d93252f690d95968839e8c3a6bf54dc6a0add79d0776b2a16d9e76c
SHA3 3c6a1200ac6bfcf09b5f8eefd47f7688d0891d80bbdb4e35b37af61703585bcc
SSDeep 384:DSrIqbGmuC2nsiMQxCJTUHjmTuC4SJUmIfExo8Rty:DZC4MQxCqaBfyy3
Imports Hash 743fe3f2b314809e56d6dcb37646ac80

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 5
TimeDateStamp 2026-Jun-09 13:23:40
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x2c00
SizeOfInitializedData 0x2a00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00000000000021B0 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x9a000
SizeOfHeaders 0x400
Checksum 0x9c57c
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 21961163cd318e4913bdd1dc1d683e24
SHA1 2cb22c54f8613009cdc32448173124b8deece1c5
SHA256 cfc7bc493281df257222892126f6f1136e64937de035feeeeccf30dacd9303d5
SHA3 e7db12865ecf9245e605996d776ee852d286349001e0c85b70c370e6cec7f849
VirtualSize 0x2ad9
VirtualAddress 0x1000
SizeOfRawData 0x2c00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.86977

.rdata

MD5 f945e27a3008b41dbf53fcf7d26e63ef
SHA1 227528b925b79c30c6a3eee02b61a206b1faf51b
SHA256 7f4c6c74e43b277aa769431a9d5f569906e8163112a7fbc3ae2538d41241e24f
SHA3 a160c89659c025da35a50bdd8376197676f01a3a011da371b10cfa954ca4c87a
VirtualSize 0x19a8
VirtualAddress 0x4000
SizeOfRawData 0x1a00
PointerToRawData 0x3000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.32187

.data

MD5 0654b61762ac51f4a1ed65d4bb7037eb
SHA1 b27a271017cb64062f8b68291742ba03ebf0cdd0
SHA256 ee9c9b6861ea75efcae93304b084a5fbaa5615dfc262b7ad5f49e35e82ba4c78
SHA3 d8eec113fdd6ed34f50b6594893adee15e2f9e496f163e191932862fa4355fdd
VirtualSize 0x54c
VirtualAddress 0x6000
SizeOfRawData 0x200
PointerToRawData 0x4a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.116115

.pdata

MD5 b61d614c8866375b609e1a790a115eff
SHA1 6b12cb496345a6d033d29959bf59ffb195c6bcaf
SHA256 f522fdd208bd7382c373c68607eead2278a80cf5f4e5e5fb4c66396887391e4c
SHA3 a19a7cf05eae4b766400681dcd0614d3fbb01dfe4102142369222723e101136e
VirtualSize 0x1d4
VirtualAddress 0x7000
SizeOfRawData 0x200
PointerToRawData 0x4c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.68419

.rsrc

MD5 a89193d43579bdcad1f1a8a163167002
SHA1 30ec6f695dcf703af897554eac7a9c3ba82b698a
SHA256 d7b384f682c118637a1798cb0d51bf8f473bfb89541d09c19bf8cca3cde0413d
SHA3 1aa98469717fcec5fe0277db022359e0b5895878fdf4ae9eb00b4dd060613206
VirtualSize 0x6e8
VirtualAddress 0x8000
SizeOfRawData 0x91200
PointerToRawData 0x4e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.0404358

Imports

USER32.dll IsWindowVisible
RegisterRawInputDevices
SystemParametersInfoW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowLongPtrW
GetCursorPos
SetCursorPos
GetSystemMetrics
GetDoubleClickTime
ADVAPI32.dll RegOpenKeyExW
RegCloseKey
RegQueryValueExW
SETUPAPI.dll SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
KERNEL32.dll MultiByteToWideChar
ExitProcess
SwitchToFiber
CreateFiber
ConvertThreadToFiber
GetProcessHeap
HeapAlloc
HeapFree
SleepEx
Sleep
GetModuleHandleW

Delayed Imports

101

Type RT_RCDATA
Language Italian - Italy
Codepage UNKNOWN
Size 0x684
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.31325
MD5 dd051025448d01f72e8b08f5d547543b
SHA1 1fc9a2476294eece26144b79040ccdccdce1c583
SHA256 86b86db9f8f27aa1456e2716df76d8d7e832a116aea847e89ed6290445061761
SHA3 eeac5005b610d47f49f4493696c1113827248da02e7f575a8c548be4a164b51f

Version Info

IMAGE_DEBUG_TYPE_UNKNOWN

Characteristics 0
TimeDateStamp 2026-Jun-09 13:23:40
Version 0.0
SizeofData 292
AddressOfRawData 0x528c
PointerToRawData 0x428c

IMAGE_DEBUG_TYPE_UNKNOWN (#2)

Characteristics 0
TimeDateStamp 2026-Jun-09 13:23:40
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

UNKNOWN

Characteristics 0
TimeDateStamp 2026-Jun-09 13:23:40
Version 0.0
SizeofData 4
AddressOfRawData 0x53b0
PointerToRawData 0x43b0

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.