f006844c1a9dc389806f1b2cdbad2d6f50ff3456fe96e1f4887330634d51839c

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2026-Jun-09 11:44:16
Detected languages Italian - Italy

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: May have dropper capabilities:
  • CurrentControlSet\Services
Suspicious The PE is possibly packed. The PE only has 8 import(s).
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 83a799fdab02572cae0b14aa5c75fd70
SHA1 d4e827dbc27824575316f22c5cc09dbf609e5873
SHA256 f006844c1a9dc389806f1b2cdbad2d6f50ff3456fe96e1f4887330634d51839c
SHA3 fbc5d1b8f1bc510cce2d0472bb8ff2bbe52ec73aeb693af2cf0e6dd6932b7bad
SSDeep 384:t9ntJf/m0v1iIo73m9ZQX1xx7JTrdTjmTudmkpRUSJUmIpt2+/G:tBtJfRv1iIA3m9ZQXt7pdm4pRzyl
Imports Hash 48912d7992671bd91a02d2498010f77d

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xd8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 5
TimeDateStamp 2026-Jun-09 11:44:16
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x3400
SizeOfInitializedData 0x2800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00000000000021B0 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0xa000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 9057eae128a10109230ec248333db0de
SHA1 545540943d443d7b91cb863072e515e9287bd406
SHA256 c97184b536ab8498fecea27d71200c532ce6bb851168652ebcc2b3c327b4c813
SHA3 3bfc152b0babafd685aaebd866d3a6ae86a38588ba6a0174de763157448146d1
VirtualSize 0x32d9
VirtualAddress 0x1000
SizeOfRawData 0x3400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.89459

.rdata

MD5 e58817d95e911ff3c2da99099b2008a7
SHA1 5473900c7d129fe2311a97190ef7e3674a240dfb
SHA256 668c3427cd8838739799781977aefd9a945d9f53bbc26c906e040cb0f3624abf
SHA3 64b968d729cdab81098407d6f395df126ba499dac0b23078c5b17f5f5152c5c5
VirtualSize 0x167e
VirtualAddress 0x5000
SizeOfRawData 0x1800
PointerToRawData 0x3800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.28149

.data

MD5 0654b61762ac51f4a1ed65d4bb7037eb
SHA1 b27a271017cb64062f8b68291742ba03ebf0cdd0
SHA256 ee9c9b6861ea75efcae93304b084a5fbaa5615dfc262b7ad5f49e35e82ba4c78
SHA3 d8eec113fdd6ed34f50b6594893adee15e2f9e496f163e191932862fa4355fdd
VirtualSize 0x54c
VirtualAddress 0x7000
SizeOfRawData 0x200
PointerToRawData 0x5000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.116115

.pdata

MD5 fc2463e5985ddf7983dc90a75b6b6a65
SHA1 5541e6fd4f6733a52c04867a7f8ce05d2754ffb2
SHA256 d8bdefc6ef1acafe8cb70bad1e9ee9d6b7e8db73ae3bfa46dd7c430298b025ca
SHA3 5a232aeda8105ffacd4807dd502f88f5a0ce770b3a69adc86cca05a5e0a1912c
VirtualSize 0x198
VirtualAddress 0x8000
SizeOfRawData 0x200
PointerToRawData 0x5200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.25134

.rsrc

MD5 70b07de616cf38172fda863a8624da14
SHA1 39a8034caf7853c8181caab41a94840984183eaa
SHA256 8d71bd9c05a3ec3994eaad877601a788e2f4507c6c639544038328bc3a1f0dbb
SHA3 9a95489a721d310e61327547f28fc9b79119278491c97ccbcd21dbe28f4f5ea7
VirtualSize 0x6e8
VirtualAddress 0x9000
SizeOfRawData 0x800
PointerToRawData 0x5400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.26912

Imports

KERNEL32.dll HeapAlloc
HeapFree
GetProcessHeap
SleepEx
Sleep
GetModuleHandleW
ExitProcess
CompareStringW

Delayed Imports

101

Type RT_RCDATA
Language Italian - Italy
Codepage UNKNOWN
Size 0x684
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.31325
MD5 dd051025448d01f72e8b08f5d547543b
SHA1 1fc9a2476294eece26144b79040ccdccdce1c583
SHA256 86b86db9f8f27aa1456e2716df76d8d7e832a116aea847e89ed6290445061761
SHA3 eeac5005b610d47f49f4493696c1113827248da02e7f575a8c548be4a164b51f

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2026-Jun-09 11:44:16
Version 0.0
SizeofData 292
AddressOfRawData 0x6238
PointerToRawData 0x4a38

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2026-Jun-09 11:44:16
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

UNKNOWN

Characteristics 0
TimeDateStamp 2026-Jun-09 11:44:16
Version 0.0
SizeofData 4
AddressOfRawData 0x635c
PointerToRawData 0x4b5c

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x986f0c11
Unmarked objects 0
Imports (33145) 3
Total imports 19
C objects (31108) 33
ASM objects (31108) 1
Resource objects (31108) 1
Linker (31108) 1

Errors

Leave a comment

No comments yet.