f2e4e87d9a6d9d4da86f3ef05eb538ae4a193cc2c3030d4d29446ac95b56c976

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2026-Jun-09 13:43:46
Detected languages Italian - Italy

Plugin Output

Info The PE contains common functions which appear in legitimate applications. Can access the registry:
  • RegOpenKeyExW
  • RegCloseKey
  • RegQueryValueExW
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 00d6545b98cd5039ead59f9382549b86
SHA1 65ad7e2e5ebde4344f156c998003c64f12c45561
SHA256 f2e4e87d9a6d9d4da86f3ef05eb538ae4a193cc2c3030d4d29446ac95b56c976
SHA3 9357922fbb1362ef9b1aef64573dc9f0a7c2c95f11149a501555e1b2721ca2a9
SSDeep 384:ztmmOi2HcycQeCJTUHjmTuPESJUmIfEbyXK9JG:4i4cQeCqaWjyym
Imports Hash edaf81c541294bdba77fac87302e39ad

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xd0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 5
TimeDateStamp 2026-Jun-09 13:43:46
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x2c00
SizeOfInitializedData 0x2a00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00000000000021B0 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x9a000
SizeOfHeaders 0x400
Checksum 0x9f16b
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 51a68280f5928d0646094a7700785084
SHA1 a45332281a28d21545630724cc5b8718b199369a
SHA256 dc04d3a5f9a2110e471723b1b4d8ec2ce1db7073bb36364619163f4ec401e4f1
SHA3 4f89d0643798775dff456491d769ac27c2d46fcb00aec2fdaaf63147200bdfc3
VirtualSize 0x2ac9
VirtualAddress 0x1000
SizeOfRawData 0x2c00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.86509

.rdata

MD5 a0a4580d0b76f1816bf2ece1ce7f29f3
SHA1 475356c197e6b2f7dc9f5869ff725826283212ee
SHA256 e76fce30590f38d9ea87456011ec4ec5315448606167333f9bed227cf2e4da99
SHA3 7f21f52d60d1fef1099e4c174df61c3d4065099c8af349d3b1079a0b914bca82
VirtualSize 0x1976
VirtualAddress 0x4000
SizeOfRawData 0x1a00
PointerToRawData 0x3000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.30089

.data

MD5 0654b61762ac51f4a1ed65d4bb7037eb
SHA1 b27a271017cb64062f8b68291742ba03ebf0cdd0
SHA256 ee9c9b6861ea75efcae93304b084a5fbaa5615dfc262b7ad5f49e35e82ba4c78
SHA3 d8eec113fdd6ed34f50b6594893adee15e2f9e496f163e191932862fa4355fdd
VirtualSize 0x54c
VirtualAddress 0x6000
SizeOfRawData 0x200
PointerToRawData 0x4a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.116115

.pdata

MD5 787fb1ee176eb0875f1ea844c059ca92
SHA1 7336dd8db9190e368729152ad8ac476469d29edb
SHA256 cc59b5a618efb96f3698c7687b2ee9647035de91a6c7e7afbdc3b3207793b09e
SHA3 6a83196fe32c498c1e855adfe0a4aead9ae72ccd283c482b9f4e3af160c29acb
VirtualSize 0x1d4
VirtualAddress 0x7000
SizeOfRawData 0x200
PointerToRawData 0x4c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.69966

.rsrc

MD5 a89193d43579bdcad1f1a8a163167002
SHA1 30ec6f695dcf703af897554eac7a9c3ba82b698a
SHA256 d7b384f682c118637a1798cb0d51bf8f473bfb89541d09c19bf8cca3cde0413d
SHA3 1aa98469717fcec5fe0277db022359e0b5895878fdf4ae9eb00b4dd060613206
VirtualSize 0x6e8
VirtualAddress 0x8000
SizeOfRawData 0x91200
PointerToRawData 0x4e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.0404358

Imports

USER32.dll IsWindowVisible
SystemParametersInfoW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowLongPtrW
GetCursorPos
SetCursorPos
GetSystemMetrics
GetDoubleClickTime
ADVAPI32.dll RegOpenKeyExW
RegCloseKey
RegQueryValueExW
SETUPAPI.dll SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
KERNEL32.dll MultiByteToWideChar
SwitchToFiber
CreateFiber
ConvertThreadToFiber
ExitProcess
SleepEx
HeapAlloc
HeapFree
GetProcessHeap
Sleep
GetModuleHandleW

Delayed Imports

101

Type RT_RCDATA
Language Italian - Italy
Codepage UNKNOWN
Size 0x684
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.31325
MD5 dd051025448d01f72e8b08f5d547543b
SHA1 1fc9a2476294eece26144b79040ccdccdce1c583
SHA256 86b86db9f8f27aa1456e2716df76d8d7e832a116aea847e89ed6290445061761
SHA3 eeac5005b610d47f49f4493696c1113827248da02e7f575a8c548be4a164b51f

Version Info

IMAGE_DEBUG_TYPE_UNKNOWN

Characteristics 0
TimeDateStamp 2026-Jun-09 13:43:46
Version 0.0
SizeofData 292
AddressOfRawData 0x527c
PointerToRawData 0x427c

IMAGE_DEBUG_TYPE_UNKNOWN (#2)

Characteristics 0
TimeDateStamp 2026-Jun-09 13:43:46
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

UNKNOWN

Characteristics 0
TimeDateStamp 2026-Jun-09 13:43:46
Version 0.0
SizeofData 4
AddressOfRawData 0x53a0
PointerToRawData 0x43a0

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.