f3984ea65b0b264d592fcc251d9d4862

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2024-Feb-12 00:01:30
Detected languages English - United States

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: May have dropper capabilities:
  • %temp%
  • CurrentControlSet\Services
 Contains another PE executable:
  • This program cannot be run in DOS mode.
 Miscellaneous malware strings:
  • cmd.exe
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryExA
  • LoadLibraryA
  • LoadLibraryW
  • GetProcAddress
  • LoadLibraryExW
 Functions which can be used for anti-debugging purposes:
  • FindWindowA
 Possibly launches other programs:
  • CreateProcessW
  • ShellExecuteW
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 f3984ea65b0b264d592fcc251d9d4862
SHA1 0c8978570a1c7c44db5875abf3c1989c5b1c646f
SHA256 34f61662dfae745fb6cc7b5ac9adf40a88f868ba076500aa7f78068873c0e7ce
SHA3 cc7e0a7dbb413389d9a11ae4ffdd65651d8119bea1bb94a5ae6553bb01aee6e5
SSDeep 12288:dJiCmCr2ME15bBIYom+PZE9O2bJIC0fDNNc:zmCrhE15lVV+O93l0fZ
Imports Hash f31b06e0a678a84f5cffe06ea3a1e6e9

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x108

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2024-Feb-12 00:01:30
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x32a00
SizeOfInitializedData 0x5d800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000000DD78 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x95000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 cad8de6756e4a974e278a628e34f2fa6
SHA1 efcf47e3cf8fb790dbe424d124de2c14130b9982
SHA256 dbe40c915320f5bc42f0790e13dabae2be9460696fe98d18f28991b4e05eef5d
SHA3 23a320afc84a4314605334576248fb701e03cfa6ef2cf8d571e3eb64b988e9ba
VirtualSize 0x32950
VirtualAddress 0x1000
SizeOfRawData 0x32a00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.54347

.rdata

MD5 d4f28586c79751a33eb26f372e58dea3
SHA1 696e822f9d19cc8b1e1dd68b869b6957a161b24d
SHA256 b7c89c8f02778251be72669fb9660b8dcd3b792c8f7977d7532a33857ad3daf7
SHA3 21d97cc3ba4a869a4c331219eae8018131b80761da632afbc696c9a82faf6639
VirtualSize 0x13e84
VirtualAddress 0x34000
SizeOfRawData 0x14000
PointerToRawData 0x32e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.21589

.data

MD5 1de650c31d7ef6e9d0aa3db4ba90fe8f
SHA1 865f6d7758526479f7828ea44f756f5f5aee3bd0
SHA256 202103a41e9643c5d58b458f48dde7f618c24e17d05325de49ad161dcd0882ee
SHA3 8eb620156802c6bf5f239facd4407d3e2c370e059bec7e4239b24058ce747964
VirtualSize 0x4612c
VirtualAddress 0x48000
SizeOfRawData 0x44a00
PointerToRawData 0x46e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.83878

.pdata

MD5 592d33e1293168cf05a5341bf4936727
SHA1 aa44785d8d369fff3f762ccb7c036fb50712375b
SHA256 5cbfd127b600cdd9c84672ffba8b80d50502b61c93c43ab6888b1596a8f654a9
SHA3 1b717875320a0d406835ae2f34204054ac1b77b96c4aaa2dce97d4682e062588
VirtualSize 0x2790
VirtualAddress 0x8f000
SizeOfRawData 0x2800
PointerToRawData 0x8b800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.49188

_RDATA

MD5 5a0702a2308acc7bd97d403d135e3c53
SHA1 300f32f4ea20f09c0861ec616445c34f699ba662
SHA256 f3dae9acef31994b4ad02de79ba82020e646d05178e07026f94dedd196088311
SHA3 c9d983c9e1476807a9ab41a9d5c47b46b7962be3e6828fe67b5549e18b4eb7cf
VirtualSize 0x15c
VirtualAddress 0x92000
SizeOfRawData 0x200
PointerToRawData 0x8e000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.78638

.rsrc

MD5 fb81009627f6d5f5b080a652dd467e42
SHA1 4e671c43a9e29ae17869c7ef4541a40d77ef4afd
SHA256 cd4fa77e05aed76356645a0ab2fdd5fafc89ce03199a559a693836fd61438eb1
SHA3 40229e6231e8a60a47d55af121278c234a0ec1e1ac30cab6223dfbcbe75f3439
VirtualSize 0x1e8
VirtualAddress 0x93000
SizeOfRawData 0x200
PointerToRawData 0x8e200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.76179

.reloc

MD5 ac7bf5616e35045e0b5f78d7f99c9d6b
SHA1 557a50f785beb9868abfd9394d23f1f5d54676f5
SHA256 934549561aed3092b198fa8565170dd9ca5589f1265c9c79b2cb8b7025aeeb12
SHA3 f0261f2ce9a20ce19dde8aa95e2e9598c1ddc92d99d833c2bf69982587898061
VirtualSize 0x9bc
VirtualAddress 0x94000
SizeOfRawData 0xa00
PointerToRawData 0x8e400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.40869

Imports

KERNEL32.dll DeviceIoControl
CreateFileW
CloseHandle
ReadFile
VirtualFree
GetCurrentProcess
WriteFile
VirtualAlloc
LoadLibraryExA
Sleep
GetLastError
LoadLibraryA
DeleteFileW
LoadLibraryW
GetWindowsDirectoryW
GetProcAddress
GetFileSize
FreeLibrary
HeapSize
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RtlUnwind
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
GetFileAttributesExW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
WriteConsoleW
USER32.dll UnhookWindowsHookEx
FindWindowA
PostThreadMessageA
GetWindowThreadProcessId
SetWindowsHookExA
SHELL32.dll ShellExecuteW
ntdll.dll RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlImageNtHeader

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x188
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.89623
MD5 b8e76ddb52d0eb41e972599ff3ca431b
SHA1 fc12d7ad112ddabfcd8f82f290d84e637a4d62f8
SHA256 165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8
SHA3 37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2024-Feb-12 00:01:30
Version 0.0
SizeofData 988
AddressOfRawData 0x43f34
PointerToRawData 0x42d34

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2024-Feb-12 00:01:30
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

StartAddressOfRawData 0x140044330
EndAddressOfRawData 0x140044338
AddressOfIndex 0x14008d3e4
AddressOfCallbacks 0x140034478
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140048020

RICH Header

XOR Key 0x45be3131
Unmarked objects 0
ASM objects (30795) 10
C++ objects (30795) 179
C objects (30795) 18
C objects (VS2022 Update 4 (17.4.2) compiler 31935) 17
ASM objects (VS2022 Update 4 (17.4.2) compiler 31935) 10
C++ objects (VS2022 Update 4 (17.4.2) compiler 31935) 81
Imports (30795) 9
Total imports 126
C++ objects (LTCG) (VS2022 Update 5 (17.5.0-2) compiler 32215) 2
Resource objects (VS2022 Update 5 (17.5.0-2) compiler 32215) 1
Linker (VS2022 Update 5 (17.5.0-2) compiler 32215) 1

Errors

<-- -->