Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2024-Feb-12 00:01:30 |
Detected languages |
English - United States
|
Suspicious | Strings found in the binary may indicate undesirable behavior: |
May have dropper capabilities:
|
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Suspicious | No VirusTotal score. | This file has never been scanned on VirusTotal. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x108 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 7 |
TimeDateStamp | 2024-Feb-12 00:01:30 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x32a00 |
SizeOfInitializedData | 0x5d800 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000000000000DD78 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x95000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
DeviceIoControl
CreateFileW CloseHandle ReadFile VirtualFree GetCurrentProcess WriteFile VirtualAlloc LoadLibraryExA Sleep GetLastError LoadLibraryA DeleteFileW LoadLibraryW GetWindowsDirectoryW GetProcAddress GetFileSize FreeLibrary HeapSize SetStdHandle GetProcessHeap SetEnvironmentVariableW FreeEnvironmentStringsW GetEnvironmentStringsW GetOEMCP GetACP IsValidCodePage FindNextFileW FindFirstFileExW FindClose WideCharToMultiByte EnterCriticalSection LeaveCriticalSection InitializeCriticalSectionEx DeleteCriticalSection EncodePointer DecodePointer MultiByteToWideChar LCMapStringEx GetStringTypeW GetCPInfo InitializeCriticalSectionAndSpinCount SetEvent ResetEvent WaitForSingleObjectEx CreateEventW GetModuleHandleW UnhandledExceptionFilter SetUnhandledExceptionFilter TerminateProcess IsProcessorFeaturePresent IsDebuggerPresent GetStartupInfoW QueryPerformanceCounter GetCurrentProcessId GetCurrentThreadId GetSystemTimeAsFileTime InitializeSListHead RtlUnwindEx RtlPcToFileHeader RaiseException SetLastError TlsAlloc TlsGetValue TlsSetValue TlsFree LoadLibraryExW RtlUnwind ExitProcess GetModuleHandleExW GetModuleFileNameW GetStdHandle GetCommandLineA GetCommandLineW HeapAlloc HeapFree FlsAlloc FlsGetValue FlsSetValue FlsFree CompareStringW LCMapStringW GetLocaleInfoW IsValidLocale GetUserDefaultLCID EnumSystemLocalesW GetFileType WaitForSingleObject GetExitCodeProcess CreateProcessW GetFileAttributesExW FlushFileBuffers GetConsoleOutputCP GetConsoleMode GetFileSizeEx SetFilePointerEx ReadConsoleW HeapReAlloc WriteConsoleW |
---|---|
USER32.dll |
UnhookWindowsHookEx
FindWindowA PostThreadMessageA GetWindowThreadProcessId SetWindowsHookExA |
SHELL32.dll |
ShellExecuteW
|
ntdll.dll |
RtlCaptureContext
RtlLookupFunctionEntry RtlVirtualUnwind RtlImageNtHeader |
Characteristics |
0
|
---|---|
TimeDateStamp | 2024-Feb-12 00:01:30 |
Version | 0.0 |
SizeofData | 988 |
AddressOfRawData | 0x43f34 |
PointerToRawData | 0x42d34 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2024-Feb-12 00:01:30 |
Version | 0.0 |
SizeofData | 0 |
AddressOfRawData | 0 |
PointerToRawData | 0 |
StartAddressOfRawData | 0x140044330 |
---|---|
EndAddressOfRawData | 0x140044338 |
AddressOfIndex | 0x14008d3e4 |
AddressOfCallbacks | 0x140034478 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
Callbacks | (EMPTY) |
Size | 0x140 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x140048020 |
XOR Key | 0x45be3131 |
---|---|
Unmarked objects | 0 |
ASM objects (30795) | 10 |
C++ objects (30795) | 179 |
C objects (30795) | 18 |
C objects (VS2022 Update 4 (17.4.2) compiler 31935) | 17 |
ASM objects (VS2022 Update 4 (17.4.2) compiler 31935) | 10 |
C++ objects (VS2022 Update 4 (17.4.2) compiler 31935) | 81 |
Imports (30795) | 9 |
Total imports | 126 |
C++ objects (LTCG) (VS2022 Update 5 (17.5.0-2) compiler 32215) | 2 |
Resource objects (VS2022 Update 5 (17.5.0-2) compiler 32215) | 1 |
Linker (VS2022 Update 5 (17.5.0-2) compiler 32215) | 1 |