f50d3f2eb56835764d74ab56b351bf5f796697d2dac8b30024c3222e9686be41

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 1970-Jan-01 00:00:00

Plugin Output

Suspicious PEiD Signature: XWD graphics format
HQR data file
Info Interesting strings found in the binary: Contains domain names:
  • .apk.bin.bmp.com
  • .hash.net
  • apk.bin.bmp.com
  • bin.bmp.com
  • golang.org
  • https://go.dev
Info Cryptographic algorithms detected in the binary: Uses constants related to MD5
Uses constants related to SHA1
Uses constants related to SHA256
Uses constants related to SHA512
Uses constants related to AES
Suspicious The PE is possibly packed. Unusual section name found: .xdata
Unusual section name found: .symtab
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryExW
  • GetProcAddress
Functions which can be used for anti-debugging purposes:
  • SwitchToThread
Suspicious VirusTotal score: 1/70 (Scanned on 2026-07-05 03:05:53) Bkav: W32.Malware.8DB1023F

Hashes

MD5 8cf2eece11ecf678b28b99510694f89d
SHA1 3eff4e94283b983907dd59e401e7fbe9e7337ca9
SHA256 f50d3f2eb56835764d74ab56b351bf5f796697d2dac8b30024c3222e9686be41
SHA3 97415e430c0c0e6125579a60a2b9dc4e111bae7c7f627946c7e45e8623363cf6
SSDeep 49152:S7sGumWWjTNzkv9J6ZwsF7KvX3cJt72hpFgyUMbz8VXzN4QFz6eHKQK1K6NLpdZ:S7I9QSJXjPWdXBNG/NXpE
Imports Hash 4e2bd2c481372f7ab13b83b63b424e97

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0x8b
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 8
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0x60f800
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 3.0
SizeOfCode 0x2b8200
SizeOfInitializedData 0x4d600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000087CA0 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.1
ImageVersion 1.0
SubsystemVersion 6.1
Win32VersionValue 0
SizeOfImage 0x266c000
SizeOfHeaders 0x600
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 dad0e4b8287355460873f85981ef1836
SHA1 c6c4a6065253ffe62251cb86131e090bb804259c
SHA256 b1aa05458968e7fb2f822178ad4a50f4935628923f24155886ab4638ba577413
SHA3 5f2eb3f817f3be92fcddd71d4e14ad070558e7cc63f8ca4414eb9b6e536013a9
VirtualSize 0x2b8011
VirtualAddress 0x1000
SizeOfRawData 0x2b8200
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.22124

.rdata

MD5 1160c32b763b29bd1a3af9b8aed92ea7
SHA1 e0bd289c6578871d49189c5e25b7f85e484130da
SHA256 730074783b09984cfd023c87ba1948f26aca896e2c825f92db0b09c80cade09a
SHA3 9a3a056c8645f07e7ccdc8debc21c58789ae363ccf422046989bf4caf979218a
VirtualSize 0x2eb040
VirtualAddress 0x2ba000
SizeOfRawData 0x2eb200
PointerToRawData 0x2b8800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.65523

.data

MD5 f0db42ee9c53328d48aa2fe8ca070eb5
SHA1 dce0bbdbb20ac53b14d45369d44d6344a92e8077
SHA256 ef4bef632f94851137a13da4fec31f431decfbb278d76f9de85e173e574071c7
SHA3 dfe6a51ec44b9f2872b945941df69d802c59516213f70d97b7c84fb381dfb548
VirtualSize 0x20a35c0
VirtualAddress 0x5a6000
SizeOfRawData 0x4d600
PointerToRawData 0x5a3a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.19217

.pdata

MD5 aeac3a7dff7b3bc1bac552f6ccb30266
SHA1 5eab2ce4479e2ca9952622742c97b1eb894946c3
SHA256 7a1f877280e113f2f4d149eadd8f694ad3cd5a95b93cbb39c279db64c09eeefc
SHA3 ee82c4e81401686da0b3614e9e31e86c46a2d0b336d764f069d9457becc808d5
VirtualSize 0x10740
VirtualAddress 0x264a000
SizeOfRawData 0x10800
PointerToRawData 0x5f1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.6526

.xdata

MD5 128dff2e2964d351991caa0e87dd4f3e
SHA1 fde9540855e9feb99fb9f2691c64e43f5fe916aa
SHA256 7d778288d1690b62541877f840733364a5be8f28df4a9b3bef4ce0fba8137836
SHA3 edcfc44ae193832d7d4f3244eaa50f69c25632ecb495497c6b5a00eba55bc9ed
VirtualSize 0xb4
VirtualAddress 0x265b000
SizeOfRawData 0x200
PointerToRawData 0x601800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.78711

.idata

MD5 ad3e34245e1a58b5de1f2d961b0ddc10
SHA1 dcb65880d42751057398ef5cdee3adfc20596a54
SHA256 ee155f361dcf9c9008d02e88a959b11c5ef29771c29d3d7e9b9298c1e5db3ee6
SHA3 7f215dbeb2446e42b1ce7f0778e81b6642325d7e2e5a77c28845339b8109af94
VirtualSize 0x57c
VirtualAddress 0x265c000
SizeOfRawData 0x600
PointerToRawData 0x601a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.22432

.reloc

MD5 e8bcd034123c984a352c79c99ed57e3c
SHA1 f8945bd19e771a4d3fe791a5beef5c69b2fc1475
SHA256 6c5fb36bccb227499d5a4c07ea374bd831be0422eafaba63cdf11cc347cde4ff
SHA3 112ac42bf6100ec9c6095cffe01881547000a6ba8c8481ed3cfb544ba75492f9
VirtualSize 0xd7ac
VirtualAddress 0x265d000
SizeOfRawData 0xd800
PointerToRawData 0x602000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.43703

.symtab

MD5 07b5472d347d42780469fb2654b7fc54
SHA1 943ae54f4818e52409fbbaf60ffd71318d966b0d
SHA256 3e67f4a7d14b832ff2a2433e9cf0f6f5720821f67148a87c0ee2595a20c96c68
SHA3 a70a3e18515c06557b62676f2a8eb6d7d41962d8c9c7c49f4641c429cc65b977
VirtualSize 0x4
VirtualAddress 0x266b000
SizeOfRawData 0x200
PointerToRawData 0x60f800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.0203931

Imports

kernel32.dll WriteFile
WriteConsoleW
WerSetFlags
WerGetFlags
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
RtlVirtualUnwind
RtlLookupFunctionEntry
ResumeThread
RaiseFailFastException
QueryPerformanceCounter
PostQueuedCompletionStatus
LoadLibraryExW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetErrorMode
GetEnvironmentStringsW
GetCurrentThreadId
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler
AddVectoredContinueHandler
GetProcAddress
LoadLibraryExW

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.