f9956df9e063b4286a08a04200998eb432d1a5da3e090ad4a0e97a98163abfac

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1970-Jan-01 00:00:00
Debug artifacts Embedded COFF debugging symbols

Plugin Output

Suspicious PEiD Signature: HQR data file
Suspicious The PE is possibly packed. Unusual section name found: .xdata
Unusual section name found: .symtab
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryW
  • LoadLibraryExW
  • GetProcAddress
 Functions which can be used for anti-debugging purposes:
  • SwitchToThread
Info The PE is digitally signed. Signer: luxurylink.com
Issuer: luxurylink.com
Malicious VirusTotal score: 14/70 (Scanned on 2026-06-27 13:43:35) AVG: Win64:Evo-gen [Trj]
Avast: Win64:Evo-gen [Trj]
Avira: TR/W64.Evo
Bkav: W32.Malware.95D0AB8D
CrowdStrike: win/malicious_confidence_70% (D)
Cynet: Malicious (score: 99)
DeepInstinct: MALICIOUS
Elastic: malicious (high confidence)
F-Secure: Trojan.TR/W64.Evo
Kaspersky: VHO:Trojan-Banker.Win32.Bandra.gen
McAfeeD: Trojan:Win/Remus.GOAX
Microsoft: Trojan:Win32/Wacatac.C!ml
Symantec: ML.Attribute.HighConfidence
Tencent: OB:Backdoor.Win64.Gsb.16004173

Hashes

MD5 2b8a4c27b05aaa404aaa41354c87793a
SHA1 5f2c467143f1d912f58a6af80366dff0b2c2c023
SHA256 f9956df9e063b4286a08a04200998eb432d1a5da3e090ad4a0e97a98163abfac
SHA3 039a76a5256233a3dc884ea7e02d5649f4c65c50487e80c99f78508d24908e6c
SSDeep 49152:tz7zSXjKJ0TqxhpOkzIY57BGmS69wLb7PKGzYyI7/:tODgVG51LbrzyT
Imports Hash d42595b695fc008ef2c56aabd8efd68e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0x8b
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 8
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0x347200
NumberOfSymbols 3009
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 3.0
SizeOfCode 0x118a00
SizeOfInitializedData 0x11200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000075560 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.1
ImageVersion 1.0
SubsystemVersion 6.1
Win32VersionValue 0
SizeOfImage 0x3b7000
SizeOfHeaders 0x600
Checksum 0x36e428
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 98e8dd7e92663180f53d727beb275408
SHA1 8a8de55a06867fb3be543dc7052aed2f4b922e2e
SHA256 7bc3d669037b1a3cf239f660effbe3333f723889bd2f7a545327588b7c7c92f8
SHA3 92f6f5643c71d93b6816ec17695aa5a77b803c9a3b18b91633141999adce56ee
VirtualSize 0x118811
VirtualAddress 0x1000
SizeOfRawData 0x118a00
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.32171

.rdata

MD5 bf1884121660e3b918fe8adc26a0bcf8
SHA1 3ccbc97ed0b25ec8dc90e536e1b9d6172c93d719
SHA256 b0b1300372af65c022d5a62ab5b4a31ae4a9cf962a776fee354c8d611d58803e
SHA3 86b35c085abdbcc5052935d437d1639914dc56674f3a020be597b6957cd748c9
VirtualSize 0x2120c0
VirtualAddress 0x11a000
SizeOfRawData 0x212200
PointerToRawData 0x119000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.1224

.data

MD5 2e480b9a7e94b37266301178c234fc76
SHA1 439cc562d506fa09a98c6f56c9f12e93c437a45b
SHA256 864cbc5a98ea39218af842a904d43ee448e8ac68a3080c0ef93fa99e3f1a0587
SHA3 ad32397b41565d54078679a890e0cf90050759e0de51f9121c116218a12b127a
VirtualSize 0x5a748
VirtualAddress 0x32d000
SizeOfRawData 0x11200
PointerToRawData 0x32b200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.21017

.pdata

MD5 bef168bd41294c6fd4141bc982cb760c
SHA1 fe9dfe67abec6295d34f56b344a2b8f48cc222dd
SHA256 a1632e68d51849a5308367ba53737495cdc0111b922b816afc50d4c6ca269691
SHA3 f975c890cccae4dadea83df2c2b5024a218d29b544733c2e698a719afd0ce0ef
VirtualSize 0x5ae4
VirtualAddress 0x388000
SizeOfRawData 0x5c00
PointerToRawData 0x33c400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.21939

.xdata

MD5 9e11237036c1aba7fbc45879a26220e9
SHA1 d5208d975a5e75d8b814fae6df86ab3435d866b7
SHA256 13108de57b60de8fb28c9001aa96ef306aed7a85e384b3e07375a5ed3a335858
SHA3 ef2c195cf26d0b4a0fdbeb4824a6eb77c7c0b81346f5070aca23e045ce9c692c
VirtualSize 0xb4
VirtualAddress 0x38e000
SizeOfRawData 0x200
PointerToRawData 0x342000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.78321

.idata

MD5 3d15b0d6ad12a81c1bd728bfbf56ae41
SHA1 9f14c39451feb234b3a5630a04566ae07c11c2b6
SHA256 b7f99b726a38f3f4b876c9f14e8632fad597e8885586d7dd46134c0a647d59eb
SHA3 1570da91e0a9f92c9f9bfc43de48c3d387ccf19f71c43f0c5a2e406dc2ab3c52
VirtualSize 0x53e
VirtualAddress 0x38f000
SizeOfRawData 0x600
PointerToRawData 0x342200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.01589

.reloc

MD5 dde317f9994440379ba233d8fb2c98d1
SHA1 473a1bb11111c5cd076d945b5e2aaf4204e6ffcb
SHA256 d406807e2369f86a6f0cdfb81b79ed41c6146546d880c84b99114acfb547041a
SHA3 3233c57c15ffa11d5cabe16a3dc78e4c4a2a270ef49ef5f3cd2f4436b1882792
VirtualSize 0x49b4
VirtualAddress 0x390000
SizeOfRawData 0x4a00
PointerToRawData 0x342800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.42934

.symtab

MD5 ba4502822bc9fff660509c7d046ef9b8
SHA1 a79498285cf3b8ac225eab7c70ecea4a3326f28e
SHA256 79ee18f62072574ec3efc7478cf0d1cf13a49e2ac4175f703b3e593ebacd4f95
SHA3 4a089b3dc6202da73dd5751ed5b33e94f3731ed43e51621237bf75c838da8f04
VirtualSize 0x21c83
VirtualAddress 0x395000
SizeOfRawData 0x21e00
PointerToRawData 0x347200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.13882

Imports

kernel32.dll WriteFile
WriteConsoleW
WerSetFlags
WerGetFlags
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
RtlVirtualUnwind
RtlLookupFunctionEntry
ResumeThread
RaiseFailFastException
PostQueuedCompletionStatus
LoadLibraryW
LoadLibraryExW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetErrorMode
GetEnvironmentStringsW
GetCurrentThreadId
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler
AddVectoredContinueHandler

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.