feeceed5588b7aed623e5e0618c6642d89b44b518d2830ce2b3d537c6f745309

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2026-Mar-11 12:51:39
TLS Callbacks 1 callback(s) detected.
Debug artifacts loader.pdb

Plugin Output

Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryExA
  • GetProcAddress
  • LoadLibraryA
 Uses Windows's Native API:
  • NtWriteFile
  • NtReadFile
 Memory manipulation functions often used by packers:
  • VirtualProtect
  • VirtualAlloc
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 7cab16fafd2186e5fad14c41c51f90a6
SHA1 3fce20a772803ddb8298d4aed77e3cd51373e447
SHA256 feeceed5588b7aed623e5e0618c6642d89b44b518d2830ce2b3d537c6f745309
SHA3 10874dcc42be4d1a33d730b6a52f505765d19ac425cf771b4cdf3727873065f8
SSDeep 1536:4WhIEXRTlhOIfrLPmnUEeP/h5VOGHFAiipyI9zHZ5zMd1dvWQrb46:0wllhOIfv+UEAPYkFAVyiKDXl
Imports Hash 6488e033763ffdbb33272bfd7d12721a

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 5
TimeDateStamp 2026-Mar-11 12:51:39
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x18000
SizeOfInitializedData 0xa400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00000000000171C0 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x26000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 2b30615316389e27f02943cb1e0a6676
SHA1 c29d40aac8980b78d8cab27d45296687f00a2bf2
SHA256 ed9517f765194c67a8cf6e138504b43b3805dee7678e704327b19071ad8a676b
SHA3 699ea604cd265d47b4a6e3bd21f97af774dab3a9908338940a9ed8d5fdb20f24
VirtualSize 0x17ec4
VirtualAddress 0x1000
SizeOfRawData 0x18000
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.39084

.rdata

MD5 f2058a7dbb8d7285658631c80cff493e
SHA1 63156113ebe28832f832bbdd442b943b82e37a31
SHA256 b5693551e0fef93aa0ffff5ff5fb1e8963ce011483cedaa37879740e261a16b7
SHA3 7a906da68058c94ae7fc18f19497b9371b41a50ba2637fe68bd5264a881decc2
VirtualSize 0x886c
VirtualAddress 0x19000
SizeOfRawData 0x8a00
PointerToRawData 0x18400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.3957

.data

MD5 ce15c448a675f3b2347422d5f1e51c9e
SHA1 92a62365db17ab6b4b23a4f1c4f7637c345996c4
SHA256 8e1e6822a8bd728451b084be52c91f027a31f41d0234a0d022c16ec939b131e5
SHA3 055b53cddc487b89f9cff1f2ca4341cbc6ad531308a4b9fdf655b43decd278f4
VirtualSize 0x2d0
VirtualAddress 0x22000
SizeOfRawData 0x200
PointerToRawData 0x20e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.65353

.pdata

MD5 3c32bd47d683d10f2be0ddb902ce06dc
SHA1 af14822dc05c31c5be30a6d2427464349134dc58
SHA256 8f254ecfae8e87e2f480cd433803d498a154e2140df59b693d8b0b0e3975193d
SHA3 5eeaa3e44502e64fc74ea02012a18d476057f142f3954033e61ed94ddb20a548
VirtualSize 0x1134
VirtualAddress 0x23000
SizeOfRawData 0x1200
PointerToRawData 0x21000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.98859

.reloc

MD5 e6c647bae2385d7e5ec3a8bd380c4b14
SHA1 9669204bf0b1a299cba384103b369f1635305a8c
SHA256 3ba4d0d37ee205002d1806a2b06fa7567a7c60671e833fca7dbe31db64beb74b
SHA3 4588261953b7f26b2d3f4c5be3e0ba3da786a382ba5d93ad33b6c4c9ccc5af00
VirtualSize 0x264
VirtualAddress 0x25000
SizeOfRawData 0x400
PointerToRawData 0x22200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 3.95118

Imports

kernel32.dll GetLastError
VirtualProtect
CreateThread
WaitForSingleObject
CloseHandle
IsProcessorFeaturePresent
HeapFree
GetProcessHeap
FormatMessageW
LoadLibraryExA
VirtualAlloc
oleaut32.dll SysFreeString
SysStringLen
api-ms-win-core-synch-l1-2-0.dll WakeByAddressAll
WaitOnAddress
WakeByAddressSingle
KERNEL32.dll UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThreadId
QueryPerformanceCounter
SetUnhandledExceptionFilter
HeapReAlloc
lstrlenW
GetCurrentProcess
GetProcAddress
WideCharToMultiByte
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
ReleaseMutex
SetFilePointerEx
SetFileInformationByHandle
SetFileTime
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
GetFileInformationByHandleEx
CreateFileW
GetFileInformationByHandle
GetConsoleMode
GetModuleHandleW
GetFullPathNameW
GetModuleHandleA
HeapAlloc
MultiByteToWideChar
WriteConsoleW
GetStdHandle
GetConsoleOutputCP
ntdll.dll NtWriteFile
RtlNtStatusToDosError
NtReadFile
VCRUNTIME140.dll __current_exception
__C_specific_handler
_CxxThrowException
memcmp
memset
memcpy
memmove
__CxxFrameHandler3
__current_exception_context
api-ms-win-crt-runtime-l1-1-0.dll _initialize_onexit_table
_exit
__p___argc
__p___argv
exit
terminate
_register_thread_local_exe_atexit_callback
_cexit
_register_onexit_function
_initterm_e
_crt_atexit
_initterm
_seh_filter_exe
_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_c_exit
api-ms-win-crt-math-l1-1-0.dll __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll _set_fmode
__p__commode
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll _set_new_mode
free

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2026-Mar-11 12:51:39
Version 0.0
SizeofData 35
AddressOfRawData 0x1e0f4
PointerToRawData 0x1d4f4
Referenced File loader.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2026-Mar-11 12:51:39
Version 0.0
SizeofData 20
AddressOfRawData 0x1e118
PointerToRawData 0x1d518

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2026-Mar-11 12:51:39
Version 0.0
SizeofData 816
AddressOfRawData 0x1e12c
PointerToRawData 0x1d52c

TLS Callbacks

StartAddressOfRawData 0x14001e480
EndAddressOfRawData 0x14001e4d8
AddressOfIndex 0x140022240
AddressOfCallbacks 0x1400193b8
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_8BYTES
Callbacks 0x0000000140005810

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140022100

RICH Header

XOR Key 0x9d8dec74
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 12
Imports (35207) 2
ASM objects (35207) 3
C objects (35207) 9
C++ objects (35207) 23
Imports (33145) 9
Total imports 189
Unmarked objects (#2) 28
Linker (35223) 1

Errors

Leave a comment

No comments yet.