| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2026-Jul-04 19:53:57 |
| TLS Callbacks | 2 callback(s) detected. |
| Info | Libraries used to perform cryptographic operations: | Microsoft's Cryptography API |
| Suspicious | The PE is possibly packed. | Unusual section name found: .xdata |
| Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
| Suspicious | No VirusTotal score. | This file has never been scanned on VirusTotal. |
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x80 |
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections | 10 |
| TimeDateStamp | 2026-Jul-04 19:53:57 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xf0 |
| Characteristics |
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
|
| Magic | PE32+ |
|---|---|
| LinkerVersion | 2.0 |
| SizeOfCode | 0x4a00 |
| SizeOfInitializedData | 0x2a00 |
| SizeOfUninitializedData | 0x200 |
| AddressOfEntryPoint | 0x0000000000001030 (Section: .text) |
| BaseOfCode | 0x1000 |
| ImageBase | 0x140000000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 4.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 5.2 |
| Win32VersionValue | 0 |
| SizeOfImage | 0xf000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0x11f5b |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
| SizeofStackReserve | 0x200000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
| ADVAPI32.dll |
CryptAcquireContextW
CryptGenRandom CryptReleaseContext |
|---|---|
| KERNEL32.dll |
CloseHandle
CreatePipe CreateProcessA CreateThread DeleteCriticalSection EnterCriticalSection FreeLibrary GetLastError GetModuleHandleA GetNativeSystemInfo GetProcAddress GetProcessHeap GetStartupInfoA GetSystemInfo GetTickCount GlobalMemoryStatusEx HeapAlloc HeapFree InitializeCriticalSection IsDBCSLeadByte LeaveCriticalSection LoadLibraryA QueryPerformanceCounter QueryPerformanceFrequency ReadFile SetHandleInformation SetUnhandledExceptionFilter Sleep TerminateThread TlsGetValue VirtualProtect VirtualQuery WaitForSingleObject |
| api-ms-win-crt-environment-l1-1-0.dll |
__p__environ
|
| api-ms-win-crt-heap-l1-1-0.dll |
_set_new_mode
calloc free malloc |
| api-ms-win-crt-locale-l1-1-0.dll |
_configthreadlocale
|
| api-ms-win-crt-math-l1-1-0.dll |
__setusermatherr
|
| api-ms-win-crt-private-l1-1-0.dll |
__C_specific_handler
memcpy memmove |
| api-ms-win-crt-runtime-l1-1-0.dll |
__p___argc
__p___argv __p__acmdln _cexit _configure_narrow_argv _crt_atexit _exit _initialize_narrow_environment _set_app_type _initterm _initterm_e _set_invalid_parameter_handler abort exit signal |
| api-ms-win-crt-stdio-l1-1-0.dll |
__acrt_iob_func
__p__commode __p__fmode __stdio_common_vfprintf fflush setvbuf |
| api-ms-win-crt-string-l1-1-0.dll |
memset
strlen strncmp |
| WS2_32.dll |
WSAStartup
closesocket connect htonl htons inet_pton ioctlsocket ntohl recv send sendto setsockopt socket |
| StartAddressOfRawData | 0x14000d000 |
|---|---|
| EndAddressOfRawData | 0x14000d008 |
| AddressOfIndex | 0x14000b110 |
| AddressOfCallbacks | 0x140007800 |
| SizeOfZeroFill | 0 |
| Characteristics |
IMAGE_SCN_TYPE_REG
|
| Callbacks |
0x0000000140003D00
0x0000000140003DB9 |
No comments yet.