15b2223804ac8a3a10a93233618768413f280c08055cf6e2917dfbc9938246d6

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2025-Oct-30 18:34:33
Detected languages English - United States

Plugin Output

Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
  • LoadLibraryExA
  • LoadLibraryExW
Safe VirusTotal score: 0/72 (Scanned on 2026-03-04 11:33:03) All the AVs think this file is safe.

Hashes

MD5 cdf9c7a58c4a4e096bceff52d44aa9fa
SHA1 5e0c48770c327cb59678f17e714879e3b2ddebb0
SHA256 15b2223804ac8a3a10a93233618768413f280c08055cf6e2917dfbc9938246d6
SHA3 dcc7b207f115d163a504e005747178fb2561c238e36eea543804ca231ffec0ce
SSDeep 1536:h1QfJ8E97+PVUDNMKCbMokoAhbdHWr0DZ:hOfJP97fpC4oQldHWr0F
Imports Hash e3c93efc2669078b177fef5be2ab2139

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2025-Oct-30 18:34:33
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x6200
SizeOfInitializedData 0x6600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000006204 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x180000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x11000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 965af9c59de784573d323f15bd2f9627
SHA1 3a8335dd44aa773e5acb858434695dd538d727e8
SHA256 0aac06b99c8931e2b10f724e700742cd2852804bdf50f1acdbc857b67ad9e97c
SHA3 d973eef4bd68b0a2b1c627dce13d5448b8d68a6bf572b00c0b7d893cbe24fcaa
VirtualSize 0x618e
VirtualAddress 0x1000
SizeOfRawData 0x6200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.2356

.rdata

MD5 0535b03d159f23047334bff0f76838ea
SHA1 ceb052cc29959f7d34b44e8638cdc042be6083af
SHA256 340fadc0a73c14b14faba413739056b9f1e74b775fe744de5963fe556dbde81a
SHA3 73189a2914bc676fd1fcac6e901e77843e54a6c347361c48bbe5ca4c8ccafcf2
VirtualSize 0x4b46
VirtualAddress 0x8000
SizeOfRawData 0x4c00
PointerToRawData 0x6600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.91298

.data

MD5 97b83b64effd8b800fce3aebf6c3cef2
SHA1 2c76663406ce6dea97a3d8d50eb9d7ed14c08eb0
SHA256 ec031aa2ef6f64f255b95e077795117df7c639300b6033fa4a3d9d9b6eba0356
SHA3 1c8a1f6aa577c26a4564d89990cddc98c4671c520566dd4f12e4ff662ca2f40a
VirtualSize 0xa38
VirtualAddress 0xd000
SizeOfRawData 0x400
PointerToRawData 0xb200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.1102

.pdata

MD5 1c86ddf88472318ef43794b1eb03d54e
SHA1 09f7199156750b0769af7d73dc99bd9ea80b64e3
SHA256 85fd7cb4f18551f0bb6b761003da64a3941eae683af37bd93d819cd20630ae60
SHA3 ac6d3dd4e03720be2d5d2717d659e22d4f5410c3a1403f7fd5d8b16379157d7f
VirtualSize 0x810
VirtualAddress 0xe000
SizeOfRawData 0xa00
PointerToRawData 0xb600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.74394

.rsrc

MD5 b72d73af574742d38aaf3f75bb915ffa
SHA1 438b2f9c2c23d19da02f5ac959e942130e800d82
SHA256 09a94258a013210193df98245b98705f5d9f9139d537e1989f193c4f237cab40
SHA3 2450b877179a3b35f5fb8533e509c9e5b08a28103841d4d6ec61c726a434a241
VirtualSize 0x1e0
VirtualAddress 0xf000
SizeOfRawData 0x200
PointerToRawData 0xc000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.70855

.reloc

MD5 8481f5523a9351a38a4b21438e6dc86b
SHA1 9bd80669889cff9db1ba0b287514a02b8d35761a
SHA256 05c4293284221e44a1c785ccafe7b13c6308b1f066f6b7d468cb7e0c1d03d9d3
SHA3 d38c68b7c1f366d19c7ba8ad5b781fabbca7c6f31c8be93ae30c28cfe005c67c
VirtualSize 0x90
VirtualAddress 0x10000
SizeOfRawData 0x200
PointerToRawData 0xc200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 1.94891

Imports

KERNEL32.dll LoadLibraryA
GetSystemDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryExA
LoadLibraryExW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WideCharToMultiByte
MultiByteToWideChar
GetFileInformationByHandleEx
GetLastError
CloseHandle
AreFileApisANSI
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateFileW
CreateDirectoryW
GetLocaleInfoEx
FormatMessageA
LocalFree
MSVCP140.dll ?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
VCRUNTIME140.dll _CxxThrowException
__std_exception_destroy
__std_exception_copy
__std_terminate
memmove
memset
__C_specific_handler
__std_type_info_destroy_list
memcpy
VCRUNTIME140_1.dll __CxxFrameHandler4
api-ms-win-crt-heap-l1-1-0.dll free
_callnewh
malloc
api-ms-win-crt-string-l1-1-0.dll strlen
tolower
wcslen
api-ms-win-crt-runtime-l1-1-0.dll _initterm
_initterm_e
exit
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_execute_onexit_table
abort
_invoke_watson
_seh_filter_dll
_cexit
api-ms-win-crt-environment-l1-1-0.dll getenv
api-ms-win-crt-locale-l1-1-0.dll ___lc_codepage_func

Delayed Imports

__CxxFrameHandler4

Ordinal 1
Address 0x53e0

__NLG_Dispatch2

Ordinal 2
Address 0x5400

__NLG_Return2

Ordinal 3
Address 0x5400

2

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2025-Oct-30 18:34:33
Version 0.0
SizeofData 676
AddressOfRawData 0xb0a8
PointerToRawData 0x96a8

TLS Callbacks

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x18000d040

RICH Header

XOR Key 0x6a753f5b
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 10
ASM objects (35207) 3
C objects (35207) 8
C++ objects (35207) 21
Imports (35207) 6
Imports (33140) 3
Total imports 101
C++ objects (35217) 3
Exports (35217) 1
Resource objects (35217) 1
Linker (35217) 1

Errors

Leave a comment

No comments yet.