1e6d7dfd0c11d66f9d0a4d19314ad6ea9e19ffa9f796ef9183573d520a854876

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2025-Jan-26 20:20:35
Detected languages English - United States

Plugin Output

Info Matching compiler(s): MASM/TASM - sig1(h)
Malicious VirusTotal score: 3/70 (Scanned on 2026-06-11 23:39:37) APEX: Malicious
DeepInstinct: MALICIOUS
MaxSecure: Trojan.Malware.300983.susgen

Hashes

MD5 bdc13b570521ed1fb19c2e3f187aa619
SHA1 c248dae1f7bf12da3e1fb1f7cea4ea898b54076f
SHA256 1e6d7dfd0c11d66f9d0a4d19314ad6ea9e19ffa9f796ef9183573d520a854876
SHA3 557687c5d54c02ce94aa689190a395ad8bf9ef8a279e63a19faf9b4f031698b5
SSDeep 192:DqAaisEmfwvzzu/peqHwICTdxjCUt3Q5tfAcy:DqpDRovzzux5qx2Ut3
Imports Hash 4d2ae8a5279326ac04d8d502ce588916

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x108

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2025-Jan-26 20:20:35
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x1400
SizeOfInitializedData 0x2000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00000000000016D0 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x9000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 1168d45896d7bc6c008931ebaff3b84e
SHA1 f5a3c1b209c2ca4107e6a4b1fff864194f34cf13
SHA256 7f30acfc7faee853ea70f27d26c8cc11d849501adfcbd14b003a5d69b857d404
SHA3 ef78acb26f04f761cdf62ff36d3391f05318059f2eeec42da7fbdd38cc841a5d
VirtualSize 0x12dc
VirtualAddress 0x1000
SizeOfRawData 0x1400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.8995

.rdata

MD5 b6a947133762ea083a220b91b7c449a8
SHA1 c6893904225d8389ab4eb3146bc7c9e3cee2f6bd
SHA256 69af15f330c02aac98ed859f71f0e6d6cc748cd1b2d69af2388dc6b052f2bac5
SHA3 1bfeb4016df50150ddba857eb514d8622b9a809a889aafc66d0329165496b08d
VirtualSize 0x1184
VirtualAddress 0x3000
SizeOfRawData 0x1200
PointerToRawData 0x1800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.18743

.data

MD5 3f539d8c7aa81ecb1908f37d7e68036e
SHA1 fe63b7e573fe011c3532cd1323183272d4b45362
SHA256 3d2fd0cfc8b44f7839e25be3869aeaf86c7eeb3c4769f0752f93cae978ea491e
SHA3 71e708ee1d49715f43a414760dea0c36ea4eeb545860119fcee46a09b9b6d062
VirtualSize 0x680
VirtualAddress 0x5000
SizeOfRawData 0x200
PointerToRawData 0x2a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.572906

.pdata

MD5 f25116e7fa6f74c4b8f7937c27956edb
SHA1 ebf5ae4bbfda062b379f4c460d5d51e0454b7951
SHA256 77d0a8cc078587920e22f11b6c7c93a5ec3c995ef2e859ab0b882d18bf389116
SHA3 971c5be0dae0b6b48d71f2decc31ad8fe84593569f68437ac9e3627b453bad81
VirtualSize 0x1bc
VirtualAddress 0x6000
SizeOfRawData 0x200
PointerToRawData 0x2c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.34231

.rsrc

MD5 0b35de07beeb30d1d6013cbca2846303
SHA1 c98626ce4d587471d115df6f42cb0f5221f13689
SHA256 c9ed38ed40cfe8c1718cbf78be16bb4aa76b76097a449f9ea315aee9fd20df0d
SHA3 76678b071daa4ec33980be3b819260aea5ade31193b0580e19b41e16156137cf
VirtualSize 0x1e0
VirtualAddress 0x7000
SizeOfRawData 0x200
PointerToRawData 0x2e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.7015

.reloc

MD5 0a0a8a4578b1b6084ca8a612bf7d0463
SHA1 c19050eda4abc604ed992bb13ed147699ad832d6
SHA256 1a0baf252357b4d9879512a3a36c480c3925bb5fbe848ca31ac7d206e4f75c8a
SHA3 c79b2b09404e8e43ed1ed176bd9be4ed54a41fabf0d842c153f60f8d883c68cc
VirtualSize 0x30
VirtualAddress 0x8000
SizeOfRawData 0x200
PointerToRawData 0x3000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.718005

Imports

KERNEL32.dll ReadFile
FindFirstFileW
FindNextFileW
WriteFile
FindClose
CreateFileW
lstrcatW
CloseHandle
GetCurrentDirectoryW
GetFileSize
lstrcpyW
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
RtlCaptureContext
GetModuleHandleW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
VCRUNTIME140.dll __C_specific_handler
__current_exception
memset
__current_exception_context
memcpy
api-ms-win-crt-utility-l1-1-0.dll srand
rand
api-ms-win-crt-heap-l1-1-0.dll _set_new_mode
free
malloc
api-ms-win-crt-math-l1-1-0.dll cos
__setusermatherr
round
log
api-ms-win-crt-runtime-l1-1-0.dll terminate
_register_onexit_function
_cexit
_crt_atexit
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
__p___argc
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_set_app_type
_seh_filter_exe
__p___argv
_c_exit
api-ms-win-crt-stdio-l1-1-0.dll __p__commode
_set_fmode
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale

Delayed Imports

?get_garbage_num@@YAII@Z

Ordinal 1
Address 0x1000

?hey_dont_spy_on_me@@YAHXZ

Ordinal 2
Address 0x10d0

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2025-Jan-26 20:20:35
Version 0.0
SizeofData 660
AddressOfRawData 0x34e4
PointerToRawData 0x1ce4

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2025-Jan-26 20:20:35
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140005000

RICH Header

XOR Key 0x4f4257ca
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 12
Imports (34321) 2
ASM objects (34321) 3
C objects (34321) 10
C++ objects (34321) 20
Imports (30795) 3
Total imports 66
C++ objects (LTCG) (34436) 1
Exports (34436) 1
Resource objects (34436) 1
Linker (34436) 1

Errors

Leave a comment

No comments yet.