2777f4e5df245c2ff5d26e8f56fe9636a2a48e4f569f2454fbcaac68e6b53ce8

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1970-Jan-01 00:00:00
Debug artifacts Embedded COFF debugging symbols

Plugin Output

Suspicious PEiD Signature: HQR data file
Info Interesting strings found in the binary: Contains domain names:
  • .hash.net
Suspicious The PE is possibly packed. Unusual section name found: .xdata
Unusual section name found: .symtab
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryW
  • LoadLibraryExW
  • GetProcAddress
 Functions which can be used for anti-debugging purposes:
  • SwitchToThread
Info The PE is digitally signed. Signer: xxx.com
Issuer: E7
Malicious VirusTotal score: 11/70 (Scanned on 2026-05-29 10:58:26) AVG: FileRepMalware [Trj]
Avast: FileRepMalware [Trj]
Avira: TR/W64.Evo
Bkav: W32.Malware.E0B4A724
CrowdStrike: win/malicious_confidence_70% (D)
ESET-NOD32: WinGo/Kryptik.SX trojan
Elastic: malicious (high confidence)
Kaspersky: Backdoor.Win64.Gsb.gen
Microsoft: Trojan:Win32/Wacatac.B!ml
Symantec: ML.Attribute.HighConfidence
huorong: Trojan/Loader.pg

Hashes

MD5 7b1fb5b21eae238aec1aefc55d239429
SHA1 c81173858f7c94e0710fcc82ded1a973bfa0f4fe
SHA256 2777f4e5df245c2ff5d26e8f56fe9636a2a48e4f569f2454fbcaac68e6b53ce8
SHA3 51ec62f7064f88e64aa5d073ab23c14168667bee3817878399dfa3b3bcca317b
SSDeep 49152:HMQIziiu6V9eAuc7DBjiFrg/V1jScxf1vGqZMdv0J:HctkFs91jRf1zMG
Imports Hash d42595b695fc008ef2c56aabd8efd68e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0x8b
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 8
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0x37ce00
NumberOfSymbols 4715
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 3.0
SizeOfCode 0x12b800
SizeOfInitializedData 0x13200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000007CDA0 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.1
ImageVersion 1.0
SubsystemVersion 6.1
Win32VersionValue 0
SizeOfImage 0x401000
SizeOfHeaders 0x600
Checksum 0x3ba76f
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 13932b019418fa967cae4c2cf2af24d6
SHA1 f74015fd269973c5daaadc4846558bb901124013
SHA256 f2115d58105910b11ddee81d3983e697bf3d0b604c62f163fdb8c73001eafb4b
SHA3 317a861d6ffaba27c2890611d25a286f2ae6e85f501844c3a2491b26c6664377
VirtualSize 0x12b691
VirtualAddress 0x1000
SizeOfRawData 0x12b800
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.19879

.rdata

MD5 5337a9c5453d7ec1619257cf28fe19a3
SHA1 7bad2eb07a530a32074bc248f68475de53d3a993
SHA256 7b45789f9611048d018e7ffe3475d071093cbf16e1b10db213bc4d180649b5c2
SHA3 51aa83ede2f5ea17637706aac58001965ec4a253579a3315326190fe5b2c3b7c
VirtualSize 0x22dfb0
VirtualAddress 0x12d000
SizeOfRawData 0x22e000
PointerToRawData 0x12be00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.58679

.data

MD5 9c56a98d8bc484c98c4255e3a10d5218
SHA1 ed513d1634616f3309b6254d872623a489cb8bbc
SHA256 2d2862b5cdc52ecf779785e7b793d92573b0bf7ec6c6f4aa4fe1441a2e7d3250
SHA3 149013e7d4b5c22631142ccbc79ca3c4c36b207d4131a69284a421d9fbc464b9
VirtualSize 0x5c808
VirtualAddress 0x35b000
SizeOfRawData 0x13200
PointerToRawData 0x359e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.59677

.pdata

MD5 b5fea13e6a939669886cb691d4b20cdf
SHA1 6b2b5082e9e8266361172594814d85ebcc137019
SHA256 58acd9ee48c132499979b21aba51b27ababf52b64d2653054573376c13693ba3
SHA3 43bf936abb0c55497628faeae56c6746d912f6c9e61d6d04ec0409542065b6ca
VirtualSize 0x88ec
VirtualAddress 0x3b8000
SizeOfRawData 0x8a00
PointerToRawData 0x36d000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.3179

.xdata

MD5 7126265f2737299387163b0b83425353
SHA1 68d2033aa52c7c5a43cd28dc86a655befc04bf45
SHA256 051f08504527df8c913bf10a2997267992d4cb213aa8c15ac437a5c2e5396f08
SHA3 b8c525007290876f9b1bcccb62a765f022778320f81fdb27025fca33eed8deb1
VirtualSize 0xb4
VirtualAddress 0x3c1000
SizeOfRawData 0x200
PointerToRawData 0x375a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.78321

.idata

MD5 337c402c9f941f196a96814f2e844e15
SHA1 b20b2afb93aea880c8f365da2e5b3cb752940ff9
SHA256 3e7ce1bf49590d3b9cb6cfb5152daf3662f27f6a299216fc6309d63f949873fc
SHA3 ee4d587e1d9ac23cfc5698c4054c91b54c1f36286fb0eabe1eb8ddb40f4a1ab7
VirtualSize 0x53e
VirtualAddress 0x3c2000
SizeOfRawData 0x600
PointerToRawData 0x375c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.01719

.reloc

MD5 b3ffe73007c9c9ff5dc49f15913dc16b
SHA1 db8774c8e1bab8c07b41af51fe31d4f267c52d19
SHA256 2f88577a3514083addc4ac795394a27b8345794f170cd6f48e4315a4a4492b59
SHA3 eec1bc5d8eccae553ebf3c6577646971f51b118f0349f50aaf9e261e20590053
VirtualSize 0x6a2c
VirtualAddress 0x3c3000
SizeOfRawData 0x6c00
PointerToRawData 0x376200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.42139

.symtab

MD5 c35a927734b5e86db6fe9a256ebd3986
SHA1 834289a49bb97f634f049285aba986ef7522e778
SHA256 021c3fd8d6611ac18806d1c0e48a50b5b4fe176919dd3dedcee1cfa5003732b6
SHA3 1bd1676c4d71e1c17e8f50240a766a470092177f291d0599b7574a2c456cb47b
VirtualSize 0x36f86
VirtualAddress 0x3ca000
SizeOfRawData 0x37000
PointerToRawData 0x37ce00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.19477

Imports

kernel32.dll WriteFile
WriteConsoleW
WerSetFlags
WerGetFlags
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
RtlVirtualUnwind
RtlLookupFunctionEntry
ResumeThread
RaiseFailFastException
PostQueuedCompletionStatus
LoadLibraryW
LoadLibraryExW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetErrorMode
GetEnvironmentStringsW
GetCurrentThreadId
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler
AddVectoredContinueHandler

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.