2a026b8dd6ca0c06707b0dd7f281f6cd54c92864b18eb3a31459320494390c29

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2026-Mar-18 19:01:43
TLS Callbacks 2 callback(s) detected.

Plugin Output

Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
 Possibly launches other programs:
  • system
 Memory manipulation functions often used by packers:
  • VirtualAlloc
  • VirtualProtect
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 4891ae6c8a2f3e4e69695e8d3303140e
SHA1 d86dfff4dd7a1e4ea989e9a03ffedeb7202ff6d6
SHA256 2a026b8dd6ca0c06707b0dd7f281f6cd54c92864b18eb3a31459320494390c29
SHA3 11db6c75b9c3f54031c46803606d4e17920f12a4bba5eb4c4cd050e2e8e986d2
SSDeep 6144:7nnXuHRSiho1c31fOheMvEDOAefBy2jGepW1GW:cRFCuFfOheAEDOAeqKWw
Imports Hash 19aef11d24905c2c286545ba64246b7d

DOS Header

e_magic MZ
e_cblp 0x78
e_cp 0x1
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0
e_ss 0
e_sp 0
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x78

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2026-Mar-18 19:01:43
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x2e200
SizeOfInitializedData 0xee00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000025AB0 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x43000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x1000000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 8edd62fef075c01fbec481eb42e6e752
SHA1 539a16cb2d053a0922b578b0b584762621d19ec0
SHA256 61543a8d9ce536f75bb2633364dbdd7a375af5e2226a72e77820de57f7b4155b
SHA3 f18d78277343b2fec76044ca846b58de890a2924dbe10f17a020865d3a784a60
VirtualSize 0x2e1e6
VirtualAddress 0x1000
SizeOfRawData 0x2e200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.32669

.rdata

MD5 315c669d607d90b6a4dd58e7acce0219
SHA1 26a7d2b7c1be7479dde8431e3cc2e886e0c96c11
SHA256 91fb1a12a38d7503b45dd8cc533607638176de689689d05827f834de38959a90
SHA3 3f1db4a8df5f1a54f110eecfe2df6566d0d740641069cb2c7e254fa694c9e6aa
VirtualSize 0x9260
VirtualAddress 0x30000
SizeOfRawData 0x9400
PointerToRawData 0x2e600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.55147

.data

MD5 5e5de6a0f29b5df62e862e38d4aab59f
SHA1 99312e0b802893a00b1f791e32f0a2870f3b18ab
SHA256 7fcec1249e8458ba3bb8bfc73f643d7c7aaed635cc1c734bd69236f7bef5fc95
SHA3 acf9ad4f1485ad5da57d02184475bcf6e37547259b5279738d944a5d9423ba05
VirtualSize 0x1380
VirtualAddress 0x3a000
SizeOfRawData 0x600
PointerToRawData 0x37a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.06399

.pdata

MD5 f4345bcb4c34782ab5e02d4f0b07b9b2
SHA1 fc165a407f09b432db6807dc611f10ed587465f7
SHA256 bd8dcfd360e41f13c926df76a69ad2e465ce2ee01aa0fe69875e2fe3beff2915
SHA3 131b892504c43abc098cd807e9f84d3c28678db4f3795739b71fa09b2cb9caa8
VirtualSize 0x1a04
VirtualAddress 0x3c000
SizeOfRawData 0x1c00
PointerToRawData 0x38000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.08091

.tls

MD5 d7eab96f074b593c3fc7139c6eb818bb
SHA1 8d2c81ae64c4a534af5299b9110aaee5bb74011d
SHA256 7784ef4f0c425eb5578559102faaa99c4fba0ab2c2ff7dbe5fcc3c9e731a97a7
SHA3 365541554b8260e7c2dd3824251a21a010f03442957f5d522467b970700197b4
VirtualSize 0x3338
VirtualAddress 0x3e000
SizeOfRawData 0x3400
PointerToRawData 0x39c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.reloc

MD5 99caf83d0a1a1369700a5f71ea2892c9
SHA1 a072d36b701de073852d79c5098fa93e4cecf87b
SHA256 9fb5009ed586136bdeade4bdacbc59580119c1d6ac948d36de3f00758eb80789
SHA3 d9ca2cf0386e82db36adc1e6ffbf976b61047aee6517208cc9b57a8573d5f07e
VirtualSize 0x290
VirtualAddress 0x42000
SizeOfRawData 0x400
PointerToRawData 0x3d000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.09439

Imports

api-ms-win-crt-environment-l1-1-0.dll __p__environ
_wgetenv
api-ms-win-crt-heap-l1-1-0.dll _set_new_mode
calloc
free
malloc
api-ms-win-crt-private-l1-1-0.dll __C_specific_handler
memchr
api-ms-win-crt-runtime-l1-1-0.dll __p___argc
__p___argv
_cexit
_configure_narrow_argv
_crt_atexit
_errno
_exit
_initialize_narrow_environment
_initterm
_initterm_e
_set_app_type
_set_invalid_parameter_handler
abort
exit
signal
strerror
system
api-ms-win-crt-stdio-l1-1-0.dll __acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
_fileno
_fseeki64
_ftelli64
_get_osfhandle
_isatty
_setmode
_wfopen
clearerr
fclose
ferror
fflush
fgetc
fgets
fputc
fread
fwrite
setvbuf
ungetc
api-ms-win-crt-string-l1-1-0.dll strlen
strncmp
wcslen
KERNEL32.dll DeleteCriticalSection
EnterCriticalSection
GetLastError
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
api-ms-win-crt-filesystem-l1-1-0.dll _lock_file
_unlock_file
api-ms-win-crt-math-l1-1-0.dll __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll localeconv
api-ms-win-crt-convert-l1-1-0.dll mbrtowc
wcrtomb

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData 0x14003e000
EndAddressOfRawData 0x140041330
AddressOfIndex 0x14003a928
AddressOfCallbacks 0x140036408
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_8BYTES
Callbacks 0x0000000140025B00
0x0000000140025B90

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.