2ca4888f0ffac507cf9fd18b1953d28421c15fa82e20419c4495c75aca15dde1

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2026-Apr-19 14:48:13

Plugin Output

Info Interesting strings found in the binary: Contains domain names:
  • color.xyz
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 823c04a2599235a22becfc8e0c789d8d
SHA1 34e38da65d9b59b67949687821d94aedba0cfbe3
SHA256 2ca4888f0ffac507cf9fd18b1953d28421c15fa82e20419c4495c75aca15dde1
SHA3 19b783dcf8c588cf8770900b8c8fcef3fa6876b73c5e2e475a59ad97d1133a81
SSDeep 12288:7d2w9cbss8sS5XWGqvsrhPgya2QtvtsXzLKIi7:7Jcbss8sScvghYyuF2KIi7
Imports Hash 13a66cd4a4118535575629cc23bc0e38

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 4
TimeDateStamp 2026-Apr-19 14:48:13
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x91800
SizeOfInitializedData 0x5e00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000008F144 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x9a000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 3e6a648941a43c9e5b101cb816a776cd
SHA1 f3f25eb02ee60244dc13487d2cc76555c16ef304
SHA256 4a1fd7574a8f94cacb5388d42c84ffa727ede0bd01b8b2c0a923d0ae1cd31ec6
SHA3 4ec6fd782d169e466ac1c25ca54be3214587566d13d4a932d9450636ef9ebf3e
VirtualSize 0x916ec
VirtualAddress 0x1000
SizeOfRawData 0x91800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.53922

.data

MD5 6abd745b60a7523e9c07b24dc11dd886
SHA1 01565c137e47ff1c157736b0418162a0756d866d
SHA256 17bf0a497854d64368600a73ab6ec4617e73c6964308f386376af28cd1f5f16a
SHA3 5d608d47a9cfe1e8e98e3ed0a74027e3c93e1feac02e66dd4b481652e710167c
VirtualSize 0x3608
VirtualAddress 0x93000
SizeOfRawData 0x2a00
PointerToRawData 0x91c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.45609

.idata

MD5 af7cd61cbf25c1ad9c7f5e7e23077c02
SHA1 0345b67a47194cae59219864e9c80feeebc6af8c
SHA256 51f97dbcbc15d2cea9e429e1c33913894053c8c96bff60d7b25406e490540052
SHA3 45d5d063c2b4e1ce0699c8a95f583f72a796bad8d8beb13f3aeb4df535298be9
VirtualSize 0x1b9a
VirtualAddress 0x97000
SizeOfRawData 0x1c00
PointerToRawData 0x94600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.57404

.reloc

MD5 e98c8bb1a53a5cc0b9d979d4ee14793d
SHA1 78504b8f109cff8f3d9976e0b940866c3a2b10cd
SHA256 de3d9475565ff05183c0bca59e80588f6246824a370f425455f7540a054ebf78
SHA3 92f8e63e9d0310872731819a382e1d7581bda68218bc56e5d77f1cb80b37f85b
VirtualSize 0x990
VirtualAddress 0x99000
SizeOfRawData 0xa00
PointerToRawData 0x96200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.35592

Imports

USER32.dll SetWindowRgn
PostMessageA
MonitorFromWindow
AdjustWindowRectEx
GetSystemMetrics
ShowWindow
SetWindowPos
GetDC
LoadCursorA
GetWindowRect
DispatchMessageA
BeginPaint
GetIconInfo
GetWindowThreadProcessId
UnregisterHotKey
GetMessageA
MonitorFromPoint
LoadImageA
ScreenToClient
SetTimer
EmptyClipboard
GetWindowLongA
TrackMouseEvent
SetWindowTextA
GetMonitorInfoA
DefWindowProcA
CreateWindowExA
SetLayeredWindowAttributes
TranslateMessage
SendMessageA
SetCursor
LoadIconA
SystemParametersInfoA
GetClientRect
IsZoomed
UpdateLayeredWindow
PostQuitMessage
RegisterClassExA
UpdateWindow
ReleaseCapture
InvalidateRect
RegisterClipboardFormatA
ReleaseDC
GetCursorPos
EndPaint
GDI32.dll DeleteObject
GetObjectA
SwapBuffers
ChoosePixelFormat
DeleteDC
GetDeviceCaps
GetDIBits
CreateRoundRectRgn
CreateDIBSection
SelectObject
SetPixelFormat
OPENGL32.dll wglGetProcAddress
wglMakeCurrent
wglCreateContext
SHELL32.dll DragAcceptFiles
DragFinish
DragQueryFileA
MSVCP140.dll ?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
KERNEL32.dll RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetUnhandledExceptionFilter
GlobalUnlock
SetProcessWorkingSetSize
GlobalLock
UnhandledExceptionFilter
CloseHandle
GlobalAlloc
GlobalSize
GetTickCount64
OutputDebugStringA
GetCurrentProcess
GetModuleFileNameA
IsDebuggerPresent
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
InitializeSListHead
GetWindowsDirectoryA
VCRUNTIME140.dll __C_specific_handler
__std_exception_destroy
memmove
memcpy
__std_exception_copy
memset
strstr
memcmp
_CxxThrowException
__current_exception
__current_exception_context
VCRUNTIME140_1.dll __CxxFrameHandler4
api-ms-win-crt-stdio-l1-1-0.dll fread
__acrt_iob_func
feof
fopen_s
_set_fmode
fwrite
__p__commode
__stdio_common_vfprintf
__stdio_common_vsscanf
fseek
ftell
fclose
fopen
__stdio_common_vsprintf
api-ms-win-crt-math-l1-1-0.dll cosf
_dtest
__setusermatherr
nan
sinf
atan2f
sqrt
pow
sin
round
cos
ldexp
fabs
acosf
floorf
floor
fmod
tan
ceilf
expf
sqrtf
trunc
log
ceil
api-ms-win-crt-runtime-l1-1-0.dll _c_exit
_register_onexit_function
_initialize_onexit_table
_errno
_initialize_narrow_environment
_get_narrow_winmain_command_line
_exit
_crt_atexit
terminate
abort
_configure_narrow_argv
exit
_initterm_e
_cexit
_seh_filter_exe
_set_app_type
_initterm
_invoke_watson
_register_thread_local_exe_atexit_callback
_wassert
api-ms-win-crt-convert-l1-1-0.dll strtoul
strtol
strtod
strtof
api-ms-win-crt-utility-l1-1-0.dll abs
_lrotl
rand
api-ms-win-crt-string-l1-1-0.dll toupper
wcslen
tolower
strlen
strncmp
isalnum
isxdigit
strncpy
strcmp
isalpha
isdigit
strcpy
isspace
api-ms-win-crt-heap-l1-1-0.dll _set_new_mode
malloc
free
_callnewh
realloc
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2026-Apr-19 14:48:13
Version 0.0
SizeofData 740
AddressOfRawData 0x14958
PointerToRawData 0x13d58

TLS Callbacks

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140093040

RICH Header

XOR Key 0x338e9bb5
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 16
ASM objects (35207) 4
C objects (35207) 10
C++ objects (35207) 30
Imports (35207) 6
Imports (33145) 11
Total imports 196
C++ objects (LTCG) (35225) 1
Linker (35225) 1

Errors

Leave a comment

No comments yet.