2ee90a1ea33cabb04324c4c81fbf5e10324555daa15a5ce1cca057c12e61b096

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2026-Apr-02 18:44:17
Detected languages English - United States

Plugin Output

Suspicious The PE is possibly packed. Unusual section name found: .fptable
Unusual section name found: .;xq
Unusual section name found: .pj(
Unusual section name found: .G$2
The PE only has 4 import(s).
Info The PE contains common functions which appear in legitimate applications. Possibly launches other programs:
  • ShellExecuteA
 Has Internet access capabilities:
  • InternetSetOptionA
Malicious VirusTotal score: 44/71 (Scanned on 2026-04-30 12:29:56) ALYac: Trojan.GenericKD.79954544
APEX: Malicious
AVG: MalwareX-gen [Misc]
Alibaba: Trojan:Win64/VMProtect.aa1dd79e
Arcabit: Trojan.Generic.D4C40270
Avast: MalwareX-gen [Misc]
BitDefender: Trojan.GenericKD.79954544
Bkav: W64.AIDetectMalware
CAT-QuickHeal: Trojan.Ravartar
CTX: exe.trojan.ravartar
CrowdStrike: win/malicious_confidence_100% (W)
Cylance: Unsafe
Cynet: Malicious (score: 100)
DeepInstinct: MALICIOUS
ESET-NOD32: Win64/Packed.VMProtect.AC suspicious application
Elastic: malicious (high confidence)
Emsisoft: Trojan.GenericKD.79954544 (B)
Fortinet: PossibleThreat.PALLAS.H
GData: Trojan.GenericKD.79954544
Google: Detected
Gridinsoft: Trojan.Heur!.022120A3
K7AntiVirus: Unwanted-Program ( 005ce12a1 )
K7GW: Unwanted-Program ( 005ce12a1 )
Kingsoft: Win32.Troj.ravartar.v
Lionic: Trojan.Win32.Ravartar.4!c
Malwarebytes: Malware.AI.4236704900
MaxSecure: Trojan.Malware.664975511.susgen
MicroWorld-eScan: Trojan.GenericKD.79954544
Microsoft: Trojan:Win32/Ravartar!rfn
Paloalto: generic.ml
Sangfor: Suspicious.Win32.Save.a
SentinelOne: Static AI - Suspicious PE
Skyhigh: BehavesLike.Win64.Dropper.rc
Sophos: Mal/Generic-S
Symantec: ML.Attribute.HighConfidence
Trapmine: malicious.moderate.ml.score
TrellixENS: Artemis!B6A989CA0E54
TrendMicro: TROJ_GEN.R002C0DD626
TrendMicro-HouseCall: TROJ_GEN.R002C0DD626
VBA32: Trojan.Ravartar
VIPRE: Trojan.GenericKD.79954544
Varist: W64/ABApplication.SWAJ-1512
Yandex: Trojan.Igent.b6rEv2.1
alibabacloud: VirTool:Win/Wacatac.C9nj

Hashes

MD5 b6a989ca0e54d320516e476952805cd0
SHA1 f2aca808016392bef6bbfdc9e71cd008a0d4b408
SHA256 2ee90a1ea33cabb04324c4c81fbf5e10324555daa15a5ce1cca057c12e61b096
SHA3 110cf2172f4b45188c2466c518179deabf360f6d2da3e8ed3316d1897214d71b
SSDeep 393216:QkRpe9nk411ZUSKpWVbjkWMWt+bT4OwGe0HTr:RRpe9nk4/ZaWeWZiMiH
Imports Hash 271106ebf2b3520c4dea037d4a07afc0

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 10
TimeDateStamp 2026-Apr-02 18:44:17
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x35200
SizeOfInitializedData 0x1aa00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000EB14A8 (Section: .G$2)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x1536000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x350cc
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x14648
VirtualAddress 0x37000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x2590
VirtualAddress 0x4c000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x2bec
VirtualAddress 0x4f000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fptable

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x100
VirtualAddress 0x52000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.;xq

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x7ea8a9
VirtualAddress 0x53000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pj(

MD5 515bb592cffeb6348f360473d3f769bd
SHA1 4155f1acff3e7b3894d3a774386bd2e2b1a9bf36
SHA256 343691ce0a3e84df9e6231135115e62b77aa74fe6353e2872e2c398352ae0e95
SHA3 1ad953ea6cd1da484e6e27bafd41d5fe60494963d5b53ed501ffe642c952ed40
VirtualSize 0x78
VirtualAddress 0x83e000
SizeOfRawData 0x200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.305313

.G$2

MD5 b8f5930040f84cd3f2dd697132b99c38
SHA1 3c3cafc4b9fdf7384cbe3aed7f9e655538d1f334
SHA256 09633320009c7036b08b45d50c8d8f79980783e0937af9eaa62222b085f49d16
SHA3 f12a52e0bb6a2139424a298284ae7048f7893282ba7f9aae9050594037f27a6d
VirtualSize 0xcf4638
VirtualAddress 0x83f000
SizeOfRawData 0xcf4800
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
Entropy 7.83156

.rsrc

MD5 b7777d0c22a41cec62be5539649dd91c
SHA1 835675ae80a827c8a78c9ea8a18ef261049f3632
SHA256 dca8f76951df84888c55486e7a764fbc0bdd03ae3d9ad7283b9d3e38da2b1c10
SHA3 ea6615491b51953d1103467839413bffc5a26ee764ba8f3b226953342a6dc520
VirtualSize 0x1e0
VirtualAddress 0x1534000
SizeOfRawData 0x200
PointerToRawData 0xcf4e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.78028

.reloc

MD5 86a4123f0498064900106ed5f46879ec
SHA1 daaf9370be023751b228025a1694b13aa5a493f8
SHA256 c097d3a6a2757f4fd5295c387d811aebc908aaeea4f19ca3f631b66c726880cf
SHA3 70335e1b2669cb1e5788a55d0f66f208bfc38fc1f0de1ccd268388ea7df37132
VirtualSize 0x118
VirtualAddress 0x1535000
SizeOfRawData 0x200
PointerToRawData 0xcf5000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 2.6673

Imports

KERNEL32.dll GetModuleFileNameA
USER32.dll MessageBoxA
SHELL32.dll ShellExecuteA
WININET.dll InternetSetOptionA

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x188
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.89623
MD5 b8e76ddb52d0eb41e972599ff3ca431b
SHA1 fc12d7ad112ddabfcd8f82f290d84e637a4d62f8
SHA256 165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8
SHA3 37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd

Version Info

TLS Callbacks

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x14004c080

RICH Header

Errors

[*] Warning: Section .text has a size of 0! [*] Warning: Section .rdata has a size of 0! [*] Warning: Section .data has a size of 0! [*] Warning: Section .pdata has a size of 0! [*] Warning: Section .fptable has a size of 0! [*] Warning: Section .;xq has a size of 0!
Leave a comment

No comments yet.