| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date |
2026-Apr-29 20:08:31
|
| Detected languages |
English - United States
|
| Info |
Libraries used to perform cryptographic operations: |
Microsoft's Cryptography API
|
| Suspicious |
The PE is possibly packed. |
Unusual section name found: .@~(
Unusual section name found: .okc
Unusual section name found: .&k>
|
| Info |
The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
- LoadLibraryA
- GetProcAddress
Uses Microsoft's cryptographic API:
|
| Suspicious |
No VirusTotal score. |
This file has never been scanned on VirusTotal.
|
| MD5 |
852816a5f465684224e0fdea3be6ae0b
|
| SHA1 |
9f8c9070788a501b74fc276c2bd57709f0e0297f
|
| SHA256 |
31502a8adeed93173c382d1dc60e49f8a4d078733c9f79eb640624cc7d8051df
|
| SHA3 |
e22d14c034b2b54c39cf7a25265ee0181b8c824e07efc79a1a9bace9c37f4f3b
|
| SSDeep |
393216:x6lE1pMtashoZgk0plpf7NXS6VpuHNPwE:scAas8gk0JTNtP1
|
| Imports Hash |
d559f3b1158ecc0d3b7782747b07a4ba
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x80
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections |
9
|
| TimeDateStamp |
2026-Apr-29 20:08:31
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xf0
|
| Characteristics |
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
| Magic |
PE32+
|
| LinkerVersion |
14.0
|
| SizeOfCode |
0xb000
|
| SizeOfInitializedData |
0x6a00
|
| SizeOfUninitializedData |
0
|
| AddressOfEntryPoint |
0x0000000000A15F65 (Section: .&k>)
|
| BaseOfCode |
0x1000
|
| ImageBase |
0x180000000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
6.0
|
| ImageVersion |
0.0
|
| SubsystemVersion |
6.0
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x1477000
|
| SizeOfHeaders |
0x400
|
| Checksum |
0
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
| SizeofStackReserve |
0x100000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0xaec0
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x518e
|
| VirtualAddress |
0xc000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x9a8
|
| VirtualAddress |
0x12000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x9e4
|
| VirtualAddress |
0x13000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x781e27
|
| VirtualAddress |
0x14000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| MD5 |
1e29e2d783fec47e5472b3ea34033883
|
| SHA1 |
acbe9051487928f287190924533253142948307f
|
| SHA256 |
151f8f57fc483b532d5ef31ddfc48bdc4538e73da3a1c93c43e2911e88c142f3
|
| SHA3 |
627792a0d325e1f11d901b592e8ad474c57d3e454f6bff1f5f5f94c3ec0f756f
|
| VirtualSize |
0xa30
|
| VirtualAddress |
0x796000
|
| SizeOfRawData |
0xc00
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.24847
|
| MD5 |
a9268df667c5da20bcc376ff453ffe29
|
| SHA1 |
2b6270fe26570acf88860ef6084f5f9f0cf03b83
|
| SHA256 |
1edd5a55a9e0451371cfe1abfb01719c680b0115fcc02f16ed41d25d94fd5c51
|
| SHA3 |
11ba01ece573d0738dc1ed82b616a9c400ba18803ca49aeba72a988c0f633fd8
|
| VirtualSize |
0xcdd3a8
|
| VirtualAddress |
0x797000
|
| SizeOfRawData |
0xcdd400
|
| PointerToRawData |
0x1000
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
|
| Entropy |
7.82473
|
| MD5 |
18cfc18aa4c3837de1ecf2f8bcf42c19
|
| SHA1 |
0a011c18010cd4a0a2c7a481ab9572f7abb48da7
|
| SHA256 |
3bdfa336e31dcc9e32ce7a4d0d92154d2b5a498321b1aaccc472c4ef00cd4295
|
| SHA3 |
dd88239fb87e8ac14e08197f263c8d1cb79ada3219cf99e5582bf118cd292d69
|
| VirtualSize |
0x120
|
| VirtualAddress |
0x1475000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0xcde400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
2.72766
|
| MD5 |
8a918939437682c16a5f7081636c02a9
|
| SHA1 |
b9975b4a9524dfeaa93f4b857609566c1849cb9d
|
| SHA256 |
1c1b09b74abecf840d342744c5351fae3b2c9319aa07dee6701077ca26968358
|
| SHA3 |
a66325214480128dbe27a0c24b4cbe5d3412e969b7dd94436e2f5eb2fab0c1f2
|
| VirtualSize |
0xe9
|
| VirtualAddress |
0x1476000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0xcde600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
2.54429
|
| KERNEL32.dll |
VirtualAlloc
|
| ADVAPI32.dll |
CryptCreateHash
|
| SHELL32.dll |
SHGetFolderPathA
|
| MSVCP140.dll |
?_Xlength_error@std@@YAXPEBD@Z
|
| VCRUNTIME140_1.dll |
__CxxFrameHandler4
|
| VCRUNTIME140.dll |
__std_type_info_destroy_list
|
| api-ms-win-crt-stdio-l1-1-0.dll |
fclose
|
| api-ms-win-crt-runtime-l1-1-0.dll |
_initterm_e
|
| api-ms-win-crt-convert-l1-1-0.dll |
strtol
|
| api-ms-win-crt-environment-l1-1-0.dll |
getenv
|
| api-ms-win-crt-string-l1-1-0.dll |
toupper
|
| api-ms-win-crt-heap-l1-1-0.dll |
malloc
|
| api-ms-win-crt-math-l1-1-0.dll |
ceilf
|
| KERNEL32.dll (#2) |
VirtualAlloc
|
| KERNEL32.dll (#3) |
VirtualAlloc
|
| Type |
RT_MANIFEST
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x91
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
4.8858
|
| MD5 |
f7ad1eab748bc07570a57ec87787cf90
|
| SHA1 |
0b1608da9fef218386e825db575c65616826d9f4
|
| SHA256 |
d2952e57023848a37fb0f21f0dfb38c9000f610ac2b00c2f128511dfd68bde04
|
| SHA3 |
6c9541b36948c19ae507d74223621875b3af4064f7cd8200bdb97e15a047e96a
|
| Size |
0x140
|
| TimeDateStamp |
1970-Jan-01 00:00:00
|
| Version |
0.0
|
| GlobalFlagsClear |
(EMPTY)
|
| GlobalFlagsSet |
(EMPTY)
|
| CriticalSectionDefaultTimeout |
0
|
| DeCommitFreeBlockThreshold |
0
|
| DeCommitTotalFreeThreshold |
0
|
| LockPrefixTable |
0
|
| MaximumAllocationSize |
0
|
| VirtualMemoryThreshold |
0
|
| ProcessAffinityMask |
0
|
| ProcessHeapFlags |
(EMPTY)
|
| CSDVersion |
0
|
| Reserved1 |
0
|
| EditList |
0
|
| SecurityCookie |
0x180012040
|
[*] Warning: Section .text has a size of 0!
[*] Warning: Section .rdata has a size of 0!
[*] Warning: Section .data has a size of 0!
[*] Warning: Section .pdata has a size of 0!
[*] Warning: Section .@~( has a size of 0!