3ada65b99218a99e17059f4e1ec1f8d39628f3f57dd8910903f9d8109f374677

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2026-Jun-17 02:41:30

Plugin Output

Suspicious The PE is possibly packed. Unusual section name found: .xdata
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
 Memory manipulation functions often used by packers:
  • VirtualAlloc
  • VirtualProtect
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 87508f6dc4cd148254a4070119dfbe31
SHA1 6e248d56fa3c62dd0b9cce5e26386d611f9871a9
SHA256 3ada65b99218a99e17059f4e1ec1f8d39628f3f57dd8910903f9d8109f374677
SHA3 cd14375c4d98be9cb74d21304c18e1638f82e530128d701d7036989d10a4b4c2
SSDeep 192:iQ172Bq5qkWfNPZuAObPE+3fjSF17xeKbcuq:VhqkUZOo+3fuXwL
Imports Hash fde161af232fca69c24492c0e4c87f5c

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2026-Jun-17 02:41:30
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32+
LinkerVersion 2.0
SizeOfCode 0x1a00
SizeOfInitializedData 0xe00
SizeOfUninitializedData 0x200
AddressOfEntryPoint 0x00000000000011AE (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 5.2
Win32VersionValue 0
SizeOfImage 0x9000
SizeOfHeaders 0x400
Checksum 0xef41
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 86f733b360ca6dd16545e203d9732a29
SHA1 4cfff2a43e8f7bf07fe48c9cdd21829735cb37ef
SHA256 097adddc2be96e2101ad808b98d328dabd97a48c2ca55b06c37e656d33091e08
SHA3 a015c8b369c11a02dd5bed3b17dd99578ba2dbae92d13030b3c43131dfb35495
VirtualSize 0x1810
VirtualAddress 0x1000
SizeOfRawData 0x1a00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.10516

.rdata

MD5 21ea9089f89674578e99833483cdedba
SHA1 ced8beb435ee3bc253dfbbef5ec7cbc101f01fe2
SHA256 36e480b9a43c268bb8dd47949e61a146a42790198fb972d80bb83ffa85c31709
SHA3 2ca21f388b8235c4b3ff5951b3d57a658f653393166fa2bced7bbdaf22c6764a
VirtualSize 0x290
VirtualAddress 0x3000
SizeOfRawData 0x400
PointerToRawData 0x1e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.28784

.pdata

MD5 9f39512ae12e9c6b9a87e238902609ac
SHA1 52cacafaa97bce0dc8f6db04e36e9d30ba6f4856
SHA256 dc9666f3174d7cda04bcfda5a264ceb7697161ad8c224d236b01142345068898
SHA3 6ba2b2c9b7f9e0d0eed7dba783d7e4a29bd90bfc7093ff75f2022aeec9b86a4e
VirtualSize 0x114
VirtualAddress 0x4000
SizeOfRawData 0x200
PointerToRawData 0x2200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.29326

.xdata

MD5 eea7d3f76cd39afa95cda429752071de
SHA1 8c7c8429dbf3cd937ea99e0ee6a6de7d6227ca74
SHA256 6f91faa02010daa58d8324d5e6454cc52d2b7c9d144ada012780a62da073a75e
SHA3 64c75753d773d0ab09835d10025fa609aade3470c243ddee80e0e7b2908a9349
VirtualSize 0x168
VirtualAddress 0x5000
SizeOfRawData 0x200
PointerToRawData 0x2400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.76602

.bss

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x60
VirtualAddress 0x6000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata

MD5 79c276b7eaae7edcf6834f58001189c8
SHA1 a95752634432c6baa6be9f206c95a67ab0f9f4ce
SHA256 8b8976a6f07faba2999302754507cba7051d95685b5a5cc6a7f47971b80ba87e
SHA3 c83466465a6aa31539f3de80e639eeb48c9f03116e207cd2bb90166f31ad82b7
VirtualSize 0x370
VirtualAddress 0x7000
SizeOfRawData 0x400
PointerToRawData 0x2600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.28957

.reloc

MD5 73888df2787b23ebc2565facc3589e4b
SHA1 fa7a2a78cf177c971bc3e0b2ac7904b15474aed9
SHA256 8a2ae7a4946de3d8b99fab91cd5d2379e9ea40433da0bef981fb6b341da7610b
SHA3 97ba8d52d2d35c9b5286fd9ed4aa745aace5d9fb0cfbd130724d33a555aac72f
VirtualSize 0xc
VirtualAddress 0x8000
SizeOfRawData 0x200
PointerToRawData 0x2a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.0815394

Imports

KERNEL32.dll CloseHandle
CreateFileA
CreateFileMappingA
ExitProcess
GetCurrentProcess
GetFileSize
GetModuleHandleA
GetProcAddress
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
LoadLibraryA
MapViewOfFile
ReadFile
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
ntdll.dll NtClose
RtlInitUnicodeString

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!
Leave a comment

No comments yet.