3ef9064e656edbcb037a48206e15422ece7940ade1244d4ec80a73aeb4f0ae98

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2026-Jun-17 02:24:09

Plugin Output

Suspicious The PE is possibly packed. Unusual section name found: .xdata
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
 Can access the registry:
  • RegCloseKey
  • RegOpenKeyExA
 Memory manipulation functions often used by packers:
  • VirtualAlloc
  • VirtualProtect
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 fb1c4b2619361e80044d97867e66f3f9
SHA1 3a58483b558e65c9ed6e722403c49947c85614c7
SHA256 3ef9064e656edbcb037a48206e15422ece7940ade1244d4ec80a73aeb4f0ae98
SHA3 b50f52144840ef13cc8b7d7735a710850d33aace5b987ef01e360339c676b423
SSDeep 96:Sf2Gy0MJeOEe0rYnacngIAOCeMyKOPHWDu7DkR5aUwnyVnFzCabfCYH:Sffy7JegkYhn8ZyB/WaHe5jnFzBD
Imports Hash 704ca1617582e646fd9836dfb8470098

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2026-Jun-17 02:24:09
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32+
LinkerVersion 2.0
SizeOfCode 0x1800
SizeOfInitializedData 0x1000
SizeOfUninitializedData 0x200
AddressOfEntryPoint 0x00000000000010DF (Section: .text)
BaseOfCode 0x1000
ImageBase 0x10000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 5.2
Win32VersionValue 0
SizeOfImage 0x8000
SizeOfHeaders 0x400
Checksum 0x7791
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 a80b64e200d45ba49cd571db5bf027ba
SHA1 2ec8694dd21cf0f0e64e81576708cf1a75164d7f
SHA256 6aaa791d35358d35ad162b32115fe961fa1d2ecabe7bc884087275bcab8820f9
SHA3 b70df2da2da626d4a005f61b2f6b6e2dff0f25a580a3e5ff3ccedb09197d4cc1
VirtualSize 0x16c0
VirtualAddress 0x1000
SizeOfRawData 0x1800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.02794

.rdata

MD5 5ab2df81b6ba1e0dc443905ec147659c
SHA1 41396b39bf6d61898de16508a1ec9b8eee00f2a3
SHA256 a0299695acf7e7a802f58e57a49c488e98676a2d61beffe2b0cdc8195fdb5a08
SHA3 d5abf12d64db32b888792a629599c46f13723d72ac71f02bc14d3f19bb4a3fe3
VirtualSize 0x430
VirtualAddress 0x3000
SizeOfRawData 0x600
PointerToRawData 0x1c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.14675

.pdata

MD5 4c8618f7f27459971dc8762322e6c237
SHA1 ed7e7f298a4359a949dbfe2c5ad1421e06ad14c8
SHA256 b10466e0add17f9640a742a9c11a1afae5f41f3a218131087804e3c7881f115a
SHA3 f22ec91c9f9538c564c34e7299fdd4415d5246b525db7d658c03c510818a9455
VirtualSize 0x9c
VirtualAddress 0x4000
SizeOfRawData 0x200
PointerToRawData 0x2200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.28692

.xdata

MD5 59654b53381dbbf2a9063fd7a4c901a8
SHA1 dbf99b03528106db6a45dd642f96a9c9bba545fd
SHA256 b956341fe4cbe1e3bc054b94da4dc6e4569de9e3178672fee3cc8ef1906b2e61
SHA3 8d6db459c66471d58de4ddea02ea979439bf54d40a32c8eb98f251639dd0b186
VirtualSize 0x68
VirtualAddress 0x5000
SizeOfRawData 0x200
PointerToRawData 0x2400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.17268

.bss

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x10
VirtualAddress 0x6000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata

MD5 1f269a48d62486db70125eac17f33b16
SHA1 42d2d9e72ae78677c955eb315ccd87068bc55738
SHA256 f39e2d5c2e8a575318c5e32ba53ccb66cf9f12765e5fb008eb754034b6b2f4a3
SHA3 6afd5493893564c59751cf253f505de7332ecd7945ef928ef86f3ea9a6229534
VirtualSize 0x5fc
VirtualAddress 0x7000
SizeOfRawData 0x600
PointerToRawData 0x2600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.90822

Imports

ADVAPI32.dll RegCloseKey
RegOpenKeyExA
KERNEL32.dll CloseHandle
CreateFileA
CreateFileMappingA
ExitProcess
GetCurrentProcess
GetDiskFreeSpaceExA
GetFileSize
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetSystemInfo
GlobalMemoryStatusEx
HeapAlloc
HeapFree
HeapReAlloc
LoadLibraryA
MapViewOfFile
OutputDebugStringA
ReadFile
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
msvcrt.dll __iob_func
abort
fprintf
memcmp
memcpy
strlen
strncmp
vfprintf
ntdll.dll NtClose
RtlInitUnicodeString

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!
Leave a comment

No comments yet.