| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date |
2026-May-04 19:54:24
|
| Detected languages |
English - United States
|
| TLS Callbacks |
1 callback(s) detected.
|
| Suspicious |
The PE is possibly packed. |
Unusual section name found: .2fAD9
Unusual section name found: .C
Unusual section name found: .p8ehg
The PE only has 1 import(s).
|
| Malicious |
VirusTotal score: 38/62 (Scanned on 2026-05-23 11:01:33) |
ALYac:
Trojan.GenericKD.80103121
APEX:
Malicious
AhnLab-V3:
Trojan/Win.Generic.R772128
Alibaba:
Trojan:Win64/VMProtect_AGen.6c4c0837
Antiy-AVL:
Trojan[Packed]/Win64.VMProtect
Arcabit:
Trojan.Generic.D4C646D1
Avira:
TR/W64.Agent
BitDefender:
Trojan.GenericKD.80103121
Bkav:
W32.Malware.9FED8E90
CTX:
exe.trojan.vmprotect
CrowdStrike:
win/malicious_confidence_70% (W)
Cylance:
Unsafe
Cynet:
Malicious (score: 99)
DeepInstinct:
MALICIOUS
ESET-NOD32:
Win64/Packed.VMProtect_AGen.AAX suspicious application
Elastic:
malicious (high confidence)
Emsisoft:
Trojan.GenericKD.80103121 (B)
F-Secure:
Trojan.TR/W64.Agent
Fortinet:
Riskware/Application
GData:
Trojan.GenericKD.80103121
Google:
Detected
Gridinsoft:
Trojan.Heur!.022520A3
Lionic:
Trojan.Win32.VMProtect.4!c
Malwarebytes:
Malware.Heuristic.2108
McAfeeD:
Real Protect-LS!D8FBE059E42A
MicroWorld-eScan:
Trojan.GenericKD.80103121
Microsoft:
Trojan:Win32/Kepavll!rfn
Paloalto:
generic.ml
Panda:
Trj/CI.A
Sangfor:
Suspicious.Win32.Save.a
SentinelOne:
Static AI - Suspicious PE
Sophos:
Mal/Generic-S
Symantec:
ML.Attribute.HighConfidence
TrellixENS:
Artemis!D8FBE059E42A
VIPRE:
Trojan.GenericKD.80103121
Varist:
W64/ABTrojan.OHDM-1489
alibabacloud:
VirTool:Win/Wacatac.B9nj
tehtris:
Generic.Malware
|
| MD5 |
d8fbe059e42a363a77676c3236a413ec
|
| SHA1 |
a385dbfa18b2dd9a9e8cb8b90c4a53e0b1171941
|
| SHA256 |
5f5e4d9d3d86ea17bcda0b87657c657cb2b9b984615f96e8281fa657e08ecd6c
|
| SHA3 |
b74b4888ecd18174f6ba836848b68f13a9c06bf9e3e200da29bdc6a83b1abf33
|
| SSDeep |
49152:esIPmmQzf2YaqjV/C7k2T9w8Swut1cX5ATWLZaV3cZ2d0FUmjhyShYVQTn77uE4:6OzfD31CQHKutDUaRc7hrvRh0cpMAm
|
| Imports Hash |
744b8668340c0780ea1865df1a6c1af5
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x100
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections |
9
|
| TimeDateStamp |
2026-May-04 19:54:24
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xf0
|
| Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
| Magic |
PE32+
|
| LinkerVersion |
14.0
|
| SizeOfCode |
0x3ea400
|
| SizeOfInitializedData |
0x18a400
|
| SizeOfUninitializedData |
0
|
| AddressOfEntryPoint |
0x0000000000719675 (Section: .p8ehg)
|
| BaseOfCode |
0x1000
|
| ImageBase |
0x140000000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
6.0
|
| ImageVersion |
0.0
|
| SubsystemVersion |
6.0
|
| Win32VersionValue |
0
|
| SizeOfImage |
0xab7000
|
| SizeOfHeaders |
0x400
|
| Checksum |
0
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve |
0x100000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x3ea337
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x14be06
|
| VirtualAddress |
0x3ec000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x8700
|
| VirtualAddress |
0x538000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x2e5fc
|
| VirtualAddress |
0x541000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0xfe249
|
| VirtualAddress |
0x570000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| MD5 |
36cab675cadc316990fc197928e13fa7
|
| SHA1 |
5fe905ffc9ad648491ca650a128e7cd01d4f1d1b
|
| SHA256 |
b21acea3dfa6452577f8bd57ff0fade81a81d70a51225d80da413e10adf01ea9
|
| SHA3 |
a99dd98c624b38d37ad9f6819b030d9dd75c5db3821420a449c5bcd18d567d4d
|
| VirtualSize |
0x33172
|
| VirtualAddress |
0x66f000
|
| SizeOfRawData |
0x33200
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
5.83553
|
| MD5 |
5a493cde30f7332bdb83c3766ce52428
|
| SHA1 |
f57d6f518c83e3269c2826c8c866c3ee28c40d65
|
| SHA256 |
d1a5b42b0c59e4141a8c801d21f372a07dfadb9ed7a21bf4b628a39122a3b488
|
| SHA3 |
75ebdf05d3bb13a5a05760aa89a65552fcdd194bd2fc75a965b663ab7a444934
|
| VirtualSize |
0x411691
|
| VirtualAddress |
0x6a3000
|
| SizeOfRawData |
0x411800
|
| PointerToRawData |
0x33600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
7.90816
|
| MD5 |
f1fafbed18cc06694328b16e19d08155
|
| SHA1 |
53aaf0fabd1a9e3302c4e3ac8c3e4d8b90214d24
|
| SHA256 |
023395038a7238a3e147114936cb8544298547b21d4cc5d8ed85e56f197523a8
|
| SHA3 |
1f5017a053b0f86292022f897e522b97383b4813ae513a7ac00e423adbbd64ce
|
| VirtualSize |
0x1e8
|
| VirtualAddress |
0xab5000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x444e00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
4.76666
|
| MD5 |
b2fe4aeb9a99b381309aa7e95d3ddc9b
|
| SHA1 |
9474639476067d63633c7424dbb78909c490b010
|
| SHA256 |
f144780bebae6ad4f2e46a101d2bf05f647c724ac23951aaca7c32fbf4108b16
|
| SHA3 |
2fd57f90db2dfc20a638b9ed965b9a23e13a5e518d20e00d9fa346c81953211d
|
| VirtualSize |
0x1000
|
| VirtualAddress |
0xab6000
|
| SizeOfRawData |
0x400
|
| PointerToRawData |
0x445000
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
0.181954
|
| USER32.dll |
GetDesktopWindow
|
| Type |
RT_MANIFEST
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x188
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
4.89623
|
| MD5 |
b8e76ddb52d0eb41e972599ff3ca431b
|
| SHA1 |
fc12d7ad112ddabfcd8f82f290d84e637a4d62f8
|
| SHA256 |
165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8
|
| SHA3 |
37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd
|
| StartAddressOfRawData |
0x14066f028
|
| EndAddressOfRawData |
0x14066f52c
|
| AddressOfIndex |
0x14066f534
|
| AddressOfCallbacks |
0x14066f53c
|
| SizeOfZeroFill |
0
|
| Characteristics |
IMAGE_SCN_TYPE_REG
|
| Callbacks |
0x00000001406B63E3
|
[!] Error: Could not read the exported DLL name.
[*] Warning: Section .text has a size of 0!
[*] Warning: Section .rdata has a size of 0!
[*] Warning: Section .data has a size of 0!
[*] Warning: Section .pdata has a size of 0!
[*] Warning: Section .2fAD9 has a size of 0!