5fbc5f1021b0e1ca07354c2139b90be6ea1bacd58ffa58d30e20da650c0f24e2

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1970-Jan-01 00:00:00
Detected languages English - United States
Comments Extractor for TONEX library.db presets with optional BCho liberation
CompanyName Lib2Txp - Bcho
FileDescription Lib2Txp - Bcho
LegalCopyright Copyright (c) 2026 Bcho
ProductName Lib2Txp - Bcho
ProductVersion 1.0.0

Plugin Output

Suspicious PEiD Signature: XWD graphics format
HQR data file
Suspicious Strings found in the binary may indicate undesirable behavior: Contains references to internet browsers:
  • chrome.exe
  • firefox.exe
Looks for Qemu presence:
  • QEmU
Contains domain names:
  • --From.apk.bin.bmp.com
  • -From.apk.bin.bmp.com
  • -github.com
  • .console-entry.info
  • .eq.github.com
  • .eq.golang.org
  • .eq.modernc.org
  • .github.com
  • .hash.github.com
  • .hash.golang.org
  • .hash.net
  • .xz.7z.pl.py.au
  • 0github.com
  • 1github.com
  • 3github.com
  • 4github.com
  • 6github.com
  • 7z.pl.py.au
  • 9github.com
  • Cgithub.com
  • Dgithub.com
  • From.apk.bin.bmp.com
  • Ggithub.com
  • adobe.com
  • apk.bin.bmp.com
  • bin.bmp.com
  • cases.info
  • collada.org
  • console-entry.info
  • earth.google.com
  • entry.info
  • eq.github.com
  • eq.golang.org
  • eq.modernc.org
  • fonts.googleapis.com
  • garmin.com
  • github.com
  • go.microsoft.com
  • golang.org
  • google.com
  • googleapis.com
  • hash.github.com
  • hash.golang.org
  • http://earth.google.com
  • http://earth.google.com/kml/2.0
  • http://earth.google.com/kml/2.1
  • http://earth.google.com/kml/2.2
  • http://ns.adobe.com
  • http://ns.adobe.com/xfdf/
  • http://schemas.microsoft.com
  • http://schemas.microsoft.com/3dmanufacturing/core/2015/02
  • http://wails.localhost
  • http://www.collada.org
  • http://www.collada.org/2005/11/COLLADASchema
  • http://www.garmin.com
  • http://www.garmin.com/xmlschemas/TrainingCenterDatabase/v2
  • http://www.ibm.com
  • http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtdapplication/x-vnd.oasis.opendocument.presentation-templatexml
  • http://www.opengis.net
  • http://www.opengis.net/gml
  • http://www.opengis.net/gml/3.2
  • http://www.opengis.net/gml/3.3/exr
  • http://www.opengis.net/kml/2.2
  • http://www.topografix.com
  • http://www.topografix.com/GPX/1/1
  • http://www.w3.org
  • http://www.w3.org/2000/svg
  • http://www.w3.org/2001/XMLSchema-instance
  • http://www.w3.org/2002/07/owl#
  • http://www.w3.org/2005/Atom
  • https://fonts.googleapis.com
  • https://fonts.googleapis.com/css2?family
  • https://go.dev
  • https://go.microsoft.com
  • https://go.microsoft.com/fwlink/p/?LinkId
  • https://ko-fi.com
  • https://wails.io
  • ko-fi.com
  • microsoft.com
  • modernc.org
  • ns.adobe.com
  • opengis.net
  • pl.py.au
  • schemas.microsoft.com
  • topografix.com
  • www.collada.org
  • www.garmin.com
  • www.ibm.com
  • www.opengis.net
  • www.topografix.com
  • www.w3.org
  • xz.7z.pl.py.au
Info Cryptographic algorithms detected in the binary: Uses constants related to MD5
Uses constants related to SHA1
Uses constants related to SHA256
Uses constants related to SHA512
Uses constants related to AES
Uses constants related to Blowfish
Suspicious The PE is possibly packed. Unusual section name found: .xdata
Unusual section name found: .symtab
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryExW
  • GetProcAddress
Functions which can be used for anti-debugging purposes:
  • SwitchToThread
Suspicious VirusTotal score: 2/70 (Scanned on 2026-07-04 12:29:47) CrowdStrike: win/malicious_confidence_60% (D)
Trapmine: malicious.moderate.ml.score

Hashes

MD5 333ccb43ed3fc5aec3f5ea692884e85e
SHA1 9d3a1e3c0b021784908c268db9aa95bc6ab9ff83
SHA256 5fbc5f1021b0e1ca07354c2139b90be6ea1bacd58ffa58d30e20da650c0f24e2
SHA3 a0060cb75f5382ba2438428846dd907faf6cf61613702c29a6fd168aaddb0ccc
SSDeep 98304:0AQdO68k5dsgd2iu7ZKLLAaGBRHH3CLkmK5NhuykwplTERx1l:l325dsQLAJHSLkmKhSGKR
Imports Hash 4e2bd2c481372f7ab13b83b63b424e97

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0x8b
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 9
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0xde4e00
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 3.0
SizeOfCode 0x643200
SizeOfInitializedData 0xe6400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000008CA00 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.1
ImageVersion 1.0
SubsystemVersion 6.1
Win32VersionValue 0
SizeOfImage 0x2e5f000
SizeOfHeaders 0x600
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 206b9508c07a8833f3bbd98ed64b9328
SHA1 a54444596c83daa8e68df34ffb849f6a71e6d47f
SHA256 99a00a4e088a9523d01676333a5a608575cdc830ab252e585231550a8465e526
SHA3 3ee06f3f80a084c3f1c6db02ff845bf6789dbc6d24422f06a4fa8a3fff122596
VirtualSize 0x643071
VirtualAddress 0x1000
SizeOfRawData 0x643200
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.17387

.rdata

MD5 c89a734d08b163fa494d866148466627
SHA1 daa39afe8ce60d047ccb9bbb6fd4e918b1ed1c31
SHA256 2f9ee47abbcfea5f3fa5f0076b9b34e3b4e30cc2937ccd83bdf8bbe44187d4ff
SHA3 a54a951a3edffaa2d159a13035bfe256df52cb7f4e8ef8addf69c101c8ec341b
VirtualSize 0x676560
VirtualAddress 0x645000
SizeOfRawData 0x676600
PointerToRawData 0x643800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.83514

.data

MD5 fefc257dc1cb41298b84d7d927481b03
SHA1 db1af1d6d195494a071dd63dbc319261b3c4dd24
SHA256 a4670e0affadeb1fabde7886d2bcddfc676adefc2bd23ef9a7b7de34d4cc1da8
SHA3 486cc1e9922ba960e9693586c3c944ee8cb36376c596d9defbd2a1f5a83a2bbb
VirtualSize 0x2144000
VirtualAddress 0xcbc000
SizeOfRawData 0xe6400
PointerToRawData 0xcb9e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.08471

.pdata

MD5 82b271c0b43c4a89919c81e82e2ce97d
SHA1 ce2e9dd3cdf198f42d89281dd67bd6d20c2cead4
SHA256 46d192f3030b9309316dfc6c6b79b1ded91069206a50b5273772f0c5983bb038
SHA3 bcb1c98e8f85ce248479705f87838b2456becf9b91766eaca628480e18e5ef22
VirtualSize 0x28428
VirtualAddress 0x2e00000
SizeOfRawData 0x28600
PointerToRawData 0xda0200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.85959

.xdata

MD5 8a16930def765d266b7468f27fb81084
SHA1 b454849da70bb34049b959f74bc4f5169c382a11
SHA256 152ec8b5bff93847284184d1e5de9f171ebcd33ca009fb2f059f877a4bb5feff
SHA3 9caba355478993ad13e690326f067e87d6e3bdfdd7e8da51850d85526f11390e
VirtualSize 0xb4
VirtualAddress 0x2e29000
SizeOfRawData 0x200
PointerToRawData 0xdc8800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.76749

.idata

MD5 9bdd7f6b2a95d57752113007faa8ece0
SHA1 b11b0ba3adf594625c2ee136b3e8e7432d3aeafe
SHA256 fff939c6c26bbcf36ef6fce4289e6ac88eb1660746a70d92e51c505c5cd8fcd4
SHA3 b0f6ea107ba376fdb6e778518c29767a355250f8f0f7e164106e2f3a0c859d0f
VirtualSize 0x57c
VirtualAddress 0x2e2a000
SizeOfRawData 0x600
PointerToRawData 0xdc8a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.31344

.reloc

MD5 df05219e4251e15e050fecc62e4cdfef
SHA1 416d0ca5d3f7a321f4a93d56e9598bee21463fdd
SHA256 b141514bcb6a5207296aa8dc051f0d1fa8ec4316dd591c56f64da793efd00bd1
SHA3 cadfb9ee89ff101908db553bbb72341edf7483dcb47a61ee0b0f9e9e6ce9d3d9
VirtualSize 0x1bdf0
VirtualAddress 0x2e2b000
SizeOfRawData 0x1be00
PointerToRawData 0xdc9000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.44145

.symtab

MD5 07b5472d347d42780469fb2654b7fc54
SHA1 943ae54f4818e52409fbbaf60ffd71318d966b0d
SHA256 3e67f4a7d14b832ff2a2433e9cf0f6f5720821f67148a87c0ee2595a20c96c68
SHA3 a70a3e18515c06557b62676f2a8eb6d7d41962d8c9c7c49f4641c429cc65b977
VirtualSize 0x4
VirtualAddress 0x2e47000
SizeOfRawData 0x200
PointerToRawData 0xde4e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.0203931

.rsrc

MD5 7efc043dbd55ce34343be9508df685b3
SHA1 4a64013511bc4aebaf2b0a457acf7a5303baa678
SHA256 7c318702cd51b493785c9451116c1f819b6654d02550be5e592819f9881c34d1
SHA3 80f80cb3b1e38d037d0c0d4406bf8de52a0f45abad48e34d7d6d1447adf7908e
VirtualSize 0x16328
VirtualAddress 0x2e48000
SizeOfRawData 0x16400
PointerToRawData 0xde5000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.97901

Imports

kernel32.dll WriteFile
WriteConsoleW
WerSetFlags
WerGetFlags
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
RtlVirtualUnwind
RtlLookupFunctionEntry
ResumeThread
RaiseFailFastException
QueryPerformanceCounter
PostQueuedCompletionStatus
LoadLibraryExW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetErrorMode
GetEnvironmentStringsW
GetCurrentThreadId
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler
AddVectoredContinueHandler
GetProcAddress
LoadLibraryExW

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x13ea8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.996
Detected Filetype PNG graphic file
MD5 29ab0b1f0decc05c257956ac0118b118
SHA1 8081c5370945af96a68eb7d64489d024ce343a40
SHA256 aa07b41f6fb26a54edafa033aeca785effa593325c8f7b1a04894675fcbf7afc
SHA3 161b5dfa9ee068f45e38a97e7100844d0cd1374a2c711ba0137761dbf7a0aba9

2

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0xf80
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.94279
Detected Filetype PNG graphic file
MD5 5b85647fb15729bf5bc8739d924c5190
SHA1 e8335f1fb2a43ae53e502dfd64e4db3af2993bbf
SHA256 ac4e6ef3e916a8a6ce0acc36cbae3ca0ac61c73ab2205f00dc61777c75f57589
SHA3 dc7dfe3e85617abaed7ebb5f3d08d5f922e72455b318889e4bf73b003c74cd54

3

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x7e2
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.88794
Detected Filetype PNG graphic file
MD5 94ef5ac52dced5b3793cbdf8e4d7739a
SHA1 46d128bb7db03deb29fa7bfadc556f292f6d4b49
SHA256 cc064c33da3b0a055f7e29b3cf9edcb45103b91170771e009b3716161c0290e6
SHA3 255e92ef3eecaa9ec2fbaeabc44aab1ba89501063099ac98c569dc08efe28a86

4

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x294
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.62987
Detected Filetype PNG graphic file
MD5 91f682f7497a72cf143ecc8bd3ddb2cb
SHA1 2ad01eb2bbfc9fbbdf42ebe9ab025e3b4941be97
SHA256 ef188b50ab87f8d799ade99708b552bed570ad3aeae58efdc210e282000deb8b
SHA3 4f409d9964012617752f7fd253be5f350b9720917fb92489a2e19b3a670fcf3d

3 (#2)

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x3e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.38945
Detected Filetype Icon file
MD5 1b20ce5776e77d29125ac2781fdd1bce
SHA1 444108eadad274dcf03e9b44f5bdf93aeb246f5c
SHA256 89993891eb95d5508e978be1293eec51ab3fc6a9584d9027be933ddf688470d6
SHA3 26b9efa696c295b203e06b3818254fd8c0290a9df47767270160ad04e1068497

1 (#2)

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x2cc
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.36607
MD5 04625306ef7192ed2dc06fac84c8f2c7
SHA1 19f7a39ff10b0b0a8e6ec13cf32e9e0417926332
SHA256 3765a6b9f5bed999b4b4bb3cce29052772a4c24c3023e1918c96cd3c61a94900
SHA3 572a0444858cd2076b055d2db098ee11be0ab1251593a1aadff00dec31ab38c3

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x5ad
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.23942
MD5 ef9e0d5b6f2ca8a294872386a3f22ead
SHA1 3d102397b4dfd32d7150eacbc2abb6e2fe751922
SHA256 bb5424cefbde0185da59804796f84132b6b7283dd26c144b3701ec2139b9a9b7
SHA3 0a2396d61f532ab5f7cb14a7ef869ed28fb57c07d408b9aca5f89d8aecdc277c

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.0.0.0
ProductVersion 0.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments Extractor for TONEX library.db presets with optional BCho liberation
CompanyName Lib2Txp - Bcho
FileDescription Lib2Txp - Bcho
LegalCopyright Copyright (c) 2026 Bcho
ProductName Lib2Txp - Bcho
ProductVersion (#2) 1.0.0
Resource LangID UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.