682632955777bdf095e75fb098d0277f986dc96df40b9330f08a73ba08e1601a

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2026-Apr-08 02:43:43
Detected languages English - United States
Debug artifacts C:\Users\user\source\repos\gio loder\x64\Release\gio loder.pdb

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: May have dropper capabilities:
  • CurrentControlSet\Services
Malicious The PE contains functions mostly used by malware. Can access the registry:
  • RegCloseKey
  • RegCreateKeyExW
  • RegSetValueExW
 Can create temporary files:
  • CreateFileW
  • GetTempPathW
 Functions related to the privilege level:
  • AdjustTokenPrivileges
  • OpenProcessToken
  • CheckTokenMembership
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 77439cbc15e9b6d2f115b32bee6c7f98
SHA1 052e4f80ff8a45a7f0d124425a5e484c756ded48
SHA256 682632955777bdf095e75fb098d0277f986dc96df40b9330f08a73ba08e1601a
SHA3 f9d687f9b5f9ff3445ba2567f6391c42dff8ddfd6c0418460d3e45fd4d39d18e
SSDeep 768:pQpzeHlqyrfSBzNsauDoAbcyqaKF8GWlr90PEUgivyv38QQ:X6NsaooAbcFasWlBAEU/HQQ
Imports Hash 7cc512414d0bcd3172dc1916a86d8fab

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2026-Apr-08 02:43:43
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x5a00
SizeOfInitializedData 0x7600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000005C38 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x12000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 d32dda41cafa55deec10c7c56887e68b
SHA1 015d6437129e8c93b7a023dfa11eb8168bfd233b
SHA256 29f9805475bb1c672a81fd3793eabcbd097d222237aea63f98415f98a4cf0f6c
SHA3 49a274a7a4baccf76bfa315008a4e75f3125bba503a8e76da911724a4ebd683a
VirtualSize 0x588b
VirtualAddress 0x1000
SizeOfRawData 0x5a00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.13508

.rdata

MD5 a1ace047261283a563e47ccdfd7c4e5b
SHA1 016c91047cc76ae406d9f996aa9abc5126100342
SHA256 69a70fe63d9e2a5c00ce0d2281055baf851b81be41738f25411ca9193fc99b2d
SHA3 0a012eb8b11f7bd50a64dd99a4ba50887c70846fb46e0b908f5bbff5dcc43584
VirtualSize 0x648a
VirtualAddress 0x7000
SizeOfRawData 0x6600
PointerToRawData 0x5e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.1401

.data

MD5 3e64544a6876a4a5e2adce7db206a38d
SHA1 027b1a3b955edce9f3d85507c8aecb911e7afa80
SHA256 8e0db2a5da2a00386e599ea4d05d25a3f8e031872363a5c0f09b7d63a1082ede
SHA3 31d49144f864b099b8a1153b0b8eb503fc34a0fb0a9771274efff95e427a799c
VirtualSize 0x498
VirtualAddress 0xe000
SizeOfRawData 0x400
PointerToRawData 0xc400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.59775

.pdata

MD5 57dae2a466bf69c5b31f3e12a714d195
SHA1 e848c538acec4e46dee5666aa30e6aa1548257f6
SHA256 1449881780681b78fdccc33aaf53c20e031046338cc1e66b41175756d23e4470
SHA3 66451149ffdd0272aba7e1faa9b6d0b68bf20d3a4f94a071625988b515119419
VirtualSize 0x600
VirtualAddress 0xf000
SizeOfRawData 0x600
PointerToRawData 0xc800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.35362

.rsrc

MD5 7fb674792fe66f6671133a254ca44aa5
SHA1 234c04832be6431ad5b6c2cb4ad8df1d540d8e0e
SHA256 6db91187d518061b8e0eb1ab539700e0e869a14469d7b74d1f77539f03d31917
SHA3 10751e67e36ec57bec4a45c0ff03354c6f58c3e65182b0ff4c4f223917c293de
VirtualSize 0x1e0
VirtualAddress 0x10000
SizeOfRawData 0x200
PointerToRawData 0xce00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.69389

.reloc

MD5 7dff268222e5dc08d1a029d8065803eb
SHA1 2b2613a3149d2f2d325df9878bb9c4ec5b892daa
SHA256 320e172529d1a6ffe733d434ff2f1cc2dd357757589fd5bcbc05a33e00572605
SHA3 4684b04546b3138e7981d226cc0f5b9b73e5c4ccddb5c2ea7ea49656a7258943
VirtualSize 0xd0
VirtualAddress 0x11000
SizeOfRawData 0x200
PointerToRawData 0xd000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 2.60634

Imports

KERNEL32.dll MultiByteToWideChar
Sleep
GetLastError
DeleteFileW
CloseHandle
GetModuleHandleA
ExitProcess
GetCurrentProcessId
GetTickCount
FlushFileBuffers
GetExitCodeProcess
GetCurrentThreadId
CreateFileW
WaitForSingleObject
GetTempPathW
SetFilePointer
GetModuleFileNameW
SetFileTime
WriteFile
GetCurrentProcess
GetFileSizeEx
GetProcAddress
ReadFile
GetModuleHandleW
GetSystemTimeAsFileTime
InitializeSListHead
SetUnhandledExceptionFilter
QueryPerformanceCounter
ADVAPI32.dll LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey
AllocateAndInitializeSid
RegCreateKeyExW
RegDeleteTreeW
RegSetValueExW
OpenProcessToken
FreeSid
CheckTokenMembership
SHELL32.dll ShellExecuteExW
MSVCP140.dll ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Id_cnt@id@locale@std@@0HA
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??7ios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
VCRUNTIME140_1.dll __CxxFrameHandler4
VCRUNTIME140.dll memmove
memset
__C_specific_handler
_CxxThrowException
memcpy
__current_exception
__current_exception_context
__std_exception_copy
memcmp
__std_exception_destroy
__std_terminate
api-ms-win-crt-stdio-l1-1-0.dll __p__commode
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
fputc
setvbuf
__stdio_common_vswprintf_s
__acrt_iob_func
fgetpos
fflush
fwrite
_set_fmode
__stdio_common_vfprintf
fgetc
fclose
api-ms-win-crt-utility-l1-1-0.dll rand
srand
api-ms-win-crt-filesystem-l1-1-0.dll _lock_file
_unlock_file
api-ms-win-crt-time-l1-1-0.dll _time64
api-ms-win-crt-heap-l1-1-0.dll free
_callnewh
_set_new_mode
malloc
api-ms-win-crt-runtime-l1-1-0.dll _crt_atexit
terminate
_initialize_onexit_table
_seh_filter_exe
_set_app_type
_register_onexit_function
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
api-ms-win-crt-math-l1-1-0.dll __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale
api-ms-win-crt-string-l1-1-0.dll strlen
wcslen

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2026-Apr-08 02:43:43
Version 0.0
SizeofData 87
AddressOfRawData 0xb1d4
PointerToRawData 0x9fd4
Referenced File C:\Users\user\source\repos\gio loder\x64\Release\gio loder.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2026-Apr-08 02:43:43
Version 0.0
SizeofData 20
AddressOfRawData 0xb22c
PointerToRawData 0xa02c

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2026-Apr-08 02:43:43
Version 0.0
SizeofData 780
AddressOfRawData 0xb240
PointerToRawData 0xa040

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2026-Apr-08 02:43:43
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x14000e040

RICH Header

XOR Key 0xfa03a30e
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 18
ASM objects (35403) 3
C objects (35403) 10
C++ objects (35403) 28
Imports (35403) 6
Imports (33145) 7
Total imports 152
C++ objects (LTCG) (35728) 1
Resource objects (35728) 1
Linker (35728) 1

Errors

Leave a comment

No comments yet.