6c9c6cc6a8f0e3fe10feea1c03c1511102fb6409ef964a26ff903ceb00a933ed

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2026-Apr-22 15:54:20
Detected languages English - United States
TLS Callbacks 1 callback(s) detected.
Debug artifacts e‰ê;î •NÆ=fªÁÏA$ce±µeRBËïЭ‘Ý Â4Žân5‚ˆŒ"

Plugin Output

Info Matching compiler(s): MASM/TASM - sig1(h)
Suspicious The PE is possibly packed. Unusual section name found: .data1
Unusual section name found: .data2
Unusual section name found: .bss1
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
 Functions which can be used for anti-debugging purposes:
  • CreateToolhelp32Snapshot
  • FindWindowA
 Possibly launches other programs:
  • ShellExecuteW
  • system
 Uses functions commonly found in keyloggers:
  • MapVirtualKeyW
  • GetAsyncKeyState
  • GetForegroundWindow
 Functions related to the privilege level:
  • AdjustTokenPrivileges
  • CheckTokenMembership
  • OpenProcessToken
 Manipulates other processes:
  • OpenProcess
  • Process32NextW
  • Process32FirstW
  • ReadProcessMemory
  • WriteProcessMemory
 Reads the contents of the clipboard:
  • GetClipboardData
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 0540336dbe0a492c4d553c4cb089a44d
SHA1 b928048882038e2ac488d81cc1a920bc0dadb453
SHA256 6c9c6cc6a8f0e3fe10feea1c03c1511102fb6409ef964a26ff903ceb00a933ed
SHA3 a79f813508d9b9ccd902e0fc45472a9c67b281de89571b3db94fb5182c3c0354
SSDeep 24576:gHX9/sqtb7MB0LijXOFiKjd6TEFHxpZqvLv0id:iBd2m56TGL0v0W
Imports Hash c639c8d445277ed4eef2eb392de7e729

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 9
TimeDateStamp 2026-Apr-22 15:54:20
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x89c00
SizeOfInitializedData 0x9de00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000006E880 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x12d000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 6afae2cdb67b7d38660edc303554bb78
SHA1 2923c73f5e17d076f401590dac9aac91656c01fd
SHA256 d09da047052dec5a71dd7068aee2b72365cc004da964a6614b6a76ae8fa7999c
SHA3 5f3b6110b21e8bc5af0e51ce998fcbe5f85a6e5fde9d37d7e7a82b884a361121
VirtualSize 0x707b7
VirtualAddress 0x1000
SizeOfRawData 0x70800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.50775

.rdata

MD5 207f8b704b45266007f83d1e4d2d04e3
SHA1 ebfd4acadb37633e0e38152665216b437f9799e0
SHA256 767f0bf569acda3e00302ee68406fa52562feee97ade220643f63cd2527c0091
SHA3 dd39cdd3a368f508c68d569dda4131db2f3f04cc4c80beacb94e7b5bfa1fd2c3
VirtualSize 0x1bb38
VirtualAddress 0x72000
SizeOfRawData 0x1bc00
PointerToRawData 0x70c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.51982

.data

MD5 376c640dada4a459a535d4f5d3f5ba8a
SHA1 21094e8fc17dfb10557416e0423e36a63f8f9a3f
SHA256 e5b16755672076d05d7fc0f3a0e3da76741219261b28513d8820918fbdafe55e
SHA3 8dc831440a0d429efcefd9bee42cc279d0913f5e8d6505104e063949a0222b0e
VirtualSize 0xa98
VirtualAddress 0x8e000
SizeOfRawData 0x800
PointerToRawData 0x8c800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.83975

.pdata

MD5 f7bd67ca252487971768b97eb3ec013d
SHA1 d7a54656604ffc62753aaded85ba2a419069099a
SHA256 2b5a634b2f74c63b0c381d9afa6b69402187231aeb98df0dbccf902631aa8719
SHA3 864f4b348f7cc56ea1f82feb847fe80da85258683a77bebc4957ba2f36dcff9d
VirtualSize 0x4cd4
VirtualAddress 0x8f000
SizeOfRawData 0x4e00
PointerToRawData 0x8d000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.834

.rsrc

MD5 4fe00da9f3fd42ea1d323807293e5550
SHA1 c82bb6878602ec78aaa92318d250a5a7c7cd887a
SHA256 cc19ebf053ea3bc6b0c2f7de940f9181698316597b8c3109568d0cd29af86f5d
SHA3 7cd05c71530c0037d8509646a372b8cba714fe76d3881fad807a0f2757c0c363
VirtualSize 0x1e8
VirtualAddress 0x94000
SizeOfRawData 0x200
PointerToRawData 0x91e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.76813

.reloc

MD5 6beb1fe65c2b1c2887162e89057b462f
SHA1 5efeb38c11da81e05c6fcc22157405d8de9b5796
SHA256 d0dcfd0b97c5f8bb42379a13f27e969e5d2c4822fd37c53358536b86a0538ce4
SHA3 5d5aaa98a7db200f01daf7c30be824f10ae2e6c30d688901fe4e8ac8ad24659f
VirtualSize 0x2d4
VirtualAddress 0x95000
SizeOfRawData 0x400
PointerToRawData 0x92000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.29842

.data1

MD5 58cf8072b986b4cfe07f787acad48840
SHA1 74b717e32bf98c6fe6da284cbb75c89a3f5a666d
SHA256 593b0c62729144e867a36b68a41375679cbce7433eba797f40f3ba87a5b62113
SHA3 df9dcb924d3c43f372182b1087c2cf6d3205f9a8da4bb1616f2cdddb89ad06b9
VirtualSize 0x7bc78
VirtualAddress 0x96000
SizeOfRawData 0x7be00
PointerToRawData 0x92400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.92284

.data2

MD5 4683851f760297cecb5811db59262448
SHA1 e8a01472a30170528779f7325febf36371047353
SHA256 4665ccb23b79767c3101f994b84d826b85d9cfcb04fcafe97078d64b6397173d
SHA3 9f94cd7d66bb64e6836d387e8e2168354ead548dce3b74be8fc29c71089400cd
VirtualSize 0x193bb
VirtualAddress 0x112000
SizeOfRawData 0x19400
PointerToRawData 0x10e200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.14233

.bss1

MD5 5bd1cbddbb3a620a2fdc91136173d1d0
SHA1 c8629e58b3541b5688f7ffb3d0e6868683e8f5da
SHA256 f90dddabf5c37d0d20d46cad6e233784525543fa74ddcaf17fe1a547b5cda78f
SHA3 113fb84ec8ea16f95ce97b17019a10ec36b39c04cea982f85483aab5176fe4d3
VirtualSize 0x238
VirtualAddress 0x12c000
SizeOfRawData 0x400
PointerToRawData 0x127600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.0558553

Imports

KERNEL32.dll SetConsoleTitleA
GetCurrentProcess
GetStdHandle
SetConsoleMode
GetProcessId
CreateMutexA
DuplicateHandle
OpenProcess
CreateToolhelp32Snapshot
Sleep
GetConsoleMode
GetTickCount64
GetLastError
Process32NextW
Process32FirstW
CloseHandle
Module32FirstW
ReadProcessMemory
SetConsoleCP
GetCurrentProcessId
SetConsoleOutputCP
CreateDirectoryA
GetTickCount
GetProcAddress
GetFileInformationByHandleEx
WriteProcessMemory
AreFileApisANSI
CreateFile2
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
GetLocaleInfoEx
FormatMessageA
LocalFree
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetModuleHandleW
SetUnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SetConsoleTextAttribute
QueryPerformanceCounter
FreeLibrary
IsDBCSLeadByte
QueryPerformanceFrequency
LoadLibraryA
GetLocaleInfoA
GetModuleHandleA
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
OutputDebugStringA
USER32.dll RegisterClassExA
LoadCursorW
PostQuitMessage
UnregisterClassA
mouse_event
UpdateWindow
SetForegroundWindow
FindWindowA
GetKeyboardLayout
GetWindowThreadProcessId
MapVirtualKeyW
GetWindowRect
DestroyWindow
SetWindowPos
GetSystemMetrics
ShowWindow
GetAsyncKeyState
DispatchMessageW
SetWindowLongA
PeekMessageW
SendInput
TrackMouseEvent
ClientToScreen
GetCapture
SetCapture
SetCursor
GetClientRect
ScreenToClient
IsWindowUnicode
ReleaseCapture
GetForegroundWindow
SetCursorPos
GetMessageExtraInfo
GetCursorPos
GetKeyState
TranslateMessage
SetLayeredWindowAttributes
CreateWindowExA
DefWindowProcA
DefWindowProcW
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
ADVAPI32.dll AllocateAndInitializeSid
LookupPrivilegeValueW
AdjustTokenPrivileges
CheckTokenMembership
FreeSid
OpenProcessToken
SHELL32.dll ShellExecuteW
IMM32.dll ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow
D3DCOMPILER_47.dll D3DCompile
dwmapi.dll DwmExtendFrameIntoClientArea
d3d11.dll D3D11CreateDeviceAndSwapChain
WINMM.dll PlaySoundA
MSVCP140.dll ?fail@ios_base@std@@QEBA_NXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
?good@ios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xbad_alloc@std@@YAXXZ
?_Id_cnt@id@locale@std@@0HA
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?ignore@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
VCRUNTIME140_1.dll __CxxFrameHandler4
VCRUNTIME140.dll __current_exception
memmove
memcpy
memchr
_CxxThrowException
memset
__C_specific_handler
__current_exception_context
memcmp
__std_terminate
__std_exception_copy
__std_exception_destroy
strchr
api-ms-win-crt-stdio-l1-1-0.dll ftell
__acrt_iob_func
fflush
__p__commode
_set_fmode
_get_stream_buffer_pointers
_fseeki64
fsetpos
ungetc
setvbuf
fgetpos
fgetc
fclose
fseek
__stdio_common_vfprintf
fwrite
fputc
_wfopen
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
api-ms-win-crt-utility-l1-1-0.dll qsort
rand
srand
api-ms-win-crt-heap-l1-1-0.dll malloc
free
_set_new_mode
realloc
_callnewh
api-ms-win-crt-string-l1-1-0.dll strncmp
_wcsicmp
tolower
strlen
strncpy
strcmp
wcslen
api-ms-win-crt-convert-l1-1-0.dll atof
api-ms-win-crt-runtime-l1-1-0.dll _initialize_onexit_table
_c_exit
_initialize_narrow_environment
_configure_narrow_argv
__p___argv
system
__p___argc
terminate
_register_onexit_function
_beginthreadex
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_crt_atexit
_cexit
abort
_register_thread_local_exe_atexit_callback
api-ms-win-crt-filesystem-l1-1-0.dll _unlock_file
_lock_file
api-ms-win-crt-math-l1-1-0.dll logf
__setusermatherr
fmodf
powf
ceilf
atan2f
acosf
sinf
sqrtf
cosf
tanf
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale
___lc_codepage_func

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x188
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.89623
MD5 b8e76ddb52d0eb41e972599ff3ca431b
SHA1 fc12d7ad112ddabfcd8f82f290d84e637a4d62f8
SHA256 165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8
SHA3 37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2026-Apr-22 15:54:20
Version 0.0
SizeofData 91
AddressOfRawData 0x82d6c
PointerToRawData 0x8196c
Referenced File e‰ê;î •NÆ=fªÁÏA$ce±µeRBËïЭ‘Ý Â4Žân5‚ˆŒ"

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2026-Apr-22 15:54:20
Version 0.0
SizeofData 20
AddressOfRawData 0x82dc8
PointerToRawData 0x819c8

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2026-Apr-22 15:54:20
Version 0.0
SizeofData 912
AddressOfRawData 0x82ddc
PointerToRawData 0x819dc

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2026-Apr-22 15:54:20
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

StartAddressOfRawData 0x140083190
EndAddressOfRawData 0x140083198
AddressOfIndex 0x14008e7b8
AddressOfCallbacks 0x14012c000
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks 0x00000001401242E0

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x14008e040

RICH Header

XOR Key 0xc3da17f
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 18
Imports (35403) 6
ASM objects (35403) 4
C objects (35403) 10
C++ objects (35403) 34
Imports (33145) 21
Total imports 326
C++ objects (LTCG) (35728) 8
Resource objects (35728) 1
Linker (35728) 1

Errors

Leave a comment

No comments yet.