6d9b9794e1e2b96f4f176d5791e0ec6f5626c77a979ae908a269257851daade7

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2026-Jun-21 23:51:30
TLS Callbacks 2 callback(s) detected.

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: Looks for VMWare presence:
  • VMware
  • vmtools
 Looks for Sandboxie presence:
  • sandboxiedcomlaunch.exe
  • sandboxierpcss.exe
 Looks for VirtualBox presence:
  • vboxservice
  • vboxtray
 Looks for Qemu presence:
  • QEMU
  • qemu
 May have dropper capabilities:
  • CurrentControlSet\Services
 Contains domain names:
  • https://files.catbox.moe
  • https://files.catbox.moe/5z0529.mp3
Suspicious The PE is possibly packed. Unusual section name found: .xdata
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
 Functions which can be used for anti-debugging purposes:
  • CreateToolhelp32Snapshot
 Can access the registry:
  • RegCloseKey
  • RegOpenKeyExA
  • RegQueryValueExA
 Manipulates other processes:
  • Process32First
  • Process32Next
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 38564cb6b49efa0e01b811323e9b1cda
SHA1 eb30d4e302910776df6ff64c7a80741ef7030a80
SHA256 6d9b9794e1e2b96f4f176d5791e0ec6f5626c77a979ae908a269257851daade7
SHA3 1a12a1784cc0988bdd6fdb3a6316f43e234f08d94b7bc344695fc8bbb3ffd92f
SSDeep 1536:T150D/CvBsSOd+A4mdA5WqNrKqJAeCrdwCMkom/m1MTy3XgqcW:T150DKZbOd+hn5WcrKq1Jjm/m1MTy3w
Imports Hash 7b57ea3e901f620abbe7a8d00fd611b2

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 10
TimeDateStamp 2026-Jun-21 23:51:30
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32+
LinkerVersion 2.0
SizeOfCode 0xb400
SizeOfInitializedData 0x5800
SizeOfUninitializedData 0xae00
AddressOfEntryPoint 0x00000000000013E0 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 5.2
Win32VersionValue 0
SizeOfImage 0x22000
SizeOfHeaders 0x400
Checksum 0x1ed23
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 241b4a51b108550df7a29d06e2041a21
SHA1 f19e064f4ded73beed23289ef85d0d960b322d0a
SHA256 fbe9472414907609d7f920aaab05f699c7bdd3b9f447efc94d1b12b2ec8e4554
SHA3 017cfce0bf8c45ca57a2ef8e9e777af92161e2811b414080cf873b9c4bc21271
VirtualSize 0xb2c0
VirtualAddress 0x1000
SizeOfRawData 0xb400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.29703

.data

MD5 72aacf02b33772470591834f1158ff4d
SHA1 89aba82fe592b43dd9d9bd23127fdd89d7d6b384
SHA256 cd35005e9b0496e197322f910f6e28ecd63ce8b5845818b41a79af0c824982ad
SHA3 7d3213ae80c493d7976c0519fe637ea9bb4411337604a640a3c43af6e094e48c
VirtualSize 0xc0
VirtualAddress 0xd000
SizeOfRawData 0x200
PointerToRawData 0xb800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.961622

.rdata

MD5 f690a812a913b95c14cc2099e0a9fba5
SHA1 6674e77f224ac96923477d7dfd0397f3957cfd5c
SHA256 e77b510f5910d0ecc66889cd52e3c950fd0f9e26dfac30c98f8ea778110fe4c4
SHA3 8fdafa5e42667f39a21101a12f5df9224ddd6d9122b38c13a06d5a7f073f7111
VirtualSize 0x2e58
VirtualAddress 0xe000
SizeOfRawData 0x3000
PointerToRawData 0xba00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.27431

.pdata

MD5 3b3c4de2da71cc266f5308ceefbce7e8
SHA1 a4fbf756724068356b06e8b744d8c231fe148922
SHA256 d63ca3d73690ba31ce012cc3c8f3790a813304b62c75e0a5b77337837f31de5d
SHA3 f11cd21aa70237486ed674391b71d7c335da4361ad493c45ef4ba0343bcb300a
VirtualSize 0x480
VirtualAddress 0x11000
SizeOfRawData 0x600
PointerToRawData 0xea00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.64496

.xdata

MD5 80dcc6b1eb5b017ae8e778a04caccbbe
SHA1 43583cfa8fc79b81d881b83b1035f377f499f88d
SHA256 07e91458ef3553481e010cd1e641d7646a08b594d3c1184d5d66727896682bed
SHA3 2aa9d561d818a0f01b16fe43b9bd85da6e3ac1bd390c2d4ebf8ebba3e8906fe5
VirtualSize 0x428
VirtualAddress 0x12000
SizeOfRawData 0x600
PointerToRawData 0xf000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.34864

.bss

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0xac20
VirtualAddress 0x13000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata

MD5 bd00ddf437d520f1fcccce530bebc094
SHA1 db826377723b52743b12f5f05dde5c916f3a2755
SHA256 0c6ed72da524cfe113da914d3647427ca80075e1c63c578140d60457e3e2aa93
SHA3 bf105df268f997339158667dc1b531a6a569e8ce9c343d0d0c019cf1ccd81eb9
VirtualSize 0xf28
VirtualAddress 0x1e000
SizeOfRawData 0x1000
PointerToRawData 0xf600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.42754

.tls

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x10
VirtualAddress 0x1f000
SizeOfRawData 0x200
PointerToRawData 0x10600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.rsrc

MD5 9fc2f5567c7bbe999d78d529ac1af86d
SHA1 9e54a9766a2608b667a93f1f5746f034b7096d25
SHA256 17739ceddb79fd9a35263c424938b399e0df3cc7c44a53fee1a194eb02af5807
SHA3 58a21be4e5cdfd5ca4dde40ba354beb8c7e4bf59f96b01e28610af17d7af5dbb
VirtualSize 0x4e8
VirtualAddress 0x20000
SizeOfRawData 0x600
PointerToRawData 0x10800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.77848

.reloc

MD5 447811f20e299188413236a0e5c958f5
SHA1 52bd254b0cd1f84bb86b3f49da7bbfb3ed0a8cc1
SHA256 848759751b60a8eb2f456464dd5af9e365635b9c59112b90bcb31823de27ebc9
SHA3 c8ed9ef36f32766484ef39e7db0d8e077f0177d61d5db9f9401b48db7004113c
VirtualSize 0x70
VirtualAddress 0x21000
SizeOfRawData 0x200
PointerToRawData 0x10e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 1.46975

Imports

ADVAPI32.dll RegCloseKey
RegOpenKeyExA
RegQueryValueExA
KERNEL32.dll AddVectoredExceptionHandler
AllocConsole
CloseHandle
CreateFileA
CreateFileMappingA
CreateToolhelp32Snapshot
CreateWaitableTimerW
DeleteCriticalSection
EnterCriticalSection
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetFileSize
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetTickCount
GetTickCount64
GlobalMemoryStatusEx
HeapAlloc
HeapFree
HeapReAlloc
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MapViewOfFile
MultiByteToWideChar
Process32First
Process32Next
ReadConsoleA
ReadFile
RemoveVectoredExceptionHandler
SetConsoleMode
SetConsoleTitleA
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
TlsGetValue
UnmapViewOfFile
VirtualFree
VirtualProtect
VirtualQuery
WideCharToMultiByte
WriteConsoleA
__C_specific_handler
msvcrt.dll ___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_commode
_errno
_fmode
_initterm
_lock
_stricmp
_unlock
abort
atexit
calloc
exit
fflush
fopen
fprintf
fputc
fputs
free
getchar
localeconv
malloc
memcmp
memcpy
memmove
signal
strerror
strlen
strncmp
strstr
vfprintf
wcslen
USER32.dll DispatchMessageW
GetCursorPos
GetLastInputInfo
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage

Delayed Imports

1

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0x48f
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.13793
MD5 5aa04ce935e78505e230765e85c34355
SHA1 6c93b8c5fde8be4b2231dca6b8ec513cdc82c991
SHA256 a73f26a8d504043f785d7360e8febf2eeb8522ec873a0d4dd5d1d4bfd1e67d3d
SHA3 149467cafc03ba34b33cd8076fc2771413760822357952de205dbae2b5cb8059

Version Info

TLS Callbacks

StartAddressOfRawData 0x14001f000
EndAddressOfRawData 0x14001f008
AddressOfIndex 0x14001d14c
AddressOfCallbacks 0x140010e30
SizeOfZeroFill 0
Characteristics IMAGE_SCN_TYPE_REG
Callbacks 0x0000000140004650
0x0000000140004630

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!
Leave a comment

No comments yet.