7d2f41c7def458f853c2578694e5d82368e29aa07646189c0354b7ebeb11ee95

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2026-Mar-03 12:28:32
Detected languages English - United States

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 8.0
Suspicious The PE is possibly packed. The PE only has 5 import(s).
Info The PE contains common functions which appear in legitimate applications. Possibly launches other programs:
  • CreateProcessW
Malicious VirusTotal score: 19/72 (Scanned on 2026-03-17 10:25:26) APEX: Malicious
Antiy-AVL: Trojan/Win32.Agent
Avira: TR/Crypt.XPACK.Gen7
CTX: exe.trojan.crypt
CrowdStrike: win/malicious_confidence_60% (D)
Cynet: Malicious (score: 99)
DeepInstinct: MALICIOUS
F-Secure: Trojan.TR/Crypt.XPACK.Gen7
Fortinet: W32/PossibleThreat
GData: Win32.Trojan.Agent.EHH7VW
Google: Detected
Ikarus: Trojan.Crypt
Lionic: Trojan.Win32.Generic.4!c
McAfeeD: ti!7D2F41C7DEF4
Microsoft: Trojan:Win32/Wacatac.B!ml
Sangfor: Trojan.Win32.Agent.Vwiq
Sophos: Mal/Generic-S
TrellixENS: Artemis!838C49F9BAAA
Varist: W32/ABTrojan.NMXZ-8851

Hashes

MD5 838c49f9baaa28c538805192eaa8fcfb
SHA1 b2cd4a014d42a9ee69b7bcd9cd580920dd7029c2
SHA256 7d2f41c7def458f853c2578694e5d82368e29aa07646189c0354b7ebeb11ee95
SHA3 56c7b64358e54fd5256ab9faa6ec730958e437902b6dfa87aec1dc774e89ec1e
SSDeep 96:fuGJga5ZMYJuQAUo816j+aRTZlth33VKoNTL35:fr5ZrJuQAAraNZ3K4h
Imports Hash d39fe1ac89a69f6a797390512ac0b908

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xd8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2026-Mar-03 12:28:32
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x200
SizeOfInitializedData 0x2600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001000 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x2000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x6000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 db588fc4fcaa61bf2c13fbf3480b0320
SHA1 ae17761915658c781f885a75ab0a5a81272426b8
SHA256 a5bdd2c61a4c96e743e0bb26d260a65819f76f6156d322b3ec1f8c142ef25159
SHA3 d0617b773b525d81826ac28f565101670b91e58c31f8c7496f3f4e826c1c2d17
VirtualSize 0x178
VirtualAddress 0x1000
SizeOfRawData 0x200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 4.75357

.rdata

MD5 08325a5aae0fd343d8a28e1d30cc4c16
SHA1 38e072ed6653afa912860cec4e544988ff4fa119
SHA256 5b10f156542f7c8d115c13896753081a2046df158c7796fdcd8befda707f2ad4
SHA3 88666571404ca4e0d1db4d9ad412918a93701fea232c3d32968f28212c9b93d5
VirtualSize 0x258
VirtualAddress 0x2000
SizeOfRawData 0x400
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.604

.data

MD5 399a7306721b269ffd847174fc363fbf
SHA1 de1e23fbaa97c2efa650158f6d1fc0b9475c67cd
SHA256 e10be1e8e44c67fdfb147755f7cd9955cdbf09756c34dafd5f233621ca76ec15
SHA3 8a0c99c8da065fcb8e3daa8f5a4641f59232629bfdfe0da18233ae14fc6fe68f
VirtualSize 0x13a
VirtualAddress 0x3000
SizeOfRawData 0x200
PointerToRawData 0xa00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.28605

.rsrc

MD5 e497d07c26d86161b1d7a3d18e6604ec
SHA1 d7b965e0512f70a7075d85dfbc7e99275ef83c97
SHA256 839be8189a9011cd6def9fea9655cca1909132edc94863fc3b51b7b208142669
SHA3 6b0fe1e87ae79aeed6f6bff4389039786ca5c38af886fb90922c9b94c2f9a389
VirtualSize 0x1f90
VirtualAddress 0x4000
SizeOfRawData 0x2000
PointerToRawData 0xc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.87179

Imports

KERNEL32.dll CloseHandle
CreateProcessW
LocalAlloc
GetCommandLineW
USER32.dll MessageBoxW

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x568
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.14961
MD5 88c16367dd69e1428f27c93880ecee9c
SHA1 a0892da91082b657a4222815c64b629be828dc29
SHA256 d5f81139ce5b2218983024b9080fa988c4528e59b8b4d39673061271529656ef
SHA3 2248152548203e9e7bea52c1c385226658086770bb0e467bea89096fa56dd2a4

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x368
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.95368
MD5 1cb66863a9059fab891a0a8ac629f22f
SHA1 4b3bf1b85f121922d5232d9f3bfc8f6633c5a17a
SHA256 a92491cb74dc98a16a1037064eb345c4840da85e71e014ee24616459e88823c8
SHA3 825116b50f72e32ae41fb56ec6028075589e5ddd4e1ab8d791154dd36767c8b4

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x8a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.23338
MD5 dc7e885337c816bcbfc193c76e22d579
SHA1 9d099796fec682d78fa2c6d35c0af10aeef541ad
SHA256 6b9046a5b1e30ce624308a25c28880c18947991dcbb9136cbc49c6abd70c4197
SHA3 8a509ee604b56c8899a6c183deb4c110e9e6b35a8762865a92130b28f61b9ee1

4

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0xca8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.40423
MD5 a0cab44230dec6240b69599b67cfd8ec
SHA1 91c124fe94aafeba010a5ebfb51294f4ad58c218
SHA256 ad03d181c578a17efbea907b9a964e2e1e317709c2e2ccf4838366e74df388d2
SHA3 8942931166d58275c3ce8cb1f0b637d906f6cbf494252cd0afb5a77a27cb1761

101

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x3e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.62735
Detected Filetype Icon file
MD5 dd4ebc75cedbfb53a97a1f5713461bb1
SHA1 bb041f0e1bc0fd762b00c673cfd18c4d6f61eb4a
SHA256 1d58e0ba3b845ee29197699afaaa37257cd2162f56baa3ebb9ebd7c0b036ee53
SHA3 0a237c9aea2a78bc7bbe85c897c4daa9c431ab4cf81c32d604436e83830a5861

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2026-Mar-03 12:28:32
Version 0.0
SizeofData 244
AddressOfRawData 0x20a4
PointerToRawData 0x6a4

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0xaea95957
Unmarked objects 0
Imports (27412) 5
Total imports 5
C objects (30153) 1
Resource objects (30153) 1
Linker (30153) 1

Errors

Leave a comment

No comments yet.