| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date |
2021-Mar-17 03:03:45
|
| Detected languages |
English - United States
|
| TLS Callbacks |
2 callback(s) detected.
|
| Suspicious |
The PE is possibly packed. |
Unusual section name found: .xdata
|
| Info |
The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
- GetProcAddress
- LoadLibraryA
|
| Suspicious |
The PE is possibly a dropper. |
Resources amount for 81.7662% of the executable.
|
| Safe |
VirusTotal score: 0/72 (Scanned on 2026-02-25 19:36:26) |
All the AVs think this file is safe.
|
| MD5 |
fef59959cffc046fd5ab3754ddc8f86d
|
| SHA1 |
d55fb55887a0b21898af58d503bb6729f66a6bba
|
| SHA256 |
7e43c920a8d9887797a3150ff764c792e962acbbdb7f48af104f5275b1a09020
|
| SHA3 |
85b939ffe2c9afe76000599ea2c14a3aa7ac70a720ffc18b67f01afc93ddf747
|
| SSDeep |
3072:4Gk4iyqmQFyp6VFRyLO338ToWe90cEK7LQtPk5LWFN:zRiyBbkzy/ToB0cEeLQt20
|
| Imports Hash |
4a37c2625fc82529ce036b4d8f00f335
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x80
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections |
10
|
| TimeDateStamp |
2021-Mar-17 03:03:45
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xf0
|
| Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_RELOCS_STRIPPED
|
| Magic |
PE32+
|
| LinkerVersion |
2.0
|
| SizeOfCode |
0x2600
|
| SizeOfInitializedData |
0x1a800
|
| SizeOfUninitializedData |
0xa00
|
| AddressOfEntryPoint |
0x00000000000014C0 (Section: .text)
|
| BaseOfCode |
0x1000
|
| ImageBase |
0x400000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
4.0
|
| ImageVersion |
0.0
|
| SubsystemVersion |
5.2
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x23000
|
| SizeOfHeaders |
0x400
|
| Checksum |
0x1f851
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| SizeofStackReserve |
0x200000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
80536f4e02032fcf9c3de98ccac0d68c
|
| SHA1 |
64923b1f7fa37d093079056d03d8f78f9a0535ac
|
| SHA256 |
d09daa69e0a2af4bf820cbfe65e1536ad0c332c8e4060e761fdddd59ef606c3a
|
| SHA3 |
2a936e9f7a48b206c641c49f61503ec6c63c3221c994cb4ebf61c908bfd17bc3
|
| VirtualSize |
0x24d8
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0x2600
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
6.08996
|
| MD5 |
9d30ab6a77534d80ce511f696d52ae3e
|
| SHA1 |
b5b662ba495d3e7e2691f12669537eb07333ab6c
|
| SHA256 |
c1245b361cedd307bab2db951b79a64b53b8a68ffe9b8d197f4aab0f737d0b77
|
| SHA3 |
de208af6d1fd689cda8f7ff0dec9b05ee522e2888e73b3cd2c1e6ee9ea324d79
|
| VirtualSize |
0x130
|
| VirtualAddress |
0x4000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x2a00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
1.43545
|
| MD5 |
4fe2dfd20135f79f89c539cf0e7c9beb
|
| SHA1 |
8c136110688ef0de204eb370f2038934a79e8427
|
| SHA256 |
9dbe00c7a63509277e53a49ebd51d4693286dd25eff036f59f4436046a787a52
|
| SHA3 |
4d795303136b423de08dc424acc605b97c22558eba15040a357b9aae5447a4a7
|
| VirtualSize |
0x960
|
| VirtualAddress |
0x5000
|
| SizeOfRawData |
0xa00
|
| PointerToRawData |
0x2c00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
4.62439
|
| MD5 |
ff12720c30ff3f147107c631a3014fd3
|
| SHA1 |
166dfbe29fc0599fe424d19dae184d482d9c7d66
|
| SHA256 |
31b0dfd3a92270e219cff5e2d2b3b87cbcb33d04cf5e68db9262f0e97500feab
|
| SHA3 |
a9b1d92dd242c8189f94671a6ea053e7172c1cb7c77e73c599c390903d6cd80d
|
| VirtualSize |
0x2ac
|
| VirtualAddress |
0x6000
|
| SizeOfRawData |
0x400
|
| PointerToRawData |
0x3600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
2.89796
|
| MD5 |
83fd988dd373512b94f154f35da2b95b
|
| SHA1 |
16fe7110ae6a2caea01b2b97878650da999fe4b7
|
| SHA256 |
f4e70b8dca5f3d2473f4f948376982de2674a284a2ce777fe837f1992e5c1b6a
|
| SHA3 |
6dffccb07caf9cc299368052e48ab6ca9bc49cadeb709151d04d978fc5646b2d
|
| VirtualSize |
0x24c
|
| VirtualAddress |
0x7000
|
| SizeOfRawData |
0x400
|
| PointerToRawData |
0x3a00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
2.77508
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x990
|
| VirtualAddress |
0x8000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
23ecd597c528d10fbf91b0f922ac0dc6
|
| SHA1 |
b663fad1c65cb405a05034dc310f67d0efdc2dbe
|
| SHA256 |
d9ff57293bce58a73feb8f999fcbf8545d80336afbb2cd2d597dad5a7fa44fe1
|
| SHA3 |
c889c60c4bd176482ebf95cc181005fb27a53021ef65ca89e891c7336b2a5871
|
| VirtualSize |
0xdf4
|
| VirtualAddress |
0x9000
|
| SizeOfRawData |
0xe00
|
| PointerToRawData |
0x3e00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
4.19914
|
| MD5 |
102d0eeb1b751848710239d4888e1c51
|
| SHA1 |
f5e488520912e38de37f465ba753cf9cd198faf4
|
| SHA256 |
f3f5dcfb305ef5dc59a79be475a02ea402ab7fdff0d2605544ba053c01cbefd6
|
| SHA3 |
91b3ff8ede7cfac3f6e324c1e7f27c55fbd81474839cf6f98cec9616d8a2fb5a
|
| VirtualSize |
0x68
|
| VirtualAddress |
0xa000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x4c00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.265539
|
| MD5 |
bf619eac0cdf3f68d496ea9344137e8b
|
| SHA1 |
5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
|
| SHA256 |
076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
|
| SHA3 |
622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
|
| VirtualSize |
0x10
|
| VirtualAddress |
0xb000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x4e00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0
|
| MD5 |
5a44ff095af36ba22428bad8789e30f7
|
| SHA1 |
6509983fa6c0ddab4b01334f62132b611e66249c
|
| SHA256 |
72f623b2a955bf56c5bb14c3f7a2bc067356653ebd1ce0db8460b7dc46f428df
|
| SHA3 |
a4f19ed1ccc11927394deaf095c58e1f65bf38e181597977eefbf23383fea792
|
| VirtualSize |
0x16ef0
|
| VirtualAddress |
0xc000
|
| SizeOfRawData |
0x17000
|
| PointerToRawData |
0x5000
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
7.98445
|
| KERNEL32.dll |
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetDllDirectoryA
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VerSetConditionMask
VerifyVersionInfoW
VirtualProtect
VirtualQuery
|
| api-ms-win-crt-convert-l1-1-0.dll |
mbstowcs
wcstombs
|
| api-ms-win-crt-environment-l1-1-0.dll |
__p__environ
__p__wenviron
|
| api-ms-win-crt-heap-l1-1-0.dll |
_set_new_mode
calloc
free
malloc
realloc
|
| api-ms-win-crt-locale-l1-1-0.dll |
setlocale
__initialize_lconv_for_unsigned_char
|
| api-ms-win-crt-math-l1-1-0.dll |
__setusermatherr
|
| api-ms-win-crt-private-l1-1-0.dll |
__C_specific_handler
memcpy
|
| api-ms-win-crt-runtime-l1-1-0.dll |
_set_app_type
__p___argc
__p___argv
__p___wargv
__p__acmdln
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_atexit
_initialize_narrow_environment
_initialize_wide_environment
_initterm
_set_invalid_parameter_handler
abort
exit
signal
|
| api-ms-win-crt-stdio-l1-1-0.dll |
__acrt_iob_func
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vsprintf
fwrite
|
| api-ms-win-crt-string-l1-1-0.dll |
strlen
strncmp
_strdup
|
| api-ms-win-crt-time-l1-1-0.dll |
__daylight
__timezone
__tzname
_tzset
|
| USER32.dll |
MessageBoxA
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x16e3c
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.98664
|
| Detected Filetype |
PNG graphic file
|
| MD5 |
2aa9df8868d9531dbf2da14a9a7a6b0f
|
| SHA1 |
78a042c6770267412c71fa786fc5275985ef4e76
|
| SHA256 |
d50afffca5822aefe6e44d316fa4c8656e8dd1f973aca37694a724d7b29e2e25
|
| SHA3 |
6d80caac597782892035b7a53e24ecfadddee1c6f754e346bc51bc8efff355dd
|
| Type |
RT_GROUP_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x14
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
1.59047
|
| Detected Filetype |
Icon file
|
| MD5 |
22e20862692ad220a7c6724230cabea5
|
| SHA1 |
cbbe8f9973a3b813a480f0cf821adb0b55fc3b02
|
| SHA256 |
04c7265ca6ce3b24473128485d88a2305b73d575e6eae2debf196bf61b9be264
|
| SHA3 |
246a6fe05bde7cefa17bcc18f696599d381fb71ddf1602b6ef84aa289185e87f
|
| StartAddressOfRawData |
0x40b000
|
| EndAddressOfRawData |
0x40b008
|
| AddressOfIndex |
0x4085fc
|
| AddressOfCallbacks |
0x40a040
|
| SizeOfZeroFill |
0
|
| Characteristics |
IMAGE_SCN_TYPE_REG
|
| Callbacks |
0x0000000000401860
0x0000000000401830
|
[*] Warning: Section .bss has a size of 0!
7e43c920a8d9887797a3150ff764c792e962acbbdb7f48af104f5275b1a09020