7f50b8a9a2e8a376e2adb7d46bc9483c2754bbbdd964f0918787d4f6f1b76e2c

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2025-Dec-31 19:20:48
TLS Callbacks 1 callback(s) detected.
Debug artifacts DirectStorageFix.pdb

Plugin Output

Suspicious The PE is possibly packed. Unusual section name found: .fptable
Unusual section name found: .retplne
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
Functions which can be used for anti-debugging purposes:
  • CreateToolhelp32Snapshot
Can access the registry:
  • RegCloseKey
  • RegOpenKeyExA
  • RegQueryValueExA
Memory manipulation functions often used by packers:
  • VirtualAlloc
  • VirtualProtect
Enumerates local disk drives:
  • GetDriveTypeW
Suspicious VirusTotal score: 1/64 (Scanned on 2026-06-02 03:41:12) Cynet: Malicious (score: 100)

Hashes

MD5 63e0c5ff29389ba5bf708514829553c4
SHA1 a2dd4ad9aeb1fcc80f642333ccc4c4077017169a
SHA256 7f50b8a9a2e8a376e2adb7d46bc9483c2754bbbdd964f0918787d4f6f1b76e2c
SHA3 0a681e52e8e4c99d92c6ff83ec590a8439050fad756b0f03a994f9d8d36921e1
SSDeep 12288:8Bks1zOoGZ9OJ6hI0TlUDteSMUCm9NwJ/bAIZbyR5:8Bks1zOKJqIMlUDhJNVI4
Imports Hash 91df9e5531a295d7a7a6f0c4c5316250

DOS Header

e_magic MZ
e_cblp 0x78
e_cp 0x1
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0
e_ss 0
e_sp 0
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x78

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 9
TimeDateStamp 2025-Dec-31 19:20:48
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x6b400
SizeOfInitializedData 0x25000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000045094 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x180000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x9a000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 1aad4f6030aaf7917e5a1f0ce0d56b4c
SHA1 8feef7179252193b17af48b67c56ec7ae7505881
SHA256 0b2f2da32d01d84a2fe7b11196e080f088116a0912e2d0e5f48c31fe44e06aa2
SHA3 b50a2f3d339bf11e85a48f8ac5ec8560508b3486b7a66be94cb14fe5a1864e4b
VirtualSize 0x6b296
VirtualAddress 0x1000
SizeOfRawData 0x6b400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.55353

.rdata

MD5 7a7297e8884cd1502b6d4ea548804d6c
SHA1 0a99e6008193a93a8dad18e869faffabf1d08e6d
SHA256 77d79c8e1d636e83d10394c3be9c9b36056a3c5f0c6638dbe2b57546178a5aa6
SHA3 f822a62d4aff817d5855422bf9d2ca4eaa1f28b618eea1a3ed011ba56eb2a4ea
VirtualSize 0x1d1bc
VirtualAddress 0x6d000
SizeOfRawData 0x1d200
PointerToRawData 0x6b800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.32122

.data

MD5 6a8ee844da9bfc1c8ea9708cd00d9809
SHA1 3498514407fcdfa20e3f9000fbc56eaac4ef8bd4
SHA256 78c305bafbf6d6763bd6d64840bcff82df1525f124fadd168f9ace8afb28584c
SHA3 e80873e74b5fbb0f617a3ca4b6eb65c5fa291ac77ef9f02608c85e6fba8d97df
VirtualSize 0x3160
VirtualAddress 0x8b000
SizeOfRawData 0x1600
PointerToRawData 0x88a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.23301

.pdata

MD5 079a060dc1e0e4aba6ad3abed4313dc2
SHA1 033c77582b2b1a81891d957e3e9f11b708627b79
SHA256 53975a1cb1ebea27ea139104144a907c0bc7f82e74296b0dceea3c81e27a02d6
SHA3 af100ec0d4cf777c1fbb20f000c05fd85ec8fdac0bf22e95fbfdde169180de3c
VirtualSize 0x528c
VirtualAddress 0x8f000
SizeOfRawData 0x5400
PointerToRawData 0x8a000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.75486

.fptable

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x100
VirtualAddress 0x95000
SizeOfRawData 0x200
PointerToRawData 0x8f400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.retplne

MD5 5ee81b84f4f6accc2c7b8bad4a4468e0
SHA1 28987aa8a376dd02c5e6aba1a9c7c2a1b103f0ff
SHA256 cbecd83f8c02224652c0acfc73c7f6641c2fc7f2200c3a9c6e067808746e657c
SHA3 58aae38d057a7b95b1fa22e3bcf84201c984fd7c0cd6acffbff740ee658e1668
VirtualSize 0xc8
VirtualAddress 0x96000
SizeOfRawData 0x200
PointerToRawData 0x8f600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics (EMPTY)
Entropy 1.39375

.tls

MD5 9817b12e77552d3f017fcbf016a4b7d1
SHA1 3c8af2adda025196318e90480c4080fd367847e5
SHA256 1c81da8658b3078b404d7c34856606d1c0816e6fd7eaa9ac9398a0937e72a193
SHA3 baedc0a5e1d54a78ce79b32a3f12daed7634cf00f21868f3b2af7aa241888f51
VirtualSize 0x141
VirtualAddress 0x97000
SizeOfRawData 0x200
PointerToRawData 0x8f800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.0203931

_RDATA

MD5 f7e65d22b988a3fbf3a65decc773cfc1
SHA1 2d9cb286d0628c808fce58b13f0a2a77fd80f32a
SHA256 b43201f5185c8136fbbf1daa41c39ca8a5e36ba8be74fff2372c810e9279238e
SHA3 295ddf95d89046dc2fa89417a66682363a76098ad68778c47075f52dbfd8b050
VirtualSize 0x1f4
VirtualAddress 0x98000
SizeOfRawData 0x200
PointerToRawData 0x8fa00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.18133

.reloc

MD5 b9b662ca32c779e4e4d6ef808a71d283
SHA1 9a59e134a16d5ee1b53e2856191b6011bc161a54
SHA256 df73f0141b3c95991e0ee1fbc6c3a0f5b7ddbfc9bc4e602aa583a5f359c13d6f
SHA3 8aab6fab67723d649d1ae293aedce4122cb8c8d8b068add6f9431926fe937cc0
VirtualSize 0xc44
VirtualAddress 0x99000
SizeOfRawData 0xe00
PointerToRawData 0x8fc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.18431

Imports

KERNEL32.dll AcquireSRWLockExclusive
AreFileApisANSI
CloseHandle
CompareStringW
CreateDirectoryW
CreateFileA
CreateFileW
CreateThread
CreateToolhelp32Snapshot
DecodePointer
DeleteCriticalSection
DeviceIoControl
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExitThread
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindFirstFileW
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FlushInstructionCache
FormatMessageA
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetDriveTypeW
GetDynamicTimeZoneInformation
GetEnvironmentStringsW
GetExitCodeThread
GetFileAttributesExW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSizeEx
GetFileType
GetFullPathNameW
GetLastError
GetLocaleInfoEx
GetLocaleInfoW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetTickCount64
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetVolumeNameForVolumeMountPointA
GetVolumePathNameA
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
K32GetModuleInformation
LCMapStringEx
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
LocalFree
MultiByteToWideChar
OpenThread
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleW
ReadFile
ReleaseSRWLockExclusive
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetConsoleTextAttribute
SetEndOfFile
SetEnvironmentVariableW
SetFileInformationByHandle
SetFilePointerEx
SetLastError
SetStdHandle
SetThreadContext
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
SuspendThread
SystemTimeToTzSpecificLocalTime
TerminateProcess
Thread32First
Thread32Next
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile
SHELL32.dll SHGetKnownFolderPath
ole32.dll CoTaskMemFree
ADVAPI32.dll RegCloseKey
RegOpenKeyExA
RegQueryValueExA
VERSION.dll GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2025-Dec-31 19:20:48
Version 0.0
SizeofData 45
AddressOfRawData 0x7ddcc
PointerToRawData 0x7c5cc
Referenced File DirectStorageFix.pdb

TLS Callbacks

StartAddressOfRawData 0x180097000
EndAddressOfRawData 0x180097140
AddressOfIndex 0x18008c858
AddressOfCallbacks 0x18007dec0
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_16BYTES
Callbacks 0x000000018002FA50

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x18008b300

RICH Header

Errors

Leave a comment

No comments yet.