| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date |
2026-Apr-30 03:57:12
|
| Detected languages |
English - United States
|
| TLS Callbacks |
1 callback(s) detected.
|
| Suspicious |
The PE is possibly packed. |
Unusual section name found: .pvcP6
Unusual section name found: .YLClC
Unusual section name found: .5jz5y
The PE only has 1 import(s).
|
| Malicious |
VirusTotal score: 40/69 (Scanned on 2026-05-23 11:04:30) |
ALYac:
Trojan.GenericKD.80141685
Antiy-AVL:
Trojan/Win64.DBadur
Arcabit:
Trojan.Generic.D4C6DD75
BitDefender:
Trojan.GenericKD.80141685
Bkav:
W32.Malware.9DF92A7B
CAT-QuickHeal:
Trojan.Multi
CTX:
exe.trojan.generic
CrowdStrike:
win/malicious_confidence_90% (W)
Cylance:
Unsafe
DeepInstinct:
MALICIOUS
ESET-NOD32:
Win64/Packed.VMProtect_AGen.AAX suspicious application
Elastic:
malicious (high confidence)
Emsisoft:
Trojan.GenericKD.80141685 (B)
Fortinet:
Riskware/Application
GData:
Trojan.GenericKD.80141685
Google:
Detected
Gridinsoft:
Trojan.Heur!.022124A3
Ikarus:
Trojan.Win64.Agent
K7AntiVirus:
Unwanted-Program ( 006d96f61 )
K7GW:
Unwanted-Program ( 006d96f61 )
Kaspersky:
UDS:DangerousObject.Multi.Generic
Kingsoft:
Win32.Troj.Unknown.a
Lionic:
Trojan.Win32.Generic.4!c
Malwarebytes:
Malware.AI.4255956350
MaxSecure:
Trojan.Malware.684973104.susgen
McAfeeD:
ti!826DE9F20838
MicroWorld-eScan:
Trojan.GenericKD.80141685
Microsoft:
Trojan:Win32/Wacatac.B!ml
Paloalto:
generic.ml
Rising:
Trojan.DBadur!8.18E88 (CLOUD)
Sangfor:
Suspicious.Win32.Save.a
SentinelOne:
Static AI - Suspicious PE
Sophos:
Mal/Generic-S
Symantec:
ML.Attribute.HighConfidence
Trapmine:
malicious.moderate.ml.score
TrellixENS:
Artemis!540BD3D0C9D4
TrendMicro-HouseCall:
Trojan.Win64.Gen.TL0101E226ZZ
VIPRE:
Trojan.GenericKD.80141685
Varist:
W64/ABTrojan.UPMO-7170
alibabacloud:
Trojan:Win/Wacatac.B9nj
|
| MD5 |
540bd3d0c9d458aa27969544ec15ec05
|
| SHA1 |
41a0909b4815a7453beee04a38ed29162cf2f57f
|
| SHA256 |
826de9f20838090e09385dddc11642957fdef4ac8c3f4114a6ada1028dd90467
|
| SHA3 |
f47df6c86e7dd729b42673dbf0e318bb7a4d2cd6386546eb5132e9463312f92d
|
| SSDeep |
196608:KM80VKghifJNEUZQKTbfXDULC0w70FesYVmiiCKeF6FRL6:KMXgLqC0QfKpRL
|
| Imports Hash |
744b8668340c0780ea1865df1a6c1af5
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x100
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections |
9
|
| TimeDateStamp |
2026-Apr-30 03:57:12
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xf0
|
| Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
| Magic |
PE32+
|
| LinkerVersion |
14.0
|
| SizeOfCode |
0x619c00
|
| SizeOfInitializedData |
0x140200
|
| SizeOfUninitializedData |
0
|
| AddressOfEntryPoint |
0x00000000008BE569 (Section: .5jz5y)
|
| BaseOfCode |
0x1000
|
| ImageBase |
0x140000000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
6.0
|
| ImageVersion |
0.0
|
| SubsystemVersion |
6.0
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x106d000
|
| SizeOfHeaders |
0x400
|
| Checksum |
0
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve |
0x100000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x619a12
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x103d78
|
| VirtualAddress |
0x61b000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0xd40
|
| VirtualAddress |
0x71f000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x186c0
|
| VirtualAddress |
0x720000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0xf1ff2
|
| VirtualAddress |
0x739000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| MD5 |
a5374944f0eecc609cf51711b2080e62
|
| SHA1 |
7ba3d8e7c143562ed1bbbc6e88112f218698a33f
|
| SHA256 |
e5fdcde7d9841b216d2c3106de0dae458a98cee04142c5f6de6a8f5da2c0ed40
|
| SHA3 |
e34f6ec824d0bcd868afbcdadf6420a20bda5fd765bc30d051c37d0c091edab2
|
| VirtualSize |
0x1ceae
|
| VirtualAddress |
0x82b000
|
| SizeOfRawData |
0x1d000
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
5.4624
|
| MD5 |
b7acc4ee8b70994e9d4ac5c9e3100708
|
| SHA1 |
d0acd025ed66484584a41677d53a952dd92d6b2e
|
| SHA256 |
0de1360375209a555ee9fc3dec8cccbbfe1f52cf34a1cc829febf679ae79cec4
|
| SHA3 |
e1ffe0c9f55a3ad2b0e98df58bf3a50dd350f1862e24de7bff8407ce10309244
|
| VirtualSize |
0x80493c
|
| VirtualAddress |
0x848000
|
| SizeOfRawData |
0x804a00
|
| PointerToRawData |
0x1d400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
7.96571
|
| MD5 |
6555dd146ecdc37b4c50034ca7bfd616
|
| SHA1 |
9b73026ae7c632262e452727b12cf2dc297552ac
|
| SHA256 |
7ccf0c39914ad1f429118e634b8ca7fbdcc3f85ea9855c7fb9e0d358b6410b5b
|
| SHA3 |
413cde66e0c7e00def45c3e7701004915c723599ecac222c6807427c352c13d8
|
| VirtualSize |
0x1e250
|
| VirtualAddress |
0x104d000
|
| SizeOfRawData |
0x1e400
|
| PointerToRawData |
0x821e00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
7.71075
|
| MD5 |
35c27d596cabdf032151eff4fa56f57a
|
| SHA1 |
34df626679e33ce608f4707112998e71d444701e
|
| SHA256 |
8a6bb9234ed5e1618693caec471cc30bb8d1f7aae443210b69bcdf16c7431f4a
|
| SHA3 |
11265915cc70121ad455537fe581a01d5e8a716d62e775563291da2350e58fe6
|
| VirtualSize |
0x1000
|
| VirtualAddress |
0x106c000
|
| SizeOfRawData |
0x400
|
| PointerToRawData |
0x840200
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
0.181954
|
| USER32.dll |
GetDesktopWindow
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x368
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.71245
|
| MD5 |
fd2876d250320c7c5ca335010e5c790d
|
| SHA1 |
54ba5e0820d341fb2b98e0870b3e3db369844afb
|
| SHA256 |
273620b13a78e638a2cb28d9608aabeaef46adcb45e6447399533836a033250b
|
| SHA3 |
b5dd4c2f275fd21a791de00294c50cea0f8341811ad28d53af36f37b63c48857
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x748
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
6.05015
|
| MD5 |
9f6485a7a4be5cb5ed700a5915146a4b
|
| SHA1 |
772717a4d23ef66d7b951d21997543dbb52888ab
|
| SHA256 |
14ab75cd065df808ac7be7af405f5ad410bf11f05b6b6e6772f69ccfbfded9e4
|
| SHA3 |
2bdedeeb1ab134e9897748e5bca2d125d48d44e6a08ef66e43d905676be27cb1
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0xca8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
6.158
|
| MD5 |
61009bbec242ab2d10574c7105f13f5c
|
| SHA1 |
c694fd1cfd208db2028b550075195471f2800ccd
|
| SHA256 |
de37cde2a07f9944c0a0926fd45c336ef6ae7e0d40cb4b0bd10f8a2ffd5a0f4b
|
| SHA3 |
41262bf2e7950b2f5e9cf833686f309ab343e1e5c0f297ae6883f120ff54196b
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x1ca8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
6.15275
|
| MD5 |
1a2bbe5b618d7b9f92c5da827dd72201
|
| SHA1 |
722ebc723f219b170c743a7d5f60ee0da4b2ed91
|
| SHA256 |
e9717278229191a1fc86e958c87d5f8aba1a71cb38b2a862dec52e9c952bfd47
|
| SHA3 |
307b47ba5a32beb420d3bbcc72d1f43adbbaf0c6f3c4bee15f2c64e3db5aa07b
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x3228
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
6.21161
|
| MD5 |
6549071b25990b30001e8b8970282fcd
|
| SHA1 |
adbfe3c74ee2fefdc1a491c69c967cd7a7490b83
|
| SHA256 |
a66f5b890aee73200feca9dc386863fed6e1ccc3849420aaee91a4f930b34a95
|
| SHA3 |
587a6323d082884be3ad90d34a1ca10a11c2659484cb4f9a10ef10db2309969e
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x5ae3
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.88703
|
| Detected Filetype |
PNG graphic file
|
| MD5 |
76155beb8adb80ffbab403e7ff9fdc9e
|
| SHA1 |
8dbf78aa980b5c1114043cf9628633aeba3115a3
|
| SHA256 |
e5c8368f9e93c13eb70009855df2466747cca66bda4d02c5cb11be69ea78e1a9
|
| SHA3 |
3a44663fea6e5c30f0886d6710985bca2bc1a5f49f385abbe1722d62c85a848d
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x11968
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.87875
|
| Detected Filetype |
PNG graphic file
|
| MD5 |
f476126a79185f10fdf08912f9afd7fb
|
| SHA1 |
768007ebb67ddf91f1839b21f79d87f4780780dc
|
| SHA256 |
aa72f7ea6c325dffca4a8cedc9124b474162efd4d1ee401200323dc1d9071928
|
| SHA3 |
8de037c046fe010c12cc911173b16ef6342afe398e255f45369bd92c80579129
|
| Type |
RT_GROUP_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x68
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.91902
|
| Detected Filetype |
Icon file
|
| MD5 |
1bb07aca22d72dee9c7f14b42709bf89
|
| SHA1 |
8c8288efe913b423e0a3ee673f1fdc797467a072
|
| SHA256 |
7c71d7b7361330a2328684888b5740158a250ec495c53729b481840151ab0041
|
| SHA3 |
802f5459267d6cd6bd3a9397c418d625034e8737b461ac72c3162356efb4ab3d
|
| Type |
RT_MANIFEST
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x55f
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.23688
|
| MD5 |
faad61ad296a52d8c72855cee603ccde
|
| SHA1 |
9cf4a9e8d353b1d444f54c11fc6bc314d2f5afba
|
| SHA256 |
341e7855a6f96dd66852157561d68c606d1b1ce79573a8a0512da413a1ac09c1
|
| SHA3 |
627032769ec3f581de33c74ea38759e476aeacd843a6e4318da0ee1ce869c771
|
| Characteristics |
0
|
| TimeDateStamp |
2026-Apr-30 03:57:12
|
| Version |
0.0
|
| SizeofData |
892
|
| AddressOfRawData |
0x843d44
|
| PointerToRawData |
0x19144
|
| StartAddressOfRawData |
0x14082b028
|
| EndAddressOfRawData |
0x14082b40c
|
| AddressOfIndex |
0x14082b414
|
| AddressOfCallbacks |
0x14082b41c
|
| SizeOfZeroFill |
0
|
| Characteristics |
IMAGE_SCN_TYPE_REG
|
| Callbacks |
0x000000014085B35E
|
[*] Warning: Section .text has a size of 0!
[*] Warning: Section .rdata has a size of 0!
[*] Warning: Section .data has a size of 0!
[*] Warning: Section .pdata has a size of 0!
[*] Warning: Section .pvcP6 has a size of 0!
826de9f20838090e09385dddc11642957fdef4ac8c3f4114a6ada1028dd90467