8f81228b5d5b664681bbde500e24e38aacbf23acaa6aaa50d42d3f5f82f27148

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1970-Jan-01 00:00:00
Debug artifacts Embedded COFF debugging symbols

Plugin Output

Suspicious PEiD Signature: HQR data file
Suspicious The PE is possibly packed. Unusual section name found: .xdata
Unusual section name found: .symtab
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryW
  • LoadLibraryExW
  • GetProcAddress
 Functions which can be used for anti-debugging purposes:
  • SwitchToThread
Info The PE is digitally signed. Signer: *.rottentomatoes.com
Issuer: DigiCert Global G3 TLS ECC SHA384 2020 CA1
Malicious VirusTotal score: 15/70 (Scanned on 2026-05-02 15:16:50) AVG: FileRepMalware [Trj]
AhnLab-V3: Trojan/Win.Evo-gen.R771208
Avast: FileRepMalware [Trj]
Bkav: W64.AIDetectMalware
CrowdStrike: win/malicious_confidence_70% (D)
Cynet: Malicious (score: 99)
DeepInstinct: MALICIOUS
ESET-NOD32: a variant of Win64/GenKryptik_AGen.CKZ
Elastic: malicious (high confidence)
Kaspersky: UDS:Trojan.Win64.Agent
Kingsoft: Win64.Trojan.Agent.a
Malwarebytes: Trojan.Dropper.DMSI
Microsoft: Trojan:Win32/Wacatac.B!ml
Rising: Malware.Undefined!8.C (TFE:dGZlOin9nJf0VCQrrw)
Symantec: ML.Attribute.HighConfidence

Hashes

MD5 84cb36e202c04057e810e176daaa4b29
SHA1 46c27e379f7dcafa0bfa7a6c36cf6e09af63f478
SHA256 8f81228b5d5b664681bbde500e24e38aacbf23acaa6aaa50d42d3f5f82f27148
SHA3 cbfeac133585d967c63f4f036c6cece3b3e0a0008381bc57c7854c2e0432b415
SSDeep 49152:vcI7E482XUM6FjC0dIczfDUjvQjF2pdhoE:vntEr8AuvQ+D
Imports Hash d42595b695fc008ef2c56aabd8efd68e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0x8b
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 8
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0x302e00
NumberOfSymbols 2449
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 3.0
SizeOfCode 0x140c00
SizeOfInitializedData 0x7200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000006C400 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.1
ImageVersion 1.0
SubsystemVersion 6.1
Win32VersionValue 0
SizeOfImage 0x36b000
SizeOfHeaders 0x600
Checksum 0x32270a
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 86b3864dfcb629827663e4fceca703a7
SHA1 01d675c83ef87092fd21e3132c84b9bcabcc680e
SHA256 5fab2ac3d6f386810236f4fe7d1c3756c90ba2e474282b3b68b295751ca43116
SHA3 fa8a21681827af4c1ff5aad093fdc5d60e29786a92caa77ef3334c4de73be50c
VirtualSize 0x140a31
VirtualAddress 0x1000
SizeOfRawData 0x140c00
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.39596

.rdata

MD5 9d47b61bb0a94e93e6b2e4839e3d1092
SHA1 342a4e467864cc6a6d0ff3c8fd5a06ffb4957962
SHA256 77af2a067fd126096dbd9058e19a619b82490963fd524417d03f82d334d3be3b
SHA3 6037f75f44a7fe8690d173e38d2a6c249c3ee44c76f215d6c6d53d127c8b29fd
VirtualSize 0x1ac780
VirtualAddress 0x142000
SizeOfRawData 0x1ac800
PointerToRawData 0x141200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.68908

.data

MD5 020843f22812a9fe2e2c95da8a077f53
SHA1 a559eb8570fd19b0ef4d0ac00ed39ff6166c5b91
SHA256 0a81fc17a5e3dd3abfd889052dc161c001a4933bfc9c5dcf62033f75c2daab1f
SHA3 9f82e5a277f57f2db535d09d9af58a5ef30faadf20efed04580cb2ca5db77c6b
VirtualSize 0x50188
VirtualAddress 0x2ef000
SizeOfRawData 0x7200
PointerToRawData 0x2eda00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.41428

.pdata

MD5 a4d7f38e0ad94e845a3f9f545c0aedf0
SHA1 de60008b934f5ccab5846fa0e3775da321ae2249
SHA256 a172b6c2c5ed8d19a79fe61833eeaeadf4e9e9ac7b96078e36be7f1dde89b8e1
SHA3 bf04f487c134fc49df00858f0ba475536c712d4060dccb90fa9b9a8d4bcc6557
VirtualSize 0x4a1c
VirtualAddress 0x340000
SizeOfRawData 0x4c00
PointerToRawData 0x2f4c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.15323

.xdata

MD5 25594bf2442d806716f4534aa4756f44
SHA1 8a1dae8e940595ad4ec4fa230db814f6264fb00e
SHA256 380b63dc1b95bba72ae4ac70d6220f025eb7601736c0dfa20a8e40aace959ee8
SHA3 8667a07a1f66a813d8a4b394f6f95a84b6f1ce1fc4fdf9089f834c2091e6deaf
VirtualSize 0xb4
VirtualAddress 0x345000
SizeOfRawData 0x200
PointerToRawData 0x2f9800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.78711

.idata

MD5 8fb882ff21b5f57bf1bdf0519c2621fd
SHA1 57ac536e923036174d6bf6b774ba8d67f21cd424
SHA256 65949801bf534144cd7101d9041ce52c24ccf4f062ad0deda9047b87948cf8a6
SHA3 694a5fbf68d8cffc1b089c301051256090a55017434f4b4db9a203895bf47c3c
VirtualSize 0x53e
VirtualAddress 0x346000
SizeOfRawData 0x600
PointerToRawData 0x2f9a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.95443

.reloc

MD5 d96039946afca1f23302fb7e1ab272ac
SHA1 847860a0fe9a88b06c2922f9fe454352ce408c54
SHA256 f4b7f7b7332e162bf842a4611dca4e9192428fca50a455de9984aa9fad836a8a
SHA3 a86075f374edba4ec13238ff4a8e97895f83b7eb3f6f4fc74963b1dfd59bcc65
VirtualSize 0x8c2c
VirtualAddress 0x347000
SizeOfRawData 0x8e00
PointerToRawData 0x2fa000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.425

.symtab

MD5 ab1e16e48139a24560dadb33c3597173
SHA1 67deaf8dd98fdaa999510337266729a9527ed8e8
SHA256 f431ca509a5ba0d78f249095d22489aa7e99f88e5695d9713154c34a14e67971
SHA3 d4ec8e8b3d8ec6b30d426805dcb1e2e941b38c97ba54803d3bbeeac2d3cc179d
VirtualSize 0x1abff
VirtualAddress 0x350000
SizeOfRawData 0x1ac00
PointerToRawData 0x302e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.23311

Imports

kernel32.dll WriteFile
WriteConsoleW
WerSetFlags
WerGetFlags
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
RtlVirtualUnwind
RtlLookupFunctionEntry
ResumeThread
RaiseFailFastException
PostQueuedCompletionStatus
LoadLibraryW
LoadLibraryExW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetErrorMode
GetEnvironmentStringsW
GetCurrentThreadId
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler
AddVectoredContinueHandler

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.