953daf4dc1011f2c08a8a9966406cdd2fef88a864af8007a0f1983585116401b

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2026-May-14 21:10:37
TLS Callbacks 3 callback(s) detected.

Plugin Output

Suspicious The PE is possibly packed. Unusual section name found: .xdata
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
  • LoadLibraryExA
 Possibly launches other programs:
  • system
 Manipulates other processes:
  • OpenProcess
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 7a59989f4fa65b3afc6d2ec82da6f1b9
SHA1 1172eac324b0b1edc1bd8eaec9d54321f2785069
SHA256 953daf4dc1011f2c08a8a9966406cdd2fef88a864af8007a0f1983585116401b
SHA3 c9458f920ceea59724f420680e6c8dfb74ff5cb3713292c6a00812b537c3b91f
SSDeep 6144:ZpwoSi1iFI75VdqzD+TrElXiEacvJ6rTr+n/RRSiVoS8lMTN604CYNEZ3/JP5L5:ZpwnoiO778X+0lXitr+n/RRZc9CYW
Imports Hash bc8b603b6faf94472889cc1160895564

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 10
TimeDateStamp 2026-May-14 21:10:37
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32+
LinkerVersion 2.0
SizeOfCode 0x65400
SizeOfInitializedData 0x16200
SizeOfUninitializedData 0xe00
AddressOfEntryPoint 0x000000000000105F (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 5.2
Win32VersionValue 0
SizeOfImage 0x82000
SizeOfHeaders 0x400
Checksum 0x7c2fd
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 ae643b24fc283157a4b76d44fba2d5a3
SHA1 3dc6f463e77de93ec9e0b2b6a47d81695d7e3fc8
SHA256 33d091e3f5288279cb30bff3d31f7d3d16c922ed4f27126055ff024c4027c0eb
SHA3 27b2a416f8d31590029aa50d2e9f2e028e5f81b1d04ba2854980d660a0a39309
VirtualSize 0x65330
VirtualAddress 0x1000
SizeOfRawData 0x65400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.78027

.data

MD5 11c88b64e6e43053d1806e687f411bdd
SHA1 fdc90578224a60b7b21288364550b9f47c4b9b4a
SHA256 ddf2dff88d14f162ecd8809bfdfaf217912a06d60bfccc8cd5c8c1cde02a79fe
SHA3 c3ee3354de0c47b8d8a789aa59746244b35192db70be40b86d5a31d16dc35a68
VirtualSize 0x320
VirtualAddress 0x67000
SizeOfRawData 0x400
PointerToRawData 0x65800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.32532

.rdata

MD5 216d4ac62935b070b46b14ad24129b17
SHA1 a1ec42b5f3678576f85978323457d9418b3dbd29
SHA256 701ab3d044ee26f69fda55d172500e61ed4411a9049c75bace6e9d67dd7a0ffb
SHA3 cdaeaaa62927548bd201241aa73418ce054a16636f3849f539ed96700313778f
VirtualSize 0x9910
VirtualAddress 0x68000
SizeOfRawData 0x9a00
PointerToRawData 0x65c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.13938

.eh_fram

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x4
VirtualAddress 0x72000
SizeOfRawData 0x200
PointerToRawData 0x6f600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.pdata

MD5 76a4885ec4eb1c74de596f3f21828ce2
SHA1 b1d8423a289d42da0b86ba6a7cbe3e67db3e4f7e
SHA256 41d4dcb1350546a8804312e5b66a63e04fe36191de181d2b004b164f383386a2
SHA3 22213313db98015e82c0ced9bb535eb7063a51aee842585c1046f95af6a9cc3d
VirtualSize 0x4c20
VirtualAddress 0x73000
SizeOfRawData 0x4e00
PointerToRawData 0x6f800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.76389

.xdata

MD5 69b01d60ae243e96e4a27efb1ed2f6d0
SHA1 1d3e9fb80192224da1450959fcffca58bbdfe9a3
SHA256 6830afbac0c3b1a63985f3ad8645280e7105d1a47cd85e1d41beb4ad4bc9e0bf
SHA3 799c2e87f5bae5b831809f3ce68fe1f8d329c1dc064bf2d43dddc938d65a9f25
VirtualSize 0x49f8
VirtualAddress 0x78000
SizeOfRawData 0x4a00
PointerToRawData 0x74600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.62759

.bss

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0xc50
VirtualAddress 0x7d000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata

MD5 2c468430e7ab204a120563a262b9ac87
SHA1 493b78f69075454f474a46442144b16d14310aa0
SHA256 e03d5b87532f0a3b4d090632dc1f23a8cb41b34c01187cf0fd2be610b403ed23
SHA3 93b8963f60cbea06033d344d8857c4f779638517d0de51696e9f21ef22af724f
VirtualSize 0x1afc
VirtualAddress 0x7e000
SizeOfRawData 0x1c00
PointerToRawData 0x79000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.36285

.tls

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x10
VirtualAddress 0x80000
SizeOfRawData 0x200
PointerToRawData 0x7ac00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.reloc

MD5 0f37fd705559783ed4f42bffbe6ed627
SHA1 acc2ec6d50924e95ba70b774c2355921e1840612
SHA256 fbb9358be077aabe273d6c80986661d53472ac39f9498ae578d0adeb124ca53c
SHA3 669421b1f537516c63b878fa0a473a8789dc3216e9bcaf554a6327df6c98732f
VirtualSize 0xa74
VirtualAddress 0x81000
SizeOfRawData 0xc00
PointerToRawData 0x7ae00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.14104

Imports

KERNEL32.dll CloseHandle
CreateEventA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FormatMessageA
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseSemaphore
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
api-ms-win-crt-convert-l1-1-0.dll mbrtowc
mbsrtowcs
strtoul
wcrtomb
api-ms-win-crt-environment-l1-1-0.dll __p__environ
getenv
api-ms-win-crt-filesystem-l1-1-0.dll _lock_file
_unlock_file
remove
rename
api-ms-win-crt-heap-l1-1-0.dll _set_new_mode
calloc
free
malloc
realloc
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale
localeconv
setlocale
api-ms-win-crt-math-l1-1-0.dll __setusermatherr
acos
asin
atan2
ceil
cos
exp
floor
fmod
frexp
log
log10
pow
sin
sqrt
tan
api-ms-win-crt-private-l1-1-0.dll __C_specific_handler
__intrinsic_setjmp
longjmp
memchr
memcmp
memcpy
memmove
strchr
strrchr
strstr
api-ms-win-crt-runtime-l1-1-0.dll __p___argc
__p___argv
_assert
_beginthreadex
_cexit
_configure_narrow_argv
_crt_atexit
_endthreadex
_errno
_exit
_initialize_narrow_environment
_set_app_type
_initterm
_initterm_e
_set_invalid_parameter_handler
abort
exit
signal
strerror
system
api-ms-win-crt-stdio-l1-1-0.dll __acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vsprintf
_fileno
_pclose
_popen
_setmode
clearerr
fclose
feof
ferror
fflush
fgets
fopen
fputc
fputs
fread
freopen
fseek
ftell
fwrite
getc
puts
setvbuf
tmpfile
tmpnam
ungetc
api-ms-win-crt-string-l1-1-0.dll _strdup
isalnum
isalpha
iscntrl
isgraph
islower
ispunct
isspace
isupper
isxdigit
memset
strcmp
strcoll
strcpy
strlen
strncmp
strnlen
strpbrk
strspn
tolower
toupper
wcslen
wcsnlen
api-ms-win-crt-time-l1-1-0.dll _difftime64
_gmtime64
_localtime64
_mktime64
_time64
clock
strftime
USER32.dll MessageBoxA

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData 0x140080000
EndAddressOfRawData 0x140080008
AddressOfIndex 0x14007d0c0
AddressOfCallbacks 0x1400718e0
SizeOfZeroFill 0
Characteristics IMAGE_SCN_TYPE_REG
Callbacks 0x000000014004FEB0
0x000000014004FF69
0x000000014005D64D

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!
Leave a comment

No comments yet.