ac532f28dea2bc167c70d3c971b3408b0932b119767cef734f846f4c7cd7d676

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2026-Jun-17 02:39:26

Plugin Output

Suspicious The PE is possibly packed. Unusual section name found: .xdata
Suspicious The PE contains functions most legitimate programs don't use. Memory manipulation functions often used by packers:
  • VirtualAlloc
  • VirtualProtect
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 b7564016807503fb4e5671d9f4e80766
SHA1 44908520e49c7e146662d098b901d4f367e7cdaf
SHA256 ac532f28dea2bc167c70d3c971b3408b0932b119767cef734f846f4c7cd7d676
SHA3 06abe3b439628a2bf498c8576ab4e553d7de7a6c551726fdc5047944bfb02977
SSDeep 96:7IMbZPrjSnlR/j/5Zpx/E4aMK//wRRm+od/omsxkhM9SsA:7IGSnnL5ZFK/Ek/ofk29V
Imports Hash abf16faa5672babf741511adf5909343

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 5
TimeDateStamp 2026-Jun-17 02:39:26
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32+
LinkerVersion 2.0
SizeOfCode 0xe00
SizeOfInitializedData 0xc00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00000000000011FA (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 5.2
Win32VersionValue 0
SizeOfImage 0x6000
SizeOfHeaders 0x400
Checksum 0x5f31
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 5dd09d72f9f39106a2ab56b2cd3a90f0
SHA1 3680c9e9aa08686cbc686d76dbfcb7aef083529c
SHA256 fb176a007b09a2f652a6db001f60885d07fe76d5bd9adb32422ac094b4084266
SHA3 bb44284ff1ec5236d21721711c9b1481de540407b28937a40acd8c689ce414dc
VirtualSize 0xd40
VirtualAddress 0x1000
SizeOfRawData 0xe00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.11078

.rdata

MD5 a4d6e1c327534af2af14ffe8614d5993
SHA1 98fcffe5dbc7e55536c4bfd8567a22c1f207793e
SHA256 b60a7dbd993eee3dc563b45d399e3ac95d4e373867aa8d5a0be852437689215e
SHA3 8c5faea9398d8f1b773cc833986de951c92e4a664494ddf809812c2f92b15531
VirtualSize 0x3d0
VirtualAddress 0x2000
SizeOfRawData 0x400
PointerToRawData 0x1200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.11783

.pdata

MD5 bc685622c509a9a1eae89a5ecb42866e
SHA1 1d91f1e4ab3f0eda496a160e34fcfc6c4b3ba611
SHA256 e12bfd33635cc7583054191b44e05dad50fcfba2263d8c797297d46b3d1bf433
SHA3 02e935395f33d1132c9fa82476390ecece48d64bf3f01cfb5718a8d08e7342ff
VirtualSize 0xb4
VirtualAddress 0x3000
SizeOfRawData 0x200
PointerToRawData 0x1600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.49558

.xdata

MD5 92e7bcf54f0ba5c36f1d7c10eae0a757
SHA1 8218c66ef58f490e8d7fbd9f9365673f9722769b
SHA256 18fb0627b801808888f0359c331b7b4923d5b9751a3c094a69cc6341cabc774c
SHA3 3466732653b93ba34908a76c428f901e9d0bd02d87ff59288ab3818eac86f546
VirtualSize 0xc4
VirtualAddress 0x4000
SizeOfRawData 0x200
PointerToRawData 0x1800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.37076

.idata

MD5 8cd6863bcdcd0f1044156a78890b91a4
SHA1 fea9a55c6f8bee4f2a6c18b41966bbc117f80626
SHA256 20cc67a3ffc37cb8d0b51d12b84ee6c63a960376a20aa6084d72eaa098bc7461
SHA3 bd3edf75aa86e4eb8240d2538a2952318e3c37f05a0560306a83016f5d3b262a
VirtualSize 0x378
VirtualAddress 0x5000
SizeOfRawData 0x400
PointerToRawData 0x1a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.37543

Imports

KERNEL32.dll CloseHandle
CreateFileA
CreateFileMappingA
ExitProcess
GetCurrentProcess
GetFileSize
GetModuleHandleA
GetProcAddress
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
MapViewOfFile
OutputDebugStringA
ReadFile
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
ntdll.dll NtClose
RtlInitUnicodeString

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.