| Architecture |
IMAGE_FILE_MACHINE_I386
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| Compilation Date |
2026-Feb-01 13:19:32
|
| Detected languages |
English - United States
|
| Suspicious |
The PE is possibly packed. |
Unusual section name found: .-KP
Unusual section name found: .}nP
Unusual section name found: .4fY
|
| Suspicious |
The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
- LoadLibraryA
- GetProcAddress
Can access the registry:
Possibly launches other programs:
Has Internet access capabilities:
Leverages the raw socket API to access the Internet:
|
| Suspicious |
No VirusTotal score. |
This file has never been scanned on VirusTotal.
|
| MD5 |
aee4a1af604f2b8925548f7a47982453
|
| SHA1 |
d94e01bcc0c13b2e8b23f9b74acc9af91e5eae65
|
| SHA256 |
c3d580bf994572a204472f0f62ec5587410953d658d77991303b1f94f6e60884
|
| SHA3 |
a7dc92af5668cf43f5b67dbe86dbc3c63eb80b3709bf42e7f4e21d0d803e39af
|
| SSDeep |
393216:LSOQ7ykxKi8+mDskeJHuzTXkfnvoF5yNXom0swYcga4KwN5m8:L1Q7yKNihVXkfE5w0swxlO
|
| Imports Hash |
a2a5275a4d18c3b4e29b384d3fc6e17f
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x80
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections |
7
|
| TimeDateStamp |
2026-Feb-01 13:19:32
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xe0
|
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
|
| Magic |
PE32
|
| LinkerVersion |
14.0
|
| SizeOfCode |
0x1cae00
|
| SizeOfInitializedData |
0xa76c00
|
| SizeOfUninitializedData |
0
|
| AddressOfEntryPoint |
0x02097D6A (Section: .4fY)
|
| BaseOfCode |
0x1000
|
| BaseOfData |
0x1cc000
|
| ImageBase |
0x400000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
6.0
|
| ImageVersion |
0.0
|
| SubsystemVersion |
6.0
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x22e4000
|
| SizeOfHeaders |
0x400
|
| Checksum |
0
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve |
0x100000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x1caddc
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x80fe2
|
| VirtualAddress |
0x1cc000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x41bec
|
| VirtualAddress |
0x24d000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0xfa3fac
|
| VirtualAddress |
0x28f000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| MD5 |
a50b82466be8845e5ed7cbec456082e5
|
| SHA1 |
bb0c121d2df50f694205eb1d346a705737aa97b1
|
| SHA256 |
2fff8ec1750f116eb46e098fbe39a4a7424242464ffed6f69ac62be0a476ee0b
|
| SHA3 |
814fd81487ae72aced2687bf1619b6d5ff624477e0f36b8d87892070c5197bb6
|
| VirtualSize |
0x9dc
|
| VirtualAddress |
0x1233000
|
| SizeOfRawData |
0xa00
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.556222
|
| MD5 |
e032cddcf4f59197387a69309312daad
|
| SHA1 |
ccd9e0a4b34c4d58aff979bac9a092f3013b6270
|
| SHA256 |
5921398a5b5515c96e392336784524abaa31d81bf64c30ee71c3e4a65bcaf19a
|
| SHA3 |
52847117894f46e540ac53ee7b13341c6ca02f1286da21748ff67ee6ede562a8
|
| VirtualSize |
0x10ad7f0
|
| VirtualAddress |
0x1234000
|
| SizeOfRawData |
0x10ad800
|
| PointerToRawData |
0xe00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
7.9788
|
| MD5 |
3db91d1a3d976b4cfe98585900cfb0c0
|
| SHA1 |
7f4a8f4a6b621088d25baca5ce7d3a26227046dc
|
| SHA256 |
d46159a4b85a8a83900ae8f59999dfee57267cd1fd7c3dcb05d8ae7cf24cd0c4
|
| SHA3 |
a806bf61e233fad4f52e770b85ed1682a840de8d404af5fece83728446dad7b4
|
| VirtualSize |
0x132c
|
| VirtualAddress |
0x22e2000
|
| SizeOfRawData |
0x1400
|
| PointerToRawData |
0x10ae600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
5.02243
|
| WS2_32.dll |
getnameinfo
|
| CRYPT32.dll |
CertFindCertificateInStore
|
| ADVAPI32.dll |
RegOpenKeyExA
|
| KERNEL32.dll |
UnhandledExceptionFilter
|
| USER32.dll |
MessageBoxW
|
| SHELL32.dll |
ShellExecuteA
|
| ole32.dll |
CoCreateInstance
|
| OLEAUT32.dll |
SysFreeString
|
| MSVCP140.dll |
?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
|
| RPCRT4.dll |
RpcStringFreeA
|
| WINHTTP.dll |
WinHttpAddRequestHeaders
|
| IPHLPAPI.DLL |
GetAdaptersInfo
|
| bcrypt.dll |
BCryptGenRandom
|
| VCRUNTIME140.dll |
strrchr
|
| api-ms-win-crt-runtime-l1-1-0.dll |
system
|
| api-ms-win-crt-stdio-l1-1-0.dll |
fgets
|
| api-ms-win-crt-time-l1-1-0.dll |
_time64
|
| api-ms-win-crt-heap-l1-1-0.dll |
calloc
|
| api-ms-win-crt-convert-l1-1-0.dll |
strtoul
|
| api-ms-win-crt-locale-l1-1-0.dll |
localeconv
|
| api-ms-win-crt-math-l1-1-0.dll |
__setusermatherr
|
| api-ms-win-crt-filesystem-l1-1-0.dll |
_access
|
| api-ms-win-crt-string-l1-1-0.dll |
strspn
|
| api-ms-win-crt-utility-l1-1-0.dll |
qsort
|
| api-ms-win-crt-environment-l1-1-0.dll |
getenv
|
| KERNEL32.dll (#2) |
UnhandledExceptionFilter
|
| KERNEL32.dll (#3) |
UnhandledExceptionFilter
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x10a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
4.87056
|
| MD5 |
5b31622dbf3a74940c52446db7356cf1
|
| SHA1 |
49a88cd45aa6d450c55c40533dca4b01b7345f1b
|
| SHA256 |
3d53fb7944fcbca53300e6312a6408b7526c4defa80e96e418f9ea8cd89ec415
|
| SHA3 |
1bd421767b623727f5584557d7d93d6b03ede9c4191c03e4102f48a6bb6ce505
|
| Type |
RT_GROUP_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x14
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
1.7815
|
| Detected Filetype |
Icon file
|
| MD5 |
3c68f77c35c26ff079a1c410ee44fa62
|
| SHA1 |
0b40150c95fc2c6414c90d44ee78b8d8814b3393
|
| SHA256 |
a14e70ed824f3f17d3a51136aa08839954d6d3ccadaa067415c7bfc08e6636b0
|
| SHA3 |
590dcbf2ec3f485a6c24e3e627f383ee7588eb49978321f12c07d8190a6c1396
|
| Type |
RT_MANIFEST
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x188
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
4.89623
|
| MD5 |
b8e76ddb52d0eb41e972599ff3ca431b
|
| SHA1 |
fc12d7ad112ddabfcd8f82f290d84e637a4d62f8
|
| SHA256 |
165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8
|
| SHA3 |
37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd
|
| Size |
0xc0
|
| TimeDateStamp |
1970-Jan-01 00:00:00
|
| Version |
0.0
|
| GlobalFlagsClear |
(EMPTY)
|
| GlobalFlagsSet |
(EMPTY)
|
| CriticalSectionDefaultTimeout |
0
|
| DeCommitFreeBlockThreshold |
0
|
| DeCommitTotalFreeThreshold |
0
|
| LockPrefixTable |
0
|
| MaximumAllocationSize |
0
|
| VirtualMemoryThreshold |
0
|
| ProcessAffinityMask |
0
|
| ProcessHeapFlags |
(EMPTY)
|
| CSDVersion |
0
|
| Reserved1 |
0
|
| EditList |
0
|
| SecurityCookie |
0x650bc0
|
| SEHandlerTable |
0x26e1330
|
| SEHandlerCount |
303
|
[!] Error: Could not reach the TLS callback table.
[*] Warning: Section .text has a size of 0!
[*] Warning: Section .rdata has a size of 0!
[*] Warning: Section .data has a size of 0!
[*] Warning: Section .-KP has a size of 0!
aee4a1af604f2b8925548f7a47982453