| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date |
1970-Jan-01 00:00:00
|
| TLS Callbacks |
2 callback(s) detected.
|
| Debug artifacts |
Embedded COFF debugging symbols
|
| Suspicious |
The PE is possibly packed. |
Unusual section name found: .xdata
|
| Info |
The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
- GetProcAddress
- LoadLibraryA
|
| Suspicious |
VirusTotal score: 1/72 (Scanned on 2026-02-25 19:37:10) |
Trapmine:
malicious.moderate.ml.score
|
| MD5 |
d393ba41d48199438581112001ce627e
|
| SHA1 |
f1de6f18d5e76241f7ea33ded7ce5d9c052f5e8b
|
| SHA256 |
c9207ea899f46a083bbef3fadd15e2d4eb7d0a5914925100320205b4d11feeee
|
| SHA3 |
74b72099f89cb86e981f6dc8232dd8964110b6867abe40c8002c256240ce6d13
|
| SSDeep |
6144:/5VoC2KT4wwPdLPWKirrjuTlci5VoC2KT4wwPdLPWKirrc:XoC2KT4XFLQ3uTvoC2KT4XFLQQ
|
| Imports Hash |
3e51386569c4e433a23ad307f651f463
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x80
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections |
10
|
| TimeDateStamp |
1970-Jan-01 00:00:00
|
| PointerToSymbolTable |
0x45c00
|
| NumberOfSymbols |
68
|
| SizeOfOptionalHeader |
0xf0
|
| Characteristics |
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
| Magic |
PE32+
|
| LinkerVersion |
2.0
|
| SizeOfCode |
0x2400
|
| SizeOfInitializedData |
0x45800
|
| SizeOfUninitializedData |
0xa00
|
| AddressOfEntryPoint |
0x00000000000014C0 (Section: .text)
|
| BaseOfCode |
0x1000
|
| ImageBase |
0x400000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
4.0
|
| ImageVersion |
0.0
|
| SubsystemVersion |
5.2
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x4e000
|
| SizeOfHeaders |
0x400
|
| Checksum |
0x4f6ff
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| SizeofStackReserve |
0x200000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
6aba096537e678ded84651955867a56c
|
| SHA1 |
72a40cd145a521e19ae91db22230220cee1fbca7
|
| SHA256 |
afbf1e831d383f0bc594eba2015a6d1d8145844f5dbb76ac1d3aafea73571af9
|
| SHA3 |
b3ea21ec4fda460a2128d9df342b06017159daf0a06efcd1994a576988120d32
|
| VirtualSize |
0x2278
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0x2400
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
5.93694
|
| MD5 |
564393c825328abc439ab37241f6746b
|
| SHA1 |
d87b7c5cafb645e88df13e97b91b01d86999c655
|
| SHA256 |
dd668e68adb5687e8cc76054a3dd64df7611bdfdfeca5251cd612f8c8a1d1619
|
| SHA3 |
0dab35c30d5db0af0985f814b1686b32a60ee7c924ad3f2543dc557d24fa39a9
|
| VirtualSize |
0xc0
|
| VirtualAddress |
0x4000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x2800
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.767922
|
| MD5 |
fe37ac68b7d4abed3aa3e32c4df6afc3
|
| SHA1 |
8234931a762ac4762fadee350328b78cca3e2ef1
|
| SHA256 |
a7bccf018cfae71a5d809ed04e2530b79e3154382a3ca924cdf0eaf31e72e111
|
| SHA3 |
ecb8cb57857d4b2f59996372e407754208591c7ee0dc46170784e570528b8c94
|
| VirtualSize |
0x970
|
| VirtualAddress |
0x5000
|
| SizeOfRawData |
0xa00
|
| PointerToRawData |
0x2a00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
4.65573
|
| MD5 |
c0ce60e4a230b095ebdb378ce0bd4a4e
|
| SHA1 |
309496e82a5a22503cc6134f9366a827b6a825c8
|
| SHA256 |
554e65a75c0ee6f94208e0b0fbf2ebb84292df91c6597a7b7ebfa9ad0f406928
|
| SHA3 |
15e531f9620e03258eb2bfed2ae0dc8132b28102fe8efa92e30f0a9e850fb82a
|
| VirtualSize |
0x27c
|
| VirtualAddress |
0x6000
|
| SizeOfRawData |
0x400
|
| PointerToRawData |
0x3400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
2.70513
|
| MD5 |
c00c401b4ea6b320c24af27e579d087b
|
| SHA1 |
1e8ea36e107c97fa3c1d26505d47d183282ce010
|
| SHA256 |
68a2ceb754bec6177893b5352195dc4b0d6e6b41bcfe4d64e51f0b33df9176bf
|
| SHA3 |
543ea19330ccf40ac945c7ef22555b216f605b986436340abf4d1477ef8cc432
|
| VirtualSize |
0x210
|
| VirtualAddress |
0x7000
|
| SizeOfRawData |
0x400
|
| PointerToRawData |
0x3800
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
2.53389
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x990
|
| VirtualAddress |
0x8000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
bca4f068a8447ac51ebadf80b16fa01b
|
| SHA1 |
be3958d06acd9cb9f346cdd89e24746ee2086a42
|
| SHA256 |
3c9e5ef574bd551f002954d1f3607e59e4b8b56c1e07d9f60c218ec9ce393228
|
| SHA3 |
a464b5064e4c31055c9677f615d889489549e6a4bdd31d19743d36214ac1cf23
|
| VirtualSize |
0x924
|
| VirtualAddress |
0x9000
|
| SizeOfRawData |
0xa00
|
| PointerToRawData |
0x3c00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
3.83774
|
| MD5 |
b08b2bde2a98b977349af5c8d70c9359
|
| SHA1 |
4410ee1088eb49bf40756be9e64ea1d3abfc4ece
|
| SHA256 |
5fdf05e6bce50e02b0894643fa195e8891afc6e3f917359980931d97c55c6b28
|
| SHA3 |
4c7dd858a1f8485eff695843ed877cc474e481ae451f8ebb1b36129d829ee60f
|
| VirtualSize |
0x68
|
| VirtualAddress |
0xa000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x4600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.270919
|
| MD5 |
bf619eac0cdf3f68d496ea9344137e8b
|
| SHA1 |
5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
|
| SHA256 |
076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
|
| SHA3 |
622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
|
| VirtualSize |
0x10
|
| VirtualAddress |
0xb000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x4800
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0
|
| MD5 |
e828eb3fd3110bb3ade91f7c35dd37d0
|
| SHA1 |
1c3f19498b75f10b2cae083706a3266668760029
|
| SHA256 |
e70d2a5f0d52f0fd1b1d2ca0616afc17ce78a91ab5a0d53c2cc0ba84b19aa186
|
| SHA3 |
cf36eca295362bbed03a4a92d09889a00883dfa85ea3b73bf0abd24036074444
|
| VirtualSize |
0x41128
|
| VirtualAddress |
0xc000
|
| SizeOfRawData |
0x41200
|
| PointerToRawData |
0x4a00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
7.98601
|
| KERNEL32.dll |
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetDllDirectoryA
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VerSetConditionMask
VerifyVersionInfoW
VirtualProtect
VirtualQuery
|
| msvcrt.dll |
__C_specific_handler
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_initterm
_onexit
_vsnprintf
abort
calloc
exit
fprintf
free
fwrite
malloc
mbstowcs
memcpy
realloc
setlocale
signal
strlen
strncmp
vfprintf
wcstombs
_strdup
|
| USER32.dll |
MessageBoxA
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
Latin 1 / Western European
|
| Size |
0x22f1e
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.9849
|
| Detected Filetype |
PNG graphic file
|
| MD5 |
5006ff4c72e4d8b53c79d4f85bb19b84
|
| SHA1 |
2054ed268b31134d0644ad60b6b2163dfc8cda03
|
| SHA256 |
7174dc8d5239145e93b560eb0bc5e11995c3595e6f81076281262e17919a4fc4
|
| SHA3 |
2f7c06636125862ce6d1d030b5e980ebff29cf8e4afc2840a808af46e3332cf2
|
| Type |
RT_GROUP_ICON
|
| Language |
UNKNOWN
|
| Codepage |
Latin 1 / Western European
|
| Size |
0x14
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
1.77095
|
| Detected Filetype |
Icon file
|
| MD5 |
17b37537fb0414ff2798df468acd81e7
|
| SHA1 |
87dbe612f9498dcb6d2e4c85af30627da3f3f74f
|
| SHA256 |
55e9a61508ca08998d96ce523971fe482db53ed53a3570c870e95768c0da97f9
|
| SHA3 |
5931fedd6faa2a416c6621028f2b2d51278894ab064576bd95f63b1e5f432c43
|
| StartAddressOfRawData |
0x40b000
|
| EndAddressOfRawData |
0x40b008
|
| AddressOfIndex |
0x4085fc
|
| AddressOfCallbacks |
0x40a040
|
| SizeOfZeroFill |
0
|
| Characteristics |
IMAGE_SCN_TYPE_REG
|
| Callbacks |
0x0000000000401890
0x0000000000401860
|
[!] Error: Could not read a COFF symbol.
[*] Warning: Section .bss has a size of 0!
c9207ea899f46a083bbef3fadd15e2d4eb7d0a5914925100320205b4d11feeee