cbf27eae140570703ffc98946dbb16779fb68993fd400df86fe38c3e8523f50f

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2026-Jun-30 00:58:56
Detected languages English - United States

Plugin Output

Info Interesting strings found in the binary: Contains domain names:
  • acutedotcomb.cn
  • breveacutecomb.cn
  • brevegravecomb.cn
  • brevetildecomb.cn
  • circumflexacutecomb.cn
  • circumflexgravecomb.cn
  • circumflexhookcomb.cn
  • circumflextildecomb.cn
  • commaaccentright.cn
  • commaaccentrotate.cn
  • github.com
  • https://github.com
  • https://openfontlicense.orgThis
  • https://openfontlicense.orghttps
  • https://rsms.me
  • macrondieresiscomb.cn
  • tildecross.cn
  • tonos.top
  • uni02E5.cn
  • uni02E6.cn
  • uni02E7.cn
  • uni02E8.cn
  • uni02E9.cn
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Uses constants related to RC5 or RC6
Suspicious The PE is possibly packed. Unusual section name found: .fptable
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
Functions which can be used for anti-debugging purposes:
  • CreateToolhelp32Snapshot
Uses functions commonly found in keyloggers:
  • GetForegroundWindow
  • GetAsyncKeyState
Manipulates other processes:
  • OpenProcess
  • Process32NextW
  • Process32FirstW
  • ReadProcessMemory
Malicious VirusTotal score: 6/68 (Scanned on 2026-06-30 21:58:53) APEX: Malicious
Bkav: W32.Malware.2EC0F47F
CrowdStrike: win/malicious_confidence_90% (D)
McAfeeD: ti!CBF27EAE1405
Microsoft: Program:Win32/Wacapew.C!ml
Symantec: ML.Attribute.HighConfidence

Hashes

MD5 c3ac4fd3c7b067bf331977172a7f6c40
SHA1 e73716e8f8fa34fccaa6656e6dd111c25aeda963
SHA256 cbf27eae140570703ffc98946dbb16779fb68993fd400df86fe38c3e8523f50f
SHA3 0ca4bfb919343c66ea58916d36f7bf6079f34fa0a402a9f314164a179e01d436
SSDeep 24576:6BOihIXa/Ck0M8WMd2DRbHIKx6mO08ZKC0mL1:6BOGIXQfMUDxbxBOkrmL
Imports Hash f03f53bb2f2cc761da41a715a75cef12

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x108

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2026-Jun-30 00:58:56
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0xc0600
SizeOfInitializedData 0xfc000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000009B1A8 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x1c2000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 60bf07755cb1511b00e6175106744be1
SHA1 bf72815dc2c0fa8881d18d4333809afa5b63615f
SHA256 c6c095be44b9cd98bf2017e7ad2c9f0e75665596784f1d6a65b1006c3fff35cc
SHA3 3fcc58d5492d3a99a0188c173456bb6389fae0fab0ba81f5e54fe979bc358363
VirtualSize 0xc05d4
VirtualAddress 0x1000
SizeOfRawData 0xc0600
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.53306

.rdata

MD5 403975f544625fe510de81cdc5a74269
SHA1 ba8ed9360986fb8a85b6e86e5d570459bf4855ef
SHA256 fe687fad1b65add4409ba5b964557280a5877cb14897e0824e22f10bd14b4920
SHA3 fa47cf10b983f5905c676b22d6cd984a4f28d1a1368875e403cd52032733beb0
VirtualSize 0x3af6a
VirtualAddress 0xc2000
SizeOfRawData 0x3b000
PointerToRawData 0xc0a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.994

.data

MD5 b87137b6a0c856de0a81e77471a291f5
SHA1 db4706e86ade0f99fb429b12309d0c0e20328b4c
SHA256 697489ac39ea362e5065a7cae76fc54903ee1ce223c6847292d1fc13418d0fac
SHA3 a6f1e57fd36f53f857b1a241dd83dce2e0871382e114bb9ab576ec87bd72db35
VirtualSize 0xb60ac
VirtualAddress 0xfd000
SizeOfRawData 0x57000
PointerToRawData 0xfba00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.15866

.pdata

MD5 06b815d5fa168eed3611d52182d27e21
SHA1 3f2330af66dc6b02b69b3aaba76f1f4deab4c97f
SHA256 c2182c999182dcc0bc4e9d0055d0ac3df220d88b4fb9b0eb202b034a7d21f149
SHA3 fa576f2a4e69d98b102514100d7e899132bce88a1c537d86f40b3ff91540ad0e
VirtualSize 0x95dc
VirtualAddress 0x1b4000
SizeOfRawData 0x9600
PointerToRawData 0x152a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.07367

.fptable

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x100
VirtualAddress 0x1be000
SizeOfRawData 0x200
PointerToRawData 0x15c000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.rsrc

MD5 4446c9d4e3d09168df4e84a01dad44c2
SHA1 16a2be1ea6a2fc7d06c430f1ed1150a0962e6c77
SHA256 464e5c9707fa9d095624ac4bcd525e82a17707d9ec2affb561739192fa54aeb6
SHA3 8610f10498a7b2572316b9b4ca30dd9e9d147751d8f2056d75eea74b9b3eb97d
VirtualSize 0x1e8
VirtualAddress 0x1bf000
SizeOfRawData 0x200
PointerToRawData 0x15c200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.77204

.reloc

MD5 81fc60dcf10ad608775d100996616003
SHA1 6200e057bebd2b4f682c204f5449388b9e51d6e2
SHA256 86016815742789360edb4ebd661542b7a3f002519bc6ef2208663f1e43061446
SHA3 9027761c9da02fadee4c71f36c8ec74a08880ffb52acb2aac0ced5321158a994
VirtualSize 0x1334
VirtualAddress 0x1c0000
SizeOfRawData 0x1400
PointerToRawData 0x15c400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.39623

Imports

d3d11.dll D3D11CreateDeviceAndSwapChain
dwmapi.dll DwmExtendFrameIntoClientArea
D3DCOMPILER_47.dll D3DCompile
WINMM.dll timeBeginPeriod
KERNEL32.dll CreateFileW
HeapSize
SetStdHandle
GetModuleFileNameA
OpenProcess
CreateToolhelp32Snapshot
Sleep
Process32NextW
Process32FirstW
CloseHandle
FreeConsole
Module32FirstW
ReadProcessMemory
Module32NextW
lstrcmpiW
AllocConsole
lstrcmpW
GetModuleHandleW
QueryPerformanceFrequency
QueryPerformanceCounter
CreateFileA
GetFileSizeEx
ReadFile
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
MapViewOfFile
SetEndOfFile
CreateFileMappingA
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
GetFileType
LCMapStringW
CompareStringW
VirtualProtect
UnmapViewOfFile
FlsFree
FlsSetValue
FlsGetValue
GetCurrentThreadId
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
SleepConditionVariableSRW
WaitForSingleObjectEx
GetExitCodeThread
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
WriteConsoleW
GetProcAddress
WakeAllConditionVariable
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
GetLastError
SetLastError
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
WriteFile
FlsAlloc
USER32.dll SetWindowLongW
TranslateMessage
EnumWindows
mouse_event
DefWindowProcW
DestroyWindow
SetWindowPos
CreateWindowExW
GetSystemMetrics
UnregisterClassW
RegisterClassExW
ShowWindow
ClientToScreen
SetWindowDisplayAffinity
GetForegroundWindow
SetLayeredWindowAttributes
LoadCursorW
GetClientRect
PeekMessageW
UpdateWindow
IsIconic
GetWindowLongW
GetWindowThreadProcessId
IsWindowVisible
IsWindow
GetAsyncKeyState
DispatchMessageW
PostQuitMessage
GDI32.dll GetStockObject

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x188
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.89623
MD5 b8e76ddb52d0eb41e972599ff3ca431b
SHA1 fc12d7ad112ddabfcd8f82f290d84e637a4d62f8
SHA256 165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8
SHA3 37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2026-Jun-30 00:58:56
Version 0.0
SizeofData 1052
AddressOfRawData 0xeeb28
PointerToRawData 0xed528

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2026-Jun-30 00:58:56
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

StartAddressOfRawData 0x1400eef90
EndAddressOfRawData 0x1400eef98
AddressOfIndex 0x140154ccc
AddressOfCallbacks 0x1400c2590
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x1400fedc0

RICH Header

XOR Key 0xe65b22ee
Unmarked objects 0
C objects (35222) 26
ASM objects (35222) 22
253 (35207) 1
ASM objects (35207) 12
C objects (35207) 18
C++ objects (35207) 92
C objects (35216) 26
C++ objects (35222) 182
Imports (35222) 17
Total imports 187
C++ objects (LTCG) (35228) 9
Resource objects (35228) 1
Linker (35228) 1

Errors

Leave a comment

No comments yet.