| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2026-Jun-30 00:58:56 |
| Detected languages |
English - United States
|
| Info | Interesting strings found in the binary: |
Contains domain names:
|
| Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to RC5 or RC6 |
| Suspicious | The PE is possibly packed. | Unusual section name found: .fptable |
| Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
| Malicious | VirusTotal score: 6/68 (Scanned on 2026-06-30 21:58:53) |
APEX:
Malicious
Bkav: W32.Malware.2EC0F47F CrowdStrike: win/malicious_confidence_90% (D) McAfeeD: ti!CBF27EAE1405 Microsoft: Program:Win32/Wacapew.C!ml Symantec: ML.Attribute.HighConfidence |
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x108 |
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections | 7 |
| TimeDateStamp | 2026-Jun-30 00:58:56 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xf0 |
| Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
| Magic | PE32+ |
|---|---|
| LinkerVersion | 14.0 |
| SizeOfCode | 0xc0600 |
| SizeOfInitializedData | 0xfc000 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x000000000009B1A8 (Section: .text) |
| BaseOfCode | 0x1000 |
| ImageBase | 0x140000000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 6.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 6.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x1c2000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
| d3d11.dll |
D3D11CreateDeviceAndSwapChain
|
|---|---|
| dwmapi.dll |
DwmExtendFrameIntoClientArea
|
| D3DCOMPILER_47.dll |
D3DCompile
|
| WINMM.dll |
timeBeginPeriod
|
| KERNEL32.dll |
CreateFileW
HeapSize SetStdHandle GetModuleFileNameA OpenProcess CreateToolhelp32Snapshot Sleep Process32NextW Process32FirstW CloseHandle FreeConsole Module32FirstW ReadProcessMemory Module32NextW lstrcmpiW AllocConsole lstrcmpW GetModuleHandleW QueryPerformanceFrequency QueryPerformanceCounter CreateFileA GetFileSizeEx ReadFile HeapAlloc HeapReAlloc HeapFree GetProcessHeap MapViewOfFile SetEndOfFile CreateFileMappingA SetEnvironmentVariableW FreeEnvironmentStringsW GetEnvironmentStringsW GetCommandLineW GetCommandLineA GetOEMCP GetACP IsValidCodePage FindNextFileW FindFirstFileExW FindClose ReadConsoleW GetConsoleMode GetConsoleOutputCP FlushFileBuffers SetFilePointerEx GetFileType LCMapStringW CompareStringW VirtualProtect UnmapViewOfFile FlsFree FlsSetValue FlsGetValue GetCurrentThreadId ReleaseSRWLockExclusive AcquireSRWLockExclusive TryAcquireSRWLockExclusive SleepConditionVariableSRW WaitForSingleObjectEx GetExitCodeThread InitializeCriticalSectionEx GetSystemTimeAsFileTime WriteConsoleW GetProcAddress WakeAllConditionVariable EnterCriticalSection LeaveCriticalSection DeleteCriticalSection EncodePointer DecodePointer MultiByteToWideChar WideCharToMultiByte GetStringTypeW GetCPInfo RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind UnhandledExceptionFilter SetUnhandledExceptionFilter GetCurrentProcess TerminateProcess IsProcessorFeaturePresent IsDebuggerPresent GetStartupInfoW GetCurrentProcessId InitializeSListHead RtlUnwindEx RtlPcToFileHeader RaiseException GetLastError SetLastError RtlUnwind InitializeCriticalSectionAndSpinCount TlsAlloc TlsGetValue TlsSetValue TlsFree FreeLibrary LoadLibraryExW CreateThread ExitThread FreeLibraryAndExitThread GetModuleHandleExW ExitProcess GetModuleFileNameW GetStdHandle WriteFile FlsAlloc |
| USER32.dll |
SetWindowLongW
TranslateMessage EnumWindows mouse_event DefWindowProcW DestroyWindow SetWindowPos CreateWindowExW GetSystemMetrics UnregisterClassW RegisterClassExW ShowWindow ClientToScreen SetWindowDisplayAffinity GetForegroundWindow SetLayeredWindowAttributes LoadCursorW GetClientRect PeekMessageW UpdateWindow IsIconic GetWindowLongW GetWindowThreadProcessId IsWindowVisible IsWindow GetAsyncKeyState DispatchMessageW PostQuitMessage |
| GDI32.dll |
GetStockObject
|
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2026-Jun-30 00:58:56 |
| Version | 0.0 |
| SizeofData | 1052 |
| AddressOfRawData | 0xeeb28 |
| PointerToRawData | 0xed528 |
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2026-Jun-30 00:58:56 |
| Version | 0.0 |
| SizeofData | 0 |
| AddressOfRawData | 0 |
| PointerToRawData | 0 |
| StartAddressOfRawData | 0x1400eef90 |
|---|---|
| EndAddressOfRawData | 0x1400eef98 |
| AddressOfIndex | 0x140154ccc |
| AddressOfCallbacks | 0x1400c2590 |
| SizeOfZeroFill | 0 |
| Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
| Callbacks | (EMPTY) |
| Size | 0x140 |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0 |
| EditList | 0 |
| SecurityCookie | 0x1400fedc0 |
| XOR Key | 0xe65b22ee |
|---|---|
| Unmarked objects | 0 |
| C objects (35222) | 26 |
| ASM objects (35222) | 22 |
| 253 (35207) | 1 |
| ASM objects (35207) | 12 |
| C objects (35207) | 18 |
| C++ objects (35207) | 92 |
| C objects (35216) | 26 |
| C++ objects (35222) | 182 |
| Imports (35222) | 17 |
| Total imports | 187 |
| C++ objects (LTCG) (35228) | 9 |
| Resource objects (35228) | 1 |
| Linker (35228) | 1 |
No comments yet.