cccbcca8a9710bf7d0cb92611404ce3c389f5a127f7099de4a171fa26270efda

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2026-May-28 17:25:05

Plugin Output

Info Cryptographic algorithms detected in the binary: Uses known Mersenne Twister constants
Suspicious The PE is possibly packed. Unusual section name found: .fptable
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
Malicious VirusTotal score: 4/65 (Scanned on 2026-06-12 02:09:20) APEX: Malicious
CrowdStrike: win/malicious_confidence_90% (D)
Cynet: Malicious (score: 100)
TrendMicro-HouseCall: Trojan.Win64.Gen.TL0101ET26YF

Hashes

MD5 6b0f46c24f142b226091707fef4de191
SHA1 a9cc189de86fb3e2c305e608debfd664c1d10d29
SHA256 cccbcca8a9710bf7d0cb92611404ce3c389f5a127f7099de4a171fa26270efda
SHA3 5a7e3c6067036cf98531896c62e4d928e057438399f2becf9099c901361ca4a4
SSDeep 6144:9NOZpnPyjX9/lFrGCv0snyA5wRdZHnkMlJq9p3u:9InPkX99FlnWZnTi3
Imports Hash b72496a376e2133d052497ced8ef36aa

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2026-May-28 17:25:05
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x46800
SizeOfInitializedData 0x1f000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000002D370 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x180000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x6a000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 5c8368e4043fef4a4725c0481d0bce0b
SHA1 b9110d575109558c7e93888b8e107d499077a8d9
SHA256 33c7ef421616cdd0184c05df6aadecd5bcb41c27dcb3dfe7d87e9f7b72b0eb08
SHA3 2bf82eb8009a4dd6b4642128d68ebad42248f6376f19ea332d5fc6fb011459f6
VirtualSize 0x46786
VirtualAddress 0x1000
SizeOfRawData 0x46800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.60288

.rdata

MD5 87c58d3972a024580bb013619cc10be2
SHA1 a972834db9564861b2030285bf1785945c17860c
SHA256 c9e084014760e9044507af88ff41c09e11f9e64063db6d62ffeebf397f3fcf6b
SHA3 de4b1f2cbbf7f26d30045409f276dfde3b2a764be4d0b5216cd2f5867766ce47
VirtualSize 0x133dc
VirtualAddress 0x48000
SizeOfRawData 0x13400
PointerToRawData 0x46c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.61223

.data

MD5 3ff02ee920fbf4ad1549ee23e5d59ade
SHA1 1fa5df68248c6971e7b8080edd39ce35d09a949b
SHA256 ab9fc4e7b3b48eea1f2d74d6e1059f49a81cff71394ab0fe35bed63be501855c
SHA3 d5727e3d04082ba9c88fa298207ccb2877d730888ccd7fb96522f60c2aa6e07d
VirtualSize 0x7604
VirtualAddress 0x5c000
SizeOfRawData 0x1e00
PointerToRawData 0x5a000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.03007

.pdata

MD5 ba2ac1bc4c81aa663ad478c4c8b751df
SHA1 9b9bb123b753efa03734ca3c72852c87f0b7f22a
SHA256 8df5d3b5776902da673a6ea1e942481001673ac9803fb145997e5a7e49a32208
SHA3 5886178943370caa3c491c2381f643d3df9213d4db9addaff47bb8a7b1f28982
VirtualSize 0x3918
VirtualAddress 0x64000
SizeOfRawData 0x3a00
PointerToRawData 0x5be00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.59916

.fptable

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x100
VirtualAddress 0x68000
SizeOfRawData 0x200
PointerToRawData 0x5f800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.reloc

MD5 1ae117ee4cf7dab4189782f2f2410a1b
SHA1 3e8b59028355b618633fe2e3642f415726a30422
SHA256 0ddad49f9e5faad90f419c2b8f7f3c82a37a16a0dd98dd38a74f471534427421
SHA3 8f228bbaa01dfee1d9cd15b625adcda846f311496925aacb2b2fab639fb3a198
VirtualSize 0x714
VirtualAddress 0x69000
SizeOfRawData 0x800
PointerToRawData 0x5fa00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.13263

Imports

KERNEL32.dll GetModuleHandleW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetModuleHandleExA
DisableThreadLibraryCalls
GetProcAddress
SetLastError
GetPrivateProfileIntW
GetFileAttributesW
GetPrivateProfileStringW
WriteConsoleW
CreateFileW
FlushInstructionCache
SetThreadPriority
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
WakeAllConditionVariable
SleepConditionVariableSRW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
InitOnceComplete
InitOnceBeginInitialize
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
GetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionEx
VirtualProtect
LCMapStringW
GetProcessHeap
SetFilePointerEx
GetStringTypeW
SetStdHandle
HeapSize
HeapReAlloc
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
CloseHandle
XINPUT9_1_0.dll XInputGetState
DINPUT8.dll DirectInput8Create

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2026-May-28 17:25:05
Version 0.0
SizeofData 912
AddressOfRawData 0x55b20
PointerToRawData 0x54720

TLS Callbacks

StartAddressOfRawData 0x180055ef8
EndAddressOfRawData 0x180055f00
AddressOfIndex 0x18005e36c
AddressOfCallbacks 0x180048360
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x18005d200

RICH Header

XOR Key 0x6b8317c7
Unmarked objects 0
C objects (33145) 12
ASM objects (33145) 8
ASM objects (35207) 12
C objects (35207) 15
C++ objects (35207) 42
C++ objects (33145) 139
C objects (CVTCIL) (33145) 1
Imports (33145) 7
Total imports 109
C++ objects (LTCG) (35225) 13
ASM objects (35225) 1
Linker (35225) 1

Errors

Leave a comment

No comments yet.