d17b26cfe3137b00f61f7b8fc348d21e12164bf76bc560186886737b7713fa5e

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_NATIVE
Compilation Date 2025-Jan-03 20:20:26

Plugin Output

Suspicious The PE is possibly packed. Unusual section name found: .be0
The PE only has 6 import(s).
Info The PE is digitally signed. Signer: Microsoft Windows Hardware Compatibility Publisher
Issuer: Microsoft Windows Third Party Component CA 2014
Suspicious VirusTotal score: 1/72 (Scanned on 2026-01-03 04:34:00) APEX: Malicious

Hashes

MD5 b22bebe93f33f99cb2bd5b8fb53f4bf8
SHA1 a43b299842b1e4cc487e54d2a827ce9951d13423
SHA256 d17b26cfe3137b00f61f7b8fc348d21e12164bf76bc560186886737b7713fa5e
SHA3 6251365818e79893e690dc4298c0af208a33dec122cc5d47cb7afc70c6bb3c62
SSDeep 98304:4hzVEfGn12OKd0ZJnYSGMbG81mr3FJ1/V7oRs8joQ/cubEZmB5tv2AjJ9Ow:4h54G12NiZJj7GJJX7oRPZwUPpjJ9Ow
Imports Hash c7db48cd201a18cedf8fa64e4489317a

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2025-Jan-03 20:20:26
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x19000
SizeOfInitializedData 0x2e00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000001F000 (Section: INIT)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion A.0
ImageVersion A.0
SubsystemVersion 6.1
Win32VersionValue 0
SizeOfImage 0x780000
SizeOfHeaders 0x400
Checksum 0x782ca9
Subsystem IMAGE_SUBSYSTEM_NATIVE
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 4258bd1531a0d37a8a090cd312eb45b6
SHA1 e72c303481597d68effd5f164a8cbc6286378358
SHA256 c8e69ef076571702d6e11ab608fbccd392c9b6997100c8d3f1747d23f6778d14
SHA3 8518c457816a74d7cc78502fcde282d5c146ef4764f45f1f96fad97e46157459
VirtualSize 0x18d8f
VirtualAddress 0x1000
SizeOfRawData 0x18e00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
Entropy 7.89406

.rdata

MD5 5ee4afc92033fcb6902da426079a71c1
SHA1 d1e1a6952db0354b98d10267df522236dc38b035
SHA256 29309491edb1e9eac9b08fb8b72d4bf33f397e18965ec2c076b65a155bcd3034
SHA3 f443b573ac39fa1b2000a83a529096ad3922bd5f668eb35d067ca6176ea86f67
VirtualSize 0x1044
VirtualAddress 0x1a000
SizeOfRawData 0x1200
PointerToRawData 0x19200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
Entropy 5.36848

.data

MD5 7c97617b653df79b5424da499342c276
SHA1 4b69ddcde229c0e238f290fe17f595aec87e43f5
SHA256 f06e5e7cd798db2019c12e0c7dbc0544d46506f8f18a5553a51066b2c8aa62b7
SHA3 4f8307875585083d8542118def008fe771d3b3f93628495c0909e36cdfb685e5
VirtualSize 0x12a1
VirtualAddress 0x1c000
SizeOfRawData 0x200
PointerToRawData 0x1a400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.86217

.pdata

MD5 4f724409fc61e15969a19f854d8ca23c
SHA1 8dc96d2d525e057e739a0e8638abb9887a0fc8ad
SHA256 3ec044c226c8d8381aae88a1dab710f913da09cb29a2c55cbc47f605267bff7e
SHA3 df167b6cf03b41360cfb7ba63dc734ba419c81a925632da99c3186ecb05cfa48
VirtualSize 0x594
VirtualAddress 0x1e000
SizeOfRawData 0x600
PointerToRawData 0x1a600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
Entropy 7.43509

INIT

MD5 9d35a76df337d5e8257a3bd13db167b4
SHA1 22e5e87866f93965d6de87259a43f8a897051fce
SHA256 4fc88feafbe51b8f9acafdab903f9defc3c36e9dc13514f01da3a5aedc2200c8
SHA3 c39c4293e331d203d53fde542c011b0ee1670159bb6f4188fd4cff5fc3c35647
VirtualSize 0x1b2
VirtualAddress 0x1f000
SizeOfRawData 0x200
PointerToRawData 0x1ac00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 4.80591

.be0

MD5 2b19c921a328da66009c05bdd451c606
SHA1 e3867681f8276f0a223f9fb5581f3d83e1b17160
SHA256 0369564d989bed02ed39a7216459d99813f11797a74320241ee2818f1100b8ec
SHA3 1dd1893967fd5a9420ecdb286751fa8dc61912e90f908f8bbfdb41fe3652c979
VirtualSize 0x75eb88
VirtualAddress 0x20000
SizeOfRawData 0x75ec00
PointerToRawData 0x1ae00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
Entropy 7.49463

.reloc

MD5 82aa4a75c17a81afb22183d76070284d
SHA1 d8753b5cb9da66e66bb727a6d7ccb95a442bd77a
SHA256 37c2bf8cf085a1239a04c4b566f67cc25e894d44a27b3f5f0b8c18f888260e3d
SHA3 3a781fd25b02fc7d7ac6a9498c0ee43324045624c973bee9fb4409a53e2b561b
VirtualSize 0xd4
VirtualAddress 0x77f000
SizeOfRawData 0x200
PointerToRawData 0x779a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 1.98026

Imports

FLTMGR.SYS FltGetRoutineAddress
ntoskrnl.exe MmGetSystemRoutineAddress
__C_specific_handler
__chkstk
MmMapLockedPagesSpecifyCache
KeBugCheckEx

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

Size 0x108
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x14001c120

RICH Header

Errors

Leave a comment

No comments yet.