d328c59733c4953ca4a923ccf04b37a4de8839e54d9e8901730797311c7ab6b8

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2019-Apr-19 09:30:25

Plugin Output

Suspicious The PE is packed with mpress Unusual section name found: .MPRESS1
Section .MPRESS1 is both writable and executable.
Unusual section name found: .MPRESS2
Section .MPRESS2 is both writable and executable.
The PE only has 3 import(s).
Info The PE contains common functions which appear in legitimate applications. Can access the registry:
  • RegCloseKey
Suspicious The file contains overlay data. 1 bytes of data starting at offset 0xc00.
Malicious VirusTotal score: 3/71 (Scanned on 2026-04-23 19:16:44) Cynet: Malicious (score: 100)
Malwarebytes: Malware.Heuristic.2126
SentinelOne: Static AI - Suspicious PE

Hashes

MD5 4f1ba0bef9467b2525ec453792461b31
SHA1 799fded6489ad4df7d3459cc3bb7ef167c04da6c
SHA256 d328c59733c4953ca4a923ccf04b37a4de8839e54d9e8901730797311c7ab6b8
SHA3 d2118e2805708b7be77e61b612ea8342fee77a71a7fc18ca9e9f662a22e5ad89
SSDeep 48:2gKuUD8urCPFNSPxsk2yekfqtOasNqpyJsHcujqxt:2gKuUDbEFNSJtrytOas4pYuWx
Imports Hash 7b3faf2fc1aa544a49b368ac163ea8c3

DOS Header

e_magic MZ
e_cblp 0x40
e_cp 0x1
e_crlc 0
e_cparhdr 0x2
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0xb400
e_oeminfo 0xcd09
e_lfanew 0x40

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 2
TimeDateStamp 2019-Apr-19 09:30:25
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x400
SizeOfInitializedData 0xc00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000006120 (Section: .MPRESS2)
BaseOfCode 0x1000
ImageBase 0x180000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x7000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.MPRESS1

MD5 40ee287cdc7e4fec54d9d802b0509aa1
SHA1 75d305d476555d015893360a6f38d9ded554679f
SHA256 c85ec332501a704a4b1590e9792b8649051f60766f137e564ae8e1ae9e977e77
SHA3 efa98256042c393c6e3376b4989c9ecd6f0534abcf9cc6c23ac95d488e0c624e
VirtualSize 0x5000
VirtualAddress 0x1000
SizeOfRawData 0x400
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.95336

.MPRESS2

MD5 c14bf59fb5a8a3f2b15124910e1e271d
SHA1 6ba4a691c3ce5f88051b592149e7b31cc7487706
SHA256 84909c8688594757e925b3fa0039e529962cb3fef771e6294f20c12fdf2500be
SHA3 e9fa9f5be8844a1e08e6e379edaf4b6552b719b181c850156047565fb40e5864
VirtualSize 0x49b
VirtualAddress 0x6000
SizeOfRawData 0x600
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.06044

Imports

KERNEL32 GetModuleHandleA
GetProcAddress
ADVAPI32.dll RegCloseKey

Delayed Imports

ProteinDLL_Hibernate

Ordinal 1
Address 0x1240

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.