d73db487c9aaff0e80fd135a237e8e48d1445479bf3520fa6286f688fd6dad67

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2026-Apr-30 07:55:06
Detected languages English - United States

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Suspicious Strings found in the binary may indicate undesirable behavior: Miscellaneous malware strings:
  • cmd.exe
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
 Possibly launches other programs:
  • CreateProcessW
 Leverages the raw socket API to access the Internet:
  • ntohs
  • htons
  • closesocket
  • select
  • getaddrinfo
  • send
  • socket
  • connect
  • recv
  • freeaddrinfo
  • WSACleanup
  • WSAStartup
 Enumerates local disk drives:
  • GetDriveTypeA
  • GetLogicalDriveStringsA
Malicious VirusTotal score: 8/70 (Scanned on 2026-05-07 09:36:50) APEX: Malicious
Bkav: W32.Malware.A7CCDEF9
CrowdStrike: win/grayware_confidence_60% (D)
Cylance: Unsafe
Cynet: Malicious (score: 100)
McAfeeD: Real Protect-LS!235E2768DC15
Sophos: Generic ML PUA (PUA)
Trapmine: suspicious.low.ml.score

Hashes

MD5 235e2768dc153b0513b98d9ef2f258ae
SHA1 4dac244997a3688196060365cca004fe16f60aed
SHA256 d73db487c9aaff0e80fd135a237e8e48d1445479bf3520fa6286f688fd6dad67
SHA3 746b83ad2c48c0468227a7c806aece47e791ba0a7672e4990f81d8dddbcf9142
SSDeep 6144:wLapueSyzHUEjSWIPWIauz6H7UCpUspLZWkXy9ceRtzbX7qqZ/KtOsOlAOrB:sapueSyzHUgSWIPWIauz6H73UspLZWk
Imports Hash b5d2c447a302d717d76a837d91647475

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 7
TimeDateStamp 2026-Apr-30 07:55:06
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x44600
SizeOfInitializedData 0x38a00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00009C1A (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x46000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x82000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 eca3b9735c688a5128fabb1785828472
SHA1 cdc7365dcae7e6df58e1f9d2d0982d31a5e93393
SHA256 7d52844769c994f44d55f854054c9c8e809bb8114751b5eb9556ce2596a7df9c
SHA3 2895a0d4feeab84fe399ab3b4b6bd6ecfcd3058c5feada1ce996c9f80bbf04e1
VirtualSize 0x444c3
VirtualAddress 0x1000
SizeOfRawData 0x44600
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.65194

.rdata

MD5 cb0efb84338f7565de715f36303e370a
SHA1 350f5c981e287868f894b8c606e1051bc5912e77
SHA256 b2cf7fb55f98772a46090e07c7faa41fc350ccc307ef5c1981d898dba103255f
SHA3 3d7164044fd86405158684b1b3adb5ceef49b84d6f9c30fb5b061939ec03c048
VirtualSize 0x11cb4
VirtualAddress 0x46000
SizeOfRawData 0x11e00
PointerToRawData 0x44a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.37488

.data

MD5 01e56ee2f4c2540327a577d4390b0932
SHA1 4a9f25cccf48841bc91cd39c7f786ea870cdae12
SHA256 8fb84d7e07c254524552d102c0e14e221c30355e71a6fb2dbeca8de5aab01288
SHA3 d2b5a3bec39ed407a752ef1da77fa800fc72a2fee2e89b306684268f963e5201
VirtualSize 0x226dc
VirtualAddress 0x58000
SizeOfRawData 0x1800
PointerToRawData 0x56800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.04071

.tls

MD5 1f354d76203061bfdd5a53dae48d5435
SHA1 aa0d33a0c854e073439067876e932688b65cb6a9
SHA256 4c6474903705cb450bb6434c29e8854f17d8324efca1fdb9ee9008599060883a
SHA3 991fbbd46bbd69198269fe6c247d440e0f8a7d38259b7a1e04b74790301d1d2b
VirtualSize 0x9
VirtualAddress 0x7b000
SizeOfRawData 0x200
PointerToRawData 0x58000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.0203931

.gfids

MD5 8692603dbcd53594ebbc6c04faec7a52
SHA1 634684cfbd52f221b6eac22d359403cc4d2dbba1
SHA256 071ef01b3f3fb5044be78c17773867ea9ec2c2bf78e182ed035fc4fd20434458
SHA3 8c07dce62c6693367f0015471ea3bbcc2da1638861599bf78e13fb9ceaa23db9
VirtualSize 0x7bc
VirtualAddress 0x7c000
SizeOfRawData 0x800
PointerToRawData 0x58200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.01566

.rsrc

MD5 5fcefbf8ca00d90307acdcd0df127502
SHA1 d449d402b89fcad46bc576b9a5a45855a8204f34
SHA256 d0d344a333e6cf80fe9d8693d93f4ebc906fdae504e3e8341c3bb7f5de2d0da9
SHA3 36930fb8993086277cf886139453d9c3b871ddcc374a67190397a83e918acb22
VirtualSize 0x1e0
VirtualAddress 0x7d000
SizeOfRawData 0x200
PointerToRawData 0x58a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.71768

.reloc

MD5 532270e975d6fbd99863b0872687b029
SHA1 235853f5a72c2624dfaef41796e8c1790a82f5d3
SHA256 59958b27add960658eb8a4f8a0b190b00a672cefe239344fde463bd67bf8e80b
SHA3 7a9e7b4141c24539738231049719d0e9889c0a755ff9f605c1ff30b31fcf8c7e
VirtualSize 0x373c
VirtualAddress 0x7e000
SizeOfRawData 0x3800
PointerToRawData 0x58c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.58204

Imports

KERNEL32.dll GetDriveTypeA
MultiByteToWideChar
Sleep
CloseHandle
WideCharToMultiByte
GetDiskFreeSpaceExA
GetLastError
GetLogicalDriveStringsA
CreateMutexW
HeapSize
FlushFileBuffers
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetEndOfFile
SetFilePointerEx
FormatMessageW
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
DecodePointer
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
FreeLibrary
LoadLibraryExW
RaiseException
RtlUnwind
DuplicateHandle
CreateProcessW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
SetEnvironmentVariableA
SetEnvironmentVariableW
HeapAlloc
HeapReAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
ReadFile
GetConsoleMode
ReadConsoleW
WaitForSingleObject
GetExitCodeProcess
CreatePipe
GetConsoleCP
GetTimeZoneInformation
FindFirstFileExA
WriteConsoleW
IPHLPAPI.DLL GetNetworkParams
GetAdaptersInfo
WS2_32.dll ntohs
htons
closesocket
select
getaddrinfo
send
socket
connect
recv
freeaddrinfo
WSACleanup
WSAStartup

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2026-Apr-30 07:55:06
Version 0.0
SizeofData 940
AddressOfRawData 0x549d0
PointerToRawData 0x533d0

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2026-Apr-30 07:55:06
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

StartAddressOfRawData 0x47b000
EndAddressOfRawData 0x47b008
AddressOfIndex 0x459ab0
AddressOfCallbacks 0x446210
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0x5c
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x45800c
SEHandlerTable 0x4547f0
SEHandlerCount 120

RICH Header

XOR Key 0x452cedd1
Unmarked objects 0
241 (40116) 13
243 (40116) 166
242 (40116) 29
ASM objects (VS2015 UPD3 build 24123) 23
C++ objects (VS2015 UPD3 build 24123) 55
C objects (VS2015 UPD3 build 24123) 34
Imports (65501) 7
Total imports 137
C++ objects (LTCG) (VS2015 UPD3.1 build 24215) 5
Resource objects (VS2015 UPD3 build 24210) 1
Linker (VS2015 UPD3.1 build 24215) 1

Errors

Leave a comment

No comments yet.