d7b46fe9f73ca85dc85b14cf4ed61d9a3fb7a517868861b67604afe2d416edba

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2026-Apr-19 21:51:41

Plugin Output

Info Interesting strings found in the binary: Contains domain names:
  • color.xyz
Suspicious The PE contains functions most legitimate programs don't use. Can take screenshots:
  • GetDC
  • CreateCompatibleDC
  • BitBlt
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 960b16dfad54e9625fb4e6ffa5a3b6b1
SHA1 c6250141dffbe94c3d6f6f786a76332282d935a0
SHA256 d7b46fe9f73ca85dc85b14cf4ed61d9a3fb7a517868861b67604afe2d416edba
SHA3 aa6f9d3bc62f2c8b02e688f6f57cfe53c4d74b6bce987770f4bcf9ab0ddd59ab
SSDeep 12288:Z5yIzGU/3pKGBzSan5R2Ot5sX2V6mbf+4yYGMUK2ak:Zdz9/3pKGtSQ2OQjmbtyQUK2ak
Imports Hash 30d551b77c03f4b73d052af855ae81d9

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 4
TimeDateStamp 2026-Apr-19 21:51:41
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x96c00
SizeOfInitializedData 0x6000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00000000000943A4 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x9f000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 d5742e5055166f7bcb47a5495ea56a7a
SHA1 8347123721174ad87ff8280ebc18d79372550bdb
SHA256 12ff3a36a5ba42f42d404d64960a78c1f5a80e55a2cba102db4877a5be2dd90f
SHA3 33ba84d734ddb3a3154d327604eb212c1b193a4f12bce5b726d7d8b784df1bb3
VirtualSize 0x96a4c
VirtualAddress 0x1000
SizeOfRawData 0x96c00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.53646

.data

MD5 7ace98f9310dd636f03a37761d55397d
SHA1 1890d87ff0f6187c8bdba643b05824de3a01e578
SHA256 d1a6ae2af01f59fb3194e94055cf3bbc4d2d700e3a85a92330573d79fd75e320
SHA3 4248f58efa9908bb7686cbe32a59d87d0a9cc483ad7ae67eb9340a3fd71cbd95
VirtualSize 0x37e8
VirtualAddress 0x98000
SizeOfRawData 0x2c00
PointerToRawData 0x97000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.44965

.idata

MD5 31c159d39725f2c53fe6e127ced421af
SHA1 487b723a2a14bd766294ef380c51507ab281c972
SHA256 ddf30663980cbb80337f9a05d15a044b65dbbb126b1eddd73b474ece351d850d
SHA3 26d172fd3a068e4890c39feff1fec7b11148b9ee830883c40d697c00d33b2b3b
VirtualSize 0x1c20
VirtualAddress 0x9c000
SizeOfRawData 0x1e00
PointerToRawData 0x99c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.42385

.reloc

MD5 72b9885e63e695f604facaa7e8db6763
SHA1 b511ba50d8d73ad083c7fca588ebde091e89b29e
SHA256 8895732ec884bd363915e9a6f19f6520b3eb5eee2d4a75fd359c9e64bdc2f2b3
SHA3 167dee5f3b3a2d8de285182ee387468f5f2d7de21cd46880c4c783bddcb3eb91
VirtualSize 0xa00
VirtualAddress 0x9e000
SizeOfRawData 0xa00
PointerToRawData 0x9ba00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.39262

Imports

USER32.dll SetWindowRgn
PostMessageA
MonitorFromWindow
GetMessageA
GetSystemMetrics
ShowWindow
SetWindowPos
GetDC
LoadCursorA
GetWindowRect
DispatchMessageA
MonitorFromPoint
GetIconInfo
LoadImageA
UnregisterHotKey
BeginPaint
AdjustWindowRectEx
GetWindowThreadProcessId
ScreenToClient
SetTimer
EmptyClipboard
GetWindowLongA
TrackMouseEvent
SetWindowTextA
GetMonitorInfoA
DefWindowProcA
CreateWindowExA
SetLayeredWindowAttributes
TranslateMessage
SendMessageA
SetCursor
LoadIconA
SystemParametersInfoA
GetClientRect
IsZoomed
UpdateLayeredWindow
PostQuitMessage
RegisterClassExA
UpdateWindow
ReleaseCapture
InvalidateRect
RegisterClipboardFormatA
ReleaseDC
GetCursorPos
EndPaint
GDI32.dll DeleteDC
GetObjectA
SwapBuffers
DeleteObject
ChoosePixelFormat
GetPixel
GetDeviceCaps
GetDIBits
CreateRoundRectRgn
CreateCompatibleDC
CreateDIBSection
SelectObject
CreateCompatibleBitmap
BitBlt
SetPixelFormat
OPENGL32.dll wglGetProcAddress
wglMakeCurrent
wglCreateContext
SHELL32.dll DragAcceptFiles
DragFinish
DragQueryFileA
MSVCP140.dll ?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
KERNEL32.dll GlobalUnlock
SetProcessWorkingSetSize
GlobalLock
GetWindowsDirectoryA
CloseHandle
RtlCaptureContext
GlobalSize
GetTickCount64
OutputDebugStringA
GetCurrentProcess
GetModuleFileNameA
SetUnhandledExceptionFilter
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GlobalAlloc
VCRUNTIME140.dll __C_specific_handler
__std_exception_destroy
memmove
memcpy
__std_exception_copy
memset
strstr
memcmp
_CxxThrowException
__current_exception
__current_exception_context
VCRUNTIME140_1.dll __CxxFrameHandler4
api-ms-win-crt-stdio-l1-1-0.dll fread
__acrt_iob_func
feof
fopen_s
_set_fmode
fwrite
__p__commode
__stdio_common_vfprintf
__stdio_common_vsscanf
fseek
ftell
fclose
fopen
__stdio_common_vsprintf
api-ms-win-crt-math-l1-1-0.dll cosf
_dtest
__setusermatherr
nan
sinf
atan2f
sqrt
pow
sin
round
cos
ldexp
fabs
acosf
floorf
floor
fmod
tan
ceilf
expf
sqrtf
trunc
log
ceil
api-ms-win-crt-runtime-l1-1-0.dll _c_exit
_register_onexit_function
_initialize_onexit_table
_errno
_initialize_narrow_environment
_get_narrow_winmain_command_line
_exit
_crt_atexit
terminate
abort
_configure_narrow_argv
exit
_initterm_e
_cexit
_seh_filter_exe
_set_app_type
_initterm
_invoke_watson
_register_thread_local_exe_atexit_callback
_wassert
api-ms-win-crt-convert-l1-1-0.dll strtoul
strtol
strtod
strtof
api-ms-win-crt-utility-l1-1-0.dll abs
_lrotl
rand
api-ms-win-crt-string-l1-1-0.dll toupper
wcslen
tolower
strlen
strncmp
isalnum
isxdigit
strncpy
strcmp
isalpha
isdigit
strcpy
isspace
api-ms-win-crt-heap-l1-1-0.dll _set_new_mode
malloc
free
_callnewh
realloc
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2026-Apr-19 21:51:41
Version 0.0
SizeofData 740
AddressOfRawData 0x15448
PointerToRawData 0x14848

TLS Callbacks

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140098040

RICH Header

XOR Key 0x347e9bb5
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 16
ASM objects (35207) 4
C objects (35207) 10
C++ objects (35207) 30
Imports (35207) 6
Imports (33145) 11
Total imports 200
C++ objects (LTCG) (35225) 1
Linker (35225) 1

Errors

Leave a comment

No comments yet.