e7da212b18748fcf7c6e0d96c64eb5e28f8efbfa85dcb745cbec295ff0ca68cc

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2026-Apr-23 08:17:57
TLS Callbacks 1 callback(s) detected.
Debug artifacts payload.pdb

Plugin Output

Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 0b0d6fa68565f6718ae125743d9aa34e
SHA1 8c11357a0ad79df97315cda0a66023879428f173
SHA256 e7da212b18748fcf7c6e0d96c64eb5e28f8efbfa85dcb745cbec295ff0ca68cc
SHA3 dd2ba1a9b2f63e8b6ed8e6e554fb992490bd45bd350b2462eea9d9c3637ed2c2
SSDeep 1536:FJGhvuKN5gWRlL/qauYNV/eJshywHm1iGBMkFS8eo587/qi/i5dWCjOk/C3n:FuZ5gWRlL/Degyym15io58zzPk63
Imports Hash 324b502abae0baaef5f4841ee203e7d8

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 5
TimeDateStamp 2026-Apr-23 08:17:57
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x17c00
SizeOfInitializedData 0xa600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000017124 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x180000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x26000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 5d03d2c5e9fe018163f2d4f12b1b004a
SHA1 677016c070b8797d9ece9898aa8eb91d3396297e
SHA256 1515cd102965317bfd3761c6d45036b0f366e1e47cf4efb0aa526c1de3a21a99
SHA3 4790b22063164a479c4dd76668508f040bfc7153afc5089d929cee115f2b8a36
VirtualSize 0x17b40
VirtualAddress 0x1000
SizeOfRawData 0x17c00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.33414

.rdata

MD5 8e5300f2ec8a76f1e7e19d9967779c8f
SHA1 e2fd7adb57d94d570b94b6c2818d53951e324f3a
SHA256 4bc9ff1705c38a4eefae5f797d7d39725dde9cf92b514d5a4f7a887f9b6440b7
SHA3 3694cb5ac905137a667281f47bf469cec66d149c5ca1f8c2b056f47bfa3f97bf
VirtualSize 0x88f4
VirtualAddress 0x19000
SizeOfRawData 0x8a00
PointerToRawData 0x18000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.46282

.data

MD5 ed11807130aa65bb38c3a1fc6c4c2ed9
SHA1 31cd7d87bcf0b1b1a3e3e915af5ba8c3e4f611f4
SHA256 f22431e8aa8ee5ff8000fa1fd73e664751ca3b02ffa40bf1566831c999b6b0ec
SHA3 1a689c473f72cabdf8715718be6c439094d540580cc317840bfab1ce24b45ef3
VirtualSize 0x270
VirtualAddress 0x22000
SizeOfRawData 0x200
PointerToRawData 0x20a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.27305

.pdata

MD5 baf129409cf0be46c4f94577124975d0
SHA1 f7ca1bf8f9ea2400222b2f80da47a071daabc753
SHA256 83f8ed80d188f9b87e8368e960506d8020048879b1201dea71d31a3d6efa2388
SHA3 920a195401d6bb9ce74a8fa0644952b6a9eb957d579a2bf587b2431c1793e8f6
VirtualSize 0x126c
VirtualAddress 0x23000
SizeOfRawData 0x1400
PointerToRawData 0x20c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.90898

.reloc

MD5 f666ab95b2e20859886c486f8ee7e143
SHA1 1edc5d6e067c0f6126c500619d9429b79dd2f736
SHA256 05fc71be144fc6df9c25a5a647ebc327da6f359e7b922cc2c81c3bcbdfebac56
SHA3 ad03f4b23917778a850e7837eba2bfad89d299667769e28b1e4aa7aab83fb53c
VirtualSize 0x228
VirtualAddress 0x25000
SizeOfRawData 0x400
PointerToRawData 0x22000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 3.65003

Imports

kernel32.dll IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
CloseHandle
CreateThread
user32.dll MessageBoxW
api-ms-win-core-synch-l1-2-0.dll WakeByAddressSingle
WaitOnAddress
WakeByAddressAll
KERNEL32.dll UnhandledExceptionFilter
InitializeSListHead
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThreadId
QueryPerformanceCounter
GetProcessHeap
HeapFree
HeapReAlloc
lstrlenW
GetCurrentProcess
GetProcAddress
WideCharToMultiByte
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
ReleaseMutex
GetLastError
WaitForSingleObject
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
GetConsoleMode
HeapAlloc
MultiByteToWideChar
WriteConsoleW
GetStdHandle
GetConsoleOutputCP
SetUnhandledExceptionFilter
ntdll.dll NtWriteFile
RtlNtStatusToDosError
VCRUNTIME140.dll __std_type_info_destroy_list
__C_specific_handler
memcmp
memset
__CxxFrameHandler3
memcpy
_CxxThrowException
api-ms-win-crt-runtime-l1-1-0.dll _execute_onexit_table
_initterm_e
_configure_narrow_argv
_initialize_onexit_table
_seh_filter_dll
_cexit
_initterm
_initialize_narrow_environment
api-ms-win-crt-heap-l1-1-0.dll free

Delayed Imports

DllMain

Ordinal 1
Address 0x3780

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2026-Apr-23 08:17:57
Version 0.0
SizeofData 36
AddressOfRawData 0x1e07c
PointerToRawData 0x1d07c
Referenced File payload.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2026-Apr-23 08:17:57
Version 0.0
SizeofData 20
AddressOfRawData 0x1e0a0
PointerToRawData 0x1d0a0

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2026-Apr-23 08:17:57
Version 0.0
SizeofData 772
AddressOfRawData 0x1e0b4
PointerToRawData 0x1d0b4

TLS Callbacks

StartAddressOfRawData 0x18001e3d8
EndAddressOfRawData 0x18001e430
AddressOfIndex 0x1800221e4
AddressOfCallbacks 0x180019270
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_8BYTES
Callbacks 0x00000001800078C0

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x180022080

RICH Header

XOR Key 0xf610511
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 6
Imports (35207) 2
ASM objects (35207) 3
C objects (35207) 7
C++ objects (35207) 15
Imports (33145) 9
Total imports 171
Unmarked objects (#2) 62
Exports (35222) 1
Linker (35222) 1

Errors

Leave a comment

No comments yet.