f02557d353c55108ce34237933b323ef38ed5c05d881df417c7abc10f1305bd7

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2026-Mar-08 09:38:36

Plugin Output

Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Suspicious The PE is possibly packed. Unusual section name found: .fptable
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
 Possibly launches other programs:
  • CreateProcessW
 Can create temporary files:
  • GetTempPathW
  • CreateFileW
 Functions related to the privilege level:
  • OpenProcessToken
 Enumerates local disk drives:
  • GetDriveTypeW
Suspicious The file contains overlay data. 21333504 bytes of data starting at offset 0x56600.
The overlay data has an entropy of 7.99836 and is possibly compressed or encrypted.
Overlay data amounts for 98.3687% of the executable.
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 8951b3b776058b09411e6d0a333ded8f
SHA1 cb1b5d0dfe710499ce83aad63e7aba89cb32e5ce
SHA256 f02557d353c55108ce34237933b323ef38ed5c05d881df417c7abc10f1305bd7
SHA3 8861349cd787fc5ab510a4bcc5dc6431314afb8ace4d4d9db47bc055d81ad381
SSDeep 393216:32znAP/iXgAt2Jy60Z9xDnVuLMFxct1DPsZg2KezvSa4czChK4tZIHsylaSJaZY:Gznxv2JL0Zn5fa1wLXH4cz4ZypUSIZ1
Imports Hash aaee5f53610550f6e3f653092da8e16f

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2026-Mar-08 09:38:36
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x2da00
SizeOfInitializedData 0x28800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000000D4A0 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x5f000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x1e8480
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 dcbd2286739e348cc96c3770499eac40
SHA1 f83fc6fd7e438603537bf1bc8138095081738bc2
SHA256 182fd1a0bfc99e0323be8810e9f24c01ddc2314c4ec427a52da47fb4467b188c
SHA3 f4ecf979f9784693ce74b15af3f47ff97f87d0e178dfebe53ddaedcfafb08338
VirtualSize 0x2d8a0
VirtualAddress 0x1000
SizeOfRawData 0x2da00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.47657

.rdata

MD5 14b3ff8027ceb647f0ba9782602eb3ee
SHA1 a105371b6fe0e6f45f2d5393214c5593f7cd520f
SHA256 8a83b7830bc383d505849de2e9565d31be32d32b7d0596aa26fe248f81166143
SHA3 78812363e78bdff6449653751f3f799a1f2a0051649b5e48e03ca8e69676e208
VirtualSize 0x1396a
VirtualAddress 0x2f000
SizeOfRawData 0x13a00
PointerToRawData 0x2de00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.74267

.data

MD5 b2a2b4610e1a32ff11d5f0a359ac8f88
SHA1 91f72167adf232b75e63611ee7e01703dc831c07
SHA256 47731e6e902f1d83980a1014f89201f13e5cb820552f93427aa9185c66b24ff0
SHA3 7eb386ecfca935ea9cb0d2ac955598d8053a514f990e72c8e6ccfc6df7f477a0
VirtualSize 0x50b0
VirtualAddress 0x43000
SizeOfRawData 0xe00
PointerToRawData 0x41800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.82145

.pdata

MD5 da49fbee77be5d7f294b9d2f32c9bcaa
SHA1 af31b5d72aa41cc32ac74e0c2a8397e3f6338be7
SHA256 be49c00ca9581ed28acb5f3e1fc8b2e9ce76e1e601079e50520d71c668dab61a
SHA3 a628e7493b8e60fe7366f30e83470bd1aa0b1b0702311cfac462621e4a0f5047
VirtualSize 0x2490
VirtualAddress 0x49000
SizeOfRawData 0x2600
PointerToRawData 0x42600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.38254

.fptable

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x100
VirtualAddress 0x4c000
SizeOfRawData 0x200
PointerToRawData 0x44c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.rsrc

MD5 7aa5437b5d9b0507f945c6006d68a84c
SHA1 aa7f45bb32680832b08b915b06eee790aa435e2c
SHA256 149c015943855aaded22b4b9884d97c0b239a3cd48d3e174555df7d1c874c4c3
SHA3 48520a23ec2f00302b6b2c3a6faf21a3cffc2f76b02f9a0c792c05e471dc3512
VirtualSize 0x10e31
VirtualAddress 0x4d000
SizeOfRawData 0x11000
PointerToRawData 0x44e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.58058

.reloc

MD5 a93b3a1977afcf926ff83c8ed4ffb307
SHA1 23054409d91f698f202b7543a8bf9c09685290a1
SHA256 9f37c1c4fe7bed8ea2c05a4b314b4d89de9ee8dd8c01cd62a16fb07294b43de9
SHA3 579067d8558813db899ca33eccf6d65513269c1106f72ebaeb985f4637bd71a1
VirtualSize 0x774
VirtualAddress 0x5e000
SizeOfRawData 0x800
PointerToRawData 0x55e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.27138

Imports

KERNEL32.DLL GetTimeZoneInformation
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetStringTypeW
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryExW
FormatMessageW
GetModuleFileNameW
SetDllDirectoryW
CreateSymbolicLinkW
SetErrorMode
CreateDirectoryW
GetCommandLineW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
DeleteFileW
FindClose
HeapSize
FindNextFileW
GetDriveTypeW
RemoveDirectoryW
GetTempPathW
CloseHandle
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
Sleep
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
LocalFree
SetConsoleCtrlHandler
GetConsoleWindow
K32EnumProcessModules
K32GetModuleFileNameExW
CreateFileW
FindFirstFileExW
GetFinalPathNameByHandleW
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesExW
HeapReAlloc
WriteConsoleW
SetEndOfFile
FindFirstFileW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ReadFile
GetFullPathNameW
SetStdHandle
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
GetCommandLineA
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
GetCurrentDirectoryW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionEx
VirtualProtect
CompareStringW
LCMapStringW
FlushFileBuffers
SetEnvironmentVariableW
ADVAPI32.dll ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
USER32.dll TranslateMessage
ShutdownBlockReasonCreate
GetWindowThreadProcessId
SetWindowLongPtrW
GetWindowLongPtrW
MsgWaitForMultipleObjects
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassW
DefWindowProcW
PeekMessageW
DispatchMessageW
GetMessageW

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x10828
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.49807
MD5 ed3a5b471c3fdf5038f13f95a714bd7d
SHA1 ba4ff2151ebacd3980fbed1a1af36b1f29b65561
SHA256 3b3544e2cb2208dbc562324d9c18d7e8c8ee65f5c128bb584a46038d6e4d259d
SHA3 a756259116205b0e08d771dc3d0dddf13131a35d4a3424c618d3b88a8b7ede85

1 (#2)

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.98048
Detected Filetype Icon file
MD5 38388dda6548693f4d42f2241a4218d7
SHA1 78bedd12a20f97e31e58742381f3d0ca1edb4715
SHA256 cd0991dd595a1392452a8c7ccf089e73626bc6eed1fd3f54ee4c6aa7ffbaedba
SHA3 9ace1e9f008d60580379cdfdcd4119706c82d52d2e5fdb9e5745fa00864cc1a8

1 (#3)

Type RT_MANIFEST
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x50d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.25791
MD5 84da8dee6b319ea0b10b6de5489c6aae
SHA1 5f8991f3e065fd95614859a293f88b9c70e4bb23
SHA256 abf8f2022f12f350789d961aceaf9ccfd53e7ec58d8c9934cfce77779b4eac11
SHA3 08f0562915b54bedce5a84e9d32cb2efcc538268785103b1852338e20a3b4606

Version Info

TLS Callbacks

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140043040

RICH Header

XOR Key 0xc517a4d5
Unmarked objects 0
C++ objects (33145) 182
C objects (33145) 12
ASM objects (33145) 11
253 (35207) 3
ASM objects (35207) 9
C objects (35207) 17
C++ objects (35207) 40
Imports (33145) 7
Total imports 141
C objects (35222) 27
Linker (35222) 1

Errors

Leave a comment

No comments yet.