fcfcfed9568dc94092a131701b8a3f7d93c8f8247e160f3d0667fbc2921aab6b

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2026-Feb-22 15:58:52
Detected languages English - United States
Debug artifacts F:\VS_Projects\Injector\x64\Release\Injector.pdb

Plugin Output

Suspicious The PE contains functions most legitimate programs don't use. Functions which can be used for anti-debugging purposes:
  • CreateToolhelp32Snapshot
 Possibly launches other programs:
  • CreateProcessW
 Has Internet access capabilities:
  • WinHttpOpenRequest
  • WinHttpCrackUrl
  • WinHttpCloseHandle
  • WinHttpSendRequest
  • WinHttpReadData
  • WinHttpReceiveResponse
  • WinHttpOpen
  • WinHttpConnect
 Manipulates other processes:
  • Process32NextW
  • Process32FirstW
Info The PE is digitally signed. Signer: Take-Two Interactive Software
Issuer: VeriSign Class 3 Code Signing 2010 CA
Malicious VirusTotal score: 28/72 (Scanned on 2026-03-15 11:23:15) AVG: Win64:MalwareX-gen [Misc]
Alibaba: Trojan:Win64/MalwareX.77dadd8c
Antiy-AVL: Trojan/Win32.Kepavll
Avast: Win64:MalwareX-gen [Misc]
CAT-QuickHeal: Trojan.Ghanarava.17732657348c4d3a
CTX: exe.trojan.generic
CrowdStrike: win/malicious_confidence_60% (W)
Cylance: Unsafe
Cynet: Malicious (score: 99)
DeepInstinct: MALICIOUS
ESET-NOD32: Win64/Agent_AGen.KUU trojan
Elastic: malicious (moderate confidence)
Google: Detected
Ikarus: Trojan.Win64.Agent
K7AntiVirus: Trojan ( 006db1951 )
K7GW: Trojan ( 006db1951 )
Lionic: Trojan.Win32.Generic.4!c
Malwarebytes: Malware.AI.4041229333
Microsoft: Trojan:Win32/Kepavll!rfn
Paloalto: generic.ml
Sophos: Mal/Generic-S
Tencent: Malware.Win32.Gencirc.11e4dce6
TrellixENS: Artemis!D750C951F06E
TrendMicro-HouseCall: TROJ_GEN.R002H01BS26
Varist: W64/ABTrojan.SVFL-6407
Webroot: Win.Trojan.Gen
Zillya: Trojan.AgentAGen.Win64.32572
alibabacloud: Trojan:Win/Agent_AGen.KCW

Hashes

MD5 d750c951f06e5be5e1f3ad683d8c4d3a
SHA1 6da3ed49a453d69681a09361537c988278e0ef67
SHA256 fcfcfed9568dc94092a131701b8a3f7d93c8f8247e160f3d0667fbc2921aab6b
SHA3 0379924b19789ae45e8754848d7c891bba2757f9cacd979076f4d5ef0a512852
SSDeep 1536:yDrBNVCmxLJ7JSbqCt+3yQhl+jfP4vRayfEBgHWiVrou0dkWlM/6iX+:UtbyqC4JYfPKayfTnekWq/f+
Imports Hash 024a4450a5c84075944e386cd31c60d0

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2026-Feb-22 15:58:52
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0xee00
SizeOfInitializedData 0x5800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000000ED78 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x19000
SizeOfHeaders 0x400
Checksum 0x1eeb7
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 18f387e1fcf84f7d3de3946b568151d8
SHA1 1a05e688712399e9cb9504464f70a3c3eec2289f
SHA256 d2b5ac67e04cccf41c6a69d29cdcb2173e1ae27c202b054b1c8a4384b6b8252a
SHA3 45298e7acabe06dce3c3fd6cac8020c5fab30981017485d163c970890826637a
VirtualSize 0xec8b
VirtualAddress 0x1000
SizeOfRawData 0xee00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.39572

.rdata

MD5 68fc56c76795afd2ad01c51d6a9872ff
SHA1 d83b769fba303f4760d7380912db4cebbeef3395
SHA256 96734e495d6fa6c3c5db9b4e135ca4b7e650fadd4f7cc914db83037de48466ba
SHA3 0ca3c0f8f27cb3ec064e8e85a7b2f1784ff360ce5622e2fa27b7cb5bdab88f85
VirtualSize 0x4052
VirtualAddress 0x10000
SizeOfRawData 0x4200
PointerToRawData 0xf200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.60283

.data

MD5 6ffe249125d82207b18dff15cf54f977
SHA1 1c2823502f2270c2daaa3c86be4e0c9790fe3328
SHA256 91a3a5b9a15aaced7a528411282532fda1763fa4b32beacb0ceed9ff891a532f
SHA3 dc97175dd0561bb223671c588c7c0c36c55ebc7a4ff0c158a14d9eb6c9ae41fa
VirtualSize 0x5d0
VirtualAddress 0x15000
SizeOfRawData 0x600
PointerToRawData 0x13400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.52192

.pdata

MD5 e715b5eba64f054e749ad6707ac1cbb4
SHA1 ace7f7f10bb99d91255c79dc4d08f35c4cddbd06
SHA256 a2efba011c36931dae2fd643d275c577d02760cc104b2c2180c4098db9681807
SHA3 20a87066faff0680f3f36fa15295684fa225841e38c6cea9c679d4724313e854
VirtualSize 0xa68
VirtualAddress 0x16000
SizeOfRawData 0xc00
PointerToRawData 0x13a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.34824

.rsrc

MD5 2c9bc3c453765c5a8e37ea178e81aa1b
SHA1 974f84a1c1efa7c6e0d963ce7479765c9444963a
SHA256 15f6ad57552d43f7cae352a593cfdf6be16c96fb903b6f7de618808ee1685819
SHA3 e8e0136fa0ac3c6c54952814f8fbbcbd7708f853b22f51ceaedc2db0dafd2a3a
VirtualSize 0x1e0
VirtualAddress 0x17000
SizeOfRawData 0x200
PointerToRawData 0x14600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.71006

.reloc

MD5 99bea584a4289a50e5d2829f1d8c9638
SHA1 7b6e1078ce4cca83db389d5bf387a0e403566f30
SHA256 0107792bd9b0a229ac1470f249da304572e71e801fdc729fcc15e7907b772837
SHA3 2f741b033649770d0609bf3fcac1cf0bba1845cda2b5dc130bc29083dabcc223
VirtualSize 0xe4
VirtualAddress 0x18000
SizeOfRawData 0x200
PointerToRawData 0x14800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 2.99378

Imports

KERNEL32.dll CreateToolhelp32Snapshot
GetTickCount64
Process32NextW
Process32FirstW
CloseHandle
CreateProcessW
GetConsoleWindow
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetCurrentThreadId
Sleep
GetLocaleInfoEx
FormatMessageA
LocalFree
WideCharToMultiByte
GetFileInformationByHandleEx
CopyFile2
GetProcAddress
GetModuleHandleW
GetLastError
AreFileApisANSI
CreateFile2
GetTempPathW
SetFileInformationByHandle
GetFileAttributesExW
GetFileAttributesW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateDirectoryW
GetCurrentDirectoryW
SetUnhandledExceptionFilter
USER32.dll ShowWindow
MSVCP140.dll ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
_Query_perf_frequency
_Query_perf_counter
?_Syserror_map@std@@YAPEBDH@Z
??1_Lockit@std@@QEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xbad_alloc@std@@YAXXZ
?_Id_cnt@id@locale@std@@0HA
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
WINHTTP.dll WinHttpOpenRequest
WinHttpCrackUrl
WinHttpCloseHandle
WinHttpSendRequest
WinHttpReadData
WinHttpReceiveResponse
WinHttpOpen
WinHttpConnect
VCRUNTIME140_1.dll __CxxFrameHandler4
VCRUNTIME140.dll __std_exception_destroy
memcpy
memmove
memcmp
__std_terminate
__std_exception_copy
__C_specific_handler
memset
__current_exception_context
__current_exception
_CxxThrowException
api-ms-win-crt-stdio-l1-1-0.dll __p__commode
_set_fmode
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
setvbuf
fwrite
fgetc
fclose
fflush
fputc
fgetpos
api-ms-win-crt-heap-l1-1-0.dll _callnewh
_set_new_mode
malloc
free
api-ms-win-crt-string-l1-1-0.dll _wcsicmp
strlen
wcslen
api-ms-win-crt-filesystem-l1-1-0.dll _lock_file
_unlock_file
api-ms-win-crt-locale-l1-1-0.dll ___lc_codepage_func
_configthreadlocale
api-ms-win-crt-runtime-l1-1-0.dll terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_seh_filter_exe
abort
_c_exit
_cexit
__p___wargv
__p___argc
_set_app_type
_exit
exit
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_register_thread_local_exe_atexit_callback
api-ms-win-crt-math-l1-1-0.dll __setusermatherr

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2026-Feb-22 15:58:52
Version 0.0
SizeofData 73
AddressOfRawData 0x11624
PointerToRawData 0x10824
Referenced File F:\VS_Projects\Injector\x64\Release\Injector.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2026-Feb-22 15:58:52
Version 0.0
SizeofData 20
AddressOfRawData 0x11670
PointerToRawData 0x10870

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2026-Feb-22 15:58:52
Version 0.0
SizeofData 780
AddressOfRawData 0x11684
PointerToRawData 0x10884

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2026-Feb-22 15:58:52
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140015000

RICH Header

XOR Key 0xb221a1d2
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 14
ASM objects (35403) 4
C objects (35403) 10
C++ objects (35403) 29
Imports (35403) 6
Imports (33145) 7
Total imports 179
C++ objects (LTCG) (35721) 2
Resource objects (35721) 1
Linker (35721) 1

Errors

Leave a comment

No comments yet.