PESCAN.IO - Analysis Report

File Structure:
Analysis Image
Information:
Size: 2,50 MB
SHA-256 Hash: CB887DEC441CD582E5859F0A1029EDC7BF0892CB39E1D6FA1DF80D8FC9DD629E
SHA-1 Hash: 7D5A625228AB65DB11A086A74364D290D22BDC7A
MD5 Hash: BA74B84295E05E57E8864FF4B4C82104
Imphash: E7F214A81357D3C800C3774E7FCE8173
MajorOSVersion: 6
CheckSum: 00000000
EntryPoint (rva): 4DFE70
SizeOfHeaders: 400
SizeOfImage: 523000
ImageBase: 0000000140000000
Architecture: x64
ImportTable: 2DFBA0
Characteristics: 22
TimeDateStamp: 685478E7
Date: 19/06/2025 20:53:59
File Type: EXE
Number Of Sections: 9
ASLR: Disabled
Section Names (Optional Header): .text, .rdata, .data, .pdata, .idiot0, .idiot1, .idiot2, .rsrc, .reloc
Number Of Executable Sections: 3
Subsystem: Windows Console
UAC Execution Level Manifest: asInvoker
[Incomplete Binary or Compressor Packer - 2,63 MB Missing]

Sections Info:
Section Name Flags ROffset RSize VOffset VSize
.text 60000020 (Executable) 0 0 1000 CD08C
.rdata 40000040 0 0 CF000 32F68
.data C0000040 (Writeable) 0 0 102000 2850
.pdata 40000040 0 0 105000 7E18
.idiot0 60000020 (Executable) 0 0 10D000 191EB9
.idiot1 C0000040 (Writeable) 400 200 29F000 1D0
.idiot2 68000060 (Executable) 600 280800 2A0000 280784
.rsrc 40000040 280E00 200 521000 1D5
.reloc 42000040 281000 200 522000 58
Entry Point:
The section number (7) have the Entry Point
Information -> EntryPoint (calculated) - 240470
Code -> E83309DCFF6F37D00AE27C5839C1071387A8C17274407A661DD9287B8D96608475A95813E509F8649596609465D928D425B1
CALL 0XFFFFFFFFFFDC1938
• OUTSD DX, DWORD PTR [RSI]

Signatures:
Certificate - Digital Signature Not Found:
• The file is not signed

Packer/Compiler:
Detect It Easy (die)
PE+(64): linker: Microsoft Linker(14.42)[EXE64,console]
Entropy: 7.98878

Suspicious Functions:
Library Function Description
SHELL32.DLL ShellExecuteA Performs a run operation on a specific file.
File Access:
fapi-ms-win-crt-runtime-l1-1-0.dll
WININET.dll
KERNEL32.dll
MSVCP140.dll
api-ms-win-crt-convert-l1-1-0.dll
USERENV.dll
CRYPT32.dll
api-ms-win-crt-environment-l1-1-0.dll
USER32.dll
PSAPI.DLL
api-ms-win-crt-heap-l1-1-0.dll
{Y9SHELL32.dll
_api-ms-win-crt-locale-l1-1-0.dll
VCRUNTIME140.dll
)bcrypt.dll
g|VzfADVAPI32.dll
api-ms-win-crt-filesystem-l1-1-0.dll
WS2_32.dll
api-ms-win-crt-string-l1-1-0.dll
api-ms-win-crt-utility-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll
$VCRUNTIME140_1.dll
)api-ms-win-crt-time-l1-1-0.dll
SHLWAPI.dll
api-ms-win-crt-stdio-l1-1-0.dll
UserProfile

Interest's Words:
exec

Strings/Hex Code Found With The File Rules:
Rule Text (Ascii): Execution (ShellExecute)

Resources:
Path DataRVA Size FileOffset CodeText
\24\1\1033 521058 17D 280E58 3C3F786D6C2076657273696F6E3D27312E302720656E636F64696E673D275554462D3827207374616E64616C6F6E653D2779<?xml version='1.0' encoding='UTF-8' standalone='y
Intelligent String:
• Zn.

Extra 4n4lysis:
Metric Value Percentage
Ascii Code 1792193 68,2468%
Null Byte Code 35080 1,3358%
© 2025 All rights reserved.