PESCAN.IO - Analysis Report |
|||||
| File Structure: | |||||
|
|||||
| Information: |
| Size: 2,50 MB SHA-256 Hash: CB887DEC441CD582E5859F0A1029EDC7BF0892CB39E1D6FA1DF80D8FC9DD629E SHA-1 Hash: 7D5A625228AB65DB11A086A74364D290D22BDC7A MD5 Hash: BA74B84295E05E57E8864FF4B4C82104 Imphash: E7F214A81357D3C800C3774E7FCE8173 MajorOSVersion: 6 CheckSum: 00000000 EntryPoint (rva): 4DFE70 SizeOfHeaders: 400 SizeOfImage: 523000 ImageBase: 0000000140000000 Architecture: x64 ImportTable: 2DFBA0 Characteristics: 22 TimeDateStamp: 685478E7 Date: 19/06/2025 20:53:59 File Type: EXE Number Of Sections: 9 ASLR: Disabled Section Names (Optional Header): .text, .rdata, .data, .pdata, .idiot0, .idiot1, .idiot2, .rsrc, .reloc Number Of Executable Sections: 3 Subsystem: Windows Console UAC Execution Level Manifest: asInvoker [Incomplete Binary or Compressor Packer - 2,63 MB Missing] |
| Sections Info: |
| Section Name | Flags | ROffset | RSize | VOffset | VSize |
|---|---|---|---|---|---|
| .text | 60000020 (Executable) | 0 | 0 | 1000 | CD08C |
| .rdata | 40000040 | 0 | 0 | CF000 | 32F68 |
| .data | C0000040 (Writeable) | 0 | 0 | 102000 | 2850 |
| .pdata | 40000040 | 0 | 0 | 105000 | 7E18 |
| .idiot0 | 60000020 (Executable) | 0 | 0 | 10D000 | 191EB9 |
| .idiot1 | C0000040 (Writeable) | 400 | 200 | 29F000 | 1D0 |
| .idiot2 | 68000060 (Executable) | 600 | 280800 | 2A0000 | 280784 |
| .rsrc | 40000040 | 280E00 | 200 | 521000 | 1D5 |
| .reloc | 42000040 | 281000 | 200 | 522000 | 58 |
| Entry Point: |
| The section number (7) have the Entry Point Information -> EntryPoint (calculated) - 240470 Code -> E83309DCFF6F37D00AE27C5839C1071387A8C17274407A661DD9287B8D96608475A95813E509F8649596609465D928D425B1 • CALL 0XFFFFFFFFFFDC1938 • OUTSD DX, DWORD PTR [RSI] |
| Signatures: |
| Certificate - Digital Signature Not Found: • The file is not signed |
| Packer/Compiler: |
| Detect It Easy (die) • PE+(64): linker: Microsoft Linker(14.42)[EXE64,console] • Entropy: 7.98878 |
| Suspicious Functions: |
| Library | Function | Description |
|---|---|---|
| SHELL32.DLL | ShellExecuteA | Performs a run operation on a specific file. |
| File Access: |
| fapi-ms-win-crt-runtime-l1-1-0.dll WININET.dll KERNEL32.dll MSVCP140.dll api-ms-win-crt-convert-l1-1-0.dll USERENV.dll CRYPT32.dll api-ms-win-crt-environment-l1-1-0.dll USER32.dll PSAPI.DLL api-ms-win-crt-heap-l1-1-0.dll {Y9SHELL32.dll _api-ms-win-crt-locale-l1-1-0.dll VCRUNTIME140.dll )bcrypt.dll g|VzfADVAPI32.dll api-ms-win-crt-filesystem-l1-1-0.dll WS2_32.dll api-ms-win-crt-string-l1-1-0.dll api-ms-win-crt-utility-l1-1-0.dll api-ms-win-crt-math-l1-1-0.dll $VCRUNTIME140_1.dll )api-ms-win-crt-time-l1-1-0.dll SHLWAPI.dll api-ms-win-crt-stdio-l1-1-0.dll UserProfile |
| Interest's Words: |
| exec |
| Strings/Hex Code Found With The File Rules: |
| • Rule Text (Ascii): Execution (ShellExecute) |
| Resources: |
| Path | DataRVA | Size | FileOffset | Code | Text |
|---|---|---|---|---|---|
| \24\1\1033 | 521058 | 17D | 280E58 | 3C3F786D6C2076657273696F6E3D27312E302720656E636F64696E673D275554462D3827207374616E64616C6F6E653D2779 | <?xml version='1.0' encoding='UTF-8' standalone='y |
| Intelligent String: |
| • Zn. |
| Extra 4n4lysis: |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 1792193 | 68,2468% |
| Null Byte Code | 35080 | 1,3358% |
© 2025 All rights reserved.