Talon exe Trojan Packed File Malware Analysis: e132523b5b75c66ed53c591d3c20630b

Technical Analysis

File Name	talon.exe
File Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Scanner Version	1.0.210.174
Database Version	2025-03-12 13:00:46 UTC

Scan Another File

File Identification

Hash Type	Value	Action
MD5	e132523b5b75c66ed53c591d3c20630b
SHA1	6ddc18983ecc782b9549b14c51f32a4bac24c63a
SHA256	ce9da9cfc45b9243d1ab7d95b4a5dbb8c344087356252db36638dc3d079a6b76
SHA512	b55965d2abd5f28f3cc69de050c792b3a4be216eaef60af6fe37cc01d80bdb41aceb1db1390419d9cbd3442e0f763a959c07666c9b1beeb30f5b0030eb9d7580
ImpHash	ae21233514eb2e47a60a61ce2f15abb9

PE Analysis

Basic Information

▼

Icon	Hash: a7bf18b8ab20d950d6077a6fe15e3a9c Fuzzy: 74164608a7220092753a458b428c136a dHash: 8482d1ec74b44e36
Image Base	`0x140000000`
Entry Point	`0x1400010f6`
Compilation Time	2025-03-09 21:49:03
Checksum	0x0002771e (Actual: 0x01e79510)
OS Version	4.0
PEiD Signatures	`PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows`
Digital Signature	No valid SignedData structure was found.
Imports	3 libraries KERNEL32, msvcrt, SHELL32
Exports	0 functions
Resources	12 Resources
Sections	12 Sections

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	112,984 bytes	113,152 bytes	6.34 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`AC04CAF6860FF730A57094FC1AB48864`
`.data`	`0x0001d000`	272 bytes	512 bytes	1.20 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`2E84C4F63A84C8A3EAACF030AAABEB83`
`.rdata`	`0x0001e000`	11,136 bytes	11,264 bytes	5.21 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`DEAD896F6DC2B059DECE12CA65B64F0A`
`.eh_fram`	`0x00021000`	4 bytes	512 bytes	0.00 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`BF619EAC0CDF3F68D496EA9344137E8B`
`.pdata`	`0x00022000`	2,016 bytes	2,048 bytes	5.15 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`702F2B0CCC41B4D3255F9CD125B0A608`
`.xdata`	`0x00023000`	2,436 bytes	2,560 bytes	4.51 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`254914BA35266A91ADDC1EAEA1F797DF`
`.bss`	`0x00024000`	146,576 bytes	0 bytes	0.00 (Normal)	`IMAGE_SCN_CNT_UNINITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.idata`	`0x00048000`	3,672 bytes	4,096 bytes	4.15 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`6746F66C44B16E01B3AC5EAFD1F8D330`
`.CRT`	`0x00049000`	96 bytes	512 bytes	0.32 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D6BA0B637D38913D07E283965F1683FC`
`.tls`	`0x0004a000`	16 bytes	512 bytes	0.00 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`BF619EAC0CDF3F68D496EA9344137E8B`
`.rsrc`	`0x0004b000`	31,757,656 bytes	31,757,824 bytes	8.00 (Packed/Encrypted)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`F72DD7C1E5D566F4358D732D38FDF26B`
`.reloc`	`0x01e95000`	144 bytes	512 bytes	1.79 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`E8DCB72005E6B5B69AA6AB8919FCA329`

Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

▼

Total Resources: 12 (31,756,964 bytes)

Resource Type	Count	Total Size	Percentage
RT_ICON	9	174,869 bytes	0.6%
RT_RCDATA	1	31,580,936 bytes	99.4%
RT_GROUP_ICON	1	132 bytes	0%
RT_MANIFEST	1	1,027 bytes	0%

Certificate Chain Analysis

▼

No Digital Signatures

This file is not digitally signed.

Security Implications:

Cannot verify the publisher's identity
Increased security risk when running this file
May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Talon.exe Trojan Packed Analysis