The stealth exe File Malware Analysis

Technical Analysis

File Name	stealth.exe
File Type	PE32+ executable (console) x86-64, for MS Windows
Scanner Version	1.0.217.174
Database Version	2025-06-06 14:00:25 UTC

Scan Another File

File Identification

Hash Type	Value	Action
MD5	cbae7857137b22badcdfdd334dddf44c
SHA1	e92aaf1f96cf19bf0b12b6b0600ab42500400a86
SHA256	dc11f346b8de906b2f67ba0a2bd8fb7e23ef2f4db936e9fa604d856aa4dff6b1
SHA512	01ce221aaf5b90c48f9d908225316b654a02a9a1ac312f2bf39614437558f453d839d73e87d9c706b082e896aff33a3079051642f473f98c4ae7f96114db8ec9
ImpHash	332f0be8d784dfffd4004a458df4a9a3

PE Analysis

Basic Information

▼

Image Base	`0x140000000`
Entry Point	`0x14000131a`
Compilation Time	1970-01-01 00:00:00
Checksum	0x00040bbe (Actual: 0x00040bbe)
OS Version	4.0
PEiD Signatures	`PE32+ executable (console) x86-64, for MS Windows`
Digital Signature	No valid SignedData structure was found.
Imports	2 libraries KERNEL32, msvcrt
Exports	0 functions
Resources	0 Resources
Sections	17 Sections

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	99,872 bytes	100,352 bytes	6.29 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`106858306B00C583D62C52183CD36874`
`.data`	`0x0001a000`	1,120 bytes	1,536 bytes	1.52 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`8C807DE0200F7F8F7DF93CDACCF8E24A`
`.rdata`	`0x0001b000`	12,560 bytes	12,800 bytes	5.06 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`09FD8ACC493E16E50E269537B9267E7C`
`.pdata`	`0x0001f000`	6,204 bytes	6,656 bytes	5.10 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`264965D32D64CF105479599100268017`
`.xdata`	`0x00021000`	5,360 bytes	5,632 bytes	3.99 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`FF2CFB0E408BD7C7680A0DB5754BCF26`
`.bss`	`0x00023000`	3,536 bytes	0 bytes	0.00 (Normal)	`IMAGE_SCN_CNT_UNINITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.idata`	`0x00024000`	3,816 bytes	4,096 bytes	3.82 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`172CB06A96BEF9D8BC1769D47AB3F51A`
`.tls`	`0x00025000`	16 bytes	512 bytes	0.00 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`BF619EAC0CDF3F68D496EA9344137E8B`
`.reloc`	`0x00026000`	232 bytes	512 bytes	2.79 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`1620980F0AD43BB6ECCE810F2C3D6441`
`/4`	`0x00027000`	128 bytes	512 bytes	0.43 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`7122380BAF895484AEAC39009A891E7F`
`/19`	`0x00028000`	11,614 bytes	11,776 bytes	5.50 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`FC3364AC0E8CF37B1A9AF988C978BCE7`
`/31`	`0x0002b000`	1,007 bytes	1,024 bytes	4.82 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`15AEBF6AD30F761F918F216193397415`
`/45`	`0x0002c000`	1,045 bytes	1,536 bytes	3.69 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`AD7962052A933BE378DB497DC6AA585D`
`/57`	`0x0002d000`	296 bytes	512 bytes	2.65 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`0DF57B84A592F92C22A0E9867054FA72`
`/70`	`0x0002e000`	96 bytes	512 bytes	1.52 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`251D59F23C7DC5EC68EFE6975098D4BB`
`/81`	`0x0002f000`	504 bytes	512 bytes	4.55 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`26736ADDD719EAE4EF97C73C1099D4AD`
`/97`	`0x00030000`	615 bytes	1,024 bytes	3.12 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`BEB1740CF903BD9D51D6176E524D11DB`

Certificate Chain Analysis

▼

No Digital Signatures

This file is not digitally signed.

Security Implications:

Cannot verify the publisher's identity
Increased security risk when running this file
May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

The stealth.exe File Analysis

Technical Analysis

Clean File