Manalyze report for 09bfb7c6fcef563124f15059627c3c57

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2024-Mar-28 13:49:19
TLS Callbacks	3 callback(s) detected.
Debug artifacts	Embedded COFF debugging symbols

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses known Mersenne Twister constants`
Suspicious	The PE is possibly packed.	`Unusual section name found: /4` `Unusual section name found: .xdata` `Unusual section name found: /14` `Unusual section name found: /29` `Unusual section name found: /41` `Unusual section name found: /55` `Unusual section name found: /67` `Unusual section name found: /80` `Unusual section name found: /91` `Unusual section name found: /107` `Unusual section name found: /123`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Has Internet access capabilities: InternetCloseHandle InternetConnectA InternetOpenA InternetReadFile InternetSetOptionA` `Manipulates other processes: OpenProcess`
Suspicious	The file contains overlay data.	`1633121 bytes of data starting at offset 0x101000.`
Safe	VirusTotal score: 0/72 (Scanned on 2024-03-28 14:03:36)	`All the AVs think this file is safe.`

Hashes

MD5	`09bfb7c6fcef563124f15059627c3c57`
SHA1	`a61c9810681d0e5c53db046c8ecbe4cc71d89c3d`
SHA256	`f3558160f6e830d0cb6dc1867cc86aff5c00988a579c8108731a6ea5ea466761`
SHA3	`65cf86685e60ac6782c6219c79fd1bb82ea8cc830b3f8ac15c20c587bd40eb6f`
SSDeep	`49152:ngMikoqyKmbriG8cWexnXuqsMpoXXlBVDe:gOjmbriG8yZsMpoXXlBVDe`
Imports Hash	`34e33c2367050ffa0e7f2cd04012cb3b`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`20`
TimeDateStamp	2024-Mar-28 13:49:19
PointerToSymbolTable	`0x101000`
NumberOfSymbols	`34012`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0xc2200`
SizeOfInitializedData	`0xf9200`
SizeOfUninitializedData	`0xe00`
AddressOfEntryPoint	`0x0000000000001125 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x10f000`
SizeOfHeaders	`0x600`
Checksum	`0x29936d`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`5e58bad66be5fca2d8b578fac84501ec`
SHA1	`8433be6147a88201e2571df41d9d293b5110799f`
SHA256	`e8a50875f48edddec4452f891035e613f5eda35528a6a4e8a4095d7091094090`
SHA3	`f0d6921e7a4e71b0a2854375943baa7feebe88f924e5fb975d51777bffd77a2b`
VirtualSize	`0xc21a0`
VirtualAddress	`0x1000`
SizeOfRawData	`0xc2200`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.14095`

.data

MD5	`1091c0941c74ba1afb5293bc8d2bf97e`
SHA1	`5a6507580ee91e82e620fd260fffb3518e41ea78`
SHA256	`0aea7e13c60bdaadc22b1de42351308225cb572a2ce59dce36e7b4cfcd10d80b`
SHA3	`1e69a5bf517460f59235ab012659ac3d54003388d0ec3f1ccb882c78eaaed36c`
VirtualSize	`0x30a0`
VirtualAddress	`0xc4000`
SizeOfRawData	`0x3200`
PointerToRawData	`0xc2800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.379693`

.rdata

MD5	`47fcb4e68ccd681107d1d620ec36bf41`
SHA1	`8143d30cb128d37e1ed6c7c0e43975959c1a134f`
SHA256	`09dd95a3a49bb8d2d05c4ee92d9d840fda5bcdb5dae526010bfbbd8e1950bb7f`
SHA3	`4177c7626112ee9789a475a4d159ded66312b12e5c51e923e14813c0efffc105`
VirtualSize	`0x12d40`
VirtualAddress	`0xc8000`
SizeOfRawData	`0x12e00`
PointerToRawData	`0xc5a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.10449`

/4

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x4`
VirtualAddress	`0xdb000`
SizeOfRawData	`0x200`
PointerToRawData	`0xd8800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.pdata

MD5	`d8b75a8210f25a9938c4f83df2c13ebc`
SHA1	`11bbb845604c409c00ec03cdf74f53d775dd0d5f`
SHA256	`85596df4669bcec797690813e1e1c6123c08a9f7e7bb78bea4f2ffc573bc4397`
SHA3	`abd52766df631111691aef4e4c62af174de4c035631b760c035005060f82cbe2`
VirtualSize	`0xc2c4`
VirtualAddress	`0xdc000`
SizeOfRawData	`0xc400`
PointerToRawData	`0xd8a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.0056`

.xdata

MD5	`110528e09d71f2dedd4faea57edd406d`
SHA1	`8b6dfa1948f993331f920ff0c263a158491549b5`
SHA256	`5b8532879222cdb5ee5a1ed3e3b4ae15c7f398dc41f567c0f8307e56ef1fbfb8`
SHA3	`a7a1acbf50ff4d9e786c988de36e72f4b0ee94957805ce44d7c524c5119abee9`
VirtualSize	`0x110a0`
VirtualAddress	`0xe9000`
SizeOfRawData	`0x11200`
PointerToRawData	`0xe4e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.81778`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xdc0`
VirtualAddress	`0xfb000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`e95dd369f39041aa7a2415e46f5a0f2a`
SHA1	`41acd31b13421cc2a8fa32cd90c146f1b5a26980`
SHA256	`c4dd8a41ee7056be9da9720aeb36ed32ffe2eb8fad4bfca47f63af0b7a7829a8`
SHA3	`180120778113cc6d602bcfa4d82548883e1d0e32f9fe86348d751590c01079ca`
VirtualSize	`0x1a98`
VirtualAddress	`0xfc000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0xf6000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.45372`

.CRT

MD5	`0554c37430d668e5ea20a9d79c431330`
SHA1	`51c05625038a4220a1d5d668c6396718824b3b03`
SHA256	`e26c7200b3911c0059256048f85bfa1e35e3f9efd17c694a7ef9643c16d7de32`
SHA3	`2b42b31edf0b30aea870fb436ddb669c644b677cf1956800e57351714fbfe0d0`
VirtualSize	`0x68`
VirtualAddress	`0xfe000`
SizeOfRawData	`0x200`
PointerToRawData	`0xf7c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.370209`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x10`
VirtualAddress	`0xff000`
SizeOfRawData	`0x200`
PointerToRawData	`0xf7e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.reloc

MD5	`98a1fa3636e07d1721e97f22500cfdf9`
SHA1	`6f7c6fde304898d81852ada8e884b7b4868204cc`
SHA256	`5afe6ce91a5b44474c2cfe262fa43a40f4488b4f44a1ae5a437ac22d4f1f94a0`
SHA3	`b8a6f9bbe5ec16b8e3f4d2fdc34409b38114a4fac32d2fb55125d9cde434e2a7`
VirtualSize	`0x1684`
VirtualAddress	`0x100000`
SizeOfRawData	`0x1800`
PointerToRawData	`0xf8000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.34374`

/14

MD5	`d647f4f2bb9800a8a36828868651d7c0`
SHA1	`f6cd5c99eb1a75f88d93cae55fe6a12bebd597e4`
SHA256	`f6a1016fb40d9a3b8712186f38a820e9eb363e321fd9e355ae23e3f3babbed8e`
SHA3	`e75ea555233a7d612dca39e0ace45458f2b6bc16c43e754d26b58fb30182acf6`
VirtualSize	`0xd0`
VirtualAddress	`0x102000`
SizeOfRawData	`0x200`
PointerToRawData	`0xf9800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.789554`

/29

MD5	`a6b11c2ffb2c6096a939373de7637d15`
SHA1	`2ce21c568564687d7f12e32fe79d0300d54262f1`
SHA256	`cb3134f380466ba64c62720cc1bd61ed250f096b5012dc6d562ce02a79528efc`
SHA3	`cdc4fdd61a3f8a46920f093d9a3f31ffe5e0b8c977d057a9feffad0a14fbaf7f`
VirtualSize	`0x46f9`
VirtualAddress	`0x103000`
SizeOfRawData	`0x4800`
PointerToRawData	`0xf9a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.82847`

/41

MD5	`8c412e1ec809bc2d22840ac0c0dd9436`
SHA1	`9d026997ffb0ba3bab75967e3d8b16b3d1e943f3`
SHA256	`b29a85abfb61faf19f56071aa9eb3a872a8f2d06e6711cf794ad242aa44684d7`
SHA3	`3fb42ffa710f37d96722310a1d7ffdd6382ab66a296c8f6f4cbb9c62502bc508`
VirtualSize	`0x8a5`
VirtualAddress	`0x108000`
SizeOfRawData	`0xa00`
PointerToRawData	`0xfe200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.51757`

/55

MD5	`49f972e2c325113f07c72c3d566269bb`
SHA1	`9c4b3a65257a53fad53a84b38148fab8fab641e1`
SHA256	`750a11652c11b6c0ee739778d25c5541a11f58845c0e942635d377e01eb467a5`
SHA3	`ad07caea845031548ffcfa453fd1e8ee08bb72556be851392e71750fb51800d7`
VirtualSize	`0x97f`
VirtualAddress	`0x109000`
SizeOfRawData	`0xa00`
PointerToRawData	`0xfec00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.78889`

/67

MD5	`edce826a01f9f5e7af511caa3ceb970b`
SHA1	`305420c6b8a79dd285fb0fa6edd12782fed3deb8`
SHA256	`2c043ffa5c9c5dbae155d9cd86c6c637a02e7ff82039d9e9197fcd6dd4035462`
SHA3	`d113ce09ecf0876526279daff7803adf35da1d03c6d083914387ce825ea60669`
VirtualSize	`0x498`
VirtualAddress	`0x10a000`
SizeOfRawData	`0x600`
PointerToRawData	`0xff600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.15078`

/80

MD5	`292217cd9caa0647d900f44faf753dd5`
SHA1	`27444e90c9c22c6db503b22b3139aa0d3b152218`
SHA256	`3aeb11945c489592c09f120730180199c5108e4606469a4a50d936dc42549da8`
SHA3	`da37f80984bee9ff5e79981cf3c69751c7379b5b61c575de845856877aa0b6a7`
VirtualSize	`0xce`
VirtualAddress	`0x10b000`
SizeOfRawData	`0x200`
PointerToRawData	`0xffc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.87226`

/91

MD5	`75a450f8317627827fe1cca60ebb0ae6`
SHA1	`2c3c74cfaffd649b2036fc0157ec67cd9ce372cf`
SHA256	`aa91e4203b3327c8cfbd4d55c066628528abb3a27fa976e36db2e2b6e811a790`
SHA3	`759cf6fda727d78aa6d113088d9ccd8daa38fc339de074d41bde700a010427e1`
VirtualSize	`0x461`
VirtualAddress	`0x10c000`
SizeOfRawData	`0x600`
PointerToRawData	`0xffe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.17073`

/107

MD5	`72ca9a43783ce6c883a046f438edf030`
SHA1	`1f9b30230b97d2963f0071eaa22c3548b56836f8`
SHA256	`5ae88136039d6be861016dd976df12b8bb2367f214e10f3e48849d92d41c4a6a`
SHA3	`6869dc32e9ca0f722616d41f22e6669d6e05fa4832ff9d408083881001d900c2`
VirtualSize	`0x88b`
VirtualAddress	`0x10d000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x100400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.9932`

/123

MD5	`b34e27edeb84c263bc4786ed3b20c159`
SHA1	`beb95617eb5ef7635e31b8d44e5faf3d41f48eab`
SHA256	`0303ecab04cfb5c5c43e3ec67a3cab02837c2f3c2f0a58a6638d23161a8c759d`
SHA3	`5641d834148d2bb0c47048758d024eebbd2a10382c80be51af60842872b2b2ca`
VirtualSize	`0x108`
VirtualAddress	`0x10e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x100e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.31405`

Imports

ADVAPI32.dll	`GetUserNameA`
KERNEL32.dll	`AddVectoredExceptionHandler` `CloseHandle` `CreateEventA` `CreateSemaphoreA` `DeleteCriticalSection` `DuplicateHandle` `EnterCriticalSection` `FormatMessageA` `FreeLibrary` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThread` `GetCurrentThreadId` `GetHandleInformation` `GetLastError` `GetModuleHandleA` `GetProcAddress` `GetProcessAffinityMask` `GetSystemTimeAsFileTime` `GetThreadContext` `GetThreadPriority` `GetTickCount64` `InitializeCriticalSection` `IsDebuggerPresent` `LeaveCriticalSection` `LoadLibraryA` `LocalFree` `MultiByteToWideChar` `OpenProcess` `OutputDebugStringA` `RaiseException` `ReleaseSemaphore` `RemoveVectoredExceptionHandler` `ResetEvent` `ResumeThread` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlUnwindEx` `RtlVirtualUnwind` `SetEvent` `SetLastError` `SetProcessAffinityMask` `SetThreadContext` `SetThreadPriority` `SetUnhandledExceptionFilter` `Sleep` `SuspendThread` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TryEnterCriticalSection` `VirtualProtect` `VirtualQuery` `WaitForMultipleObjects` `WaitForSingleObject` `WideCharToMultiByte`
api-ms-win-crt-convert-l1-1-0.dll	`_ultoa` `mbrtowc` `strtoul` `wcrtomb`
api-ms-win-crt-environment-l1-1-0.dll	`__p__environ` `__p__wenviron` `getenv`
api-ms-win-crt-filesystem-l1-1-0.dll	`_fstat64`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `calloc` `free` `malloc` `realloc`
api-ms-win-crt-locale-l1-1-0.dll	`___lc_codepage_func` `___mb_cur_max_func` `localeconv` `setlocale`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr` `_fdopen`
api-ms-win-crt-private-l1-1-0.dll	`__C_specific_handler` `__intrinsic_setjmpex` `longjmp` `memchr` `memcmp` `memcpy` `memmove` `strchr`
api-ms-win-crt-runtime-l1-1-0.dll	`__p___argc` `__p___argv` `__p___wargv` `_beginthreadex` `_cexit` `_configure_narrow_argv` `_configure_wide_argv` `_crt_at_quick_exit` `_crt_atexit` `_endthreadex` `_errno` `_exit` `_initialize_narrow_environment` `_initialize_wide_environment` `_initterm` `_set_app_type` `_set_invalid_parameter_handler` `abort` `exit` `signal` `strerror`
api-ms-win-crt-stdio-l1-1-0.dll	`__acrt_iob_func` `__p__commode` `__p__fmode` `__stdio_common_vfprintf` `__stdio_common_vfwprintf` `__stdio_common_vsprintf` `__stdio_common_vswprintf` `_fileno` `_fseeki64` `_ftelli64` `_lseeki64` `_read` `_wfopen` `_write` `fclose` `fflush` `fgetwc` `fopen` `fputc` `fputs` `fread` `fwrite` `getc` `getwc` `putc` `putwc` `setvbuf` `ungetc` `ungetwc`
api-ms-win-crt-string-l1-1-0.dll	`_strdup` `iswctype` `memset` `strcmp` `strcoll` `strlen` `strncmp` `strxfrm` `towlower` `towupper` `wcscoll` `wcslen` `wcsxfrm`
api-ms-win-crt-time-l1-1-0.dll	`__daylight` `__timezone` `__tzname` `_tzset` `strftime` `wcsftime`
api-ms-win-crt-utility-l1-1-0.dll	`rand_s`
WININET.dll	`HttpOpenRequestA` `HttpSendRequestA` `InternetCloseHandle` `InternetConnectA` `InternetOpenA` `InternetReadFile` `InternetSetOptionA`

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData	`0x1400ff000`
EndAddressOfRawData	`0x1400ff008`
AddressOfIndex	`0x1400fb100`
AddressOfCallbacks	`0x1400fe038`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x000000014000DEE0` `0x000000014000DFA0` `0x000000014001D13E`

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Tried to read outside the COFF string table to get the name of section /14!
[*] Warning: Tried to read outside the COFF string table to get the name of section /29!
[*] Warning: Tried to read outside the COFF string table to get the name of section /41!
[*] Warning: Tried to read outside the COFF string table to get the name of section /55!
[*] Warning: Tried to read outside the COFF string table to get the name of section /67!
[*] Warning: Tried to read outside the COFF string table to get the name of section /80!
[*] Warning: Tried to read outside the COFF string table to get the name of section /91!
[*] Warning: Tried to read outside the COFF string table to get the name of section /107!
[*] Warning: Tried to read outside the COFF string table to get the name of section /123!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF String Table's reported size is bigger than the remaining bytes!
[*] Warning: Section .bss has a size of 0!
[*] Warning: Raw bytes from section .text could not be obtained.