Architecture |
IMAGE_FILE_MACHINE_AMD64
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date |
2024-Mar-30 18:37:48
|
TLS Callbacks |
2 callback(s) detected.
|
Debug artifacts |
Embedded COFF debugging symbols
|
Suspicious |
Strings found in the binary may indicate undesirable behavior: |
Contains references to security software:
Contains domain names:
- freeipapi.com
- https://freeipapi.com
- openssl.org
|
Info |
Cryptographic algorithms detected in the binary: |
Uses constants related to MD5
Uses constants related to SHA1
Uses constants related to SHA256
Uses constants related to SHA512
Uses constants related to AES
Uses constants related to Blowfish
Uses constants related to RC5 or RC6
Microsoft's Cryptography API
|
Suspicious |
The PE is possibly packed. |
Unusual section name found: .xdata
Unusual section name found: /4
Unusual section name found: /19
Unusual section name found: /31
Unusual section name found: /45
Unusual section name found: /57
Unusual section name found: /70
Unusual section name found: /81
Unusual section name found: /97
Unusual section name found: /113
|
Suspicious |
The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
- GetProcAddress
- LoadLibraryA
- LoadLibraryW
Possibly launches other programs:
Uses Microsoft's cryptographic API:
- CryptAcquireContextW
- CryptGenRandom
- CryptReleaseContext
Can create temporary files:
- CreateFileA
- CreateFileW
- GetTempPathA
- GetTempPathW
Memory manipulation functions often used by packers:
- VirtualAlloc
- VirtualProtect
Has Internet access capabilities:
- InternetCloseHandle
- InternetConnectA
- InternetOpenA
- InternetOpenUrlA
- InternetReadFile
Leverages the raw socket API to access the Internet:
- WSACleanup
- WSAGetLastError
- WSASetLastError
- WSAStartup
- accept
- bind
- closesocket
- connect
- gethostbyaddr
- gethostbyname
- getservbyname
- getservbyport
- getsockname
- getsockopt
- htonl
- htons
- inet_addr
- inet_ntoa
- ioctlsocket
- listen
- ntohs
- recv
- select
- send
- setsockopt
- shutdown
- socket
|
Suspicious |
The file contains overlay data. |
943987 bytes of data starting at offset 0x5ecc00.
|
Safe |
VirusTotal score: 0/71 (Scanned on 2024-04-23 04:29:44) |
All the AVs think this file is safe.
|
MD5 |
0cfcbed897db86ab9f29df8d4b576150
|
SHA1 |
5984d1601e6d115dd84dcf1e5e9e68c8d083ba9e
|
SHA256 |
eac4f2902f8d0756ca00326dc4a53d8b0d3f77dab23d1d05a5fd5257dcf13e7c
|
SHA3 |
128f65f1cfc71cd90d28792e06b5a6e0f493bd6bdb42a6d68b04936bf456a6e8
|
SSDeep |
98304:8ZU+4cYV5M6Z17WovexHh+Md+bC1mH4cZUi8SlbWI:8ZUBxsHhWbI5cZUid
|
Imports Hash |
1817c3379abb96baf06256619f50716a
|
e_magic |
MZ
|
e_cblp |
0x90
|
e_cp |
0x3
|
e_crlc |
0
|
e_cparhdr |
0x4
|
e_minalloc |
0
|
e_maxalloc |
0xffff
|
e_ss |
0
|
e_sp |
0xb8
|
e_csum |
0
|
e_ip |
0
|
e_cs |
0
|
e_ovno |
0
|
e_oemid |
0
|
e_oeminfo |
0
|
e_lfanew |
0x80
|
Signature |
PE
|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections |
20
|
TimeDateStamp |
2024-Mar-30 18:37:48
|
PointerToSymbolTable |
0x5ecc00
|
NumberOfSymbols |
33943
|
SizeOfOptionalHeader |
0xf0
|
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
|
Magic |
PE32+
|
LinkerVersion |
2.0
|
SizeOfCode |
0x469c00
|
SizeOfInitializedData |
0x591400
|
SizeOfUninitializedData |
0x8a00
|
AddressOfEntryPoint |
0x00000000000013F0 (Section: .text)
|
BaseOfCode |
0x1000
|
ImageBase |
0x140000000
|
SectionAlignment |
0x1000
|
FileAlignment |
0x200
|
OperatingSystemVersion |
4.0
|
ImageVersion |
0.0
|
SubsystemVersion |
5.2
|
Win32VersionValue |
0
|
SizeOfImage |
0x5fe000
|
SizeOfHeaders |
0x600
|
Checksum |
0x6d6935
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
SizeofStackReserve |
0x200000
|
SizeofStackCommit |
0x1000
|
SizeofHeapReserve |
0x100000
|
SizeofHeapCommit |
0x1000
|
LoaderFlags |
0
|
NumberOfRvaAndSizes |
16
|
MD5 |
99e762d84544459673650bdfa0e9259e
|
SHA1 |
c957e4865ce26929c0c41fefe22bdd8df97d64b7
|
SHA256 |
8c24c125160b01d0342b9a7f1072e9c4ea0cea29f8cb53369710c5560a9e2bc6
|
SHA3 |
1df3fb7a2e93e0d760edf6a87ab9b7218cea87132060cff78f358cf8e05a191e
|
VirtualSize |
0x469b30
|
VirtualAddress |
0x1000
|
SizeOfRawData |
0x469c00
|
PointerToRawData |
0x600
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
Entropy |
6.59186
|
MD5 |
1e9b9fd741f63b06b4eed59d54386117
|
SHA1 |
d69d851bd189c0299dea2b81277b05e1a4f180c8
|
SHA256 |
b664fa9b9df17723f1f6b284c0e3b8c66b1fa7d20a5c7f636c1ab0578963e05b
|
SHA3 |
bf2b51b4abf79f50c2c1e9013434aa3a2fd0a1ce9c0a9d83d401dd9781c9c30f
|
VirtualSize |
0x9140
|
VirtualAddress |
0x46b000
|
SizeOfRawData |
0x9200
|
PointerToRawData |
0x46a200
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
3.59986
|
MD5 |
8068298d586a83f2422bebbc69d8d461
|
SHA1 |
ab0f8c86c0e77331c4ec46b9caa6148ff4f25751
|
SHA256 |
9b88cb86d2b8075043fb93d33c3ef772ef822f18f584d8ba0e4afaf64995df00
|
SHA3 |
22cd0b6875f4e6b493aeb1dcf76d50a0335cff282048f1f590d1980889ffc0d4
|
VirtualSize |
0xca760
|
VirtualAddress |
0x475000
|
SizeOfRawData |
0xca800
|
PointerToRawData |
0x473400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
Entropy |
5.25828
|
MD5 |
e6fcde42adf3b24959e06b8f9c57f923
|
SHA1 |
6861d7061eaffd60322d423250f16900f4eeaaf0
|
SHA256 |
bf3301454e9d86dd9242c1afb59245b626df4b80e2791b1319b698e9bc511782
|
SHA3 |
2c0a87c4a1dcb903f6bac862989bdc5bb7e9d68f2b1007fbfc69b95d00a96b73
|
VirtualSize |
0x258c0
|
VirtualAddress |
0x540000
|
SizeOfRawData |
0x25a00
|
PointerToRawData |
0x53dc00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
Entropy |
6.36183
|
MD5 |
ecd83499b52499017cae30dc0d217d01
|
SHA1 |
c67094b1e7657b5ed0d56b3979746de51163c4aa
|
SHA256 |
1b62cc01252e5b5f8f24a42a63b99ad9e96148d2fe6e0888a429246a87ebc861
|
SHA3 |
8eac6d24395c5bdc01e611bf1cc7b75b40f44f6ab90a241a8cf9c30630479e78
|
VirtualSize |
0x2193c
|
VirtualAddress |
0x566000
|
SizeOfRawData |
0x21a00
|
PointerToRawData |
0x563600
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
Entropy |
4.22573
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
VirtualSize |
0x8830
|
VirtualAddress |
0x588000
|
SizeOfRawData |
0
|
PointerToRawData |
0
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
MD5 |
27423482c16da04e7384f8be981aa650
|
SHA1 |
ab44e05028db15a928f11ed6eb07623dcccdb386
|
SHA256 |
5e1af4a7d960e51efbaef8ce285f5bf36e952556b3cfe62971f056f6f7e9bd32
|
SHA3 |
34102d76b747c9e50b10912fa20ae664064b50c712f153c12ce82f5eaad003af
|
VirtualSize |
0x279c
|
VirtualAddress |
0x591000
|
SizeOfRawData |
0x2800
|
PointerToRawData |
0x585000
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
4.61919
|
MD5 |
60590bb4f59a79828c3e99007feb0a10
|
SHA1 |
97136ffa1574349b77f2249438dad21b2e933619
|
SHA256 |
f39fa0808a83e8c385989f26d8c0015ec0a7d8ffd6f36c8e079f445dafd06345
|
SHA3 |
36464477bb7ed99fbc77e23a2ae5609ab0512bf7c8baabdda123a1aeae605fec
|
VirtualSize |
0x60
|
VirtualAddress |
0x594000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0x587800
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
0.323255
|
MD5 |
bf619eac0cdf3f68d496ea9344137e8b
|
SHA1 |
5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
|
SHA256 |
076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
|
SHA3 |
622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
|
VirtualSize |
0x10
|
VirtualAddress |
0x595000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0x587a00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
0
|
MD5 |
0a6d6d1d2ed0f7977ad8f021c9cd36fd
|
SHA1 |
1e00fa5c41d7d4729460ada741c88e692f0544a5
|
SHA256 |
bddc441c1e3a6abd0a252c1a8a605f93ff8409950ae5584485b3a8e2c4ef55bd
|
SHA3 |
6063e21ab24ca7bc163b7eab7144c422bdbd9c567e9b06e4d42ecb7bc1f056b2
|
VirtualSize |
0x4e8
|
VirtualAddress |
0x596000
|
SizeOfRawData |
0x600
|
PointerToRawData |
0x587c00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
Entropy |
4.78493
|
MD5 |
70db71aeb49496b1eb8149a6865e3256
|
SHA1 |
87429427344f57a9482ea3b37a734b8ebbb48d1f
|
SHA256 |
01dc7d838151097aa0f33a365d794dbc5b3513a6a053f7b1a6eab6659055089f
|
SHA3 |
a2730ff9a372a1b537c2e6f53bb1be232268398974a71e027206601b1f6cc1d2
|
VirtualSize |
0x9650
|
VirtualAddress |
0x597000
|
SizeOfRawData |
0x9800
|
PointerToRawData |
0x588200
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
5.44009
|
MD5 |
f04ecce97c81b9710104e5adde76e110
|
SHA1 |
3108c05c639fe2425d43ba4465e867fe15f19574
|
SHA256 |
1c77fdecf5f6c4c8183739a3feda7c363b999a2c33f51ec9ab18d6dfdc7cd2de
|
SHA3 |
66cc2546b8957f810826d21636d306ae8fbb98533f09f8b7f9745192efc41dd8
|
VirtualSize |
0xfd0
|
VirtualAddress |
0x5a1000
|
SizeOfRawData |
0x1000
|
PointerToRawData |
0x591a00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
2.11302
|
MD5 |
b10756e855ab1a33be89d4f5f5cd3dbd
|
SHA1 |
38120f2f0c908d901d323645f0f969010bdcf31e
|
SHA256 |
e543ca5323781c44c13fc9ed0d8baed8c48f434cd0788a6ab37bc48251b52812
|
SHA3 |
44b56fa6953cfa7a0a673882b7d94f8b0cd223ebabe9b747a21d0278a2875391
|
VirtualSize |
0x24c15
|
VirtualAddress |
0x5a2000
|
SizeOfRawData |
0x24e00
|
PointerToRawData |
0x592a00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
5.777
|
MD5 |
f619b5d0655033f82d29ce50729941aa
|
SHA1 |
6bddaa1c1457748d6893e4f3d816b16e7e72ad11
|
SHA256 |
1b36e47084304bc4094c47033f889f6d0c3b8b3611f60b7cf9b36097961ae063
|
SHA3 |
17a271c2445861ad2dbe557643f15240cfd2eb5306dd5c61a6509c0615f0cb06
|
VirtualSize |
0x752c
|
VirtualAddress |
0x5c7000
|
SizeOfRawData |
0x7600
|
PointerToRawData |
0x5b7800
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
4.81471
|
MD5 |
9fbad9c417894f728328a417b395b99b
|
SHA1 |
a0f4dfac55abe2a9098a8d0cbecd7e4b4907ff51
|
SHA256 |
15c31ca274d71f6ce5b99b9a5c843d82f3d839e5c62f363d1df92f0c3eee4e93
|
SHA3 |
3aaafdea825dea57c90acde7416396b5c9e73349849183a4dffbd88cd7030678
|
VirtualSize |
0x10ac9
|
VirtualAddress |
0x5cf000
|
SizeOfRawData |
0x10c00
|
PointerToRawData |
0x5bee00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
5.08326
|
MD5 |
c5eacd394ad1b36b6946a607d22c6313
|
SHA1 |
318d1d8a7cb49a00c132350c5c10a57f980a17f3
|
SHA256 |
cf477571318069a8e92186feb2048509a0571083361569fcde4fec2c236008c3
|
SHA3 |
42905e0d0fa3ac1db94feae36c7d7a58d07efb53189156cccfca70891b3551ad
|
VirtualSize |
0x2c30
|
VirtualAddress |
0x5e0000
|
SizeOfRawData |
0x2e00
|
PointerToRawData |
0x5cfa00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
4.64566
|
MD5 |
07483db16694446fd4f09109bcf39017
|
SHA1 |
f285d668c9bd3f81a34810f329d10771b251a2c5
|
SHA256 |
4080a032d8ec9b0d9a7028b3816c255cad558fd76b452ffbe2a6926767e6b82b
|
SHA3 |
6da6ed63df9d98bae84b13021c01ee0a1d518f330f6839e678df2a8a3f57bc4a
|
VirtualSize |
0x6ce
|
VirtualAddress |
0x5e3000
|
SizeOfRawData |
0x800
|
PointerToRawData |
0x5d2800
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
4.79768
|
MD5 |
51b3c39d106e19a9bececc7eb6c2efc9
|
SHA1 |
2f86e0b0e51251ffa0e1da03b23fee48b588ba6c
|
SHA256 |
8bb7441c2dca30bbea13ccae5ca014f123367fe8c74d9e63a84157301224228d
|
SHA3 |
6f227a17551bec300d5cadfafe1d882af9bb2a8a88da0c3a932aa5e62f6af5b4
|
VirtualSize |
0x4d98
|
VirtualAddress |
0x5e4000
|
SizeOfRawData |
0x4e00
|
PointerToRawData |
0x5d3000
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
4.9988
|
MD5 |
0a950f0cff495553c1e9ed40cdf19b8e
|
SHA1 |
dbfd65b3222e3defba8118eadfaad93c25ce6601
|
SHA256 |
f2c086df2af8ee4581cbd70c37d225e85d007906d32d24467865dedaf59974ae
|
SHA3 |
46aed421d7e02a7e36a48f0de4564b77edca6b8b213ee1974447731fc0eb3c3b
|
VirtualSize |
0x13f40
|
VirtualAddress |
0x5e9000
|
SizeOfRawData |
0x14000
|
PointerToRawData |
0x5d7e00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
5.92412
|
MD5 |
82723c9e80ced8cb673e668249c2e58b
|
SHA1 |
ac0d1c3940c51cce1ba58416a6aa3584f12ccf52
|
SHA256 |
0c7ecf1cbf34ba6434cfc05c84fd189df1aa44a55a8d3e4febd119b161547982
|
SHA3 |
41bb4024a7726e728a6dd4762662c8f0575bb4bd363160db2b676928ea689411
|
VirtualSize |
0xc09
|
VirtualAddress |
0x5fd000
|
SizeOfRawData |
0xe00
|
PointerToRawData |
0x5ebe00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
5.59413
|
ADVAPI32.dll |
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
DeregisterEventSource
RegisterEventSourceW
ReportEventW
|
bcrypt.dll |
BCryptCloseAlgorithmProvider
BCryptDecrypt
BCryptDestroyKey
BCryptEncrypt
BCryptGenRandom
BCryptGenerateSymmetricKey
BCryptOpenAlgorithmProvider
BCryptSetProperty
|
KERNEL32.dll |
AcquireSRWLockExclusive
AcquireSRWLockShared
AreFileApisANSI
CloseHandle
ConvertFiberToThread
ConvertThreadToFiberEx
CreateDirectoryA
CreateFiberEx
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateMutexW
DeleteCriticalSection
DeleteFiber
DeleteFileA
DeleteFileW
EnterCriticalSection
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FormatMessageW
FreeLibrary
GetACP
GetComputerNameA
GetConsoleMode
GetConsoleWindow
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetEnvironmentVariableW
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFileType
GetFullPathNameA
GetFullPathNameW
GetLastError
GetModuleFileNameA
GetModuleHandleExA
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetVersion
GetVersionExA
GetVersionExW
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HeapValidate
InitializeCriticalSection
InitializeSRWLock
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
LockFile
LockFileEx
MapViewOfFile
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
ReadConsoleA
ReadConsoleW
ReadFile
ReleaseSRWLockExclusive
ReleaseSRWLockShared
RtlVirtualUnwind
SetConsoleMode
SetEndOfFile
SetFilePointer
SetLastError
SetUnhandledExceptionFilter
Sleep
SwitchToFiber
SystemTimeToFileTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnlockFile
UnlockFileEx
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualLock
VirtualProtect
VirtualQuery
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteFile
|
msvcrt.dll |
__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_access
_amsg_exit
_beginthreadex
_cexit
_chdir
_close
_commode
_endthreadex
_errno
_exit
_filelength
_fileno
_findclose
_findfirst64
_findnext64
_fmode
_fdopen
_fullpath
_gmtime64
_initterm
_localtime64
_lock
_msize
_onexit
_pclose
_popen
_read
_rmdir
_setmode
_sopen
_stat64
_strdup
_strdup
_strtoi64
_strtoui64
_time64
_unlock
_vsnprintf
_vsnwprintf
_wfopen
abort
acos
asin
atan
atoi
calloc
cosh
exit
fclose
feof
ferror
fflush
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
getc
getenv
isspace
isxdigit
localeconv
log10
malloc
memchr
memcmp
memcpy
memmove
memset
perror
qsort
raise
realloc
remove
setvbuf
signal
sinh
sprintf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncmp
strncpy
strrchr
strspn
strstr
strtok
strtol
strtoul
system
tan
tanh
tolower
ungetc
vfprintf
wcscpy
wcslen
wcsstr
wcstombs
|
USER32.dll |
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
ShowWindow
|
WININET.dll |
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetOpenUrlA
InternetReadFile
|
WS2_32.dll |
WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
accept
bind
closesocket
connect
gethostbyaddr
gethostbyname
getservbyname
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohs
recv
select
send
setsockopt
shutdown
socket
|
Type |
RT_MANIFEST
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x48f
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
5.13793
|
MD5 |
5aa04ce935e78505e230765e85c34355
|
SHA1 |
6c93b8c5fde8be4b2231dca6b8ec513cdc82c991
|
SHA256 |
a73f26a8d504043f785d7360e8febf2eeb8522ec873a0d4dd5d1d4bfd1e67d3d
|
SHA3 |
149467cafc03ba34b33cd8076fc2771413760822357952de205dbae2b5cb8059
|
StartAddressOfRawData |
0x140595000
|
EndAddressOfRawData |
0x140595008
|
AddressOfIndex |
0x14058fd1c
|
AddressOfCallbacks |
0x140594038
|
SizeOfZeroFill |
0
|
Characteristics |
IMAGE_SCN_TYPE_REG
|
Callbacks |
0x000000014045A2C0
0x000000014045A290
|
[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Tried to read outside the COFF string table to get the name of section /19!
[*] Warning: Tried to read outside the COFF string table to get the name of section /31!
[*] Warning: Tried to read outside the COFF string table to get the name of section /45!
[*] Warning: Tried to read outside the COFF string table to get the name of section /57!
[*] Warning: Tried to read outside the COFF string table to get the name of section /70!
[*] Warning: Tried to read outside the COFF string table to get the name of section /81!
[*] Warning: Tried to read outside the COFF string table to get the name of section /97!
[*] Warning: Tried to read outside the COFF string table to get the name of section /113!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF String Table's reported size is bigger than the remaining bytes!
[*] Warning: Section .bss has a size of 0!