Manalyze report for 0cfcbed897db86ab9f29df8d4b576150

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2024-Mar-30 18:37:48
TLS Callbacks	2 callback(s) detected.
Debug artifacts	Embedded COFF debugging symbols

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to security software: rshell.exe` `Contains domain names: freeipapi.com https://freeipapi.com openssl.org`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses constants related to Blowfish` `Uses constants related to RC5 or RC6` `Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata` `Unusual section name found: /4` `Unusual section name found: /19` `Unusual section name found: /31` `Unusual section name found: /45` `Unusual section name found: /57` `Unusual section name found: /70` `Unusual section name found: /81` `Unusual section name found: /97` `Unusual section name found: /113`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryW` `Possibly launches other programs: system` `Uses Microsoft's cryptographic API: CryptAcquireContextW CryptGenRandom CryptReleaseContext` `Can create temporary files: CreateFileA CreateFileW GetTempPathA GetTempPathW` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Has Internet access capabilities: InternetCloseHandle InternetConnectA InternetOpenA InternetOpenUrlA InternetReadFile` `Leverages the raw socket API to access the Internet: WSACleanup WSAGetLastError WSASetLastError WSAStartup accept bind closesocket connect gethostbyaddr gethostbyname getservbyname getservbyport getsockname getsockopt htonl htons inet_addr inet_ntoa ioctlsocket listen ntohs recv select send setsockopt shutdown socket`
Suspicious	The file contains overlay data.	`943987 bytes of data starting at offset 0x5ecc00.`
Safe	VirusTotal score: 0/71 (Scanned on 2024-04-23 04:29:44)	`All the AVs think this file is safe.`

Hashes

MD5	`0cfcbed897db86ab9f29df8d4b576150`
SHA1	`5984d1601e6d115dd84dcf1e5e9e68c8d083ba9e`
SHA256	`eac4f2902f8d0756ca00326dc4a53d8b0d3f77dab23d1d05a5fd5257dcf13e7c`
SHA3	`128f65f1cfc71cd90d28792e06b5a6e0f493bd6bdb42a6d68b04936bf456a6e8`
SSDeep	`98304:8ZU+4cYV5M6Z17WovexHh+Md+bC1mH4cZUi8SlbWI:8ZUBxsHhWbI5cZUid`
Imports Hash	`1817c3379abb96baf06256619f50716a`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`20`
TimeDateStamp	2024-Mar-30 18:37:48
PointerToSymbolTable	`0x5ecc00`
NumberOfSymbols	`33943`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0x469c00`
SizeOfInitializedData	`0x591400`
SizeOfUninitializedData	`0x8a00`
AddressOfEntryPoint	`0x00000000000013F0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x5fe000`
SizeOfHeaders	`0x600`
Checksum	`0x6d6935`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`99e762d84544459673650bdfa0e9259e`
SHA1	`c957e4865ce26929c0c41fefe22bdd8df97d64b7`
SHA256	`8c24c125160b01d0342b9a7f1072e9c4ea0cea29f8cb53369710c5560a9e2bc6`
SHA3	`1df3fb7a2e93e0d760edf6a87ab9b7218cea87132060cff78f358cf8e05a191e`
VirtualSize	`0x469b30`
VirtualAddress	`0x1000`
SizeOfRawData	`0x469c00`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.59186`

.data

MD5	`1e9b9fd741f63b06b4eed59d54386117`
SHA1	`d69d851bd189c0299dea2b81277b05e1a4f180c8`
SHA256	`b664fa9b9df17723f1f6b284c0e3b8c66b1fa7d20a5c7f636c1ab0578963e05b`
SHA3	`bf2b51b4abf79f50c2c1e9013434aa3a2fd0a1ce9c0a9d83d401dd9781c9c30f`
VirtualSize	`0x9140`
VirtualAddress	`0x46b000`
SizeOfRawData	`0x9200`
PointerToRawData	`0x46a200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.59986`

.rdata

MD5	`8068298d586a83f2422bebbc69d8d461`
SHA1	`ab0f8c86c0e77331c4ec46b9caa6148ff4f25751`
SHA256	`9b88cb86d2b8075043fb93d33c3ef772ef822f18f584d8ba0e4afaf64995df00`
SHA3	`22cd0b6875f4e6b493aeb1dcf76d50a0335cff282048f1f590d1980889ffc0d4`
VirtualSize	`0xca760`
VirtualAddress	`0x475000`
SizeOfRawData	`0xca800`
PointerToRawData	`0x473400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.25828`

.pdata

MD5	`e6fcde42adf3b24959e06b8f9c57f923`
SHA1	`6861d7061eaffd60322d423250f16900f4eeaaf0`
SHA256	`bf3301454e9d86dd9242c1afb59245b626df4b80e2791b1319b698e9bc511782`
SHA3	`2c0a87c4a1dcb903f6bac862989bdc5bb7e9d68f2b1007fbfc69b95d00a96b73`
VirtualSize	`0x258c0`
VirtualAddress	`0x540000`
SizeOfRawData	`0x25a00`
PointerToRawData	`0x53dc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.36183`

.xdata

MD5	`ecd83499b52499017cae30dc0d217d01`
SHA1	`c67094b1e7657b5ed0d56b3979746de51163c4aa`
SHA256	`1b62cc01252e5b5f8f24a42a63b99ad9e96148d2fe6e0888a429246a87ebc861`
SHA3	`8eac6d24395c5bdc01e611bf1cc7b75b40f44f6ab90a241a8cf9c30630479e78`
VirtualSize	`0x2193c`
VirtualAddress	`0x566000`
SizeOfRawData	`0x21a00`
PointerToRawData	`0x563600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.22573`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x8830`
VirtualAddress	`0x588000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`27423482c16da04e7384f8be981aa650`
SHA1	`ab44e05028db15a928f11ed6eb07623dcccdb386`
SHA256	`5e1af4a7d960e51efbaef8ce285f5bf36e952556b3cfe62971f056f6f7e9bd32`
SHA3	`34102d76b747c9e50b10912fa20ae664064b50c712f153c12ce82f5eaad003af`
VirtualSize	`0x279c`
VirtualAddress	`0x591000`
SizeOfRawData	`0x2800`
PointerToRawData	`0x585000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.61919`

.CRT

MD5	`60590bb4f59a79828c3e99007feb0a10`
SHA1	`97136ffa1574349b77f2249438dad21b2e933619`
SHA256	`f39fa0808a83e8c385989f26d8c0015ec0a7d8ffd6f36c8e079f445dafd06345`
SHA3	`36464477bb7ed99fbc77e23a2ae5609ab0512bf7c8baabdda123a1aeae605fec`
VirtualSize	`0x60`
VirtualAddress	`0x594000`
SizeOfRawData	`0x200`
PointerToRawData	`0x587800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.323255`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x10`
VirtualAddress	`0x595000`
SizeOfRawData	`0x200`
PointerToRawData	`0x587a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`0a6d6d1d2ed0f7977ad8f021c9cd36fd`
SHA1	`1e00fa5c41d7d4729460ada741c88e692f0544a5`
SHA256	`bddc441c1e3a6abd0a252c1a8a605f93ff8409950ae5584485b3a8e2c4ef55bd`
SHA3	`6063e21ab24ca7bc163b7eab7144c422bdbd9c567e9b06e4d42ecb7bc1f056b2`
VirtualSize	`0x4e8`
VirtualAddress	`0x596000`
SizeOfRawData	`0x600`
PointerToRawData	`0x587c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.78493`

.reloc

MD5	`70db71aeb49496b1eb8149a6865e3256`
SHA1	`87429427344f57a9482ea3b37a734b8ebbb48d1f`
SHA256	`01dc7d838151097aa0f33a365d794dbc5b3513a6a053f7b1a6eab6659055089f`
SHA3	`a2730ff9a372a1b537c2e6f53bb1be232268398974a71e027206601b1f6cc1d2`
VirtualSize	`0x9650`
VirtualAddress	`0x597000`
SizeOfRawData	`0x9800`
PointerToRawData	`0x588200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.44009`

/4

MD5	`f04ecce97c81b9710104e5adde76e110`
SHA1	`3108c05c639fe2425d43ba4465e867fe15f19574`
SHA256	`1c77fdecf5f6c4c8183739a3feda7c363b999a2c33f51ec9ab18d6dfdc7cd2de`
SHA3	`66cc2546b8957f810826d21636d306ae8fbb98533f09f8b7f9745192efc41dd8`
VirtualSize	`0xfd0`
VirtualAddress	`0x5a1000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x591a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.11302`

/19

MD5	`b10756e855ab1a33be89d4f5f5cd3dbd`
SHA1	`38120f2f0c908d901d323645f0f969010bdcf31e`
SHA256	`e543ca5323781c44c13fc9ed0d8baed8c48f434cd0788a6ab37bc48251b52812`
SHA3	`44b56fa6953cfa7a0a673882b7d94f8b0cd223ebabe9b747a21d0278a2875391`
VirtualSize	`0x24c15`
VirtualAddress	`0x5a2000`
SizeOfRawData	`0x24e00`
PointerToRawData	`0x592a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.777`

/31

MD5	`f619b5d0655033f82d29ce50729941aa`
SHA1	`6bddaa1c1457748d6893e4f3d816b16e7e72ad11`
SHA256	`1b36e47084304bc4094c47033f889f6d0c3b8b3611f60b7cf9b36097961ae063`
SHA3	`17a271c2445861ad2dbe557643f15240cfd2eb5306dd5c61a6509c0615f0cb06`
VirtualSize	`0x752c`
VirtualAddress	`0x5c7000`
SizeOfRawData	`0x7600`
PointerToRawData	`0x5b7800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.81471`

/45

MD5	`9fbad9c417894f728328a417b395b99b`
SHA1	`a0f4dfac55abe2a9098a8d0cbecd7e4b4907ff51`
SHA256	`15c31ca274d71f6ce5b99b9a5c843d82f3d839e5c62f363d1df92f0c3eee4e93`
SHA3	`3aaafdea825dea57c90acde7416396b5c9e73349849183a4dffbd88cd7030678`
VirtualSize	`0x10ac9`
VirtualAddress	`0x5cf000`
SizeOfRawData	`0x10c00`
PointerToRawData	`0x5bee00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.08326`

/57

MD5	`c5eacd394ad1b36b6946a607d22c6313`
SHA1	`318d1d8a7cb49a00c132350c5c10a57f980a17f3`
SHA256	`cf477571318069a8e92186feb2048509a0571083361569fcde4fec2c236008c3`
SHA3	`42905e0d0fa3ac1db94feae36c7d7a58d07efb53189156cccfca70891b3551ad`
VirtualSize	`0x2c30`
VirtualAddress	`0x5e0000`
SizeOfRawData	`0x2e00`
PointerToRawData	`0x5cfa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.64566`

/70

MD5	`07483db16694446fd4f09109bcf39017`
SHA1	`f285d668c9bd3f81a34810f329d10771b251a2c5`
SHA256	`4080a032d8ec9b0d9a7028b3816c255cad558fd76b452ffbe2a6926767e6b82b`
SHA3	`6da6ed63df9d98bae84b13021c01ee0a1d518f330f6839e678df2a8a3f57bc4a`
VirtualSize	`0x6ce`
VirtualAddress	`0x5e3000`
SizeOfRawData	`0x800`
PointerToRawData	`0x5d2800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.79768`

/81

MD5	`51b3c39d106e19a9bececc7eb6c2efc9`
SHA1	`2f86e0b0e51251ffa0e1da03b23fee48b588ba6c`
SHA256	`8bb7441c2dca30bbea13ccae5ca014f123367fe8c74d9e63a84157301224228d`
SHA3	`6f227a17551bec300d5cadfafe1d882af9bb2a8a88da0c3a932aa5e62f6af5b4`
VirtualSize	`0x4d98`
VirtualAddress	`0x5e4000`
SizeOfRawData	`0x4e00`
PointerToRawData	`0x5d3000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.9988`

/97

MD5	`0a950f0cff495553c1e9ed40cdf19b8e`
SHA1	`dbfd65b3222e3defba8118eadfaad93c25ce6601`
SHA256	`f2c086df2af8ee4581cbd70c37d225e85d007906d32d24467865dedaf59974ae`
SHA3	`46aed421d7e02a7e36a48f0de4564b77edca6b8b213ee1974447731fc0eb3c3b`
VirtualSize	`0x13f40`
VirtualAddress	`0x5e9000`
SizeOfRawData	`0x14000`
PointerToRawData	`0x5d7e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.92412`

/113

MD5	`82723c9e80ced8cb673e668249c2e58b`
SHA1	`ac0d1c3940c51cce1ba58416a6aa3584f12ccf52`
SHA256	`0c7ecf1cbf34ba6434cfc05c84fd189df1aa44a55a8d3e4febd119b161547982`
SHA3	`41bb4024a7726e728a6dd4762662c8f0575bb4bd363160db2b676928ea689411`
VirtualSize	`0xc09`
VirtualAddress	`0x5fd000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x5ebe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.59413`

Imports

ADVAPI32.dll	`CryptAcquireContextW` `CryptGenRandom` `CryptReleaseContext` `DeregisterEventSource` `RegisterEventSourceW` `ReportEventW`
bcrypt.dll	`BCryptCloseAlgorithmProvider` `BCryptDecrypt` `BCryptDestroyKey` `BCryptEncrypt` `BCryptGenRandom` `BCryptGenerateSymmetricKey` `BCryptOpenAlgorithmProvider` `BCryptSetProperty`
KERNEL32.dll	`AcquireSRWLockExclusive` `AcquireSRWLockShared` `AreFileApisANSI` `CloseHandle` `ConvertFiberToThread` `ConvertThreadToFiberEx` `CreateDirectoryA` `CreateFiberEx` `CreateFileA` `CreateFileMappingA` `CreateFileMappingW` `CreateFileW` `CreateMutexW` `DeleteCriticalSection` `DeleteFiber` `DeleteFileA` `DeleteFileW` `EnterCriticalSection` `FindClose` `FindFirstFileW` `FindNextFileW` `FlushFileBuffers` `FlushViewOfFile` `FormatMessageA` `FormatMessageW` `FreeLibrary` `GetACP` `GetComputerNameA` `GetConsoleMode` `GetConsoleWindow` `GetCurrentProcessId` `GetCurrentThreadId` `GetDiskFreeSpaceA` `GetDiskFreeSpaceW` `GetEnvironmentVariableW` `GetFileAttributesA` `GetFileAttributesExW` `GetFileAttributesW` `GetFileSize` `GetFileType` `GetFullPathNameA` `GetFullPathNameW` `GetLastError` `GetModuleFileNameA` `GetModuleHandleExA` `GetModuleHandleExW` `GetModuleHandleW` `GetProcAddress` `GetProcessHeap` `GetStdHandle` `GetSystemDirectoryA` `GetSystemInfo` `GetSystemTime` `GetSystemTimeAsFileTime` `GetTempPathA` `GetTempPathW` `GetTickCount` `GetVersion` `GetVersionExA` `GetVersionExW` `HeapAlloc` `HeapCompact` `HeapCreate` `HeapDestroy` `HeapFree` `HeapReAlloc` `HeapSize` `HeapValidate` `InitializeCriticalSection` `InitializeSRWLock` `IsDBCSLeadByteEx` `LeaveCriticalSection` `LoadLibraryA` `LoadLibraryW` `LocalFree` `LockFile` `LockFileEx` `MapViewOfFile` `MultiByteToWideChar` `OutputDebugStringA` `OutputDebugStringW` `QueryPerformanceCounter` `ReadConsoleA` `ReadConsoleW` `ReadFile` `ReleaseSRWLockExclusive` `ReleaseSRWLockShared` `RtlVirtualUnwind` `SetConsoleMode` `SetEndOfFile` `SetFilePointer` `SetLastError` `SetUnhandledExceptionFilter` `Sleep` `SwitchToFiber` `SystemTimeToFileTime` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `TryEnterCriticalSection` `UnlockFile` `UnlockFileEx` `UnmapViewOfFile` `VirtualAlloc` `VirtualFree` `VirtualLock` `VirtualProtect` `VirtualQuery` `WaitForSingleObject` `WaitForSingleObjectEx` `WideCharToMultiByte` `WriteFile`
msvcrt.dll	`__C_specific_handler` `___lc_codepage_func` `___mb_cur_max_func` `__getmainargs` `__initenv` `__iob_func` `__set_app_type` `__setusermatherr` `_access` `_amsg_exit` `_beginthreadex` `_cexit` `_chdir` `_close` `_commode` `_endthreadex` `_errno` `_exit` `_filelength` `_fileno` `_findclose` `_findfirst64` `_findnext64` `_fmode` `_fdopen` `_fullpath` `_gmtime64` `_initterm` `_localtime64` `_lock` `_msize` `_onexit` `_pclose` `_popen` `_read` `_rmdir` `_setmode` `_sopen` `_stat64` `_strdup` `_strdup` `_strtoi64` `_strtoui64` `_time64` `_unlock` `_vsnprintf` `_vsnwprintf` `_wfopen` `abort` `acos` `asin` `atan` `atoi` `calloc` `cosh` `exit` `fclose` `feof` `ferror` `fflush` `fgets` `fopen` `fprintf` `fputc` `fputs` `fread` `free` `fseek` `ftell` `fwrite` `getc` `getenv` `isspace` `isxdigit` `localeconv` `log10` `malloc` `memchr` `memcmp` `memcpy` `memmove` `memset` `perror` `qsort` `raise` `realloc` `remove` `setvbuf` `signal` `sinh` `sprintf` `strcat` `strchr` `strcmp` `strcpy` `strcspn` `strerror` `strlen` `strncmp` `strncpy` `strrchr` `strspn` `strstr` `strtok` `strtol` `strtoul` `system` `tan` `tanh` `tolower` `ungetc` `vfprintf` `wcscpy` `wcslen` `wcsstr` `wcstombs`
USER32.dll	`GetProcessWindowStation` `GetUserObjectInformationW` `MessageBoxW` `ShowWindow`
WININET.dll	`HttpOpenRequestA` `HttpSendRequestA` `InternetCloseHandle` `InternetConnectA` `InternetOpenA` `InternetOpenUrlA` `InternetReadFile`
WS2_32.dll	`WSACleanup` `WSAGetLastError` `WSASetLastError` `WSAStartup` `accept` `bind` `closesocket` `connect` `gethostbyaddr` `gethostbyname` `getservbyname` `getservbyport` `getsockname` `getsockopt` `htonl` `htons` `inet_addr` `inet_ntoa` `ioctlsocket` `listen` `ntohs` `recv` `select` `send` `setsockopt` `shutdown` `socket`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x48f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.13793`
MD5	`5aa04ce935e78505e230765e85c34355`
SHA1	`6c93b8c5fde8be4b2231dca6b8ec513cdc82c991`
SHA256	`a73f26a8d504043f785d7360e8febf2eeb8522ec873a0d4dd5d1d4bfd1e67d3d`
SHA3	`149467cafc03ba34b33cd8076fc2771413760822357952de205dbae2b5cb8059`

Version Info

TLS Callbacks

StartAddressOfRawData	`0x140595000`
EndAddressOfRawData	`0x140595008`
AddressOfIndex	`0x14058fd1c`
AddressOfCallbacks	`0x140594038`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x000000014045A2C0` `0x000000014045A290`

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Tried to read outside the COFF string table to get the name of section /19!
[*] Warning: Tried to read outside the COFF string table to get the name of section /31!
[*] Warning: Tried to read outside the COFF string table to get the name of section /45!
[*] Warning: Tried to read outside the COFF string table to get the name of section /57!
[*] Warning: Tried to read outside the COFF string table to get the name of section /70!
[*] Warning: Tried to read outside the COFF string table to get the name of section /81!
[*] Warning: Tried to read outside the COFF string table to get the name of section /97!
[*] Warning: Tried to read outside the COFF string table to get the name of section /113!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF String Table's reported size is bigger than the remaining bytes!
[*] Warning: Section .bss has a size of 0!