Manalyze report for edca91c4b809c609ac9ba625af0ee23e

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Apr-26 13:51:42
Detected languages	English - United States
CompanyName	Microsoft Corporation
FileDescription	Paint
FileVersion	`10.0.19041.3758 (WinBuild.160101.0800)`
InternalName	MSPAINT
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	MSPAINT.EXE
ProductName	Microsoft® Windows® Operating System
ProductVersion	`10.0.19041.3758`

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: GetTempPathW CreateFileW` `Functions related to the privilege level: OpenProcessToken` `Enumerates local disk drives: GetDriveTypeW`
Malicious	The PE's digital signature is invalid.	`Signer: Akeo Consulting` `Issuer: Sectigo Public Code Signing CA EV R36` `The file was modified after it was signed.`
Malicious	VirusTotal score: 47/72 (Scanned on 2024-04-27 15:11:50)	`ALYac: Gen:Variant.Lazy.398180` `APEX: Malicious` `AVG: Win32:Agent-BDOJ [Trj]` `Alibaba: TrojanSpy:Win64/PyInstaller.283acd4e` `Arcabit: Trojan.Lazy.D61364` `Avast: Win32:Agent-BDOJ [Trj]` `Avira: TR/Crypt.FKM.Gen` `BitDefender: Trojan.Generic.35770214` `Bkav: W64.AIDetectMalware` `Cylance: unsafe` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `DrWeb: Python.Muldrop.16` `ESET-NOD32: a variant of Win64/Packed.PyInstaller.L` `Elastic: malicious (high confidence)` `Emsisoft: Trojan.Generic.35770214 (B)` `F-Secure: Trojan.TR/Crypt.FKM.Gen` `FireEye: Trojan.Generic.35770214` `Fortinet: W64/PackedPyInstaller.L!tr` `GData: Trojan.Generic.35770214` `Google: Detected` `Gridinsoft: Trojan.Win64.Agent.sa` `Ikarus: Trojan.Python.SLoader` `Jiangmin: TrojanSpy.Agent.afwu` `Kaspersky: Trojan-Spy.Win32.Agent.dffz` `Lionic: Trojan.Win32.Agent.Y!c` `MAX: malware (ai score=83)` `Malwarebytes: Generic.Malware.AI.DDS` `MaxSecure: Trojan.Malware.121218.susgen` `McAfee: Artemis!EDCA91C4B809` `MicroWorld-eScan: Trojan.Generic.35770214` `Microsoft: Trojan:Win64/Lazy.AME!MTB` `Paloalto: generic.ml` `Panda: Trj/CI.A` `Rising: Spyware.Agent/PYC!1.EA8F (CLASSIC)` `SentinelOne: Static AI - Malicious PE` `Skyhigh: BehavesLike.Win64.Generic.vc` `Sophos: Mal/Generic-S` `Symantec: Scr.Malcode!gen129` `Tencent: Win32.Trojan.Pyinstaller.Yolw` `TrendMicro: TROJ_GEN.R002C0DDQ24` `TrendMicro-HouseCall: TROJ_GEN.R002C0DDQ24` `VIPRE: Gen:Variant.Lazy.398180` `Varist: W64/Agent.IMI.gen!Eldorado` `Yandex: TrojanSpy.Agent!msb6+VQ6+xw` `ZoneAlarm: Trojan-Spy.Win32.Agent.dffz` `alibabacloud: Trojan[spy]:Win/Lazy.AZM2XJC`

Hashes

MD5	`edca91c4b809c609ac9ba625af0ee23e`
SHA1	`b5e13cc322d5ab342fc828024b5a1ec494d83170`
SHA256	`b07fe434ab1d6b3d6408b00976d01ccad8e0d46dd1f342b7f6c5236c0e55725c`
SHA3	`e1ade78a759205477f58e871f3ce67cf88df81087fa628ec15de1fe34dba7f82`
SSDeep	`98304:oxDjWM8JEE1rYRamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRGYKJJcGhEIFZ:ox0IseNTfm/pf+xk4dWRGtrbWOjgWy8`
Imports Hash	`1af6c885af093afc55142c2f1761dbe8`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2024-Apr-26 13:51:42
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x2ae00`
SizeOfInitializedData	`0x1f000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000000C330 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x51000`
SizeOfHeaders	`0x400`
Checksum	`0x6ef2e6`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x1e8480`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`75d19a4940b1c41e95d0f65f35d07455`
SHA1	`e013b532aacebf128ff69751b99620e07013ea83`
SHA256	`3f3a1536e78f697357b09e695ec5bed46be41ec87c09d184f5e3abdfe096d0c0`
SHA3	`73786fbaa6f9df9b68a00454b6b1cb56d61069766da27d9ddd87479aec4de6cc`
VirtualSize	`0x2adb0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2ae00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.50252`

.rdata

MD5	`0edb92afe52d94859426f2d9160ad12d`
SHA1	`871708b0a20240de8fdda707327c381771fc9547`
SHA256	`ccd8b24d413b0a5b54e4636cc529ecd2c2c0d229a586351320e0bdfa60dafd63`
SHA3	`7fb9fddc0f59d5350735a4ead9aaa607858f132c39860d3a9ab9400e46fa2f64`
VirtualSize	`0x12ebc`
VirtualAddress	`0x2c000`
SizeOfRawData	`0x13000`
PointerToRawData	`0x2b200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.81636`

.data

MD5	`c77d6acf176d4b487ea671c3fd3a6945`
SHA1	`b65ee044163dd3da59b6d18638b5a4ab5b12cbc4`
SHA256	`b4bee516cafd57193fe2012adf4a0128847a440348b5e4aa331eaf9d9a348f20`
SHA3	`f3630525591d88c735731dbdbdb6734ea2a26d2a4886a7f7d85dcc3b6c58ce55`
VirtualSize	`0x33b8`
VirtualAddress	`0x3f000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x3e200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.82805`

.pdata

MD5	`f9c9a5a34be2cb8fd1246f51c7b22c72`
SHA1	`4edf2af4bccaf00a015ea153c5bff18e637b6c59`
SHA256	`3d83196d193b95dc88a4b96f9b1c011ded7b3299bdd310cde2b198c0f085f871`
SHA3	`b7e075f966b4ddb47bcece7f9cf692f8a05ca373d0b4f0f220aa4c0b0133698b`
VirtualSize	`0x2304`
VirtualAddress	`0x43000`
SizeOfRawData	`0x2400`
PointerToRawData	`0x3f000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.38203`

_RDATA

MD5	`4ec0234c233e8c5ae54cd80f9630ff86`
SHA1	`d9050c30bb3c2eaaf9e3b3493915af8f83a18e37`
SHA256	`19717b523936a3c312146db4b29dc9d673555e607498ac487940377c8ad10974`
SHA3	`17612bc226b763094a2fe811178c926a735f5f883031080a250045c60c7b0bc3`
VirtualSize	`0x1f4`
VirtualAddress	`0x46000`
SizeOfRawData	`0x200`
PointerToRawData	`0x41400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.69833`

.rsrc

MD5	`fc309503f5035ed359c2b361e35783f7`
SHA1	`c6591ca10640b31f7fa3ef749e0638902add1832`
SHA256	`3af55e5731b1e1dd54c4080c6bd8562dcf940e5346bbcbb3678ed6290935b21b`
SHA3	`b3e55350c1786abb5e481c6cd2695f218a673960df74e5b7063f1e894e2f605d`
VirtualSize	`0x8240`
VirtualAddress	`0x47000`
SizeOfRawData	`0x8400`
PointerToRawData	`0x41600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.88002`

.reloc

MD5	`f1d633c1708caf707b59b5e59d6f78b3`
SHA1	`8c2f0dc43baa1bd75e92f9e63e3f2ea332d0527e`
SHA256	`32ddaf93f3555b6d5159e3a019e4e0794c181fa24cf9fd9b042520a13c062009`
SHA3	`4e9c720a9a984a6f808021abb1a7b2f7466aba035af30379fe53919a261c7b98`
VirtualSize	`0x758`
VirtualAddress	`0x50000`
SizeOfRawData	`0x800`
PointerToRawData	`0x49a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.24652`

Imports

USER32.dll	`CreateWindowExW` `MessageBoxW` `MessageBoxA` `SystemParametersInfoW` `DestroyIcon` `SetWindowLongPtrW` `GetWindowLongPtrW` `GetClientRect` `InvalidateRect` `ReleaseDC` `GetDC` `DrawTextW` `GetDialogBaseUnits` `EndDialog` `DialogBoxIndirectParamW` `MoveWindow` `SendMessageW`
COMCTL32.dll	`#380`
KERNEL32.dll	`IsValidCodePage` `GetStringTypeW` `GetFileAttributesExW` `HeapReAlloc` `FlushFileBuffers` `GetCurrentDirectoryW` `GetACP` `GetOEMCP` `GetModuleHandleW` `MulDiv` `GetLastError` `SetDllDirectoryW` `GetModuleFileNameW` `CreateSymbolicLinkW` `GetProcAddress` `GetCommandLineW` `GetEnvironmentVariableW` `GetCPInfo` `ExpandEnvironmentStringsW` `CreateDirectoryW` `GetTempPathW` `WaitForSingleObject` `Sleep` `GetExitCodeProcess` `CreateProcessW` `GetStartupInfoW` `FreeLibrary` `LoadLibraryExW` `SetConsoleCtrlHandler` `FindClose` `FindFirstFileExW` `CloseHandle` `GetCurrentProcess` `LocalFree` `FormatMessageW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `GetProcessHeap` `GetTimeZoneInformation` `HeapSize` `WriteConsoleW` `SetEndOfFile` `SetEnvironmentVariableW` `RtlUnwindEx` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `EncodePointer` `RaiseException` `RtlPcToFileHeader` `GetCommandLineA` `CreateFileW` `GetDriveTypeW` `GetFileInformationByHandle` `GetFileType` `PeekNamedPipe` `SystemTimeToTzSpecificLocalTime` `FileTimeToSystemTime` `GetFullPathNameW` `RemoveDirectoryW` `FindNextFileW` `SetStdHandle` `DeleteFileW` `ReadFile` `GetStdHandle` `WriteFile` `ExitProcess` `GetModuleHandleExW` `HeapFree` `GetConsoleMode` `ReadConsoleW` `SetFilePointerEx` `GetConsoleOutputCP` `GetFileSizeEx` `HeapAlloc` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `CompareStringW` `LCMapStringW`
ADVAPI32.dll	`OpenProcessToken` `GetTokenInformation` `ConvertStringSecurityDescriptorToSecurityDescriptorW` `ConvertSidToStringSidW`
GDI32.dll	`SelectObject` `DeleteObject` `CreateFontIndirectW`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x35a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.67306`
Detected Filetype	PNG graphic file
MD5	`81dd1c38f8a86592db0ab23ebbbf0c6f`
SHA1	`3f9a42aa3d1d993dcbbc3ebb9bf8937cfcdea8b7`
SHA256	`2ccdb9af111bc7550e051c52695670a2b9b2ab4615f343853a410f23ecadad39`
SHA3	`6b2d1fbf1a7be7040293018b15719487bf3bb9f52dfc87703e759d19991cf6e3`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x648`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.84295`
Detected Filetype	PNG graphic file
MD5	`9793e81a657a0e831faa26407d1ab4b9`
SHA1	`aa06ff560ccdaa21ecfb91cb31b83f96770a9a07`
SHA256	`6eece59f1c9abd30a8a86fe82e3ddf53c84f4c42501365a1ac68ee2164a15e57`
SHA3	`65f914e0f27e20c77e0fa861962638a5b941314190eb863c987e16d06e323f86`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x94a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.86455`
Detected Filetype	PNG graphic file
MD5	`715f9e96307930d4efbad8ea445df61d`
SHA1	`2e6d3f8c8e1e6951ca847c9f58a7213f7645cff7`
SHA256	`eaaaecac4bf4d22d5ad98c4440e550a35968adde8e0ac96bc1b547c6a990e96f`
SHA3	`4141d4781670a3511316a8dc051847ef241bcaf0cecbe0f815df6d9d960712ec`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1043`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.89202`
Detected Filetype	PNG graphic file
MD5	`c550a7bcbe5c4452e4b5d2aebe8508e3`
SHA1	`926aff832120c76bba76adbbcea806e72ec8a1c6`
SHA256	`0c85a2487e7157e33dacc0e7007a9f679ec3b413a49719e47349e639e58133ce`
SHA3	`2ca3606752f5e3c22a6f6f95f146de435e558c2aab66b043f8520b3269f0ac24`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1727`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.9321`
Detected Filetype	PNG graphic file
MD5	`0e728dc98e7ce4ef31bf0c1d56c7f3ef`
SHA1	`15ff374edec29014bca88b76706f4d5416c494d3`
SHA256	`6211a79dc20089e0881ab7a15f118fac0bdde0ee8d53193937ab349b9d76cfdc`
SHA3	`abebd968ac77e10f890b391f6bbff09c20d537afa48bec00e76a93a8795b0747`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x3cea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.9745`
Detected Filetype	PNG graphic file
MD5	`8bd00d6e9ccae225ad263bd10c2ea9c5`
SHA1	`9e68cbb24fbd044e6eb52b8ba8dfb0d77685b8fb`
SHA256	`56282736e42f883db8d48a94c66fb7ebfa10d2bc9f72682f7f9bcfce010c51db`
SHA3	`78252e638d5e2d3a10878bdd3966a5452dda9d8c157352d6dc2a14f285ee350c`

1 (#2)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.71482`
Detected Filetype	Icon file
MD5	`a2a0a19d0fa900d93d6cb5610ff6db64`
SHA1	`515aa7bfe88647989bddcfeba39904b5ea5311d4`
SHA256	`0fa617b993223d555041bdeef40d5224425bce4a78b4f5551634488a5104a9ba`
SHA3	`98732c2742945f1a58033e462fcaf99b2c4252c53d9d4a5c55a8055dd6adc4c4`

1 (#3)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x36c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.54992`
MD5	`95b2e28fd7a9c135abf3f2fbe96bd260`
SHA1	`a90a6167ef920431603c14167ca380dd3039b888`
SHA256	`5f9fb0485b707c9aa453cb12e7082819cf65f30008d4c34d954baf5d8fd96a29`
SHA3	`b463de7e5ac01a3a2999461d46bc18c877aa4f1891781c50db56a661c7d630e0`

1 (#4)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x50d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.25791`
MD5	`84da8dee6b319ea0b10b6de5489c6aae`
SHA1	`5f8991f3e065fd95614859a293f88b9c70e4bb23`
SHA256	`abf8f2022f12f350789d961aceaf9ccfd53e7ec58d8c9934cfce77779b4eac11`
SHA3	`08f0562915b54bedce5a84e9d32cb2efcc538268785103b1852338e20a3b4606`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	10.0.19041.3758
ProductVersion	10.0.19041.3758
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Paint
FileVersion (#2)	10.0.19041.3758 (WinBuild.160101.0800)
InternalName	MSPAINT
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	MSPAINT.EXE
ProductName	Microsoft® Windows® Operating System
ProductVersion (#2)	10.0.19041.3758

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2024-Apr-26 13:51:42
Version	`0.0`
SizeofData	`812`
AddressOfRawData	`0x3bae0`
PointerToRawData	`0x3ace0`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14003f040`
GuardCFCheckFunctionPointer	`5368890400`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0xaad19891`
Unmarked objects	`0`
ASM objects (30795)	`8`
C++ objects (30795)	`188`
C objects (30795)	`10`
Unmarked objects (#2)	`1`
253 (VS 2015-2022 runtime 33030)	`4`
C++ objects (VS 2015-2022 runtime 33030)	`40`
C objects (VS 2015-2022 runtime 33030)	`17`
ASM objects (VS 2015-2022 runtime 33030)	`17`
Imports (30795)	`11`
Total imports	`139`
C objects (33135)	`21`
Linker (33135)	`1`

edca91c4b809c609ac9ba625af0ee23e

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

_RDATA

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

1 (#2)

1 (#3)

1 (#4)

Version Info

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors