{ "a238d887de54f7a77628e6f4406e40b7bda8ffc9d42dda9a0142c51dd8c2331f": { "DOS Header": { "e_magic": "MZ", "e_cblp": 144, "e_cp": 3, "e_crlc": 0, "e_cparhdr": 4, "e_minalloc": 0, "e_maxalloc": 65535, "e_ss": 0, "e_sp": 184, "e_csum": 0, "e_ip": 0, "e_cs": 0, "e_ovno": 0, "e_oemid": 0, "e_oeminfo": 0, "e_lfanew": 256 }, "Debug Info": { "IMAGE_DEBUG_TYPE_POGO": { "Characteristics": 0, "TimeDateStamp": "2017-Jun-19 22:36:44", "Version": "0.0", "SizeofData": 960, "AddressOfRawData": 853400, "PointerToRawData": 848792 } }, "Errors": "", "Hashes": { "MD5": "d64a8cfc11dedb8c3c5b8a1aaf8bd8b0", "SHA1": "6ecffa0a5aa69076b24b0d61c62842106ae50f13", "SHA256": "a238d887de54f7a77628e6f4406e40b7bda8ffc9d42dda9a0142c51dd8c2331f", "SHA3": "9ffe7357e48d7188e340a9fe1300fe34df9a39506fdfc4e671733b490f9e727d", "SSDeep": "24576:ZJt883l23IEOQsUl6FJHwU0nbD76j+4uyZeNq:J8883IEOQsUl6FJHwU0bv6j+4uyZeNq", "Imports Hash": "7d469ef875c04dc3af5dfd013501e53e" }, "Image Optional Header": { "Magic": "PE32", "LinkerVersion": "14.0", "SizeOfCode": 739840, "SizeOfInitializedData": 268800, "SizeOfUninitializedData": 0, "AddressOfEntryPoint": "0x000872B4 (Section: .text)", "BaseOfCode": 4096, "BaseOfData": 745472, "ImageBase": 4194304, "SectionAlignment": 4096, "FileAlignment": 512, "OperatingSystemVersion": "5.1", "ImageVersion": "0.0", "SubsystemVersion": "5.1", "Win32VersionValue": 0, "SizeOfImage": 1028096, "SizeOfHeaders": 1024, "Checksum": 1062425, "Subsystem": "IMAGE_SUBSYSTEM_WINDOWS_CUI", "DllCharacteristics": [ "IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE", "IMAGE_DLLCHARACTERISTICS_NX_COMPAT", "IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE" ], "SizeofStackReserve": 1048576, "SizeofStackCommit": 4096, "SizeofHeapReserve": 1048576, "SizeofHeapCommit": 4096, "LoaderFlags": 0, "NumberOfRvaAndSizes": 16 }, "Imports": { "KERNEL32.dll": [ "FreeLibrary", "GetProcAddress", "LoadLibraryA", "HeapSize", "ReadConsoleW", "WriteConsoleW", "SetStdHandle", "FreeEnvironmentStringsW", "GetEnvironmentStringsW", "GetOEMCP", "IsValidCodePage", "FindNextFileA", "FindFirstFileExA", "GetTimeZoneInformation", "GetProcessHeap", "ReadFile", "GetConsoleMode", "GetConsoleCP", "FlushFileBuffers", "GetFileType", "EnumSystemLocalesW", "IsValidLocale", "GetTimeFormatW", "GetDateFormatW", "GetACP", "GetCommandLineW", "GetCommandLineA", "WriteFile", "GetStdHandle", "GetModuleFileNameA", "HeapFree", "HeapReAlloc", "HeapAlloc", "GetCurrentDirectoryA", "SetCurrentDirectoryA", "SetEnvironmentVariableA", "GetModuleHandleExW", "ExitProcess", "LoadLibraryExW", "RtlUnwind", "RaiseException", "InitializeSListHead", "GetCurrentThreadId", "GetCurrentProcessId", "QueryPerformanceCounter", "TerminateProcess", "GetCurrentProcess", "GetStartupInfoW", "SetUnhandledExceptionFilter", "UnhandledExceptionFilter", "IsDebuggerPresent", "IsProcessorFeaturePresent", "WaitForSingleObjectEx", "ResetEvent", "SetEvent", "GetCPInfo", "GetStringTypeW", "GetLocaleInfoW", "CompareStringW", "GetModuleHandleW", "GetSystemTimeAsFileTime", "TlsFree", "TlsSetValue", "TlsGetValue", "TlsAlloc", "CreateEventW", "InitializeCriticalSectionAndSpinCount", "SetLastError", "DecodePointer", "EncodePointer", "DeleteCriticalSection", "LeaveCriticalSection", "EnterCriticalSection", "WideCharToMultiByte", "MultiByteToWideChar", "AreFileApisANSI", "GetModuleHandleA", "DeviceIoControl", "GetLastError", "CloseHandle", "SetFilePointerEx", "SetEndOfFile", "Sleep", "LCMapStringW", "LCMapStringA", "GetUserDefaultLCID", "GetStringTypeExA", "LocalFree", "FormatMessageA", "GetCurrentDirectoryW", "CreateDirectoryW", "CreateFileW", "FindClose", "FindFirstFileW", "FindNextFileW", "GetFileAttributesW" ], "manape.dll": [ "?get_delay_load_table@PE@mana@@QBE?AV?$shared_ptr@$$CBUdelay_load_directory_table_t@mana@@@boost@@XZ", "??0PE@mana@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z", "??1PE@mana@@UAE@XZ", "?get_path@PE@mana@@QBE?AV?$shared_ptr@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@boost@@XZ", "?translate_to_flags@nt@@YA?AV?$shared_ptr@$$CBV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@boost@@HABV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@@Z", "?find_imported_dlls@PE@mana@@QBE?AV?$shared_ptr@$$CBV?$vector@V?$shared_ptr@VImportedLibrary@mana@@@boost@@V?$allocator@V?$shared_ptr@VImportedLibrary@mana@@@boost@@@std@@@std@@@boost@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z", "?get_filesize@PE@mana@@QBE_KXZ", "?get_imports@ImportedLibrary@mana@@QBE?AV?$shared_ptr@V?$vector@V?$shared_ptr@Uimport_lookup_table_t@mana@@@boost@@V?$allocator@V?$shared_ptr@Uimport_lookup_table_t@mana@@@boost@@@std@@@std@@@boost@@XZ", "?get_size@Resource@mana@@QBEIXZ", "?translate_to_flag@nt@@YA?AV?$shared_ptr@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@boost@@HABV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@@Z", "?get_imported_dlls@PE@mana@@QBE?AV?$shared_ptr@$$CBV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@boost@@XZ", "?HEAP_FLAGS@nt@@3V?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@B", "?GLOBAL_FLAGS@nt@@3V?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@B", "?DEBUG_TYPES@nt@@3V?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@B", "?FIXEDFILEINFO_FILESUBTYPE_FONT@nt@@3V?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@B", "?FIXEDFILEINFO_FILESUBTYPE_DRV@nt@@3V?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@B", "?FIXEDFILEINFO_FILETYPE@nt@@3V?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@B", "?FIXEDFILEINFO_FILEOS@nt@@3V?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@B", "?FIXEDFILEINFO_FILEFLAGS@nt@@3V?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@B", "?CODEPAGES@nt@@3V?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@B", "?SECTION_CHARACTERISTICS@nt@@3V?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@B", "?DLL_CHARACTERISTICS@nt@@3V?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@B", "?SUBSYSTEMS@nt@@3V?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@B", "?IMAGE_OPTIONAL_HEADER_MAGIC@nt@@3V?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@B", "?MACHINE_TYPES@nt@@3V?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@B", "?PE_CHARACTERISTICS@nt@@3V?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@B", "??$interpret_as@V?$shared_ptr@Uvs_version_info_t@mana@@@boost@@@Resource@mana@@QAE?AV?$shared_ptr@Uvs_version_info_t@mana@@@boost@@XZ", "?get_architecture@PE@mana@@QBE?AW4PE_ARCHITECTURE@12@XZ", "?get_imports@PE@mana@@QBE?AV?$shared_ptr@$$CBV?$vector@V?$shared_ptr@VImportedLibrary@mana@@@boost@@V?$allocator@V?$shared_ptr@VImportedLibrary@mana@@@boost@@@std@@@std@@@boost@@XZ", "?get_certificates@PE@mana@@QBE?AV?$shared_ptr@$$CBV?$vector@V?$shared_ptr@Uwin_certificate_t@mana@@@boost@@V?$allocator@V?$shared_ptr@Uwin_certificate_t@mana@@@boost@@@std@@@std@@@boost@@XZ", "?find_imports@PE@mana@@QBE?AV?$shared_ptr@$$CBV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@boost@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0_N@Z", "?get_config@PE@mana@@QBE?AV?$shared_ptr@$$CBUimage_load_config_directory_t@mana@@@boost@@XZ", "?get_tls@PE@mana@@QBE?AV?$shared_ptr@$$CBUimage_tls_directory_t@mana@@@boost@@XZ", "?get_debug_info@PE@mana@@QBE?AV?$shared_ptr@$$CBV?$vector@V?$shared_ptr@Udebug_directory_entry_t@mana@@@boost@@V?$allocator@V?$shared_ptr@Udebug_directory_entry_t@mana@@@boost@@@std@@@std@@@boost@@XZ", "?get_exports@PE@mana@@QBE?AV?$shared_ptr@$$CBV?$vector@V?$shared_ptr@Uexported_function_t@mana@@@boost@@V?$allocator@V?$shared_ptr@Uexported_function_t@mana@@@boost@@@std@@@std@@@boost@@XZ", "?get_resources@PE@mana@@QBE?AV?$shared_ptr@V?$vector@V?$shared_ptr@VResource@mana@@@boost@@V?$allocator@V?$shared_ptr@VResource@mana@@@boost@@@std@@@std@@@boost@@XZ", "?get_image_optional_header@PE@mana@@QBE?AV?$optional@Uimage_optional_header_t@mana@@@boost@@XZ", "?get_pe_header@PE@mana@@QBE?AV?$optional@Upe_header_t@mana@@@boost@@XZ", "?get_dos_header@PE@mana@@QBE?AV?$optional@Udos_header_t@mana@@@boost@@XZ", "?get_imported_functions@PE@mana@@QBE?AV?$shared_ptr@$$CBV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@boost@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z", "?get_sections@PE@mana@@QBE?AV?$shared_ptr@V?$vector@V?$shared_ptr@VSection@mana@@@boost@@V?$allocator@V?$shared_ptr@VSection@mana@@@boost@@@std@@@std@@@boost@@XZ", "?get_name@ImportedLibrary@mana@@QBE?AV?$shared_ptr@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@boost@@XZ", "?find_section@mana@@YA?AV?$shared_ptr@VSection@mana@@@boost@@IABV?$vector@V?$shared_ptr@VSection@mana@@@boost@@V?$allocator@V?$shared_ptr@VSection@mana@@@boost@@@std@@@std@@@Z", "?get_entropy@Section@mana@@QBENXZ", "?get_name@Section@mana@@QBE?AV?$shared_ptr@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@boost@@XZ", "?get_raw_data@Section@mana@@QBE?AV?$shared_ptr@$$CBV?$vector@EV?$allocator@E@std@@@std@@@boost@@XZ", "?icon_extract@Resource@mana@@QAE_NABVpath@filesystem@boost@@ABV?$vector@V?$shared_ptr@VResource@mana@@@boost@@V?$allocator@V?$shared_ptr@VResource@mana@@@boost@@@std@@@std@@@Z", "?extract@Resource@mana@@QAE_NABVpath@filesystem@boost@@@Z", "?get_raw_data@Resource@mana@@QBE?AV?$shared_ptr@$$CBV?$vector@EV?$allocator@E@std@@@std@@@boost@@XZ", "?get_name@Resource@mana@@QBE?AV?$shared_ptr@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@boost@@XZ", "?get_entropy@Resource@mana@@QBENXZ", "?get_language@Resource@mana@@QBE?AV?$shared_ptr@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@boost@@XZ", "?get_type@Resource@mana@@QBE?AV?$shared_ptr@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@boost@@XZ" ], "yara.dll": [ "??0Yara@yara@@QAE@XZ", "??1Yara@yara@@UAE@XZ", "?load_rules@Yara@yara@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z", "?scan_file@Yara@yara@@QBE?AV?$shared_ptr@$$CBV?$vector@V?$shared_ptr@VMatch@yara@@@boost@@V?$allocator@V?$shared_ptr@VMatch@yara@@@boost@@@std@@@std@@@boost@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z", "?scan_file@Yara@yara@@QBE?AV?$shared_ptr@$$CBV?$vector@V?$shared_ptr@VMatch@yara@@@boost@@V?$allocator@V?$shared_ptr@VMatch@yara@@@boost@@@std@@@std@@@boost@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$shared_ptr@Umanape_data_t@@@4@@Z", "?create@Yara@yara@@SA?AV?$shared_ptr@VYara@yara@@@boost@@XZ", "?scan_bytes@Yara@yara@@QBE?AV?$shared_ptr@$$CBV?$vector@V?$shared_ptr@VMatch@yara@@@boost@@V?$allocator@V?$shared_ptr@VMatch@yara@@@boost@@@std@@@std@@@boost@@ABV?$vector@EV?$allocator@E@std@@@std@@@Z" ], "hash-library.dll": [ "?hash_file@hash@@YA?AV?$shared_ptr@$$CBV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@boost@@ABV?$vector@V?$shared_ptr@VHash@@@boost@@V?$allocator@V?$shared_ptr@VHash@@@boost@@@std@@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@5@@Z", "?hash_file@ssdeep@@YA?AV?$shared_ptr@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@boost@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z", "?ALL_DIGESTS@hash@@3V?$vector@V?$shared_ptr@VHash@@@boost@@V?$allocator@V?$shared_ptr@VHash@@@boost@@@std@@@std@@B", "?hash_bytes@hash@@YA?AV?$shared_ptr@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@boost@@AAVHash@@ABV?$vector@EV?$allocator@E@std@@@std@@@Z", "?test_btc_address@hash@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z", "?hash_bytes@hash@@YA?AV?$shared_ptr@$$CBV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@boost@@ABV?$vector@V?$shared_ptr@VHash@@@boost@@V?$allocator@V?$shared_ptr@VHash@@@boost@@@std@@@std@@ABV?$vector@EV?$allocator@E@std@@@5@@Z" ], "manacommons.dll": [ "?b64encode@utils@@YA?AV?$shared_ptr@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@boost@@ABV?$vector@EV?$allocator@E@std@@@std@@@Z", "??0OutputTreeNode@io@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@3@W4display_modifier@01@@Z", "??0OutputTreeNode@io@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@3@W4display_modifier@01@@Z", "??0OutputTreeNode@io@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0W4display_modifier@01@@Z", "??0OutputTreeNode@io@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@NW4display_modifier@01@@Z", "??0OutputTreeNode@io@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_KW4display_modifier@01@@Z", "??0OutputTreeNode@io@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@GW4display_modifier@01@@Z", "??0OutputTreeNode@io@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IW4display_modifier@01@@Z", "?determine_max_width@io@@YAIV?$shared_ptr@VOutputTreeNode@io@@@boost@@@Z", "?get_strings@OutputTreeNode@io@@QAE?AV?$shared_ptr@V?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@std@@XZ", "?append@OutputTreeNode@io@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z", "?get_children@OutputTreeNode@io@@QBE?AV?$shared_ptr@V?$vector@V?$shared_ptr@VOutputTreeNode@io@@@boost@@V?$allocator@V?$shared_ptr@VOutputTreeNode@io@@@boost@@@std@@@std@@@boost@@XZ", "?get_level@OutputTreeNode@io@@QBE?AW4LEVEL@plugin@@XZ", "?to_string@OutputTreeNode@io@@QBE?AV?$shared_ptr@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@boost@@XZ", "?get_information@Result@plugin@@QBE?AV?$shared_ptr@VOutputTreeNode@io@@@boost@@XZ", "?find_node@OutputTreeNode@io@@QBE?AV?$shared_ptr@VOutputTreeNode@io@@@boost@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z", "?size@OutputTreeNode@io@@QBEIXZ", "?append@OutputTreeNode@io@@QAEXV?$shared_ptr@VOutputTreeNode@io@@@boost@@@Z", "?get_name@OutputTreeNode@io@@QBE?AV?$shared_ptr@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@boost@@XZ", "??0OutputTreeNode@io@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4node_type@01@W4display_modifier@01@@Z", "?print_colored_text@utils@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@W4Color@1@AAV23@00@Z", "?set_level@Result@plugin@@QAEXW4LEVEL@2@@Z", "?set_summary@Result@plugin@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z", "?get_summary@Result@plugin@@QBE?AV?$shared_ptr@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@boost@@XZ", "??0Result@plugin@@AAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z", "?_create_node_name@Result@plugin@@ABE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ", "?raise_level@Result@plugin@@QAEXW4LEVEL@2@@Z", "??$add_information@V?$shared_ptr@VOutputTreeNode@io@@@boost@@@Result@plugin@@QAEXV?$shared_ptr@VOutputTreeNode@io@@@boost@@@Z", "?get_level@Result@plugin@@QBE?AW4LEVEL@2@XZ", "?clear@OutputTreeNode@io@@QAEXXZ" ], "USER32.dll": [ "LoadStringA" ] }, "Load Configuration": { "Size": 92, "TimeDateStamp": "1970-Jan-01 00:00:00", "Version": "0.0", "GlobalFlagsClear": [], "GlobalFlagsSet": [], "CriticalSectionDefaultTimeout": 0, "DeCommitFreeBlockThreshold": 0, "DeCommitTotalFreeThreshold": 0, "LockPrefixTable": 0, "MaximumAllocationSize": 0, "VirtualMemoryThreshold": 0, "ProcessAffinityMask": 0, "ProcessHeapFlags": [], "CSDVersion": 0, "Reserved1": 0, "EditList": 0, "SecurityCookie": 5129024, "SEHandlerTable": 5045152, "SEHandlerCount": 638 }, "PE Header": { "Signature": "PE", "Machine": "IMAGE_FILE_MACHINE_I386", "NumberofSections": 7, "TimeDateStamp": "2017-Jun-19 22:36:44", "PointerToSymbolTable": 0, "NumberOfSymbols": 0, "SizeOfOptionalHeader": 224, "Characteristics": [ "IMAGE_FILE_32BIT_MACHINE", "IMAGE_FILE_EXECUTABLE_IMAGE" ] }, "Plugins": { "compilers": { "level": 1, "plugin_output": { "info_0": "Microsoft Visual C++ 6.0 - 8.0" }, "summary": "Matching compiler(s):" }, "strings": { "level": 2, "plugin_output": { "Miscellaneous malware strings": [ "Exploit", "exploit", "virus" ] }, "summary": "Strings found in the binary may indicate undesirable behavior:" }, "imports": { "level": 1, "plugin_output": { "[!] The program may be hiding some of its imports": [ "GetProcAddress", "LoadLibraryA", "LoadLibraryExW" ] }, "summary": "The PE contains common functions which appear in legitimate applications." }, "authenticode": { "level": 1, "plugin_output": { "info_0": "Signer: Ivan Kwiatkowski", "info_1": "Issuer: StartCom Class 2 Primary Intermediate Object CA" }, "summary": "The PE is digitally signed." }, "virustotal": { "level": 2, "plugin_output": { "Cylance": "Unsafe", "eGambit": "malicious_confidence_74%" }, "summary": "VirusTotal score: 2/65 (Scanned on 2017-10-23 13:35:09)" } }, "RICH Header": { "XOR Key": 1133445142, "Unmarked objects": 0, "241 (40116)": 13, "243 (40116)": 154, "242 (40116)": 29, "ASM objects (VS2015 UPD3 build 24123)": 24, "C++ objects (VS2015 UPD3 build 24123)": 61, "C objects (VS2015 UPD3 build 24123)": 34, "Imports (VS2015 UPD3.1 build 24215)": 8, "Imports (VS2008 SP1 build 30729)": 5, "Total imports": 222, "C++ objects (VS2015 UPD3.1 build 24215)": 31, "Resource objects (VS2015 UPD3 build 24210)": 1, "Linker (VS2015 UPD3.1 build 24215)": 1 }, "Resources": { "1": { "Type": "RT_MANIFEST", "Language": "English - United States", "Codepage": "UNKNOWN", "Size": 381, "TimeDateStamp": "1980-Jan-01 00:00:00", "Entropy": 4.91161, "MD5": "1e4a89b11eae0fcf8bb5fdd5ec3b6f61", "SHA1": "4260284ce14278c397aaf6f389c1609b0ab0ce51", "SHA256": "4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df", "SHA3": "4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353" } }, "Sections": { ".text": { "MD5": "25c2f28436dcb8e8d9cb1078df256fcd", "SHA1": "2a5584172485394fdcaee6ee491c6ac70da16ebd", "SHA256": "43837facca9148cf4679b7d037fd6eea7fe34679ececfd644cc86a90a6a1512d", "SHA3": "8a0f544c8c4a9b1a2e0b2ac709dd59da232c4fca5f465bdd5a9170981510676d", "VirtualSize": 739679, "VirtualAddress": 4096, "SizeOfRawData": 739840, "PointerToRawData": 1024, "PointerToRelocations": 0, "PointerToLineNumbers": 0, "NumberOfLineNumbers": 0, "NumberOfRelocations": 0, "Characteristics": [ "IMAGE_SCN_CNT_CODE", "IMAGE_SCN_MEM_EXECUTE", "IMAGE_SCN_MEM_READ" ], "Entropy": 6.53335 }, ".rdata": { "MD5": "2451e69042cc31e367483b84cdb07384", "SHA1": "1a66cfaec3cc71ec4980d22a85597e38e46457c9", "SHA256": "fca19357bfeaa5123d1ed661d13a01d2d89e1443d64d95f6a1f92d3fd3591b12", "SHA3": "0000c52405d2178b9f03330def1639c30c1adcf1fa35e1148a3b0d4f5acad945", "VirtualSize": 186546, "VirtualAddress": 745472, "SizeOfRawData": 186880, "PointerToRawData": 740864, "PointerToRelocations": 0, "PointerToLineNumbers": 0, "NumberOfLineNumbers": 0, "NumberOfRelocations": 0, "Characteristics": [ "IMAGE_SCN_CNT_INITIALIZED_DATA", "IMAGE_SCN_MEM_READ" ], "Entropy": 5.17841 }, ".data": { "MD5": "7ecf4b8179f28253ca6ebf8f5498ed0e", "SHA1": "1609a5d38618206499b0287c5b3732f4a5065410", "SHA256": "6de60c3141fde96b22e1bd773400fbc0ddc591e567172f4f5984b72c1e6069a8", "SHA3": "15674678dd04dc9d109eaf841aef5b58c0748e32daa6c1d5b6fbe090f78e5aa3", "VirtualSize": 31104, "VirtualAddress": 933888, "SizeOfRawData": 24576, "PointerToRawData": 927744, "PointerToRelocations": 0, "PointerToLineNumbers": 0, "NumberOfLineNumbers": 0, "NumberOfRelocations": 0, "Characteristics": [ "IMAGE_SCN_CNT_INITIALIZED_DATA", "IMAGE_SCN_MEM_READ", "IMAGE_SCN_MEM_WRITE" ], "Entropy": 4.81821 }, ".gfids": { "MD5": "f135a3f59a3c5be182176f313c994ec3", "SHA1": "921fe231587de3772965d59897da1df8008ab9da", "SHA256": "57e17b7f74e0c46fd5892854f921b853b1d8a83b079746a68382991f0ba2673f", "SHA3": "27b2b296595f2f34aa61c249eec5cd8e0a8eb35a695a8ba3279a65e307c04d0a", "VirtualSize": 1760, "VirtualAddress": 966656, "SizeOfRawData": 2048, "PointerToRawData": 952320, "PointerToRelocations": 0, "PointerToLineNumbers": 0, "NumberOfLineNumbers": 0, "NumberOfRelocations": 0, "Characteristics": [ "IMAGE_SCN_CNT_INITIALIZED_DATA", "IMAGE_SCN_MEM_READ" ], "Entropy": 3.66481 }, ".tls": { "MD5": "1f354d76203061bfdd5a53dae48d5435", "SHA1": "aa0d33a0c854e073439067876e932688b65cb6a9", "SHA256": "4c6474903705cb450bb6434c29e8854f17d8324efca1fdb9ee9008599060883a", "SHA3": "991fbbd46bbd69198269fe6c247d440e0f8a7d38259b7a1e04b74790301d1d2b", "VirtualSize": 9, "VirtualAddress": 970752, "SizeOfRawData": 512, "PointerToRawData": 954368, "PointerToRelocations": 0, "PointerToLineNumbers": 0, "NumberOfLineNumbers": 0, "NumberOfRelocations": 0, "Characteristics": [ "IMAGE_SCN_CNT_INITIALIZED_DATA", "IMAGE_SCN_MEM_READ", "IMAGE_SCN_MEM_WRITE" ], "Entropy": 0.0203931 }, ".rsrc": { "MD5": "bdbd3a3d96f3fff13f224052f7f1e1cc", "SHA1": "a2d220e1dea5996e4fa4902c1cc4d783377e2007", "SHA256": "68240915a17006853f7cbce251ed2493758df59ef3b3d6d6877e5ed80ebd6bc8", "SHA3": "eef0d4aa48c4cc5cedce5c9f8d9aec4d7699de6a2f71c4a9024b40e3d1da278b", "VirtualSize": 480, "VirtualAddress": 974848, "SizeOfRawData": 512, "PointerToRawData": 954880, "PointerToRelocations": 0, "PointerToLineNumbers": 0, "NumberOfLineNumbers": 0, "NumberOfRelocations": 0, "Characteristics": [ "IMAGE_SCN_CNT_INITIALIZED_DATA", "IMAGE_SCN_MEM_READ" ], "Entropy": 4.71768 }, ".reloc": { "MD5": "edf0488e973994fa01511e7c0d5bb04a", "SHA1": "60ce41f2fe00df716ccc295ab8b5ac545e7d2ff2", "SHA256": "745feeec23da32a1c8599a38a7e23ba22ea5cc1d33faf09d9d93a774fd4c803d", "SHA3": "eee93ce7327dddce72e715b4c4c6b10c9a072d5e363ea97cd5addbdb195c640e", "VirtualSize": 47340, "VirtualAddress": 978944, "SizeOfRawData": 47616, "PointerToRawData": 955392, "PointerToRelocations": 0, "PointerToLineNumbers": 0, "NumberOfLineNumbers": 0, "NumberOfRelocations": 0, "Characteristics": [ "IMAGE_SCN_CNT_INITIALIZED_DATA", "IMAGE_SCN_MEM_DISCARDABLE", "IMAGE_SCN_MEM_READ" ], "Entropy": 6.58744 } }, "Summary": { "Architecture": "IMAGE_FILE_MACHINE_I386", "Subsystem": "IMAGE_SUBSYSTEM_WINDOWS_CUI", "Compilation Date": "2017-Jun-19 22:36:44", "Detected languages": [ "English - United States" ] }, "TLS Callbacks": { "StartAddressOfRawData": 5165056, "EndAddressOfRawData": 5165064, "AddressOfIndex": 5156524, "AddressOfCallbacks": 4945064, "SizeOfZeroFill": 0, "Characteristics": "IMAGE_SCN_ALIGN_4BYTES", "Callbacks": [] } } }