Manalyze report for 001c7d2fa14e9902b830da05e88a828ca87992ca3e4af1ee4661a35b87854449

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-Mar-26 21:03:39
Detected languages	English - United States
Debug artifacts	F:\Coding\cxx_cpp\Valex\x64\Release\Valex_External.pdb

Plugin Output

Info	Interesting strings found in the binary:	Contains domain names: 1cheats.com casedieresis.cn casetilde.cn commaaccentright.cn cyrillictail.cn cyrillictic.cn example.com github.com githubusercontent.com http://scripts.sil.org http://scripts.sil.org/OFLInterMediumOpen http://scripts.sil.org/OFLInterSemiBoldOpen http://scripts.sil.org/OFLhttp https://1cheats.com https://curl.se https://discord.gg https://extkey.Valex.io https://extkey.Valex.io/ https://github.com https://raw.githubusercontent.com https://raw.githubusercontent.com/business-acc2000/ext_state/refs/heads/main/state https://rsms.me https://www.microsoft.com https://www.microsoft.com/en-us/download/details.aspx?id koronisaccentleft.cn microsoft.com raw.githubusercontent.com scripts.sil.org tildecross.cn www.microsoft.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses known Mersenne Twister constants` `Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExA GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowA` `Can access the registry: RegCreateKeyExA RegDeleteKeyA` `Possibly launches other programs: ShellExecuteA system` `Uses Microsoft's cryptographic API: CryptEncrypt CryptImportKey CryptDestroyKey CryptAcquireContextA CryptReleaseContext CryptGetHashParam CryptCreateHash CryptDestroyHash CryptHashData CryptQueryObject CryptDecodeObjectEx CryptStringToBinaryA` `Uses functions commonly found in keyloggers: GetAsyncKeyState GetForegroundWindow` `Leverages the raw socket API to access the Internet: getsockopt send WSACloseEvent WSACreateEvent WSAEnumNetworkEvents WSAEventSelect WSAResetEvent WSAWaitForMultipleEvents gethostname ioctlsocket getpeername sendto recvfrom freeaddrinfo getaddrinfo recv listen htonl getsockname connect bind accept select __WSAFDIsSet socket htons closesocket setsockopt WSACleanup WSAStartup ntohs WSAGetLastError WSASetLastError WSAIoctl` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Interacts with services: OpenServiceA OpenSCManagerA QueryServiceStatus` `Manipulates other processes: Process32FirstW OpenProcess ReadProcessMemory WriteProcessMemory Process32Next Process32First Process32NextW` `Changes object ACLs: SetSecurityInfo` `Reads the contents of the clipboard: GetClipboardData` `Interacts with the certificate store: CertAddCertificateContextToStore CertOpenStore`
Malicious	VirusTotal score: 50/70 (Scanned on 2026-04-26 11:31:55)	`ALYac: Gen:Variant.Application.Tedy.33255` `APEX: Malicious` `AVG: Win64:MalwareX-gen [Cryp]` `AhnLab-V3: Malware/Win.Barys.R735714` `Alibaba: Trojan:Win64/GenKryptik.1861ed83` `Antiy-AVL: Trojan/Win64.Lazy` `Arcabit: Trojan.Application.Tedy.D81E7` `Avast: Win64:MalwareX-gen [Cryp]` `BitDefender: Gen:Variant.Application.Tedy.33255` `Bkav: W64.AIDetectMalware` `CTX: exe.trojan.lazy` `ClamAV: Win.Malware.Zusy-10056922-0` `CrowdStrike: win/malicious_confidence_100% (W)` `Cylance: Unsafe` `Cynet: Malicious (score: 99)` `DeepInstinct: MALICIOUS` `ESET-NOD32: Win64/GenKryptik_AGen.AZE trojan` `Elastic: malicious (high confidence)` `Emsisoft: Gen:Variant.Application.Tedy.33255 (B)` `Fortinet: W64/GenKryptik.WS!tr` `GData: Gen:Variant.Application.Tedy.33255` `Google: Detected` `Gridinsoft: Trojan.Win64.Kryptik.sa` `Ikarus: Trojan.Win64.Krypt` `K7AntiVirus: Trojan ( 006d9bf01 )` `K7GW: Trojan ( 006d9bf01 )` `Kingsoft: Win64.Troj.lazy.v` `Lionic: Trojan.Win32.Lazy.4!c` `Malwarebytes: Malware.AI.4102795753` `MaxSecure: Trojan.Malware.121218.susgen` `McAfeeD: ti!001C7D2FA14E` `MicroWorld-eScan: Gen:Variant.Application.Tedy.33255` `Microsoft: Trojan:Win64/Lazy.ETL!MTB` `Paloalto: generic.ml` `Panda: Trj/CI.A` `Rising: Trojan.Lazy!8.8EC3 (TFE:5:6gOSdNys8YC)` `SentinelOne: Static AI - Suspicious PE` `Skyhigh: BehavesLike.Win64.Dropper.rh` `Sophos: Mal/Generic-S` `Symantec: ML.Attribute.HighConfidence` `Tencent: Trojan.Win64.Kryptik.16002199` `TrellixENS: Artemis!4A1151385A4F` `TrendMicro: TROJ_GEN.R002C0DCS26` `TrendMicro-HouseCall: TROJ_GEN.R002C0DCS26` `VBA32: Trojan.Win64.Lazy` `VIPRE: Gen:Variant.Application.Tedy.33255` `Varist: W64/ABApplication.OPVY-1295` `ViRobot: Trojan.Win.Z.Lazy.4608000.V` `alibabacloud: Riskware:Win/GenKryptik_AGen.AOM` `huorong: Trojan/Agent.cfs`

Hashes

MD5	`4a1151385a4f1498fbdaee20ac4a699e`
SHA1	`9722a5debf0a807c97160e21e5d757639e87395e`
SHA256	`001c7d2fa14e9902b830da05e88a828ca87992ca3e4af1ee4661a35b87854449`
SHA3	`459e8e483a8882b66b19757613953716a1ed3b748298b3535d5c19725b056c70`
SSDeep	`98304:PQaTdJf2rU9DZYSbCUi47T4oW1ABn3TY:PQaTdJf2rqqEVAcD`
Imports Hash	`3917b808b1fd971aea3b1a52a45e6aa8`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x130`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2026-Mar-26 21:03:39
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x2d1600`
SizeOfInitializedData	`0x197600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000002C30AC (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x46c000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`aed61823f953c5d64143bb4a19144e04`
SHA1	`d8dbf50d0fc79aee47c8c76073970724cd9f7459`
SHA256	`e413908ee79ddb10208720dc0d0021f43ad3512909ed213f158e189a5f6a0d6f`
SHA3	`3cb8cff92336f5680a916900d0ec4e8555ca175e500c1837a1263d0eb3f149c4`
VirtualSize	`0x2d146c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2d1600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.49924`

.rdata

MD5	`17ec9cc275bb4eb76a2f913871b25777`
SHA1	`5642b2bbca07e74c68d6bbf42e13413c197a66b1`
SHA256	`e2d926ff59f735c882e8f123ee75011a6761e110c8eb45a3c7488a8adfbfcb38`
SHA3	`05efa4cfc94ff03ff8931205a37c1a7b82e45902763d243a5663f4857787d8b0`
VirtualSize	`0xabc68`
VirtualAddress	`0x2d3000`
SizeOfRawData	`0xabe00`
PointerToRawData	`0x2d1a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.40685`

.data

MD5	`63b24e26e1314cd65a5a4c65742f463a`
SHA1	`4088588252bc3a8055301525381c30647a7aa081`
SHA256	`e3f01961f1f3aa6daf70a4db9f8af90cacd808318c9126e31c8f12c91354316f`
SHA3	`2373a93222b387dff2d407c675f0cef36f14ded5617c1b178562005af4a602cd`
VirtualSize	`0xa5fc8`
VirtualAddress	`0x37f000`
SizeOfRawData	`0xa2000`
PointerToRawData	`0x37d800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.33502`

.pdata

MD5	`64e41e8e78c7d6d7c40221623281b202`
SHA1	`cdcb515b223bb1ec664d01161e5bb505d4b9a15c`
SHA256	`267e21bc4b787ba3a411dd6b074deecd58b6c54c96e72044679e90f14b6add1c`
SHA3	`efd85077f0abbaa47c8747f733640c7466fa199a8db8f432a4ad59323b89c9c6`
VirtualSize	`0x198a8`
VirtualAddress	`0x425000`
SizeOfRawData	`0x19a00`
PointerToRawData	`0x41f800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.28711`

.rsrc

MD5	`dcfcd8e3865d194c29f01f5dcfc5d6ae`
SHA1	`4d58023c6a9efce0eeba7c7a4e5bcc38cfb5c2bf`
SHA256	`a004f601fedfc6d8e9ea624e4301381ffd54417006c2d7fbbbafd7571da7af77`
SHA3	`c116ba1ddeaac27fa1e0f17e43c8d186a3a8888a42792c4347a6ef3d8e7b1662`
VirtualSize	`0x29558`
VirtualAddress	`0x43f000`
SizeOfRawData	`0x29600`
PointerToRawData	`0x439200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.2514`

.reloc

MD5	`2fab5b2dc5f050ba4b85a45e1cf3b1b4`
SHA1	`62441b32a3463b4d02f747561be47bd169df5f84`
SHA256	`71c52398b069ff98e3402fa1160d6ed0ae78e710e70e326716e36252e3c70cd3`
SHA3	`4f3cac45d020b2dd8c0c0088063ddde362c2f35c9cd7edddf5708c29eaf18b1a`
VirtualSize	`0x2620`
VirtualAddress	`0x469000`
SizeOfRawData	`0x2800`
PointerToRawData	`0x462800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.35543`

Imports

KERNEL32.dll	`Process32FirstW` `SetConsoleMode` `SetConsoleTitleW` `K32EnumProcessModules` `AcquireSRWLockExclusive` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionEx` `DeleteCriticalSection` `SetEvent` `WaitForSingleObject` `CreateEventA` `GetSystemDirectoryA` `GetEnvironmentVariableA` `SetLastError` `FormatMessageW` `MoveFileExA` `WaitForSingleObjectEx` `GetFileType` `ReadFile` `PeekNamedPipe` `WaitForMultipleObjects` `SleepEx` `VerifyVersionInfoW` `CreateFileA` `GetFileSizeEx` `HeapAlloc` `HeapReAlloc` `HeapFree` `GetProcessHeap` `MapViewOfFile` `UnmapViewOfFile` `CreateFileMappingA` `CreateFileW` `AddVectoredExceptionHandler` `HeapDestroy` `HeapSize` `CreateThread` `VirtualProtect` `CreateFileMappingW` `GetModuleFileNameW` `SetConsoleTextAttribute` `QueryFullProcessImageNameW` `InitializeCriticalSection` `GetCurrentDirectoryW` `CreateDirectoryW` `FindClose` `FindFirstFileW` `FindFirstFileExW` `FindNextFileW` `GetFileAttributesExW` `DeleteFileA` `TerminateProcess` `GetTickCount` `IsDebuggerPresent` `OpenProcess` `GetCurrentProcess` `CreateToolhelp32Snapshot` `SetFileInformationByHandle` `ReadProcessMemory` `CreateFile2` `AreFileApisANSI` `GetFileInformationByHandleEx` `GetLocaleInfoEx` `SleepConditionVariableSRW` `WakeAllConditionVariable` `SetUnhandledExceptionFilter` `GetSystemTimeAsFileTime` `InitializeSListHead` `OutputDebugStringW` `WriteProcessMemory` `GlobalFindAtomA` `GetConsoleWindow` `GetCurrentProcessId` `GetTimeZoneInformation` `GetConsoleMode` `GetCurrentThreadId` `WriteFile` `CloseHandle` `Process32Next` `Process32First` `LocalFree` `FormatMessageA` `GetLastError` `LoadLibraryExA` `GlobalUnlock` `WideCharToMultiByte` `GlobalLock` `GlobalFree` `GlobalAlloc` `FreeLibrary` `VerSetConditionMask` `GetProcAddress` `LoadLibraryA` `MultiByteToWideChar` `GetModuleHandleA` `Process32NextW` `WriteConsoleA` `GetStdHandle` `GetConsoleScreenBufferInfo` `SetConsoleTitleA` `QueryPerformanceCounter` `GetSystemInfo` `QueryPerformanceFrequency` `Sleep` `GetModuleHandleW` `GetModuleFileNameA` `ReleaseSRWLockExclusive`
USER32.dll	`GetClipboardData` `EmptyClipboard` `GetKeyState` `OpenClipboard` `CloseClipboard` `SetClipboardData` `LoadCursorA` `GetWindowThreadProcessId` `FindWindowA` `ShowWindow` `SendInput` `TrackMouseEvent` `MonitorFromWindow` `GetSystemMetrics` `SetForegroundWindow` `RegisterClassExA` `SetWindowLongPtrA` `PostQuitMessage` `UnregisterClassA` `GetWindowLongPtrA` `PeekMessageA` `TranslateMessage` `SetLayeredWindowAttributes` `CreateWindowExA` `DefWindowProcA` `MoveWindow` `GetMonitorInfoA` `SetWindowDisplayAffinity` `GetWindowRect` `DispatchMessageA` `SetWindowPos` `ScreenToClient` `GetCapture` `IsWindow` `GetAsyncKeyState` `GetForegroundWindow` `SetCapture` `SetCursor` `GetClientRect` `IsWindowUnicode` `ReleaseCapture` `SetCursorPos` `MessageBoxA` `GetCursorPos` `ClientToScreen`
ADVAPI32.dll	`OpenServiceA` `RegCreateKeyExA` `IsValidSid` `InitializeAcl` `GetLengthSid` `AddAccessAllowedAce` `CryptEncrypt` `CryptImportKey` `CryptDestroyKey` `OpenSCManagerA` `LookupPrivilegeValueA` `CloseServiceHandle` `QueryServiceStatus` `AdjustTokenPrivileges` `GetTokenInformation` `ConvertSidToStringSidA` `SystemFunction036` `CopySid` `SetSecurityInfo` `RegDeleteKeyA` `CryptAcquireContextA` `CryptReleaseContext` `StartServiceA` `CryptGetHashParam` `CryptCreateHash` `OpenProcessToken` `CryptDestroyHash` `CryptHashData`
SHELL32.dll	`ShellExecuteA` `SHGetFolderPathA`
ole32.dll	`CoInitialize` `CoUninitialize` `CoCreateInstance`
MSVCP140.dll	`??1facet@locale@std@@MEAA@XZ` `??0facet@locale@std@@IEAA@_K@Z` `?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ` `?_Incref@facet@locale@std@@UEAAXXZ` `?_Gettrue@_Locinfo@std@@QEBAPEBDXZ` `?_Getfalse@_Locinfo@std@@QEBAPEBDXZ` `??1_Locinfo@std@@QEAA@XZ` `??0_Locinfo@std@@QEAA@PEBD@Z` `_Cnd_signal` `_Query_perf_frequency` `?_Throw_Cpp_error@std@@YAXH@Z` `?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A` `?_Winerror_map@std@@YAHH@Z` `?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z` `?id@?$ctype@D@std@@2V0locale@2@A` `?_Syserror_map@std@@YAPEBDH@Z` `_Mtx_lock` `_Cnd_do_broadcast_at_thread_exit` `_Query_perf_counter` `_Thrd_detach` `_Xtime_get_ticks` `_Thrd_join` `_Mtx_unlock` `?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ` `?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z` `?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ` `?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?_Id_cnt@id@locale@std@@0HA` `?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?getloc@ios_base@std@@QEBA?AVlocale@2@XZ` `?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?always_noconv@codecvt_base@std@@QEBA_NXZ` `?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A` `?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z` `?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z` `??7ios_base@std@@QEBA_NXZ` `_Strxfrm` `?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z` `?id@?$collate@D@std@@2V0locale@2@A` `_Strcoll` `?tolower@?$ctype@D@std@@QEBADD@Z` `?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ` `?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `_Mtx_trylock` `_Thrd_yield` `?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z` `?_Xinvalid_argument@std@@YAXPEBD@Z` `?_Random_device@std@@YAIXZ` `__crtLCMapStringA` `?id@?$numpunct@D@std@@2V0locale@2@A` `?uncaught_exceptions@std@@YAHXZ` `?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z` `?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ` `??0_Lockit@std@@QEAA@H@Z` `??1_Lockit@std@@QEAA@XZ` `?_Xlength_error@std@@YAXPEBD@Z` `_Thrd_id` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `??Bios_base@std@@QEBA_NXZ` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z` `?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z` `?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ` `?_Xbad_function_call@std@@YAXXZ` `?_Xout_of_range@std@@YAXPEBD@Z` `?_Xbad_alloc@std@@YAXXZ` `?good@ios_base@std@@QEBA_NXZ` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z` `?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z` `??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ`
D3DCOMPILER_43.dll	`D3DCompile`
dwmapi.dll	`DwmExtendFrameIntoClientArea`
IMM32.dll	`ImmGetContext` `ImmReleaseContext` `ImmSetCandidateWindow` `ImmSetCompositionWindow`
d3d11.dll	`D3D11CreateDeviceAndSwapChain`
bcrypt.dll	`BCryptGenRandom`
Normaliz.dll	`IdnToUnicode` `IdnToAscii`
WLDAP32.dll	`#200` `#30` `#79` `#35` `#33` `#32` `#301` `#217` `#46` `#211` `#60` `#45` `#50` `#41` `#143` `#22` `#26` `#27`
CRYPT32.dll	`CertGetCertificateChain` `CertCreateCertificateChainEngine` `CryptQueryObject` `CertGetNameStringA` `CertFindExtension` `CertAddCertificateContextToStore` `CryptDecodeObjectEx` `CertFreeCertificateChain` `PFXImportCertStore` `CryptStringToBinaryA` `CertFreeCertificateContext` `CertFindCertificateInStore` `CertEnumCertificatesInStore` `CertCloseStore` `CertOpenStore` `CertFreeCertificateChainEngine`
WS2_32.dll	`getsockopt` `send` `WSACloseEvent` `WSACreateEvent` `WSAEnumNetworkEvents` `WSAEventSelect` `WSAResetEvent` `WSAWaitForMultipleEvents` `gethostname` `ioctlsocket` `getpeername` `sendto` `recvfrom` `freeaddrinfo` `getaddrinfo` `recv` `listen` `htonl` `getsockname` `connect` `bind` `accept` `select` `__WSAFDIsSet` `socket` `htons` `closesocket` `setsockopt` `WSACleanup` `WSAStartup` `ntohs` `WSAGetLastError` `WSASetLastError` `WSAIoctl`
SHLWAPI.dll	`PathFindFileNameW`
PSAPI.DLL	`GetModuleInformation`
USERENV.dll	`UnloadUserProfile`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`__std_terminate` `__std_exception_destroy` `__std_exception_copy` `strchr` `strstr` `longjmp` `strrchr` `__std_type_info_compare` `_purecall` `__C_specific_handler` `__RTtypeid` `memcpy` `memset` `memcmp` `memchr` `__current_exception_context` `memmove` `__intrinsic_setjmp` `__current_exception` `_CxxThrowException`
api-ms-win-crt-string-l1-1-0.dll	`isxdigit` `isspace` `strpbrk` `wcslen` `isgraph` `isupper` `toupper` `isalpha` `isdigit` `isalnum` `ispunct` `tolower` `strncpy` `islower` `strcoll` `_strdup` `strlen` `strcmp` `iscntrl` `strcpy` `strcspn` `strncmp` `_wcsicmp` `isblank` `_stricmp` `strspn`
api-ms-win-crt-heap-l1-1-0.dll	`_callnewh` `_set_new_mode` `malloc` `free` `realloc` `calloc`
api-ms-win-crt-utility-l1-1-0.dll	`srand` `rand` `qsort`
api-ms-win-crt-stdio-l1-1-0.dll	`_set_fmode` `__stdio_common_vsprintf` `_lseeki64` `__p__commode` `_read` `_write` `fputc` `_fileno` `_close` `_fseeki64` `_ftelli64` `_open` `ungetc` `_popen` `setvbuf` `tmpfile` `fgetc` `__stdio_common_vsnprintf_s` `_get_stream_buffer_pointers` `clearerr` `__stdio_common_vswprintf` `fgets` `ftell` `__acrt_iob_func` `fputs` `feof` `tmpnam` `getc` `fopen` `ferror` `freopen` `fgetpos` `_fwrite_nolock` `__stdio_common_vsscanf` `fread` `_wfopen` `fwrite` `fsetpos` `__stdio_common_vfprintf` `fseek` `fclose` `fflush` `_pclose`
api-ms-win-crt-time-l1-1-0.dll	`_localtime64_s` `_gmtime64_s` `_gmtime64` `strftime` `clock` `_difftime64` `_localtime64` `_time64` `_mktime64`
api-ms-win-crt-convert-l1-1-0.dll	`atof` `strtoull` `wcstombs` `strtod` `atoi` `strtoll` `strtoul` `strtol`
api-ms-win-crt-runtime-l1-1-0.dll	`exit` `_crt_atexit` `_errno` `strerror` `abort` `terminate` `_register_onexit_function` `_cexit` `_initialize_onexit_table` `_beginthreadex` `_seh_filter_exe` `_set_app_type` `_initialize_narrow_environment` `_get_initial_narrow_environment` `_initterm` `__sys_errlist` `__sys_nerr` `_initterm_e` `_invalid_parameter_noinfo_noreturn` `_invalid_parameter_noinfo` `_exit` `_resetstkoflw` `__p___argc` `_register_thread_local_exe_atexit_callback` `system` `_c_exit` `__p___argv` `_configure_narrow_argv`
api-ms-win-crt-locale-l1-1-0.dll	`setlocale` `___lc_locale_name_func` `___lc_codepage_func` `_configthreadlocale` `localeconv` `___lc_collate_cp_func`
api-ms-win-crt-environment-l1-1-0.dll	`getenv`
api-ms-win-crt-math-l1-1-0.dll	`floor` `log10` `logf` `exp` `__setusermatherr` `log` `ldexp` `fmodf` `pow` `powf` `cos` `sin` `sinf` `ceilf` `fmod` `floorf` `frexp` `_dsign` `ceil` `_fdsign` `_ldsign` `_fdopen` `sqrt` `sqrtf` `tan` `cosf` `atan2f` `atan2` `asin` `acosf` `acos` `_dclass` `llround` `_fdclass`
api-ms-win-crt-filesystem-l1-1-0.dll	`_stat64` `_lock_file` `remove` `_access` `_unlock_file` `_fstat64` `_unlink` `rename`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.51993`
MD5	`8846cd6197eff1df6fdcb039bc859361`
SHA1	`9df9f0065569fc6e75e45084b0c213b1de06f4b2`
SHA256	`6c2e057dd8d54cc192c7618d52ec42667ad58d6458531b6e09c47324d0e69172`
SHA3	`212427ff410b1df63583a3adf9d452034ff4e38d3c9af53bc335a24c2dd992d9`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.9204`
MD5	`e9abf72f0cb16e4d54387cef2c67f9ea`
SHA1	`f2f30825293cc2e7dfbc1a5c33d9857f6de137ee`
SHA256	`d08a2fa3f5edc837b5aac1022279bc7b62502ae4839882e69fb4815d1afcfc31`
SHA3	`c74ba0dd62958f0767d39bd96cc2a09117901f5a20142d25b85132b8cbadb3a8`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.58496`
MD5	`852dda0202859e89c7b5f0a611311e1d`
SHA1	`4d91adf86535446211f828497d6398a66092e48c`
SHA256	`53be54b6eb723a59d3e2cba2759501623737f688c0e30a4586da2ee82336677e`
SHA3	`f1a5d7cb48c64cee33bd418059decd1306631efd2f426f6a9f2d438563e850f5`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.18737`
MD5	`52065566a3629303c1fdb6919d34da6f`
SHA1	`3ea9d9d581ae3df6fa2c51f5bff8418eb9eb4cd2`
SHA256	`02597760db36361c47fdf35679aabcdce1221b98208430f29c5d78b1279861be`
SHA3	`a0c90b98aa180905674c29ff83bc16f17a819ac3715016c2afbcf0b007f5d84a`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.02312`
MD5	`b7041056330ba2ddd1d0271b9b0f8db1`
SHA1	`9ef3413a6f5c1f05ed7c105fa0965fc3308ed805`
SHA256	`3adec0d07322f5d884fe123187b7c01514495aa4015294b3a5c9460bc68fc495`
SHA3	`1018cf2d493497a57d5f2f5f176202bee56387f3a76692a10e5d592626c8ab03`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91408`
MD5	`46db29c8666035f312c1871cac9c9663`
SHA1	`ce1d7fa43fe1b7d350bd0475725011ce6622f3d6`
SHA256	`e957ea6a3692df020ef62cc6c5a585854c144a34d9a3ed578a14e5dc03acad97`
SHA3	`510fa51bf09bc9679689cb524a6d0388f429167d653478885fe3dc0c9fbc203c`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.76951`
MD5	`e7218d7a5a229846865fc1ed6f83180e`
SHA1	`c3a741bb2e7a58e8b196355ac6e7f237c6177d60`
SHA256	`cd894c9170222e1584d81a3f45ff1baebd1031514f6d8aa6173c48885963e77d`
SHA3	`43a40b2f11254e0f49b260a956aa8595277483915cbcf4b10e356d2687e522e6`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.64873`
MD5	`efa05bfb23d9b4176a9a46c49b91d06b`
SHA1	`c0be37ccc24690b332344903674b39f2272f468b`
SHA256	`45e3add5387c919512136f14e0fa9128b8d80df5adae72bc17c71109db94ad84`
SHA3	`1da98862bc02b9d631770d037bac1e39254f74d95d501b294c815736605bfead`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x18f5`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.83413`
Detected Filetype	PNG graphic file
MD5	`452f903b6151fb1ddd8e20254a5749e6`
SHA1	`a7fa06292f4f5572de18ed55bc78a191c16ff367`
SHA256	`9011e967b579225155630097972bfa648bd9c188d9ebea824f1c45576d134aac`
SHA3	`493e7160b5b56278f8d3313bec797b59281cca3a0010ad6f1712007f641bd76b`

IDI_APP_ICON

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.01379`
Detected Filetype	Icon file
MD5	`959bbb6984528299c65afb806d7fa404`
SHA1	`09e3a8bc5a0507d18c16881cce33f9789e30f3f5`
SHA256	`a71fe3423e0134a9125f91e516ebfb4d918dd4685d6910356d19bacc47dc0f39`
SHA3	`82619c7c532c18ca95165caf819d4331f82ead47dc2d6a5206fb3813782bd79e`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Mar-26 21:03:39
Version	`0.0`
SizeofData	`79`
AddressOfRawData	`0x3503b0`
PointerToRawData	`0x34edb0`
Referenced File	F:\Coding\cxx_cpp\Valex\x64\Release\Valex_External.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Mar-26 21:03:39
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x350400`
PointerToRawData	`0x34ee00`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Mar-26 21:03:39
Version	`0.0`
SizeofData	`912`
AddressOfRawData	`0x350414`
PointerToRawData	`0x34ee14`

TLS Callbacks

StartAddressOfRawData	`0x1403507c8`
EndAddressOfRawData	`0x1403507f0`
AddressOfIndex	`0x140421350`
AddressOfCallbacks	`0x1402d4680`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14037fe40`

RICH Header

XOR Key	`0xba2fe574`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`22`
Imports (21202)	`4`
253 (35403)	`8`
ASM objects (35403)	`4`
C objects (35403)	`10`
C++ objects (35403)	`44`
Imports (35403)	`8`
C objects (33523)	`43`
C++ objects (34436)	`5`
C objects (VS2022 Update 1 (17.1.6) compiler 31107)	`26`
C objects (33134)	`125`
C objects (33145)	`1`
Imports (33145)	`35`
Total imports	`689`
C++ objects (LTCG) (35724)	`144`
Resource objects (35724)	`1`
151	`1`
Linker (35724)	`1`

Errors

Leave a comment

No comments yet.