Manalyze report for 01be18e5bd3d04c79f8db21b72c06b84e724628e24f978a98aa86b4cb5b10499

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Jun-07 23:12:53
TLS Callbacks	2 callback(s) detected.

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: schtask` `Tries to detect virtualized environments: HARDWARE\DESCRIPTION\System` `Looks for VMWare presence: VMMEMCTL VMware vmmouse vmware` `Looks for VirtualBox presence: 080027 HARDWARE\ACPI\DSDT\VBOX__ HARDWARE\ACPI\FADT\VBOX__ SOFTWARE\Oracle\VirtualBox Guest Additions VBoxGuest vboxservice` `Looks for Qemu presence: qemu` `May have dropper capabilities: CurrentControlSet\Services CurrentVersion\Run` `Accesses the WMI: ROOT\subscription root\cimv2` `Miscellaneous malware strings: cmd.exe virus` `Contains domain names: google.com http://schemas.microsoft.com http://schemas.microsoft.com/windows/2004/02/mit/task https://www.google.com https://www.google.com/ microsoft.com schemas.microsoft.com www.google.com`
Info	Libraries used to perform cryptographic operations:	`Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: CheckRemoteDebuggerPresent CreateToolhelp32Snapshot` `Code injection capabilities: CreateRemoteThread OpenProcess VirtualAlloc VirtualAllocEx WriteProcessMemory` `Code injection capabilities (process hollowing): ResumeThread SetThreadContext WriteProcessMemory` `Code injection capabilities (mapping injection): CreateFileMappingA CreateRemoteThread MapViewOfFile` `Can access the registry: RegCloseKey RegCreateKeyExA RegDeleteKeyA RegDeleteValueA RegOpenKeyExA RegQueryValueExA RegSetValueExA` `Possibly launches other programs: CreateProcessA ShellExecuteA` `Uses Microsoft's cryptographic API: CryptUnprotectData` `Can create temporary files: CreateFileA GetTempPathA` `Uses functions commonly found in keyloggers: CallNextHookEx GetForegroundWindow` `Memory manipulation functions often used by packers: VirtualAlloc VirtualAllocEx VirtualProtect VirtualProtectEx` `Has Internet access capabilities: URLDownloadToFileA WinHttpAddRequestHeaders WinHttpCloseHandle WinHttpConnect WinHttpOpen WinHttpOpenRequest WinHttpQueryDataAvailable WinHttpReadData WinHttpReceiveResponse WinHttpSendRequest WinHttpSetOption` `Leverages the raw socket API to access the Internet: WSACleanup WSAStartup __WSAFDIsSet accept bind closesocket connect freeaddrinfo getaddrinfo gethostname htons inet_ntop inet_pton ioctlsocket listen recv select send setsockopt socket` `Functions related to the privilege level: AdjustTokenPrivileges CheckTokenMembership DuplicateTokenEx OpenProcessToken` `Interacts with services: ControlService CreateServiceA DeleteService OpenSCManagerA` `Manipulates other processes: OpenProcess Process32First Process32Next ReadProcessMemory WriteProcessMemory` `Can take screenshots: BitBlt CreateCompatibleDC GetDC` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	The file contains overlay data.	`336 bytes of data starting at offset 0x43000.` `The overlay data has an entropy of 7.20123 and is possibly compressed or encrypted.`
Malicious	VirusTotal score: 25/67 (Scanned on 2026-06-11 06:20:42)	`AVG: Win64:Evo-gen [Trj]` `AhnLab-V3: Exploit/Win.BypassUAC.C5894373` `Antiy-AVL: Trojan[Exploit]/Win32.BypassUAC` `Avast: Win64:Evo-gen [Trj]` `Avira: TR/W64.Evo` `Bkav: W32.Malware.1B806D42` `CrowdStrike: win/malicious_confidence_100% (W)` `Cylance: Unsafe` `Cynet: Malicious (score: 99)` `ESET-NOD32: Win64/Agent.BEL trojan` `Elastic: malicious (high confidence)` `F-Secure: Trojan.TR/W64.Evo` `Kaspersky: HEUR:Exploit.Win32.BypassUAC.b` `Kingsoft: malware.kb.a.917` `Malwarebytes: Malware.Heuristic.2062` `McAfeeD: ti!01BE18E5BD3D` `Microsoft: Trojan:Win32/Wacatac.B!ml` `Rising: Malware.Undefined!8.C (TFE:5:MwB6Q86L77M)` `Sangfor: Trojan.Win32.Save.a` `SentinelOne: Static AI - Malicious PE` `Sophos: Mal/Generic-S` `Symantec: ML.Attribute.HighConfidence` `Tencent: Win32.Exploit.Bypassuac.Lzfl` `Trapmine: malicious.high.ml.score` `TrellixENS: Artemis!2CD4E1D28F45`

Hashes

MD5	`2cd4e1d28f455756ffd8d3d05728cf3b`
SHA1	`9b766cca40f5dd48da8e0552f3edd6003367c0fc`
SHA256	`01be18e5bd3d04c79f8db21b72c06b84e724628e24f978a98aa86b4cb5b10499`
SHA3	`1c596d5872ce08ef478bd2e6ad93d83ba20be307ec23ea577884a63e6dec8a70`
SSDeep	`3072:hUrwe1T/9hWkwxsA1OqJLeA/SsgBmXvrVx77JQMR2/wFYcRhTI9ERy+5xSzd8waZ:hgJGtdLe4vBoMR2/yuERyfSzyhfwQzC`
Imports Hash	`8762b7d30a5eea5cd266f2a6fcc62f43`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`10`
TimeDateStamp	2026-Jun-07 23:12:53
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0x32a00`
SizeOfInitializedData	`0x10200`
SizeOfUninitializedData	`0xc00`
AddressOfEntryPoint	`0x00000000000013E0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x4a000`
SizeOfHeaders	`0x400`
Checksum	`0x430c3`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`299beef9abb6e297c65e4ef01974baf4`
SHA1	`90fc42a6a5adc93271847f1543c049a2e8cfbace`
SHA256	`c42964cb62679bd7c402cbb30b70a0f5642386a58607e1bc237141c498c07bff`
SHA3	`e3947ca19f166abb1e8c0e364a2f7208e34a80ebb7190e9dd7873c3df2ec34a7`
VirtualSize	`0x32a00`
VirtualAddress	`0x1000`
SizeOfRawData	`0x32a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.04233`

.data

MD5	`3bd7fc0e3d66bf740c0fa414ffe6be0d`
SHA1	`35e4086651e52ce5c8a7cc286d040ce3fa3d6c17`
SHA256	`5829a82873b1f7a9e97d46c9210f3b096a2c3c024ba32947b0024dbb649e5de2`
SHA3	`709986acc9d5d68372293ac16a7e9714dd5f43d6cf7473b5c1c536cb8e88e101`
VirtualSize	`0xf90`
VirtualAddress	`0x34000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x32e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.611367`

.rdata

MD5	`8d9fcd6518466c33d6eba143ea20b534`
SHA1	`3ce0f86c4360a0a17e745aaa787e225b5457d9cb`
SHA256	`6d2a5ad23a5d37b4e5539340132f4811c5231f67415eefcde01e63e1ee251361`
SHA3	`252a90dde2030c1310a8df3bfd3798a2823c316caa1787b82e1dd61d19ff9ab8`
VirtualSize	`0x79a0`
VirtualAddress	`0x35000`
SizeOfRawData	`0x7a00`
PointerToRawData	`0x33e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.66528`

.pdata

MD5	`363d1fde498aeb4141387ae4dc35b9ab`
SHA1	`249732cb3d1bbc92dd93add77f70dcec205ee5a0`
SHA256	`e14014db4c4a9576f4d2cbd5b7d9994fe8c5f698b2bf60911051a49a1423c416`
SHA3	`c2c3b0031003195bae7c5329f936ef3b0b82d4a139fe3c5c5a8f7a142ae83149`
VirtualSize	`0x1248`
VirtualAddress	`0x3d000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x3b800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.06162`

.xdata

MD5	`8c219a437d371941038baa59cbc8498c`
SHA1	`de00f9d13814001a75c8203d1ad2055381f7ac71`
SHA256	`d71275592b7344e0867c55793f22858e6de725f282156a2778102f8acc032059`
SHA3	`0180c23936fc5458925eea6db3115162e89b8e34e7f5635bf2b0261a04ee536c`
VirtualSize	`0x2588`
VirtualAddress	`0x3f000`
SizeOfRawData	`0x2600`
PointerToRawData	`0x3cc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.35282`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xb30`
VirtualAddress	`0x42000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`2317bdeaac808378d4e2cc5ac4a5aa91`
SHA1	`ec4b2ab15d26e22ab72805e8df8f9b83d24506ba`
SHA256	`efbaaa2a78d4709ac363c340d2c28f5d754c34f53888ef0b06e7c1d7646a6bc5`
SHA3	`53c22a7431e18973353263a8f1b45124b8156898e675e714d5772acf508bfbac`
VirtualSize	`0x3318`
VirtualAddress	`0x43000`
SizeOfRawData	`0x3400`
PointerToRawData	`0x3f200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.61401`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x10`
VirtualAddress	`0x47000`
SizeOfRawData	`0x200`
PointerToRawData	`0x42600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`9962a4b17649e18b93a06c29b37c1350`
SHA1	`f3080c9d462138ad50458e49174bc7d06243308a`
SHA256	`82b365a1238412772458c01ffd094ad8414492aaba5cc866bbedba75c3e8af04`
SHA3	`c72268e0e9f90fec9532d8898e81614ff9de6d5fc5d5326148e2f91446e8a2be`
VirtualSize	`0x4e8`
VirtualAddress	`0x48000`
SizeOfRawData	`0x600`
PointerToRawData	`0x42800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.78183`

.reloc

MD5	`6947fccf1231607049a4e1c7137917ea`
SHA1	`0ed40eee8c116c8f71b4dfb6ada02628d7a9869e`
SHA256	`c403726ad3c2ba1b2309f66d639c81b133e5f4a42d5e2972b8e2246a5e324140`
SHA3	`5ef75583acd1491db4e25f4e0ec357a8855999bd74cdc04e6735bf3996fce0db`
VirtualSize	`0x16c`
VirtualAddress	`0x49000`
SizeOfRawData	`0x200`
PointerToRawData	`0x42e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.1096`

Imports

ADVAPI32.dll	`AdjustTokenPrivileges` `AllocateAndInitializeSid` `CheckTokenMembership` `CloseServiceHandle` `ControlService` `CreateServiceA` `DeleteService` `DuplicateTokenEx` `FreeSid` `GetSidSubAuthority` `GetSidSubAuthorityCount` `GetTokenInformation` `GetUserNameA` `ImpersonateLoggedOnUser` `ImpersonateNamedPipeClient` `LogonUserW` `LookupAccountSidA` `LookupPrivilegeValueA` `OpenProcessToken` `OpenSCManagerA` `OpenThreadToken` `RegCloseKey` `RegCreateKeyExA` `RegDeleteKeyA` `RegDeleteValueA` `RegOpenKeyExA` `RegQueryValueExA` `RegSetValueExA` `RevertToSelf` `StartServiceA`
bcrypt.dll	`BCryptCloseAlgorithmProvider` `BCryptDecrypt` `BCryptDestroyKey` `BCryptEncrypt` `BCryptGenRandom` `BCryptGenerateSymmetricKey` `BCryptOpenAlgorithmProvider` `BCryptSetProperty`
CRYPT32.dll	`CryptUnprotectData`
dbghelp.dll	`MiniDumpWriteDump`
DNSAPI.dll	`DnsFree`
GDI32.dll	`BitBlt` `CreateCompatibleBitmap` `CreateCompatibleDC` `DeleteDC` `DeleteObject` `GetDIBits` `SelectObject` `SetStretchBltMode` `StretchBlt`
IPHLPAPI.DLL	`IcmpCloseHandle` `IcmpCreateFile` `IcmpSendEcho`
KERNEL32.dll	`CheckRemoteDebuggerPresent` `CloseHandle` `ConnectNamedPipe` `CopyFileA` `CreateDirectoryA` `CreateFileA` `CreateFileMappingA` `CreateMutexA` `CreateNamedPipeA` `CreatePipe` `CreateProcessA` `CreateRemoteThread` `CreateThread` `CreateToolhelp32Snapshot` `DeleteCriticalSection` `DeleteFileA` `DeleteProcThreadAttributeList` `DisconnectNamedPipe` `EnterCriticalSection` `ExitProcess` `FileTimeToSystemTime` `FindClose` `FindFirstFileA` `FindNextFileA` `FlushInstructionCache` `FreeLibrary` `GetCommandLineW` `GetComputerNameA` `GetCurrentDirectoryA` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThread` `GetDiskFreeSpaceExA` `GetFileAttributesA` `GetFileAttributesExA` `GetFileSizeEx` `GetLastError` `GetLogicalDrives` `GetModuleFileNameA` `GetModuleHandleA` `GetProcAddress` `GetProcessTimes` `GetStartupInfoA` `GetSystemDirectoryA` `GetSystemInfo` `GetSystemTimeAsFileTime` `GetTempPathA` `GetThreadContext` `GetThreadId` `GetTickCount` `GetTickCount64` `GetWindowsDirectoryA` `GlobalAlloc` `GlobalFree` `GlobalLock` `GlobalMemoryStatusEx` `GlobalUnlock` `InitializeCriticalSection` `InitializeProcThreadAttributeList` `IsDBCSLeadByte` `IsDebuggerPresent` `IsWow64Process` `K32EnumProcesses` `LeaveCriticalSection` `LoadLibraryA` `LocalFree` `MapViewOfFile` `Module32First` `Module32Next` `MoveFileA` `MoveFileExA` `MultiByteToWideChar` `OpenProcess` `OpenThread` `PeekNamedPipe` `Process32First` `Process32Next` `QueryFullProcessImageNameA` `QueryPerformanceCounter` `QueryPerformanceFrequency` `QueueUserAPC` `RaiseException` `ReadFile` `ReadProcessMemory` `ReleaseMutex` `RemoveDirectoryA` `ResumeThread` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlUnwindEx` `RtlVirtualUnwind` `SetFileAttributesA` `SetFileTime` `SetHandleInformation` `SetThreadContext` `SetUnhandledExceptionFilter` `Sleep` `SystemTimeToFileTime` `TerminateProcess` `Thread32First` `Thread32Next` `TlsGetValue` `UnmapViewOfFile` `UpdateProcThreadAttribute` `VirtualAlloc` `VirtualAllocEx` `VirtualFree` `VirtualFreeEx` `VirtualProtect` `VirtualProtectEx` `VirtualQuery` `WaitForSingleObject` `WideCharToMultiByte` `WriteFile` `WriteProcessMemory` `lstrcmpW`
api-ms-win-crt-convert-l1-1-0.dll	`mbrtowc` `strtol` `strtoll` `strtoul` `strtoull` `wcrtomb`
api-ms-win-crt-environment-l1-1-0.dll	`__p__environ`
api-ms-win-crt-filesystem-l1-1-0.dll	`_lock_file` `_unlock_file`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `calloc` `free` `malloc` `realloc`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale` `localeconv`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-private-l1-1-0.dll	`__C_specific_handler` `memcmp` `memcpy` `memmove` `strchr` `strrchr` `strstr`
api-ms-win-crt-runtime-l1-1-0.dll	`__p___argc` `__p___argv` `__p__acmdln` `_cexit` `_configure_narrow_argv` `_crt_atexit` `_errno` `_exit` `_initialize_narrow_environment` `_set_app_type` `_initterm` `_initterm_e` `_set_invalid_parameter_handler` `abort` `exit` `signal` `strerror`
api-ms-win-crt-stdio-l1-1-0.dll	`__acrt_iob_func` `__p__commode` `__p__fmode` `__stdio_common_vfprintf` `__stdio_common_vsprintf_s` `fclose` `fopen` `fputc` `fputs` `fread` `fseek` `ftell` `fwrite` `getc` `rewind` `ungetc`
api-ms-win-crt-string-l1-1-0.dll	`_stricmp` `isdigit` `isspace` `isxdigit` `mbrlen` `memset` `strcmp` `strlen` `strncmp` `strncpy` `strnlen` `strtok` `tolower` `wcslen` `wcsnlen`
api-ms-win-crt-utility-l1-1-0.dll	`rand` `srand`
ole32.dll	`CoCreateInstance` `CoInitialize` `CoInitializeEx` `CoInitializeSecurity` `CoSetProxyBlanket` `CoUninitialize`
OLEAUT32.dll	`SysAllocString` `SysAllocStringLen` `SysFreeString` `VariantClear` `VariantInit`
SHELL32.dll	`CommandLineToArgvW` `SHGetFolderPathA` `ShellExecuteA` `ShellExecuteExA`
urlmon.dll	`URLDownloadToFileA`
USER32.dll	`CallNextHookEx` `CloseClipboard` `DispatchMessageA` `EmptyClipboard` `EnumClipboardFormats` `GetClipboardData` `GetCursorPos` `GetDC` `GetForegroundWindow` `GetKeyboardState` `GetLastInputInfo` `GetMessageA` `GetSystemMetrics` `GetWindowTextA` `OpenClipboard` `PostThreadMessageW` `ReleaseDC` `SetClipboardData` `SetWindowsHookExW` `ToUnicode` `TranslateMessage` `UnhookWindowsHookEx`
WINHTTP.dll	`WinHttpAddRequestHeaders` `WinHttpCloseHandle` `WinHttpConnect` `WinHttpOpen` `WinHttpOpenRequest` `WinHttpQueryDataAvailable` `WinHttpReadData` `WinHttpReceiveResponse` `WinHttpSendRequest` `WinHttpSetOption`
WS2_32.dll	`WSACleanup` `WSAStartup` `__WSAFDIsSet` `accept` `bind` `closesocket` `connect` `freeaddrinfo` `getaddrinfo` `gethostname` `htons` `inet_ntop` `inet_pton` `ioctlsocket` `listen` `recv` `select` `send` `setsockopt` `socket`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x48f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.13793`
MD5	`5aa04ce935e78505e230765e85c34355`
SHA1	`6c93b8c5fde8be4b2231dca6b8ec513cdc82c991`
SHA256	`a73f26a8d504043f785d7360e8febf2eeb8522ec873a0d4dd5d1d4bfd1e67d3d`
SHA3	`149467cafc03ba34b33cd8076fc2771413760822357952de205dbae2b5cb8059`

Version Info

TLS Callbacks

StartAddressOfRawData	`0x140047000`
EndAddressOfRawData	`0x140047008`
AddressOfIndex	`0x14004207c`
AddressOfCallbacks	`0x14003c978`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x00000001400015F0` `0x00000001400015D0`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!

Leave a comment

No comments yet.