Manalyze report for 036fd91d07aadb0a125e6aa3bab8513b1bc6aab8333e8f9bd9da2359318952af

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2024-Jul-18 17:40:57
Detected languages	English - United States
TLS Callbacks	1 callback(s) detected.
Debug artifacts	C:\Users\santo\Desktop\stfix\output\build\stellar.pdb

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: CurrentControlSet\Services` `Contains another PE executable: This program cannot be run in DOS mode.` Contains domain names: 2-aia.verisign.com 2-crl.verisign.com 2009-2-aia.verisign.com 2009-2-crl.verisign.com High-Logic.com Logic.com Lyonsyoutube.com aia.verisign.com crl.microsoft.com crl.verisign.com csc3-2009-2-aia.verisign.com csc3-2009-2-crl.verisign.com curl.haxx.se example.com http://crl.microsoft.com http://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0 http://crl.verisign.com http://crl.verisign.com/ThawteTimestampingCA.crl0 http://crl.verisign.com/pca3.crl0 http://crl.verisign.com/tss-ca.crl0 http://csc3-2009-2-aia.verisign.com http://csc3-2009-2-aia.verisign.com/CSC3-2009-2.cer0 http://csc3-2009-2-crl.verisign.com http://csc3-2009-2-crl.verisign.com/CSC3-2009-2.crl0D http://logo.verisign.com http://logo.verisign.com/vslogo.gif0 http://ocsp.verisign.com0 http://ocsp.verisign.com01 http://ocsp.verisign.com0? https://curl.haxx.se https://curl.haxx.se/docs/http-cookies.html https://keyauth.win https://www.verisign.com https://www.verisign.com/cps0 https://www.verisign.com/rpa https://www.verisign.com/rpa0 https://www.youtube.com https://www.youtube.com/watch?v inkscape.org logo.verisign.com microsoft.com verisign.com www.inkscape.org www.verisign.com www.youtube.com youtube.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to SHA1` `Uses constants related to SHA256` `Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExA GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot CheckRemoteDebuggerPresent FindWindowA NtQuerySystemInformation` `Code injection capabilities: VirtualAlloc OpenProcess WriteProcessMemory` `Can access the registry: RegCreateKeyA RegOpenKeyExA RegQueryValueExA RegCloseKey RegSetValueExA` `Possibly launches other programs: ShellExecuteA ShellExecuteW system` `Uses Windows's Native API: NtRaiseHardError NtQuerySystemInformation ntohl ntohs` `Uses Microsoft's cryptographic API: CryptGetHashParam CryptCreateHash CryptHashData CryptDestroyHash CryptDestroyKey CryptImportKey CryptEncrypt CryptReleaseContext CryptGenRandom CryptAcquireContextA CryptQueryObject CryptStringToBinaryA CryptDecodeObjectEx` `Can create temporary files: GetTempPathW CreateFileA CreateFileW` `Uses functions commonly found in keyloggers: GetAsyncKeyState GetForegroundWindow` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtectEx VirtualProtect` `Has Internet access capabilities: URLOpenBlockingStreamA` `Leverages the raw socket API to access the Internet: send closesocket bind connect ntohl gethostname sendto recvfrom freeaddrinfo getaddrinfo select __WSAFDIsSet ioctlsocket listen htonl accept WSACleanup WSAStartup WSAIoctl WSASetLastError socket setsockopt WSAGetLastError ntohs htons getsockopt getsockname getpeername recv` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges` `Manipulates other processes: Process32Next Process32First OpenProcess WriteProcessMemory` `Changes object ACLs: SetSecurityInfo` `Reads the contents of the clipboard: GetClipboardData` `Interacts with the certificate store: CertOpenStore CertAddCertificateContextToStore`
Malicious	VirusTotal score: 52/76 (Scanned on 2025-02-22 12:14:44)	`ALYac: Trojan.Generic.36729571` `APEX: Malicious` `AVG: FileRepMalware [Misc]` `AhnLab-V3: Trojan/Win.Generic.R663734` `Alibaba: RiskWare:Win64/SpyLoader.bde2ce1a` `Antiy-AVL: Trojan/Win32.Sabsik` `Arcabit: Trojan.Generic.D23072E3` `Avast: FileRepMalware [Misc]` `Avira: HEUR/AGEN.1319017` `BitDefender: Trojan.Generic.36729571` `CAT-QuickHeal: Trojan.Ghanarava.17322338553ecb23` `CTX: exe.trojan.generic` `ClamAV: Win.Malware.Lazy-10038632-0` `CrowdStrike: win/malicious_confidence_100% (W)` `Cylance: Unsafe` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `ESET-NOD32: a variant of Win64/Riskware.GameHack.AO` `Elastic: malicious (high confidence)` `Emsisoft: Trojan.Generic.36729571 (B)` `F-Secure: Heuristic.HEUR/AGEN.1319017` `FireEye: Trojan.Generic.36729571` `Fortinet: Riskware/GameHack` `GData: Trojan.Generic.36729571` `Google: Detected` `Gridinsoft: Ransom.Win64.Sabsik.cl` `Ikarus: Trojan.Win32.Generic` `K7AntiVirus: Trojan ( 005b7e6d1 )` `K7GW: Trojan ( 005b7e6d1 )` `Kaspersky: Trojan.Win64.Agent.qwluph` `Kingsoft: Win64.Trojan.Agent.qwluph` `Lionic: Trojan.Win32.GameHack.4!c` `MAX: malware (ai score=87)` `Malwarebytes: Malware.AI.2544390764` `MaxSecure: Trojan.Malware.275919288.susgen` `McAfee: Artemis!7F32425D3FE0` `McAfeeD: ti!036FD91D07AA` `MicroWorld-eScan: Trojan.Generic.36729571` `Microsoft: Trojan:Win32/Phonzy.A!ml` `Paloalto: generic.ml` `Panda: Trj/Chgt.AD` `Rising: Trojan.Agent!8.B1E (CLOUD)` `SentinelOne: Static AI - Malicious PE` `Skyhigh: BehavesLike.Win64.Downloader.vh` `Sophos: Mal/Generic-S` `Symantec: ML.Attribute.HighConfidence` `Tencent: Malware.Win32.Gencirc.1416aa86` `TrendMicro-HouseCall: TROJ_GEN.R002H0DHK24` `VIPRE: Trojan.Generic.36729571` `Varist: W64/Agent.IDJ.gen!Eldorado` `Zillya: Trojan.GameHack.Win64.729` `ZoneAlarm: Trojan.Win64.Agent.qwluph`

Hashes

MD5	`7f32425d3fe0e1adf238cfdd943ecb23`
SHA1	`fc965833c3bcbb053f659d112855c93a2fca743c`
SHA256	`036fd91d07aadb0a125e6aa3bab8513b1bc6aab8333e8f9bd9da2359318952af`
SHA3	`14a0883613ba40d11b260a3cf1e1398514bfa6c2e6c78f3169e2233521fa0b54`
SSDeep	`49152:Cg8xJBVfY9Ahg5m+gB5Aq0bESczan5xt8:k9VfoAW50HMt8`
Imports Hash	`e03ffcbd2ef50e4ddf576c574485bf12`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x130`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2024-Jul-18 17:40:57
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x159000`
SizeOfInitializedData	`0xd3600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000154B98 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x230000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`3c1d77122f06b51011ab71e1679579f4`
SHA1	`e181b5a0bf7ab0a5fe68f44bfc9620f4b8528322`
SHA256	`2e552e16d66bce6c28ea68c80f9665b4f1f1e33f86555ea3c90455c3ca362d2e`
SHA3	`d1675e8f4e3a4284a276740c6107f32f726315ca92e91ef5ed088176faca7326`
VirtualSize	`0x158e50`
VirtualAddress	`0x1000`
SizeOfRawData	`0x159000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.50369`

.rdata

MD5	`41404a8526b9a538b9b5a9a6bf81c8e8`
SHA1	`0fac0ff3378fd22072d4b676bcf73a20e34ef206`
SHA256	`7cf4ce2d352bdc33e501f1f1a235302f5b6ec1f8211a00c77e0aa62d0f8e7e7e`
SHA3	`6b142ade11013ea1abc7c39e23712556f3e43d934f89666965d5fe2c78abd499`
VirtualSize	`0x658ae`
VirtualAddress	`0x15a000`
SizeOfRawData	`0x65a00`
PointerToRawData	`0x159400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.60108`

.data

MD5	`e5f2107c5ce486ea3cd0e378a41d8c06`
SHA1	`c7c5cc080dcf0b16e3e0569449bf0bad42356e69`
SHA256	`9a01936bceef1ab60f6e990b676fbd18c24c56b957e6caec68bea3b366b35c0b`
SHA3	`ea90096b3f4e8835cfeb976b18f16cdf3dbe995a61f11056f538502f74027354`
VirtualSize	`0x5dae8`
VirtualAddress	`0x1c0000`
SizeOfRawData	`0x53c00`
PointerToRawData	`0x1bee00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.18073`

.pdata

MD5	`82958dfe9222c2dba19b568b1f167899`
SHA1	`0097772d1bebcd4e1a3d4a046bfa394ff47cabe9`
SHA256	`7cc3cfa27d462b40f4536d75bcf765670ff29b1e1d548704d89b404a0490445d`
SHA3	`4cd692fde8de752298caa6a7410af62143893c03566a0765cce4a69efcddf96d`
VirtualSize	`0xe610`
VirtualAddress	`0x21e000`
SizeOfRawData	`0xe800`
PointerToRawData	`0x212a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.17934`

.rsrc

MD5	`f7e26947ba0863b0695b4638d9a767b7`
SHA1	`df6feb52b2ba052e55799dc188ef67c8b7aaeb12`
SHA256	`96a5636ff6d0a02399d574a2ee95c52d8ab0b3a978b1d08c40127a74e9856ca3`
SHA3	`66a41aba54b43be8d067b605057c0b0f2c2081194826a33c7724f698c73ca4c6`
VirtualSize	`0x1e8`
VirtualAddress	`0x22d000`
SizeOfRawData	`0x200`
PointerToRawData	`0x221200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.76666`

.reloc

MD5	`65e749f71f5d934f0db84bfa6d36678c`
SHA1	`3a5e2f137e478da19ecdd1c797fc6e0e5df58904`
SHA256	`d055ab1e7e7b459d687e14a646a87b06a8f60fad47d12b90519d1543bd774253`
SHA3	`6a67d34deda26a60c3a40f7159bc3bd503e99f4d065fe082fce61108ea653e87`
VirtualSize	`0x1470`
VirtualAddress	`0x22e000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x221400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.30331`

Imports

KERNEL32.dll	`GetFileInformationByHandleEx` `MoveFileExW` `AreFileApisANSI` `GetTempPathW` `GetFullPathNameW` `GetFileAttributesExW` `GetFileAttributesW` `FindNextFileW` `FindFirstFileExW` `FindFirstFileW` `FindClose` `CreateDirectoryW` `InitializeSListHead` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `IsProcessorFeaturePresent` `TerminateProcess` `lstrcmpiA` `Process32Next` `CreateToolhelp32Snapshot` `Process32First` `LoadLibraryExA` `QueryPerformanceCounter` `FreeLibrary` `VerSetConditionMask` `QueryPerformanceFrequency` `GetLocaleInfoA` `GlobalUnlock` `WideCharToMultiByte` `GlobalLock` `GlobalFree` `GlobalAlloc` `MultiByteToWideChar` `DeviceIoControl` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `SleepConditionVariableSRW` `WakeAllConditionVariable` `AcquireSRWLockExclusive` `VirtualAlloc` `VirtualFree` `ReleaseSRWLockExclusive` `WaitForMultipleObjects` `PeekNamedPipe` `GetFileType` `GetEnvironmentVariableA` `WaitForSingleObjectEx` `MoveFileExA` `GetTickCount` `VerifyVersionInfoA` `GetSystemDirectoryA` `SleepEx` `LeaveCriticalSection` `EnterCriticalSection` `LocalFree` `FormatMessageA` `QueryFullProcessImageNameW` `GetModuleHandleW` `CreateFileMappingW` `ExitProcess` `DeleteCriticalSection` `InitializeCriticalSectionEx` `HeapSize` `HeapDestroy` `GetLastError` `CreateFileMappingA` `UnmapViewOfFile` `MapViewOfFile` `GetProcessHeap` `HeapFree` `HeapReAlloc` `HeapAlloc` `GetFileSizeEx` `GetSystemInfo` `SetLastError` `GetCurrentProcessId` `VirtualProtectEx` `OpenProcess` `WriteProcessMemory` `CheckRemoteDebuggerPresent` `IsDebuggerPresent` `VirtualQuery` `GetFileSize` `GetProcAddress` `CreateThread` `CloseHandle` `LoadLibraryA` `GetCurrentThread` `CreateFileA` `GlobalAddAtomA` `Sleep` `GetModuleHandleA` `ReadFile` `CreateFileW` `WriteFile` `GetStdHandle` `GetCurrentProcess` `SetConsoleTitleA` `OutputDebugStringW` `SetConsoleTextAttribute` `VirtualProtect` `GetModuleFileNameA` `GetLocaleInfoEx`
USER32.dll	`GetClipboardData` `mouse_event` `IsWindowUnicode` `SetProcessDPIAware` `ScreenToClient` `DispatchMessageA` `GetWindowRect` `DestroyWindow` `GetSystemMetrics` `ShowWindow` `SetWindowLongA` `SetWindowDisplayAffinity` `MessageBoxA` `MessageBoxW` `GetMonitorInfoA` `MoveWindow` `DefWindowProcA` `CreateWindowExA` `FindWindowA` `SendInput` `SetLayeredWindowAttributes` `TranslateMessage` `LoadIconA` `GetCursorPos` `PeekMessageA` `UnregisterClassA` `PostQuitMessage` `GetDesktopWindow` `RegisterClassExA` `UpdateWindow` `GetKeyState` `GetMessageExtraInfo` `LoadCursorA` `GetAsyncKeyState` `MonitorFromWindow` `GetCapture` `ClientToScreen` `TrackMouseEvent` `GetClientRect` `ReleaseCapture` `SetCursorPos` `SetCursor` `OpenClipboard` `SetCapture` `CloseClipboard` `GetForegroundWindow` `EmptyClipboard` `GetKeyboardLayout` `SetClipboardData`
GDI32.dll	`CreateSolidBrush`
ADVAPI32.dll	`RegCreateKeyA` `GetLengthSid` `GetTokenInformation` `InitializeAcl` `IsValidSid` `GetUserNameA` `SetSecurityInfo` `CopySid` `ConvertSidToStringSidA` `CryptGetHashParam` `CryptCreateHash` `CryptHashData` `CryptDestroyHash` `CryptDestroyKey` `CryptImportKey` `CryptEncrypt` `CryptReleaseContext` `CryptGenRandom` `CryptAcquireContextA` `RegOpenKeyExA` `RegQueryValueExA` `RegCloseKey` `OpenProcessToken` `RegSetValueExA` `AdjustTokenPrivileges` `LookupPrivilegeValueW` `AddAccessAllowedAce`
SHELL32.dll	`SHGetFolderPathW` `ShellExecuteA` `ShellExecuteW`
d3d11.dll	`D3D11CreateDeviceAndSwapChain`
D3DCOMPILER_43.dll	`D3DCompile`
d3dx11_43.dll	`D3DX11CreateShaderResourceViewFromMemory`
MSVCP140.dll	`??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?getloc@ios_base@std@@QEBA?AVlocale@2@XZ` `?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?always_noconv@codecvt_base@std@@QEBA_NXZ` `??Bid@locale@std@@QEAA_KXZ` `?_Throw_Cpp_error@std@@YAXH@Z` `_Cnd_do_broadcast_at_thread_exit` `_Thrd_detach` `_Mtx_lock` `_Mtx_unlock` `_Thrd_id` `_Thrd_join` `?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z` `?setf@ios_base@std@@QEAAHHH@Z` `?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z` `?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z` `?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z` `??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z` `??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z` `?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z` `?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z` `?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `_Query_perf_frequency` `??1_Lockit@std@@QEAA@XZ` `?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `??0_Lockit@std@@QEAA@H@Z` `?uncaught_exceptions@std@@YAHXZ` `?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ` `?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A` `?_Xout_of_range@std@@YAXPEBD@Z` `?_Winerror_map@std@@YAHH@Z` `?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z` `?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z` `?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?_Xbad_function_call@std@@YAXXZ` `?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z` `?id@?$ctype@D@std@@2V0locale@2@A` `?_Xlength_error@std@@YAXPEBD@Z` `?_Syserror_map@std@@YAPEBDH@Z` `_Query_perf_counter` `?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z` `?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z` `?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z`
VMProtectSDK64.dll	`VMProtectDecryptStringA` `VMProtectBegin` `VMProtectBeginUltra` `VMProtectEnd`
ntdll.dll	`NtRaiseHardError` `RtlAdjustPrivilege` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `RtlInitAnsiString` `RtlAnsiStringToUnicodeString` `NtQuerySystemInformation`
urlmon.dll	`URLOpenBlockingStreamA`
IMM32.dll	`ImmSetCompositionWindow` `ImmReleaseContext` `ImmGetContext` `ImmSetCandidateWindow`
dwmapi.dll	`DwmExtendFrameIntoClientArea`
dbghelp.dll	`ImageDirectoryEntryToData` `ImageRvaToVa` `ImageNtHeader`
Normaliz.dll	`IdnToAscii`
WLDAP32.dll	`#217` `#46` `#211` `#60` `#45` `#50` `#41` `#22` `#26` `#27` `#32` `#33` `#35` `#79` `#30` `#200` `#301` `#143`
CRYPT32.dll	`CryptQueryObject` `CertCreateCertificateChainEngine` `CertOpenStore` `CryptStringToBinaryA` `CertCloseStore` `CertEnumCertificatesInStore` `CertFindCertificateInStore` `CertFreeCertificateContext` `PFXImportCertStore` `CryptDecodeObjectEx` `CertAddCertificateContextToStore` `CertGetNameStringA` `CertFreeCertificateChain` `CertGetCertificateChain` `CertFreeCertificateChainEngine` `CertFindExtension`
WS2_32.dll	`send` `closesocket` `bind` `connect` `ntohl` `gethostname` `sendto` `recvfrom` `freeaddrinfo` `getaddrinfo` `select` `__WSAFDIsSet` `ioctlsocket` `listen` `htonl` `accept` `WSACleanup` `WSAStartup` `WSAIoctl` `WSASetLastError` `socket` `setsockopt` `WSAGetLastError` `ntohs` `htons` `getsockopt` `getsockname` `getpeername` `recv`
RPCRT4.dll	`UuidCreate` `UuidToStringA` `RpcStringFreeA`
PSAPI.DLL	`GetModuleInformation`
USERENV.dll	`UnloadUserProfile`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`memchr` `memcmp` `_CxxThrowException` `memset` `__current_exception_context` `__intrinsic_setjmp` `memmove` `__current_exception` `longjmp` `memcpy` `strrchr` `strchr` `wcsstr` `strstr` `__std_terminate` `__std_exception_copy` `__std_exception_destroy` `__C_specific_handler`
api-ms-win-crt-runtime-l1-1-0.dll	`_errno` `_invalid_parameter_noinfo_noreturn` `_beginthreadex` `exit` `abort` `terminate` `system` `_exit` `_Exit` `quick_exit` `strerror` `__sys_nerr` `_register_thread_local_exe_atexit_callback` `_c_exit` `__p___argv` `__p___argc` `_invalid_parameter_noinfo` `_initterm_e` `_initterm` `_get_initial_narrow_environment` `_set_app_type` `_seh_filter_exe` `_cexit` `_crt_atexit` `_register_onexit_function` `_initialize_onexit_table` `_initialize_narrow_environment` `_configure_narrow_argv` `_resetstkoflw` `_getpid`
api-ms-win-crt-stdio-l1-1-0.dll	`_lseeki64` `ungetc` `_get_stream_buffer_pointers` `fsetpos` `feof` `fputs` `fopen` `fputc` `fflush` `fclose` `fread` `fgetc` `_fseeki64` `_set_fmode` `__p__commode` `_open` `fwrite` `_read` `fgetpos` `_popen` `_pclose` `fgets` `_close` `_write` `ftell` `__acrt_iob_func` `fseek` `__stdio_common_vfprintf` `__stdio_common_vsprintf` `__stdio_common_vsscanf` `_wfopen` `setvbuf`
api-ms-win-crt-heap-l1-1-0.dll	`free` `malloc` `calloc` `realloc` `_callnewh` `_set_new_mode`
api-ms-win-crt-utility-l1-1-0.dll	`qsort` `srand` `rand`
api-ms-win-crt-math-l1-1-0.dll	`pow` `powf` `cosf` `atan2f` `sqrt` `acosf` `sinf` `_dsign` `sqrtf` `ceilf` `_dclass` `fmodf` `__setusermatherr`
api-ms-win-crt-convert-l1-1-0.dll	`strtoul` `strtod` `atoi` `strtol` `strtoll` `strtoull` `atof`
api-ms-win-crt-filesystem-l1-1-0.dll	`remove` `_fstat64` `_access` `_stat64` `_lock_file` `_unlock_file` `_unlink`
api-ms-win-crt-string-l1-1-0.dll	`strncmp` `strcmp` `strcspn` `_strdup` `isupper` `tolower` `strpbrk` `strspn` `strncpy` `_stricmp`
api-ms-win-crt-locale-l1-1-0.dll	`localeconv` `_configthreadlocale` `___lc_codepage_func`
api-ms-win-crt-time-l1-1-0.dll	`_gmtime64` `_time64`
api-ms-win-crt-environment-l1-1-0.dll	`getenv`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2024-Jul-18 17:40:57
Version	`0.0`
SizeofData	`78`
AddressOfRawData	`0x1a4a04`
PointerToRawData	`0x1a3e04`
Referenced File	C:\Users\santo\Desktop\stfix\output\build\stellar.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2024-Jul-18 17:40:57
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x1a4a54`
PointerToRawData	`0x1a3e54`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2024-Jul-18 17:40:57
Version	`0.0`
SizeofData	`992`
AddressOfRawData	`0x1a4a68`
PointerToRawData	`0x1a3e68`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2024-Jul-18 17:40:57
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x1401a4e70`
EndAddressOfRawData	`0x1401a4f20`
AddressOfIndex	`0x14021cdd8`
AddressOfCallbacks	`0x14015b350`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES`
Callbacks	`0x00000001401548D0`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1401c0080`

RICH Header

XOR Key	`0x882d98d1`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`22`
Imports (VS2015 UPD3.1 build 24215)	`2`
Imports (33731)	`6`
253 (33731)	`9`
ASM objects (33731)	`4`
C objects (33731)	`10`
C++ objects (33731)	`40`
Imports (21202)	`6`
C objects (VS2019 Update 6 (16.6.1-5) compiler 28806)	`105`
C objects (VS2022 Update 8 (17.8.3) compiler 33133)	`2`
C++ objects (VS2022 Update 8 (17.8.3) compiler 33133)	`2`
C objects (VS2022 Update 1 (17.1.6) compiler 31107)	`26`
Imports (30795)	`37`
Total imports	`587`
Unmarked objects (#2)	`1`
C++ objects (LTCG) (33811)	`42`
Resource objects (33811)	`1`
Linker (33811)	`1`

Errors

Leave a comment

No comments yet.