Manalyze report for 16728e7f0a9dbb36904330d79557c4f7

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2022-Jul-27 14:30:02
TLS Callbacks	2 callback(s) detected.
Debug artifacts	Embedded COFF debugging symbols

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: /4` `Unusual section name found: /14` `Unusual section name found: /29` `Unusual section name found: /41` `Unusual section name found: /55` `Unusual section name found: /67` `Unusual section name found: /78` `Unusual section name found: /89`
Suspicious	The file contains overlay data.	`653480 bytes of data starting at offset 0xadc00.`
Malicious	VirusTotal score: 3/72 (Scanned on 2026-02-21 22:57:15)	`Google: Detected` `Ikarus: Trojan.Win32.CoinMiner` `MaxSecure: Trojan.Malware.300983.susgen`

Hashes

MD5	`16728e7f0a9dbb36904330d79557c4f7`
SHA1	`ffafd30afb8f14d94b72953b9b09ffa10494bcfd`
SHA256	`fc2e7d37e137cd4d72d4ffe9ef7a8f66c0878b9ed3035c06c31ac2b95d295489`
SHA3	`81838660a04747ff83f3a2283cf4cd759910dd8d554fb15ce553e34645eb1bc2`
SSDeep	`24576:CxdeWIxZZV6nYMY4mb8zvfHnucCW8L3CsxA/k3h3Qvrngg:CxoZZVKYMvmYzvfHnTsif`
Imports Hash	`f3c664ca50aebe78ffe49d73342888f1`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`15`
TimeDateStamp	2022-Jul-27 14:30:02
PointerToSymbolTable	`0xadc00`
NumberOfSymbols	`14938`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x5d400`
SizeOfInitializedData	`0x8da00`
SizeOfUninitializedData	`0xc00`
AddressOfEntryPoint	`0x00001570 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x5f000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xb7000`
SizeOfHeaders	`0x400`
Checksum	`0x152996`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`08b132c954c885457b7031073da7269e`
SHA1	`c8ae8bf3f6c9983c1cb2a93cfd697355f151b502`
SHA256	`be9a33653c415a5000abcad76a3596c68604660a60395142125ad915a8bd3b2e`
SHA3	`15744a74befe1c2a3c0184654a2c02853f0cda74f61028b3cd4bf26b29fc5b68`
VirtualSize	`0x5d30c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5d400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.28493`

.data

MD5	`11fd347d6446bf7552c8e3e551072c5e`
SHA1	`aea5ed1252f7893ce77f353f952dfe99c6221c53`
SHA256	`ad459fd79f29f6ecba734bc6c8803dddec0efb4e2e9ab807188404fb550e24d5`
SHA3	`7f6794d89f0a22d727378c3a24575297e6dfab421a5fdb0e5d1c950c8f342941`
VirtualSize	`0x62bc`
VirtualAddress	`0x5f000`
SizeOfRawData	`0x6400`
PointerToRawData	`0x5d800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0749255`

.rdata

MD5	`775f6d207ab0ea89cfb60ab523ad1e22`
SHA1	`7b177d79e99abc3300d52fa392165b9b0503a245`
SHA256	`e651ec99ee2080c5d9afe3fcbb8a6e6dd209e0215ec35bedc8f7a02652da5512`
SHA3	`69ec6b783c7b154987a405aa2ccf3d4ed8964cb1923c81eddbb0c8bb6f7e95c0`
VirtualSize	`0x74e4`
VirtualAddress	`0x66000`
SizeOfRawData	`0x7600`
PointerToRawData	`0x63c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.23022`

/4

MD5	`702d138977380e305d88f4684d6af10c`
SHA1	`ff77998d9201cc075b10deadaa18b5e9315910b7`
SHA256	`e78fca1b9e23af8a40c4e95d10fadb803b43efd4226feaa0765c8cc8d69f3cfa`
SHA3	`f9c5bdb325d848333af51734125a6bf6b843d16217aea50fd8fd3a7d2612aed3`
VirtualSize	`0x21b50`
VirtualAddress	`0x6e000`
SizeOfRawData	`0x21c00`
PointerToRawData	`0x6b200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.6989`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xb80`
VirtualAddress	`0x90000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`8c0e25cdbc27f815fae278387e2acec7`
SHA1	`479179eff82b710a878aa20143836c77df76438f`
SHA256	`fb917163ddbc5566ae67aa12833ad18048463de06b613028a41b106ef6492279`
SHA3	`8f53581a7b087423ab4ce4ea18c722410b505539d033b82a571a7de2bf9b1505`
VirtualSize	`0xabc`
VirtualAddress	`0x91000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x8ce00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.81652`

.CRT

MD5	`6f79e32d54ae0da9cac3aa31fad05c31`
SHA1	`8b109f86e7728d02e813299d48040ac8259d06c9`
SHA256	`95939b71e0c5326db3b6acf281f165abc701ff3b5295bd5febe424e77d0cff48`
SHA3	`b0e37aef0af14fd769b66c1d84b52e4402de7b7912d1a4d04090f0d14d5e6acc`
VirtualSize	`0x18`
VirtualAddress	`0x92000`
SizeOfRawData	`0x200`
PointerToRawData	`0x8da00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.11837`

.tls

MD5	`9e61b0011dc70fae4e637d71f541a472`
SHA1	`db027899f33913d14de18d162de0c84d4f22e3d7`
SHA256	`7297856d9b81746d665e08877203a780eaf87818c19a5ad6e4bcd11f4e6bf15f`
SHA3	`cf3473df17965c12d341f191bf2461a9646f650c3fe2716234d8e8a6a1f10c91`
VirtualSize	`0x20`
VirtualAddress	`0x93000`
SizeOfRawData	`0x200`
PointerToRawData	`0x8dc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.199108`

/14

MD5	`53faf645d7ac183d51835afbf0486cc2`
SHA1	`b4184c96cacfc73ff358e7904cb7be8953d3d679`
SHA256	`f65fc4355f4f39588a506db3ce9caffd46c6125da5908708e956e5ab9bf0413f`
SHA3	`e4bc64133feb5395f6b7735bb6922b79121a3ea393ac2e7da6bd802133bf9d27`
VirtualSize	`0x458`
VirtualAddress	`0x94000`
SizeOfRawData	`0x600`
PointerToRawData	`0x8de00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.8918`

/29

MD5	`ec430de1a9fad07d1c40d9c4757f65ee`
SHA1	`764d4d9c6ee199c06f56b1f31d60c82344077d7d`
SHA256	`8fa3cf34fece87c439ad16cc1dd2a703c70f1650198abb095f951e91665e22d9`
SHA3	`e49841c322f1663ea60d4ef14ca7b67d758994a88f174139c93c0deeaa8e8a98`
VirtualSize	`0xdef0`
VirtualAddress	`0x95000`
SizeOfRawData	`0xe000`
PointerToRawData	`0x8e400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.85703`

/41

MD5	`cd4211883a6d65a5fae7cb2468278772`
SHA1	`3c5926b1cf45f90e6522a8542678bfd8bfaf974c`
SHA256	`3425c6ccc52a43541b8af308dc84aa2cd4e78130f5eb32348284603b7332fc2c`
SHA3	`9b12386e91e45aeeadbcbd263f2ccef3ed61d82f3835337037713973a16085d6`
VirtualSize	`0x324c`
VirtualAddress	`0xa3000`
SizeOfRawData	`0x3400`
PointerToRawData	`0x9c400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.60173`

/55

MD5	`59bcc5cc87326916eb225447e0f43b9d`
SHA1	`1aac013ff8106d981261c5b5edd885a19f67c68d`
SHA256	`38f29f20739dba31f7e94b67376106b8fe39127ef756c6db5970b58ac1759598`
SHA3	`5bc529852b3012aa1b11382d975059c0d85963d9586f6b9a41dac6778f85def9`
VirtualSize	`0x3a8f`
VirtualAddress	`0xa7000`
SizeOfRawData	`0x3c00`
PointerToRawData	`0x9f800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.96601`

/67

MD5	`3ed0ad9ca766cd57e21466c6a74cbe2e`
SHA1	`47b97348ff8398bcced28dd997462f4a8fa8b25a`
SHA256	`4944b07c270b96f674aa9ee5634dc9259bbbf63dd36f33c2886a6a122860fc96`
SHA3	`8ba822b9b1b9ff6cc93aa777ba9aa12f9b7bb51c19c8e7da29328b22686ac336`
VirtualSize	`0x109`
VirtualAddress	`0xab000`
SizeOfRawData	`0x200`
PointerToRawData	`0xa3400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.02325`

/78

MD5	`754e51eeea3039883918e0c73b4eed09`
SHA1	`adbd4b2a5abc083478b311aaf0e206c2cdd19c43`
SHA256	`8aa89a7b96f026bc336ed696d02858c603f05a36f2397f75aeabb553ddfef44b`
SHA3	`9a2c4760e340cfc5b9e147b6ed3edb2dd993c81b1800a564cc88d575c537392d`
VirtualSize	`0x9ba4`
VirtualAddress	`0xac000`
SizeOfRawData	`0x9c00`
PointerToRawData	`0xa3600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.38363`

/89

MD5	`89d15bfbde94d52b01d316cc585f9f08`
SHA1	`a78a25e1f0b2e634707dccd2012fba52bcb78332`
SHA256	`b44c6d91533eb90a3906cb6e1bea2564f1347dbf56350352efbe21fdc825a5e8`
SHA3	`c58955ffa7d0dacc2b87cb4707f85e456c65b8cc1db4770ec4c2386c1af667f3`
VirtualSize	`0x848`
VirtualAddress	`0xb6000`
SizeOfRawData	`0xa00`
PointerToRawData	`0xad200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.73568`

Imports

kernel32.dll	`CloseHandle` `CreateSemaphoreA` `DeleteCriticalSection` `EnterCriticalSection` `ExitProcess` `GetCommandLineA` `GetCurrentThreadId` `GetLastError` `GetModuleHandleA` `GetProcAddress` `InitializeCriticalSection` `InterlockedDecrement` `InterlockedExchange` `InterlockedIncrement` `IsDBCSLeadByteEx` `LeaveCriticalSection` `MultiByteToWideChar` `ReleaseSemaphore` `SetLastError` `SetUnhandledExceptionFilter` `Sleep` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `VirtualProtect` `VirtualQuery` `WaitForSingleObject` `WideCharToMultiByte`
msvcrt.dll	`_fdopen` `_lseek` `_read` `_strdup` `_stricoll` `_write`
msvcrt.dll (#2)	`_fdopen` `_lseek` `_read` `_strdup` `_stricoll` `_write`

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData	`0x493019`
EndAddressOfRawData	`0x49301c`
AddressOfIndex	`0x490030`
AddressOfCallbacks	`0x492004`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x00409230` `0x004091E0`

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Tried to read outside the COFF string table to get the name of section /14!
[*] Warning: Tried to read outside the COFF string table to get the name of section /29!
[*] Warning: Tried to read outside the COFF string table to get the name of section /41!
[*] Warning: Tried to read outside the COFF string table to get the name of section /55!
[*] Warning: Tried to read outside the COFF string table to get the name of section /67!
[*] Warning: Tried to read outside the COFF string table to get the name of section /78!
[*] Warning: Tried to read outside the COFF string table to get the name of section /89!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF String Table's reported size is bigger than the remaining bytes!
[*] Warning: Section .bss has a size of 0!