Manalyze report for 25b85ae3c8e64eed2c7f18ee6740d9938f543133d171fb93a762e33bdc8d0ddf

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Dec-30 23:48:37
Detected languages	English - United States
Debug artifacts	E:\ALL SOURCES\Impact Services , Vanguard\VMAX2\VMAX\VMAX\VMAX\examples\vmax\Release\vmax.pdb

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: virus` `Contains domain names: example.com github.com http://omnibus-type.com http://scripts.sil.org http://scripts.sil.org/OFLThis http://scripts.sil.org/OFLhttp http://www.andrewpaglinawan.comAndrew https://christianjansky.name https://christianjansky.nameLabil https://christianjansky.namehttps https://curl.se https://github.com https://kometa.xyzhttps https://scripts.sil.org https://scripts.sil.org/OFLThis https://scripts.sil.org/OFLhttp omnibus-type.com scripts.sil.org`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses known Mersenne Twister constants` `Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: FindWindowA` `Code injection capabilities (PowerLoader): FindWindowA GetWindowLongW` `Can access the registry: RegDeleteKeyA RegOpenKeyExA RegQueryValueExA RegOpenKeyExW RegQueryValueExW RegCreateKeyExA RegCloseKey` `Possibly launches other programs: CreateProcessA ShellExecuteA system` `Uses Microsoft's cryptographic API: CryptAcquireContextW CryptEncrypt CryptImportKey CryptDestroyKey CryptDestroyHash CryptHashData CryptCreateHash CryptGetHashParam CryptReleaseContext CryptDecodeObjectEx CryptQueryObject CryptStringToBinaryW` `Can create temporary files: CreateFileW CreateFileA GetTempPathW` `Leverages the raw socket API to access the Internet: ioctlsocket sendto gethostname htons recv recvfrom freeaddrinfo setsockopt socket WSAIoctl __WSAFDIsSet select accept htonl listen getsockname getpeername connect bind inet_ntop WSASetLastError ntohs inet_pton WSAGetLastError closesocket WSAWaitForMultipleEvents WSAResetEvent WSAEventSelect WSAEnumNetworkEvents WSACreateEvent WSACloseEvent send getsockopt WSACleanup WSAStartup getaddrinfo` `Functions related to the privilege level: OpenProcessToken` `Manipulates other processes: OpenProcess` `Changes object ACLs: SetSecurityInfo` `Reads the contents of the clipboard: GetClipboardData` `Interacts with the certificate store: CertAddCertificateContextToStore CertOpenStore`
Malicious	VirusTotal score: 39/70 (Scanned on 2026-03-19 04:35:46)	`ALYac: Gen:Variant.Application.Tedy.47000` `APEX: Malicious` `AVG: Win64:MalwareX-gen [Misc]` `AhnLab-V3: Trojan/Win.Generic.R758502` `Arcabit: Trojan.Application.Tedy.DB798` `Avast: Win64:MalwareX-gen [Misc]` `BitDefender: Gen:Variant.Application.Tedy.47000` `Bkav: W64.AIDetectMalware` `CAT-QuickHeal: Trojan.Ghanarava.1773790362b4d9ea` `CTX: exe.trojan.generic` `CrowdStrike: win/malicious_confidence_100% (W)` `Cylance: Unsafe` `Cynet: Malicious (score: 99)` `DeepInstinct: MALICIOUS` `ESET-NOD32: Win64/GameHack_AGen.ZP potentially unsafe application` `Elastic: malicious (high confidence)` `Emsisoft: Gen:Variant.Application.Tedy.47000 (B)` `Fortinet: W64/GenKryptik.WS!tr` `GData: Gen:Variant.Application.Tedy.47000` `Google: Detected` `Ikarus: Trojan-Downloader.Win64.Agent` `K7AntiVirus: Unwanted-Program ( 005ce4d01 )` `K7GW: Unwanted-Program ( 005ce4d01 )` `Lionic: Trojan.Win32.Generic.4!c` `Malwarebytes: Malware.AI.492334535` `MaxSecure: Trojan.Malware.576492660.susgen` `McAfeeD: ti!25B85AE3C8E6` `MicroWorld-eScan: Gen:Variant.Application.Tedy.47000` `Microsoft: Trojan:Win32/Wacatac.B!ml` `Paloalto: generic.ml` `Rising: Trojan.Kryptik@AI.90 (RDML:2ZupxaJN0EWvqAjX6R55rQ)` `SentinelOne: Static AI - Suspicious PE` `Skyhigh: BehavesLike.Win64.Dropper.tc` `Sophos: Mal/Generic-S` `TrellixENS: Artemis!74C9567C3F29` `VBA32: Trojan.Wacatac` `VIPRE: Gen:Variant.Application.Tedy.47000` `Varist: W64/ABApplication.UBKT-0143` `Zillya: Trojan.GameHackAGen.Win64.6559`

Hashes

MD5	`74c9567c3f29b4295fa2198e17b4d9ea`
SHA1	`e7eaef1d6e981fe71bab43249bbeb6f0ac0043af`
SHA256	`25b85ae3c8e64eed2c7f18ee6740d9938f543133d171fb93a762e33bdc8d0ddf`
SHA3	`66f33ead51fa2f74405389b9640ba9c6ab3dfad3b6e80c96111a9234644b2ecf`
SSDeep	`98304:GFXvxYGLeo2GBwpa5u/ot9du0nzwWbPiE3G50KvfioaBOfdP:kxYGLeo2GBwsg2du0zwWbPi6S3ioaUf`
Imports Hash	`eea1f153e22954527be80a2082704e4d`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x128`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2025-Dec-30 23:48:37
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x159c00`
SizeOfInitializedData	`0x3ede00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000152C58 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x54b000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`6e7bee7a12c9deb012b6e80a4aac74c2`
SHA1	`7908399c1711efbaf0339f87f8ecd064a351d3ff`
SHA256	`f3024afb0f3910513e1286c3dc9969330e6e2ca6852eb8e508995a89524ad64a`
SHA3	`ff3290715916cdc4a12dde7dc8f5bc6dd0dd9e78c4c078526ee773f0ba9aef95`
VirtualSize	`0x159a9c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x159c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.57369`

.rdata

MD5	`f6efdb116c4c8c7089f7318900b072f4`
SHA1	`b730979901e571eaa9332c92567c7faa5b098621`
SHA256	`0c2a4434871f05b8d6d98848eb9a6a202116723860990731b917a8fbc753e7bf`
SHA3	`e8b4906cc1c9384ff39d295f7d5708a7b021f32437f83adc7eecefb36cbd9494`
VirtualSize	`0xade68`
VirtualAddress	`0x15b000`
SizeOfRawData	`0xae000`
PointerToRawData	`0x15a000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.72633`

.data

MD5	`a4826ef226b43d87e2e2c0421fe46217`
SHA1	`c44d5349be49e65c46dbffc2f7fd52d029430359`
SHA256	`2762204c6a9d0f6e0f9e0de3eafd3bd18976ed0a2e02637e9ce53b5b2281a479`
SHA3	`d629b620b9f5ff22314603f900c2d96690f764164490d5d7cde5d5704b3d5f60`
VirtualSize	`0x2f1050`
VirtualAddress	`0x209000`
SizeOfRawData	`0x2ef200`
PointerToRawData	`0x208000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.93102`

.pdata

MD5	`70ec215c31d76404dc5ea10de2134260`
SHA1	`0eb1bd4ea5ae3bd97f86ecca4e840734376afc1b`
SHA256	`c0c9e5aad3d8dc4d4fb1996c1d2e9761634869b1c842a7355d16984a079a36d5`
SHA3	`36693299ff6a493e58d3bee6ee0a1077f2a253fc08d53dfdf7588bc11434b468`
VirtualSize	`0xb97c`
VirtualAddress	`0x4fb000`
SizeOfRawData	`0xba00`
PointerToRawData	`0x4f7200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.0397`

.rsrc

MD5	`287fa8bf3ba7b5a1d8c13d20b56b2c4c`
SHA1	`6d6a702ec1f7db464101efd9ae841c65dee3c722`
SHA256	`2de325382185bc4c8eea4f5e814bc3ed244e29ee6342fbc99d780e26290396a3`
SHA3	`e1dbbf51757ed824448da2228c6044e9aa95f994048aa7ced7e57ac8c7f0b345`
VirtualSize	`0x422b8`
VirtualAddress	`0x507000`
SizeOfRawData	`0x42400`
PointerToRawData	`0x502c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.8683`

.reloc

MD5	`56d8d074196541b48850010043d37703`
SHA1	`5904f7072d58fca8a3764dfd2c01e573ed0a336e`
SHA256	`ecc7643f8404dcde6d1f54a6c6f7e43939abcb96cdbcd589f850ba091da5d5d8`
SHA3	`9e56ccf4fd15c81d57005bf0b6ca100e5e19fefd6339d7e7adb88cb494ba265d`
VirtualSize	`0xd64`
VirtualAddress	`0x54a000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x545000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.33714`

Imports

d3d11.dll	`D3D11CreateDeviceAndSwapChain`
D3DCOMPILER_43.dll	`D3DCompile`
WINMM.dll	`PlaySoundA`
KERNEL32.dll	`GetProcessHeap` `InitializeCriticalSectionEx` `DeleteCriticalSection` `CreateThread` `CreateFileMappingW` `MapViewOfFile` `UnmapViewOfFile` `GetModuleFileNameW` `QueryFullProcessImageNameW` `SetLastError` `FormatMessageW` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `InitializeCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `GetSystemDirectoryW` `SleepEx` `GetSystemInfo` `GetTickCount` `MoveFileExW` `WaitForSingleObjectEx` `GetEnvironmentVariableA` `GetFileType` `ReadFile` `PeekNamedPipe` `WaitForMultipleObjects` `VerifyVersionInfoW` `GetFileSizeEx` `Sleep` `OutputDebugStringW` `InitializeSListHead` `GetSystemTimeAsFileTime` `IsProcessorFeaturePresent` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `WakeAllConditionVariable` `GetFileInformationByHandleEx` `AreFileApisANSI` `HeapFree` `GetCurrentThread` `SetFileInformationByHandle` `GetFileAttributesExW` `GetFileAttributesW` `FindFirstFileW` `FindClose` `CreateDirectoryW` `GetCurrentDirectoryW` `GetLocaleInfoEx` `FormatMessageA` `GetCurrentThreadId` `SleepConditionVariableSRW` `HeapReAlloc` `HeapAlloc` `HeapDestroy` `AddVectoredExceptionHandler` `CreateFileW` `HeapSize` `LoadLibraryW` `GetModuleHandleW` `GetLastError` `IsDebuggerPresent` `GetStdHandle` `FreeLibrary` `QueryPerformanceFrequency` `QueryPerformanceCounter` `VerSetConditionMask` `WideCharToMultiByte` `MultiByteToWideChar` `GlobalFree` `GlobalLock` `GlobalUnlock` `GlobalAlloc` `lstrcmpA` `LocalAlloc` `GetModuleHandleA` `GetCurrentProcessId` `GetCurrentProcess` `CreateFileA` `K32GetModuleFileNameExW` `K32EnumProcessModules` `K32EnumProcesses` `VirtualProtect` `GetTempPathW` `CreateProcessA` `CloseHandle` `TerminateProcess` `LocalFree` `GetModuleFileNameA` `DebugBreak` `WaitForSingleObject` `GetTickCount64` `GetProcAddress` `OpenProcess` `LoadLibraryA`
USER32.dll	`ClientToScreen` `GetCursorPos` `SetCursor` `SetCursorPos` `GetClientRect` `CreateWindowExW` `GetForegroundWindow` `IsWindowUnicode` `ReleaseCapture` `SetCapture` `PostQuitMessage` `UnregisterClassW` `SetLayeredWindowAttributes` `MoveWindow` `GetSystemMetrics` `UpdateWindow` `GetWindowRect` `SetWindowLongW` `LoadIconW` `MessageBoxA` `TranslateMessage` `DestroyWindow` `DispatchMessageW` `PeekMessageW` `RegisterClassExW` `LoadCursorW` `ScreenToClient` `GetCapture` `GetKeyState` `TrackMouseEvent` `EmptyClipboard` `GetClipboardData` `SetClipboardData` `CloseClipboard` `DefWindowProcW` `SendMessageW` `FindWindowA` `GetWindowThreadProcessId` `FindWindowExA` `GetWindowLongW` `ShowWindow` `SetWindowLongA` `OpenClipboard`
ADVAPI32.dll	`RegDeleteKeyA` `RegOpenKeyExA` `RegQueryValueExA` `OpenProcessToken` `GetTokenInformation` `ConvertSidToStringSidA` `RegOpenKeyExW` `RegQueryValueExW` `AddAccessAllowedAce` `GetLengthSid` `InitializeAcl` `IsValidSid` `RegCreateKeyExA` `SetSecurityInfo` `CopySid` `CryptAcquireContextW` `CryptEncrypt` `CryptImportKey` `CryptDestroyKey` `SystemFunction036` `CryptDestroyHash` `CryptHashData` `CryptCreateHash` `CryptGetHashParam` `CryptReleaseContext` `RegCloseKey`
SHELL32.dll	`ShellExecuteA`
ole32.dll	`CoSetProxyBlanket` `CoCreateInstance` `CoInitializeSecurity` `CoInitializeEx` `CoUninitialize`
OLEAUT32.dll	`VariantClear` `SysStringLen` `SysFreeString` `SysAllocString`
MSVCP140.dll	`_Mtx_lock` `_Mtx_unlock` `_Cnd_do_broadcast_at_thread_exit` `?_Throw_Cpp_error@std@@YAXH@Z` `?_Xbad_alloc@std@@YAXXZ` `?_Xbad_function_call@std@@YAXXZ` `?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ` `?_Xlength_error@std@@YAXPEBD@Z` `?_Xout_of_range@std@@YAXPEBD@Z` `?_Syserror_map@std@@YAPEBDH@Z` `?_Winerror_map@std@@YAHH@Z` `??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z` `??Bid@locale@std@@QEAA_KXZ` `?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z` `?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z` `?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z` `?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z` `??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z` `??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ` `?_Incref@facet@locale@std@@UEAAXXZ` `?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ` `?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A` `??0_Lockit@std@@QEAA@H@Z` `??1_Lockit@std@@QEAA@XZ` `?uncaught_exceptions@std@@YAHXZ` `_Thrd_detach` `??0_Locinfo@std@@QEAA@PEBD@Z` `??1_Locinfo@std@@QEAA@XZ` `?_Getfalse@_Locinfo@std@@QEBAPEBDXZ` `?_Gettrue@_Locinfo@std@@QEBAPEBDXZ` `??0facet@locale@std@@IEAA@_K@Z` `??1facet@locale@std@@MEAA@XZ` `?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ` `?always_noconv@codecvt_base@std@@QEBA_NXZ` `?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?getloc@ios_base@std@@QEBA?AVlocale@2@XZ` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ` `?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z` `?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ` `?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ` `?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z` `?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `_Thrd_id` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z` `?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z` `?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z` `??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z` `??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z` `?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z` `?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z` `?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ` `??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z` `??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z` `?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z` `?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z` `?_Random_device@std@@YAIXZ` `?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z` `?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z` `?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?id@?$ctype@D@std@@2V0locale@2@A` `?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `?id@?$numpunct@D@std@@2V0locale@2@A` `?widen@?$ctype@_W@std@@QEBA_WD@Z` `?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z` `?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z` `?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z` `?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z` `?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z` `?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ` `?id@?$ctype@_W@std@@2V0locale@2@A` `?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A` `?_Xinvalid_argument@std@@YAXPEBD@Z` `_Xtime_get_ticks` `??7ios_base@std@@QEBA_NXZ` `_Query_perf_counter` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z` `?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `_Thrd_join` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z` `_Query_perf_frequency`
SHLWAPI.dll	`StrStrW` `PathFindFileNameW`
WS2_32.dll	`ioctlsocket` `sendto` `gethostname` `htons` `recv` `recvfrom` `freeaddrinfo` `setsockopt` `socket` `WSAIoctl` `__WSAFDIsSet` `select` `accept` `htonl` `listen` `getsockname` `getpeername` `connect` `bind` `inet_ntop` `WSASetLastError` `ntohs` `inet_pton` `WSAGetLastError` `closesocket` `WSAWaitForMultipleEvents` `WSAResetEvent` `WSAEventSelect` `WSAEnumNetworkEvents` `WSACreateEvent` `WSACloseEvent` `send` `getsockopt` `WSACleanup` `WSAStartup` `getaddrinfo`
CRYPT32.dll	`CertGetCertificateChain` `CryptDecodeObjectEx` `CertFreeCertificateChainEngine` `CertCreateCertificateChainEngine` `CryptQueryObject` `CertAddCertificateContextToStore` `PFXImportCertStore` `CertFreeCertificateChain` `CertFreeCertificateContext` `CertFindCertificateInStore` `CertGetNameStringW` `CertFindExtension` `CertEnumCertificatesInStore` `CertCloseStore` `CertOpenStore` `CryptStringToBinaryW`
MPR.dll	`WNetGetProviderNameA`
IMM32.dll	`ImmSetCompositionWindow` `ImmGetContext` `ImmSetCandidateWindow` `ImmReleaseContext`
dwmapi.dll	`DwmExtendFrameIntoClientArea`
d3dx11_43.dll	`D3DX11CreateShaderResourceViewFromMemory`
ntdll.dll	`RtlLookupFunctionEntry` `RtlVirtualUnwind` `RtlCaptureContext`
RPCRT4.dll	`UuidToStringA` `UuidCreate` `RpcStringFreeA`
PSAPI.DLL	`GetModuleInformation`
USERENV.dll	`UnloadUserProfile`
bcrypt.dll	`BCryptGenRandom`
VCRUNTIME140.dll	`__current_exception` `__C_specific_handler` `wcschr` `strrchr` `__std_terminate` `_purecall` `strchr` `memset` `memcmp` `_CxxThrowException` `__std_exception_destroy` `__std_exception_copy` `strstr` `memmove` `__current_exception_context` `memchr` `memcpy`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
api-ms-win-crt-string-l1-1-0.dll	`wcslen` `strncmp` `tolower` `strcpy_s` `_strdup` `strlen` `_wcsdup` `strcspn` `wcspbrk` `strspn` `wcsncmp` `strpbrk` `wcsncpy` `toupper` `strncpy` `strcmp`
api-ms-win-crt-heap-l1-1-0.dll	`calloc` `realloc` `_callnewh` `free` `malloc` `_set_new_mode`
api-ms-win-crt-runtime-l1-1-0.dll	`_set_app_type` `_errno` `exit` `system` `__sys_errlist` `__sys_nerr` `terminate` `_register_thread_local_exe_atexit_callback` `_c_exit` `abort` `_invalid_parameter_noinfo` `__p___argv` `_resetstkoflw` `_beginthreadex` `__p___argc` `_exit` `_initterm_e` `_initterm` `_get_initial_narrow_environment` `_wassert` `_seh_filter_exe` `_cexit` `_invalid_parameter_noinfo_noreturn` `_crt_atexit` `_register_onexit_function` `_initialize_onexit_table` `_initialize_narrow_environment` `_configure_narrow_argv`
api-ms-win-crt-stdio-l1-1-0.dll	`fgetpos` `_wfopen` `_lseeki64` `fclose` `fflush` `fputc` `fsetpos` `_wopen` `fread` `_get_stream_buffer_pointers` `fseek` `_fseeki64` `feof` `fputs` `_set_fmode` `ftell` `setvbuf` `fwrite` `ungetc` `fgets` `__stdio_common_vsprintf` `__p__commode` `__stdio_common_vsscanf` `_read` `_write` `__acrt_iob_func` `_fileno` `_close` `_popen` `fgetc` `__stdio_common_vfprintf` `_pclose`
api-ms-win-crt-filesystem-l1-1-0.dll	`_lock_file` `_unlock_file` `_unlink` `_wstat64` `_fstat64` `remove`
api-ms-win-crt-utility-l1-1-0.dll	`srand` `rand` `qsort`
api-ms-win-crt-math-l1-1-0.dll	`sqrtf` `acosf` `__setusermatherr` `floorf` `sinf` `fmodf` `cosf` `ceilf` `fabs` `_dsign` `_ldsign` `_fdsign` `_dtest` `_ldtest` `_fdtest` `_fdopen` `powf`
api-ms-win-crt-convert-l1-1-0.dll	`wcstombs` `strtod` `atoi` `strtol` `strtoll` `strtoul` `strtoull`
api-ms-win-crt-time-l1-1-0.dll	`_localtime64` `_time64` `_gmtime64` `strftime`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale` `localeconv` `___lc_codepage_func`
api-ms-win-crt-environment-l1-1-0.dll	`getenv`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.85994`
MD5	`15ba718456beb3374a188217a50a52a6`
SHA1	`3e94f409473cd03c7709dd0ecbbbe9470978f9b6`
SHA256	`33f8d846c16c4926ad1107b32138e50c3caae6bb5686e8b2fec737f33d3f6300`
SHA3	`6575bab6e27871865d51a18d0c5f05c5d7d760e76b548f320bc4366ded0fd6ca`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.67095`
Detected Filetype	Icon file
MD5	`464cb94db3a2622922a9562865009ae8`
SHA1	`dbe17c767d942f219df59f9eae77b213c15eab70`
SHA256	`8affd1fa69a6c5a5b54e504d72d4e9a0eba9b7d702a445ea1399a5978794719a`
SHA3	`3e0e32110c6c0f3323eeeb5e4a6cbb7a8db52ab14e0f065384fb4eedac4fbcda`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Dec-30 23:48:37
Version	`0.0`
SizeofData	`118`
AddressOfRawData	`0x1ed964`
PointerToRawData	`0x1ec964`
Referenced File	E:\ALL SOURCES\Impact Services , Vanguard\VMAX2\VMAX\VMAX\VMAX\examples\vmax\Release\vmax.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Dec-30 23:48:37
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x1ed9dc`
PointerToRawData	`0x1ec9dc`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Dec-30 23:48:37
Version	`0.0`
SizeofData	`912`
AddressOfRawData	`0x1ed9f0`
PointerToRawData	`0x1ec9f0`

TLS Callbacks

StartAddressOfRawData	`0x1401edda0`
EndAddressOfRawData	`0x1401f04f4`
AddressOfIndex	`0x1404f9a38`
AddressOfCallbacks	`0x14015c258`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1404f6d40`

RICH Header

XOR Key	`0x9fbfac20`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`22`
C objects (33136)	`1`
253 (34321)	`7`
ASM objects (34321)	`4`
C objects (34321)	`10`
C++ objects (34321)	`48`
Imports (34321)	`6`
Imports (33136)	`44`
C objects (33523)	`43`
C objects (VS2022 Update 6 (17.6.4) compiler 32535)	`129`
Imports (21202)	`7`
Total imports	`641`
C++ objects (34435)	`18`
Resource objects (34435)	`1`
151	`1`
Linker (34435)	`1`

Errors

Leave a comment

No comments yet.