29cf113a759837745411a67bc1a95eaf

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2020-May-20 15:50:49
Detected languages English - United States

Plugin Output

Info Libraries used to perform cryptographic operations: Microsoft's Cryptography API
Suspicious The PE is possibly packed. Unusual section name found: nf6Bc0
Unusual section name found: nf6Bc1
Unusual section name found: nf6Bc2
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
  • LoadLibraryA
  • LoadLibraryW
Functions which can be used for anti-debugging purposes:
  • CreateToolhelp32Snapshot
Code injection capabilities:
  • VirtualAlloc
  • OpenProcess
  • WriteProcessMemory
Can access the registry:
  • RegCloseKey
  • RegDeleteValueW
  • RegDeleteKeyW
  • RegOpenKeyExW
  • RegSetValueExW
  • RegQueryValueExW
  • RegOpenKeyW
  • RegCreateKeyW
Possibly launches other programs:
  • ShellExecuteW
  • CreateProcessW
Uses Microsoft's cryptographic API:
  • CryptGenRandom
  • CryptAcquireContextW
  • CryptReleaseContext
Memory manipulation functions often used by packers:
  • VirtualAlloc
  • VirtualProtect
Functions related to the privilege level:
  • OpenProcessToken
  • AdjustTokenPrivileges
Interacts with services:
  • OpenSCManagerW
  • QueryServiceStatus
  • OpenServiceW
  • ControlService
Manipulates other processes:
  • OpenProcess
  • WriteProcessMemory
Can take screenshots:
  • BitBlt
  • CreateCompatibleDC
Malicious VirusTotal score: 6/71 (Scanned on 2020-05-22 03:26:42) APEX: Malicious
Trapmine: suspicious.low.ml.score
FireEye: Generic.mg.29cf113a75983774
SentinelOne: DFI - Suspicious PE
MaxSecure: Trojan.Malware.300983.susgen
CrowdStrike: win/malicious_confidence_60% (W)

Hashes

MD5 29cf113a759837745411a67bc1a95eaf
SHA1 a199dd4a6049f5ca08edc0901ec3f5463e20fad8
SHA256 c2a1a2a86d272d842c0137a24c7f84948703dde541c7cd8e5e01587f8994d725
SHA3 13f83baf2992b0ba0182a768243cb706edd70433504ec696939162bd4282ba4e
SSDeep 393216:2pBUkmxj+tdCXUB1Rm1y5Xx9UrPtOzcqQgDDE6R5lVb:2pBUkA+tdQUhm1yRUZlgDAK
Imports Hash 8cb7f541d1d9292ddf5084ea108e1803

DOS Header

e_magic MZ
e_cblp 0
e_cp 0
e_crlc 0
e_cparhdr 0
e_minalloc 0
e_maxalloc 0
e_ss 0
e_sp 0
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x40

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 8
TimeDateStamp 2020-May-20 15:50:49
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0xbea00
SizeOfInitializedData 0x2ea00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000001B2ECB1 (Section: nf6Bc2)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x1cb3000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0xbe934
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x27c78
VirtualAddress 0xc0000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x66cc
VirtualAddress 0xe8000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

nf6Bc0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x1b8
VirtualAddress 0xef000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls

MD5 e14c062ab1a2fdba04a54c80c3128f62
SHA1 ad61d89f43ad9faed7a99362c06d0d854b54e5fd
SHA256 11c0770dd436efc3902ad68a45d5662e37efff0b1f908e079a727218f1b27443
SHA3 9f5eae976eb6c81bf9d1860479be1eb01e7d5e9f8e0970ddb385d75de72294c7
VirtualSize 0x9
VirtualAddress 0xf0000
SizeOfRawData 0x200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.0815394

nf6Bc1

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0xd13682
VirtualAddress 0xf1000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

nf6Bc2

MD5 850cc7a03b6c2e4daae5a0c41d8d78d7
SHA1 41198d1e33bf3deb3234ed0b6bd9753156b7a3fc
SHA256 3427722ff81a585b0e580fdfea25800065449969943b979481a54a2a7f93083e
SHA3 cc674b18d1e0bd2c16ef87e919a5f93b7eb7dab8c94d1f5b7766457984b845cc
VirtualSize 0xeacd48
VirtualAddress 0xe05000
SizeOfRawData 0xeace00
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.97013

.rsrc

MD5 55307b5b15a9b1881dce1ff0fe7d081f
SHA1 199e5abb76b49e4053f4b41609058807bebd9152
SHA256 d6f24ea6005d158bf2e0f44fdf0eda46bc033e5c44e1532041136a8ba257265f
SHA3 b6e217d544c00787a9d89c9f549446e324fde29c0220ad59503bdb1aec241b53
VirtualSize 0x1b1
VirtualAddress 0x1cb2000
SizeOfRawData 0x200
PointerToRawData 0xead400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.36423

Imports

SHLWAPI.dll #12
SHELL32.dll ShellExecuteW
CommandLineToArgvW
api-ms-win-crt-utility-l1-1-0.dll rand
srand
api-ms-win-crt-string-l1-1-0.dll strcpy_s
wcscmp
_wcsnicmp
wcscpy_s
strlen
tolower
wcscat_s
wcscpy
_wcslwr_s
_stricmp
isalnum
wcslen
wcscat
gdiplus.dll GdipAddPathLineI
GdipSetCompositingQuality
GdipSetClipRectI
GdipSetSolidFillColor
GdipDeleteStringFormat
GdipMeasureString
GdipEndContainer
GdipDrawRectangleI
GdipCreateFontFamilyFromName
GdipCreatePen1
GdipCreatePath
GdipDeleteFontFamily
GdipDisposeImage
GdipSetTextRenderingHint
GdipFillRectangle
GdipFree
GdipDrawImageRect
GdipLoadImageFromStream
GdipSetStringFormatLineAlign
GdipDeleteFont
GdipDeletePrivateFontCollection
GdipGetPathWorldBoundsI
GdipSetSmoothingMode
GdiplusStartup
GdipCreateFromHDC
GdipCreateFont
GdipDrawPath
GdipSetStringFormatAlign
GdipPrivateAddMemoryFont
GdipDeleteGraphics
GdipBeginContainer2
GdipFillRectangleI
GdiplusShutdown
GdipTranslateWorldTransform
GdipDrawLineI
GdipAlloc
GdipCloneFontFamily
GdipGetFontCollectionFamilyList
GdipDeletePen
GdipCreateSolidFill
GdipCloneImage
GdipSetPenColor
GdipDeletePath
GdipCreateStringFormat
GdipCreateLineBrushI
GdipFillPath
GdipSetPenWidth
GdipDeleteBrush
GdipNewPrivateFontCollection
GdipAddPathRectangleI
GdipDrawLine
GdipDrawString
api-ms-win-crt-runtime-l1-1-0.dll _wassert
_seh_filter_exe
_exit
_initterm_e
_crt_atexit
_register_onexit_function
_cexit
_register_thread_local_exe_atexit_callback
_get_wide_winmain_command_line
_c_exit
_initialize_onexit_table
terminate
_initterm
_errno
_set_app_type
_configure_wide_argv
_initialize_wide_environment
exit
_invalid_parameter_noinfo_noreturn
GDI32.dll GetStockObject
DeleteObject
SelectObject
DeleteDC
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale
MSVCP140.dll ?_Random_device@std@@YAIXZ
_Cnd_init
_Mtx_destroy
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
_Cnd_destroy
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?uncaught_exception@std@@YA_NXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
??1ios_base@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_Init@ios_base@std@@IEAAXXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
??0_Lockit@std@@QEAA@H@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA_N_N@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
_Cnd_signal
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
_Mtx_lock
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Id_cnt@id@locale@std@@0HA
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_id
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?_Xbad_function_call@std@@YAXXZ
?_Throw_C_error@std@@YAXH@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEBA?AVlocale@2@XZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?_Incref@facet@locale@std@@UEAAXXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_BADOFF@std@@3_JB
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
_Cnd_do_broadcast_at_thread_exit
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
_Mtx_unlock
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
_Thrd_start
_Thrd_detach
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?_Xlength_error@std@@YAXPEBD@Z
?clear@ios_base@std@@QEAAXH_N@Z
_Cnd_wait
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0ios_base@std@@IEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@G@Z
_Thrd_yield
_Mtx_init
??1_Lockit@std@@QEAA@XZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
_Thrd_join
ADVAPI32.dll OpenProcessToken
AdjustTokenPrivileges
RegCloseKey
CryptGenRandom
CloseServiceHandle
RegDeleteValueW
RegDeleteKeyW
OpenSCManagerW
GetUserNameW
RegOpenKeyExW
QueryServiceStatus
RegSetValueExW
RegQueryValueExW
RegOpenKeyW
OpenServiceW
CryptAcquireContextW
ControlService
RegCreateKeyW
CryptReleaseContext
api-ms-win-crt-math-l1-1-0.dll __setusermatherr
sinf
ldexp
cosf
api-ms-win-crt-convert-l1-1-0.dll strtoull
atoi
api-ms-win-crt-heap-l1-1-0.dll free
_set_new_mode
_callnewh
malloc
KERNEL32.dll DebugBreak
SetThreadPriority
GetCurrentThreadId
GetModuleHandleW
GetSystemDirectoryW
SetEvent
ResetEvent
CreateProcessW
GetCurrentDirectoryW
InitializeSListHead
WaitForSingleObjectEx
GetComputerNameW
IsDebuggerPresent
SetLastError
VerSetConditionMask
IsProcessorFeaturePresent
FindNextFileW
TlsGetValue
CreateFileW
SetUnhandledExceptionFilter
VerifyVersionInfoW
TlsAlloc
GetSystemDefaultLocaleName
GetProcessTimes
GetFileAttributesW
FindFirstFileW
CreateFileMappingW
DeviceIoControl
TlsSetValue
Sleep
FindClose
RtlVirtualUnwind
VirtualAlloc
GetStartupInfoW
FreeLibrary
OpenProcess
UnhandledExceptionFilter
LeaveCriticalSection
DeleteFileW
GetCurrentProcessId
SetFilePointer
CreateEventW
TerminateThread
GetProcessHeap
HeapAlloc
RtlLookupFunctionEntry
HeapFree
RtlCaptureContext
EnterCriticalSection
RtlRestoreContext
CloseHandle
SetCurrentDirectoryW
GetModuleFileNameW
GetFileSize
GetProcAddress
FormatMessageW
ReadFile
HeapReAlloc
GetTickCount64
GetProcessVersion
QueryPerformanceCounter
DeleteCriticalSection
GetSystemWindowsDirectoryW
FileTimeToSystemTime
WaitForSingleObject
GetPhysicallyInstalledSystemMemory
VirtualFree
GetSystemTimeAsFileTime
LocalFree
GetVersionExW
LoadLibraryExW
GetTickCount
InitializeCriticalSection
GetLastError
WriteFile
USER32.dll BeginPaint
SetTimer
wsprintfW
GetSystemMetrics
UpdateWindow
GetForegroundWindow
SetWindowLongPtrW
GetActiveWindow
BringWindowToTop
GetMessageW
EndPaint
LoadIconW
DefWindowProcW
EnumDisplayDevicesW
CloseWindow
ShowWindow
TranslateMessage
RedrawWindow
KillTimer
LoadCursorW
DispatchMessageW
CreateWindowExW
GetWindowRect
DestroyWindow
RegisterClassExW
MessageBoxW
api-ms-win-crt-filesystem-l1-1-0.dll _lock_file
_unlock_file
api-ms-win-crt-time-l1-1-0.dll _time64
VCRUNTIME140.dll memmove
__C_specific_handler
memset
__vcrt_InitializeCriticalSectionEx
__std_terminate
wcsstr
__std_exception_destroy
__CxxFrameHandler3
memchr
memcmp
_purecall
__std_exception_copy
memcpy
__std_type_info_compare
_CxxThrowException
api-ms-win-crt-stdio-l1-1-0.dll fgetwc
ungetc
setvbuf
fflush
__p__commode
_set_fmode
fgetc
fsetpos
__stdio_common_vsnwprintf_s
fseek
fputc
fopen_s
_fseeki64
fwrite
fread
__stdio_common_vswprintf_s
fputwc
_get_stream_buffer_pointers
fclose
fgetpos
ungetwc
WTSAPI32.dll WTSSendMessageW
KERNEL32.dll (#2) DebugBreak
SetThreadPriority
GetCurrentThreadId
GetModuleHandleW
GetSystemDirectoryW
SetEvent
ResetEvent
CreateProcessW
GetCurrentDirectoryW
InitializeSListHead
WaitForSingleObjectEx
GetComputerNameW
IsDebuggerPresent
SetLastError
VerSetConditionMask
IsProcessorFeaturePresent
FindNextFileW
TlsGetValue
CreateFileW
SetUnhandledExceptionFilter
VerifyVersionInfoW
TlsAlloc
GetSystemDefaultLocaleName
GetProcessTimes
GetFileAttributesW
FindFirstFileW
CreateFileMappingW
DeviceIoControl
TlsSetValue
Sleep
FindClose
RtlVirtualUnwind
VirtualAlloc
GetStartupInfoW
FreeLibrary
OpenProcess
UnhandledExceptionFilter
LeaveCriticalSection
DeleteFileW
GetCurrentProcessId
SetFilePointer
CreateEventW
TerminateThread
GetProcessHeap
HeapAlloc
RtlLookupFunctionEntry
HeapFree
RtlCaptureContext
EnterCriticalSection
RtlRestoreContext
CloseHandle
SetCurrentDirectoryW
GetModuleFileNameW
GetFileSize
GetProcAddress
FormatMessageW
ReadFile
HeapReAlloc
GetTickCount64
GetProcessVersion
QueryPerformanceCounter
DeleteCriticalSection
GetSystemWindowsDirectoryW
FileTimeToSystemTime
WaitForSingleObject
GetPhysicallyInstalledSystemMemory
VirtualFree
GetSystemTimeAsFileTime
LocalFree
GetVersionExW
LoadLibraryExW
GetTickCount
InitializeCriticalSection
GetLastError
WriteFile
USER32.dll (#2) BeginPaint
SetTimer
wsprintfW
GetSystemMetrics
UpdateWindow
GetForegroundWindow
SetWindowLongPtrW
GetActiveWindow
BringWindowToTop
GetMessageW
EndPaint
LoadIconW
DefWindowProcW
EnumDisplayDevicesW
CloseWindow
ShowWindow
TranslateMessage
RedrawWindow
KillTimer
LoadCursorW
DispatchMessageW
CreateWindowExW
GetWindowRect
DestroyWindow
RegisterClassExW
MessageBoxW
KERNEL32.dll (#3) DebugBreak
SetThreadPriority
GetCurrentThreadId
GetModuleHandleW
GetSystemDirectoryW
SetEvent
ResetEvent
CreateProcessW
GetCurrentDirectoryW
InitializeSListHead
WaitForSingleObjectEx
GetComputerNameW
IsDebuggerPresent
SetLastError
VerSetConditionMask
IsProcessorFeaturePresent
FindNextFileW
TlsGetValue
CreateFileW
SetUnhandledExceptionFilter
VerifyVersionInfoW
TlsAlloc
GetSystemDefaultLocaleName
GetProcessTimes
GetFileAttributesW
FindFirstFileW
CreateFileMappingW
DeviceIoControl
TlsSetValue
Sleep
FindClose
RtlVirtualUnwind
VirtualAlloc
GetStartupInfoW
FreeLibrary
OpenProcess
UnhandledExceptionFilter
LeaveCriticalSection
DeleteFileW
GetCurrentProcessId
SetFilePointer
CreateEventW
TerminateThread
GetProcessHeap
HeapAlloc
RtlLookupFunctionEntry
HeapFree
RtlCaptureContext
EnterCriticalSection
RtlRestoreContext
CloseHandle
SetCurrentDirectoryW
GetModuleFileNameW
GetFileSize
GetProcAddress
FormatMessageW
ReadFile
HeapReAlloc
GetTickCount64
GetProcessVersion
QueryPerformanceCounter
DeleteCriticalSection
GetSystemWindowsDirectoryW
FileTimeToSystemTime
WaitForSingleObject
GetPhysicallyInstalledSystemMemory
VirtualFree
GetSystemTimeAsFileTime
LocalFree
GetVersionExW
LoadLibraryExW
GetTickCount
InitializeCriticalSection
GetLastError
WriteFile
USER32.dll (#3) BeginPaint
SetTimer
wsprintfW
GetSystemMetrics
UpdateWindow
GetForegroundWindow
SetWindowLongPtrW
GetActiveWindow
BringWindowToTop
GetMessageW
EndPaint
LoadIconW
DefWindowProcW
EnumDisplayDevicesW
CloseWindow
ShowWindow
TranslateMessage
RedrawWindow
KillTimer
LoadCursorW
DispatchMessageW
CreateWindowExW
GetWindowRect
DestroyWindow
RegisterClassExW
MessageBoxW

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x159
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.75349
MD5 5d1f25fb3951aeaac192c78068188ce4
SHA1 b23e32bee89cefffed7bc55b6ecd3cecf504a6cd
SHA256 2dd703bad55043e64e1030c60051cba04be9ea18a041ec777f0fdd9ba1103296
SHA3 68107fff1323f1e2171eed6244b3864f5992c2fe5bd3e8778ce2dacbb7586605

Version Info

TLS Callbacks

Load Configuration

Size 0x94
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x1400cf008

RICH Header

Errors

[!] Error: Could not reach the TLS callback table. [*] Warning: Section .text has a size of 0! [*] Warning: Section .data has a size of 0! [*] Warning: Section .pdata has a size of 0! [*] Warning: Section nf6Bc0 has a size of 0! [*] Warning: Section nf6Bc1 has a size of 0!