3630e6ceeb8d441609b29396685f031f

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2024-Aug-01 21:26:02
Detected languages English - United States
Debug artifacts C:\Users\by_regency\Desktop\best-imgui-free-loader-Flammed-master\x64\Release\Framework.pdb

Plugin Output

Info Matching compiler(s): MASM/TASM - sig1(h)
Suspicious Strings found in the binary may indicate undesirable behavior: Miscellaneous malware strings:
  • virus
 Contains domain names:
  • casedieresis.cn
  • casetilde.cn
  • commaaccentright.cn
  • cyrillictail.cn
  • cyrillictic.cn
  • github.com
  • http://scripts.sil.org
  • http://scripts.sil.org/OFLThis
  • http://scripts.sil.org/OFLhttps
  • https://github.com
  • https://rsms.me
  • koronisaccentleft.cn
  • scripts.sil.org
  • tildecross.cn
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
  • LoadLibraryW
 Reads the contents of the clipboard:
  • GetClipboardData
Malicious VirusTotal score: 18/75 (Scanned on 2024-08-01 21:26:47) ALYac: Gen:Variant.Lazy.453755
APEX: Malicious
AhnLab-V3: Malware/Win.Generic.C5653939
Arcabit: Trojan.Lazy.D6EC7B
BitDefender: Gen:Variant.Lazy.453755
Bkav: W64.AIDetectMalware
CrowdStrike: win/malicious_confidence_70% (D)
Cybereason: malicious.eeb8d4
Emsisoft: Gen:Variant.Lazy.453755 (B)
FireEye: Gen:Variant.Lazy.453755
GData: Gen:Variant.Lazy.453755
Google: Detected
Ikarus: Trojan.Win32.Generic
MAX: malware (ai score=80)
McAfeeD: ti!84385FD8EBE9
MicroWorld-eScan: Gen:Variant.Lazy.453755
Symantec: ML.Attribute.HighConfidence
VIPRE: Gen:Variant.Lazy.453755

Hashes

MD5 3630e6ceeb8d441609b29396685f031f
SHA1 67e01ecaf6f5333bf34211fb5abfb86f56e1db05
SHA256 84385fd8ebe931731c0ce34ce68b229be64b3a9ac5d878e188e991e62c59a71b
SHA3 3b5d0ad502095841ed2b9b6eb3c5c664d3627ff776c10cb639ca57aed59b67dd
SSDeep 24576:DMy0/uo5uhdamWlDmkDMOuZ9Do60OegX7AoRn3OnoA2r2xBikudrgZRMxMmABlN:Ay0WVamrkD80ErvRn3BCDudkuXL
Imports Hash 8308372021bb930ecfce128455a78b52

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x108

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2024-Aug-01 21:26:02
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0xa4a00
SizeOfInitializedData 0x13be00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00000000000A3FC0 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x1e4000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 9bda36d80c3d75910b4cdcff2b5af3ac
SHA1 36846c0688e8357068dabcdf837e87bdfebd8dc7
SHA256 6f48a65afd60854bf631416e8120bfd9ee25ccaabdfda99a9b036545399921fa
SHA3 8ba9f55d731a199a896eab93f02b465dc2a6f339605c2a7d55203a13be4afa38
VirtualSize 0xa48bc
VirtualAddress 0x1000
SizeOfRawData 0xa4a00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.51978

.rdata

MD5 3eb44d76823d77cdfd7142a40fe175e9
SHA1 922270cabe723654e002e9d75f5008e77843aa38
SHA256 7cb62a11f2dadf03315ddf7438643eb983dcf63283f53e89279e8e56ffac0e22
SHA3 d5c31f6bbbc62d42dba5548d72cc8f96dc11da8a0c637161549481d0a85e8bb4
VirtualSize 0x6968c
VirtualAddress 0xa6000
SizeOfRawData 0x69800
PointerToRawData 0xa4e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.87924

.data

MD5 c292e4d0329fa62140a6b5f810413e63
SHA1 073a768f27321db5ca58c772f54288f58e3683da
SHA256 15ac178d6eeb069053b0e78d2fa32f90d42daf5a39c8f81c1f32ad42cff5aaaa
SHA3 04f020a12974a69872f78c33f8cf4bb9d381ecc367458568bcf3e6bf6a5ab62c
VirtualSize 0xc9408
VirtualAddress 0x110000
SizeOfRawData 0xc8400
PointerToRawData 0x10e600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.23131

.pdata

MD5 219a72bd0c51f308e7e5cd9155a829cd
SHA1 73b0dfddaeb3fc92ffc2488d9470daaf6e3a7a4c
SHA256 c27f580f258de9e3faf2c24492fcb4cede1ecb823cc11e6046fa39cbc6cf6e1f
SHA3 68a0dac2f31211eb8f826b0c2d1772fa4d84df46f4ac74adb97c3fba5bc92d60
VirtualSize 0x7fd4
VirtualAddress 0x1da000
SizeOfRawData 0x8000
PointerToRawData 0x1d6a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.99777

.rsrc

MD5 0dac03ad8195bdfc6a8dc606d32ed9bc
SHA1 fd57c2539a76c70dd3a8c3774da50c3f8649f57f
SHA256 1d73d90bcea046503812d36a18e3e13e1ae4e901e6ea0760362b67cf56b0b8ea
SHA3 95be86cb750751d62495f87c80fad8489ce6a02d719a039b765de40351394b2c
VirtualSize 0x1e0
VirtualAddress 0x1e2000
SizeOfRawData 0x200
PointerToRawData 0x1dea00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.70436

.reloc

MD5 471113b84ce777b481ad36c10d841827
SHA1 2e40a42a092728d390b80d143fb0dcbd7fb271e3
SHA256 705dc629cf69f293b89672a69970676054031890b8c149d6f839bc0c265ec886
SHA3 5f27977f72c490be5bae8bc6c82f825c54e1f9750199d59dbd02b681bc7531ce
VirtualSize 0xcac
VirtualAddress 0x1e3000
SizeOfRawData 0xe00
PointerToRawData 0x1dec00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.22621

Imports

d3d11.dll D3D11CreateDeviceAndSwapChain
D3DCOMPILER_43.dll D3DCompile
KERNEL32.dll LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
FreeLibrary
QueryPerformanceCounter
LoadLibraryW
GetModuleHandleW
WakeAllConditionVariable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
AcquireSRWLockExclusive
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
GlobalUnlock
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
ReleaseSRWLockExclusive
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
HeapFree
HeapAlloc
CloseHandle
WideCharToMultiByte
GlobalLock
GlobalFree
ReadFile
GetFileSizeEx
GlobalAlloc
MultiByteToWideChar
CreateFileA
TerminateProcess
SleepConditionVariableSRW
USER32.dll UnregisterClassW
GetWindowLongW
CreateWindowExW
RegisterClassExW
DispatchMessageW
SetWindowLongA
PeekMessageW
DestroyWindow
GetSystemMetrics
SetLayeredWindowAttributes
TranslateMessage
PostQuitMessage
SetClipboardData
UpdateWindow
GetWindowRect
ShowWindow
MoveWindow
GetKeyState
ScreenToClient
GetCapture
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
DefWindowProcW
SetCursorPos
ReleaseCapture
IsWindowUnicode
GetClientRect
SetCursor
SetCapture
LoadCursorW
GetForegroundWindow
ClientToScreen
TrackMouseEvent
MSVCP140.dll ?_Xlength_error@std@@YAXPEBD@Z
d3dx11_43.dll D3DX11CreateShaderResourceViewFromMemory
IMM32.dll ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow
dwmapi.dll DwmExtendFrameIntoClientArea
VCRUNTIME140_1.dll __CxxFrameHandler4
VCRUNTIME140.dll __intrinsic_setjmp
__C_specific_handler
__current_exception_context
__current_exception
memcmp
memchr
memset
memmove
memcpy
strrchr
strstr
__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException
longjmp
api-ms-win-crt-stdio-l1-1-0.dll fflush
ftell
fclose
fseek
__stdio_common_vfprintf
__p__commode
fwrite
_set_fmode
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
__acrt_iob_func
api-ms-win-crt-utility-l1-1-0.dll rand
qsort
api-ms-win-crt-string-l1-1-0.dll strncpy
strcmp
strncmp
api-ms-win-crt-heap-l1-1-0.dll free
malloc
_callnewh
_set_new_mode
api-ms-win-crt-runtime-l1-1-0.dll _register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo_noreturn
_exit
exit
terminate
_configure_narrow_argv
_initterm_e
_initialize_narrow_environment
_initterm
_get_narrow_winmain_command_line
_c_exit
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
api-ms-win-crt-convert-l1-1-0.dll strtol
api-ms-win-crt-math-l1-1-0.dll sin
sinf
powf
fmodf
__setusermatherr
cosf
ceilf
acosf
sqrtf
cos
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2024-Aug-01 21:26:02
Version 0.0
SizeofData 116
AddressOfRawData 0x10272c
PointerToRawData 0x10152c
Referenced File C:\Users\by_regency\Desktop\best-imgui-free-loader-Flammed-master\x64\Release\Framework.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2024-Aug-01 21:26:02
Version 0.0
SizeofData 20
AddressOfRawData 0x1027a0
PointerToRawData 0x1015a0

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2024-Aug-01 21:26:02
Version 0.0
SizeofData 892
AddressOfRawData 0x1027b4
PointerToRawData 0x1015b4

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2024-Aug-01 21:26:02
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

StartAddressOfRawData 0x140102b50
EndAddressOfRawData 0x140102b58
AddressOfIndex 0x1401d8908
AddressOfCallbacks 0x1400a6628
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140110040

RICH Header

XOR Key 0x377adb12
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 18
253 (33731) 1
ASM objects (33731) 4
C objects (33731) 10
C++ objects (33731) 30
Imports (33731) 6
C objects (VS2022 Update 1 (17.1.6) compiler 31107) 26
Imports (30795) 10
Imports (21202) 7
Total imports 173
C++ objects (LTCG) (33811) 10
Resource objects (33811) 1
Linker (33811) 1

Errors

<-- -->