Manalyze report for 3c50ca7aaad3b5850c23437321221e76984b7ad19083f8ae1e96ac399df12c83

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Apr-07 15:22:04
TLS Callbacks	3 callback(s) detected.
Debug artifacts	Embedded COFF debugging symbols

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: cmd.exe` Contains domain names: blog.demofox.org core..net daltonmaag.com demofox.org github.com google.com http://scripts.sil.org http://scripts.sil.org/OFL http://www.daltonmaag.com http://www.daltonmaag.com/http http://www.daltonmaag.comUbuntuLight http://www.google.com http://www.google.com/get/noto/http http://www.monotype.com http://www.monotype.com/studioThis https://blog.demofox.org https://blog.demofox.org/2022/01/01/interleaved-gradient-noise-a-different-kind-of-low-discrepancy-sequence/ https://docs.rs https://github.com https://www.shadertoy.com https://www.shadertoy.com/view/llVGzG monotype.com scripts.sil.org shadertoy.com www.daltonmaag.com www.google.com www.monotype.com www.shadertoy.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to RC5 or RC6`
Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA LoadLibraryExA LoadLibraryW GetProcAddress LoadLibraryExW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot SwitchToThread` `Possibly launches other programs: CreateProcessW` `Uses Windows's Native API: NtOpenFile NtReadFile NtWriteFile NtCreateNamedPipeFile` `Uses functions commonly found in keyloggers: GetAsyncKeyState GetForegroundWindow MapVirtualKeyW` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	The file contains overlay data.	`416536 bytes of data starting at offset 0x42d600.`
Malicious	VirusTotal score: 3/71 (Scanned on 2026-04-16 16:34:29)	`APEX: Malicious` `CrowdStrike: win/malicious_confidence_70% (D)` `Symantec: ML.Attribute.HighConfidence`

Hashes

MD5	`bd20daac0187ff64d5fd1e2ea7311a95`
SHA1	`b80d329ab1d7eb021ca90dd757f0c3a0b52c715f`
SHA256	`3c50ca7aaad3b5850c23437321221e76984b7ad19083f8ae1e96ac399df12c83`
SHA3	`ce2df91e6cdf9e06b97e77d584e919f84508bb23749a7cd178cf39d2a7c483d5`
SSDeep	`98304:EaEIKlf+DE1hC4pxbKqbX80EStgXr+n4l:Eao+DCKmtgR`
Imports Hash	`72312dbbcff6fab0ca18535e7242e4df`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`10`
TimeDateStamp	2026-Apr-07 15:22:04
PointerToSymbolTable	`0x42d600`
NumberOfSymbols	`6030`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0x22f400`
SizeOfInitializedData	`0x1fde00`
SizeOfUninitializedData	`0x400`
AddressOfEntryPoint	`0x00000000000013D0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x434000`
SizeOfHeaders	`0x400`
Checksum	`0x4a1e4b`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`12117e03ab1b1145975038899a0d0537`
SHA1	`c6e809d1edf8546fd896843aa56883e10918395e`
SHA256	`d50c43234293d23a7f3ffa7d46d581ab0171cc63d41914df50dfa08c0388fbbc`
SHA3	`414c3939b695636d528051e09eb21a4c561476ca19b09cd6d837a8f76bea9062`
VirtualSize	`0x22f240`
VirtualAddress	`0x1000`
SizeOfRawData	`0x22f400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.37919`

.data

MD5	`197c51da15f4fd9ff47c25cfa3bfa2db`
SHA1	`ab9da2a00cd8aee70be2f844e5a8a6e577f94445`
SHA256	`45512e420935291576f5407cff1a5ba4283823558044e5dd6ee3d69eb94e4420`
SHA3	`41e77573797e7e9f185362120202a83e42fbc5b974a67dcdfff4b930a73bf555`
VirtualSize	`0x114d0`
VirtualAddress	`0x231000`
SizeOfRawData	`0x11600`
PointerToRawData	`0x22f800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0593829`

.rdata

MD5	`71394b32f7185fae29c8387c4742caa0`
SHA1	`5638a4f2506e740d0bfc0232956deb85319eabfd`
SHA256	`02c3e8df3976184a30547e87f5899b9070c60881468c9a6e1a0c86bff2c8075b`
SHA3	`979eebaa589465eb6651f50a7afdd9e8934a8a2616b57cba4d24d4894f35e5df`
VirtualSize	`0x1c4008`
VirtualAddress	`0x243000`
SizeOfRawData	`0x1c4200`
PointerToRawData	`0x240e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.54635`

.pdata

MD5	`76220ab2c2e06f1fcd11ef36e3cee2b5`
SHA1	`a6f18d51428e341e8d55191f6a3f7a2fd6a3e32b`
SHA256	`23edc807a25f63f7be34644f0a101ceab7609363d7e5b02900f4e8ac93f0d73b`
SHA3	`7b9f6b270d5bcdec9602caa8aa55e1a015a3e9de20abadbe9a2b002e5670a1c6`
VirtualSize	`0x7c80`
VirtualAddress	`0x408000`
SizeOfRawData	`0x7e00`
PointerToRawData	`0x405000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.16002`

.xdata

MD5	`f95d6001af191cdfae75e472e1f2a0e7`
SHA1	`8abbaf79e104941865cf54cad96a109ce18bbe21`
SHA256	`153f3d00e99cc7ec1f433ac8f1421aea42025bcc28baf62f268b0846aab5dce2`
SHA3	`a62fb5c96187d0ba131182bf0c918de545a2fe98875ea60dee5ec6c291a73994`
VirtualSize	`0x1bfe4`
VirtualAddress	`0x410000`
SizeOfRawData	`0x1c000`
PointerToRawData	`0x40ce00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.03935`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x2c0`
VirtualAddress	`0x42c000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`1929e35e312feddc95656450d66997c9`
SHA1	`eabb52464cc74698f9c61f3996a8178cefedbe45`
SHA256	`4053b24d414f8af97537a1a555576f05756804633c8e36c043ebefa9e51eaefc`
SHA3	`d40bb7f7e4f343942b484395ad3218ea118b91528312c714c167d8d9c36b8219`
VirtualSize	`0x2da8`
VirtualAddress	`0x42d000`
SizeOfRawData	`0x2e00`
PointerToRawData	`0x428e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.45807`

.CRT

MD5	`f2dc0d29ed425f4fa2476506569cf9cd`
SHA1	`94109ed60056d772727a849bdd116f69dd47df63`
SHA256	`dcb5d1a8750d882e51c98a32fbcc5c5827718f59afcace94afc7ca1744bb588a`
SHA3	`1c13eeab1df8b94c9415a4592d3e47787c4c2dffa68a9c7d8b352b826222de9a`
VirtualSize	`0x70`
VirtualAddress	`0x430000`
SizeOfRawData	`0x200`
PointerToRawData	`0x42bc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.491203`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x10`
VirtualAddress	`0x431000`
SizeOfRawData	`0x200`
PointerToRawData	`0x42be00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.reloc

MD5	`fd3a9d68a6932ef966428927e6b5c779`
SHA1	`fb33067052351be43b217479780a2f43b1be8565`
SHA256	`d12f3e65dc0b16c3424f312033862777df029d0eef1bfb936432ad75fcecad44`
SHA3	`a032d769c8bfb11e2108240f2927a23db78f7b592452c638bff6a9edee536800`
VirtualSize	`0x1508`
VirtualAddress	`0x432000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x42c000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.33925`

Imports

advapi32.dll	`ImpersonateAnonymousToken` `RevertToSelf` `SystemFunction036`
bcrypt.dll	`BCryptGenRandom`
dwmapi.dll	`DwmEnableBlurBehindWindow` `DwmSetWindowAttribute`
gdi32.dll	`ChoosePixelFormat` `CreateRectRgn` `DeleteObject` `DescribePixelFormat` `GetDeviceCaps` `SetPixelFormat` `SwapBuffers`
imm32.dll	`ImmAssociateContextEx` `ImmGetCompositionStringW` `ImmGetContext` `ImmReleaseContext` `ImmSetCandidateWindow` `ImmSetCompositionWindow`
kernel32.dll	`AddVectoredExceptionHandler` `CompareStringOrdinal` `CreateFileMappingA` `CreateFileW` `CreateProcessW` `CreateThread` `CreateToolhelp32Snapshot` `CreateWaitableTimerExW` `DuplicateHandle` `ExitProcess` `FindClose` `FindFirstFileExW` `FormatMessageW` `FreeEnvironmentStringsW` `GetConsoleMode` `GetConsoleOutputCP` `GetCurrentDirectoryW` `GetCurrentProcess` `GetCurrentThread` `GetCurrentThreadId` `GetEnvironmentStringsW` `GetEnvironmentVariableW` `GetFileAttributesW` `GetFileInformationByHandle` `GetFileInformationByHandleEx` `GetFullPathNameW` `GetModuleHandleW` `GetProcessHeap` `GetStdHandle` `GetSystemDirectoryW` `GetSystemTimePreciseAsFileTime` `GetWindowsDirectoryW` `GlobalAlloc` `GlobalFree` `GlobalLock` `GlobalSize` `GlobalUnlock` `HeapAlloc` `HeapFree` `HeapReAlloc` `InitOnceBeginInitialize` `InitOnceComplete` `LoadLibraryA` `LoadLibraryExA` `LoadLibraryW` `MapViewOfFile` `Module32FirstW` `Module32NextW` `MultiByteToWideChar` `QueryPerformanceCounter` `QueryPerformanceFrequency` `ReadFileEx` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `SetFileInformationByHandle` `SetFilePointerEx` `SetFileTime` `SetLastError` `SetThreadStackGuarantee` `SetUnhandledExceptionFilter` `SetWaitableTimer` `SleepEx` `SwitchToThread` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `UnmapViewOfFile` `WaitForSingleObject` `WideCharToMultiByte` `WriteConsoleW` `WriteFileEx`
ntdll.dll	`NtOpenFile` `NtReadFile` `NtWriteFile` `RtlNtStatusToDosError`
ole32.dll	`CoCreateInstance` `CoInitializeEx` `CoTaskMemFree` `CoUninitialize` `OleInitialize` `RegisterDragDrop` `RevokeDragDrop`
oleaut32.dll	`GetErrorInfo` `SafeArrayCreateVector` `SafeArrayPutElement` `SetErrorInfo` `SysAllocStringLen` `SysFreeString` `SysStringLen` `VariantClear`
opengl32.dll	`wglCreateContext` `wglDeleteContext` `wglGetCurrentContext` `wglGetCurrentDC` `wglGetProcAddress` `wglMakeCurrent` `wglShareLists`
shell32.dll	`DragFinish` `DragQueryFileW` `SHCreateItemFromParsingName`
shlwapi.dll	`AssocQueryStringW`
uiautomationcore.dll	`UiaGetReservedNotSupportedValue` `UiaHostProviderFromHwnd` `UiaLookupId` `UiaRaiseAutomationEvent` `UiaRaiseAutomationPropertyChangedEvent` `UiaReturnRawElementProvider`
user32.dll	`AdjustWindowRectEx` `CallWindowProcW` `ChangeDisplaySettingsExW` `ClientToScreen` `ClipCursor` `CloseClipboard` `CloseTouchInputHandle` `CreateIcon` `CreateIconFromResourceEx` `CreateWindowExW` `DefWindowProcW` `DestroyCursor` `DestroyIcon` `DestroyWindow` `DispatchMessageW` `EmptyClipboard` `EnableMenuItem` `EnumDisplayMonitors` `FlashWindowEx` `GetActiveWindow` `GetAsyncKeyState` `GetClassInfoExW` `GetClassNameW` `GetClientRect` `GetClipCursor` `GetClipboardData` `GetCursorPos` `GetDC` `GetForegroundWindow` `GetKeyState` `GetKeyboardLayout` `GetKeyboardState` `GetMenu` `GetMonitorInfoW` `GetPropW` `GetRawInputData` `GetSystemMenu` `GetSystemMetrics` `GetTouchInputInfo` `GetWindowLongPtrW` `GetWindowLongW` `GetWindowPlacement` `GetWindowRect` `GetWindowTextLengthW` `GetWindowTextW` `InvalidateRgn` `IsClipboardFormatAvailable` `IsIconic` `IsProcessDPIAware` `LoadCursorW` `MapVirtualKeyExW` `MapVirtualKeyW` `MonitorFromPoint` `MonitorFromRect` `MonitorFromWindow` `MsgWaitForMultipleObjectsEx` `OpenClipboard` `PeekMessageW` `PostMessageW` `RedrawWindow` `RegisterClassExW` `RegisterRawInputDevices` `RegisterTouchWindow` `RegisterWindowMessageA` `ReleaseCapture` `ReleaseDC` `RemovePropW` `ScreenToClient` `SendInput` `SendMessageW` `SetCapture` `SetClipboardData` `SetCursor` `SetCursorPos` `SetForegroundWindow` `SetPropW` `SetWindowDisplayAffinity` `SetWindowLongPtrW` `SetWindowLongW` `SetWindowPlacement` `SetWindowPos` `SetWindowTextW` `ShowCursor` `ShowWindow` `SystemParametersInfoA` `ToUnicodeEx` `TrackMouseEvent` `TranslateMessage` `ValidateRect`
uxtheme.dll	`SetWindowTheme`
KERNEL32.dll	`DeleteCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `LeaveCriticalSection` `RaiseException` `RtlUnwindEx` `VirtualProtect` `VirtualQuery` `__C_specific_handler`
msvcrt.dll	`__getmainargs` `__initenv` `__iob_func` `__set_app_type` `__setusermatherr` `_amsg_exit` `_cexit` `_commode` `_errno` `_exit` `_fmode` `_fpreset` `_hypot` `_initterm` `_onexit` `abort` `calloc` `exit` `exp` `fprintf` `free` `frexp` `fwrite` `ldexp` `malloc` `memcmp` `memcpy` `memmove` `memset` `pow` `signal` `strlen` `strncmp` `vfprintf` `wcslen`
ntdll.dll (#2)	`NtOpenFile` `NtReadFile` `NtWriteFile` `RtlNtStatusToDosError`
kernel32.dll (#2)	`AddVectoredExceptionHandler` `CompareStringOrdinal` `CreateFileMappingA` `CreateFileW` `CreateProcessW` `CreateThread` `CreateToolhelp32Snapshot` `CreateWaitableTimerExW` `DuplicateHandle` `ExitProcess` `FindClose` `FindFirstFileExW` `FormatMessageW` `FreeEnvironmentStringsW` `GetConsoleMode` `GetConsoleOutputCP` `GetCurrentDirectoryW` `GetCurrentProcess` `GetCurrentThread` `GetCurrentThreadId` `GetEnvironmentStringsW` `GetEnvironmentVariableW` `GetFileAttributesW` `GetFileInformationByHandle` `GetFileInformationByHandleEx` `GetFullPathNameW` `GetModuleHandleW` `GetProcessHeap` `GetStdHandle` `GetSystemDirectoryW` `GetSystemTimePreciseAsFileTime` `GetWindowsDirectoryW` `GlobalAlloc` `GlobalFree` `GlobalLock` `GlobalSize` `GlobalUnlock` `HeapAlloc` `HeapFree` `HeapReAlloc` `InitOnceBeginInitialize` `InitOnceComplete` `LoadLibraryA` `LoadLibraryExA` `LoadLibraryW` `MapViewOfFile` `Module32FirstW` `Module32NextW` `MultiByteToWideChar` `QueryPerformanceCounter` `QueryPerformanceFrequency` `ReadFileEx` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `SetFileInformationByHandle` `SetFilePointerEx` `SetFileTime` `SetLastError` `SetThreadStackGuarantee` `SetUnhandledExceptionFilter` `SetWaitableTimer` `SleepEx` `SwitchToThread` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `UnmapViewOfFile` `WaitForSingleObject` `WideCharToMultiByte` `WriteConsoleW` `WriteFileEx`
kernel32.dll (#3)	`AddVectoredExceptionHandler` `CompareStringOrdinal` `CreateFileMappingA` `CreateFileW` `CreateProcessW` `CreateThread` `CreateToolhelp32Snapshot` `CreateWaitableTimerExW` `DuplicateHandle` `ExitProcess` `FindClose` `FindFirstFileExW` `FormatMessageW` `FreeEnvironmentStringsW` `GetConsoleMode` `GetConsoleOutputCP` `GetCurrentDirectoryW` `GetCurrentProcess` `GetCurrentThread` `GetCurrentThreadId` `GetEnvironmentStringsW` `GetEnvironmentVariableW` `GetFileAttributesW` `GetFileInformationByHandle` `GetFileInformationByHandleEx` `GetFullPathNameW` `GetModuleHandleW` `GetProcessHeap` `GetStdHandle` `GetSystemDirectoryW` `GetSystemTimePreciseAsFileTime` `GetWindowsDirectoryW` `GlobalAlloc` `GlobalFree` `GlobalLock` `GlobalSize` `GlobalUnlock` `HeapAlloc` `HeapFree` `HeapReAlloc` `InitOnceBeginInitialize` `InitOnceComplete` `LoadLibraryA` `LoadLibraryExA` `LoadLibraryW` `MapViewOfFile` `Module32FirstW` `Module32NextW` `MultiByteToWideChar` `QueryPerformanceCounter` `QueryPerformanceFrequency` `ReadFileEx` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `SetFileInformationByHandle` `SetFilePointerEx` `SetFileTime` `SetLastError` `SetThreadStackGuarantee` `SetUnhandledExceptionFilter` `SetWaitableTimer` `SleepEx` `SwitchToThread` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `UnmapViewOfFile` `WaitForSingleObject` `WideCharToMultiByte` `WriteConsoleW` `WriteFileEx`
api-ms-win-core-synch-l1-2-0.dll	`WaitOnAddress` `WakeByAddressAll` `WakeByAddressSingle`
bcryptprimitives.dll	`ProcessPrng`

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData	`0x140431000`
EndAddressOfRawData	`0x140431008`
AddressOfIndex	`0x14042c1fc`
AddressOfCallbacks	`0x140430040`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x00000001401B6490` `0x000000014022F210` `0x000000014022F1E0`

Load Configuration

RICH Header

Errors

[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF String Table's reported size is bigger than the remaining bytes!
[*] Warning: Section .bss has a size of 0!

Leave a comment

No comments yet.