Manalyze report for 465b351b978a07f52d015d67fc50a578915a8ef4b882fd1c6a685505aa209358

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-May-20 21:40:30
Detected languages	English - United States
Debug artifacts	c:\Users\vexx\Documents\Sources\Secureloader\Genesis\bypass\x64\Release_tmp_biowrap\bypass.pdb

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Info	Interesting strings found in the binary:	Contains domain names: 9I68HV.au attribution.com discord.com http://ns.attribution.com http://ns.attribution.com/ads/1.0/' http://purl.org http://www.w3.org http://www.w3.org/1999/02/22-rdf-syntax-ns#' https://discord.com https://discord.gg https://i.imgur.com https://i.imgur.com/4BGmIgH.png https://i.imgur.com/8Crta8P.png https://i.imgur.com/8WOEZa8.png https://i.imgur.com/AFniYwh.png https://i.imgur.com/DtVSPHN.png https://i.imgur.com/FaSWh0V.png https://i.imgur.com/nQmzZh9.png https://i.imgur.com/uYFgjPO.png https://i.imgur.com/vcBXkXp.png https://vexor.wtf i.imgur.com imgur.com ns.attribution.com www.w3.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses known Mersenne Twister constants` `Microsoft's Cryptography API`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Can access the registry: RegCloseKey RegQueryValueExW RegOpenKeyExW` `Possibly launches other programs: CreateProcessW ShellExecuteW ShellExecuteA` `Uses Microsoft's cryptographic API: CryptHashData CryptAcquireContextW CryptReleaseContext CryptGetHashParam CryptDestroyHash CryptGenRandom CryptCreateHash CryptProtectData` `Can create temporary files: GetTempPathW CreateFileW CreateFileA GetTempPathA` `Has Internet access capabilities: InternetOpenA InternetOpenUrlA InternetReadFile InternetCloseHandle WinHttpSendRequest WinHttpCloseHandle WinHttpSetOption WinHttpOpenRequest WinHttpQueryDataAvailable WinHttpReadData WinHttpQueryHeaders WinHttpAddRequestHeaders WinHttpOpen WinHttpReceiveResponse WinHttpConnect` `Enumerates local disk drives: GetVolumeInformationW` `Reads the contents of the clipboard: GetClipboardData`
Malicious	VirusTotal score: 42/71 (Scanned on 2026-05-26 10:47:50)	`ALYac: Trojan.GenericKD.80167996` `APEX: Malicious` `AVG: MalwareX-gen [Misc]` `Alibaba: Trojan:Win64/GenKryptik.77c8f09d` `Antiy-AVL: Trojan/Win64.Agent` `Arcabit: Trojan.Generic.D4C7443C` `Avast: MalwareX-gen [Misc]` `Avira: TR/W64.Agent` `BitDefender: Trojan.GenericKD.80167996` `Bkav: W32.Malware.A7C83CB5` `CTX: exe.trojan.agen` `CrowdStrike: win/malicious_confidence_70% (W)` `Cylance: Unsafe` `Cynet: Malicious (score: 99)` `DeepInstinct: MALICIOUS` `ESET-NOD32: Win64/GenKryptik_AGen.DSY trojan` `Elastic: malicious (high confidence)` `Emsisoft: Trojan.GenericKD.80167996 (B)` `F-Secure: Trojan.TR/W64.Agent` `Fortinet: W64/GenKryptik_AGen.DSY!tr` `GData: Trojan.GenericKD.80167996` `Google: Detected` `Ikarus: Trojan.Win32.Generic` `K7AntiVirus: Trojan ( 006e046c1 )` `K7GW: Trojan ( 006e046c1 )` `Kaspersky: UDS:Trojan.Win64.DBadur.gen` `Lionic: Trojan.Win32.DBadur.4!c` `Malwarebytes: Malware.AI.4059825605` `MicroWorld-eScan: Trojan.GenericKD.80167996` `Microsoft: Trojan:Win32/Wacatac.B!ml` `Paloalto: generic.ml` `Rising: Trojan.Kryptik!8.8 (LESS:bWQ1Ok8e4beQgOyMOQwvLKqfopo)` `SentinelOne: Static AI - Suspicious PE` `Sophos: Mal/Generic-S` `Symantec: ML.Attribute.HighConfidence` `Tencent: Win32.Trojan.W64.Anhl` `TrellixENS: Artemis!3F339297CB6C` `TrendMicro-HouseCall: TROJ_GEN.R002H09EM26` `VBA32: Trojan.Win64.Agent` `VIPRE: Trojan.GenericKD.80167996` `Varist: W64/ABTrojan.EHKD-2569` `alibabacloud: Trojan:Win/GenKryptik_AGen.DBT`

Hashes

MD5	`3f339297cb6c8226ce253a3b973156a2`
SHA1	`826b80d0dc867c0045bd98c3c7ea217b3b426871`
SHA256	`465b351b978a07f52d015d67fc50a578915a8ef4b882fd1c6a685505aa209358`
SHA3	`d7f6dce2b3b3cba19009de82eb85d68dfdb50109eb4e0731b84a8db40d2d8cee`
SSDeep	`49152:HIAA7rXt8k+m5mAni9/XzrvtMUsnE7xnm2p7x2mk9GDBWASp:S0/Drpsnuc14Dm`
Imports Hash	`34312f6ce2f374b6cce2921a25e964c7`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x120`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2026-May-20 21:40:30
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x118a00`
SizeOfInitializedData	`0x13b600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000114494 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x257000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`4a13bc2ec3c7a8c12dfe811e80617730`
SHA1	`f084c318f9fd17dbdaee1b2927377f0c8618d2ff`
SHA256	`7c2917bbc6a5b5a64f8a300d9bca84a174411911f9f7c1635f492338e89e0bf2`
SHA3	`c3be8fd8c35900c21566cc85a93ab48887778aafce0f5406af0b791554f40c84`
VirtualSize	`0x118963`
VirtualAddress	`0x1000`
SizeOfRawData	`0x118a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.4337`

.rdata

MD5	`59bd0595ae4f3299c33d2c3f6b741ce7`
SHA1	`83be3fd009f5db49184c1f5c9eecf4633d57f5e8`
SHA256	`ae7dcf6b09d0910e458a2b5be0cf20fb7494f8cc38e9258591be2994bbef2a78`
SHA3	`be7a1514701465a42ec5de46c6bee68a1e071425667c83f744bd154c9997b7f7`
VirtualSize	`0x8cf34`
VirtualAddress	`0x11a000`
SizeOfRawData	`0x8d000`
PointerToRawData	`0x118e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.86979`

.data

MD5	`461fd6dafb98d4e75ad4aed02eb31868`
SHA1	`1e6bf288a3b6cc760e9acd476342cd75930ea4e7`
SHA256	`95a7a4ebda0d114aec933686a74b39d0ca036ab91edfe02bf2a6c09dd7fdfa29`
SHA3	`d1d063cab5d008501bf00be9c79a8908b278ed7415fe8b9c634c9a29e6466ae8`
VirtualSize	`0x2a10`
VirtualAddress	`0x1a7000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x1a5e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.39139`

.pdata

MD5	`9abafffdfdc92cc348c35ca207dd72b8`
SHA1	`14cf5fdca4982ed701ab2c676b1fbfdb933e6caa`
SHA256	`eb4e750d7b707e9338e32a47e81acd3724e31ccd476b621844d731ff51176c73`
SHA3	`36068eb8e96b9616df2c0bb592174df7f19a50f31c37174928a0205584ec2c6e`
VirtualSize	`0xa2e4`
VirtualAddress	`0x1aa000`
SizeOfRawData	`0xa400`
PointerToRawData	`0x1a6e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.13766`

.rsrc

MD5	`1c56d6990117fdfdf7dde2bb3ee5dd0d`
SHA1	`ef3d70d0b644e9007275bca75f5e20cc02761997`
SHA256	`dc10c0ffeea645c80621f98b3f4679547095f14945280f4c0f607e4b3e07dc9c`
SHA3	`8e7cf8be932817d0d45ef737406c71d61e680b21b934946eec008dfd1d32f532`
VirtualSize	`0xa0538`
VirtualAddress	`0x1b5000`
SizeOfRawData	`0xa0600`
PointerToRawData	`0x1b1200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.96092`

.reloc

MD5	`74caf2e005214844a1a076faeb5ebe35`
SHA1	`862e69c9820763c22fa51ee27029ae4384b1f963`
SHA256	`1650b3f31a99cf71581eb1119ec67a480358ee1c94f0eb9478093406005ae25f`
SHA3	`6b136ab3f648f0c318a269bd6da544fe16a972be14bb29b5b896aab5b952f03a`
VirtualSize	`0xec4`
VirtualAddress	`0x256000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x251800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.26727`

Imports

d3d11.dll	`D3D11CreateDeviceAndSwapChain`
D3DCOMPILER_47.dll	`D3DCompile`
WININET.dll	`InternetOpenA` `InternetOpenUrlA` `InternetReadFile` `InternetCloseHandle`
KERNEL32.dll	`LockResource` `LoadResource` `WriteFile` `GetTempPathW` `CreateFileW` `GetCurrentThreadId` `GetTickCount64` `GetLastError` `DeleteFileW` `CloseHandle` `GetCurrentProcessId` `CreateProcessW` `FlushFileBuffers` `CreateDirectoryW` `ReadFile` `GetVolumeInformationW` `GetComputerNameW` `HeapFree` `HeapAlloc` `GetProcessHeap` `GetEnvironmentVariableW` `GetTickCount` `MoveFileExW` `SizeofResource` `LocalFree` `CreateFileA` `MapViewOfFile` `UnmapViewOfFile` `CreateFileMappingA` `Sleep` `RtlVirtualUnwind` `UnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `IsDebuggerPresent` `GlobalUnlock` `WideCharToMultiByte` `GetStartupInfoW` `GetSystemTimeAsFileTime` `InitializeSListHead` `InitOnceComplete` `InitOnceBeginInitialize` `FindResourceA` `GetModuleFileNameA` `SetUnhandledExceptionFilter` `GetModuleHandleW` `GetFileSizeEx` `GlobalLock` `GlobalFree` `GlobalAlloc` `QueryPerformanceCounter` `FreeLibrary` `GetProcAddress` `QueryPerformanceFrequency` `LoadLibraryA` `MultiByteToWideChar` `GetLocaleInfoA` `RtlLookupFunctionEntry` `RtlCaptureContext` `SleepConditionVariableSRW` `GetTempPathA` `WakeAllConditionVariable` `AcquireSRWLockExclusive` `ReleaseSRWLockExclusive` `GetFileAttributesW`
USER32.dll	`IsWindowUnicode` `DefWindowProcW` `DispatchMessageA` `GetWindowRect` `DestroyWindow` `MessageBoxW` `SetWindowRgn` `CreateWindowExW` `GetSystemMetrics` `UnregisterClassW` `RegisterClassExW` `SetCursorPos` `MoveWindow` `TranslateMessage` `LoadIconA` `PeekMessageA` `PostQuitMessage` `UpdateWindow` `OpenClipboard` `CloseClipboard` `EmptyClipboard` `GetClipboardData` `SetClipboardData` `GetKeyState` `GetMessageExtraInfo` `LoadCursorA` `GetClientRect` `SetCursor` `SetCapture` `ReleaseCapture` `GetCursorPos` `ShowWindow` `GetForegroundWindow` `GetKeyboardLayout` `TrackMouseEvent` `ClientToScreen` `GetCapture` `ScreenToClient`
GDI32.dll	`CreateRoundRectRgn`
ADVAPI32.dll	`CryptHashData` `RegCloseKey` `CryptAcquireContextW` `CredWriteW` `CredReadW` `CredFree` `CryptReleaseContext` `RegQueryValueExW` `CryptGetHashParam` `RegOpenKeyExW` `CryptDestroyHash` `CryptGenRandom` `CryptCreateHash` `CredDeleteW`
SHELL32.dll	`ShellExecuteW` `SHGetFolderPathW` `ShellExecuteA`
ole32.dll	`CoCreateInstance`
dwmapi.dll	`DwmExtendFrameIntoClientArea`
MSVCP140.dll	`_Strxfrm` `?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z` `?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z` `?id@?$ctype@D@std@@2V0locale@2@A` `?id@?$collate@D@std@@2V0locale@2@A` `_Strcoll` `?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z` `?tolower@?$ctype@D@std@@QEBADD@Z` `??1facet@locale@std@@MEAA@XZ` `??0facet@locale@std@@IEAA@_K@Z` `?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ` `?_Incref@facet@locale@std@@UEAAXXZ` `?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ` `??1_Locinfo@std@@QEAA@XZ` `??0_Locinfo@std@@QEAA@PEBD@Z` `_Thrd_id` `_Thrd_join` `_Thrd_detach` `_Query_perf_counter` `_Cnd_do_broadcast_at_thread_exit` `_Mtx_lock` `?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z` `?_Throw_Cpp_error@std@@YAXH@Z` `_Query_perf_frequency` `??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `_Mtx_unlock` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z` `?_Xbad_alloc@std@@YAXXZ` `?_Xlength_error@std@@YAXPEBD@Z` `?_Xout_of_range@std@@YAXPEBD@Z` `?uncaught_exceptions@std@@YAHXZ` `?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?_Random_device@std@@YAIXZ` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z` `?good@ios_base@std@@QEBA_NXZ` `?__ExceptionPtrCreate@@YAXPEAX@Z` `?__ExceptionPtrCopy@@YAXPEAXPEBX@Z` `??1_Lockit@std@@QEAA@XZ` `??0_Lockit@std@@QEAA@H@Z` `?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ` `?_Id_cnt@id@locale@std@@0HA` `?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z` `?__ExceptionPtrToBool@@YA_NPEBX@Z` `?__ExceptionPtrDestroy@@YAXPEAX@Z` `?__ExceptionPtrCurrentException@@YAXPEAX@Z` `?__ExceptionPtrRethrow@@YAXPEBX@Z` `?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z` `?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z` `?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z` `??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z` `?always_noconv@codecvt_base@std@@QEBA_NXZ` `?_Xbad_function_call@std@@YAXXZ` `?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ`
IMM32.dll	`ImmSetCompositionWindow` `ImmReleaseContext` `ImmGetContext` `ImmSetCandidateWindow`
WINHTTP.dll	`WinHttpSendRequest` `WinHttpCloseHandle` `WinHttpSetOption` `WinHttpOpenRequest` `WinHttpQueryDataAvailable` `WinHttpReadData` `WinHttpQueryHeaders` `WinHttpAddRequestHeaders` `WinHttpOpen` `WinHttpReceiveResponse` `WinHttpConnect`
bcrypt.dll	`BCryptOpenAlgorithmProvider` `BCryptCreateHash` `BCryptHashData` `BCryptDestroyHash` `BCryptCloseAlgorithmProvider` `BCryptFinishHash` `BCryptGetProperty`
RPCRT4.dll	`UuidToStringA` `UuidCreate` `RpcStringFreeA`
CRYPT32.dll	`CryptProtectData`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`_CxxThrowException` `__intrinsic_setjmp` `__current_exception_context` `__current_exception` `memcmp` `memchr` `__C_specific_handler` `memset` `memmove` `memcpy` `longjmp` `strrchr` `__std_terminate` `__std_exception_destroy` `__std_exception_copy` `strstr` `strchr`
api-ms-win-crt-stdio-l1-1-0.dll	`fgetpos` `__stdio_common_vsprintf_s` `fwrite` `__stdio_common_vfprintf` `fseek` `fclose` `fgetc` `setvbuf` `ungetc` `fflush` `fsetpos` `_set_fmode` `_fseeki64` `__acrt_iob_func` `__stdio_common_vswprintf_s` `fputc` `__p__commode` `__stdio_common_vsprintf` `ftell` `_wfopen` `fread` `_get_stream_buffer_pointers` `__stdio_common_vsscanf`
api-ms-win-crt-heap-l1-1-0.dll	`malloc` `_callnewh` `realloc` `free` `_set_new_mode`
api-ms-win-crt-runtime-l1-1-0.dll	`exit` `abort` `set_terminate` `_beginthreadex` `terminate` `_register_thread_local_exe_atexit_callback` `_c_exit` `_exit` `_invoke_watson` `_initterm_e` `_initterm` `_get_narrow_winmain_command_line` `_set_app_type` `_seh_filter_exe` `_cexit` `_crt_atexit` `_register_onexit_function` `_Exit` `_configure_narrow_argv` `_initialize_narrow_environment` `_initialize_onexit_table`
api-ms-win-crt-utility-l1-1-0.dll	`qsort`
api-ms-win-crt-string-l1-1-0.dll	`strncmp` `strcpy_s` `wcscpy_s` `tolower` `strcmp` `strncpy_s` `strncpy` `isxdigit` `isdigit`
api-ms-win-crt-convert-l1-1-0.dll	`strtol` `atoi`
api-ms-win-crt-filesystem-l1-1-0.dll	`_lock_file` `_unlock_file`
api-ms-win-crt-time-l1-1-0.dll	`_time64` `_localtime64_s`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr` `sinf` `powf` `fmodf` `cosf` `ceilf` `acosf` `sqrtf`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`

Delayed Imports

101

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1aeaf`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.96927`
Detected Filetype	PNG graphic file
MD5	`168af5cbf53b6f2ded3afb5a6d147d0a`
SHA1	`6929121ac449d9891628cb7b108ae1929376d73f`
SHA256	`9528a0daae55524d0861ae861f6ed930effb185c756dcd8250730cbf35a8e17f`
SHA3	`c224c89bf4a4a7432b44fa44f92859c0783dd9808f1e6dda1ed7c6398eda25e1`

102

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4a1ae`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.97827`
Detected Filetype	Windows animated cursor
MD5	`3824a3c807e6c6c36cc9585feec78ce8`
SHA1	`ecfe8d48a765c4a447b8efe2bbab867593b19857`
SHA256	`ac6912678122d13c8d17e5c3db2172feb3a89c67ceb0367410f5df82058abdf8`
SHA3	`d72bd22cc080f77af51c3f779ad84a4d3173b69fe20f4dae03d829dcf101ad63`

103

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4b11`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.97516`
Detected Filetype	JPEG graphic file
MD5	`2694b61052bdaaf75a4f7a5e530ba802`
SHA1	`b4dde4893d4ec88d747f9a9a03370d112204e01d`
SHA256	`225fd8a888365a970b2e06611f5b08e2fa25d00fd9a217780957d1a7bb2f9335`
SHA3	`091f76839cc7ca0c7b062474f2a706a848d0086ebe4e32c3d258b9e64bd873b9`

104

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2d758`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.88289`
Detected Filetype	PNG graphic file
MD5	`d9459b1b0748c4b3611a8ba9b1599758`
SHA1	`1344f8d4403e98ffbdcf4d35f520e542e7cc2af2`
SHA256	`a112426c2a29cbd852add29baecccda232d99420c06bc19c2b85753c1f7b44bc`
SHA3	`7269524b9484bb0182d9bfcff64ddd849e9addbbb5c8a850f1d07889c43a1af1`

105

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8f82`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.74761`
Detected Filetype	PNG graphic file
MD5	`494607afce1422721e5a856f79e69cac`
SHA1	`c9fa8b96841ad3d669cb42d5615b431ca363bc75`
SHA256	`185cbd3f12fa2e88006d29bfbcec110f288b74a4abbb71df7ad22bed567f1503`
SHA3	`ba0a16fc89f68e52866fd1bf5a32ddcf2a09d4857c1d2f953cedbcbc7ba1d568`

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-May-20 21:40:30
Version	`0.0`
SizeofData	`119`
AddressOfRawData	`0x1928dc`
PointerToRawData	`0x1916dc`
Referenced File	c:\Users\vexx\Documents\Sources\Secureloader\Genesis\bypass\x64\Release_tmp_biowrap\bypass.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-May-20 21:40:30
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x192954`
PointerToRawData	`0x191754`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-May-20 21:40:30
Version	`0.0`
SizeofData	`912`
AddressOfRawData	`0x192968`
PointerToRawData	`0x191768`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2026-May-20 21:40:30
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x140192d18`
EndAddressOfRawData	`0x140192d20`
AddressOfIndex	`0x1401a8428`
AddressOfCallbacks	`0x14011aca8`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1401a7040`

RICH Header

XOR Key	`0xe24b97e7`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`22`
Imports (35207)	`6`
253 (35207)	`1`
ASM objects (35207)	`6`
C objects (35207)	`10`
C++ objects (35207)	`35`
C objects (VS2022 Update 1 (17.1.6) compiler 31107)	`26`
C++ objects (33145)	`1`
Imports (33145)	`31`
Total imports	`386`
C++ objects (LTCG) (35225)	`50`
Resource objects (35225)	`1`
151	`1`
Linker (35225)	`1`

Errors

Leave a comment

No comments yet.