Manalyze report for 4a5d431c6792cceb48fe8e339477c1a8

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2025-Feb-04 09:27:09
Detected languages	English - United States
Debug artifacts	C:\Users\Andrew\Desktop\gagas\PRIVATETESTGUI\thirdparty\imgui\examples\example_win32_directx11\Release\example_win32_directx11.pdb

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Info	Interesting strings found in the binary:	`Contains domain names: fontello.com github.com http://fontello.com https://github.com https://indiantypefoundry.comNinad https://scripts.sil.org https://scripts.sil.org/OFLThis https://scripts.sil.org/OFLhttps scripts.sil.org`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Uses functions commonly found in keyloggers: GetAsyncKeyState GetForegroundWindow` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`4a5d431c6792cceb48fe8e339477c1a8`
SHA1	`213d9de6aa8884646608dbf421e3e92da0f26298`
SHA256	`e4863b7d84933f7bdb24c0b0aec4f462fc8b9fef5b4deeae8ffb4ca6c0fc9925`
SHA3	`7db28986074ca2ce7ea12d5f35d47f94b739866d81034fe1f1f67470be30580a`
SSDeep	`24576:FVyN57Oqdo6MZBtGliE6wwepCoZT6xyLaNWNoih0lhSMXl2NiyH2G3QGJ:FsN57OtDZBEiwBpKyLaNM0Jy3`
Imports Hash	`11413557748bac60baf88b9033e1e680`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2025-Feb-04 09:27:09
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xbea00`
SizeOfInitializedData	`0x94e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000BC3A0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x157000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`90eaf6ff0ca9853e35a5a7c997ec6c9a`
SHA1	`1a058ba890c87c8bc1550ce659da977c65b4faf0`
SHA256	`1db4b3d5ef811762a1b8da07827b485316f92db6ce94ee507fe018d4d9f77bb4`
SHA3	`cc30a42fd03d6c9ee2c6a68a30570969fb6b8f56c58666ccb6cba93a32f87b76`
VirtualSize	`0xbe82b`
VirtualAddress	`0x1000`
SizeOfRawData	`0xbea00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.48904`

.rdata

MD5	`b9394e9cd208c1c2e550787f2ecfc286`
SHA1	`ba664f417a774de6ae0dcafd47419a753003d997`
SHA256	`09b1497e7edf9fc6782485bfe519c11d3ea98cc2aaa54c64734db88d83e4fac8`
SHA3	`89f83158ab00a83f875e620b6caa7c611df7aa4b3d3e42f8bf311e9a12f32708`
VirtualSize	`0x3eeda`
VirtualAddress	`0xc0000`
SizeOfRawData	`0x3f000`
PointerToRawData	`0xbee00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.39329`

.data

MD5	`41ae2bab73ded845695c5dbe6f6da911`
SHA1	`884f5d6f53b8479a5ebec25e115bdb8820c327ac`
SHA256	`b9731772a532550bdc6b069a9be9ab0820f373fe6efcbe16fc6aee16fc30d6dd`
SHA3	`869d61a556b547384247ec7f3fce9b4a9fead96f7bc790abb00aa188867e207d`
VirtualSize	`0x4f920`
VirtualAddress	`0xff000`
SizeOfRawData	`0x4f200`
PointerToRawData	`0xfde00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.73274`

.pdata

MD5	`c2a5fc94a656fc742598329786233c1b`
SHA1	`2a3717ad5ee1e24d7ec807cedb7eea2e9ae7b5cf`
SHA256	`2513456634fe1e1e78a18bb6612f9d4db66f902404a9d9746f360a96d40862cb`
SHA3	`706fdc2d18300fa7f0f3d0a8cf43321ea47426e7fb35c02263bbb373d82006a3`
VirtualSize	`0x5b38`
VirtualAddress	`0x14f000`
SizeOfRawData	`0x5c00`
PointerToRawData	`0x14d000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.99522`

.rsrc

MD5	`20148a97e6eae18014840a2ba2fca204`
SHA1	`0624c30b6f57b52c4f79bdbd4879908b72033bdb`
SHA256	`1f33f4135a1c35d8c697a9c843d0bb688f4bd6636625ac9e88a4cd7a28affe8e`
SHA3	`1e74e85f3d712b9062e150ef2bc9b5250fe4f4952e3bd3933edb4ba623393ba2`
VirtualSize	`0x1e0`
VirtualAddress	`0x155000`
SizeOfRawData	`0x200`
PointerToRawData	`0x152c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.7123`

.reloc

MD5	`3682f0d516c92ca6dd126b85943ba164`
SHA1	`63c2df5681cb426019d3bf1db2f485f01f32b585`
SHA256	`7f4b482fbe8fb7af0f429f6ad4142ae1f00c6f02d90641c9c6c1668326ff0767`
SHA3	`34245126828c1ecee379823d5540a3a28e4e72c72124d6fb941ae8780095ea9c`
VirtualSize	`0x448`
VirtualAddress	`0x156000`
SizeOfRawData	`0x600`
PointerToRawData	`0x152e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.29441`

Imports

d3d11.dll	`D3D11CreateDeviceAndSwapChain`
D3DCOMPILER_43.dll	`D3DCompile`
KERNEL32.dll	`FreeLibrary` `QueryPerformanceCounter` `GlobalAlloc` `GlobalFree` `GlobalLock` `WideCharToMultiByte` `GlobalUnlock` `Sleep` `GetLocaleInfoA` `GetCurrentProcess` `InitializeSListHead` `GetModuleHandleA` `GetCurrentThreadId` `GetProcAddress` `GetModuleHandleW` `IsProcessorFeaturePresent` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `IsDebuggerPresent` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `SleepConditionVariableSRW` `WakeAllConditionVariable` `AcquireSRWLockExclusive` `ReleaseSRWLockExclusive` `QueryPerformanceFrequency` `LoadLibraryA` `GetCurrentProcessId` `MultiByteToWideChar` `TerminateProcess` `GetSystemTimeAsFileTime`
USER32.dll	`DefWindowProcW` `DispatchMessageA` `DestroyWindow` `CreateWindowExW` `UnregisterClassW` `RegisterClassExW` `ShowWindow` `TranslateMessage` `PeekMessageA` `PostQuitMessage` `UpdateWindow` `OpenClipboard` `SetCursor` `CloseClipboard` `EmptyClipboard` `GetClientRect` `IsWindowUnicode` `ScreenToClient` `GetClipboardData` `SetClipboardData` `GetMessageExtraInfo` `LoadCursorA` `ReleaseCapture` `SetCursorPos` `GetCursorPos` `GetKeyState` `GetAsyncKeyState` `SetCapture` `GetForegroundWindow` `ClientToScreen` `GetKeyboardLayout` `TrackMouseEvent` `GetCapture`
MSVCP140.dll	`??0_Locinfo@std@@QEAA@PEBD@Z` `??1_Locinfo@std@@QEAA@XZ` `?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ` `?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ` `?_Getfalse@_Locinfo@std@@QEBAPEBDXZ` `?_Gettrue@_Locinfo@std@@QEBAPEBDXZ` `??Bid@locale@std@@QEAA_KXZ` `?_Incref@facet@locale@std@@UEAAXXZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z` `?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z` `?uncaught_exceptions@std@@YAHXZ` `?_Xlength_error@std@@YAXPEBD@Z` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z` `?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?good@ios_base@std@@QEBA_NXZ` `?_Xout_of_range@std@@YAXPEBD@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z` `??1_Lockit@std@@QEAA@XZ` `??0_Lockit@std@@QEAA@H@Z` `?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ` `?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z` `?_Xbad_alloc@std@@YAXXZ` `?id@?$numpunct@D@std@@2V0locale@2@A` `??1facet@locale@std@@MEAA@XZ` `??0facet@locale@std@@IEAA@_K@Z` `?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ`
IMM32.dll	`ImmSetCandidateWindow` `ImmReleaseContext` `ImmGetContext` `ImmSetCompositionWindow`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`memset` `__std_exception_destroy` `__std_exception_copy` `_CxxThrowException` `__std_terminate` `__C_specific_handler` `__current_exception_context` `__current_exception` `memmove` `strstr` `memchr` `strchr` `memcpy` `memcmp`
api-ms-win-crt-math-l1-1-0.dll	`log` `sqrtf` `_ldsign` `_fdsign` `_dsign` `roundf` `logf` `pow` `ceilf` `cosf` `powf` `sinf` `__setusermatherr` `fmodf` `atan2f` `acosf`
api-ms-win-crt-runtime-l1-1-0.dll	`_exit` `_invalid_parameter_noinfo_noreturn` `__p___argc` `__p___argv` `_c_exit` `_register_thread_local_exe_atexit_callback` `_initterm_e` `_initterm` `_wassert` `exit` `terminate` `_get_initial_narrow_environment` `_set_app_type` `_seh_filter_exe` `_cexit` `_crt_atexit` `_register_onexit_function` `_initialize_onexit_table` `_initialize_narrow_environment` `_configure_narrow_argv`
api-ms-win-crt-string-l1-1-0.dll	`isxdigit` `strncmp` `strncpy` `strcmp` `tolower` `strcpy_s`
api-ms-win-crt-stdio-l1-1-0.dll	`ftell` `fread` `_wfopen` `_set_fmode` `__stdio_common_vfprintf` `fseek` `fclose` `fflush` `__acrt_iob_func` `fwrite` `__p__commode` `__stdio_common_vsprintf` `__stdio_common_vsscanf`
api-ms-win-crt-heap-l1-1-0.dll	`_callnewh` `calloc` `malloc` `_set_new_mode` `free`
api-ms-win-crt-convert-l1-1-0.dll	`atoi` `atof`
api-ms-win-crt-utility-l1-1-0.dll	`qsort`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Feb-04 09:27:09
Version	`0.0`
SizeofData	`155`
AddressOfRawData	`0xf24a0`
PointerToRawData	`0xf12a0`
Referenced File	C:\Users\Andrew\Desktop\gagas\PRIVATETESTGUI\thirdparty\imgui\examples\example_win32_directx11\Release\example_win32_directx11.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Feb-04 09:27:09
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0xf253c`
PointerToRawData	`0xf133c`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Feb-04 09:27:09
Version	`0.0`
SizeofData	`912`
AddressOfRawData	`0xf2550`
PointerToRawData	`0xf1350`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2025-Feb-04 09:27:09
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x1400f2900`
EndAddressOfRawData	`0x1400f2908`
AddressOfIndex	`0x14014e0b0`
AddressOfCallbacks	`0x1400c0768`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1400ff040`

RICH Header

XOR Key	`0xda84a973`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`16`
ASM objects (33808)	`4`
C objects (33808)	`10`
C++ objects (33808)	`33`
Imports (33808)	`6`
Imports (30795)	`10`
Imports (21202)	`5`
Total imports	`240`
C++ objects (LTCG) (34123)	`27`
Resource objects (34123)	`1`
Linker (34123)	`1`

4a5d431c6792cceb48fe8e339477c1a8

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors