Manalyze report for 5a0780c28116a40731aa92bbe0551069

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2024-Sep-16 16:33:33
Detected languages	English - United States
TLS Callbacks	2 callback(s) detected.
Debug artifacts	C:\__build\windows\ryft_ex\mt-s\community\polynom_server.pdb

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: Entrust.net Izenpe.com codesiren.com http://lame.sf.net lame.sf.net openssl.org www.codesiren.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses constants related to Blowfish` `Uses constants related to base58` `Uses known Diffie-Helman primes` `Microsoft's Cryptography API`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress LoadLibraryExA LoadLibraryW LoadLibraryA` `Uses Windows's Native API: ntohs ntohl` `Uses Microsoft's cryptographic API: CryptAcquireContextA CryptReleaseContext CryptGenRandom CryptDestroyKey CryptImportKey CryptAcquireContextW CryptSetHashParam CryptGetProvParam CryptGetUserKey CryptExportKey CryptDecrypt CryptCreateHash CryptDestroyHash CryptSignHashW CryptEnumProvidersW CryptDecodeObjectEx CryptQueryObject CryptStringToBinaryA` `Can create temporary files: CreateFileA GetTempPathA CreateFileW GetTempPathW` `Leverages the raw socket API to access the Internet: getservbyname getpeername WSASendTo WSARecvFrom shutdown htons WSAStringToAddressW freeaddrinfo getaddrinfo WSAAddressToStringW WSASocketW WSASend sendto WSAIoctl inet_addr send setsockopt WSARecv ntohs ntohl listen htonl getsockopt getsockname ioctlsocket connect closesocket bind accept __WSAFDIsSet WSACleanup WSAStartup recv socket WSASetLastError inet_ntoa gethostbyaddr recvfrom gethostbyname getservbyport WSAGetLastError select` `Enumerates local disk drives: GetDriveTypeW` `Interacts with the certificate store: CertOpenStore CertAddCertificateContextToStore CertAddCRLContextToStore CertOpenSystemStoreW`
Info	The PE is digitally signed.	`Signer: Code Siren` `Issuer: Sectigo Public Code Signing CA EV R36`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`5a0780c28116a40731aa92bbe0551069`
SHA1	`890f42a9cd6ee260e2899599d5ccd860bcef0686`
SHA256	`33bc9546097b6fb261608344aa752dfcd372af0c74184ba4e11f0714ef161065`
SHA3	`3496e4b3808ee285482f76504b0dca0e47b4a1a4728a7bf8034e6fcccd43f3a3`
SSDeep	`98304:x+FK6m+XynY2p8rUC3uPpXFrwmngZJYk1Dryy1U7Ilsp3jMjgJGn6I0okbCKT0hn:x9zYiWr9Jryym7IWpAj/nIo2Npavt`
Imports Hash	`0eb6f64bee5e642a5d0a08a3ee517563`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x150`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`8`
TimeDateStamp	2024-Sep-16 16:33:33
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x930e00`
SizeOfInitializedData	`0x401400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000883C38 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xd37000`
SizeOfHeaders	`0x400`
Checksum	`0xcfe414`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`ff540017aa692707987c4b15951a748b`
SHA1	`df69451b08894eb22e4cc6d94035a5c2fbe3682c`
SHA256	`c8917d7c32a275b6197175d3b99994d0f9d1afae3872b61b80d5e0158cf4c3b2`
SHA3	`7947e1c12da0781ec55f03f4afac1520572da2d69bb897119322067285526e37`
VirtualSize	`0x930d20`
VirtualAddress	`0x1000`
SizeOfRawData	`0x930e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.66312`

.rdata

MD5	`22e4596f40f1f9022b4e4e6bab8d0f6d`
SHA1	`950d6dfb2e944c93af598937d6af0301bc225330`
SHA256	`5c019eb7ade9f71c4ffa7d3dedc8fd31bdb51c8c50c4c58dc3498933374b7d1c`
SHA3	`c87f439ab50fe144e594a88f0393b3656bb960aa893f01ce28964382263b338d`
VirtualSize	`0x2fe9dc`
VirtualAddress	`0x932000`
SizeOfRawData	`0x2fea00`
PointerToRawData	`0x931200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.69107`

.data

MD5	`8f9f44ade449b1b3c09389adde1902cd`
SHA1	`e506778dc165360c48117c40a2e05c82230c614d`
SHA256	`3efe1822f257af25140d6aa2de914c084eb749ac6eab8a3a768db40e82e7b741`
SHA3	`929716c1361c4c0f227aaf3215c960447b5a954b5039db2bf166d04d94f629ff`
VirtualSize	`0x752ec`
VirtualAddress	`0xc31000`
SizeOfRawData	`0x3c200`
PointerToRawData	`0xc2fc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.19015`

.pdata

MD5	`194638398a4d2b1c624595241c235a94`
SHA1	`6d24cab32bec5e65675b2f38292111ce1fcf4865`
SHA256	`1e09120e4d7744b13162da18b89047d30dc4e0cd9981fe39ead9c7d5594dc0ef`
SHA3	`cc2baa4b8ab70b001c969cf58d24e90a0a5fd2ea703080520709a187237f691b`
VirtualSize	`0x57678`
VirtualAddress	`0xca7000`
SizeOfRawData	`0x57800`
PointerToRawData	`0xc6be00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.5035`

_RDATA

MD5	`b02264359e94e5b2a5a121d6e454ffa1`
SHA1	`d051e91abc67599e517a8bf377900d38afd34917`
SHA256	`4c27d81d0538610fc0d1034cb4b7c7a5dc0c7472f164b8ac83426c706d7ebdab`
SHA3	`9fd03b0632c96bb94abaf63d26bdc8ed1665c2f7e9ee8fc6c3b4a6f4b6b2d300`
VirtualSize	`0x2d10`
VirtualAddress	`0xcff000`
SizeOfRawData	`0x2e00`
PointerToRawData	`0xcc3600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.96746`

.rodata

MD5	`f978fbe396bb1ee5d5c9a3d9a2af6ae6`
SHA1	`11677f03d570ab4e878830b5793d994bd2494b27`
SHA256	`237c71680a81cae4d342badf2497c61aa7c309e89005a20286f9497b4628c4fc`
SHA3	`444dac383f1a7c180af4fbe094f7cf5cd3666365cee11786778618d1cd68fbee`
VirtualSize	`0x3a4`
VirtualAddress	`0xd02000`
SizeOfRawData	`0x400`
PointerToRawData	`0xcc6400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.35282`

.rsrc

MD5	`b3db99dc7134d356d3bf3ac7d0671c34`
SHA1	`206c9df277bcf260d34bafe366825b5b6437e96b`
SHA256	`cf923a3481fa08beb0b1ee3cda91eabba7eb4964735dd95e16865c1678afd70c`
SHA3	`01f2aecb93e473763dd56d3ab97834f2c482f39a49196cd60273620b318885a2`
VirtualSize	`0x1a5f8`
VirtualAddress	`0xd03000`
SizeOfRawData	`0x1a600`
PointerToRawData	`0xcc6800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.98918`

.reloc

MD5	`985821111b4c1123a181b01bd3fdf79f`
SHA1	`725560db0b583cf7aa118103c58b30ed1cf399af`
SHA256	`9fd6827aacd1cd2432962c2c0334ecdc9c02893f0a17e0186a7772a73208f570`
SHA3	`7903c9ffd40d0e83d63db55b1a5a3e003ff74cba768c095b5c78c1f74df89917`
VirtualSize	`0x18488`
VirtualAddress	`0xd1e000`
SizeOfRawData	`0x18600`
PointerToRawData	`0xce0e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.4535`

Imports

ADVAPI32.dll	`SystemFunction036` `CryptAcquireContextA` `CryptReleaseContext` `CryptGenRandom` `CryptDestroyKey` `CryptImportKey` `DeregisterEventSource` `RegisterEventSourceW` `ReportEventW` `CryptAcquireContextW` `CryptSetHashParam` `CryptGetProvParam` `CryptGetUserKey` `CryptExportKey` `CryptDecrypt` `CryptCreateHash` `CryptDestroyHash` `CryptSignHashW` `CryptEnumProvidersW`
CRYPT32.dll	`CertFreeCertificateContext` `CertGetCertificateContextProperty` `CryptDecodeObjectEx` `CertOpenStore` `CertDuplicateStore` `CertCloseStore` `CertEnumCertificatesInStore` `CertSetCertificateContextProperty` `CertAddCertificateContextToStore` `CertAddCRLContextToStore` `CryptQueryObject` `CertCreateCertificateChainEngine` `CertFreeCertificateChainEngine` `CertGetCertificateChain` `CertFreeCertificateChain` `CertVerifyCertificateChainPolicy` `CryptStringToBinaryA` `CertFindCertificateInStore` `CertDuplicateCertificateContext` `CertOpenSystemStoreW`
Secur32.dll	`FreeCredentialsHandle` `EncryptMessage` `DecryptMessage` `QueryContextAttributesA` `AcquireCredentialsHandleA` `InitializeSecurityContextA` `FreeContextBuffer` `DeleteSecurityContext`
SHLWAPI.dll	`PathRemoveFileSpecA`
USER32.dll	`GetUserObjectInformationW` `MessageBoxW` `GetProcessWindowStation`
WS2_32.dll	`getservbyname` `getpeername` `WSASendTo` `WSARecvFrom` `shutdown` `htons` `WSAStringToAddressW` `freeaddrinfo` `getaddrinfo` `WSAAddressToStringW` `WSASocketW` `WSASend` `sendto` `WSAIoctl` `inet_addr` `send` `setsockopt` `WSARecv` `ntohs` `ntohl` `listen` `htonl` `getsockopt` `getsockname` `ioctlsocket` `connect` `closesocket` `bind` `accept` `__WSAFDIsSet` `WSACleanup` `WSAStartup` `recv` `socket` `WSASetLastError` `inet_ntoa` `gethostbyaddr` `recvfrom` `gethostbyname` `getservbyport` `WSAGetLastError` `select`
KERNEL32.dll	`RtlUnwind` `WriteConsoleW` `SetEnvironmentVariableW` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetOEMCP` `IsValidCodePage` `FindFirstFileExW` `GetTimeZoneInformation` `GetConsoleOutputCP` `EnumSystemLocalesW` `GetUserDefaultLCID` `IsValidLocale` `GetLocaleInfoW` `LCMapStringW` `CompareStringW` `GetTimeFormatW` `GetDateFormatW` `FlsFree` `FlsSetValue` `FlsGetValue` `FlsAlloc` `GetCommandLineW` `GetCommandLineA` `GetModuleFileNameW` `SetStdHandle` `FileTimeToSystemTime` `SystemTimeToTzSpecificLocalTime` `PeekNamedPipe` `GetDriveTypeW` `ExitProcess` `FreeLibraryAndExitThread` `ExitThread` `CreateThread` `SetConsoleCtrlHandler` `LoadLibraryExW` `InterlockedPushEntrySList` `RtlUnwindEx` `GetStartupInfoW` `IsDebuggerPresent` `IsProcessorFeaturePresent` `TerminateProcess` `GetCurrentProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `RtlLookupFunctionEntry` `RtlCaptureContext` `InitializeSListHead` `GetCPInfo` `CompareStringEx` `GetStringTypeW` `WakeAllConditionVariable` `LCMapStringEx` `DecodePointer` `EncodePointer` `CloseHandle` `PostQueuedCompletionStatus` `EnterCriticalSection` `LeaveCriticalSection` `SetEvent` `CreateEventA` `LocalFree` `FormatMessageA` `FormatMessageW` `WideCharToMultiByte` `GetLastError` `SetLastError` `CreateIoCompletionPort` `GetQueuedCompletionStatus` `CancelIoEx` `InitializeCriticalSectionAndSpinCount` `DeleteCriticalSection` `ResetEvent` `WaitForSingleObject` `SleepEx` `CreateMutexW` `CreateEventW` `SetWaitableTimer` `Sleep` `WaitForMultipleObjects` `QueueUserAPC` `GetCurrentProcessId` `TerminateThread` `GetSystemInfo` `CreateWaitableTimerA` `GetSystemTimeAsFileTime` `MultiByteToWideChar` `GetStdHandle` `GetConsoleScreenBufferInfo` `SetConsoleTextAttribute` `HeapAlloc` `HeapFree` `GetProcessHeap` `GetModuleHandleA` `GetProcAddress` `InitializeCriticalSection` `VirtualFree` `QueryPerformanceCounter` `QueryPerformanceFrequency` `InitOnceExecuteOnce` `GetCurrentThreadId` `GetACP` `GetConsoleCP` `FreeLibrary` `LoadLibraryExA` `SwitchToFiber` `DeleteFiber` `CreateFiber` `LocalAlloc` `GetWindowsDirectoryA` `GetSystemWindowsDirectoryA` `GetModuleFileNameA` `CreateFileA` `FindClose` `FindFirstFileA` `FindNextFileA` `GetFileAttributesA` `GetFileSizeEx` `ReadFile` `FlushFileBuffers` `GetTickCount` `MapViewOfFile` `CreateFileMappingW` `GetSystemTime` `SystemTimeToFileTime` `GetFileSize` `LockFileEx` `UnlockFile` `HeapDestroy` `HeapCompact` `LoadLibraryW` `HeapReAlloc` `DeleteFileW` `DeleteFileA` `WaitForSingleObjectEx` `LoadLibraryA` `FlushViewOfFile` `OutputDebugStringW` `GetFileAttributesExW` `GetDiskFreeSpaceA` `GetTempPathA` `HeapSize` `HeapValidate` `UnmapViewOfFile` `GetFileAttributesW` `CreateFileW` `GetTempPathW` `UnlockFileEx` `SetEndOfFile` `GetFullPathNameA` `SetFilePointer` `LockFile` `OutputDebugStringA` `GetDiskFreeSpaceW` `WriteFile` `GetFullPathNameW` `HeapCreate` `AreFileApisANSI` `TryEnterCriticalSection` `GetEnvironmentVariableW` `GetCurrentDirectoryW` `CreateDirectoryW` `GetFileInformationByHandle` `RemoveDirectoryW` `SetFileAttributesW` `SetFilePointerEx` `DeviceIoControl` `GetModuleHandleW` `ReleaseSemaphore` `WaitForMultipleObjectsEx` `OpenEventA` `ResumeThread` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `InitializeSRWLock` `ReleaseSRWLockExclusive` `ReleaseSRWLockShared` `AcquireSRWLockExclusive` `AcquireSRWLockShared` `CreateFiberEx` `FindFirstFileW` `FindNextFileW` `GetModuleHandleExW` `GetSystemDirectoryA` `GetExitCodeThread` `CreateSemaphoreA` `GetFileType` `ConvertFiberToThread` `ConvertThreadToFiberEx` `RtlVirtualUnwind` `GetConsoleMode` `SetConsoleMode` `ReadConsoleA` `ReadConsoleW` `RtlPcToFileHeader` `RaiseException` `TryAcquireSRWLockExclusive` `SleepConditionVariableSRW` `GetLocaleInfoEx` `GetNativeSystemInfo` `InitializeCriticalSectionEx`
MSWSOCK.dll	`AcceptEx` `GetAcceptExSockaddrs`
bcrypt.dll	`BCryptGenRandom` `BCryptCloseAlgorithmProvider` `BCryptOpenAlgorithmProvider`

Delayed Imports

boost_stacktrace_impl_return_nullptr

Ordinal	`1`
Address	`0x142a80`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x135c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.8991`
Detected Filetype	PNG graphic file
MD5	`79849e773080f631cc808b3de5eb60ee`
SHA1	`f060e0c5c48ba89645d190f658635e9776db6f93`
SHA256	`ba0b9773d8b32aa9470d2302e1013e7bf769fb68a5061eb5a9a6ab3d86525fd9`
SHA3	`f8aaeb08c66ae09d0f9474417d8b9956d2af672825697e5df5746d7fa5f6fb30`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.26373`
MD5	`1d12cd5dd7e53409c3664a4fe94a3199`
SHA1	`e79a1b6c95fc03eae653296f1a34a6e2e6303607`
SHA256	`17f533eb0e90019ffa8a498be449266faf1088a96355b8ca38a8d5f70e5b35f4`
SHA3	`3631b7f1e4454a200bd4d5d9361fe12d72d50c9c426f78660b10db3dcc35534b`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.48359`
MD5	`a439b41bec9012590bc144cfd10978af`
SHA1	`be04b88f672c43eead36c6ad8f11aa10a89d9f01`
SHA256	`798993fad68cd4b3a71a2de590e719abc440c5e7a6c7259138caca898847d3c5`
SHA3	`06c2bc7b634ce9a40293ff1f554f3f0591fb978d00c0b1142098fa7c01cde154`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.61896`
MD5	`1a02f308dc6ba36b207562f8d4cc58c2`
SHA1	`0f78e0b90c020439a2a08474983ac349af8222f6`
SHA256	`3b34b0be23435b1031a2cfa7696bc792f1e48615cb48c61305603d575a8a8c60`
SHA3	`56df72a7d665e7d6eb8d1e32916131502a365a1bc4dc9c4c99cfed5434058e6e`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.86216`
MD5	`9a5565c3dce8b0374d39ba808878a188`
SHA1	`ec193ff30a5e606c2c7d6332ee3092e5cdc54028`
SHA256	`3a384ae454170b9afb1ec43b5925da296e4c969b6890060ff8a7e4db7221a831`
SHA3	`627c0a30a718aa5c45638e3f63d163e7e9d0215d18f1e79d2d308f6d8afc93aa`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.10438`
MD5	`2ca9efd965fcfb3fcb7dab2161b4c4a4`
SHA1	`585fcf84dc4ffe6ee2c458465bb14310f09f25ea`
SHA256	`237b3d8df759ad3cd9311b1d828cfdc010787c1a6260179d50d49cfd29d2f003`
SHA3	`4e6a4f098b3c7258d163d60cc2148b708cae1c95a1285ef731f8d85c3e793dbf`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.31255`
MD5	`65749272ab758b037ca2a31245c382e7`
SHA1	`b043f524cd9d76f382ad219c81428a5dff89b8e5`
SHA256	`2b04b222c254b7e0b4e858619ab3f67f2a44d5a99af1722aaa3153c2d8e34d9b`
SHA3	`e020584b00a1e46080530c48c9d584a25577e59a7b98b17c08888dad22c467f6`

IDI_ICON1

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.91902`
Detected Filetype	Icon file
MD5	`3bfcfdee6071778594ecc3c63167f0f3`
SHA1	`2b7b948dd7d0e262d8c8271e740b4d8856722212`
SHA256	`deb827b4a7fb729c0386232aabb1a3565fac0cf3016d45e32572f640368d3975`
SHA3	`7a2181536746840ca1abfc3cc7ccfa55b601f634240e447833ac8cc1fd3d6e29`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2024-Sep-16 16:33:33
Version	`0.0`
SizeofData	`85`
AddressOfRawData	`0xbbac64`
PointerToRawData	`0xbb9e64`
Referenced File	C:\__build\windows\ryft_ex\mt-s\community\polynom_server.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2024-Sep-16 16:33:33
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0xbbacbc`
PointerToRawData	`0xbb9ebc`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2024-Sep-16 16:33:33
Version	`0.0`
SizeofData	`1216`
AddressOfRawData	`0xbbacd0`
PointerToRawData	`0xbb9ed0`

TLS Callbacks

StartAddressOfRawData	`0x140bbb1e8`
EndAddressOfRawData	`0x140bbb20d`
AddressOfIndex	`0x140c90d90`
AddressOfCallbacks	`0x140933cc8`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`0x00000001405A59F0` `0x0000000140883860`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140c4d380`

RICH Header

XOR Key	`0x3787cc6a`
Unmarked objects	`0`
ASM objects (30795)	`29`
C++ objects (30795)	`213`
C objects (30795)	`30`
253 (33808)	`11`
ASM objects (33808)	`21`
C objects (33808)	`19`
C++ objects (33808)	`110`
Imports (30795)	`19`
Total imports	`345`
C objects (33811)	`184`
Unmarked objects (#2)	`49`
C objects (33521)	`855`
C objects (VS2022 Update 4 (17.4.5) compiler 31942)	`43`
ASM objects (34120)	`1`
C objects (34120)	`196`
C++ objects (34120)	`625`
Exports (34120)	`1`
Resource objects (34120)	`1`
151	`1`
Linker (34120)	`1`

5a0780c28116a40731aa92bbe0551069

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

_RDATA

.rodata

.rsrc

.reloc

Imports

Delayed Imports

boost_stacktrace_impl_return_nullptr

1

2

3

4

5

6

7

IDI_ICON1

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors