Manalyze report for 5b81767cca659cfdc321de444e20cf54e3e965fbd56bbd95e07dfe014e3ea449

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Jan-08 20:06:46
Detected languages	English - United States
TLS Callbacks	1 callback(s) detected.
Debug artifacts	cirno_downloader.pdb
ProductVersion	`1.1.3`
ProductName	cirno-downloader
FileDescription	cirno-downloader
FileVersion	`1.1.3`

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig2(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: cmd.exe` Contains domain names: birthpopuptypesapplyImagebeinguppernoteseveryshowsmeansextramatchtrackknownearlybegansuperpapernorthlearngivennamedendedTermspartsGroupbrandusingwomanfalsereadyaudiotakeswhile.com genretrucklooksValueFrame.net github.com http://json-schema.org http://www.C http://www.a http://www.css http://www.hortcut http://www.icon http://www.interpretation http://www.language http://www.style http://www.text-decoration http://www.w3.org http://www.w3.org/shortcut http://www.wencodeURIComponent http://www.years https://docs.rs https://github.com https://www.World https://www.recent json-schema.org schema.org thing.org www.w3.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to SHA1` `Uses constants related to RC5 or RC6`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryExW LoadLibraryExA LoadLibraryW` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Can access the registry: RegGetValueW RegOpenKeyExW RegCloseKey RegQueryValueExW` `Possibly launches other programs: CreateProcessW CreateProcessA` `Uses Windows's Native API: NtDeviceIoControlFile NtCreateFile NtWriteFile NtCancelIoFileEx NtReadFile NtOpenFile` `Can create temporary files: GetTempPathW CreateFileW` `Uses functions commonly found in keyloggers: GetAsyncKeyState GetForegroundWindow MapVirtualKeyW` `Leverages the raw socket API to access the Internet: getpeername WSAGetLastError getsockname connect bind getsockopt setsockopt recv WSAStartup closesocket ioctlsocket WSAIoctl WSASocketW freeaddrinfo shutdown getaddrinfo WSASend send WSACleanup` `Can take screenshots: GetDC BitBlt CreateCompatibleDC` `Interacts with the certificate store: CertAddCertificateContextToStore CertOpenStore`
Malicious	VirusTotal score: 10/72 (Scanned on 2025-05-22 11:46:26)	`AVG: Win64:MalwareX-gen [Misc]` `Avast: Win64:MalwareX-gen [Misc]` `Fortinet: W32/PossibleThreat` `Google: Detected` `MaxSecure: Trojan.Malware.324803077.susgen` `McAfeeD: ti!5B81767CCA65` `Paloalto: generic.ml` `Trapmine: malicious.high.ml.score` `Varist: W64/ABTrojan.VXVK-5593` `alibabacloud: Suspicious`

Hashes

MD5	`a09723171ba6d58cbdc4d2e3b0290e30`
SHA1	`09c246f586437fa1ee0b0eb8a89b014160959c8d`
SHA256	`5b81767cca659cfdc321de444e20cf54e3e965fbd56bbd95e07dfe014e3ea449`
SHA3	`1c5161240612d60d7a10d28d16577ecdb938b150fdebd07f25ac248ec44eb99e`
SSDeep	`98304:AOksNpcbQfwzEKBcbvbw6GOgN31gxcQcvbSNCEswNpIhTgeiJJsTHkWFB7gwkh6:ASLpsfke5kWFBk`
Imports Hash	`7ce4b93df6dfe41967b53be759b9f03c`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2025-Jan-08 20:06:46
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x542a00`
SizeOfInitializedData	`0x1bb000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000523D68 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x702000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`ec8637e0f41421124caf19b797a85cc7`
SHA1	`1979e4156472854168b7f9f7b44fc6ebda559956`
SHA256	`81d878a7bfd5c29275445f6f1eaebaa23ee5235b2300742b288c030dd5a3e601`
SHA3	`5b883d80d6237c34435301db6a846a280299afbcaf7e667c396c2791df2eb90f`
VirtualSize	`0x5428e0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x542a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.2247`

.rdata

MD5	`f5d7f95b0afc7deb1e8dc97ca13fa1b1`
SHA1	`2904029e3b5367345ff79820f3b17adf71b43c43`
SHA256	`bbf965968b6e6801c2a1ac68f2d620f36a19d4dcfa5e310ac16fd54904058d3e`
SHA3	`fcf9482f6948e1a71dccddf411a6628d9b83a275332359d51e11b5bf4f76e9aa`
VirtualSize	`0x191f82`
VirtualAddress	`0x544000`
SizeOfRawData	`0x192000`
PointerToRawData	`0x542e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.36426`

.data

MD5	`6fcf542e018a9f4c1195ea70029b4283`
SHA1	`e2bae1db12a8dc953edc3f958df26540b15279c9`
SHA256	`e02e79a96fcd2fc5ee0a97215233dbd804b522cf8ff0d53b9ae6aae3311e0466`
SHA3	`a27fd0c8faed48a1d672c5594cd955b76c4002fa34d2b9ad451ff2cb39ded16d`
VirtualSize	`0x4038`
VirtualAddress	`0x6d6000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x6d4e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.60276`

.pdata

MD5	`a6213adf4bcfce48eb370374587760ce`
SHA1	`5055d88c7e356040bdf33c038ed9b951c352eebf`
SHA256	`9b59235656c41e40e47098f914a1c5eabc0e8cc2f094b5b1ace25d925178c89b`
SHA3	`de8b0922e2ef7dbca6d0d7c71a9a62389420c907620255eb9a4c286c279c8da9`
VirtualSize	`0xf294`
VirtualAddress	`0x6db000`
SizeOfRawData	`0xf400`
PointerToRawData	`0x6d6000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.16889`

.rsrc

MD5	`0e89fb97574655556136d5c09300fddc`
SHA1	`2dd3034342eb3981172876136757fb7aed66ba1f`
SHA256	`e29d90ef3990d5cc7da8205245c3bcde09f836053b4b91a8467c4d1528b368c3`
SHA3	`57a870dfd5c49621d502904249158ce811c3f9dd2409010f4c0566677b997215`
VirtualSize	`0xf0b0`
VirtualAddress	`0x6eb000`
SizeOfRawData	`0xf200`
PointerToRawData	`0x6e5400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.93385`

.reloc

MD5	`ac731df390c9df937304fa1c814791c3`
SHA1	`74393d8b95f3d01e1c86c5649b73486407bbcdec`
SHA256	`a5a91f8815f4ef005b2108a05a6d7c6437bcf1b2209f80cf4de4bc50043c8534`
SHA3	`dc8fd82eddace59b3baa4b2b8efa698a24f522e6dbd37560e3002b91f3d43d06`
VirtualSize	`0x6770`
VirtualAddress	`0x6fb000`
SizeOfRawData	`0x6800`
PointerToRawData	`0x6f4600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.45936`

Imports

api-ms-win-core-synch-l1-2-0.dll	`WaitOnAddress` `WakeByAddressAll` `WakeByAddressSingle`
bcryptprimitives.dll	`ProcessPrng`
SHELL32.dll	`CommandLineToArgvW` `DragFinish` `DragQueryFileW` `SHCreateItemFromParsingName` `ShellExecuteExW` `SHGetKnownFolderPath` `SHAppBarMessage`
kernel32.dll	`FindFirstFileExW` `RtlPcToFileHeader` `RtlUnwindEx` `RaiseException` `IsDebuggerPresent` `EncodePointer` `InitializeSListHead` `GetSystemTimeAsFileTime` `LCIDToLocaleName` `SleepConditionVariableSRW` `WakeAllConditionVariable` `AcquireSRWLockExclusive` `ReleaseSRWLockExclusive` `IsProcessorFeaturePresent` `SetUnhandledExceptionFilter` `DeleteFileW` `CreatePipe` `GetProcessId` `CompareStringOrdinal` `CreateEventW` `GetUserDefaultUILanguage` `GetOverlappedResult` `ReadFile` `GetExitCodeProcess` `UnhandledExceptionFilter` `AddVectoredExceptionHandler` `CreateWaitableTimerExW` `Sleep` `SetWaitableTimer` `SetThreadStackGuarantee` `GetCurrentThread` `GetProcessHeap` `GetQueuedCompletionStatusEx` `HeapFree` `HeapReAlloc` `SwitchToThread` `CreateIoCompletionPort` `SetFileCompletionNotificationModes` `GetLastError` `GetModuleHandleW` `DeleteCriticalSection` `GetProcAddress` `GetCurrentThreadId` `QueryPerformanceCounter` `QueryPerformanceFrequency` `lstrlenW` `LoadLibraryA` `InitializeCriticalSectionAndSpinCount` `FindClose` `FreeLibrary` `LoadLibraryExW` `TlsAlloc` `TlsGetValue` `OutputDebugStringW` `SetFilePointerEx` `OutputDebugStringA` `LoadLibraryExA` `SetEnvironmentVariableW` `GetCommandLineW` `TlsSetValue` `TerminateProcess` `WaitForMultipleObjects` `LoadLibraryW` `GetModuleHandleA` `GetSystemInfo` `FlushFileBuffers` `SetFileInformationByHandle` `CloseHandle` `SetHandleInformation` `CopyFileExW` `GetFinalPathNameByHandleW` `HeapAlloc` `CancelIo` `ReadFileEx` `SleepEx` `PostQueuedCompletionStatus` `WriteFileEx` `CreateThread` `CreateNamedPipeW` `GetFileAttributesW` `CreateProcessW` `GetWindowsDirectoryW` `GetSystemDirectoryW` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `WaitForSingleObject` `FormatMessageW` `CreateDirectoryW` `FindNextFileW` `GetFullPathNameW` `GetFileInformationByHandleEx` `GetFileInformationByHandle` `GetTempPathW` `GetEnvironmentVariableW` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `ReleaseMutex` `WideCharToMultiByte` `GetModuleFileNameW` `LocalFree` `CreateProcessA` `ExitProcess` `CreateFileW` `GetCurrentProcess` `DuplicateHandle` `GetStdHandle` `GetConsoleMode` `GetConsoleOutputCP` `CreateMutexA` `MultiByteToWideChar` `WriteConsoleW` `SetLastError` `GetCurrentDirectoryW` `WaitForSingleObjectEx` `GetCurrentProcessId` `TlsFree`
user32.dll	`SystemParametersInfoW` `GetKeyboardState` `GetAsyncKeyState` `GetKeyState` `MapVirtualKeyExW` `GetKeyboardLayout` `ToUnicodeEx` `SetWindowTextW` `GetWindowTextLengthW` `GetWindowTextW` `GetSystemMenu` `SetWindowLongW` `ShowCursor` `GetClipCursor` `ClipCursor` `LoadCursorW` `RegisterWindowMessageA` `CreateIcon` `IsProcessDPIAware` `FindWindowExW` `TrackPopupMenu` `SetWindowRgn` `GetParent` `AppendMenuW` `InsertMenuW` `SetPropW` `GetMessageW` `DestroyWindow` `PostThreadMessageW` `DispatchMessageW` `TranslateMessage` `AdjustWindowRect` `CreatePopupMenu` `SetParent` `CreateMenu` `DrawTextW` `MonitorFromRect` `GetWindowLongW` `ScreenToClient` `SetCursor` `GetWindowDC` `DefWindowProcW` `OffsetRect` `GetMessageA` `DispatchMessageA` `MapWindowPoints` `GetMenuBarInfo` `CloseTouchInputHandle` `GetTouchInputInfo` `SetWindowLongPtrW` `EnumChildWindows` `SetWindowPlacement` `RegisterRawInputDevices` `GetMenu` `GetMenuItemInfoW` `EnableMenuItem` `PostQuitMessage` `PeekMessageW` `ChangeDisplaySettingsExW` `ShowWindow` `GetMonitorInfoW` `UpdateWindow` `InvalidateRect` `TrackMouseEvent` `SetCursorPos` `SystemParametersInfoA` `DrawMenuBar` `GetForegroundWindow` `InvalidateRgn` `SetWindowPos` `GetClientRect` `FlashWindowEx` `SetMenu` `GetActiveWindow` `GetWindowRect` `SetCapture` `ReleaseCapture` `SetWindowDisplayAffinity` `SendInput` `MapVirtualKeyW` `SetForegroundWindow` `SendMessageW` `RemoveMenu` `FillRect` `CreateAcceleratorTableW` `DestroyAcceleratorTable` `RegisterTouchWindow` `GetSystemMetrics` `IsWindow` `CreateWindowExW` `AdjustWindowRectEx` `RegisterClassExW` `DestroyIcon` `EnableWindow` `IsWindowEnabled` `IsWindowVisible` `IsIconic` `ClientToScreen` `RedrawWindow` `MonitorFromPoint` `EnumDisplayMonitors` `GetWindowLongPtrW` `MonitorFromWindow` `GetCursorPos` `DestroyMenu` `CheckMenuItem` `PostMessageW` `GetDC` `ReleaseDC` `DrawIconEx` `SetMenuItemInfoW` `GetRawInputData` `ValidateRect` `GetUpdateRect` `TranslateAcceleratorW` `MsgWaitForMultipleObjectsEx` `GetWindowPlacement`
gdi32.dll	`BitBlt` `CombineRgn` `DeleteObject` `SetBkMode` `SetTextColor` `CreateSolidBrush` `CreateRectRgn` `GetDeviceCaps` `DeleteDC` `SelectObject` `CreateDIBSection` `CreateCompatibleDC`
dwmapi.dll	`DwmEnableBlurBehindWindow` `DwmGetWindowAttribute` `DwmSetWindowAttribute`
oleaut32.dll	`SetErrorInfo` `SysStringLen` `GetErrorInfo` `SysFreeString`
ole32.dll	`RevokeDragDrop` `OleInitialize` `RegisterDragDrop` `CoCreateInstance` `CoInitializeEx` `CoTaskMemFree` `CoUninitialize` `CoTaskMemAlloc`
comctl32.dll	`TaskDialogIndirect` `RemoveWindowSubclass` `SetWindowSubclass` `DefSubclassProc`
bcrypt.dll	`BCryptGenRandom`
advapi32.dll	`EventUnregister` `SystemFunction036` `RegGetValueW` `RegOpenKeyExW` `RegCloseKey` `RegQueryValueExW` `EventRegister` `EventSetInformation` `EventWriteTransfer`
ntdll.dll	`RtlNtStatusToDosError` `RtlGetVersion` `NtDeviceIoControlFile` `NtCreateFile` `NtWriteFile` `NtCancelIoFileEx` `NtReadFile` `NtOpenFile`
shlwapi.dll	`SHCreateMemStream`
ws2_32.dll	`getpeername` `WSAGetLastError` `getsockname` `connect` `bind` `getsockopt` `setsockopt` `recv` `WSAStartup` `closesocket` `ioctlsocket` `WSAIoctl` `WSASocketW` `freeaddrinfo` `shutdown` `getaddrinfo` `WSASend` `send` `WSACleanup`
secur32.dll	`AcquireCredentialsHandleA` `FreeContextBuffer` `AcceptSecurityContext` `DeleteSecurityContext` `QueryContextAttributesW` `InitializeSecurityContextW` `DecryptMessage` `EncryptMessage` `ApplyControlToken` `FreeCredentialsHandle`
crypt32.dll	`CertEnumCertificatesInStore` `CertAddCertificateContextToStore` `CertOpenStore` `CertDuplicateCertificateContext` `CertGetCertificateChain` `CertDuplicateCertificateChain` `CertCloseStore` `CertFreeCertificateContext` `CertFreeCertificateChain` `CertDuplicateStore` `CertVerifyCertificateChainPolicy`
api-ms-win-crt-math-l1-1-0.dll	`pow` `__setusermatherr` `trunc` `floor` `round`
api-ms-win-crt-convert-l1-1-0.dll	`_ultow_s` `_wtoi64` `wcstol` `_wtoi`
api-ms-win-crt-string-l1-1-0.dll	`strcpy_s` `wcsncmp` `_wcsicmp` `wcscmp` `wcslen` `strlen`
api-ms-win-crt-heap-l1-1-0.dll	`free` `_callnewh` `malloc` `calloc` `_set_new_mode`
api-ms-win-crt-runtime-l1-1-0.dll	`_crt_atexit` `__p___argc` `_cexit` `_exit` `exit` `_initialize_onexit_table` `_initterm` `_c_exit` `_initialize_narrow_environment` `_configure_narrow_argv` `_register_thread_local_exe_atexit_callback` `_set_app_type` `_seh_filter_exe` `terminate` `abort` `_get_initial_narrow_environment` `_initterm_e` `_register_onexit_function` `__p___argv`
api-ms-win-crt-stdio-l1-1-0.dll	`__p__commode` `_set_fmode`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x9af`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.7742`
Detected Filetype	PNG graphic file
MD5	`f994eade77463761cc3ce1c307f4cf0b`
SHA1	`66e6d7fd22d1d237054df7d192a81cb7d8357e9c`
SHA256	`67ff923317858d59857d6ac21bbebbb86fefec2bbc2b3f999b69f9da52fb4675`
SHA3	`2edad4403208125613e98a533ae5880794184edb5f3606df633b14a101dff285`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x368`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.54891`
Detected Filetype	PNG graphic file
MD5	`6b728fd7185f2dc8cb369206f1ee1303`
SHA1	`07f4e0131dc4efff84cadb6f86f280ad1dc9efc0`
SHA256	`15da6c43bf869c2c2d717e64997fee46a1176237c2066611d261f02259ab69f8`
SHA3	`f8bc0e4f935db8fd4b289393795fa9e9a75276e971b383e8a9cd5b07e18aa59f`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x63b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.73795`
Detected Filetype	PNG graphic file
MD5	`efcc0f52c5e2d28a88f837ded098fcce`
SHA1	`5afd70b47f311309c65aa62b4c75b6d96c6ec4d7`
SHA256	`2721ee1b125e23960982ee1722c295e96d32096e433c510019fcb1e102479076`
SHA3	`5501bba589f2ebadb4242e2760bb11eb353d48967f138289847ac432ee763d9c`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x11ae`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.85262`
Detected Filetype	PNG graphic file
MD5	`bba8cef46fef5e37960a6b2bd459c8be`
SHA1	`d8124fd6a0b4e23d631530dd1f8c6c08210e1b9c`
SHA256	`b209673ff53820e490cd9a6653904f0d671ebe199b79c36f25f0e5ae22127bbe`
SHA3	`423191f892f0dc13153f63214c21a079f56fafc6ebb3f7a8c8ad26443666cd1d`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1b28`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.88561`
Detected Filetype	PNG graphic file
MD5	`e74ea6f28687b62e532585b485ccf993`
SHA1	`a07d05aa50660041c7fc78dd95228b3caa9ba945`
SHA256	`b59936cb0e499f2c23a232b6c87b973355e5d3b540f6aaf184775203a6bf2ff0`
SHA3	`41c5c2690cc478d86101f66ce2d0fa03b94034f68c00f5fd05276538c7664d9b`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xaae4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98004`
Detected Filetype	PNG graphic file
MD5	`ab5c6030d15cbf333430383f761631f6`
SHA1	`dc35f41957242820041e4617601eb57dc96e9514`
SHA256	`01dae7259e06641079a329c912d793624ed112f615936a0f4fceb4fc2aac8596`
SHA3	`8cf7225179d14aac8c0b8cc346b1a95180aec4cf0fdb16d5b99c98f4908d7337`

32512

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.81593`
Detected Filetype	Icon file
MD5	`0d38db5bd1ad0d5419e8f55d0cdfdbbc`
SHA1	`bd16b77db003b83e9301eb65d42cc9751c42a6ba`
SHA256	`de84cd6ae49b42297a7fc047bdd9bbda089aa680f57efa259df6ed636554ce76`
SHA3	`336261ff21d91be915e81818a0e631e01d3422972834f9b7afbbdc3a9b8f464e`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.11059`
MD5	`12da5bb5d7154e52412f0920a7222481`
SHA1	`cf9cc10b796319e2e8fda409170b0b179d8b52be`
SHA256	`65353248aae9c5f760276a88a11b64a227542165b30b2ddfe2109b8ebd0e961f`
SHA3	`ae8c7f56984994ad43ab19ee761f973f0d1722d4f39cbd8ffebbcb709305e9dc`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.96056`
MD5	`01e4c8c046a47771f13cd120b53303e7`
SHA1	`2a4224d31c916a5cff4f2636a3cb47fdd84a5cc9`
SHA256	`b1cb832f790c153aa0e9a66f76e75460263cf1d41971d2dbcc9a4d87ec18b7d8`
SHA3	`680120ec819e7ba66519d9a8a3e446973c4cb28aa0146c91cceaa8c8fadc90ae`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.1.0.0
ProductVersion	0.1.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
ProductVersion (#2)	1.1.3
ProductName	cirno-downloader
FileDescription	cirno-downloader
FileVersion (#2)	1.1.3

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Jan-08 20:06:46
Version	`0.0`
SizeofData	`45`
AddressOfRawData	`0x6cd554`
PointerToRawData	`0x6cc354`
Referenced File	cirno_downloader.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Jan-08 20:06:46
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x6cd584`
PointerToRawData	`0x6cc384`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Jan-08 20:06:46
Version	`0.0`
SizeofData	`1068`
AddressOfRawData	`0x6cd598`
PointerToRawData	`0x6cc398`

TLS Callbacks

StartAddressOfRawData	`0x1406cda10`
EndAddressOfRawData	`0x1406cdb84`
AddressOfIndex	`0x1406d98b4`
AddressOfCallbacks	`0x140544d18`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`0x0000000140449060`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1406d7040`

RICH Header

XOR Key	`0xeb76ce3`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`14`
ASM objects (33808)	`9`
C objects (33808)	`13`
C++ objects (33808)	`47`
Imports (30795)	`3`
Total imports	`389`
C objects (34120)	`15`
Unmarked objects (#2)	`43`
Resource objects (34120)	`1`
Linker (34120)	`1`

Errors

Leave a comment

No comments yet.