Manalyze report for 5bac0d583d82c8cc0dbb76c6cf5bdedc

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2025-Apr-02 08:53:37
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryW` `Can access the registry: RegOpenKeyExW RegEnumKeyExW RegCloseKey RegQueryValueExW`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`5bac0d583d82c8cc0dbb76c6cf5bdedc`
SHA1	`f2d40e364435e19b485d9a2f02915a4d59d39dfe`
SHA256	`03b4ef932958919cb1d7d882cebfaa2685d9b4c8eba48c3b0879b25a7d7a260f`
SHA3	`200350e14712a42159c7ce0119e6b037b5456e5d16abb7a13f50cad024272de4`
SSDeep	`6144:Df3Gr20PCpHIqOZlvSHOHnc8zTLxhBdWwQma1XHj:DHFygu8EFWwi`
Imports Hash	`bc7f0c3a3bb6f03f30799c8a0ee2175f`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2025-Apr-02 08:53:37
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x2cc00`
SizeOfInitializedData	`0x34400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000002B32C (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x64000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d4d8ec69ab788c796b7f822ee34efde1`
SHA1	`8157ce561c1807e5118ead4a6af266b2016ea2be`
SHA256	`38da003f8d1d65cbb99d75bdcf9f64a57cf8d0372421ffcb932bb027112a2625`
SHA3	`02d00e42e9945edb92a47e6b1c1cef88d13a4fab5c2325dcf7ac742c83aeee1c`
VirtualSize	`0x2cbff`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2cc00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.54132`

.rdata

MD5	`51d09f2a82c14ce388648dd3d267ae45`
SHA1	`b31854c7289afbe77fd7748e10173aac3b3289c5`
SHA256	`7d013386519b0de8f3c645a64b7ecc39626aa0c4d41875966ccb9b3878357eb0`
SHA3	`4cedf6403c0c96cbf02cbb2fd2c90c9c3244f379070fead71a84fe4c622ed3e5`
VirtualSize	`0xcf38`
VirtualAddress	`0x2e000`
SizeOfRawData	`0xd000`
PointerToRawData	`0x2d000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.75897`

.data

MD5	`15b46ad1cdd5c9f64be7a7e4376445cb`
SHA1	`e8f98be72b69217a2a4af4b7ea274502e5415092`
SHA256	`d84f40724b80a3204d72575aca1f6b8778d4a57709306f51c811d9f7c18a9cae`
SHA3	`8f711dc069fdd71048dafcafd0e0a1e78bf9d81367a33b4d0f176a97b82c0da0`
VirtualSize	`0xde0`
VirtualAddress	`0x3b000`
SizeOfRawData	`0x800`
PointerToRawData	`0x3a000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.53162`

.pdata

MD5	`ffa2fd720f5f801d1897ee00ad460bef`
SHA1	`4ea9709848ebd3b4eca8343fe5c07ac0aae96b49`
SHA256	`a7737d68757b36f8edf43c922760625c09b6227a0d9940cea8f38393ef5bb344`
SHA3	`b5b600a2954c6874aec70f951f0f2a94d653ce408770255254b4cb9a169b1ddd`
VirtualSize	`0x4bb4`
VirtualAddress	`0x3c000`
SizeOfRawData	`0x4c00`
PointerToRawData	`0x3a800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.22499`

.rsrc

MD5	`c9c2629fcb86465b17b90e3267121371`
SHA1	`78962e417cb80f5db7879668f64364077c39954a`
SHA256	`8d03e20f397049c25b89cfd745b46947e1f939f69a8bf6cce0b862be77cdb854`
SHA3	`f0f8405e8ab578316c30bed50c761957b06d158fc3ba7469708a851981f22e67`
VirtualSize	`0x217b0`
VirtualAddress	`0x41000`
SizeOfRawData	`0x21800`
PointerToRawData	`0x3f400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.95215`

.reloc

MD5	`eaca0b7307954a0ea5bffcf900da1727`
SHA1	`04c1e5ae53dbd09ef44d1e16c0c0636434aead28`
SHA256	`bb74cbbc7b3752ff0016448dfd71eb5b7df07ebeccd3fd103aef2cc36e1c19df`
SHA3	`defa09990eaecd8b5c12d0a89308315e42990dd2176ddfe192bab091da232318`
VirtualSize	`0x148`
VirtualAddress	`0x63000`
SizeOfRawData	`0x200`
PointerToRawData	`0x60c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.82554`

Imports

KERNEL32.dll	`GetExitCodeProcess` `GetModuleHandleW` `GetProcAddress` `LoadLibraryW` `MultiByteToWideChar` `WideCharToMultiByte` `GetCurrentProcess` `SetConsoleMode` `SetConsoleCP` `SetConsoleOutputCP` `GetConsoleScreenBufferInfo` `SetConsoleTextAttribute` `GetSystemTimeAsFileTime` `WaitForSingleObject` `GetLastError` `CloseHandle` `GetConsoleMode` `GetStdHandle` `GetCurrentThreadId` `GetCurrentProcessId` `QueryPerformanceCounter` `TerminateProcess` `IsProcessorFeaturePresent` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `IsDebuggerPresent` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `GetFileInformationByHandleEx` `CopyFileW` `AreFileApisANSI` `GetFileInformationByHandle` `GetFileAttributesExW` `FindNextFileW` `FindFirstFileExW` `FindFirstFileW` `FindClose` `CreateFileW` `GetLocaleInfoEx` `FormatMessageA` `LocalFree` `InitializeSListHead`
ADVAPI32.dll	`RegOpenKeyExW` `RegEnumKeyExW` `RegCloseKey` `RegQueryValueExW`
MSVCP140.dll	`?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z` `?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z` `?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ` `?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ` `?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ` `?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z` `?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z` `?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z` `?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ` `?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z` `?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ` `?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ` `?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z` `?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ` `?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z` `?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ` `?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ` `?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z` `?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WXZ` `?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z` `??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z` `?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z` `?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z` `?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ` `??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z` `?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z` `?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z` `?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z` `?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?id@?$ctype@_W@std@@2V0locale@2@A` `?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A` `?wcerr@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `??0_Lockit@std@@QEAA@H@Z` `??1_Lockit@std@@QEAA@XZ` `?_Xbad_alloc@std@@YAXXZ` `?_Xlength_error@std@@YAXPEBD@Z` `?_Xout_of_range@std@@YAXPEBD@Z` `?_Xruntime_error@std@@YAXPEBD@Z` `?uncaught_exceptions@std@@YAHXZ` `?_Syserror_map@std@@YAPEBDH@Z` `?_Winerror_map@std@@YAHH@Z` `??0_Locinfo@std@@QEAA@HPEBD@Z` `??1_Locinfo@std@@QEAA@XZ` `?_Getname@_Locinfo@std@@QEBAPEBDXZ` `??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z` `??Bid@locale@std@@QEAA_KXZ` `?_New_Locimp@_Locimp@locale@std@@CAPEAV123@_N@Z` `?_Makeloc@_Locimp@locale@std@@CAPEAV123@AEBV_Locinfo@3@HPEAV123@PEBV23@@Z` `?global@locale@std@@SA?AV12@AEBV12@@Z` `?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z` `?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ` `?always_noconv@codecvt_base@std@@QEBA_NXZ` `?widen@?$ctype@_W@std@@QEBA_WD@Z` `?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A` `?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `??Bios_base@std@@QEBA_NXZ` `?good@ios_base@std@@QEBA_NXZ` `?flags@ios_base@std@@QEBAHXZ` `?width@ios_base@std@@QEBA_JXZ` `?width@ios_base@std@@QEAA_J_J@Z` `?getloc@ios_base@std@@QEBA?AVlocale@2@XZ` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ` `?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ`
VCRUNTIME140.dll	`memcmp` `memchr` `__current_exception` `__current_exception_context` `__C_specific_handler` `memcpy` `memmove` `__std_exception_destroy` `__std_exception_copy` `memset` `_CxxThrowException`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
api-ms-win-crt-runtime-l1-1-0.dll	`abort` `_get_initial_narrow_environment` `_c_exit` `_initterm` `_initterm_e` `__p___argv` `terminate` `__p___argc` `_configure_narrow_argv` `_initialize_narrow_environment` `_invalid_parameter_noinfo_noreturn` `_initialize_onexit_table` `exit` `_register_onexit_function` `_crt_atexit` `_register_thread_local_exe_atexit_callback` `_seh_filter_exe` `_cexit` `_exit` `_set_app_type`
api-ms-win-crt-string-l1-1-0.dll	`strcmp` `strlen` `wcslen` `towlower` `iswalnum`
api-ms-win-crt-stdio-l1-1-0.dll	`_isatty` `fclose` `fflush` `fgetc` `fgetpos` `fputc` `fread` `fsetpos` `_fseeki64` `fwrite` `setvbuf` `ungetc` `_get_stream_buffer_pointers` `__p__commode` `_set_fmode` `_fileno` `__acrt_iob_func`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr` `ceilf`
api-ms-win-crt-heap-l1-1-0.dll	`free` `malloc` `_callnewh` `_set_new_mode`
api-ms-win-crt-environment-l1-1-0.dll	`_wdupenv_s` `_wputenv_s`
api-ms-win-crt-filesystem-l1-1-0.dll	`_lock_file` `_unlock_file`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale` `___lc_codepage_func`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2d9`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.68094`
Detected Filetype	PNG graphic file
MD5	`2c5f00aa75e68c1c965ab1a0da5c72a7`
SHA1	`f0cc65f6b265a6c0ffe24c73f853252d95e7623a`
SHA256	`9de92aca7ea8dede90ed844443bec090d39b5331b169cbc667819cc9282f310e`
SHA3	`e11f0d5ca0414268ca2d68251c5624be785080627a652c5554d2f28d8fe119b0`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x497`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.82684`
Detected Filetype	PNG graphic file
MD5	`93d6bda74083599fcc98ce49c07491ab`
SHA1	`4c3f6cb7cb4e31cdd6ece1108cd2d05ca0994cb0`
SHA256	`2f05695b6325a68ed474f670ffbef14bb354995ea2e8c15e43676bdce9c5df6d`
SHA3	`e1ae3a0d3083bc1afdfd589089856596cc0f1a051f3744902371951712d9730d`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x65d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.83351`
Detected Filetype	PNG graphic file
MD5	`10c51ecaccee16e7b135d2047401f2e0`
SHA1	`87ffff7a4310b014eade5d23cb2b8985784ed12c`
SHA256	`0691f0a99446e92a926ef4f0da192556a6da38150515ab12608b379b322be577`
SHA3	`60f26e5b2f23a1feafe5d81fd4ca4c7aadac6ce231b606a7f2370e83da8c56da`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa55`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.91675`
Detected Filetype	PNG graphic file
MD5	`646d5a79b19daad3426c68b4a18d381d`
SHA1	`1b25ab4c65062a6322d3d16caceb0304f9f4b523`
SHA256	`975bbb64768c3446e3cbe31e3c8c023b924bc228fa6a5693879b59c5a6c33581`
SHA3	`58bb2d2fe7ea6a45274bbfc046681c30d267c1f4e70745df5cc9499d4bf5d690`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xed9`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.91354`
Detected Filetype	PNG graphic file
MD5	`39dfa917b3ece605b2ba90f2a1b2b324`
SHA1	`0800168b0cc8aec378c9c8047f003b22dded0a4d`
SHA256	`0797e67b6fede8a480352d210f73a0aec0ebb8d4127693217343f5ae24968891`
SHA3	`8508d09ffd71bc5ad16d637f421c70e168bc87047f62532787a80aa75520b4c4`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x19dc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.954`
Detected Filetype	PNG graphic file
MD5	`f83271e6cf173ba857137298eb87abf2`
SHA1	`a104d78bc4e2949ed2bc4ea85f8b18087026183c`
SHA256	`7e26a5145c2c51d669637f57c400b2b7aa809f51c9331d6713fc280c00af5278`
SHA3	`d2220f32d35142b592396cac091f378cdac283897ae6835012f12a09030d77bc`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x265b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.9509`
Detected Filetype	PNG graphic file
MD5	`b6b101d18551b081715e009afeccf194`
SHA1	`cad5742716bcebea8af31d068cc8c03f1818fd06`
SHA256	`462814b6148d2065fc162670b72b17ba0c7ee08fef317fd48baf12314bb5e449`
SHA3	`160b58a295f28ffd12122d886a3b79655016c71a2f22740489cee658a6014242`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6509`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.94365`
Detected Filetype	PNG graphic file
MD5	`baa7368d9b8ef8e18212e766c4e27b0a`
SHA1	`ef2357b8f54cebf1f4832f0d1d88f4be8d5fd050`
SHA256	`089af4acf51391d5f503d8c7b6aa6f4f395a90a2c1722fd0653c238d8c3519a5`
SHA3	`bbf714782d6f3d29408168a223447bf33a625a5fceed821e97ad6996400c114e`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x146d2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.96103`
Detected Filetype	PNG graphic file
MD5	`ae08bbf52a49541bc5e1f7cc2b698c51`
SHA1	`82425bb082bd8e8e46eb8f612c80f5dca1f65649`
SHA256	`af2922afb59148ff1676ad7eebb0710e8081787de999894c713e62c446deeb7f`
SHA3	`04049eb4264423f829e99320ec14edd0fbd2557ab17558e809ed6d97a1feb0f9`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.99229`
Detected Filetype	Icon file
MD5	`e64635cfbd537cbf4b6a31e6afadd59e`
SHA1	`2042af0f89ce73755d8d91f3287a2cf413172746`
SHA256	`9400130456e6c05fceb377a6f7a2489baf423dfa18c31b83785ad81a8778351b`
SHA3	`22f90c6b31114f9a395bad16cdc26ccd1c3fab106c2bdadd802ac2b879075543`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Apr-02 08:53:37
Version	`0.0`
SizeofData	`800`
AddressOfRawData	`0x36320`
PointerToRawData	`0x35320`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14003b040`

RICH Header

XOR Key	`0x8c819f26`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`16`
ASM objects (34321)	`4`
C objects (34321)	`10`
C++ objects (34321)	`33`
Imports (34321)	`6`
Imports (30795)	`5`
Total imports	`246`
C++ objects (34618)	`1`
Resource objects (34618)	`1`
151	`1`
Linker (34618)	`1`

5bac0d583d82c8cc0dbb76c6cf5bdedc

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

7

8

9

101

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors