Manalyze report for 5e6569a685c892a55f38ade4ccbf23ce

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Jan-25 08:34:10
Detected languages	English - United States
TLS Callbacks	1 callback(s) detected.
Debug artifacts	circles_server.pdb
CompanyName	circles
FileDescription	Circles Server
FileVersion	`1.0.0`
ProductName	Circles Server
ProductVersion	`1.0.0`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: cmd.exe` Contains domain names: birthpopuptypesapplyImagebeinguppernoteseveryshowsmeansextramatchtrackknownearlybegansuperpapernorthlearngivennamedendedTermspartsGroupbrandusingwomanfalsereadyaudiotakeswhile.com console.firebase.google.com developer.microsoft.com firebase.google.com firestore.googleapis.com genretrucklooksValueFrame.net github.com google.com googleapis.com http://www.C http://www.a http://www.css http://www.hortcut http://www.icon http://www.interpretation http://www.language http://www.style http://www.text-decoration http://www.w3.org http://www.w3.org/shortcut http://www.wencodeURIComponent http://www.years https://console.firebase.google.com https://console.firebase.google.com/project/circles-mod/firestore/rules https://developer.microsoft.com https://developer.microsoft.com/en-us/microsoft-edge/webview2 https://docs.rs https://firestore.googleapis.com https://firestore.googleapis.com/v1/projects/circles-mod/databases/ https://github.com https://www.World https://www.recent microsoft.com thing.org www.w3.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to SHA1` `Uses constants related to RC5 or RC6`
Suspicious	The PE is possibly packed.	`Unusual section name found: .taubndl`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress LoadLibraryW LoadLibraryExA LoadLibraryExW` `Functions which can be used for anti-debugging purposes: NtQuerySystemInformation NtQueryInformationProcess SwitchToThread` `Can access the registry: RegGetValueW RegCloseKey RegQueryValueExW RegOpenKeyExW` `Possibly launches other programs: CreateProcessW ShellExecuteW` `Uses Windows's Native API: NtCancelIoFileEx NtDeviceIoControlFile NtCreateFile NtWriteFile NtOpenFile NtQuerySystemInformation NtQueryInformationProcess NtCreateNamedPipeFile NtReadFile` `Can create temporary files: GetTempPathW CreateFileW` `Uses functions commonly found in keyloggers: GetAsyncKeyState MapVirtualKeyW GetForegroundWindow` `Leverages the raw socket API to access the Internet: bind listen closesocket accept WSAGetLastError ioctlsocket getsockname WSAIoctl setsockopt WSASocketW connect getpeername WSASend shutdown send recv freeaddrinfo getaddrinfo getsockopt WSACleanup WSAStartup socket` `Functions related to the privilege level: OpenProcessToken` `Manipulates other processes: ReadProcessMemory OpenProcess` `Can take screenshots: GetDC BitBlt CreateCompatibleDC` `Interacts with the certificate store: CertAddCertificateContextToStore CertOpenStore`
Suspicious	VirusTotal score: 2/64 (Scanned on 2026-02-09 06:52:07)	`Gridinsoft: Trojan.Heur!.02016023` `Trapmine: malicious.high.ml.score`

Hashes

MD5	`5e6569a685c892a55f38ade4ccbf23ce`
SHA1	`00d526810d2627b18c7c555607e8f641842aa1cb`
SHA256	`62abf0b69aba4f9ead8c2960778755576e3b927560dc95e78d7d1acfa9b722c4`
SHA3	`5594ede9eea34d35b56e6c844d4cda59bac674d6fff583c23ee3bb0ee3c42114`
SSDeep	`98304:yFqHYFA2UvpUj3jO0ArYoviFbNTHdprEcaL8QgqAHvTqqyig0Q:mU63jO9odNQ2v2`
Imports Hash	`cea9a23c00e617219ba9dc03226cafa7`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2026-Jan-25 08:34:10
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x747c00`
SizeOfInitializedData	`0x2ba600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000072286C (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xa06000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f24f6ef65a5a88091032a38938d7a6a2`
SHA1	`d0e0f0b6a514ebf69c62ab4613fe8becfdb7aff3`
SHA256	`22e175cfae78df9ccd9af5308a3748c7bcf6de64b45a899fe432d15a2f9f1b84`
SHA3	`464276ba3d49c98efcfe8bbd328c38215e5b9b3d4e8f2737e365c8c4c1c29591`
VirtualSize	`0x747b75`
VirtualAddress	`0x1000`
SizeOfRawData	`0x747c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.18452`

.rdata

MD5	`bf9a78a4ffcebb6d5deef30342e6bd42`
SHA1	`bc3808909d50eaff4c08ea315d9a065638f64ede`
SHA256	`76ec362e376395c803a4315aa777cf8a495e78aded2e084f0788ea70babd7237`
SHA3	`180aac3326de962475b06761addd99f677c0d5846eea813627d02355ad252ede`
VirtualSize	`0x241e92`
VirtualAddress	`0x749000`
SizeOfRawData	`0x242000`
PointerToRawData	`0x748000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.6444`

.data

MD5	`55d88a355c66aa8d4e4821dff18bc32a`
SHA1	`718bea441b93658d3e217cfa4103c8e0fd6b2d52`
SHA256	`82ad795cd6071fd1b1ebc9885a54537319a3fe886facda2dec28c7dff4bff303`
SHA3	`dff96d8c247df52eb3e4724905fa562c246c6e94a91597e45943f17be67f668b`
VirtualSize	`0x32e8`
VirtualAddress	`0x98b000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x98a000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.34578`

.pdata

MD5	`fbc82b190dc1eca18f8f643d1a3ac4ec`
SHA1	`7ba02fe036c97e8efa034f7be040e63cad18a6f3`
SHA256	`5770a92c21413b9f484718fcea7520a8245600caa3a459fa5c4882b2cab28afd`
SHA3	`60211d08ffd3d2964ccf17eee4b84ee85558e8363f9ad6904a8a42ccaf7f89ce`
VirtualSize	`0x55d58`
VirtualAddress	`0x98f000`
SizeOfRawData	`0x55e00`
PointerToRawData	`0x98aa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.55793`

.taubndl

MD5	`ebce3c0abd30b78b51f69c10a3ed5582`
SHA1	`7024c12b2e9a01c3e85eee6a623b75db9e2d8af8`
SHA256	`2183ddfc2b30ba93f9267a7a8e35497594abb1380d0a26c14eddedae52d21ea3`
SHA3	`26ae1cc5173e571f7dcccbae81234f10da1c1b2906209cae16a016827ef031de`
VirtualSize	`0x10`
VirtualAddress	`0x9e5000`
SizeOfRawData	`0x200`
PointerToRawData	`0x9e0800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.10191`

.rsrc

MD5	`9f3ac8c3be569c3c202339d4e3e48dfe`
SHA1	`ef917dbb9efd08fc160f4dd9f60693f8f68ca6c4`
SHA256	`3c766aade669af654a8d77a84d5309b49a5556719d310442afe38c1d768ca494`
SHA3	`70ce5596d3501f8eb50aa98fc96fdb91e0c7082dd888e113675e76a2819721dc`
VirtualSize	`0x1a1e8`
VirtualAddress	`0x9e6000`
SizeOfRawData	`0x1a200`
PointerToRawData	`0x9e0a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.97539`

.reloc

MD5	`e98f918b45dbdf1d37c848caac338c4d`
SHA1	`ce042aeb63347ead02f3e1edf879186b0cac7b12`
SHA256	`4a124152f3f151189080c32df43b4d2c177cba927c9b64fc2ef1f53a9c1ec1bc`
SHA3	`7efcdb4028d4afb79781661bdb151ff07fa1f0280b32f62c930ea59ad515b48b`
VirtualSize	`0x4e64`
VirtualAddress	`0xa01000`
SizeOfRawData	`0x5000`
PointerToRawData	`0x9fac00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.44613`

Imports

ntdll.dll	`NtCancelIoFileEx` `NtDeviceIoControlFile` `NtCreateFile` `NtWriteFile` `RtlGetVersion` `NtOpenFile` `NtQuerySystemInformation` `NtQueryInformationProcess` `RtlNtStatusToDosError` `NtCreateNamedPipeFile` `NtReadFile`
kernel32.dll	`GetEnvironmentVariableW` `GetCurrentDirectoryW` `RtlVirtualUnwind` `RtlCaptureContext` `FindClose` `K32GetPerformanceInfo` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `FindNextFileW` `lstrlenW` `WaitForSingleObject` `SetWaitableTimer` `QueryPerformanceCounter` `Sleep` `SetEnvironmentVariableW` `AddVectoredExceptionHandler` `GlobalMemoryStatusEx` `GetModuleHandleW` `GetCommandLineW` `GetCurrentThreadId` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `SwitchToThread` `LoadLibraryA` `GetProcAddress` `WakeAllConditionVariable` `SleepConditionVariableSRW` `GetFileAttributesW` `CreateProcessW` `ReadFileEx` `GetUserDefaultUILanguage` `LoadLibraryW` `GetModuleHandleA` `LCIDToLocaleName` `GetSystemTimeAsFileTime` `MultiByteToWideChar` `RtlLookupFunctionEntry` `WaitForSingleObjectEx` `GetCurrentProcess` `WideCharToMultiByte` `ReleaseMutex` `HeapAlloc` `FormatMessageW` `GetModuleFileNameW` `SetHandleInformation` `SleepEx` `ExitProcess` `CompareStringOrdinal` `GetSystemDirectoryW` `GetWindowsDirectoryW` `DuplicateHandle` `ReadProcessMemory` `GetProcessTimes` `OpenProcess` `GetSystemTimes` `GetProcessIoCounters` `VirtualQueryEx` `WriteFileEx` `LocalFree` `CreateThread` `GetFinalPathNameByHandleW` `GetTempPathW` `CloseHandle` `GetFileInformationByHandleEx` `GetFileInformationByHandle` `SetFileInformationByHandle` `CreateFileW` `GetFullPathNameW` `CreateDirectoryW` `CreateMutexA` `WriteConsoleW` `QueryPerformanceFrequency` `GetConsoleOutputCP` `GetConsoleMode` `GetStdHandle` `IsDebuggerPresent` `IsProcessorFeaturePresent` `TerminateProcess` `InitializeSListHead` `GetLastError` `SetLastError` `GetSystemTimePreciseAsFileTime` `HeapReAlloc` `GetSystemInfo` `GetCurrentProcessId` `SetFileCompletionNotificationModes` `CreateIoCompletionPort` `GetCurrentThread` `SetThreadStackGuarantee` `GetQueuedCompletionStatusEx` `HeapFree` `LoadLibraryExA` `FreeLibrary` `CreateWaitableTimerExW` `GetProcessHeap` `PostQueuedCompletionStatus` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `OutputDebugStringA` `OutputDebugStringW` `LoadLibraryExW` `FindFirstFileExW`
api-ms-win-core-synch-l1-2-0.dll	`WakeByAddressSingle` `WakeByAddressAll` `WaitOnAddress`
user32.dll	`GetMenu` `ToUnicodeEx` `MapVirtualKeyExW` `GetKeyboardLayout` `GetKeyState` `SetWindowLongW` `GetSystemMenu` `ClipCursor` `GetClipCursor` `ShowCursor` `GetWindowTextLengthW` `RegisterRawInputDevices` `GetMessageW` `GetWindowTextW` `RegisterWindowMessageA` `TranslateMessage` `IsProcessDPIAware` `TrackPopupMenu` `EnableMenuItem` `CheckMenuItem` `DispatchMessageW` `DestroyWindow` `DrawTextW` `GetWindowDC` `OffsetRect` `MapWindowPoints` `GetMenuBarInfo` `RedrawWindow` `GetClientRect` `SetParent` `SendMessageW` `PostQuitMessage` `GetCursorPos` `ShowWindow` `SystemParametersInfoA` `EnableWindow` `SetMenu` `RemoveMenu` `DrawIconEx` `ReleaseDC` `GetDC` `AppendMenuW` `InsertMenuW` `CreateIcon` `SetMenuItemInfoW` `DrawMenuBar` `CreatePopupMenu` `CreateMenu` `IsWindowVisible` `DestroyAcceleratorTable` `DestroyIcon` `SetWindowTextW` `GetKeyboardState` `GetAsyncKeyState` `SetPropW` `FindWindowExW` `DestroyMenu` `IsIconic` `GetParent` `SetWindowRgn` `KillTimer` `TranslateAcceleratorW` `MsgWaitForMultipleObjectsEx` `GetUpdateRect` `ValidateRect` `GetRawInputData` `GetMenuItemInfoW` `SetTimer` `MonitorFromWindow` `EnumDisplayMonitors` `ChangeWindowMessageFilterEx` `RegisterClassW` `GetWindowLongPtrW` `GetWindow` `EnumChildWindows` `DispatchMessageA` `GetMessageA` `MonitorFromPoint` `AdjustWindowRect` `IsWindowEnabled` `ClientToScreen` `GetWindowPlacement` `SetWindowPlacement` `ChangeDisplaySettingsExW` `LoadCursorW` `PostThreadMessageW` `PeekMessageW` `SetCursor` `GetActiveWindow` `CloseTouchInputHandle` `GetTouchInputInfo` `TrackMouseEvent` `SetCapture` `SystemParametersInfoW` `ReleaseCapture` `FillRect` `MonitorFromRect` `GetWindowLongW` `ScreenToClient` `FlashWindowEx` `DefWindowProcW` `SetWindowLongPtrW` `GetMonitorInfoW` `PostMessageW` `GetWindowRect` `SetWindowDisplayAffinity` `RegisterTouchWindow` `GetSystemMetrics` `IsWindow` `CreateWindowExW` `AdjustWindowRectEx` `RegisterClassExW` `UpdateWindow` `InvalidateRect` `SetFocus` `SetCursorPos` `SendInput` `MapVirtualKeyW` `SetForegroundWindow` `GetForegroundWindow` `InvalidateRgn` `SetWindowPos` `CreateAcceleratorTableW`
oleaut32.dll	`SysFreeString` `GetErrorInfo` `SysStringLen` `SetErrorInfo`
ole32.dll	`CoTaskMemAlloc` `CoInitializeEx` `CoUninitialize` `CoCreateFreeThreadedMarshaler` `CoTaskMemFree` `CoCreateInstance` `OleInitialize` `RegisterDragDrop` `RevokeDragDrop`
gdi32.dll	`BitBlt` `GetDeviceCaps` `SetBkMode` `CombineRgn` `CreateRectRgn` `DeleteDC` `SelectObject` `SetTextColor` `CreateDIBSection` `DeleteObject` `CreateCompatibleDC` `CreateSolidBrush`
dwmapi.dll	`DwmGetWindowAttribute` `DwmEnableBlurBehindWindow` `DwmSetWindowAttribute`
comctl32.dll	`DefSubclassProc` `SetWindowSubclass` `RemoveWindowSubclass` `TaskDialogIndirect`
shell32.dll	`Shell_NotifyIconGetRect` `Shell_NotifyIconW` `DragFinish` `SHGetKnownFolderPath` `DragQueryFileW` `SHAppBarMessage` `CommandLineToArgvW` `ShellExecuteW`
shlwapi.dll	`SHCreateMemStream`
bcryptprimitives.dll	`ProcessPrng`
crypt32.dll	`CertEnumCertificatesInStore` `CertDuplicateStore` `CertAddCertificateContextToStore` `CertFreeCertificateContext` `CertDuplicateCertificateContext` `CertFreeCertificateChain` `CertOpenStore` `CertVerifyCertificateChainPolicy` `CertDuplicateCertificateChain` `CertCloseStore` `CertGetCertificateChain`
ws2_32.dll	`bind` `listen` `closesocket` `accept` `WSAGetLastError` `ioctlsocket` `getsockname` `WSAIoctl` `setsockopt` `WSASocketW` `connect` `getpeername` `WSASend` `shutdown` `send` `recv` `freeaddrinfo` `getaddrinfo` `getsockopt` `WSACleanup` `WSAStartup` `socket`
bcrypt.dll	`BCryptGenRandom`
advapi32.dll	`OpenProcessToken` `GetTokenInformation` `IsValidSid` `EventWriteTransfer` `SystemFunction036` `EventUnregister` `RegGetValueW` `EventSetInformation` `GetLengthSid` `RegCloseKey` `RegQueryValueExW` `RegOpenKeyExW` `EventRegister` `CopySid`
secur32.dll	`QueryContextAttributesW` `AcquireCredentialsHandleA` `AcceptSecurityContext` `EncryptMessage` `DecryptMessage` `FreeCredentialsHandle` `InitializeSecurityContextW` `ApplyControlToken` `FreeContextBuffer` `DeleteSecurityContext`
pdh.dll	`PdhCloseQuery` `PdhCollectQueryData` `PdhAddEnglishCounterW` `PdhGetFormattedCounterValue` `PdhOpenQueryA` `PdhRemoveCounter`
psapi.dll	`GetModuleFileNameExW` `GetProcessMemoryInfo`
powrprof.dll	`CallNtPowerInformation`
VCRUNTIME140.dll	`__CxxFrameHandler3` `memcpy` `memmove` `memset` `__std_exception_destroy` `__std_exception_copy` `memcmp` `_CxxThrowException` `__current_exception_context` `wcsrchr` `_purecall` `__current_exception` `__C_specific_handler`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
api-ms-win-crt-math-l1-1-0.dll	`roundf` `__setusermatherr` `floor` `pow` `trunc` `round`
api-ms-win-crt-string-l1-1-0.dll	`wcslen` `_wcsicmp` `wcscmp`
api-ms-win-crt-convert-l1-1-0.dll	`wcstol` `_ultow_s` `_wtoi`
api-ms-win-crt-runtime-l1-1-0.dll	`_initialize_onexit_table` `_initterm` `_get_initial_narrow_environment` `_initialize_narrow_environment` `exit` `_configure_narrow_argv` `_exit` `_set_app_type` `_register_thread_local_exe_atexit_callback` `_seh_filter_exe` `_crt_atexit` `_initterm_e` `__p___argc` `terminate` `__p___argv` `_c_exit` `_register_onexit_function` `_cexit`
api-ms-win-crt-stdio-l1-1-0.dll	`__p__commode` `_set_fmode`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-heap-l1-1-0.dll	`malloc` `free` `_set_new_mode` `_callnewh`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8b6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.79317`
Detected Filetype	PNG graphic file
MD5	`5536a0934180e07893b6ef3170a11c41`
SHA1	`8f7a69a200dc25cd989df8c30af5240ab79ce00d`
SHA256	`70363cf6cc5d9187846dd81e6a1e388954eaa42850772949e47db05231edb2e5`
SHA3	`6641812f0758a12d62d23091e9def81741664374902a90036c0bc91410bc768a`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2da`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.59212`
Detected Filetype	PNG graphic file
MD5	`33ee9253c793332b201e04f74f0629b5`
SHA1	`6b99f36bccab14031c4983abf08343706361738b`
SHA256	`b819ec2e0d415f55595fe91fc408b04fdb967514475a775d4fc1d8e75dc10994`
SHA3	`19da916071fc234d479b88dc85e98093c3caf6a964928748e0cd19f7928a6db1`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x559`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.74913`
Detected Filetype	PNG graphic file
MD5	`f7fdc3d94b6466291cae3961e8f30311`
SHA1	`51fdd9bfbd9856e3cb33f7a701fea28c2e2c8c78`
SHA256	`7966ef368aa60669de65c17f331e5885a3941e9fd78bfaeaf13d4b17d3a13485`
SHA3	`4f954ad4fb5f511e74ded6aa407f6923dd08cbbc7a7accb7f17926870919c010`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x11a2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.80077`
Detected Filetype	PNG graphic file
MD5	`110e5537b15cfbac173e549b924d60fc`
SHA1	`4a7c90a03ba1752c7011954086c5f9139df404e9`
SHA256	`9c23c88584d986ab23206ae9c7ef9ba05eae5973da43adc31175b1273cbcf2fc`
SHA3	`4e20c6bec0586a7bc939da5272c1552245510f564fc4569953c6096e4d7b1483`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1d4f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.78859`
Detected Filetype	PNG graphic file
MD5	`66860b0d0ceac69bc33fb210b349d506`
SHA1	`481b7c42a28d4f4517cfdad9e17095852a2841c6`
SHA256	`bff326a7e6c0c2adfc28bf1d0eb4c1164e8304d336b668a9e7f8144b1671c2bb`
SHA3	`662c1fd00a60ece7a40b14aaa1ec9f962974409e116413a8aabaaf6bf86a4744`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x15c36`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.994`
Detected Filetype	PNG graphic file
MD5	`dae15bcbde65845a860ad7a0db56b803`
SHA1	`a4ec7bee1c7764287dbeb73b76ab6bbba28392c3`
SHA256	`6fec1311deb0202e8147fb6cdef240f4032d1563b0c785536cb7cf475ffb0c20`
SHA3	`c116f174165b691896b30470f3f6803af98374260bcb6d93ed925dabc853ba0a`

32512

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.85191`
Detected Filetype	Icon file
MD5	`e31b776bc007c55a9996789bf0afde03`
SHA1	`e35e9103ce04bbccdeeab46636b64eb1741632b9`
SHA256	`671675ba4698b71cea0e33dd51418b7c33c53915649a8e50b9e57fcbdb2a56b9`
SHA3	`c5234da3145cebb5781c4d02bfeef62841b7004a0748865ad40e88132e6d0d3d`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1f0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.1095`
MD5	`210cbbf2f5c83c527ab4e883d4c6052c`
SHA1	`df03fe1057d33d6b06242d313c63d12e93267897`
SHA256	`b896af0c9c379eaf5b6abcc1a0044629fca2de3c5d281e1d30940201f1350a0c`
SHA3	`0fc2e5a2d5334d235316e2274ded5c03605f72f65477039a7107f6f498599800`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.96056`
MD5	`01e4c8c046a47771f13cd120b53303e7`
SHA1	`2a4224d31c916a5cff4f2636a3cb47fdd84a5cc9`
SHA256	`b1cb832f790c153aa0e9a66f76e75460263cf1d41971d2dbcc9a4d87ec18b7d8`
SHA3	`680120ec819e7ba66519d9a8a3e446973c4cb28aa0146c91cceaa8c8fadc90ae`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	circles
FileDescription	Circles Server
FileVersion (#2)	1.0.0
ProductName	Circles Server
ProductVersion (#2)	1.0.0

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Jan-25 08:34:10
Version	`0.0`
SizeofData	`43`
AddressOfRawData	`0x819c54`
PointerToRawData	`0x818c54`
Referenced File	circles_server.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Jan-25 08:34:10
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x819c80`
PointerToRawData	`0x818c80`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Jan-25 08:34:10
Version	`0.0`
SizeofData	`1028`
AddressOfRawData	`0x819c94`
PointerToRawData	`0x818c94`

TLS Callbacks

StartAddressOfRawData	`0x14081a0b8`
EndAddressOfRawData	`0x14081a284`
AddressOfIndex	`0x14098dcd4`
AddressOfCallbacks	`0x140749de8`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`0x0000000140614D80`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14098b780`

RICH Header

XOR Key	`0xddc92d72`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`14`
Imports (35207)	`4`
ASM objects (35207)	`4`
C objects (35207)	`10`
C++ objects (35207)	`30`
Imports (30151)	`7`
Total imports	`404`
Unmarked objects (#2)	`60`
Resource objects (35222)	`1`
Linker (35222)	`1`

5e6569a685c892a55f38ade4ccbf23ce

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.taubndl

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

32512

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors