Manalyze report for 7b2127f3b2899e75316c2d2d27329e5977b02ff94f33f557c0f508e072447558

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-Mar-17 16:35:46
Detected languages	English - United States
TLS Callbacks	2 callback(s) detected.

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: System32\drivers\etc\hosts` `Contains domain names: example.com github.com https://curl.se https://github.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to RC5 or RC6` `Uses known Mersenne Twister constants` `Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress LoadLibraryA` `Can access the registry: RegCreateKeyExA RegDeleteKeyA` `Possibly launches other programs: ShellExecuteW ShellExecuteA system` `Uses Windows's Native API: ntohl ntohs` `Uses Microsoft's cryptographic API: CryptHashData CryptAcquireContextW CryptReleaseContext CryptGetHashParam CryptCreateHash CryptDestroyHash CryptEncrypt CryptImportKey CryptDestroyKey CryptStringToBinaryW CryptQueryObject CryptDecodeObjectEx` `Leverages the raw socket API to access the Internet: freeaddrinfo getaddrinfo ntohl inet_pton inet_ntop getsockopt send WSACloseEvent WSACreateEvent WSAEnumNetworkEvents WSAEventSelect gethostname ioctlsocket sendto recvfrom listen htonl accept select __WSAFDIsSet WSAIoctl socket setsockopt recv htons getsockname getpeername connect bind WSACleanup WSAStartup WSASetLastError ntohs WSAGetLastError closesocket WSAWaitForMultipleEvents WSAResetEvent` `Functions related to the privilege level: OpenProcessToken` `Changes object ACLs: SetSecurityInfo` `Reads the contents of the clipboard: GetClipboardData` `Interacts with the certificate store: CertOpenStore CertAddCertificateContextToStore`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`1d24052c8e119e07547f70b3d25f38a6`
SHA1	`ca8ec054583b1a49891e01b6cd1d5114e74336be`
SHA256	`7b2127f3b2899e75316c2d2d27329e5977b02ff94f33f557c0f508e072447558`
SHA3	`ba782b8223e104c01a47eb9e58c35e0aceb4555d7473cb97e564a3f76a7d02e0`
SSDeep	`24576:huBFCKy0dnzwF4AIpBKXXKgTBY8ukWjofvHp2dct9lCIaVz6iN1V1p4UAri7nJ6:hGCKy0dRpdgTjUQHdXCIaVz6iN1V1p4`
Imports Hash	`621b36a99826e2ec20c7f060af4bd899`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2026-Mar-17 16:35:46
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x120400`
SizeOfInitializedData	`0x55a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000011D1EC (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x17a000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f4ffc519bc6522b75bc1e35d60467944`
SHA1	`c8b4b90ab95c9f8f7919eb4b4b8debe777fc2f9a`
SHA256	`fe62eacee75b261af7fcbd45ddae551f15d1d5b53491b8cdfb5a329f2e368044`
SHA3	`0f827b469a12539c49b63cc2719560d8d0343fb377b57ddba89a2e8ea2216666`
VirtualSize	`0x120250`
VirtualAddress	`0x1000`
SizeOfRawData	`0x120400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.56273`

.rdata

MD5	`c46d7430dedb340a301f11fca3bb3431`
SHA1	`8434eaaf47d0cad7ecb7887450d2f3326a18b440`
SHA256	`0a5f1450638c5c557f457598e636e8378d2e5823865fb15f79a6b8669bdaadaf`
SHA3	`1bd8ee2a97e66c3df3a907024fcf3967fd444d4c92ddf44426dcc5a083d7bca2`
VirtualSize	`0x4589e`
VirtualAddress	`0x122000`
SizeOfRawData	`0x45a00`
PointerToRawData	`0x120800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.43092`

.data

MD5	`9260e5d0e698ca35142b2d7e855543b5`
SHA1	`187807790ca10be78078924c19a0e1c89e2fd40c`
SHA256	`ec1e6d2b9bd841f64eec2ca20ae0bb94426f0d32094fdc64832c398054522bbf`
SHA3	`448a463359e33aaa8c9578549ef4478891b6684f3fec37491bd32c84344f88e6`
VirtualSize	`0x31a0`
VirtualAddress	`0x168000`
SizeOfRawData	`0x2400`
PointerToRawData	`0x166200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.70276`

.pdata

MD5	`056fc87bccf5ef52120d1fe7b0ab728a`
SHA1	`2d265d947bbc36c8845c229ec246b5575e3cc30c`
SHA256	`b66b40523bffa7fade8565125ccd4749449cadefff0f61e2c654eee4385e96af`
SHA3	`a176be251c33e8d39a882493c5283cef32c77fa14fdd074ceca6d5913050f8b0`
VirtualSize	`0xbdd8`
VirtualAddress	`0x16c000`
SizeOfRawData	`0xbe00`
PointerToRawData	`0x168600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.13351`

.rsrc

MD5	`06cd9382a44a28092440019beb11f4f0`
SHA1	`da532e5837b41aa8c91723e6e8ef735843aedcd3`
SHA256	`e5dc4c31502fcb94322e2eaf349187a626c1817034ac56279fbfdef65ffbc636`
SHA3	`b57222dde87d6c3f3f0afb33ede08772683e41b3dbbce1da5183661fcaa5635b`
VirtualSize	`0x1e8`
VirtualAddress	`0x178000`
SizeOfRawData	`0x200`
PointerToRawData	`0x174400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.76666`

.reloc

MD5	`6ebbf51a2348d5f36d1460f1fe9539d4`
SHA1	`7908a9c2b57a926765f212171e9ce47479d39f7d`
SHA256	`28510848f98971d207f0c907ed49c9964e2163c2cc0b6b6c739a03c7eea9c7f5`
SHA3	`4effb39772edf0937d1baedac5f5b123153d0eeb16c96fed49363e5b7d2934c6`
VirtualSize	`0xc7c`
VirtualAddress	`0x179000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x174600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.1533`

Imports

d3d11.dll	`D3D11CreateDeviceAndSwapChain`
dwmapi.dll	`DwmExtendFrameIntoClientArea`
KERNEL32.dll	`SetDllDirectoryW` `SetLastError` `FormatMessageW` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `InitializeCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `LocalFree` `LoadLibraryW` `SleepEx` `GetSystemInfo` `MoveFileExW` `WaitForSingleObjectEx` `GetEnvironmentVariableA` `GetFileType` `ReadFile` `PeekNamedPipe` `WaitForMultipleObjects` `VerifyVersionInfoW` `GetFileSizeEx` `SetDefaultDllDirectories` `SleepConditionVariableSRW` `GetCurrentDirectoryW` `CreateDirectoryW` `FindClose` `FindFirstFileW` `GetFileAttributesExW` `SetFileInformationByHandle` `AreFileApisANSI` `GetFileInformationByHandleEx` `AddDllDirectory` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `TerminateProcess` `IsProcessorFeaturePresent` `IsDebuggerPresent` `GetSystemTimeAsFileTime` `InitializeSListHead` `OutputDebugStringW` `GetModuleFileNameW` `GetModuleFileNameA` `UnmapViewOfFile` `MapViewOfFile` `CreateFileMappingW` `VirtualProtect` `CloseHandle` `GetFileAttributesA` `CreateFileW` `FreeLibrary` `VerSetConditionMask` `GetProcAddress` `IsDBCSLeadByte` `QueryPerformanceFrequency` `LoadLibraryA` `GetLocaleInfoA` `GetModuleHandleA` `GlobalUnlock` `WideCharToMultiByte` `GlobalLock` `GlobalFree` `GlobalAlloc` `MultiByteToWideChar` `OutputDebugStringA` `GetModuleHandleW` `SetConsoleTitleW` `GetTickCount` `QueryPerformanceCounter` `GetSystemDirectoryW` `GetCurrentThreadId` `CreateThread` `GetCurrentProcess` `DeleteCriticalSection` `QueryFullProcessImageNameW` `InitializeCriticalSectionEx` `GetProcessHeap` `HeapSize` `HeapFree` `HeapReAlloc` `HeapAlloc` `GetLastError` `HeapDestroy` `FormatMessageA` `GetLocaleInfoEx` `GetConsoleScreenBufferInfo` `AddVectoredExceptionHandler` `SetConsoleTextAttribute` `GetStdHandle` `Sleep` `GetTickCount64` `FillConsoleOutputCharacterW` `FillConsoleOutputAttribute` `GetCurrentProcessId` `SetConsoleCursorPosition` `WakeAllConditionVariable`
USER32.dll	`GetClipboardData` `EmptyClipboard` `CloseClipboard` `ShowWindow` `OpenClipboard` `GetCursorPos` `DispatchMessageW` `SetCursorPos` `PeekMessageW` `ReleaseCapture` `IsWindowUnicode` `SetClipboardData` `SetCursor` `UnregisterClassW` `RegisterClassExW` `GetForegroundWindow` `GetKeyboardLayout` `UpdateWindow` `TrackMouseEvent` `ClientToScreen` `GetCapture` `ScreenToClient` `SetLayeredWindowAttributes` `DefWindowProcW` `GetClientRect` `TranslateMessage` `GetKeyState` `MessageBoxA` `PostQuitMessage` `CreateWindowExW` `DestroyWindow` `LoadCursorW` `SetWindowPos` `SetCapture` `SetWindowLongPtrW` `GetMessageExtraInfo`
ADVAPI32.dll	`CryptHashData` `AddAccessAllowedAce` `GetLengthSid` `GetTokenInformation` `InitializeAcl` `IsValidSid` `RegCreateKeyExA` `RegDeleteKeyA` `SetSecurityInfo` `CopySid` `ConvertSidToStringSidA` `CryptAcquireContextW` `CryptReleaseContext` `CryptGetHashParam` `CryptCreateHash` `CryptDestroyHash` `CryptEncrypt` `CryptImportKey` `CryptDestroyKey` `SystemFunction036` `OpenProcessToken`
SHELL32.dll	`ShellExecuteW` `ShellExecuteA`
MSVCP140.dll	`?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ` `?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z` `?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z` `?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z` `?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z` `?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z` `?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `??0_Lockit@std@@QEAA@H@Z` `??1_Lockit@std@@QEAA@XZ` `?_Xinvalid_argument@std@@YAXPEBD@Z` `_Xtime_get_ticks` `_Query_perf_counter` `_Query_perf_frequency` `_Thrd_detach` `_Cnd_do_broadcast_at_thread_exit` `?_Throw_Cpp_error@std@@YAXH@Z` `?_Syserror_map@std@@YAPEBDH@Z` `?_Winerror_map@std@@YAHH@Z` `?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ` `?always_noconv@codecvt_base@std@@QEBA_NXZ` `?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `??Bios_base@std@@QEBA_NXZ` `??7ios_base@std@@QEBA_NXZ` `?getloc@ios_base@std@@QEBA?AVlocale@2@XZ` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ` `?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z` `?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z` `?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ` `?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ` `?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ` `?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z` `?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z` `?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z` `?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ` `?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z` `?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z` `??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?_Xbad_function_call@std@@YAXXZ` `?_Random_device@std@@YAIXZ` `?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z` `?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z` `?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z` `?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z` `?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?_Id_cnt@id@locale@std@@0HA` `?id@?$ctype@D@std@@2V0locale@2@A` `?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?wcerr@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A` `?good@ios_base@std@@QEBA_NXZ` `?width@ios_base@std@@QEBA_JXZ` `?width@ios_base@std@@QEAA_J_J@Z` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z` `?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?_Xlength_error@std@@YAXPEBD@Z` `?_Xout_of_range@std@@YAXPEBD@Z` `?_Xbad_alloc@std@@YAXXZ` `?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A` `?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?uncaught_exceptions@std@@YAHXZ` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ`
CRYPT32.dll	`CertOpenStore` `CertCloseStore` `CertEnumCertificatesInStore` `CertFindCertificateInStore` `CertFreeCertificateContext` `CryptStringToBinaryW` `PFXImportCertStore` `CertAddCertificateContextToStore` `CertFindExtension` `CertGetNameStringW` `CryptQueryObject` `CertCreateCertificateChainEngine` `CertFreeCertificateChainEngine` `CertGetCertificateChain` `CertFreeCertificateChain` `CryptDecodeObjectEx`
WS2_32.dll	`freeaddrinfo` `getaddrinfo` `ntohl` `inet_pton` `inet_ntop` `getsockopt` `send` `WSACloseEvent` `WSACreateEvent` `WSAEnumNetworkEvents` `WSAEventSelect` `gethostname` `ioctlsocket` `sendto` `recvfrom` `listen` `htonl` `accept` `select` `__WSAFDIsSet` `WSAIoctl` `socket` `setsockopt` `recv` `htons` `getsockname` `getpeername` `connect` `bind` `WSACleanup` `WSAStartup` `WSASetLastError` `ntohs` `WSAGetLastError` `closesocket` `WSAWaitForMultipleEvents` `WSAResetEvent`
IMM32.dll	`ImmReleaseContext` `ImmGetContext` `ImmSetCandidateWindow` `ImmSetCompositionWindow`
D3DCOMPILER_47.dll	`D3DCompile`
SHLWAPI.dll	`PathFindFileNameW`
PSAPI.DLL	`GetModuleInformation`
WINTRUST.dll	`WinVerifyTrust`
DNSAPI.dll	`DnsFree` `DnsQuery_A`
USERENV.dll	`UnloadUserProfile`
bcrypt.dll	`BCryptGenRandom`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`__current_exception_context` `__current_exception` `strrchr` `wcschr` `memchr` `__C_specific_handler` `__std_exception_destroy` `__std_exception_copy` `wcsstr` `__std_terminate` `strstr` `strchr` `_CxxThrowException` `memset` `memcmp` `memcpy` `memmove`
api-ms-win-crt-heap-l1-1-0.dll	`_callnewh` `_set_new_mode` `malloc` `free` `calloc` `realloc`
api-ms-win-crt-runtime-l1-1-0.dll	`terminate` `exit` `_errno` `_invoke_watson` `_beginthreadex` `__sys_errlist` `__sys_nerr` `abort` `_configure_narrow_argv` `_initialize_narrow_environment` `_initialize_onexit_table` `_register_onexit_function` `_crt_atexit` `_cexit` `_seh_filter_exe` `_set_app_type` `_invalid_parameter_noinfo` `_get_initial_narrow_environment` `_initterm` `_initterm_e` `_exit` `_resetstkoflw` `__p___argc` `__p___argv` `_c_exit` `_register_thread_local_exe_atexit_callback` `system`
api-ms-win-crt-string-l1-1-0.dll	`strpbrk` `wcsncpy` `wcspbrk` `strcmp` `wcscat_s` `_stricmp` `strlen` `tolower` `isspace` `isxdigit` `towlower` `strncmp` `wcslen` `strcspn` `_wcsicmp` `_strdup` `_wcsdup` `strspn` `wcsncmp`
api-ms-win-crt-conio-l1-1-0.dll	`_getch`
api-ms-win-crt-stdio-l1-1-0.dll	`__p__commode` `__stdio_common_vfprintf` `_read` `_write` `fputs` `feof` `_fileno` `_close` `fwrite` `_set_fmode` `_wfopen` `fclose` `__stdio_common_vsprintf` `fread` `fflush` `_lseeki64` `__stdio_common_vsscanf` `__acrt_iob_func` `ftell` `fseek` `_wopen` `_get_stream_buffer_pointers` `fgetc` `fgetpos` `fgets` `ungetc` `setvbuf` `_popen` `_pclose` `_fseeki64` `fsetpos` `fputc`
api-ms-win-crt-utility-l1-1-0.dll	`qsort`
api-ms-win-crt-convert-l1-1-0.dll	`strtoull` `atoi` `wcstombs` `strtod` `strtol` `strtoul` `strtoll`
api-ms-win-crt-math-l1-1-0.dll	`acosf` `_dclass` `sinf` `_dsign` `__setusermatherr` `_fdopen` `ceilf` `fmodf` `_fdclass` `sqrtf` `cosf`
api-ms-win-crt-environment-l1-1-0.dll	`getenv`
api-ms-win-crt-filesystem-l1-1-0.dll	`_lock_file` `_unlock_file` `_fstat64` `_wstat64` `_unlink`
api-ms-win-crt-time-l1-1-0.dll	`strftime` `_time64` `_gmtime64` `_localtime64`
api-ms-win-crt-locale-l1-1-0.dll	`___lc_codepage_func` `_configthreadlocale` `localeconv`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Mar-17 16:35:46
Version	`0.0`
SizeofData	`1012`
AddressOfRawData	`0x15158c`
PointerToRawData	`0x14fd8c`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2026-Mar-17 16:35:46
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x1401519a0`
EndAddressOfRawData	`0x140151b10`
AddressOfIndex	`0x14016ab98`
AddressOfCallbacks	`0x140123018`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES`
Callbacks	`0x000000014011D200` `0x000000014011D278`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140168f40`

RICH Header

XOR Key	`0x7d99dcf8`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`24`
253 (35207)	`7`
ASM objects (35207)	`4`
C objects (35207)	`10`
C++ objects (35207)	`42`
Imports (35207)	`6`
C objects (33523)	`43`
C objects (VS2022 Update 6 (17.6.4) compiler 32535)	`129`
C++ objects (35223)	`5`
Imports (33145)	`37`
Total imports	`531`
C++ objects (LTCG) (35224)	`16`
Resource objects (35224)	`1`
Linker (35224)	`1`

Errors

Leave a comment

No comments yet.