Manalyze report for 849019e2b2f19e8c2387d80cc9ceee3ca37b263d39ca25f15b60996432dea94b

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Apr-03 15:17:55
Detected languages	English - United States
TLS Callbacks	2 callback(s) detected.
Debug artifacts	firefox.pdb
Comments
LegalCopyright	Â©Firefox and Mozilla Developers; available under the MPL 2 license.
CompanyName	Mozilla Corporation
FileDescription	Firefox
FileVersion	`149.0.2`
ProductVersion	`149.0.2`
InternalName	Firefox
LegalTrademarks	Firefox is a Trademark of The Mozilla Foundation.
OriginalFilename	firefox.exe
ProductName	Firefox
BuildID	20260403140140

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to internet browsers: firefox.exe` Contains domain names: aus5.mozilla.org crash-reports.mozilla.com hg.mozilla.org https://aus5.mozilla.org https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%SYSTEM_CAPABILITIES%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml https://crash-reports.mozilla.com https://crash-reports.mozilla.com/submit?id https://hg.mozilla.org https://hg.mozilla.org/releases/mozilla-release/rev/9f0b9889e371a1c81cc665cfce6f53803006ad9b mozilla.com mozilla.org reports.mozilla.com
Suspicious	The PE is possibly packed.	`Unusual section name found: .freestd`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExA LoadLibraryExW LoadLibraryW` `Functions which can be used for anti-debugging purposes: NtQueryInformationProcess` `Code injection capabilities: CreateRemoteThread OpenProcess VirtualAlloc VirtualAllocEx WriteProcessMemory` `Code injection capabilities (mapping injection): CreateFileMappingA CreateFileMappingW CreateRemoteThread MapViewOfFile` `Possibly launches other programs: CreateProcessW` `Uses Windows's Native API: NtMapViewOfSection NtOpenFile NtQueryInformationProcess NtQueryObject NtQueryVirtualMemory NtReadVirtualMemory NtUnmapViewOfSection` `Memory manipulation functions often used by packers: VirtualAlloc VirtualAllocEx VirtualProtect VirtualProtectEx` `Manipulates other processes: OpenProcess ReadProcessMemory WriteProcessMemory`
Info	The PE is digitally signed.	`Signer: Mozilla Corporation` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Safe	VirusTotal score: 0/71 (Scanned on 2026-04-13 13:53:57)	`All the AVs think this file is safe.`

Hashes

MD5	`046abf253be4918c1a8dff612ae9acdb`
SHA1	`d382fb5720382f261f5d512b1f7d041b123cd25f`
SHA256	`849019e2b2f19e8c2387d80cc9ceee3ca37b263d39ca25f15b60996432dea94b`
SHA3	`4acf785b0b588430ab2cd31e3dcd0a0ff3ad03ca81291efcc6a7fd6cc58e9632`
SSDeep	`12288:kYL2j8g8Pjy3XGUQiZknG2d1dSiIwgzwHJem7OzwHJe0IhfIy:Kj8g8PjyXZUBPdSiIwWwpemIwpelgy`
Imports Hash	`f786ffa16022b5f84e6d05a22d1838b8`

DOS Header

e_magic	`MZ`
e_cblp	`0x78`
e_cp	`0x1`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0`
e_ss	`0`
e_sp	`0`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x78`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`8`
TimeDateStamp	2026-Apr-03 15:17:55
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x56600`
SizeOfInitializedData	`0x52a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000003C7E0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`A.0`
ImageVersion	`0.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0xaf000`
SizeOfHeaders	`0x400`
Checksum	`0xb8b38`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x800000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x40000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`96a477e29fa2dce5f72e2964bc268e1d`
SHA1	`5d6544afe5ccd820650ebe407769efe53d46b7e0`
SHA256	`5404ea042795c9679b9569f805e380bb6b07dbc766d7e4c1292fb8c59c6b13dd`
SHA3	`0b78ab9468d20ebe474400698441a7e0459647c21c7be49de6151eb667ad6665`
VirtualSize	`0x56482`
VirtualAddress	`0x1000`
SizeOfRawData	`0x56600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.36157`

.rdata

MD5	`c5f6f8d36bb14bfd637cd913c6f46325`
SHA1	`c69fecfc7f1b9fc498a2e74aacaf063c2e25a212`
SHA256	`8fea44e580d8026d1922be8256193fc361d59d3c9e73a5d7f79fb9cef138d33b`
SHA3	`a6373fe6eb42ed5a0f065a8108e712c3d34fa025584118fa9220b581b5368fcb`
VirtualSize	`0x1096c`
VirtualAddress	`0x58000`
SizeOfRawData	`0x10a00`
PointerToRawData	`0x56a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.33634`

.data

MD5	`2f1bb3dce4956a43010c83506c87f7b4`
SHA1	`1953379d79e641ac293b31388aa359af718866e2`
SHA256	`9a078d24871e1ace20ffc0094c245cf08664ecb9cbf58c3698c058cc0aae20f5`
SHA3	`d710b0f539a08ec217312edad9116cfcfed72e52c6271f8d6f2886f7e9679001`
VirtualSize	`0xe60`
VirtualAddress	`0x69000`
SizeOfRawData	`0x600`
PointerToRawData	`0x67400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.78435`

.pdata

MD5	`3b9ad800a702987c1a46207e9ddd973e`
SHA1	`f70598c7b80ee1d22bf4990e8eabd2babb6587e3`
SHA256	`a1e115cb717bfc5403bb06fbf19112ea060d72938858172a7e836cd9c847f83b`
SHA3	`f1ddf18419424ffe3a593e30c2d16167dfebf7a353b6054eb1dd8047ae0d42e6`
VirtualSize	`0x27a8`
VirtualAddress	`0x6a000`
SizeOfRawData	`0x2800`
PointerToRawData	`0x67a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.58666`

.freestd

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x10`
VirtualAddress	`0x6d000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6a200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0`

.tls

MD5	`b2ab96ea00796f685c743fbedcfd4f5e`
SHA1	`7843ecccd73677873cc96392e37a8528c22cbf49`
SHA256	`c1016c4288c4a2f958c5bdbfc358c0428b5df89eadc786904ba49481fffab70b`
SHA3	`a21f9bce1e31b5771ff7efff1c4be308d749d1fcc14eb31a2236560e2556d9b5`
VirtualSize	`0x22`
VirtualAddress	`0x6e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6a400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.122276`

.rsrc

MD5	`d20b8955f8034d72e791e85b84615b8a`
SHA1	`d148532063debe77f4193a12b015dfa767e7eb28`
SHA256	`2bead1b7b80da122416325116fd812e6babc3d45b8bf8f49e015a2757fbffe79`
SHA3	`bd83bdd6eda6ac20b352ee86de8787fae60f65cb48fd70a04284d44798589bd0`
VirtualSize	`0x3e768`
VirtualAddress	`0x6f000`
SizeOfRawData	`0x3e800`
PointerToRawData	`0x6a600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.17228`

.reloc

MD5	`2a8b911a65885acd4c88144ae395c0c5`
SHA1	`fb87ffec5c6b8160075d65e34cc5971466bf85b5`
SHA256	`7782f142c62cce4efeb4826772efbf2d3a1f527237e700c4399a965383cd1534`
SHA3	`6aab24469512175c6909357cb70fa1887103160c0686f29173d710852051364e`
VirtualSize	`0x4b4`
VirtualAddress	`0xae000`
SizeOfRawData	`0x600`
PointerToRawData	`0xa8e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.78239`

Imports

mozglue.dll	`??0MutexImpl@detail@mozilla@@QEAA@XZ` `??0PrintfTarget@mozilla@@IEAA@XZ` `??1MutexImpl@detail@mozilla@@QEAA@XZ` `??2@YAPEAX_K@Z` `??3@YAXPEAX@Z` `??3@YAXPEAX_K@Z` `??_U@YAPEAX_K@Z` `??_V@YAXPEAX@Z` `?BeginProcessRuntimeInit@detail@mscom@mozilla@@YAAEAW4ProcessInitState@123@XZ` `?CleanupProcessRuntime@mozilla@@YAXXZ` `?CreateAndStorePreXULSkeletonUI@mozilla@@YAXPEAUHINSTANCE__@@HPEAPEAD@Z` `?DllBlocklist_Initialize@@YAXI@Z` `?EnablePreferLoadFromSystem32@mozilla@@YA_NXZ` `?EndProcessRuntimeInit@detail@mscom@mozilla@@YAXXZ` `?GetClearedBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAPEAVProfileChunkedBuffer@2@XZ` `?GetProfilingStack@AutoProfilerLabel@baseprofiler@mozilla@@SAPEAVProfilingStack@23@XZ` `?InvalidArrayIndex_CRASH@detail@mozilla@@YAX_K0@Z` `?IsActiveAndUnpaused@RacyFeatures@detail@baseprofiler@mozilla@@SA_NXZ` `?IsPreferLoadFromSystem32Available@mozilla@@YA_NXZ` `?IsPreferLoadFromSystem32Enabled@mozilla@@YA_NXZ` `?IsWin32kLockedDown@mozilla@@YA_NXZ` `?MapRemoteViewOfFile@mozilla@@YAPEAXPEAX0_K01KK@Z` `?Now@TimeStamp@mozilla@@CA?AV12@_N@Z` `?PollPreXULSkeletonUIEvents@mozilla@@YAXXZ` `?RegisterRuntimeExceptionModule@CrashReporter@@YAXXZ` `?SetGeckoChildID@mozilla@@YAXPEBD@Z` `?SetGeckoProcessType@mozilla@@YAXPEBD@Z` `?SetWin32kLockedDownInPolicy@mozilla@@YAXXZ` `?TagForMarkerTypeFunctions@Streaming@base_profiler_markers_detail@mozilla@@SAEP6AXAEAVProfileBufferEntryReader@3@AEAVSpliceableJSONWriter@baseprofiler@3@@ZP6A?AV?$Span@$$CBD$0?0@3@XZP6A?AVMarkerSchema@3@XZ@Z` `?UnregisterRuntimeExceptionModule@CrashReporter@@YAXXZ` `?WindowsDpiInitialization@mozilla@@YA?AW4WindowsDpiInitializationResult@1@XZ` `?ensureCapacitySlow@ProfilingStack@baseprofiler@mozilla@@AEAAXXZ` `?lock@MutexImpl@detail@mozilla@@IEAAXXZ` `?profiler_active_without_feature@baseprofiler@mozilla@@YA_NI@Z` `?profiler_capture_backtrace_into@baseprofiler@mozilla@@YA_NAEAVProfileChunkedBuffer@2@W4StackCaptureOptions@2@@Z` `?profiler_current_thread_id@baseprofiler@mozilla@@YA?AVBaseProfilerThreadId@12@XZ` `?profiler_get_core_buffer@baseprofiler@mozilla@@YAAEAVProfileChunkedBuffer@2@XZ` `?profiler_init@baseprofiler@mozilla@@YAXPEAX@Z` `?profiler_shutdown@baseprofiler@mozilla@@YAXXZ` `?sChildProcessType@startup@mozilla@@3W4GeckoProcessType@@A` `?unlock@MutexImpl@detail@mozilla@@IEAAXXZ` `?vprint@PrintfTarget@mozilla@@QEAA_NPEBDPEAD@Z` `_wcsdup` `free` `malloc` `malloc_good_size` `moz_xmalloc` `mozalloc_abort` `printf_stderr` `realloc` `strdup`
ntdll.dll	`NtMapViewOfSection` `NtOpenFile` `NtQueryInformationProcess` `NtQueryObject` `NtQueryVirtualMemory` `NtReadVirtualMemory` `NtUnmapViewOfSection` `RtlAcquireSRWLockExclusive` `RtlAcquireSRWLockShared` `RtlAddFunctionTable` `RtlAllocateHeap` `RtlAnsiStringToUnicodeString` `RtlCaptureStackBackTrace` `RtlCompareMemory` `RtlCompareUnicodeString` `RtlDuplicateUnicodeString` `RtlEqualUnicodeString` `RtlFreeHeap` `RtlFreeUnicodeString` `RtlGetLastWin32Error` `RtlInitAnsiString` `RtlInitUnicodeString` `RtlLookupFunctionEntry` `RtlNtStatusToDosError` `RtlQueryPerformanceCounter` `RtlReAllocateHeap` `RtlReleaseSRWLockExclusive` `RtlReleaseSRWLockShared` `RtlRunOnceExecuteOnce` `RtlRunOnceInitialize` `RtlSetLastWin32Error` `RtlSleepConditionVariableSRW` `RtlWakeAllConditionVariable` `memcmp` `memcpy` `memmove` `memset`
SHLWAPI.dll	`PathAppendW` `PathRemoveFileSpecW`
MSVCP140.dll	`??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `??0ios_base@std@@IEAA@XZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??1ios_base@std@@UEAA@XZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z` `?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `?_Raise_handler@std@@3P6AXAEBVexception@stdext@@@ZEA` `?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?_Xbad_function_call@std@@YAXXZ` `?_Xlength_error@std@@YAXPEBD@Z` `?_Xout_of_range@std@@YAXPEBD@Z` `?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `?good@ios_base@std@@QEBA_NXZ` `?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z` `?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IEAAXPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z` `?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z`
KERNEL32.dll	`AcquireSRWLockExclusive` `AssignProcessToJobObject` `AttachConsole` `CloseHandle` `CreateEventW` `CreateFileMappingA` `CreateFileMappingW` `CreateFileW` `CreateIoCompletionPort` `CreateJobObjectW` `CreateMutexW` `CreateNamedPipeW` `CreateProcessW` `CreateRemoteThread` `CreateThread` `DebugBreak` `DeleteProcThreadAttributeList` `DuplicateHandle` `EncodePointer` `EnterCriticalSection` `EnumSystemLocalesEx` `ExpandEnvironmentStringsW` `FlushInstructionCache` `FreeEnvironmentStringsW` `FreeLibrary` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentProcessorNumber` `GetCurrentThread` `GetCurrentThreadId` `GetEnvironmentStringsW` `GetEnvironmentVariableW` `GetExitCodeProcess` `GetFileInformationByHandle` `GetFileInformationByHandleEx` `GetFileType` `GetLastError` `GetLongPathNameW` `GetModuleFileNameW` `GetModuleHandleA` `GetModuleHandleExW` `GetModuleHandleW` `GetNativeSystemInfo` `GetProcAddress` `GetProcessHandleCount` `GetProcessHeaps` `GetProcessId` `GetProcessMitigationPolicy` `GetProductInfo` `GetQueuedCompletionStatus` `GetStartupInfoW` `GetStdHandle` `GetSystemDirectoryW` `GetSystemInfo` `GetSystemTimeAsFileTime` `GetThreadId` `GetTickCount` `GetUserDefaultLCID` `GetUserDefaultLangID` `GetUserDefaultLocaleName` `GetVersionExW` `HeapDestroy` `HeapSetInformation` `InitOnceExecuteOnce` `InitializeCriticalSectionEx` `InitializeProcThreadAttributeList` `InitializeSListHead` `IsDebuggerPresent` `IsWow64Process` `LeaveCriticalSection` `LoadLibraryExA` `LoadLibraryExW` `LoadLibraryW` `LocalFree` `MapViewOfFile` `MultiByteToWideChar` `OpenProcess` `PostQueuedCompletionStatus` `QueryFullProcessImageNameW` `QueryInformationJobObject` `QueryPerformanceCounter` `QueryPerformanceFrequency` `RaiseException` `ReadFile` `ReadProcessMemory` `RegisterWaitForSingleObject` `ReleaseSRWLockExclusive` `ResumeThread` `SetDefaultDllDirectories` `SetDllDirectoryW` `SetEnvironmentVariableW` `SetEvent` `SetFilePointerEx` `SetHandleInformation` `SetInformationJobObject` `SetLastError` `SetProcessMitigationPolicy` `SetStdHandle` `SetThreadAffinityMask` `SetThreadInformation` `SetUnhandledExceptionFilter` `Sleep` `SleepConditionVariableSRW` `TerminateJobObject` `TerminateProcess` `TlsGetValue` `TlsSetValue` `TryAcquireSRWLockExclusive` `UnmapViewOfFile` `UnregisterWaitEx` `UpdateProcThreadAttribute` `VirtualAlloc` `VirtualAllocEx` `VirtualFree` `VirtualFreeEx` `VirtualProtect` `VirtualProtectEx` `VirtualQuery` `WaitForSingleObject` `WakeAllConditionVariable` `WideCharToMultiByte` `WriteProcessMemory`
VCRUNTIME140.dll	`_CxxThrowException` `__C_specific_handler` `__current_exception` `__current_exception_context` `__std_terminate` `strrchr` `wcschr`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
api-ms-win-crt-stdio-l1-1-0.dll	`__acrt_iob_func` `__p__commode` `__stdio_common_vfwprintf_s` `__stdio_common_vsnprintf_s` `__stdio_common_vsnwprintf_s` `__stdio_common_vsprintf` `__stdio_common_vswprintf` `_fileno` `_get_osfhandle` `_set_fmode` `_wfopen` `fclose` `fgets` `freopen`
api-ms-win-crt-environment-l1-1-0.dll	`__p__environ` `_putenv` `_wgetenv` `getenv`
api-ms-win-crt-runtime-l1-1-0.dll	`__p___argc` `__p___wargv` `_c_exit` `_cexit` `_configure_wide_argv` `_crt_atexit` `_errno` `_exit` `_get_initial_wide_environment` `_initialize_onexit_table` `_initialize_wide_environment` `_initterm` `_initterm_e` `_register_onexit_function` `_register_thread_local_exe_atexit_callback` `_seh_filter_exe` `_set_app_type` `exit` `terminate`
api-ms-win-crt-convert-l1-1-0.dll	`_ltoa_s` `wcstoul`
api-ms-win-crt-string-l1-1-0.dll	`_stricmp` `_wcsnicmp` `strcpy` `strlen` `towlower` `wcscmp` `wcscpy` `wcscpy_s` `wcslen` `wcsncmp` `wcspbrk` `wcstok_s`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr` `ceilf` `ldexp`
api-ms-win-crt-utility-l1-1-0.dll	`rand_s`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode`
OLEAUT32.dll (delay-loaded)	`SetOaNoCache` `SysAllocString` `SysFreeString` `VariantClear` `VariantInit`

Delayed Imports

Attributes	`0x1`
Name	`OLEAUT32.dll`
ModuleHandle	`0x69280`
DelayImportAddressTable	`0x692c0`
DelayImportNameTable	`0x61fe0`
BoundDelayImportTable	`0`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

GetHandleVerifier

Ordinal	`1`
Address	`0x4ef90`

GetNtLoaderAPI

Ordinal	`2`
Address	`0x73a0`

IsSandboxedProcess

Ordinal	`3`
Address	`0x3cc90`

NativeNtBlockSet_Write

Ordinal	`4`
Address	`0x30b20`

TargetCreateNamedPipeW

Ordinal	`5`
Address	`0x53790`

TargetCreateNamedPipeW64

Ordinal	`6`
Address	`0x53280`

TargetCreateThread

Ordinal	`7`
Address	`0x35c90`

TargetCreateThread64

Ordinal	`8`
Address	`0x53390`

TargetGdiDllInitialize

Ordinal	`9`
Address	`0x41390`

TargetGdiDllInitialize64

Ordinal	`10`
Address	`0x41390`

TargetGetForegroundWindow

Ordinal	`11`
Address	`0x47ba0`

TargetGetForegroundWindow64

Ordinal	`12`
Address	`0x47ba0`

TargetGetStockObject

Ordinal	`13`
Address	`0x47ba0`

TargetGetStockObject64

Ordinal	`14`
Address	`0x47ba0`

TargetNtCreateFile

Ordinal	`15`
Address	`0x8750`

TargetNtCreateFile64

Ordinal	`16`
Address	`0x86c0`

TargetNtCreateKey

Ordinal	`17`
Address	`0x4b1d0`

TargetNtCreateKey64

Ordinal	`18`
Address	`0x533d0`

TargetNtCreateSection

Ordinal	`19`
Address	`0x55660`

TargetNtCreateSection64

Ordinal	`20`
Address	`0x53430`

TargetNtImpersonateAnonymousToken

Ordinal	`21`
Address	`0x3db60`

TargetNtImpersonateAnonymousToken64

Ordinal	`22`
Address	`0x110f0`

TargetNtMapViewOfSection

Ordinal	`23`
Address	`0x2110`

TargetNtMapViewOfSection64

Ordinal	`24`
Address	`0x20a0`

TargetNtOpenFile

Ordinal	`25`
Address	`0x12a0`

TargetNtOpenFile64

Ordinal	`26`
Address	`0x1260`

TargetNtOpenKey

Ordinal	`27`
Address	`0x3ca50`

TargetNtOpenKey64

Ordinal	`28`
Address	`0x18e0`

TargetNtOpenKeyEx

Ordinal	`29`
Address	`0x3cca0`

TargetNtOpenKeyEx64

Ordinal	`30`
Address	`0x3630`

TargetNtOpenProcess

Ordinal	`31`
Address	`0x35870`

TargetNtOpenProcess64

Ordinal	`32`
Address	`0x53310`

TargetNtOpenProcessToken

Ordinal	`33`
Address	`0x35980`

TargetNtOpenProcessToken64

Ordinal	`34`
Address	`0x1dc0`

TargetNtOpenProcessTokenEx

Ordinal	`35`
Address	`0x35c50`

TargetNtOpenProcessTokenEx64

Ordinal	`36`
Address	`0x53340`

TargetNtOpenSection

Ordinal	`37`
Address	`0x3cb60`

TargetNtOpenSection64

Ordinal	`38`
Address	`0x2ab0`

TargetNtOpenThread

Ordinal	`39`
Address	`0x35510`

TargetNtOpenThread64

Ordinal	`40`
Address	`0x532e0`

TargetNtOpenThreadToken

Ordinal	`41`
Address	`0x3c9c0`

TargetNtOpenThreadToken64

Ordinal	`42`
Address	`0x1840`

TargetNtOpenThreadTokenEx

Ordinal	`43`
Address	`0x53e80`

TargetNtOpenThreadTokenEx64

Ordinal	`44`
Address	`0x53240`

TargetNtQueryAttributesFile

Ordinal	`45`
Address	`0x1e20`

TargetNtQueryAttributesFile64

Ordinal	`46`
Address	`0x1e00`

TargetNtQueryFullAttributesFile

Ordinal	`47`
Address	`0x120f0`

TargetNtQueryFullAttributesFile64

Ordinal	`48`
Address	`0x12f00`

TargetNtSetInformationFile

Ordinal	`49`
Address	`0xe7a0`

TargetNtSetInformationFile64

Ordinal	`50`
Address	`0xe760`

TargetNtSetInformationThread

Ordinal	`51`
Address	`0x3cac0`

TargetNtSetInformationThread64

Ordinal	`52`
Address	`0x1d20`

TargetNtUnmapViewOfSection

Ordinal	`53`
Address	`0x3d9a0`

TargetNtUnmapViewOfSection64

Ordinal	`54`
Address	`0x11170`

TargetRegisterClassW

Ordinal	`55`
Address	`0x53420`

TargetRegisterClassW64

Ordinal	`56`
Address	`0x53420`

g_current_mitigations

Ordinal	`57`
Address	`0x69b80`

g_delegate_data_size

Ordinal	`58`
Address	`0x69c08`

g_handles_to_close

Ordinal	`59`
Address	`0x69a68`

g_interceptions

Ordinal	`60`
Address	`0x69a70`

g_nt

Ordinal	`61`
Address	`0x69c40`

g_originals

Ordinal	`62`
Address	`0x69a90`

g_sentinel_value_end

Ordinal	`63`
Address	`0x6922c`

g_sentinel_value_start

Ordinal	`64`
Address	`0x69228`

g_shared_IPC_size

Ordinal	`65`
Address	`0x69bf8`

g_shared_delayed_integrity_level

Ordinal	`66`
Address	`0x69230`

g_shared_delayed_mitigations

Ordinal	`67`
Address	`0x69c18`

g_shared_policy_size

Ordinal	`68`
Address	`0x69c00`

g_shared_section

Ordinal	`69`
Address	`0x69c10`

g_shared_startup_mitigations

Ordinal	`70`
Address	`0x69bd8`

IDENTITY

Type	`LIMITEDACCESSFEATURE`
Language	English - United States
Codepage	UNKNOWN
Size	`0x38`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.091`
MD5	`36e6ead806a73a5a3bc2ce4f4271ab6a`
SHA1	`81a2c65bdd3b4acf0fe59c492c9b5bb0f707d5f7`
SHA256	`fb2ff6c0153228b41d9724562e77a0c6216a2e7ae8eddd4dd55441d737b3c73b`
SHA3	`5b806c73e94216aafbd67724a64e74cabcfcfa7e7f6a2d95945725baca3646d0`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x528`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.57637`
MD5	`9ef9b589dc222b68dfe323d5ee586f4f`
SHA1	`75ccee51a1649ada9714577db4de84aa9edfeb98`
SHA256	`b011ce8cc0a9e0a2ea6371c54ced59a6f85df39bd472074b3a1b9c6bb091286f`
SHA3	`f7ccda6497d58946266df08a9f420b5b1fda472489c899c8bfbcaf22755616f1`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1428`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.12398`
MD5	`a3b195fb3ad80f9bc343ecad38dc8afe`
SHA1	`789e46dce6cd6f2b39f45fc2325f7b6e40fcf558`
SHA256	`31d1c398501702fbfa6c88109d8b563d39af9c58c86fbe102c826a9faae88dc9`
SHA3	`f2965cc559f17e81f30b4be22ab171cb3560a100ecb203190346323876365110`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2d28`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.10872`
MD5	`4f2e710bc461acacfeca9eef116767b7`
SHA1	`6ac5300341438710a2e8e5a543e04bfbb83e30b4`
SHA256	`4aad470e8f0abbf5f77d188ea8cb3b0f90a45a82249105aa40d58bd1cd58fbaf`
SHA3	`f0eb6f7f8b924c5ec6c1cb3d7dcadd5bb10c38a05c6dce7ddf053638cef802f9`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xc42a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.9823`
Detected Filetype	PNG graphic file
MD5	`042a45cb9cdee4528142ae10e2501114`
SHA1	`3653ec6f84b853ff508156f32b77fa31062caa0b`
SHA256	`48bd16b990c81456412f9339aaf0e748d2f58a039f210a7d88492b57bddf5107`
SHA3	`9f6ee9b3adc81cb87ac8b95d5da51b0d5cd1a985bce460fc9872f3072bb28662`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x528`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.33273`
MD5	`e32d8faf49f0bf496db9a6084d897d43`
SHA1	`e9bda80264d4fcb02761c77f1def6f6ec906a10d`
SHA256	`9f4f96e92ca4349ad36b721e45aa86fbeb5670b9527be5b428e5b87b9dfeedf5`
SHA3	`27580e4d3709296f2bc5ae431edc6f4d573d79f108d2fb6df86e3f94ee864227`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1428`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.41941`
MD5	`179190cb75f958e1790b69b4606b9e28`
SHA1	`923b781d68d1e9b88931e2f6fe315a9f1aae67d2`
SHA256	`1fe138696d88fad8d5f952b5fadb3067db3c81b5acad001cf4dc4712082c7fca`
SHA3	`1fea5d5413eae9cd697e3fe65d1c3f55102bc7850c00f46b1208b9153a9f4357`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2d28`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.38936`
MD5	`68f11f75ab35e54b31cf09f4ca448fef`
SHA1	`3b10c88737db2b3214d3ee4df62f9a3784278b24`
SHA256	`e34798838b617d24fac0eed3e5f395f239996f08304857c6802d24d70e8e7bde`
SHA3	`7bd3ff5cf62774bb515aa1e6c695626c882500e59fd6bfa9dabc75993dabd32c`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6ae8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.96412`
Detected Filetype	PNG graphic file
MD5	`612a831f2b3937bc83f666d94c5cc192`
SHA1	`831d3b950205c270242cc656158d5e2398bf562c`
SHA256	`edead623714166d5f07d65d8451b630c11fae1632ff4c979972b30cf8b0f4c71`
SHA3	`82e22f7c9ab54d808c2b60c3a9f0c17c7931afb010b0b70231e4b784b7b79a32`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x528`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.57637`
MD5	`9ef9b589dc222b68dfe323d5ee586f4f`
SHA1	`75ccee51a1649ada9714577db4de84aa9edfeb98`
SHA256	`b011ce8cc0a9e0a2ea6371c54ced59a6f85df39bd472074b3a1b9c6bb091286f`
SHA3	`f7ccda6497d58946266df08a9f420b5b1fda472489c899c8bfbcaf22755616f1`

10

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1428`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.12398`
MD5	`a3b195fb3ad80f9bc343ecad38dc8afe`
SHA1	`789e46dce6cd6f2b39f45fc2325f7b6e40fcf558`
SHA256	`31d1c398501702fbfa6c88109d8b563d39af9c58c86fbe102c826a9faae88dc9`
SHA3	`f2965cc559f17e81f30b4be22ab171cb3560a100ecb203190346323876365110`

11

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2d28`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.10872`
MD5	`4f2e710bc461acacfeca9eef116767b7`
SHA1	`6ac5300341438710a2e8e5a543e04bfbb83e30b4`
SHA256	`4aad470e8f0abbf5f77d188ea8cb3b0f90a45a82249105aa40d58bd1cd58fbaf`
SHA3	`f0eb6f7f8b924c5ec6c1cb3d7dcadd5bb10c38a05c6dce7ddf053638cef802f9`

12

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xc42a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.9823`
Detected Filetype	PNG graphic file
MD5	`042a45cb9cdee4528142ae10e2501114`
SHA1	`3653ec6f84b853ff508156f32b77fa31062caa0b`
SHA256	`48bd16b990c81456412f9339aaf0e748d2f58a039f210a7d88492b57bddf5107`
SHA3	`9f6ee9b3adc81cb87ac8b95d5da51b0d5cd1a985bce460fc9872f3072bb28662`

13

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x528`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.6846`
MD5	`ef3eeb51599594a6b6ff9e6b15f1f9da`
SHA1	`614c928a35c373530e85fa165d93fc5064248a3b`
SHA256	`49adaf73093691a715a3a823c06f4676bb1e706b2df9a8a7cb5d641113937ebc`
SHA3	`63eac7768121e500ca51894b7f4d5d69a5062b2ebcf368c93acfb80404fd3055`

14

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1428`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.736`
MD5	`487718f35fe7d323f7b93d099b6bca6d`
SHA1	`bca300f1c4e3ee2c46057f6752b7c44201526b26`
SHA256	`170f36ebaec48dd85ef993e34e59b1004a6ac898b20a33d4741ee4780b4b637a`
SHA3	`eb5be939631d2b2260c43e2efb4b7e4bc6e6dfaa86df54f3f27d8177592105bc`

15

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x528`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.14128`
MD5	`d4e1273ffc3b959fbcdbef3d23c1f41c`
SHA1	`af161d876d64eb11896d589c0913319c94919fb5`
SHA256	`f7deab97b1bdbdbbc734c73ad5373f116c40e46e9631e0ca626a68d70a461356`
SHA3	`888bfe866ce411d73ab7803bca7461e8d09d6d40ff93439a222b346d5ddde7f9`

16

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1428`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.96811`
MD5	`435b7d3f949b30c2b36c9a9cad867823`
SHA1	`ccecf7792ec740e104e59f419a85f21e3259867d`
SHA256	`b31fa62c22346fff3ff0b9cd4aeb6fe2d889d7fedbe5a169f6010fee5e3228f5`
SHA3	`8237b5f06ec379c43bc3ab49d555cca62cbdb8972d55fefaba32ac62369d56eb`

17

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.95279`
MD5	`cb5f946ec17a3fdb975bb28a18d5f832`
SHA1	`43f9d8f60bdd8ad4df207cac24134f9d6cbef2a9`
SHA256	`d907e5704bb9135e00da270be3b4080fedab4d38d3bc0764d6efc8e4601c7443`
SHA3	`9b0fe9b20ae461db2bb62b033f65bc485c5e6dbb53f4ff4d53ef02c5bf87bc72`

18

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.31233`
MD5	`51a509f885a6d7ec5b0ff4f215425ad0`
SHA1	`36341ec8f384d89998861715a4f4c5b69f119f86`
SHA256	`e60dd9ef83ab3d19ba72fd777c83bbc31599744817a99e85828f4bbd25ab6dac`
SHA3	`07f325eedaf6579b79c220d530d33b33b48f772d9f697f87f60b2a329e87d9af`

19

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.95772`
MD5	`e408a838829fef5f35be2cd3cdb9a6de`
SHA1	`afd93219aac3f098e68ee24091f9328d4edbe2fb`
SHA256	`2ce154e010cf482a1e463ee636145b552fab37af02832b6be7c0c2078a944d07`
SHA3	`59e99fbf859e0e439838e95c50ba7a0d8012ce3a3504aa2ec66c18e7d3e4ec04`

20

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x518c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.96891`
Detected Filetype	PNG graphic file
MD5	`2cc7bc115b2f6a0fdbc848f2658f0a95`
SHA1	`f74fe2e0eb878632780080eda78cc2ff010bd266`
SHA256	`c6b8a9efc4cd50e66737230d4941c4295150fbff4ccc37d1d3d9ec79e20fcc7a`
SHA3	`c44a970b780723c101d72e3fe568523d7b4301e5b0e1ea23bfa89dd1c6a2390b`

21

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.95416`
MD5	`a2e4d77da0e9c95e72f7da1207cdc070`
SHA1	`2f367dd11778e046b2f420d0978c68918906f88d`
SHA256	`4eaa663abdeabdf5b69ab7ed594e1f731f8948cd1c5c078dd179d69a7cc4c2ee`
SHA3	`f67852d1070e5b50dcc69a1b2137b530615acef683515371a67eaa9240836c73`

22

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.935`
MD5	`e3ce8ab005a9206b7b7b88c6e1c58d28`
SHA1	`beeb3fe7a71fa16b68bd918482148caef8f7d98c`
SHA256	`c3c44fd5411c2247794bb696f38907e010307c361bc4b45659b17cda19674d33`
SHA3	`dd1f42b48c069bd66a784b0b794ef2a78501af4594029b22522d3de660bd07fe`

23

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.68219`
MD5	`613ee7a53281562d0c7a80a7f489ba5e`
SHA1	`e5f34fe70e2ae04dafa674c2744504b146e5e22b`
SHA256	`4d1b6e1dcd4265707a1197b392be5eb074f63bdde47f01bb572d71285d687465`
SHA3	`0d07acf962977c585ccf23b525e91bdb81bfe07bcb61fa87e996e5f5758698f2`

24

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x131c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.73497`
Detected Filetype	PNG graphic file
MD5	`1226c6dc37dea711d1043ba8630da616`
SHA1	`6aa3c65b88ed6bd4acfebd5647dd47280df8f5a6`
SHA256	`240fdf9153bff22d3b143c66549f9f6bc4272b563a6ef366969d6b12064281dc`
SHA3	`c244f1ae25a532ab61e689684925ac88e011169bc7b1a77454e7a101f3eff2f9`

7 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.18832`
MD5	`19f4201b56d53c6f492b0eb298aa232b`
SHA1	`ed5ef2fc48c7b193968e326855d4859c20b8e8ab`
SHA256	`df25084d22970c39e6eb95beb12b5e4db96b40246178bfdf74e4185508a5611c`
SHA3	`d0031dc9831afcba25ecbc4e8aa0c51307017c8108983ab097a7f590c4287f84`

1 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.49052`
Detected Filetype	Icon file
MD5	`d2c3d620e4104e75278efffa93cbd1fa`
SHA1	`b2557517c0ab93855317dc913fa1f2a1be131636`
SHA256	`7c8159b1a924a1f8d00dab0db314e134adf76477364789133e124ff1f68fb0fc`
SHA3	`6e8063f8c857c32ccc29e68994d363787a00d6c31b6026e24f9cc725452f0e82`

2 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.55342`
Detected Filetype	Icon file
MD5	`98708f698702408351151dfc04b58940`
SHA1	`48fa95aa9b60b50703b00c3a9ac7c4821af8c786`
SHA256	`c3d0924045b76c41afc71aafab918f088247c576f623b27a1d5ca02ab5673331`
SHA3	`e48111e784393182fd6fa24342255aba2a0ba883fe53452778a5e3cc30899c25`

3 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.38706`
Detected Filetype	Icon file
MD5	`8f8609aa10c5e5b324d5d510634b0f12`
SHA1	`eb13b5890be4ac3d104d13f9b5ed9421d7c25042`
SHA256	`331cd7026fcfb92a93a6279aa7acde84bb2882fbf91da3ddc5960df2e53e9a23`
SHA3	`89167e03d15081c2d660ef13abeb2099ffb40250f257774468409cec58934dd0`

4 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.30604`
Detected Filetype	Icon file
MD5	`4d198706399b0c8fd8b97652e2c5eb9d`
SHA1	`1e22c781d33eb5012bba16515555f147ad0a7859`
SHA256	`1661cf50414e791bf989eca8222b820e73153e895e07b155b7d10c1605022ea4`
SHA3	`c61ec4ec67695305c8586d8e8595bf8ca2fe46e54e8c5679ef4e52e4d9af7154`

5 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.55342`
Detected Filetype	Icon file
MD5	`7d7308d416df310568a4cb89d039e7c6`
SHA1	`7f3d038591a0924f08c67f3e04eda299ba7db2e1`
SHA256	`9e2082c4ef3e4f0f86974772993cff9cc42aae640394595434043307630162f9`
SHA3	`5ee18da9895cfbfcfdfe9602b89fe06d52fb22ee604f77f8fb0ac590bf5e9b2b`

6 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.55342`
Detected Filetype	Icon file
MD5	`95046b95e97969611dbf0e83bc6f3627`
SHA1	`f99d8258a18c12455ffd845fb9755a8dd212de25`
SHA256	`c071e9c3eb136c864703a0b43694f26e5c06c1226067a86ee1e6e7be2fa2fcab`
SHA3	`4482c06a4d52136141bb37c277df0605a6e63cf324e0114e255642a1e02f49c0`

32512

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.58568`
Detected Filetype	Icon file
MD5	`f20716bf5c12807c3b682d0de068a480`
SHA1	`c983b4ed7896f8fac5d07b9de8aa96c8fce0aded`
SHA256	`8ff0ddb8575078a21a8b74b9541add228d4fa2c661d2bec64a09c31a44dc1f8f`
SHA3	`44c4fadaf29c3cff90909652f57ab4001e427cf2e332aa8b929ef8c29b4a1153`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3ec`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.40706`
MD5	`0c2e08cd827dde6af8c84946534bc7a7`
SHA1	`698a042c17c4a5a477f4ef86f92c91ce7c62c1b4`
SHA256	`824c9b07cb4f7359f83cd9b29b6f09df02c2b7ab60f876b3109ca02c3c51229d`
SHA3	`bc5894cfade53da4bbd2dd0114ebdd2f7e42a29033dd3137ad9db6433699b72c`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x69c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.73678`
MD5	`ef90de6067464554757b8ee4ccbc813b`
SHA1	`21fed32a12e6f5fa31e0391152eb2589f1861660`
SHA256	`4f9f8191ab893a94b1cc52ccf8b5d7e6fa00e4eb4a1d985b7b9a872ece323ced`
SHA3	`f79691d403abd5045b44ff78001af47f08481fd564cb7e600a8c64e36b21804e`

String Table contents

Firefox

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	149.0.2.287
ProductVersion	149.0.2.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	UNKNOWN
Comments
LegalCopyright	Â©Firefox and Mozilla Developers; available under the MPL 2 license.
CompanyName	Mozilla Corporation
FileDescription	Firefox
FileVersion (#2)	149.0.2
ProductVersion (#2)	149.0.2
InternalName	Firefox
LegalTrademarks	Firefox is a Trademark of The Mozilla Foundation.
OriginalFilename	firefox.exe
ProductName	Firefox
BuildID	20260403140140

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Apr-03 15:17:55
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x61958`
PointerToRawData	`0x60358`
Referenced File	firefox.pdb

TLS Callbacks

StartAddressOfRawData	`0x14006e000`
EndAddressOfRawData	`0x14006e021`
AddressOfIndex	`0x140069600`
AddressOfCallbacks	`0x140061e88`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`0x00000001400036B0` `0x0000000140039BF0`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140069040`
GuardCFCheckFunctionPointer	`5369110016`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

Errors

Leave a comment

No comments yet.