Manalyze report for 88926709b8ed43d979921d0048cb61db

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2019-Mar-04 07:36:38
TLS Callbacks	2 callback(s) detected.
Debug artifacts	Embedded COFF debugging symbols

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES`
Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata` `Unusual section name found: /4` `Unusual section name found: /19` `Unusual section name found: /35` `Unusual section name found: /51` `Unusual section name found: /63` `Unusual section name found: /77` `Unusual section name found: /89` `Unusual section name found: /102` `Unusual section name found: /113` `Unusual section name found: /124` `Unusual section name found: /138`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryW` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Can access the registry: RegCloseKey RegOpenKeyExA RegQueryValueExA` `Uses functions commonly found in keyloggers: CallNextHookEx GetAsyncKeyState GetForegroundWindow MapVirtualKeyA` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Leverages the raw socket API to access the Internet: WSAGetOverlappedResult` `Can take screenshots: BitBlt CreateCompatibleDC GetDC`
Suspicious	The file contains overlay data.	`569093 bytes of data starting at offset 0xa62400.`
Safe	VirusTotal score: 0/71 (Scanned on 2019-11-07 02:41:05)	`All the AVs think this file is safe.`

Hashes

MD5	`88926709b8ed43d979921d0048cb61db`
SHA1	`5aaf573962465c1b63d536d7bc54c6d0ee85965f`
SHA256	`3374a59b096e396e6206487cf2e8868f2cb2bdd268d650e688ef96e35cdbf2a2`
SHA3	`83ba85286d8c937319869adc9dd28e2992ea0f8c03f4a8ecbbd435dad6e45574`
SSDeep	`98304:dLR7d4YxfcQ7MEjxSXw+jaPXhg0aupLtFmY1c2cx7idOq:1hdWQ7MS3RgaPPr`
Imports Hash	`a1611a2215b2f20d079ff2114872498e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`22`
TimeDateStamp	2019-Mar-04 07:36:38
PointerToSymbolTable	`0xa62400`
NumberOfSymbols	`14189`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0x294000`
SizeOfInitializedData	`0x56f800`
SizeOfUninitializedData	`0x24600`
AddressOfEntryPoint	`0x00000000000014E0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0xa92000`
SizeOfHeaders	`0x600`
Checksum	`0xafbfd6`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`81e97473e38f0987707954e07f8d764f`
SHA1	`ca9901f107a48d7327ebf75e8f2907b214e21dfb`
SHA256	`e574f41ce66e307b63a087928570d4b9b32db4e9c8577d13dd94f018422673fb`
SHA3	`93e17cb0cd65529e6ff499e14a06aea7d0600566dc3c9edaed0b108d09af1c3d`
VirtualSize	`0x293f80`
VirtualAddress	`0x1000`
SizeOfRawData	`0x294000`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.98491`

.data

MD5	`b5125d348a1f3cf720c0240d6e08a771`
SHA1	`31aca5147624cc4405b7f1264284ee52c94b9116`
SHA256	`d80bca7d08ba55c7806af41a5399d07b5898ade6ed3c20ec5a51e3758fcc1d5d`
SHA3	`3f10701b5bcc956eea76ae87091ff15e171e361f822394bb5b4009ede7398588`
VirtualSize	`0x349f0`
VirtualAddress	`0x295000`
SizeOfRawData	`0x34a00`
PointerToRawData	`0x294600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.3891`

.rdata

MD5	`889306bbd4ff92f71b93f2cc6b8d0290`
SHA1	`6ad8be73a80ad263784c0034697afa12d607de5a`
SHA256	`9104f6c483d421f0393e41ff2c8c72e1d6aa27466db50bc0a8e20a46157a980a`
SHA3	`67df10f2b501aa630135f5eeef9089b0cfdb82fa7c692b73150d9700bf22d784`
VirtualSize	`0x283900`
VirtualAddress	`0x2ca000`
SizeOfRawData	`0x283a00`
PointerToRawData	`0x2c9000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.31011`

.pdata

MD5	`22deda02672e7f81a1e7271b84538cee`
SHA1	`48276d24030572256c9e6e4ea376a9d80d38f087`
SHA256	`31fbd3b4a1a581512d6cd8cadf23911b0e810f6d900ee96d93cc182c7cd1df8f`
SHA3	`ae6b6d02f7c252d9e11bd671711fd81a82d67f167d10f5339ab5a478c26b2e7e`
VirtualSize	`0x285c`
VirtualAddress	`0x54e000`
SizeOfRawData	`0x2a00`
PointerToRawData	`0x54ca00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.4976`

.xdata

MD5	`a93b8341a3749d0899ff9fa39ae3c2f1`
SHA1	`da9e98ae104bd1ead7fccb2795390d693c91c5b9`
SHA256	`f461eeecd262d6f98b1f0e564d7c2538edcc20eca18a4c9e3ce70db1de50e807`
SHA3	`a3367090c79cbf26960d1991d9544d70cfc9af344e426890363f1630de87a004`
VirtualSize	`0x2364`
VirtualAddress	`0x551000`
SizeOfRawData	`0x2400`
PointerToRawData	`0x54f400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.20574`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x24600`
VirtualAddress	`0x554000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.edata

MD5	`8236366516a341f3553d9649bdaa0800`
SHA1	`fc15c5d920f101602182f5d0d936ed4226aae196`
SHA256	`718def956f4ffd35cd7762ce812d66c4b348846885ddbd203e561059cdbbbd56`
SHA3	`2bb813e0c1de2621e5ba0f3b64d73535eb1a51a7a61383fdb46b02bec5ac0a96`
VirtualSize	`0x1c9`
VirtualAddress	`0x579000`
SizeOfRawData	`0x200`
PointerToRawData	`0x551800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.55508`

.idata

MD5	`dbbcb54817cb85780b6c3b32246c387a`
SHA1	`274d3f27ae65d45ca1cd479139f17f6d2b5eb76e`
SHA256	`5c6ca41ac0296c19b24264e3b0eb5b862e8ea214503450666d905025c022ffd5`
SHA3	`b25667a96d881061695212c5ba725bc3114020d82dead56560ae176034eb2207`
VirtualSize	`0x1bcc`
VirtualAddress	`0x57a000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0x551a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.65759`

.CRT

MD5	`3d2ce2bb9d75d17532960d1ab4249eed`
SHA1	`7276eec679dd3fc53331974045653a029de56a24`
SHA256	`7d6182a55d732aae45eb8f154478211b0e3092d386bc180c4cce602a68d4be34`
SHA3	`5ba729c0975eb3b468a463f0c1d4690b41cca96971e873b34467016492576799`
VirtualSize	`0x68`
VirtualAddress	`0x57c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x553600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.280401`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x10`
VirtualAddress	`0x57d000`
SizeOfRawData	`0x200`
PointerToRawData	`0x553800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.reloc

MD5	`c095e8d94fa1e9858745836728eabefc`
SHA1	`334e2a314dae02940467404b99393da4e605538b`
SHA256	`aef2f8ed04ebb195d266594b318811ef07e51946c5b3f48c600a6d79ab1a76b5`
SHA3	`6ea2907bcda4d3d50ec996b0f0e4f1b1d60e280a11798a54c91307b6e586d881`
VirtualSize	`0x1c350`
VirtualAddress	`0x57e000`
SizeOfRawData	`0x1c400`
PointerToRawData	`0x553a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.45329`

/4

MD5	`f4da9f44267b985b659a001b42a201f0`
SHA1	`471979ae4e89e28ae37566382e1955186f379eaa`
SHA256	`caf086fba241e8741f080670e1bd0ab4f009fd79de697ef0bac92756bf6fb023`
SHA3	`caab012e4b0f661f83c2181926fc7ba2a8a04b97aec710627caa83bd4397d010`
VirtualSize	`0x240`
VirtualAddress	`0x59b000`
SizeOfRawData	`0x400`
PointerToRawData	`0x56fe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.09636`

/19

MD5	`ab25d8263e8dfae76c4b1543f55ce2ca`
SHA1	`c49a5a58a69bbca111815f0b050dda28a3a89798`
SHA256	`b6e8db37aaa0fba1198096e901feae71c7f9bf3e2a6c536b47e85f6f7cbf7333`
SHA3	`467511221915f6ce37b995f4ae5f6484b274e2bb4a5121fd7c964556642c109b`
VirtualSize	`0x22ae9`
VirtualAddress	`0x59c000`
SizeOfRawData	`0x22c00`
PointerToRawData	`0x570200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.48512`

/35

MD5	`13d68142e484742ebcb6e03d635baaca`
SHA1	`0a4b7b2c1d52ba440b7ce0de95809b8777e2957a`
SHA256	`71b4436fd5f7d7080a80a96f2819e8f2729876c8c088661dcccdd4d635631fb5`
SHA3	`08a02c662cac9d2525f986afbf5e03659f15ecfb1ec84b70b0b5c4359af2454e`
VirtualSize	`0x25a8a`
VirtualAddress	`0x5bf000`
SizeOfRawData	`0x25c00`
PointerToRawData	`0x592e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.52675`

/51

MD5	`4e1c4a6badd7d06a3a95d64a22bafa63`
SHA1	`0a6475b40c130c1f431f196a84b157d5508112a2`
SHA256	`55ca1108095953dcb14c13b8965494c7d1b8b272a4ee05e1d40ccc81491d9d7c`
SHA3	`55113487669c989295736a0862a5ae6be07002adc1fe2b647787a83dd174292c`
VirtualSize	`0x1c26e1`
VirtualAddress	`0x5e5000`
SizeOfRawData	`0x1c2800`
PointerToRawData	`0x5b8a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.9411`

/63

MD5	`3a9c0997df3a4cee88c9d5796621ca04`
SHA1	`67a86eec084fc9a3d09899ebd3acbc11a07c5aeb`
SHA256	`2c0b2bf340d32e43bfbc67e0616a60d0f93d1ce6846516b579fcc47c85942074`
SHA3	`dded149bb209007acffdcf84b131d4b76c2cf4e6d90c764ba4e5171a8b84b84a`
VirtualSize	`0x1cc3`
VirtualAddress	`0x7a8000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0x77b200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.83003`

/77

MD5	`f7b3fbdd09d3209983e77eaf175a90e9`
SHA1	`ce8afcc99dd4bd1fe65fb8b7fec169116ef56130`
SHA256	`b95779c14e4a8d923f43ab8d161dd15cf2284dc1dcf63618035746851806963f`
SHA3	`4a238c7af69263075f5ec69f522b1a5435233089970e60da394c5b6324bc69e5`
VirtualSize	`0x8c4c0`
VirtualAddress	`0x7aa000`
SizeOfRawData	`0x8c600`
PointerToRawData	`0x77d000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.93131`

/89

MD5	`3ee89621b9f686f54e9609cafa62b1cc`
SHA1	`35b634107a9d57556f5876bf188f1a7a02d2cc28`
SHA256	`cbe0b73fff34f5ed8478a05fd000f52bb320fc6e9c4b342f2c350f6033968be6`
SHA3	`24719644db3ba3db1bac1a47a74919d846188bb801de06b5e9994f4112206834`
VirtualSize	`0x41778`
VirtualAddress	`0x837000`
SizeOfRawData	`0x41800`
PointerToRawData	`0x809600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.87145`

/102

MD5	`d8fa1bb9468ae3ed08bfa0b94f0b7fe5`
SHA1	`24c816e5f2b00f8ae6bb593c2f708482b2c13f17`
SHA256	`4ccb505ce90603de61e7e3c55b82e73ad13f379e0efe7d89598147932e816471`
SHA3	`0dded0767ae9aba0774c09e119f4b3a1815bf000e4f9ed29f49d6469a5ee4255`
VirtualSize	`0xb9f`
VirtualAddress	`0x879000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x84ae00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.92026`

/113

MD5	`0db9f70441b100ae7df104c028bd4e44`
SHA1	`81b507a454ed8bb7c9c7c901f7154243f8f2d862`
SHA256	`041efc594dd95fc98592be00149b596278f21f86d05aa5fafa2105a7ccadb0dd`
SHA3	`49427842bb801a203443798de5ae9badff5a52e112900bca38024769fdc630ed`
VirtualSize	`0x196f3d`
VirtualAddress	`0x87a000`
SizeOfRawData	`0x197000`
PointerToRawData	`0x84ba00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.88341`

/124

MD5	`4e55a7eb40dad74bd2194a32a4d0a9d8`
SHA1	`69052c0d8c677b9bdbbc51ceefb1c4dfa86362f1`
SHA256	`d2b87ee6d855efa16de4763332346a206641828911c64ebce02f05c84622fc3e`
SHA3	`91454f7865438a24956879607482714452625b09a907c53ce53029211dd78561`
VirtualSize	`0x7f6b0`
VirtualAddress	`0xa11000`
SizeOfRawData	`0x7f800`
PointerToRawData	`0x9e2a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.34678`

/138

MD5	`bf9fd853865c9962985b102bf2d3f0fd`
SHA1	`fd1be55999d1df55945d8c8b2d48922aaee2b04c`
SHA256	`3c31b75ebcf67fabe3fb45e50fada48754b3166b4ae34809c3773c2eed92e26f`
SHA3	`fbe7292970ff7cf229eb7dcdfe155b5fc2357f88fc2fcec5a284ba6e92526ea6`
VirtualSize	`0x53`
VirtualAddress	`0xa91000`
SizeOfRawData	`0x200`
PointerToRawData	`0xa62200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.35372`

Imports

ADVAPI32.dll	`RegCloseKey` `RegOpenKeyExA` `RegQueryValueExA`
GDI32.dll	`BitBlt` `CreateCompatibleDC` `CreateDIBSection` `DeleteDC` `DeleteObject` `GetDeviceCaps` `SelectObject`
KERNEL32.dll	`AddVectoredExceptionHandler` `CloseHandle` `CreateEventA` `CreateIoCompletionPort` `CreateThread` `DeleteCriticalSection` `DuplicateHandle` `EnterCriticalSection` `ExitProcess` `FreeEnvironmentStringsW` `FreeLibrary` `GetConsoleMode` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThreadId` `GetEnvironmentStringsW` `GetLastError` `GetModuleFileNameW` `GetModuleHandleA` `GetProcAddress` `GetProcessAffinityMask` `GetQueuedCompletionStatus` `GetStartupInfoA` `GetStdHandle` `GetSystemDirectoryA` `GetSystemInfo` `GetSystemTimeAsFileTime` `GetTickCount` `GlobalAlloc` `GlobalFree` `GlobalLock` `GlobalUnlock` `InitializeCriticalSection` `IsDBCSLeadByteEx` `LeaveCriticalSection` `LoadLibraryA` `LoadLibraryW` `MultiByteToWideChar` `QueryPerformanceCounter` `RtlAddFunctionTable` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `SetConsoleCtrlHandler` `SetErrorMode` `SetEvent` `SetProcessPriorityBoost` `SetUnhandledExceptionFilter` `SetWaitableTimer` `Sleep` `SwitchToThread` `TerminateProcess` `TlsGetValue` `UnhandledExceptionFilter` `VirtualAlloc` `VirtualFree` `VirtualProtect` `VirtualQuery` `WaitForSingleObject` `WideCharToMultiByte` `WriteConsoleW` `WriteFile` `__C_specific_handler` `lstrlenA`
msvcrt.dll	`___lc_codepage_func` `___mb_cur_max_func` `__getmainargs` `__initenv` `__iob_func` `__lconv_init` `__set_app_type` `__setusermatherr` `_acmdln` `_amsg_exit` `_beginthread` `_cexit` `_errno` `_exit` `_fmode` `_gmtime64` `_initterm` `_lock` `_onexit` `_setjmp` `_snwprintf` `_time64` `_unlock` `_vsnprintf` `abort` `atof` `atoi` `calloc` `clock` `exit` `fclose` `fflush` `fopen` `fprintf` `fputc` `fread` `free` `frexp` `fseek` `ftell` `fwprintf` `fwrite` `isupper` `localeconv` `longjmp` `malloc` `memchr` `memcmp` `memcpy` `memset` `puts` `raise` `realloc` `signal` `sprintf` `strchr` `strcmp` `strcpy` `strerror` `strlen` `strncmp` `tolower` `vfprintf` `wcscpy` `wcslen`
USER32.dll	`ActivateKeyboardLayout` `CallNextHookEx` `ClientToScreen` `CloseClipboard` `DispatchMessageA` `EmptyClipboard` `EnumDisplayMonitors` `EnumWindows` `GetAsyncKeyState` `GetClientRect` `GetCursorPos` `GetDC` `GetDoubleClickTime` `GetForegroundWindow` `GetKeyState` `GetKeyboardLayout` `GetKeyboardLayoutList` `GetKeyboardLayoutNameA` `GetMessageA` `GetMessageTime` `GetSystemMetrics` `GetWindowLongPtrA` `GetWindowRect` `GetWindowTextA` `GetWindowThreadProcessId` `IsWindow` `MapVirtualKeyA` `MessageBoxA` `MessageBoxW` `OpenClipboard` `PostMessageA` `PostThreadMessageA` `ReleaseDC` `SendInput` `SetClipboardData` `SetForegroundWindow` `SetWinEventHook` `SetWindowPos` `SetWindowsHookExA` `ShowWindow` `SystemParametersInfoA` `TranslateMessage` `UnhookWinEvent` `UnhookWindowsHookEx` `VkKeyScanA`
WINMM.dll	`timeBeginPeriod` `timeEndPeriod`
WS2_32.dll	`WSAGetOverlappedResult`

Delayed Imports

hook_create_screen_info

Ordinal	`1`
Address	`0x266050`

hook_get_auto_repeat_delay

Ordinal	`2`
Address	`0x266170`

hook_get_auto_repeat_rate

Ordinal	`3`
Address	`0x266110`

hook_get_multi_click_time

Ordinal	`4`
Address	`0x266320`

hook_get_pointer_acceleration_multiplier

Ordinal	`5`
Address	`0x2661d0`

hook_get_pointer_acceleration_threshold

Ordinal	`6`
Address	`0x266230`

hook_get_pointer_sensitivity

Ordinal	`7`
Address	`0x2662c0`

hook_post_event

Ordinal	`8`
Address	`0x265a50`

hook_run

Ordinal	`9`
Address	`0x2657d0`

hook_set_dispatch_proc

Ordinal	`10`
Address	`0x2655f0`

hook_set_logger

Ordinal	`11`
Address	`0x264a90`

hook_stop

Ordinal	`12`
Address	`0x265a00`

Version Info

TLS Callbacks

StartAddressOfRawData	`0x97d000`
EndAddressOfRawData	`0x97d008`
AddressOfIndex	`0x977e5c`
AddressOfCallbacks	`0x97c040`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x00000000006937A0` `0x0000000000693770`

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Tried to read outside the COFF string table to get the name of section /19!
[*] Warning: Tried to read outside the COFF string table to get the name of section /35!
[*] Warning: Tried to read outside the COFF string table to get the name of section /51!
[*] Warning: Tried to read outside the COFF string table to get the name of section /63!
[*] Warning: Tried to read outside the COFF string table to get the name of section /77!
[*] Warning: Tried to read outside the COFF string table to get the name of section /89!
[*] Warning: Tried to read outside the COFF string table to get the name of section /102!
[*] Warning: Tried to read outside the COFF string table to get the name of section /113!
[*] Warning: Tried to read outside the COFF string table to get the name of section /124!
[*] Warning: Tried to read outside the COFF string table to get the name of section /138!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF String Table's reported size is bigger than the remaining bytes!
[*] Warning: Section .bss has a size of 0!