Manalyze report for 8d7f84142f2ed33b2783667c3c97a166

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Feb-12 16:27:03

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to internet browsers: chrome.exe firefox.exe` `Contains references to security software: rshell.exe` `Miscellaneous malware strings: VIRUS cmd.exe system32\drivers\etc\hosts` `Contains domain names: cdn.jsdelivr.net github.com http://www.w3.org http://www.w3.org/2000/svg https://cdn.jsdelivr.net https://cdn.jsdelivr.net/npm/mathjax https://github.com https://messi.icu https://school.messi.icu https://webui.me https://www.webui.me jsdelivr.net mydomain.com www.w3.org`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses constants related to Blowfish` `Uses constants related to RC5 or RC6` `Uses known Diffie-Helman primes` `Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable` `Unusual section name found: .odinti`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryExW LoadLibraryW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Can access the registry: RegCloseKey RegEnumKeyW RegGetValueW RegOpenKeyExW RegQueryValueExW` `Possibly launches other programs: ShellExecuteA CreateProcessA CreateProcessW` `Uses Windows's Native API: ntohl ntohs` `Uses Microsoft's cryptographic API: CryptAcquireContextW CryptGenRandom CryptReleaseContext` `Leverages the raw socket API to access the Internet: WSACleanup WSAGetLastError WSAIoctl WSASetLastError WSAStartup __WSAFDIsSet accept bind closesocket connect freeaddrinfo getaddrinfo gethostbyaddr gethostbyname gethostname getnameinfo getpeername getservbyname getservbyport getsockname getsockopt htonl htons inet_addr inet_ntoa inet_ntop ioctlsocket listen ntohl ntohs recv recvfrom select send sendto setsockopt shutdown socket` `Enumerates local disk drives: GetDriveTypeW` `Manipulates other processes: OpenProcess Process32First Process32Next` `Reads the contents of the clipboard: GetClipboardData` `Interacts with the certificate store: CertOpenSystemStoreW`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`8d7f84142f2ed33b2783667c3c97a166`
SHA1	`d0b3ede9496661b3e1a07ed91270ef66ce611415`
SHA256	`ef8534df663790e5cbdb338fcf73e03cfb97d6414029b1dab68bc41461c7941e`
SHA3	`39141e87c8e4ebf6289117b5cca755746d7092cfe28b19e092ebcddb1ce267f8`
SSDeep	`49152:5Gtlq/LVwASOjkNRLR3DLK/Bea0USpizyBfTyvT75KQMdWJ9qX7XtiFD6bbXCsU:ebtZicMYzX0DcG5lp+OjFlFXPw`
Imports Hash	`7b414fcb1efab9cbb547586e843d3037`

DOS Header

e_magic	`MZ`
e_cblp	`0x78`
e_cp	`0x1`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0`
e_ss	`0`
e_sp	`0`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x78`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`9`
TimeDateStamp	2026-Feb-12 16:27:03
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x3f8e00`
SizeOfInitializedData	`0x1d5800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000003C6A7C (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xbac000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`2ab9f4dd412f9e0e88f28d89132d4fed`
SHA1	`913bed10da92985f402ba6f61eb507992be7b523`
SHA256	`6d726197f4014f8bfa2177fbab4aac37b3d8ac0eeda68d53c8caf21161a81426`
SHA3	`1536c9095b621e56b4ad51a146ea2346cf662565a1508fd00e97f8896030e4a5`
VirtualSize	`0x3f8d66`
VirtualAddress	`0x1000`
SizeOfRawData	`0x3f8e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.68183`

.rdata

MD5	`67ac1dd0b5a7b684dc222d7bf035e5c1`
SHA1	`dac3475b19b5dbf9ee02590c4663bf54c527c4cc`
SHA256	`a65d58ffee43a033fefbb6d57500b7f827a7e1264437de6d1c39a4ee028f76ff`
SHA3	`0c4428f41c02fbf8a72863419949a8aad47a0e9d4c3ddcbd5af89a47c760c3df`
VirtualSize	`0x166974`
VirtualAddress	`0x3fa000`
SizeOfRawData	`0x166a00`
PointerToRawData	`0x3f9200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.69388`

.data

MD5	`e9bcb64cfdb0706ac6507b77ad181c33`
SHA1	`e2750013bee35a5b100d1a9c2ad3a36597623d56`
SHA256	`8037aeae8efa938059269e6d6aad03047eabf2e7385e56659d354335d1f7edd8`
SHA3	`2e7610ad86431af439a9b94618868e7c2ca76abd79eb03f27d1afcb89fec8f3b`
VirtualSize	`0x5ed2fc`
VirtualAddress	`0x561000`
SizeOfRawData	`0x14e00`
PointerToRawData	`0x55fc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.20252`

.pdata

MD5	`6d09c298ae11ac094148334ccde2755d`
SHA1	`c8cfcd8ccf817248915705073ea1b6fdf9f6aea6`
SHA256	`f3b9850b17a4b0ff1b6056306a2281b5fee1546075da9aedef7816a0341a13e5`
SHA3	`59086b314d4740f670d6b8dade109691d8b33c76d963162b642f32df63d42ab8`
VirtualSize	`0x25530`
VirtualAddress	`0xb4f000`
SizeOfRawData	`0x25600`
PointerToRawData	`0x574a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.26778`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x100`
VirtualAddress	`0xb75000`
SizeOfRawData	`0x200`
PointerToRawData	`0x59a000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.odinti

MD5	`694bc9cb23f98f3d5c0466e1a2980340`
SHA1	`87ac39336793ad363bcef12f162589fd711f6016`
SHA256	`e6cf228d4dbf7548bed5b2a31cf908cfaddfb5e3eb40d21b915f6d602a795d77`
SHA3	`cc668d2163545b05eca3e802c720d5ec8afe434f5c2dada497c410a54e30df4d`
VirtualSize	`0x23d38`
VirtualAddress	`0xb76000`
SizeOfRawData	`0x23e00`
PointerToRawData	`0x59a200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.64118`

.tls

MD5	`c99a74c555371a433d121f551d6c6398`
SHA1	`605db3fdbaff4ba13729371ad0c4fbab3889378e`
SHA256	`e5a00aa9991ac8a5ee3109844d84a55583bd20572ad3ffcd42792f3c36b183ad`
SHA3	`463c61ad03873aa9e82581205205acc3d3c8346c7037c43e4e241ee529f2dc27`
VirtualSize	`0x629`
VirtualAddress	`0xb9a000`
SizeOfRawData	`0x800`
PointerToRawData	`0x5be000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

_RDATA

MD5	`566dbddbf5e65b39a7cff0797f428219`
SHA1	`00973d4bd27cd23401de1cf60e882292282aef0f`
SHA256	`714e3ddf9459b757c485be080f198efe6ac21132e0f228fe5024f6380dfa4837`
SHA3	`075a653707f9f2678bb89f2250248ac7757bf217c0ba71d6cd88010c0577e252`
VirtualSize	`0x1f4`
VirtualAddress	`0xb9b000`
SizeOfRawData	`0x200`
PointerToRawData	`0x5be800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.1668`

.reloc

MD5	`61187b5797d358e3d72c66edbe060d53`
SHA1	`af668d9efffecc81236e1abe8be60e1c6af57152`
SHA256	`6ec80a85b6adebe50f0868c0de2f577d279cd8eb92d7ca80d174d126b8a0eb12`
SHA3	`605a5b06f80c18d599b7c9001869c6f3d6315219e59e712f3f25502caf05f210`
VirtualSize	`0xfe68`
VirtualAddress	`0xb9c000`
SizeOfRawData	`0x10000`
PointerToRawData	`0x5bea00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.45556`

Imports

USER32.dll	`BeginPaint` `CloseClipboard` `CreateWindowExA` `CreateWindowExW` `DefWindowProcA` `DefWindowProcW` `DestroyWindow` `DispatchMessageW` `DrawTextW` `EndPaint` `EnumChildWindows` `EnumWindows` `FillRect` `FindWindowExA` `GetAsyncKeyState` `GetClientRect` `GetClipboardData` `GetClipboardSequenceNumber` `GetCursorPos` `GetDesktopWindow` `GetMessageW` `GetProcessWindowStation` `GetRawInputData` `GetSystemMetrics` `GetUserObjectInformationW` `GetWindowLongA` `GetWindowLongPtrA` `GetWindowLongPtrW` `GetWindowLongW` `GetWindowPlacement` `GetWindowRect` `GetWindowTextW` `GetWindowThreadProcessId` `InvalidateRect` `LoadCursorA` `LoadIconA` `MessageBoxW` `OpenClipboard` `PeekMessageW` `PostMessageW` `PostQuitMessage` `RegisterClassA` `RegisterClassExW` `RegisterRawInputDevices` `SetActiveWindow` `SetFocus` `SetLayeredWindowAttributes` `SetParent` `SetWindowLongA` `SetWindowLongPtrA` `SetWindowLongPtrW` `SetWindowLongW` `SetWindowPos` `SetWindowTextW` `ShowWindow` `TranslateMessage` `UpdateWindow`
WS2_32.dll	`WSACleanup` `WSAGetLastError` `WSAIoctl` `WSASetLastError` `WSAStartup` `__WSAFDIsSet` `accept` `bind` `closesocket` `connect` `freeaddrinfo` `getaddrinfo` `gethostbyaddr` `gethostbyname` `gethostname` `getnameinfo` `getpeername` `getservbyname` `getservbyport` `getsockname` `getsockopt` `htonl` `htons` `inet_addr` `inet_ntoa` `inet_ntop` `ioctlsocket` `listen` `ntohl` `ntohs` `recv` `recvfrom` `select` `send` `sendto` `setsockopt` `shutdown` `socket`
GDI32.dll	`CreateFontW` `CreateSolidBrush` `DeleteObject` `SelectObject` `SetBkMode` `SetTextColor`
ADVAPI32.dll	`CryptAcquireContextW` `CryptGenRandom` `CryptReleaseContext` `DeregisterEventSource` `RegCloseKey` `RegEnumKeyW` `RegGetValueW` `RegOpenKeyExW` `RegQueryValueExW` `RegisterEventSourceW` `ReportEventW`
SHELL32.dll	`CommandLineToArgvW` `ShellExecuteA`
KERNEL32.dll	`AcquireSRWLockExclusive` `AcquireSRWLockShared` `CloseHandle` `CompareStringW` `ConvertFiberToThread` `ConvertThreadToFiberEx` `CopyFileW` `CreateDirectoryW` `CreateEventA` `CreateFiberEx` `CreateFileA` `CreateFileW` `CreatePipe` `CreateProcessA` `CreateProcessW` `CreateSemaphoreA` `CreateThread` `CreateToolhelp32Snapshot` `DeleteCriticalSection` `DeleteFiber` `DeleteFileW` `DuplicateHandle` `EncodePointer` `EnterCriticalSection` `ExitProcess` `ExitThread` `ExpandEnvironmentStringsA` `FileTimeToSystemTime` `FindClose` `FindFirstFileExW` `FindFirstFileW` `FindNextFileW` `FlsAlloc` `FlsFree` `FlsGetValue` `FlsSetValue` `FlushFileBuffers` `FormatMessageA` `FreeEnvironmentStringsW` `FreeLibrary` `FreeLibraryAndExitThread` `GetACP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `GetConsoleMode` `GetConsoleOutputCP` `GetCurrentDirectoryW` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThread` `GetCurrentThreadId` `GetDateFormatW` `GetDriveTypeW` `GetEnvironmentStringsW` `GetEnvironmentVariableW` `GetExitCodeProcess` `GetExitCodeThread` `GetFileAttributesA` `GetFileAttributesExW` `GetFileAttributesW` `GetFileInformationByHandle` `GetFileInformationByHandleEx` `GetFileSizeEx` `GetFileType` `GetFinalPathNameByHandleW` `GetFullPathNameW` `GetLastError` `GetLogicalProcessorInformation` `GetLongPathNameW` `GetModuleFileNameW` `GetModuleHandleA` `GetModuleHandleExW` `GetModuleHandleW` `GetOEMCP` `GetProcAddress` `GetProcessHeap` `GetProcessTimes` `GetProductInfo` `GetStartupInfoW` `GetStdHandle` `GetStringTypeW` `GetSystemDirectoryA` `GetSystemInfo` `GetSystemTime` `GetSystemTimeAsFileTime` `GetSystemTimePreciseAsFileTime` `GetThreadTimes` `GetTimeFormatW` `GetTimeZoneInformation` `GetVersion` `GlobalLock` `GlobalMemoryStatusEx` `GlobalUnlock` `HeapAlloc` `HeapFree` `HeapReAlloc` `HeapSize` `InitializeConditionVariable` `InitializeCriticalSection` `InitializeCriticalSectionEx` `InitializeSListHead` `InitializeSRWLock` `IsDebuggerPresent` `IsProcessorFeaturePresent` `IsValidCodePage` `IsWow64Process` `LCMapStringW` `LeaveCriticalSection` `LoadLibraryA` `LoadLibraryExW` `LoadLibraryW` `LockFileEx` `MoveFileExW` `MultiByteToWideChar` `OpenProcess` `OutputDebugStringW` `PeekNamedPipe` `Process32First` `Process32Next` `QueryPerformanceCounter` `QueryPerformanceFrequency` `RaiseException` `ReadConsoleA` `ReadConsoleW` `ReadDirectoryChangesW` `ReadFile` `ReleaseSRWLockExclusive` `ReleaseSRWLockShared` `ReleaseSemaphore` `RemoveDirectoryW` `ResumeThread` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlPcToFileHeader` `RtlUnwind` `RtlUnwindEx` `RtlVirtualUnwind` `SetConsoleCtrlHandler` `SetConsoleMode` `SetEndOfFile` `SetEnvironmentVariableA` `SetEnvironmentVariableW` `SetEvent` `SetFileAttributesW` `SetFilePointer` `SetFilePointerEx` `SetHandleInformation` `SetLastError` `SetStdHandle` `SetThreadPriority` `SetUnhandledExceptionFilter` `Sleep` `SleepConditionVariableCS` `SwitchToFiber` `SystemTimeToFileTime` `SystemTimeToTzSpecificLocalTime` `TerminateProcess` `TerminateThread` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `UnhandledExceptionFilter` `VirtualFree` `VirtualProtect` `WaitForSingleObject` `WakeConditionVariable` `WideCharToMultiByte` `WriteConsoleW` `WriteFile`
bcrypt.dll	`BCryptGenRandom`
ntdll.dll	`RtlGetVersion` `RtlNtStatusToDosError` `RtlWaitOnAddress`
DNSAPI.dll	`DnsQuery_UTF8` `DnsRecordListFree`
ole32.dll	`CoInitializeEx` `CoTaskMemFree` `CoUninitialize`
CRYPT32.dll	`CertCloseStore` `CertFindCertificateInStore` `CertFreeCertificateContext` `CertOpenSystemStoreW`

Delayed Imports

webui_bind

Ordinal	`1`
Address	`0x173520`

webui_browser_exist

Ordinal	`2`
Address	`0x173f00`

webui_clean

Ordinal	`3`
Address	`0x176060`

webui_close

Ordinal	`4`
Address	`0x173fb0`

webui_close_client

Ordinal	`5`
Address	`0x174190`

webui_decode

Ordinal	`6`
Address	`0x174e20`

webui_delete_all_profiles

Ordinal	`7`
Address	`0x176080`

webui_delete_profile

Ordinal	`8`
Address	`0x1760e0`

webui_destroy

Ordinal	`9`
Address	`0x174240`

webui_encode

Ordinal	`10`
Address	`0x174d70`

webui_exit

Ordinal	`11`
Address	`0x174500`

webui_free

Ordinal	`12`
Address	`0x174ed0`

webui_get_best_browser

Ordinal	`13`
Address	`0x173800`

webui_get_bool

Ordinal	`14`
Address	`0x177140`

webui_get_bool_at

Ordinal	`15`
Address	`0x1770b0`

webui_get_child_process_id

Ordinal	`16`
Address	`0x1761f0`

webui_get_context

Ordinal	`17`
Address	`0x173760`

webui_get_count

Ordinal	`18`
Address	`0x176dd0`

webui_get_float

Ordinal	`19`
Address	`0x176f80`

webui_get_float_at

Ordinal	`20`
Address	`0x176f00`

webui_get_free_port

Ordinal	`21`
Address	`0x176480`

webui_get_hwnd

Ordinal	`22`
Address	`0x176380`

webui_get_int

Ordinal	`23`
Address	`0x176ee0`

webui_get_int_at

Ordinal	`24`
Address	`0x176e60`

webui_get_last_error_message

Ordinal	`25`
Address	`0x1776f0`

webui_get_last_error_number

Ordinal	`26`
Address	`0x1776e0`

webui_get_mime_type

Ordinal	`27`
Address	`0x176740`

webui_get_new_window_id

Ordinal	`28`
Address	`0x173460`

webui_get_parent_process_id

Ordinal	`29`
Address	`0x176190`

webui_get_port

Ordinal	`30`
Address	`0x1763a0`

webui_get_size

Ordinal	`31`
Address	`0x177210`

webui_get_size_at

Ordinal	`32`
Address	`0x177160`

webui_get_string

Ordinal	`33`
Address	`0x177090`

webui_get_string_at

Ordinal	`34`
Address	`0x176fa0`

webui_get_url

Ordinal	`35`
Address	`0x175cb0`

webui_interface_bind

Ordinal	`36`
Address	`0x177700`

webui_interface_close_client

Ordinal	`37`
Address	`0x177d50`

webui_interface_get_bool_at

Ordinal	`38`
Address	`0x177b60`

webui_interface_get_float_at

Ordinal	`39`
Address	`0x177ad0`

webui_interface_get_int_at

Ordinal	`40`
Address	`0x177a40`

webui_interface_get_size_at

Ordinal	`41`
Address	`0x177bf0`

webui_interface_get_string_at

Ordinal	`42`
Address	`0x1779b0`

webui_interface_get_window_id

Ordinal	`43`
Address	`0x177950`

webui_interface_is_app_running

Ordinal	`44`
Address	`0x1778f0`

webui_interface_navigate_client

Ordinal	`45`
Address	`0x177ef0`

webui_interface_run_client

Ordinal	`46`
Address	`0x177fb0`

webui_interface_script_client

Ordinal	`47`
Address	`0x178070`

webui_interface_send_raw_client

Ordinal	`48`
Address	`0x177e10`

webui_interface_set_response

Ordinal	`49`
Address	`0x1777d0`

webui_interface_set_response_file_handler

Ordinal	`50`
Address	`0x174ae0`

webui_interface_show_client

Ordinal	`51`
Address	`0x177c80`

webui_is_high_contrast

Ordinal	`52`
Address	`0x173e20`

webui_is_shown

Ordinal	`53`
Address	`0x174b90`

webui_malloc

Ordinal	`54`
Address	`0x174f10`

webui_maximize

Ordinal	`55`
Address	`0x174110`

webui_memcpy

Ordinal	`56`
Address	`0x174f50`

webui_minimize

Ordinal	`57`
Address	`0x174090`

webui_navigate

Ordinal	`58`
Address	`0x175e80`

webui_navigate_client

Ordinal	`59`
Address	`0x175f90`

webui_new_window

Ordinal	`60`
Address	`0x173260`

webui_new_window_id

Ordinal	`61`
Address	`0x173280`

webui_open_url

Ordinal	`62`
Address	`0x175de0`

webui_return_bool

Ordinal	`63`
Address	`0x1775b0`

webui_return_float

Ordinal	`64`
Address	`0x177350`

webui_return_int

Ordinal	`65`
Address	`0x177230`

webui_return_string

Ordinal	`66`
Address	`0x177470`

webui_run

Ordinal	`67`
Address	`0x1767c0`

webui_run_client

Ordinal	`68`
Address	`0x176870`

webui_script

Ordinal	`69`
Address	`0x176940`

webui_script_client

Ordinal	`70`
Address	`0x176a70`

webui_send_raw

Ordinal	`71`
Address	`0x174fa0`

webui_send_raw_client

Ordinal	`72`
Address	`0x175190`

webui_set_browser_folder

Ordinal	`73`
Address	`0x1747e0`

webui_set_center

Ordinal	`74`
Address	`0x1758f0`

webui_set_close_handler_wv

Ordinal	`75`
Address	`0x174950`

webui_set_config

Ordinal	`76`
Address	`0x1764d0`

webui_set_context

Ordinal	`77`
Address	`0x1736d0`

webui_set_custom_parameters

Ordinal	`78`
Address	`0x173c60`

webui_set_default_root_folder

Ordinal	`79`
Address	`0x174840`

webui_set_event_blocking

Ordinal	`80`
Address	`0x1765f0`

webui_set_file_handler

Ordinal	`81`
Address	`0x1749c0`

webui_set_file_handler_window

Ordinal	`82`
Address	`0x174a50`

webui_set_frameless

Ordinal	`83`
Address	`0x176660`

webui_set_hide

Ordinal	`84`
Address	`0x1753b0`

webui_set_high_contrast

Ordinal	`85`
Address	`0x173d30`

webui_set_icon

Ordinal	`86`
Address	`0x174c40`

webui_set_kiosk

Ordinal	`87`
Address	`0x173bf0`

webui_set_logger

Ordinal	`88`
Address	`0x1764a0`

webui_set_minimum_size

Ordinal	`89`
Address	`0x175620`

webui_set_port

Ordinal	`90`
Address	`0x176400`

webui_set_position

Ordinal	`91`
Address	`0x1756e0`

webui_set_profile

Ordinal	`92`
Address	`0x175a60`

webui_set_proxy

Ordinal	`93`
Address	`0x175ba0`

webui_set_public

Ordinal	`94`
Address	`0x175e10`

webui_set_resizable

Ordinal	`95`
Address	`0x173db0`

webui_set_root_folder

Ordinal	`96`
Address	`0x1746a0`

webui_set_runtime

Ordinal	`97`
Address	`0x176d30`

webui_set_size

Ordinal	`98`
Address	`0x175420`

webui_set_timeout

Ordinal	`99`
Address	`0x174bf0`

webui_set_tls_certificate

Ordinal	`100`
Address	`0x176770`

webui_set_transparent

Ordinal	`101`
Address	`0x1766d0`

webui_show

Ordinal	`102`
Address	`0x173860`

webui_show_browser

Ordinal	`103`
Address	`0x173990`

webui_show_client

Ordinal	`104`
Address	`0x1738f0`

webui_show_wv

Ordinal	`105`
Address	`0x173b60`

webui_start_server

Ordinal	`106`
Address	`0x173a90`

webui_wait

Ordinal	`107`
Address	`0x173f20`

webui_wait_async

Ordinal	`108`
Address	`0x173f60`

webui_win32_get_hwnd

Ordinal	`109`
Address	`0x176250`

Version Info

TLS Callbacks

StartAddressOfRawData	`0x140b9a000`
EndAddressOfRawData	`0x140b9a628`
AddressOfIndex	`0x140b4e2f8`
AddressOfCallbacks	`0x14053cbd8`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140571bc0`

RICH Header