Manalyze report for 92fc1b5a0992764f049beaff7383dcdd

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	1970-Jan-01 00:00:00
TLS Callbacks	3 callback(s) detected.

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: github.com`
Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryW` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Possibly launches other programs: CreateProcessW` `Can create temporary files: CreateFileW GetTempPathW` `Leverages the raw socket API to access the Internet: WSACleanup WSADuplicateSocketW WSAGetLastError WSASocketW WSAStartup accept bind closesocket connect freeaddrinfo getaddrinfo getpeername getsockname getsockopt ioctlsocket listen recv recvfrom select send sendto setsockopt shutdown` `Functions related to the privilege level: OpenProcessToken` `Manipulates other processes: OpenProcess`
Malicious	The file contains overlay data.	`29202483 bytes of data starting at offset 0x138200.` `The file contains a GZip Compressed Archive after the PE data.` `Overlay data amounts for 95.8057% of the executable.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`92fc1b5a0992764f049beaff7383dcdd`
SHA1	`221d9968a2ce1665d3e71a86ba625cb8f62e4aa2`
SHA256	`a1be673f344571dd9aae9a0af9b13aa085ebe73c3a171d592e9a39f0e6436e6f`
SHA3	`b7813022168da84f7c128c29ff871618523550921e3bca0e302275259b9208f5`
SSDeep	`786432:TcRJ+XahE5GvQGPgQy5Ii3LviPFMBSGpeFXxe4RD1h:QRJmahKGv7IQy5UFMBZeZxBXh`
Imports Hash	`0452e1617ae6df117e1390fdb9a381be`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`10`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0xbd800`
SizeOfInitializedData	`0x7a600`
SizeOfUninitializedData	`0xc00`
AddressOfEntryPoint	`0x0000000000001500 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x13f000`
SizeOfHeaders	`0x400`
Checksum	`0x1d18e90`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a08f5001642826b40c745054275aa9c0`
SHA1	`9aba3eabf97446d1cb9bbdf32e9a8ccb4b072784`
SHA256	`27022f178fad8460f6927602c18312ce9df816f0729758e9178d7b3abf8db9ee`
SHA3	`f4bacca53b84d6e71f69e5703ed6fba565b37af4f503915d13fd28d0d8108c17`
VirtualSize	`0xbd6e0`
VirtualAddress	`0x1000`
SizeOfRawData	`0xbd800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.20937`

.data

MD5	`1851a12aa0b3505d8212da4607d230f8`
SHA1	`607f2cbba55c1056b4ebf3eb9dd047dfea5d0b66`
SHA256	`d0fd5d134f20aa8971398d6250b263a3b483df57c4927973db8441d05fb28a4c`
SHA3	`7042ce442291210c0607ef6f7a7c44fffc21fde93321f1a23903318fd185508d`
VirtualSize	`0xe0`
VirtualAddress	`0xbf000`
SizeOfRawData	`0x200`
PointerToRawData	`0xbdc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.885483`

.rdata

MD5	`c4d348eebc8dea4828a04439731ca994`
SHA1	`50e3681c4560c76a8c5f8dbb189abdc41fb9864f`
SHA256	`7f319a0fc3d93b92d0bfb9c28ffa3a55859454de03965943d01d269f724dc2fb`
SHA3	`46187c2071437e56f58ecd69e58de3c912a0a2d311f6a22bf64e9a2125452ed6`
VirtualSize	`0x2afa0`
VirtualAddress	`0xc0000`
SizeOfRawData	`0x2b000`
PointerToRawData	`0xbde00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.29837`

.pdata

MD5	`70f2be71e861ef1fed0cdc38ae0978b6`
SHA1	`7e3ea2723f52c2b4dad7cc769d965b11bc40589e`
SHA256	`7ac45fd0647c0c6f2160ce3009c88f4e0361dae554ee43586e1aa110120d93bf`
SHA3	`52937dfdf592ec7e209b04b703c09c5baa249a9b5ed0a1b07fdcd7214895698d`
VirtualSize	`0x7404`
VirtualAddress	`0xeb000`
SizeOfRawData	`0x7600`
PointerToRawData	`0xe8e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.88162`

.xdata

MD5	`a6cb57ee7c2aa366d3e73774737ce86e`
SHA1	`5984f9c8bc67169e5a32ae4b15f5a46c57eceea3`
SHA256	`16a6cca74caa70752bca0a68eca5f0a6effba30b94a90c96090d24d00e72e040`
SHA3	`920bb4ef15e8e26f685af70ebcee82ecdcc5cfcc2f5f118f4ea11e0358647c94`
VirtualSize	`0xe0c4`
VirtualAddress	`0xf3000`
SizeOfRawData	`0xe200`
PointerToRawData	`0xf0400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.34735`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xb3c`
VirtualAddress	`0x102000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`cdebfb3103020c21304dc382ee4f2560`
SHA1	`02ee8f41b77d01cfde9ec3d716738fee293068e8`
SHA256	`f1b1e2f60fb73b6384dc3629c03dfee52a707d6615861373cf9e421a50ab97d8`
SHA3	`c9fa30557ca46b61080df4d8761bb8928f412aac308403198900527e671dbabd`
VirtualSize	`0x1cb8`
VirtualAddress	`0x103000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0xfe600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.45097`

.CRT

MD5	`4a5f455cbffa6c9cec6498581ffc23b7`
SHA1	`5ac0c38b2eefadfa87199952ddee7fff0bc673af`
SHA256	`f5f715f1cc988929c02202605308c0ca1912feb6d8d6dbc9bc541d809eca50df`
SHA3	`473f343cf19fd864034e271229e9f67fba64de4e045d8fc576e0fb77d5386425`
VirtualSize	`0x70`
VirtualAddress	`0x105000`
SizeOfRawData	`0x200`
PointerToRawData	`0x100400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.337406`

.tls

MD5	`927ca2f24c0212b3b5c51eb9e0a0308e`
SHA1	`80e234c914322855bfcda1c939f195b2ecc2c857`
SHA256	`5517d806ed4830125f9e1f29f0ac3e890bb7ef644aa651518f087a8ea02b8879`
SHA3	`d365e9a213f31ff7f2cc596b38ccefcd5f1dc517c3042b855a2df9a03db5f9ef`
VirtualSize	`0x68`
VirtualAddress	`0x106000`
SizeOfRawData	`0x200`
PointerToRawData	`0x100600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.192057`

.rsrc

MD5	`f250832724a442f318f57e2a636b5ba4`
SHA1	`81a588f1e5b49854aff45331b9af19b29cb13cdf`
SHA256	`6c7fafefb5a2c18fe6dcf8aa0823d56a90a6d453c6ef35299c364d0e1a18472b`
SHA3	`b5c5d72eb44376e20cc86c954ac6a52fac4125b0e882ea93130773c77f5d7e96`
VirtualSize	`0x378f0`
VirtualAddress	`0x107000`
SizeOfRawData	`0x37a00`
PointerToRawData	`0x100800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.50013`

Imports

ADVAPI32.dll	`OpenProcessToken` `SystemFunction036`
KERNEL32.dll	`AddVectoredExceptionHandler` `CancelIo` `CloseHandle` `CopyFileExW` `CreateDirectoryW` `CreateEventW` `CreateFileW` `CreateHardLinkW` `CreateNamedPipeW` `CreateProcessW` `CreateThread` `DeleteCriticalSection` `DeleteFileW` `DeviceIoControl` `DuplicateHandle` `EnterCriticalSection` `ExitProcess` `FileTimeToSystemTime` `FindClose` `FindFirstFileW` `FindNextFileW` `FlushFileBuffers` `FormatMessageW` `FreeEnvironmentStringsW` `FreeLibrary` `GetCommandLineW` `GetConsoleMode` `GetCurrentDirectoryW` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThread` `GetEnvironmentStringsW` `GetEnvironmentVariableW` `GetExitCodeProcess` `GetFileInformationByHandle` `GetLastError` `GetModuleFileNameW` `GetModuleHandleW` `GetOverlappedResult` `GetProcAddress` `GetProcessHeap` `GetProcessId` `GetStartupInfoA` `GetStdHandle` `GetSystemTimeAsFileTime` `GetTempPathW` `GetTimeZoneInformation` `HeapAlloc` `HeapFree` `HeapReAlloc` `InitializeCriticalSection` `LeaveCriticalSection` `LoadLibraryW` `LocalFree` `MoveFileExW` `OpenProcess` `QueryPerformanceCounter` `QueryPerformanceFrequency` `RaiseException` `ReadConsoleW` `ReadFile` `RemoveDirectoryW` `RtlCaptureContext` `RtlUnwindEx` `SetCurrentDirectoryW` `SetEnvironmentVariableW` `SetFileAttributesW` `SetFilePointerEx` `SetFileTime` `SetHandleInformation` `SetLastError` `SetUnhandledExceptionFilter` `Sleep` `SwitchToThread` `SystemTimeToFileTime` `SystemTimeToTzSpecificLocalTime` `TerminateProcess` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TryEnterCriticalSection` `TzSpecificLocalTimeToSystemTime` `WaitForMultipleObjects` `WaitForSingleObject` `WideCharToMultiByte` `WriteConsoleW` `WriteFile` `lstrlenW`
ole32.dll	`CoTaskMemFree`
SHELL32.dll	`CommandLineToArgvW` `SHGetKnownFolderPath`
KERNEL32.dll (#2)	`AddVectoredExceptionHandler` `CancelIo` `CloseHandle` `CopyFileExW` `CreateDirectoryW` `CreateEventW` `CreateFileW` `CreateHardLinkW` `CreateNamedPipeW` `CreateProcessW` `CreateThread` `DeleteCriticalSection` `DeleteFileW` `DeviceIoControl` `DuplicateHandle` `EnterCriticalSection` `ExitProcess` `FileTimeToSystemTime` `FindClose` `FindFirstFileW` `FindNextFileW` `FlushFileBuffers` `FormatMessageW` `FreeEnvironmentStringsW` `FreeLibrary` `GetCommandLineW` `GetConsoleMode` `GetCurrentDirectoryW` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThread` `GetEnvironmentStringsW` `GetEnvironmentVariableW` `GetExitCodeProcess` `GetFileInformationByHandle` `GetLastError` `GetModuleFileNameW` `GetModuleHandleW` `GetOverlappedResult` `GetProcAddress` `GetProcessHeap` `GetProcessId` `GetStartupInfoA` `GetStdHandle` `GetSystemTimeAsFileTime` `GetTempPathW` `GetTimeZoneInformation` `HeapAlloc` `HeapFree` `HeapReAlloc` `InitializeCriticalSection` `LeaveCriticalSection` `LoadLibraryW` `LocalFree` `MoveFileExW` `OpenProcess` `QueryPerformanceCounter` `QueryPerformanceFrequency` `RaiseException` `ReadConsoleW` `ReadFile` `RemoveDirectoryW` `RtlCaptureContext` `RtlUnwindEx` `SetCurrentDirectoryW` `SetEnvironmentVariableW` `SetFileAttributesW` `SetFilePointerEx` `SetFileTime` `SetHandleInformation` `SetLastError` `SetUnhandledExceptionFilter` `Sleep` `SwitchToThread` `SystemTimeToFileTime` `SystemTimeToTzSpecificLocalTime` `TerminateProcess` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TryEnterCriticalSection` `TzSpecificLocalTimeToSystemTime` `WaitForMultipleObjects` `WaitForSingleObject` `WideCharToMultiByte` `WriteConsoleW` `WriteFile` `lstrlenW`
msvcrt.dll	`__C_specific_handler` `__dllonexit` `__doserrno` `__getmainargs` `__initenv` `__iob_func` `__lconv_init` `__pioinfo` `__set_app_type` `__setusermatherr` `_acmdln` `_amsg_exit` `_cexit` `_errno` `_exit` `_filelengthi64` `_fileno` `_fmode` `_initterm` `_localtime64` `_lock` `_lseeki64` `_mktime64` `_onexit` `_stat64` `_time64` `_unlock` `_utime64` `_vsnprintf` `_write` `abort` `atoi` `bsearch` `calloc` `exit` `fclose` `fflush` `fgetpos` `fopen_s` `fprintf` `fread` `free` `freopen_s` `fsetpos` `fwprintf` `fwrite` `malloc` `memcmp` `memcpy` `memmove` `memset` `raise` `realloc` `remove` `signal` `strcmp` `strlen` `strncmp` `vfprintf` `wcscpy` `_snwprintf` `_read` `_open` `_lseek` `_getpid` `_close`
USER32.dll	`MessageBoxW`
USERENV.dll	`GetUserProfileDirectoryW`
WS2_32.dll	`WSACleanup` `WSADuplicateSocketW` `WSAGetLastError` `WSASocketW` `WSAStartup` `accept` `bind` `closesocket` `connect` `freeaddrinfo` `getaddrinfo` `getpeername` `getsockname` `getsockopt` `ioctlsocket` `listen` `recv` `recvfrom` `select` `send` `sendto` `setsockopt` `shutdown`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x37828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.49297`
MD5	`ed8451ea997abedf12d38b5343fce3a7`
SHA1	`b67238552751556727b0d0e64b9660189c66f622`
SHA256	`7268904a13566c378cc1f66c08554f3f54fc8ec71aa15c107f4c71bb8dfaa5d7`
SHA3	`274d6951ba7f4434bcb1f1b501ad8a9e5835550583e4b4d6aa7bdcf0affadb2b`

LOGO_ICO

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Icon file
MD5	`70e11dadfcff862af78d67c38d1614b2`
SHA1	`daa4acbd0eae9d0e2b3d4359e4001dbf711e781d`
SHA256	`3f6625b1641264fcf45861846f28eafda4defb4294d186c5289c5dee3dceb611`
SHA3	`23d92f4a82af46676efd7fe001357a5d04d4cd2005693b7e0a0da4aa476ff3a7`

Version Info

TLS Callbacks

StartAddressOfRawData	`0x506000`
EndAddressOfRawData	`0x506060`
AddressOfIndex	`0x5027bc`
AddressOfCallbacks	`0x505040`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x0000000000452F60` `0x00000000004A5C50` `0x00000000004A5C20`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!