Manalyze report for a9ccc106a2d180d97fb379f30216f96615517b6cc5e951309b34fc79db68c748

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-Mar-25 02:41:53
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Info	Interesting strings found in the binary:	`Contains domain names: github.com https://github.com`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Possibly launches other programs: ShellExecuteW system` `Uses functions commonly found in keyloggers: GetForegroundWindow GetAsyncKeyState` `Leverages the raw socket API to access the Internet: WSAStartup closesocket WSACleanup WSAGetLastError bind htons inet_addr socket recvfrom sendto setsockopt` `Reads the contents of the clipboard: GetClipboardData`
Malicious	VirusTotal score: 5/72 (Scanned on 2026-03-25 02:42:30)	`APEX: Malicious` `Bkav: W64.AIDetectMalware` `CrowdStrike: win/malicious_confidence_70% (D)` `Microsoft: Program:Win32/Wacapew.C!ml` `Symantec: ML.Attribute.HighConfidence`

Hashes

MD5	`ce380957aed9d86be22f65e5a220dfaa`
SHA1	`47d0c2c41d4e90d8f661905025d7758996eb984a`
SHA256	`a9ccc106a2d180d97fb379f30216f96615517b6cc5e951309b34fc79db68c748`
SHA3	`fd49743a5dce31eb55a13b88309f5edb4998387dce56b9b197300b02c9fe7e5c`
SSDeep	`49152:VuPeiu9ryjkRDG7iD2dqE8LpPqH/ZlEqING7KSMXbY6fmUKxnnkS3mfhmv:Vuu1ywRDIBdwLpiH/Zl1Ik73oW3mfk`
Imports Hash	`2129648c0dc51a4744d56f7c546a3706`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2026-Mar-25 02:41:53
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x60b000`
SizeOfInitializedData	`0x84600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000600F2C (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x693000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`aacc73812e3da854358c6fdc34b3a18c`
SHA1	`aba8aceec3978ac800871cb280a2283968e05123`
SHA256	`740fe4455957ee1c08767f5a16940126a75dda7bfabc0e1af936e4a76a183c23`
SHA3	`1a2ca01f9b329d0a023ee365ecaddf43d9259306e3495dea597fb790c9831cae`
VirtualSize	`0x60af77`
VirtualAddress	`0x1000`
SizeOfRawData	`0x60b000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.5737`

.rdata

MD5	`8162989ac48fdfd9899703a0bbbc1b9f`
SHA1	`5ae1d86bf71680adf5dfedf94911947cbcaf4746`
SHA256	`30e1efe4ac7bf55fc501e7a2e9529dfe3c24153de63fdec5b9c2ae2fe83fe307`
SHA3	`857653aefceaec1051ef62d83b4a80da49aada3e5b3d20dc5523b8de8c2580b5`
VirtualSize	`0x2aaa4`
VirtualAddress	`0x60c000`
SizeOfRawData	`0x2ac00`
PointerToRawData	`0x60b400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.02844`

.data

MD5	`edb80a90636e2f13daf9020a1ce46901`
SHA1	`a6050a3596c485971e7e82e71a38a818423bd1cb`
SHA256	`2574d80c220b47e338adbf0484b150d2803fe9c5000e6bf35863f56e85723f64`
SHA3	`d2bf2309ffc6948f867fdf7631f2c7e9c26db6c0693d1a0bce647f6f728081f6`
VirtualSize	`0x52120`
VirtualAddress	`0x637000`
SizeOfRawData	`0x50800`
PointerToRawData	`0x636000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.96981`

.pdata

MD5	`f57f26d139fec625f338762b0273b732`
SHA1	`dd3de86132bfc9283fb4582b8193504c9ac1ee2d`
SHA256	`59af9d3ff5a909273c3d36dc21df0e9e78848dfab24f6dc2e0d9bda7eae1dbdb`
SHA3	`02335b48821522025f2477daa7e534e6125a8f28d0f6b68dd580303a32b4b532`
VirtualSize	`0x6ed0`
VirtualAddress	`0x68a000`
SizeOfRawData	`0x7000`
PointerToRawData	`0x686800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.05074`

.rsrc

MD5	`a57ccc2b12e6563be0ee04bb83432577`
SHA1	`ce5cc6fd9785602cd0650f8e113bfb074ba8c8e7`
SHA256	`40913fe8cd4c5c3303cebf479497b9ca0acc5e6ac66d22f84c454bb066c98116`
SHA3	`da8de964262ad0a0db5e53cf92ce05d7b56901fbc03ff9f14b2de2306360fda3`
VirtualSize	`0x1e0`
VirtualAddress	`0x691000`
SizeOfRawData	`0x200`
PointerToRawData	`0x68d800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.70733`

.reloc

MD5	`539e8121c0d7c7a49d8089f5112aef9d`
SHA1	`032ca24cad13ed5b1919b97ffd1ddf94d4b79023`
SHA256	`2d7fe85bc9b87bfbd56334b3404077b0c0b30f463e88e6307f358b4dbf75068d`
SHA3	`0e812b8cb1541eeb0ac87b922ff8d58e36ab64487c913e74c2baa76fc4e18f16`
VirtualSize	`0x4e4`
VirtualAddress	`0x692000`
SizeOfRawData	`0x600`
PointerToRawData	`0x68da00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.87098`

Imports

d3d11.dll	`D3D11CreateDeviceAndSwapChain`
VMM.dll	`VMMDLL_WinReg_QueryValueExU` `VMMDLL_PdbSymbolAddress` `VMMDLL_PdbLoad` `VMMDLL_ProcessGetModuleBaseU` `VMMDLL_ProcessGetInformationAll` `VMMDLL_PidGetFromName` `VMMDLL_Map_GetPhysMem` `VMMDLL_Map_GetEATU` `VMMDLL_Map_GetModuleFromNameW` `VMMDLL_Scatter_CloseHandle` `VMMDLL_Initialize` `VMMDLL_Close` `VMMDLL_MemFree` `VMMDLL_MemReadEx` `VMMDLL_Scatter_Initialize`
KERNEL32.dll	`GetLastError` `AreFileApisANSI` `SetFileInformationByHandle` `GetFileAttributesExW` `FindNextFileW` `FindFirstFileExW` `FindFirstFileW` `FindClose` `ReleaseMutex` `WaitForSingleObject` `CreateMutexA` `Sleep` `CreateThread` `CreateFileA` `ReadFile` `CloseHandle` `GetTickCount64` `WriteFile` `GetTickCount` `ClearCommError` `SetupComm` `GetCommState` `PurgeComm` `SetCommMask` `SetCommState` `SetCommTimeouts` `GlobalAlloc` `GlobalLock` `GlobalFree` `MultiByteToWideChar` `WideCharToMultiByte` `QueryPerformanceCounter` `QueryPerformanceFrequency` `FreeLibrary` `GetProcAddress` `LoadLibraryA` `GetLocaleInfoA` `CreateFileW` `CreateDirectoryW` `GetCurrentDirectoryW` `GetLocaleInfoEx` `FormatMessageA` `LocalFree` `GetCurrentThreadId` `SleepConditionVariableSRW` `AcquireSRWLockShared` `AcquireSRWLockExclusive` `ReleaseSRWLockShared` `ReleaseSRWLockExclusive` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `WakeAllConditionVariable` `RtlCaptureContext` `GetModuleHandleW` `TerminateProcess` `RtlLookupFunctionEntry` `IsProcessorFeaturePresent` `IsDebuggerPresent` `GetCurrentProcessId` `GetFileInformationByHandleEx` `GetSystemTimeAsFileTime` `GlobalUnlock` `InitializeSListHead`
USER32.dll	`SetCursor` `SetCursorPos` `TrackMouseEvent` `GetKeyboardLayout` `ClientToScreen` `ScreenToClient` `GetForegroundWindow` `IsWindowUnicode` `GetCursorPos` `GetClientRect` `GetAsyncKeyState` `GetMonitorInfoA` `EnumDisplayMonitors` `SendInput` `TranslateMessage` `DispatchMessageW` `PeekMessageW` `DefWindowProcW` `PostQuitMessage` `UnregisterClassW` `RegisterClassExW` `CreateWindowExW` `DestroyWindow` `ShowWindow` `SetWindowPos` `GetSystemMetrics` `ReleaseCapture` `SetCapture` `GetCapture` `GetKeyState` `GetMessageExtraInfo` `UpdateWindow` `LoadCursorA` `MonitorFromPoint` `GetMonitorInfoW` `OpenClipboard` `CloseClipboard` `SetClipboardData` `GetClipboardData` `EmptyClipboard`
SHELL32.dll	`ShellExecuteW`
ole32.dll	`CoCreateInstance` `CoInitializeEx` `CoUninitialize`
MSVCP140.dll	`??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `_Thrd_yield` `?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z` `?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z` `?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A` `?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ` `_Thrd_id` `_Thrd_join` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z` `?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `_Cnd_do_broadcast_at_thread_exit` `?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z` `?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z` `??0_Lockit@std@@QEAA@H@Z` `??1_Lockit@std@@QEAA@XZ` `?_Xbad_alloc@std@@YAXXZ` `?_Xinvalid_argument@std@@YAXPEBD@Z` `?_Xlength_error@std@@YAXPEBD@Z` `?_Xout_of_range@std@@YAXPEBD@Z` `_Mtx_lock` `_Mtx_unlock` `?_Throw_Cpp_error@std@@YAXH@Z` `?_Syserror_map@std@@YAPEBDH@Z` `?_Winerror_map@std@@YAHH@Z` `?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ` `?always_noconv@codecvt_base@std@@QEBA_NXZ` `?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ` `?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z` `?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z` `?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ` `?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ` `?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ` `?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z` `?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ` `?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z` `??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `?_Id_cnt@id@locale@std@@0HA` `?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `?uncaught_exceptions@std@@YAHXZ` `_Xtime_get_ticks` `_Query_perf_counter` `_Query_perf_frequency` `??Bios_base@std@@QEBA_NXZ` `?good@ios_base@std@@QEBA_NXZ` `?flags@ios_base@std@@QEBAHXZ` `?setf@ios_base@std@@QEAAHHH@Z` `?width@ios_base@std@@QEBA_JXZ` `?width@ios_base@std@@QEAA_J_J@Z` `?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z` `?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z` `?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ` `?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ` `?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ` `?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z` `??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z` `??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z`
WS2_32.dll	`WSAStartup` `closesocket` `WSACleanup` `WSAGetLastError` `bind` `htons` `inet_addr` `socket` `recvfrom` `sendto` `setsockopt`
IMM32.dll	`ImmReleaseContext` `ImmSetCompositionWindow` `ImmSetCandidateWindow` `ImmGetContext`
VCRUNTIME140.dll	`__C_specific_handler` `__current_exception_context` `__current_exception` `__std_exception_copy` `__std_exception_destroy` `_CxxThrowException` `strchr` `memchr` `memcmp` `memcpy` `memmove` `memset` `__std_terminate` `strstr`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
api-ms-win-crt-runtime-l1-1-0.dll	`_initialize_narrow_environment` `_initialize_onexit_table` `_register_onexit_function` `_crt_atexit` `_cexit` `_seh_filter_exe` `_set_app_type` `_get_initial_narrow_environment` `_initterm` `_initterm_e` `exit` `_exit` `_beginthreadex` `__p___argc` `__p___argv` `_c_exit` `_register_thread_local_exe_atexit_callback` `abort` `_invoke_watson` `system` `_configure_narrow_argv` `_errno` `terminate`
api-ms-win-crt-string-l1-1-0.dll	`strncpy_s` `strncpy` `wcslen` `strlen` `tolower` `toupper` `isxdigit` `strncmp` `strcmp`
api-ms-win-crt-math-l1-1-0.dll	`roundf` `powf` `sqrtf` `acosf` `ceilf` `cosf` `sinf` `fmodf` `__setusermatherr`
api-ms-win-crt-heap-l1-1-0.dll	`free` `malloc` `_callnewh` `_set_new_mode`
api-ms-win-crt-convert-l1-1-0.dll	`strtoul` `strtof` `strtol` `atof` `atoi`
api-ms-win-crt-stdio-l1-1-0.dll	`ftell` `fclose` `fseek` `fflush` `fgetc` `_wfopen` `fgetpos` `fputc` `fread` `fsetpos` `_get_stream_buffer_pointers` `__p__commode` `__stdio_common_vfprintf` `__acrt_iob_func` `fwrite` `setvbuf` `ungetc` `__stdio_common_vsprintf` `__stdio_common_vsprintf_s` `__stdio_common_vsscanf` `_set_fmode` `_fseeki64`
api-ms-win-crt-filesystem-l1-1-0.dll	`remove` `_lock_file` `_unlock_file`
api-ms-win-crt-time-l1-1-0.dll	`_localtime64_s` `strftime` `_time64`
api-ms-win-crt-utility-l1-1-0.dll	`srand` `qsort` `rand`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale` `___lc_codepage_func`
D3DCOMPILER_47.dll	`D3DCompile`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Mar-25 02:41:53
Version	`0.0`
SizeofData	`912`
AddressOfRawData	`0x622a20`
PointerToRawData	`0x621e20`

TLS Callbacks

StartAddressOfRawData	`0x140622dd0`
EndAddressOfRawData	`0x140622dd8`
AddressOfIndex	`0x140688b70`
AddressOfCallbacks	`0x14060cd48`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140687040`

RICH Header

XOR Key	`0x9ff23205`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`20`
ASM objects (35207)	`4`
C objects (35207)	`10`
C++ objects (35207)	`34`
Imports (35207)	`6`
C objects (33145)	`2`
Imports (35217)	`2`
Imports (2207)	`2`
Imports (33145)	`29`
Total imports	`419`
C++ objects (35223)	`33`
Resource objects (35223)	`1`
Linker (35223)	`1`

Errors

Leave a comment

No comments yet.