Manalyze report for acf0c3d27d2fb5670f787658e6351562

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2016-Jan-01 20:32:49

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found: .didata`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryW` `Functions which can be used for anti-debugging purposes: NtQueryInformationProcess` `Code injection capabilities: VirtualAlloc WriteProcessMemory OpenProcess` `Can access the registry: RegQueryValueExW RegOpenKeyExW RegCloseKey` `Possibly launches other programs: CreateProcessW` `Uses Microsoft's cryptographic API: CryptDestroyHash CryptGetHashParam CryptHashData CryptCreateHash CryptReleaseContext CryptAcquireContextA` `Can create temporary files: GetTempPathW CreateFileW` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges` `Manipulates other processes: WriteProcessMemory ReadProcessMemory OpenProcess`
Malicious	VirusTotal score: 45/72 (Scanned on 2026-02-04 06:47:14)	`ALYac: Application.Generic.4074760` `AVG: Win64:MalwareX-gen [Misc]` `Arcabit: Application.Generic.D3E2D08` `Avast: Win64:MalwareX-gen [Misc]` `Avira: TR/AVI.Agent.ptabd` `BitDefender: Application.Generic.4074760` `Bkav: W64.AIDetectMalware` `CAT-QuickHeal: Trojan.Loader` `CTX: exe.hacktool.loader` `CrowdStrike: win/grayware_confidence_100% (W)` `Cylance: Unsafe` `Cynet: Malicious (score: 99)` `DeepInstinct: MALICIOUS` `ESET-NOD32: Win64/HackTool.Loader.B potentially unsafe application` `Elastic: malicious (high confidence)` `Emsisoft: Application.Generic.4074760 (B)` `F-Secure: Trojan.TR/AVI.Agent.ptabd` `GData: Application.Generic.4074760` `Google: Detected` `Gridinsoft: Hack.Win64.Patcher.oa!s1` `Ikarus: Worm.Win64.Autorun` `Jiangmin: Riskware.Loader.a` `K7AntiVirus: Hacktool ( 005ce8df1 )` `K7GW: Hacktool ( 005ce8df1 )` `Lionic: Hacktool.Win32.Loader.3!c` `Malwarebytes: RiskWare.Loader` `MaxSecure: Trojan.Malware.324995110.susgen` `McAfeeD: ti!AC61E5B454FC` `MicroWorld-eScan: Application.Generic.4074760` `Microsoft: HackTool:Win32/Loader!MTB` `Paloalto: generic.ml` `Panda: PUP/Generic` `Rising: Hacktool.Loader!8.1EA2 (CLOUD)` `Sangfor: Trojan.Win32.Save.a` `Skyhigh: BehavesLike.Win64.Injector.cm` `Sophos: Generic Reputation PUA (PUA)` `Symantec: ML.Attribute.HighConfidence` `TrellixENS: Artemis!ACF0C3D27D2F` `VIPRE: Application.Generic.4074760` `Varist: W64/ABTrojan.FLDP-7722` `Webroot: W32.Malware.Gen` `Xcitium: ApplicUnwnt@#2suvhtzn0ml30` `Yandex: Trojan.Igent.b5mCKm.1` `Zillya: Tool.Loader.Win64.1` `alibabacloud: Spy:Win/Graftor`

Hashes

MD5	`acf0c3d27d2fb5670f787658e6351562`
SHA1	`5dfbdbf0157e4e1a6df338543154aab078159b75`
SHA256	`ac61e5b454fc9af1752e28e75219d5ce9ba1203d515b7e6416c395072b0e9d85`
SHA3	`dc357832dd1291d0627d4558997d6e3f81dbef4f7e01f48d752a3443816ff9a4`
SSDeep	`1536:dnB4Ixd9U5cIPCPRJXbVjAlr2siUsiC54uXefnWHbbwk:YIX/fjzsaT0nWHbbwk`
Imports Hash	`7bfb0a3b5914feb689f30cf4972ab5f2`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`11`
TimeDateStamp	2016-Jan-01 20:32:49
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`8.2`
SizeOfCode	`0x13600`
SizeOfInitializedData	`0xa000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000013540 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`5.2`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x2c000`
SizeOfHeaders	`0x400`
Checksum	`0x239b4`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x2000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`0f8cc9e75761d4fc7f89c59c10d02cd6`
SHA1	`27f4eb4378ffae9d187ae08ca36840c8ffd12541`
SHA256	`e0be03dd633f0fb929201ca1d905ea201c6de72876558d8c572d0f69ad7872cb`
SHA3	`7870190e250df7aff467c533d0a50ada5d813d9a88c0a60aedfa425f4551316e`
VirtualSize	`0x1341c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x13600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.63727`

.data

MD5	`86679543466430a1a8661a9064cec43e`
SHA1	`642db5cd88eb6d2a2f797e75dc6eea4e8bb700f7`
SHA256	`b2dcc9495d54bb4368a893b6458a6f53a4cfcc6338ecc859687831c9b8c8e831`
SHA3	`d2b36b8656118822f07d454819a1005260bc0ff122797863376c39468df24995`
VirtualSize	`0x2470`
VirtualAddress	`0x15000`
SizeOfRawData	`0x2600`
PointerToRawData	`0x13a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.90609`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x5358`
VirtualAddress	`0x18000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`ff889cd831ad3ca4451914a7843afed4`
SHA1	`cca715f64c9dc818b207256dd9b77f0333d6aa07`
SHA256	`e35ab20d218ac3b1d312b110e5f352bc521001c6ec9cf139302c55f8dccd4b9e`
SHA3	`6a7c2ff493c8562720d1be0cfb9d2377d2cd8b79a8abe3154dfe0a466e881ba7`
VirtualSize	`0x1020`
VirtualAddress	`0x1e000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x16000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.83677`

.didata

MD5	`bef19e8f809345246fb33d4bd5f1634b`
SHA1	`993369473051e05b7b2242a54a03adaf78dc375c`
SHA256	`9edc8d2b1d6febb2093aafc6bc9a0b246545db63b891029b7b423c0b2f53097d`
SHA3	`5a15a9160c309ca4c2994ed6a9745900e95b6f73f6dccdf1a659f02d30c531b8`
VirtualSize	`0xc8`
VirtualAddress	`0x20000`
SizeOfRawData	`0x200`
PointerToRawData	`0x17200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.773674`

.edata

MD5	`33cb3e99e9ddd826ebef0f59e61485ce`
SHA1	`f2f852387124370b14ac085accac86d36a6b0a03`
SHA256	`9e3c5815dfd928016d676e6032f9a3ef64f1576549defa4030ac1a4071ed3560`
SHA3	`b9f2d933a2b026df2446ca2b784412d5862db5891f555598823ded72d76ad13b`
VirtualSize	`0x71`
VirtualAddress	`0x21000`
SizeOfRawData	`0x200`
PointerToRawData	`0x17400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.28683`

.tls

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x214`
VirtualAddress	`0x22000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rdata

MD5	`8a2e1564828d99f4cc3d96ff0349529d`
SHA1	`4000273ebd0d37765aa36d9986994e695bbd10ab`
SHA256	`815ba937da04c8810677b641073b48d7f800d786c8f3b94535904253f211f810`
SHA3	`1f8d817513ebf15ab00007d8fc43943dde7c513c9ac3a4b91107a22c682a4b51`
VirtualSize	`0x6d`
VirtualAddress	`0x23000`
SizeOfRawData	`0x200`
PointerToRawData	`0x17600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.36732`

.reloc

MD5	`8cfb6c790c9e6cbb12f1c70381cff1a3`
SHA1	`551963bc99160361d05b3a47e9469760c0e04e86`
SHA256	`4a620704cdf74d620732a2c0ce6fa37f1704319c814e9df90bd92a773f6fd666`
SHA3	`5582fbbca50ebd46bfb514a62ce1aa6001abacb7caa93cac0190dd8ce0bcb42c`
VirtualSize	`0xde0`
VirtualAddress	`0x24000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x17800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.56462`

.pdata

MD5	`91dc1e3518be18a0859e9ae1ca1a99a2`
SHA1	`6652f5cd965aff9157cc9e9d23efffddc62deb3b`
SHA256	`127ea65e2bded6dc518d5be538c9cbaa57a169aa9adca146ead3fd219f219997`
SHA3	`5e5961339a6c9b133c1980e6b612f8f78d249c9c9bb6ad1c0c4dec0867fd6227`
VirtualSize	`0x10c8`
VirtualAddress	`0x25000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x18600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.66823`

.rsrc

MD5	`abd179be01937f86910115fc9bf11d76`
SHA1	`51887c22bb7947f1c21db86c21208c76cf36882a`
SHA256	`635691d7ee68cea540e11aa4b0e90587e45d9a92d3f830a27ebeddfc5c3a9612`
SHA3	`60157f513d4950bd5391b8b912c2fc434a2a012200beebcab883de5008179132`
VirtualSize	`0x409c`
VirtualAddress	`0x27000`
SizeOfRawData	`0x4200`
PointerToRawData	`0x19800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.72966`

Imports

oleaut32.dll	`SysFreeString` `SysReAllocStringLen` `SysAllocStringLen`
kernel32.dll	`Sleep` `VirtualFree` `VirtualAlloc` `VirtualQuery` `GetSystemInfo` `GetVersion` `SetThreadLocale` `WideCharToMultiByte` `MultiByteToWideChar` `GetACP` `GetStartupInfoW` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetCommandLineW` `FreeLibrary` `UnhandledExceptionFilter` `RtlUnwindEx` `RtlUnwind` `RaiseException` `ExitProcess` `GetCurrentThreadId` `DeleteCriticalSection` `InitializeCriticalSection` `WriteFile` `GetStdHandle` `CloseHandle`
kernel32.dll (#2)	`Sleep` `VirtualFree` `VirtualAlloc` `VirtualQuery` `GetSystemInfo` `GetVersion` `SetThreadLocale` `WideCharToMultiByte` `MultiByteToWideChar` `GetACP` `GetStartupInfoW` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetCommandLineW` `FreeLibrary` `UnhandledExceptionFilter` `RtlUnwindEx` `RtlUnwind` `RaiseException` `ExitProcess` `GetCurrentThreadId` `DeleteCriticalSection` `InitializeCriticalSection` `WriteFile` `GetStdHandle` `CloseHandle`
user32.dll	`SendMessageW` `MessageBoxA` `MessageBoxW` `LoadIconW` `GetSystemMetrics` `GetActiveWindow` `EnumWindows`
kernel32.dll (#3)	`Sleep` `VirtualFree` `VirtualAlloc` `VirtualQuery` `GetSystemInfo` `GetVersion` `SetThreadLocale` `WideCharToMultiByte` `MultiByteToWideChar` `GetACP` `GetStartupInfoW` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetCommandLineW` `FreeLibrary` `UnhandledExceptionFilter` `RtlUnwindEx` `RtlUnwind` `RaiseException` `ExitProcess` `GetCurrentThreadId` `DeleteCriticalSection` `InitializeCriticalSection` `WriteFile` `GetStdHandle` `CloseHandle`
advapi32.dll	`RegQueryValueExW` `RegOpenKeyExW` `RegCloseKey` `OpenProcessToken` `LookupPrivilegeValueW` `GetUserNameA` `AdjustTokenPrivileges`
kernel32.dll (#4)	`Sleep` `VirtualFree` `VirtualAlloc` `VirtualQuery` `GetSystemInfo` `GetVersion` `SetThreadLocale` `WideCharToMultiByte` `MultiByteToWideChar` `GetACP` `GetStartupInfoW` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetCommandLineW` `FreeLibrary` `UnhandledExceptionFilter` `RtlUnwindEx` `RtlUnwind` `RaiseException` `ExitProcess` `GetCurrentThreadId` `DeleteCriticalSection` `InitializeCriticalSection` `WriteFile` `GetStdHandle` `CloseHandle`
shell32.dll	`SHGetPathFromIDListW` `SHGetSpecialFolderLocation`
ole32.dll	`CoTaskMemFree`
kernel32.dll (#5)	`Sleep` `VirtualFree` `VirtualAlloc` `VirtualQuery` `GetSystemInfo` `GetVersion` `SetThreadLocale` `WideCharToMultiByte` `MultiByteToWideChar` `GetACP` `GetStartupInfoW` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetCommandLineW` `FreeLibrary` `UnhandledExceptionFilter` `RtlUnwindEx` `RtlUnwind` `RaiseException` `ExitProcess` `GetCurrentThreadId` `DeleteCriticalSection` `InitializeCriticalSection` `WriteFile` `GetStdHandle` `CloseHandle`
advapi32.dll (#2)	`RegQueryValueExW` `RegOpenKeyExW` `RegCloseKey` `OpenProcessToken` `LookupPrivilegeValueW` `GetUserNameA` `AdjustTokenPrivileges`
ntdll.dll	`NtQueryInformationProcess`
kernel32.dll (#6)	`Sleep` `VirtualFree` `VirtualAlloc` `VirtualQuery` `GetSystemInfo` `GetVersion` `SetThreadLocale` `WideCharToMultiByte` `MultiByteToWideChar` `GetACP` `GetStartupInfoW` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetCommandLineW` `FreeLibrary` `UnhandledExceptionFilter` `RtlUnwindEx` `RtlUnwind` `RaiseException` `ExitProcess` `GetCurrentThreadId` `DeleteCriticalSection` `InitializeCriticalSection` `WriteFile` `GetStdHandle` `CloseHandle`
user32.dll (delay-loaded)	`SendMessageW` `MessageBoxA` `MessageBoxW` `LoadIconW` `GetSystemMetrics` `GetActiveWindow` `EnumWindows`

Delayed Imports

Attributes	`0x1`
Name	`user32.dll`
ModuleHandle	`0x20040`
DelayImportAddressTable	`0x20050`
DelayImportNameTable	`0x20068`
BoundDelayImportTable	`0x20080`
UnloadDelayImportTable	`0x20090`
TimeStamp	`1970-Jan-01 00:00:00`

dbkFCallWrapperAddr

Ordinal	`1`
Address	`0x1ce70`

__dbk_fcall_wrapper

Ordinal	`2`
Address	`0x8b00`

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.08989`
MD5	`dabf77fa8a255082c51d8cba664a5831`
SHA1	`0fd2c305c156b463a88afb31640b47ba204e2f1b`
SHA256	`3a837d953a27c2ddf39d1129f6ea06d5c5ac4c01fe1845911d76345fe05ef063`
SHA3	`36e6ed1a4a89679363a673ce13b9e87e4592ffdf34bf1844aef8e8809c6e0462`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.57685`
MD5	`d4ac4995afc867d4b70df0ec7eeeafd8`
SHA1	`af0eb2440c0b3ed49fc80a425c3631149ce2d543`
SHA256	`39cc57ce87586ce7cd80f241523fd6630ef5555234fc32ca1734011f23033013`
SHA3	`1270c202a072e3cc387b91de2b066522cd6175ccdeb1dcd3ca0357251e714c52`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.30979`
MD5	`4060ec0c2c8e00b9f561d30133ec395c`
SHA1	`db5bbbb4d2d989287a574f1ecf167f6e3f420253`
SHA256	`14a3dd696ba5723cc79c25cdc1a88993e7f4630ba3b1d9b91409004f3d3a2b4a`
SHA3	`b7bbd60d894dee61d498444c3f510735ca5be0f2d154d829eaf1a8689e231c4b`

DATA

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x112`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.32518`
MD5	`74494999defbbde85ed587632cdab0c9`
SHA1	`e0108500a7336ed163bed29607a521b8e1f42b29`
SHA256	`8c41779688c844fe2a64e2e77db6be1d5dac2f914acfeb6b4346ac1a8c1b5272`
SHA3	`df48348af3a63dbccf92c3e01fa54f26ea86cda6ec0772d39ee27f385fb5bf76`

MAINICON

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x30`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.45849`
Detected Filetype	Icon file
MD5	`409e1724611e0bc39356e2f58888db55`
SHA1	`c06c0e66cc2f7956256e2f018aa0294bfa914960`
SHA256	`6ab18c3b81a5d30c5a190a4504cae807d73b1a4d02d56ffddf641abbb62b7210`
SHA3	`315b2ad40793f4ef885ff4c878169b02c62f619b57780a98a76c8538cd0ee5c9`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2f3`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.09277`
MD5	`941443629a69b152865d125cbbc64dbc`
SHA1	`c1fe7cb8b8e9b36b956b0f7cb2d84ce7d275456e`
SHA256	`7b15ed36263f99b335ba3d1785e765e03fc3f88a03c5686d51ef4edf7ff67b38`
SHA3	`ffc978bf3f794954721558e9bac2ccbc6e0848cf0a84fa542d675bef1ed2ced7`

Version Info

TLS Callbacks

StartAddressOfRawData	`0x422000`
EndAddressOfRawData	`0x422214`
AddressOfIndex	`0x4165a0`
AddressOfCallbacks	`0x423020`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`(EMPTY)`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!
[*] Warning: Section .tls has a size of 0!