Manalyze report for b1ce138f5546e860f42e0260e8fe1d562df7d8a16bd9bf38abefb04aa0d24a86

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2022-Mar-05 14:29:39
TLS Callbacks	1 callback(s) detected.
Comments	Automotive Diagnostics Software
CompanyName	RenOLink
FileDescription	RenOLink
FileVersion	`1.99.0.0`
InternalName	RenOLink.exe
LegalCopyright	Gabriel Gafu (gabigafu@hotmail.com)
LegalTrademarks
OriginalFilename	RenOLink.exe
ProductName	RenOLink
ProductVersion	`1.99.0.0`
Assembly Version	1.99.0.0

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: regsvr32.exe` `Contains domain names: hotmail.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Suspicious	The PE is packed with Enigma Protector	`Unusual section name found: \x10UPLE\x0c/J` `Section \x10UPLE\x0c/J is both writable and executable.` `Unusual section name found:` `Unusual section name found: .enigma1` `Section .enigma1 is both writable and executable.` `Unusual section name found: .enigma2` `Section .enigma2 is both writable and executable.`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExA GetProcAddress LoadLibraryW LoadLibraryA LdrLoadDll` `Code injection capabilities: VirtualAlloc WriteProcessMemory VirtualAllocEx CreateRemoteThread` `Can access the registry: RegQueryValueExA RegOpenKeyExA RegCloseKey RegOpenKeyA` `Can create temporary files: GetTempPathW GetTempPathA CreateFileW CreateFileA` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtectEx VirtualProtect VirtualAllocEx` `Enumerates local disk drives: GetLogicalDriveStringsW` `Manipulates other processes: WriteProcessMemory ReadProcessMemory`
Malicious	VirusTotal score: 42/72 (Scanned on 2025-04-24 10:33:10)	`ALYac: Gen:Trojan.Heur.GM.0000164080` `APEX: Malicious` `AVG: Win32:Malware-gen` `Antiy-AVL: Trojan/MSIL.Agent` `Arcabit: Trojan.Heur.GM.D280F0` `Avast: Win32:Malware-gen` `BitDefender: Gen:Trojan.Heur.GM.0000164080` `Bkav: W32.AIDetectMalware` `CAT-QuickHeal: Trojan.Ghanarava.17452421638f8325` `CTX: exe.trojan.generic` `CrowdStrike: win/malicious_confidence_100% (W)` `Cylance: Unsafe` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `Elastic: malicious (high confidence)` `Emsisoft: Gen:Trojan.Heur.GM.0000164080 (B)` `Fortinet: W32/PossibleThreat` `GData: Gen:Trojan.Heur.GM.0000164080` `Google: Detected` `Gridinsoft: Trojan.Win32.Downloader.ns` `Ikarus: Trojan.MSIL.Agent` `Kingsoft: malware.kb.b.848` `Lionic: Trojan.Win32.VBKrypt.lwdw` `Malwarebytes: Malware.AI.190847018` `MaxSecure: Trojan.Malware.9177172.susgen` `McAfee: Artemis!838D0FA9E39F` `McAfeeD: ti!B1CE138F5546` `MicroWorld-eScan: Gen:Trojan.Heur.GM.0000164080` `Paloalto: generic.ml` `Sangfor: Trojan.Win32.Save.a` `SentinelOne: Static AI - Malicious PE` `Skyhigh: BehavesLike.Win32.Generic.vc` `Sophos: Generic Reputation PUA (PUA)` `Symantec: ML.Attribute.HighConfidence` `Trapmine: malicious.high.ml.score` `TrendMicro-HouseCall: TROJ_GEN.R002H09CO25` `VBA32: Trojan.Packed.Enigma` `VIPRE: Gen:Trojan.Heur.GM.0000164080` `Varist: W32/ABTrojan.DTWJ-7257` `Webroot: W32.Adware.Gen` `alibabacloud: Trojan` `tehtris: Generic.Malware`

Hashes

MD5	`838d0fa9e39ffbd043670ed1988f8325`
SHA1	`54114f5dc7cb80b1230352fa0d9df8012dc9c072`
SHA256	`b1ce138f5546e860f42e0260e8fe1d562df7d8a16bd9bf38abefb04aa0d24a86`
SHA3	`88f0ab277597b16a04ea44b98cab3f68dc55d3a335b7c0a71beded488c78b1f6`
SSDeep	`49152:5QfSDjyHi6AaioaBcZOy0EcVrWJF9PPlNlI5AssKHekrPomIar4Vpj:5QfnHGloaBcZObrWJFVnl5FK+MPfg`
Imports Hash	`7354cbf722a071639ee8ba97deef46ca`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`7`
TimeDateStamp	2022-Mar-05 14:29:39
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`11.0`
SizeOfCode	`0xc200`
SizeOfInitializedData	`0x23de00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0024E00A (Section: )`
BaseOfCode	`0x23c000`
BaseOfData	`0x2000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x29a000`
SizeOfHeaders	`0x2000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x2000`
SizeofHeapReserve	`0x200000`
SizeofHeapCommit	`0x2000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

\x10UPLE\x0c/J

MD5	`e30dbd5a7ed12ceebf5bac17c092bcb3`
SHA1	`afdcbcddc7a57f3938e8e8901a67d9c7e93a6d63`
SHA256	`537382b3c578c8c897ea7a3b425d02cce0fddaf97a1796c0cb8ff2ca9d3a6c72`
SHA3	`59b82cb931d21ff1655115273ada24e0e49b71f13f83d571e24dda4d7322e5aa`
VirtualSize	`0x2399a4`
VirtualAddress	`0x2000`
SizeOfRawData	`0x239a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99992`

.text

MD5	`e3f627a5c9a6ef11580a70677802c659`
SHA1	`cee8cca34c9d04f93cfe13ddb6266a5c9aa50525`
SHA256	`5159a416eb45a7dfce635c8c4e4660b8eb519ec662b0da6372814af8a6f028ce`
SHA3	`5b0943fd9674a0faf65ce50b490544002b07231d51d138e19f121a53e1d7d263`
VirtualSize	`0xbfa0`
VirtualAddress	`0x23c000`
SizeOfRawData	`0xc000`
PointerToRawData	`0x239e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.49077`

.rsrc

MD5	`7cbbb8aef8443034c5486e49911f9978`
SHA1	`7fc1c20c0de38294e49e973c578cbd2662a68394`
SHA256	`14faaff707b1e69b78c7ebf690cfda2bec2540073974b54fe2effb4f607a020d`
SHA3	`e6140c13760a85d0e0a20810896f8402b7fc6fe22e87671fb349da093bf61250`
VirtualSize	`0x41c4`
VirtualAddress	`0x248000`
SizeOfRawData	`0x4200`
PointerToRawData	`0x245e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.67678`

Section_4

MD5	`54fd4752f2d9b9ffcfb74cef5b75f681`
SHA1	`267b2da25ad7b46b62c8a031de3812ac8205a136`
SHA256	`c17acb8786a4fb9a9d2f800ba9b644fae2ea599bc6dcbe3a9bbd691873361821`
SHA3	`29b1d7f7b5fa1dbf5b364a8568e61483bb9c7a6c386fbf2ca25d6ed1a80fc3db`
VirtualSize	`0x10`
VirtualAddress	`0x24e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x24a000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`0.142636`

.reloc

MD5	`ed526f3bd8b83eff9a6dfb7f8fed53e1`
SHA1	`ad3529417ae8ad1766b0dad3693b6164de0c1b3a`
SHA256	`8a8ebb251ddc34d0bcd1b6285e62afe22b1b8f4cd4d267e2cb5d0c0b1362f8aa`
SHA3	`7ca9d4606d9cd36716fa67399100330021b2212fc3ba90de5ff38b2300854aba`
VirtualSize	`0xc`
VirtualAddress	`0x250000`
SizeOfRawData	`0x200`
PointerToRawData	`0x24a200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0980042`

.enigma1

MD5	`3ec8f9bf9e7b33ee42e6704646c608f6`
SHA1	`2842ff3b6c00b31bd802f157976d6248770e8300`
SHA256	`765739c43b26b046a44e29403abfbfe7b82ee481aed326cded5db5ad0def904e`
SHA3	`a2f9dd7b49e591d875c874bdaf6db9c909f9a5bcbe20858d8c7e909090852615`
VirtualSize	`0x2000`
VirtualAddress	`0x252000`
SizeOfRawData	`0x1e000`
PointerToRawData	`0x24a400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.82674`

.enigma2

MD5	`28c4f293f203a9bce567610ff1f5616a`
SHA1	`bde3d23cee99f9268b9ef717475b6e5bcf7eed04`
SHA256	`c0defd91ca505f52379e9399af6407854c487ffdaee40163df9b79f69bf55b9f`
SHA3	`351dcafa3b158359c9fd8581b5c86d056b3d6261c1f4e3c4ebf7f17fb9877693`
VirtualSize	`0x46000`
VirtualAddress	`0x254000`
SizeOfRawData	`0x46000`
PointerToRawData	`0x268400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.88333`

Imports

kernel32.dll	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetTickCount` `QueryPerformanceCounter` `GetVersion` `GetCurrentThreadId` `InterlockedDecrement` `InterlockedIncrement` `VirtualQuery` `WideCharToMultiByte` `MultiByteToWideChar` `lstrlenA` `lstrcpynA` `LoadLibraryExA` `GetThreadLocale` `GetStartupInfoA` `GetProcAddress` `GetModuleHandleA` `GetModuleFileNameA` `GetLocaleInfoA` `GetCommandLineA` `FreeLibrary` `FindFirstFileA` `FindClose` `ExitProcess` `ExitThread` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle`
user32.dll	`GetKeyboardType` `LoadStringA` `MessageBoxA` `CharNextA`
advapi32.dll	`RegQueryValueExA` `RegOpenKeyExA` `RegCloseKey`
oleaut32.dll	`SysFreeString` `SysReAllocStringLen` `SysAllocStringLen`
kernel32.dll (#2)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetTickCount` `QueryPerformanceCounter` `GetVersion` `GetCurrentThreadId` `InterlockedDecrement` `InterlockedIncrement` `VirtualQuery` `WideCharToMultiByte` `MultiByteToWideChar` `lstrlenA` `lstrcpynA` `LoadLibraryExA` `GetThreadLocale` `GetStartupInfoA` `GetProcAddress` `GetModuleHandleA` `GetModuleFileNameA` `GetLocaleInfoA` `GetCommandLineA` `FreeLibrary` `FindFirstFileA` `FindClose` `ExitProcess` `ExitThread` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle`
advapi32.dll (#2)	`RegQueryValueExA` `RegOpenKeyExA` `RegCloseKey`
kernel32.dll (#3)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetTickCount` `QueryPerformanceCounter` `GetVersion` `GetCurrentThreadId` `InterlockedDecrement` `InterlockedIncrement` `VirtualQuery` `WideCharToMultiByte` `MultiByteToWideChar` `lstrlenA` `lstrcpynA` `LoadLibraryExA` `GetThreadLocale` `GetStartupInfoA` `GetProcAddress` `GetModuleHandleA` `GetModuleFileNameA` `GetLocaleInfoA` `GetCommandLineA` `FreeLibrary` `FindFirstFileA` `FindClose` `ExitProcess` `ExitThread` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle`
user32.dll (#2)	`GetKeyboardType` `LoadStringA` `MessageBoxA` `CharNextA`
kernel32.dll (#4)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetTickCount` `QueryPerformanceCounter` `GetVersion` `GetCurrentThreadId` `InterlockedDecrement` `InterlockedIncrement` `VirtualQuery` `WideCharToMultiByte` `MultiByteToWideChar` `lstrlenA` `lstrcpynA` `LoadLibraryExA` `GetThreadLocale` `GetStartupInfoA` `GetProcAddress` `GetModuleHandleA` `GetModuleFileNameA` `GetLocaleInfoA` `GetCommandLineA` `FreeLibrary` `FindFirstFileA` `FindClose` `ExitProcess` `ExitThread` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle`
kernel32.dll (#5)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetTickCount` `QueryPerformanceCounter` `GetVersion` `GetCurrentThreadId` `InterlockedDecrement` `InterlockedIncrement` `VirtualQuery` `WideCharToMultiByte` `MultiByteToWideChar` `lstrlenA` `lstrcpynA` `LoadLibraryExA` `GetThreadLocale` `GetStartupInfoA` `GetProcAddress` `GetModuleHandleA` `GetModuleFileNameA` `GetLocaleInfoA` `GetCommandLineA` `FreeLibrary` `FindFirstFileA` `FindClose` `ExitProcess` `ExitThread` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle`
ole32.dll	`CreateStreamOnHGlobal` `CoUninitialize` `CoInitialize`
oleaut32.dll (#2)	`SysFreeString` `SysReAllocStringLen` `SysAllocStringLen`
oleaut32.dll (#3)	`SysFreeString` `SysReAllocStringLen` `SysAllocStringLen`
ntdll.dll	`RtlInitUnicodeString` `RtlFreeUnicodeString` `RtlFormatCurrentUserKeyPath` `RtlDosPathNameToNtPathName_U`
SHFolder.dll	`SHGetFolderPathW` `SHGetFolderPathA`
ntdll.dll (#2)	`RtlInitUnicodeString` `RtlFreeUnicodeString` `RtlFormatCurrentUserKeyPath` `RtlDosPathNameToNtPathName_U`
shlwapi.dll	`PathMatchSpecW`
ntdll.dll (#3)	`RtlInitUnicodeString` `RtlFreeUnicodeString` `RtlFormatCurrentUserKeyPath` `RtlDosPathNameToNtPathName_U`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.77624`
MD5	`8ba4e38ae569e020478333615ad0c5d7`
SHA1	`c82545c1f9ca601cec2aa10becb13d1a33df372e`
SHA256	`9eb91d27d32227714fbcabc86f9244dd5eaf8e24f891b7d3496a632d0e8ec075`
SHA3	`e47c4140ebe82f543c705590ac48ae7ac8419a31e00b96dee0ffecde56d4ce9f`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.6972`
MD5	`2a8da9f9561f30e3499fddaefc4029bc`
SHA1	`2eb0a74b4d9cc01ddb65d7fcd435787596fd8e27`
SHA256	`caf94fbca74edda3ef7db0b5fd55fbea915e4715efd809ebb4db32cd11ad0968`
SHA3	`aa367bbdf214c7562fa09178104536d3bc15f80ac3b70f90f82ff7ce97228305`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.53565`
MD5	`66489f9eea14ab39e3a0b9009c1a5d98`
SHA1	`65814e43cd50bdcd362caa39798cf3161f90d352`
SHA256	`ff5fac190dd84c732ad9d4027903ea50ba07b31e32e0073bbf21a47af1593bc2`
SHA3	`710bc825257ed45b01a401f1fc87d40a24744da828be7e0053cf196aa6edba4f`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x30`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.45849`
Detected Filetype	Icon file
MD5	`409e1724611e0bc39356e2f58888db55`
SHA1	`c06c0e66cc2f7956256e2f018aa0294bfa914960`
SHA256	`6ab18c3b81a5d30c5a190a4504cae807d73b1a4d02d56ffddf641abbb62b7210`
SHA3	`315b2ad40793f4ef885ff4c878169b02c62f619b57780a98a76c8538cd0ee5c9`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x396`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.333`
MD5	`6a93edf0ca70e4b967c111f1b4a207ee`
SHA1	`a7f2e902472476545001193cfc7e54da3959eb2f`
SHA256	`80a39e3bbbca02a7d0049d273201cebeb0b5a3b2ed3efa9d786c94529d87da46`
SHA3	`890fd1751908fd8abb70943d9c0fc89ac97d405e651ee7c80f2c67e38c7b645c`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1b4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.94168`
MD5	`fd46cae204161f624089374d1892677e`
SHA1	`c2844e969091e2abc3ededb9792e7c129c050e1c`
SHA256	`6a2cf379aa950dde3136a3e3ff80047923faaf69dc65c7c5af21350f6d6a2a08`
SHA3	`d93222de0f263dba4af4e11ddf7a21aa1a3e1c2dfcab0c130be294ac7bb409d1`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.99.0.0
ProductVersion	1.99.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	Automotive Diagnostics Software
CompanyName	RenOLink
FileDescription	RenOLink
FileVersion (#2)	1.99.0.0
InternalName	RenOLink.exe
LegalCopyright	Gabriel Gafu (gabigafu@hotmail.com)
LegalTrademarks
OriginalFilename	RenOLink.exe
ProductName	RenOLink
ProductVersion (#2)	1.99.0.0
Assembly Version	1.99.0.0

Resource LangID	UNKNOWN

TLS Callbacks

StartAddressOfRawData	`0x652018`
EndAddressOfRawData	`0x652040`
AddressOfIndex	`0x652040`
AddressOfCallbacks	`0x652044`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x00689128`

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.