Manalyze report for b42bd1b909f55056dd95ba32655d405a

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Apr-01 05:06:41
Detected languages	English - United States
TLS Callbacks	2 callback(s) detected.
Debug artifacts	C:\Users\DEV\Desktop\SNAILXV2\SNAILX\build\SNAILX.pdb

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Accesses the WMI: ROOT\CIMV2` `Miscellaneous malware strings: cmd.exe` Contains domain names: crl.microsoft.com fontello.com github.com google.com http://crl.microsoft.com http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_2010-07-06.crl0Z http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0 http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z http://fb.com http://fontello.com http://sajatypeworks.comMicrosoft http://sajatypeworks.comhttp http://scripts.sil.org http://scripts.sil.org/OFLInterMediumOpen http://scripts.sil.org/OFLInterSemi http://scripts.sil.org/OFLhttp http://www.microsoft.com http://www.microsoft.com/PKI/docs/CPS/default.htm0 http://www.microsoft.com/pki/certs/MicCodSigPCA_2010-07-06.crt0 http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0 http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0 http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0 http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0 http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0a http://www.microsoft.com/pkiops/docs/primarycps.htm0 http://www.microsoft.com0 https://design.googleGoogle https://github.com https://rsms.me https://scripts.sil.org https://scripts.sil.org/OFL https://scripts.sil.org/OFLAaron microsoft.com openssl.org scripts.sil.org www.microsoft.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses constants related to Blowfish` `Microsoft's Cryptography API`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryExW LoadLibraryA GetProcAddress LoadLibraryW LoadLibraryExA` `Functions which can be used for anti-debugging purposes: CheckRemoteDebuggerPresent CreateToolhelp32Snapshot` `Can access the registry: RegOpenKeyExA RegCreateKeyExA RegCloseKey RegQueryValueExA RegSetValueExA` `Possibly launches other programs: CreateProcessW ShellExecuteA ShellExecuteW` `Uses Microsoft's cryptographic API: CryptGenRandom CryptReleaseContext CryptAcquireContextW` `Has Internet access capabilities: InternetReadFile InternetCloseHandle InternetOpenA InternetOpenUrlA` `Leverages the raw socket API to access the Internet: getsockname ioctlsocket ntohs select gethostbyname WSAStartup WSACleanup WSAGetLastError htonl getsockopt htons sendto recvfrom getpeername shutdown socket setsockopt connect closesocket send recv WSASetLastError getservbyname getservbyport gethostbyaddr inet_ntoa inet_addr` `Enumerates local disk drives: GetDriveTypeW GetVolumeInformationW` `Manipulates other processes: OpenProcess Process32NextW Process32FirstW WriteProcessMemory ReadProcessMemory` `Interacts with the certificate store: CertOpenSystemStoreW`
Malicious	VirusTotal score: 16/72 (Scanned on 2025-04-02 14:08:42)	`ALYac: Gen:Variant.Lazy.672958` `AhnLab-V3: Malware/Win.Generic.R697394` `Arcabit: Trojan.Lazy.DA44BE` `BitDefender: Gen:Variant.Lazy.672958` `CTX: exe.unknown.lazy` `CrowdStrike: win/malicious_confidence_70% (D)` `DeepInstinct: MALICIOUS` `Emsisoft: Gen:Variant.Lazy.672958 (B)` `FireEye: Gen:Variant.Lazy.672958` `GData: Gen:Variant.Lazy.672958` `Malwarebytes: Malware.AI.252379513` `McAfee: Artemis!B42BD1B909F5` `MicroWorld-eScan: Gen:Variant.Lazy.672958` `Trapmine: suspicious.low.ml.score` `TrendMicro-HouseCall: TROJ_GEN.R002H09D125` `VIPRE: Gen:Variant.Lazy.672958`

Hashes

MD5	`b42bd1b909f55056dd95ba32655d405a`
SHA1	`8aaebbd3b0d333e1e106a9a566c97fa65e453fa1`
SHA256	`e8ceb56cb7d16bcfbb6c90f209254e4b5f245ff83e41758470c5216e490e33fa`
SHA3	`69a3adb6b203ccbe586073a682f41ad6e1c8cbbfc951171821b41ae2c691fb6b`
SSDeep	`98304:MvBFwvGW/DnNckD01+pxceJ3t7K1a3884805Z:wBFwvGW/LNcCY+sc388`
Imports Hash	`38036b220209eaaf56d02e3c1e588b6a`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x120`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`5`
TimeDateStamp	2025-Apr-01 05:06:41
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x341e00`
SizeOfInitializedData	`0x381a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000309BB8 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x6c6000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b7695f24453fa0f171a7c2cb40853c2a`
SHA1	`b25d79460805229b7736ab32436ebd84a05ad694`
SHA256	`a443d351c4d4f4d0c28ffee3c6a638701352d52a2da4c949df5d71b254737f41`
SHA3	`67159e97d5d2bf17c771f73b21c059cd23f395f6680c8175a7276f5afa66ea88`
VirtualSize	`0x341d2e`
VirtualAddress	`0x1000`
SizeOfRawData	`0x341e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.74398`

.rdata

MD5	`71eadc9d02d2d3796c6a7e2e78cf610d`
SHA1	`4498bd1bc78370bfaeb4da3a5768bf970a0ed423`
SHA256	`0f2eb884bf91ba07c091b89b2485cd85ad81c7bd7e16d693aa9967ba30aeeee6`
SHA3	`742b214eeb0ee6fe8c2c00b9218a284913759bd41e630e61d98332e7e3f26a39`
VirtualSize	`0x110b94`
VirtualAddress	`0x343000`
SizeOfRawData	`0x110c00`
PointerToRawData	`0x342200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.80217`

.data

MD5	`afa68c813b519a0e775387308d55d128`
SHA1	`f01ef6b7258814853797d3145245a0d6e4f0d0bf`
SHA256	`a48b0730886e2ac7b08a3744df191f466a4f093c87d4b88cded19f90eeec88f8`
SHA3	`ac4fafaba463701e8f617be029f77b931dc3e7114db046099388334fd9271893`
VirtualSize	`0x143ec4`
VirtualAddress	`0x454000`
SizeOfRawData	`0x13f400`
PointerToRawData	`0x452e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.52495`

.pdata

MD5	`3b2c0fe24956e160cc2314f376728aa2`
SHA1	`d25408124c16847ab01e0dbd20ac392d9bf352e8`
SHA256	`89e0640fa1a39d9ba87a3cd12a2cb53470ed1632a1fffc9b21653c2496eecdeb`
SHA3	`93c0f803a2e243fd6d45b3fcd82e11ce3f5a480861c45a948319be511168c9e7`
VirtualSize	`0x1faac`
VirtualAddress	`0x598000`
SizeOfRawData	`0x1fc00`
PointerToRawData	`0x592200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.24976`

.rsrc

MD5	`4987058ad9b0bd1176e39225049154f0`
SHA1	`114790b126a93b0f96f20fe882fba096923db222`
SHA256	`24055ef9390e6d1c9a8c521555a25a66b19ebdf1effa17deb7385e01ca5e8955`
SHA3	`6f4f2fcfa6367fd9c7ee0e332bf9839c86c06ef5d4ed755c58d5f3048d6dc13d`
VirtualSize	`0x10d038`
VirtualAddress	`0x5b8000`
SizeOfRawData	`0x10d200`
PointerToRawData	`0x5b1e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.61503`

Imports

d3d9.dll	`Direct3DCreate9`
dwmapi.dll	`DwmExtendFrameIntoClientArea` `DwmSetWindowAttribute`
WS2_32.dll	`getsockname` `ioctlsocket` `ntohs` `select` `gethostbyname` `WSAStartup` `WSACleanup` `WSAGetLastError` `htonl` `getsockopt` `htons` `sendto` `recvfrom` `getpeername` `shutdown` `socket` `setsockopt` `connect` `closesocket` `send` `recv` `WSASetLastError` `getservbyname` `getservbyport` `gethostbyaddr` `inet_ntoa` `inet_addr`
CRYPT32.dll	`CertCloseStore` `CertFindCertificateInStore` `CertFreeCertificateContext` `CertOpenSystemStoreW`
KERNEL32.dll	`CompareStringW` `FileTimeToSystemTime` `SystemTimeToTzSpecificLocalTime` `GetDriveTypeW` `SetConsoleCtrlHandler` `FreeLibraryAndExitThread` `ExitThread` `CreateThread` `SetFilePointerEx` `GetConsoleOutputCP` `LoadLibraryExW` `LCMapStringW` `GetLocaleInfoW` `IsValidLocale` `GetUserDefaultLCID` `EnumSystemLocalesW` `GetModuleHandleA` `LoadLibraryA` `QueryPerformanceFrequency` `GetProcAddress` `FreeLibrary` `QueryPerformanceCounter` `HeapFree` `GetCurrentProcess` `SetProcessInformation` `OutputDebugStringA` `CreateMutexW` `InitializeCriticalSectionEx` `HeapSize` `SetProcessMitigationPolicy` `GetLastError` `GetCurrentThread` `DeleteFileA` `HeapReAlloc` `HeapAlloc` `DecodePointer` `HeapDestroy` `GetThreadContext` `DeleteCriticalSection` `ExitProcess` `GetProcessHeap` `IsDebuggerPresent` `CheckRemoteDebuggerPresent` `ReadFile` `CreatePipe` `PeekNamedPipe` `WaitForSingleObject` `Sleep` `CloseHandle` `CreateProcessW` `CreateDirectoryW` `GetModuleFileNameA` `SizeofResource` `TerminateProcess` `GetModuleFileNameW` `OpenProcess` `CreateToolhelp32Snapshot` `Process32NextW` `LockResource` `DeleteFileW` `Process32FirstW` `LoadResource` `FindResourceW` `SetFileAttributesA` `GetCurrentDirectoryW` `GetCurrentProcessId` `CopyFileW` `WideCharToMultiByte` `CreateDirectoryA` `GetSystemTime` `GetVolumeInformationW` `GetComputerNameW` `GlobalMemoryStatusEx` `WriteProcessMemory` `K32GetProcessMemoryInfo` `GetSystemInfo` `Module32FirstW` `VirtualProtectEx` `ReadProcessMemory` `Module32NextW` `VirtualQueryEx` `ReleaseMutex` `GetModuleHandleW` `CreateSemaphoreExW` `SetLastError` `ReleaseSemaphore` `GetModuleHandleExW` `GetCurrentThreadId` `FlushFileBuffers` `OutputDebugStringW` `WaitForSingleObjectEx` `OpenSemaphoreW` `CreateMutexExW` `DebugBreak` `GetStdHandle` `GetFileType` `WriteFile` `MultiByteToWideChar` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `GetSystemDirectoryA` `FormatMessageA` `RtlVirtualUnwind` `GetEnvironmentVariableW` `GetSystemTimeAsFileTime` `VirtualProtect` `VirtualFree` `GetACP` `InitializeCriticalSection` `GetExitCodeThread` `CreateSemaphoreA` `LoadLibraryW` `SystemTimeToFileTime` `FindClose` `FindFirstFileW` `FindNextFileW` `GetConsoleMode` `SetConsoleMode` `ReadConsoleA` `ReadConsoleW` `FreeLibraryWhenCallbackReturns` `RtlPcToFileHeader` `GetStringTypeW` `GetTickCount64` `TryAcquireSRWLockExclusive` `GetFileInformationByHandleEx` `AreFileApisANSI` `GetFullPathNameW` `GetFileInformationByHandle` `GetFileAttributesExW` `FindFirstFileExW` `CreateFileW` `GetLocaleInfoEx` `LocalFree` `InitializeSListHead` `GetStartupInfoW` `IsProcessorFeaturePresent` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `RtlLookupFunctionEntry` `RtlCaptureContext` `SleepConditionVariableSRW` `WakeAllConditionVariable` `AcquireSRWLockExclusive` `ReleaseSRWLockExclusive` `LoadLibraryExA` `VirtualQuery` `SetStdHandle` `SetEndOfFile` `GetFileSizeEx` `GetTimeZoneInformation` `IsValidCodePage` `GetOEMCP` `GetCommandLineA` `GetCommandLineW` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetEnvironmentVariableW` `WriteConsoleW` `CreateThreadpoolWork` `SubmitThreadpoolWork` `CloseThreadpoolWork` `InitOnceComplete` `InitOnceBeginInitialize` `RaiseException` `FormatMessageW` `RtlUnwind` `RtlUnwindEx` `GetCPInfo` `LCMapStringEx` `EncodePointer`
USER32.dll	`CreateWindowExW` `CreatePopupMenu` `RegisterClassExW` `TrackPopupMenu` `ShowWindow` `DispatchMessageW` `PeekMessageW` `SetWindowTextA` `DestroyMenu` `TranslateMessage` `LoadIconW` `AppendMenuW` `DestroyWindow` `UpdateWindow` `SetForegroundWindow` `LoadImageW` `GetWindowRect` `DefWindowProcW` `MessageBoxW` `UnregisterClassW` `MessageBoxA` `GetKeyState` `ScreenToClient` `GetCapture` `ClientToScreen` `TrackMouseEvent` `GetForegroundWindow` `LoadCursorW` `SetCapture` `SetCursor` `GetClientRect` `ReleaseCapture` `SetCursorPos` `GetCursorPos` `RegisterClassW` `PostMessageW` `GetProcessWindowStation` `GetUserObjectInformationW` `SetWindowPos` `PostQuitMessage`
ADVAPI32.dll	`RegOpenKeyExA` `RegCreateKeyExA` `CryptGenRandom` `CryptReleaseContext` `CryptAcquireContextW` `ReportEventW` `RegisterEventSourceW` `DeregisterEventSource` `RegCloseKey` `RegQueryValueExA` `RegSetValueExA`
SHELL32.dll	`#680` `ShellExecuteA` `Shell_NotifyIconW` `SHGetFolderPathA` `SHGetKnownFolderPath` `ShellExecuteW` `ShellExecuteExA`
ole32.dll	`CoUninitialize` `CoInitializeSecurity` `CoSetProxyBlanket` `CoInitializeEx` `CoTaskMemFree` `CoCreateInstance` `CoInitialize`
OLEAUT32.dll	`VariantClear` `SysAllocString` `SysFreeString`
dxgi.dll	`CreateDXGIFactory`
IPHLPAPI.DLL	`GetAdaptersInfo`
WININET.dll	`InternetReadFile` `InternetCloseHandle` `InternetOpenA` `InternetOpenUrlA` `DeleteUrlCacheEntryA`
WebView2Loader.dll (delay-loaded)	`CreateCoreWebView2EnvironmentWithOptions`

Delayed Imports

Attributes	`0x1`
Name	`WebView2Loader.dll`
ModuleHandle	`0x5933e0`
DelayImportAddressTable	`0x5933d0`
DelayImportNameTable	`0x451ba0`
BoundDelayImportTable	`0x451be0`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

OPENSSL_Applink

Ordinal	`1`
Address	`0x12acc0`

102

Type	`TEXTFILE`
Language	English - United States
Codepage	UNKNOWN
Size	`0xd71a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.19701`
MD5	`2105b6ea2a16284536fd60f7b8109756`
SHA1	`cddebbff9f8a45385c80933f157ef230b3417a7a`
SHA256	`68ba48106ad55948e24b55e92ac8adabee4eaddc95f22de9c4de4cd687bd45cc`
SHA3	`5f6178aeb755b8f6f09239f7c5ad55daebd48ec373c0c324c75800e4e0132372`

103

Type	`TEXTFILE`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2dd2a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.71296`
MD5	`5225a54a3cd7533c40f13fe46c12649d`
SHA1	`9e83d060a2f9544f0eae71308a974aebe626c2cd`
SHA256	`7ae4285829ef8be847880c5ce2947e98186b393af4f7680f893e95b37e9ffa7f`
SHA3	`33743b932be097e4eff438d4076c0e455c7ef22ebce00a4dee4c7be49bfab439`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x7d48`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.86212`
MD5	`47b474c5d62c7092fe6319bb5b12418f`
SHA1	`108e8e3e54853abef6bec7bf551a13e2ee03a29a`
SHA256	`94267694f784d1a4bdb9010ed7beb661404532124937dc330f6bdbc3942227a0`
SHA3	`174a65c67a20bddea92464d395f09a18982b0453fd52d16b27188f0f1a4cbc9b`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91924`
Detected Filetype	Icon file
MD5	`b9891dca55b2c71092d77164cf485ca9`
SHA1	`68fd3c3e7c98fe479695870dd6e65ac1a8aee089`
SHA256	`12dcbc2b3904b89ec8a24df3cc304c66f8792b878d14463f62413a94367562ff`
SHA3	`13abe87c2052aec1081c716e7f774aced97610e5211d68071ddebfee40dcb66d`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x27e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.06467`
MD5	`d875a3e09bd74a8f760449a19a351827`
SHA1	`870df3cd183e92816fb4f92427cafa686f946a33`
SHA256	`a148bb733a7a6233501d6e615bcd37bedb995c29670798088e6c9c325b4429c8`
SHA3	`782f36c3fdf8521b0f1ebd9c721ce82161d3bd77c965734f3fd2714a3113db23`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Apr-01 05:06:41
Version	`0.0`
SizeofData	`78`
AddressOfRawData	`0x430af0`
PointerToRawData	`0x42fcf0`
Referenced File	C:\Users\DEV\Desktop\SNAILXV2\SNAILX\build\SNAILX.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Apr-01 05:06:41
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x430b40`
PointerToRawData	`0x42fd40`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Apr-01 05:06:41
Version	`0.0`
SizeofData	`1264`
AddressOfRawData	`0x430b54`
PointerToRawData	`0x42fd54`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2025-Apr-01 05:06:41
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x140431090`
EndAddressOfRawData	`0x1404317cc`
AddressOfIndex	`0x140595bb8`
AddressOfCallbacks	`0x140343af0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES`
Callbacks	`0x00000001403097A0` `0x0000000140309808`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140457340`

RICH Header

XOR Key	`0x282616e7`
Unmarked objects	`0`
ASM objects (27412)	`14`
C++ objects (27412)	`195`
ASM objects (34321)	`12`
C objects (34321)	`19`
C++ objects (34321)	`115`
C objects (27412)	`24`
C objects (CVTCIL) (27412)	`2`
C objects (34123)	`744`
Unmarked objects (#2)	`35`
Imports (27412)	`29`
Total imports	`353`
C++ objects (LTCG) (34808)	`20`
Exports (34808)	`1`
Resource objects (34808)	`1`
151	`1`
Linker (34808)	`1`

b42bd1b909f55056dd95ba32655d405a

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

Imports

Delayed Imports

OPENSSL_Applink

102

103

1

101

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors