Manalyze report for c9f2e2abb046ff2535537182edf9a9b748aa10a22e98a1d8c948d874f4ffb304

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2024-Nov-09 18:42:59
Detected languages	Chinese - PRC

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: cmd.exe` Contains domain names: aliyuncs.com cn-shanghai.aliyuncs.com example.com http://stools.oss-cn-shanghai.aliyuncs.com http://stools.oss-cn-shanghai.aliyuncs.com/version2.txt http://update.wudrm.com http://update.wudrm.com/version2.txt http://www.winimage.com http://www.winimage.com/zLibDll https://curl.se https://update.steamui.com https://update.steamui.com/version2.txt oss-cn-shanghai.aliyuncs.com shanghai.aliyuncs.com steamui.com stools.oss-cn-shanghai.aliyuncs.com update.steamui.com update.wudrm.com winimage.com wudrm.com www.winimage.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found: .gxfg` `Unusual section name found: .gehcont`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryExW` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Can access the registry: RegQueryValueExA RegCloseKey RegOpenKeyExA` `Possibly launches other programs: CreateProcessW ShellExecuteW` `Uses Windows's Native API: ntohl ntohs` `Uses Microsoft's cryptographic API: CryptQueryObject CryptDecodeObjectEx CryptStringToBinaryA CryptDestroyHash CryptAcquireContextA CryptReleaseContext CryptGetHashParam CryptGenRandom CryptCreateHash CryptHashData CryptDestroyKey CryptImportKey CryptEncrypt` `Can create temporary files: CreateFileA CreateFileW GetTempPathW` `Leverages the raw socket API to access the Internet: gethostname sendto recvfrom WSAEventSelect WSAEnumNetworkEvents WSACreateEvent WSACloseEvent freeaddrinfo getaddrinfo ntohl ioctlsocket listen htonl socket send recv closesocket accept WSACleanup WSAStartup WSAIoctl setsockopt ntohs htons getsockopt getsockname getpeername connect bind WSASetLastError select __WSAFDIsSet inet_pton WSAGetLastError` `Enumerates local disk drives: GetDriveTypeW` `Interacts with the certificate store: CertOpenStore CertAddCertificateContextToStore`
Malicious	VirusTotal score: 44/71 (Scanned on 2024-11-22 20:16:44)	`ALYac: Trojan.GenericKD.74742965` `APEX: Malicious` `AVG: Win64:MalwareX-gen [Trj]` `AhnLab-V3: Trojan/Win.Generic.R672731` `Alibaba: TrojanDownloader:Win32/MalwareX.c899e3d3` `Antiy-AVL: GrayWare/Win32.Wacapew` `Arcabit: Trojan.Generic.D4747CB5` `Avast: Win64:MalwareX-gen [Trj]` `Avira: TR/Dldr.Agent.bylhn` `BitDefender: Trojan.GenericKD.74742965` `Bkav: W32.Common.F3575FB5` `CTX: exe.trojan.generic` `CrowdStrike: win/malicious_confidence_70% (D)` `Cylance: Unsafe` `Cynet: Malicious (score: 99)` `DeepInstinct: MALICIOUS` `Emsisoft: Trojan.GenericKD.74742965 (B)` `F-Secure: Trojan.TR/Dldr.Agent.bylhn` `FireEye: Trojan.GenericKD.74742965` `Fortinet: W32/PossibleThreat` `GData: Trojan.GenericKD.74742965` `Ikarus: Trojan-Downloader.Agent` `Kaspersky: Trojan-Downloader.Win32.Agent.xycybq` `Kingsoft: Win32.Riskware.Gamehack.fn` `Lionic: Trojan.Win32.Agent.tsGy` `Malwarebytes: PUP.Optional.ChinAd.DDS` `MaxSecure: Trojan.Malware.301355688.susgen` `McAfee: Artemis!BBF15E65D4E3` `McAfeeD: ti!C9F2E2ABB046` `MicroWorld-eScan: Trojan.GenericKD.74742965` `Microsoft: Trojan:Win32/Malgent!MSR` `Paloalto: generic.ml` `Panda: Trj/Chgt.AD` `Rising: Downloader.Agent!8.B23 (CLOUD)` `Sangfor: Downloader.Win32.Agent.Vb0z` `Skyhigh: BehavesLike.Win64.Dropper.dh` `Sophos: Mal/Generic-S` `Symantec: ML.Attribute.HighConfidence` `Tencent: Malware.Win32.Gencirc.142125e9` `TrendMicro-HouseCall: TROJ_GEN.R002H09KI24` `VBA32: TrojanDownloader.Agent` `VIPRE: Trojan.GenericKD.74742965` `Xcitium: Malware@#3euw0cqsdzgba` `alibabacloud: Trojan[downloader]:Win/Wacatac.B9nj`

Hashes

MD5	`bbf15e65d4e3c3580fc54adf1be95201`
SHA1	`79091be8f7f7a6e66669b6a38e494cf7a62b5117`
SHA256	`c9f2e2abb046ff2535537182edf9a9b748aa10a22e98a1d8c948d874f4ffb304`
SHA3	`cdc0db213a2a0945db042da9a5df648a24eb360055b004efeeb64416722197ca`
SSDeep	`24576:4Fa9OUi2VoN2gZ1M8UQag3BXrYZt+GgGTfG74T+TRcL:Z9OUiTN2gZ1MExEZkkf+4TARg`
Imports Hash	`aa12b10b1679206dac295d5bb9ba213b`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x128`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`8`
TimeDateStamp	2024-Nov-09 18:42:59
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xa6c00`
SizeOfInitializedData	`0x4f400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000075A6C (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xfb000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`c27726abd396f4d30c328f1c1d542be1`
SHA1	`305799a1f3997a46f13c76ed98577f58be73c593`
SHA256	`5ef894c0c515155c1fa5ac107ba4789bbbea7abe7457ced67244527bc4f9ef98`
SHA3	`d1d258fa3d265e4584fa04cbae6eec9568e12060188477f96d32b807bab5c30f`
VirtualSize	`0xa6b84`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa6c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.44418`

.rdata

MD5	`7f5308c7815a996e2d5cbbb73de84eab`
SHA1	`f66024f8c1a8281224e4049c7a706c13690e860d`
SHA256	`15a86c6a405f6cd332dd70b6b36b8d6764286c094b4416b4a33d84407dbf3a08`
SHA3	`a78b4011e7a8492a225a642fc1b5e956307dc31f5f7dbde9743fed888cd9f424`
VirtualSize	`0x35724`
VirtualAddress	`0xa8000`
SizeOfRawData	`0x35800`
PointerToRawData	`0xa7000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.55082`

.data

MD5	`88906c65bc1d7c35268d0a641ce9c5b3`
SHA1	`8ac7616f3c89424e080fb3cb1444ec5b2e12c086`
SHA256	`ff598d0fe60e1b8e72efe9a86580aa8ebcd4ba2db9e9218c675b8f5aaa23351c`
SHA3	`4961fc06c0a940fd1b899bf42ca238ccfae6a514dab4a0e0412dfeff76234a3a`
VirtualSize	`0x37b8`
VirtualAddress	`0xde000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0xdc800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.42001`

.pdata

MD5	`1429e8e8ca6f04108af9080c195dcae4`
SHA1	`5ba98d093e905637507a0952ed91ebcf253f1490`
SHA256	`6ffd3465ccc716e38454a8cfd54cf1d6e403b26cbf10dc0ffbf50bc9e79f6c77`
SHA3	`596ecba0b712301187da085454c8a93ab9664ad053e806dc4190c1e17631780a`
VirtualSize	`0x74a0`
VirtualAddress	`0xe2000`
SizeOfRawData	`0x7600`
PointerToRawData	`0xde400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.84884`

.gxfg

MD5	`646eb08eb16ea1367f919790744879c5`
SHA1	`75d95e44b5b3b2410c000f7838836c5c795d227a`
SHA256	`1f72b0be5b4f2602846a18a0a6bd5fecd95504e055a910bbf4dded7328455ccc`
SHA3	`1be61a50a9b19b565d8e541b36559fdc63e782ab3a091b029cffe0208475c80d`
VirtualSize	`0x2d30`
VirtualAddress	`0xea000`
SizeOfRawData	`0x2e00`
PointerToRawData	`0xe5a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.16285`

.gehcont

MD5	`ad25a149806c432454516b3f4cb81898`
SHA1	`3dba88e5aa36c4f8720ca7adab13cadc921da4a1`
SHA256	`295c4bb5bd97de58dc62781973679963437da5e9d64fc088ea61453e8759d87b`
SHA3	`12bea13cc963dce782a0ceaa6cf707854cbf2ad1455124cbab6e2fd76e97776d`
VirtualSize	`0x24`
VirtualAddress	`0xed000`
SizeOfRawData	`0x200`
PointerToRawData	`0xe8800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.183339`

.rsrc

MD5	`e9ebc2f2cab6e7c62192625b0e6a1fff`
SHA1	`0c4acafd0ca95e1ffbb012dd2fb95a2892737ec9`
SHA256	`6caa5f983222535721448912ad003404e2d3acfd290a625fc9c6a3d339422d04`
SHA3	`9de1a6b6bf3b69323de156df3483b73455c68e81e3045655eed9dab8d5094306`
VirtualSize	`0xa9b0`
VirtualAddress	`0xee000`
SizeOfRawData	`0xaa00`
PointerToRawData	`0xe8a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.82374`

.reloc

MD5	`ca5e29b044dcf2fab187706e5a528ca2`
SHA1	`6ddab703d72425d202e9228eec5bdc40cf992a2f`
SHA256	`408b57f90adb9e8e6841392391e59582cc2446c82fb211e88822d30e13fa14ab`
SHA3	`1f79f973db5fb65391c96c873d6f1d628226c3749d3b965de87d7f8824a627d5`
VirtualSize	`0x13b8`
VirtualAddress	`0xf9000`
SizeOfRawData	`0x1400`
PointerToRawData	`0xf3400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.41658`

Imports

CRYPT32.dll	`CertCreateCertificateChainEngine` `CertGetCertificateChain` `CertFreeCertificateChainEngine` `CryptQueryObject` `CertGetNameStringA` `CertFindExtension` `CertOpenStore` `CertAddCertificateContextToStore` `CryptDecodeObjectEx` `PFXImportCertStore` `CryptStringToBinaryA` `CertFreeCertificateContext` `CertFindCertificateInStore` `CertEnumCertificatesInStore` `CertCloseStore` `CertFreeCertificateChain`
WLDAP32.dll	`#301` `#200` `#30` `#143` `#46` `#211` `#60` `#45` `#50` `#41` `#22` `#26` `#27` `#32` `#33` `#35` `#79`
WS2_32.dll	`gethostname` `sendto` `recvfrom` `WSAEventSelect` `WSAEnumNetworkEvents` `WSACreateEvent` `WSACloseEvent` `freeaddrinfo` `getaddrinfo` `ntohl` `ioctlsocket` `listen` `htonl` `socket` `send` `recv` `closesocket` `accept` `WSACleanup` `WSAStartup` `WSAIoctl` `setsockopt` `ntohs` `htons` `getsockopt` `getsockname` `getpeername` `connect` `bind` `WSASetLastError` `select` `__WSAFDIsSet` `inet_pton` `WSAGetLastError`
KERNEL32.dll	`HeapSize` `SetEndOfFile` `GetProcessHeap` `SetEnvironmentVariableW` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetOEMCP` `GetACP` `IsValidCodePage` `GetTimeZoneInformation` `SetStdHandle` `HeapReAlloc` `EnumSystemLocalesW` `GetUserDefaultLCID` `IsValidLocale` `FlsFree` `FlsSetValue` `FlsGetValue` `FlsAlloc` `CreateProcessW` `GetExitCodeProcess` `WaitForSingleObject` `HeapFree` `FlushFileBuffers` `HeapAlloc` `GetConsoleOutputCP` `ReadConsoleW` `GetConsoleMode` `GetCommandLineW` `GetCommandLineA` `ExitProcess` `GetModuleFileNameW` `WriteFile` `SetFilePointerEx` `GetStdHandle` `SetCurrentConsoleFontEx` `GetFileAttributesW` `MultiByteToWideChar` `WriteConsoleW` `SetConsoleCP` `SetConsoleOutputCP` `GetLastError` `SetLastError` `FormatMessageW` `QueryPerformanceCounter` `GetTickCount` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionEx` `DeleteCriticalSection` `Sleep` `SleepEx` `QueryPerformanceFrequency` `GetSystemDirectoryA` `FreeLibrary` `GetModuleHandleA` `GetProcAddress` `LoadLibraryA` `MoveFileExA` `CloseHandle` `WaitForSingleObjectEx` `WideCharToMultiByte` `GetEnvironmentVariableA` `GetFileType` `ReadFile` `PeekNamedPipe` `WaitForMultipleObjects` `VerSetConditionMask` `VerifyVersionInfoA` `CreateFileA` `GetFileSizeEx` `FileTimeToSystemTime` `SystemTimeToTzSpecificLocalTime` `GetDriveTypeW` `GetModuleHandleExW` `FreeLibraryAndExitThread` `ExitThread` `CreateThread` `LoadLibraryExW` `RaiseException` `RtlPcToFileHeader` `RtlUnwindEx` `CreateFileW` `InitializeSListHead` `GetCurrentThreadId` `GetCurrentProcessId` `GetStartupInfoW` `IsDebuggerPresent` `IsProcessorFeaturePresent` `TerminateProcess` `GetCurrentDirectoryW` `CreateDirectoryW` `RtlUnwind` `DeleteFileW` `FindClose` `FindFirstFileExW` `FindNextFileW` `GetFileAttributesExW` `GetFileInformationByHandle` `GetFullPathNameW` `RemoveDirectoryW` `GetTempPathW` `AreFileApisANSI` `GetModuleHandleW` `MoveFileExW` `GetStringTypeW` `InitializeCriticalSectionAndSpinCount` `CreateEventW` `SwitchToThread` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `GetSystemTimeAsFileTime` `EncodePointer` `DecodePointer` `CompareStringW` `LCMapStringW` `GetLocaleInfoW` `GetCPInfo` `SetEvent` `ResetEvent` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess`
ADVAPI32.dll	`CryptDestroyHash` `RegQueryValueExA` `RegCloseKey` `CryptAcquireContextA` `CryptReleaseContext` `CryptGetHashParam` `CryptGenRandom` `CryptCreateHash` `CryptHashData` `CryptDestroyKey` `CryptImportKey` `CryptEncrypt` `RegOpenKeyExA`
SHELL32.dll	`SHGetFolderPathW` `ShellExecuteW`
ole32.dll	`CoUninitialize` `CoCreateInstance` `CoInitialize`

Delayed Imports

1

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.674`
MD5	`20198b44309f7855187ab2695f6cb4ba`
SHA1	`5d86ce374d94785e53845af492611e042c240422`
SHA256	`0662b983198cf0ddef9e999948eb0fe4664d665a4ae6a0c8555c9793f8956df9`
SHA3	`87f99047512551a2dcd0d9d228d89c7fdf923946a88c0fba18f3f251d46a66e6`

2

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.74471`
MD5	`a80b4d09dd09f3195e3d4022efffc824`
SHA1	`dbb87b7278ec0d3c8d14ddafa0837122163d0208`
SHA256	`2376aa0bbaabcdc283d47d2350168b28aa6b913b2b54ffcba8345770b99d451b`
SHA3	`a564659aa95916801e334a6ee4aa17d3e61ea682f2cf660d2cd1673c35ab7c11`

3

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x1a68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.7742`
MD5	`c0dc0e31bf14d718826da9769fe1c907`
SHA1	`bc91d1df1702943321e5f856b9920814d6c2c767`
SHA256	`9c18f2edad171665d7d6ffd9552cd8623bdcd834c99d26a0eb1854c6f1c7e928`
SHA3	`41d1a76dd3ae53fd638c19ac38fb0454390c1bbe0c61613134675c7b485abdcd`

4

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.9273`
MD5	`fc58965046ccb20050d158eafc418371`
SHA1	`b439cbbb5bd3e6a93e11831fffd3bb29c368e765`
SHA256	`10b34d96e984db0959b4564b84d3692f0e3027fd38f619ba8fed8da838f3fde9`
SHA3	`22da136cd9e9bda91e9f22bcf83e77704949fbf8108855e067b597f2f9d81745`

5

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.97868`
MD5	`b8833937a59e01420b51fb9dfefc19ff`
SHA1	`e23d652b6edf0cfbc05e5cf197b9fd20ace330bd`
SHA256	`1c10edd34d5311da45b90eca0cab699091a09055e0c4fd848316c50c5b738b2e`
SHA3	`61485f174cdd85c0d74c102d5f6b5837afac6b7c209f649cd1e806e02213a471`

6

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x6b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.06147`
MD5	`e72c807f5120396074a6b3ba448efd26`
SHA1	`52b0f0dd18432e586a19906d82d5daa7cc5c8b1f`
SHA256	`c392331bd4f2a11abbd0cdc8f61d8815e64761450b3b287ac483d2ea6922f574`
SHA3	`8875a7b538b0a20412369f6edfb7f8ea8b58522a8e3470e641474fad5787530b`

7

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.23102`
MD5	`1aeca6d42a9c12538c1ce27f8d80545f`
SHA1	`716a84be114145d178c6352e0837ded5a29ebf87`
SHA256	`4ab6fceefc10a14d720b58e79183740ee21a51962a538b4e461ca20e3937fb76`
SHA3	`543631ca037f85b23081daf86a1bbb7e084cc9828bb97bcc85c377137186ba35`

101

Type	`RT_GROUP_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.96825`
Detected Filetype	Icon file
MD5	`8d73010b7cbf282f2b4f09ff48348599`
SHA1	`7df0a6da88d69663f84fdcaafcf2d70e6ba3ec48`
SHA256	`d3c4afccd00e8ba799c5c358a3c2ae89ce20c2eb02b408095d5b8eb34ef6bb7b`
SHA3	`043731ff906ecc3a06524cae5d4bc7ff94d05e380e2ba0bb0d0dd29b1124ee30`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2024-Nov-09 18:42:59
Version	`0.0`
SizeofData	`964`
AddressOfRawData	`0xd0314`
PointerToRawData	`0xcf314`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2024-Nov-09 18:42:59
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x1400d06f8`
EndAddressOfRawData	`0x1400d0700`
AddressOfIndex	`0x1400e09cc`
AddressOfCallbacks	`0x1400a87d8`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x100`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1400de130`

RICH Header

XOR Key	`0x1a37ee59`
Unmarked objects	`0`
C++ objects (30795)	`203`
ASM objects (30795)	`13`
199 (41118)	`7`
ASM objects (VS 2015/2017 runtime 26706)	`9`
C++ objects (VS 2015/2017 runtime 26706)	`69`
C objects (VS 2015/2017 runtime 26706)	`35`
C objects (VS2019 Update 2 (16.2) compiler 27905)	`6`
C objects (30795)	`22`
C objects (CVTCIL) (30795)	`1`
Imports (30795)	`15`
Total imports	`229`
C objects (VS2019 Update 10 (16.10.0-1) compiler 30037)	`108`
C objects (33134)	`2`
C++ objects (LTCG) (27051)	`1`
Resource objects (27051)	`1`
Linker (27051)	`1`

Errors

Leave a comment

No comments yet.