Manalyze report for bc3b4377a7f4dded755f48d376c0c173

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2024-Jul-22 07:43:26
Detected languages	English - United States
TLS Callbacks	2 callback(s) detected.
CompanyName	uXhebtE5UI2k003mkVhR inc.
FileDescription	uXhebtE5UI2k003mkVhR for uXhebtE5UI2k003mkVhR
FileVersion	`3.0`
InternalName	uXhebtE5UI2k003mkVhR
LegalCopyright	uXhebtE5UI2k003mkVhR uXhebtE5UI2k003mkVhR
OriginalFilename	uXhebtE5UI2k003mkVhR
ProductName	uXhebtE5UI2k003mkVhR
ProductVersion	`1.0`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Looks for VMWare presence: VMware` `Contains domain names: google.com https://google.com`
Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Possibly launches other programs: ShellExecuteA` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Has Internet access capabilities: InternetCheckConnectionA`
Suspicious	The PE is possibly a dropper.	`Resources amount for 98.8544% of the executable.`
Info	The PE is digitally signed.	`Signer: Dalian Zongmeng Network Technology Co.` `Issuer: Certum Extended Validation Code Signing 2021 CA`
Malicious	VirusTotal score: 5/75 (Scanned on 2024-07-27 20:31:57)	`DeepInstinct: MALICIOUS` `Elastic: malicious (moderate confidence)` `Kaspersky: UDS:Trojan.Win64.SleepObf.dq` `Webroot: Trojan.Dropper.Gen` `ZoneAlarm: UDS:Trojan.Win64.SleepObf.dq`

Hashes

MD5	`bc3b4377a7f4dded755f48d376c0c173`
SHA1	`2204754e4ff58fb666c8c9ff2bbe7208e83b72f4`
SHA256	`3e5547790a7148b99733c94dbe1b690eb13dace3d9fdc0298db7eaa2c5fd3b88`
SHA3	`963c1ac36356b835aabfb245c959c6cd864e4be440efbd83979d5e743c75aab8`
SSDeep	`49152:T22Td5mKnwQY0j4NR3J7kgi0nVIJowqNNoJRfJ8M8Hxhcx1fkt3Xb34k0MJOTIR:/IKnwQ7j2Regi0nVIJowqNNop8M8Hof`
Imports Hash	`503e5b28a848f841a1d6f249a5154b23`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`11`
TimeDateStamp	2024-Jul-22 07:43:26
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0x2c00`
SizeOfInitializedData	`0x2ecc00`
SizeOfUninitializedData	`0x200`
AddressOfEntryPoint	`0x00000000000013F0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x2f5000`
SizeOfHeaders	`0x400`
Checksum	`0x2fd2d7`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`9f6460ed1c36f7177aa87f1fc80048cd`
SHA1	`4c55aaa9f186c26dfc80a5464a05ca699c107d89`
SHA256	`5828a73787c3c71d3fdd1a4f397c9203ff94d7fa077ffa9e420ac2ae6bc67127`
SHA3	`e9c74fe9c23e7e85a1f7d4d9c2e44969c41943206efb1c52585b2b1b7a605034`
VirtualSize	`0x2a48`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.75951`

.data

MD5	`95301ebb078d698066c7e51f77038eb1`
SHA1	`1963d080105a858eed0931805ee4d93c507d43c6`
SHA256	`2f13893c622dfbcc67f8551eed71d80ee2f5d33f82619161598a717717983db7`
SHA3	`2c65115982275454aee146b7f1df9781fa6dd9bb1279e3ef8be68ab3628f0e6e`
VirtualSize	`0x1a0`
VirtualAddress	`0x4000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.2097`

.rdata

MD5	`5063bae1d6cb6f46673460c33ceee396`
SHA1	`c43e8654972e44cda0cfa0bc68a48ffa4c521f63`
SHA256	`0dd6d4207a9fe66d8d012b0a591a04067bc771271e4da2c6c67b6097eae8da27`
SHA3	`f25e238229a0f148cea44139b89ed2578a31df1fa5b5ff915d24d8eff06e0271`
VirtualSize	`0xc40`
VirtualAddress	`0x5000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x3200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.54408`

.pdata

MD5	`944b7c59261aadf13412ded971d1568b`
SHA1	`318928ab5e992e9b3d55a6d0835b7083f118e803`
SHA256	`949bf65d1cc408d80fc8f1e28e62d164aff8923349063875ab644e1995b7b738`
SHA3	`177a70b35656a53c7a220c9302f44bdcd248087a9e7bfba23f9a1b74e6a547f1`
VirtualSize	`0x2f4`
VirtualAddress	`0x6000`
SizeOfRawData	`0x400`
PointerToRawData	`0x4000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.18888`

.xdata

MD5	`909aae68487fd035088cd74bff5510bf`
SHA1	`28cd7b2cc5f24d408a77bc908b39f0cafc6969bf`
SHA256	`960e5ed8800f957dff00ea64a517b474e3f70a10850a7b29a682400ef1bdaf64`
SHA3	`421d3b0ec210f69e9d8d4d2bc6f544eac2e335bac2d578041c795a419155491a`
VirtualSize	`0x26c`
VirtualAddress	`0x7000`
SizeOfRawData	`0x400`
PointerToRawData	`0x4400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.89088`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x180`
VirtualAddress	`0x8000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`a641292d1ed49d14ac54f8d223223908`
SHA1	`8cc4ade5833d7820b8b1bbed98e8c88c7c67a2db`
SHA256	`1f143a78787c9a5e9c3527f56fea8ac031bc43b59eb052976f11a2f719597716`
SHA3	`3af0cfa08b1105438bb6bdb8f742fb7db37f99a79bfda970807d6e073f98797e`
VirtualSize	`0xca4`
VirtualAddress	`0x9000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x4800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.84081`

.CRT

MD5	`81ae72a02aa2e4feae80ecddc99ff0b0`
SHA1	`ade3fd9833bf33ab296af0e438d6c7c9c932b85b`
SHA256	`e130a2be850b2c49e59181c45d66c02f8d3b08c6800caa82e91ab0333bb7d6fb`
SHA3	`2f3cf31465d653967d86d5461263ed1fd59658619c3187d66dd11108bc033e0d`
VirtualSize	`0x60`
VirtualAddress	`0xa000`
SizeOfRawData	`0x200`
PointerToRawData	`0x5600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.28656`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x10`
VirtualAddress	`0xb000`
SizeOfRawData	`0x200`
PointerToRawData	`0x5800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`9a7c9e67f72bb25f94f9059c50f14fb3`
SHA1	`f82e32752663d715b8b862009b6c86b1652be9da`
SHA256	`8d0469cfff4e4f304673bd6efabe4d15b4e0348186d8b6f12678e913e815283f`
SHA3	`af4a4ec0e2b7dcd29f71f67b2ed073037d5e6328e8b64221ea7b8a1f939d8f41`
VirtualSize	`0x2e7233`
VirtualAddress	`0xc000`
SizeOfRawData	`0x2e7400`
PointerToRawData	`0x5a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.78995`

.reloc

MD5	`758c35e6d8ac148d6d46c1b9c33bdeb4`
SHA1	`f4393c42cc003dfb4db443cad9ce0eeccfa2339a`
SHA256	`0f47ad14b2246128ddb908ab84d566bd851c813fa5155993687d8230c82d2016`
SHA3	`d0001aba65f25883fec0dbeb50a4655022d4eb04908cbbd48b8a3bf20fdcb5ee`
VirtualSize	`0xac`
VirtualAddress	`0x2f4000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2ece00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.04541`

Imports

KERNEL32.dll	`CreateThread` `DeleteCriticalSection` `EnterCriticalSection` `FindResourceW` `FreeConsole` `GetExitCodeThread` `GetLastError` `GetModuleHandleA` `GetProcAddress` `GetSystemInfo` `GlobalMemoryStatusEx` `InitializeCriticalSection` `LeaveCriticalSection` `LoadLibraryA` `LoadResource` `SetUnhandledExceptionFilter` `SizeofResource` `Sleep` `TlsGetValue` `VirtualAlloc` `VirtualProtect` `VirtualQuery` `WaitForSingleObject`
api-ms-win-crt-environment-l1-1-0.dll	`__p__environ` `__p__wenviron`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `calloc` `free` `malloc`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-private-l1-1-0.dll	`__C_specific_handler` `memcpy` `strstr`
api-ms-win-crt-runtime-l1-1-0.dll	`__p___argc` `__p___argv` `__p___wargv` `_cexit` `_configure_narrow_argv` `_configure_wide_argv` `_crt_at_quick_exit` `_crt_atexit` `_exit` `_initialize_narrow_environment` `_initialize_wide_environment` `_initterm` `_set_app_type` `_set_invalid_parameter_handler` `abort` `exit` `signal`
api-ms-win-crt-stdio-l1-1-0.dll	`__acrt_iob_func` `__p__commode` `__p__fmode` `__stdio_common_vfprintf` `__stdio_common_vfwprintf` `fwrite`
api-ms-win-crt-string-l1-1-0.dll	`memset` `strlen` `strncmp`
api-ms-win-crt-time-l1-1-0.dll	`__daylight` `__timezone` `__tzname` `_tzset`
SHELL32.dll	`ShellExecuteA`
USER32.dll	`EnumDisplayDevicesA`
WININET.dll	`InternetCheckConnectionA`

Delayed Imports

94

Type	`MYRES`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2d4a00`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.78287`
MD5	`71416313878fe7dd3f9868c4fad17e6d`
SHA1	`e28b4a35cbe80e364c08b5cb53a2e73f8d4e42e5`
SHA256	`8e187fc26ea63ea38336ee63898cb741e9c7f9349ea425ca12d3627bfd4e915b`
SHA3	`605d8aed1dbf9a4148ddbd14743dd7401d3da5b14e115040906ec0fb891df762`

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x754c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98228`
Detected Filetype	PNG graphic file
MD5	`f122f263b2ef15c96e11ec6f64924e5f`
SHA1	`f91dfc18b7c1b4f11ba7943ab896a47a1aa5445b`
SHA256	`ffa1eb8c3a5e1e7d616cd4b8826172993f87ad9c335c85acaaa3420cb31f7a2a`
SHA3	`2a8cb77bdf1981c7dbc5bbcb31d410c0294e9dffa044da2a9e9662cae41e9cb8`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.76147`
MD5	`e00f6d27dbf0cede6fcb740bd3af2212`
SHA1	`ed36bee2214e07a6d825d8344ab6e56d4e37620e`
SHA256	`8fee3221a00e1a343e2c5283e5099c64195413878ddfeee9517240f0b406e4af`
SHA3	`9b68d0eacba8fdb20ac26564b38e87f3562eb9829816d2fd2ddebe794150d0a9`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.93183`
MD5	`d37bd230979d5e00b626106b58e1e314`
SHA1	`5c0f5399eec5e3c9db5b8d300981d3183979b5dc`
SHA256	`6f6fbcd5c77ed9c2e9f9330863ff0d612439b78dbe757068c09ad1ca6bfd39dc`
SHA3	`461e0fd04516a4a70cc93455048c3c44cb4d5b24dd580045fecd3d06fc16ad4f`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1a68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.99384`
MD5	`49a878bffe424c5a147f4b6a446ff61c`
SHA1	`cba4a6fabc87c4ac83528e494e0945541048b8f3`
SHA256	`3a64bab958b594bdc703fcdd33ceb2fdc7a4ebb037c27540b84d2550e609a628`
SHA3	`e9158b5d4ee9195bca8b2709f45e09703792474268cd3b943ccd8d000c7cab96`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.73833`
MD5	`546c25d9009d8a12d892ab54fcb7ae40`
SHA1	`b6c3bd223d4df092f3bfb7648ecc0c381574e419`
SHA256	`7dce77fda9a5a4e693d6cc5aaae92c14f1d9e4dc662be241380db6079c4728c7`
SHA3	`c6fe8f349ae981e55ff3ca13aa4a5d23d257b65080829df84bddc0b544d64926`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.69067`
MD5	`0b40accf95729d159d45a4fbf6c9db64`
SHA1	`53127e3cfb11c62fa432bf0434042cc5fb4906f0`
SHA256	`ec9c86ae66e21dcb5ba2f4cf6a389f3da16d0d41ecb1d48a88586c023ec643db`
SHA3	`9fc0ee85d2471359cd9bd9988cba665ddcffeeeec0c5c1df2140b3582e1ccbc4`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x6b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.63359`
MD5	`fef04514cddd694c34c1031d3e5a3c3a`
SHA1	`da0a7ff83cc79439346eed15e324d1a88346668f`
SHA256	`6037660cd5b7a82bd4b6db8e591627c6d09245d275b2c833ee46b825021d7681`
SHA3	`b9bf8818b9e7068b2ad149d8f309d092a66868cec69d694d9eae76b95757e112`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.29761`
MD5	`ca70d149b9156d320e826232fc74ecd4`
SHA1	`22f09ee0b16a3898b4884314b7e15f2e5465abee`
SHA256	`1936786e4e8bbe4290625c2adcdc884818d7fa1ad792ca74490de7efc802385c`
SHA3	`fd490d5c7af8403b1682ffa9304fe983f2ac24062b31fc16eac77f0a142512ae`

ICONGROUP83

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x76`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.95799`
Detected Filetype	Icon file
MD5	`6550cd92e82c92956bb0d5ad430d8a58`
SHA1	`6548edfafbd17fcba87d7eb01575df8832f995ce`
SHA256	`e5ca4ace3373fe7d80c5224d45b5617b41a062f3f9afd661133798187c5754a7`
SHA3	`bb64f2186cf6f25fa6063ed83a47595279b8e106c4f4880fdc7cf744cf2f7566`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x36c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.52169`
MD5	`41f398976de22998d51ab76fdddd20e7`
SHA1	`f04f29d0b3699b1c23e8608fcfd067c7fffd6a92`
SHA256	`73f6ddb48853faa84c460dcc1ff8b10f45cf0f748d7839aba896920bbe423a5f`
SHA3	`33d95e38884bfe84c87969206ed0841f59903ab914dca7b5ef8be92ca373ff28`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x48f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.13793`
MD5	`5aa04ce935e78505e230765e85c34355`
SHA1	`6c93b8c5fde8be4b2231dca6b8ec513cdc82c991`
SHA256	`a73f26a8d504043f785d7360e8febf2eeb8522ec873a0d4dd5d1d4bfd1e67d3d`
SHA3	`149467cafc03ba34b33cd8076fc2771413760822357952de205dbae2b5cb8059`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	39024.21825.17476.4643
ProductVersion	1.1.2.2
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	uXhebtE5UI2k003mkVhR inc.
FileDescription	uXhebtE5UI2k003mkVhR for uXhebtE5UI2k003mkVhR
FileVersion (#2)	3.0
InternalName	uXhebtE5UI2k003mkVhR
LegalCopyright	uXhebtE5UI2k003mkVhR uXhebtE5UI2k003mkVhR
OriginalFilename	uXhebtE5UI2k003mkVhR
ProductName	uXhebtE5UI2k003mkVhR
ProductVersion (#2)	1.0

Resource LangID	English - United States

TLS Callbacks

StartAddressOfRawData	`0x14000b000`
EndAddressOfRawData	`0x14000b008`
AddressOfIndex	`0x14000806c`
AddressOfCallbacks	`0x14000a038`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x0000000140002550` `0x0000000140002520`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!