Manalyze report for bc47dcfe5ada1e63ba094bb3c8a4f9c3

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Dec-23 14:00:38
Detected languages	English - United States
TLS Callbacks	1 callback(s) detected.
Debug artifacts	ulta_loader.pdb
ProductName	ulta-client
ProductVersion	`0.1.0`
FileVersion	`0.1.0`
FileDescription	ulta-client

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: cmd.exe` Contains domain names: birthpopuptypesapplyImagebeinguppernoteseveryshowsmeansextramatchtrackknownearlybegansuperpapernorthlearngivennamedendedTermspartsGroupbrandusingwomanfalsereadyaudiotakeswhile.com genretrucklooksValueFrame.net github.com http://dummy.testC http://json-schema.org http://www.C http://www.a http://www.css http://www.hortcut http://www.icon http://www.interpretation http://www.language http://www.style http://www.text-decoration http://www.w3.org http://www.w3.org/shortcut http://www.wencodeURIComponent http://www.years https://docs.rs https://github.com https://khpkadmig.click https://tauri.localhost https://www.World https://www.recent json-schema.org schema.org thing.org www.w3.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA256` `Uses constants related to RC5 or RC6`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryW LoadLibraryA LoadLibraryExW LoadLibraryExA GetProcAddress` `Functions which can be used for anti-debugging purposes: SwitchToThread FindWindowW NtQuerySystemInformation NtQueryInformationProcess` `Code injection capabilities (PowerLoader): GetWindowLongW FindWindowW` `Can access the registry: RegGetValueW RegCloseKey RegQueryValueExW RegOpenKeyExW` `Possibly launches other programs: CreateProcessW` `Uses Windows's Native API: NtCreateFile NtWriteFile NtDeviceIoControlFile NtCancelIoFileEx NtQuerySystemInformation NtQueryInformationProcess NtReadFile` `Can create temporary files: GetTempPathW CreateFileW` `Uses functions commonly found in keyloggers: GetAsyncKeyState GetForegroundWindow MapVirtualKeyW` `Leverages the raw socket API to access the Internet: getaddrinfo freeaddrinfo closesocket WSACleanup WSAStartup getsockopt getpeername getsockname WSASocketW bind ioctlsocket shutdown recv send WSASend setsockopt WSAIoctl WSAGetLastError connect` `Functions related to the privilege level: OpenProcessToken` `Manipulates other processes: ReadProcessMemory OpenProcess` `Can take screenshots: GetDC FindWindowW BitBlt CreateCompatibleDC` `Interacts with the certificate store: CertAddCertificateContextToStore CertOpenStore`
Info	The PE is digitally signed.	`Signer: AkhaliNet LLC` `Issuer: Certum Code Signing 2021 CA`
Safe	VirusTotal score: 0/72 (Scanned on 2024-12-31 23:54:56)	`All the AVs think this file is safe.`

Hashes

MD5	`bc47dcfe5ada1e63ba094bb3c8a4f9c3`
SHA1	`83c3fe82cbb1f8d570552e8f66c11453eff3ef7c`
SHA256	`1019fa3937dfd904db26cfe4b99809ac3976cc5ca34ae48669a3a3f74ee42113`
SHA3	`7c1e2ca1fb34b58d81addf5d5676bf07a546bd53aa9f2d1bf69011fcc37e5b31`
SSDeep	`196608:WHgz0l4klHDQga1ejEs2LQ6BnFVrbUpkfjDWf:W+UDQ51ejEs5cnFtbUpkLD4`
Imports Hash	`b5021e60e9f63be405b716a23f24c7c4`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2024-Dec-23 14:00:38
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x9a1600`
SizeOfInitializedData	`0x4ccc00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000009727A4 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xe72000`
SizeOfHeaders	`0x400`
Checksum	`0xe6ff81`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`17a8d965abf1258676dc12d058eb95a2`
SHA1	`1d05868f625c6f744299110f50a38a2ced1c7692`
SHA256	`ff0439647c11dbc4d13f0fe1851731c3261ad8b70f68f0842d308d0c900be2b1`
SHA3	`02f7c9eb4dd2510134c24f0c6eeb9a8a51f370efb498b2740103c53ae281cf5f`
VirtualSize	`0x9a1600`
VirtualAddress	`0x1000`
SizeOfRawData	`0x9a1600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.16307`

.rdata

MD5	`f66c3b319089d11b6d327a7185b5e011`
SHA1	`70350ab83162072755b59a1818c6400f901394fa`
SHA256	`1d9a46784820d26ad70f9f2dfa3aa17a9c74e7c01d9e3f5a5d0b6e60a8862127`
SHA3	`33ab5d373782c13e24ac849c2fcf1ad6c8b66cb424e8a7addc6b64f6f2fa0d2f`
VirtualSize	`0x4249ba`
VirtualAddress	`0x9a3000`
SizeOfRawData	`0x424a00`
PointerToRawData	`0x9a1a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.73696`

.data

MD5	`ff616b4d4606da13f834e0ba000652c7`
SHA1	`12a109520dbe050d6f10b0ff90700b1f9cb54bc2`
SHA256	`68e17781a331b984984b425038fd4ce36b341cc10022673a230780bbe66528fc`
SHA3	`eef4af0eb88b0184b81350c1f0c686aad39d597a1f2a5578e36e7d6bd50d7ea2`
VirtualSize	`0x5680`
VirtualAddress	`0xdc8000`
SizeOfRawData	`0x2800`
PointerToRawData	`0xdc6400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.4722`

.pdata

MD5	`4d459570c68b11488cd1e66c0e9a182c`
SHA1	`ff244dba9705524ebd76780b77e16b097f72f737`
SHA256	`3eebeb5d8adafdfb951fe2aa9c14da4e22d61a2516e0f0605252dde92c556f36`
SHA3	`229c6ad2e2574a16829587a6cd4fc2010715db1de1b9e39ac8a4163cc0dc2715`
VirtualSize	`0x8b71c`
VirtualAddress	`0xdce000`
SizeOfRawData	`0x8b800`
PointerToRawData	`0xdc8c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.57839`

.rsrc

MD5	`71fe9da1b561ccd4bd5ed29a9fa91475`
SHA1	`92ce83113a350a5f23df74084ae07ce895374645`
SHA256	`45831b738c42ab41a2f03fc4504b499862fa03567904ff35452bbb24cf3d0252`
SHA3	`5360b9616d2fd84d50d94903d372fe4c577dc123bdb34eefac9fa6b7b95edbe7`
VirtualSize	`0x95f8`
VirtualAddress	`0xe5a000`
SizeOfRawData	`0x9600`
PointerToRawData	`0xe54400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.87144`

.reloc

MD5	`34e7da100e5c635a586fffb934cec37e`
SHA1	`78900eb91239868d4c9194932d2b123c8f134e57`
SHA256	`8e582d01840570c544d657716b55562e6dec8ed9f082b47ceea052d0e325b8f3`
SHA3	`c797cc7bf6e911a8287b9afe9ac5d766bc6dd93592aae45b10f1699d3500b7d3`
VirtualSize	`0xda14`
VirtualAddress	`0xe64000`
SizeOfRawData	`0xdc00`
PointerToRawData	`0xe5da00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.44295`

Imports

api-ms-win-core-synch-l1-2-0.dll	`WaitOnAddress` `WakeByAddressAll` `WakeByAddressSingle`
bcryptprimitives.dll	`ProcessPrng`
SHELL32.dll	`#190` `CommandLineToArgvW` `DragFinish` `DragQueryFileW` `SHCreateItemFromParsingName` `SHOpenFolderAndSelectItems` `SHAppBarMessage` `SHGetKnownFolderPath` `ShellExecuteExW`
ole32.dll	`CoTaskMemAlloc` `CoInitialize` `CoTaskMemFree` `RegisterDragDrop` `OleInitialize` `CoCreateInstance` `CoInitializeEx` `RevokeDragDrop` `CoUninitialize`
kernel32.dll	`IsProcessorFeaturePresent` `RtlUnwindEx` `HeapAlloc` `GetProcessHeap` `CloseHandle` `CreatePipe` `WaitForSingleObject` `HeapFree` `lstrlenW` `GetCurrentThreadId` `LCIDToLocaleName` `GetUserDefaultUILanguage` `ReleaseMutex` `RtlPcToFileHeader` `SetUnhandledExceptionFilter` `CreateMutexA` `LoadLibraryW` `WaitForSingleObjectEx` `GetModuleHandleW` `GetTempPathW` `CreateThread` `WideCharToMultiByte` `WriteConsoleW` `MultiByteToWideChar` `UpdateProcThreadAttribute` `InitializeProcThreadAttributeList` `CreateProcessW` `GetWindowsDirectoryW` `GetSystemDirectoryW` `GetFullPathNameW` `WaitForMultipleObjects` `ReadFileEx` `CreateNamedPipeW` `ExitProcess` `SetEnvironmentVariableW` `CancelIo` `CopyFileExW` `GetFinalPathNameByHandleW` `LoadLibraryA` `LocalFree` `FindFirstFileW` `CreateDirectoryW` `GetFileInformationByHandleEx` `FindClose` `HeapReAlloc` `GetSystemTimePreciseAsFileTime` `GetFileAttributesW` `CreateFileW` `OutputDebugStringA` `OutputDebugStringW` `GetModuleFileNameW` `EncodePointer` `DeleteCriticalSection` `LoadLibraryExW` `InitializeCriticalSectionAndSpinCount` `FreeLibrary` `GetEnvironmentVariableW` `QueryPerformanceFrequency` `GetProcessId` `TerminateProcess` `SleepEx` `WriteFileEx` `GetStdHandle` `SetFilePointerEx` `SetFileInformationByHandle` `GetCommandLineW` `GetEnvironmentStringsW` `GetCurrentDirectoryW` `SetLastError` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `QueryPerformanceCounter` `SetWaitableTimer` `GetLastError` `CreateMutexW` `CreateWaitableTimerExW` `SwitchToThread` `GetCurrentThread` `LoadLibraryExA` `CreateEventW` `SetThreadStackGuarantee` `AddVectoredExceptionHandler` `CompareStringOrdinal` `DeleteProcThreadAttributeList` `FreeEnvironmentStringsW` `ReleaseSRWLockExclusive` `FormatMessageW` `AcquireSRWLockExclusive` `TlsAlloc` `GetFileInformationByHandle` `GetConsoleMode` `RegisterWaitForSingleObject` `UnregisterWaitEx` `GetCurrentProcess` `DuplicateHandle` `GetProcAddress` `FindNextFileW` `RaiseException` `TlsFree` `ReadProcessMemory` `TlsGetValue` `SetHandleInformation` `TlsSetValue` `GetProcessIoCounters` `GetSystemTimes` `OpenProcess` `GetExitCodeProcess` `WakeAllConditionVariable` `SleepConditionVariableSRW` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `UnhandledExceptionFilter` `CreateIoCompletionPort` `GetQueuedCompletionStatusEx` `PostQueuedCompletionStatus` `ReadFile` `GetOverlappedResult` `GetSystemInfo` `SetFileCompletionNotificationModes` `Sleep` `GetModuleHandleA` `GlobalMemoryStatusEx` `K32GetPerformanceInfo` `GetCurrentProcessId` `GetProcessTimes` `VirtualQueryEx`
user32.dll	`CreateAcceleratorTableW` `MonitorFromWindow` `CreatePopupMenu` `CreateMenu` `DestroyMenu` `RemoveMenu` `SetMenu` `DrawMenuBar` `AppendMenuW` `SetCursor` `ToUnicodeEx` `SetMenuItemInfoW` `GetKeyboardLayout` `GetRawInputData` `CreateIcon` `MapVirtualKeyExW` `GetKeyState` `GetAsyncKeyState` `GetKeyboardState` `SendInput` `SetForegroundWindow` `GetWindowTextW` `GetWindowTextLengthW` `SetWindowTextW` `GetCursorPos` `DestroyIcon` `GetMonitorInfoW` `SystemParametersInfoA` `SetPropW` `IsWindowVisible` `GetMenu` `SetWindowDisplayAffinity` `ClipCursor` `GetClipCursor` `ShowCursor` `SetWindowLongW` `EnableMenuItem` `GetSystemMenu` `MonitorFromPoint` `EnumDisplayMonitors` `SystemParametersInfoW` `ReleaseCapture` `SetCapture` `MsgWaitForMultipleObjectsEx` `RegisterRawInputDevices` `IsProcessDPIAware` `SetParent` `GetMenuItemInfoW` `ValidateRect` `ShowWindow` `MapWindowPoints` `RegisterWindowMessageA` `DestroyAcceleratorTable` `PostThreadMessageW` `CheckMenuItem` `ReleaseDC` `DrawIconEx` `GetDC` `TrackPopupMenu` `PostQuitMessage` `GetMenuBarInfo` `IsWindowEnabled` `EnableWindow` `OffsetRect` `GetWindowDC` `DrawTextW` `FillRect` `GetParent` `PeekMessageW` `SetWindowRgn` `FindWindowExW` `CloseTouchInputHandle` `GetTouchInputInfo` `RedrawWindow` `TrackMouseEvent` `MonitorFromRect` `GetSystemMetrics` `ClientToScreen` `GetWindowLongW` `ScreenToClient` `DestroyWindow` `GetUpdateRect` `GetWindowLongPtrW` `SetWindowLongPtrW` `AdjustWindowRect` `InsertMenuW` `GetForegroundWindow` `RegisterTouchWindow` `IsWindow` `AdjustWindowRectEx` `FlashWindowEx` `GetActiveWindow` `UpdateWindow` `InvalidateRect` `SetCursorPos` `InvalidateRgn` `GetWindowPlacement` `SetWindowPlacement` `ChangeDisplaySettingsExW` `DefWindowProcW` `GetMessageW` `MapVirtualKeyW` `IsIconic` `EnumChildWindows` `DispatchMessageA` `GetMessageA` `GetWindowRect` `GetClientRect` `SetWindowPos` `LoadCursorW` `TranslateAcceleratorW` `PostMessageW` `CreateWindowExW` `RegisterClassExW` `FindWindowW` `DispatchMessageW` `TranslateMessage` `SendMessageW`
comctl32.dll	`TaskDialogIndirect` `DefSubclassProc` `SetWindowSubclass` `RemoveWindowSubclass`
gdi32.dll	`DeleteObject` `BitBlt` `SetBkMode` `GetDeviceCaps` `CreateSolidBrush` `SetTextColor` `CreateRectRgn` `CreateCompatibleDC` `CreateDIBSection` `SelectObject` `DeleteDC` `CombineRgn`
advapi32.dll	`CopySid` `GetLengthSid` `OpenProcessToken` `GetTokenInformation` `SystemFunction036` `RegGetValueW` `EventUnregister` `EventWriteTransfer` `EventSetInformation` `EventRegister` `IsValidSid` `RegCloseKey` `RegQueryValueExW` `RegOpenKeyExW`
dwmapi.dll	`DwmEnableBlurBehindWindow` `DwmGetWindowAttribute` `DwmSetWindowAttribute`
shlwapi.dll	`SHCreateMemStream`
ws2_32.dll	`getaddrinfo` `freeaddrinfo` `closesocket` `WSACleanup` `WSAStartup` `getsockopt` `getpeername` `getsockname` `WSASocketW` `bind` `ioctlsocket` `shutdown` `recv` `send` `WSASend` `setsockopt` `WSAIoctl` `WSAGetLastError` `connect`
secur32.dll	`AcquireCredentialsHandleA` `EncryptMessage` `QueryContextAttributesW` `FreeCredentialsHandle` `DecryptMessage` `AcceptSecurityContext` `InitializeSecurityContextW` `ApplyControlToken` `DeleteSecurityContext` `FreeContextBuffer`
crypt32.dll	`CertDuplicateCertificateChain` `CertVerifyCertificateChainPolicy` `CertEnumCertificatesInStore` `CertAddCertificateContextToStore` `CertOpenStore` `CertFreeCertificateChain` `CertCloseStore` `CertGetCertificateChain` `CertFreeCertificateContext` `CertDuplicateCertificateContext` `CertDuplicateStore`
ntdll.dll	`NtCreateFile` `NtWriteFile` `NtDeviceIoControlFile` `RtlNtStatusToDosError` `NtCancelIoFileEx` `NtQuerySystemInformation` `NtQueryInformationProcess` `RtlGetVersion` `NtReadFile`
oleaut32.dll	`GetErrorInfo` `SetErrorInfo` `SysFreeString` `SysStringLen`
bcrypt.dll	`BCryptGenRandom`
pdh.dll	`PdhGetFormattedCounterValue` `PdhCloseQuery` `PdhOpenQueryA` `PdhRemoveCounter` `PdhCollectQueryData` `PdhAddEnglishCounterW`
powrprof.dll	`CallNtPowerInformation`
psapi.dll	`GetModuleFileNameExW`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr` `trunc` `floor` `round` `pow`
api-ms-win-crt-string-l1-1-0.dll	`wcsncmp` `_wcsicmp` `strlen` `wcslen` `strcpy_s` `wcscmp`
api-ms-win-crt-convert-l1-1-0.dll	`_wtoi` `wcstol` `_ultow_s`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `calloc` `malloc` `free` `_callnewh`
api-ms-win-crt-runtime-l1-1-0.dll	`terminate` `_crt_atexit` `_register_onexit_function` `_initialize_onexit_table` `_seh_filter_exe` `_set_app_type` `_configure_narrow_argv` `_initialize_narrow_environment` `_get_initial_narrow_environment` `_initterm` `_initterm_e` `_register_thread_local_exe_atexit_callback` `exit` `abort` `_c_exit` `_cexit` `__p___argv` `__p___argc` `_exit`
api-ms-win-crt-stdio-l1-1-0.dll	`_set_fmode` `__p__commode`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x688`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.69497`
Detected Filetype	PNG graphic file
MD5	`fbcf89a35b5377a5bc8ae0bb1f0c6a97`
SHA1	`cb994614de19bf31c1a917da81ca4400340de7a3`
SHA256	`b60bb8b031957fa3571254bbba1dec70b92f648b7b79207f1922096fe438aa78`
SHA3	`e1ebb81464e3b48e41e692203a6cdd3f07b3d2af3268a6cc34fea698ddd94ef9`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2bf`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.39541`
Detected Filetype	PNG graphic file
MD5	`482c781daa967f9812a2e6fe90ebf030`
SHA1	`69b24689bfce509c5f8d9f2cbdd17566322518bb`
SHA256	`02ea3909ad4fbab99eb68bb302588a035b1602a119c691a9bb0be63ee6dc90fa`
SHA3	`201f244bc65c7c6f8dc555a23fab21c755bcfecfdaedc2089920c772dd56f46f`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1aa`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.1051`
Detected Filetype	PNG graphic file
MD5	`4b511de9d296de78d1e6821520330b1f`
SHA1	`8435577c02d91654b9d7b448200a0d7082d07384`
SHA256	`b083a92ff691dd12994b173d900101a7226d8235ec47d02471368155cb03f521`
SHA3	`fe87904df53b80cc857f3b5eaf6730217e79b32bfb4e7978a875b4e963691cd2`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xcbb`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.78961`
Detected Filetype	PNG graphic file
MD5	`ea9ef52be96ece9463f6b1d750ed8eaf`
SHA1	`f6f23ac48d8f5dba63c522d16fc59501bdda1155`
SHA256	`362f6259d7f9bf2449208f8d1c015a41f27988d916791f41853fb319e8521c51`
SHA3	`369ab02c471e316073a7d48d18461d15d8d8cafc05e7612f56a3e66a94030505`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x12b5`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.78821`
Detected Filetype	PNG graphic file
MD5	`7b6b0bbda45427dd635b994883707419`
SHA1	`b5cf54a4fcfa076d67f368ee7b86eb6ca825bdf9`
SHA256	`8fc047eff05a44839ac71c782b089ef88bc31f33ef53ef33c4f2662a7ca6fcdb`
SHA3	`9823b9b0dd2e984f3ff08eb8c0e5aaca07880e7b67e181f0ce03f6bc811dee1a`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x652d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.93255`
Detected Filetype	PNG graphic file
MD5	`a2d9cc7ce3ae516a793243f729fcd8ec`
SHA1	`39abc63fb2e7ea5331bfab3e47d46c41b3fedb23`
SHA256	`b029cb3dad0432c7ec33ac25aece193f8e50405f8d20580ed6a22a6048d28480`
SHA3	`d3e239375ab0e66f77f2fbe45e7c27582604de2997052f4a45cbf8746691ba07`

32512

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.7656`
Detected Filetype	Icon file
MD5	`e7f1911ceccbf2fcfd309abfaa444d65`
SHA1	`84fa162cb3efa4a6447b8a3a9124519f8353b529`
SHA256	`f8500bf93435a6ac1974b8d896d29b27eb3cfb13f4d64a4bca1db782e8e1fe1c`
SHA3	`f36f6377f98ce463db63d05367b6da5f131ab0a842c7c8e20dc39c6479542472`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1b0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.08861`
MD5	`33002e8e56c9f10dee5f65674ba67ef8`
SHA1	`d744fcbce341f80e75ac8dbf1db3603af22f75b5`
SHA256	`978c7510969e3251218438546dda574ce0eaf5570ed1d98ac189ea5b74686957`
SHA3	`60c20b89308a71dcc00774ddb018d5ebe7568f38198b10fe05661e71813b0149`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x225`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.94966`
MD5	`02863cd2e58a6d5afd32f5213659c6b2`
SHA1	`a2ceb984026b1153edffa96afe0cbe9020403ac4`
SHA256	`49d55edc0637820d6209cf818f680b22a7884c0907a22ba0fbb09e138853e285`
SHA3	`7fb2fa02e2706d21654cdace47f4e1814421cfd243465526955c20da09d917c0`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.1.0.0
ProductVersion	0.1.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
ProductName	ulta-client
ProductVersion (#2)	0.1.0
FileVersion (#2)	0.1.0
FileDescription	ulta-client

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2024-Dec-23 14:00:38
Version	`0.0`
SizeofData	`40`
AddressOfRawData	`0xb936f4`
PointerToRawData	`0xb920f4`
Referenced File	ulta_loader.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2024-Dec-23 14:00:38
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0xb9371c`
PointerToRawData	`0xb9211c`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2024-Dec-23 14:00:38
Version	`0.0`
SizeofData	`1048`
AddressOfRawData	`0xb93730`
PointerToRawData	`0xb92130`

TLS Callbacks

StartAddressOfRawData	`0x140b93b90`
EndAddressOfRawData	`0x140b93d64`
AddressOfIndex	`0x140dccef8`
AddressOfCallbacks	`0x1409a3e08`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`0x00000001409591A0`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140dca640`

RICH Header

XOR Key	`0xe75aab55`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`14`
ASM objects (34321)	`9`
C objects (34321)	`13`
C++ objects (34321)	`47`
Imports (29395)	`5`
Total imports	`553`
Unmarked objects (#2)	`799`
Resource objects (34435)	`1`
Linker (34435)	`1`

bc47dcfe5ada1e63ba094bb3c8a4f9c3

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

32512

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors