Manalyze report for bd0270b75acd8324fd7b2a685633ca45

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Jan-31 17:01:22
TLS Callbacks	3 callback(s) detected.
Debug artifacts	Embedded COFF debugging symbols

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: Programs\Startup` `Miscellaneous malware strings: cmd.exe` `Contains domain names: .sys..net core..net https://systemain-api.businesspgm8.workers.dev https://systemain-api.businesspgm8.workers.dev/upload std..sys..net tokio..net`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to RC5 or RC6` `Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata`
Malicious	The PE contains functions mostly used by malware.	`Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot SwitchToThread` `Can access the registry: RegCloseKey RegEnumKeyExW RegEnumValueW RegOpenKeyExW RegQueryInfoKeyW RegQueryValueExW` `Possibly launches other programs: CreateProcessW` `Uses Windows's Native API: NtOpenFile NtReadFile NtWriteFile NtCancelIoFileEx NtCreateFile NtDeviceIoControlFile NtCreateNamedPipeFile` `Uses Microsoft's cryptographic API: CryptAcquireContextW CryptDestroyKey CryptImportKey CryptReleaseContext CryptAcquireCertificatePrivateKey CryptBinaryToStringA CryptDecodeObjectEx CryptEncodeObjectEx CryptHashCertificate CryptMsgEncodeAndSignCTL CryptStringToBinaryA` `Can create temporary files: CreateFileW GetTempPathW` `Uses functions commonly found in keyloggers: AttachThreadInput CallNextHookEx GetForegroundWindow` `Leverages the raw socket API to access the Internet: GetHostNameW WSACleanup WSAStartup freeaddrinfo getaddrinfo select WSADuplicateSocketW WSAGetLastError WSAIoctl WSAPoll WSARecv WSARecvFrom WSASend WSASendMsg WSASendTo WSASocketW accept bind closesocket connect getpeername getsockname getsockopt ioctlsocket listen recv recvfrom send sendto setsockopt shutdown socket` `Interacts with the certificate store: CertAddCertificateContextToStore CertAddEncodedCTLToStore CertAddEncodedCertificateToStore CertOpenStore`
Suspicious	The file contains overlay data.	`1894010 bytes of data starting at offset 0x451400.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`bd0270b75acd8324fd7b2a685633ca45`
SHA1	`9fdc8e9bf6a214d9282cd336ec3b337bb02c6ce6`
SHA256	`9b335dab65b1328dd5e1b1fed920ced6a43ac5b9594485e2f516c1a86aaad3a8`
SHA3	`1da7fcf94f46586319d78ec2e1de00fe1d105f1921c371abc3c75f3486ae3f51`
SSDeep	`98304:/VypF7Iq0YJJ/HtdEZUqaPlu1KJIFEUlMR9OPXfPhMqb:i0uzPl2`
Imports Hash	`6dc80586b8462fcf4bcbe067b539bcc9`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`9`
TimeDateStamp	2026-Jan-31 17:01:22
PointerToSymbolTable	`0x451400`
NumberOfSymbols	`23895`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0x2e0e00`
SizeOfInitializedData	`0x170200`
SizeOfUninitializedData	`0x400`
AddressOfEntryPoint	`0x00000000000013D0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x456000`
SizeOfHeaders	`0x400`
Checksum	`0x62069b`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`30455d4f88ea79c9b3dea26a24fce49f`
SHA1	`c71c8a1e98e914a4a1372b1eb30fee25f786a6fc`
SHA256	`918f3f01f7921878b3faf95fa17b8ce9f1b05064919e8e55916d2ff90c04f1aa`
SHA3	`c00250507c030dfd9636295c063582846023e1d249af7c6bbedbfef1ec770879`
VirtualSize	`0x2e0ce0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2e0e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.31661`

.data

MD5	`d7f89706fdc74efc002ca962bcbb903f`
SHA1	`d7300a885d240a45d1f416947ce5f7353f479097`
SHA256	`8ca669b1782a8579387084fab7a37c2d8b1fd98fc0b71fa0cc13fa94ba0dc930`
SHA3	`f1426378500512045ba36f330692e475932984d47ec8cef2f257baac4274ebea`
VirtualSize	`0x5ac0`
VirtualAddress	`0x2e2000`
SizeOfRawData	`0x5c00`
PointerToRawData	`0x2e1200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.826`

.rdata

MD5	`244387e9201bdeca56e8102ecc6e0b0d`
SHA1	`30df40df2767c57c973ae7bdea61e7a0107eed3a`
SHA256	`8089cef4a767ad67b0d3bd8024768d34eaafd1a564b40de40bddd4602d35f8d3`
SHA3	`96eaebd1561f65c6c09e546cbff65a4fceac3f3df8a2ab396fff774c2b6ba91c`
VirtualSize	`0x100a68`
VirtualAddress	`0x2e8000`
SizeOfRawData	`0x100c00`
PointerToRawData	`0x2e6e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.63348`

.pdata

MD5	`1328df8a948699de472860d59f3ebee5`
SHA1	`eac5a69a2d69d6f45ae927751bbcf5c485831dc9`
SHA256	`89a792bef6aefd37d595acaf72df38e5ff62c7be1a64ff62e674dd6026737176`
SHA3	`45ec8f7be95effad0d8d81c5f06c5b78e52a7b6b5fff2ca9f8dff03b843725b0`
VirtualSize	`0x178c8`
VirtualAddress	`0x3e9000`
SizeOfRawData	`0x17a00`
PointerToRawData	`0x3e7a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.30865`

.xdata

MD5	`1fee504b3497b8831c6bd46ae99b3b17`
SHA1	`352da4c0000fc4073083f64df5a8e79fc4ccbf20`
SHA256	`fce657b9279994da695bda73aef5466db6585ae8d1379bf48e1805c6e3beeb85`
SHA3	`11b69b56428f552a44645653f2de30ccd90e80c62a2711bae6282bfb19df07c0`
VirtualSize	`0x489fc`
VirtualAddress	`0x401000`
SizeOfRawData	`0x48a00`
PointerToRawData	`0x3ff400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.52021`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x2e0`
VirtualAddress	`0x44a000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`c2364b52ebdbe7c05687f3cf19dfbd07`
SHA1	`6cfe56197b2924abc89a9a189cb9dcb5f2645e1d`
SHA256	`b86c46f1f65db33df05ad1061978cb4419ca19ce895ba3fa9b3cfa6153758b85`
SHA3	`5a38dbe2b44f79e6d876f98edbc472a2900c6f2083f0ab792344c5f0f94b1882`
VirtualSize	`0x2d30`
VirtualAddress	`0x44b000`
SizeOfRawData	`0x2e00`
PointerToRawData	`0x447e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.5568`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x10`
VirtualAddress	`0x44e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x44ac00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.reloc

MD5	`c33dd989aee9270e314672c0a5cbcd29`
SHA1	`b7d4d8063a82592b7d7795bcf21c94da9e4236cd`
SHA256	`8af659b106a90d92ebf9a611552ce94a6d11c6c87d23a26e85ba5beaa96bd8e4`
SHA3	`4005c093b5de26da900dc01181d0a5c5e35e27c3fdfc53ee75b7dfa497850bfa`
VirtualSize	`0x65a8`
VirtualAddress	`0x44f000`
SizeOfRawData	`0x6600`
PointerToRawData	`0x44ae00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.47162`

Imports

advapi32.dll	`RegCloseKey` `RegEnumKeyExW` `RegEnumValueW` `RegOpenKeyExW` `RegQueryInfoKeyW` `RegQueryValueExW`
kernel32.dll	`AddVectoredExceptionHandler` `CancelIo` `CompareStringOrdinal` `CopyFileExW` `CreateDirectoryW` `CreateEventW` `CreateFileMappingA` `CreateFileW` `CreateHardLinkW` `CreatePipe` `CreateProcessW` `CreateSymbolicLinkW` `CreateThread` `CreateToolhelp32Snapshot` `CreateWaitableTimerExW` `DeleteFileW` `DeleteProcThreadAttributeList` `DeviceIoControl` `ExitProcess` `FileTimeToSystemTime` `FindClose` `FindFirstFileExW` `FindNextFileW` `FlushFileBuffers` `FormatMessageW` `FreeEnvironmentStringsW` `GetCommandLineW` `GetConsoleMode` `GetConsoleOutputCP` `GetCurrentDirectoryW` `GetCurrentProcessId` `GetCurrentThread` `GetCurrentThreadId` `GetEnvironmentStringsW` `GetEnvironmentVariableW` `GetExitCodeProcess` `GetFileAttributesW` `GetFileInformationByHandle` `GetFileInformationByHandleEx` `GetFileSizeEx` `GetFileType` `GetFinalPathNameByHandleW` `GetFullPathNameW` `GetLastError` `GetModuleFileNameW` `GetProcessHeap` `GetProcessId` `GetStdHandle` `GetSystemDirectoryW` `GetSystemInfo` `GetSystemTimePreciseAsFileTime` `GetTempPathW` `GetWindowsDirectoryW` `HeapAlloc` `HeapFree` `HeapReAlloc` `InitOnceBeginInitialize` `InitOnceComplete` `InitializeProcThreadAttributeList` `LockFileEx` `MapViewOfFile` `Module32FirstW` `Module32NextW` `MoveFileExW` `MultiByteToWideChar` `QueryPerformanceCounter` `QueryPerformanceFrequency` `ReadConsoleW` `ReadFileEx` `RemoveDirectoryW` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `SetCurrentDirectoryW` `SetEnvironmentVariableW` `SetFileAttributesW` `SetFileInformationByHandle` `SetFilePointerEx` `SetFileTime` `SetLastError` `SetThreadStackGuarantee` `SetUnhandledExceptionFilter` `SetWaitableTimer` `SleepEx` `SwitchToThread` `TerminateProcess` `TlsAlloc` `TlsFree` `UnlockFile` `UnmapViewOfFile` `UpdateProcThreadAttribute` `WaitForMultipleObjects` `WaitForSingleObject` `WideCharToMultiByte` `WriteConsoleW` `WriteFileEx` `lstrlenW`
ntdll.dll	`NtOpenFile` `NtReadFile` `NtWriteFile`
user32.dll	`AttachThreadInput` `CallNextHookEx` `GetForegroundWindow` `GetKeyState` `GetKeyboardLayout` `GetKeyboardState` `GetMessageA` `GetSystemMetrics` `GetWindowThreadProcessId` `SendInput` `SetWindowsHookExA` `ToUnicodeEx`
userenv.dll	`GetUserProfileDirectoryW`
ws2_32.dll	`GetHostNameW` `WSACleanup` `WSAStartup` `freeaddrinfo` `getaddrinfo` `select`
api-ms-win-core-synch-l1-2-0.dll	`WaitOnAddress` `WakeByAddressAll`
bcryptprimitives.dll	`ProcessPrng`
kernel32.dll (#2)	`AddVectoredExceptionHandler` `CancelIo` `CompareStringOrdinal` `CopyFileExW` `CreateDirectoryW` `CreateEventW` `CreateFileMappingA` `CreateFileW` `CreateHardLinkW` `CreatePipe` `CreateProcessW` `CreateSymbolicLinkW` `CreateThread` `CreateToolhelp32Snapshot` `CreateWaitableTimerExW` `DeleteFileW` `DeleteProcThreadAttributeList` `DeviceIoControl` `ExitProcess` `FileTimeToSystemTime` `FindClose` `FindFirstFileExW` `FindNextFileW` `FlushFileBuffers` `FormatMessageW` `FreeEnvironmentStringsW` `GetCommandLineW` `GetConsoleMode` `GetConsoleOutputCP` `GetCurrentDirectoryW` `GetCurrentProcessId` `GetCurrentThread` `GetCurrentThreadId` `GetEnvironmentStringsW` `GetEnvironmentVariableW` `GetExitCodeProcess` `GetFileAttributesW` `GetFileInformationByHandle` `GetFileInformationByHandleEx` `GetFileSizeEx` `GetFileType` `GetFinalPathNameByHandleW` `GetFullPathNameW` `GetLastError` `GetModuleFileNameW` `GetProcessHeap` `GetProcessId` `GetStdHandle` `GetSystemDirectoryW` `GetSystemInfo` `GetSystemTimePreciseAsFileTime` `GetTempPathW` `GetWindowsDirectoryW` `HeapAlloc` `HeapFree` `HeapReAlloc` `InitOnceBeginInitialize` `InitOnceComplete` `InitializeProcThreadAttributeList` `LockFileEx` `MapViewOfFile` `Module32FirstW` `Module32NextW` `MoveFileExW` `MultiByteToWideChar` `QueryPerformanceCounter` `QueryPerformanceFrequency` `ReadConsoleW` `ReadFileEx` `RemoveDirectoryW` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `SetCurrentDirectoryW` `SetEnvironmentVariableW` `SetFileAttributesW` `SetFileInformationByHandle` `SetFilePointerEx` `SetFileTime` `SetLastError` `SetThreadStackGuarantee` `SetUnhandledExceptionFilter` `SetWaitableTimer` `SleepEx` `SwitchToThread` `TerminateProcess` `TlsAlloc` `TlsFree` `UnlockFile` `UnmapViewOfFile` `UpdateProcThreadAttribute` `WaitForMultipleObjects` `WaitForSingleObject` `WideCharToMultiByte` `WriteConsoleW` `WriteFileEx` `lstrlenW`
advapi32.dll (#2)	`RegCloseKey` `RegEnumKeyExW` `RegEnumValueW` `RegOpenKeyExW` `RegQueryInfoKeyW` `RegQueryValueExW`
api-ms-win-core-synch-l1-2-0.dll (#2)	`WaitOnAddress` `WakeByAddressAll`
crypt32.dll	`CertAddCertificateContextToStore` `CertAddEncodedCTLToStore` `CertAddEncodedCertificateToStore` `CertCloseStore` `CertCreateCTLEntryFromCertificateContextProperties` `CertCreateCertificateContext` `CertDeleteCertificateFromStore` `CertDuplicateCertificateChain` `CertDuplicateCertificateContext` `CertDuplicateStore` `CertEnumCertificatesInStore` `CertFreeCTLContext` `CertFreeCertificateChain` `CertFreeCertificateContext` `CertGetCertificateChain` `CertGetCertificateContextProperty` `CertGetEnhancedKeyUsage` `CertOpenStore` `CertSetCertificateContextProperty` `CertVerifyCertificateChainPolicy` `CertVerifyTimeValidity` `CryptAcquireCertificatePrivateKey` `CryptBinaryToStringA` `CryptDecodeObjectEx` `CryptEncodeObjectEx` `CryptHashCertificate` `CryptMsgEncodeAndSignCTL` `CryptStringToBinaryA` `PFXExportCertStore` `PFXImportCertStore`
kernel32.dll (#3)	`AddVectoredExceptionHandler` `CancelIo` `CompareStringOrdinal` `CopyFileExW` `CreateDirectoryW` `CreateEventW` `CreateFileMappingA` `CreateFileW` `CreateHardLinkW` `CreatePipe` `CreateProcessW` `CreateSymbolicLinkW` `CreateThread` `CreateToolhelp32Snapshot` `CreateWaitableTimerExW` `DeleteFileW` `DeleteProcThreadAttributeList` `DeviceIoControl` `ExitProcess` `FileTimeToSystemTime` `FindClose` `FindFirstFileExW` `FindNextFileW` `FlushFileBuffers` `FormatMessageW` `FreeEnvironmentStringsW` `GetCommandLineW` `GetConsoleMode` `GetConsoleOutputCP` `GetCurrentDirectoryW` `GetCurrentProcessId` `GetCurrentThread` `GetCurrentThreadId` `GetEnvironmentStringsW` `GetEnvironmentVariableW` `GetExitCodeProcess` `GetFileAttributesW` `GetFileInformationByHandle` `GetFileInformationByHandleEx` `GetFileSizeEx` `GetFileType` `GetFinalPathNameByHandleW` `GetFullPathNameW` `GetLastError` `GetModuleFileNameW` `GetProcessHeap` `GetProcessId` `GetStdHandle` `GetSystemDirectoryW` `GetSystemInfo` `GetSystemTimePreciseAsFileTime` `GetTempPathW` `GetWindowsDirectoryW` `HeapAlloc` `HeapFree` `HeapReAlloc` `InitOnceBeginInitialize` `InitOnceComplete` `InitializeProcThreadAttributeList` `LockFileEx` `MapViewOfFile` `Module32FirstW` `Module32NextW` `MoveFileExW` `MultiByteToWideChar` `QueryPerformanceCounter` `QueryPerformanceFrequency` `ReadConsoleW` `ReadFileEx` `RemoveDirectoryW` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `SetCurrentDirectoryW` `SetEnvironmentVariableW` `SetFileAttributesW` `SetFileInformationByHandle` `SetFilePointerEx` `SetFileTime` `SetLastError` `SetThreadStackGuarantee` `SetUnhandledExceptionFilter` `SetWaitableTimer` `SleepEx` `SwitchToThread` `TerminateProcess` `TlsAlloc` `TlsFree` `UnlockFile` `UnmapViewOfFile` `UpdateProcThreadAttribute` `WaitForMultipleObjects` `WaitForSingleObject` `WideCharToMultiByte` `WriteConsoleW` `WriteFileEx` `lstrlenW`
ncrypt.dll	`NCryptFreeObject`
ntdll.dll (#2)	`NtOpenFile` `NtReadFile` `NtWriteFile`
secur32.dll	`AcceptSecurityContext` `AcquireCredentialsHandleA` `ApplyControlToken` `DecryptMessage` `DeleteSecurityContext` `EncryptMessage` `FreeContextBuffer` `FreeCredentialsHandle` `InitializeSecurityContextW` `QueryContextAttributesW`
ws2_32.dll (#2)	`GetHostNameW` `WSACleanup` `WSAStartup` `freeaddrinfo` `getaddrinfo` `select`
KERNEL32.dll	`DeleteCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `LeaveCriticalSection` `RaiseException` `RtlUnwindEx` `VirtualProtect` `VirtualQuery` `__C_specific_handler`
msvcrt.dll	`__getmainargs` `__initenv` `__iob_func` `__set_app_type` `__setusermatherr` `_amsg_exit` `_cexit` `_commode` `_errno` `_fmode` `_fpreset` `_initterm` `_onexit` `abort` `calloc` `exit` `fprintf` `free` `fwrite` `ldexp` `malloc` `memcmp` `memcpy` `memmove` `memset` `signal` `strlen` `strncmp` `vfprintf`
ntdll.dll (#3)	`NtOpenFile` `NtReadFile` `NtWriteFile`

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData	`0x14044e000`
EndAddressOfRawData	`0x14044e008`
AddressOfIndex	`0x14044a20c`
AddressOfCallbacks	`0x1403e8a38`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x00000001402548B0` `0x00000001402E0CC0` `0x00000001402E0C90`

Load Configuration

RICH Header

Errors

[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF String Table's reported size is bigger than the remaining bytes!
[*] Warning: Section .bss has a size of 0!
[*] Warning: Raw bytes from section .text could not be obtained.