Manalyze report for be566b4995ae5d4b2277c71038ef5ea1432eed9d26fd3450d373d052b7761469

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-Mar-11 17:43:44
Detected languages	English - United States
Debug artifacts	C:\Users\Gabo\Desktop\dope-ghost-2.0-fixed-main\dope-ghost-2.0\dope-ghost-internal-main\x64\Release\atermys loader.pdb

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: CurrentControlSet\Services` `Contains domain names: atermys.xyz fontbundles.net http://msdl.microsoft.com http://msdl.microsoft.com/download/symbols https://discord.gg https://fontbundles.net microsoft.com msdl.microsoft.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA LoadLibraryW LoadLibraryExW GetProcAddress` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Code injection capabilities: VirtualAlloc WriteProcessMemory CreateRemoteThread OpenProcess VirtualAllocEx` `Code injection capabilities (process hollowing): ResumeThread WriteProcessMemory SetThreadContext` `Code injection capabilities (mapping injection): CreateFileMappingW MapViewOfFile CreateRemoteThread` `Can access the registry: RegCreateKeyW RegOpenKeyExW RegQueryValueExW RegSetValueExW RegCloseKey RegOpenKeyW RegEnumValueW SHDeleteKeyW` `Possibly launches other programs: ShellExecuteA` `Can create temporary files: CreateFileW GetTempPathW` `Uses functions commonly found in keyloggers: GetForegroundWindow GetAsyncKeyState` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtectEx VirtualProtect VirtualAllocEx` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges` `Manipulates other processes: ReadProcessMemory WriteProcessMemory OpenProcess` `Reads the contents of the clipboard: GetClipboardData`
Malicious	VirusTotal score: 41/72 (Scanned on 2026-03-13 09:52:15)	`ALYac: Gen:Variant.Tedy.892191` `APEX: Malicious` `AVG: Win64:MalwareX-gen [Hack]` `Alibaba: HackTool:Win64/DllInject.7de36e65` `Antiy-AVL: Trojan/Win32.Agent` `Arcabit: Trojan.Tedy.DD9D1F` `Avast: Win64:MalwareX-gen [Hack]` `BitDefender: Gen:Variant.Tedy.892191` `Bkav: W64.AIDetectMalware` `CAT-QuickHeal: Trojan.Ghanarava.177339012026f6e7` `CTX: exe.trojan.generic` `CrowdStrike: win/malicious_confidence_90% (W)` `Cylance: Unsafe` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `ESET-NOD32: Win64/HackTool.Agent.QN trojan` `Elastic: malicious (high confidence)` `Emsisoft: Gen:Variant.Tedy.892191 (B)` `GData: Gen:Variant.Tedy.892191` `Google: Detected` `Gridinsoft: Trojan.Win64.Agent.sa` `Ikarus: PUA.DllInject` `K7AntiVirus: Trojan ( 006d9bf01 )` `K7GW: Trojan ( 006d9bf01 )` `Lionic: Trojan.Win32.Generic.4!c` `Malwarebytes: Malware.AI.58777498` `McAfeeD: ti!BE566B4995AE` `MicroWorld-eScan: Gen:Variant.Tedy.892191` `Microsoft: Trojan:Win32/Kepavll!rfn` `Paloalto: generic.ml` `Rising: HackTool.Agent!8.335 (TFE:5:LREC4ronZbM)` `Sangfor: Trojan.Win32.Save.a` `Sophos: Mal/Generic-S` `Symantec: ML.Attribute.HighConfidence` `Tencent: Win32.Trojan.W64.Rsmw` `Trapmine: suspicious.low.ml.score` `TrellixENS: Artemis!270E0F2E0280` `TrendMicro-HouseCall: TROJ_GEN.R002H09CB26` `VIPRE: Gen:Variant.Tedy.892191` `Varist: W64/ABTrojan.KSJM-1886` `alibabacloud: HackTool:Win/Wacatac.B9nj`

Hashes

MD5	`270e0f2e0280a45cb86c634eba26f6e7`
SHA1	`900fd59884e19792bed8473a55ff8abfab5c3610`
SHA256	`be566b4995ae5d4b2277c71038ef5ea1432eed9d26fd3450d373d052b7761469`
SHA3	`50c3b2f2428340db30042ca6cdbc85ba3743b5971569ee8fb7f69c47de32de32`
SSDeep	`49152:Ebxix3RKKU5jhY/jZ7T5Zsrpkw5bBIQsn5:EAjUzWj51`
Imports Hash	`5189a6767a5ec98d61c80904e0b92551`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2026-Mar-11 17:43:44
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xf0e00`
SizeOfInitializedData	`0xaec00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000BA3F4 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x1a3000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`aa91dcd90f5d1c719fc0521ffbc43a27`
SHA1	`c5761d52c98dc20f649e0651d5641835c429b548`
SHA256	`039d51af65fa5cd6392283332bf563ca7b7c880f9391a8d4963f83303e99ba8e`
SHA3	`b34058cd3d9ab00a4919ff858afa90fa3f578fa7c4eb744e82fc28b42b7fe5a3`
VirtualSize	`0xf0c0c`
VirtualAddress	`0x1000`
SizeOfRawData	`0xf0e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.49587`

.rdata

MD5	`d971731c83d88dfaa84e20aedd40f4bc`
SHA1	`26b1a56f7254b0500aa62ea30889d60c60a10d02`
SHA256	`6bd403ae06e3cc1caff35d931dbed4f3800e2453fabf5b7ee84fc12ba950ad18`
SHA3	`e5777cf25fff9fd23068c1d4b44c870f6ec7df855da9ca433f6cd709d6b8edba`
VirtualSize	`0x9ae22`
VirtualAddress	`0xf2000`
SizeOfRawData	`0x9b000`
PointerToRawData	`0xf1200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.74745`

.data

MD5	`2b41bdaf6f7a03767ab03b111be509c3`
SHA1	`c630824ed297a5e098a3605aff582405967710e2`
SHA256	`3bede0e7ea3562da9324a9e1f4c84c7aba31b93626b32e46b07f20555e8e131b`
SHA3	`2b99664bbb3057e37179c54d40d13d6a3f88099b94bf1177bb4cdb5ae41468c7`
VirtualSize	`0x8cfc`
VirtualAddress	`0x18d000`
SizeOfRawData	`0x6000`
PointerToRawData	`0x18c200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.46389`

.pdata

MD5	`6aa8c0504fe61cda32167b9a51897726`
SHA1	`0eb8b06846d8fd823b53b6e4721139d267f5d317`
SHA256	`5a8528d0a9b413d2b525c52a15994060b685ef9018e1661c5c936fc7b0259374`
SHA3	`27a6f6dfc3c6cb4297dd41dc822bcc6489c03f1ea231dbd9b1cfe10253612792`
VirtualSize	`0x9840`
VirtualAddress	`0x196000`
SizeOfRawData	`0x9a00`
PointerToRawData	`0x192200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.071`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x100`
VirtualAddress	`0x1a0000`
SizeOfRawData	`0x200`
PointerToRawData	`0x19bc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`57dfeac67bc5b6f768f67748e48d598d`
SHA1	`0e89e9fc96de2fc752ea3b1449ef330d149af9ca`
SHA256	`67bbad1900950eb1978d62c5ee6084948449bd8c8425c2f6c387c077e927e729`
SHA3	`15b6c6f11e5c0d42ff0c4442ca5f415c9fb435161b97915fd3e93d015c6e59d7`
VirtualSize	`0x1e8`
VirtualAddress	`0x1a1000`
SizeOfRawData	`0x200`
PointerToRawData	`0x19be00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.77204`

.reloc

MD5	`09ce9519ffff24b407b154f40548150f`
SHA1	`51f96b5c2ce0ed93fcf15cee19eebb69f0ac23bd`
SHA256	`10c86e155d379a4fee90e6bdeb865600baab5a624f6d1d1ad745046036f0c13d`
SHA3	`6d660c58003e8e84420fa455c67945026c4c0a0fde50878ab20280963163dd1b`
VirtualSize	`0xf68`
VirtualAddress	`0x1a2000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x19c000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.38599`

Imports

d3d11.dll	`D3D11CreateDeviceAndSwapChain`
d3dx11_43.dll	`D3DX11CreateShaderResourceViewFromMemory`
ole32.dll	`CoCreateInstance` `CoUninitialize` `CoInitialize`
KERNEL32.dll	`GetCurrentProcessId` `GetProcessHeap` `GetModuleHandleW` `GetTickCount64` `UnmapViewOfFile` `Sleep` `FatalAppExitW` `GetConsoleWindow` `CreateFileMappingW` `MapViewOfFile` `ReadFile` `VirtualAlloc` `CreateFileW` `GetFileSize` `GetTickCount` `GetExitCodeProcess` `MultiByteToWideChar` `GlobalAlloc` `GlobalFree` `GlobalLock` `WideCharToMultiByte` `GlobalUnlock` `LoadLibraryA` `QueryPerformanceFrequency` `FreeLibrary` `QueryPerformanceCounter` `Wow64DisableWow64FsRedirection` `Wow64RevertWow64FsRedirection` `GetSystemTimeAsFileTime` `EnterCriticalSection` `TerminateProcess` `LeaveCriticalSection` `InitializeCriticalSection` `ResumeThread` `GetModuleFileNameW` `GetFileAttributesW` `LocalFree` `CreateActCtxW` `WriteFile` `GetTempPathW` `DeleteFileW` `GetTempFileNameW` `ReleaseActCtx` `ActivateActCtx` `GetEnvironmentVariableW` `GetSystemDirectoryW` `DeactivateActCtx` `GetSystemWow64DirectoryW` `GetCurrentDirectoryW` `GetWindowsDirectoryW` `GetNativeSystemInfo` `WaitForSingleObject` `DuplicateHandle` `GetCurrentThread` `ResetEvent` `DeviceIoControl` `Thread32Next` `Thread32First` `GetCurrentThreadId` `CreateNamedPipeW` `TerminateThread` `CreateThread` `GetCurrentProcess` `GetExitCodeThread` `IsWow64Process` `GetSystemInfo` `ReadProcessMemory` `VirtualFreeEx` `WriteProcessMemory` `VirtualProtectEx` `GetThreadContext` `CreateRemoteThread` `SetThreadContext` `VirtualQueryEx` `LoadLibraryW` `SuspendThread` `GetThreadTimes` `OpenThread` `IsValidLocale` `GetLocaleInfoW` `LCMapStringW` `CompareStringW` `FlsFree` `FlsSetValue` `FlsGetValue` `FlsAlloc` `GetConsoleMode` `GetConsoleOutputCP` `FlushFileBuffers` `HeapAlloc` `GetFileType` `SetFilePointerEx` `GetFileSizeEx` `HeapFree` `GetCommandLineW` `GetCommandLineA` `GetStdHandle` `ExitProcess` `GetModuleHandleExW` `FreeLibraryAndExitThread` `ExitThread` `LoadLibraryExW` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `InitializeCriticalSectionAndSpinCount` `SetLastError` `GetUserDefaultLCID` `RtlPcToFileHeader` `RtlUnwindEx` `InitializeSListHead` `GetStartupInfoW` `IsProcessorFeaturePresent` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `RaiseException` `HeapSize` `GetProcAddress` `Module32FirstW` `CloseHandle` `VirtualProtect` `DeleteCriticalSection` `DecodePointer` `GetLastError` `InitializeCriticalSectionEx` `IsValidCodePage` `GetACP` `GetOEMCP` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetEnvironmentVariableW` `SetStdHandle` `WriteConsoleW` `SetEndOfFile` `OutputDebugStringW` `IsDebuggerPresent` `GetCPInfo` `CreateToolhelp32Snapshot` `OpenProcess` `GetModuleHandleA` `VirtualAllocEx` `RtlUnwind` `HeapReAlloc` `ReadConsoleW` `EnumSystemLocalesW` `FormatMessageA` `GetLocaleInfoEx` `CreateDirectoryW` `FindClose` `FindFirstFileW` `FindFirstFileExW` `FindNextFileW` `GetFileAttributesExW` `SetFileInformationByHandle` `AreFileApisANSI` `GetFileInformationByHandleEx` `InitOnceComplete` `InitOnceBeginInitialize` `GetStringTypeW` `EncodePointer` `LCMapStringEx` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `TryAcquireSRWLockExclusive` `WakeAllConditionVariable` `SleepConditionVariableSRW`
USER32.dll	`GetKeyState` `LoadCursorA` `ScreenToClient` `GetCapture` `ClientToScreen` `TrackMouseEvent` `GetForegroundWindow` `SetCapture` `GetClientRect` `ReleaseCapture` `SetCursorPos` `OpenClipboard` `CloseClipboard` `EmptyClipboard` `wsprintfW` `SetClipboardData` `GetWindowThreadProcessId` `GetWindow` `DispatchMessageA` `GetWindowRect` `DestroyWindow` `IsWindowVisible` `SetWindowPos` `GetSystemMetrics` `GetClassNameA` `GetAsyncKeyState` `GetWindowTextA` `MessageBoxA` `GetTopWindow` `DefWindowProcA` `CreateWindowExA` `TranslateMessage` `PeekMessageA` `PostQuitMessage` `GetWindowTextLengthA` `RegisterClassExA` `UpdateWindow` `GetCursorPos` `ShowWindow` `UnregisterClassA` `GetClipboardData` `SetCursor`
ADVAPI32.dll	`RegCreateKeyW` `LookupPrivilegeValueA` `LookupPrivilegeValueW` `RegOpenKeyExW` `OpenThreadToken` `RegQueryValueExW` `RegSetValueExW` `OpenProcessToken` `ConvertStringSecurityDescriptorToSecurityDescriptorW` `RegCloseKey` `RegOpenKeyW` `RegEnumValueW` `AdjustTokenPrivileges`
SHELL32.dll	`ShellExecuteA` `SHGetFolderPathA`
OLEAUT32.dll	`SysFreeString`
IMM32.dll	`ImmAssociateContextEx` `ImmSetCandidateWindow` `ImmSetCompositionWindow` `ImmReleaseContext` `ImmGetContext`
D3DCOMPILER_43.dll	`D3DCompile`
dwmapi.dll	`DwmExtendFrameIntoClientArea`
SHLWAPI.dll	`SHDeleteKeyW`

Delayed Imports

??0Assembler@asmjit@@QEAA@PEAURuntime@1@@Z

Ordinal	`1`
Address	`0x9d5d0`

??0CodeGen@asmjit@@QEAA@PEAURuntime@1@@Z

Ordinal	`2`
Address	`0xae2a0`

??0HostRuntime@asmjit@@QEAA@XZ

Ordinal	`3`
Address	`0xa6570`

??0JitRuntime@asmjit@@QEAA@XZ

Ordinal	`4`
Address	`0xa66e0`

??0Runtime@asmjit@@QEAA@XZ

Ordinal	`5`
Address	`0xa6530`

??0StaticRuntime@asmjit@@QEAA@PEAX_K@Z

Ordinal	`6`
Address	`0xa65c0`

??0VMemMgr@asmjit@@QEAA@PEAX@Z

Ordinal	`7`
Address	`0xa32f0`

??0X86Assembler@asmjit@@QEAA@PEAURuntime@1@I@Z

Ordinal	`8`
Address	`0xa6a10`

??0Zone@asmjit@@QEAA@_K@Z

Ordinal	`9`
Address	`0xae560`

??1Assembler@asmjit@@UEAA@XZ

Ordinal	`10`
Address	`0x9d650`

??1CodeGen@asmjit@@UEAA@XZ

Ordinal	`11`
Address	`0xae2f0`

??1HostRuntime@asmjit@@UEAA@XZ

Ordinal	`12`
Address	`0xa6560`

??1JitRuntime@asmjit@@UEAA@XZ

Ordinal	`13`
Address	`0xa6780`

??1Runtime@asmjit@@UEAA@XZ

Ordinal	`14`
Address	`0xa6560`

??1StaticRuntime@asmjit@@UEAA@XZ

Ordinal	`15`
Address	`0xa6560`

??1VMemMgr@asmjit@@QEAA@XZ

Ordinal	`16`
Address	`0xa3360`

??1X86Assembler@asmjit@@UEAA@XZ

Ordinal	`17`
Address	`0xa6ab0`

??1Zone@asmjit@@QEAA@XZ

Ordinal	`18`
Address	`0xae580`

??_FVMemMgr@asmjit@@QEAAXXZ

Ordinal	`19`
Address	`0x87650`

?_alloc@Zone@asmjit@@QEAAPEAX_K@Z

Ordinal	`20`
Address	`0xae6b0`

?_emit@X86Assembler@asmjit@@UEAAIIAEBUOperand@2@000@Z

Ordinal	`21`
Address	`0xa7200`

?_grow@Assembler@asmjit@@QEAAI_K@Z

Ordinal	`22`
Address	`0x9d840`

?_grow@PodVectorBase@asmjit@@IEAAI_K0@Z

Ordinal	`23`
Address	`0xae420`

?_newLabel@Assembler@asmjit@@QEAAIPEAULabel@2@@Z

Ordinal	`24`
Address	`0x9daa0`

?_newLabelLink@Assembler@asmjit@@QEAAPEAULabelLink@2@XZ

Ordinal	`25`
Address	`0x9db70`

?_nullData@PodVectorBase@asmjit@@2UPodVectorData@2@B

Ordinal	`26`
Address	`0x164fd0`

?_registerIndexedLabels@Assembler@asmjit@@QEAAI_K@Z

Ordinal	`27`
Address	`0x9d9c0`

?_relocCode@X86Assembler@asmjit@@UEBA_KPEAX_K@Z

Ordinal	`28`
Address	`0xa70a0`

?_reserve@Assembler@asmjit@@QEAAI_K@Z

Ordinal	`29`
Address	`0x9d920`

?_reserve@PodVectorBase@asmjit@@IEAAI_K0@Z

Ordinal	`30`
Address	`0xae4d0`

?_x86CondToCmovcc@asmjit@@3QBIB

Ordinal	`31`
Address	`0x168c00`

?_x86CondToJcc@asmjit@@3QBIB

Ordinal	`32`
Address	`0x168ca0`

?_x86CondToSetcc@asmjit@@3QBIB

Ordinal	`33`
Address	`0x168c50`

?_x86InstExtendedInfo@asmjit@@3QBUX86InstExtendedInfo@1@B

Ordinal	`34`
Address	`0x165010`

?_x86InstInfo@asmjit@@3QBUX86InstInfo@1@B

Ordinal	`35`
Address	`0x166a80`

?_x86ReverseCond@asmjit@@3QBIB

Ordinal	`36`
Address	`0x168bb0`

?add@JitRuntime@asmjit@@UEAAIPEAPEAXPEAUAssembler@2@@Z

Ordinal	`37`
Address	`0xa67f0`

?add@StaticRuntime@asmjit@@UEAAIPEAPEAXPEAUAssembler@2@@Z

Ordinal	`38`
Address	`0xa65f0`

?align@X86Assembler@asmjit@@UEAAIII@Z

Ordinal	`39`
Address	`0xa6d50`

?alloc@VMemMgr@asmjit@@QEAAPEAX_KI@Z

Ordinal	`40`
Address	`0xa3460`

?alloc@VMemUtil@asmjit@@SAPEAX_KPEA_KI@Z

Ordinal	`41`
Address	`0xa2640`

?allocProcessMemory@VMemUtil@asmjit@@SAPEAXPEAX_KPEA_KI@Z

Ordinal	`42`
Address	`0xa26e0`

?allocZeroed@Zone@asmjit@@QEAAPEAX_K@Z

Ordinal	`43`
Address	`0xae7a0`

?bind@Assembler@asmjit@@UEAAIAEBULabel@2@@Z

Ordinal	`44`
Address	`0x9dbe0`

?callCpuId@X86CpuUtil@asmjit@@SAXIIPEATX86CpuId@2@@Z

Ordinal	`45`
Address	`0xb59d0`

?detect@X86CpuUtil@asmjit@@SAXPEAUX86CpuInfo@2@@Z

Ordinal	`46`
Address	`0xb59f0`

?detectHwThreadsCount@CpuInfo@asmjit@@SAIXZ

Ordinal	`47`
Address	`0xb1210`

?dup@Zone@asmjit@@QEAAPEAXPEBX_K@Z

Ordinal	`48`
Address	`0xae800`

?embed@Assembler@asmjit@@UEAAIPEBXI@Z

Ordinal	`49`
Address	`0x9dd20`

?embedLabel@X86Assembler@asmjit@@QEAAIAEBULabel@2@@Z

Ordinal	`50`
Address	`0xa6be0`

?emit@Assembler@asmjit@@QEAAII@Z

Ordinal	`51`
Address	`0x9de80`

?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@00@Z

Ordinal	`52`
Address	`0x9def0`

?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@00H@Z

Ordinal	`53`
Address	`0x9e160`

?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@00_K@Z

Ordinal	`54`
Address	`0x9e1c0`

?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@0@Z

Ordinal	`55`
Address	`0x9ded0`

?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@0H@Z

Ordinal	`56`
Address	`0x9e0a0`

?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@0_K@Z

Ordinal	`57`
Address	`0x9e100`

?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@@Z

Ordinal	`58`
Address	`0x9deb0`

?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@H@Z

Ordinal	`59`
Address	`0x9dfe0`

?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@_K@Z

Ordinal	`60`
Address	`0x9e040`

?emit@Assembler@asmjit@@QEAAIIH@Z

Ordinal	`61`
Address	`0x9df20`

?emit@Assembler@asmjit@@QEAAII_K@Z

Ordinal	`62`
Address	`0x9df80`

?flush@HostRuntime@asmjit@@UEAAXPEAX_K@Z

Ordinal	`63`
Address	`0x19400`

?getCpuInfo@HostRuntime@asmjit@@UEAAPEBUCpuInfo@2@XZ

Ordinal	`64`
Address	`0xa65a0`

?getHost@CpuInfo@asmjit@@SAPEBU12@XZ

Ordinal	`65`
Address	`0xb1250`

?getPageGranularity@VMemUtil@asmjit@@SA_KXZ

Ordinal	`66`
Address	`0xa2620`

?getPageSize@VMemUtil@asmjit@@SA_KXZ

Ordinal	`67`
Address	`0xa2600`

?getStackAlignment@HostRuntime@asmjit@@UEAAIXZ

Ordinal	`68`
Address	`0xa65b0`

?make@Assembler@asmjit@@UEAAPEAXXZ

Ordinal	`69`
Address	`0x9dde0`

?noOperand@asmjit@@3UOperand@1@B

Ordinal	`70`
Address	`0x164fc0`

?ptr_abs@x86@asmjit@@YA?AUX86Mem@2@_KAEBUX86Reg@2@IHI@Z

Ordinal	`71`
Address	`0xa6900`

?ptr_abs@x86@asmjit@@YA?AUX86Mem@2@_KHI@Z

Ordinal	`72`
Address	`0xa68d0`

?release@JitRuntime@asmjit@@UEAAIPEAX@Z

Ordinal	`73`
Address	`0xa68c0`

?release@StaticRuntime@asmjit@@UEAAIPEAX@Z

Ordinal	`74`
Address	`0x2720`

?release@VMemMgr@asmjit@@QEAAIPEAX@Z

Ordinal	`75`
Address	`0xa35d0`

?release@VMemUtil@asmjit@@SAIPEAX_K@Z

Ordinal	`76`
Address	`0xa2780`

?releaseProcessMemory@VMemUtil@asmjit@@SAIPEAX0_K@Z

Ordinal	`77`
Address	`0xa27c0`

?relocCode@Assembler@asmjit@@QEBA_KPEAX_K@Z

Ordinal	`78`
Address	`0x9ddb0`

?reset@Assembler@asmjit@@QEAAX_N@Z

Ordinal	`79`
Address	`0x9d770`

?reset@PodVectorBase@asmjit@@QEAAX_N@Z

Ordinal	`80`
Address	`0xae3d0`

?reset@VMemMgr@asmjit@@QEAAXXZ

Ordinal	`81`
Address	`0xa33b0`

?reset@Zone@asmjit@@QEAAX_N@Z

Ordinal	`82`
Address	`0xae600`

?sdup@Zone@asmjit@@QEAAPEADPEBD@Z

Ordinal	`83`
Address	`0xae880`

?setArch@X86Assembler@asmjit@@QEAAII@Z

Ordinal	`84`
Address	`0xa6ac0`

?setError@CodeGen@asmjit@@QEAAIIPEBD@Z

Ordinal	`85`
Address	`0xae320`

?setErrorHandler@CodeGen@asmjit@@QEAAIPEAUErrorHandler@2@@Z

Ordinal	`86`
Address	`0xae380`

?sformat@Zone@asmjit@@QEAAPEADPEBDZZ

Ordinal	`87`
Address	`0xae930`

?shrink@VMemMgr@asmjit@@QEAAIPEAX_K@Z

Ordinal	`88`
Address	`0xa3790`

?x86RegData@asmjit@@3UX86RegData@1@B

Ordinal	`89`
Address	`0x164190`

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Mar-11 17:43:44
Version	`0.0`
SizeofData	`143`
AddressOfRawData	`0x179484`
PointerToRawData	`0x178684`
Referenced File	C:\Users\Gabo\Desktop\dope-ghost-2.0-fixed-main\dope-ghost-2.0\dope-ghost-internal-main\x64\Release\atermys loader.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Mar-11 17:43:44
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x179514`
PointerToRawData	`0x178714`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Mar-11 17:43:44
Version	`0.0`
SizeofData	`1068`
AddressOfRawData	`0x179528`
PointerToRawData	`0x178728`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2026-Mar-11 17:43:44
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x1401799a0`
EndAddressOfRawData	`0x1401799a8`
AddressOfIndex	`0x140193d5c`
AddressOfCallbacks	`0x1400f2970`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14018d140`

RICH Header

XOR Key	`0xa337d251`
Unmarked objects	`0`
C++ objects (33145)	`183`
ASM objects (33145)	`26`
C objects (35207)	`17`
ASM objects (35207)	`12`
C++ objects (35207)	`99`
C objects (33145)	`33`
C objects (VS 2015/2017 runtime 26706)	`1`
Imports (33145)	`22`
Imports (21202)	`7`
Total imports	`304`
C++ objects (LTCG) (35223)	`60`
Exports (35223)	`1`
Resource objects (35223)	`1`
Linker (35223)	`1`

Errors

Leave a comment

No comments yet.