Manalyze report for bf0989e3d758b5956363de58e4ef9bb6

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Jan-04 22:41:57
Detected languages	English - United States
Debug artifacts	C:\Users\hecker\Desktop\Bloxshade-main\bloxshade\build\start.pdb
Comments	Website: https://extravi.dev/
CompanyName	Website: https://extravi.dev/
FileDescription	Bloxshade Installer (developed by Extravi, https://extravi.dev/)
FileVersion	`2.8.17.0`
InternalName	Bloxshade
LegalCopyright	Copyright © 2025 Extravi
OriginalFilename	Setup - Bloxshade.exe
ProductName	Bloxshade
ProductVersion	`2.8.17.0`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: RunDll32.EXE` `Contains another PE executable: This program cannot be run in DOS mode.` `Miscellaneous malware strings: cmd.exe` Contains domain names: birthpopuptypesapplyImagebeinguppernoteseveryshowsmeansextramatchtrackknownearlybegansuperpapernorthlearngivennamedendedTermspartsGroupbrandusingwomanfalsereadyaudiotakeswhile.com curl.haxx.se example.com genretrucklooksValueFrame.net github.com githubusercontent.com go.microsoft.com http://www.C http://www.a http://www.css http://www.hortcut http://www.icon http://www.interpretation http://www.language http://www.style http://www.text-decoration http://www.w3.org http://www.w3.org/shortcut http://www.wencodeURIComponent http://www.years https://curl.haxx.se https://curl.haxx.se/docs/http-cookies.html https://docs.rs https://extravi.dev https://github.com https://go.microsoft.com https://go.microsoft.com/fwlink/p/?LinkId https://raw.githubusercontent.com https://raw.githubusercontent.com/Extravi/extravi.github.io/main/update/nvapp.json https://tauri.app https://www.World https://www.recent https://www.roblox.com https://www.roblox.com/download/client microsoft.com raw.githubusercontent.com roblox.com thing.org www.roblox.com www.w3.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to SHA1` `Uses constants related to RC5 or RC6`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Can access the registry: RegOpenKeyExW RegCloseKey` `Possibly launches other programs: WinExec CreateProcessW ShellExecuteW`
Malicious	The PE is possibly a dropper.	`Resource 1001 detected as a PE Executable.` `Resource 1002 detected as a PE Executable.` `Resources amount for 90.4771% of the executable.`
Info	The PE is digitally signed.	`Signer: Extravi` `Issuer: Extravi`
Safe	VirusTotal score: 0/72 (Scanned on 2025-01-21 11:44:05)	`All the AVs think this file is safe.`

Hashes

MD5	`bf0989e3d758b5956363de58e4ef9bb6`
SHA1	`52d75e98162d3ae7991669c3b72d77a5ffe3bd1b`
SHA256	`8db4a31b05dec3c5adfc4b7ede9f0d8e4e2eb384524ce829e707c9908492d355`
SHA3	`27e129a46310e506f01da60a02278c08872aff51be2d87775ad2695c31ce5341`
SSDeep	`98304:eBX5RzYzAWt0q/G2Asj4xTN+ZD/JdWLM3SpptatNGSR:eBswq/osj4xT2/Jk43+fatgm`
Imports Hash	`592e7a98c75be05ccbff9d8b89249253`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2025-Jan-04 22:41:57
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xada00`
SizeOfInitializedData	`0x88c600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000049AF0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x93d000`
SizeOfHeaders	`0x400`
Checksum	`0x938d37`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`418579c98608b6846585bb2404014534`
SHA1	`a1e1b3c3d0fe4b536115cfca13ffc0199a2417de`
SHA256	`18b73d7ae7d84905cff7817b7ac1d1684be142f80829a4a01aafb42ad56839fb`
SHA3	`62d39e14f6ab461d7b12539fe2095677fd6106e5116221f9c0475786b3ca10ec`
VirtualSize	`0xad9c6`
VirtualAddress	`0x1000`
SizeOfRawData	`0xada00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.72021`

.rdata

MD5	`8efc9996f52c1a0d961286f2c0493b82`
SHA1	`03e4afc4ff6349e92d4f71b8ae57b6f3a84924f4`
SHA256	`a9b47c9428489a5d945a46aac61d3ef383c995db36ba4083a8db71ad3d513080`
SHA3	`140baa9753d672575215d85f333c1fa608986b5216e4e27a06c3e62806aeb334`
VirtualSize	`0x26fb0`
VirtualAddress	`0xaf000`
SizeOfRawData	`0x27000`
PointerToRawData	`0xade00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.52215`

.data

MD5	`d40136763342e35f97ad1d9a7325cd55`
SHA1	`b33a2eb243b1ef08bc71aecd9d4e98ea1a0a0400`
SHA256	`09a51563704b375084168af86777f2c3180bbb1c105cfd9f890b8e51e001cb90`
SHA3	`cfc11c9a976b714308dd4fd3b55917aa25e62217f65878e413338b56a96f574b`
VirtualSize	`0x4164`
VirtualAddress	`0xd6000`
SizeOfRawData	`0x2000`
PointerToRawData	`0xd4e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.61785`

.pdata

MD5	`11186cd67c0d6fc2b0ce3329995c7309`
SHA1	`958519020768b0b76a8cfc762a068955f26cc231`
SHA256	`842a5ec46fa6be1f10eb0af393255726a4c9e71707ffd896ab9b45f051571c54`
SHA3	`c00d6e0815bd26ce639588faee6db35fb1593945705b1cf9a7ac73afc376764a`
VirtualSize	`0x822c`
VirtualAddress	`0xdb000`
SizeOfRawData	`0x8400`
PointerToRawData	`0xd6e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.66779`

.rsrc

MD5	`bff66a6aa29c198cd2eb3ace448a038c`
SHA1	`39d00ba096009a991603002e5752bda72ae71c58`
SHA256	`9bff842fdd04bc139b59e4289e258bb1e61641ebb5a4260ef57b90de88d9db15`
SHA3	`668fd12784f7968da9104f0e68dd5790ed1a3760b8cb51b0afc720cf34dac8c4`
VirtualSize	`0x857ea0`
VirtualAddress	`0xe4000`
SizeOfRawData	`0x858000`
PointerToRawData	`0xdf200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.50829`

.reloc

MD5	`3eb421b715a85e5f09e06f11f3e84aed`
SHA1	`58a83b69232a63ccecb5c79b1afede00919691f9`
SHA256	`4b1f220f4229775e0e91c4c19f459c1a2321786a7e0529577a75c2acbb8f2cee`
SHA3	`415523d6d60c6d871d8fcc38f231e3130191c9f75847445f2ef6cf4ed3880c09`
VirtualSize	`0xe40`
VirtualAddress	`0x93c000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x937200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.22579`

Imports

KERNEL32.dll	`LockResource` `CloseHandle` `LoadResource` `FindResourceW` `FreeResource` `WinExec` `SetEndOfFile` `SetStdHandle` `SetEnvironmentVariableW` `WaitForSingleObject` `CreateProcessW` `SizeofResource` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCommandLineW` `LocalFree` `FormatMessageA` `GetLocaleInfoEx` `CreateDirectoryW` `CreateFileW` `FindClose` `FindFirstFileW` `FindFirstFileExW` `FindNextFileW` `GetFileAttributesExW` `SetFileInformationByHandle` `AreFileApisANSI` `GetLastError` `GetModuleHandleW` `GetProcAddress` `GetFileInformationByHandleEx` `MultiByteToWideChar` `WideCharToMultiByte` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionEx` `DeleteCriticalSection` `EncodePointer` `DecodePointer` `LCMapStringEx` `GetStringTypeW` `CompareStringEx` `GetCPInfo` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `IsDebuggerPresent` `GetStartupInfoW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlUnwindEx` `RtlPcToFileHeader` `RaiseException` `SetLastError` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `LoadLibraryExW` `GetModuleFileNameW` `GetModuleHandleExW` `HeapAlloc` `HeapSize` `HeapValidate` `GetSystemInfo` `ExitProcess` `GetStdHandle` `WriteFile` `GetFileType` `OutputDebugStringW` `WriteConsoleW` `GetFileSizeEx` `SetFilePointerEx` `FlushFileBuffers` `GetConsoleOutputCP` `GetConsoleMode` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `GetDateFormatW` `GetTimeFormatW` `CompareStringW` `LCMapStringW` `GetLocaleInfoW` `IsValidLocale` `GetUserDefaultLCID` `EnumSystemLocalesW` `HeapFree` `HeapReAlloc` `HeapQueryInformation` `GetProcessHeap` `ReadFile` `ReadConsoleW` `GetTimeZoneInformation` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCommandLineA` `RtlUnwind`
USER32.dll	`MessageBoxW`
ADVAPI32.dll	`RegOpenKeyExW` `RegCloseKey`
SHELL32.dll	`#680` `ShellExecuteW`

Delayed Imports

1001

Type	`BINARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x68edf0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.54682`
Detected Filetype	PE Executable
MD5	`32aed8eba58209c27bbe51b5ddd10894`
SHA1	`37c248f55117195c700788a52fdd6acddfaeb3c8`
SHA256	`343c8f7d74ddbbd2d8c62d991128ce076d56c663b175e7b307b2f6e04c26814b`
SHA3	`8375aec641d40bcad20077687b242a79d8165ad56beefeb6f42d3dda28158ff3`

1002

Type	`BINARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1959f0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.1272`
Detected Filetype	PE Executable
MD5	`e807501ee350cecad1e4915f6eb89631`
SHA1	`52b53853e1f0eeaec66ac4400988109cf9ef7ffa`
SHA256	`38dcdd4161e04a4c601ccbea9021d25c0cff287f61f73abde12d36aecab8ee98`
SHA3	`cfd5a3af7ea890b7a0ed683389af0c1f8fc4da7b9f279bfe01d7ae76f92ae2cf`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.57961`
MD5	`782cc5fc0af5f2e39feb9155bd572153`
SHA1	`1eb732599b68bcbd36877278fc7b63d17e58b51c`
SHA256	`0b7557232f037078cfccb714c666d3b438283ef35af5d2cfb50d89be74cfa861`
SHA3	`7fb38cf6a37af65981adbb491588b3a8783795e9d396804e9091ca465b38812c`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.43617`
MD5	`ea0c988bc433213294b9f363987c91a1`
SHA1	`234a4868166c616cdd81635763f1cc04e342a777`
SHA256	`97f5554ed8d5f79ef8a7a47a5baeb106eda2dfb98da17e6a7ac35908881a6b7c`
SHA3	`8dd1a6d17a80940719082681bee89ec9e3e97f9fcbb3b4fcc831c1f51663dd49`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.18881`
MD5	`77f544388ca40ccee3c2195ed1d39182`
SHA1	`51078a5d4834da9d042bc1cc147c197d94f47e13`
SHA256	`b8086698ce2d9de6e39de1b999370e313321f9221edaa69093d9da1645673a29`
SHA3	`e64d722aa284c1977745a7fbb8d496d3bb7b09d8b6bf250165f66fadb8419e5f`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.79454`
MD5	`aaae8576c8f011a4bc48b70c28d9eadb`
SHA1	`67738766bb99422716e674d24c2cd61413523afb`
SHA256	`6eb4f8334fdfa71f0935c720c2e8942921802513f749be8da53b67af637c4486`
SHA3	`b42bd206ef0e861be0bc6ff18c55eb63af9c9eaaebfd4eb08e98bbab872f31ca`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.52771`
MD5	`c220aace5c01608583a2be5c907e9a85`
SHA1	`bfcc6a20a91055a88ab83f8a4a89c73c434b71f4`
SHA256	`d6cbd212598b69ea4c8ce65ef852e2096527258c4998f067389d50d101e21f90`
SHA3	`d292a0b2d3b57e79c56062a4d75390663b2ec900191571bfb37141fcb85ea958`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.42659`
MD5	`d8fb303f00e7db63b2de6d4a5b2f105e`
SHA1	`fc1b51e6682968b83adb48162009326e5a7786d7`
SHA256	`5b03c438b45fa0ede100bbf67360bb80f5dc6748b2430755c82b18ab550bc9f3`
SHA3	`6715cb72403391a97ad61903519aa9de6f1555eec1785dbd7d596f953bee5ab3`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.25349`
MD5	`a34141ee21324bda846962aec89dd96c`
SHA1	`41b5b9ec7815fe2b9ed007446109c808968ed5b9`
SHA256	`d91fe7bec1e3ab62580306a0ac13fc4ed9b65ebdd17cebf34328d2e2f718ec22`
SHA3	`cbaba530f51bc0d4b0235abbe20a8b192c3685944322f8f8da5039907f3abb11`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.14302`
MD5	`66cf35d6f2ab1d02faea6e1d53a8f0f4`
SHA1	`988b38f98d8fc3b6f8a0c889aea314e7401ede1e`
SHA256	`2c6f2cb5eaaa2beee367c02cdc333680e460e5786f9542af2cf8567fb8f8e955`
SHA3	`519c7a2a07be3fbe1ffe96bed7b30c9f8c96e8112af416f741865f9dbd01a693`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xb5f4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.97094`
Detected Filetype	PNG graphic file
MD5	`3741197a40ea758ef633cb803ffe2d36`
SHA1	`eef1fe0b84fffab11dbda945043a4ed2ecc4dada`
SHA256	`1f898abfd389f7ee076f88ec3b8e4cba5ecbfd7078f88012357da105e31814bc`
SHA3	`62261f17ddbbee3e4a159ee11ef0f3b5a24dde12c8badf0c07916a5da235bd47`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.14903`
Detected Filetype	Icon file
MD5	`f6e6daf4e4cf6a102761849262459b6e`
SHA1	`bd77d95bd06b332fc84bc7ba6aaa9622ed8dd7dc`
SHA256	`81feb8e8972eec15009a85af24a8b47f88b1d38a166124b3880889548be206ae`
SHA3	`435a0dae87b98b579c82d73b6cb826313d6ebc52a5ee426ad22552fb0d24db48`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.4909`
MD5	`72fd058f3870aba8aee7b98cd9991360`
SHA1	`cb6989a908930ccaa1b2ad614a5ed6d2a657f42d`
SHA256	`2b993492108b3015342acd050aeb72f291a30873ae0684ae5d77d0aec7080411`
SHA3	`98a149f56ac9da668c9d24177027b9745899c28b1b278028f4977c63a390154c`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2.8.17.0
ProductVersion	2.8.17.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
Comments	Website: https://extravi.dev/
CompanyName	Website: https://extravi.dev/
FileDescription	Bloxshade Installer (developed by Extravi, https://extravi.dev/)
FileVersion (#2)	2.8.17.0
InternalName	Bloxshade
LegalCopyright	Copyright © 2025 Extravi
OriginalFilename	Setup - Bloxshade.exe
ProductName	Bloxshade
ProductVersion (#2)	2.8.17.0

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Jan-04 22:41:57
Version	`0.0`
SizeofData	`89`
AddressOfRawData	`0xd05ec`
PointerToRawData	`0xcf3ec`
Referenced File	C:\Users\hecker\Desktop\Bloxshade-main\bloxshade\build\start.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Jan-04 22:41:57
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0xd0648`
PointerToRawData	`0xcf448`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Jan-04 22:41:57
Version	`0.0`
SizeofData	`920`
AddressOfRawData	`0xd065c`
PointerToRawData	`0xcf45c`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2025-Jan-04 22:41:57
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1400d6080`

RICH Header

XOR Key	`0x877f4c2`
Unmarked objects	`0`
ASM objects (30795)	`7`
C++ objects (30795)	`179`
C objects (30795)	`15`
ASM objects (34321)	`10`
C objects (34321)	`16`
C++ objects (34321)	`84`
Imports (30795)	`9`
Total imports	`135`
C++ objects (LTCG) (34435)	`1`
Resource objects (34435)	`1`
151	`1`
Linker (34435)	`1`

bf0989e3d758b5956363de58e4ef9bb6

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

1001

1002

1

2

3

4

5

6

7

8

9

101

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors