Manalyze report for c8fd05fd87f977752f6ab716d123963acf78e3f26008f68969f9fd6a248ee0b2

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Feb-25 21:35:15
Detected languages	English - United States
Debug artifacts	C:\Users\Leon\source\repos\dbd1 - Copy - obfuscate\x64\stickynote.pdb

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: CurrentControlSet\Services` `Accesses the WMI: ROOT\CIMV2` `Contains another PE executable: This program cannot be run in DOS mode.` Contains domain names: 2-aia.verisign.com 2-crl.verisign.com 2009-2-aia.verisign.com 2009-2-crl.verisign.com Calligraphr.com aia.verisign.com aia.ws.symantec.com api.cryptauth.net api.fluxauth.net api.keyauth.ru api.secureauth.net apple.com auth-api.com auth-api.net auth-panel.com auth-protect.com auth-secure.net auth-service.net authifly.com authifly.net crl.microsoft.com crl.thawte.com crl.verisign.com crl.ws.symantec.com crypt-auth.com cryptauth.com cryptauth.net cryptauth.org csc3-2009-2-aia.verisign.com csc3-2009-2-crl.verisign.com example.com flux-auth.com fluxauth.com fluxauth.net fluxauth.org fonts.com github.com guard-system.com guard.com http://crl.microsoft.com http://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0 http://crl.thawte.com http://crl.thawte.com/ThawteTimestampingCA.crl0 http://crl.verisign.com http://crl.verisign.com/pca3.crl0 http://csc3-2009-2-aia.verisign.com http://csc3-2009-2-aia.verisign.com/CSC3-2009-2.cer0 http://csc3-2009-2-crl.verisign.com http://csc3-2009-2-crl.verisign.com/CSC3-2009-2.crl0D http://logo.verisign.com http://logo.verisign.com/vslogo.gif0 http://ocsp.thawte.com0 http://ocsp.verisign.com0 http://ocsp.verisign.com01 http://ocsp.verisign.com0? http://ts-aia.ws.symantec.com http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 http://ts-crl.ws.symantec.com http://ts-crl.ws.symantec.com/tss-ca-g2.crl0 http://ts-ocsp.ws.symantec.com07 http://www.apple.com http://www.apple.com/ http://www.monotypeimaging.com http://www.monotypeimaging.com/ProductsServices/TypeDesignerShowcase http://www.monotypeimaging.com/html/license.aspx https://api.cryptauth.net https://api.cryptauth.net/v2/verify?key https://api.fluxauth.net https://api.fluxauth.net/v2/validate?token https://api.keyauth.ru https://api.keyauth.ru/v2/validate?token https://api.secureauth.net https://api.secureauth.net/v2/auth?license https://auth-guard.cc https://auth-panel.com https://auth-protect.com https://auth-secure.net https://auth-service.net https://auth-system.io https://auth.cryptauth.io https://auth.cryptauth.io/v1/session?token https://auth.fluxauth.io https://auth.fluxauth.io/v1/verify?license https://auth.keyauth.win https://auth.keyauth.win/v3/check?hwid https://auth.secureauth.cc https://auth.secureauth.cc/v1/validate?token https://authifly.cc https://authifly.co https://authifly.com https://authifly.net https://crypt-auth.com https://cryptauth.cc https://cryptauth.com https://cryptauth.io https://cryptauth.net https://cryptauth.org https://curl.se https://flux-auth.com https://fluxauth.cc https://fluxauth.com https://fluxauth.io https://fluxauth.net https://fluxauth.org https://github.com https://guard-system.com https://guard.secure.cc https://guard.secure.cc/api/v2/check?hwid https://keyauth.app https://keyauth.cc https://keyauth.cloud https://keyauth.com https://keyauth.pro https://keyauth.vip https://keyauth.win https://license-api.com https://license-guard.com https://license-system.net https://license-verify.com https://license.auth.io https://license.auth.io/v3/verify?hwid https://license.protection.cc https://license.protection.cc/v2/check?id https://license.secure.com https://license.secure.com/api/check?token https://license.shield.io https://license.shield.io/api/v3/validate?hwid https://licensing.pro https://panel.cryptauth.com https://panel.cryptauth.com/admin/check?hwid https://panel.fluxauth.com https://panel.fluxauth.com/admin/check?key https://panel.keyauth.cc https://panel.keyauth.cc/admin/verify?key https://panel.secureauth.com https://panel.secureauth.com/admin/verify?key https://protect-auth.com https://protect.license.io https://protect.license.io/v1/auth?session https://protection-api.com https://protection.cc https://secure-auth.com https://secure-license.net https://secure.auth-api.com https://secure.auth-api.com/v3/check?hwid https://secure.cryptauth.cc https://secure.cryptauth.cc/api/v3/validate?id https://secure.fluxauth.net https://secure.fluxauth.net/api/check?hwid https://secureauth.cc https://secureauth.cloud https://secureauth.io https://secureauth.win https://security-auth.com https://security-guard.io https://security.shield.com https://security.shield.com/api/v3/verify?key https://shield-auth.net https://shield.auth-api.net https://shield.auth-api.net/v3/validate?token https://www.verisign.com https://www.verisign.com/cps0 https://www.verisign.com/rpa https://www.verisign.com/rpa0 https://xiddociofchigvfzyqdc.supabase.co keyauth.com keyauth.ru license-api.com license-guard.com license-system.net license-verify.com license.net license.secure.com logo.verisign.com microsoft.com monotypeimaging.com panel.com panel.cryptauth.com panel.fluxauth.com panel.secureauth.com protect-auth.com protect.com protection-api.com secure-auth.com secure-license.net secure.auth-api.com secure.com secure.fluxauth.net secure.net secureauth.com secureauth.net security-auth.com security.shield.com service.net shield-auth.net shield.auth-api.net shield.com symantec.com system.com system.net thawte.com ts-aia.ws.symantec.com ts-crl.ws.symantec.com verify.com verisign.com ws.symantec.com www.apple.com www.fonts.com www.monotypeimaging.com www.verisign.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to SHA1` `Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found: .1337`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExA GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: FindWindowA FindWindowW NtQuerySystemInformation` `Code injection capabilities (PowerLoader): FindWindowA FindWindowW GetWindowLongA` `Possibly launches other programs: WinExec CreateProcessA ShellExecuteW ShellExecuteA` `Uses Windows's Native API: NtLoadDriver NtCreateFile NtClose NtDeviceIoControlFile NtUnloadDriver NtQuerySystemInformation ntohs` `Uses Microsoft's cryptographic API: CryptDestroyKey CryptImportKey CryptEncrypt CryptGetHashParam CryptAcquireContextW CryptCreateHash CryptHashData CryptDestroyHash CryptReleaseContext CryptStringToBinaryW CryptDecodeObjectEx CryptQueryObject` `Uses functions commonly found in keyloggers: GetAsyncKeyState GetForegroundWindow` `Leverages the raw socket API to access the Internet: recv getsockname getpeername connect bind accept WSACleanup WSAStartup ntohs socket htons setsockopt closesocket WSAWaitForMultipleEvents WSAResetEvent WSAEventSelect WSAEnumNetworkEvents WSACreateEvent WSACloseEvent send getsockopt WSASetLastError WSAIoctl __WSAFDIsSet select htonl listen getaddrinfo gethostname freeaddrinfo recvfrom sendto ioctlsocket WSAGetLastError` `Manipulates other processes: OpenProcess` `Reads the contents of the clipboard: GetClipboardData` `Interacts with the certificate store: CertOpenStore CertAddCertificateContextToStore`
Malicious	The PE is possibly a dropper.	`Resource 101 detected as a PE Executable.` `Resource 102 detected as a PE Executable.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`6b671e984dcf42e9a7c71872ea36d190`
SHA1	`6c5a9648154f10dbb9627d81a19295d38a165cc4`
SHA256	`c8fd05fd87f977752f6ab716d123963acf78e3f26008f68969f9fd6a248ee0b2`
SHA3	`d993da8df8a70b8f0c81bf30ab1a6c892aec87043aff18ade91ad7b4eb49ffe6`
SSDeep	`49152:gYlmkD8YIb7IqIdaB04WQq+GGbzMJjAuo53O+z8nu8VMLZox69xU:9OPIqIUnq+GGbzMJjAx53wO79`
Imports Hash	`3541254a797e7a18377e2d3bfa2c4848`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x130`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2026-Feb-25 21:35:15
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x2a1400`
SizeOfInitializedData	`0x15d400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000023B044 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x404000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`422410e298df97a68d1ff9f20e49d954`
SHA1	`0a00d916965350fa3a8f12a9b95cb68d78521b15`
SHA256	`0347296b4df8bef0a19db6bbd9ae2241f00ceb002ff20fd5e0918b350340b03a`
SHA3	`d6699915e2257c9bdf1322abcf6b8ca32478b188f20f46468d82eea1d98c065e`
VirtualSize	`0x2a1303`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2a1400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.39333`

.rdata

MD5	`ce4cf7251773d2b988c9f2fb080d15dd`
SHA1	`29da63aa4ec181759b3f152cbd287b7d76d08b67`
SHA256	`d74760dd8df3de3d828dd32531ca4d3ea5344ef0224089213053d93ed51cc148`
SHA3	`d80f9db97c1a739a50e86685212b3df95f243577308fbace133df657d62f2ae3`
VirtualSize	`0x6129a`
VirtualAddress	`0x2a3000`
SizeOfRawData	`0x61400`
PointerToRawData	`0x2a1800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.24461`

.data

MD5	`8882845b02b6c169dccfc36f0443ae8b`
SHA1	`769a50d161fe473758eff0dbcc456e08acc4f027`
SHA256	`d44f80f3532259ca4e596b1cd595cd69b24b6f7eed75195f1a3683d25557293c`
SHA3	`bb45a0f2efd74f542d0d92c21b43bbfb7f5517c05f3474d40d5b69a1290d8f50`
VirtualSize	`0xd7820`
VirtualAddress	`0x305000`
SizeOfRawData	`0xd6200`
PointerToRawData	`0x302c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.31898`

.pdata

MD5	`618fe538f6c48038797ddabcd83a217d`
SHA1	`d7635e23b098da3959dca005db50d04692fc3bcc`
SHA256	`e49687fdc7c6c4666ddb17b5feea188e75a987b2b8becaad048c2a8b922a27a8`
SHA3	`284b1e4b6bb99e6ffbf666c65be6d96b3e7a7f1489de807c16d09c3ded0147a1`
VirtualSize	`0x11328`
VirtualAddress	`0x3dd000`
SizeOfRawData	`0x11400`
PointerToRawData	`0x3d8e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.2434`

.1337

MD5	`db3804c8fedd10baeb25486fca1ad484`
SHA1	`aa3736c956f16e17b7ae364b848c989b03bcdac7`
SHA256	`f87848463956b2e347d88dd8dfd690178350a451cba07e3597899203ae627c5b`
SHA3	`8b396910144a2ab4a87c9ce12d184b5f1afa6b936c28ad265bd5233e57aaeeb5`
VirtualSize	`0x3d`
VirtualAddress	`0x3ef000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3ea200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.00993`

.rsrc

MD5	`c7dd49623b10519fe2f97f1a43ab4da1`
SHA1	`6b7f71c7b984a52f90ddc2636cb573ea1357fc97`
SHA256	`e7c6712bb25da78ccf57ae3efca6e333729a6fa06fbd8fe6b894bd88c46210e0`
SHA3	`1f8e062df6a947558e217a822737de47733fd03a74bda94010fd112425c0ffd9`
VirtualSize	`0x114a8`
VirtualAddress	`0x3f0000`
SizeOfRawData	`0x11600`
PointerToRawData	`0x3ea400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.84233`

.reloc

MD5	`f3352e268f1a208b20a0aecdf2a83a16`
SHA1	`c5bd6262f2afd6276f53bd60ae47b44647988cc6`
SHA256	`6642f0f41287b9c9431d9a87beef4ccd131b6a9f9b3996546043aa0e51d06c5e`
SHA3	`0979d03135e0820a4008f72b91f8828245a623bb3ae508c9bc185df3ff85cb69`
VirtualSize	`0x1840`
VirtualAddress	`0x402000`
SizeOfRawData	`0x1a00`
PointerToRawData	`0x3fba00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.31417`

Imports

d3d11.dll	`D3D11CreateDeviceAndSwapChain`
KERNEL32.dll	`ReleaseMutex` `GetSystemDirectoryW` `OpenProcess` `Sleep` `GetConsoleMode` `GetTickCount64` `SetEvent` `GetSystemDirectoryA` `LockResource` `DeleteFileW` `CloseHandle` `LoadResource` `FindResourceW` `GetCurrentProcessId` `GetModuleHandleW` `GetConsoleWindow` `WinExec` `CreateProcessA` `CreateEventA` `AllocConsole` `GetExitCodeProcess` `VirtualFree` `LoadLibraryExA` `WriteConsoleW` `VerifyVersionInfoW` `AcquireSRWLockExclusive` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionEx` `DeleteCriticalSection` `SleepEx` `GetTickCount` `GetLastError` `GetFileAttributesW` `K32GetModuleInformation` `MoveFileExW` `WaitForSingleObjectEx` `CreateThread` `GetEnvironmentVariableA` `GetFileType` `ReadFile` `PeekNamedPipe` `CreateFileW` `WaitForSingleObject` `CreateMutexA` `TerminateProcess` `VirtualAlloc` `SetConsoleMode` `SizeofResource` `WriteFile` `GetCurrentProcess` `CreateFileA` `DeviceIoControl` `WaitForMultipleObjects` `QueryPerformanceCounter` `FreeLibrary` `VerSetConditionMask` `GetProcAddress` `QueryPerformanceFrequency` `LoadLibraryA` `GetLocaleInfoA` `GetModuleHandleA` `WideCharToMultiByte` `GlobalFree` `OutputDebugStringA` `GlobalUnlock` `SetConsoleCursorPosition` `CreateDirectoryA` `FormatMessageW` `GetFileSizeEx` `LocalFree` `SleepConditionVariableSRW` `GetCurrentThreadId` `SetConsoleTitleA` `SetConsoleTextAttribute` `SetConsoleCtrlHandler` `SetLastError` `ExitProcess` `GlobalLock` `FlushConsoleInputBuffer` `FillConsoleOutputAttribute` `GlobalAlloc` `GetStdHandle` `GetConsoleScreenBufferInfo` `FillConsoleOutputCharacterA` `MultiByteToWideChar` `ReleaseSRWLockExclusive` `GetFullPathNameW` `InitializeSListHead` `GetSystemTimeAsFileTime` `GetStartupInfoW` `IsDebuggerPresent` `IsProcessorFeaturePresent` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `WakeAllConditionVariable`
USER32.dll	`GetCursorPos` `GetAsyncKeyState` `OpenClipboard` `CloseClipboard` `EmptyClipboard` `GetWindowThreadProcessId` `GetSystemMenu` `DispatchMessageA` `MessageBoxA` `DestroyWindow` `SetWindowPos` `EnumChildWindows` `PostMessageA` `SetWindowTextW` `SetClipboardData` `SetCursorPos` `GetClientRect` `SetCursor` `GetForegroundWindow` `GetKeyboardLayout` `ClientToScreen` `ScreenToClient` `LoadCursorA` `GetClipboardData` `GetWindowRect` `GetKeyState` `UpdateWindow` `FindWindowA` `GetDesktopWindow` `PostQuitMessage` `PeekMessageA` `DrawMenuBar` `FindWindowW` `TranslateMessage` `SetLayeredWindowAttributes` `EnumWindows` `SetWindowTextA` `GetWindowLongA` `GetWindowTextA` `FindWindowExA` `SetWindowLongA` `IsWindow` `GetClassNameA` `ShowWindow`
ADVAPI32.dll	`CryptDestroyKey` `CryptImportKey` `CryptEncrypt` `CryptGetHashParam` `CryptAcquireContextW` `CryptCreateHash` `CryptHashData` `CryptDestroyHash` `CryptReleaseContext`
SHELL32.dll	`SHGetFolderPathA` `ShellExecuteW` `ShellExecuteA`
ole32.dll	`CoSetProxyBlanket` `CoCreateInstance` `CoUninitialize` `CoInitializeSecurity` `CoInitializeEx`
OLEAUT32.dll	`VariantClear` `SysAllocString` `VariantInit` `SysFreeString`
ntdll.dll	`RtlCaptureContext` `RtlLookupFunctionEntry` `wcschr` `RtlVirtualUnwind` `strpbrk` `wcsncmp` `wcsncpy_s` `wcslen` `__chkstk` `memcmp` `memmove` `strcmp` `memchr` `strcspn` `strrchr` `strlen` `memset` `memcpy` `NtLoadDriver` `NtCreateFile` `_stricmp` `RtlAdjustPrivilege` `NtClose` `NtDeviceIoControlFile` `RtlGetFullPathName_UEx` `wcscat_s` `wcscpy_s` `RtlInitUnicodeString` `RtlCreateRegistryKey` `NtUnloadDriver` `NtQuerySystemInformation` `_vsnwprintf` `RtlWriteRegistryValue` `strcat_s` `strtol` `_wcsicmp` `strchr` `strncmp` `strstr` `strncpy` `sin` `sqrt` `tan` `qsort` `strspn`
MSVCP140.dll	`?good@ios_base@std@@QEBA_NXZ` `?always_noconv@codecvt_base@std@@QEBA_NXZ` `?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A` `?wcerr@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A` `_Thrd_id` `_Thrd_join` `?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ` `?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ` `?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z` `?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z` `?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z` `?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z` `?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z` `?_Xbad_alloc@std@@YAXXZ` `?_Xlength_error@std@@YAXPEBD@Z` `_Query_perf_frequency` `??1_Lockit@std@@QEAA@XZ` `??0_Lockit@std@@QEAA@H@Z` `?_Throw_Cpp_error@std@@YAXH@Z` `?uncaught_exceptions@std@@YAHXZ` `?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ` `?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A` `?_Id_cnt@id@locale@std@@0HA` `?_Xout_of_range@std@@YAXPEBD@Z` `?_Xbad_function_call@std@@YAXXZ` `?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z` `_Cnd_do_broadcast_at_thread_exit` `_Query_perf_counter` `_Thrd_detach` `?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ` `?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ` `??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z`
WS2_32.dll	`recv` `getsockname` `getpeername` `connect` `bind` `accept` `WSACleanup` `WSAStartup` `ntohs` `socket` `htons` `setsockopt` `closesocket` `WSAWaitForMultipleEvents` `WSAResetEvent` `WSAEventSelect` `WSAEnumNetworkEvents` `WSACreateEvent` `WSACloseEvent` `send` `getsockopt` `WSASetLastError` `WSAIoctl` `__WSAFDIsSet` `select` `htonl` `listen` `getaddrinfo` `gethostname` `freeaddrinfo` `recvfrom` `sendto` `ioctlsocket` `WSAGetLastError`
CRYPT32.dll	`CertOpenStore` `CertCloseStore` `CertEnumCertificatesInStore` `CertFindCertificateInStore` `CertFreeCertificateContext` `CryptStringToBinaryW` `PFXImportCertStore` `CryptDecodeObjectEx` `CertFreeCRLContext` `CertAddCertificateContextToStore` `CertFreeCTLContext` `CertFindExtension` `CertGetNameStringW` `CryptQueryObject` `CertFreeCertificateChainEngine` `CertGetCertificateChain` `CertFreeCertificateChain` `CertCreateCertificateChainEngine`
Secur32.dll	`InitSecurityInterfaceW`
IPHLPAPI.DLL	`if_nametoindex`
IMM32.dll	`ImmReleaseContext` `ImmGetContext` `ImmSetCandidateWindow` `ImmSetCompositionWindow`
D3DCOMPILER_43.dll	`D3DCompile`
dwmapi.dll	`DwmExtendFrameIntoClientArea`
bcrypt.dll	`BCryptGenRandom`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`__intrinsic_setjmp` `longjmp` `_CxxThrowException` `__C_specific_handler` `__current_exception` `__std_terminate` `__std_exception_copy` `__std_exception_destroy` `__current_exception_context`
api-ms-win-crt-heap-l1-1-0.dll	`_callnewh` `realloc` `_set_new_mode` `calloc` `free` `malloc`
api-ms-win-crt-runtime-l1-1-0.dll	`_beginthreadex` `_invoke_watson` `exit` `terminate` `_errno` `_register_thread_local_exe_atexit_callback` `_c_exit` `_exit` `_initterm_e` `_initterm` `_get_narrow_winmain_command_line` `_set_app_type` `_seh_filter_exe` `_cexit` `_crt_atexit` `_register_onexit_function` `_initialize_onexit_table` `strerror_s` `_initialize_narrow_environment` `_configure_narrow_argv`
api-ms-win-crt-stdio-l1-1-0.dll	`_get_stream_buffer_pointers` `freopen` `ftell` `_lseeki64` `_write` `_read` `fseek` `fgets` `__stdio_common_vfprintf` `_wfsopen` `fread` `_wsopen_s` `_wfopen` `fputc` `feof` `_set_fmode` `__acrt_iob_func` `fputs` `fsetpos` `ungetc` `__p__commode` `fflush` `setvbuf` `_close` `fgetpos` `fopen` `__stdio_common_vsprintf` `_fseeki64` `fclose` `__stdio_common_vsscanf` `fwrite` `__stdio_common_vsprintf_s` `fgetc` `freopen_s`
api-ms-win-crt-convert-l1-1-0.dll	`wcstombs_s` `strtoull` `strtod` `strtoll`
api-ms-win-crt-filesystem-l1-1-0.dll	`_fullpath` `_wstat64` `_fstat64` `_unlock_file` `_lock_file` `_unlink`
api-ms-win-crt-locale-l1-1-0.dll	`localeconv` `_configthreadlocale`
api-ms-win-crt-time-l1-1-0.dll	`_gmtime64_s` `strftime` `_time64`
api-ms-win-crt-utility-l1-1-0.dll	`rand`
api-ms-win-crt-string-l1-1-0.dll	`_strdup`
api-ms-win-crt-math-l1-1-0.dll	`_fdopen` `fmodf` `__setusermatherr` `expf` `sqrtf` `cosf` `_dclass` `tanf` `ceilf` `acosf` `sinf`

Delayed Imports

101

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0xac00`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.41718`
Detected Filetype	PE Executable
MD5	`afd2e8632e00bf9e71cc22d561e91b9f`
SHA1	`2c849b805b97e0197e00e505e4b6581f86e7d5d2`
SHA256	`17a0b18b1802e9ba12e10ffef26ec817b558892e85efac9b86597e84b42eb371`
SHA3	`f69d4d3abdf7d6965dd1efc132077439cfc7378df1ebbec37de7c351566fd760`

102

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6650`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.33485`
Detected Filetype	PE Executable
MD5	`9ab9f3b75a2eb87fafb1b7361be9dfb3`
SHA1	`fe10018af723986db50701c8532df5ed98b17c39`
SHA256	`31f4cfb4c71da44120752721103a16512444c13c2ac2d857a7e6f13cb679b427`
SHA3	`8fc22c4eed4c669a5e23b5f66827f12146b4a97e09a9cda59a0486ae449cd5cf`

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Feb-25 21:35:15
Version	`0.0`
SizeofData	`94`
AddressOfRawData	`0x2e809c`
PointerToRawData	`0x2e689c`
Referenced File	C:\Users\Leon\source\repos\dbd1 - Copy - obfuscate\x64\stickynote.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Feb-25 21:35:15
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x2e80fc`
PointerToRawData	`0x2e68fc`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Feb-25 21:35:15
Version	`0.0`
SizeofData	`928`
AddressOfRawData	`0x2e8110`
PointerToRawData	`0x2e6910`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2026-Feb-25 21:35:15
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x1402e84d0`
EndAddressOfRawData	`0x1402e84d8`
AddressOfIndex	`0x1403db8bc`
AddressOfCallbacks	`0x1402a4058`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140305840`

RICH Header

XOR Key	`0xcd78a4e2`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`22`
C objects (VS2022 Update 6 (17.6.4) compiler 32537)	`24`
C objects (33145)	`1`
253 (35207)	`4`
ASM objects (35207)	`3`
C objects (35207)	`10`
C++ objects (35207)	`42`
Imports (35207)	`6`
Imports (VS2017 v15.2 compiler 25019)	`2`
C objects (35222)	`142`
Imports (33145)	`28`
Imports (21202)	`5`
Total imports	`559`
C++ objects (LTCG) (35222)	`26`
Resource objects (35222)	`1`
151	`1`
Linker (35222)	`1`

Errors

Leave a comment

No comments yet.