Manalyze report for cd5964238339967262314333456c4d67e084afbf142f72b1eca9bd2843432ec5

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Mar-10 23:50:59
Detected languages	English - United States
TLS Callbacks	1 callback(s) detected.
Debug artifacts	C:\Users\admin\Desktop\yubx\yubx_api\x64\Release\yubx.pdb

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: virus` Contains domain names: 10A8casedieresis.cn crl.microsoft.com crl.verisign.com example.com github.com gmail.com http://crl.microsoft.com http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl0O http://crl.verisign.com http://crl.verisign.com/ThawteTimestampingCA.crl0 http://crl.verisign.com/tss-ca.crl0 http://fontfabrik.comYou http://ocsp.verisign.com0 http://scripts.sil http://www.microsoft.com http://www.microsoft.com/pki/certs/CodeSignPCA2.crt0 http://www.microsoft.com/typography http://www.microsoft.com/typography/ctfontshttp http://www.microsoft.com/typography/fonts/default.asp http://www.microsoft.com/typography/fonts/default.aspx https://curl.se https://github.com microsoft.com verisign.com www.microsoft.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses constants related to Blowfish` `Uses constants related to RC5 or RC6` `Uses known Mersenne Twister constants` `Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: FindWindowA` `Can access the registry: RegDeleteKeyA RegCreateKeyExA` `Possibly launches other programs: ShellExecuteW ShellExecuteA system` `Uses Windows's Native API: ntohs NtWriteFile` `Uses Microsoft's cryptographic API: CryptStringToBinaryA CryptDecodeObjectEx CryptQueryObject CryptEncrypt CryptImportKey CryptDestroyKey CryptAcquireContextA CryptReleaseContext CryptGetHashParam CryptAcquireContextW CryptCreateHash CryptHashData CryptDestroyHash` `Uses functions commonly found in keyloggers: GetForegroundWindow MapVirtualKeyA` `Leverages the raw socket API to access the Internet: inet_pton WSAStartup WSAEventSelect ioctlsocket WSAWaitForMultipleEvents WSACreateEvent connect WSAEnumNetworkEvents WSAIoctl htonl getpeername gethostname htons WSACloseEvent select ntohs WSASetLastError getsockname setsockopt getaddrinfo WSACleanup getsockopt freeaddrinfo closesocket send WSAResetEvent WSAGetLastError listen accept bind recvfrom __WSAFDIsSet sendto recv socket` `Reads the contents of the clipboard: GetClipboardData` `Interacts with the certificate store: CertOpenStore CertAddCertificateContextToStore`
Safe	VirusTotal score: 0/72 (Scanned on 2026-03-12 05:01:56)	`All the AVs think this file is safe.`

Hashes

MD5	`03061f2192742ae37e414af5d5a03e97`
SHA1	`52b955478ffb1123078e500f604e73734243e301`
SHA256	`cd5964238339967262314333456c4d67e084afbf142f72b1eca9bd2843432ec5`
SHA3	`53ebe7d715dcdd7f3c8ef95befb522b8d92f6878f7f11ed4105104879800d0d4`
SSDeep	`98304:JRgqTU0B5deaSxKC3Usy/pF2oKuyuu/4dk:cqTRgaSxKC3Usy/pF2oKaa`
Imports Hash	`ff3cc2cfb90f5e13548508fd8875814e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x140`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2026-Mar-10 23:50:59
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x45d400`
SizeOfInitializedData	`0x21b400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000441AD0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x67c000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`268ce3896bb8c24f24e30eee1b9b05b8`
SHA1	`ccc2cdb1318a641cb73f1104dc2e12cf95b83d05`
SHA256	`ba704c21aecefcc7b9130731f2c5725c5653ee33197705a7e05a0d791760a888`
SHA3	`784b9f985ea28017e8b827679ca06ec5cb18c928703148aa538a1acc6d93be94`
VirtualSize	`0x45d3c4`
VirtualAddress	`0x1000`
SizeOfRawData	`0x45d400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.52509`

.rdata

MD5	`abb8fae2db640460239fb4b81533f63d`
SHA1	`23a4682c5bdd3b0913f3a24faaa0fb0357629209`
SHA256	`98639a94162ab49c575e9353b9339f20d7186685050dd179aa4fb7c58b097520`
SHA3	`3feb79f66f2ba91d3adf433713be985b3af12fde56cf50d19d8ca29138eeea77`
VirtualSize	`0x1d4d06`
VirtualAddress	`0x45f000`
SizeOfRawData	`0x1d4e00`
PointerToRawData	`0x45d800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.68036`

.data

MD5	`cb253e4c693555a75d13fdce0fadb73d`
SHA1	`2c04bdd897ef503b50d64c8947aa76b72bfbff34`
SHA256	`8339fb36aca0f068c3e6698a2a781652dc98363aa75a703160e73284a011b06d`
SHA3	`88d4d1496ab34440e0cb520544bc14876bda9549285e30f60c10bf2147daa8f9`
VirtualSize	`0x13a10`
VirtualAddress	`0x634000`
SizeOfRawData	`0xe200`
PointerToRawData	`0x632600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.00635`

.pdata

MD5	`5d6f6f7670569d761d12631f2ace03d7`
SHA1	`1adb6c87a648d25bb89e75ffbc048c0b3aafe7f2`
SHA256	`fea9361e0edcbaadf35d74c48e8cc937a11846f7b03bde018f16044ffd6b3b29`
SHA3	`be5db9603283f8cab317000c5b89191972161dd43a29a031aaacc79e7efc07d6`
VirtualSize	`0x2bc68`
VirtualAddress	`0x648000`
SizeOfRawData	`0x2be00`
PointerToRawData	`0x640800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.43535`

.rsrc

MD5	`a4e160e0718ebd93a3604e1cb79faef1`
SHA1	`21bff6dae9ded895fd682b901a7944698ea720a9`
SHA256	`2c9faa17e74555e80ab3e4c15d7634c23c2ce7e7b07e57ce8739ccaf26a82c14`
SHA3	`cb664851473889587754562d911d7d5c290c03badaeda003671c1746d8b21814`
VirtualSize	`0xf8`
VirtualAddress	`0x674000`
SizeOfRawData	`0x200`
PointerToRawData	`0x66c600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.52739`

.reloc

MD5	`904412ff4d9f51b5afb168e4b6244149`
SHA1	`23c461acb24f0ff8b219f38c6e0ee497c7a04486`
SHA256	`f33fe63390ef60334bff2ad34321e4b992f2319441ef19f120ad3eb998a2d136`
SHA3	`57a7031bd04cf39839b3a3a99ae90f292bf684f149bd282d5e601a65b42d4f9b`
VirtualSize	`0x691c`
VirtualAddress	`0x675000`
SizeOfRawData	`0x6a00`
PointerToRawData	`0x66c800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.45115`

Imports

WS2_32.dll	`inet_pton` `WSAStartup` `WSAEventSelect` `ioctlsocket` `WSAWaitForMultipleEvents` `WSACreateEvent` `connect` `WSAEnumNetworkEvents` `WSAIoctl` `htonl` `getpeername` `gethostname` `htons` `WSACloseEvent` `select` `ntohs` `WSASetLastError` `getsockname` `setsockopt` `getaddrinfo` `WSACleanup` `getsockopt` `freeaddrinfo` `closesocket` `send` `WSAResetEvent` `WSAGetLastError` `listen` `accept` `bind` `recvfrom` `__WSAFDIsSet` `sendto` `recv` `socket`
WLDAP32.dll	`#30` `#26` `#22` `#41` `#50` `#45` `#60` `#301` `#46` `#217` `#143` `#79` `#35` `#33` `#32` `#27` `#211` `#200`
Normaliz.dll	`IdnToAscii` `IdnToUnicode`
bcryptprimitives.dll	`ProcessPrng`
api-ms-win-core-synch-l1-2-0.dll	`WakeByAddressSingle` `WaitOnAddress` `WakeByAddressAll`
CRYPT32.dll	`CertEnumCertificatesInStore` `CertFreeCertificateContext` `CertOpenStore` `CertFindCertificateInStore` `CryptStringToBinaryA` `PFXImportCertStore` `CryptDecodeObjectEx` `CertAddCertificateContextToStore` `CertFindExtension` `CertGetNameStringA` `CryptQueryObject` `CertCreateCertificateChainEngine` `CertFreeCertificateChain` `CertGetCertificateChain` `CertFreeCertificateChainEngine` `CertCloseStore`
ntdll.dll	`NtWriteFile` `VerSetConditionMask` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `RtlNtStatusToDosError`
KERNEL32.dll	`IsDebuggerPresent` `OutputDebugStringW` `InitializeSListHead` `WakeAllConditionVariable` `InitOnceBeginInitialize` `InitOnceComplete` `GetCurrentThreadId` `SleepConditionVariableSRW` `FindFirstFileExW` `GetFileAttributesExW` `GetFullPathNameW` `SetFileInformationByHandle` `CreateFile2` `AreFileApisANSI` `DeviceIoControl` `CopyFile2` `MoveFileExW` `GetFileInformationByHandleEx` `CreateSymbolicLinkW` `LocalFree` `GetLocaleInfoEx` `ReadFile` `GetModuleHandleA` `Sleep` `GetTickCount64` `CloseHandle` `GetCurrentProcessId` `FlushFileBuffers` `CreateDirectoryW` `GetModuleFileNameA` `HeapFree` `GetCurrentProcess` `WriteFile` `GetModuleFileNameW` `InitializeCriticalSectionEx` `GetEnvironmentVariableA` `CreateFileW` `HeapReAlloc` `LoadLibraryW` `HeapAlloc` `AddVectoredExceptionHandler` `GetProcAddress` `DeleteCriticalSection` `GetProcessHeap` `GetModuleHandleW` `MultiByteToWideChar` `GlobalAlloc` `GlobalFree` `GlobalLock` `WideCharToMultiByte` `GlobalUnlock` `GetLocaleInfoA` `LoadLibraryA` `QueryPerformanceFrequency` `FreeLibrary` `QueryPerformanceCounter` `FormatMessageA` `CreateEventW` `SetEvent` `ResetEvent` `RaiseException` `AddVectoredContinueHandler` `GetModuleHandleExA` `DisableThreadLibraryCalls` `GetCurrentThread` `K32GetModuleInformation` `GetLocalTime` `VirtualQuery` `SetUnhandledExceptionFilter` `SetConsoleTitleA` `FreeConsole` `GetConsoleWindow` `AllocConsole` `SetFilePointer` `GetTickCount` `IsBadReadPtr` `InitializeCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `GetSystemInfo` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `SetLastError` `FormatMessageW` `WaitForSingleObject` `CreateEventA` `GetSystemDirectoryA` `MoveFileExA` `WaitForSingleObjectEx` `GetStdHandle` `GetFileType` `PeekNamedPipe` `WaitForMultipleObjects` `SleepEx` `VerifyVersionInfoW` `CreateFileA` `GetFileSizeEx` `GetConsoleMode` `WriteConsoleW` `lstrlenW` `GetEnvironmentVariableW` `GetCurrentDirectoryW` `CreateMutexA` `ReleaseMutex` `GetSystemTimeAsFileTime` `FindClose` `FindFirstFileW` `FindNextFileW` `GetLastError`
USER32.dll	`mouse_event` `ShowWindow` `FindWindowA` `GetKeyState` `GetMessageExtraInfo` `ScreenToClient` `GetCapture` `ClientToScreen` `TrackMouseEvent` `GetKeyboardLayout` `GetForegroundWindow` `LoadCursorW` `SetCapture` `SetCursor` `GetClientRect` `IsWindowUnicode` `ReleaseCapture` `SetCursorPos` `GetCursorPos` `GetSystemMetrics` `CloseClipboard` `EmptyClipboard` `GetClipboardData` `SetClipboardData` `MessageBoxA` `MapVirtualKeyA` `CallWindowProcW` `GetDpiForWindow` `SetWindowLongPtrW` `GetWindowThreadProcessId` `keybd_event` `OpenClipboard`
ADVAPI32.dll	`CryptEncrypt` `CryptImportKey` `CryptDestroyKey` `CryptAcquireContextA` `CryptReleaseContext` `CryptGetHashParam` `SystemFunction036` `GetCurrentHwProfileW` `CryptAcquireContextW` `RegDeleteKeyA` `RegCreateKeyExA` `CryptCreateHash` `CryptHashData` `CryptDestroyHash`
SHELL32.dll	`ShellExecuteW` `ShellExecuteA` `SHGetFolderPathW`
MSVCP140.dll	`??0_Locinfo@std@@QEAA@PEBD@Z` `??1_Locinfo@std@@QEAA@XZ` `?_Getctype@_Locinfo@std@@QEBA?AU_Ctypevec@@XZ` `?_Incref@facet@locale@std@@UEAAXXZ` `?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ` `??0ctype_base@std@@QEAA@_K@Z` `??1ctype_base@std@@UEAA@XZ` `_Toupper` `_Tolower` `?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z` `?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ` `?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z` `_Thrd_join` `_Thrd_id` `_Cnd_signal` `??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z` `_Mtx_unlock` `_Mtx_lock` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z` `??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z` `?always_noconv@codecvt_base@std@@QEBA_NXZ` `?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `??Bios_base@std@@QEBA_NXZ` `??7ios_base@std@@QEBA_NXZ` `?good@ios_base@std@@QEBA_NXZ` `?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z` `?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z` `?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z` `?id@?$numpunct@D@std@@2V0locale@2@A` `?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `??1facet@locale@std@@MEAA@XZ` `??0facet@locale@std@@IEAA@_K@Z` `?_Gettrue@_Locinfo@std@@QEBAPEBDXZ` `?_Getfalse@_Locinfo@std@@QEBAPEBDXZ` `_Strxfrm` `?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z` `?id@?$collate@D@std@@2V0locale@2@A` `_Strcoll` `?tolower@?$ctype@D@std@@QEBADD@Z` `?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ` `?set_new_handler@std@@YAP6AXXZP6AXXZ@Z` `__crtLCMapStringA` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z` `?_Throw_Cpp_error@std@@YAXH@Z` `?_Xbad_alloc@std@@YAXXZ` `?_Xout_of_range@std@@YAXPEBD@Z` `?_Xlength_error@std@@YAXPEBD@Z` `_Cnd_do_broadcast_at_thread_exit` `_Thrd_detach` `?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ` `_Query_perf_frequency` `??1_Lockit@std@@QEAA@XZ` `??0_Lockit@std@@QEAA@H@Z` `?uncaught_exceptions@std@@YAHXZ` `?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ` `?_Xinvalid_argument@std@@YAXPEBD@Z` `?_Id_cnt@id@locale@std@@0HA` `?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?_Winerror_map@std@@YAHH@Z` `?_Xbad_function_call@std@@YAXXZ` `?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z` `?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z` `?id@?$ctype@D@std@@2V0locale@2@A` `?_Random_device@std@@YAIXZ` `?_Syserror_map@std@@YAPEBDH@Z` `_Query_perf_counter` `_Xtime_get_ticks` `?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ` `?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z` `?getloc@ios_base@std@@QEBA?AVlocale@2@XZ` `?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z` `??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z` `??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z` `?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ`
bcrypt.dll	`BCryptOpenAlgorithmProvider` `BCryptGenRandom` `BCryptCloseAlgorithmProvider`
SHLWAPI.dll	`PathFindFileNameW`
IMM32.dll	`ImmSetCompositionWindow` `ImmReleaseContext` `ImmGetContext` `ImmSetCandidateWindow`
D3DCOMPILER_47.dll	`D3DCompile`
dbghelp.dll	`SymGetModuleBase64` `StackWalk64` `SymInitialize` `SymGetLineFromAddr64` `SymFunctionTableAccess64` `SymFromAddr`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`memcpy` `memmove` `memset` `__std_type_info_name` `__RTtypeid` `__CxxFrameHandler3` `_CxxThrowException` `__RTDynamicCast` `strrchr` `memchr` `__std_type_info_compare` `strchr` `strstr` `__std_terminate` `_purecall` `__std_exception_copy` `__std_exception_destroy` `__current_exception` `__current_exception_context` `__C_specific_handler` `__std_type_info_destroy_list` `memcmp`
api-ms-win-crt-heap-l1-1-0.dll	`_aligned_malloc` `calloc` `_aligned_free` `realloc` `malloc` `_callnewh` `free`
api-ms-win-crt-runtime-l1-1-0.dll	`_crt_atexit` `_execute_onexit_table` `_register_onexit_function` `_initialize_onexit_table` `_initialize_narrow_environment` `__sys_nerr` `_configure_narrow_argv` `__sys_errlist` `_seh_filter_dll` `abort` `_cexit` `_initterm` `_beginthreadex` `_invalid_parameter_noinfo_noreturn` `_invalid_parameter_noinfo` `terminate` `_errno` `exit` `strerror` `_initterm_e` `system`
api-ms-win-crt-stdio-l1-1-0.dll	`setbuf` `fflush` `fclose` `_lseeki64` `fgets` `_open` `fopen` `fgetc` `feof` `__stdio_common_vswprintf` `fputs` `fwrite` `freopen_s` `__stdio_common_vsprintf` `__stdio_common_vsnprintf_s` `fgetpos` `_read` `_write` `setvbuf` `ungetc` `_fileno` `_close` `fsetpos` `fread` `_fseeki64` `_get_stream_buffer_pointers` `ftell` `fputc` `__acrt_iob_func` `fseek` `__stdio_common_vfprintf` `_wfopen` `__stdio_common_vsscanf`
api-ms-win-crt-string-l1-1-0.dll	`isalpha` `strspn` `strcspn` `strncat` `strpbrk` `isgraph` `isxdigit` `isalnum` `iscntrl` `isspace` `ispunct` `isdigit` `islower` `_stricmp` `_strdup` `strcpy_s` `strncmp` `strcmp` `tolower` `strncpy` `strlen` `toupper` `isupper` `wcslen`
api-ms-win-crt-math-l1-1-0.dll	`_dclass` `_dsign` `log` `tanh` `exp` `floorf` `fmod` `ldexp` `round` `modf` `frexp` `cosh` `cosf` `fmodf` `floor` `log10` `log2` `sin` `sinf` `sinh` `cos` `sqrt` `sqrtf` `tan` `_fdopen` `_fdsign` `_ldsign` `pow` `ceilf` `ceil` `acos` `llround` `atan2` `atan` `asin` `acosf`
api-ms-win-crt-time-l1-1-0.dll	`strftime` `_localtime64` `_gmtime64` `_time64` `_gmtime64_s` `_difftime64` `clock` `_localtime64_s`
api-ms-win-crt-convert-l1-1-0.dll	`strtod` `strtol` `atoi` `wcstombs` `strtoull` `strtoll` `strtoul`
api-ms-win-crt-filesystem-l1-1-0.dll	`_fstat64` `_stat64` `_access` `remove` `_unlock_file` `_lock_file` `_unlink`
api-ms-win-crt-locale-l1-1-0.dll	`___lc_codepage_func` `___lc_locale_name_func` `___lc_collate_cp_func` `localeconv`
api-ms-win-crt-environment-l1-1-0.dll	`getenv`
api-ms-win-crt-utility-l1-1-0.dll	`rand` `qsort`

Delayed Imports

_CreateFrameInfo

Ordinal	`1`
Address	`0x62e1f8`
ForwardName	`C:\Windows\System32\vcruntime140.dll._CreateFrameInfo`

_CxxThrowException

Ordinal	`2`
Address	`0x62e241`
ForwardName	`C:\Windows\System32\vcruntime140.dll._CxxThrowException`

_FindAndUnlinkFrame

Ordinal	`3`
Address	`0x62e28d`
ForwardName	`C:\Windows\System32\vcruntime140.dll._FindAndUnlinkFrame`

_IsExceptionObjectToBeDestroyed

Ordinal	`4`
Address	`0x62e2e6`
ForwardName	`C:\Windows\System32\vcruntime140.dll._IsExceptionObjectToBeDestroyed`

_SetWinRTOutOfMemoryExceptionCallback

Ordinal	`5`
Address	`0x62e351`
ForwardName	`C:\Windows\System32\vcruntime140.dll._SetWinRTOutOfMemoryExceptionCallback`

__AdjustPointer

Ordinal	`6`
Address	`0x62e3ac`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__AdjustPointer`

__BuildCatchObject

Ordinal	`7`
Address	`0x62e3f4`
ForwardName	`C:\Windows\System32\vcruntime140.Qdll.__BuildCatchObject`

__BuildCatchObjectHelper

Ordinal	`8`
Address	`0x62e446`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__BuildCatchObjectHelper`

__C_specific_handler

Ordinal	`9`
Address	`0x62e499`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__C_specific_handler`

__C_specific_handler_noexcept

Ordinal	`10`
Address	`0x62e4f1`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__C_specific_handler_noexcept`

__CxxDetectRethrow

Ordinal	`11`
Address	`0x62e547`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__CxxDetectRethrow`

__CxxExceptionFilter

Ordinal	`12`
Address	`0x62e594`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__CxxExceptionFilter`

__CxxFrameHandler

Ordinal	`13`
Address	`0x62e5e0`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__CxxFrameHandler`

__CxxFrameHandler2

Ordinal	`14`
Address	`0x62e62a`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__CxxFrameHandler2`

__CxxFrameHandler3

Ordinal	`15`
Address	`0x62e675`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__CxxFrameHandler3`

__CxxQueryExceptionSize

Ordinal	`16`
Address	`0x62e6c5`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__CxxQueryExceptionSize`

__CxxRegisterExceptionObject

Ordinal	`17`
Address	`0x62e71f`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__CxxRegisterExceptionObject`

__CxxUnregisterExceptionObject

Ordinal	`18`
Address	`0x62e780`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__CxxUnregisterExceptionObject`

__DestructExceptionObject

Ordinal	`19`
Address	`0x62e7de`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__DestructExceptionObject`

__FrameUnwindFilter

Ordinal	`20`
Address	`0x62e831`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__FrameUnwindFilter`

__GetPlatformExceptionInfo

Ordinal	`21`
Address	`0x62e885`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__GetPlatformExceptionInfo`

__NLG_Dispatch2

Ordinal	`22`
Address	`0x62e8d5`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__NLG_Dispatch2`

__NLG_Return2

Ordinal	`23`
Address	`0x62e918`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__NLG_Return2`

__RTCastToVoid

Ordinal	`24`
Address	`0x62e95a`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__RTCastToVoid`

__RTDynamicCast

Ordinal	`25`
Address	`0x62e99e`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__RTDynamicCast`

__RTtypeid

Ordinal	`26`
Address	`0x62e9de`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__RTtypeid`

__TypeMatch

Ordinal	`27`
Address	`0x62ea1a`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__TypeMatch`

__current_exception

Ordinal	`28`
Address	`0x62ea5f`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__current_exception`

__current_exception_context

Ordinal	`29`
Address	`0x62eab4`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__current_exception_context`

__intrinsic_setjmp

Ordinal	`30`
Address	`0x62eb08`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__intrinsic_setjmp`

__intrinsic_setjmpex

Ordinal	`31`
Address	`0x62eb55`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__intrinsic_setjmpex`

__processing_throw

Ordinal	`32`
Address	`0x62eba2`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__processing_throw`

__report_gsfailure

Ordinal	`33`
Address	`0x62ebed`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__report_gsfailure`

__std_exception_copy

Ordinal	`34`
Address	`0x62ec3a`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__std_exception_copy`

__std_exception_destroy

Ordinal	`35`
Address	`0x62ec8c`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__std_exception_destroy`

__std_terminate

Ordinal	`36`
Address	`0x62ecd9`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__std_terminate`

__std_type_info_compare

Ordinal	`37`
Address	`0x62ed26`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__std_type_info_compare`

__std_type_info_destroy_list

Ordinal	`38`
Address	`0x62ed80`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__std_type_info_destroy_list`

__std_type_info_hash

Ordinal	`39`
Address	`0x62edd7`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__std_type_info_hash`

__std_type_info_name

Ordinal	`40`
Address	`0x62ee26`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__std_type_info_name`

__telemetry_main_invoke_trigger

Ordinal	`41`
Address	`0x62ee80`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__telemetry_main_invoke_trigger`

__telemetry_main_return_trigger

Ordinal	`42`
Address	`0x62eee5`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__telemetry_main_return_trigger`

__unDName

Ordinal	`43`
Address	`0x62ef34`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__unDName`

__unDNameEx

Ordinal	`44`
Address	`0x62ef6f`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__unDNameEx`

__uncaught_exception

Ordinal	`45`
Address	`0x62efb5`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__uncaught_exception`

__uncaught_exceptions

Ordinal	`46`
Address	`0x62f005`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__uncaught_exceptions`

__vcrt_GetModuleFileNameW

Ordinal	`47`
Address	`0x62f05a`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__vcrt_GetModuleFileNameW`

__vcrt_GetModuleHandleW

Ordinal	`48`
Address	`0x62f0b1`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__vcrt_GetModuleHandleW`

__vcrt_InitializeCriticalSectionEx

Ordinal	`49`
Address	`0x62f111`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__vcrt_InitializeCriticalSectionEx`

__vcrt_LoadLibraryExW

Ordinal	`50`
Address	`0x62f16f`
ForwardName	`C:\Windows\System32\vcruntime140.dll.__vcrt_LoadLibraryExW`

_get_purecall_handler

Ordinal	`51`
Address	`0x62f1c0`
ForwardName	`C:\Windows\System32\vcruntime140.dll._get_purecall_handler`

_get_unexpected

Ordinal	`52`
Address	`0x62f20b`
ForwardName	`C:\Windows\System32\vcruntime140.dll._get_unexpected`

_is_exception_typeof

Ordinal	`53`
Address	`0x62f255`
ForwardName	`C:\Windows\System32\vcruntime140.dll._is_exception_typeof`

_local_unwind

Ordinal	`54`
Address	`0x62f29d`
ForwardName	`C:\Windows\System32\vcruntime140.dll._local_unwind`

_purecall

Ordinal	`55`
Address	`0x62f2da`
ForwardName	`C:\Windows\System32\vcruntime140.dll._purecall`

_set_purecall_handler

Ordinal	`56`
Address	`0x62f31f`
ForwardName	`C:\Windows\System32\vcruntime140.dll._set_purecall_handler`

_set_se_translator

Ordinal	`57`
Address	`0x62f36d`
ForwardName	`C:\Windows\System32\vcruntime140.dll._set_se_translator`

longjmp

Ordinal	`58`
Address	`0x62f3ad`
ForwardName	`C:\Windows\System32\vcruntime140.dll.longjmp`

memchr

Ordinal	`59`
Address	`0x62f3e1`
ForwardName	`C:\Windows\System32\vcruntime140.dll.memchr`

memcmp

Ordinal	`60`
Address	`0x62f414`
ForwardName	`C:\Windows\System32\vcruntime140.dll.memcmp`

memcpy

Ordinal	`61`
Address	`0x62f447`
ForwardName	`C:\Windows\System32\vcruntime140.dll.memcpy`

memmove

Ordinal	`62`
Address	`0x62f47b`
ForwardName	`C:\Windows\System32\vcruntime140.dll.memmove`

memset

Ordinal	`63`
Address	`0x62f4af`
ForwardName	`C:\Windows\System32\vcruntime140.dll.memset`

set_unexpected

Ordinal	`64`
Address	`0x62f4ea`
ForwardName	`C:\Windows\System32\vcruntime140.dll.set_unexpected`

strchr

Ordinal	`65`
Address	`0x62f525`
ForwardName	`C:\Windows\System32\vcruntime140.dll.strchr`

strrchr

Ordinal	`66`
Address	`0x62f559`
ForwardName	`C:\Windows\System32\vcruntime140.dll.strrchr`

strstr

Ordinal	`67`
Address	`0x62f58d`
ForwardName	`C:\Windows\System32\vcruntime140.dll.strstr`

unexpected

Ordinal	`68`
Address	`0x62f5c4`
ForwardName	`C:\Windows\System32\vcruntime140.dll.unexpected`

wcschr

Ordinal	`69`
Address	`0x62f5fb`
ForwardName	`C:\Windows\System32\vcruntime140.dll.wcschr`

wcsrchr

Ordinal	`70`
Address	`0x62f62f`
ForwardName	`C:\Windows\System32\vcruntime140.dll.wcsrchr`

wcsstr

Ordinal	`71`
Address	`0x62f663`
ForwardName	`C:\Windows\System32\vcruntime140.dll.wcsstr`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x91`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.8858`
MD5	`f7ad1eab748bc07570a57ec87787cf90`
SHA1	`0b1608da9fef218386e825db575c65616826d9f4`
SHA256	`d2952e57023848a37fb0f21f0dfb38c9000f610ac2b00c2f128511dfd68bde04`
SHA3	`6c9541b36948c19ae507d74223621875b3af4064f7cd8200bdb97e15a047e96a`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Mar-10 23:50:59
Version	`0.0`
SizeofData	`82`
AddressOfRawData	`0x5ccd30`
PointerToRawData	`0x5cb530`
Referenced File	C:\Users\admin\Desktop\yubx\yubx_api\x64\Release\yubx.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Mar-10 23:50:59
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x5ccd84`
PointerToRawData	`0x5cb584`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Mar-10 23:50:59
Version	`0.0`
SizeofData	`928`
AddressOfRawData	`0x5ccd98`
PointerToRawData	`0x5cb598`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2026-Mar-10 23:50:59
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x1805cd158`
EndAddressOfRawData	`0x1805cd250`
AddressOfIndex	`0x180646664`
AddressOfCallbacks	`0x180464cc0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`0x0000000180136EF0`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x180635200`

RICH Header

XOR Key	`0xacf928ba`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`22`
253 (35403)	`7`
C objects (35403)	`8`
C++ objects (35403)	`39`
ASM objects (35403)	`6`
Imports (35403)	`6`
C objects (34809)	`79`
C objects (34120)	`12`
C++ objects (34436)	`51`
ASM objects (34436)	`3`
Unmarked objects (#2)	`7`
Imports (33145)	`36`
C objects (33519)	`125`
Imports (33813)	`3`
Total imports	`652`
C objects (33523)	`43`
C++ objects (LTCG) (35725)	`157`
Exports (35725)	`1`
Resource objects (35725)	`1`
Linker (35725)	`1`

Errors

Leave a comment

No comments yet.