d40e21b40083b393399e7fb5a2e3f88901f60c042cead6a9ff76eb2b8f867e78

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2026-Mar-30 21:54:53
Detected languages English - United States
TLS Callbacks 2 callback(s) detected.

Plugin Output

Info Matching compiler(s): MASM/TASM - sig1(h)
Info Interesting strings found in the binary: Contains domain names:
  • http://purl.org
  • http://www.ebu.ch
  • http://www.ebu.ch/metadata/cs/ebu_IdentifierTypeCodeCS.xml#3.7
  • http://www.w3.org
  • http://www.w3.org/1999/xlink
  • http://www.w3.org/2000/svg
  • www.ebu.ch
  • www.w3.org
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryW
  • GetProcAddress
  • LoadLibraryA
Possibly launches other programs:
  • ShellExecuteW
Can create temporary files:
  • CreateFileW
  • GetTempPathW
Uses functions commonly found in keyloggers:
  • AttachThreadInput
  • MapVirtualKeyW
  • CallNextHookEx
  • GetAsyncKeyState
  • GetForegroundWindow
Has Internet access capabilities:
  • InternetReadFile
  • InternetSetOptionW
  • InternetWriteFile
  • InternetConnectW
  • InternetCloseHandle
  • InternetOpenW
  • InternetSetFilePointer
  • InternetCrackUrlW
Leverages the raw socket API to access the Internet:
  • getsockopt
  • inet_ntoa
  • htonl
  • htons
  • setsockopt
  • freeaddrinfo
  • sendto
  • recv
  • __WSAFDIsSet
  • accept
  • send
  • inet_addr
  • bind
  • closesocket
  • select
  • getaddrinfo
  • WSAStartup
  • ioctlsocket
Functions related to the privilege level:
  • OpenProcessToken
  • DuplicateToken
Enumerates local disk drives:
  • GetLogicalDriveStringsW
  • GetDriveTypeW
  • GetVolumeInformationW
Can take screenshots:
  • GetDC
  • BitBlt
  • CreateCompatibleDC
Reads the contents of the clipboard:
  • GetClipboardData
Safe VirusTotal score: 0/71 (Scanned on 2026-05-16 21:54:45) All the AVs think this file is safe.

Hashes

MD5 d6ca581d156ce0228003fb91ab81be26
SHA1 83f1474ad63e1b5e329fd352e5d5f77822ccbaaa
SHA256 d40e21b40083b393399e7fb5a2e3f88901f60c042cead6a9ff76eb2b8f867e78
SHA3 e872a53d87205d875a593d57b734abf6f41223b9109cf626af19df3cb69fecc6
SSDeep 98304:Lp2VgRKujhZUC587fx5yYwPBUB2BBUP1:L0VgRKujhZN5gfxsPBUB2BBUP1
Imports Hash 87a440db95180efc1cfe02cdc9bceb50

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x128

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2026-Mar-30 21:54:53
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x463c00
SizeOfInitializedData 0x179200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00000000001B38AC (Section: .text)
BaseOfCode 0x1000
ImageBase 0x180000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x5e1000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 97736219e9d115ebdc6317662599de09
SHA1 b4f292170dfa007492d28b2525ba51e93fc60f17
SHA256 cfa3e11a65a7053d850a2d7a28ae07d78333cc385100197ed327a1e6ad117a6f
SHA3 1b4c2156b85eec968c5fcf6a57ae98204472acd740a33521be11fffa7609918f
VirtualSize 0x463bf1
VirtualAddress 0x1000
SizeOfRawData 0x463c00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.45511

.rdata

MD5 2cace4307a6ed0c713b1c53f4129efbc
SHA1 9ade7f752c5d74fda335c34a387a47a566224974
SHA256 7e6224510b99bac7b79c362c58878c69e8f22cda4fe718923e63f4f14f27b7e6
SHA3 14b3cc5813f62bf1e2e79b170cba93cba68014a78246cc6f87a1e9a2a5967de4
VirtualSize 0x11bb94
VirtualAddress 0x465000
SizeOfRawData 0x11bc00
PointerToRawData 0x464000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.80716

.data

MD5 64b705ad59f6801b8fe10c3133a8896d
SHA1 a80297d47190afdb398ef24f3e75d26d5f2712e1
SHA256 a6e4b514ada29ad41ce78868e13e4c7a2eafe53f8bc3ac0336734505ced2e5af
SHA3 09f378d88d4eca05c0a32eee50af9ffe0ac75e2310dbf7b91868056042824857
VirtualSize 0x1bf80
VirtualAddress 0x581000
SizeOfRawData 0x18e00
PointerToRawData 0x57fc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.03859

.pdata

MD5 7230d4bb2e90eee13071386ff65dfd6f
SHA1 1cabce1bfca86f892b8a611f5b41a6b41466348e
SHA256 965b34eed831a0faf4c373796966171273718075523509224b36bc3c282bce8c
SHA3 7ab33a05db13274ba80bc0fb99bab87ba2e42a742fd42420bc02306d8397f242
VirtualSize 0x37698
VirtualAddress 0x59d000
SizeOfRawData 0x37800
PointerToRawData 0x598a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.46444

_RDATA

MD5 fc2f14d81e335ad78fd3a2189af093b9
SHA1 81dada1609afbd2548cfba58550fcf189d5c3e97
SHA256 07ece48289db544c44faf74a6e85d8668adee8b0bbc7b702043079d3adab5556
SHA3 28f0c6920ecef90ce15e23efc3452f4b442395bf45404d31fa5eb4a4832c0d91
VirtualSize 0x30
VirtualAddress 0x5d5000
SizeOfRawData 0x200
PointerToRawData 0x5d0200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.247497

.rsrc

MD5 94d64b6fdbdf27edd4174893fc242852
SHA1 29a12b5ed91307f3cb352704f08a03d31a314341
SHA256 b7c9fee0b96b80aec07f21f46df195e7eb4a7674b236f9366bd5e79f7aac240d
SHA3 550ec94cccf6a384306f8428826be19885bf37fe526989e29c18ecc52020565e
VirtualSize 0x2e0
VirtualAddress 0x5d6000
SizeOfRawData 0x400
PointerToRawData 0x5d0400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.26119

.reloc

MD5 76431f773b042952e72c494c4fac4297
SHA1 8944b8d1829083c40599d924b9f4e95eaf95c412
SHA256 fcc067cb9c7ac639444bc19d900448b351577f8f5a3825af467ef61ca11d556e
SHA3 6375e58eb34ad9dbd1c5d2b6eacc938062ccd970cf4720b895a11041cbcef566
VirtualSize 0x977c
VirtualAddress 0x5d7000
SizeOfRawData 0x9800
PointerToRawData 0x5d0800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.4471

Imports

KERNEL32.dll GetLogicalDriveStringsW
CreateEventW
Sleep
GetFileInformationByHandle
FormatMessageW
GetLastError
GetFileAttributesExW
OutputDebugStringW
SetEvent
GetLogicalProcessorInformation
GetCurrentThread
TerminateThread
QueryPerformanceFrequency
DeleteFileW
CloseHandle
GetNativeSystemInfo
LoadLibraryW
GetCurrentDirectoryW
GetOverlappedResult
GetProcAddress
LocalFree
ReplaceFileW
ExitProcess
SystemTimeToFileTime
GetModuleHandleW
FreeLibrary
CopyFileW
GetSystemTime
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
MoveFileW
GetDriveTypeW
ConnectNamedPipe
SetUnhandledExceptionFilter
FlushFileBuffers
GetCommandLineW
AttachConsole
CompareStringOrdinal
GlobalSize
LoadLibraryA
GlobalAlloc
GlobalFree
GlobalLock
GetCurrentProcessId
GlobalUnlock
EnterCriticalSection
InitializeSListHead
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
InitOnceBeginInitialize
InitOnceComplete
GetModuleHandleA
UnmapViewOfFile
DisconnectNamedPipe
ResumeThread
GetSystemDirectoryW
ReleaseMutex
GetCurrentThreadId
GetFileAttributesW
CreateFileW
WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSection
MultiByteToWideChar
DeleteCriticalSection
WideCharToMultiByte
IsDebuggerPresent
CreateDirectoryW
SetThreadAffinityMask
GetSystemFirmwareTable
ReadFile
GetVolumeInformationW
CancelIo
FindFirstFileW
SetPriorityClass
FindNextFileW
GetCurrentProcess
WriteFile
GetModuleHandleExW
TryEnterCriticalSection
TerminateProcess
RemoveDirectoryW
GetFinalPathNameByHandleW
GetModuleFileNameW
WaitForMultipleObjects
SetThreadPriority
SetFilePointer
SetEndOfFile
GetTempPathW
CreateMutexW
FindClose
GetLocaleInfoW
USER32.dll SetFocus
SendNotifyMessageW
TranslateMessage
GetWindowTextW
MonitorFromWindow
GetClientRect
SystemParametersInfoW
InvalidateRect
GetWindowThreadProcessId
AttachThreadInput
PeekMessageW
GetSystemMenu
GetMessageExtraInfo
GetUpdateRgn
GetMessagePos
MapVirtualKeyW
GetWindowRect
GetDC
IsWindowVisible
SetWindowPos
GetDpiForWindow
ValidateRgn
EnumChildWindows
EnumDisplayMonitors
GetIconInfo
SendMessageW
CallNextHookEx
EndDialog
SetWindowTextW
MessageBeep
WindowFromPoint
GetWindowPlacement
DestroyCursor
GetKeyboardState
SetCaretPos
ShowWindow
IsWindow
GetAsyncKeyState
OpenClipboard
GetCapture
RedrawWindow
DestroyIcon
VkKeyScanW
GetWindowInfo
GetMonitorInfoW
CreateIconIndirect
ClientToScreen
CloseClipboard
EmptyClipboard
IsChild
CreateCaret
MapWindowPoints
ValidateRect
TrackMouseEvent
GetForegroundWindow
UnhookWindowsHookEx
GetMessageTime
SetLayeredWindowAttributes
BringWindowToTop
GetClipboardData
LoadIconW
EnumDisplayDevicesW
LoadCursorW
DestroyCaret
SetCapture
SetWindowsHookExW
SetClipboardData
ToUnicode
SetCursor
GetSystemMetricsForDpi
UpdateLayeredWindow
DrawIconEx
ShowCaret
GetDesktopWindow
EnumDisplaySettingsW
EnableMenuItem
GetParent
ReleaseCapture
GetAncestor
SetCursorPos
ReleaseDC
GetCursorPos
BeginPaint
EndPaint
SendInput
GetMessageW
DefWindowProcW
PostMessageW
SendMessageTimeoutW
DispatchMessageW
RegisterClassExW
GetWindowLongPtrW
UnregisterClassW
CreateWindowExW
SetWindowLongPtrW
DestroyWindow
GetFocus
EnumWindows
GetActiveWindow
GDI32.dll SaveDC
BitBlt
StretchBlt
StretchDIBits
CreateRectRgnIndirect
CreateDIBSection
SetBrushOrgEx
CreateRectRgn
GetRegionData
GetObjectW
ExcludeClipRect
SetStretchBltMode
RestoreDC
CreateBitmap
CombineRgn
SelectObject
CreateCompatibleDC
DeleteDC
SetMapperFlags
DeleteObject
SetMapMode
CreateFontIndirectW
GetDeviceCaps
COMDLG32.dll GetSaveFileNameW
GetOpenFileNameW
ADVAPI32.dll OpenProcessToken
AccessCheck
GetNamedSecurityInfoW
GetUserNameW
DuplicateToken
MapGenericMask
SHELL32.dll Shell_NotifyIconW
ShellExecuteW
SHGetSpecialFolderPathW
DragQueryFileW
SHCreateShellItem
SHGetMalloc
ExtractAssociatedIconW
SHBrowseForFolderW
SHGetKnownFolderPath
SHParseDisplayName
SHGetPathFromIDListW
ole32.dll OleUninitialize
CoTaskMemFree
DoDragDrop
RegisterDragDrop
CoCreateGuid
OleInitialize
CoInitialize
CoInitializeEx
RevokeDragDrop
CoTaskMemAlloc
CoUninitialize
CoCreateInstance
OLEAUT32.dll SysAllocString
SafeArrayPutElement
SafeArrayUnaccessData
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayDestroy
MSVCP140.dll ?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
_Cnd_destroy_in_situ
_Cnd_broadcast
_Mtx_unlock
_Xtime_get_ticks
_Query_perf_counter
_Thrd_id
_Cnd_wait
_Mtx_init_in_situ
_Mtx_lock
_Mtx_destroy_in_situ
_Cnd_timedwait
?_Throw_C_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ
?classic@locale@std@@SAAEBV12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Throw_Cpp_error@std@@YAXH@Z
_Query_perf_frequency
_Cnd_init_in_situ
_Thrd_yield
_Mtx_current_owns
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
_Cnd_do_broadcast_at_thread_exit
_Thrd_join
_Cnd_signal
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
??0task_continuation_context@Concurrency@@AEAA@XZ
_Cnd_unregister_at_thread_exit
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?_Syserror_map@std@@YAPEBDH@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Cnd_register_at_thread_exit
_Exp
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??Bid@locale@std@@QEAA_KXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
WININET.dll HttpOpenRequestW
InternetReadFile
InternetSetOptionW
InternetWriteFile
InternetConnectW
InternetCloseHandle
HttpSendRequestExW
FtpOpenFileW
InternetOpenW
HttpQueryInfoW
InternetSetFilePointer
InternetCrackUrlW
HttpEndRequestW
WS2_32.dll getsockopt
inet_ntoa
htonl
htons
setsockopt
freeaddrinfo
sendto
recv
__WSAFDIsSet
accept
send
inet_addr
bind
closesocket
select
getaddrinfo
WSAStartup
ioctlsocket
SHLWAPI.dll PathStripToRootW
WINMM.dll timeGetTime
timeBeginPeriod
timeKillEvent
d2d1.dll #1
dxgi.dll CreateDXGIFactory2
d3d11.dll D3D11CreateDevice
dcomp.dll DCompositionCreateDevice
IMM32.dll ImmAssociateContext
ImmAssociateContextEx
ImmIsUIMessageW
ImmReleaseContext
ImmGetContext
ImmGetCompositionStringW
ImmSetCandidateWindow
ImmNotifyIME
COMCTL32.dll #345
dwmapi.dll DwmExtendFrameIntoClientArea
VCRUNTIME140_1.dll __CxxFrameHandler4
VCRUNTIME140.dll longjmp
__std_exception_destroy
__RTDynamicCast
memchr
memcmp
memcpy
memmove
__intrinsic_setjmp
__std_exception_copy
_purecall
__std_type_info_destroy_list
_CxxThrowException
memset
__C_specific_handler
__current_exception_context
__current_exception
strstr
__RTtypeid
__std_terminate
strrchr
strchr
__std_type_info_compare
api-ms-win-crt-stdio-l1-1-0.dll fseek
__stdio_common_vsscanf
fflush
ftell
fread
__acrt_iob_func
__stdio_common_vswscanf
_fileno
freopen_s
fclose
__stdio_common_vfprintf
__stdio_common_vsprintf
__stdio_common_vswprintf
fwrite
api-ms-win-crt-heap-l1-1-0.dll realloc
_callnewh
calloc
free
malloc
_msize
api-ms-win-crt-string-l1-1-0.dll iswalnum
strnlen
iswspace
iswlower
towlower
strcmp
iswdigit
iswupper
strncmp
strncpy
iswalpha
towupper
api-ms-win-crt-convert-l1-1-0.dll _strtod_l
strtod
strtol
mbstowcs
_atoi64
atoi
strtoll
api-ms-win-crt-runtime-l1-1-0.dll _initterm_e
_initterm
_beginthreadex
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_endthreadex
abort
_configure_narrow_argv
_seh_filter_dll
_fpreset
terminate
_invalid_parameter_noinfo_noreturn
api-ms-win-crt-math-l1-1-0.dll atan2f
_hypotf
atanf
_hypot
_fdclass
ceilf
tanf
cosf
expf
floorf
round
fmod
asinh
logf
fmax
_dclass
cosh
fmin
cbrt
sqrt
atan
sin
hypot
tanh
log10
ceil
cos
lrint
exp
floor
pow
powf
roundf
_dsign
acosh
atan2
sinh
asin
log2
atanh
trunc
expm1
log
log1p
sinf
acos
fabs
sqrtf
tan
truncf
api-ms-win-crt-time-l1-1-0.dll strftime
_gmtime64
_time64
_ftime64_s
wcsftime
_localtime64_s
api-ms-win-crt-locale-l1-1-0.dll _create_locale
api-ms-win-crt-environment-l1-1-0.dll getenv

Delayed Imports

ExitDll

Ordinal 1
Address 0x1b4c30

GetPluginFactory

Ordinal 2
Address 0x1b4ab0

InitDll

Ordinal 3
Address 0x1b4c40

2

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x27e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.06467
MD5 5d6aec43b857ac891a5c04578d4b386d
SHA1 b071d9c400ea166ce8661445507aee0ed699f71c
SHA256 f2ce5243294032974bd1a1b5ff9f2f3b1b29e957c59ec6e26caca48745552d76
SHA3 81615b5bca6c180092662e9f3a825c4b4bdf9949a7bdcba75db6db3ac25a796d

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2026-Mar-30 21:54:53
Version 0.0
SizeofData 964
AddressOfRawData 0x5132c8
PointerToRawData 0x5122c8

TLS Callbacks

StartAddressOfRawData 0x1805136b0
EndAddressOfRawData 0x18051380c
AddressOfIndex 0x18059a270
AddressOfCallbacks 0x1804666c0
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_16BYTES
Callbacks 0x00000001801B38EC
0x00000001801B3954

Load Configuration

Size 0x138
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x180581028

RICH Header

XOR Key 0x616744ab
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 18
C++ objects (33140) 1
C objects (30034) 8
ASM objects (30034) 7
C++ objects (30034) 28
Imports (30034) 6
253 (28518) 5
C objects (33140) 1
C objects (CVTCIL) (33140) 2
Imports (33140) 43
Total imports 667
C++ objects (LTCG) (30159) 18
Exports (30159) 1
Resource objects (30159) 1
151 1
Linker (30159) 1

Errors

Leave a comment

No comments yet.