| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2026-Mar-30 21:54:53 |
| Detected languages |
English - United States
|
| TLS Callbacks | 2 callback(s) detected. |
| Info | Matching compiler(s): | MASM/TASM - sig1(h) |
| Info | Interesting strings found in the binary: |
Contains domain names:
|
| Info | Cryptographic algorithms detected in the binary: | Uses constants related to CRC32 |
| Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
| Safe | VirusTotal score: 0/71 (Scanned on 2026-05-16 21:54:45) | All the AVs think this file is safe. |
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x128 |
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections | 7 |
| TimeDateStamp | 2026-Mar-30 21:54:53 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xf0 |
| Characteristics |
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
| Magic | PE32+ |
|---|---|
| LinkerVersion | 14.0 |
| SizeOfCode | 0x463c00 |
| SizeOfInitializedData | 0x179200 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x00000000001B38AC (Section: .text) |
| BaseOfCode | 0x1000 |
| ImageBase | 0x180000000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 6.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 6.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x5e1000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
| KERNEL32.dll |
GetLogicalDriveStringsW
CreateEventW Sleep GetFileInformationByHandle FormatMessageW GetLastError GetFileAttributesExW OutputDebugStringW SetEvent GetLogicalProcessorInformation GetCurrentThread TerminateThread QueryPerformanceFrequency DeleteFileW CloseHandle GetNativeSystemInfo LoadLibraryW GetCurrentDirectoryW GetOverlappedResult GetProcAddress LocalFree ReplaceFileW ExitProcess SystemTimeToFileTime GetModuleHandleW FreeLibrary CopyFileW GetSystemTime CreateFileMappingW MapViewOfFile QueryPerformanceCounter MoveFileW GetDriveTypeW ConnectNamedPipe SetUnhandledExceptionFilter FlushFileBuffers GetCommandLineW AttachConsole CompareStringOrdinal GlobalSize LoadLibraryA GlobalAlloc GlobalFree GlobalLock GetCurrentProcessId GlobalUnlock EnterCriticalSection InitializeSListHead GetSystemTimeAsFileTime IsProcessorFeaturePresent UnhandledExceptionFilter RtlVirtualUnwind RtlLookupFunctionEntry RtlCaptureContext WaitForSingleObjectEx ResetEvent InitializeCriticalSectionAndSpinCount InitOnceBeginInitialize InitOnceComplete GetModuleHandleA UnmapViewOfFile DisconnectNamedPipe ResumeThread GetSystemDirectoryW ReleaseMutex GetCurrentThreadId GetFileAttributesW CreateFileW WaitForSingleObject LeaveCriticalSection InitializeCriticalSection MultiByteToWideChar DeleteCriticalSection WideCharToMultiByte IsDebuggerPresent CreateDirectoryW SetThreadAffinityMask GetSystemFirmwareTable ReadFile GetVolumeInformationW CancelIo FindFirstFileW SetPriorityClass FindNextFileW GetCurrentProcess WriteFile GetModuleHandleExW TryEnterCriticalSection TerminateProcess RemoveDirectoryW GetFinalPathNameByHandleW GetModuleFileNameW WaitForMultipleObjects SetThreadPriority SetFilePointer SetEndOfFile GetTempPathW CreateMutexW FindClose GetLocaleInfoW |
|---|---|
| USER32.dll |
SetFocus
SendNotifyMessageW TranslateMessage GetWindowTextW MonitorFromWindow GetClientRect SystemParametersInfoW InvalidateRect GetWindowThreadProcessId AttachThreadInput PeekMessageW GetSystemMenu GetMessageExtraInfo GetUpdateRgn GetMessagePos MapVirtualKeyW GetWindowRect GetDC IsWindowVisible SetWindowPos GetDpiForWindow ValidateRgn EnumChildWindows EnumDisplayMonitors GetIconInfo SendMessageW CallNextHookEx EndDialog SetWindowTextW MessageBeep WindowFromPoint GetWindowPlacement DestroyCursor GetKeyboardState SetCaretPos ShowWindow IsWindow GetAsyncKeyState OpenClipboard GetCapture RedrawWindow DestroyIcon VkKeyScanW GetWindowInfo GetMonitorInfoW CreateIconIndirect ClientToScreen CloseClipboard EmptyClipboard IsChild CreateCaret MapWindowPoints ValidateRect TrackMouseEvent GetForegroundWindow UnhookWindowsHookEx GetMessageTime SetLayeredWindowAttributes BringWindowToTop GetClipboardData LoadIconW EnumDisplayDevicesW LoadCursorW DestroyCaret SetCapture SetWindowsHookExW SetClipboardData ToUnicode SetCursor GetSystemMetricsForDpi UpdateLayeredWindow DrawIconEx ShowCaret GetDesktopWindow EnumDisplaySettingsW EnableMenuItem GetParent ReleaseCapture GetAncestor SetCursorPos ReleaseDC GetCursorPos BeginPaint EndPaint SendInput GetMessageW DefWindowProcW PostMessageW SendMessageTimeoutW DispatchMessageW RegisterClassExW GetWindowLongPtrW UnregisterClassW CreateWindowExW SetWindowLongPtrW DestroyWindow GetFocus EnumWindows GetActiveWindow |
| GDI32.dll |
SaveDC
BitBlt StretchBlt StretchDIBits CreateRectRgnIndirect CreateDIBSection SetBrushOrgEx CreateRectRgn GetRegionData GetObjectW ExcludeClipRect SetStretchBltMode RestoreDC CreateBitmap CombineRgn SelectObject CreateCompatibleDC DeleteDC SetMapperFlags DeleteObject SetMapMode CreateFontIndirectW GetDeviceCaps |
| COMDLG32.dll |
GetSaveFileNameW
GetOpenFileNameW |
| ADVAPI32.dll |
OpenProcessToken
AccessCheck GetNamedSecurityInfoW GetUserNameW DuplicateToken MapGenericMask |
| SHELL32.dll |
Shell_NotifyIconW
ShellExecuteW SHGetSpecialFolderPathW DragQueryFileW SHCreateShellItem SHGetMalloc ExtractAssociatedIconW SHBrowseForFolderW SHGetKnownFolderPath SHParseDisplayName SHGetPathFromIDListW |
| ole32.dll |
OleUninitialize
CoTaskMemFree DoDragDrop RegisterDragDrop CoCreateGuid OleInitialize CoInitialize CoInitializeEx RevokeDragDrop CoTaskMemAlloc CoUninitialize CoCreateInstance |
| OLEAUT32.dll |
SysAllocString
SafeArrayPutElement SafeArrayUnaccessData SafeArrayCreateVector SafeArrayAccessData SafeArrayDestroy |
| MSVCP140.dll |
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z _Cnd_destroy_in_situ _Cnd_broadcast _Mtx_unlock _Xtime_get_ticks _Query_perf_counter _Thrd_id _Cnd_wait _Mtx_init_in_situ _Mtx_lock _Mtx_destroy_in_situ _Cnd_timedwait ?_Throw_C_error@std@@YAXH@Z ?_Xbad_function_call@std@@YAXXZ ?classic@locale@std@@SAAEBV12@XZ ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A ?_Throw_Cpp_error@std@@YAXH@Z _Query_perf_frequency _Cnd_init_in_situ _Thrd_yield _Mtx_current_owns ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ ?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z ?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z ??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ _Cnd_do_broadcast_at_thread_exit _Thrd_join _Cnd_signal ?__ExceptionPtrAssign@@YAXPEAXPEBX@Z ?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ ?_ReportUnobservedException@details@Concurrency@@YAXXZ ?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z ?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ ?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ ?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ ?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ ?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z ?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z ?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ ?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ ?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ ?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z ??0task_continuation_context@Concurrency@@AEAA@XZ _Cnd_unregister_at_thread_exit ?__ExceptionPtrCreate@@YAXPEAX@Z ?__ExceptionPtrCopy@@YAXPEAXPEBX@Z ?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z ?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z ?_Syserror_map@std@@YAPEBDH@Z ?__ExceptionPtrToBool@@YA_NPEBX@Z ?__ExceptionPtrDestroy@@YAXPEAX@Z ?__ExceptionPtrCurrentException@@YAXPEAX@Z ?__ExceptionPtrRethrow@@YAXPEBX@Z _Cnd_register_at_thread_exit _Exp ?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ ?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z ??Bid@locale@std@@QEAA_KXZ ?_Incref@facet@locale@std@@UEAAXXZ ?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ ?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z ?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z ??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z ??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ ??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z ?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z ?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z ?uncaught_exception@std@@YA_NXZ ?_Xbad_alloc@std@@YAXXZ ?_Xout_of_range@std@@YAXPEBD@Z ?_Xlength_error@std@@YAXPEBD@Z ?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z |
| WININET.dll |
HttpOpenRequestW
InternetReadFile InternetSetOptionW InternetWriteFile InternetConnectW InternetCloseHandle HttpSendRequestExW FtpOpenFileW InternetOpenW HttpQueryInfoW InternetSetFilePointer InternetCrackUrlW HttpEndRequestW |
| WS2_32.dll |
getsockopt
inet_ntoa htonl htons setsockopt freeaddrinfo sendto recv __WSAFDIsSet accept send inet_addr bind closesocket select getaddrinfo WSAStartup ioctlsocket |
| SHLWAPI.dll |
PathStripToRootW
|
| WINMM.dll |
timeGetTime
timeBeginPeriod timeKillEvent |
| d2d1.dll |
#1
|
| dxgi.dll |
CreateDXGIFactory2
|
| d3d11.dll |
D3D11CreateDevice
|
| dcomp.dll |
DCompositionCreateDevice
|
| IMM32.dll |
ImmAssociateContext
ImmAssociateContextEx ImmIsUIMessageW ImmReleaseContext ImmGetContext ImmGetCompositionStringW ImmSetCandidateWindow ImmNotifyIME |
| COMCTL32.dll |
#345
|
| dwmapi.dll |
DwmExtendFrameIntoClientArea
|
| VCRUNTIME140_1.dll |
__CxxFrameHandler4
|
| VCRUNTIME140.dll |
longjmp
__std_exception_destroy __RTDynamicCast memchr memcmp memcpy memmove __intrinsic_setjmp __std_exception_copy _purecall __std_type_info_destroy_list _CxxThrowException memset __C_specific_handler __current_exception_context __current_exception strstr __RTtypeid __std_terminate strrchr strchr __std_type_info_compare |
| api-ms-win-crt-stdio-l1-1-0.dll |
fseek
__stdio_common_vsscanf fflush ftell fread __acrt_iob_func __stdio_common_vswscanf _fileno freopen_s fclose __stdio_common_vfprintf __stdio_common_vsprintf __stdio_common_vswprintf fwrite |
| api-ms-win-crt-heap-l1-1-0.dll |
realloc
_callnewh calloc free malloc _msize |
| api-ms-win-crt-string-l1-1-0.dll |
iswalnum
strnlen iswspace iswlower towlower strcmp iswdigit iswupper strncmp strncpy iswalpha towupper |
| api-ms-win-crt-convert-l1-1-0.dll |
_strtod_l
strtod strtol mbstowcs _atoi64 atoi strtoll |
| api-ms-win-crt-runtime-l1-1-0.dll |
_initterm_e
_initterm _beginthreadex _cexit _crt_atexit _execute_onexit_table _register_onexit_function _initialize_onexit_table _initialize_narrow_environment _endthreadex abort _configure_narrow_argv _seh_filter_dll _fpreset terminate _invalid_parameter_noinfo_noreturn |
| api-ms-win-crt-math-l1-1-0.dll |
atan2f
_hypotf atanf _hypot _fdclass ceilf tanf cosf expf floorf round fmod asinh logf fmax _dclass cosh fmin cbrt sqrt atan sin hypot tanh log10 ceil cos lrint exp floor pow powf roundf _dsign acosh atan2 sinh asin log2 atanh trunc expm1 log log1p sinf acos fabs sqrtf tan truncf |
| api-ms-win-crt-time-l1-1-0.dll |
strftime
_gmtime64 _time64 _ftime64_s wcsftime _localtime64_s |
| api-ms-win-crt-locale-l1-1-0.dll |
_create_locale
|
| api-ms-win-crt-environment-l1-1-0.dll |
getenv
|
| Ordinal | 1 |
|---|---|
| Address | 0x1b4c30 |
| Ordinal | 2 |
|---|---|
| Address | 0x1b4ab0 |
| Ordinal | 3 |
|---|---|
| Address | 0x1b4c40 |
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2026-Mar-30 21:54:53 |
| Version | 0.0 |
| SizeofData | 964 |
| AddressOfRawData | 0x5132c8 |
| PointerToRawData | 0x5122c8 |
| StartAddressOfRawData | 0x1805136b0 |
|---|---|
| EndAddressOfRawData | 0x18051380c |
| AddressOfIndex | 0x18059a270 |
| AddressOfCallbacks | 0x1804666c0 |
| SizeOfZeroFill | 0 |
| Characteristics |
IMAGE_SCN_ALIGN_16BYTES
|
| Callbacks |
0x00000001801B38EC
0x00000001801B3954 |
| Size | 0x138 |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0 |
| EditList | 0 |
| SecurityCookie | 0x180581028 |
| XOR Key | 0x616744ab |
|---|---|
| Unmarked objects | 0 |
| Imports (VS2008 SP1 build 30729) | 18 |
| C++ objects (33140) | 1 |
| C objects (30034) | 8 |
| ASM objects (30034) | 7 |
| C++ objects (30034) | 28 |
| Imports (30034) | 6 |
| 253 (28518) | 5 |
| C objects (33140) | 1 |
| C objects (CVTCIL) (33140) | 2 |
| Imports (33140) | 43 |
| Total imports | 667 |
| C++ objects (LTCG) (30159) | 18 |
| Exports (30159) | 1 |
| Resource objects (30159) | 1 |
| 151 | 1 |
| Linker (30159) | 1 |
No comments yet.