Manalyze report for df69c47b6a0760d7e462bf6c1dcb68b3f99881a436f84b620ff4ae4a26c8fa5a

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Feb-27 01:30:09
Detected languages	English - United States

Plugin Output

Info	Interesting strings found in the binary:	Contains domain names: api.github.com example.com github.com githubusercontent.com https://api.github.com https://api.github.com/repos/TTakaTit/Vinesense-Downloader/commits?path https://api.github.com/repos/TTakaTit/Vinesense-Downloader/contents?ref https://api.github.com/repos/TTakaTit/muahack.com/releases/latest https://curl.se https://github.com https://raw.githubusercontent.com https://raw.githubusercontent.com/TTakaTit/Vinesense-Downloader/main/ https://raw.githubusercontent.com/TTakaTit/Vinesense-Downloader/main/README.md muahack.com raw.githubusercontent.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses known Mersenne Twister constants` `Microsoft's Cryptography API`
Suspicious	This PE is packed with Themida	`Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Unusual section name found:` `Unusual section name found:` `Unusual section name found:` `Unusual section name found:` `Unusual section name found: .themida` `Section .themida is both writable and executable.` `Unusual section name found: .boot` `Unusual section name found: .import`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Can access the registry: RegCreateKeyExA RegDeleteKeyA` `Possibly launches other programs: ShellExecuteA system` `Uses Windows's Native API: ntohs ntohl` `Uses Microsoft's cryptographic API: CryptAcquireContextW CryptReleaseContext CryptGetHashParam CryptCreateHash CryptHashData CryptDestroyHash CryptDestroyKey CryptImportKey CryptEncrypt CryptStringToBinaryW CryptDecodeObjectEx CryptQueryObject` `Leverages the raw socket API to access the Internet: send getsockopt bind WSACleanup WSAStartup inet_ntop WSAEventSelect getpeername WSASetLastError connect WSAResetEvent ntohs WSAEnumNetworkEvents inet_pton WSAGetLastError closesocket getsockname WSACloseEvent WSAWaitForMultipleEvents listen recv gethostname ioctlsocket sendto recvfrom freeaddrinfo getaddrinfo setsockopt ntohl accept WSACreateEvent select __WSAFDIsSet WSAIoctl socket` `Functions related to the privilege level: CheckTokenMembership OpenProcessToken` `Manipulates other processes: Process32First Process32Next` `Changes object ACLs: SetSecurityInfo` `Reads the contents of the clipboard: GetClipboardData` `Interacts with the certificate store: CertOpenStore CertAddCertificateContextToStore`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`a6567885b0fd58029a21d323f52ff4ae`
SHA1	`dcee356675fe40cddae540a6ba17807dddae78ff`
SHA256	`df69c47b6a0760d7e462bf6c1dcb68b3f99881a436f84b620ff4ae4a26c8fa5a`
SHA3	`ef64fb5afa88692ee7621f3e4e0a530b523634ea16affe5efb03f482dcd70172`
SSDeep	`196608:JOO8Mw1uC05yfUzyD/yvGplbBchu8rKLxMoQoreAR/V2Ydv/ShRBtcHxb1:JOO8Mw1uC05yfbyeHB8udLx2orzR/V5`
Imports Hash	`ae3deeabb1ae404d42937b004eda9243`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x138`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`13`
TimeDateStamp	2026-Feb-27 01:30:09
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x12aa00`
SizeOfInitializedData	`0x6ee00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000126214 (Section: )`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xb48000`
SizeOfHeaders	`0x1000`
Checksum	`0x476706`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

MD5	`8284a9dd3b2731cf2ed76fea1483ef39`
SHA1	`649b2db23f77f1995d5da7518aab6f7c8989cf7a`
SHA256	`04779cfd20a0e0fdc8f7c63cbfea3612844b59758f784ad494a129ec77ea0a69`
SHA3	`b6d57eb375d831d9f465ebb8d2b661d3ca11ea05dbb5ecb8a259d8db9945a06c`
VirtualSize	`0x12a85c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x12a85c`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.5337`

(#2)

MD5	`9e799930ef59935ad312948fcc065d83`
SHA1	`d407b89bce27445d102f4a665a012c14759adc7c`
SHA256	`81194b2121b6c5b51aea977afcd0ef8fbdbf68bfaf8be84495b48f159542cb79`
SHA3	`c76ff9a57d18c0670cebbc3dd10ba6fb6905a9f13b38695400450dd2214beb7b`
VirtualSize	`0x4b462`
VirtualAddress	`0x12c000`
SizeOfRawData	`0x4b462`
PointerToRawData	`0x12c000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.96569`

(#3)

MD5	`7effb2b93ad867d2d37354e969783eb9`
SHA1	`8c1e826bfb8cba614be66d9d71a9b0283ba2f6a8`
SHA256	`e220b1b556f4cec367596064494fed8b3c91bf402ffc77aa38b775ba525446e3`
SHA3	`55c62a2f64ab856c776e64fcecdd886a8712aeb9acaa6c07586cc009126b1f81`
VirtualSize	`0x12778`
VirtualAddress	`0x178000`
SizeOfRawData	`0x12778`
PointerToRawData	`0x178000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.70027`

(#4)

MD5	`f40598152822f6acf4e6301631148157`
SHA1	`7c1312913b65f255effa5d618223d9923ae281a0`
SHA256	`9427e5f5ce28cf2b29bfb62282cad778cff98e75a60208e6d8b314ba15364ff3`
SHA3	`a0750b58f74e5eb11f643a8aea1eabe7afc501ec2e772e7f1bc9933eb748fd03`
VirtualSize	`0xbcd0`
VirtualAddress	`0x18b000`
SizeOfRawData	`0xbcd0`
PointerToRawData	`0x18b000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.11706`

(#5)

MD5	`e8f864950ddd913989340fd9da3ff4c4`
SHA1	`0d126d662f9c3546f7e01ec8ea300613f27c745d`
SHA256	`7d6ba7da169320eedeb1af28ab3ee8e926dda8ef0c413409ac35067083966600`
SHA3	`77763ae91059718b6edb6dd204ed31fe5dbe3e3912cbc20928bcd1031b5b27c8`
VirtualSize	`0x45e0`
VirtualAddress	`0x197000`
SizeOfRawData	`0x45e0`
PointerToRawData	`0x197000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.91679`

(#6)

MD5	`da5086fe595c16e601d2d398902ac123`
SHA1	`9dc3f9bcee1c3f9a34da49c47a49d4625bb808c6`
SHA256	`0df3e12b43528a3204d42608bc4ae01de20e5643016e900d5b9cd9a5bd2ac6a5`
SHA3	`161e0d5eb08c71f1ed083c3a6d0dec18d8af13bd53e7cc9998298fdd6037d67d`
VirtualSize	`0xb50`
VirtualAddress	`0x19c000`
SizeOfRawData	`0xb50`
PointerToRawData	`0x19c000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.38477`

.idata

MD5	`42c64d7912db9e33cb490665250b5463`
SHA1	`8c7b6d7bf6644f886ac43b8670b10a0e22aaf5a6`
SHA256	`6ff33a3c8d69227f7cadc9eb59749dff529ebdff360814b232f90b9b997c96fc`
SHA3	`e5dd76ac6d8a675ed8c97349156730cfc5de29e15939a227e71bac78c8d53d80`
VirtualSize	`0x1000`
VirtualAddress	`0x19d000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x19d000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.80077`

.tls

MD5	`84c40fc93ae5e0020b737ef7653e0fae`
SHA1	`1c567f7aab16f17e29de0e3df2007897fdf3eef5`
SHA256	`82f9c7ad234c15b44cdd18237371ef58e1085d3da99f11b0a5492a35d216eaca`
SHA3	`469a1f24f2c941e324f1c02c436bfbbed001f84aecde70409e867618787173af`
VirtualSize	`0x1000`
VirtualAddress	`0x19e000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x19e000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0473678`

.rsrc

MD5	`c138b3f16b339a857fc15a6e9c32538f`
SHA1	`db49aaf8207c338a413476a28074676e96084bc5`
SHA256	`5753481b53c855c314d8d685eb93e26828b07a540f0194bf629057bef94a9a3f`
SHA3	`5ca539f5fe2fb7b17af711c1b7a22f17338eb363247a8fd3166fc1c0e1d83d0f`
VirtualSize	`0x4600`
VirtualAddress	`0x19f000`
SizeOfRawData	`0x4600`
PointerToRawData	`0x19f000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.91191`

.themida

MD5	`04bcd53e84e582d380855b5d8aca5470`
SHA1	`2a5eae2d9f49d9ba56ca2025f7d3b1f482786684`
SHA256	`53b63c07f28d23ddebc4ede8f58c2864f5ba9ff508aae5c11b3cc31c99d05ddd`
SHA3	`191b11e81bba5bde53a4f4500a9289e3276dde591ffd16c1d6eeb4c69947075b`
VirtualSize	`0x60e000`
VirtualAddress	`0x1a4000`
SizeOfRawData	`0x60e000`
PointerToRawData	`0x1a4000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.25262`

.boot

MD5	`9f5468cc4d1eb40e9bbe5ece6fe329a8`
SHA1	`49b2f48dbe74ca64527b770432a0b6c07bfdf7e6`
SHA256	`fccd67f74010eecf881334cf1781bc33707171775a3d6958bdf8c5ba8f12d1ae`
SHA3	`20fa2a33709a85670a47660c1dc17d29a73327127317df155ae4244e45aee0de`
VirtualSize	`0x391200`
VirtualAddress	`0x7b2000`
SizeOfRawData	`0x391200`
PointerToRawData	`0x7b2000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.96615`

.reloc

MD5	`8fea3cc558891aa879df3d2e2d5a81b4`
SHA1	`7141789d0bffafbac5de25d16a1bace0344b1f06`
SHA256	`9d0e39a8c8f1ab69dc0774ecd715f7ac35f7d0ccac5a8b23c8c241d2c4839c1e`
SHA3	`455f38a7177823d148175c19e1c46a38d658b3ed2629382299b056b04f51c945`
VirtualSize	`0x1000`
VirtualAddress	`0xb44000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xb44000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ`
Entropy	`0.0283728`

.import

MD5	`bed9dbf03c295afcc20d71c7ddd9db82`
SHA1	`06e7a295ba3837e211ed90054da09e17a860da00`
SHA256	`3ddff42ed999f4373f0b35410b61bf05a201231f6b67179b81bef9de33ab114d`
SHA3	`508252d6a80903faf58604456474f869ceed8e7ab242061dab8152fbb44b9b33`
VirtualSize	`0x3000`
VirtualAddress	`0xb45000`
SizeOfRawData	`0x3000`
PointerToRawData	`0xb45000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.79933`

Imports

advapi32.dll	`AllocateAndInitializeSid` `CheckTokenMembership` `FreeSid` `OpenProcessToken` `AddAccessAllowedAce` `GetLengthSid` `GetTokenInformation` `InitializeAcl` `IsValidSid` `RegCreateKeyExA` `RegDeleteKeyA` `SetSecurityInfo` `CopySid` `ConvertSidToStringSidA` `CryptAcquireContextW` `CryptReleaseContext` `CryptGetHashParam` `CryptCreateHash` `CryptHashData` `CryptDestroyHash` `SystemFunction036` `CryptDestroyKey` `CryptImportKey` `CryptEncrypt`
crypt32.dll	`CertOpenStore` `CertCloseStore` `CertEnumCertificatesInStore` `CertFindCertificateInStore` `CertFreeCertificateContext` `CryptStringToBinaryW` `PFXImportCertStore` `CryptDecodeObjectEx` `CertAddCertificateContextToStore` `CertFreeCertificateChain` `CertGetCertificateChain` `CertFreeCertificateChainEngine` `CertCreateCertificateChainEngine` `CryptQueryObject` `CertGetNameStringW` `CertFindExtension`
gdi32.dll	`GetDeviceCaps`
imm32.dll	`ImmGetContext` `ImmSetCompositionWindow` `ImmReleaseContext`
kernel32.dll	`GetFileInformationByHandleEx` `AreFileApisANSI` `CreateFile2` `SetFileInformationByHandle` `GetFileAttributesExW` `GetStartupInfoW` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `OutputDebugStringW` `GetModuleFileNameW` `QueryPerformanceCounter` `FindFirstFileW` `FindClose` `CreateDirectoryW` `GetCurrentDirectoryW` `GetLocaleInfoEx` `GetFileSizeEx` `GetCurrentProcessId` `WaitForMultipleObjects` `PeekNamedPipe` `ReadFile` `GetFileType` `GetStdHandle` `GetEnvironmentVariableA` `WaitForSingleObjectEx` `MoveFileExW` `GetTickCount` `GetSystemInfo` `SleepEx` `GetCurrentThreadId` `GetSystemDirectoryW` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `AcquireSRWLockExclusive` `ReleaseSRWLockExclusive` `FormatMessageW` `SetLastError` `QueryFullProcessImageNameW` `GetModuleHandleW` `GetModuleFileNameA` `UnmapViewOfFile` `MapViewOfFile` `CreateFileMappingW` `VirtualProtect` `CreateThread` `GetCurrentProcess` `Sleep` `DeleteCriticalSection` `InitializeCriticalSectionEx` `GetProcessHeap` `HeapSize` `HeapFree` `HeapReAlloc` `HeapAlloc` `HeapDestroy` `AddVectoredExceptionHandler` `CreateFileW` `VerifyVersionInfoW` `FreeLibrary` `VerSetConditionMask` `GetProcAddress` `Process32First` `QueryPerformanceFrequency` `LoadLibraryA` `GetModuleHandleA` `GlobalUnlock` `WideCharToMultiByte` `GlobalWire` `GlobalFree` `GlobalAlloc` `MultiByteToWideChar` `FormatMessageA` `GlobalFindAtomA` `GetSystemTime` `LocalFree` `CloseHandle` `Process32Next` `CreateFileA` `GetLastError` `CreateToolhelp32Snapshot` `LocalAlloc` `SetSystemTime` `SleepConditionVariableSRW` `WakeAllConditionVariable` `LoadLibraryW` `SetUnhandledExceptionFilter`
msvcp140.dll	`??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z` `?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@PEB_W_J@Z` `?getloc@ios_base@std@@QEBA?AVlocale@2@XZ` `?width@ios_base@std@@QEAA_J_J@Z` `?width@ios_base@std@@QEBA_JXZ` `?flags@ios_base@std@@QEBAHXZ` `?good@ios_base@std@@QEBA_NXZ` `?fail@ios_base@std@@QEBA_NXZ` `??Bios_base@std@@QEBA_NXZ` `?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z` `?_Xinvalid_argument@std@@YAXPEBD@Z` `??Bid@locale@std@@QEAA_KXZ` `?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z` `?_Random_device@std@@YAIXZ` `?id@?$ctype@D@std@@2V0locale@2@A` `?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z` `?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ` `?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ` `?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ` `??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?toupper@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `__set_stl_sync_api_mode` `__crtIsPackagedApp` `?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `__crtIsPackagedApp` `__set_stl_sync_api_mode` `__set_stl_sync_api_mode` `?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ` `?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z` `??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ` `?get@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD4@Z` `?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z` `?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z` `?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z` `?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ` `?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z` `?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXXZ` `?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ` `?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEBA?AVlocale@2@XZ` `_Xtime_get_ticks` `_Thrd_detach` `_Query_perf_counter` `_Cnd_do_broadcast_at_thread_exit` `?_Syserror_map@std@@YAPEBDH@Z` `?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z` `?_Xlength_error@std@@YAXPEBD@Z` `?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z` `?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `?_Xbad_function_call@std@@YAXXZ` `?_Winerror_map@std@@YAHH@Z` `?id@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A` `?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?_Xout_of_range@std@@YAXPEBD@Z` `?_Id_cnt@id@locale@std@@0HA` `?_Xbad_alloc@std@@YAXXZ` `?uncaught_exception@std@@YA_NXZ` `?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ` `?_Throw_Cpp_error@std@@YAXH@Z` `??0_Lockit@std@@QEAA@H@Z` `?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ` `?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z` `??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??1_Lockit@std@@QEAA@XZ` `_Query_perf_frequency` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z`
psapi.dll	`GetModuleInformation`
shell32.dll	`ShellExecuteExW` `ShellExecuteA` `ShellExecuteExA`
shlwapi.dll	`PathFindFileNameW`
user32.dll	`GetDesktopWindow` `SetClipboardData` `EnumWindows` `ClientToScreen` `DispatchMessageA` `MessageBoxA` `TranslateMessage` `PeekMessageA` `PostQuitMessage` `UpdateWindow` `GetWindowLongW` `AdjustWindowRectEx` `GetKeyState` `LoadCursorA` `IsChild` `GetWindowTextA` `GetWindowRect` `DestroyWindow` `GetMonitorInfoA` `GetDC` `GetClipboardData` `SetWindowPos` `EmptyClipboard` `MonitorFromWindow` `CloseClipboard` `OpenClipboard` `EnumDisplayMonitors` `GetPhysicalCursorPos` `ReleaseDC` `SetPhysicalCursorPos` `ScreenToClient` `SetWindowTextW` `IsIconic` `WindowFromPoint` `SetForegroundWindow` `ReleaseCapture` `RegisterClassExA` `ShowWindow` `GetCapture` `UnregisterClassA` `GetClientRect` `SetWindowLongW` `SetCursor` `SetCapture` `BringWindowToTop` `SetFocus` `SetLayeredWindowAttributes` `CreateWindowExA` `DefWindowProcA` `GetForegroundWindow` `SetWindowLongA`
userenv.dll	`UnloadUserProfile`
vcruntime140.dll	`__std_terminate` `__std_exception_copy` `strstr` `strchr` `_CxxThrowException` `memchr` `memcmp` `memcpy` `memmove` `memset` `strrchr` `wcschr` `__C_specific_handler` `__current_exception` `__current_exception_context` `__std_exception_destroy`
vcruntime140_1.dll	`__CxxFrameHandler4`
ws2_32.dll	`send` `getsockopt` `bind` `WSACleanup` `WSAStartup` `inet_ntop` `WSAEventSelect` `getpeername` `WSASetLastError` `connect` `WSAResetEvent` `ntohs` `WSAEnumNetworkEvents` `inet_pton` `ntohs` `WSAGetLastError` `closesocket` `getsockname` `WSACloseEvent` `WSAWaitForMultipleEvents` `listen` `recv` `gethostname` `ioctlsocket` `sendto` `recvfrom` `freeaddrinfo` `getaddrinfo` `setsockopt` `ntohl` `accept` `WSACreateEvent` `select` `__WSAFDIsSet` `WSAIoctl` `socket`
ucrtbase.dll	`strtoll` `strtol` `strtoumax` `strtoul` `atoi` `wcstombs` `strtod`
ucrtbase.dll (#2)	`strtoll` `strtol` `strtoumax` `strtoul` `atoi` `wcstombs` `strtod`
ucrtbase.dll (#3)	`strtoll` `strtol` `strtoumax` `strtoul` `atoi` `wcstombs` `strtod`
ucrtbase.dll (#4)	`strtoll` `strtol` `strtoumax` `strtoul` `atoi` `wcstombs` `strtod`
ucrtbase.dll (#5)	`strtoll` `strtol` `strtoumax` `strtoul` `atoi` `wcstombs` `strtod`
ucrtbase.dll (#6)	`strtoll` `strtol` `strtoumax` `strtoul` `atoi` `wcstombs` `strtod`
ucrtbase.dll (#7)	`strtoll` `strtol` `strtoumax` `strtoul` `atoi` `wcstombs` `strtod`
ucrtbase.dll (#8)	`strtoll` `strtol` `strtoumax` `strtoul` `atoi` `wcstombs` `strtod`
ucrtbase.dll (#9)	`strtoll` `strtol` `strtoumax` `strtoul` `atoi` `wcstombs` `strtod`
ucrtbase.dll (#10)	`strtoll` `strtol` `strtoumax` `strtoul` `atoi` `wcstombs` `strtod`
ucrtbase.dll (#11)	`strtoll` `strtol` `strtoumax` `strtoul` `atoi` `wcstombs` `strtod`
bcrypt.dll	`BCryptGenRandom`
d3d9.dll	`Direct3DCreate9`
d3dx9_39.dll	`D3DXCreateTextureFromFileInMemory`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4353`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.94762`
Detected Filetype	PNG graphic file
MD5	`6ad5c5cc9c68eeeaba50fe0759847988`
SHA1	`02e5df3c9b52ce62c1259d67300b643766e46c82`
SHA256	`1d931694fa99ee0b1c7b28754fd2e557fbb2e7197a599ddc4ab860dc4324c4c4`
SHA3	`011bfddcd2446ae4c9c78ee5cece21cb507b502ce25933749c7c778e3588e20a`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.7815`
Detected Filetype	Icon file
MD5	`4a7d47c95cc7ca8653eb0525b866d195`
SHA1	`080368e18ae7b573943be85fc36d73905f65227e`
SHA256	`4a421d6ffcec7abdfe5f732067fc1950355bd8c7f02133fa2fe2ce8612f8d001`
SHA3	`3b4979cfd93d0de6c3a6e43f1ac2ef63cc6097a99f8a379932c47779f6a8f245`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xa318725`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`22`
253 (35403)	`7`
ASM objects (35403)	`4`
C objects (35403)	`10`
Imports (VS2008 build 21022)	`2`
Imports (VS2012 build 50727 / VS2005 build 50727)	`2`
C++ objects (35403)	`40`
Imports (35403)	`6`
C objects (33523)	`43`
C objects (VS2022 Update 6 (17.6.4) compiler 32535)	`129`
C++ objects (34436)	`5`
Imports (33145)	`29`
Total imports	`521`
C++ objects (LTCG) (35725)	`10`
Resource objects (35725)	`1`
151	`1`
Linker (35725)	`1`

Errors

[!] Error: Could not reach the TLS callback table.

Leave a comment

No comments yet.