Manalyze report for e228e241aae4651b107f08179b9e9089

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Oct-17 14:28:18
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C# v7.0 / Basic .NET` `MASM/TASM - sig2(h)` `MASM/TASM - sig1(h)` `Microsoft Visual C++` `Microsoft Visual C++ v6.0` `.NET executable -> Microsoft`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: SCHTASK Schtask control.exe regedit.exe rundll32.exe sc.exe schtask` `Contains references to internet browsers: iexplore.exe` `Contains references to security software: Cleaner.exe MsMpEng.exe rshell.exe sfc.exe` `Looks for VMWare presence: VMware vmware` `May have dropper capabilities: %TEMP% %Temp% %allusersprofile% %temp% CurrentControlSet\Services CurrentControlSet\services CurrentVersion\Run` `Accesses the WMI: root\CIMV2 root\Microsoft root\cimv2` `Contains another PE executable: This program cannot be run in DOS mode.` `Miscellaneous malware strings: cmd.exe` Contains domain names: 000606.xyz 01-bootcd.ru 2.01-bootcd.ru 2010-aia.verisign.com 2010-crl.verisign.com MSGuides.com adobe.com aia.verisign.com aia.ws.symantec.com api.ipify.org board.com bootcd.ru browserleaks.com cacerts.digicert.com catqu.com cgtsoft.com crl.microsoft.com crl.sectigo.com crl.thawte.com crl.usertrust.com crl.verisign.com crl.ws.symantec.com crl3.digicert.com crl4.digicert.com crt.sectigo.com crt.usertrust.com csc3-2010-aia.verisign.com csc3-2010-crl.verisign.com curl.haxx.se defense.gov digiboy.ir digicert.com download.microsoft.com download.windowsupdate.com example.com f3322.org forum.ru-board.com gcc.gnu.org ghpym.com github.com google.com http://cacerts.digicert.com http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0 http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0 http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0 http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0 http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 http://crl.microsoft.com http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl0Z http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0 http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z http://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0 http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0X http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T http://crl.sectigo.com http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t http://crl.thawte.com http://crl.thawte.com/ThawteTimestampingCA.crl0 http://crl.usertrust.com http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl0v http://crl.verisign.com http://crl.verisign.com/pca3-g5.crl04 http://crl3.digicert.com http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08 http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0 http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07 http://crl3.digicert.com/assured-cs-2011a.crl03 http://crl3.digicert.com/sha2-assured-ts.crl02 http://crl4.digicert.com http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0 http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0 http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K http://crl4.digicert.com/assured-cs-2011a.crl0 http://crl4.digicert.com/sha2-assured-ts.crl0 http://crt.sectigo.com http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0# http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0# http://crt.usertrust.com http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt0% http://csc3-2010-aia.verisign.com http://csc3-2010-aia.verisign.com/CSC3-2010.cer0 http://csc3-2010-crl.verisign.com http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D http://logo.verisign.com http://logo.verisign.com/vslogo.gif04 http://microsoft.com0 http://ns.adobe.com http://ns.adobe.com/xap/1.0/ http://ns.adobe.com/xap/1.0/mm/ http://ns.adobe.com/xap/1.0/sType/ResourceRef# http://o15.officeredir.microsoft.com http://o15.officeredir.microsoft.com/r/rlidC2RRemovalTool?clid http://ocsp.digicert.com0A http://ocsp.digicert.com0C http://ocsp.digicert.com0H http://ocsp.digicert.com0I http://ocsp.digicert.com0L http://ocsp.digicert.com0O http://ocsp.sectigo.com0 http://ocsp.thawte.com0 http://ocsp.usertrust.com0 http://ocsp.verisign.com0 http://office.microsoft.com http://officecdn.microsoft.com http://officecdn.microsoft.com/ http://officecdn.microsoft.com/db http://officecdn.microsoft.com/db/ http://officecdn.microsoft.com/pr http://officecdn.microsoft.com/pr/ http://officecdn.microsoft.com/pr/39168D7E-077B-48E7-872C-B232C3E72675/Office/Data/ http://officecdn.microsoft.com/pr/39168D7E-077B-48E7-872C-B232C3E72675/Office/Data/c2rfireflydata.xml http://officecdn.microsoft.com/pr/39168D7E-077B-48E7-872C-B232C3E72675/Office/Data/v32.cab http://officecdn.microsoft.com/pr/39168D7E-077B-48E7-872C-B232C3E72675/Office/Data/v32_ http://officecdn.microsoft.com/pr/39168D7E-077B-48E7-872C-B232C3E72675/Office/Data/v64.cab http://officecdn.microsoft.com/pr/39168D7E-077B-48E7-872C-B232C3E72675/Office/Data/v64_ http://officecdn.microsoft.com/pr/39168D7E-077B-48E7-872C-B232C3E72675K_scenario_admin_culture_en-us_lcid_1033_platform_x86_productreleaseid_none_ http://officecdn.microsoft.com/pr/wsus/setup.exe http://officecdn.microsoft.com/sg http://officeredir.microsoft.com http://officeredir.microsoft.com/r/rlidOfficeWebHelp?p1 http://schemas.microsoft.com http://schemas.microsoft.com/SMI/2005/WindowsSettings http://schemas.microsoft.com/SMI/2016/WindowsSettings http://schemas.microsoft.com/windows/2004/02/mit/task http://ts-aia.ws.symantec.com http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 http://ts-crl.ws.symantec.com http://ts-crl.ws.symantec.com/tss-ca-g2.crl0 http://ts-ocsp.ws.symantec.com07 http://www.digicert.com http://www.digicert.com/ssl-cps-repository.htm0 http://www.metalinker.org http://www.metalinker.org/ http://www.microsoft.com http://www.microsoft.com/DRM/SL/GenuineAuthorization/1.0 http://www.microsoft.com/PKI/docs/CPS/default.htm0 http://www.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt0 http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0 http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0 http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0 http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0 http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0 http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0 http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0a http://www.microsoft.com/pkiops/docs/primarycps.htm0 http://www.nirsoft.net http://www.nirsoft.net/ http://www.vmware.com http://www.vmware.com/0 http://www.w3.org http://www.w3.org/1999/02/22-rdf-syntax-ns# http://www.w3.org/2000/xmlns/ http://www.w3.org/XML/1998/namespace https://api.ipify.org https://api.ipify.org/ https://aria2.github.io https://aria2.github.io/ https://browserleaks.com https://curl.haxx.se https://curl.haxx.se/docs/http-cookies.html https://download.microsoft.com https://download.microsoft.com/download/6/2/3/6230F7A2-D8A9-478B-AC5C-57091B632FCF/officedeploymenttool_x86_5031-1000.exe https://gcc.gnu.org https://gcc.gnu.org/bugs/ https://github.com https://ip-tracker.net https://iptracker.online https://learn.microsoft.com https://learn.microsoft.com/en-us/windows/win32/wmisdk/wmi-error-constants https://licensing.mp.microsoft.com https://licensing.mp.microsoft.com/v7.0/licenses/content https://mrodevicemgr.officeapps.live.com https://mrodevicemgr.officeapps.live.com/mrodevicemgrsvc/api/v2/C2RReleaseData https://mrodevicemgr.officeapps.live.com/mrodevicemgrsvc/api/v2/C2RReleaseData', https://mrodevicemgr.officeapps.live.com/mrodevicemgrsvc/api/v2/C2RReleaseData',' https://msfree.su https://nexus.officeapps.live.com https://nexus.officeapps.live.com/nexus/upload/ https://ping.pe https://sectigo.com https://technet.microsoft.com https://technet.microsoft.com/en-us/library/mt455210 https://vivaldi.com https://www.digicert.com https://www.digicert.com/CPS0 https://www.microsoft.com https://www.microsoft.com/en-us/download/confirmation.aspx?id https://www.verisign.com https://www.verisign.com/cps0 https://www.verisign.com/rpa https://www.verisign.com/rpa0 https://www.youtube.com https://www.youtube.com/watch?v inkscape.org ip-tracker.net ip-tracker.org ipify.org kms.000606.xyz kms.03k.org kms.catqu.com kms.cgtsoft.com kms.ddns.net kms.digiboy.ir kms.ghpym.com kms.kmzs123.cn kms.mc06.net kms.moeyuuko.top kms.sdit163.com kms.sixyin.com kms8.MSGuides.com kms9.MSGuides.com kmzs123.cn kremlin.ru l.root-servers.net learn.microsoft.com licensing.mp.microsoft.com login.live.com logo.verisign.com lysator.liu.se metalinker.org microsoft.com moeyuuko.top mp.microsoft.com mrodevicemgr.officeapps.live.com nexus.officeapps.live.com nirsoft.net ns.adobe.com o15.officeredir.microsoft.com office.microsoft.com officeapps.live.com officecdn.microsoft.com officeredir.microsoft.com opendns.com openssh.com purchase.mp.microsoft.com redmond.microsoft.com resolver1.opendns.com root-servers.net ru-board.com schemas.microsoft.com sdit163.com sectigo.com servers.net sixyin.com steveb1.redmond.microsoft.com symantec.com technet.microsoft.com thawte.com tracker.net tracker.org ts-aia.ws.symantec.com ts-crl.ws.symantec.com usertrust.com verisign.com vivaldi.com vmware.com whitehouse.gov windowsupdate.com ws.symantec.com www.defense.gov www.digicert.com www.inkscape.org www.kremlin.ru www.metalinker.org www.microsoft.com www.nirsoft.net www.verisign.com www.vmware.com www.w3.org www.whitehouse.gov www.youtube.com xincheng213618.cn xykz.f3322.org youtube.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses constants related to Blowfish` `Uses known Diffie-Helman primes` `Uses known Mersenne Twister constants` `Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW LoadLibraryW LoadLibraryA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowW` `Code injection capabilities: CreateRemoteThread OpenProcess VirtualAlloc` `Code injection capabilities (PowerLoader): FindWindowW GetWindowLongW` `Can access the registry: RegisterHotKey RegOpenKeyExW RegOpenKeyW RegQueryValueExW RegCloseKey RegDeleteKeyW RegSetValueExW RegCreateKeyExW RegEnumKeyExW RegDeleteValueW RegCreateKeyW RegEnumValueW` `Possibly launches other programs: CreateProcessW` `Uses Windows's Native API: ntohs ntohl` `Uses Microsoft's cryptographic API: CryptAcquireContextW CryptCreateHash CryptDeriveKey CryptDestroyHash CryptDestroyKey CryptEncrypt CryptHashData CryptReleaseContext CryptGenRandom CryptAcquireContextA CryptGetHashParam CryptStringToBinaryA CryptQueryObject` `Can create temporary files: CreateFileW GetTempPathW CreateFileA` `Uses functions commonly found in keyloggers: GetForegroundWindow AttachThreadInput CallNextHookEx GetAsyncKeyState` `Has Internet access capabilities: URLDownloadToFileW InternetCloseHandle InternetGetConnectedState InternetOpenUrlW InternetOpenW InternetReadFile` `Leverages the raw socket API to access the Internet: WSAStartup gethostbyname WSACleanup gethostbyaddr inet_addr closesocket socket htons ioctlsocket connect select __WSAFDIsSet gethostname recvfrom recv bind send sendto WSAGetLastError ntohs WSASetLastError getsockopt setsockopt getpeername getsockname WSAIoctl getaddrinfo freeaddrinfo htonl listen accept ntohl` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Interacts with services: OpenSCManagerW OpenServiceW QueryServiceStatus ChangeServiceConfigW ControlService` `Enumerates local disk drives: GetLogicalDriveStringsW GetVolumeInformationW GetDriveTypeW` `Manipulates other processes: OpenProcess Process32FirstW Process32NextW` `Can take screenshots: GetDC FindWindowW CreateCompatibleDC BitBlt` `Reads the contents of the clipboard: GetClipboardData` `Interacts with the certificate store: CertOpenStore CertAddCertificateContextToStore` `Can shut the system down or lock the screen: ExitWindowsEx LockWorkStation`
Malicious	VirusTotal score: 34/72 (Scanned on 2024-11-14 10:39:48)	`AVG: Win64:MalwareX-gen [Trj]` `Alibaba: HackTool:Win64/HackKMS.dfaaee27` `Antiy-AVL: HackTool/Win32.KMSAuto` `Avast: Win64:MalwareX-gen [Trj]` `Bkav: W64.AIDetectMalware` `CAT-QuickHeal: Trojan.KMS` `CTX: exe.hacktool.kmsauto` `ClamAV: Win.Tool.KmsActivator-9917428-0` `CrowdStrike: win/grayware_confidence_90% (D)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `ESET-NOD32: a variant of Win64/HackKMS.L potentially unsafe` `Elastic: malicious (high confidence)` `Fortinet: PossibleThreat.PALLAS.H` `GData: Win64.Application.Agent.54JID0` `Ikarus: PUA.HackTool.Winactivator` `K7AntiVirus: Unwanted-Program ( 005403411 )` `K7GW: Unwanted-Program ( 005403411 )` `Kaspersky: HEUR:HackTool.Win32.KMSAuto.gen` `Kingsoft: Win32.HackTool.KMSAuto.gen` `Lionic: Hacktool.Win32.KMSAuto.3!c` `Malwarebytes: RiskWare.KMS` `MaxSecure: Trojan.Malware.10142903.susgen` `McAfee: Artemis!E228E241AAE4` `McAfeeD: ti!E4FD36E9E3C1` `Microsoft: HackTool:Win32/AutoKMS` `Paloalto: generic.ml` `Rising: HackTool.KMSActivator!1.FCD3 (CLASSIC)` `Skyhigh: Artemis` `Sophos: Generic Reputation PUA (PUA)` `Symantec: ML.Attribute.HighConfidence` `Varist: W64/ABApplication.KHPB-7064` `Zillya: Tool.KMSAuto.Win32.8624` `ZoneAlarm: HEUR:HackTool.Win32.KMSAuto.gen`

Hashes

MD5	`e228e241aae4651b107f08179b9e9089`
SHA1	`855f10dd0a692192fa6b57b1c413906bed125da5`
SHA256	`e4fd36e9e3c1ed840a08097ac4daaa59f9fa9449997db6a7e0b99ea0c01cdd2b`
SHA3	`b708c0b26e3d28272a951d8d899e2bc3cc63f7f2c22054bc29646b8b7c47f76f`
SSDeep	`393216:HC2+BPXRl/obfoCkhfO/zFXGW/F/P9wXiXzThgn4JfR:i2+NeRkdObGXYztg0R`
Imports Hash	`fdecd5d5d82f375e9bb41fbe4c1f1ba0`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2024-Oct-17 14:28:18
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0x17e600`
SizeOfInitializedData	`0x17aaa00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001000 (Section: .code)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x192e000`
SizeOfHeaders	`0x400`
Checksum	`0x192d783`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.code

MD5	`439bf5ae906af74e25ee32735fbefbb8`
SHA1	`43c9c3a2c31023aada0883b3067ed0689c312178`
SHA256	`12b27c1d8906406f5b4e7a25d57672e8cd8643687cdcc3e7f0494ea72b6362e0`
SHA3	`c0770d1be74b2930835d8e5a372766ab905de3c86a36664d9eb966d98d1a9434`
VirtualSize	`0x6d335`
VirtualAddress	`0x1000`
SizeOfRawData	`0x6d400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.93978`

.text

MD5	`1bee1c4cfbaa6e1e8d58b3bcdc7f39ef`
SHA1	`cc009fe99cc25954667ae0b2f216a557af13c63c`
SHA256	`46740a3821ade62740fd902fd4f0027081edb59938cf78cf8e8df2efe61df95c`
SHA3	`3a3f2515f66eccf0a613f622a44c523f965ce12376379ce34ff471d4adcb10a5`
VirtualSize	`0x1111b3`
VirtualAddress	`0x6f000`
SizeOfRawData	`0x111200`
PointerToRawData	`0x6d800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.45825`

.rdata

MD5	`3a3eecddb00e2507081a625849acd784`
SHA1	`f196881ad5507381f4b4be1055b62092b4a1bdaf`
SHA256	`46f562ce11bddb05b32dfe90289255fd382af3db03f2f77718d1aef52c723f34`
SHA3	`0341bc44899963ec95e07b081b7607216749bf8e2984ed8407af1ca8b7bb2585`
VirtualSize	`0x4774c`
VirtualAddress	`0x181000`
SizeOfRawData	`0x47800`
PointerToRawData	`0x17ea00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.97183`

.pdata

MD5	`f20706dd4e0d87356969ade8823cf813`
SHA1	`504ab06d9f4f3f411f5e99ab2688d3d2165d69bf`
SHA256	`6c63b1a717b7303cba5080d93b2bcaf24adde394ee968eb0e10756cb73f2e80f`
SHA3	`d522bf5542ed9465aa89c0e752b59c7a464d937e7e5e4f2f6337406433752275`
VirtualSize	`0xd944`
VirtualAddress	`0x1c9000`
SizeOfRawData	`0xda00`
PointerToRawData	`0x1c6200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.15827`

.data

MD5	`333acaae5f2dd2707d2c9705d44564ab`
SHA1	`454b863fbfd1c8b793e067c55745e839e378714c`
SHA256	`0a617ac03178bfa18ed7285dc8b4662d26be1c204e9a81031a602aa7ee1835bf`
SHA3	`b6d96a908f6e8c1e278156eb8b5d4126f9bdde4a8435549eb37d8cf224ec525d`
VirtualSize	`0x174a141`
VirtualAddress	`0x1d7000`
SizeOfRawData	`0x1744c00`
PointerToRawData	`0x1d3c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.12822`

.rsrc

MD5	`9349ef081c44212baa4183b940dad0ea`
SHA1	`a0dabb637568b891b61ac15c4738b7aecdc7d954`
SHA256	`c0b64a63ff7b7e1c906beb8fb75ca9562e4860ebe2b126a25553e1bf095cc1b7`
SHA3	`39218fee4465c0bbbde1c11b30df8d987bd6d802753caee37f95f489caf7a55c`
VirtualSize	`0xb42c`
VirtualAddress	`0x1922000`
SizeOfRawData	`0xb600`
PointerToRawData	`0x1918800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.51324`

Imports

msvcrt.dll	`memset` `setlocale` `memcpy` `log10` `_wfopen` `fseek` `fclose` `wcslen` `wcscpy` `wcscat` `wcsncpy` `malloc` `free` `memcmp` `memmove` `strncmp` `isdigit` `wcscmp` `_stricmp` `sscanf` `sprintf` `strcpy` `strlen` `strcat` `_wstat` `_wcsdup` `strcmp` `fread` `longjmp` `setjmp` `ftell` `strncpy` `_wcsnicmp` `_wcsicmp` `wcsncmp` `_snwprintf` `tolower` `floor` `_localtime64` `_mktime64` `_gmtime64` `_itow` `sqrtf` `abs` `sinf` `cosf` `fmodf` `pow` `??3@YAXPEAX@Z` `??2@YAPEAX_K@Z` `wcsstr` `swscanf` `_close` `calloc` `_errno` `_lseeki64` `realloc` `_snprintf` `abort` `_wopen` `_setmode` `exit` `wcschr` `_open_osfhandle` `_strdup` `strrchr` `wctomb` `_get_osfhandle` `_open` `toupper` `mbstowcs` `strchr` `frexp` `modf` `fopen` `strerror` `atof` `fflush` `fwrite` `__iob_func` `fprintf` `ferror` `getenv` `_fdopen` `strtol` `strtoul` `_time64` `qsort` `fputs` `strstr` `strpbrk` `atoi` `_stat64` `_access` `_read` `_write` `memchr` `fputc` `strspn` `strcspn` `fgets` `isupper` `_vsnwprintf` `??1type_info@@UEAA@XZ` `?terminate@@YAXXZ` `__C_specific_handler` `ceil`
KERNEL32.dll	`GetModuleHandleW` `HeapCreate` `GetEnvironmentVariableW` `CreateSemaphoreW` `GetLastError` `CloseHandle` `HeapDestroy` `ExitProcess` `GetCurrentThreadId` `Sleep` `SystemTimeToFileTime` `LocalFileTimeToFileTime` `FindResourceW` `LoadResource` `LockResource` `SizeofResource` `CreateToolhelp32Snapshot` `GetLogicalDriveStringsW` `QueryDosDeviceW` `FileTimeToLocalFileTime` `FileTimeToSystemTime` `ExpandEnvironmentStringsW` `GetCurrentProcess` `GetUserDefaultLangID` `GetSystemDefaultLangID` `MultiByteToWideChar` `GetProcAddress` `CreateRemoteThread` `WaitForSingleObject` `GetExitCodeThread` `GetCurrentProcessId` `OpenProcess` `TerminateProcess` `FormatMessageW` `GetVolumeInformationW` `FindFirstFileW` `FindNextFileW` `FindClose` `WideCharToMultiByte` `BeginUpdateResourceW` `UpdateResourceW` `EndUpdateResourceW` `CreateProcessW` `Beep` `CreateFileW` `DeviceIoControl` `GetCommandLineW` `GetComputerNameW` `GetDateFormatW` `GetDiskFreeSpaceExW` `GetExitCodeProcess` `GetFileTime` `GetPrivateProfileStringW` `GetShortPathNameW` `GetSystemDirectoryW` `GetSystemPowerStatus` `GetTimeZoneInformation` `GetUserDefaultLCID` `GetWindowsDirectoryW` `GlobalMemoryStatus` `LocalFree` `Process32FirstW` `Process32NextW` `QueryPerformanceCounter` `QueryPerformanceFrequency` `SetComputerNameW` `SetFileTime` `SetSystemTime` `SetVolumeLabelW` `WritePrivateProfileStringW` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSection` `CreateThread` `TerminateThread` `HeapAlloc` `HeapFree` `FreeLibrary` `LoadLibraryExW` `GetModuleFileNameW` `DuplicateHandle` `CreatePipe` `GetStdHandle` `PeekNamedPipe` `ReadFile` `SetEnvironmentVariableW` `HeapReAlloc` `GetFileSize` `SetFilePointer` `SetEndOfFile` `WriteFile` `DeleteFileW` `TlsAlloc` `TlsSetValue` `GetTickCount` `TlsGetValue` `LoadLibraryW` `GetVersionExW` `SetLastError` `GetDriveTypeW` `GetFileAttributesW` `SetFileAttributesW` `RemoveDirectoryW` `SetCurrentDirectoryW` `CreateDirectoryW` `GetCurrentDirectoryW` `CopyFileW` `GetTempPathW` `GetLongPathNameW` `MoveFileW` `MulDiv` `GetLocalTime` `GlobalAlloc` `GlobalLock` `GlobalUnlock` `GlobalFree` `HeapSize` `TlsFree` `DeleteCriticalSection` `VirtualAlloc` `VirtualFree` `IsProcessorFeaturePresent` `IsValidCodePage` `GetACP` `GetOEMCP` `GetFileType` `GetFileInformationByHandle` `GetFileAttributesA` `CreateFileA` `GetFullPathNameW` `GetModuleHandleA` `LoadLibraryA` `GetSystemDirectoryA` `VerSetConditionMask` `VerifyVersionInfoA` `SleepEx` `ExpandEnvironmentStringsA` `FormatMessageA` `GetFileSizeEx` `UnregisterWait` `GetCurrentThread` `RegisterWaitForSingleObject`
USER32.dll	`SendMessageW` `OemToCharW` `GetSysColor` `UpdateWindow` `GetDlgCtrlID` `CallWindowProcW` `SetWindowLongPtrW` `GetWindowLongPtrW` `GetClientRect` `FillRect` `GetClassNameW` `GetWindow` `SetWindowPos` `InvalidateRect` `GetKeyState` `GetForegroundWindow` `GetWindowThreadProcessId` `AttachThreadInput` `SystemParametersInfoW` `LockSetForegroundWindow` `AllowSetForegroundWindow` `SetForegroundWindow` `IsIconic` `ShowWindow` `EnableWindow` `RedrawWindow` `CallNextHookEx` `SetWindowsHookExW` `UnhookWindowsHookEx` `IsWindowEnabled` `SetClassLongPtrW` `GetClassLongPtrW` `PeekMessageW` `TranslateMessage` `DispatchMessageW` `GetWindowRect` `OffsetRect` `IsRectEmpty` `MapWindowPoints` `SubtractRect` `IsWindow` `GetParent` `GetDC` `ReleaseDC` `BeginPaint` `EndPaint` `DefWindowProcW` `GetAsyncKeyState` `KillTimer` `GetCursorPos` `ScreenToClient` `SetTimer` `DrawTextW` `FrameRect` `InflateRect` `FindWindowW` `FindWindowExW` `DrawFrameControl` `EnumWindows` `GetWindowTextW` `SetCursorPos` `AnimateWindow` `BlockInput` `ChangeDisplaySettingsW` `CharToOemW` `CreateWindowExW` `DrawMenuBar` `EnableMenuItem` `EnumDisplaySettingsW` `ExitWindowsEx` `FlashWindow` `GetDesktopWindow` `GetFocus` `GetLastInputInfo` `GetSystemMenu` `GetSystemMetrics` `LoadCursorW` `LockWorkStation` `MessageBeep` `PostMessageW` `RegisterHotKey` `RemoveMenu` `SetFocus` `UnregisterHotKey` `WaitForInputIdle` `keybd_event` `mouse_event` `LoadIconW` `RegisterClassExW` `MessageBoxW` `GetWindowTextLengthW` `DestroyWindow` `UnregisterClassW` `CreateAcceleratorTableW` `BringWindowToTop` `GetMessageW` `TranslateAcceleratorW` `IsDialogMessageW` `DestroyAcceleratorTable` `IsWindowVisible` `SetMenu` `DestroyMenu` `TrackPopupMenu` `GetMenuItemInfoW` `ModifyMenuW` `SetMenuItemInfoW` `CreatePopupMenu` `AppendMenuW` `SetWindowTextW` `MoveWindow` `IntersectRect` `ValidateRect` `GetUpdateRect` `GetSysColorBrush` `GetIconInfo` `DrawStateW` `DrawFocusRect` `RemovePropW` `GetPropW` `SetPropW` `SetScrollPos` `GetWindowDC` `SetRect` `GetWindowLongW` `SetCursor` `GetMessagePos` `ReleaseCapture` `SetCapture` `ClipCursor` `GetCapture` `ChildWindowFromPointEx` `ClientToScreen` `EnumPropsExW` `SetActiveWindow` `DestroyIcon` `MsgWaitForMultipleObjects` `GetActiveWindow` `IsZoomed` `GetMenu` `AdjustWindowRectEx` `RegisterClassW` `DefFrameProcW` `EnumChildWindows` `IsChild` `RegisterWindowMessageW` `OpenClipboard` `EmptyClipboard` `SetClipboardData` `CloseClipboard` `GetClipboardData` `DrawIconEx` `CopyImage` `CreateIconFromResourceEx` `CreateIconFromResource` `CharUpperW` `CharLowerW`
GDI32.dll	`CreatePen` `CreateSolidBrush` `SelectObject` `DeleteDC` `DeleteObject` `CreatePatternBrush` `CreateRoundRectRgn` `GetPixel` `CreateCompatibleDC` `SelectClipRgn` `BitBlt` `GetStockObject` `RoundRect` `SetBkMode` `SetTextColor` `SetDCBrushColor` `SetBrushOrgEx` `CreateDCW` `CreateCompatibleBitmap` `CreateFontIndirectW` `OffsetViewportOrgEx` `SetViewportOrgEx` `GetTextExtentPoint32W` `SetBkColor` `CreateRectRgn` `GetObjectW` `GetObjectType` `ExcludeClipRect` `CreateRectRgnIndirect` `TextOutW` `MoveToEx` `LineTo` `CreateDIBSection` `GdiGetBatchLimit` `GdiSetBatchLimit` `GetClipRgn` `ExtSelectClipRgn` `GetDeviceCaps` `GetDIBits` `SetTextAlign` `SetStretchBltMode` `StretchBlt` `SelectPalette` `RealizePalette` `SetPixelV` `Rectangle` `Ellipse` `StretchDIBits` `SetROP2` `ExtFloodFill` `GetTextMetricsW` `CreateBitmap` `SetPixel` `GetObjectA` `CreateFontW`
ADVAPI32.dll	`OpenSCManagerW` `OpenServiceW` `CloseServiceHandle` `RegOpenKeyExW` `RegOpenKeyW` `RegConnectRegistryW` `RegQueryValueExW` `RegCloseKey` `QueryServiceStatus` `RegDeleteKeyW` `RegSetValueExW` `RegCreateKeyExW` `LookupAccountNameW` `IsValidSid` `RegEnumKeyExW` `RegDeleteValueW` `RegCreateKeyW` `AdjustTokenPrivileges` `ChangeServiceConfigW` `ControlService` `CryptAcquireContextW` `CryptCreateHash` `CryptDeriveKey` `CryptDestroyHash` `CryptDestroyKey` `CryptEncrypt` `CryptHashData` `CryptReleaseContext` `GetUserNameW` `ImpersonateLoggedOnUser` `LogonUserW` `LookupPrivilegeValueW` `OpenProcessToken` `RegEnumValueW` `RevertToSelf` `StartServiceW` `CryptGenRandom` `CryptAcquireContextA` `CryptGetHashParam`
OLEAUT32.dll	`SafeArrayGetDim` `SafeArrayGetUBound` `SafeArrayGetElement`
ole32.dll	`CoInitialize` `CoCreateInstance` `CoUninitialize` `CoInitializeEx` `CoInitializeSecurity` `CoSetProxyBlanket` `CoCreateGuid` `StringFromGUID2` `RevokeDragDrop`
SHELL32.dll	`SHGetSpecialFolderLocation` `SHGetPathFromIDListW` `ExtractIconExW` `ExtractIconW` `#66` `#524` `SHAddToRecentDocs` `SHFileOperationW` `SHFormatDrive` `SHGetFileInfoW` `ShellAboutW` `Shell_NotifyIconW` `ShellExecuteExW`
WS2_32.dll	`WSAStartup` `gethostbyname` `WSACleanup` `gethostbyaddr` `inet_addr` `closesocket` `socket` `htons` `ioctlsocket` `connect` `select` `__WSAFDIsSet` `gethostname` `recvfrom` `recv` `bind` `send` `sendto` `WSAGetLastError` `ntohs` `WSASetLastError` `getsockopt` `setsockopt` `getpeername` `getsockname` `WSAIoctl` `getaddrinfo` `freeaddrinfo` `htonl` `listen` `accept` `ntohl`
CRYPT32.dll	`CertFreeCertificateContext` `CertOpenStore` `CryptStringToBinaryA` `CertFindCertificateInStore` `CertCloseStore` `CertEnumCertificatesInStore` `CertCreateCertificateChainEngine` `CertGetCertificateChain` `CertFreeCertificateChainEngine` `CertFreeCertificateChain` `CryptQueryObject` `CertAddCertificateContextToStore` `CertGetNameStringA`
WINMM.dll	`timeBeginPeriod`
MSIMG32.dll	`AlphaBlend`
gdiplus.dll	`GdipDeleteFont` `GdipDeleteGraphics` `GdipDeletePath` `GdipDeleteMatrix` `GdipDeletePen` `GdipDeleteStringFormat` `GdipFree` `GdipGetDpiX` `GdipGetDpiY` `GdiplusStartup` `GdipCreateFontFromDC` `GdipCreateFromHDC` `GdipCreatePath` `GdipCreateMatrix` `GdipCreatePen1` `GdipCreateSolidFill` `GdipDeleteBrush` `GdipAlloc` `GdipCloneBrush` `GdipCloneStringFormat` `GdipStringFormatGetGenericTypographic` `GdipGetStringFormatFlags` `GdipScaleMatrix` `GdipSetCompositingMode` `GdipSetStringFormatFlags` `GdipSetInterpolationMode` `GdipSetPageUnit` `GdipSetSmoothingMode` `GdipSetTextRenderingHint` `GdipTranslateWorldTransform` `GdipTranslateMatrix` `GdipStartPathFigure` `GdipCreateBitmapFromScan0` `GdipCreateBitmapFromHICON` `GdipCreateBitmapFromGdiDib` `GdipCreateImageAttributes` `GdipDisposeImage` `GdipDisposeImageAttributes` `GdipCloneImage` `GdipDrawImageRectRect` `GdipGetImageBounds` `GdipGetImageHeight` `GdipGetImageWidth` `GdipImageRotateFlip` `GdipSetImageAttributesColorMatrix` `GdipVectorTransformMatrixPoints` `GdipCreateFontFromLogfontA` `GdipCreateFont` `GdipDeleteFontFamily` `GdipGetFamily` `GdipGetFontSize` `GdipGetFontStyle` `GdipInvertMatrix` `GdipMultiplyMatrix` `GdipMultiplyWorldTransform` `GdipTransformPath` `GdipTransformMatrixPoints` `GdipSetMatrixElements`
ICMP.DLL	`IcmpCloseHandle` `IcmpCreateFile` `IcmpSendEcho`
imagehlp.dll	`MapFileAndCheckSumW` `MakeSureDirectoryPathExists`
IPHLPAPI.DLL	`GetAdaptersInfo` `GetNetworkParams`
msi.dll	`#45` `#70`
NETAPI32.dll	`NetApiBufferFree` `NetLocalGroupAdd` `NetLocalGroupDel` `NetLocalGroupEnum` `NetUserDel` `NetUserGetInfo` `NetUserSetInfo`
SETUPAPI.dll	`SetupIterateCabinetW`
urlmon.dll	`URLDownloadToFileW` `UrlMkSetSessionOption`
USERENV.dll	`GetDefaultUserProfileDirectoryW`
UxTheme.dll	`SetWindowTheme`
WININET.dll	`DeleteUrlCacheEntryW` `InternetCloseHandle` `InternetGetConnectedState` `InternetOpenUrlW` `InternetOpenW` `InternetReadFile` `UnlockUrlCacheEntryFileW`
WINSPOOL.DRV	`ClosePrinter` `DeletePrinter` `OpenPrinterW` `SetPrinterW`
COMDLG32.dll	`GetSaveFileNameW` `GetOpenFileNameW`
COMCTL32.dll	`InitCommonControlsEx` `_TrackMouseEvent` `ImageList_Replace` `ImageList_Add` `ImageList_ReplaceIcon` `ImageList_Remove` `ImageList_AddMasked` `ImageList_Destroy` `ImageList_Create`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	2024-Oct-17 14:28:18
Entropy	`4.77266`
MD5	`b91dfb58d28a620ce5903736baafed0d`
SHA1	`399ea2003cb06393d4d8552d4d3ed308e0da2e28`
SHA256	`a5b578dd05dd966b8154c45589d9f4c4997c388f89cd1615f0507594f9671b8f`
SHA3	`e328d0612cf1ff38c411927390b44e130149cd7243e12f75a63fdd839e8c4ec1`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	2024-Oct-17 14:28:18
Entropy	`5.29604`
MD5	`eeedec0e99eddbf26b17e36eea0b76ac`
SHA1	`25826ac568237b22e43f8ceb021f333514be19d5`
SHA256	`2902fad50697e55603cdf43006ecb62a518dcb01872ba79d11ea1719c04868ff`
SHA3	`30003259647b920d96f05125f691c5d511004413bd48216d057ce914ff8448f0`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6c8`
TimeDateStamp	2024-Oct-17 14:28:18
Entropy	`4.35071`
MD5	`7abe8c176dbe2ae2ad5f9b41b39da62d`
SHA1	`fdacd53099ada70fcf91988cef9e29e4b490ca81`
SHA256	`cc3506eadd7e416b621899c23c435280f2869dc45a66b99b95ac0d92df654261`
SHA3	`6a4bdcca2822234763e90d596747bd97dbfc1e2019ccd4900eb92f5f586b31f6`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	2024-Oct-17 14:28:18
Entropy	`3.03007`
MD5	`02a09b53b53c0e3b0f82977eb58ab5b9`
SHA1	`712bf54be3ee3c2daabe4ad730c08dd76e73a55d`
SHA256	`8d20d73af732650caa2467f207905a0f30af8270243306f84afba87102301462`
SHA3	`e2924a6b8cf26ed892fbb368c2cd1423155690dd3d822ac372aa75971e43868b`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	2024-Oct-17 14:28:18
Entropy	`3.79019`
MD5	`79f34f59a1682db69ce1a1b9014771dc`
SHA1	`adbb3afafeaffdf99402d9ad49ed0cbdeef13c46`
SHA256	`737f61d83e94b9f96fa7d8a2e341e0120eee33b4aa0ddb24e61fca4d8ed60090`
SHA3	`537e0ab314bce8c179111115d97e55e9082e85650d88110671068425e8b21e13`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	2024-Oct-17 14:28:18
Entropy	`4.1678`
MD5	`24a1e7e7c6e045aefe1a55e777d0818a`
SHA1	`d3c6c274f87d67ab2ebcafc22c80d8b5c6bf30ab`
SHA256	`2371b811ce9e67be6371eb03cc6693973e6ba95483c177406be4165aa6a7fe5c`
SHA3	`50660bb5a0d1bcc535069946db77f2f63e58f26aabbafc7c11050fbb7dcb4f19`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	2024-Oct-17 14:28:18
Entropy	`4.32586`
MD5	`f1e11368814679b45bf408938a83d89c`
SHA1	`4ff9edddd0b7255764a20c559615107207bd4388`
SHA256	`d98b9f4207a4ed1122444a0f4d6ff15da9b99d65621491c6780b93bcddd0bbd1`
SHA3	`cc25469871061919e8aaa8992c2b437c235dc3ac4f4855b51a4f90da37a08fc6`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	2024-Oct-17 14:28:18
Entropy	`4.672`
MD5	`95476d8cba2b0fc425a45b23f962492e`
SHA1	`79786f5ca7ecac9fc5a4be0f4e65310c4f349cd6`
SHA256	`5d3d4d5c58ccd81cee4b20fbaf65a19ba7abaa340c3239e51c47fcf1be349d54`
SHA3	`b920b15629910073d9b7072ae22d53243abc449536d5b368068cbc836c823004`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	2024-Oct-17 14:28:18
Entropy	`5.05539`
MD5	`de7d3bc3dcac36f1b115df41c3667658`
SHA1	`6b8192c80e09243cb2085806d23d6dd6d1908317`
SHA256	`72781296cf166c7ee02dd8af1e646ba2f931e3cc3c225c35808d0046ab42b352`
SHA3	`be8c8278836f822ae0e684bd418b6dcf9c9a1b27fefea531c59915c6ce8369f5`

1 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	2024-Oct-17 14:28:18
Entropy	`2.96193`
Detected Filetype	Icon file
MD5	`f2ead720e26aea3a53ab0840ceb93532`
SHA1	`877ecc189bf14a4099f528ad5db16aa69d16c9b2`
SHA256	`acf711e5149fd94f1e8f573fde716526e9fae613de09caecc0bd36d3f6379b8e`
SHA3	`34781bb9ede25f9cd457c5451b0c6c37e8e3af30b96455bf3171318e843a237d`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0xdc`
TimeDateStamp	2024-Oct-17 14:28:18
Entropy	`2.8926`
MD5	`6e6d618bf4f7e238bdc1dd39c2fbec7f`
SHA1	`44ad43c9feefaf5363b6d97edec7ef3a8aeb65e8`
SHA256	`f8c6d4bacfc4c9a85beabd56bfe00824ab47fad7c6b50f61c934e4e91b065647`
SHA3	`5aaa6d5372a51d65e01d69ce16b8d10ccd6a63a990ced44fff28e2fa012485eb`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x631`
TimeDateStamp	2024-Oct-17 14:28:18
Entropy	`5.12059`
MD5	`ff32cd10a67562d6d22a9bc97f1c1c8e`
SHA1	`d12b7ea5f045cf2a0e235e898e08efed2ca64688`
SHA256	`910bde158963cc213ce0154f80e3b98dc089b3f844134b2dbcb41af7b1e21f4e`
SHA3	`0a349f36ec6266a6b50e10a55e8d262bcf97bb2685770a2c9bc7646ed1400e99`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.9.9.9
ProductVersion	1.9.9.9
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

e228e241aae4651b107f08179b9e9089

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.code

.text

.rdata

.pdata

.data

.rsrc

Imports

Delayed Imports

1

2

3

4

5

6

7

8

9

1 (#2)

1 (#3)

1 (#4)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors