Manalyze report for e6e9ec5ee04f0848e70ea715d5103a1d

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2025-Mar-07 14:27:31
Detected languages	English - United States

Plugin Output

Info	Libraries used to perform cryptographic operations:	`Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found: .dcf0` `Unusual section name found: .dcf1` `Unusual section name found: .dcf2`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExA GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowA NtQuerySystemInformation` `Code injection capabilities: OpenProcess VirtualAlloc CreateRemoteThread VirtualAllocEx WriteProcessMemory` `Can access the registry: RegOpenKeyExA RegSetValueExA RegGetValueA RegCloseKey RegSetKeyValueW RegCreateKeyW RegOpenKeyW` `Possibly launches other programs: CreateProcessA ShellExecuteA system` `Uses Windows's Native API: ntohs NtQuerySystemInformation` `Uses Microsoft's cryptographic API: CryptGetHashParam CryptDestroyHash CryptHashData CryptCreateHash CryptGenRandom CryptDestroyKey CryptImportKey CryptEncrypt CryptReleaseContext CryptAcquireContextA CryptQueryObject CryptDecodeObjectEx CryptStringToBinaryA` `Can create temporary files: CreateFileW GetTempPathW CreateFileA` `Memory manipulation functions often used by packers: VirtualAlloc VirtualAllocEx VirtualProtectEx` `Leverages the raw socket API to access the Internet: ntohs htons getsockopt getsockname getpeername connect bind WSACloseEvent WSACreateEvent WSAEnumNetworkEvents WSAEventSelect WSAResetEvent WSAWaitForMultipleEvents closesocket WSAGetLastError recv socket setsockopt gethostname ioctlsocket sendto recvfrom freeaddrinfo getaddrinfo listen htonl accept select __WSAFDIsSet WSACleanup WSAStartup WSAIoctl send WSASetLastError` `Interacts with services: OpenServiceA QueryServiceStatusEx ControlService DeleteService OpenSCManagerA CreateServiceA` `Manipulates other processes: OpenProcess Process32Next Process32First ReadProcessMemory WriteProcessMemory` `Can take screenshots: GetDC FindWindowA BitBlt CreateCompatibleDC` `Interacts with the certificate store: CertAddCertificateContextToStore CertOpenStore`
Suspicious	The file contains overlay data.	`1 bytes of data starting at offset 0x3e6a00.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`e6e9ec5ee04f0848e70ea715d5103a1d`
SHA1	`1765bb82996bcc3b17e21d31b310c7cc18692f72`
SHA256	`258c1a901333430f052473c001d29c3a6cb63d3b28a3fc263453d15fb6b660a8`
SHA3	`8cb8e3d79814bc7cf2217a409da2f026a3928226aa6bab60059d45e35ecaa21c`
SSDeep	`98304:/ae46Thzpr+D5zETDmrzCa40e+IzTIcIXol:/ae46TBEWDmrzCMZIzRl`
Imports Hash	`7e35fcbf85467b0f08d8d1378d794b8e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`9`
TimeDateStamp	2025-Mar-07 14:27:31
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x90400`
SizeOfInitializedData	`0x80600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000032FF80 (Section: .dcf2)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x66e000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x90227`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.rdata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x2fd4c`
VirtualAddress	`0x92000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.data

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x49ae0`
VirtualAddress	`0xc2000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.pdata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x606c`
VirtualAddress	`0x10c000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.dcf0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x171207`
VirtualAddress	`0x113000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.dcf1

MD5	`86f8f70a5e59b02951ffd66531c7f917`
SHA1	`a4feb0ae01e0f2285c3bc0c139c700493770ebc0`
SHA256	`a4300c078cb514bb29ad506066d4e8af5e9041f534c2304535078dcb278985cc`
SHA3	`21999b8172cd02b5c15b5a41afe1bad88471d4f8575f32544cf1c34b4e4a51b1`
VirtualSize	`0x10c0`
VirtualAddress	`0x285000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.65357`

.dcf2

MD5	`324072c106249f26ede91460a16f9469`
SHA1	`02998870d8516ab3f9c9f5f7d01053efc2c94115`
SHA256	`8df40733be78428efc79492f15f5b0842ad93008721b5dba64ebff2be30a947d`
SHA3	`f0f7d260ac72cb1a8fb25755b54e314390f7848c20f64482c638fe42670f243c`
VirtualSize	`0x3e4fc0`
VirtualAddress	`0x287000`
SizeOfRawData	`0x3e5000`
PointerToRawData	`0x1600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`7.82239`

.reloc

MD5	`d5efe98f18d31253e257a410c45381b3`
SHA1	`00f1840b4f89eb8c9514c91c1e686fc0bac1ece1`
SHA256	`5c1b065522aeb2b8a9f85214c899e155526b13b6a2a8a68df7de8e2b0b9850e0`
SHA3	`587b9a6610d098a6e527f3dc13eb3b6171107cbf85066879f159d4fb4a8d01af`
VirtualSize	`0xf4`
VirtualAddress	`0x66c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3e6600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.26752`

.rsrc

MD5	`4fdd44e622a1ec57e18b4ecf4b850c9f`
SHA1	`f9563f96a6a0e522f7ccad0e0c84228d7e50cb13`
SHA256	`e812cb85baccb07e76d51fd466f971031b91a831553fe3121d042978718f8887`
SHA3	`de2fc0e44b411c054c5df8860a8e0dad2dc5bab1b1bdd691d10c578598c10eb4`
VirtualSize	`0x1e0`
VirtualAddress	`0x66d000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3e6800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.76395`

Imports

KERNEL32.dll	`GetTickCount` `SetLastError` `FormatMessageW` `MoveFileExA` `WaitForSingleObjectEx` `GetEnvironmentVariableA` `GetStdHandle` `GetFileType` `PeekNamedPipe` `WaitForMultipleObjects` `VerifyVersionInfoW` `GetFileSizeEx` `UnhandledExceptionFilter` `TerminateProcess` `IsProcessorFeaturePresent` `InitializeCriticalSectionAndSpinCount` `SetEvent` `ResetEvent` `CreateEventW` `GetModuleHandleW` `GetSystemTimeAsFileTime` `InitializeSListHead` `lstrcatA` `FormatMessageA` `GetFileAttributesExW` `SleepEx` `IsDebuggerPresent` `CreateProcessA` `GetConsoleWindow` `CreateThread` `OpenProcess` `lstrcpyA` `Process32Next` `DeleteFileA` `GetSystemDirectoryA` `GetLastError` `GetCurrentDirectoryA` `K32QueryWorkingSetEx` `CreatePipe` `LoadLibraryExA` `WriteFile` `GetCurrentProcess` `SetConsoleTitleA` `SetHandleInformation` `Process32First` `GetModuleFileNameA` `ReadFile` `GetCurrentProcessId` `GetCurrentThreadId` `CreateFileW` `VirtualAlloc` `VirtualFree` `GetExitCodeProcess` `VirtualFreeEx` `CreateRemoteThread` `ReadProcessMemory` `VirtualAllocEx` `VirtualProtectEx` `CloseHandle` `AreFileApisANSI` `DeleteCriticalSection` `InitializeCriticalSectionEx` `LeaveCriticalSection` `SetUnhandledExceptionFilter` `GetTempPathW` `CopyFileA` `CreateToolhelp32Snapshot` `Sleep` `RtlAddFunctionTable` `WriteProcessMemory` `QueryPerformanceCounter` `FreeLibrary` `VerSetConditionMask` `GetProcAddress` `QueryPerformanceFrequency` `LoadLibraryA` `GetModuleHandleA` `WideCharToMultiByte` `MultiByteToWideChar` `CreateFileA` `LocalFree` `DeviceIoControl` `GetFileInformationByHandleEx` `EnterCriticalSection`
USER32.dll	`GetDC` `ReleaseDC` `FindWindowA` `GetDesktopWindow` `MessageBoxA` `GetAsyncKeyState` `ShowWindow` `wsprintfA` `GetSystemMetrics`
GDI32.dll	`BitBlt` `CreateCompatibleBitmap` `SelectObject` `CreateCompatibleDC` `DeleteDC` `DeleteObject` `GetDIBits`
ADVAPI32.dll	`RegDeleteTreeW` `OpenServiceA` `QueryServiceStatusEx` `CryptGetHashParam` `RegOpenKeyExA` `CryptDestroyHash` `RegSetValueExA` `CryptHashData` `CryptCreateHash` `StartServiceA` `ControlService` `DeleteService` `OpenSCManagerA` `CloseServiceHandle` `RegGetValueA` `CryptGenRandom` `CryptDestroyKey` `CryptImportKey` `CryptEncrypt` `RegCloseKey` `RegSetKeyValueW` `CryptReleaseContext` `RegCreateKeyW` `RegOpenKeyW` `CreateServiceA` `CryptAcquireContextA`
SHELL32.dll	`ShellExecuteA`
MSVCP140.dll	`?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z` `?_Xlength_error@std@@YAXPEBD@Z` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z` `?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z` `?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z` `?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z` `?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ` `?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ` `?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ` `?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z` `??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `?id@?$ctype@_W@std@@2V0locale@2@A` `??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z` `?getloc@ios_base@std@@QEBA?AVlocale@2@XZ` `?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?widen@?$ctype@_W@std@@QEBA_WD@Z` `?always_noconv@codecvt_base@std@@QEBA_NXZ` `??Bid@locale@std@@QEAA_KXZ` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z` `?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A` `?_Winerror_map@std@@YAHH@Z` `?_Xbad_function_call@std@@YAXXZ` `?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z` `?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z` `?id@?$ctype@D@std@@2V0locale@2@A` `?_Syserror_map@std@@YAPEBDH@Z` `??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z` `?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z` `?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z` `?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z` `??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z` `??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?_Xout_of_range@std@@YAXPEBD@Z` `?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?uncaught_exception@std@@YA_NXZ` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ` `?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ` `?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z` `?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `?width@ios_base@std@@QEAA_J_J@Z` `?width@ios_base@std@@QEBA_JXZ` `?flags@ios_base@std@@QEBAHXZ` `?good@ios_base@std@@QEBA_NXZ` `??1_Lockit@std@@QEAA@XZ` `??0_Lockit@std@@QEAA@H@Z` `?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ` `?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ`
Normaliz.dll	`IdnToAscii`
WS2_32.dll	`ntohs` `htons` `getsockopt` `getsockname` `getpeername` `connect` `bind` `WSACloseEvent` `WSACreateEvent` `WSAEnumNetworkEvents` `WSAEventSelect` `WSAResetEvent` `WSAWaitForMultipleEvents` `closesocket` `WSAGetLastError` `recv` `socket` `setsockopt` `gethostname` `ioctlsocket` `sendto` `recvfrom` `freeaddrinfo` `getaddrinfo` `listen` `htonl` `accept` `select` `__WSAFDIsSet` `WSACleanup` `WSAStartup` `WSAIoctl` `send` `WSASetLastError`
WLDAP32.dll	`#217` `#46` `#211` `#60` `#45` `#50` `#41` `#22` `#26` `#143` `#27` `#32` `#33` `#35` `#79` `#30` `#200` `#301`
CRYPT32.dll	`CertFreeCertificateChain` `CertGetCertificateChain` `CertFreeCertificateChainEngine` `CertCreateCertificateChainEngine` `CryptQueryObject` `CertGetNameStringA` `CertFindExtension` `CertAddCertificateContextToStore` `CryptDecodeObjectEx` `PFXImportCertStore` `CryptStringToBinaryA` `CertFreeCertificateContext` `CertFindCertificateInStore` `CertEnumCertificatesInStore` `CertOpenStore` `CertCloseStore`
ntdll.dll	`RtlVirtualUnwind` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlInitUnicodeString` `NtQuerySystemInformation`
SHLWAPI.dll	`PathFileExistsA`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`wcsstr` `__C_specific_handler` `__current_exception_context` `__current_exception` `memchr` `_CxxThrowException` `memcmp` `memmove` `memset` `memcpy` `__std_terminate` `strstr` `strchr` `__std_exception_destroy` `__std_exception_copy` `strrchr`
api-ms-win-crt-stdio-l1-1-0.dll	`fflush` `fclose` `fseek` `__acrt_iob_func` `ftell` `fgets` `_lseeki64` `_close` `__stdio_common_vfprintf` `_open` `fopen` `_read` `__p__commode` `fwrite` `_set_fmode` `_get_stream_buffer_pointers` `_write` `_fseeki64` `fsetpos` `ungetc` `__stdio_common_vsprintf` `setvbuf` `fgetpos` `_popen` `fread` `fgetc` `__stdio_common_vsscanf` `fputs` `fputc` `feof` `_pclose`
api-ms-win-crt-utility-l1-1-0.dll	`qsort` `srand` `rand`
api-ms-win-crt-string-l1-1-0.dll	`_strdup` `isupper` `tolower` `_stricmp` `strcmp` `strncpy` `strpbrk` `strncmp` `strspn` `strcspn`
api-ms-win-crt-heap-l1-1-0.dll	`malloc` `realloc` `free` `calloc` `_set_new_mode` `_callnewh`
api-ms-win-crt-convert-l1-1-0.dll	`atoi` `strtoul` `strtod` `wcstombs` `strtoull` `strtol` `strtoll`
api-ms-win-crt-filesystem-l1-1-0.dll	`_unlink` `rename` `_wremove` `_unlock_file` `_fstat64` `_lock_file` `_access` `_stat64`
api-ms-win-crt-time-l1-1-0.dll	`strftime` `_time64` `_gmtime64`
api-ms-win-crt-runtime-l1-1-0.dll	`_crt_atexit` `_cexit` `_initialize_onexit_table` `_seh_filter_exe` `_set_app_type` `_initialize_narrow_environment` `_get_initial_narrow_environment` `_initterm` `_initterm_e` `_exit` `exit` `__p___argc` `__p___argv` `_c_exit` `_register_thread_local_exe_atexit_callback` `_configure_narrow_argv` `__sys_errlist` `system` `terminate` `__sys_nerr` `_invalid_parameter_noinfo_noreturn` `_beginthreadex` `_getpid` `_errno` `_register_onexit_function`
api-ms-win-crt-math-l1-1-0.dll	`_dclass` `__setusermatherr` `_dsign`
api-ms-win-crt-conio-l1-1-0.dll	`_getch`
api-ms-win-crt-locale-l1-1-0.dll	`localeconv` `___lc_codepage_func` `_configthreadlocale`
KERNEL32.dll (#2)	`GetTickCount` `SetLastError` `FormatMessageW` `MoveFileExA` `WaitForSingleObjectEx` `GetEnvironmentVariableA` `GetStdHandle` `GetFileType` `PeekNamedPipe` `WaitForMultipleObjects` `VerifyVersionInfoW` `GetFileSizeEx` `UnhandledExceptionFilter` `TerminateProcess` `IsProcessorFeaturePresent` `InitializeCriticalSectionAndSpinCount` `SetEvent` `ResetEvent` `CreateEventW` `GetModuleHandleW` `GetSystemTimeAsFileTime` `InitializeSListHead` `lstrcatA` `FormatMessageA` `GetFileAttributesExW` `SleepEx` `IsDebuggerPresent` `CreateProcessA` `GetConsoleWindow` `CreateThread` `OpenProcess` `lstrcpyA` `Process32Next` `DeleteFileA` `GetSystemDirectoryA` `GetLastError` `GetCurrentDirectoryA` `K32QueryWorkingSetEx` `CreatePipe` `LoadLibraryExA` `WriteFile` `GetCurrentProcess` `SetConsoleTitleA` `SetHandleInformation` `Process32First` `GetModuleFileNameA` `ReadFile` `GetCurrentProcessId` `GetCurrentThreadId` `CreateFileW` `VirtualAlloc` `VirtualFree` `GetExitCodeProcess` `VirtualFreeEx` `CreateRemoteThread` `ReadProcessMemory` `VirtualAllocEx` `VirtualProtectEx` `CloseHandle` `AreFileApisANSI` `DeleteCriticalSection` `InitializeCriticalSectionEx` `LeaveCriticalSection` `SetUnhandledExceptionFilter` `GetTempPathW` `CopyFileA` `CreateToolhelp32Snapshot` `Sleep` `RtlAddFunctionTable` `WriteProcessMemory` `QueryPerformanceCounter` `FreeLibrary` `VerSetConditionMask` `GetProcAddress` `QueryPerformanceFrequency` `LoadLibraryA` `GetModuleHandleA` `WideCharToMultiByte` `MultiByteToWideChar` `CreateFileA` `LocalFree` `DeviceIoControl` `GetFileInformationByHandleEx` `EnterCriticalSection`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

Version Info

TLS Callbacks

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1400c2070`

RICH Header

Errors

[!] Error: Could not reach the TLS callback table.
[*] Warning: Section .text has a size of 0!
[*] Warning: Section .rdata has a size of 0!
[*] Warning: Section .data has a size of 0!
[*] Warning: Section .pdata has a size of 0!
[*] Warning: Section .dcf0 has a size of 0!
[*] Warning: Raw bytes from section .dcf2 could not be obtained.