Manalyze report for edaf6676fe03d0a552f07d7fd438f34d8fe79612c80a365cb42fba679bbea530

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Apr-11 18:33:37
Detected languages	English - United States
TLS Callbacks	1 callback(s) detected.
Debug artifacts	Madium.pdb
CompanyName	madium
FileDescription	Madium
FileVersion	`0.1.0`
ProductName	Madium
ProductVersion	`0.1.0`

Plugin Output

Suspicious	PEiD Signature:	`UPolyX V0.1 -> Delikon`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: Exploit cmd.exe` Contains domain names: 0www.entrust.net 7www.entrust.net Entrust.net GoDaddy.com apis.roblox.com birthpopuptypesapplyImagebeinguppernoteseveryshowsmeansextramatchtrackknownearlybegansuperpapernorthlearngivennamedendedTermspartsGroupbrandusingwomanfalsereadyaudiotakeswhile.com developer.microsoft.com entrust.net games.roblox.com genretrucklooksValueFrame.net github.com githubusercontent.com http://dummy.testC http://www.C http://www.a http://www.css http://www.hortcut http://www.icon http://www.interpretation http://www.language http://www.style http://www.text-decoration http://www.w3.org http://www.w3.org/shortcut http://www.wencodeURIComponent http://www.years https://apis.roblox.com https://apis.roblox.com/universes/v1/places/ https://developer.microsoft.com https://developer.microsoft.com/en-us/microsoft-edge/webview2 https://games.roblox.com https://games.roblox.com/v1/games?universeIds https://github.com https://raw.githubusercontent.com https://raw.githubusercontent.com/olemadbusiness-blip/madium-public/refs/heads/main/supportedversion https://scriptblox.com https://thumbnails.roblox.com https://thumbnails.roblox.com/v1/users/avatar-headshot?userIds https://users.roblox.com https://users.roblox.com/v1/users/ https://www.World https://www.recent microsoft.com openssl.org raw.githubusercontent.com roblox.com scriptblox.com thing.org thumbnails.roblox.com users.roblox.com www.entrust.net www.w3.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to RC5 or RC6`
Suspicious	The PE is possibly packed.	`Unusual section name found: .taubndl`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW LoadLibraryExA LoadLibraryA LoadLibraryW GetProcAddress` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot SwitchToThread` `Can access the registry: RegQueryValueExW RegCloseKey RegGetValueW RegOpenKeyExW` `Possibly launches other programs: ShellExecuteW CreateProcessW` `Uses Windows's Native API: NtReadFile NtCreateFile NtCancelIoFileEx NtDeviceIoControlFile NtOpenFile NtCreateNamedPipeFile NtWriteFile` `Can create temporary files: GetTempPathW CreateFileW` `Uses functions commonly found in keyloggers: GetForegroundWindow MapVirtualKeyW GetAsyncKeyState` `Leverages the raw socket API to access the Internet: WSAStartup closesocket recv WSASend send getsockname getpeername getsockopt accept setsockopt ioctlsocket connect WSACleanup WSAIoctl WSASocketW bind listen shutdown WSAGetLastError socket freeaddrinfo getaddrinfo` `Functions related to the privilege level: OpenProcessToken` `Manipulates other processes: Process32FirstW Process32NextW OpenProcess` `Can take screenshots: BitBlt CreateCompatibleDC GetDC`
Suspicious	VirusTotal score: 2/65 (Scanned on 2026-05-24 01:37:23)	`ESET-NOD32: Win64/GameHack.UO potentially unsafe application` `Trapmine: malicious.high.ml.score`

Hashes

MD5	`bb9f911b6b7c613bd00c34e0595ac224`
SHA1	`f36e89aa7dc47d4da77b70f04a853ae5d2abd07f`
SHA256	`edaf6676fe03d0a552f07d7fd438f34d8fe79612c80a365cb42fba679bbea530`
SHA3	`0f404c44745cb95eb387f0c62bfa87b0f5ba7359a5a7097585701628b3e59d1c`
SSDeep	`98304:mrIWZS8bcjmxyhAs8qPC3Pf3JMApcQ1nqj3I/JW+kAX42+PKdILdlhXpGR5o:mEW3bc7vC3XJMsJhBAKdIdB`
Imports Hash	`fab7884061ecf1fe3f624341e2276d27`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2026-Apr-11 18:33:37
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x977e00`
SizeOfInitializedData	`0x58fc00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000094C66C (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xf0c000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`19acf372c4626eab0290cebc29924e42`
SHA1	`2a2a6579874d3abd9dd96f0f383ee318d4264021`
SHA256	`71da421454bb0e4c407bbf4c8f5bbaed1ca31f34ccebcfb1b58f9795290277c5`
SHA3	`e51687acfff94d168cf246fbe10655a5a89ba53d644e19eaf83d82d09ad2afdf`
VirtualSize	`0x977d20`
VirtualAddress	`0x1000`
SizeOfRawData	`0x977e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.20813`

.rdata

MD5	`ea41ef6bd812292692956ee1997d96c0`
SHA1	`3e98b6fd82684b5aa199b73f73e1c4ef05aef480`
SHA256	`43459f954f31eb5bd3211b5fd8655f604415af37a99c1f1e01e0347869737546`
SHA3	`4d71215d19bfc27bb453ae429e11d4b197310d8f1bc79366e5bd71ee1b7715a1`
VirtualSize	`0x4e712e`
VirtualAddress	`0x979000`
SizeOfRawData	`0x4e7200`
PointerToRawData	`0x978200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.3201`

.data

MD5	`d8ad5c167a2bb4081323bfed6f090656`
SHA1	`f60a02dbc380eb75ae2840c8be119b8e271df970`
SHA256	`efcc7e7f841bd3588522a0fee056b2ad1d8f63caae96da7ffae2cd5432021f0b`
SHA3	`30565cf06359bd87c12d665980d2480022bd528cc9390c327619f865e0d0cef4`
VirtualSize	`0x5ef8`
VirtualAddress	`0xe61000`
SizeOfRawData	`0x3a00`
PointerToRawData	`0xe5f400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.40902`

.pdata

MD5	`acc19bb0af4a1ced7616fcfa3f4b15c4`
SHA1	`cbc12c0da1ed44d5450ec7a49ccff4a728e9bbd3`
SHA256	`46892d2b2d5fd6f151a421ab3e9b70e5cbd627da23fb2136ef27a06b913b681a`
SHA3	`25058ef73f26eec6dfeb1e3d74dce333ccd22a4411185a2566b6dddf1ef76781`
VirtualSize	`0x84558`
VirtualAddress	`0xe67000`
SizeOfRawData	`0x84600`
PointerToRawData	`0xe62e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.58341`

.taubndl

MD5	`95362311826eb693dd1e63182e5bbdba`
SHA1	`117684aa6b9469ad061fbd7f1051c026a12f0712`
SHA256	`1ee171adce26fec8d89d8eca1aca3039c7453d704a98cb6011cbf5c7bdb9e072`
SHA3	`5463664e7a81a861fe9fcef6d720cc40f46f2b06068cc2519f9db43778df5b7b`
VirtualSize	`0x10`
VirtualAddress	`0xeec000`
SizeOfRawData	`0x200`
PointerToRawData	`0xee7400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.10191`

.rsrc

MD5	`6c1501b19b45edeaff1b9fbb1c27769f`
SHA1	`d380f5ad1c6ea6ead138a12027dfb3b6a1c5215c`
SHA256	`5aa00f3cbbc584ee4edc0d1414fc2aa2e1ac146e554614a2684539cc3fbb273b`
SHA3	`87205256770e14c943ec953dbb10bc26cf9405639b09bc64ef04c128540f7047`
VirtualSize	`0x101c8`
VirtualAddress	`0xeed000`
SizeOfRawData	`0x10200`
PointerToRawData	`0xee7600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.94881`

.reloc

MD5	`0875cb42c87a649bf1ac7fe9325a702f`
SHA1	`ad1b2516b88ef9ea16c66063d823c27df4c0392e`
SHA256	`819cb7e8f138c1286fb7d085ce9b272adb6e6fc1228f9e5d091a79f2876ba61c`
SHA3	`95cb2c5c2e5955d98fe23de610627d79f6b567efb41ff67e1940730be51d0b41`
VirtualSize	`0xdeb8`
VirtualAddress	`0xefe000`
SizeOfRawData	`0xe000`
PointerToRawData	`0xef7800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.45504`

Imports

KERNEL32.dll	`GetCurrentProcess` `GetModuleHandleW` `GetUserDefaultUILanguage` `LCIDToLocaleName` `CreateJobObjectW` `AssignProcessToJobObject` `GetLastError` `SetInformationJobObject` `QueryFullProcessImageNameW` `CreateToolhelp32Snapshot` `Process32FirstW` `Process32NextW` `GetCurrentThreadId` `InitializeCriticalSectionEx` `EncodePointer` `OpenProcess` `FlsSetValue` `FlsGetValue` `FlsAlloc` `RaiseException` `RtlPcToFileHeader` `RtlUnwindEx` `SetUnhandledExceptionFilter` `InitializeSListHead` `GetSystemTimeAsFileTime` `SleepConditionVariableSRW` `WakeAllConditionVariable` `AcquireSRWLockExclusive` `ReleaseSRWLockExclusive` `DeleteCriticalSection` `TerminateProcess` `FlsFree` `CloseHandle`
VERSION.dll	`VerQueryValueW` `GetFileVersionInfoSizeW` `GetFileVersionInfoW`
USER32.dll	`DispatchMessageW` `SendMessageW` `LoadCursorW` `SetWindowPos` `EnumWindows` `AdjustWindowRectEx` `CreateWindowExW` `IsWindow` `RegisterTouchWindow` `RegisterClassExW` `GetMessageA` `DispatchMessageA` `EnumChildWindows` `IsIconic` `InvalidateRgn` `SetCursorPos` `InvalidateRect` `TranslateMessage` `GetActiveWindow` `GetForegroundWindow` `AdjustWindowRect` `GetWindowThreadProcessId` `IsWindowVisible` `MapVirtualKeyW` `GetMessageW` `DefWindowProcW` `FlashWindowEx` `ChangeDisplaySettingsExW` `SetWindowPlacement` `GetWindowPlacement` `TranslateAcceleratorW` `GetCursorPos` `PostThreadMessageW` `ValidateRect` `SetCursor` `GetUpdateRect` `UpdateWindow` `ClientToScreen` `GetClientRect` `GetWindowLongW` `MonitorFromWindow` `ScreenToClient` `PostMessageW` `MonitorFromRect` `GetMonitorInfoW` `GetSystemMetrics` `FillRect` `SystemParametersInfoW` `TrackMouseEvent` `DestroyWindow` `PeekMessageW` `RedrawWindow` `GetTouchInputInfo` `CloseTouchInputHandle`
ADVAPI32.dll	`OpenProcessToken` `GetTokenInformation`
SHELL32.dll	`ShellExecuteW`
bcryptprimitives.dll	`ProcessPrng`
advapi32.dll	`RegQueryValueExW` `RegCloseKey` `EventUnregister` `RegGetValueW` `RegOpenKeyExW` `EventRegister` `SystemFunction036` `EventWriteTransfer` `EventSetInformation`
ntdll.dll	`RtlGetVersion` `RtlNtStatusToDosError` `NtReadFile` `NtCreateFile` `NtCancelIoFileEx` `NtDeviceIoControlFile` `NtOpenFile` `NtCreateNamedPipeFile` `NtWriteFile`
kernel32.dll	`DuplicateHandle` `SetHandleInformation` `FreeLibrary` `LoadLibraryExW` `HeapFree` `GetProcessHeap` `SetFileTime` `GetModuleFileNameW` `FindNextFileW` `RtlLookupFunctionEntry` `RtlCaptureContext` `GetProcessId` `GetExitCodeProcess` `GetSystemInfo` `QueryPerformanceCounter` `GetSystemTimePreciseAsFileTime` `WriteFileEx` `CreateProcessW` `GetWindowsDirectoryW` `GetSystemDirectoryW` `CompareStringOrdinal` `FreeEnvironmentStringsW` `SleepEx` `ReadFileEx` `WaitForMultipleObjects` `CreateThread` `WaitForSingleObject` `SetWaitableTimer` `CreateWaitableTimerExW` `SetFileInformationByHandle` `LoadLibraryExA` `OutputDebugStringW` `HeapAlloc` `OutputDebugStringA` `GetStdHandle` `WriteConsoleW` `MultiByteToWideChar` `ReleaseMutex` `FormatMessageW` `CancelIo` `CreateMutexA` `QueryPerformanceFrequency` `ExitProcess` `GetTempPathW` `GetFullPathNameW` `SetThreadStackGuarantee` `GetCurrentProcessId` `FindClose` `FindFirstFileExW` `DeleteFileW` `CreateEventW` `SwitchToThread` `WaitForSingleObjectEx` `GetFileInformationByHandleEx` `GetFinalPathNameByHandleW` `CreateDirectoryW` `MoveFileExW` `CreatePipe` `CreateIoCompletionPort` `PostQueuedCompletionStatus` `GetQueuedCompletionStatusEx` `GetOverlappedResult` `ReadFile` `WideCharToMultiByte` `HeapReAlloc` `GetEnvironmentVariableW` `SetFileCompletionNotificationModes` `GetFileAttributesW` `CreateFileW` `GetFileInformationByHandle` `GetConsoleMode` `GetCommandLineW` `AddVectoredExceptionHandler` `lstrlenW` `LoadLibraryA` `LoadLibraryW` `GetConsoleOutputCP` `GetModuleHandleA` `RtlVirtualUnwind` `SetEnvironmentVariableW` `Sleep` `GetEnvironmentStringsW` `GetCurrentDirectoryW` `SetLastError` `GetCurrentThread` `GetProcAddress`
api-ms-win-core-synch-l1-2-0.dll	`WaitOnAddress` `WakeByAddressSingle` `WakeByAddressAll`
ole32.dll	`OleInitialize` `CoCreateFreeThreadedMarshaler` `CoInitializeEx` `CoCreateInstance` `CoInitialize` `RevokeDragDrop` `CoTaskMemAlloc` `RegisterDragDrop` `CoTaskMemFree` `CoUninitialize`
comctl32.dll	`DefSubclassProc` `TaskDialogIndirect` `RemoveWindowSubclass` `SetWindowSubclass`
gdi32.dll	`CreateDIBSection` `SelectObject` `CreateSolidBrush` `BitBlt` `SetBkMode` `SetTextColor` `DeleteDC` `CreateRectRgn` `CombineRgn` `GetDeviceCaps` `DeleteObject` `CreateCompatibleDC`
dwmapi.dll	`DwmGetWindowAttribute` `DwmEnableBlurBehindWindow` `DwmSetWindowAttribute`
shlwapi.dll	`SHCreateMemStream`
shell32.dll	`DragFinish` `SHAppBarMessage` `SHGetKnownFolderPath` `ShellExecuteExW` `ILCreateFromPathW` `ILFree` `SHOpenFolderAndSelectItems` `DragQueryFileW`
user32.dll	`GetSystemMenu` `ShowCursor` `GetMenu` `EnableMenuItem` `GetClipCursor` `ClipCursor` `RegisterRawInputDevices` `ReleaseCapture` `SetCapture` `MsgWaitForMultipleObjectsEx` `RegisterWindowMessageA` `SetParent` `MapWindowPoints` `GetWindow` `SetFocus` `ShowWindow` `ReleaseDC` `EnableWindow` `IsWindowEnabled` `GetWindowRect` `SetWindowLongPtrW` `GetParent` `GetWindowLongPtrW` `SetPropW` `FindWindowExW` `SetWindowRgn` `IsProcessDPIAware` `GetDC` `SetWindowDisplayAffinity` `SetWindowLongW` `DrawTextW` `GetWindowDC` `OffsetRect` `GetMenuBarInfo` `DestroyMenu` `CheckMenuItem` `RemoveMenu` `CreatePopupMenu` `CreateMenu` `SetMenuItemInfoW` `AppendMenuW` `InsertMenuW` `TrackPopupMenu` `PostQuitMessage` `CreateAcceleratorTableW` `DestroyAcceleratorTable` `DrawMenuBar` `SetMenu` `DrawIconEx` `GetMenuItemInfoW` `CreateIcon` `GetKeyboardLayout` `ToUnicodeEx` `GetKeyState` `GetAsyncKeyState` `GetKeyboardState` `MapVirtualKeyExW` `GetRawInputData` `SetWindowTextW` `GetWindowTextW` `GetWindowTextLengthW` `SendInput` `SetForegroundWindow` `DestroyIcon` `EnumDisplayMonitors` `MonitorFromPoint` `SystemParametersInfoA`
oleaut32.dll	`SysFreeString` `GetErrorInfo` `SysStringLen` `SetErrorInfo`
ws2_32.dll	`WSAStartup` `closesocket` `recv` `WSASend` `send` `getsockname` `getpeername` `getsockopt` `accept` `setsockopt` `ioctlsocket` `connect` `WSACleanup` `WSAIoctl` `WSASocketW` `bind` `listen` `shutdown` `WSAGetLastError` `socket` `freeaddrinfo` `getaddrinfo`
bcrypt.dll	`BCryptGenRandom`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr` `pow` `roundf` `trunc` `floor` `round`
api-ms-win-crt-string-l1-1-0.dll	`wcslen` `_wcsicmp` `strcpy_s` `wcscmp` `wcsncat`
api-ms-win-crt-convert-l1-1-0.dll	`_ultow_s` `_wtoi` `wcstol`
api-ms-win-crt-runtime-l1-1-0.dll	`__p___argv` `_initialize_narrow_environment` `__p___argc` `_cexit` `_c_exit` `_register_thread_local_exe_atexit_callback` `_seh_filter_exe` `_set_app_type` `exit` `abort` `_configure_narrow_argv` `_initialize_onexit_table` `terminate` `_crt_atexit` `_exit` `_get_initial_narrow_environment` `_initterm` `_initterm_e` `_register_onexit_function`
api-ms-win-crt-stdio-l1-1-0.dll	`_set_fmode` `__p__commode`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-heap-l1-1-0.dll	`free` `_set_new_mode` `malloc` `_callnewh` `calloc`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x781`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.71661`
Detected Filetype	PNG graphic file
MD5	`0abaa82f3151cbb9989dc7c8d09e726c`
SHA1	`aab1862cc9d4fa41fd6dc6b1087017a5ba9df55e`
SHA256	`28b595d80ddc8075027c76204424c4bd3973b656a9a4737d0cf9d9388c8c565f`
SHA3	`25f1ea8c60f3bb74aaa0605b9fcaa48c7053b33988af10b5bcea0235a040760e`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2c0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.49345`
Detected Filetype	PNG graphic file
MD5	`58ea9b5358839d824dabdb5cac58b10d`
SHA1	`26a69498d18d33161c9e0b96fe5b2cb93ac16619`
SHA256	`76eda79050454904d791b79c08e7b01c7f2438fdfc779b813584b9df220ee528`
SHA3	`0e554444bafbeeb8adf70afce4a88f8421029f3b9b1146b6ccef71d2ab40b559`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4db`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.65934`
Detected Filetype	PNG graphic file
MD5	`84781488ca22eac90f10ab01302e41bc`
SHA1	`2550c48c87f12f18213975fa0cee0b7e9c23b470`
SHA256	`79736f4404cd904fcb610380b41a77be1a7d750e05fa2335be2c82914e4a7d04`
SHA3	`ac117f6f9d40fe064b36bbd5a3204146a5091581e2d818ea1ec4e95b83aefc70`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xe26`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.74627`
Detected Filetype	PNG graphic file
MD5	`f9aecf1b9d5809abb02982388d36ac7d`
SHA1	`31a051d32b5c0bb313b4fe2ac92f77a5b1f4f18c`
SHA256	`eb41dbe368ab3de27fb4cfd1dc837a3976d9e3169b3450ff30c79aa3009260f2`
SHA3	`3e6a3a809d2a9ff9ebcd42c84d926d9dec6151d6a48d7f8bf6be2c41c131aec6`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1687`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.76893`
Detected Filetype	PNG graphic file
MD5	`f03df8aa564a223e2d9bd49c968a6335`
SHA1	`89230b5d5fcd7b7cda2d7a85312f1fe0dcc5500c`
SHA256	`6d8e242d5aec4dffdc7c41854bf056cfee97c89c2579ee7422f263bd69e8fcc5`
SHA3	`c9c697a6a13092d594257aae06eaa85ee279dae618e08133db935dc71535b121`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xc5ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98175`
Detected Filetype	PNG graphic file
MD5	`19efbfb8e7d26c308d61e70daa144e1b`
SHA1	`2c2923136bd6b498f95278d2f56d262164b64729`
SHA256	`2976c9a793dba13afa8225379de661c240f82fa81382fe85098fcc6502b3f48a`
SHA3	`1f414d05d67d59cb547e421cd1f645c543917a5cbcce1a636bfe6143012be65a`

32512

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82432`
Detected Filetype	Icon file
MD5	`a7e9e2ba6bc7219fc8a97849ddb10d51`
SHA1	`a2af623d384d58b6865e946aeeac54bf6bc533ba`
SHA256	`965fa856db4cbd5afd6de5790b6bd85164b8ce64b87136720c61a6a4abfd50ce`
SHA3	`62824e7a262c588095aad8462ef44b5507ecc085a1ace445a8dbd799745ba30a`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1d0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.0791`
MD5	`73d0b2ae0ed21cad624ce12f9f334cee`
SHA1	`b20008098923227d68e197484c11de79b7dbf285`
SHA256	`c7ab28776c3999e6ea2ff2b2fb22f53ecb35598777af4bc774cabae1d0f4de6a`
SHA3	`2417f015bb99851e9368818c7da794a62bdd27ec4586ef592e6235dcc550c6fa`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3ed`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.15085`
MD5	`93e708427dc447c3d28e2b898addd942`
SHA1	`d5cc5a4c0ce823351888a48d83f77cfd1a34751f`
SHA256	`e559a1d13d2305249b65b3e4d97ac70081d590dcfcc3ea108aa8762b9aa2b716`
SHA3	`56cf3c59c3dc764ef15214bcb879a1c0bf251ff91b55d6a39f71052cedfc6c82`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.1.0.0
ProductVersion	0.1.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	madium
FileDescription	Madium
FileVersion (#2)	0.1.0
ProductName	Madium
ProductVersion (#2)	0.1.0

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Apr-11 18:33:37
Version	`0.0`
SizeofData	`35`
AddressOfRawData	`0xc526cc`
PointerToRawData	`0xc518cc`
Referenced File	Madium.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Apr-11 18:33:37
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0xc526f0`
PointerToRawData	`0xc518f0`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Apr-11 18:33:37
Version	`0.0`
SizeofData	`1068`
AddressOfRawData	`0xc52704`
PointerToRawData	`0xc51904`

TLS Callbacks

StartAddressOfRawData	`0x140c52b78`
EndAddressOfRawData	`0x140c52d74`
AddressOfIndex	`0x140e66d90`
AddressOfCallbacks	`0x140979d10`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`0x0000000140908540`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140e647c0`

RICH Header

XOR Key	`0x4a227d70`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`14`
ASM objects (35403)	`9`
C objects (35403)	`13`
C++ objects (35403)	`46`
Imports (30151)	`4`
C objects (35728)	`12`
Imports (33145)	`11`
Total imports	`463`
Unmarked objects (#2)	`674`
Resource objects (35728)	`1`
Linker (35728)	`1`

Errors

Leave a comment

No comments yet.