f473dead1e146586244a431a67b5c16d

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 1970-Jan-01 12:00:32
TLS Callbacks 2 callback(s) detected.
Debug artifacts Embedded COFF debugging symbols

Plugin Output

Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Suspicious The PE is possibly packed. Unusual section name found: .xdata
Suspicious The file contains overlay data. 2186 bytes of data starting at offset 0x15800.
Safe VirusTotal score: 0/67 (Scanned on 2017-11-13 16:41:32) All the AVs think this file is safe.

Hashes

MD5 f473dead1e146586244a431a67b5c16d
SHA1 c0e55473bb3f340ac0cb0b3c7a554bcc8388f201
SHA256 cf80e028e1605115ceb1e481f722e1a3025489b46031499580b41f6a52353ede
SHA3 fa1db24bb64da8d68798f6c14928e529b2bdf20be97816bf3467ab59102414ad
SSDeep 1536:haL65D3KjLTpgF/jXUjBsZKyy7l+pqnToIf/IOlIOqN6ewUtCGFB:C65MTu/4j2ZKy+9TBfxvqN6ewUsGFB
Imports Hash 83ff66653eb9935239345e3840159610

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 11
TimeDateStamp 1970-Jan-01 12:00:32
PointerToSymbolTable 0x15800
NumberOfSymbols 59
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED

Image Optional Header

Magic PE32+
LinkerVersion 2.0
SizeOfCode 0xda00
SizeOfInitializedData 0x15400
SizeOfUninitializedData 0xa00
AddressOfEntryPoint 0x00000000000013D0 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x62e80000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 5.2
Win32VersionValue 0
SizeOfImage 0x1d000
SizeOfHeaders 0x400
Checksum 0x25b66
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 032c49a8fe07fad2940ac7d2712ef250
SHA1 731d28cf75d242acaa5180a7abfff5bc1d19f63b
SHA256 2b6a9f861d9d6c15f6c1c9f03b3c1ce5ff9489d233becdd2491abe48fdd8be11
SHA3 cc6cf4378556f5dc5084c5cb9a2fcfce3393b637d0bc6137cc0c3ed03d2a31c7
VirtualSize 0xd898
VirtualAddress 0x1000
SizeOfRawData 0xda00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.27568

.data

MD5 18eaf791f2c3fdcdddd4e91f01a3d48a
SHA1 3f0663228de4c30ce44754738d40bc1a1b88b0e3
SHA256 6401ae25119a53e01c5bb0aafdd58a4a114774113bdb0dde5d63a74dc8fe6aad
SHA3 509142b9119db944e9f23d0adb9320a1e030f0172d774fb8c730a5b1ddf58c0b
VirtualSize 0xb8
VirtualAddress 0xf000
SizeOfRawData 0x200
PointerToRawData 0xde00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.978728

.rdata

MD5 77c046b2b86d233ab14f8f0a2007cdcf
SHA1 d2ecf7554c2b0a06817610015169a7f8f9d5217e
SHA256 4821b0c27b04ebba5e37a5c7fa06934c677352c9e5ed37fee48ac92f72eab42e
SHA3 bb3500108c1ac23e74b13bcca6154782725382d6d55853b57f832d1f744dcefd
VirtualSize 0x4fb0
VirtualAddress 0x10000
SizeOfRawData 0x5000
PointerToRawData 0xe000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.66602

.pdata

MD5 c5a238381fd576da03858b036777b16d
SHA1 73c892a7eaf17ae5c3b9bc8345e7cd8fc13e1531
SHA256 9f49cff6ca1d2012d2d33f09abea6593808e86d2bbbe1ca63e5d5eac79290da2
SHA3 408f82c2c9b754d2c306d931c5931b3fd172d32ea55713094d685c2d02fdc756
VirtualSize 0x78c
VirtualAddress 0x15000
SizeOfRawData 0x800
PointerToRawData 0x13000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.53403

.xdata

MD5 341c58a169a7b312d161d468bb57ae69
SHA1 9702bfe34041bee0b3407ea4a227c8e7308aa9fa
SHA256 8e7fed89cc21a20bc245cb385dd016daa39e4049a506f05edeead6bf881ca184
SHA3 b6a6a9498f6c2bdb09c7880f8ccd5261649eee81ce5a30e5d359e1e30b5ee9ff
VirtualSize 0x6ac
VirtualAddress 0x16000
SizeOfRawData 0x800
PointerToRawData 0x13800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.71352

.bss

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x930
VirtualAddress 0x17000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata

MD5 cb4a6e7df8ccee90fbd70a1377924d1c
SHA1 e88e17a17b32c59e552cd5b3cb30efc5a44455b4
SHA256 b4b58becfc67026146785ed0aaf478be41949e72e802de800f80e40ffdcc1cc9
SHA3 d58373f9492881ab0e8e140adc7736107c71b40a9831a7823a556ff3f5a33425
VirtualSize 0x82c
VirtualAddress 0x18000
SizeOfRawData 0xa00
PointerToRawData 0x14000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.6736

.idata

MD5 d1c3675047ffe206d10d1c40f534c600
SHA1 a53e740c9cca8cbc9445cd2d3bedce8a7bd5afba
SHA256 88c2d5c66f7fdd935aba74e5631c140e308e0d58ee05b8f3ebfc3e023499ecb8
SHA3 38bb4acb9ab6b0863d405543b16ec4aebd9de9e568ff7b4573a3cebd6d2a2268
VirtualSize 0x7cc
VirtualAddress 0x19000
SizeOfRawData 0x800
PointerToRawData 0x14a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.27147

.CRT

MD5 b7958996acbd725b71800c32dc497b6d
SHA1 ecc1ba6a89eb4e69f62a74e8b2bc31beeaddacb8
SHA256 700f53bbd361f870dd32bd93a423c563b09a3b06124cae5a2f5f2b85707af392
SHA3 c14e2b9b6d3282af394337a8130c4204076df99398026eab4f11fe642d55dfaa
VirtualSize 0x58
VirtualAddress 0x1a000
SizeOfRawData 0x200
PointerToRawData 0x15200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.201539

.tls

MD5 6f26eebd995c7d7f828a4e08cbdfb854
SHA1 c1be08d35223fa3ff0f8b908b2d45820df5688d9
SHA256 350b40c429d4488fe28f466fa379626679232fa7bac31378e87781672242c51e
SHA3 20d4728198d2bc02716f7fb936448481510ea0473e72257f71bd1fbd72cf9993
VirtualSize 0x68
VirtualAddress 0x1b000
SizeOfRawData 0x200
PointerToRawData 0x15400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.270157

.reloc

MD5 df913045b151f7a3231b5cc3a3e4509c
SHA1 0b9191b9051bfdfcd72b38b632e83be3cbbc75c7
SHA256 40d19ef0515c28893811382aff1733ae37e7a9be1be227212f43449b78f77f6d
SHA3 c78fd2147a6d71c6d7b3409dd9164c691fda5318b6c90f394306993cec387605
VirtualSize 0xac
VirtualAddress 0x1c000
SizeOfRawData 0x200
PointerToRawData 0x15600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 1.98996

Imports

KERNEL32.dll DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
msvcrt.dll __dllonexit
__iob_func
_amsg_exit
_close
_errno
_initterm
_lock
_lseeki64
_onexit
_open
_read
_unlock
_vsnprintf
_wopen
_write
abort
calloc
free
fwrite
malloc
memchr
memcpy
memset
signal
strerror
strlen
strncmp
vfprintf
wcstombs

Delayed Imports

_dist_code

Ordinal 1
Address 0x13a40

_length_code

Ordinal 2
Address 0x13940

_tr_align

Ordinal 3
Address 0xa880

_tr_flush_bits

Ordinal 4
Address 0xa870

_tr_flush_block

Ordinal 5
Address 0xa990

_tr_init

Ordinal 6
Address 0xa630

_tr_stored_block

Ordinal 7
Address 0xa730

_tr_tally

Ordinal 8
Address 0xb050

adler32

Ordinal 9
Address 0x1560

adler32_combine

Ordinal 10
Address 0x1930

adler32_combine64

Ordinal 11
Address 0x1950

compress

Ordinal 12
Address 0xb210

compress2

Ordinal 13
Address 0xb150

compressBound

Ordinal 14
Address 0xb230

crc32

Ordinal 15
Address 0x1b10

crc32_combine

Ordinal 16
Address 0x1e00

crc32_combine64

Ordinal 17
Address 0x1e10

deflate

Ordinal 18
Address 0x36d0

deflateBound

Ordinal 19
Address 0x35b0

deflateCopy

Ordinal 20
Address 0x4cf0

deflateEnd

Ordinal 21
Address 0x4900

deflateInit2_

Ordinal 22
Address 0x49e0

deflateInit_

Ordinal 23
Address 0x4cb0

deflateParams

Ordinal 24
Address 0x47c0

deflatePending

Ordinal 25
Address 0x3480

deflatePrime

Ordinal 26
Address 0x34c0

deflateReset

Ordinal 27
Address 0x3370

deflateResetKeep

Ordinal 28
Address 0x32a0

deflateSetDictionary

Ordinal 29
Address 0x3080

deflateSetHeader

Ordinal 30
Address 0x3450

deflateTune

Ordinal 31
Address 0x3570

deflate_copyright

Ordinal 32
Address 0x120e0

get_crc_table

Ordinal 33
Address 0x1b00

gz_error

Ordinal 34
Address 0xb520

gzbuffer

Ordinal 35
Address 0xb350

gzclearerr

Ordinal 36
Address 0xba30

gzclose

Ordinal 37
Address 0xb310

gzclose_r

Ordinal 38
Address 0xc7c0

gzclose_w

Ordinal 39
Address 0xd130

gzdirect

Ordinal 40
Address 0xc780

gzdopen

Ordinal 41
Address 0xb9b0

gzeof

Ordinal 42
Address 0xb4b0

gzerror

Ordinal 43
Address 0xb4d0

gzflush

Ordinal 44
Address 0xd000

gzgetc

Ordinal 45
Address 0xc460

gzgetc_

Ordinal 46
Address 0xc4e0

gzgets

Ordinal 47
Address 0xc630

gzoffset

Ordinal 48
Address 0xb490

gzoffset64

Ordinal 49
Address 0xb430

gzopen

Ordinal 50
Address 0xb9a0

gzopen64

Ordinal 51
Address 0xb990

gzopen_w

Ordinal 52
Address 0xba20

gzprintf

Ordinal 53
Address 0xcfd0

gzputc

Ordinal 54
Address 0xcd60

gzputs

Ordinal 55
Address 0xce50

gzread

Ordinal 56
Address 0xc2c0

gzrewind

Ordinal 57
Address 0xba80

gzseek

Ordinal 58
Address 0xbcb0

gzseek64

Ordinal 59
Address 0xbb30

gzsetparams

Ordinal 60
Address 0xd070

gztell

Ordinal 61
Address 0xb3e0

gztell64

Ordinal 62
Address 0xb3a0

gzungetc

Ordinal 63
Address 0xc4f0

gzvprintf

Ordinal 64
Address 0xceb0

gzwrite

Ordinal 65
Address 0xcd40

inflate

Ordinal 66
Address 0x6bd0

inflateBack

Ordinal 67
Address 0x5040

inflateBackEnd

Ordinal 68
Address 0x6170

inflateBackInit_

Ordinal 69
Address 0x4f40

inflateCopy

Ordinal 70
Address 0x8b90

inflateEnd

Ordinal 71
Address 0x8790

inflateGetDictionary

Ordinal 72
Address 0x87f0

inflateGetHeader

Ordinal 73
Address 0x8910

inflateInit2_

Ordinal 74
Address 0x6a50

inflateInit_

Ordinal 75
Address 0x6b50

inflateMark

Ordinal 76
Address 0x8db0

inflatePrime

Ordinal 77
Address 0x6b60

inflateReset

Ordinal 78
Address 0x6980

inflateReset2

Ordinal 79
Address 0x69c0

inflateResetKeep

Ordinal 80
Address 0x68d0

inflateSetDictionary

Ordinal 81
Address 0x8870

inflateSync

Ordinal 82
Address 0x8940

inflateSyncPoint

Ordinal 83
Address 0x8b50

inflateUndermine

Ordinal 84
Address 0x8d80

inflate_copyright

Ordinal 85
Address 0x13800

inflate_fast

Ordinal 86
Address 0x61b0

inflate_table

Ordinal 87
Address 0x8e10

uncompress

Ordinal 88
Address 0xb250

zError

Ordinal 89
Address 0xb110

z_errmsg

Ordinal 90
Address 0x14340

zcalloc

Ordinal 91
Address 0xb130

zcfree

Ordinal 92
Address 0xb140

zlibCompileFlags

Ordinal 93
Address 0xb100

zlibVersion

Ordinal 94
Address 0xb0f0

Version Info

TLS Callbacks

StartAddressOfRawData 0x62e9b000
EndAddressOfRawData 0x62e9b060
AddressOfIndex 0x62e975ac
AddressOfCallbacks 0x62e9a030
SizeOfZeroFill 0
Characteristics IMAGE_SCN_TYPE_REG
Callbacks 0x0000000062E8D5B0
0x0000000062E8D580

Load Configuration

RICH Header

Errors

[*] Warning: COFF String Table's reported size is bigger than the remaining bytes! [*] Warning: Section .bss has a size of 0!
<-- -->