Manalyze report for f9dbb84397a3ec74802e0457bdb54bd2

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-May-20 01:16:27
Detected languages	Chinese - Taiwan English - United States

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Looks for Qemu presence: QEMu`
Info	Libraries used to perform cryptographic operations:	`Microsoft's Cryptography API`
Suspicious	This PE is packed with VMProtect	`Unusual section name found: .vmp0` `Unusual section name found: .vmp1`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryW LoadLibraryExW LoadLibraryExA` `Functions which can be used for anti-debugging purposes: SwitchToThread FindWindowW CreateToolhelp32Snapshot` `Code injection capabilities: VirtualAlloc OpenProcess WriteProcessMemory` `Code injection capabilities (PowerLoader): GetWindowLongW FindWindowW` `Can access the registry: RegCloseKey RegSetValueExW RegCreateKeyW RegOpenKeyW RegOpenKeyExW RegQueryValueExW` `Possibly launches other programs: CreateProcessW ShellExecuteW` `Uses Windows's Native API: NtClose NtWriteFile NtCreateFile ZwLoadDriver` `Uses Microsoft's cryptographic API: CryptAcquireContextW CryptGenRandom CryptReleaseContext CryptAcquireContextA` `Can create temporary files: CreateFileW GetTempPathW CreateFileA GetTempPathA` `Uses functions commonly found in keyloggers: GetForegroundWindow GetAsyncKeyState CallNextHookEx MapVirtualKeyW` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Has Internet access capabilities: InternetCloseHandle InternetReadFile InternetQueryOptionW InternetErrorDlg InternetConnectA InternetOpenA InternetSetOptionW` `Leverages the raw socket API to access the Internet: WSASocketW WSAIoctl #2 WSARecv #13 #3 #10 WSARecvFrom #112 #18 #22 #9 #115 FreeAddrInfoW GetAddrInfoW #7 #21 #111 #16 #4 #23 #19 #11 WSASend` `Functions related to the privilege level: CheckTokenMembership AdjustTokenPrivileges OpenProcessToken` `Enumerates local disk drives: GetVolumeInformationW GetLogicalDriveStringsW` `Manipulates other processes: OpenProcess WriteProcessMemory` `Changes object ACLs: SetFileSecurityW` `Can take screenshots: GetDC FindWindowW CreateCompatibleDC BitBlt` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`f9dbb84397a3ec74802e0457bdb54bd2`
SHA1	`dc2460fcf38d235a568048f4f56b031ec1b0db15`
SHA256	`25bc1b42460b228c3ab06a487d62cfe6f9a329337e3e107387eaa4411f290f50`
SHA3	`26802de02fdaa3ea67569ae79380ad5be539789853021208ed9ea52b14633293`
SSDeep	`393216:Ev6e5puB2PntHfiMW6fXEZy4KMY2iuLFpiTD:gSB2/8M0Z5Lu`
Imports Hash	`3297a16613ebbb3f20b079a8c9b08eee`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`8`
TimeDateStamp	2020-May-20 01:16:27
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x5d5600`
SizeOfInitializedData	`0xcf1000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000017FBE2B (Section: .vmp1)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x267e000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x5d5488`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.rdata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x196ade`
VirtualAddress	`0x5d7000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.data

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x67000`
VirtualAddress	`0x76e000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.pdata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x35940`
VirtualAddress	`0x7d5000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

_RDATA

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x94`
VirtualAddress	`0x80b000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.vmp0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xef5219`
VirtualAddress	`0x80c000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`

.vmp1

MD5	`3bcf2f105099e6b94dbaefe66dd6eb4c`
SHA1	`0b4156c345b18a26be7d80a816bca89f754d72c5`
SHA256	`e4d2fe37defb79e293a70ccac82013e3c2427c879c4f3baf92a2dc802723fd2c`
SHA3	`474b53052b63dcafc6fe7bdadea72064d689d30e65d2bff2e9ada6cbd43f49a6`
VirtualSize	`0xf77434`
VirtualAddress	`0x1702000`
SizeOfRawData	`0xf77600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`7.97678`

.rsrc

MD5	`8c560b6d5093a51dbdeb3fab73803d55`
SHA1	`5cdab701d580180bfa94c0017b2e64795cb79644`
SHA256	`ff0186844f7c30f59624d6779df5bf100148a219824ff498ce2efe1005674844`
SHA3	`e153336e6b6cab3fe232332363162180485d725b63629c66c0e7ab4c9deea4ca`
VirtualSize	`0x34b0`
VirtualAddress	`0x267a000`
SizeOfRawData	`0x3600`
PointerToRawData	`0xf77a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.52008`

Imports

KERNEL32.dll	`ExitProcess` `GetLastError` `FreeLibrary` `GetProcessHeap` `GetProcAddress` `HeapAlloc` `LoadLibraryA` `VirtualAlloc` `lstrlenW` `CreateFileW` `SetLastError` `HeapFree` `LocalFree` `FindResourceW` `GetCurrentProcess` `TerminateProcess` `GetModuleFileNameW` `GetTempPathW` `FindClose` `VirtualFree` `Sleep` `RtlUnwind` `GetVolumeInformationW` `SetUnhandledExceptionFilter` `GetTickCount` `GetTempFileNameW` `WideCharToMultiByte` `CopyFileW` `CreateProcessW` `GetCurrentProcessId` `GetWindowsDirectoryW` `CloseHandle` `CreateThread` `LoadLibraryW` `DeleteFileW` `MultiByteToWideChar` `OpenProcess` `ResumeThread` `K32GetProcessImageFileNameW` `GetCurrentThreadId` `CreateJobObjectW` `AssignProcessToJobObject` `SetInformationJobObject` `ReadDirectoryChangesW` `SetConsoleCursorPosition` `FillConsoleOutputAttribute` `WriteConsoleInputW` `CreateFileA` `FillConsoleOutputCharacterW` `SetConsoleCursorInfo` `GetConsoleCursorInfo` `SetConsoleTextAttribute` `GetConsoleScreenBufferInfo` `DebugBreak` `FormatMessageA` `ConnectNamedPipe` `WaitNamedPipeW` `GetNamedPipeHandleStateA` `QueueUserWorkItem` `CreateNamedPipeW` `CreateNamedPipeA` `SetNamedPipeHandleState` `SetHandleInformation` `CancelIo` `CreateIoCompletionPort` `PostQueuedCompletionStatus` `GetFileAttributesW` `GetSystemDirectoryW` `MoveFileExW` `FindFirstFileW` `GetModuleHandleW` `GetCurrentDirectoryW` `K32EnumProcesses` `DeviceIoControl` `LoadResource` `LockResource` `GetCommandLineW` `SizeofResource` `GetQueuedCompletionStatus` `SetErrorMode` `CreateEventA` `CreateSemaphoreA` `WaitForMultipleObjects` `lstrcmpW` `WriteConsoleW` `GetFileAttributesExW` `HeapSize` `GetExitCodeProcess` `ReadConsoleInputW` `GetNumberOfConsoleInputEvents` `SetConsoleMode` `SetEnvironmentVariableW` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `FormatMessageW` `WaitForSingleObjectEx` `SwitchToThread` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `CreateEventW` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `GetSystemTimeAsFileTime` `EncodePointer` `DecodePointer` `QueryPerformanceCounter` `QueryPerformanceFrequency` `CompareStringW` `LCMapStringW` `GetLocaleInfoW` `GetStringTypeW` `GetCPInfo` `SetEvent` `ResetEvent` `UnhandledExceptionFilter` `IsProcessorFeaturePresent` `IsDebuggerPresent` `GetStartupInfoW` `InitializeSListHead` `InitializeCriticalSection` `GetStdHandle` `GetFileType` `WriteFile` `GlobalMemoryStatus` `FlushConsoleInputBuffer` `RtlUnwindEx` `RtlPcToFileHeader` `RaiseException` `LoadLibraryExW` `GetThreadTimes` `WaitForSingleObject` `AreFileApisANSI` `GetFullPathNameW` `FoldStringW` `IsDBCSLeadByte` `SetConsoleCtrlHandler` `FileTimeToLocalFileTime` `LocalFileTimeToFileTime` `GetSystemTime` `SystemTimeToTzSpecificLocalTime` `TzSpecificLocalTimeToSystemTime` `FileTimeToSystemTime` `SystemTimeToFileTime` `CompareStringA` `GetVersionExW` `CreateDirectoryW` `SetFileAttributesW` `SetFileTime` `MoveFileW` `FindNextFileW` `GetCurrentThread` `SetThreadPriority` `SetThreadExecutionState` `ReleaseSemaphore` `GetProcessAffinityMask` `CreateSemaphoreW` `FlushFileBuffers` `ReadFile` `SetEndOfFile` `SetFilePointer` `GetConsoleMode` `GetLongPathNameW` `GetShortPathNameW` `RemoveDirectoryW` `CreateHardLinkW` `GetTickCount64` `GetModuleHandleA` `GlobalUnlock` `GlobalLock` `GlobalSize` `MulDiv` `GlobalFree` `GlobalAlloc` `LocalAlloc` `LocalSize` `GetModuleFileNameA` `LoadLibraryExA` `GetEnvironmentVariableW` `InitializeCriticalSectionEx` `GetTempPathA` `GetTempFileNameA` `GetUserDefaultLCID` `GetNumberFormatW` `GetCurrencyFormatW` `GetTimeFormatW` `VerSetConditionMask` `GetComputerNameW` `VerifyVersionInfoW` `GetDateFormatW` `OutputDebugStringW` `GetTimeZoneInformation` `UnmapViewOfFile` `FlushViewOfFile` `GetFileSize` `CreateFileMappingW` `MapViewOfFile` `AllocConsole` `GetThreadPriority` `RegisterWaitForSingleObject` `UnregisterWait` `FreeLibraryAndExitThread` `DuplicateHandle` `UnregisterWaitEx` `GetModuleHandleExW` `GetFileInformationByHandle` `PeekNamedPipe` `ExitThread` `GetConsoleCP` `HeapReAlloc` `IsValidLocale` `EnumSystemLocalesW` `SetFilePointerEx` `ReadConsoleW` `GetFileSizeEx` `SetStdHandle` `FindFirstFileExW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCommandLineA` `GetLogicalDriveStringsW`
USER32.dll	`ShowWindow` `PostMessageW` `GetMessageW` `MessageBoxW` `wsprintfW` `GetWindowPlacement` `IsWindowVisible` `AnimateWindow` `SetWindowPos` `GetWindowRect` `SetWindowLongW` `GetWindowLongW` `TranslateMessage` `DispatchMessageW` `GetProcessWindowStation` `GetUserObjectInformationW` `GetDC` `ReleaseDC` `CharToOemA` `OemToCharA` `OemToCharBuffA` `CharUpperW` `CharLowerW` `CharToOemBuffW` `UpdateLayeredWindow` `SetCursor` `MapWindowPoints` `UpdateWindow` `EndPaint` `BeginPaint` `SetForegroundWindow` `GetForegroundWindow` `SetFocus` `GetFocus` `DestroyIcon` `KillTimer` `GetParent` `IsWindow` `SendMessageW` `InvalidateRect` `GetClientRect` `GetSystemMetrics` `AdjustWindowRectEx` `CreateWindowExW` `DestroyWindow` `GetWindow` `EnableWindow` `PeekMessageW` `LoadIconW` `LoadCursorW` `RegisterClassExW` `PostQuitMessage` `DefWindowProcW` `GetCursorPos` `GetDesktopWindow` `MoveWindow` `IsWindowEnabled` `RegisterClassW` `RedrawWindow` `WindowFromPoint` `GetWindowLongPtrW` `SetWindowLongPtrW` `GetWindowThreadProcessId` `GetWindowTextW` `ReleaseCapture` `RegisterWindowMessageW` `IsWindowUnicode` `SystemParametersInfoW` `GetClassLongW` `SetWindowsHookExW` `EnumThreadWindows` `EndDeferWindowPos` `SetCapture` `GetUpdateRect` `IsRectEmpty` `GetMessageTime` `UnhookWindowsHookEx` `GetSysColor` `GetDoubleClickTime` `CallMsgFilterW` `IsChild` `ClientToScreen` `GetMonitorInfoW` `SetTimer` `GetCapture` `GetAsyncKeyState` `BeginDeferWindowPos` `SetClassLongW` `GetActiveWindow` `GetScrollInfo` `NotifyWinEvent` `SetWindowTextW` `CallNextHookEx` `ScreenToClient` `MonitorFromWindow` `MonitorFromPoint` `GetMessageExtraInfo` `GetKeyState` `DeferWindowPos` `SetScrollInfo` `EnumDisplayDevicesW` `EnumDisplayMonitors` `DestroyCaret` `FindWindowW` `GetKeyboardLayout` `CreateCaret` `SetCaretPos` `RegisterClipboardFormatW` `OpenClipboard` `EmptyClipboard` `CloseClipboard` `CountClipboardFormats` `EnumClipboardFormats` `SetClipboardData` `IsClipboardFormatAvailable` `GetClipboardData` `GetClipboardSequenceNumber` `LoadStringW` `MessageBeep` `DestroyCursor` `LoadCursorFromFileA` `CreateIconIndirect` `GetIconInfo` `DrawIconEx` `MessageBoxA` `GetQueueStatus` `PostThreadMessageW` `MsgWaitForMultipleObjects` `SetWinEventHook` `DispatchMessageA` `MapVirtualKeyW` `GetMessageA` `SetActiveWindow`
GDI32.dll	`GetObjectW` `DeleteDC` `SelectObject` `CreateDIBSection` `CreateCompatibleDC` `SetLayout` `GetClipBox` `SaveDC` `SetViewportOrgEx` `RestoreDC` `BitBlt` `GetStockObject` `GetDIBits` `StartDocW` `SetMapMode` `CreateDCW` `EndDoc` `StartPage` `AddFontMemResourceEx` `GetGlyphIndicesW` `GetObjectA` `CreateFontW` `EnumFontFamiliesExW` `GetFontUnicodeRanges` `GetDeviceCaps` `DeleteObject` `EndPage` `CreateBitmap`
ADVAPI32.dll	`RegCloseKey` `GetUserNameW` `SetFileSecurityW` `FreeSid` `CheckTokenMembership` `LookupPrivilegeValueW` `AdjustTokenPrivileges` `RegSetValueExW` `OpenProcessToken` `RegCreateKeyW` `RegOpenKeyW` `AllocateAndInitializeSid` `RegOpenKeyExW` `CryptAcquireContextW` `CryptGenRandom` `CryptReleaseContext` `DeregisterEventSource` `RegisterEventSourceW` `ReportEventW` `RegQueryValueExW` `CryptAcquireContextA`
SHELL32.dll	`ShellExecuteW` `SHGetFileInfoW` `SHBrowseForFolderW` `Shell_NotifyIconW` `#74` `DragQueryFileW` `SHGetSpecialFolderPathW` `SHGetPathFromIDListW` `ShellExecuteExW` `CommandLineToArgvW` `#727`
ole32.dll	`CreateStreamOnHGlobal` `ReleaseStgMedium` `OleUninitialize` `OleInitialize` `CoTaskMemAlloc` `DoDragDrop` `RevokeDragDrop` `CoUninitialize` `RegisterDragDrop` `CoCreateInstance` `CoTaskMemFree` `CoCreateGuid` `CoInitialize` `CoFreeUnusedLibraries`
WS2_32.dll	`WSASocketW` `WSAIoctl` `#2` `WSARecv` `#13` `#3` `#10` `WSARecvFrom` `#112` `#18` `#22` `#9` `#115` `FreeAddrInfoW` `GetAddrInfoW` `#7` `#21` `#111` `#16` `#4` `#23` `#19` `#11` `WSASend`
ntdll.dll	`NtClose` `LdrFindResource_U` `RtlDosPathNameToNtPathName_U` `RtlInitUnicodeString` `RtlFreeUnicodeString` `NtWriteFile` `NtCreateFile` `LdrAccessResource` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `ZwLoadDriver`
SHLWAPI.dll	`PathFindFileNameW` `PathAppendW` `PathFileExistsW` `PathRemoveExtensionW` `PathCombineW`
urlmon.dll	`FindMimeFromData`
OLEACC.dll	`AccessibleObjectFromWindow` `LresultFromObject`
UxTheme.dll	`SetWindowTheme` `IsThemeBackgroundPartiallyTransparent` `GetThemePartSize` `DrawThemeBackground` `CloseThemeData` `OpenThemeData`
IMM32.dll	`ImmGetCompositionStringW` `ImmSetCandidateWindow` `ImmReleaseContext` `ImmAssociateContextEx` `ImmNotifyIME` `ImmIsIME` `ImmGetContext`
COMCTL32.dll	`ImageList_DrawEx` `ImageList_GetIconSize` `ImageList_Destroy`
WINMM.dll	`PlaySoundW` `timeGetTime` `timeSetEvent` `timeEndPeriod` `timeKillEvent` `timeBeginPeriod`
USP10.dll	`ScriptBreak` `ScriptItemize` `ScriptApplyDigitSubstitution` `ScriptFreeCache` `ScriptShape` `ScriptPlace`
WINSPOOL.DRV	`#203`
COMDLG32.dll	`PrintDlgW` `GetOpenFileNameW` `GetSaveFileNameW` `CommDlgExtendedError`
OLEAUT32.dll	`#6` `#16` `#26` `#411` `#4`
gdiplus.dll	`GdipGetEmHeight` `GdipGetCellDescent` `GdipDrawString` `GdipAddPathString` `GdipGetFontSize` `GdipCreatePen2` `GdipSetPenEndCap` `GdipSetPenStartCap` `GdipSetPenLineJoin` `GdipSetPenMiterLimit` `GdipGetFontStyle` `GdipSetPenDashStyle` `GdipSetPenDashArray` `GdipSetPenDashOffset` `GdipDeleteFont` `GdipCreateFontFromDC` `GdipGetLineSpacing` `GdipCreateFontFromLogfontA` `GdiplusShutdown` `GdiplusStartup` `GdipCreateBitmapFromGraphics` `GdipDrawImageI` `GdipCreateHBITMAPFromBitmap` `GdipDrawDriverString` `GdipGetCellAscent` `GdipGetFamily` `GdipBitmapLockBits` `GdipBitmapUnlockBits` `GdipAlloc` `GdipFree` `GdipCreateBitmapFromScan0` `GdipCloneImage` `GdipDisposeImage` `GdipCreateSolidFill` `GdipDeleteBrush` `GdipCloneBrush` `GdipFillRectangleI` `GdipCreatePath` `GdipDeletePath` `GdipAddPathArcI` `GdipAddPathLineI` `GdipFillPath` `GdipGetClipBoundsI` `GdipCreateLineBrush` `GdipMultiplyLineTransform` `GdipCreateMatrix2` `GdipSetLinePresetBlend` `GdipSetLineWrapMode` `GdipAddPathEllipse` `GdipCreatePathGradientFromPath` `GdipSetPathGradientPresetBlend` `GdipSetPathGradientWrapMode` `GdipSetPathGradientCenterPoint` `GdipSetPathGradientTransform` `GdipCreatePen1` `GdipDeletePen` `GdipDrawPath` `GdipFillRectanglesI` `GdipDrawLine` `GdipSetClipRectI` `GdipTranslateWorldTransform` `GdipGetSmoothingMode` `GdipSaveGraphics` `GdipRestoreGraphics` `GdipBeginContainer2` `GdipGetImageGraphicsContext` `GdipGraphicsClear` `GdipGetPathWorldBounds` `GdipClonePath` `GdipSetClipRect` `GdipAddPathRectangleI` `GdipGetImageHeight` `GdipGetImageWidth` `GdipDeleteGraphics` `GdipSetSmoothingMode` `GdipEndContainer` `GdipCreateImageAttributes` `GdipDisposeImageAttributes` `GdipSetImageAttributesColorMatrix` `GdipDrawImageRectRect` `GdipTransformPoints` `GdipMultiplyWorldTransform` `GdipCreateMatrix` `GdipDeleteMatrix` `GdipGetWorldTransform` `GdipGetMatrixElements` `GdipTranslateMatrix` `GdipRotateMatrix` `GdipScaleMatrix` `GdipShearMatrix` `GdipCreateTexture` `GdipFillEllipse` `GdipDrawEllipse` `GdipFillPie` `GdipDrawPie` `GdipDrawArc` `GdipFillRectangle` `GdipDrawRectangle` `GdipResetPath` `GdipIsVisiblePathPoint` `GdipStartPathFigure` `GdipAddPathLine` `GdipClosePathFigure` `GdipSetPathFillMode` `GdipAddPathArc` `GdipAddPathBezier` `GdipSetPageUnit` `GdipSetCompositingQuality` `GdipSetPixelOffsetMode` `GdipSetInterpolationMode` `GdipSetTextRenderingHint` `GdipCreateFromHWND` `GdipCreateFromHDC` `GdipCreateStringFormat` `GdipDeleteStringFormat` `GdipSetStringFormatAlign` `GdipSetStringFormatLineAlign` `GdipSetStringFormatTrimming` `GdipGetFontHeightGivenDPI` `GdipMeasureString` `GdipDeleteFontFamily`
WININET.dll	`InternetCloseHandle` `InternetReadFile` `InternetQueryOptionW` `HttpQueryInfoA` `InternetErrorDlg` `HttpSendRequestA` `InternetConnectA` `InternetOpenA` `InternetSetOptionW` `HttpQueryInfoW` `HttpOpenRequestA`
WTSAPI32.dll	`WTSSendMessageW`
KERNEL32.dll (#2)	`ExitProcess` `GetLastError` `FreeLibrary` `GetProcessHeap` `GetProcAddress` `HeapAlloc` `LoadLibraryA` `VirtualAlloc` `lstrlenW` `CreateFileW` `SetLastError` `HeapFree` `LocalFree` `FindResourceW` `GetCurrentProcess` `TerminateProcess` `GetModuleFileNameW` `GetTempPathW` `FindClose` `VirtualFree` `Sleep` `RtlUnwind` `GetVolumeInformationW` `SetUnhandledExceptionFilter` `GetTickCount` `GetTempFileNameW` `WideCharToMultiByte` `CopyFileW` `CreateProcessW` `GetCurrentProcessId` `GetWindowsDirectoryW` `CloseHandle` `CreateThread` `LoadLibraryW` `DeleteFileW` `MultiByteToWideChar` `OpenProcess` `ResumeThread` `K32GetProcessImageFileNameW` `GetCurrentThreadId` `CreateJobObjectW` `AssignProcessToJobObject` `SetInformationJobObject` `ReadDirectoryChangesW` `SetConsoleCursorPosition` `FillConsoleOutputAttribute` `WriteConsoleInputW` `CreateFileA` `FillConsoleOutputCharacterW` `SetConsoleCursorInfo` `GetConsoleCursorInfo` `SetConsoleTextAttribute` `GetConsoleScreenBufferInfo` `DebugBreak` `FormatMessageA` `ConnectNamedPipe` `WaitNamedPipeW` `GetNamedPipeHandleStateA` `QueueUserWorkItem` `CreateNamedPipeW` `CreateNamedPipeA` `SetNamedPipeHandleState` `SetHandleInformation` `CancelIo` `CreateIoCompletionPort` `PostQueuedCompletionStatus` `GetFileAttributesW` `GetSystemDirectoryW` `MoveFileExW` `FindFirstFileW` `GetModuleHandleW` `GetCurrentDirectoryW` `K32EnumProcesses` `DeviceIoControl` `LoadResource` `LockResource` `GetCommandLineW` `SizeofResource` `GetQueuedCompletionStatus` `SetErrorMode` `CreateEventA` `CreateSemaphoreA` `WaitForMultipleObjects` `lstrcmpW` `WriteConsoleW` `GetFileAttributesExW` `HeapSize` `GetExitCodeProcess` `ReadConsoleInputW` `GetNumberOfConsoleInputEvents` `SetConsoleMode` `SetEnvironmentVariableW` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `FormatMessageW` `WaitForSingleObjectEx` `SwitchToThread` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `CreateEventW` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `GetSystemTimeAsFileTime` `EncodePointer` `DecodePointer` `QueryPerformanceCounter` `QueryPerformanceFrequency` `CompareStringW` `LCMapStringW` `GetLocaleInfoW` `GetStringTypeW` `GetCPInfo` `SetEvent` `ResetEvent` `UnhandledExceptionFilter` `IsProcessorFeaturePresent` `IsDebuggerPresent` `GetStartupInfoW` `InitializeSListHead` `InitializeCriticalSection` `GetStdHandle` `GetFileType` `WriteFile` `GlobalMemoryStatus` `FlushConsoleInputBuffer` `RtlUnwindEx` `RtlPcToFileHeader` `RaiseException` `LoadLibraryExW` `GetThreadTimes` `WaitForSingleObject` `AreFileApisANSI` `GetFullPathNameW` `FoldStringW` `IsDBCSLeadByte` `SetConsoleCtrlHandler` `FileTimeToLocalFileTime` `LocalFileTimeToFileTime` `GetSystemTime` `SystemTimeToTzSpecificLocalTime` `TzSpecificLocalTimeToSystemTime` `FileTimeToSystemTime` `SystemTimeToFileTime` `CompareStringA` `GetVersionExW` `CreateDirectoryW` `SetFileAttributesW` `SetFileTime` `MoveFileW` `FindNextFileW` `GetCurrentThread` `SetThreadPriority` `SetThreadExecutionState` `ReleaseSemaphore` `GetProcessAffinityMask` `CreateSemaphoreW` `FlushFileBuffers` `ReadFile` `SetEndOfFile` `SetFilePointer` `GetConsoleMode` `GetLongPathNameW` `GetShortPathNameW` `RemoveDirectoryW` `CreateHardLinkW` `GetTickCount64` `GetModuleHandleA` `GlobalUnlock` `GlobalLock` `GlobalSize` `MulDiv` `GlobalFree` `GlobalAlloc` `LocalAlloc` `LocalSize` `GetModuleFileNameA` `LoadLibraryExA` `GetEnvironmentVariableW` `InitializeCriticalSectionEx` `GetTempPathA` `GetTempFileNameA` `GetUserDefaultLCID` `GetNumberFormatW` `GetCurrencyFormatW` `GetTimeFormatW` `VerSetConditionMask` `GetComputerNameW` `VerifyVersionInfoW` `GetDateFormatW` `OutputDebugStringW` `GetTimeZoneInformation` `UnmapViewOfFile` `FlushViewOfFile` `GetFileSize` `CreateFileMappingW` `MapViewOfFile` `AllocConsole` `GetThreadPriority` `RegisterWaitForSingleObject` `UnregisterWait` `FreeLibraryAndExitThread` `DuplicateHandle` `UnregisterWaitEx` `GetModuleHandleExW` `GetFileInformationByHandle` `PeekNamedPipe` `ExitThread` `GetConsoleCP` `HeapReAlloc` `IsValidLocale` `EnumSystemLocalesW` `SetFilePointerEx` `ReadConsoleW` `GetFileSizeEx` `SetStdHandle` `FindFirstFileExW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCommandLineA` `GetLogicalDriveStringsW`
USER32.dll (#2)	`ShowWindow` `PostMessageW` `GetMessageW` `MessageBoxW` `wsprintfW` `GetWindowPlacement` `IsWindowVisible` `AnimateWindow` `SetWindowPos` `GetWindowRect` `SetWindowLongW` `GetWindowLongW` `TranslateMessage` `DispatchMessageW` `GetProcessWindowStation` `GetUserObjectInformationW` `GetDC` `ReleaseDC` `CharToOemA` `OemToCharA` `OemToCharBuffA` `CharUpperW` `CharLowerW` `CharToOemBuffW` `UpdateLayeredWindow` `SetCursor` `MapWindowPoints` `UpdateWindow` `EndPaint` `BeginPaint` `SetForegroundWindow` `GetForegroundWindow` `SetFocus` `GetFocus` `DestroyIcon` `KillTimer` `GetParent` `IsWindow` `SendMessageW` `InvalidateRect` `GetClientRect` `GetSystemMetrics` `AdjustWindowRectEx` `CreateWindowExW` `DestroyWindow` `GetWindow` `EnableWindow` `PeekMessageW` `LoadIconW` `LoadCursorW` `RegisterClassExW` `PostQuitMessage` `DefWindowProcW` `GetCursorPos` `GetDesktopWindow` `MoveWindow` `IsWindowEnabled` `RegisterClassW` `RedrawWindow` `WindowFromPoint` `GetWindowLongPtrW` `SetWindowLongPtrW` `GetWindowThreadProcessId` `GetWindowTextW` `ReleaseCapture` `RegisterWindowMessageW` `IsWindowUnicode` `SystemParametersInfoW` `GetClassLongW` `SetWindowsHookExW` `EnumThreadWindows` `EndDeferWindowPos` `SetCapture` `GetUpdateRect` `IsRectEmpty` `GetMessageTime` `UnhookWindowsHookEx` `GetSysColor` `GetDoubleClickTime` `CallMsgFilterW` `IsChild` `ClientToScreen` `GetMonitorInfoW` `SetTimer` `GetCapture` `GetAsyncKeyState` `BeginDeferWindowPos` `SetClassLongW` `GetActiveWindow` `GetScrollInfo` `NotifyWinEvent` `SetWindowTextW` `CallNextHookEx` `ScreenToClient` `MonitorFromWindow` `MonitorFromPoint` `GetMessageExtraInfo` `GetKeyState` `DeferWindowPos` `SetScrollInfo` `EnumDisplayDevicesW` `EnumDisplayMonitors` `DestroyCaret` `FindWindowW` `GetKeyboardLayout` `CreateCaret` `SetCaretPos` `RegisterClipboardFormatW` `OpenClipboard` `EmptyClipboard` `CloseClipboard` `CountClipboardFormats` `EnumClipboardFormats` `SetClipboardData` `IsClipboardFormatAvailable` `GetClipboardData` `GetClipboardSequenceNumber` `LoadStringW` `MessageBeep` `DestroyCursor` `LoadCursorFromFileA` `CreateIconIndirect` `GetIconInfo` `DrawIconEx` `MessageBoxA` `GetQueueStatus` `PostThreadMessageW` `MsgWaitForMultipleObjects` `SetWinEventHook` `DispatchMessageA` `MapVirtualKeyW` `GetMessageA` `SetActiveWindow`
KERNEL32.dll (#3)	`ExitProcess` `GetLastError` `FreeLibrary` `GetProcessHeap` `GetProcAddress` `HeapAlloc` `LoadLibraryA` `VirtualAlloc` `lstrlenW` `CreateFileW` `SetLastError` `HeapFree` `LocalFree` `FindResourceW` `GetCurrentProcess` `TerminateProcess` `GetModuleFileNameW` `GetTempPathW` `FindClose` `VirtualFree` `Sleep` `RtlUnwind` `GetVolumeInformationW` `SetUnhandledExceptionFilter` `GetTickCount` `GetTempFileNameW` `WideCharToMultiByte` `CopyFileW` `CreateProcessW` `GetCurrentProcessId` `GetWindowsDirectoryW` `CloseHandle` `CreateThread` `LoadLibraryW` `DeleteFileW` `MultiByteToWideChar` `OpenProcess` `ResumeThread` `K32GetProcessImageFileNameW` `GetCurrentThreadId` `CreateJobObjectW` `AssignProcessToJobObject` `SetInformationJobObject` `ReadDirectoryChangesW` `SetConsoleCursorPosition` `FillConsoleOutputAttribute` `WriteConsoleInputW` `CreateFileA` `FillConsoleOutputCharacterW` `SetConsoleCursorInfo` `GetConsoleCursorInfo` `SetConsoleTextAttribute` `GetConsoleScreenBufferInfo` `DebugBreak` `FormatMessageA` `ConnectNamedPipe` `WaitNamedPipeW` `GetNamedPipeHandleStateA` `QueueUserWorkItem` `CreateNamedPipeW` `CreateNamedPipeA` `SetNamedPipeHandleState` `SetHandleInformation` `CancelIo` `CreateIoCompletionPort` `PostQueuedCompletionStatus` `GetFileAttributesW` `GetSystemDirectoryW` `MoveFileExW` `FindFirstFileW` `GetModuleHandleW` `GetCurrentDirectoryW` `K32EnumProcesses` `DeviceIoControl` `LoadResource` `LockResource` `GetCommandLineW` `SizeofResource` `GetQueuedCompletionStatus` `SetErrorMode` `CreateEventA` `CreateSemaphoreA` `WaitForMultipleObjects` `lstrcmpW` `WriteConsoleW` `GetFileAttributesExW` `HeapSize` `GetExitCodeProcess` `ReadConsoleInputW` `GetNumberOfConsoleInputEvents` `SetConsoleMode` `SetEnvironmentVariableW` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `FormatMessageW` `WaitForSingleObjectEx` `SwitchToThread` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `CreateEventW` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `GetSystemTimeAsFileTime` `EncodePointer` `DecodePointer` `QueryPerformanceCounter` `QueryPerformanceFrequency` `CompareStringW` `LCMapStringW` `GetLocaleInfoW` `GetStringTypeW` `GetCPInfo` `SetEvent` `ResetEvent` `UnhandledExceptionFilter` `IsProcessorFeaturePresent` `IsDebuggerPresent` `GetStartupInfoW` `InitializeSListHead` `InitializeCriticalSection` `GetStdHandle` `GetFileType` `WriteFile` `GlobalMemoryStatus` `FlushConsoleInputBuffer` `RtlUnwindEx` `RtlPcToFileHeader` `RaiseException` `LoadLibraryExW` `GetThreadTimes` `WaitForSingleObject` `AreFileApisANSI` `GetFullPathNameW` `FoldStringW` `IsDBCSLeadByte` `SetConsoleCtrlHandler` `FileTimeToLocalFileTime` `LocalFileTimeToFileTime` `GetSystemTime` `SystemTimeToTzSpecificLocalTime` `TzSpecificLocalTimeToSystemTime` `FileTimeToSystemTime` `SystemTimeToFileTime` `CompareStringA` `GetVersionExW` `CreateDirectoryW` `SetFileAttributesW` `SetFileTime` `MoveFileW` `FindNextFileW` `GetCurrentThread` `SetThreadPriority` `SetThreadExecutionState` `ReleaseSemaphore` `GetProcessAffinityMask` `CreateSemaphoreW` `FlushFileBuffers` `ReadFile` `SetEndOfFile` `SetFilePointer` `GetConsoleMode` `GetLongPathNameW` `GetShortPathNameW` `RemoveDirectoryW` `CreateHardLinkW` `GetTickCount64` `GetModuleHandleA` `GlobalUnlock` `GlobalLock` `GlobalSize` `MulDiv` `GlobalFree` `GlobalAlloc` `LocalAlloc` `LocalSize` `GetModuleFileNameA` `LoadLibraryExA` `GetEnvironmentVariableW` `InitializeCriticalSectionEx` `GetTempPathA` `GetTempFileNameA` `GetUserDefaultLCID` `GetNumberFormatW` `GetCurrencyFormatW` `GetTimeFormatW` `VerSetConditionMask` `GetComputerNameW` `VerifyVersionInfoW` `GetDateFormatW` `OutputDebugStringW` `GetTimeZoneInformation` `UnmapViewOfFile` `FlushViewOfFile` `GetFileSize` `CreateFileMappingW` `MapViewOfFile` `AllocConsole` `GetThreadPriority` `RegisterWaitForSingleObject` `UnregisterWait` `FreeLibraryAndExitThread` `DuplicateHandle` `UnregisterWaitEx` `GetModuleHandleExW` `GetFileInformationByHandle` `PeekNamedPipe` `ExitThread` `GetConsoleCP` `HeapReAlloc` `IsValidLocale` `EnumSystemLocalesW` `SetFilePointerEx` `ReadConsoleW` `GetFileSizeEx` `SetStdHandle` `FindFirstFileExW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCommandLineA` `GetLogicalDriveStringsW`
USER32.dll (#3)	`ShowWindow` `PostMessageW` `GetMessageW` `MessageBoxW` `wsprintfW` `GetWindowPlacement` `IsWindowVisible` `AnimateWindow` `SetWindowPos` `GetWindowRect` `SetWindowLongW` `GetWindowLongW` `TranslateMessage` `DispatchMessageW` `GetProcessWindowStation` `GetUserObjectInformationW` `GetDC` `ReleaseDC` `CharToOemA` `OemToCharA` `OemToCharBuffA` `CharUpperW` `CharLowerW` `CharToOemBuffW` `UpdateLayeredWindow` `SetCursor` `MapWindowPoints` `UpdateWindow` `EndPaint` `BeginPaint` `SetForegroundWindow` `GetForegroundWindow` `SetFocus` `GetFocus` `DestroyIcon` `KillTimer` `GetParent` `IsWindow` `SendMessageW` `InvalidateRect` `GetClientRect` `GetSystemMetrics` `AdjustWindowRectEx` `CreateWindowExW` `DestroyWindow` `GetWindow` `EnableWindow` `PeekMessageW` `LoadIconW` `LoadCursorW` `RegisterClassExW` `PostQuitMessage` `DefWindowProcW` `GetCursorPos` `GetDesktopWindow` `MoveWindow` `IsWindowEnabled` `RegisterClassW` `RedrawWindow` `WindowFromPoint` `GetWindowLongPtrW` `SetWindowLongPtrW` `GetWindowThreadProcessId` `GetWindowTextW` `ReleaseCapture` `RegisterWindowMessageW` `IsWindowUnicode` `SystemParametersInfoW` `GetClassLongW` `SetWindowsHookExW` `EnumThreadWindows` `EndDeferWindowPos` `SetCapture` `GetUpdateRect` `IsRectEmpty` `GetMessageTime` `UnhookWindowsHookEx` `GetSysColor` `GetDoubleClickTime` `CallMsgFilterW` `IsChild` `ClientToScreen` `GetMonitorInfoW` `SetTimer` `GetCapture` `GetAsyncKeyState` `BeginDeferWindowPos` `SetClassLongW` `GetActiveWindow` `GetScrollInfo` `NotifyWinEvent` `SetWindowTextW` `CallNextHookEx` `ScreenToClient` `MonitorFromWindow` `MonitorFromPoint` `GetMessageExtraInfo` `GetKeyState` `DeferWindowPos` `SetScrollInfo` `EnumDisplayDevicesW` `EnumDisplayMonitors` `DestroyCaret` `FindWindowW` `GetKeyboardLayout` `CreateCaret` `SetCaretPos` `RegisterClipboardFormatW` `OpenClipboard` `EmptyClipboard` `CloseClipboard` `CountClipboardFormats` `EnumClipboardFormats` `SetClipboardData` `IsClipboardFormatAvailable` `GetClipboardData` `GetClipboardSequenceNumber` `LoadStringW` `MessageBeep` `DestroyCursor` `LoadCursorFromFileA` `CreateIconIndirect` `GetIconInfo` `DrawIconEx` `MessageBoxA` `GetQueueStatus` `PostThreadMessageW` `MsgWaitForMultipleObjects` `SetWinEventHook` `DispatchMessageA` `MapVirtualKeyW` `GetMessageA` `SetActiveWindow`

Delayed Imports

1

Type	`RT_ICON`
Language	Chinese - Taiwan
Codepage	UNKNOWN
Size	`0x3228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.45072`
MD5	`0eabacb4e3db03b9dfd95f8ad994fadd`
SHA1	`e87b6c69a1c2731093d39fffb42224d3de51a98d`
SHA256	`2aeb509b09adeae2942cae3cba568b9820e845a369cf7fb0482599d981162715`
SHA3	`e9478ee29cce40d42e520bfbc14953b130e44a86380eaf794c49ff7c29576e4c`

103

Type	`RT_GROUP_ICON`
Language	Chinese - Taiwan
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91924`
Detected Filetype	Icon file
MD5	`da1a4e2bc252d81a7bee8207f398d70c`
SHA1	`e447bbc0d488bd520c3997146c266d86966129f4`
SHA256	`bd9e5e2d09143126611f9aba2c03e9e5d83a351eb43c69bf4b22b0d6500747f4`
SHA3	`91dccf0eb31d078f355cd011c264055421653bcdd15a40044a5600b0904685cb`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

Version Info

TLS Callbacks

Load Configuration

Size	`0x130`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14076e120`

RICH Header

Errors

[!] Error: Could not read the exported DLL name.
[!] Error: Could not reach the TLS callback table.
[*] Warning: Section .text has a size of 0!
[*] Warning: Section .rdata has a size of 0!
[*] Warning: Section .data has a size of 0!
[*] Warning: Section .pdata has a size of 0!
[*] Warning: Section _RDATA has a size of 0!
[*] Warning: Section .vmp0 has a size of 0!