Manalyze report for fe07e8bc68999ccbd690aeabdb2a585015688f46b9afdcc53ca711c292e2ca5c

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Mar-02 11:26:22
Detected languages	English - United States

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: CurrentControlSet\Services` `Contains another PE executable: This program cannot be run in DOS mode.` Contains domain names: 2-aia.verisign.com 2-crl.verisign.com 2009-2-aia.verisign.com 2009-2-crl.verisign.com aia.verisign.com aia.ws.symantec.com apple.com crl.microsoft.com crl.thawte.com crl.verisign.com crl.ws.symantec.com csc3-2009-2-aia.verisign.com csc3-2009-2-crl.verisign.com d.symcb.com dearimgui.com example.com github.com http://crl.microsoft.com http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z http://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0 http://crl.thawte.com http://crl.thawte.com/ThawteTimestampingCA.crl0 http://crl.verisign.com http://crl.verisign.com/pca3-g5.crl04 http://crl.verisign.com/pca3.crl0 http://csc3-2009-2-aia.verisign.com http://csc3-2009-2-aia.verisign.com/CSC3-2009-2.cer0 http://csc3-2009-2-crl.verisign.com http://csc3-2009-2-crl.verisign.com/CSC3-2009-2.crl0D http://logo.verisign.com http://logo.verisign.com/vslogo.gif0 http://logo.verisign.com/vslogo.gif04 http://ocsp.thawte.com0 http://ocsp.verisign.com0 http://ocsp.verisign.com01 http://ocsp.verisign.com0? http://sf.symcb.com http://sf.symcb.com/sf.crl0f http://sf.symcb.com/sf.crt0 http://sf.symcd.com0 http://sf.symcd.com0& http://ts-aia.ws.symantec.com http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 http://ts-crl.ws.symantec.com http://ts-crl.ws.symantec.com/tss-ca-g2.crl0 http://ts-ocsp.ws.symantec.com07 http://www.apple.com http://www.apple.com/ http://www.microsoft.com http://www.microsoft.com/PKI/docs/CPS/default.htm0 http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0 http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0 http://www.microsoft.com/pkiops/certs/Microsoft%20Windows%20Third%20Party%20Component%20CA%202012.crt0 http://www.microsoft.com/pkiops/crl/Microsoft%20Windows%20Third%20Party%20Component%20CA%202012.crl0 https://curl.se https://d.symcb.com https://d.symcb.com/cps0% https://d.symcb.com/rpa0 https://github.com https://www.dearimgui.com https://www.dearimgui.com/faq/ https://www.microsoft.com https://www.microsoft.com/en-us/windows https://www.verisign.com https://www.verisign.com/cps0 https://www.verisign.com/rpa https://www.verisign.com/rpa0 logo.verisign.com microsoft.com sf.symcb.com symantec.com symcb.com thawte.com ts-aia.ws.symantec.com ts-crl.ws.symantec.com verisign.com ws.symantec.com www.apple.com www.dearimgui.com www.microsoft.com www.verisign.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to SHA1` `Uses constants related to SHA256` `Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryExA` `Functions which can be used for anti-debugging purposes: FindWindowA FindWindowW NtQuerySystemInformation` `Code injection capabilities (PowerLoader): FindWindowA FindWindowW GetWindowLongA` `Possibly launches other programs: CreateProcessA WinExec ShellExecuteA ShellExecuteW system` `Uses Windows's Native API: NtClose NtCreateFile NtCreateSection NtDeviceIoControlFile NtLoadDriver NtMapViewOfSection NtQuerySystemInformation NtReadFile NtUnloadDriver ntohs` `Uses Microsoft's cryptographic API: CryptAcquireContextW CryptCreateHash CryptDestroyHash CryptDestroyKey CryptEncrypt CryptGetHashParam CryptHashData CryptImportKey CryptReleaseContext CryptDecodeObjectEx CryptQueryObject CryptStringToBinaryW` `Uses functions commonly found in keyloggers: GetAsyncKeyState GetForegroundWindow` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Leverages the raw socket API to access the Internet: WSACleanup WSACloseEvent WSACreateEvent WSAEnumNetworkEvents WSAEventSelect WSAGetLastError WSAIoctl WSAResetEvent WSASetLastError WSAStartup WSAWaitForMultipleEvents __WSAFDIsSet accept bind closesocket connect freeaddrinfo getaddrinfo gethostname getpeername getsockname getsockopt htonl htons ioctlsocket listen ntohs recv recvfrom select send sendto setsockopt socket` `Manipulates other processes: OpenProcess` `Can take screenshots: FindWindowA FindWindowW GetDC` `Reads the contents of the clipboard: GetClipboardData` `Interacts with the certificate store: CertAddCertificateContextToStore CertOpenStore`
Malicious	The PE is possibly a dropper.	`Resource 101 detected as a PE Executable.` `Resource 102 detected as a PE Executable.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`38680b31c01b25dc24c75f602521d74a`
SHA1	`a155eebbad9b7eb21251c6772925961581fbf5fb`
SHA256	`fe07e8bc68999ccbd690aeabdb2a585015688f46b9afdcc53ca711c292e2ca5c`
SHA3	`650e981544aaf5512b8392f0db6d72ddd15a3bae6400a47d41319325f1df945b`
SSDeep	`196608:R2ZwIwdENgIem758H1TyVCjyNqjtsvnmvYqbPVdlvE3mOoiP3FtjkPU:RYw28HQCjvjtsvnmvYqbPVdlvkz33S`
Imports Hash	`24975d6fdd469b308df037f8dd8e9eb8`

DOS Header

e_magic	`MZ`
e_cblp	`0x78`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x78`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2026-Mar-02 11:26:22
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x9e2800`
SizeOfInitializedData	`0x373400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000009E20D8 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xd7a000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d741f831831cb3f3af273a57e444958d`
SHA1	`dc158089ba4ba50f90dae7d718672bfbebdd4b38`
SHA256	`e33da7d9fa0f8b85ca377c37bf864f42bea744e3e45b8eabd82c3ae44fbb77ff`
SHA3	`588d20db0bce1aa2cef7cc1f6774874fd3eeade9f5de1f0dc44bb733527dc4cc`
VirtualSize	`0x9e2636`
VirtualAddress	`0x1000`
SizeOfRawData	`0x9e2800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.9684`

.rdata

MD5	`3c37de3ec3911177be0fe190952ccb01`
SHA1	`6269ad201877fcf9878aa435c93e1cbe8f563be4`
SHA256	`2f67e1fed482253adea8bdd09cbe39c3f0c2f95a8d7b671394e032c37a1737e1`
SHA3	`084f047a9ed507a99b757bc78c2ca0cb50ac545719ff16e7e6bdb8db28bd2749`
VirtualSize	`0xafe74`
VirtualAddress	`0x9e4000`
SizeOfRawData	`0xb0000`
PointerToRawData	`0x9e2c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.36183`

.data

MD5	`da0befa0fbafedc2b5dfb0ac7f9a6bc4`
SHA1	`c9739e035b16a34664fdf36a9de3584f93d7db0d`
SHA256	`43e88ad3e633dfefb2782956342aa5dd3fad7a1b93b3bf936691b095121cb295`
SHA3	`911913fd7fddf330d9e38aafd7f5feaf3922294424f01fd83ee3f67119c25923`
VirtualSize	`0x2b04a8`
VirtualAddress	`0xa94000`
SizeOfRawData	`0x291000`
PointerToRawData	`0xa92c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.79523`

.pdata

MD5	`c82dabbcb196e43c656388fa16c66d50`
SHA1	`3ec4be9886f7839de51de5465a6af9fc03cf8223`
SHA256	`9794c414e25f280f0c2671df3f6b9e115639b2d7f1e76798d6c21770eb835262`
SHA3	`adfd0800d7b736594b1d4833664fd8075c21abd0788dd87b3901e2f1286abd09`
VirtualSize	`0x1c164`
VirtualAddress	`0xd45000`
SizeOfRawData	`0x1c200`
PointerToRawData	`0xd23c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.39184`

.tls

MD5	`1f354d76203061bfdd5a53dae48d5435`
SHA1	`aa0d33a0c854e073439067876e932688b65cb6a9`
SHA256	`4c6474903705cb450bb6434c29e8854f17d8324efca1fdb9ee9008599060883a`
SHA3	`991fbbd46bbd69198269fe6c247d440e0f8a7d38259b7a1e04b74790301d1d2b`
VirtualSize	`0x9`
VirtualAddress	`0xd62000`
SizeOfRawData	`0x200`
PointerToRawData	`0xd3fe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0203931`

.rsrc

MD5	`e992b2fd96794434a67ddf2ea12ca2e5`
SHA1	`6aee2a6d09029c220856766d78a070af946bc5f2`
SHA256	`bc0b9cab4ae6454238204ae876b67573c907d2ed8ccd3e430e507694e19f529d`
SHA3	`2dba3d0b890c9236e475cdc835d5d8be9e3de5882fc61d23484422c37b7eba1d`
VirtualSize	`0x114a0`
VirtualAddress	`0xd63000`
SizeOfRawData	`0x11600`
PointerToRawData	`0xd40000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.83845`

.reloc

MD5	`ac87d3dda061f6f57d5fedeccadfb493`
SHA1	`c9d62490d1adc0d0758854636bc4c07b58f636b1`
SHA256	`38c92c20c9701c5b1597d6d2c018930458be7eefaff8a53c0ab9c98231497243`
SHA3	`f6090c273b2adaa92cf80183ce5ecf741ab52e54bc2d59ccad9d2e1216c856a1`
VirtualSize	`0x497c`
VirtualAddress	`0xd75000`
SizeOfRawData	`0x4a00`
PointerToRawData	`0xd51600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.43958`

Imports

KERNEL32.dll	`AcquireSRWLockExclusive` `AllocConsole` `CloseHandle` `CopyFileW` `CreateDirectoryA` `CreateDirectoryW` `CreateEventA` `CreateFileA` `CreateFileMappingA` `CreateFileW` `CreateHardLinkW` `CreateMutexA` `CreateProcessA` `CreateSymbolicLinkW` `CreateThread` `DeleteCriticalSection` `DeleteFileW` `DeviceIoControl` `EnterCriticalSection` `ExitProcess` `FillConsoleOutputAttribute` `FillConsoleOutputCharacterA` `FindClose` `FindFirstFileExW` `FindFirstFileW` `FindNextFileW` `FindResourceW` `FlushConsoleInputBuffer` `FormatMessageA` `FormatMessageW` `FreeLibrary` `GetConsoleMode` `GetConsoleScreenBufferInfo` `GetConsoleWindow` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThreadId` `GetEnvironmentVariableA` `GetExitCodeProcess` `GetFileAttributesExW` `GetFileAttributesW` `GetFileInformationByHandle` `GetFileInformationByHandleEx` `GetFileSizeEx` `GetFileType` `GetFullPathNameW` `GetLastError` `GetLocaleInfoA` `GetLocaleInfoEx` `GetModuleHandleA` `GetModuleHandleW` `GetProcAddress` `GetStartupInfoW` `GetStdHandle` `GetSystemDirectoryA` `GetSystemDirectoryW` `GetSystemTimeAsFileTime` `GetTickCount` `GetTickCount64` `GlobalAlloc` `GlobalFree` `GlobalLock` `GlobalUnlock` `InitializeCriticalSectionEx` `InitializeSListHead` `IsDebuggerPresent` `IsProcessorFeaturePresent` `K32GetModuleInformation` `LeaveCriticalSection` `LoadLibraryA` `LoadLibraryExA` `LoadResource` `LocalFree` `LockResource` `MapViewOfFile` `MoveFileExW` `MultiByteToWideChar` `OpenProcess` `OutputDebugStringA` `PeekNamedPipe` `QueryPerformanceCounter` `QueryPerformanceFrequency` `ReadConsoleInputW` `ReadFile` `ReleaseMutex` `ReleaseSRWLockExclusive` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `SetConsoleCtrlHandler` `SetConsoleCursorPosition` `SetConsoleMode` `SetConsoleScreenBufferSize` `SetConsoleTextAttribute` `SetConsoleTitleA` `SetConsoleWindowInfo` `SetEvent` `SetFileInformationByHandle` `SetLastError` `SetUnhandledExceptionFilter` `SizeofResource` `Sleep` `SleepConditionVariableSRW` `SleepEx` `TerminateProcess` `UnhandledExceptionFilter` `VerSetConditionMask` `VerifyVersionInfoW` `VirtualAlloc` `VirtualFree` `VirtualProtect` `WaitForMultipleObjects` `WaitForSingleObject` `WaitForSingleObjectEx` `WakeAllConditionVariable` `WideCharToMultiByte` `WinExec` `WriteConsoleW` `WriteFile`
USER32.dll	`ClientToScreen` `CloseClipboard` `DestroyWindow` `DispatchMessageA` `DrawMenuBar` `EmptyClipboard` `EnumChildWindows` `EnumWindows` `FindWindowA` `FindWindowExA` `FindWindowW` `GetAsyncKeyState` `GetCapture` `GetClassNameA` `GetClientRect` `GetClipboardData` `GetCursorPos` `GetDC` `GetDesktopWindow` `GetForegroundWindow` `GetKeyState` `GetKeyboardLayout` `GetMessageExtraInfo` `GetSystemMenu` `GetWindowLongA` `GetWindowRect` `GetWindowTextA` `GetWindowThreadProcessId` `IsWindow` `IsWindowUnicode` `LoadCursorA` `MessageBoxA` `MonitorFromWindow` `OpenClipboard` `PeekMessageA` `PostMessageA` `PostQuitMessage` `ReleaseCapture` `ReleaseDC` `ScreenToClient` `SetCapture` `SetClipboardData` `SetCursor` `SetCursorPos` `SetLayeredWindowAttributes` `SetProcessDPIAware` `SetWindowLongA` `SetWindowPos` `SetWindowTextA` `SetWindowTextW` `ShowWindow` `TrackMouseEvent` `TranslateMessage` `UpdateWindow`
SHELL32.dll	`SHGetFolderPathA` `ShellExecuteA` `ShellExecuteW`
OLEAUT32.dll	`SysAllocString` `SysFreeString`
GDI32.dll	`CreateRectRgn` `DeleteObject` `GetDeviceCaps`
d3d11.dll	`D3D11CreateDeviceAndSwapChain`
ntdll.dll	`NtClose` `NtCreateFile` `NtCreateSection` `NtDeviceIoControlFile` `NtLoadDriver` `NtMapViewOfSection` `NtQuerySystemInformation` `NtReadFile` `NtUnloadDriver` `RtlAdjustPrivilege` `RtlAllocateHeap` `RtlCreateRegistryKey` `RtlDosPathNameToRelativeNtPathName_U_WithStatus` `RtlFreeHeap` `RtlGetFullPathName_UEx` `RtlImageNtHeaderEx` `RtlInitUnicodeString` `RtlReleaseRelativeName` `RtlWriteRegistryValue` `__C_specific_handler` `__chkstk` `_setjmp` `_stricmp` `_vsnwprintf` `_wcsicmp` `cos` `log` `longjmp` `memchr` `memcmp` `memcpy` `memmove` `memset` `pow` `qsort` `sin` `strcat_s` `strchr` `strcmp` `strcspn` `strlen` `strncmp` `strncpy` `strpbrk` `strrchr` `strspn` `strstr` `strtol` `tan` `toupper` `wcscat_s` `wcschr` `wcscpy_s` `wcslen` `wcsncmp` `wcsncpy_s`
MSVCP140.dll	`??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `??0_Lockit@std@@QEAA@H@Z` `??0ios_base@std@@IEAA@XZ` `??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??1_Lockit@std@@QEAA@XZ` `??1ios_base@std@@UEAA@XZ` `??4?$_Yarn@_W@std@@QEAAAEAV01@PEB_W@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z` `?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ` `?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ` `?_Id_cnt@id@locale@std@@0HA` `?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z` `?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ` `?_Syserror_map@std@@YAPEBDH@Z` `?_Throw_Cpp_error@std@@YAXH@Z` `?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?_Winerror_map@std@@YAHH@Z` `?_Xbad_alloc@std@@YAXXZ` `?_Xbad_function_call@std@@YAXXZ` `?_Xlength_error@std@@YAXPEBD@Z` `?_Xout_of_range@std@@YAXPEBD@Z` `?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A` `?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z` `?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?eof@ios_base@std@@QEBA_NXZ` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ` `?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ` `?getloc@ios_base@std@@QEBA?AVlocale@2@XZ` `?good@ios_base@std@@QEBA_NXZ` `?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `?id@?$ctype@D@std@@2V0locale@2@A` `?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A` `?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z` `?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IEAAXPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z` `?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z` `?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z` `?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z` `?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z` `?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z` `?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?uncaught_exceptions@std@@YAHXZ` `?wcerr@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A` `?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A` `?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `_Cnd_do_broadcast_at_thread_exit` `_Mtx_lock` `_Mtx_unlock` `_Query_perf_counter` `_Query_perf_frequency` `_Thrd_detach` `_Thrd_id` `_Thrd_join` `_Xtime_get_ticks`
IMM32.dll	`ImmGetContext` `ImmReleaseContext` `ImmSetCandidateWindow` `ImmSetCompositionWindow`
D3DCOMPILER_43.dll	`D3DCompile`
dwmapi.dll	`DwmEnableBlurBehindWindow` `DwmExtendFrameIntoClientArea` `DwmGetColorizationColor` `DwmIsCompositionEnabled`
WS2_32.dll	`WSACleanup` `WSACloseEvent` `WSACreateEvent` `WSAEnumNetworkEvents` `WSAEventSelect` `WSAGetLastError` `WSAIoctl` `WSAResetEvent` `WSASetLastError` `WSAStartup` `WSAWaitForMultipleEvents` `__WSAFDIsSet` `accept` `bind` `closesocket` `connect` `freeaddrinfo` `getaddrinfo` `gethostname` `getpeername` `getsockname` `getsockopt` `htonl` `htons` `ioctlsocket` `listen` `ntohs` `recv` `recvfrom` `select` `send` `sendto` `setsockopt` `socket`
IPHLPAPI.DLL	`if_nametoindex`
ADVAPI32.dll	`CryptAcquireContextW` `CryptCreateHash` `CryptDestroyHash` `CryptDestroyKey` `CryptEncrypt` `CryptGetHashParam` `CryptHashData` `CryptImportKey` `CryptReleaseContext`
CRYPT32.dll	`CertAddCertificateContextToStore` `CertCloseStore` `CertCreateCertificateChainEngine` `CertEnumCertificatesInStore` `CertFindCertificateInStore` `CertFindExtension` `CertFreeCRLContext` `CertFreeCTLContext` `CertFreeCertificateChain` `CertFreeCertificateChainEngine` `CertFreeCertificateContext` `CertGetCertificateChain` `CertGetNameStringW` `CertOpenStore` `CryptDecodeObjectEx` `CryptQueryObject` `CryptStringToBinaryW` `PFXImportCertStore`
Secur32.dll	`InitSecurityInterfaceW`
bcrypt.dll	`BCryptGenRandom`
VCRUNTIME140.dll	`_CxxThrowException` `__CxxFrameHandler3` `__current_exception` `__current_exception_context` `__std_exception_copy` `__std_exception_destroy` `__std_terminate`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
api-ms-win-crt-time-l1-1-0.dll	`_W_Getdays` `_W_Getmonths` `_gmtime64_s` `_localtime64` `_time64` `strftime`
api-ms-win-crt-stdio-l1-1-0.dll	`__acrt_iob_func` `__p__commode` `__stdio_common_vfprintf` `__stdio_common_vsprintf` `__stdio_common_vsprintf_s` `__stdio_common_vsscanf` `_close` `_fseeki64` `_get_stream_buffer_pointers` `_lseeki64` `_read` `_set_fmode` `_wfopen` `_wfsopen` `_write` `_wsopen_s` `fclose` `feof` `fflush` `fgetc` `fgetpos` `fgets` `fopen` `fputc` `fputs` `fread` `freopen` `freopen_s` `fseek` `fsetpos` `ftell` `fwrite` `getchar` `setvbuf` `ungetc`
api-ms-win-crt-runtime-l1-1-0.dll	`_beginthreadex` `_c_exit` `_cexit` `_configure_narrow_argv` `_crt_atexit` `_errno` `_exit` `_get_narrow_winmain_command_line` `_initialize_narrow_environment` `_initialize_onexit_table` `_initterm` `_initterm_e` `_invoke_watson` `_register_onexit_function` `_register_thread_local_exe_atexit_callback` `_seh_filter_exe` `_set_app_type` `abort` `exit` `strerror_s` `system` `terminate`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr` `_fdopen` `acosf` `atan2f` `cosf` `expf` `fmodf` `logf` `powf` `sinf` `sqrtf`
api-ms-win-crt-convert-l1-1-0.dll	`atof` `strtod` `strtoll` `strtoull` `wcstombs_s`
api-ms-win-crt-heap-l1-1-0.dll	`_callnewh` `_set_new_mode` `calloc` `free` `malloc` `realloc`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale` `localeconv`
api-ms-win-crt-filesystem-l1-1-0.dll	`_fstat64` `_fullpath` `_lock_file` `_unlink` `_unlock_file` `_wstat64`
api-ms-win-crt-string-l1-1-0.dll	`_strdup`
api-ms-win-crt-utility-l1-1-0.dll	`rand`

Delayed Imports

101

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0xac00`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.41277`
Detected Filetype	PE Executable
MD5	`ee8f70ea94b6940f52c13abb72fcd3be`
SHA1	`b6701f2f8801816e91bd71b0ff41f2d4fbf786c2`
SHA256	`3d9c2684121c45a6fcd516c9a949cb776f6e5eba679f62c28ece7959bf7f13a3`
SHA3	`99e2a2c47927cddcdc719e4b5f8bcacb99c8708ce04e9c388b815566c065cf67`

102

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6650`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.33485`
Detected Filetype	PE Executable
MD5	`9ab9f3b75a2eb87fafb1b7361be9dfb3`
SHA1	`fe10018af723986db50701c8532df5ed98b17c39`
SHA256	`31f4cfb4c71da44120752721103a16512444c13c2ac2d857a7e6f13cb679b427`
SHA3	`8fc22c4eed4c669a5e23b5f66827f12146b4a97e09a9cda59a0486ae449cd5cf`

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.84857`
MD5	`1b3cb4ac5487290385d8b1554adf5c81`
SHA1	`b7edbc56328989d97726dc3f04b9dafc5c9109f7`
SHA256	`e059b7af692224b60cf6ee82e3cfc3091d8c2f08550c56a65983930e4f7d8b5c`
SHA3	`6491d4c57ba00d005ad50ce68d69637f02d33bc3c7d3b0beae250c2efb7c31ae`

Version Info

TLS Callbacks

StartAddressOfRawData	`0x140d62000`
EndAddressOfRawData	`0x140d62008`
AddressOfIndex	`0x140d43d90`
AddressOfCallbacks	`0x140a4cb18`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140d24680`

RICH Header

Errors

Leave a comment

No comments yet.