Manalyze report for 169f327555e4f4184bba5c16b5e2efb7bad71140822e193acd94dd5b1b6fb3fb

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-May-20 16:19:29
Detected languages	English - United States
TLS Callbacks	3 callback(s) detected.

Plugin Output

Info	Interesting strings found in the binary:	Contains domain names: Girl-Tiny-Paws-chosic.com Paws-chosic.com RetroUSB.com Sakura-Girl-Tiny-Paws-chosic.com Tiny-Paws-chosic.com chosic.com creativecommons.org freemusicarchive.org freesound.org gcc.gnu.org gmail.com http://creativecommons.org http://freemusicarchive.org http://scripts.sil.org http://scripts.sil.org/cms https://gcc.gnu.org https://gcc.gnu.org/bugs/ https://minhmacg.itch.io https://minhmacg.itch.io/nguoi-o-lai-ngay-tew https://muchopixels.itch.io https://muchopixels.itch.io/ inkscape.org pixabay.com scripts.sil.org tiengdong.com www.inkscape.org www.tiengdong.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses known Mersenne Twister constants`
Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryExA LoadLibraryExW LoadLibraryW` `Can access the registry: RegCloseKey RegOpenKeyExW RegQueryValueExW` `Possibly launches other programs: system ShellExecuteW` `Can create temporary files: CreateFileA CreateFileW GetTempPathW` `Uses functions commonly found in keyloggers: AttachThreadInput CallNextHookEx GetAsyncKeyState GetForegroundWindow MapVirtualKeyW` `Manipulates other processes: OpenProcess` `Can take screenshots: BitBlt CreateCompatibleDC GetDC` `Can use the microphone to record audio: waveInOpen` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	VirusTotal score: 2/71 (Scanned on 2026-05-23 06:01:36)	`Bkav: W32.Malware.AAA53986` `Microsoft: Trojan:Win32/Wacatac.B!ml`

Hashes

MD5	`1d7876916870eb5e825c3e6441dd7c83`
SHA1	`d1ee4ea8325965bf7a9b882604c8d93dfdbe75b2`
SHA256	`169f327555e4f4184bba5c16b5e2efb7bad71140822e193acd94dd5b1b6fb3fb`
SHA3	`5f9a5fa8e6cf54d6526e140560f83205ee3e3d5700ece6ba01165168d09777e7`
SSDeep	`393216:t7W9LdhI44JnABBy1CMXdfaNnSU5Yty8DCXONT2hP5bOzi2R:tq9LdhI4aABU1TXgl552y9YT2hxb`
Imports Hash	`4601f62c178c1e693638cca4ea5d9679`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`11`
TimeDateStamp	2026-May-20 16:19:29
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0x4fd800`
SizeOfInitializedData	`0x10ec000`
SizeOfUninitializedData	`0x7200`
AddressOfEntryPoint	`0x0000000000001420 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x15f8000`
SizeOfHeaders	`0x400`
Checksum	`0x15f1a5a`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`be2bfccc516f1d59f7f4133fcc65640a`
SHA1	`e2ae880ee448074063dd35790fadf86d3680a9ee`
SHA256	`ae550b620ab3c59ca03bc48e74115cb2db568e00b7dd8332c9caf97e539a7b94`
SHA3	`d8f2b8898d93046f42314152ea34fc9db8d94c6a13c9e81ed71379bcb8949c84`
VirtualSize	`0x4fd7b0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x4fd800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.42234`

.data

MD5	`9f93b2b3c7c225fcf0080ac566feb584`
SHA1	`a1f15cff1d39f25dd839046805a5291d205408e7`
SHA256	`cbda958c564bd709178fb3f9d45dad8dd9a6f84205e0158b0aaccda85a23bd95`
SHA3	`1de1ff48bb958648190d27583034192ca73e766ab65edf3ca1e3435b5add6a38`
VirtualSize	`0xf990e0`
VirtualAddress	`0x4ff000`
SizeOfRawData	`0xf99200`
PointerToRawData	`0x4fdc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.93778`

.rdata

MD5	`b21357da1702c787fb8f477d3da258f0`
SHA1	`b38bbe18d1f868be10b8649c974fd2ab0992d5a1`
SHA256	`0419973f8f925ba8a9ee6593ec19db257bd308056fd353c471ccc7d9f50af622`
SHA3	`abce489c5b81b1a3bee4593b14b2686fb5eecbce1a6ee9c7c3b653d6b3c3a9e7`
VirtualSize	`0xdbe70`
VirtualAddress	`0x1499000`
SizeOfRawData	`0xdc000`
PointerToRawData	`0x1496e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.26267`

.eh_fram

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x4`
VirtualAddress	`0x1575000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1572e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.pdata

MD5	`650d0be5982b59795715325899c5f250`
SHA1	`7af0757d79c24c2c4b784439f3378d996cc131c9`
SHA256	`7998f7f98eb3c7f627a063ba7f6119f40ea7db264f349538063146936e07d0ca`
SHA3	`d122751617f5824904750d2fcf5bbfb3e2c74d523f5c8e1d91495c1f6c26f23f`
VirtualSize	`0x2940c`
VirtualAddress	`0x1576000`
SizeOfRawData	`0x29600`
PointerToRawData	`0x1573000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.54542`

.xdata

MD5	`da61b950a96bf95f7f66106fe18d1876`
SHA1	`7683a9972379a981d7f4a3d78b5b325f9a881a89`
SHA256	`817b52394ee1c7202633d4d206e4dfcdab984c4f4ba5dde9ae36d7695a1f6b22`
SHA3	`43d58e60ffa4fb3b68f83c491a686ec9362e7902e70fd0b0d30e7fb82796da77`
VirtualSize	`0x3ef30`
VirtualAddress	`0x15a0000`
SizeOfRawData	`0x3f000`
PointerToRawData	`0x159c600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.15938`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x7170`
VirtualAddress	`0x15df000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`205ae22f2a827a6aa3813f3e94724402`
SHA1	`5f14d50ae37b1ec29d424951729e59a45016cb48`
SHA256	`f2200d2d458df8bb6dd3ee4d82c4f6be0dd1dc34c0f95128f45cf8f442546062`
SHA3	`181cb2f467322c062b4ed104d919999af6ccc346bd61348b3b19edf58f6e48a6`
VirtualSize	`0x52a8`
VirtualAddress	`0x15e7000`
SizeOfRawData	`0x5400`
PointerToRawData	`0x15db600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.97605`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x10`
VirtualAddress	`0x15ed000`
SizeOfRawData	`0x200`
PointerToRawData	`0x15e0a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`eae74342b74c9df00a7a931c9a1e3fdc`
SHA1	`d0a5ef7fe51c5696a3609954727d84d0232a653c`
SHA256	`7b03d2e724363eecd8f5a747ec4d38f36342d7cd9dd47548be4bcaa87d36c8a6`
SHA3	`242dc5e176a3d29a488bab8ad55f36e43d2c5f2c42c1840f093549b625681d12`
VirtualSize	`0x3c00`
VirtualAddress	`0x15ee000`
SizeOfRawData	`0x3c00`
PointerToRawData	`0x15e0c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.8883`

.reloc

MD5	`5abb9405593786032d0f04dc985da67d`
SHA1	`6db24b31047eb92a3e19f659c0fea113e8f6346e`
SHA256	`da3d7ebf8a8eb810116c52b5832725927642190d567fb17200d36d4225e2f12a`
SHA3	`a6a543c909f9e29e440119c839e65293fa2e1e7b0520dfafa4ead7632c04939d`
VirtualSize	`0x5210`
VirtualAddress	`0x15f2000`
SizeOfRawData	`0x5400`
PointerToRawData	`0x15e4800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.44484`

Imports

ADVAPI32.dll	`RegCloseKey` `RegOpenKeyExW` `RegQueryValueExW`
GDI32.dll	`BitBlt` `ChoosePixelFormat` `CombineRgn` `CreateBitmap` `CreateCompatibleBitmap` `CreateCompatibleDC` `CreateDCW` `CreateDIBSection` `CreateFontIndirectW` `CreateFontW` `CreatePen` `CreateRectRgn` `CreateSolidBrush` `DeleteDC` `DeleteObject` `DescribePixelFormat` `ExtTextOutW` `GetDIBits` `GetDeviceCaps` `GetDeviceGammaRamp` `GetICMProfileW` `GetPixelFormat` `GetTextExtentPoint32A` `GetTextExtentPoint32W` `GetTextMetricsW` `Rectangle` `SelectObject` `SetBkMode` `SetDeviceGammaRamp` `SetPixelFormat` `SetTextColor` `SwapBuffers`
IMM32.dll	`ImmAssociateContext` `ImmGetCandidateListW` `ImmGetCompositionStringW` `ImmGetContext` `ImmGetIMEFileNameA` `ImmNotifyIME` `ImmReleaseContext` `ImmSetCandidateWindow` `ImmSetCompositionStringW` `ImmSetCompositionWindow`
KERNEL32.dll	`CancelIo` `CloseHandle` `CompareStringA` `CreateDirectoryW` `CreateEventA` `CreateEventW` `CreateFileA` `CreateFileMappingA` `CreateFileW` `CreateHardLinkW` `CreateSemaphoreA` `CreateSemaphoreW` `CreateThread` `DeleteCriticalSection` `DeleteFileW` `DeviceIoControl` `DuplicateHandle` `EnterCriticalSection` `EnumResourceNamesW` `ExitProcess` `FileTimeToSystemTime` `FormatMessageA` `FormatMessageW` `FreeLibrary` `GetCommandLineW` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThread` `GetCurrentThreadId` `GetDiskFreeSpaceExW` `GetEnvironmentVariableA` `GetFileAttributesA` `GetFileAttributesW` `GetFileInformationByHandle` `GetFileSizeEx` `GetFileTime` `GetFullPathNameW` `GetLastError` `GetLocaleInfoA` `GetModuleFileNameA` `GetModuleFileNameW` `GetModuleHandleA` `GetModuleHandleExW` `GetModuleHandleW` `GetOverlappedResult` `GetProcAddress` `GetProcessAffinityMask` `GetProcessHeap` `GetProcessTimes` `GetStartupInfoA` `GetSystemInfo` `GetSystemPowerStatus` `GetSystemTimeAdjustment` `GetSystemTimeAsFileTime` `GetTempPathW` `GetThreadContext` `GetThreadPriority` `GetThreadTimes` `GetTickCount` `GlobalAlloc` `GlobalLock` `GlobalMemoryStatusEx` `GlobalUnlock` `HeapAlloc` `HeapFree` `HeapReAlloc` `InitializeCriticalSection` `InitializeCriticalSectionAndSpinCount` `IsDBCSLeadByte` `IsDebuggerPresent` `LeaveCriticalSection` `LoadLibraryA` `LoadLibraryExA` `LoadLibraryExW` `LoadLibraryW` `LocalFree` `MapViewOfFile` `MoveFileExW` `MulDiv` `OpenProcess` `OutputDebugStringA` `OutputDebugStringW` `QueryPerformanceCounter` `QueryPerformanceFrequency` `RaiseException` `ReadFile` `ReleaseSemaphore` `RemoveDirectoryW` `ResetEvent` `ResumeThread` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlUnwindEx` `RtlVirtualUnwind` `SetEnvironmentVariableA` `SetErrorMode` `SetEvent` `SetFilePointer` `SetFilePointerEx` `SetLastError` `SetProcessAffinityMask` `SetSystemTime` `SetThreadContext` `SetThreadExecutionState` `SetThreadPriority` `SetUnhandledExceptionFilter` `Sleep` `SuspendThread` `TerminateProcess` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `TryEnterCriticalSection` `UnmapViewOfFile` `VerSetConditionMask` `VerifyVersionInfoW` `VirtualProtect` `VirtualQuery` `WaitForMultipleObjects` `WaitForSingleObject` `WaitForSingleObjectEx` `WideCharToMultiByte` `WriteFile` `__C_specific_handler`
api-ms-win-crt-convert-l1-1-0.dll	`_i64toa` `_ltoa` `_ui64toa` `_ultoa` `atof` `atoi` `mbrtowc` `mbsrtowcs` `strtol` `strtoll` `strtoul` `strtoull` `wcrtomb` `_itoa`
api-ms-win-crt-environment-l1-1-0.dll	`__p__environ` `_wgetcwd` `getenv`
api-ms-win-crt-filesystem-l1-1-0.dll	`_findclose` `_findfirst64i32` `_findnext64i32` `_fullpath` `_lock_file` `_unlock_file` `_wchdir` `_wchmod` `_wfindfirst64i32` `_wfindnext64i32` `_wfullpath` `_wmkdir` `_wstat64` `remove` `rename` `_stat64i32` `_fstat64`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `calloc` `free` `malloc` `realloc`
api-ms-win-crt-locale-l1-1-0.dll	`___mb_cur_max_func` `_configthreadlocale` `localeconv` `setlocale`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr` `acos` `acosf` `asin` `asinf` `atan` `atan2` `atan2f` `atanf` `ceil` `ceilf` `cos` `cosf` `exp` `expf` `floor` `floorf` `fmod` `fmodf` `frexp` `llround` `log` `log10` `log10f` `logf` `lround` `lroundf` `pow` `powf` `round` `roundf` `sin` `sinf` `sqrt` `sqrtf` `tan` `tanf` `trunc` `truncf` `_fdopen`
api-ms-win-crt-private-l1-1-0.dll	`longjmp` `memchr` `memcmp` `memcpy` `memmove` `strchr` `strrchr` `strstr` `wcsstr` `__intrinsic_setjmp`
api-ms-win-crt-runtime-l1-1-0.dll	`_set_app_type` `_assert` `__p___argc` `__p___argv` `__p__acmdln` `_beginthreadex` `_cexit` `_configure_narrow_argv` `_crt_atexit` `_endthreadex` `_errno` `_exit` `_get_errno` `_initialize_narrow_environment` `_initterm` `_initterm_e` `_set_errno` `_set_invalid_parameter_handler` `abort` `exit` `perror` `signal` `strerror` `system`
api-ms-win-crt-stdio-l1-1-0.dll	`__acrt_iob_func` `__p__commode` `__p__fmode` `__stdio_common_vfprintf` `__stdio_common_vsprintf` `_chsize_s` `_close` `_get_osfhandle` `_pclose` `_setmode` `_wfopen` `_wopen` `clearerr` `fclose` `feof` `ferror` `fflush` `fgetc` `fgets` `fputc` `fputs` `fread` `fseek` `ftell` `fwrite` `getc` `getwc` `putc` `putwc` `setvbuf` `tmpfile` `tmpnam` `ungetc` `ungetwc` `freopen` `fopen` `_write` `_read` `_popen` `_lseeki64` `_ftelli64` `_fseeki64` `_fileno`
api-ms-win-crt-string-l1-1-0.dll	`_strlwr` `_strrev` `iswctype` `_wcsicmp` `isalnum` `isalpha` `isblank` `iscntrl` `isdigit` `isgraph` `islower` `isprint` `ispunct` `isspace` `isupper` `isxdigit` `mbrlen` `memset` `strcat` `strcmp` `strcoll` `strcpy` `strlen` `strncmp` `strncpy` `strnlen` `strpbrk` `strspn` `strxfrm` `tolower` `toupper` `towlower` `towupper` `wcscat` `wcscmp` `wcscoll` `wcscpy` `wcslen` `wcsncmp` `wcsnlen` `wcsxfrm` `wctype` `_wcsnicmp` `_strupr` `_strnicmp` `_stricmp` `_strdup`
api-ms-win-crt-time-l1-1-0.dll	`_difftime64` `_gmtime64` `_localtime64` `_mktime64` `_time64` `_wutime64` `clock` `strftime` `wcsftime`
api-ms-win-crt-utility-l1-1-0.dll	`bsearch` `div` `qsort` `rand` `rand_s`
ole32.dll	`CLSIDFromString` `CoCreateInstance` `CoInitializeEx` `CoTaskMemFree` `CoUninitialize` `PropVariantClear`
OLEAUT32.dll	`SysFreeString`
SETUPAPI.dll	`CM_Get_Device_IDA` `CM_Get_Parent` `CM_Locate_DevNodeA` `SetupDiDestroyDeviceInfoList` `SetupDiEnumDeviceInfo` `SetupDiEnumDeviceInterfaces` `SetupDiGetClassDevsA` `SetupDiGetDeviceInterfaceDetailA` `SetupDiGetDeviceRegistryPropertyA`
SHELL32.dll	`CommandLineToArgvW` `DragAcceptFiles` `DragFinish` `DragQueryFileW` `SHGetFolderPathW` `ShellExecuteW`
USER32.dll	`AdjustWindowRectEx` `AttachThreadInput` `CallNextHookEx` `CallWindowProcW` `ChangeDisplaySettingsExW` `ClientToScreen` `ClipCursor` `CloseClipboard` `CopyImage` `CreateIconFromResource` `CreateIconIndirect` `CreateWindowExA` `CreateWindowExW` `DefWindowProcW` `DestroyIcon` `DestroyWindow` `DialogBoxIndirectParamW` `DispatchMessageW` `DrawTextW` `EmptyClipboard` `EndDialog` `EnumDisplayDevicesW` `EnumDisplayMonitors` `EnumDisplaySettingsW` `FillRect` `FlashWindowEx` `GetAsyncKeyState` `GetClassInfoExW` `GetClientRect` `GetClipCursor` `GetClipboardData` `GetClipboardSequenceNumber` `GetCursorPos` `GetDC` `GetDesktopWindow` `GetDlgItem` `GetDoubleClickTime` `GetFocus` `GetForegroundWindow` `GetKeyState` `GetKeyboardLayout` `GetKeyboardState` `GetMenu` `GetMessageExtraInfo` `GetMessageTime` `GetMessageW` `GetMonitorInfoW` `GetParent` `GetPropW` `GetRawInputData` `GetRawInputDeviceInfoA` `GetRawInputDeviceList` `GetSystemMetrics` `GetUpdateRect` `GetWindowLongPtrW` `GetWindowLongW` `GetWindowRect` `GetWindowTextLengthW` `GetWindowTextW` `GetWindowThreadProcessId` `IntersectRect` `InvalidateRect` `IsClipboardFormatAvailable` `IsIconic` `KillTimer` `LoadCursorW` `LoadIconW` `MapVirtualKeyW` `MessageBoxA` `MonitorFromPoint` `MonitorFromRect` `MonitorFromWindow` `MsgWaitForMultipleObjects` `OpenClipboard` `PeekMessageW` `PostMessageW` `PostThreadMessageW` `PtInRect` `RegisterClassExA` `RegisterClassExW` `RegisterClassW` `RegisterDeviceNotificationW` `RegisterRawInputDevices` `RegisterWindowMessageA` `ReleaseCapture` `ReleaseDC` `RemovePropW` `ScreenToClient` `SendMessageW` `SetActiveWindow` `SetCapture` `SetClipboardData` `SetCursor` `SetCursorPos` `SetFocus` `SetForegroundWindow` `SetLayeredWindowAttributes` `SetPropW` `SetTimer` `SetWindowLongPtrW` `SetWindowLongW` `SetWindowPos` `SetWindowRgn` `SetWindowTextW` `SetWindowsHookExW` `ShowWindow` `SystemParametersInfoA` `SystemParametersInfoW` `ToUnicode` `TrackMouseEvent` `TranslateMessage` `UnhookWindowsHookEx` `UnregisterClassA` `UnregisterClassW` `UnregisterDeviceNotification` `ValidateRect`
VERSION.dll	`GetFileVersionInfoA` `GetFileVersionInfoSizeA` `VerQueryValueA`
WINMM.dll	`timeBeginPeriod` `timeEndPeriod` `waveInAddBuffer` `waveInClose` `waveInGetDevCapsW` `waveInGetNumDevs` `waveInOpen` `waveInPrepareHeader` `waveInReset` `waveInStart` `waveInUnprepareHeader` `waveOutClose` `waveOutGetDevCapsW` `waveOutGetErrorTextW` `waveOutGetNumDevs` `waveOutOpen` `waveOutPrepareHeader` `waveOutReset` `waveOutUnprepareHeader` `waveOutWrite`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.58119`
MD5	`da8ae4596dfb3f0bd16cd3f14ae7804c`
SHA1	`b1300135b31045f189612ffa6e70c652b1d2c355`
SHA256	`aaa47b9b7f2cbef321864e9e7948e3753faa780ea7aed2eb19130d98e29f72ae`
SHA3	`1d6431597ddfb0384e09029720eced490890ddcf6174933aaf80f791f630403b`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.84663`
MD5	`a66098d2ad678d84ff9db14455776ba0`
SHA1	`e11349ba50ec5221f01bfa9a7c989c96974fc7bf`
SHA256	`98978f73aeb39709f664a36098c96b95c7f6c9a0cb3688b23ac237aa15673bae`
SHA3	`95f44eaaf4ea0b85fe1f0d87d070525724f1ec31cf08b884270813b34f42533e`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.89675`
MD5	`364d070ca4d44faf75300ec6eb587f4f`
SHA1	`0e84bbdd4c4a4be526e8f86cfd143d05e4fbfa75`
SHA256	`d80da6362f9863fe80a168d571ac14893c83d19e8d0b7cfc4911cf59c934e9a6`
SHA3	`c226af1f7fe63ff3f0fb2455213afa0ee30932f7ab48aafc3ad36c744fc61b00`

IDI_ICON1

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x30`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.45849`
Detected Filetype	Icon file
MD5	`409e1724611e0bc39356e2f58888db55`
SHA1	`c06c0e66cc2f7956256e2f018aa0294bfa914960`
SHA256	`6ab18c3b81a5d30c5a190a4504cae807d73b1a4d02d56ffddf641abbb62b7210`
SHA3	`315b2ad40793f4ef885ff4c878169b02c62f619b57780a98a76c8538cd0ee5c9`

Version Info

TLS Callbacks

StartAddressOfRawData	`0x1415ed000`
EndAddressOfRawData	`0x1415ed008`
AddressOfIndex	`0x1415e55cc`
AddressOfCallbacks	`0x141574e40`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x00000001403772E0` `0x00000001403772C0` `0x000000014038CAE0`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!

Leave a comment

No comments yet.