Manalyze report for 1e47fc6c6ec13f0fa0935d8c994c69e34cdb7ea3fda5bac864ba195c2a175ad4

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	1970-Jan-01 00:00:00
Detected languages	English - United States
TLS Callbacks	2 callback(s) detected.
FileDescription	zlib data compression library
FileVersion	`1.2.11`
InternalName	zlib1.dll
LegalCopyright	(C) 1995-2017 Jean-loup Gailly & Mark Adler
OriginalFilename	zlib1.dll
ProductName	zlib
ProductVersion	`1.2.11`
Comments	For more information visit http://www.zlib.net/

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: http://www.zlib.net http://www.zlib.net/ www.zlib.net`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata`
Safe	VirusTotal score: 0/72 (Scanned on 2025-08-31 20:50:55)	`All the AVs think this file is safe.`

Hashes

MD5	`45a5816b9dc733f231b3351e4e0f88ae`
SHA1	`f8b91d7a962a4ae50fe6bfaa1b1e8a2b1c636790`
SHA256	`1e47fc6c6ec13f0fa0935d8c994c69e34cdb7ea3fda5bac864ba195c2a175ad4`
SHA3	`be1968fc151b9ae6f9329020b8eba202faa6a407678ae280fb0f8100ce17007a`
SSDeep	`3072:zLXVVFvf23hwNjm4B2snRwIMYTBf8pQpyvFx4D5:zLvFvf23FlhIMYTBEKpyv7`
Imports Hash	`bc1891389bc989e6f0c48d238537f59d`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`12`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0x12e00`
SizeOfInitializedData	`0x1b000`
SizeOfUninitializedData	`0xa00`
AddressOfEntryPoint	`0x0000000000001330 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x62e80000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x24000`
SizeOfHeaders	`0x400`
Checksum	`0x2894e`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`4790570cf813d692c2fc139ee079ae3d`
SHA1	`d29238790e90c0c9b495fef0ead868e1a41f8c33`
SHA256	`13ac3c4bf871ed0e2c0eb89bac36e33c8fb06ce68ddf366c65bad7ec0421ba3e`
SHA3	`041f213b75c99e94913dd88e6b0e85977a7e6cbc11f09a3f7fa1f76fe517f4a9`
VirtualSize	`0x12c08`
VirtualAddress	`0x1000`
SizeOfRawData	`0x12e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.34005`

.data

MD5	`aedceed154cd478679c6436cc31f7c3c`
SHA1	`f8bb2e54e2f75fb328a2ae7ca923d9bad1438eae`
SHA256	`35bda504a9c89c0a2893f064d837f049c2edaca0b12129be567685082b2642f5`
SHA3	`4ae9ec8b833d80c3c77200042dc4da1d9d62549f212edc1aa1e9f492672b64f0`
VirtualSize	`0x90`
VirtualAddress	`0x14000`
SizeOfRawData	`0x200`
PointerToRawData	`0x13200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.749836`

.rdata

MD5	`c2d212b784fd18eabc2c1030cb3e2595`
SHA1	`f3aa4de93682d404925f0b1fb3b08aa742a7b354`
SHA256	`2295c58cc5a11cde8ffdbe4d3b871312d86c7127af78c70810f54940590f69b8`
SHA3	`be5fbb2b6ec732e2ba30a81d4a7397c44d1340146e01d9dee78c8dfad1dd0a5c`
VirtualSize	`0x5440`
VirtualAddress	`0x15000`
SizeOfRawData	`0x5600`
PointerToRawData	`0x13400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.59387`

.pdata

MD5	`04b90dd33e7c7a26183f83c6c6519cdd`
SHA1	`d89e943fabd1ae0e97951b248b12a21e748ea94d`
SHA256	`4686636d5841dbcbf582845f04171623b9610cd1475538b889a82e9e21f0c0bb`
SHA3	`8abb164affbd74b74e199f9a5b6e3433faf9e7f725cad8214ebcc40dd35903ce`
VirtualSize	`0x7c8`
VirtualAddress	`0x1b000`
SizeOfRawData	`0x800`
PointerToRawData	`0x18a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.76595`

.xdata

MD5	`fb0e14b8c75ac70434e0c63e4bddb2fc`
SHA1	`a20f23a77dc799b0c2ab74bfe82e4b43c7fe7ce9`
SHA256	`5bf73ceb716b2c8ac3336924e72d20c05b968056a138cfbc3a0698a48c049040`
SHA3	`82f7b9dac8693dcf998ee5922a438cf17c99e6313e26a3cf5be579d8be2b2b28`
VirtualSize	`0x784`
VirtualAddress	`0x1c000`
SizeOfRawData	`0x800`
PointerToRawData	`0x19200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.11755`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x920`
VirtualAddress	`0x1d000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.edata

MD5	`78607d7b20b58d31f647b27b639a141f`
SHA1	`ba51c7c22b2dd06b2559b554199b53a1f9b8cc14`
SHA256	`0648704113228daa80eb202bff3b80a60e84ce89c1a997c5fa433359dcf60f1b`
SHA3	`6605e17a7440dcd13e592d4dd83a43077a90c5089459f6043adb71346e1871e2`
VirtualSize	`0x77c`
VirtualAddress	`0x1e000`
SizeOfRawData	`0x800`
PointerToRawData	`0x19a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.12782`

.idata

MD5	`9ea5d30aeb7c0680453a61fbb2e10c25`
SHA1	`9484979faa88b3831be3ba13036a2139e83bc0fa`
SHA256	`52de16e3cd858a21815a631db44371469f3e6ab59422205c999c52c934c9d8d5`
SHA3	`613cfed1660e916ded540cc427ab6f239a0f4f457306cade9455d109174cb8bd`
VirtualSize	`0x758`
VirtualAddress	`0x1f000`
SizeOfRawData	`0x800`
PointerToRawData	`0x1a200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.06833`

.CRT

MD5	`d09408cc25d163dca3b396364485898b`
SHA1	`c72ad07d661f56dd22c10480b596e96dcbd1146a`
SHA256	`8e13eb24dea5968db94d075b9306e3576e556e8a7ab20ec635264a8b206ddf83`
SHA3	`5a1ebfdd089d9b49d5a07bf031f65bbf2443e4e47a63d2748ecd383a3defab73`
VirtualSize	`0x58`
VirtualAddress	`0x20000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1aa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.20692`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x10`
VirtualAddress	`0x21000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1ac00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`d75885596bdf8e245723c3aaf4ae9f52`
SHA1	`eab27eb10a7590dba5b8a57d24b10d522d27b110`
SHA256	`774e7e334278e822206dd4216b6323cd8f72f9aa7e1d38b8418d67de52da7d59`
SHA3	`1314981195a2bf40a4db0c771990f14b375de56a731852db8b1efcc2c3378009`
VirtualSize	`0x390`
VirtualAddress	`0x22000`
SizeOfRawData	`0x400`
PointerToRawData	`0x1ae00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.05368`

.reloc

MD5	`dbd8bc013d4c57868678f6987738f558`
SHA1	`d8156f90c4eb8d8eb556dee8433415751a5977ae`
SHA256	`447fa38800c7ace3202e975236611de2be251dc1b280cf6951713b380bd460b7`
SHA3	`0ff97b8602ba29d4f4a816031e8ee8b9bbe0d0c4cf2b5402fb8351335ef986c1`
VirtualSize	`0xb0`
VirtualAddress	`0x23000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1b200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.06819`

Imports

KERNEL32.dll	`DeleteCriticalSection` `EnterCriticalSection` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThreadId` `GetLastError` `GetSystemTimeAsFileTime` `GetTickCount` `InitializeCriticalSection` `LeaveCriticalSection` `QueryPerformanceCounter` `RtlAddFunctionTable` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `SetUnhandledExceptionFilter` `Sleep` `TerminateProcess` `TlsGetValue` `UnhandledExceptionFilter` `VirtualProtect` `VirtualQuery`
msvcrt.dll	`__iob_func` `_amsg_exit` `_close` `_errno` `_initterm` `_lock` `_lseek` `_open` `_read` `_unlock` `_vsnprintf` `_wopen` `_write` `abort` `calloc` `free` `fwrite` `malloc` `memchr` `memcpy` `memset` `realloc` `signal` `strerror` `strlen` `strncmp` `vfprintf` `wcstombs`

Delayed Imports

adler32

Ordinal	`1`
Address	`0x1a40`

adler32_combine

Ordinal	`2`
Address	`0x1a50`

adler32_combine64

Ordinal	`3`
Address	`0x1b00`

adler32_z

Ordinal	`4`
Address	`0x13b0`

compress

Ordinal	`5`
Address	`0x1ca0`

compress2

Ordinal	`6`
Address	`0x1bb0`

compressBound

Ordinal	`7`
Address	`0x1cc0`

crc32

Ordinal	`8`
Address	`0x2340`

crc32_combine

Ordinal	`9`
Address	`0x2360`

crc32_combine64

Ordinal	`10`
Address	`0x2370`

crc32_z

Ordinal	`11`
Address	`0x2320`

deflate

Ordinal	`12`
Address	`0x6030`

deflateBound

Ordinal	`13`
Address	`0x5eb0`

deflateCopy

Ordinal	`14`
Address	`0x6870`

deflateEnd

Ordinal	`15`
Address	`0x60c0`

deflateGetDictionary

Ordinal	`16`
Address	`0x5560`

deflateInit2_

Ordinal	`17`
Address	`0x61d0`

deflateInit_

Ordinal	`18`
Address	`0x6580`

deflateParams

Ordinal	`19`
Address	`0x5bb0`

deflatePending

Ordinal	`20`
Address	`0x59c0`

deflatePrime

Ordinal	`21`
Address	`0x5a50`

deflateReset

Ordinal	`22`
Address	`0x5750`

deflateResetKeep

Ordinal	`23`
Address	`0x5630`

deflateSetDictionary

Ordinal	`24`
Address	`0x52c0`

deflateSetHeader

Ordinal	`25`
Address	`0x5930`

deflateTune

Ordinal	`26`
Address	`0x5e20`

get_crc_table

Ordinal	`27`
Address	`0x2310`

gzbuffer

Ordinal	`28`
Address	`0x78a0`

gzclearerr

Ordinal	`29`
Address	`0x7e00`

gzclose

Ordinal	`30`
Address	`0x6b00`

gzclose_r

Ordinal	`31`
Address	`0x8e50`

gzclose_w

Ordinal	`32`
Address	`0xa000`

gzdirect

Ordinal	`33`
Address	`0x8e10`

gzdopen

Ordinal	`34`
Address	`0x7140`

gzeof

Ordinal	`35`
Address	`0x7d80`

gzerror

Ordinal	`36`
Address	`0x7da0`

gzflush

Ordinal	`37`
Address	`0x9de0`

gzfread

Ordinal	`38`
Address	`0x87d0`

gzfwrite

Ordinal	`39`
Address	`0x95c0`

gzgetc

Ordinal	`40`
Address	`0x88f0`

gzgetc_

Ordinal	`41`
Address	`0x89e0`

gzgets

Ordinal	`42`
Address	`0x8c70`

gzoffset

Ordinal	`43`
Address	`0x7d30`

gzoffset64

Ordinal	`44`
Address	`0x7ce0`

gzopen

Ordinal	`45`
Address	`0x6b40`

gzopen64

Ordinal	`46`
Address	`0x6e40`

gzopen_w

Ordinal	`47`
Address	`0x7570`

gzprintf

Ordinal	`48`
Address	`0x9c00`

gzputc

Ordinal	`49`
Address	`0x9730`

gzputs

Ordinal	`50`
Address	`0x9920`

gzread

Ordinal	`51`
Address	`0x86d0`

gzrewind

Ordinal	`52`
Address	`0x78e0`

gzseek

Ordinal	`53`
Address	`0x7b10`

gzseek64

Ordinal	`54`
Address	`0x79a0`

gzsetparams

Ordinal	`55`
Address	`0x9ec0`

gztell

Ordinal	`56`
Address	`0x7cb0`

gztell64

Ordinal	`57`
Address	`0x7c80`

gzungetc

Ordinal	`58`
Address	`0x8ad0`

gzvprintf

Ordinal	`59`
Address	`0x9a30`

gzwrite

Ordinal	`60`
Address	`0x94a0`

inflate

Ordinal	`61`
Address	`0xc730`

inflateBack

Ordinal	`62`
Address	`0xa260`

inflateBackEnd

Ordinal	`63`
Address	`0xb3e0`

inflateBackInit_

Ordinal	`64`
Address	`0xa160`

inflateCodesUsed

Ordinal	`65`
Address	`0xefd0`

inflateCopy

Ordinal	`66`
Address	`0xebf0`

inflateEnd

Ordinal	`67`
Address	`0xe6c0`

inflateGetDictionary

Ordinal	`68`
Address	`0xe740`

inflateGetHeader

Ordinal	`69`
Address	`0xe8b0`

inflateInit2_

Ordinal	`70`
Address	`0xc470`

inflateInit_

Ordinal	`71`
Address	`0xc570`

inflateMark

Ordinal	`72`
Address	`0xef60`

inflatePrime

Ordinal	`73`
Address	`0xc6a0`

inflateReset

Ordinal	`74`
Address	`0xc2d0`

inflateReset2

Ordinal	`75`
Address	`0xc3b0`

inflateResetKeep

Ordinal	`76`
Address	`0xc200`

inflateSetDictionary

Ordinal	`77`
Address	`0xe7e0`

inflateSync

Ordinal	`78`
Address	`0xe910`

inflateSyncPoint

Ordinal	`79`
Address	`0xeb90`

inflateUndermine

Ordinal	`80`
Address	`0xeeb0`

inflateValidate

Ordinal	`81`
Address	`0xef00`

uncompress

Ordinal	`82`
Address	`0x123b0`

uncompress2

Ordinal	`83`
Address	`0x12230`

zError

Ordinal	`84`
Address	`0x123f0`

zlibCompileFlags

Ordinal	`85`
Address	`0x123e0`

zlibVersion

Ordinal	`86`
Address	`0x123d0`

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x334`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.46523`
MD5	`391f3e127cd53b56766c0fe6c39e23d4`
SHA1	`3fa5a227991f9b5463bc5c701587f7c5e1be3551`
SHA256	`ad51f4cc25ce571ff318e9cd81d0c940609845b4a19df21a345ecb1ad3109142`
SHA3	`5ceb3bd66bd8f6894c7671713bcbedd757fdb35184089f52232968d6ef7f7575`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.2.11.0
ProductVersion	1.2.11.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
FileDescription	zlib data compression library
FileVersion (#2)	1.2.11
InternalName	zlib1.dll
LegalCopyright	(C) 1995-2017 Jean-loup Gailly & Mark Adler
OriginalFilename	zlib1.dll
ProductName	zlib
ProductVersion (#2)	1.2.11
Comments	For more information visit http://www.zlib.net/

Resource LangID	English - United States

TLS Callbacks

StartAddressOfRawData	`0x62ea1000`
EndAddressOfRawData	`0x62ea1008`
AddressOfIndex	`0x62e9d5cc`
AddressOfCallbacks	`0x62ea0030`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x0000000062E92710` `0x0000000062E926E0`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!

Leave a comment

No comments yet.