Manalyze report for 23c0e29ac4d47b9b35a70cd4287d37bff2083272c8644954c1de8ca11dad87ad

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-May-23 21:11:10
Detected languages	English - United States
Debug artifacts	D:\Tools\nfProjects\Hwid-Tester-Arp\x64\Release\Vanguard.pdb

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to security software: guard.exe`
Info	Libraries used to perform cryptographic operations:	`Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found: .nyebfpm` `Section .nyebfpm is both writable and executable.`
Info	The PE contains common functions which appear in legitimate applications.	`Uses Microsoft's cryptographic API: CryptImportPublicKeyInfoEx2`
Suspicious	The file contains overlay data.	`81939 bytes of data starting at offset 0x20000.` `The overlay data has an entropy of 7.99749 and is possibly compressed or encrypted.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`2c6d52700aa9ba9c3cf4733c548d90a1`
SHA1	`203d670e6c4474bba6e7c7a3485ceba5e38a70b6`
SHA256	`23c0e29ac4d47b9b35a70cd4287d37bff2083272c8644954c1de8ca11dad87ad`
SHA3	`8251e8758ceabb3dc54b23cea9b376b13c7b973b18871aa70b43236e9a6e7c66`
SSDeep	`6144:wcDeV0eTZ+2/Fm4wKLt6ySJQINqgFPfti:O0eTZ5/FSKYySatgFPQ`
Imports Hash	`143283012deac5103d7a207fb7a4d6ed`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2026-May-23 21:11:10
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x11000`
SizeOfInitializedData	`0xd000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000112D4 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x25000`
SizeOfHeaders	`0x400`
Checksum	`0x5bb34ab4`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b7b7108d11d57facddb045cb0f836fc6`
SHA1	`55cbfc311981df07f1490e3280b81887de1fa845`
SHA256	`7873bc52e9c1517ec1c1287b5bcb17696f0a7589cc84d478c05b0785e861c341`
SHA3	`b72eb2fe8d1debf5218e29344c6f09d867dec5318048ab3dade677601ffe2496`
VirtualSize	`0x10fe0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x11000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.23244`

.rdata

MD5	`3c2c260f1d4ab7a0a78d61b46c4074df`
SHA1	`397c3e40f246fbfb751ac1b93b39ff30266b1f4d`
SHA256	`40fc5231a4cc572063f5b22c1953482ed67b19ae67882c3e1eda7c7bae5af993`
SHA3	`14816606f111df3854c9a602d408b78031663c6ccbb420ef04ce94f2c0b09e36`
VirtualSize	`0x85d6`
VirtualAddress	`0x12000`
SizeOfRawData	`0x8600`
PointerToRawData	`0x11400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.92434`

.data

MD5	`8f410d2d27c6a19324b7d76d7fc7da06`
SHA1	`374a42b93ca6a1a7f60fbc3afdaf8a0a19da1d7f`
SHA256	`d7bdade3bdde2b0988365e4bb42ebecc0345d28f5605f155e0b44a27d9e8cde2`
SHA3	`b457a2ef75046431a2d235a8a6c71e9abae4301eabadda320306d8c8a227f4c7`
VirtualSize	`0x2e88`
VirtualAddress	`0x1b000`
SizeOfRawData	`0x2800`
PointerToRawData	`0x19a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.26365`

.pdata

MD5	`75a69d3bcfbb0c756e8a9ed55f7e3129`
SHA1	`75b5220bbf619dfe27843959bc37e404f2506483`
SHA256	`c7f8572b1992629ec8f6646acf73d914ea44aab14af401f0367fcaacb35d93bf`
SHA3	`1e49f68cdf593acd4bbc4a644bd571f67ca51c102b8cfd8bb2958a50adb7c818`
VirtualSize	`0x12a8`
VirtualAddress	`0x1e000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x1c200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.84274`

.rsrc

MD5	`b673e4190face1157da6fed45aa68103`
SHA1	`604c9feb503cf66a04136451523a26f33431f7b0`
SHA256	`3f2c6b13070a55cd8e6c3d5851d6b58147cc8c888ddd6155107cea8bf15301bf`
SHA3	`642f7e221c04ee51e1dd713c9fcb639c0cae0454f043553898e86343e76affdd`
VirtualSize	`0x1e8`
VirtualAddress	`0x20000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1d600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.75615`

.reloc

MD5	`badad718b61aed0bf0c31e7feb56e094`
SHA1	`45bf8428031c3da416e73fbcddc23d9ffdc6d3b9`
SHA256	`f564e7452ff5f4093f5fe3a3236bad836dd6839bc3014b6bdc7a91d9a0b1a415`
SHA3	`18a49a04e70cac2ad56b3d2986268f0cc56ac12c5bb33bfca0269b2789338b85`
VirtualSize	`0x23c`
VirtualAddress	`0x21000`
SizeOfRawData	`0x400`
PointerToRawData	`0x1d800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.68569`

.nyebfpm

MD5	`8c209b56ed8cc10dba94e85672fac3fa`
SHA1	`1463fa37993e2c245fed81f4c6edf3157fd5c479`
SHA256	`9b2b08ea9aa1318a3d5babf9cf7368edb94a2eed79fe37382b7cbc1c1e5df011`
SHA3	`961d57979b552ac44cd942b6297f053b5c9a6febe4e936dbddd009048f64ab7f`
VirtualSize	`0x2256`
VirtualAddress	`0x22000`
SizeOfRawData	`0x2400`
PointerToRawData	`0x1dc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.97914`

Imports

KERNEL32.dll	`GetLastError` `Sleep` `InitializeCriticalSectionEx` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `RtlLookupFunctionEntry` `RtlCaptureContext` `OutputDebugStringW` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `DeleteCriticalSection` `GetModuleHandleW` `RtlVirtualUnwind` `IsDebuggerPresent`
MSVCP140.dll	`?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ` `?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ` `??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z` `?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z` `?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z` `?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z` `?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z` `?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ` `?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z` `?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z` `??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z` `?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z` `?always_noconv@codecvt_base@std@@QEBA_NXZ` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ` `?_Xlength_error@std@@YAXPEBD@Z` `?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z` `?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z` `?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `?_Raise_handler@std@@3P6AXAEBVexception@stdext@@@ZEA` `?wcerr@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A` `?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?_Id_cnt@id@locale@std@@0HA` `?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A` `?_Xbad_alloc@std@@YAXXZ` `?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ` `?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `??0_Lockit@std@@QEAA@H@Z` `??1_Lockit@std@@QEAA@XZ` `?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z`
CRYPT32.dll	`CryptImportPublicKeyInfoEx2` `CertFreeCertificateChain` `CertCloseStore` `CertEnumCertificatesInStore` `CertFreeCertificateContext` `CertGetCertificateChain` `CertCreateCertificateContext` `CertGetNameStringW`
ncrypt.dll	`BCryptDestroyKey` `NCryptOpenStorageProvider` `BCryptExportKey` `NCryptGetProperty` `NCryptFreeObject`
tbs.dll	`Tbsip_Submit_Command` `Tbsip_Context_Close` `Tbsi_Context_Create`
VCRUNTIME140.dll	`__current_exception_context` `__current_exception` `_CxxThrowException` `__std_exception_destroy` `__std_exception_copy` `memset` `memmove` `__C_specific_handler` `memcpy` `memcmp`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
api-ms-win-crt-runtime-l1-1-0.dll	`__p___argc` `_c_exit` `_exit` `_initialize_narrow_environment` `_invoke_watson` `_initialize_onexit_table` `_register_onexit_function` `_initterm_e` `exit` `_initterm` `_get_initial_narrow_environment` `__p___argv` `terminate` `_crt_atexit` `_register_thread_local_exe_atexit_callback` `_set_app_type` `abort` `_seh_filter_exe` `_cexit` `_configure_narrow_argv`
api-ms-win-crt-stdio-l1-1-0.dll	`fsetpos` `fgetpos` `setvbuf` `__p__commode` `ungetc` `getchar` `fclose` `fread` `_fseeki64` `fflush` `_get_stream_buffer_pointers` `_set_fmode` `fgetc` `__stdio_common_vswprintf_s` `fputc` `fwrite`
api-ms-win-crt-heap-l1-1-0.dll	`free` `_set_new_mode` `malloc` `_callnewh`
api-ms-win-crt-filesystem-l1-1-0.dll	`_lock_file` `_unlock_file`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`

Delayed Imports

SysStringLen

Ordinal	`1`
Address	`0x1330`

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-May-17 14:28:17
Version	`0.0`
SizeofData	`85`
AddressOfRawData	`0x16908`
PointerToRawData	`0x15d08`
Referenced File	D:\Tools\nfProjects\Hwid-Tester-Arp\x64\Release\Vanguard.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-May-17 14:28:17
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x16960`
PointerToRawData	`0x15d60`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-May-17 14:28:17
Version	`0.0`
SizeofData	`928`
AddressOfRawData	`0x16974`
PointerToRawData	`0x15d74`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2026-May-17 14:28:17
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x140016d38`
EndAddressOfRawData	`0x140016d40`
AddressOfIndex	`0x14001dda0`
AddressOfCallbacks	`0x1400125d8`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14001b040`

RICH Header

XOR Key	`0x861341ad`
Unmarked objects	`0`
ASM objects (35207)	`3`
C objects (35207)	`10`
Imports (VS2012 build 50727 / VS2005 build 50727)	`2`
Imports (VS2008 SP1 build 30729)	`22`
Imports (21202)	`2`
C++ objects (35207)	`35`
Imports (35207)	`6`
C objects (33145)	`3`
Imports (33145)	`33`
Total imports	`399`
C++ objects (LTCG) (35222)	`2`
Exports (35222)	`1`
Resource objects (35222)	`1`
Linker (35222)	`1`

Errors

Leave a comment

No comments yet.