Manalyze report for 3e9e8a84403e25661ef5a0228057c3b58aed69126cbfd5eea4c3dda4ef858ff2

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Jun-14 08:45:35

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: cmd.exe` `Contains domain names: github.com https://github.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to AES`
Suspicious	The PE is packed with mpress	`Unusual section name found: .themida` `Unusual section name found: .vmp1` `Unusual section name found: .enigma2` `Unusual section name found: .vmp0` `Unusual section name found: .FSG!` `Unusual section name found: .aspack` `Unusual section name found: .nsp1` `Unusual section name found: .vmp2` `Unusual section name found: .UPX0` `Unusual section name found: .\x0apdata` `Unusual section name found: .UPX2` `Unusual section name found: .vmp3` `Unusual section name found: .pec1` `Unusual section name found: .pec2` `Unusual section name found: .petite` `Unusual section name found: .mpress1` `Unusual section name found: .mpress2` `Unusual section name found: .xtls` `Unusual section name found: .arch` `Unusual section name found: .mrdata` `Unusual section name found: .dsstext` `Unusual section name found: .vmp4` `Unusual section name found: .vmp5` `Unusual section name found: .vmp6` `Unusual section name found: .vmp7` `Unusual section name found: .vmp8` `Unusual section name found: .enigma1` `Unusual section name found: .nsp0` `Unusual section name found: .aspack2` `Unusual section name found: .upx3` `Unusual section name found: .vmp9` `Unusual section name found: .enigma3` `Unusual section name found: .themida` `Unusual section name found: .fsg2` `Unusual section name found: .nsp2` `Unusual section name found: .pec3` `Unusual section name found: .petite2` `Unusual section name found: .mpress3` `Unusual section name found: .tls2` `Unusual section name found: .pdata2` `Unusual section name found: .fptable`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Can access the registry: RegCloseKey RegQueryValueExA RegOpenKeyExA` `Possibly launches other programs: CreateProcessW ShellExecuteW` `Has Internet access capabilities: WinHttpReceiveResponse WinHttpSendRequest WinHttpOpen WinHttpCloseHandle WinHttpConnect WinHttpReadData WinHttpSetOption WinHttpOpenRequest WinHttpAddRequestHeaders` `Manipulates other processes: OpenProcess Process32FirstW Process32NextW` `Reads the contents of the clipboard: GetClipboardData`
Malicious	VirusTotal score: 15/64 (Scanned on 2026-06-20 02:33:17)	`APEX: Malicious` `Bkav: W32.Malware.839AEFF9` `CrowdStrike: win/malicious_confidence_90% (D)` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `Elastic: malicious (high confidence)` `K7AntiVirus: CryptoMiner ( 006e09ec1 )` `K7GW: CryptoMiner ( 006e09ec1 )` `Malwarebytes: Trojan.MalPack` `Microsoft: Trojan:Win32/Wacatac.B!ml` `Paloalto: generic.ml` `SentinelOne: Static AI - Malicious PE` `Symantec: ML.Attribute.HighConfidence` `Trapmine: malicious.high.ml.score` `Zoner: Probably Heur.ExeHeaderP`

Hashes

MD5	`3c7c128c64f94ae06105510860597438`
SHA1	`2daa1c7cc0e90a9d67b5f1082b6e78063a22aa36`
SHA256	`3e9e8a84403e25661ef5a0228057c3b58aed69126cbfd5eea4c3dda4ef858ff2`
SHA3	`fe727dd95587a12290a5eb1b512e768a74d059798e2d75d2c4c4bdc38fe9bd4d`
SSDeep	`24576:hHkLmIEsRipBcXruv6BrBlm97sQmKhVsOMbjzrVANF+WEiSnmPm6hbl:hELmIEsUpBcXruv6BdlmaQ6bXrVA3/S`
Imports Hash	`5e223558ae39ceacdf088ec5a9e0ed57`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`46`
TimeDateStamp	2026-Jun-14 08:45:35
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xfbe00`
SizeOfInitializedData	`0x67e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000CEDD0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x18b000`
SizeOfHeaders	`0xa00`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`499b9a6d78d31a9bd8dc3e2d43f6fbfe`
SHA1	`22fbb9ac7a5e0d6ba49e3ea5d11c61860b534092`
SHA256	`dd1f96b3ff86eea7735a6e11dd94ffbf1d941973632cf7b5cbcf28b4e1aa7269`
SHA3	`69ca663584b5983f07923caacf498b7d47331fab6547eaf96aa2bd99aad414a2`
VirtualSize	`0xfbd36`
VirtualAddress	`0x1000`
SizeOfRawData	`0xfbe00`
PointerToRawData	`0xa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.58763`

.rdata

MD5	`71dbc6f558e593a0e3c1cb5888d225da`
SHA1	`6f52418a596f70a56a1f1656e93bb7be74a50885`
SHA256	`7390b1d536c7c14fbf125cce8cf6c24aaa72bdfa73a131a686b8434442d9d2aa`
SHA3	`1d2be158237dda96d32223795dc87709bf4509c10974f2674b96d7ab5d03ac99`
VirtualSize	`0x302fa`
VirtualAddress	`0xfd000`
SizeOfRawData	`0x30400`
PointerToRawData	`0xfc800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.57425`

.data

MD5	`bcd8715977706a00b14c30c340592ef3`
SHA1	`e6b0ec71b84d524a1832ad788d485af2e58c8ad3`
SHA256	`81a88bbefcce7b16d1b0de1e2ae68cb60eb8d95f8f0360e328b05afcdea514eb`
SHA3	`2b85654f4dcaf5d0e8974d7377dc6298d4d44113c0885f9e4ce5d0055449204b`
VirtualSize	`0x242c`
VirtualAddress	`0x12e000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x12cc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.39109`

.pdata

MD5	`2c44fc01f5ce69abbc6f9ec501381cb2`
SHA1	`2ef9de345542dead4d3c5a622a8c1bef23f3448b`
SHA256	`f2ca9519d64f668739a3f1180ec586e9ae36f7167fd1998416e8e28a540d3285`
SHA3	`b436e025190f1348f77e8fa2ce311e36501900bbc13010a921e6f8d0e88357b2`
VirtualSize	`0x77d0`
VirtualAddress	`0x131000`
SizeOfRawData	`0x7800`
PointerToRawData	`0x12de00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.00504`

.themida

MD5	`8d556242c1c7681d57345e54b2cafe4a`
SHA1	`21409841715c50925b59b1a0db6d80ece17b21c9`
SHA256	`33f8097bab6194041396e2a2083df5e983d2433deae1220e7571d21a5a187505`
SHA3	`1945265fa199dcfd808763305c02a4961e55cb7efeee387178a086475d1c9985`
VirtualSize	`0x107c`
VirtualAddress	`0x139000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x135600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.81324`

.vmp1

MD5	`af65b551774efbb5eac82a8cc5bc6253`
SHA1	`bcffd24a2ca5703629adb7357b18cb5404ffe793`
SHA256	`66d1d8acd56f8aaffe2439ed7cab5805f924b52f57a20b743603f1947f35124e`
SHA3	`8eb56243b3e155aedd9f5c6199160ed923082d3c70ccf7908f565eb768435cb6`
VirtualSize	`0x107c`
VirtualAddress	`0x13b000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x136800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.23528`

.enigma2

MD5	`0b7a4c4a6ed725057bbb4a0442b6ef9e`
SHA1	`99811fda7354059070185b899010a0fb4e9b9f41`
SHA256	`76503fcb9f222fdca971e17bbebb16ffdf493b6299d1ac267baba02cf17cd378`
SHA3	`d734a6430aafa23d53a558fe16cb42991e2f207b1eae73ddb97f827f2e19ef0c`
VirtualSize	`0x107c`
VirtualAddress	`0x13d000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x137a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.36649`

.vmp0

MD5	`f1075f77005b8c3747bf83aeaad991fa`
SHA1	`92e94e67687d8411a79ca02c897c2faa150d532a`
SHA256	`10b653f7c9bb4d6be6cfc81aa53bac12464fb72b5391e14140e5d65be779f7e5`
SHA3	`e6e759388518f8efac48ec4b16cf60d0faac955ab73ba39c6ee75d59d63058ad`
VirtualSize	`0x107c`
VirtualAddress	`0x13f000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x138c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.07713`

.FSG!

MD5	`806c901f7e0d270f3873b3f66ba40cee`
SHA1	`ad685cb37f9c1361c963da73b3364164f3cf5245`
SHA256	`de84816c08c8fbfb9ff57fc5b871949de3a35fc45ea64c8e2c4211efeb967745`
SHA3	`32cb176e303757495de39407b8c079206062ae1690afb64a01e82852d2244fcb`
VirtualSize	`0x107c`
VirtualAddress	`0x141000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x139e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.00664`

.aspack

MD5	`cf8f454ccd82981e3c56cc549563bef2`
SHA1	`f026b23928dcfa6abb48846d31117f808ed47309`
SHA256	`f45a819ea95c6a3724ec55105e09cf506bde4b9ad1c1e9d1fd98643fcac304af`
SHA3	`739a730861e0369c7d72a0b4abbb87c402b3fb1f4a405978824048fa4b902d53`
VirtualSize	`0x107c`
VirtualAddress	`0x143000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x13b000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.00841`

.nsp1

MD5	`4f1a5d5f815266500319b427bd86d395`
SHA1	`4a7767600bbf4e7db25c199dfdc63c654032a4ad`
SHA256	`e2b51681514cc1d24a710497e49987e887af050133de39fd06343cafcec32dac`
SHA3	`ad2d47b64e81725437f9e99503b309fc286604b79ab381c9bd37fe988fea069f`
VirtualSize	`0x107c`
VirtualAddress	`0x145000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x13c200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.01671`

.vmp2

MD5	`c7f1e9d55ecce2b4bd2d32c64020d793`
SHA1	`ddbaea4b9f7d54b35a64d28a82d437cf1856ae0e`
SHA256	`bc58b13f8c90f90149ba9fe0f031b5bf51772335a6123215d61d6b187579eec7`
SHA3	`f82191652488c7d724e7cf8619b69a441273aeaf2346db4a7ab309b41dd9c4a5`
VirtualSize	`0x107c`
VirtualAddress	`0x147000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x13d400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.90413`

.UPX0

MD5	`7bf27598502126ecd7b16d9ba6b895db`
SHA1	`fd31fefd57a74848e7dcd3eb58d7868e239d91cd`
SHA256	`a411f890e0ecb495a7b23b75a2dff15a73fef508830eb2fff6d360c9ba9654e9`
SHA3	`b29fd3a5ac1777a4457ed9e0782a6a73b3c56ae661f2daec3fe1cfa35fab069d`
VirtualSize	`0x107c`
VirtualAddress	`0x149000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x13e600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.00531`

.\x0apdata

MD5	`1c74b5537945510419dcfedc46826c80`
SHA1	`2b8df23183abb7765aeb789ae7421df6fe375eed`
SHA256	`f798c127105b9229c3601578be62fa2fc1a82203684ab380762d29ddc0f8c00f`
SHA3	`afc393af3814c2c4ef52fb694f32973aa892d850a4d7605b38c8e1c94d529568`
VirtualSize	`0x107c`
VirtualAddress	`0x14b000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x13f800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.01163`

.UPX2

MD5	`42daa1da23511e2bcaec89718a8faa77`
SHA1	`4732bb0f0f86cba1a55a9c11ba3f35f145c80c1a`
SHA256	`fbaa31e62743e658254a0957b7e6a19af92e091018b63ddb4169532d9e44b78e`
SHA3	`b303ef3464b61b9ed26385163105ea3b331f74ae5609f0a0d358a21c8878bef4`
VirtualSize	`0x107c`
VirtualAddress	`0x14d000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x140a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.03206`

.vmp3

MD5	`d586435b4052c630e8921a5781c0cc63`
SHA1	`7407776bb2f0bf7e22ceb0dffded689d564b84c0`
SHA256	`d1b2b4f69dac96d74ee06c899a961a0fdd14594aca70cd60260d33a58fb4a9c6`
SHA3	`5d3857bd306bd05a5db450bdd03ad6cc04ff97dd03e7c297523f14ccc0873854`
VirtualSize	`0x107c`
VirtualAddress	`0x14f000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x141c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.01272`

.pec1

MD5	`c54f4748eebfe15196778f39e81f4dcc`
SHA1	`e156004410394df6e3b6cd735b46ff36987748e8`
SHA256	`ef02d4534232ade457a9b0f53e0b7bc2e1758e4704ba24bd23b0604286705d49`
SHA3	`059dd94d5dc095d98a3a409869aa8a64d6c73d0c800e93c7a9a18fbcd7003d9f`
VirtualSize	`0x107c`
VirtualAddress	`0x151000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x142e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.02159`

.pec2

MD5	`5c9edadad0fbcdf72cdc983a10907f1e`
SHA1	`02532b43f90717fb8e7df941393e0074458d61dc`
SHA256	`ec558be2b26159b5d32522e3f8ff88cd0d5be1fe6f8836bccb6666013235262e`
SHA3	`56c22f5ff40fad49f0d841ff0f8310234a90e10e7e1ca1a4b5244e77aa820180`
VirtualSize	`0x107c`
VirtualAddress	`0x153000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x144000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.00361`

.petite

MD5	`f86caa4b12c7ea6fdc1da912aeff1d6a`
SHA1	`e59d7b2e60a33786b5a3ca4aa21738b7f0949403`
SHA256	`ecddc1495b0d5c1b9d05e035a70ca588189e8d233549799bc1dff1d693b98239`
SHA3	`4f371a488be2cc3cf32a9e1b568ca3e88faf8f00d7f31a60d9d5e741a23f9130`
VirtualSize	`0x107c`
VirtualAddress	`0x155000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x145200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.0091`

.mpress1

MD5	`34da0f3e7fb6b22b77834c177ebde62a`
SHA1	`0d31776df39d553f37ad58da83e6abf15bc23f7f`
SHA256	`7f7a3796b4bcad386fc23e2945aabfea185bebbf2329f757620ae7c74668e729`
SHA3	`a3af6c27c857c51372b5982ea676dd7f32aad4885696649252fd21229e591edb`
VirtualSize	`0x107c`
VirtualAddress	`0x157000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x146400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.00421`

.mpress2

MD5	`fc1d71dbb413d51dd898af6de2ce08ae`
SHA1	`fdaaf0cf1013dd443c843a5d5087020e220fa586`
SHA256	`ad5a891440c039c4e695f171393753cff9f24cfc84cc7bc1dad4109c1696b047`
SHA3	`58b5ecdac3646ba722eed9d67992f3f0a6b24ecf9a339f840da69a4d223fff0f`
VirtualSize	`0x107c`
VirtualAddress	`0x159000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x147600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.00478`

.xtls

MD5	`531a34ba8a725c4f1acf77a4c4d84435`
SHA1	`58a04a63ec75ff626df34b46c25a976c66f1174d`
SHA256	`25a4fde8c3ca56034f790c94cfcbeed1571f69dbc069d91e607491113eacdb9c`
SHA3	`036a6d16a530490bcbcce5c78cb45921919618d40bcf31947051d1ea491c8b9c`
VirtualSize	`0x107c`
VirtualAddress	`0x15b000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x148800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.01112`

.arch

MD5	`3f636d6d5f17850214c88f4dc5de1893`
SHA1	`ca7aa051b1f8b3937b51fb317c0321d8cb3e968f`
SHA256	`ec45c3234e4b6b5261e290e1439c92bfcb30b8e384039fee23a762a2dc339585`
SHA3	`754f3066761436b6e7c130d71301dd04f7109c255a572ef08809a9c8fe8e8654`
VirtualSize	`0x107c`
VirtualAddress	`0x15d000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x149a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.00153`

.mrdata

MD5	`a548cefa424c22b9ddc2f5ac5b3b60bc`
SHA1	`8491b837cd8fef37287c34f7175395be8d2eaae1`
SHA256	`ab50786cc65b9bf6f7044da470995924c3dd2f0ab70961fa9c7d8ff705027ce8`
SHA3	`3c1f0a8695f0c9f4781aac4acdae675388eea38e41f3cfd42740007330bc3e36`
VirtualSize	`0x107c`
VirtualAddress	`0x15f000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x14ac00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.99834`

.dsstext

MD5	`a37072f4a53c5901c9949d378138675b`
SHA1	`26bb43af4e773c9daa57a440ca77faad011ffebd`
SHA256	`c984ec100050b7352282a31b7d67b0d43a3d9600dbc0ae4e6db1a0078c4d372d`
SHA3	`87afff40cb23f83877e4f43957eb088b8204f9419b23c16b7e13cc45d2644a4c`
VirtualSize	`0x107c`
VirtualAddress	`0x161000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x14be00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.00636`

.vmp4

MD5	`529775f70a67490b8c800de46c770532`
SHA1	`f6af5970e6aef86a213bc1a0508328dceeb57a5b`
SHA256	`f9048973c8f5e5b55b0e491ec266867115945afd9b367b07695a1962ac790291`
SHA3	`24d93a2ff0cfdf9b166a253133950f6135536e541f57f65c41cfaeebc45a782f`
VirtualSize	`0x107c`
VirtualAddress	`0x163000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x14d000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.98766`

.vmp5

MD5	`298929dfc61d7954d4b997158943a7bd`
SHA1	`4daf2759fef3b3ea6ed76143088501ccbe4721a2`
SHA256	`93f34381f25174bf39a84b5e46e9b536034ff20e5570cb13131145dae8fb395f`
SHA3	`08ae2b5817efc9853a3288d221c71d1c5b06451d4fc009c1068df0617f5f77a0`
VirtualSize	`0x107c`
VirtualAddress	`0x165000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x14e200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.00587`

.vmp6

MD5	`cc7c9dff4a5c486137fbbb4c62907316`
SHA1	`862ec5961f5acdb6ad28a3f0b588d24fd8d996be`
SHA256	`0aaef4c0413f4970eb26ef43bdbac3d32d1256c8cb296a8aba489d3fb51734ea`
SHA3	`c34e14e670e3b194af92e57a1c51d59f619ffe9b71dde6314846e61f96c1af8a`
VirtualSize	`0x107c`
VirtualAddress	`0x167000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x14f400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.00901`

.vmp7

MD5	`d4f855b47aa765201ec423e932d4e450`
SHA1	`6f5677f0a12a4b15062b133056d240710d982b72`
SHA256	`9f41c49754b3dc3af6b26062717064e6436fe38aaeec64d1db20293a5e7f9448`
SHA3	`b1e54b7f7a70ad240278d4ef5a912812d01f5c6f94eed242aebe414e31ae8743`
VirtualSize	`0x107c`
VirtualAddress	`0x169000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x150600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.00912`

.vmp8

MD5	`c08e6beeb5b7f252def45a4670567851`
SHA1	`93a24c45b67b7391c2a6c228cbd63f9788c28fe7`
SHA256	`48d4de9dd020ae738ee93b9c74e229de5727bd07b46ef33e76f7984156b82b93`
SHA3	`cfa711891b65335b2b6239bba733481c5d6bdc081a292c33f39f2d5205364eab`
VirtualSize	`0x107c`
VirtualAddress	`0x16b000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x151800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.9528`

.enigma1

MD5	`4611e35555c1f756aa4098d58a5be662`
SHA1	`e37b0e7f12bd16856a978b26498b51f46c3b25d0`
SHA256	`23355c2a436df0c9693b4848bd536e3613ad7603fe110c0538beb7703e3aad1d`
SHA3	`5c33082cb1039a6d5e03dd9a9375773dc88754a246aad04118fab9592d3dadd0`
VirtualSize	`0x107c`
VirtualAddress	`0x16d000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x152a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.02726`

.nsp0

MD5	`f4e692058b2374b17d93c2beddcca9b8`
SHA1	`164df8b27885f5ab5f208feb516166e96255dc38`
SHA256	`8cf17d9ee8e0e092ac77036184564861147ece99add3c711551dcd3ec62426ca`
SHA3	`acdf88f990bfb46e620a662d4aec7203ce8d604ede10a9188f74679ca96b00e0`
VirtualSize	`0x107c`
VirtualAddress	`0x16f000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x153c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.01228`

.aspack2

MD5	`470b21a875bf32a578174b579078405a`
SHA1	`f695487b1330cc302ca1ed17f82e8312d74f117f`
SHA256	`316b78b0810060dc880ab8cbf104736507f884fd452ef60752b76d356f3a335a`
SHA3	`2a3cb637cced4c6f59e43ba317a551ddbbebee023716058e8868fdc366f650d4`
VirtualSize	`0x107c`
VirtualAddress	`0x171000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x154e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.99656`

.upx3

MD5	`3eeed2d3d7bd1541f873f106d90ca7a8`
SHA1	`a3af7c643c39252a4bc6d3442b174856d1ba8324`
SHA256	`868b23295e0f059c87f1a6b2516705ff15feb6e12c057c89c4743d4441d0fafd`
SHA3	`178736058c0ffcf03dfd8bc4679f1cd1e20b476b9a73392398d95d8c23d819e0`
VirtualSize	`0x107c`
VirtualAddress	`0x173000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x156000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.00758`

.vmp9

MD5	`882604909fee7823d568c9860ad9dcc7`
SHA1	`8041787154ea792db4b9163accb51f41a73edd92`
SHA256	`ca122f2b800d3932b17c11dfbbc8297ad50ca571ac0ef99a42109c8af98b4aac`
SHA3	`3439e08df1ea8f16e79f2120510a59cb85f196f6827b83ba6fced1a38d27ea03`
VirtualSize	`0x107c`
VirtualAddress	`0x175000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x157200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.97143`

.enigma3

MD5	`561a409e41dd881e379484a5b2430db5`
SHA1	`0508a10e31fcb8eac7d58e3d4b1831ec8ebfb609`
SHA256	`07eea7cefd5932b67c8f810a533cd7301e8200d969878bb5d66b5b525e2f2c42`
SHA3	`871d70e5861bb5a2d09985ba0e9030dc8289fdea20b63c8f9cf4c5783c10e5ba`
VirtualSize	`0x107c`
VirtualAddress	`0x177000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x158400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.01508`

.themida (#2)

MD5	`c40e757a8b6b49bf28e38fc288847604`
SHA1	`7949231e525cee6397ed9d6ace97978404965400`
SHA256	`064482385314053a0b0100913a0f0f98cc03a6384304d9435cc327bbb48223af`
SHA3	`1ec26de42557bb3abde83498328819fb88323711f6a9d4a5330106676669d9d0`
VirtualSize	`0x107c`
VirtualAddress	`0x179000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x159600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.9651`

.fsg2

MD5	`9a6b0638905b4b6d5af4ad80563897c1`
SHA1	`58fbf797112ac9ff79614d9cac34e4e29939e423`
SHA256	`f5dab73b82b8179133cc2da2fa7816c2578c58fe425b591fb776b8026fddd8b6`
SHA3	`0ceba2f427b1c924cc3f64a1be46a4e9fb13777649e63f9a54c9bae052eee9b5`
VirtualSize	`0x107c`
VirtualAddress	`0x17b000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x15a800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.98389`

.nsp2

MD5	`5ddf01210e553090c9eeb16447c8350b`
SHA1	`1f0c58740347779a716a0258d7644273e18bd757`
SHA256	`def6de25a882fd77e97a8a02c48db518d8ff725ab20881b2a8f161983e939342`
SHA3	`93a61918a86528d98248ddddc1fc436b6330332901d89252d48546e87f1c6cd6`
VirtualSize	`0x107c`
VirtualAddress	`0x17d000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x15ba00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.01081`

.pec3

MD5	`02f56125a0248869cd3e0f6e4085164d`
SHA1	`3b900bc2fdd3355364f4c1a310d23061125849d6`
SHA256	`155d34c3e57a3ad4a8d74f9b270e4c63c7364ff425892fa9c01aba838873d694`
SHA3	`111c85fbcf1cfa870211ac68fe4abda558836df654e40846131607c2c377265a`
VirtualSize	`0x107c`
VirtualAddress	`0x17f000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x15cc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.00538`

.petite2

MD5	`1311e8d0200688d99f19e59d1d63d3b9`
SHA1	`5636bd2a1288b8f11163eda2c7164d740aa08836`
SHA256	`1bf284c3b5b4985806df72510dd29a9b4c5dcf67f5d1858d7eb9f535888e6400`
SHA3	`ee87dfa3af17df665b87ace4727fb4116c7065c90ea573770b02b8f8c5ca60f2`
VirtualSize	`0x107c`
VirtualAddress	`0x181000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x15de00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.01571`

.mpress3

MD5	`6b155b342171f1bc6240570ef737b15d`
SHA1	`cdaa6f441620c501e3e9b94320e27dbb20b14fc4`
SHA256	`0f5b8b0157f232d6915812adfd42b6c90fb23321b0eeef1daae380f155770425`
SHA3	`145c63003156d40738035772045626ce92fe7c66c44fb95e82d00e01fb88141b`
VirtualSize	`0x107c`
VirtualAddress	`0x183000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x15f000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.93207`

.tls2

MD5	`9aa2ccce23a9e9b0dd32f4c2472fc9bd`
SHA1	`b0f064e4f4b563127b63eda6010e2fea9898c5ee`
SHA256	`4217ebd813fb80d32a48f2bd670c36b05c8250ab24de1d724ea1a35252698369`
SHA3	`c9566761030ade1b364e9866751c373aafac087107e6a8a0136aef6e7e2ac2a4`
VirtualSize	`0x107c`
VirtualAddress	`0x185000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x160200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.01902`

.pdata2

MD5	`2bd743e97daed8a6274cec293b7ea2f1`
SHA1	`66198d30ad5b04b46df6cb227a667dcfe060225d`
SHA256	`a088e4a61f8169cbd1b8a06f71f65f76df7ca75c79182e0ccd586deee716c5c1`
SHA3	`5c712123149f946eafe993d005ec1cb816f1c1090f08c7a04cf5a9734e4a4439`
VirtualSize	`0x107c`
VirtualAddress	`0x187000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x161400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.01471`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x100`
VirtualAddress	`0x189000`
SizeOfRawData	`0x200`
PointerToRawData	`0x162600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.reloc

MD5	`fba1089f2daebbcdce460afe5ffdcd3a`
SHA1	`485ffe58d113713bc286b3e9e7eeccbc9987bc44`
SHA256	`5c1eb7a16a40ebbf92e69b3f491754f799fbc3746b97d573d15b7470e7d764dc`
SHA3	`04ba18667e467866c646e57588d4fe7422b0e1aa0ca964c9c078498af19d4bfd`
VirtualSize	`0x9e4`
VirtualAddress	`0x18a000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x162800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.42016`

Imports

USER32.dll	`DispatchMessageA` `TranslateMessage` `wsprintfW` `PeekMessageA` `DefWindowProcW` `PostQuitMessage` `UnregisterClassW` `RegisterClassExW` `CreateWindowExW` `DestroyWindow` `ShowWindow` `UpdateWindow` `MessageBoxW` `OpenClipboard` `CloseClipboard` `SetClipboardData` `LoadCursorA` `ScreenToClient` `ClientToScreen` `GetCursorPos` `SetCursor` `SetCursorPos` `GetClientRect` `wsprintfA` `GetForegroundWindow` `IsWindowUnicode` `ReleaseCapture` `SetCapture` `GetCapture` `GetKeyState` `GetMessageExtraInfo` `TrackMouseEvent` `GetKeyboardLayout` `EmptyClipboard` `GetClipboardData`
ADVAPI32.dll	`RegCloseKey` `RegQueryValueExA` `RegOpenKeyExA`
d3d11.dll	`D3D11CreateDeviceAndSwapChain`
WINHTTP.dll	`WinHttpReceiveResponse` `WinHttpSendRequest` `WinHttpOpen` `WinHttpCloseHandle` `WinHttpConnect` `WinHttpReadData` `WinHttpSetOption` `WinHttpOpenRequest` `WinHttpAddRequestHeaders`
KERNEL32.dll	`IsValidCodePage` `FindNextFileW` `FindFirstFileExW` `FindClose` `SetFilePointerEx` `ReadConsoleW` `GetConsoleMode` `GetConsoleOutputCP` `GetFileAttributesExW` `CreateProcessW` `GetExitCodeProcess` `GetTimeZoneInformation` `LCMapStringW` `CompareStringW` `LoadLibraryExW` `VirtualProtect` `SetStdHandle` `GetStringTypeW` `HeapSize` `HeapReAlloc` `OutputDebugStringW` `HeapFree` `HeapAlloc` `UnhandledExceptionFilter` `IsDebuggerPresent` `RtlVirtualUnwind` `RtlCaptureContext` `TerminateProcess` `GetCurrentProcess` `IsProcessorFeaturePresent` `FreeLibraryAndExitThread` `CreateFileW` `FlushFileBuffers` `GetFileAttributesW` `GetFileSizeEx` `ReadFile` `SetFileAttributesW` `SetFilePointer` `WriteFile` `CloseHandle` `GetACP` `WaitForSingleObject` `Sleep` `ExitProcess` `GetExitCodeThread` `OpenProcess` `GetModuleFileNameW` `QueryFullProcessImageNameW` `CreateToolhelp32Snapshot` `Process32FirstW` `Process32NextW` `Module32FirstW` `Module32NextW` `OutputDebugStringA` `GlobalAlloc` `GlobalUnlock` `GlobalLock` `GlobalFree` `MultiByteToWideChar` `WideCharToMultiByte` `QueryPerformanceCounter` `QueryPerformanceFrequency` `FreeLibrary` `GetProcAddress` `LoadLibraryA` `GetLocaleInfoA` `IsDBCSLeadByte` `WaitForSingleObjectEx` `GetCurrentThreadId` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `SleepConditionVariableSRW` `SetUnhandledExceptionFilter` `GetStartupInfoW` `GetModuleHandleW` `GetCurrentProcessId` `GetSystemTimeAsFileTime` `InitializeSListHead` `ExitThread` `CreateThread` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetEnvironmentStringsW` `GetCommandLineW` `FreeEnvironmentStringsW` `SetEnvironmentVariableW` `SetEndOfFile` `GetProcessHeap` `WriteConsoleW` `GetModuleHandleExW` `GetFileType` `GetStdHandle` `GetLastError` `WakeAllConditionVariable` `RtlPcToFileHeader` `RaiseException` `RtlLookupFunctionEntry` `RtlUnwindEx` `SetLastError` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `EncodePointer` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionEx` `DeleteCriticalSection`
SHELL32.dll	`ShellExecuteW`
IMM32.dll	`ImmSetCompositionWindow` `ImmReleaseContext` `ImmGetContext` `ImmSetCandidateWindow`
D3DCOMPILER_47.dll	`D3DCompile`

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Jun-14 08:45:35
Version	`0.0`
SizeofData	`1656`
AddressOfRawData	`0x121880`
PointerToRawData	`0x121080`

TLS Callbacks

StartAddressOfRawData	`0x140121f50`
EndAddressOfRawData	`0x140121f58`
AddressOfIndex	`0x14012f880`
AddressOfCallbacks	`0x1400fd608`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14012e280`

RICH Header

XOR Key	`0x357b9e80`
Unmarked objects	`0`
C++ objects (33145)	`184`
C objects (33145)	`27`
ASM objects (33145)	`27`
ASM objects (35721)	`10`
C objects (35721)	`17`
C++ objects (35721)	`59`
Imports (33145)	`21`
Total imports	`197`
C++ objects (36247)	`8`
Linker (36247)	`1`

Errors

Leave a comment

No comments yet.