Manalyze report for 604d9c68c2c5f3cbec125ac84219e2f8a41ffa57f5ba9ee368dbdb6e9c21fcdf

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-Mar-16 17:42:37
Detected languages	English - United States Russian - Russia
Debug artifacts	C:\Users\Administrator\Desktop\Medusa\3.1.0\x64\Release\LOTUS.GPU.pdb

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: virus` Contains domain names: BitAddress.org Blockchain.com Blockchain.info api.bscscan.com api.coingecko.com api.polygonscan.com blockchain.info bscscan.com coingecko.com google.com http://www.google.com https://api.bscscan.com https://api.bscscan.com/api https://api.coingecko.com https://api.coingecko.com/api/v3/simple/price?ids https://api.etherscan.io https://api.etherscan.io/api https://api.polygonscan.com https://api.polygonscan.com/api https://blockchain.info https://www.nvidia.com https://www.nvidia.com/Download/index.aspx nvidia.com polygonscan.com www.google.com www.nvidia.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to base58` `Uses known Mersenne Twister constants` `Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found: .nv_fatb` `Unusual section name found: .nvFatBi`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExA` `Possibly launches other programs: system` `Uses Microsoft's cryptographic API: CryptGenRandom CryptReleaseContext CryptAcquireContextW` `Has Internet access capabilities: InternetOpenUrlA InternetOpenA InternetCloseHandle InternetReadFile InternetCheckConnectionA`
Malicious	VirusTotal score: 15/71 (Scanned on 2026-03-20 17:13:11)	`ALYac: Gen:Variant.Lazy.708522` `APEX: Malicious` `Arcabit: Trojan.Lazy.DACFAA` `BitDefender: Gen:Variant.Lazy.708522` `Bkav: W64.AIDetectMalware` `CTX: exe.unknown.lazy` `CrowdStrike: win/malicious_confidence_70% (D)` `Elastic: malicious (high confidence)` `Emsisoft: Gen:Variant.Lazy.708522 (B)` `GData: Gen:Variant.Lazy.708522` `Kaspersky: not-a-virus:HEUR:AdWare.Win32.Adposhel.gen` `MicroWorld-eScan: Gen:Variant.Lazy.708522` `Sophos: Generic ML PUA (PUA)` `Trapmine: suspicious.low.ml.score` `VIPRE: Gen:Variant.Lazy.708522`

Hashes

MD5	`b039514ac6c81fb0375e3f8845f067f4`
SHA1	`868281887a9ec9ca70d86b8b697849af06ff234b`
SHA256	`604d9c68c2c5f3cbec125ac84219e2f8a41ffa57f5ba9ee368dbdb6e9c21fcdf`
SHA3	`035fcbd88504f522afefa3054f0e1102e4fca1b7ac9e5d2c9dd9f5266ac1baac`
SSDeep	`196608:tbteu/XAkA7rvlGIfL2rN12+j7BNOvc+TXJMchr/whVOe:tAlj7DlGIarL2sO/XB/Je`
Imports Hash	`99e653b357108cd3b72ea0a09f11e852`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x120`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`8`
TimeDateStamp	2026-Mar-16 17:42:37
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x64c00`
SizeOfInitializedData	`0x80ea00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000606A4 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x879000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`8363df34a9ce3b4923d44e776cc4a890`
SHA1	`8f5f19a9ed1f4b86d78b9b7e621a4b0746b92c20`
SHA256	`fb019b2b621a282b368c15a9ba87e6760b64157fec88e11e2c9c381ffa959f8c`
SHA3	`dac8f363016a2665ff5b866ce4f00bd2f67edc2370d1969862638ac13db2370e`
VirtualSize	`0x64b5b`
VirtualAddress	`0x1000`
SizeOfRawData	`0x64c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.39545`

.rdata

MD5	`e13b6dcc0f67a397bbea760e1974d7f1`
SHA1	`6ec6b4c47cb70244afe785e555ec7cbfa60ce8e8`
SHA256	`9874247cf6e63d47f562157091ec986671ec2d65ad32471ee5a0e44e234966fc`
SHA3	`78b51cb6d695e025e7f7ee270a0915dbba38ea5729f5c61bb34336eb3c1b49e0`
VirtualSize	`0x3c1c0`
VirtualAddress	`0x66000`
SizeOfRawData	`0x3c200`
PointerToRawData	`0x65000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.83491`

.data

MD5	`d364062cdf98dc1b95c97fe29bba8247`
SHA1	`6f55b842df5878bff5a22deb1a945fa25562843c`
SHA256	`b52b910c82a8c7e0cb67e9ad576f60aff2b730f49128b733140cbc729bf96237`
SHA3	`5e55551b00a42268e2ab1db5fdd57faad35e88c7fd7e450426cacd4410d1925e`
VirtualSize	`0x50ce8`
VirtualAddress	`0xa3000`
SizeOfRawData	`0x8800`
PointerToRawData	`0xa1200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.17092`

.pdata

MD5	`24eabfec70657145aee27479b959a80c`
SHA1	`ddb7288d43c8a3e7385636c44da36dfcc55979fc`
SHA256	`1a03e65fd233365fe5fc6143a673d95a96b026e3d187cd8dd174d8c7c523fad8`
SHA3	`6b6c71fade79ae400b8bde052c93ad8fb3d9fe99b84650495e1a99c158493142`
VirtualSize	`0x3348`
VirtualAddress	`0xf4000`
SizeOfRawData	`0x3400`
PointerToRawData	`0xa9a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.67439`

.nv_fatb

MD5	`5b85f21f15713a39993000fdbdefa439`
SHA1	`1f92d7915ac1afb7211a357ac09e8411ff22b95e`
SHA256	`971a2dffbc41e5276da2c8c49bf26ab6f91dacaf44c29577afc9262694ff3244`
SHA3	`f5a562b33bdc5a10fca07646f5de91da38436d1965055b985dd1f1521a1c27c2`
VirtualSize	`0x75f828`
VirtualAddress	`0xf8000`
SizeOfRawData	`0x75fa00`
PointerToRawData	`0xace00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.99143`

.nvFatBi

MD5	`31ebbf3edc8ebdb618ceacbb29e4f1c7`
SHA1	`381501ebd2c2afc9ef1dfc4673f5ece6e27ae4ed`
SHA256	`ef5fa216f8121cbe96fba31ce901cda81bad486b4f0006e4075de73997ff0742`
SHA3	`bcddcf716634c2a81602ddb908e49cfe5b024bdc9016dfebf8aeb5a35c8957c4`
VirtualSize	`0x18`
VirtualAddress	`0x858000`
SizeOfRawData	`0x200`
PointerToRawData	`0x80c800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.179433`

.rsrc

MD5	`78cd354aaedb5e02ed90455a958faacd`
SHA1	`4211a690a6f0d495819eb9ce0b1428f47b2b07d1`
SHA256	`2948b8430b8f6ca6afae1abbc915d986662e5820dc53f8446b41a3ab48f345b7`
SHA3	`ae00d4a5df2e57e82c4055fc00d50965bbd22915a228438b77e0db3e1bcb2585`
VirtualSize	`0x1d080`
VirtualAddress	`0x859000`
SizeOfRawData	`0x1d200`
PointerToRawData	`0x80ca00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.99179`

.reloc

MD5	`cc7a3ab3bcfad2f6bb0f72c07cd4469f`
SHA1	`e0a891e60f5643d11b00b2b4fb8c2acbc9e2139b`
SHA256	`15ec156107de3c14454fc3cde5d3f203dbcbde46966d8542d72483d31aac8af9`
SHA3	`d696a90052e7925aadba229066d3dcca4e540f537889f5105998312f471988ae`
VirtualSize	`0x1730`
VirtualAddress	`0x877000`
SizeOfRawData	`0x1800`
PointerToRawData	`0x829c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.4181`

Imports

KERNEL32.dll	`WakeAllConditionVariable` `SleepConditionVariableSRW` `RtlCaptureContext` `InitializeSListHead` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `GetCurrentProcessId` `QueryPerformanceCounter` `SetThreadAffinityMask` `GetStdHandle` `WriteConsoleA` `SetThreadPriority` `MultiByteToWideChar` `SetConsoleTitleW` `SetConsoleCtrlHandler` `WriteFile` `SetFilePointer` `Sleep` `GetConsoleMode` `CreateFileA` `CloseHandle` `GetConsoleWindow` `SetConsoleOutputCP` `InitOnceExecuteOnce` `FreeLibrary` `GetProcAddress` `LoadLibraryExA` `InitializeCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `TerminateProcess` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `AcquireSRWLockExclusive` `SetConsoleMode` `ReleaseSRWLockExclusive` `IsProcessorFeaturePresent` `IsDebuggerPresent` `GetModuleHandleW` `SetUnhandledExceptionFilter` `GetCurrentProcess`
USER32.dll	`MessageBoxA` `ShowWindow`
ADVAPI32.dll	`CryptGenRandom` `CryptReleaseContext` `CryptAcquireContextW`
MSVCP140.dll	`?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ` `?uncaught_exception@std@@YA_NXZ` `?_Xbad_alloc@std@@YAXXZ` `?_Xinvalid_argument@std@@YAXPEBD@Z` `?_Xout_of_range@std@@YAXPEBD@Z` `?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z` `?id@?$ctype@D@std@@2V0locale@2@A` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z` `?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z` `?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `??0_Lockit@std@@QEAA@H@Z` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?pubsetbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAPEAV12@PEAD_J@Z` `?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z` `?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ` `??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?getloc@ios_base@std@@QEBA?AVlocale@2@XZ` `?good@ios_base@std@@QEBA_NXZ` `??Bios_base@std@@QEBA_NXZ` `?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?always_noconv@codecvt_base@std@@QEBA_NXZ` `??Bid@locale@std@@QEAA_KXZ` `?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z` `_Cnd_signal` `_Cnd_init_in_situ` `?_Throw_Cpp_error@std@@YAXH@Z` `_Cnd_timedwait` `_Mtx_destroy_in_situ` `_Mtx_lock` `_Mtx_init_in_situ` `_Cnd_do_broadcast_at_thread_exit` `_Thrd_id` `_Xtime_get_ticks` `_Thrd_join` `_Mtx_unlock` `_Cnd_broadcast` `_Cnd_destroy_in_situ` `?_Xbad_function_call@std@@YAXXZ` `?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z` `??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z` `?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A` `?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z` `??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z` `?ignore@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z` `??7ios_base@std@@QEBA_NXZ` `?_Random_device@std@@YAIXZ` `??1_Lockit@std@@QEAA@XZ` `_Query_perf_frequency` `_Query_perf_counter` `?_Xlength_error@std@@YAXPEBD@Z` `?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A`
WININET.dll	`InternetOpenUrlA` `InternetOpenA` `InternetCloseHandle` `InternetReadFile` `InternetCheckConnectionA`
VCOMP140.DLL	`_vcomp_for_static_end` `_vcomp_enter_critsect` `_vcomp_barrier` `_vcomp_leave_critsect` `_vcomp_for_dynamic_init` `_vcomp_for_dynamic_next` `omp_get_thread_num` `_vcomp_fork` `_vcomp_for_static_simple_init`
bcrypt.dll	`BCryptGenRandom`
VCRUNTIME140.dll	`memset` `__C_specific_handler` `__current_exception` `__current_exception_context` `memmove` `memcpy` `memcmp` `_CxxThrowException` `__std_exception_destroy` `__std_exception_copy` `strstr` `__std_terminate` `memchr`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
api-ms-win-crt-runtime-l1-1-0.dll	`exit` `system` `terminate` `_beginthreadex` `_invalid_parameter_noinfo_noreturn` `_register_thread_local_exe_atexit_callback` `_configure_narrow_argv` `_initialize_narrow_environment` `_initialize_onexit_table` `_register_onexit_function` `_crt_atexit` `_cexit` `_seh_filter_exe` `_set_app_type` `_c_exit` `_get_initial_narrow_environment` `_initterm` `_initterm_e` `_exit` `__p___argv` `__p___argc` `_errno`
api-ms-win-crt-string-l1-1-0.dll	`strncpy` `strncmp` `strnlen`
api-ms-win-crt-math-l1-1-0.dll	`_hypotf` `ceilf` `__setusermatherr`
api-ms-win-crt-stdio-l1-1-0.dll	`_fseeki64` `fsetpos` `ungetc` `__p__commode` `fread` `_get_stream_buffer_pointers` `__stdio_common_vsprintf_s` `fgetpos` `__stdio_common_vsprintf` `_set_fmode` `fwrite` `fgetc` `fclose` `fflush` `fputc` `__stdio_common_vfprintf` `__acrt_iob_func` `setvbuf`
api-ms-win-crt-heap-l1-1-0.dll	`malloc` `_set_new_mode` `_callnewh` `free` `realloc`
api-ms-win-crt-convert-l1-1-0.dll	`strtoull` `strtod` `atoi` `strtol` `strtoll` `strtof`
api-ms-win-crt-filesystem-l1-1-0.dll	`remove` `_unlock_file` `_lock_file` `rename`
api-ms-win-crt-time-l1-1-0.dll	`_localtime64_s` `strftime` `_time64`
api-ms-win-crt-utility-l1-1-0.dll	`rand` `srand`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`

Delayed Imports

1

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x1cdf8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99305`
Detected Filetype	PNG graphic file
MD5	`450540f9d6229a9a0b41bdafcd709045`
SHA1	`d5d89c5d40d48975a59affe3ded387bff3becf32`
SHA256	`5c9ecedec7937bcbb37958bdb2815c6934c9fadb6451aa3d67884db4b3949d8c`
SHA3	`f392b36152d0fe16c0061a238094595d9dbd9903f646cf69e7e3f2950a694b06`

101

Type	`RT_GROUP_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.59047`
Detected Filetype	Icon file
MD5	`a2966eee4ca8403c30e9924149be6f01`
SHA1	`0159d3c6b90c2bba64a6fb420eb331c7ce7a98dd`
SHA256	`9b847f264b2d966c96bf147bd424507aade429590d166e2ebd8efbfdf06ac1c3`
SHA3	`7751d0e5a0fb1571f874f9794cfed7da9ec4e595e5671b358b25f80c49e4d34c`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Mar-16 17:42:37
Version	`0.0`
SizeofData	`94`
AddressOfRawData	`0x982d8`
PointerToRawData	`0x972d8`
Referenced File	C:\Users\Administrator\Desktop\Medusa\3.1.0\x64\Release\LOTUS.GPU.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Mar-16 17:42:37
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x98338`
PointerToRawData	`0x97338`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Mar-16 17:42:37
Version	`0.0`
SizeofData	`980`
AddressOfRawData	`0x9834c`
PointerToRawData	`0x9734c`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2026-Mar-16 17:42:37
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x140098740`
EndAddressOfRawData	`0x140099af4`
AddressOfIndex	`0x1400f2268`
AddressOfCallbacks	`0x1400668c8`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1400a3080`

RICH Header

XOR Key	`0x90f65879`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`20`
C objects (33218)	`10`
ASM objects (33218)	`5`
C++ objects (33218)	`36`
Imports (33218)	`8`
Imports (30795)	`10`
C objects (VS2015 build 23026)	`11`
Imports (34123)	`3`
Total imports	`343`
C++ objects (33523)	`1`
C++ objects (LTCG) (33523)	`50`
Resource objects (33523)	`1`
151	`1`
Linker (33523)	`1`

Errors

Leave a comment

No comments yet.