Manalyze report for 62b162cde4dc7d264bdb1982c19bcbaed7aad33fc178880b18860e35fe1cc7e5

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-May-02 18:16:04
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Info	Interesting strings found in the binary:	Contains domain names: fontello.com githubusercontent.com http://fontello.com http://www.microsoft.com http://www.microsoft.com/truetype/0 http://www.microsoft.com/typographyNormalNormaaliNormalNorm http://www.roblox.com http://www.roblox.com/asset/?id https://discord.gg https://www.verisign.com https://www.verisign.com/CPS https://www.verisign.com/repository/CPS https://www.verisign.com/repository/RPA0 https://www.verisign.com/repository/verisignlogo.gif0 microsoft.com raw.githubusercontent.com roblox.com sysinternals.com thumbnails.roblox.com verisign.com www.microsoft.com www.roblox.com www.verisign.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses known Mersenne Twister constants`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowA` `Can access the registry: RegOpenKeyExA RegQueryValueExA RegCloseKey` `Possibly launches other programs: ShellExecuteA system` `Uses functions commonly found in keyloggers: GetAsyncKeyState MapVirtualKeyA GetForegroundWindow` `Has Internet access capabilities: WinHttpSendRequest WinHttpOpenRequest WinHttpConnect WinHttpReadData WinHttpQueryDataAvailable WinHttpQueryHeaders WinHttpSetTimeouts WinHttpCloseHandle WinHttpReceiveResponse WinHttpOpen` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges` `Manipulates other processes: Process32First Process32Next ReadProcessMemory WriteProcessMemory OpenProcess Process32NextW Process32FirstW` `Can take screenshots: FindWindowA GetDC` `Reads the contents of the clipboard: GetClipboardData`
Malicious	VirusTotal score: 19/70 (Scanned on 2026-05-02 18:16:25)	`APEX: Malicious` `AhnLab-V3: Trojan/Win.MalwareX-gen.R756172` `Bkav: W64.AIDetectMalware` `CrowdStrike: win/malicious_confidence_60% (D)` `Cynet: Malicious (score: 100)` `ESET-NOD32: Win64/GenKryptik_AGen.BVS trojan` `Elastic: malicious (high confidence)` `Fortinet: Riskware/GameHack` `Google: Detected` `Ikarus: Trojan.Win64.Krypt` `K7AntiVirus: Trojan ( 006d847c1 )` `K7GW: Trojan ( 006d847c1 )` `Malwarebytes: Malware.AI.915403156` `MaxSecure: Trojan.Malware.300983.susgen` `McAfeeD: Trojan:Win/Barys.EBD` `Microsoft: Trojan:Win32/Wacatac.B!ml` `SentinelOne: Static AI - Malicious PE` `Symantec: ML.Attribute.HighConfidence` `Webroot: Win.Malware.Gen`

Hashes

MD5	`99f802fedae21bcdd3d52c6bcb345462`
SHA1	`d9652da73e14902b71433dc777b9cf8fc37c6cbd`
SHA256	`62b162cde4dc7d264bdb1982c19bcbaed7aad33fc178880b18860e35fe1cc7e5`
SHA3	`0fd3971f5cf3f23b882576752a1974027ff1e12aecaee3c26df9fa9b71b46355`
SSDeep	`49152:0I3wvIUG899S0fr/WZQBvZRmzHnD1zkMLOkNNtUs:0pGCSquaZRKiMf`
Imports Hash	`3d8e5ef1c8441ce16d6433fcec7615ca`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x128`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2026-May-02 18:16:04
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x17ec00`
SizeOfInitializedData	`0xabc00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000176BD4 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x22f000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`8e179e681b4349d6defa23606711f5c2`
SHA1	`99ac9e17c2435d501ac8370994859feb68183659`
SHA256	`3dd676ba0dc495abf4ea539031c012bd7e550d346c6d68a56151f5e9502b31c4`
SHA3	`d21363d45f18793af82a2e4f5449dd4e78106944e6589a94f8834c66f7849fe3`
VirtualSize	`0x17eb87`
VirtualAddress	`0x1000`
SizeOfRawData	`0x17ec00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.49991`

.rdata

MD5	`0405f17552a1be1da5d80055ff7b108c`
SHA1	`07b2688c0eeda257cbf9796bd83edb458d1f6b07`
SHA256	`85320631b0023ba9e739137833abc5235526348e545c09beb2359ef5126b7d0f`
SHA3	`b4729cace43aa2c50d3cb86602adb9d5a15e82abdbe52ded412aff692f873a3d`
VirtualSize	`0x51468`
VirtualAddress	`0x180000`
SizeOfRawData	`0x51600`
PointerToRawData	`0x17f000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.24094`

.data

MD5	`6ef37a05747767b82755a5c302595c27`
SHA1	`0db38e925688c617645c14943e248dda7e6e00f5`
SHA256	`b4374a49949f45d42f36ba7106b648de24e24febbb24fbf50dd8f6697edab2db`
SHA3	`ddaf11bafdb04ea4156c6a8c6c7f289eaa71950d1fd73aef4be58469e64102e6`
VirtualSize	`0x49868`
VirtualAddress	`0x1d2000`
SizeOfRawData	`0x45600`
PointerToRawData	`0x1d0600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.77867`

.pdata

MD5	`97a01afa412c3fae1e8a2e705388a478`
SHA1	`5c600fb00d2e5aee2d703e653b02f0ad67d76410`
SHA256	`67e89aa59911ba9261037911c047811768d484d6e5f86277fe3ddbc0cc9d7755`
SHA3	`f91e095878361bbc26c786e2959bd565abc40d90b72b0cbc32ef55c7c1c271c7`
VirtualSize	`0xf4c8`
VirtualAddress	`0x21c000`
SizeOfRawData	`0xf600`
PointerToRawData	`0x215c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.20079`

.rsrc

MD5	`f673814aaac5e951ed13f44cc65d7b4a`
SHA1	`4e7a4f36651bf4dd1f9035c3fb9eb5265e5f9b20`
SHA256	`3bd4d217abaa76b914db3a705c0014aa99ce16ade9639cc6d227a291b03a8b82`
SHA3	`74c80c6efc30ef250fe1c5a8bf44007423003382b84d1a25186d8a365944e8e6`
VirtualSize	`0x1e8`
VirtualAddress	`0x22c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x225200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.76666`

.reloc

MD5	`e9687cbc367a8cfee287cca47f081f85`
SHA1	`be35a4b9189749062680f524d32eeaf5a0b206af`
SHA256	`88a4c6d6551ddf191958bc4f94e9af0888d565c1b68d71bccc97d26fc027ec1d`
SHA3	`0824fdd25709fcc4f1900108915d666889419648c3254ad5c25700551f2ab1a4`
VirtualSize	`0x1330`
VirtualAddress	`0x22d000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x225400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.37069`

Imports

d3d11.dll	`D3D11CreateDeviceAndSwapChain`
WINHTTP.dll	`WinHttpSendRequest` `WinHttpOpenRequest` `WinHttpConnect` `WinHttpReadData` `WinHttpQueryDataAvailable` `WinHttpQueryHeaders` `WinHttpSetTimeouts` `WinHttpCloseHandle` `WinHttpReceiveResponse` `WinHttpOpen`
KERNEL32.dll	`VerSetConditionMask` `FreeLibrary` `QueryPerformanceCounter` `GlobalAlloc` `GlobalFree` `GlobalLock` `WideCharToMultiByte` `GlobalUnlock` `Process32First` `CreateToolhelp32Snapshot` `Sleep` `GetTickCount64` `Process32Next` `CloseHandle` `GetTickCount` `SetConsoleTextAttribute` `GetStdHandle` `SetConsoleMode` `SetCurrentConsoleFontEx` `GetConsoleMode` `GetCurrentProcessId` `GetConsoleWindow` `SetThreadPriority` `GetCurrentThread` `ReadProcessMemory` `WriteProcessMemory` `VirtualProtectEx` `VirtualQueryEx` `OpenProcess` `K32GetModuleFileNameExA` `Process32NextW` `Process32FirstW` `GetModuleFileNameA` `GetCurrentProcess` `Module32Next` `GetProcessId` `Module32First` `DuplicateHandle` `GetLastError` `QueryPerformanceFrequency` `ExitProcess` `CreateFileA` `GetFileSizeEx` `ReadFile` `HeapAlloc` `HeapFree` `MapViewOfFile` `UnmapViewOfFile` `CreateFileMappingA` `AcquireSRWLockShared` `ReleaseSRWLockShared` `ReleaseSRWLockExclusive` `GetFileInformationByHandleEx` `GetModuleHandleW` `AreFileApisANSI` `CreateFile2` `SetFileInformationByHandle` `GetFileAttributesExW` `FindNextFileW` `FindFirstFileExW` `FindFirstFileW` `FindClose` `CreateDirectoryW` `GetLocaleInfoEx` `FormatMessageA` `LocalFree` `GetProcAddress` `LoadLibraryA` `MultiByteToWideChar` `GetLocaleInfoA` `AcquireSRWLockExclusive` `SleepConditionVariableSRW` `GetCurrentThreadId` `InitOnceComplete` `InitOnceBeginInitialize` `WakeAllConditionVariable` `GetModuleHandleA` `SetUnhandledExceptionFilter` `GetSystemTimeAsFileTime` `lstrcpynW` `InitializeSListHead`
USER32.dll	`PostMessageA` `SendMessageW` `CreatePopupMenu` `TrackPopupMenu` `DefWindowProcA` `DestroyMenu` `AppendMenuW` `SetForegroundWindow` `LoadImageW` `GetDesktopWindow` `GetMessageA` `IsWindow` `keybd_event` `TranslateMessage` `SendInput` `GetWindowThreadProcessId` `GetClassNameA` `GetWindowTextA` `SetWindowTextA` `EnumWindows` `SendMessageA` `DefWindowProcW` `DispatchMessageA` `GetWindowRect` `ShowCursor` `LoadIconA` `DestroyWindow` `CreateWindowExW` `GetSystemMetrics` `UnregisterClassW` `RegisterClassExW` `ShowWindow` `GetAsyncKeyState` `PeekMessageA` `MapVirtualKeyA` `FindWindowA` `UpdateWindow` `OpenClipboard` `CloseClipboard` `EmptyClipboard` `SetWindowLongA` `SetWindowDisplayAffinity` `GetMonitorInfoA` `MoveWindow` `SetLayeredWindowAttributes` `GetClipboardData` `SetClipboardData` `GetKeyState` `GetMessageExtraInfo` `LoadCursorA` `GetDC` `MonitorFromWindow` `ScreenToClient` `GetCapture` `ClientToScreen` `TrackMouseEvent` `GetKeyboardLayout` `GetForegroundWindow` `SetCapture` `SetCursor` `GetClientRect` `SetProcessDPIAware` `IsWindowUnicode` `ReleaseCapture` `SetCursorPos` `ReleaseDC` `GetCursorPos` `PostQuitMessage`
GDI32.dll	`GetDeviceCaps` `CreateSolidBrush`
ADVAPI32.dll	`OpenProcessToken` `AdjustTokenPrivileges` `LookupPrivilegeValueA` `RegOpenKeyExA` `RegQueryValueExA` `RegCloseKey`
SHELL32.dll	`Shell_NotifyIconW` `ShellExecuteA`
D3DCOMPILER_43.dll	`D3DCompile`
MSVCP140.dll	`??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z` `?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@AEAD@Z` `?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?_Xinvalid_argument@std@@YAXPEBD@Z` `?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A` `?always_noconv@codecvt_base@std@@QEBA_NXZ` `??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z` `??Bios_base@std@@QEBA_NXZ` `?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z` `?uncaught_exceptions@std@@YAHXZ` `?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?_Xbad_alloc@std@@YAXXZ` `?_Xout_of_range@std@@YAXPEBD@Z` `?_Xlength_error@std@@YAXPEBD@Z` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `?good@ios_base@std@@QEBA_NXZ` `??1_Lockit@std@@QEAA@XZ` `??0_Lockit@std@@QEAA@H@Z` `?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ` `?_Id_cnt@id@locale@std@@0HA` `_Xtime_get_ticks` `_Query_perf_frequency` `?_Throw_Cpp_error@std@@YAXH@Z` `?_Winerror_map@std@@YAHH@Z` `?_Syserror_map@std@@YAPEBDH@Z` `_Cnd_do_broadcast_at_thread_exit` `_Query_perf_counter` `_Thrd_detach` `?_Xbad_function_call@std@@YAXXZ` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z` `?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z` `??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?_Random_device@std@@YAIXZ` `_Mtx_lock` `_Thrd_id` `_Thrd_join` `_Mtx_unlock` `_Cnd_broadcast` `??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z` `?__ExceptionPtrAssign@@YAXPEAXPEBX@Z` `?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ` `?_ReportUnobservedException@details@Concurrency@@YAXXZ` `?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z` `?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ` `?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ` `?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ` `?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ` `?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ` `?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z` `?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z` `?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z` `?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ` `?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ` `?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z` `??0task_continuation_context@Concurrency@@AEAA@XZ` `_Cnd_unregister_at_thread_exit` `?__ExceptionPtrCreate@@YAXPEAX@Z` `?__ExceptionPtrCopy@@YAXPEAXPEBX@Z` `?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z` `?__ExceptionPtrToBool@@YA_NPEBX@Z` `?__ExceptionPtrDestroy@@YAXPEAX@Z` `?__ExceptionPtrCurrentException@@YAXPEAX@Z` `?__ExceptionPtrRethrow@@YAXPEBX@Z` `_Cnd_register_at_thread_exit` `_Cnd_wait` `?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ` `??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ`
dwmapi.dll	`DwmExtendFrameIntoClientArea`
IMM32.dll	`ImmSetCompositionWindow` `ImmReleaseContext` `ImmGetContext` `ImmSetCandidateWindow`
WINMM.dll	`timeBeginPeriod`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`memmove` `memset` `_CxxThrowException` `longjmp` `strrchr` `_purecall` `__std_exception_destroy` `memchr` `memcmp` `__C_specific_handler` `__current_exception` `__std_exception_copy` `__intrinsic_setjmp` `memcpy` `__std_terminate` `strstr` `__current_exception_context`
api-ms-win-crt-heap-l1-1-0.dll	`_callnewh` `free` `_set_new_mode` `malloc` `realloc`
api-ms-win-crt-math-l1-1-0.dll	`roundf` `log` `fmodf` `ldexp` `floorf` `cosf` `_dclass` `sqrt` `sinf` `_fdclass` `powf` `atan2f` `acosf` `ceilf` `pow` `sqrtf` `_dsign` `__setusermatherr` `logf`
api-ms-win-crt-string-l1-1-0.dll	`tolower` `wcscpy_s` `_stricmp` `strncpy` `strcmp` `strncmp` `strcpy_s` `strlen` `wcslen`
api-ms-win-crt-convert-l1-1-0.dll	`strtod` `strtol` `atof` `strtoull` `strtoll`
api-ms-win-crt-stdio-l1-1-0.dll	`ftell` `__p__commode` `_set_fmode` `__acrt_iob_func` `fflush` `fclose` `_get_stream_buffer_pointers` `_fseeki64` `fsetpos` `ungetc` `setvbuf` `fgetpos` `fopen_s` `fgetc` `fputc` `fseek` `__stdio_common_vfprintf` `__stdio_common_vsprintf_s` `fwrite` `_wfopen` `__stdio_common_vsprintf` `fread` `__stdio_common_vsscanf`
api-ms-win-crt-utility-l1-1-0.dll	`rand` `srand` `qsort`
api-ms-win-crt-runtime-l1-1-0.dll	`_initterm_e` `_exit` `_get_initial_narrow_environment` `__p___argc` `__p___argv` `_c_exit` `_register_thread_local_exe_atexit_callback` `_set_app_type` `_seh_filter_exe` `_cexit` `_initterm` `_crt_atexit` `_register_onexit_function` `_initialize_onexit_table` `_initialize_narrow_environment` `abort` `_errno` `exit` `_beginthreadex` `system` `_configure_narrow_argv` `terminate`
api-ms-win-crt-time-l1-1-0.dll	`_localtime64_s` `_time64` `strftime`
api-ms-win-crt-filesystem-l1-1-0.dll	`_unlock_file` `_lock_file`
api-ms-win-crt-locale-l1-1-0.dll	`localeconv` `___lc_codepage_func` `_configthreadlocale`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-May-02 18:16:04
Version	`0.0`
SizeofData	`912`
AddressOfRawData	`0x1b2f0c`
PointerToRawData	`0x1b1f0c`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2026-May-02 18:16:04
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x1401b32c0`
EndAddressOfRawData	`0x1401b3390`
AddressOfIndex	`0x140217610`
AddressOfCallbacks	`0x140181048`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1401d2040`

RICH Header

XOR Key	`0xba69c6bd`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`22`
253 (35403)	`1`
C objects (35403)	`10`
C++ objects (35403)	`37`
ASM objects (35403)	`6`
Imports (35403)	`8`
Imports (21202)	`2`
C objects (33145)	`1`
C objects (VS2022 Update 7 (17.7.0-3) compiler 32822)	`27`
Imports (33145)	`23`
Total imports	`502`
C++ objects (LTCG) (35730)	`102`
Resource objects (35730)	`1`
151	`1`
Linker (35730)	`1`

Errors

Leave a comment

No comments yet.