Manalyze report for 6f7c37863812b04d45315360414eced0c8677f1e6538b302c3a43e852bde33aa

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Apr-23 02:52:41
TLS Callbacks	1 callback(s) detected.
Debug artifacts	C:\Users\ducph\source\repos\TSONLINE_BOT\PIMBOT_TSN\Pimbot\V10\PimBotV10\bin\Release\net10.0-windows\win-x64\native\PimBot.pdb
Comments	Pháº§n má»m chÆ¡i game tá»± Äá»ng (BOT) TSONLINE MOBILE
CompanyName	MP
FileDescription	PimBot
FileVersion	`3.1.2.3`
InternalName	PimBot.dll
LegalCopyright	Copyright Â© 2019 by MP
LegalTrademarks
OriginalFilename	PimBot.dll
ProductName	PimBot
ProductVersion	`3.1.2.3`
Assembly Version	3.1.2.3

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig2(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Tries to detect virtualized environments: HARDWARE\DESCRIPTION\System` `Miscellaneous malware strings: Virus` Contains domain names: Forms.MdiWindowDialog.de Forms.MdiWindowDialog.es Forms.MdiWindowDialog.fr Forms.MdiWindowDialog.it Forms.MdiWindowDialog.ru Forms.Primitives.Resources.SR.de Forms.Primitives.Resources.SR.es Forms.Primitives.Resources.SR.fr Forms.Primitives.Resources.SR.it Forms.Primitives.Resources.SR.ru Forms.PrintPreviewDialog.de Forms.PrintPreviewDialog.es Forms.PrintPreviewDialog.fr Forms.PrintPreviewDialog.it Forms.PrintPreviewDialog.ru Forms.se MdiWindowDialog.de MdiWindowDialog.es MdiWindowDialog.fr MdiWindowDialog.it MdiWindowDialog.ru Primitives.Resources.SR.de Primitives.Resources.SR.es Primitives.Resources.SR.fr Primitives.Resources.SR.it Primitives.Resources.SR.ru PrintPreviewDialog.de PrintPreviewDialog.es PrintPreviewDialog.fr PrintPreviewDialog.it PrintPreviewDialog.ru Resources.SR.de Resources.SR.es Resources.SR.fr Resources.SR.it Resources.SR.ru System.SR.de System.SR.es System.SR.fr System.SR.it System.SR.ru Windows.Forms.MdiWindowDialog.de Windows.Forms.MdiWindowDialog.es Windows.Forms.MdiWindowDialog.fr Windows.Forms.MdiWindowDialog.it Windows.Forms.MdiWindowDialog.ru Windows.Forms.Primitives.Resources.SR.de Windows.Forms.Primitives.Resources.SR.es Windows.Forms.Primitives.Resources.SR.fr Windows.Forms.Primitives.Resources.SR.it Windows.Forms.Primitives.Resources.SR.ru Windows.Forms.PrintPreviewDialog.de Windows.Forms.PrintPreviewDialog.es Windows.Forms.PrintPreviewDialog.fr Windows.Forms.PrintPreviewDialog.it Windows.Forms.PrintPreviewDialog.ru Windows.Forms.se b77a5c561934e0896System.Windows.Forms.se b77a5c561934e089bSystem.Windows.Forms.MdiWindowDialog.de b77a5c561934e089bSystem.Windows.Forms.MdiWindowDialog.es b77a5c561934e089bSystem.Windows.Forms.MdiWindowDialog.fr b77a5c561934e089bSystem.Windows.Forms.MdiWindowDialog.it b77a5c561934e089bSystem.Windows.Forms.MdiWindowDialog.ru b77a5c561934e089hSystem.Windows.Forms.PrintPreviewDialog.de b77a5c561934e089hSystem.Windows.Forms.PrintPreviewDialog.es b77a5c561934e089hSystem.Windows.Forms.PrintPreviewDialog.fr b77a5c561934e089hSystem.Windows.Forms.PrintPreviewDialog.it b77a5c561934e089hSystem.Windows.Forms.PrintPreviewDialog.ru b77a5c561934e089rSystem.Windows.Forms.Primitives.Resources.SR.de b77a5c561934e089rSystem.Windows.Forms.Primitives.Resources.SR.es b77a5c561934e089rSystem.Windows.Forms.Primitives.Resources.SR.fr b77a5c561934e089rSystem.Windows.Forms.Primitives.Resources.SR.it b77a5c561934e089rSystem.Windows.Forms.Primitives.Resources.SR.ru birthpopuptypesapplyImagebeinguppernoteseveryshowsmeansextramatchtrackknownearlybegansuperpapernorthlearngivennamedendedTermspartsGroupbrandusingwomanfalsereadyaudiotakeswhile.com diendan.pimbot.net docs.google.com genretrucklooksValueFrame.net github.com gmail.com go.microsoft.com google.com http://api.mbiz.vn http://api.mbiz.vn/Pimbot/ http://api.mbiz.vn/u/PIM.zip http://s1.pimbot.net http://schemas.microsoft.com http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlywindowsdevicegroup http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid http://schemas.microsoft.com/ws/2008/06/identity/claims/role http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsdeviceclaim http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsdevicegroup http://schemas.microsoft.com/ws/2008/06/identity/claims/windowssubauthority http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsuserclaim http://schemas.xmlsoap.org http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name http://www.C http://www.a http://www.css http://www.hortcut http://www.icon http://www.interpretation http://www.language http://www.style http://www.text-decoration http://www.w3.org http://www.w3.org/1999/xhtml' http://www.w3.org/2000/xmlns/ http://www.w3.org/2001/XMLSchema#boolean http://www.w3.org/2001/XMLSchema#integer64 http://www.w3.org/2001/XMLSchema#string http://www.w3.org/2001/XMLSchema#uinteger64 http://www.w3.org/XML/1998/namespace http://www.w3.org/shortcut http://www.wencodeURIComponent http://www.years https://aka.ms https://docs.google.com https://docs.google.com/document/d/1-3sbwLLqL-A0YYTLP8j1ibHbYBHozegs6JX2RQm5x58 https://fb.com https://github.com https://go.microsoft.com https://go.microsoft.com/fwlink/?linkid https://learn.microsoft.com https://learn.microsoft.com/dotnet/api/system.text.json.serialization.jsonnumberhandling https://t.me https://www.World https://www.recent learn.microsoft.com microsoft.com pimbot.net s1.pimbot.net schemas.microsoft.com schemas.xmlsoap.org thing.org www.w3.org xmlsoap.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to SHA1` `Uses constants related to RC5 or RC6` `Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Code injection capabilities: OpenProcess VirtualAlloc VirtualAllocExNuma` `Can access the registry: RegCloseKey RegCreateKeyExW RegEnumKeyExW RegEnumValueW RegNotifyChangeKeyValue RegOpenKeyExW RegQueryValueExW RegSetValueExW` `Possibly launches other programs: CreateProcessW` `Uses Microsoft's cryptographic API: CryptImportPublicKeyInfoEx2 CryptFormatObject CryptFindOIDInfo CryptDecodeObject` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Leverages the raw socket API to access the Internet: GetAddrInfoExW listen ioctlsocket getsockopt recv FreeAddrInfoW getpeername closesocket bind select send WSACleanup setsockopt shutdown GetAddrInfoW GetNameInfoW WSAConnect WSAEventSelect WSAGetOverlappedResult WSAIoctl WSARecv WSASend WSASocketW WSAStartup getsockname FreeAddrInfoExW accept` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Enumerates local disk drives: GetVolumeInformationW` `Manipulates other processes: OpenProcess` `Interacts with the certificate store: CertOpenStore CertAddCertificateContextToStore CertAddCertificateLinkToStore`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`a01ac2b9467348ba94e6bc0005d90ab8`
SHA1	`7781cfe86fc9363dfd81b6222efa8d575e3898c4`
SHA256	`6f7c37863812b04d45315360414eced0c8677f1e6538b302c3a43e852bde33aa`
SHA3	`5dc448263a173c1a91e43748c8a2ac9a890ecdba38476a8e0550fbb5abb25cee`
SSDeep	`196608:69HrAs4SAjlahN/Cg7tC3qNmDGu1tGdDxLC7xe:61rkSAjMdNm6u6dDMw`
Imports Hash	`9e6f876081efd4feb5eefc72a93b93e2`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2026-Apr-23 02:52:41
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xa16000`
SizeOfInitializedData	`0x1339000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000009FBAC4 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x1d53000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x180000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`8b753d3350d6eed06abaea0f313ae92a`
SHA1	`44f7261d05d31dafa21d52eee0197f86b4ccbb10`
SHA256	`2ec7d5bbe13a206ba92a12df5487acefa28f955d5917c7f1c40e00e1b0539f60`
SHA3	`58b85748dd98914d771f61cf7adabec7d7e73fc9e74a1576c0d847057084cba4`
VirtualSize	`0xa15f88`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa16000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.47886`

.rdata

MD5	`a5c092d89f09995b0a9290dcd40a78ff`
SHA1	`a29dd0b787a1907b330abc3da8137a8318e967ca`
SHA256	`75ec94c23ac84052c70dfffeb398d570aa3bfbc690557c04b17678adeac1dd63`
SHA3	`52809c01c15fc76c77d776a2d33ce38858ad97021ac203200864936acb30f182`
VirtualSize	`0x10c5862`
VirtualAddress	`0xa17000`
SizeOfRawData	`0x10c5a00`
PointerToRawData	`0xa16400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.16075`

.data

MD5	`34759440b6dea51ce41147675cb9499b`
SHA1	`a972304c538c89830eaf24079fcf7fb5d10df864`
SHA256	`1f82d2f1d2f2e2665cfd9c6e24a73fed296aba94ab9b14421565ee5ee1fb75d6`
SHA3	`d7040a4e0b11d5869dd18ea771e7b5c2f0d37a3f75db9c8e8719546c3c4c906a`
VirtualSize	`0x126128`
VirtualAddress	`0x1add000`
SizeOfRawData	`0xe9800`
PointerToRawData	`0x1adbe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.64617`

.pdata

MD5	`1fe3d9db2dbb3b54453ce4335268f26a`
SHA1	`92596c61abe9740beedb962911d26bf983894ff4`
SHA256	`b9c6e0c05a4f2c868bc9e127604db43537aec0955c25f86f72c4320934375dcf`
SHA3	`10cb9f4c143640661e0d8cb4cec88a8781f57cee439c56a68c8c5dd18ea501ad`
VirtualSize	`0xa845c`
VirtualAddress	`0x1c04000`
SizeOfRawData	`0xa8600`
PointerToRawData	`0x1bc5600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.73946`

.rsrc

MD5	`a9eff9c5cefc06dc135d11445937b1cb`
SHA1	`98b37bba07d41d30faa70ac424062d263fc85b28`
SHA256	`a21e538094b20a8b32a5290618a9851c56d88d02bd34451e72bb66ad53a2e0b7`
SHA3	`436c06ca368a32384fbd4357a8fab8eae711f69e769a7a93ecade07225d2a86a`
VirtualSize	`0x1352`
VirtualAddress	`0x1cad000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x1c6dc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.26609`

.reloc

MD5	`8169a47a1b05b6fd28f6f33578c8e1bd`
SHA1	`d1ca7359ff5a7e2ae845dcea9006e7aa195360eb`
SHA256	`e6512f7d3d20a656b7446b51ab2d86f64ab001a42a8f20bf79df3d8d6b1a3bb8`
SHA3	`5f92ebdd0f72bcb187804d192925cf383af59f515ba38e2fd506d5611d395707`
VirtualSize	`0xa3934`
VirtualAddress	`0x1caf000`
SizeOfRawData	`0xa3a00`
PointerToRawData	`0x1c6f000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.46184`

Imports

ADVAPI32.dll	`AdjustTokenPrivileges` `DeregisterEventSource` `GetTokenInformation` `ImpersonateLoggedOnUser` `LookupPrivilegeValueW` `OpenProcessToken` `OpenThreadToken` `RegCloseKey` `RegCreateKeyExW` `RegEnumKeyExW` `RegEnumValueW` `RegNotifyChangeKeyValue` `RegOpenKeyExW` `RegQueryValueExW` `RegSetValueExW` `RegisterEventSourceW` `ReportEventW` `RevertToSelf`
bcrypt.dll	`BCryptCreateHash` `BCryptCloseAlgorithmProvider` `BCryptDestroyHash` `BCryptEncrypt` `BCryptHashData` `BCryptFinishHash` `BCryptGenRandom` `BCryptOpenAlgorithmProvider` `BCryptGetProperty` `BCryptDecrypt` `BCryptSetProperty` `BCryptImportKeyPair` `BCryptImportKey` `BCryptDestroyKey` `BCryptExportKey`
CRYPT32.dll	`CertFreeCertificateContext` `CertFreeCertificateChainEngine` `CertFreeCertificateChain` `CertEnumCertificatesInStore` `CertGetCertificateChain` `CertDuplicateCertificateContext` `CryptImportPublicKeyInfoEx2` `CryptFormatObject` `CryptFindOIDInfo` `CryptDecodeObject` `CertVerifyCertificateChainPolicy` `CertOpenStore` `CertCreateCertificateChainEngine` `CertNameToStrW` `CertGetNameStringW` `CertGetCertificateContextProperty` `CertAddCertificateContextToStore` `CertAddCertificateLinkToStore` `CertCloseStore` `CertControlStore`
IPHLPAPI.DLL	`ConvertInterfaceNameToLuidW` `GetAdaptersAddresses` `GetNetworkParams` `GetPerAdapterInfo` `ConvertInterfaceLuidToIndex`
KERNEL32.dll	`IsDebuggerPresent` `HeapCreate` `HeapDestroy` `HeapFree` `GetProcessHeap` `InitializeSListHead` `SetUnhandledExceptionFilter` `RtlUnwindEx` `RtlPcToFileHeader` `FlsFree` `EncodePointer` `InitializeCriticalSectionEx` `HeapAlloc` `CancelIoEx` `CancelSynchronousIo` `CancelThreadpoolIo` `CloseHandle` `CloseThreadpoolIo` `CloseThreadpoolWait` `CloseThreadpoolWork` `CompareStringEx` `CompareStringOrdinal` `CreateDirectoryW` `CreateEventExW` `CreateFileW` `CreatePipe` `CreateProcessW` `CreateThread` `CreateThreadpoolIo` `CreateThreadpoolTimer` `CreateThreadpoolWait` `CreateThreadpoolWork` `DeleteCriticalSection` `DeleteFileW` `DeviceIoControl` `DuplicateHandle` `EnterCriticalSection` `EnumCalendarInfoExEx` `EnumTimeFormatsEx` `ExitProcess` `ExpandEnvironmentStringsW` `FileTimeToSystemTime` `FindClose` `FindFirstFileExW` `FindNLSStringEx` `FindStringOrdinal` `FlushFileBuffers` `FormatMessageW` `FreeLibrary` `GetCPInfo` `GetCPInfoExW` `GetCalendarInfoEx` `GetConsoleCP` `GetConsoleOutputCP` `GetCurrentDirectoryW` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentProcessorNumberEx` `GetCurrentThread` `GetCurrentThreadId` `GetDynamicTimeZoneInformation` `GetEnvironmentVariableW` `GetExitCodeProcess` `GetExitCodeThread` `GetFileAttributesExW` `GetFileInformationByHandleEx` `GetFileType` `GetFullPathNameW` `GetLastError` `GetLocaleInfoEx` `GetLogicalDrives` `GetLongPathNameW` `GetModuleFileNameW` `GetModuleHandleW` `GetOverlappedResult` `GetProcAddress` `GetProcessId` `GetShortPathNameW` `GetStartupInfoW` `GetStdHandle` `GetSystemDefaultLCID` `GetSystemDirectoryW` `GetSystemTime` `GetThreadLocale` `GetThreadPriority` `GetTickCount64` `GetTimeZoneInformation` `GetUserPreferredUILanguages` `GetVolumeInformationW` `GlobalAlloc` `GlobalFree` `InitializeConditionVariable` `InitializeCriticalSection` `K32EnumProcesses` `LCIDToLocaleName` `LCMapStringEx` `LeaveCriticalSection` `LoadLibraryExW` `LocalAlloc` `LocalFree` `LocaleNameToLCID` `MultiByteToWideChar` `OpenProcess` `OpenThread` `QueryPerformanceCounter` `QueryPerformanceFrequency` `QueryUnbiasedInterruptTime` `RaiseFailFastException` `ReadDirectoryChangesW` `ReadFile` `ResetEvent` `ResolveLocaleName` `ResumeThread` `SetConsoleCtrlHandler` `SetEvent` `SetFileInformationByHandle` `SetFilePointerEx` `SetLastError` `SetThreadErrorMode` `SetThreadPriority` `SetThreadpoolTimer` `SetThreadpoolWait` `Sleep` `SleepConditionVariableCS` `StartThreadpoolIo` `SubmitThreadpoolWork` `SystemTimeToFileTime` `TzSpecificLocalTimeToSystemTime` `VirtualAlloc` `VirtualFree` `WaitForMultipleObjectsEx` `WaitForSingleObject` `WaitForThreadpoolWaitCallbacks` `WakeConditionVariable` `WideCharToMultiByte` `WriteFile` `RaiseException` `AddVectoredExceptionHandler` `RtlVirtualUnwind` `RtlCaptureContext` `RtlRestoreContext` `VerSetConditionMask` `FlsAlloc` `FlsGetValue` `FlsSetValue` `WaitForSingleObjectEx` `CreateEventW` `SwitchToThread` `SuspendThread` `FlushProcessWriteBuffers` `GetThreadContext` `SetThreadContext` `FlushInstructionCache` `GetSystemTimeAsFileTime` `VirtualProtect` `CreateMemoryResourceNotification` `QueryInformationJobObject` `GetModuleHandleExW` `GetProcessAffinityMask` `VerifyVersionInfoW` `InitializeContext` `GetEnabledXStateFeatures` `LocateXStateFeature` `SetXStateFeaturesMask` `VirtualQuery` `DebugBreak` `SleepEx` `GlobalMemoryStatusEx` `GetSystemInfo` `GetLogicalProcessorInformation` `GetLogicalProcessorInformationEx` `GetLargePageMinimum` `VirtualUnlock` `VirtualAllocExNuma` `IsProcessInJob` `GetNumaHighestNodeNumber` `GetProcessGroupAffinity` `K32GetProcessMemoryInfo`
ncrypt.dll	`NCryptFreeObject` `NCryptGetProperty` `NCryptImportKey` `NCryptOpenKey` `NCryptOpenStorageProvider` `NCryptSetProperty` `NCryptDeleteKey`
ole32.dll	`CoCreateGuid` `CoCreateInstance` `CoGetApartmentType` `CoGetContextToken` `CoInitializeEx` `CoTaskMemAlloc` `CoTaskMemFree` `CoUninitialize` `PropVariantClear` `CoWaitForMultipleHandles`
OLEAUT32.dll	`SafeArrayDestroy` `SafeArrayGetElement` `SafeArrayGetVartype` `SafeArrayPutElement` `OleCreatePictureIndirect` `SafeArrayCreate` `SysAllocStringLen` `SysFreeString` `LoadRegTypeLib`
USER32.dll	`LoadStringW`
VERSION.dll	`VerQueryValueW` `GetFileVersionInfoSizeExW` `GetFileVersionInfoExW`
WS2_32.dll	`GetAddrInfoExW` `listen` `ioctlsocket` `getsockopt` `recv` `FreeAddrInfoW` `getpeername` `closesocket` `bind` `select` `send` `WSACleanup` `setsockopt` `shutdown` `GetAddrInfoW` `GetNameInfoW` `WSAConnect` `WSAEventSelect` `WSAGetOverlappedResult` `WSAIoctl` `WSARecv` `WSASend` `WSASocketW` `WSAStartup` `getsockname` `FreeAddrInfoExW` `accept`
api-ms-win-crt-heap-l1-1-0.dll	`free` `_aligned_malloc` `calloc` `_set_new_mode` `_callnewh` `realloc` `malloc` `_aligned_free`
api-ms-win-crt-math-l1-1-0.dll	`modf` `modff` `pow` `powf` `sin` `sinf` `sinhf` `tan` `tanf` `logf` `log2f` `__setusermatherr` `acosf` `acoshf` `asinf` `asinhf` `atan` `atan2f` `atanf` `atanhf` `tanhf` `cbrtf` `ceil` `ceilf` `cos` `cosf` `coshf` `expf` `floor` `floorf` `fmaf` `fmod` `fmodf` `log10f` `log`
api-ms-win-crt-string-l1-1-0.dll	`strcpy_s` `strlen` `strcmp` `strcpy` `strncpy_s` `_stricmp`
api-ms-win-crt-convert-l1-1-0.dll	`strtoull`
api-ms-win-crt-stdio-l1-1-0.dll	`__stdio_common_vfprintf` `__stdio_common_vsprintf_s` `__stdio_common_vsnprintf_s` `__acrt_iob_func` `__stdio_common_vsscanf` `_set_fmode` `__p__commode`
api-ms-win-crt-runtime-l1-1-0.dll	`__p___argc` `_exit` `_initterm_e` `_initterm` `_get_initial_wide_environment` `terminate` `_crt_atexit` `_register_onexit_function` `_initialize_onexit_table` `_initialize_wide_environment` `_configure_wide_argv` `_set_app_type` `_seh_filter_exe` `_cexit` `_register_thread_local_exe_atexit_callback` `_c_exit` `__p___wargv` `exit` `abort`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`

Delayed Imports

BrotliDecoderAttachDictionary

Ordinal	`1`
Address	`0x9e86c0`

BrotliDecoderCreateInstance

Ordinal	`2`
Address	`0x9e87d0`

BrotliDecoderDecompress

Ordinal	`3`
Address	`0x9e8880`

BrotliDecoderDecompressStream

Ordinal	`4`
Address	`0x9e8950`

BrotliDecoderDestroyInstance

Ordinal	`5`
Address	`0x9e9e50`

BrotliDecoderErrorString

Ordinal	`6`
Address	`0x9e9ea0`

BrotliDecoderGetErrorCode

Ordinal	`7`
Address	`0x9ea050`

BrotliDecoderHasMoreOutput

Ordinal	`8`
Address	`0x9ea060`

BrotliDecoderIsFinished

Ordinal	`9`
Address	`0x9ea0a0`

BrotliDecoderIsUsed

Ordinal	`10`
Address	`0x9ea0e0`

BrotliDecoderSetMetadataCallbacks

Ordinal	`11`
Address	`0x9ea100`

BrotliDecoderSetParameter

Ordinal	`12`
Address	`0x9ea120`

BrotliDecoderTakeOutput

Ordinal	`13`
Address	`0x9ea170`

BrotliDecoderVersion

Ordinal	`14`
Address	`0x99e3e0`

BrotliDefaultAllocFunc

Ordinal	`15`
Address	`0xa0e400`

BrotliDefaultFreeFunc

Ordinal	`16`
Address	`0xa0e410`

BrotliEncoderAttachPreparedDictionary

Ordinal	`17`
Address	`0x99cf10`

BrotliEncoderCompress

Ordinal	`18`
Address	`0x99d110`

BrotliEncoderCompressStream

Ordinal	`19`
Address	`0x99d6c0`

BrotliEncoderCreateInstance

Ordinal	`20`
Address	`0x99de10`

BrotliEncoderDestroyInstance

Ordinal	`21`
Address	`0x99dfd0`

BrotliEncoderDestroyPreparedDictionary

Ordinal	`22`
Address	`0x99e140`

BrotliEncoderHasMoreOutput

Ordinal	`23`
Address	`0x99e1b0`

BrotliEncoderIsFinished

Ordinal	`24`
Address	`0x99e1c0`

BrotliEncoderMaxCompressedSize

Ordinal	`25`
Address	`0x99e1e0`

BrotliEncoderPrepareDictionary

Ordinal	`26`
Address	`0x99e210`

BrotliEncoderSetParameter

Ordinal	`27`
Address	`0x99e290`

BrotliEncoderTakeOutput

Ordinal	`28`
Address	`0x99e370`

BrotliEncoderVersion

Ordinal	`29`
Address	`0x99e3e0`

BrotliGetDictionary

Ordinal	`30`
Address	`0xa0e420`

BrotliGetTransforms

Ordinal	`31`
Address	`0xa0e430`

BrotliSetDictionaryData

Ordinal	`32`
Address	`0x95d5c0`

BrotliSharedDictionaryAttach

Ordinal	`33`
Address	`0xa0e830`

BrotliSharedDictionaryCreateInstance

Ordinal	`34`
Address	`0xa0e860`

BrotliSharedDictionaryDestroyInstance

Ordinal	`35`
Address	`0xa0e940`

BrotliTransformDictionaryWord

Ordinal	`36`
Address	`0xa0e440`

DotNetRuntimeDebugHeader

Ordinal	`37`
Address	`0x1bc5760`

_kBrotliContextLookupTable

Ordinal	`38`
Address	`0x195f380`

_kBrotliPrefixCodeRanges

Ordinal	`39`
Address	`0x197dee0`

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.71519`
MD5	`3d99927864669c53d60117aa5e1b8ce1`
SHA1	`43403019637fc4713122188656f51cd329839ccc`
SHA256	`379d385540e965fe3dbd7f73a20b13f3fa5427753aacf08f28a56d633c887c9f`
SHA3	`52ef0dfe8fd75824826bdb8d5a0a3ae8ad22041a8bc8dfcb789d1fe03d0a520d`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91924`
Detected Filetype	Icon file
MD5	`6f191f45d2ea96b2d22e9eafa1a55bd7`
SHA1	`aa9a0930cb6ae38dd9645dbd2e85cf3796ed2977`
SHA256	`f01c223e6cf0e0f5c1d990ad720488af398180adb1b92e61c2144cf11d3130f8`
SHA3	`ab7f66f51b1cb5a30df00c2674a3a04e8323578947f36708e2e82dd5d04f0416`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x37c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.49882`
MD5	`9e558269dd91209b496d836457cee15a`
SHA1	`4e8f11a132086bdfc929febfc225a84f8857f002`
SHA256	`e1429cc098c85d592a27a09b4ff93a4a32e67db6dd827ad5db115ca9dc2c2394`
SHA3	`d84aea740dcbb51813c3ed7a791a8787655812e8b5bb7c25a1036a587997a5e9`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	3.1.2.3
ProductVersion	3.1.2.3
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	Pháº§n má»m chÆ¡i game tá»± Äá»ng (BOT) TSONLINE MOBILE
CompanyName	MP
FileDescription	PimBot
FileVersion (#2)	3.1.2.3
InternalName	PimBot.dll
LegalCopyright	Copyright Â© 2019 by MP
LegalTrademarks
OriginalFilename	PimBot.dll
ProductName	PimBot
ProductVersion (#2)	3.1.2.3
Assembly Version	3.1.2.3

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Apr-23 02:52:41
Version	`0.0`
SizeofData	`151`
AddressOfRawData	`0x197f45c`
PointerToRawData	`0x197e85c`
Referenced File	C:\Users\ducph\source\repos\TSONLINE_BOT\PIMBOT_TSN\Pimbot\V10\PimBotV10\bin\Release\net10.0-windows\win-x64\native\PimBot.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Apr-23 02:52:41
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x197f4f4`
PointerToRawData	`0x197e8f4`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Apr-23 02:52:41
Version	`0.0`
SizeofData	`1216`
AddressOfRawData	`0x197f508`
PointerToRawData	`0x197e908`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2026-Apr-23 02:52:41
Version	`0.0`
SizeofData	`4`
AddressOfRawData	`0x197f9f0`
PointerToRawData	`0x197edf0`

TLS Callbacks

StartAddressOfRawData	`0x14197fa20`
EndAddressOfRawData	`0x14197fb49`
AddressOfIndex	`0x141c02fe8`
AddressOfCallbacks	`0x140a17ce8`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES`
Callbacks	`0x00000001409FBAD8`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x141bc6580`

RICH Header

XOR Key	`0xb9d9c127`
Unmarked objects	`0`
ASM objects (35403)	`9`
C objects (35403)	`13`
C++ objects (35403)	`47`
Imports (VS2008 SP1 build 30729)	`14`
Imports (33145)	`23`
Total imports	`392`
ASM objects (35223)	`10`
C objects (35223)	`75`
Unmarked objects (#2)	`1`
C++ objects (35223)	`65`
Exports (35729)	`1`
Linker (35729)	`1`

Errors

Leave a comment

No comments yet.