Manalyze report for be9e6965a10c0db6a4770f1c03711ad6552b082609ef63ae9202cd4b451dee87

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1970-Jan-01 00:00:00
Detected languages	English - United States

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: CurrentControlSet\Services` `Contains another PE executable: This program cannot be run in DOS mode.` Contains domain names: 2-aia.verisign.com 2-crl.verisign.com 2009-2-aia.verisign.com 2009-2-crl.verisign.com aia.verisign.com aia.ws.symantec.com apple.com crl.microsoft.com crl.thawte.com crl.verisign.com crl.ws.symantec.com csc3-2009-2-aia.verisign.com csc3-2009-2-crl.verisign.com d.symcb.com dearimgui.com example.com github.com http://crl.microsoft.com http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z http://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0 http://crl.thawte.com http://crl.thawte.com/ThawteTimestampingCA.crl0 http://crl.verisign.com http://crl.verisign.com/pca3-g5.crl04 http://crl.verisign.com/pca3.crl0 http://csc3-2009-2-aia.verisign.com http://csc3-2009-2-aia.verisign.com/CSC3-2009-2.cer0 http://csc3-2009-2-crl.verisign.com http://csc3-2009-2-crl.verisign.com/CSC3-2009-2.crl0D http://logo.verisign.com http://logo.verisign.com/vslogo.gif0 http://logo.verisign.com/vslogo.gif04 http://ocsp.thawte.com0 http://ocsp.verisign.com0 http://ocsp.verisign.com01 http://ocsp.verisign.com0? http://sf.symcb.com http://sf.symcb.com/sf.crl0f http://sf.symcb.com/sf.crt0 http://sf.symcd.com0 http://sf.symcd.com0& http://ts-aia.ws.symantec.com http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 http://ts-crl.ws.symantec.com http://ts-crl.ws.symantec.com/tss-ca-g2.crl0 http://ts-ocsp.ws.symantec.com07 http://www.apple.com http://www.apple.com/ http://www.microsoft.com http://www.microsoft.com/PKI/docs/CPS/default.htm0 http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0 http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0 http://www.microsoft.com/pkiops/certs/Microsoft%20Windows%20Third%20Party%20Component%20CA%202012.crt0 http://www.microsoft.com/pkiops/crl/Microsoft%20Windows%20Third%20Party%20Component%20CA%202012.crl0 https://curl.se https://d.symcb.com https://d.symcb.com/cps0% https://d.symcb.com/rpa0 https://github.com https://www.dearimgui.com https://www.dearimgui.com/faq/ https://www.microsoft.com https://www.microsoft.com/en-us/windows https://www.verisign.com https://www.verisign.com/cps0 https://www.verisign.com/rpa https://www.verisign.com/rpa0 logo.verisign.com microsoft.com sf.symcb.com symantec.com symcb.com thawte.com ts-aia.ws.symantec.com ts-crl.ws.symantec.com verisign.com ws.symantec.com www.apple.com www.dearimgui.com www.microsoft.com www.verisign.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to SHA1` `Uses constants related to SHA256` `Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryExA` `Functions which can be used for anti-debugging purposes: FindWindowA FindWindowW NtQuerySystemInformation` `Code injection capabilities (PowerLoader): FindWindowA FindWindowW GetWindowLongA` `Possibly launches other programs: CreateProcessA WinExec ShellExecuteA ShellExecuteW system` `Uses Windows's Native API: NtClose NtCreateFile NtCreateSection NtDeviceIoControlFile NtLoadDriver NtMapViewOfSection NtQuerySystemInformation NtReadFile NtUnloadDriver` `Uses Microsoft's cryptographic API: CryptAcquireContextW CryptCreateHash CryptDestroyHash CryptDestroyKey CryptEncrypt CryptGetHashParam CryptHashData CryptImportKey CryptReleaseContext CryptDecodeObjectEx CryptQueryObject CryptStringToBinaryW` `Uses functions commonly found in keyloggers: GetAsyncKeyState GetForegroundWindow` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Manipulates other processes: OpenProcess` `Can take screenshots: FindWindowA FindWindowW GetDC` `Reads the contents of the clipboard: GetClipboardData` `Interacts with the certificate store: CertAddCertificateContextToStore CertOpenStore`
Malicious	The PE is possibly a dropper.	`Resource 101 detected as a PE Executable.` `Resource 102 detected as a PE Executable.`
Suspicious	The file contains overlay data.	`1 bytes of data starting at offset 0xd56000.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`669c338310e682fadc24e11056defcfb`
SHA1	`7615562508e30af78c16312bd5ecce74796d45f7`
SHA256	`be9e6965a10c0db6a4770f1c03711ad6552b082609ef63ae9202cd4b451dee87`
SHA3	`076b57b750ab942f2f26ee49300fb7f6af5086743aeac190109bd3c544ea9541`
SSDeep	`196608:a2ZwIwdENgIem758H1TyVCjyNqjtsvnmvYqbP3blvE3mOoiP3FtjkPU:aYw28HQCjvjtsvnmvYqbP3blvkz33S`
Imports Hash	`c7c8539696779cecbd78ab4f7a21c5a1`

DOS Header

e_magic	`MZ`
e_cblp	`0`
e_cp	`0`
e_crlc	`0`
e_cparhdr	`0`
e_minalloc	`0`
e_maxalloc	`0`
e_ss	`0`
e_sp	`0`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x78`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`0.0`
SizeOfCode	`0`
SizeOfInitializedData	`0x373400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000009E20D6 (Section: )`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`0.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xd7a000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x2000000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x4000000`
SizeofHeapCommit	`0x2800001000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

Section_1

MD5	`75050b34c243c594cb8b12eeabe89d88`
SHA1	`f6a12a70d215532a17e0b5df3a399ac2eaafadf5`
SHA256	`2f84bd95062d72f9fb0f8fd6f5c53fb74e63e7b6f8cb49b76b437f2f70919a3f`
SHA3	`05a0cb66dd55c4f94af9dbedcab1d3e33632525878b9d6cc16c10615c349153d`
VirtualSize	`0x9e2636`
VirtualAddress	`0x1000`
SizeOfRawData	`0x9e2800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.9684`

Section_2

MD5	`8febdeff007c8ce0c08e2caf6d5bfa4d`
SHA1	`15f3b8b84fc1adba466f73a8c693b976d6058e33`
SHA256	`204907b22a61ea11ac3f7f910621b055899e36e6951043105e467eceeb0f71ad`
SHA3	`177490666af6e61189ef66e9396cd0b64cbb2be70811df4cb509f058735dba2c`
VirtualSize	`0xafe74`
VirtualAddress	`0x9e4000`
SizeOfRawData	`0xb0000`
PointerToRawData	`0x9e2c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.36299`

Section_3

MD5	`da0befa0fbafedc2b5dfb0ac7f9a6bc4`
SHA1	`c9739e035b16a34664fdf36a9de3584f93d7db0d`
SHA256	`43e88ad3e633dfefb2782956342aa5dd3fad7a1b93b3bf936691b095121cb295`
SHA3	`911913fd7fddf330d9e38aafd7f5feaf3922294424f01fd83ee3f67119c25923`
VirtualSize	`0x2b04a8`
VirtualAddress	`0xa94000`
SizeOfRawData	`0x291000`
PointerToRawData	`0xa92c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.79523`

Section_4

MD5	`c82dabbcb196e43c656388fa16c66d50`
SHA1	`3ec4be9886f7839de51de5465a6af9fc03cf8223`
SHA256	`9794c414e25f280f0c2671df3f6b9e115639b2d7f1e76798d6c21770eb835262`
SHA3	`adfd0800d7b736594b1d4833664fd8075c21abd0788dd87b3901e2f1286abd09`
VirtualSize	`0x1c164`
VirtualAddress	`0xd45000`
SizeOfRawData	`0x1c200`
PointerToRawData	`0xd23c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.39184`

Section_5

MD5	`1f354d76203061bfdd5a53dae48d5435`
SHA1	`aa0d33a0c854e073439067876e932688b65cb6a9`
SHA256	`4c6474903705cb450bb6434c29e8854f17d8324efca1fdb9ee9008599060883a`
SHA3	`991fbbd46bbd69198269fe6c247d440e0f8a7d38259b7a1e04b74790301d1d2b`
VirtualSize	`0x9`
VirtualAddress	`0xd62000`
SizeOfRawData	`0x200`
PointerToRawData	`0xd3fe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0203931`

Section_6

MD5	`c3f624afb43f734f7e56d8ba9a017eaf`
SHA1	`daaa79296f653fc4c08a011138087fda2bbf976e`
SHA256	`90ae2fd94bd6f054ceb42592a5c2d804c3f6d81f570bf4f13c90aaf3f0d3a0fe`
SHA3	`519655e31ae360ca6b38c38aa3d5f2015b98e14a3032a35f1092cf02628d0149`
VirtualSize	`0x114a0`
VirtualAddress	`0xd63000`
SizeOfRawData	`0x11600`
PointerToRawData	`0xd40000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.82771`

Section_7

MD5	`ac87d3dda061f6f57d5fedeccadfb493`
SHA1	`c9d62490d1adc0d0758854636bc4c07b58f636b1`
SHA256	`38c92c20c9701c5b1597d6d2c018930458be7eefaff8a53c0ab9c98231497243`
SHA3	`f6090c273b2adaa92cf80183ce5ecf741ab52e54bc2d59ccad9d2e1216c856a1`
VirtualSize	`0x497c`
VirtualAddress	`0xd75000`
SizeOfRawData	`0x4a00`
PointerToRawData	`0xd51600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.43958`

Imports

./.\kErnel32	`AcquireSRWLockExclusive` `AllocConsole` `CloseHandle` `CopyFileW` `CreateDirectoryA` `CreateDirectoryW` `CreateEventA` `CreateFileA` `CreateFileMappingA` `CreateFileW` `CreateHardLinkW` `CreateMutexA` `CreateProcessA` `CreateSymbolicLinkW` `CreateThread` `DeleteCriticalSection` `DeleteFileW` `DeviceIoControl` `EnterCriticalSection` `ExitProcess` `FillConsoleOutputAttribute` `FillConsoleOutputCharacterA` `FindClose` `FindFirstFileExW` `FindFirstFileW` `FindNextFileW` `FindResourceW` `FlushConsoleInputBuffer` `FormatMessageA` `FormatMessageW` `FreeLibrary` `GetConsoleMode` `GetConsoleScreenBufferInfo` `GetConsoleWindow` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThreadId` `GetEnvironmentVariableA` `GetExitCodeProcess` `GetFileAttributesExW` `GetFileAttributesW` `GetFileInformationByHandle` `GetFileInformationByHandleEx` `GetFileSizeEx` `GetFileType` `GetFullPathNameW` `GetLastError` `GetLocaleInfoA` `GetLocaleInfoEx` `GetModuleHandleA` `GetModuleHandleW` `GetProcAddress` `GetStartupInfoW` `GetStdHandle` `GetSystemDirectoryA` `GetSystemDirectoryW` `GetSystemTimeAsFileTime` `GetTickCount` `GetTickCount64` `GlobalAlloc` `GlobalFree` `GlobalLock` `GlobalUnlock` `InitializeCriticalSectionEx` `InitializeSListHead` `IsDebuggerPresent` `IsProcessorFeaturePresent` `K32GetModuleInformation` `LeaveCriticalSection` `LoadLibraryA` `LoadLibraryExA` `LoadResource` `LocalFree` `LockResource` `MapViewOfFile` `MoveFileExW` `MultiByteToWideChar` `OpenProcess` `OutputDebugStringA` `PeekNamedPipe` `QueryPerformanceCounter` `QueryPerformanceFrequency` `ReadConsoleInputW` `ReadFile` `ReleaseMutex` `ReleaseSRWLockExclusive` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `SetConsoleCtrlHandler` `SetConsoleCursorPosition` `SetConsoleMode` `SetConsoleScreenBufferSize` `SetConsoleTextAttribute` `SetConsoleTitleA` `SetConsoleWindowInfo` `SetEvent` `SetFileInformationByHandle` `SetLastError` `SetUnhandledExceptionFilter` `SizeofResource` `Sleep` `SleepConditionVariableSRW` `SleepEx` `TerminateProcess` `UnhandledExceptionFilter` `VerSetConditionMask` `VerifyVersionInfoW` `VirtualAlloc` `VirtualFree` `VirtualProtect` `WaitForMultipleObjects` `WaitForSingleObject` `WaitForSingleObjectEx` `WakeAllConditionVariable` `WideCharToMultiByte` `WinExec` `WriteConsoleW` `WriteFile`
.\USeR32	`ClientToScreen` `CloseClipboard` `DestroyWindow` `DispatchMessageA` `DrawMenuBar` `EmptyClipboard` `EnumChildWindows` `EnumWindows` `FindWindowA` `FindWindowExA` `FindWindowW` `GetAsyncKeyState` `GetCapture` `GetClassNameA` `GetClientRect` `GetClipboardData` `GetCursorPos` `GetDC` `GetDesktopWindow` `GetForegroundWindow` `GetKeyState` `GetKeyboardLayout` `GetMessageExtraInfo` `GetSystemMenu` `GetWindowLongA` `GetWindowRect` `GetWindowTextA` `GetWindowThreadProcessId` `IsWindow` `IsWindowUnicode` `LoadCursorA` `MessageBoxA` `MonitorFromWindow` `OpenClipboard` `PeekMessageA` `PostMessageA` `PostQuitMessage` `ReleaseCapture` `ReleaseDC` `ScreenToClient` `SetCapture` `SetClipboardData` `SetCursor` `SetCursorPos` `SetLayeredWindowAttributes` `SetProcessDPIAware` `SetWindowLongA` `SetWindowPos` `SetWindowTextA` `SetWindowTextW` `ShowWindow` `TrackMouseEvent` `TranslateMessage` `UpdateWindow`
./.\ShEll32	`SHGetFolderPathA` `ShellExecuteA` `ShellExecuteW`
.\oleauT32	`#2` `#6`
.\.\GdI32	`CreateRectRgn` `DeleteObject` `GetDeviceCaps`
.\.\d3D11	`D3D11CreateDeviceAndSwapChain`
./.\ntDll	`NtClose` `NtCreateFile` `NtCreateSection` `NtDeviceIoControlFile` `NtLoadDriver` `NtMapViewOfSection` `NtQuerySystemInformation` `NtReadFile` `NtUnloadDriver` `RtlAdjustPrivilege` `RtlAllocateHeap` `RtlCreateRegistryKey` `RtlDosPathNameToRelativeNtPathName_U_WithStatus` `RtlFreeHeap` `RtlGetFullPathName_UEx` `RtlImageNtHeaderEx` `RtlInitUnicodeString` `RtlReleaseRelativeName` `RtlWriteRegistryValue` `__C_specific_handler` `__chkstk` `_setjmp` `_stricmp` `_vsnwprintf` `_wcsicmp` `cos` `log` `longjmp` `memchr` `memcmp` `memcpy` `memmove` `memset` `pow` `qsort` `sin` `strcat_s` `strchr` `strcmp` `strcspn` `strlen` `strncmp` `strncpy` `strpbrk` `strrchr` `strspn` `strstr` `strtol` `tan` `toupper` `wcscat_s` `wcschr` `wcscpy_s` `wcslen` `wcsncmp` `wcsncpy_s`
./MSVCP140	`??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `??0_Lockit@std@@QEAA@H@Z` `??0ios_base@std@@IEAA@XZ` `??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??1_Lockit@std@@QEAA@XZ` `??1ios_base@std@@UEAA@XZ` `??4?$_Yarn@_W@std@@QEAAAEAV01@PEB_W@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z` `?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ` `?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ` `?_Id_cnt@id@locale@std@@0HA` `?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z` `?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ` `?_Syserror_map@std@@YAPEBDH@Z` `?_Throw_Cpp_error@std@@YAXH@Z` `?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?_Winerror_map@std@@YAHH@Z` `?_Xbad_alloc@std@@YAXXZ` `?_Xbad_function_call@std@@YAXXZ` `?_Xlength_error@std@@YAXPEBD@Z` `?_Xout_of_range@std@@YAXPEBD@Z` `?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A` `?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z` `?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?eof@ios_base@std@@QEBA_NXZ` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ` `?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ` `?getloc@ios_base@std@@QEBA?AVlocale@2@XZ` `?good@ios_base@std@@QEBA_NXZ` `?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `?id@?$ctype@D@std@@2V0locale@2@A` `?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A` `?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z` `?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IEAAXPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z` `?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z` `?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z` `?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z` `?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z` `?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z` `?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?uncaught_exceptions@std@@YAHXZ` `?wcerr@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A` `?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A` `?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `_Cnd_do_broadcast_at_thread_exit` `_Mtx_lock` `_Mtx_unlock` `_Query_perf_counter` `_Query_perf_frequency` `_Thrd_detach` `_Thrd_id` `_Thrd_join` `_Xtime_get_ticks`
.\iMM32	`ImmGetContext` `ImmReleaseContext` `ImmSetCandidateWindow` `ImmSetCompositionWindow`
.\D3dcOMpiler_43	`D3DCompile`
.\.\dwMapi	`DwmEnableBlurBehindWindow` `DwmExtendFrameIntoClientArea` `DwmGetColorizationColor` `DwmIsCompositionEnabled`
././Ws2_32	`#116` `WSACloseEvent` `WSACreateEvent` `WSAEnumNetworkEvents` `WSAEventSelect` `#111` `WSAIoctl` `WSAResetEvent` `#112` `#115` `WSAWaitForMultipleEvents` `#151` `#1` `#2` `#3` `#4` `freeaddrinfo` `getaddrinfo` `#57` `#5` `#6` `#7` `#8` `#9` `#10` `#13` `#15` `#16` `#17` `#18` `#19` `#20` `#21` `#23`
.\.\IPhLpAPI	`if_nametoindex`
.\./AdVapI32	`CryptAcquireContextW` `CryptCreateHash` `CryptDestroyHash` `CryptDestroyKey` `CryptEncrypt` `CryptGetHashParam` `CryptHashData` `CryptImportKey` `CryptReleaseContext`
.\CRypt32	`CertAddCertificateContextToStore` `CertCloseStore` `CertCreateCertificateChainEngine` `CertEnumCertificatesInStore` `CertFindCertificateInStore` `CertFindExtension` `CertFreeCRLContext` `CertFreeCTLContext` `CertFreeCertificateChain` `CertFreeCertificateChainEngine` `CertFreeCertificateContext` `CertGetCertificateChain` `CertGetNameStringW` `CertOpenStore` `CryptDecodeObjectEx` `CryptQueryObject` `CryptStringToBinaryW` `PFXImportCertStore`
./.\secur32	`InitSecurityInterfaceW`
.\.\bCRyPt	`BCryptGenRandom`
./VCRUNtimE140	`_CxxThrowException` `__CxxFrameHandler3` `__current_exception` `__current_exception_context` `__std_exception_copy` `__std_exception_destroy` `__std_terminate`
./vcruNTime140_1	`__CxxFrameHandler4`
aPI-mS-win-crT-TiME-l1-1-0	`_W_Getdays` `_W_Getmonths` `_gmtime64_s` `_localtime64` `_time64` `strftime`
API-ms-win-crT-sTDiO-L1-1-0	`__acrt_iob_func` `__p__commode` `__stdio_common_vfprintf` `__stdio_common_vsprintf` `__stdio_common_vsprintf_s` `__stdio_common_vsscanf` `_close` `_fseeki64` `_get_stream_buffer_pointers` `_lseeki64` `_read` `_set_fmode` `_wfopen` `_wfsopen` `_write` `_wsopen_s` `fclose` `feof` `fflush` `fgetc` `fgetpos` `fgets` `fopen` `fputc` `fputs` `fread` `freopen` `freopen_s` `fseek` `fsetpos` `ftell` `fwrite` `getchar` `setvbuf` `ungetc`
api-Ms-win-CRt-ruNtiME-L1-1-0	`_beginthreadex` `_c_exit` `_cexit` `_configure_narrow_argv` `_crt_atexit` `_errno` `_exit` `_get_narrow_winmain_command_line` `_initialize_narrow_environment` `_initialize_onexit_table` `_initterm` `_initterm_e` `_invoke_watson` `_register_onexit_function` `_register_thread_local_exe_atexit_callback` `_seh_filter_exe` `_set_app_type` `abort` `exit` `strerror_s` `system` `terminate`
aPI-Ms-WIN-CRt-MATh-l1-1-0	`__setusermatherr` `_fdopen` `acosf` `atan2f` `cosf` `expf` `fmodf` `logf` `powf` `sinf` `sqrtf`
aPI-mS-win-CRt-ConVeRT-l1-1-0	`atof` `strtod` `strtoll` `strtoull` `wcstombs_s`
aPI-MS-WIn-CRt-Heap-l1-1-0	`_callnewh` `_set_new_mode` `calloc` `free` `malloc` `realloc`
aPi-Ms-WIn-Crt-lOCALe-L1-1-0	`_configthreadlocale` `localeconv`
api-mS-win-cRt-FIlESYStEM-l1-1-0	`_fstat64` `_fullpath` `_lock_file` `_unlink` `_unlock_file` `_wstat64`
APi-MS-win-Crt-string-L1-1-0	`_strdup`
ApI-Ms-Win-crT-UtiLITY-L1-1-0	`rand`

Delayed Imports

101

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0xac00`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.40124`
Detected Filetype	PE Executable
MD5	`53b1001126cedcb7709f13c5fde7266a`
SHA1	`cf59c340a719a9cb97914acf2c6b618c34d7ce62`
SHA256	`de1827a1dfeb97595111717a408996b886d02703d0ad01b910a8126629d8161e`
SHA3	`5cde2516d7f19bb9b1ba46027f279a5fe0ec3f463580ca135062049f69f7a925`

102

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6650`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.32405`
Detected Filetype	PE Executable
MD5	`4c7766e6a68a014e8e4ade00ed764a01`
SHA1	`2b00356abccbb0aa0c69a220d65a1c0dc76a215b`
SHA256	`2e4b5133819da285ce41a216ee1cd05257d2bb68d818e8e6b8c4ef0164a97a56`
SHA3	`7ec353a9b0fdd59b6573d19aa6a51abbfc521d8c5475b14320ee4f2b6ef64745`

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.84857`
MD5	`1b3cb4ac5487290385d8b1554adf5c81`
SHA1	`b7edbc56328989d97726dc3f04b9dafc5c9109f7`
SHA256	`e059b7af692224b60cf6ee82e3cfc3091d8c2f08550c56a65983930e4f7d8b5c`
SHA3	`6491d4c57ba00d005ad50ce68d69637f02d33bc3c7d3b0beae250c2efb7c31ae`

Version Info

TLS Callbacks

StartAddressOfRawData	`0x140d62000`
EndAddressOfRawData	`0x140d62008`
AddressOfIndex	`0x140d43d90`
AddressOfCallbacks	`0x140a4cb18`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0`

RICH Header

Errors

Leave a comment

No comments yet.