Manalyze report for c4b371a5b55df66d3a2e495fac5d7a44

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Dec-08 22:41:55
Detected languages	English - United States
TLS Callbacks	2 callback(s) detected.
Debug artifacts	C:\Users\Ivan\Downloads\bladeball\bin\Roblox_External.pdb

Plugin Output

Info	Libraries used to perform cryptographic operations:	`Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowA FindWindowW` `Code injection capabilities (PowerLoader): GetWindowLongW FindWindowA FindWindowW` `Can access the registry: RegCloseKey RegQueryValueExA RegCreateKeyExA RegSetValueExA RegOpenKeyExA` `Possibly launches other programs: CreateProcessW ShellExecuteA system` `Uses Microsoft's cryptographic API: CryptEncrypt CryptImportKey CryptDestroyKey CryptDestroyHash CryptHashData CryptCreateHash CryptGetHashParam CryptReleaseContext CryptAcquireContextW CryptStringToBinaryW CryptQueryObject CryptDecodeObjectEx` `Uses functions commonly found in keyloggers: GetForegroundWindow GetAsyncKeyState` `Has Internet access capabilities: WinHttpCloseHandle WinHttpReadData WinHttpSetTimeouts WinHttpConnect WinHttpOpen WinHttpSendRequest WinHttpOpenRequest WinHttpReceiveResponse WinHttpQueryDataAvailable` `Leverages the raw socket API to access the Internet: WSAStartup WSACleanup bind connect getpeername inet_ntop gethostname ioctlsocket sendto recvfrom WSACreateEvent getaddrinfo listen htonl accept select __WSAFDIsSet WSAIoctl socket setsockopt recv htons WSAEnumNetworkEvents WSAEventSelect WSAResetEvent WSAWaitForMultipleEvents WSACloseEvent closesocket WSAGetLastError inet_pton ntohs freeaddrinfo WSASetLastError getsockname getsockopt send` `Functions related to the privilege level: CheckTokenMembership OpenProcessToken` `Enumerates local disk drives: GetVolumeInformationA` `Manipulates other processes: Process32FirstW Process32NextW OpenProcess` `Reads the contents of the clipboard: GetClipboardData` `Interacts with the certificate store: CertAddCertificateContextToStore CertOpenStore`

Hashes

MD5	`c4b371a5b55df66d3a2e495fac5d7a44`
SHA1	`379e03fbb568f33132523b2be8a78b83d411d264`
SHA256	`bef69ad2697b8949149e86bff67d59ce9d186d67586f188d25d0da3f0c222342`
SHA3	`8ab3a65bf34d4b592dbe1423b0e480bfab122cb8935878168d28ddb6f62cdc94`
SSDeep	`393216:4cVsNrDAUdemLYeYobEkohIDmonw6KySJHGBo5iPQsMQMX8kT+ock:8+fIDf3SJHsPQ68wk`
Imports Hash	`625d5b015bbf95d65a5a952fa6e65aea`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x128`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2025-Dec-08 22:41:55
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x53ac00`
SizeOfInitializedData	`0xabba00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000004D8318 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xffa000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`6fb8651cf240e3be2f4ba119df173a45`
SHA1	`ca9729106c8381ce1a3b76e7d19d144a9ff53c32`
SHA256	`4b784c4192a37ddc58303c7b33eb3bf47bf21afabef081ecf62e82b25ee10bab`
SHA3	`2b09168745bddb4d8bcfd5878213a5a48c516aa84b73422c37ec194dce7b5799`
VirtualSize	`0x53abb3`
VirtualAddress	`0x1000`
SizeOfRawData	`0x53ac00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.48186`

.rdata

MD5	`a3bf75c928ee3cfef84217e8a8457f94`
SHA1	`c2a6194e2265d9e74e185b283be6c3bb86aad3a6`
SHA256	`63f5bf850548b3a1e8fc1877db7935613e004228e31a10b8bf87a66177bd5122`
SHA3	`7c7dc5a6e7b7896a8f231fa2de95953fa2bdcbbbbddf39c53c0eb9e0b74ab666`
VirtualSize	`0x9f2ea4`
VirtualAddress	`0x53c000`
SizeOfRawData	`0x9f3000`
PointerToRawData	`0x53b000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.5089`

.data

MD5	`b9f1cddd1a577038981a032ed25832e0`
SHA1	`83fd3a28bea38d9455a2e5814b4a3f410ac49356`
SHA256	`b90c423bac0ac442b3c3fd047a55c2deecaf78935ff9dd7db63b104ef60f07dc`
SHA3	`c71b7e2f923449356c491f069a3290ab123cec63ceaaad2bc7d7b72392810d27`
VirtualSize	`0x73820`
VirtualAddress	`0xf2f000`
SizeOfRawData	`0x5b400`
PointerToRawData	`0xf2e000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.55249`

.pdata

MD5	`d72c16e50c2584739ef0e6087b0812e3`
SHA1	`a2e5c7eea81ef113e64d77b3c460023270e5113b`
SHA256	`e63b43b003e8e32d156d583e8adf987131e04616be6a63d5943010faa09ba838`
SHA3	`3f1ea4b76aad2ccae4c1351cedab96fbd0062f1dffdad6413637f54d36537d6a`
VirtualSize	`0x382d4`
VirtualAddress	`0xfa3000`
SizeOfRawData	`0x38400`
PointerToRawData	`0xf89400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.96682`

.rsrc

MD5	`120dfbcfe0784c8122bb949b0cf0a986`
SHA1	`0c2dc88ff7383f0c6589de2c7ae5b7c1d23e6d42`
SHA256	`c1adf64d05252e604b5e8d5e2bce0bb1d1e229ffa1a8f95f49a78a20d42f34e9`
SHA3	`ee1f06a72b18c37c90ce8317111956ee596883ed4b60a53d86215efa9f3069cc`
VirtualSize	`0x1b100`
VirtualAddress	`0xfdc000`
SizeOfRawData	`0x1b200`
PointerToRawData	`0xfc1800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.55265`

.reloc

MD5	`c050c63836b0f715083bb24d53f34598`
SHA1	`316beb755707902d7feb760e6b7a3a1d303d545e`
SHA256	`7537550f077b88eb5762e153923263981e7f70b4d71e3c9864e1f65075269ebd`
SHA3	`e710c7587ea4a454e26ea06066a1eb364eda5e3e588cdcdd04ae5b110eba6d65`
VirtualSize	`0x18ac`
VirtualAddress	`0xff8000`
SizeOfRawData	`0x1a00`
PointerToRawData	`0xfdca00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.35689`

Imports

d3d11.dll	`D3D11CreateDeviceAndSwapChain`
D3DCOMPILER_43.dll	`D3DCompile`
KERNEL32.dll	`Sleep` `GetLastError` `K32GetModuleBaseNameW` `K32GetDeviceDriverBaseNameW` `GetCurrentThread` `FreeConsole` `CreateThread` `SetFileAttributesA` `LocalFree` `ExitProcess` `GetCurrentProcessId` `CreateProcessW` `SetThreadExecutionState` `GetModuleHandleW` `GetConsoleWindow` `QueryFullProcessImageNameW` `K32EnumProcessModules` `CreateDirectoryA` `AllocConsole` `CreateFileA` `GetFileSizeEx` `ReadFile` `HeapAlloc` `HeapFree` `MapViewOfFile` `UnmapViewOfFile` `CreateFileMappingA` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionEx` `DeleteCriticalSection` `GetSystemDirectoryW` `GetVolumeInformationA` `SleepEx` `FormatMessageW` `MoveFileExW` `WaitForSingleObjectEx` `GetEnvironmentVariableA` `GetFileType` `PeekNamedPipe` `WaitForMultipleObjects` `VerifyVersionInfoW` `AreFileApisANSI` `CreateFile2` `SetFileInformationByHandle` `GetFileAttributesExW` `FindNextFileW` `FindFirstFileExW` `FindFirstFileW` `FindClose` `CreateDirectoryW` `GetLocaleInfoEx` `FormatMessageA` `GetFileInformationByHandleEx` `SleepConditionVariableSRW` `SetThreadPriority` `K32GetModuleFileNameExW` `GetModuleFileNameW` `TerminateProcess` `OutputDebugStringA` `GetCurrentProcess` `SetConsoleTitleA` `SetLastError` `VirtualProtect` `QueryDosDeviceW` `GetModuleFileNameA` `GetCurrentThreadId` `WakeAllConditionVariable` `SetUnhandledExceptionFilter` `GetStartupInfoW` `GetSystemTimeAsFileTime` `InitializeSListHead` `CreateFileW` `K32EnumDeviceDrivers` `Module32NextW` `Module32FirstW` `CloseHandle` `Process32FirstW` `Process32NextW` `CreateToolhelp32Snapshot` `OpenProcess` `GetProcessId` `GlobalUnlock` `WideCharToMultiByte` `GlobalLock` `GlobalFree` `GlobalAlloc` `QueryPerformanceCounter` `FreeLibrary` `VerSetConditionMask` `GetProcAddress` `QueryPerformanceFrequency` `LoadLibraryA` `MultiByteToWideChar` `GetLocaleInfoA` `GetModuleHandleA` `GetTickCount` `GetStdHandle` `SetConsoleTextAttribute` `LoadLibraryW`
USER32.dll	`GetKeyState` `SetClipboardData` `GetClipboardData` `ScreenToClient` `GetMessageExtraInfo` `ClientToScreen` `TrackMouseEvent` `GetKeyboardLayout` `EmptyClipboard` `GetForegroundWindow` `LoadCursorW` `CloseClipboard` `SetCapture` `SetCursor` `GetClientRect` `GetCapture` `SetProcessDPIAware` `GetWindowLongW` `GetWindowThreadProcessId` `DefWindowProcW` `IsWindowUnicode` `ReleaseCapture` `PostMessageW` `SetCursorPos` `OpenClipboard` `GetWindowTextW` `GetCursorPos` `GetAsyncKeyState` `DestroyWindow` `IsWindowVisible` `keybd_event` `CreateWindowExW` `SendMessageW` `GetSystemMetrics` `UnregisterClassW` `SendInput` `UpdateWindow` `FindWindowA` `GetParent` `PostQuitMessage` `SetWindowLongW` `mouse_event` `FindWindowW` `TranslateMessage` `SetLayeredWindowAttributes` `EnumWindows` `SetWindowDisplayAffinity` `PeekMessageW` `DispatchMessageW` `ShowWindow` `RegisterClassExW`
ADVAPI32.dll	`CryptEncrypt` `CryptImportKey` `CheckTokenMembership` `GetTokenInformation` `CryptDestroyKey` `CryptDestroyHash` `CryptHashData` `CryptCreateHash` `CryptGetHashParam` `CryptReleaseContext` `CryptAcquireContextW` `RegCloseKey` `GetCurrentHwProfileA` `ConvertSidToStringSidA` `RegQueryValueExA` `AllocateAndInitializeSid` `RegCreateKeyExA` `RegSetValueExA` `OpenProcessToken` `FreeSid` `RegOpenKeyExA`
SHELL32.dll	`SHGetFolderPathA` `ShellExecuteExW` `ShellExecuteA`
MSVCP140.dll	`__crtLCMapStringA` `??7ios_base@std@@QEBA_NXZ` `?_Xbad_alloc@std@@YAXXZ` `?_Winerror_map@std@@YAHH@Z` `?_Xlength_error@std@@YAXPEBD@Z` `?_Syserror_map@std@@YAPEBDH@Z` `??1_Lockit@std@@QEAA@XZ` `??0_Lockit@std@@QEAA@H@Z` `?uncaught_exceptions@std@@YAHXZ` `?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ` `?_Xinvalid_argument@std@@YAXPEBD@Z` `?_Id_cnt@id@locale@std@@0HA` `?_Xout_of_range@std@@YAXPEBD@Z` `?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z` `?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ` `?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ` `??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z` `?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z` `?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z` `??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z` `??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?good@ios_base@std@@QEBA_NXZ` `??Bios_base@std@@QEBA_NXZ` `?always_noconv@codecvt_base@std@@QEBA_NXZ` `_Query_perf_frequency` `?_Xbad_function_call@std@@YAXXZ` `_Query_perf_counter` `_Xtime_get_ticks` `?_Throw_Cpp_error@std@@YAXH@Z` `_Cnd_do_broadcast_at_thread_exit` `_Thrd_detach` `_Strxfrm` `?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z` `?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z` `?id@?$ctype@D@std@@2V0locale@2@A` `?id@?$collate@D@std@@2V0locale@2@A` `_Strcoll` `?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?tolower@?$ctype@D@std@@QEBADD@Z` `??1facet@locale@std@@MEAA@XZ` `??0facet@locale@std@@IEAA@_K@Z` `?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ` `?_Incref@facet@locale@std@@UEAAXXZ` `?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ` `??1_Locinfo@std@@QEAA@XZ` `??0_Locinfo@std@@QEAA@PEBD@Z` `_Thrd_yield` `?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A` `?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z` `?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z` `?_Random_device@std@@YAIXZ` `_Mtx_lock` `_Mtx_unlock` `?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z` `?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z` `?getloc@ios_base@std@@QEBA?AVlocale@2@XZ` `?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ`
d3dx11_43.dll	`D3DX11CreateShaderResourceViewFromMemory`
WINHTTP.dll	`WinHttpCloseHandle` `WinHttpReadData` `WinHttpSetTimeouts` `WinHttpConnect` `WinHttpOpen` `WinHttpSendRequest` `WinHttpOpenRequest` `WinHttpReceiveResponse` `WinHttpQueryDataAvailable`
dwmapi.dll	`DwmExtendFrameIntoClientArea`
IMM32.dll	`ImmSetCompositionWindow` `ImmReleaseContext` `ImmGetContext` `ImmSetCandidateWindow`
bcrypt.dll	`BCryptDestroyKey` `BCryptGenRandom` `BCryptGenerateSymmetricKey` `BCryptCreateHash` `BCryptSetProperty` `BCryptHashData` `BCryptDestroyHash` `BCryptCloseAlgorithmProvider` `BCryptFinishHash` `BCryptOpenAlgorithmProvider` `BCryptDecrypt` `BCryptGetProperty`
WS2_32.dll	`WSAStartup` `WSACleanup` `bind` `connect` `getpeername` `inet_ntop` `gethostname` `ioctlsocket` `sendto` `recvfrom` `WSACreateEvent` `getaddrinfo` `listen` `htonl` `accept` `select` `__WSAFDIsSet` `WSAIoctl` `socket` `setsockopt` `recv` `htons` `WSAEnumNetworkEvents` `WSAEventSelect` `WSAResetEvent` `WSAWaitForMultipleEvents` `WSACloseEvent` `closesocket` `WSAGetLastError` `inet_pton` `ntohs` `freeaddrinfo` `WSASetLastError` `getsockname` `getsockopt` `send`
CRYPT32.dll	`CryptStringToBinaryW` `CertFindExtension` `CertAddCertificateContextToStore` `CertFreeCertificateChain` `CertGetCertificateChain` `CertFreeCertificateChainEngine` `CertCreateCertificateChainEngine` `CryptQueryObject` `CertOpenStore` `CertCloseStore` `CertEnumCertificatesInStore` `CertFindCertificateInStore` `CertFreeCertificateContext` `CryptDecodeObjectEx` `PFXImportCertStore` `CertGetNameStringW`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`_CxxThrowException` `__intrinsic_setjmp` `__current_exception_context` `__current_exception` `wcschr` `memcmp` `memchr` `memset` `memmove` `memcpy` `longjmp` `strrchr` `wcsstr` `__C_specific_handler` `strstr` `__RTtypeid` `strchr` `__std_type_info_compare` `__std_terminate` `__std_exception_copy` `__std_exception_destroy`
api-ms-win-crt-heap-l1-1-0.dll	`calloc` `free` `_set_new_mode` `_callnewh` `malloc` `realloc`
api-ms-win-crt-math-l1-1-0.dll	`asinf` `acosf` `_fdopen` `_dsign` `_dclass` `cosf` `roundf` `ceilf` `__setusermatherr` `fmodf` `sqrtf` `log` `logf` `pow` `sinf` `powf` `sin` `cos`
api-ms-win-crt-stdio-l1-1-0.dll	`fseek` `__stdio_common_vsprintf_s` `_pclose` `fclose` `_lseeki64` `fgetc` `fgets` `_set_fmode` `_popen` `freopen_s` `ftell` `__stdio_common_vsprintf` `__p__commode` `fflush` `setvbuf` `_read` `_write` `_wopen` `_fileno` `_close` `fgetpos` `fputs` `__stdio_common_vfprintf` `__acrt_iob_func` `_wfopen` `fwrite` `_get_stream_buffer_pointers` `_fseeki64` `__stdio_common_vsscanf` `fread` `fsetpos` `ungetc` `feof` `fputc`
api-ms-win-crt-filesystem-l1-1-0.dll	`_lock_file` `remove` `_unlock_file` `_wstat64` `_unlink` `_fstat64`
api-ms-win-crt-runtime-l1-1-0.dll	`_wassert` `_configure_wide_argv` `_beginthreadex` `_errno` `terminate` `__sys_nerr` `_register_thread_local_exe_atexit_callback` `_c_exit` `_exit` `system` `_initterm_e` `_initterm` `_get_wide_winmain_command_line` `_initialize_wide_environment` `abort` `__sys_errlist` `exit` `_set_app_type` `_initialize_onexit_table` `_register_onexit_function` `_crt_atexit` `_cexit` `_seh_filter_exe`
api-ms-win-crt-convert-l1-1-0.dll	`strtol` `atoi` `strtoul` `strtoll` `atof` `wcstombs` `strtod` `strtoull`
api-ms-win-crt-time-l1-1-0.dll	`strftime` `_time64` `_gmtime64` `_localtime64_s`
api-ms-win-crt-locale-l1-1-0.dll	`___lc_collate_cp_func` `_configthreadlocale` `localeconv` `___lc_codepage_func` `___lc_locale_name_func`
api-ms-win-crt-utility-l1-1-0.dll	`qsort` `rand`
api-ms-win-crt-string-l1-1-0.dll	`_strdup` `wcsncpy` `strpbrk` `wcsncmp` `strspn` `wcspbrk` `strcspn` `_wcsdup` `strncmp` `strcmp` `strncpy` `isdigit` `isalnum` `tolower` `_wcsicmp` `_stricmp` `strlen` `wcslen`
api-ms-win-crt-environment-l1-1-0.dll	`_dupenv_s`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2832`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.9247`
MD5	`4991afb564a1d3ec177dc60bc6d664b0`
SHA1	`68370afaaa62687b305a6c8729771d3dfe45f878`
SHA256	`dde26573d76f85b88b9e94e2614e3a2f34148f2fe1d524031a2307158cfc327a`
SHA3	`26063f0abb9e9baa48e51b99bc3788f99aa8e4bd9a39f48aa4e321056e12e0fd`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.63213`
MD5	`a562173ac853a048e2ea49099d636703`
SHA1	`5255eb751e5992a910e261611589cab656799bb5`
SHA256	`df2e20fe8d1aa39ba16700ac7c9212b3f67227b55e171733dfb874f7f90c4283`
SHA3	`2d6da2df753292e396602ebb2c06e3e6a41cd151b02791d4b4b42898c1ed7a0c`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.81759`
MD5	`61ec280a105fce6119206858c498759c`
SHA1	`444b75c94026b7dad8e4bc21b86416c02b26fdf4`
SHA256	`29a563cb47fc9f0d132b559a8c76637e1a8ddea660f2e84266898dd70f0b6b01`
SHA3	`3442aa406d55bf098cf4b9f8a946fcb1ad004141db3cfdf124397b744db78d71`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.94526`
MD5	`e597dbb490314b7d9b6a821bec53fd0a`
SHA1	`e90ba9d887fa51d8eb74a6f0fc93c6b8c335ad98`
SHA256	`e128b78e6b52bd4dcde54d940cf672c753972f0237dfda6ea7aa7f1afa59380e`
SHA3	`2fdb4b8e037a7d07d4c8c65b5aab33e286940471cc4deab05a539722e9c09e63`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.30035`
MD5	`cf9a8702d914fbf9341e4244e5ab2437`
SHA1	`484039b15ff5e442d9c25a2a48494c28f51b2426`
SHA256	`af20628efa800a9606c9e10e4edebfe90069dc92a3c2a9b6061e991f9bd80ddf`
SHA3	`516aed108bbaca04c557fba7b09907a14290c4353f5d4b4d4c9cef69f22f4078`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.82765`
MD5	`f99dee31af2930dcaebb795130d369f7`
SHA1	`bc2f26bbf09336459bba5c814a9f139c834fb558`
SHA256	`8a95b09ebdf6d0a84a50657decbd3dee1212b507725ec70d6c20d16cc9e62c4d`
SHA3	`7d70f1e9e21c270d6e9c5bee5c62603a8ee20bb92e44a47abea082cfe02a41bf`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.76847`
MD5	`a1a27c32c2cff6a4604daec1f25cbbf6`
SHA1	`76ca660b18203336fa501acdbd44e8e5597fb699`
SHA256	`80bef1d6631b8cd38eb2683384facce8a4071c3550791f5543a3ae13c7733e4d`
SHA3	`9a206b286fd3f26e83d3d6b90ba1176b255113ab004e0e57915a9969314fa416`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Dec-08 22:41:55
Version	`0.0`
SizeofData	`82`
AddressOfRawData	`0xee8b3c`
PointerToRawData	`0xee7b3c`
Referenced File	C:\Users\Ivan\Downloads\bladeball\bin\Roblox_External.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Dec-08 22:41:55
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0xee8b90`
PointerToRawData	`0xee7b90`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Dec-08 22:41:55
Version	`0.0`
SizeofData	`992`
AddressOfRawData	`0xee8ba4`
PointerToRawData	`0xee7ba4`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2025-Dec-08 22:41:55
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x140ee8fb0`
EndAddressOfRawData	`0x140ee9104`
AddressOfIndex	`0x140f8a590`
AddressOfCallbacks	`0x14053d518`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES`
Callbacks	`0x00000001404D7C88` `0x00000001404D7CF0`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140f2f900`

RICH Header

XOR Key	`0x1e2ece9d`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`22`
253 (35403)	`8`
ASM objects (35403)	`4`
C objects (35403)	`10`
C++ objects (35403)	`43`
Imports (35403)	`6`
Imports (33145)	`26`
C objects (VS2022 Update 6 (17.6.4) compiler 32535)	`123`
C objects (VS2022 Update 1 (17.1.6) compiler 31107)	`26`
Imports (21202)	`7`
Total imports	`597`
ASM objects (35717)	`1`
C++ objects (LTCG) (35717)	`104`
Resource objects (35717)	`1`
151	`1`
Linker (35717)	`1`

Errors

[*] Warning: Please edit the configuration file with your VirusTotal API key.
[!] Error: Could not load yara_rules/bitcoin.yara!
[!] Error: Could not load yara_rules/monero.yara!
[!] Error: Could not load yara_rules/compilers.yara!
[!] Error: Could not load yara_rules/findcrypt.yara!
[!] Error: Could not load yara_rules/suspicious_strings.yara!
[!] Error: Could not load yara_rules/domains.yara!
[!] Error: Could not load yara_rules/peid.yara!