Manalyze report for ce39ebcdc5b8a82404a5bb46445b2c5584546e32c5563409bf99bb25ff4b9cef

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Jun-16 17:55:33
Detected languages	English - United States
TLS Callbacks	4 callback(s) detected.

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: control.exe dumpcap.exe filemon.exe procexp.exe procmon.exe regmon.exe sc.exe wireshark.exe` `Contains references to debugging or reversing tools: ida.exe ida64.exe idaq.exe idaq64.exe immunitydebugger.exe lordpe.exe ollydbg.exe peid.exe windbg.exe x32dbg.exe x64dbg.exe` `Contains references to security software: apimonitor.exe monitor.exe` `Tries to detect virtualized environments: SYSTEM\CurrentControlSet\Enum\IDE` `Looks for VMWare presence: VMTools VMware vmtools vmware` `Looks for VirtualBox presence: HARDWARE\ACPI\DSDT\VBOX__ HARDWARE\ACPI\FADT\VBOX__ HARDWARE\ACPI\RSDT\VBOX__ SOFTWARE\Oracle\VirtualBox Guest Additions VBoxGuest VBoxMouse VBoxSF vboxservice vboxtray` `Looks for Qemu presence: QEMU qemu` `May have dropper capabilities: CurrentControlSet\Services` `Accesses the WMI: ROOT\CIMV2` `Miscellaneous malware strings: virus` Contains domain names: adobe.com api.ipify.org casedieresis.cn casetilde.cn cdn.discordapp.com commaaccentright.cn cyrillictail.cn cyrillictic.cn discordapp.com github.com http://ns.adobe.com http://ns.adobe.com/photoshop/1.0/ http://ns.adobe.com/xap/1.0/ http://ns.adobe.com/xap/1.0/mm/ http://ns.adobe.com/xap/1.0/sType/ResourceEvent# http://purl.org http://scripts.sil.org http://scripts.sil.org/OFLThis http://scripts.sil.org/OFLhttps http://www.w3.org http://www.w3.org/1999/02/22-rdf-syntax-ns# https://api.frostware.lol https://api.frostware.lol/v3/license/validate https://cdn.frostware.lol https://cdn.frostware.lol/builds/cs2/latest.dll https://github.com https://indiantypefoundry.comNinad https://rsms.me https://scripts.sil.org https://scripts.sil.org/OFLThis https://scripts.sil.org/OFLhttps ipify.org koronisaccentleft.cn ns.adobe.com reclass.net scripts.sil.org tildecross.cn www.w3.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found: .shell`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Functions which can be used for anti-debugging purposes: CheckRemoteDebuggerPresent CreateToolhelp32Snapshot` `Code injection capabilities: WriteProcessMemory VirtualAlloc VirtualAllocEx CreateRemoteThread OpenProcess` `Code injection capabilities (process hollowing): WriteProcessMemory ResumeThread SetThreadContext` `Code injection capabilities (mapping injection): CreateRemoteThread CreateFileMappingA MapViewOfFile CreateFileMappingW` `Can access the registry: RegSetValueExW RegEnumKeyExA RegCloseKey RegQueryValueExA RegOpenKeyExA RegCreateKeyExW` `Possibly launches other programs: ShellExecuteW` `Uses Microsoft's cryptographic API: CryptProtectData CryptUnprotectData` `Can create temporary files: GetTempPathW CreateFileA CreateFileW` `Uses functions commonly found in keyloggers: GetForegroundWindow GetAsyncKeyState` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtectEx VirtualAllocEx VirtualProtect` `Has Internet access capabilities: WinHttpQueryDataAvailable WinHttpCrackUrl WinHttpConnect WinHttpSetTimeouts WinHttpSendRequest WinHttpCloseHandle WinHttpOpenRequest WinHttpQueryOption WinHttpReceiveResponse WinHttpOpen WinHttpQueryHeaders WinHttpReadData` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges` `Enumerates local disk drives: GetVolumeInformationA` `Manipulates other processes: Process32NextW Process32FirstW WriteProcessMemory ReadProcessMemory OpenProcess` `Reads the contents of the clipboard: GetClipboardData`
Info	The PE's resources present abnormal characteristics.	`Resource 240 is possibly compressed or encrypted.` `Resource 241 is possibly compressed or encrypted.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`b3594a780c0197507d348105b3f96878`
SHA1	`f3a00e739f2deef5341f2fda8a4287d4dce5daef`
SHA256	`ce39ebcdc5b8a82404a5bb46445b2c5584546e32c5563409bf99bb25ff4b9cef`
SHA3	`5b3cc78bc507ace9584415c00bfc0676bed76e5f91f832d1f3566abe72a4876f`
SSDeep	`196608:AoR3RmrM/L+wBUrMHF/3Top9iljd9pqQCSzzOZpKeS22lc1t:GA/L+06eF/MDejX0QjWGeS2OA`
Imports Hash	`c1975027e271634c90e4a32975356457`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x130`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2026-Jun-16 17:55:33
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x109400`
SizeOfInitializedData	`0x861000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000105C50 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x96d000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e85df79e882d2f2917020f73be7f7bd8`
SHA1	`de34f384563ac40622b213cf0c27dd883aa429cc`
SHA256	`e4cf8fcf006b631822f1db70da2f664d921aadb55ce15b68d1f647a736a61983`
SHA3	`9a840d63a6899d5deadc354524557e3e1404fc86aa4eeba6323c0ca71cf94897`
VirtualSize	`0x108bec`
VirtualAddress	`0x1000`
SizeOfRawData	`0x108c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.5342`

.shell

MD5	`e20f4c84cbbf3b0611bc09678025a756`
SHA1	`10ac58ebc997659d7631593926ff868689018248`
SHA256	`66285446507b3ddbc9b288771bb17616dd3052d4188a9e6789064af9a8e53498`
SHA3	`2e2749e98f88fb74e63a8378292221c2c9144ab7652e6d7e52d3d352e170b6c5`
VirtualSize	`0x7f8`
VirtualAddress	`0x10a000`
SizeOfRawData	`0x800`
PointerToRawData	`0x109000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`4.79549`

.rdata

MD5	`674f5e29c73635559463a87a910c1822`
SHA1	`624ce5e376997962fe692a5b47661e4e6fbb9ba4`
SHA256	`572e67b658d1470820aa47bd2889799a397c5615171e6d5aa1c36f7377a20789`
SHA3	`99b8cc4eec2acd08a10913114044b12594fb456a7f5632b435f31b246455731f`
VirtualSize	`0xa46ba`
VirtualAddress	`0x10b000`
SizeOfRawData	`0xa4800`
PointerToRawData	`0x109800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.44556`

.data

MD5	`7572bb1791557c39ad08c1f2a3e27768`
SHA1	`22576e6bb96a5d8a827a0b7b127b4015ad13f972`
SHA256	`9787fff39cab893869df1acd96672d1edfd55827d19abc48f5ac5b4d898ade5c`
SHA3	`8567fd6873e0ec3169f6c21e35bdb48693dcdeec90a2444ed5b2dec3ce112225`
VirtualSize	`0x3cec94`
VirtualAddress	`0x1b0000`
SizeOfRawData	`0x3cdc00`
PointerToRawData	`0x1ae000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.90943`

.pdata

MD5	`9461020b423fb1ce7f9fdc17a9fe44b0`
SHA1	`6f18c22f5722796444e041b88e953fb9856fd6a9`
SHA256	`5781b9e1d9a1dde128f9dea61c61d2c5e412f6693dd5624f5f819f008de8dccb`
SHA3	`27d8bd5954bbf4968e782ba3a8eb941845495b087919b6f8c7ba3fb03e3fe44f`
VirtualSize	`0xa980`
VirtualAddress	`0x57f000`
SizeOfRawData	`0xaa00`
PointerToRawData	`0x57bc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.12618`

.rsrc

MD5	`d28ab96608653a857f3ae87aca4ebb49`
SHA1	`432e92545a1d59e89b48abfd72bba03d8c2e6cea`
SHA256	`8aa5246af179182023754720b04298c27b3b43dba35eab0d1b7b30438c991505`
SHA3	`cfeaab666a1e72cd621f67b07879d4fa4ecf10ef63c9cb39c152b1818e03f9e2`
VirtualSize	`0x3e1fd8`
VirtualAddress	`0x58a000`
SizeOfRawData	`0x3e2000`
PointerToRawData	`0x586600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.99358`

.reloc

MD5	`0da6a86c7fc72d8e1b77a9c8fdbb0c35`
SHA1	`de44bbeeca45ad5cd0fbabc400a5d5163a07b0c7`
SHA256	`4bb89897b98f6d879182e8b2b7de8456309b9fdced366f5151fdf6b5ce6bb257`
SHA3	`758d6cb31da2eea23ea407201b28d294c58e1ff9adc0e2870345195471ce4453`
VirtualSize	`0xed0`
VirtualAddress	`0x96c000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x968600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.25781`

Imports

d3d11.dll	`D3D11CreateDeviceAndSwapChain`
D3DCOMPILER_43.dll	`D3DCompile`
d3dx11_43.dll	`D3DX11CreateShaderResourceViewFromMemory` `D3DX11GetImageInfoFromMemory`
KERNEL32.dll	`Process32NextW` `Process32FirstW` `CreateThread` `HeapAlloc` `GetLocalTime` `GetProcessHeap` `FlushFileBuffers` `WriteProcessMemory` `GetCurrentProcess` `VirtualAlloc` `RtlAddFunctionTable` `TerminateThread` `LoadLibraryA` `TlsAlloc` `VirtualProtectEx` `GetProcAddress` `VirtualAllocEx` `ReadProcessMemory` `CreateRemoteThread` `VirtualFreeEx` `OpenMutexW` `IsWow64Process` `GetExitCodeProcess` `CreateDirectoryW` `VirtualProtect` `GetModuleFileNameW` `Thread32Next` `Thread32First` `GetCurrentThreadId` `SuspendThread` `ResumeThread` `GetModuleHandleA` `GetTickCount64` `ReleaseSRWLockExclusive` `GetCurrentThread` `AcquireSRWLockExclusive` `QueryPerformanceFrequency` `ReleaseSRWLockShared` `Module32FirstW` `GetThreadContext` `SetFilePointerEx` `AcquireSRWLockShared` `Sleep` `ExitProcess` `OpenProcess` `GetModuleHandleW` `WideCharToMultiByte` `Module32NextW` `QueryFullProcessImageNameW` `QueryPerformanceCounter` `GetTickCount` `GetTempPathW` `IsDebuggerPresent` `GetComputerNameA` `CheckRemoteDebuggerPresent` `DeviceIoControl` `GetComputerNameW` `SetThreadPriority` `SetProcessWorkingSetSize` `VirtualFree` `OutputDebugStringA` `FlushInstructionCache` `DebugBreak` `SetThreadContext` `SizeofResource` `LockResource` `LoadResource` `FindResourceW` `GetFullPathNameW` `GetProcessId` `CompareStringOrdinal` `GetFileAttributesExW` `MoveFileExW` `FreeLibrary` `GlobalAlloc` `GlobalFree` `GlobalLock` `GlobalUnlock` `GetLocaleInfoA` `MultiByteToWideChar` `CreateFileA` `CreateFileMappingA` `SetFileAttributesW` `SetFilePointer` `TerminateProcess` `HeapFree` `CreateToolhelp32Snapshot` `GetCurrentProcessId` `GetVolumeInformationA` `SleepConditionVariableSRW` `WakeAllConditionVariable` `GetStartupInfoW` `GetSystemTimeAsFileTime` `InitializeSListHead` `CreateFileW` `WriteFile` `GetFileSizeEx` `ReadFile` `MapViewOfFile` `CreateFileMappingW` `LocalFree` `CloseHandle` `FlushViewOfFile` `CreateEventW` `UnmapViewOfFile` `WaitForSingleObject` `DeleteFileW` `OpenThread` `GetLastError` `GetFileSize` `SetUnhandledExceptionFilter`
USER32.dll	`PostQuitMessage` `PostMessageW` `GetWindowTextW` `SystemParametersInfoW` `GetDesktopWindow` `GetClassNameW` `EnumDesktopWindows` `GetWindowLongW` `DefWindowProcW` `DispatchMessageA` `DestroyWindow` `CreateWindowExW` `UnregisterClassW` `RegisterClassExW` `ShowWindow` `SetLayeredWindowAttributes` `TranslateMessage` `LoadIconW` `SetWindowLongW` `PeekMessageA` `UpdateWindow` `GetKeyState` `GetMessageExtraInfo` `LoadCursorA` `ScreenToClient` `GetCapture` `ClientToScreen` `TrackMouseEvent` `GetKeyboardLayout` `GetForegroundWindow` `SetCapture` `SetCursor` `IsWindowUnicode` `ReleaseCapture` `SetCursorPos` `GetCursorPos` `OpenClipboard` `CloseClipboard` `EmptyClipboard` `GetClipboardData` `SetClipboardData` `GetAsyncKeyState` `MoveWindow` `GetWindowThreadProcessId` `GetWindow` `EnumWindows` `RedrawWindow` `SendMessageTimeoutW` `GetWindowRect` `GetSystemMetrics` `GetClientRect` `IsWindowVisible`
ADVAPI32.dll	`RegSetValueExW` `RegEnumKeyExA` `RegCloseKey` `RegQueryValueExA` `GetUserNameA` `ConvertStringSecurityDescriptorToSecurityDescriptorW` `OpenProcessToken` `AdjustTokenPrivileges` `LookupPrivilegeValueW` `RegOpenKeyExA` `GetUserNameW` `RegCreateKeyExW`
SHELL32.dll	`SHCreateDirectoryExW` `SHGetKnownFolderPath` `ShellExecuteExW` `SHGetFolderPathW` `ShellExecuteW`
ole32.dll	`CoTaskMemFree` `CoUninitialize` `CoInitializeEx` `CoCreateInstance` `CoSetProxyBlanket`
OLEAUT32.dll	`VariantInit` `SysFreeString` `VariantClear` `SysAllocString`
MSVCP140.dll	`_Thrd_id` `_Query_perf_counter` `_Thrd_join` `_Mtx_unlock` `_Cnd_do_broadcast_at_thread_exit` `?_Xout_of_range@std@@YAXPEBD@Z` `_Query_perf_frequency` `_Thrd_detach` `_Mtx_lock` `?_Xlength_error@std@@YAXPEBD@Z` `?_Throw_Cpp_error@std@@YAXH@Z`
MSVCP140_ATOMIC_WAIT.dll	`__std_atomic_wait_direct` `__std_atomic_notify_all_direct`
CRYPT32.dll	`CryptProtectData` `CertFreeCertificateContext` `CryptUnprotectData`
WINHTTP.dll	`WinHttpQueryDataAvailable` `WinHttpCrackUrl` `WinHttpConnect` `WinHttpSetTimeouts` `WinHttpSendRequest` `WinHttpCloseHandle` `WinHttpOpenRequest` `WinHttpQueryOption` `WinHttpReceiveResponse` `WinHttpOpen` `WinHttpQueryHeaders` `WinHttpReadData`
bcrypt.dll	`BCryptGetProperty` `BCryptOpenAlgorithmProvider` `BCryptFinishHash` `BCryptCloseAlgorithmProvider` `BCryptDestroyHash` `BCryptHashData` `BCryptCreateHash`
IPHLPAPI.DLL	`GetAdaptersInfo` `GetAdaptersAddresses`
VERSION.dll	`GetFileVersionInfoSizeW` `VerQueryValueW` `GetFileVersionInfoW`
IMM32.dll	`ImmSetCandidateWindow` `ImmSetCompositionWindow` `ImmReleaseContext` `ImmGetContext`
dwmapi.dll	`DwmExtendFrameIntoClientArea`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`strstr` `wcsstr` `__C_specific_handler` `__std_terminate` `__current_exception_context` `__std_exception_copy` `__std_exception_destroy` `memcmp` `strrchr` `longjmp` `memcpy` `memmove` `__intrinsic_setjmp` `_CxxThrowException` `__current_exception` `memset` `memchr`
api-ms-win-crt-heap-l1-1-0.dll	`_callnewh` `free` `_set_new_mode` `malloc`
api-ms-win-crt-runtime-l1-1-0.dll	`_register_onexit_function` `_initialize_onexit_table` `_initialize_narrow_environment` `_cexit` `_exit` `exit` `_configure_narrow_argv` `_wassert` `_seh_filter_exe` `_set_app_type` `_c_exit` `_beginthreadex` `_get_narrow_winmain_command_line` `_initterm` `_register_thread_local_exe_atexit_callback` `_initterm_e` `terminate` `_crt_atexit`
api-ms-win-crt-convert-l1-1-0.dll	`strtol` `strtoll` `atoi`
api-ms-win-crt-time-l1-1-0.dll	`_time64` `_mkgmtime64`
api-ms-win-crt-string-l1-1-0.dll	`strncpy` `wcsncpy_s` `_wcslwr_s` `_wcsicmp` `strcmp` `strncmp` `wcscmp` `strlen` `wcslen`
api-ms-win-crt-stdio-l1-1-0.dll	`fwrite` `fseek` `ftell` `__stdio_common_vsprintf` `_wfopen` `fread` `_set_fmode` `__p__commode` `__stdio_common_vswprintf_s` `__stdio_common_vsscanf` `__stdio_common_vfprintf` `__stdio_common_vsprintf_s` `fclose` `_wfopen_s` `fflush` `__acrt_iob_func`
api-ms-win-crt-utility-l1-1-0.dll	`qsort`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr` `floorf` `ceilf` `acosf` `fmodf` `roundf` `sinf` `sqrtf` `cosf`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x325`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.61451`
Detected Filetype	PNG graphic file
MD5	`45580c7b3bb489f565929a3a20844233`
SHA1	`22aec2de362f30337ddb07ebb8ac0f67b241b37c`
SHA256	`98941c53545cd9a0dde924b07b92eda5faa93f40a13406e3b1a2dbe522e7cd2b`
SHA3	`c7ff2f6f03f5bc94cd92c97911a52b455ec402c5d29656a64d811fa2e163b806`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x677`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.84615`
Detected Filetype	PNG graphic file
MD5	`f098f70e6f8600bd1ec98358b66aea8b`
SHA1	`288e7301b181065021c97a13a15c8352b6b9a2fa`
SHA256	`b759d90b8969f80c3051d7ec12432185426e679c99cc379c87e980a1d9c3a357`
SHA3	`0767c5e58a9ceab96c1cef4f77c25befc636ee1ff53fabff20c35ac66147c390`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xbf0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.91243`
Detected Filetype	PNG graphic file
MD5	`95754e7d426390497f72eea52ed2112f`
SHA1	`6b2bd6ea80da091f1bc0fa608bd91ac06c1fcf32`
SHA256	`66f6228e97733f589c056dfe1cc2e679dd831985a993658f2a4eff4128ae0393`
SHA3	`37aaa604c25b5f3a63a0391e6f9643a4aced9e3550f8eaf4c2004befdf4740dd`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1349`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.94071`
Detected Filetype	PNG graphic file
MD5	`f4fd505d3821208e82637a12f0bc02e6`
SHA1	`73a3a68d275d257bb9b5f17b68d256bd34cf43a0`
SHA256	`f222ff0f293af8b0f0fc2b69f52267ffe1e281b4db48bfd09c1ececccc9ac402`
SHA3	`ea99d49b0ea9d514cede72ccbad6b86f0cd10613d2d165fbef5ffa9dc1897e82`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3ca6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98282`
Detected Filetype	PNG graphic file
MD5	`31a77ec1ed7df50b29407551af549f38`
SHA1	`89a53e9a049efd6b49c3d8c7dc0f5889d44d8c02`
SHA256	`cc183fe808b1d9808112534f6f2950203a1083183fc354c49436385e2e027967`
SHA3	`78502e589c7d339966a6f64544bc35972f5a18ffb294fe33e916373190b4c475`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xc171`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99018`
Detected Filetype	PNG graphic file
MD5	`c5fe2cb137576174a6b291a16c2bcba4`
SHA1	`e2494503c487cf471cf0c294c01094051e8183d0`
SHA256	`8a4f61291268ea102e6e74124e6dde017d10abefe7a762617b576bd217f4ca84`
SHA3	`b6a050fdfbc92c3bd0fd2d159c8e024be0317fadf732ff75e6fb76d25098ec60`

1 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.96051`
Detected Filetype	Icon file
MD5	`d92ceb75999f3fc6845a6d20ef747062`
SHA1	`84f614f3d418c52f80118ac4bd585a38b91a0874`
SHA256	`1d55bf2645601bf98c09f33f610de99a2d46feb60bcfe3007eb00c05587e70ef`
SHA3	`0953f55d57dafdb1a8449767a1438e9d13de41f2ad89290650ce20cb5a5425b9`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

240

Type	`UNKNOWN`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea240`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98768`
MD5	`5043bc2b820b1e83986144e1ef8037b2`
SHA1	`af5ee610c3d30601f4b5f060ecd9f23d898ce50d`
SHA256	`1a827728e1c586b3a158af46c878362f7149c09c0b31f368cd3e8ba0c92d90a8`
SHA3	`8ab9a0ac56bea438e76408b18bb18a99bc6ef8663b4c6b5a2cd382558e6302ba`

241

Type	`UNKNOWN`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e5240`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98902`
MD5	`550802159a71fab4a996c1aea82036ba`
SHA1	`feb1d5e60550c4ce01d789631bdbd77a82556cf1`
SHA256	`25ba98075893e8dbdd66c2325c1bf71e02fd5df274323d524a829aca77150bef`
SHA3	`c29653a8a804d44b5c721115683db7c8217a618c178ffa8a16b6315670e04817`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Jun-16 17:55:33
Version	`0.0`
SizeofData	`1028`
AddressOfRawData	`0x19c014`
PointerToRawData	`0x19a814`

TLS Callbacks

StartAddressOfRawData	`0x14019c440`
EndAddressOfRawData	`0x14019c590`
AddressOfIndex	`0x14057da78`
AddressOfCallbacks	`0x14010bc10`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES`
Callbacks	`0x000000014003B610` `0x0000000140105760` `0x0000000140039860` `0x00000001401057D0`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1401b0040`

RICH Header

XOR Key	`0xb1ee61ee`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`20`
C objects (33145)	`1`
253 (35721)	`1`
ASM objects (35721)	`4`
C objects (35721)	`10`
C++ objects (35721)	`41`
Imports (35721)	`8`
C objects (CVTCIL) (33145)	`1`
Imports (33145)	`28`
C objects (VS2022 Update 1 (17.1.6) compiler 31107)	`26`
Imports (21202)	`7`
Total imports	`394`
C++ objects (LTCG) (36241)	`31`
Resource objects (36241)	`1`
151	`1`
Linker (36241)	`1`

Errors

Leave a comment

No comments yet.