Manalyze report for dc179f9e1a65b4050b5b5e381791069b5625ba3215d841817161e0d29b7da166

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Jun-04 17:38:09
Detected languages	English - United States
TLS Callbacks	4 callback(s) detected.

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: control.exe dumpcap.exe filemon.exe procexp.exe procmon.exe regmon.exe sc.exe wireshark.exe` `Contains references to debugging or reversing tools: ida.exe ida64.exe idaq.exe idaq64.exe immunitydebugger.exe lordpe.exe ollydbg.exe peid.exe windbg.exe x32dbg.exe x64dbg.exe` `Contains references to security software: apimonitor.exe monitor.exe` `Tries to detect virtualized environments: SYSTEM\CurrentControlSet\Enum\IDE` `Looks for VMWare presence: VMTools VMware vmtools vmware` `Looks for VirtualBox presence: HARDWARE\ACPI\DSDT\VBOX__ HARDWARE\ACPI\FADT\VBOX__ HARDWARE\ACPI\RSDT\VBOX__ SOFTWARE\Oracle\VirtualBox Guest Additions VBoxGuest VBoxMouse VBoxSF vboxservice vboxtray` `Looks for Qemu presence: QEMU qemu` `May have dropper capabilities: CurrentControlSet\Services` `Accesses the WMI: ROOT\CIMV2` `Miscellaneous malware strings: virus` Contains domain names: api.ipify.org casedieresis.cn casetilde.cn commaaccentright.cn cyrillictail.cn cyrillictic.cn discord.com github.com http://scripts.sil.org http://scripts.sil.org/OFLThis http://scripts.sil.org/OFLhttps http://www.w3.org http://www.w3.org/1999/02/22-rdf-syntax-ns# https://api.frostware.lol https://api.frostware.lol/v3/license/validate https://cdn.frostware.lol https://cdn.frostware.lol/builds/cs2/latest.dll https://files.catbox.moe https://files.catbox.moe/sd8emy.dll https://github.com https://indiantypefoundry.comNinad https://rsms.me https://scripts.sil.org https://scripts.sil.org/OFLThis https://scripts.sil.org/OFLhttps ipify.org koronisaccentleft.cn reclass.net scripts.sil.org tildecross.cn www.w3.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Functions which can be used for anti-debugging purposes: CheckRemoteDebuggerPresent CreateToolhelp32Snapshot` `Code injection capabilities: VirtualAllocEx CreateRemoteThread VirtualAlloc OpenProcess WriteProcessMemory` `Code injection capabilities (process hollowing): ResumeThread SetThreadContext WriteProcessMemory` `Code injection capabilities (mapping injection): CreateRemoteThread MapViewOfFile CreateFileMappingA` `Can access the registry: RegSetValueExW RegEnumKeyExA RegCloseKey RegQueryValueExA RegOpenKeyExA RegCreateKeyExW` `Can create temporary files: CreateFileW GetTempPathW CreateFileA` `Uses functions commonly found in keyloggers: GetForegroundWindow GetAsyncKeyState` `Memory manipulation functions often used by packers: VirtualProtectEx VirtualAllocEx VirtualProtect VirtualAlloc` `Has Internet access capabilities: WinHttpQueryDataAvailable WinHttpCrackUrl WinHttpConnect WinHttpQueryOption WinHttpReceiveResponse WinHttpOpen WinHttpQueryHeaders WinHttpReadData WinHttpOpenRequest WinHttpSetOption WinHttpCloseHandle WinHttpSendRequest WinHttpSetTimeouts` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges` `Enumerates local disk drives: GetVolumeInformationA` `Manipulates other processes: Process32NextW Process32FirstW ReadProcessMemory OpenProcess WriteProcessMemory` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`0e0ded6a43c1bb6ccb4f2d43d348ad6d`
SHA1	`329f7ff1fc21de059c775243ff9adfee275dbe92`
SHA256	`dc179f9e1a65b4050b5b5e381791069b5625ba3215d841817161e0d29b7da166`
SHA3	`b5dd2c2a3f09a48f6fd50a236eb73ab3ef02e5f594de5eb9564d1048cc327706`
SSDeep	`98304:NiRHRSWIq+MG0rZDplX7SFwBUlNAEyo8ZPX3v3thp95oIUe:NiRHRXUc/L8wBUrMHF/37p9iC`
Imports Hash	`f507d51b8c0e37bbe831d19e2e40a767`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x128`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2026-Jun-04 17:38:09
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xfec00`
SizeOfInitializedData	`0x458800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000FC300 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x55a000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`11d9766a38378c426f21a0847d51682e`
SHA1	`b8bb1cd88bf02d5ec59b14e58a192ad989be8e4c`
SHA256	`c62d5e600ff8e80a4cec5ee8fad9c05dbf3cad6fbed27ec2dc3e80b8139ab2d9`
SHA3	`fed18210c0eecbcb168fde58ab0b2681b38dfc852a34a44f659adaf7f5dfa7bc`
VirtualSize	`0xfebe8`
VirtualAddress	`0x1000`
SizeOfRawData	`0xfec00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.53924`

.rdata

MD5	`7287e8ff9ea224c20bbe939fa6a44aa4`
SHA1	`fc6d90151ea8195aa16d14aae071bf3504b90417`
SHA256	`c0e1e4aecb1ce3efd8842543b3650f29538da0ba3053b1d70966491712933a3b`
SHA3	`cabbd020f36271a6edd7a502e997bea5a15b7ff79d0db57ef39cb1b1f66861ce`
VirtualSize	`0xa3466`
VirtualAddress	`0x100000`
SizeOfRawData	`0xa3600`
PointerToRawData	`0xff000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.44981`

.data

MD5	`5ac2e1ce3e00af9565376b73100d7b46`
SHA1	`225dbe9e4c625d7372e5f05e801dbed0a48a0f11`
SHA256	`d6f510508771b766121e1785fad5b0b9e14f41dee9b7148049b937d3fd808753`
SHA3	`c0f78d1ab917248d4a497c4b451344cb3c720914fdd9998e369311dbf1b72217`
VirtualSize	`0x396d00`
VirtualAddress	`0x1a4000`
SizeOfRawData	`0x395600`
PointerToRawData	`0x1a2600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.9329`

.pdata

MD5	`db9a37bd10386debf92f52f5f6c8f4e7`
SHA1	`d94cd9fc69d7f6efe157b297e2fc83ecaf49dd93`
SHA256	`8c80315ab8427c467781d7d447c5ce8161c8387dffb4a2b70765b631fbb56939`
SHA3	`c1c22f6c195728df8b8e083b506903e8dc475f8210d935381dc86d9aaadb26d2`
VirtualSize	`0xa6bc`
VirtualAddress	`0x53b000`
SizeOfRawData	`0xa800`
PointerToRawData	`0x537c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.05759`

.rsrc

MD5	`162ac4a6c6dc4c61fd695856217c753f`
SHA1	`09078aee31570dd7d32d76d8ee3f5f7caa16d6a3`
SHA256	`6848a5f859a365c823b969233c8903cc1dc9441affd47e4c3801248a17fcad98`
SHA3	`351045809d0b1c97dfd14ebee396aa9cb5bde8f2715ee8aa06a7417ebe3c0cb2`
VirtualSize	`0x12ac8`
VirtualAddress	`0x546000`
SizeOfRawData	`0x12c00`
PointerToRawData	`0x542400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.97923`

.reloc

MD5	`f6c011caa4b8f1d791708b78bd714790`
SHA1	`eec3d6b4fd90c7fc83ad27f0bb06f9e19397318c`
SHA256	`df1f08eba6d75ec3dffb3f6c86c80e8a5160a1823d4077bc1a47ac7feeb78b14`
SHA3	`a5c4521287b724a6e298fc2a979dfe4b44939ad52c08b255ea0f5a098424533b`
VirtualSize	`0xf08`
VirtualAddress	`0x559000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x555000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.28236`

Imports

d3d11.dll	`D3D11CreateDeviceAndSwapChain`
D3DCOMPILER_47.dll	`D3DCompile`
KERNEL32.dll	`Process32NextW` `LoadLibraryA` `TlsAlloc` `Process32FirstW` `VirtualProtectEx` `GetProcAddress` `VirtualAllocEx` `ReadProcessMemory` `CreateRemoteThread` `VirtualFreeEx` `IsWow64Process` `GetExitCodeProcess` `CreateDirectoryW` `VirtualProtect` `TerminateProcess` `GetModuleFileNameW` `Thread32Next` `Thread32First` `GetCurrentThreadId` `SuspendThread` `ResumeThread` `GetModuleHandleA` `GetTickCount64` `ReleaseSRWLockExclusive` `GetCurrentThread` `AcquireSRWLockExclusive` `QueryPerformanceFrequency` `ReleaseSRWLockShared` `Module32FirstW` `GetThreadContext` `SetFilePointerEx` `AcquireSRWLockShared` `GetFileSize` `ExitProcess` `GetCurrentProcessId` `GetModuleHandleW` `GetProcessHeap` `Module32NextW` `QueryFullProcessImageNameW` `Sleep` `GetTickCount` `OpenThread` `IsDebuggerPresent` `GetComputerNameA` `CheckRemoteDebuggerPresent` `DeviceIoControl` `GetComputerNameW` `SetThreadPriority` `VirtualAlloc` `SetProcessWorkingSetSize` `VirtualFree` `OutputDebugStringA` `FlushInstructionCache` `DebugBreak` `SetThreadContext` `FreeLibrary` `GlobalAlloc` `GlobalFree` `GlobalLock` `GlobalUnlock` `GetLocaleInfoA` `SetUnhandledExceptionFilter` `GetLocalTime` `MapViewOfFile` `UnmapViewOfFile` `CreateFileMappingA` `SleepConditionVariableSRW` `WakeAllConditionVariable` `GetStartupInfoW` `GetSystemTimeAsFileTime` `InitializeSListHead` `LocalFree` `CreateToolhelp32Snapshot` `OpenProcess` `RtlAddFunctionTable` `GetCurrentProcess` `WriteProcessMemory` `HeapAlloc` `CreateThread` `GetLastError` `ReadFile` `QueryPerformanceCounter` `CloseHandle` `DeleteFileW` `MultiByteToWideChar` `SetFileAttributesW` `CreateFileW` `GetVolumeInformationA` `GetTempPathW` `SetFilePointer` `WriteFile` `HeapFree` `FlushFileBuffers` `GetFileSizeEx` `CreateFileA` `WideCharToMultiByte`
USER32.dll	`MoveWindow` `EnumWindows` `GetWindowLongW` `DefWindowProcW` `DispatchMessageA` `DestroyWindow` `CreateWindowExW` `UnregisterClassW` `RegisterClassExW` `ShowWindow` `SetLayeredWindowAttributes` `TranslateMessage` `LoadIconW` `SetWindowLongW` `PeekMessageA` `UpdateWindow` `GetKeyState` `GetMessageExtraInfo` `EnumDesktopWindows` `ScreenToClient` `GetCapture` `ClientToScreen` `TrackMouseEvent` `GetKeyboardLayout` `GetForegroundWindow` `SetCapture` `SetCursor` `GetClientRect` `IsWindowUnicode` `GetClassNameW` `PostQuitMessage` `GetDesktopWindow` `GetAsyncKeyState` `SetClipboardData` `GetClipboardData` `EmptyClipboard` `CloseClipboard` `GetWindowRect` `SendMessageTimeoutW` `RedrawWindow` `OpenClipboard` `GetCursorPos` `SetCursorPos` `ReleaseCapture` `SystemParametersInfoW` `GetWindowTextW` `LoadCursorA` `GetSystemMetrics`
ADVAPI32.dll	`RegSetValueExW` `RegEnumKeyExA` `RegCloseKey` `RegQueryValueExA` `GetUserNameA` `OpenProcessToken` `AdjustTokenPrivileges` `LookupPrivilegeValueW` `RegOpenKeyExA` `GetUserNameW` `RegCreateKeyExW`
SHELL32.dll	`SHGetFolderPathW` `SHCreateDirectoryExW`
ole32.dll	`CoInitializeEx` `CoUninitialize` `CoCreateInstance` `CoSetProxyBlanket`
OLEAUT32.dll	`VariantInit` `SysFreeString` `SysAllocString` `VariantClear`
MSVCP140.dll	`??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z` `?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z` `??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z` `?good@ios_base@std@@QEBA_NXZ` `?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `_Xtime_get_ticks` `?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z` `?uncaught_exceptions@std@@YAHXZ` `_Mtx_unlock` `_Query_perf_frequency` `?_Throw_Cpp_error@std@@YAXH@Z` `?_Xout_of_range@std@@YAXPEBD@Z` `?_Xlength_error@std@@YAXPEBD@Z` `_Mtx_lock` `_Cnd_do_broadcast_at_thread_exit` `_Query_perf_counter` `_Thrd_detach`
WINHTTP.dll	`WinHttpQueryDataAvailable` `WinHttpCrackUrl` `WinHttpConnect` `WinHttpQueryOption` `WinHttpReceiveResponse` `WinHttpOpen` `WinHttpQueryHeaders` `WinHttpReadData` `WinHttpOpenRequest` `WinHttpSetOption` `WinHttpCloseHandle` `WinHttpSendRequest` `WinHttpSetTimeouts`
bcrypt.dll	`BCryptGetProperty` `BCryptOpenAlgorithmProvider` `BCryptFinishHash` `BCryptCloseAlgorithmProvider` `BCryptDestroyHash` `BCryptHashData` `BCryptCreateHash`
IPHLPAPI.DLL	`GetAdaptersAddresses` `GetAdaptersInfo`
CRYPT32.dll	`CertFreeCertificateContext`
VERSION.dll	`GetFileVersionInfoSizeW` `VerQueryValueW` `GetFileVersionInfoW`
IMM32.dll	`ImmSetCandidateWindow` `ImmSetCompositionWindow` `ImmReleaseContext` `ImmGetContext`
dwmapi.dll	`DwmExtendFrameIntoClientArea`
d3dx11_43.dll	`D3DX11CreateShaderResourceViewFromMemory`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`__std_terminate` `__C_specific_handler` `wcsstr` `strstr` `strrchr` `longjmp` `__std_exception_destroy` `wcschr` `memmove` `memset` `memchr` `memcmp` `__current_exception` `__current_exception_context` `__intrinsic_setjmp` `_CxxThrowException` `memcpy` `__std_exception_copy`
api-ms-win-crt-heap-l1-1-0.dll	`malloc` `_set_new_mode` `free` `_callnewh`
api-ms-win-crt-time-l1-1-0.dll	`_time64` `_localtime64` `_mkgmtime64`
api-ms-win-crt-stdio-l1-1-0.dll	`__stdio_common_vsprintf_s` `fflush` `__stdio_common_vfprintf` `_set_fmode` `_wfopen_s` `fclose` `fread` `_wfopen` `fwrite` `fseek` `__acrt_iob_func` `ftell` `__stdio_common_vsprintf` `__stdio_common_vsscanf` `__stdio_common_vswprintf_s` `__p__commode`
api-ms-win-crt-runtime-l1-1-0.dll	`_beginthreadex` `terminate` `_register_thread_local_exe_atexit_callback` `exit` `_c_exit` `_exit` `_initterm_e` `_initterm` `_get_narrow_winmain_command_line` `_configure_narrow_argv` `_set_app_type` `_seh_filter_exe` `_cexit` `_crt_atexit` `_register_onexit_function` `_initialize_onexit_table` `_initialize_narrow_environment` `_wassert`
api-ms-win-crt-convert-l1-1-0.dll	`atoi` `_wtoi` `strtol` `_wcstoui64`
api-ms-win-crt-string-l1-1-0.dll	`strlen` `_wcslwr_s` `strncpy_s` `iswdigit` `wcsncpy_s` `strncpy` `strcmp` `strncmp` `wcslen` `_wcsicmp` `wcsncmp` `wcscmp`
api-ms-win-crt-utility-l1-1-0.dll	`qsort`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr` `roundf` `acosf` `pow` `sin` `ceilf` `sinf` `cosf` `fmodf` `sqrtf`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x325`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.61451`
Detected Filetype	PNG graphic file
MD5	`45580c7b3bb489f565929a3a20844233`
SHA1	`22aec2de362f30337ddb07ebb8ac0f67b241b37c`
SHA256	`98941c53545cd9a0dde924b07b92eda5faa93f40a13406e3b1a2dbe522e7cd2b`
SHA3	`c7ff2f6f03f5bc94cd92c97911a52b455ec402c5d29656a64d811fa2e163b806`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x677`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.84615`
Detected Filetype	PNG graphic file
MD5	`f098f70e6f8600bd1ec98358b66aea8b`
SHA1	`288e7301b181065021c97a13a15c8352b6b9a2fa`
SHA256	`b759d90b8969f80c3051d7ec12432185426e679c99cc379c87e980a1d9c3a357`
SHA3	`0767c5e58a9ceab96c1cef4f77c25befc636ee1ff53fabff20c35ac66147c390`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xbf0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.91243`
Detected Filetype	PNG graphic file
MD5	`95754e7d426390497f72eea52ed2112f`
SHA1	`6b2bd6ea80da091f1bc0fa608bd91ac06c1fcf32`
SHA256	`66f6228e97733f589c056dfe1cc2e679dd831985a993658f2a4eff4128ae0393`
SHA3	`37aaa604c25b5f3a63a0391e6f9643a4aced9e3550f8eaf4c2004befdf4740dd`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1349`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.94071`
Detected Filetype	PNG graphic file
MD5	`f4fd505d3821208e82637a12f0bc02e6`
SHA1	`73a3a68d275d257bb9b5f17b68d256bd34cf43a0`
SHA256	`f222ff0f293af8b0f0fc2b69f52267ffe1e281b4db48bfd09c1ececccc9ac402`
SHA3	`ea99d49b0ea9d514cede72ccbad6b86f0cd10613d2d165fbef5ffa9dc1897e82`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3ca6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98282`
Detected Filetype	PNG graphic file
MD5	`31a77ec1ed7df50b29407551af549f38`
SHA1	`89a53e9a049efd6b49c3d8c7dc0f5889d44d8c02`
SHA256	`cc183fe808b1d9808112534f6f2950203a1083183fc354c49436385e2e027967`
SHA3	`78502e589c7d339966a6f64544bc35972f5a18ffb294fe33e916373190b4c475`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xc171`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99018`
Detected Filetype	PNG graphic file
MD5	`c5fe2cb137576174a6b291a16c2bcba4`
SHA1	`e2494503c487cf471cf0c294c01094051e8183d0`
SHA256	`8a4f61291268ea102e6e74124e6dde017d10abefe7a762617b576bd217f4ca84`
SHA3	`b6a050fdfbc92c3bd0fd2d159c8e024be0317fadf732ff75e6fb76d25098ec60`

1 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.96051`
Detected Filetype	Icon file
MD5	`d92ceb75999f3fc6845a6d20ef747062`
SHA1	`84f614f3d418c52f80118ac4bd585a38b91a0874`
SHA256	`1d55bf2645601bf98c09f33f610de99a2d46feb60bcfe3007eb00c05587e70ef`
SHA3	`0953f55d57dafdb1a8449767a1438e9d13de41f2ad89290650ce20cb5a5425b9`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x184`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91862`
MD5	`3250787fdcd75aa2587529b89c7738b2`
SHA1	`622b5627941ecee9cfe6179c3017bbf7b43fffaa`
SHA256	`8b0de2e560d8476fb0013b44f1e10c2789ae71e0353866890dc5f9c57fb1f44a`
SHA3	`6bf4f0eaf6795c219d4d808caa895dcb53f7fe9c81e92ce03da1db7841bfcd3d`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Jun-04 17:38:09
Version	`0.0`
SizeofData	`1012`
AddressOfRawData	`0x190814`
PointerToRawData	`0x18f814`

TLS Callbacks

StartAddressOfRawData	`0x140190c30`
EndAddressOfRawData	`0x140190d80`
AddressOfIndex	`0x1405394d8`
AddressOfCallbacks	`0x140100bd8`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES`
Callbacks	`0x000000014002E9B0` `0x00000001400FBE10` `0x000000014002CC00` `0x00000001400FBE80`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1401a4040`

RICH Header

XOR Key	`0x18770b06`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`20`
Imports (21202)	`2`
C objects (33145)	`1`
253 (35721)	`1`
ASM objects (35721)	`4`
C objects (35721)	`10`
C++ objects (35721)	`41`
Imports (35721)	`6`
C objects (VS2022 Update 1 (17.1.6) compiler 31107)	`26`
Imports (33145)	`33`
Total imports	`370`
C++ objects (LTCG) (36241)	`27`
Resource objects (36241)	`1`
151	`1`
Linker (36241)	`1`

Errors

Leave a comment

No comments yet.