Manalyze report for e4652597d21de3196d5104f2f32edffb13c739aa78f1984f50276d68d586d011

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2023-Feb-24 14:00:03
Detected languages	English - United States
TLS Callbacks	3 callback(s) detected.

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: dc.services.visualstudio.com https://dc.services.visualstudio.com https://dc.services.visualstudio.com/v2/track services.visualstudio.com visualstudio.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses known Mersenne Twister constants`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Can access the registry: RegGetValueW RegCloseKey RegOpenKeyExW RegQueryValueExW` `Uses Windows's Native API: ntohl ntohs` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Leverages the raw socket API to access the Internet: WSAPoll sendto recvfrom inet_ntoa inet_addr freeaddrinfo getaddrinfo ntohl WSAIoctl ntohs getpeername getnameinfo WSASocketA WSACleanup WSAStartup setsockopt send recv listen htons htonl getsockopt getsockname ioctlsocket connect closesocket bind accept WSAGetLastError`
Info	The PE is digitally signed.	`Signer: Smoothwall Limited` `Issuer: DigiCert SHA2 Assured ID Code Signing CA`
Safe	VirusTotal score: 0/70 (Scanned on 2024-04-11 17:46:06)	`All the AVs think this file is safe.`

Hashes

MD5	`1138f3c415cde40f5e9cf379b703a966`
SHA1	`6fa02c535f595e43a00d39e863dc0c543d9bc7b5`
SHA256	`e4652597d21de3196d5104f2f32edffb13c739aa78f1984f50276d68d586d011`
SHA3	`b73f062f369ed716ef99af2801d00c67622c3e434551d54df8c748156760d326`
SSDeep	`24576:fqQotY0oq5Csanfy9RsKBl/yZtfWvHQ3SbKr/smPirWNW6dKaGH:SU0okCsaa9RsKBl/SlWvHQ3SbKr043QV`
Imports Hash	`eb6b4fb587c490b55557695ca257a72f`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x120`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2023-Feb-24 14:00:03
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xe2600`
SizeOfInitializedData	`0x58400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000D96DC (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x13e000`
SizeOfHeaders	`0x400`
Checksum	`0x149c10`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`4a192f303fefe62f2a887fd77702bcd1`
SHA1	`24d8119aba5609db98202ddd2d34bb8bfde97359`
SHA256	`0707971eec44bbcbec43353c00667432b042c6b6a887596ef51ab8d8912a7778`
SHA3	`368d2d0d523e7907b58e81a1fcdc19c2ef677457b25875cbb82b9a43d6391838`
VirtualSize	`0xe247b`
VirtualAddress	`0x1000`
SizeOfRawData	`0xe2600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.41674`

.rdata

MD5	`003c25e8f196af5ea64a38fea7a18173`
SHA1	`e8693920f97a5ca39124f2e8d70d1e3967d0159f`
SHA256	`453ff5f9cad17d29ceb9c7a42af4952920b8cede58a3ebf0f7b796c0c4fd683e`
SHA3	`49069cd4119d42a5905f56c8b54b28e4df8f43203a4b3d18b49aadcbb57d7061`
VirtualSize	`0x42284`
VirtualAddress	`0xe4000`
SizeOfRawData	`0x42400`
PointerToRawData	`0xe2a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.63156`

.data

MD5	`d742ea5b60087a6e732ce0b011674a55`
SHA1	`2ea2759f091931e86785ed3de8b37beb1ea29fe6`
SHA256	`8d90db930f41f75eeb2b28797d6f623165948dff484924b6af41ac5692ac205f`
SHA3	`388a88c6b1494f39a797417de7252d949d774716d567f6c6935f1aa596d27725`
VirtualSize	`0x8f40`
VirtualAddress	`0x127000`
SizeOfRawData	`0x7200`
PointerToRawData	`0x124e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.65875`

.pdata

MD5	`f3afa2eeec5246cab80390d000ee087a`
SHA1	`b34caeefefd0f8f3c336698c27903fafa1ba8e80`
SHA256	`f25171eac9fd7aab1d766ab01ec4af9f8fe485c883017325774ac246a0abd50b`
SHA3	`70ed703d668e59488f370b45107cff646e0b158d9924271644c5788aebd05e5e`
VirtualSize	`0xada0`
VirtualAddress	`0x130000`
SizeOfRawData	`0xae00`
PointerToRawData	`0x12c000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.02232`

.rsrc

MD5	`25d1a16ea9aea8f987f03663d41f3fec`
SHA1	`ec850ff2041309dfe8ff338dddab0a42198baf48`
SHA256	`238a9c1b57987f9dca252032f06b2a20d2f0312dc08b6e376ec957662feee72d`
SHA3	`b0d8663812a68fc6a11702184950d03b735591e1e81f5a07fbb94cfa7c8d713d`
VirtualSize	`0x1e0`
VirtualAddress	`0x13b000`
SizeOfRawData	`0x200`
PointerToRawData	`0x136e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.71768`

.reloc

MD5	`680ab3e02cec6a76f23424939b1d6a3e`
SHA1	`5177297de2a07812b388ced53b609f142b9ad983`
SHA256	`8e456a379831281e14a7ac0aafc75dd5a8ca11cd50da8f464c4ea59a25fb2fec`
SHA3	`01beaae4374e3d1ec8fca83285b665692d78a7480f12786a1c67736de0d16ecd`
VirtualSize	`0x1f4c`
VirtualAddress	`0x13c000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x137000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.43488`

Imports

ncrypt.dll	`BCryptGenRandom` `BCryptCloseAlgorithmProvider` `BCryptOpenAlgorithmProvider`
ADVAPI32.dll	`SetSecurityDescriptorDacl` `InitializeSecurityDescriptor` `RegGetValueW` `GetUserNameW` `RegCloseKey` `SystemFunction036` `RegOpenKeyExW` `RegQueryValueExW`
ole32.dll	`CoTaskMemFree`
KERNEL32.dll	`GetCurrentProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `InitializeSListHead` `CreateEventW` `ReleaseSRWLockShared` `AcquireSRWLockShared` `GetLastError` `FormatMessageW` `WideCharToMultiByte` `LocalFree` `InitializeSRWLock` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `CreateEventExW` `SetEvent` `WaitForSingleObjectEx` `CloseHandle` `GetModuleFileNameA` `GetModuleHandleA` `SetLastError` `QueryPerformanceCounter` `Sleep` `RaiseException` `FormatMessageA` `InitializeCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `GetTickCount` `FreeLibrary` `GetProcAddress` `LoadLibraryA` `SetHandleInformation` `IsDebuggerPresent` `WaitForSingleObject` `TerminateProcess` `GetCurrentProcessId` `GetHandleInformation` `CreateIoCompletionPort` `GetQueuedCompletionStatusEx` `CancelIoEx` `InitOnceExecuteOnce` `GetTickCount64` `GetModuleHandleW` `SetFileCompletionNotificationModes` `HeapAlloc` `HeapFree` `GetProcessHeap` `WakeAllConditionVariable` `SleepConditionVariableSRW` `MultiByteToWideChar` `CreateEventA` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `ResetEvent` `ReleaseSemaphore` `OpenEventA` `GetSystemInfo` `GetCurrentDirectoryW` `CreateDirectoryW` `CreateFileW` `DeleteFileW` `GetDiskFreeSpaceExW` `GetFileAttributesW` `GetFileAttributesExW` `GetFileInformationByHandle` `GetFileTime` `GetFullPathNameW` `RemoveDirectoryW` `SetFileAttributesW` `DeviceIoControl` `MoveFileExW` `AreFileApisANSI` `VirtualAlloc` `VirtualProtect` `VirtualFree` `VirtualLock` `VirtualUnlock` `IsProcessorFeaturePresent` `InitializeCriticalSectionAndSpinCount` `GetLocaleInfoEx` `TryEnterCriticalSection`
SHELL32.dll	`SHGetKnownFolderPath`
MSVCP140.dll	`_Query_perf_counter` `_Query_perf_frequency` `_Mtx_init_in_situ` `_Mtx_destroy_in_situ` `_Mtx_current_owns` `_Mtx_lock` `_Mtx_unlock` `_Cnd_init_in_situ` `_Cnd_destroy_in_situ` `_Cnd_wait` `_Cnd_timedwait` `_Cnd_broadcast` `_Cnd_register_at_thread_exit` `_Cnd_unregister_at_thread_exit` `?_Throw_C_error@std@@YAXH@Z` `?_Throw_Cpp_error@std@@YAXH@Z` `?uncaught_exception@std@@YA_NXZ` `?uncaught_exceptions@std@@YAHXZ` `?__ExceptionPtrCreate@@YAXPEAX@Z` `?__ExceptionPtrDestroy@@YAXPEAX@Z` `?__ExceptionPtrCopy@@YAXPEAXPEBX@Z` `?__ExceptionPtrAssign@@YAXPEAXPEBX@Z` `?__ExceptionPtrToBool@@YA_NPEBX@Z` `?__ExceptionPtrRethrow@@YAXPEBX@Z` `?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z` `?_Xbad_alloc@std@@YAXXZ` `?_Xlength_error@std@@YAXPEBD@Z` `?_Syserror_map@std@@YAPEBDH@Z` `_Mbrtowc` `?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ` `??Bid@locale@std@@QEAA_KXZ` `?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z` `?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ` `?length@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1_K@Z` `?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z` `?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A` `?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `??1_Lockit@std@@QEAA@XZ` `_Thrd_id` `_Cnd_do_broadcast_at_thread_exit` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z` `?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z` `?ignore@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z` `?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z` `?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A` `?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?_Xout_of_range@std@@YAXPEBD@Z` `_Strcoll` `_Strxfrm` `??0_Locinfo@std@@QEAA@PEBD@Z` `??1_Locinfo@std@@QEAA@XZ` `?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ` `?c_str@?$_Yarn@D@std@@QEBAPEBDXZ` `??0facet@locale@std@@IEAA@_K@Z` `??1facet@locale@std@@MEAA@XZ` `?always_noconv@codecvt_base@std@@QEBA_NXZ` `?tolower@?$ctype@D@std@@QEBADD@Z` `?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z` `?toupper@?$ctype@D@std@@QEBADD@Z` `?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z` `?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z` `?_Incref@facet@locale@std@@UEAAXXZ` `?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `?id@?$ctype@D@std@@2V0locale@2@A` `?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `?id@?$collate@D@std@@2V0locale@2@A` `?_Winerror_map@std@@YAHH@Z` `?getloc@ios_base@std@@QEBA?AVlocale@2@XZ` `?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z` `??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z` `??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z` `?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z` `?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `_Cnd_signal` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z` `?__ExceptionPtrCurrentException@@YAXPEAX@Z` `?_Xbad_function_call@std@@YAXXZ` `?exceptions@ios_base@std@@QEAAXH@Z` `??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z` `??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@DD@Z` `?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z` `?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z` `?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z` `?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z` `?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A` `??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z` `?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z` `?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z` `?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z` `?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z` `??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z` `??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ` `?set_new_handler@std@@YAP6AXXZP6AXXZ@Z` `??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z` `??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z` `?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z` `?id@?$ctype@_W@std@@2V0locale@2@A` `??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ` `??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ` `?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z` `?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z` `??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z` `?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z` `?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ` `?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z` `?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z` `?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z` `?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ` `?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ` `?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ` `?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ` `?widen@?$ctype@_W@std@@QEBA_WD@Z` `?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z` `??0_Lockit@std@@QEAA@H@Z` `_Xtime_get_ticks` `?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z` `?_Getfalse@_Locinfo@std@@QEBAPEBDXZ` `?_Gettrue@_Locinfo@std@@QEBAPEBDXZ` `?classic@locale@std@@SAAEBV12@XZ` `?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ` `?put@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AEAVios_base@2@_WPEBUtm@@PEB_W4@Z` `?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ` `??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ` `?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ` `??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ` `?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ` `?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z` `?id@?$numpunct@_W@std@@2V0locale@2@A` `?id@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@2V0locale@2@A` `?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@PEB_W_J@Z` `?clear@ios_base@std@@QEAAXH_N@Z` `_Thrd_join`
VCRUNTIME140.dll	`memset` `strchr` `memcmp` `_purecall` `__std_type_info_compare` `__std_type_info_name` `memchr` `memmove` `__std_exception_destroy` `strrchr` `strstr` `__C_specific_handler` `__current_exception` `__current_exception_context` `__std_exception_copy` `memcpy` `__std_terminate` `__RTtypeid` `_CxxThrowException` `__RTDynamicCast`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
api-ms-win-crt-runtime-l1-1-0.dll	`strerror` `_configure_narrow_argv` `_initialize_narrow_environment` `_initialize_onexit_table` `_register_onexit_function` `_crt_atexit` `_cexit` `_seh_filter_exe` `_set_app_type` `_invalid_parameter_noinfo_noreturn` `_get_initial_narrow_environment` `_initterm` `_initterm_e` `exit` `_exit` `_beginthreadex` `__p___argc` `__p___argv` `_c_exit` `_register_thread_local_exe_atexit_callback` `abort` `_errno` `terminate` `_invalid_parameter_noinfo` `signal` `raise`
api-ms-win-crt-heap-l1-1-0.dll	`realloc` `free` `calloc` `malloc` `_callnewh` `_aligned_malloc` `_set_new_mode` `_aligned_free`
api-ms-win-crt-stdio-l1-1-0.dll	`fgetc` `_fileno` `__acrt_iob_func` `_setmode` `fgetpos` `fputc` `fread` `tmpnam_s` `fsetpos` `_fseeki64` `__p__commode` `_set_fmode` `fwrite` `setvbuf` `fclose` `__stdio_common_vsprintf` `fflush` `__stdio_common_vfprintf` `ungetc` `_get_stream_buffer_pointers`
api-ms-win-crt-filesystem-l1-1-0.dll	`_unlink` `_unlock_file` `_lock_file` `_mkdir` `_rmdir`
api-ms-win-crt-math-l1-1-0.dll	`_isnan` `modf` `ceilf` `__setusermatherr` `_dclass` `_finite`
api-ms-win-crt-string-l1-1-0.dll	`strnlen` `strncmp` `isdigit` `isxdigit` `isalnum` `strncpy` `isalpha` `iswdigit`
api-ms-win-crt-environment-l1-1-0.dll	`getenv`
api-ms-win-crt-time-l1-1-0.dll	`_localtime64` `_gmtime64`
api-ms-win-crt-convert-l1-1-0.dll	`strtol` `atoi`
api-ms-win-crt-utility-l1-1-0.dll	`rand`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale` `localeconv`
WS2_32.dll	`WSAPoll` `sendto` `recvfrom` `inet_ntoa` `inet_addr` `freeaddrinfo` `getaddrinfo` `ntohl` `WSAIoctl` `ntohs` `getpeername` `getnameinfo` `WSASocketA` `WSACleanup` `WSAStartup` `setsockopt` `send` `recv` `listen` `htons` `htonl` `getsockopt` `getsockname` `ioctlsocket` `connect` `closesocket` `bind` `accept` `WSAGetLastError`
IPHLPAPI.DLL	`if_indextoname` `GetAdaptersAddresses`
ntdll.dll	`RtlLookupFunctionEntry` `RtlVirtualUnwind` `RtlCaptureContext`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2023-Feb-24 14:00:03
Version	`0.0`
SizeofData	`1072`
AddressOfRawData	`0x10c030`
PointerToRawData	`0x10aa30`

TLS Callbacks

StartAddressOfRawData	`0x14010c480`
EndAddressOfRawData	`0x14010c5b1`
AddressOfIndex	`0x14012f990`
AddressOfCallbacks	`0x1400e51f0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES`
Callbacks	`0x00000001400B79B0` `0x00000001400D99B8` `0x00000001400D9910`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140127598`

RICH Header

XOR Key	`0x28770d38`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`22`
C objects (VS 2015-2022 runtime 31823)	`10`
ASM objects (VS 2015-2022 runtime 31823)	`4`
C++ objects (VS 2015-2022 runtime 31823)	`42`
Imports (VS 2015-2022 runtime 31823)	`8`
C objects (CVTCIL) (28900)	`1`
C objects (VS2022 Update 4 (17.4.3-4) compiler 31937)	`42`
C++ objects (VS2022 Update 4 (17.4.3-4) compiler 31937)	`94`
ASM objects (VS2022 Update 3 (17.3.4-6) compiler 31630)	`1`
C++ objects (VS2022 Update 3 (17.3.4-6) compiler 31630)	`66`
Total imports	`509`
Imports (28900)	`19`
C objects (28900)	`1`
C++ objects (VS2022 Update 4 (17.4.5) compiler 31942)	`16`
Resource objects (VS2022 Update 4 (17.4.5) compiler 31942)	`1`
Linker (VS2022 Update 4 (17.4.5) compiler 31942)	`1`

Errors

Leave a comment

No comments yet.