Analysis Details
| Category | Package | Started | Completed | Duration | Logs | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| FILE | exe | 2026-03-05 20:38:00 | 2026-03-05 20:39:39 | 99s |
|
|||||
| Reports | JSON | |||||||||
Analysis Log
2026-03-05 20:34:38,788 [root] INFO: Date set to: 20260305T20:38:15, timeout set to: 60 2026-03-05 20:38:15,032 [root] DEBUG: Starting analyzer from: C:\tvrblpce 2026-03-05 20:38:15,032 [root] DEBUG: Storing results at: C:\WbXUDubO 2026-03-05 20:38:15,032 [root] DEBUG: Pipe server name: \\.\PIPE\rgKpEbztm 2026-03-05 20:38:15,032 [root] DEBUG: Python path: C:\Python310 2026-03-05 20:38:15,032 [root] INFO: analysis running as an admin 2026-03-05 20:38:15,032 [root] INFO: analysis package specified: "exe" 2026-03-05 20:38:15,032 [root] DEBUG: importing analysis package module: "modules.packages.exe"... 2026-03-05 20:38:15,032 [root] DEBUG: imported analysis package "exe" 2026-03-05 20:38:15,032 [root] DEBUG: initializing analysis package "exe"... 2026-03-05 20:38:15,032 [lib.common.common] INFO: wrapping 2026-03-05 20:38:15,032 [lib.core.compound] INFO: C:\Users\cape\AppData\Local\Temp already exists, skipping creation 2026-03-05 20:38:15,048 [root] DEBUG: New location of moved file: C:\Users\cape\AppData\Local\Temp\test_sample.exe 2026-03-05 20:38:15,048 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option 2026-03-05 20:38:15,048 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option 2026-03-05 20:38:15,048 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option 2026-03-05 20:38:15,048 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option 2026-03-05 20:38:15,064 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser" 2026-03-05 20:38:15,173 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig" 2026-03-05 20:38:15,189 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise" 2026-03-05 20:38:15,204 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human" 2026-03-05 20:38:15,251 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops' 2026-03-05 20:38:15,251 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageGrab' 2026-03-05 20:38:15,251 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageDraw' 2026-03-05 20:38:15,314 [lib.api.screenshot] INFO: Please upgrade Pillow to >= 5.4.1 for best performance 2026-03-05 20:38:15,314 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots" 2026-03-05 20:38:15,314 [root] DEBUG: Imported auxiliary module "modules.auxiliary.tlsdump" 2026-03-05 20:38:15,329 [root] DEBUG: Initialized auxiliary module "Browser" 2026-03-05 20:38:15,329 [root] DEBUG: attempting to configure 'Browser' from data 2026-03-05 20:38:15,329 [root] DEBUG: module Browser does not support data configuration, ignoring 2026-03-05 20:38:15,329 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.browser"... 2026-03-05 20:38:15,329 [root] DEBUG: Started auxiliary module modules.auxiliary.browser 2026-03-05 20:38:15,329 [root] DEBUG: Initialized auxiliary module "DigiSig" 2026-03-05 20:38:15,329 [root] DEBUG: attempting to configure 'DigiSig' from data 2026-03-05 20:38:15,329 [root] DEBUG: module DigiSig does not support data configuration, ignoring 2026-03-05 20:38:15,329 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.digisig"... 2026-03-05 20:38:15,329 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature 2026-03-05 20:38:15,673 [modules.auxiliary.digisig] DEBUG: File is not signed 2026-03-05 20:38:15,673 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json 2026-03-05 20:38:15,689 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig 2026-03-05 20:38:15,689 [root] DEBUG: Initialized auxiliary module "Disguise" 2026-03-05 20:38:15,689 [root] DEBUG: attempting to configure 'Disguise' from data 2026-03-05 20:38:15,689 [root] DEBUG: module Disguise does not support data configuration, ignoring 2026-03-05 20:38:15,689 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.disguise"... 2026-03-05 20:38:15,704 [modules.auxiliary.disguise] INFO: Disguising GUID to ec8bbd24-c8f2-42c4-a779-1de65c423ecb 2026-03-05 20:38:15,704 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise 2026-03-05 20:38:15,704 [root] DEBUG: Initialized auxiliary module "Human" 2026-03-05 20:38:15,704 [root] DEBUG: attempting to configure 'Human' from data 2026-03-05 20:38:15,704 [root] DEBUG: module Human does not support data configuration, ignoring 2026-03-05 20:38:15,704 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.human"... 2026-03-05 20:38:15,720 [root] DEBUG: Started auxiliary module modules.auxiliary.human 2026-03-05 20:38:15,720 [root] DEBUG: Initialized auxiliary module "Screenshots" 2026-03-05 20:38:15,720 [root] DEBUG: attempting to configure 'Screenshots' from data 2026-03-05 20:38:15,736 [root] DEBUG: module Screenshots does not support data configuration, ignoring 2026-03-05 20:38:15,736 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.screenshots"... 2026-03-05 20:38:15,736 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots 2026-03-05 20:38:15,736 [root] DEBUG: Initialized auxiliary module "TLSDumpMasterSecrets" 2026-03-05 20:38:15,736 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data 2026-03-05 20:38:15,736 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring 2026-03-05 20:38:15,736 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.tlsdump"... 2026-03-05 20:38:15,751 [modules.auxiliary.tlsdump] INFO: lsass.exe found, pid 644 2026-03-05 20:38:15,782 [lib.api.process] INFO: Monitor config for <Process 644 lsass.exe>: C:\tvrblpce\dll\644.ini 2026-03-05 20:38:15,782 [lib.api.process] INFO: Option 'tlsdump' with value '1' sent to monitor 2026-03-05 20:38:15,798 [lib.api.process] INFO: 64-bit DLL to inject is C:\tvrblpce\dll\tEOoLB.dll, loader C:\tvrblpce\bin\YPpQJggo.exe 2026-03-05 20:38:15,986 [root] DEBUG: Loader: Injecting process 644 with C:\tvrblpce\dll\tEOoLB.dll. 2026-03-05 20:38:16,439 [root] DEBUG: 644: Python path set to 'C:\Python310'. 2026-03-05 20:38:16,455 [root] DEBUG: 644: Disabling sleep skipping. 2026-03-05 20:38:16,455 [root] DEBUG: 644: TLS secret dump mode enabled. 2026-03-05 20:38:16,533 [root] DEBUG: 644: RtlInsertInvertedFunctionTable 0x00007FFEFE86090E, LdrpInvertedFunctionTableSRWLock 0x00007FFEFE9BD500 2026-03-05 20:38:16,533 [root] DEBUG: 644: Monitor initialised: 64-bit capemon loaded in process 644 at 0x00007FFEAC4F0000, thread 8004, image base 0x00007FF7C23E0000, stack from 0x0000008E4C9F1000-0x0000008E4CA00000 2026-03-05 20:38:16,548 [root] DEBUG: 644: Commandline: C:\Windows\system32\lsass.exe 2026-03-05 20:38:16,579 [root] DEBUG: 644: Hooked 5 out of 5 functions 2026-03-05 20:38:16,579 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread. 2026-03-05 20:38:16,579 [root] DEBUG: Successfully injected DLL C:\tvrblpce\dll\tEOoLB.dll. 2026-03-05 20:38:16,579 [lib.api.process] INFO: Injected into 64-bit <Process 644 lsass.exe> 2026-03-05 20:38:16,595 [root] DEBUG: Started auxiliary module modules.auxiliary.tlsdump 2026-03-05 20:38:21,205 [root] DEBUG: 644: TLS 1.2 secrets logged to: C:\WbXUDubO\tlsdump\tlsdump.log 2026-03-05 20:38:24,189 [root] INFO: Restarting WMI Service 2026-03-05 20:38:26,298 [root] DEBUG: package modules.packages.exe does not support configure, ignoring 2026-03-05 20:38:26,298 [root] WARNING: configuration error for package modules.packages.exe: error importing data.packages.exe: No module named 'data.packages' 2026-03-05 20:38:26,298 [lib.core.compound] INFO: C:\Users\cape\AppData\Local\Temp already exists, skipping creation 2026-03-05 20:38:26,392 [lib.api.process] INFO: Successfully executed process from path "C:\Users\cape\AppData\Local\Temp\test_sample.exe" with arguments "" with pid 2788 2026-03-05 20:38:26,392 [lib.api.process] INFO: Monitor config for <Process 2788 test_sample.exe>: C:\tvrblpce\dll\2788.ini 2026-03-05 20:38:26,423 [lib.api.process] INFO: 64-bit DLL to inject is C:\tvrblpce\dll\tEOoLB.dll, loader C:\tvrblpce\bin\YPpQJggo.exe 2026-03-05 20:38:26,455 [root] DEBUG: Loader: Injecting process 2788 (thread 1680) with C:\tvrblpce\dll\tEOoLB.dll. 2026-03-05 20:38:26,455 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT. 2026-03-05 20:38:26,455 [root] DEBUG: Successfully injected DLL C:\tvrblpce\dll\tEOoLB.dll. 2026-03-05 20:38:26,470 [lib.api.process] INFO: Injected into 64-bit <Process 2788 test_sample.exe> 2026-03-05 20:38:28,486 [lib.api.process] INFO: Successfully resumed <Process 2788 test_sample.exe> 2026-03-05 20:38:28,642 [root] DEBUG: 2788: Python path set to 'C:\Python310'. 2026-03-05 20:38:28,657 [root] DEBUG: 2788: Disabling sleep skipping. 2026-03-05 20:38:28,657 [root] DEBUG: 2788: Dropped file limit defaulting to 100. 2026-03-05 20:38:28,689 [root] DEBUG: 2788: YaraInit: Compiled 44 rule files 2026-03-05 20:38:28,689 [root] DEBUG: 2788: YaraInit: Compiled rules saved to file C:\tvrblpce\data\yara\capemon.yac 2026-03-05 20:38:28,720 [root] DEBUG: 2788: RtlInsertInvertedFunctionTable 0x00007FFEFE86090E, LdrpInvertedFunctionTableSRWLock 0x00007FFEFE9BD500 2026-03-05 20:38:28,720 [root] DEBUG: 2788: YaraScan: Scanning 0x00007FF6BF320000, size 0x3d51e 2026-03-05 20:38:28,720 [root] DEBUG: 2788: Monitor initialised: 64-bit capemon loaded in process 2788 at 0x00007FFEAC4F0000, thread 1680, image base 0x00007FF6BF320000, stack from 0x000000D4563F1000-0x000000D456400000 2026-03-05 20:38:28,736 [root] DEBUG: 2788: Commandline: "C:\Users\cape\AppData\Local\Temp\test_sample.exe" 2026-03-05 20:38:28,767 [root] DEBUG: 2788: hook_api: LdrpCallInitRoutine export address 0x00007FFEFE8699BC obtained via GetFunctionAddress 2026-03-05 20:38:28,829 [root] WARNING: b'Unable to place hook on LockResource' 2026-03-05 20:38:28,829 [root] DEBUG: 2788: set_hooks: Unable to hook LockResource 2026-03-05 20:38:28,861 [root] DEBUG: 2788: Hooked 627 out of 628 functions 2026-03-05 20:38:28,861 [root] DEBUG: 2788: Syscall hook installed, syscall logging level 1 2026-03-05 20:38:28,892 [root] DEBUG: 2788: RestoreHeaders: Restored original import table. 2026-03-05 20:38:28,892 [root] INFO: Loaded monitor into process with pid 2788 2026-03-05 20:38:28,892 [root] DEBUG: 2788: YaraScan: Scanning 0x00007FF6BF320000, size 0x3d51e 2026-03-05 20:38:28,892 [root] DEBUG: 2788: YaraScan: Scanning 0x00007FF6BF320000, size 0x3d51e 2026-03-05 20:38:28,970 [root] DEBUG: 2788: caller_dispatch: Added region at 0x00007FF6BF320000 to tracked regions list (kernel32::SetUnhandledExceptionFilter returns to 0x00007FF6BF32125E, thread 1680). 2026-03-05 20:38:28,986 [root] DEBUG: 2788: YaraScan: Scanning 0x00007FF6BF320000, size 0x3d51e 2026-03-05 20:38:29,001 [root] DEBUG: 2788: ProcessImageBase: Main module image at 0x00007FF6BF320000 unmodified (entropy change 0.000000e+00) 2026-03-05 20:38:29,001 [root] DEBUG: 2788: DLL loaded at 0x00007FFEEA690000: C:\Windows\SYSTEM32\TextShaping (0xac000 bytes). 2026-03-05 20:38:29,048 [root] DEBUG: 2788: DLL loaded at 0x00007FFEF9980000: C:\Windows\system32\uxtheme (0x9e000 bytes). 2026-03-05 20:38:29,048 [root] DEBUG: 2788: DLL loaded at 0x00007FFEFE6C0000: C:\Windows\System32\MSCTF (0x115000 bytes). 2026-03-05 20:38:29,064 [root] DEBUG: 2788: set_hooks_by_export_directory: Hooked 0 out of 628 functions 2026-03-05 20:38:29,064 [root] DEBUG: 2788: DLL loaded at 0x00007FFEF9E80000: C:\Windows\SYSTEM32\kernel.appcore (0x12000 bytes). 2026-03-05 20:38:29,064 [root] DEBUG: 2788: DLL loaded at 0x00007FFEFC380000: C:\Windows\System32\bcryptPrimitives (0x82000 bytes). 2026-03-05 20:38:29,095 [root] DEBUG: 2788: DLL loaded at 0x00007FFEFAC70000: C:\Windows\SYSTEM32\ntmarta (0x33000 bytes). 2026-03-05 20:38:29,095 [root] DEBUG: 2788: DLL loaded at 0x00007FFEF9770000: C:\Windows\System32\CoreMessaging (0xf2000 bytes). 2026-03-05 20:38:29,095 [root] DEBUG: 2788: DLL loaded at 0x00007FFEF8C40000: C:\Windows\SYSTEM32\wintypes (0x154000 bytes). 2026-03-05 20:38:29,095 [root] DEBUG: 2788: DLL loaded at 0x00007FFEFE330000: C:\Windows\System32\SHCORE (0xad000 bytes). 2026-03-05 20:38:29,095 [root] DEBUG: 2788: DLL loaded at 0x00007FFEF9310000: C:\Windows\System32\CoreUIComponents (0x35e000 bytes). 2026-03-05 20:38:29,095 [root] DEBUG: 2788: DLL loaded at 0x00007FFEECA90000: C:\Windows\SYSTEM32\textinputframework (0xf9000 bytes). 2026-03-05 20:39:29,439 [root] INFO: Analysis timeout hit, terminating analysis 2026-03-05 20:39:29,439 [lib.api.process] INFO: Terminate event set for <Process 2788 test_sample.exe> 2026-03-05 20:39:29,439 [root] DEBUG: 2788: Terminate Event: Attempting to dump process 2788 2026-03-05 20:39:29,439 [root] DEBUG: 2788: VerifyCodeSection: Executable code does not match, 0x6d2a of 0x6d40 matching 2026-03-05 20:39:29,454 [root] DEBUG: 2788: DoProcessDump: Code modification detected, dumping Imagebase at 0x00007FF6BF320000. 2026-03-05 20:39:29,454 [root] DEBUG: 2788: DumpImageInCurrentProcess: Attempting to dump virtual PE image. 2026-03-05 20:39:29,454 [root] DEBUG: 2788: DumpProcess: Instantiating PeParser with address: 0x00007FF6BF320000. 2026-03-05 20:39:29,454 [root] DEBUG: 2788: DumpProcess: Module entry point VA is 0x00007FF6BF3214D0. 2026-03-05 20:39:29,564 [lib.common.results] INFO: Uploading file C:\WbXUDubO\CAPE\2788_211972939175432026 to procdump\cec469417f73bb3e1ee40b3a8cd87f067003f91dd14716d2c452d16b1ff2a3d5; Size is 206848; Max size: 100000000 2026-03-05 20:39:29,579 [root] DEBUG: 2788: DumpProcess: Module image dump success - dump size 0x32800. 2026-03-05 20:39:29,611 [lib.api.process] INFO: Termination confirmed for <Process 2788 test_sample.exe> 2026-03-05 20:39:29,611 [root] INFO: Terminate event set for process 2788 2026-03-05 20:39:29,611 [root] INFO: Created shutdown mutex 2026-03-05 20:39:29,611 [root] DEBUG: 2788: Terminate Event: monitor shutdown complete for process 2788 2026-03-05 20:39:30,626 [root] INFO: Shutting down package 2026-03-05 20:39:30,658 [root] INFO: Stopping auxiliary modules 2026-03-05 20:39:30,658 [root] INFO: Stopping auxiliary module: Browser 2026-03-05 20:39:30,658 [root] INFO: Stopping auxiliary module: Human 2026-03-05 20:39:31,376 [root] INFO: Stopping auxiliary module: Screenshots 2026-03-05 20:39:31,861 [root] INFO: Finishing auxiliary modules 2026-03-05 20:39:31,861 [root] INFO: Shutting down pipe server and dumping dropped files 2026-03-05 20:39:31,861 [root] WARNING: Folder at path "C:\WbXUDubO\debugger" does not exist, skipping 2026-03-05 20:39:31,876 [root] INFO: Uploading files at path "C:\WbXUDubO\tlsdump" 2026-03-05 20:39:31,876 [lib.common.results] INFO: Uploading file C:\WbXUDubO\tlsdump\tlsdump.log to tlsdump\tlsdump.log; Size is 2740; Max size: 100000000 2026-03-05 20:39:31,876 [root] INFO: Analysis completed
Process Log
Pre-Script Log
During-Script Log
Machine Information
| Name | Label | Manager | Started On | Shutdown On |
|---|---|---|---|---|
| win10x64 | win10x64 | KVM | 2026-03-05 20:38:00 | 2026-03-05 20:39:39 |
File Details
| File Name |
test_sample.exe
|
|---|---|
| File Type | PE32+ executable (console) x86-64, for MS Windows |
| File Size | 246568 bytes |
| MD5 | 8808c612f4224c1abba4cb4c7938fb53 |
| SHA1 | ae95c6c1ad80904443814c34c151be99ae0b5aab |
| SHA256 | 2377e9e9e51a6fdf3c2532622778318d7cd2249a32a004e951188c252fd3d04f VT MWDB Bazaar |
| SHA3-384 | 43462965b39be8d113b544fa1443badb2c13d667c127995f1cbca8668cf14752a3e2450291c7fa99383eef19bcc74a81 |
| CRC32 | 7B8CF8BC |
| TLSH | T141345B85FF89ACEBD615063589AF432A3338F6D017935B171E2872341E13AD0EE8765B |
| Ssdeep | 3072:lqN9AGD+OxDxL8BGDwCBwFG5m1sgIkDHQto912aJXZPEuuR4uz3Tn4cr8Esbtm:qqq+I2BGcCOFGjSTPJXeb3Tn4crzOtm |
| Yara |
|
Strings
FileHeader
__dll__
STRTOG_Inexact
corecrt_startup.h
pexcept
addr_imp
ExceptionFlags
__pformat_float
fwrite
_PVFV
_W_decimal_point
./mingw-w64-crt/crt/dllargv.c
int32_t
__major_os_version__
__pformat_ullong_t
.refptr.__RUNTIME_PSEUDO_RELOC_LIST_END__
ndigits
long double
__xl_d
Blink
InitializeCriticalSection
mb_max
_Byte
mingw_vfprintf.c
MxCsr
__pformat_ulong_t
.debug_frame
VT_INT_PTR
wcsrtombs
hStdInput
errhandlingapi.h
.idata$7$
Characteristics
___crt_xc_start__
XMM_SAVE_AREA32
_newmode
nested
thousands_chr
__xd_a
.idata$5X
Reserved3
__imp_memcpy
_W_positive_sign
MajorLinkerVersion
[^_]A\A]A^A_
__imp_signal
internal_ps
GetStartupInfoA
./mingw-w64-crt/misc/mbrtowc.c
SizeOfHeapCommit
NumberOfLinenumbers
__mingwthr_cs_init
__pformat_char_t
backtrack
.idata$4(
LPVOID
'exception_data
VT_CLSID
sign_bit
__mingw_setusermatherr
LONGLONG
__imp__unlock
vfprintfxl
SpareWORD
VT_RESERVED
__pformat_emit_xfloat.isra.0
<2ZGU
value
Destination
DeleteCriticalSection
__iob_func
IMAGE_IMPORT_DESCRIPTOR
$_fpreset
ULONG_PTR
Subsystem
_CONTEXT
grouping
___DTOR_LIST__
./mingw-w64-crt/gdtoa/gdtoa.c
.refptr.__imp__commode
?__report_error
NT_TIB
UATWVSH
3__tmainCRTStartup
SpinCount
__imp___p__fmode
e_magic
.rdata$.refptr.__xc_z
_W_negative_sign
[^_A\A]A^A_]
___crt_xt_start__
corecrt.h
_XMM_SAVE_AREA32
basetsd.h
VirtualSize
__mingwthr_key_t
./mingw-w64-crt/crt/wildcard.c
3_pei386_runtime_relocator
__pformat_emit_numeric_value
9GNU C17 12 20220819 -m64 -mtune=generic -march=x86-64 -g -O2 -fno-PIE
Mingw-w64 runtime failure:
__tI128
_dowildcard
SegEs
PVOID
__mingw_setusermatherr
OwningThread
.idata$7d
__pformat_uchar_t
GCC: (GNU) 12 20220819
__loader_flags__
.rdata$.refptr.__mingw_oldexcpt_handler
.rdata$.refptr.__imp__fmode
tagCOINITBASE
GetLastError
__imp___getmainargs
DWORD_PTR
LastExceptionFromRip
.rdata$.refptr.__imp___initenv
./mingw-w64-crt/crt/pseudo-reloc-list.c
.idata$7h
printf
__freedtoa
.CRT$XCA
_W_thousands_sep
__imp_fwrite
_exception
.CRT$XLA0
SizeOfUninitializedData
GNU C17 12 20220819 -m64 -mtune=generic -march=x86-64 -g -O2 -fno-PIE
hStdOutput
___crt_xt_end__
int_curr_symbol
wShowWindow
.refptr.__xc_a
cbReserved2
./mingw-w64-crt/misc/__p__commode.c
AWAVAUATUWVSH
VT_EMPTY
__pformat_int
F__freedtoa
R!function
The result is too small to be represented (UNDERFLOW)
D)\$p
runtime_pseudo_reloc_item_v1
digits
.pdata
AVAUATUWVSH
Xmm14
_LIST_ENTRY
DWORD64
VT_STORAGE
__Bigint
chopzeros
__lib64_libmsvcrt_def_a_iname
VT_NULL
.rdata
action
.idata$70
VT_RECORD
_FindPESectionByName
__xl_a
DebugControl
__mingw_pcppinit
___tls_start__
borrow
__pformat_long_t
tchar.h
WCHAR
;__Bfree_D2A
ilim1
__minor_image_version__
_fmode
OptionalHeader
__trailz_D2A
)__pformat_int_bufsiz
length
.rdata$.refptr.__imp__commode
FltSave
SizeOfOptionalHeader
GCC: (GNU) 12-win32
e_lfanew
_Float16
.refptr.__mingw_initltsdyn_force
start
./mingw-w64-crt/misc/mingw_matherr.c
./mingw-w64-crt/crt
tlssup.c
last_CS_init
1FltSave
Computer: %s
___CTOR_LIST__
mbrtowc.c
pseudo-reloc.c
runtime_pseudo_reloc_item_v2
_FILEX
__bigtens_D2A
FloatRegisters
./mingw-w64-crt/crt/cinitexe.c
.idata$6N
.debug_loclists
_IMAGE_SECTION_HEADER
__p__acmdln.c
___mb_cur_max_func
ULONGLONG
./mingw-w64-crt/crt/xncommod.c
math.h
bufflen
STRTOG_NaNbits
.tls$ZZZ
umHc
__uninitialized
Unknown pseudo relocation protocol version %d.
roundoff
P3Home
SizeOfHeaders
.rdata$.refptr.__mingw_initltsdyn_force
__data_start__
STRTOG_Retmask
VT_UI2
mainret
.idata$5
ATUWVSH
lpszCommandLine
gmisc.c
base_address
?aCoc
__mingwthr_cs
"VARENUM
e_lfarlc
ATUWVSHcY
pre_c_init
HcQ<H
%d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p.
IsDBCSLeadByteEx
&3$q
_IMAGE_OPTIONAL_HEADER
0fputc
MinorSubsystemVersion
+dtoa_unlock
./mingw-w64-crt/gdtoa
STARTUPINFO
VT_UINT
__pformat_short_t
ULONG
__imp___p__commode
__enative_startup_state
dtoa_CS_init
__imp_Sleep
.idata$60
#__main
rplen
acrt_iob_func.c
mingw_helpers.
$0*(
AUATUWVSH
d$ M)
__xc_a
newmode
__imp_strncmp
gfffH
.CRT$XLZH
Xmm13
__imp___initenv
Machine
atexit
_fpreset
.idata$7<
strnlen.c
width_spec
pfunc
.idata$6L
dtoa_CritSec
ExceptionRecord
__pformat_int.isra.0
__pformat_intarg_t
PIMAGE_NT_HEADERS
_W_mon_decimal_point
!This program cannot be run in DOS mode.
./mingw-w64-crt/crt/tlssup.c
B/113
DtagCOINITBASE
t128_2
X[^_]A\A]
./mingw-w64-crt/stdio/mingw_pformat.c
PFORMAT_LENGTH_CHAR
WinMainCRTStartup
__diff_D2A
wcrtomb.c
strnlen
__uI128
.idata$6D
__dyn_tls_init_callback
synchapi.h
VT_HRESULT
currency_symbol
.CRT$XCAA
"_IMAGE_NT_HEADERS64
e_oemid
_InterlockedExchangePointer
byte_bucket
int_frac_digits
.idata$6T
__imp___iob_func
_IsNonwritableInCurrentImage
SizeOfZeroFill
.refptr._dowildcard
2D90t
newval
exponent
bbits
FPI_Round_zero
SizeOfImage
__do_global_dtors
FloatSave
./mingw-w64-crt/crt/natstart.c
__pformat_wcputs
shifted
&__pformat_fpreg_bitmap
_tls_index
8__mingw_invalidParameterHandler
iSection
HcA<H
VT_DATE
__Bfree_D2A
__mingw_GetSectionForAddress
invalid_char
dtoa_lock_cleanup
_errno
,_InterlockedCompareExchangePointer
RegionSize
ContextFlags
LastBranchToRip
__pow5mult_D2A
_base
__dyn_tls_dtor
[^_]A\
strncmp
mbsrtowcs
.idata$6"
.idata$4h
D$0.H
@.bss
COMPUTERNAME
PFORMAT_END
.refptr.__native_startup_state
.idata$7
X!line
1FloatSave
\NtCurrentTeb
.refptr.__mingw_initltsdrot_force
thousands_sep
.idata$6X
__RUNTIME_PSEUDO_RELOC_LIST_END__
.idata$6z
__imp___C_specific_handler
VT_CARRAY
.refptr.__RUNTIME_PSEUDO_RELOC_LIST__
stUserMathErr
./mingw-w64-crt/gdtoa/dmisc.c
Xmm15
__rt_psrelocs_size
SectionAlignment
ArbitraryUserPointer
WideCharToMultiByte
__xd_z
gdtoa.c
__mingw_app_type
l$.H9
ErrorOffset
PIMAGE_OPTIONAL_HEADER
_ValidateImageBase
__builtin_memset
.idata$6n
.refptr.__image_base__
Legacy
nbits
hname
]memcpy
SizeOfStackCommit
__set_app_type
ExceptionInformation
LPCRITICAL_SECTION
PFORMAT_SET_WIDTH
P5Home
&2$v
8pre_cpp_init
_unlock
vfprintf
STRTOG_NaN
s_mbstate
__imp_vfprintf
EnterCriticalSection
gdtoaimp.h
e_res2
IMAGE_DATA_DIRECTORY
FPI_Round_near
.rdata$.refptr._newmode
_matherr
has_cctor
unsigned int
decpt
.debug_str
_RTL_CRITICAL_SECTION
C$9C(~
/build
__imp__errno
.rdata$.refptr._MINGW_INSTALL_DEBUG_MATHERR
ULong
.refptr._newmode
VT_STREAM
_EXCEPTION_POINTERS
NumberOfRvaAndSizes
$__p__commode
/sign_exponent
addend
VT_UI1
PIMAGE_IMPORT_DESCRIPTOR
[^_]A\H
fputc
NumberOfSymbols
.idata$7P
crtexe.c
SIZE_T
)_exception
.rdata$.refptr._matherr
__imp__acmdln
Header
long long unsigned int
no_digits
small_ilim
3pre_c_init
mbstate_t
.rdata$.refptr._gnu_exception_handler
_tls_end
.CRT$XCZ
tmp_dst
*__isnan
AddressOfEntryPoint
.idata$6*
./mingw-w64-crt/gdtoa/misc.c
VirtualQuery
!tagCOINITBASE
LoaderFlags
.CRT$XLC8
VT_STREAMED_OBJECT
inDoubleQuote
winbase.h
__native_dllmain_reason
ImageBase
sec_start
VT_STORED_OBJECT
./mingw-w64-crt/gdtoa/gmisc.c
%__image_base__
CheckSum
Infinity
_State
_startupinfo
acrt_iob_func.
.l_start
tlsthrd.c
hStdError
VT_DECIMAL
__builtin_memcpy
.idata$6x
0[^_]A\A]A^
.rdata$.refptr._CRT_MT
__mingw_GetSectionCount
__imp__set_invalid_parameter_handler
VT_CF
n_sep_by_space
.idata$7p
fUserMathErr
l$PE1
Y!pReserved
p_cs_precedes
)init_fpreg_ldouble
&__pformat_fpreg_double_t
func_ptr
VT_I1
.idata
*__mingw_initltsdyn_force
CreatorBackTraceIndexHigh
__mbrtowc_cp
.refptr._gnu_exception_handler
.refptr.__xi_a
PIMAGE_OPTIONAL_HEADER32
.idata$5x
__getmainargs
7memcpy
_amsg_exit
__mingw_pcinit
VT_UI8
__imp_EnterCriticalSection
PEXCEPTION_RECORD
LastExceptionToRip
DataDirectory
_W_int_curr_symbol
___lc_codepage_func
__minor_subsystem_version__
PFORMAT_LENGTH_LONG
internal_mbstate.1
__mingw_raise_matherr
@/res1
int_max
./mingw-w64-crt/stdio/acrt_iob_func.c
RTL_CRITICAL_SECTION
__pformat_emit_float
_head_lib64_libkernel32_a
DebugInfo
_FindPESection
.refptr._fmode
MGetStartupInfoA
pNTHeader32
__bss_end__
AllocationProtect
__imp_strerror
'ret_zero
retval
PRTL_CRITICAL_SECTION_DEBUG
PFORMAT_INIT
Xmm12
./mingw-w64-crt/misc/__p__fmode.c
OriginalFirstThunk
__imp_MultiByteToWideChar
__imp_free
PCONTEXT
0X
.refptr.__tens_D2A
__imp__onexit
.rdata$.refptr.__native_startup_lock
__initializing
P/res0
freelist
Ofunc
[^_]A\A]A^
.idata$7
.idata$4p
lpDesktop
DataOffset
__mingw_vfprintf
ExceptionCode
Hello from CAPE sandbox test!
.debug_line
-mbstate_t
C_IMAGE_NT_HEADERS64
merr.c
VirtualQuery failed for %d bytes at address %p
wchar_t
__imp_wcslen
STRTOG_Infinite
D$Xt(
VT_LPWSTR
SegFs
e_cparhdr
__imp____lc_codepage_func
v2_hdr
_amsg_exit
__pformat_xint.isra.0
magic1
fthunk
vadefs.h
stdlib.h
VT_I8
/XMM_SAVE_AREA32
__xl_z
combaseapi.h
)HINSTANCE__
FileAlignment
LPCCH
VirtualProtect
__IAT_start__
IMAGE_OPTIONAL_HEADER64
.refptr.__native_startup_lock
-VARENUM
"__cmp_D2A
__pformat_emit_radix_point
McC<M
__imp_InitializeCriticalSection
p_sep_by_space
wildcard.c
reloc_target
internal_mbstate.2
digits32
PIMAGE_TLS_CALLBACK
)__pformat_fcvt
K__mingw_module_is_dll
.rdata$.refptr.__dyn_tls_init_callback
EFlags
importsStartRVA
__imp____mb_cur_max_func
_f__acrt_iob_func
__imp__get_invalid_parameter_handler
IcP<L
__xi_z
__mult_D2A
thousands_chr_len
e_oeminfo
pesect.c
k_check
./mingw-w64-crt/crt/mingw_helpers.c
__imp_exit
.rdata$.refptr.__RUNTIME_PSEUDO_RELOC_LIST_END__
sudden_underflow
VT_ILLEGALMASKED
HcD$x
__mingw_dbl_type_t
usermatherr.c
signbit
IMAGE_TLS_DIRECTORY64
__dyn_tls_init
$0-(
.idata$4
=UUUUw
"do_pseudo_reloc
__imp_TlsGetValue
mingw_lock.c
LPCVOID
__pformat_gfloat
LPWSTR
P6Home
.xdata
__pformat_fpreg_mantissa
__xl_c
Sleep
+_onexit
PBYTE
PFORMAT_SET_PRECISION
mark_section_writable
VirtualAddress
__imp_malloc
__imp__amsg_exit
_setargv
.rdata$.refptr.__imp__acmdln
cur_key
process.h
.idata$7l
VT_DISPATCH
./mingw-w64-crt/misc
D$\A)
MajorSubsystemVersion
$__tI128
e_cblp
SubSystemTib
$__p__fmode
Pduplicate_ppstrings
STRTOG_Inexhi
-GNU C17 12 20220819 -m64 -mtune=generic -march=x86-64 -g -O2 -fno-PIE
LIST_ENTRY
8free
__report_error
strerror`l
__do_global_ctors
$__p__acmdln
__pformat_u128_t
__xc_z
GetEnvironmentVariableA
Hformat_scan
__mingw_initltsdrot_force
__pformat_putchars
__rt_psrelocs_start
Protect
$0.(
.idata$7H
__acrt_iob_func
misc.c
STRTOG_Overflow
memoryapi.h
__imp__commode
.idata$7\
fXJXX
.refptr.__mingw_app_type
mbrlen
7mainCRTStartup
./mingw-w64-crt/misc/invalid_parameter_handler.c
mon_grouping
rounding
EXCEPTION_RECORD
=_M128A
__i2b_D2A
Xmm11
magic2
gccmain.c
.debug_aranges
__imp_VirtualProtect
VT_ERROR
__imp__cexit
USER32.dll
LPCWCH
.l_startw
___crt_xc_end__
mingw_helpers.c
__imp_strlen
EntryCount
VT_UINT_PTR
__dll_characteristics__
_lock
.CRT$XDZX
./mingw-w64-crt/misc/__p__acmdln.c
PNT_TIB
malloc
./mingw-w64-crt/crt/usermatherr.c
stddef.h
MinorImageVersion
.idata$6
calloc
"__write_memory
VT_BLOB_OBJECT
mingw_get_invalid_parameter_handler
WINBOOL
STRTOG_NoNumber
.idata$7,
__wcrtomb_cp
the_secs
.refptr.__CTOR_LIST__
FiberData
/M128A
XmmRegisters
"memcpy
dmisc.c
.rdata$.refptr._dowildcard
maxwds
importDesc
.rdata$.refptr.__native_startup_state
&GNU C17 12 20220819 -m64 -mtune=generic -march=x86-64 -g -O2 -fno-PIE
.idata$5P
VT_I2
Win32VersionValue
Overflow range error (OVERFLOW)
__size_of_stack_commit__
SetUnhandledExceptionFilter
old_protect
wcsnlen
.rdata$.refptr._commode
<built-in>
state
LPBYTE
./mingw-w64-crt/crt/gccmain.c
.refptr._commode
__p_sig_fn_t
VT_FILETIME
__initialized
index
Reserved2
.idata$68
.idata$4H
State
_head_lib64_libuser32_a
__imp__fmode
./mingw-w64-crt/crt/tlsthrd.c
p_sign_posn
./mingw-w64-crt/stdio/mingw_lock.c
new_key
pOptHeader
@__uI128
VT_BYREF
__setusermatherr
VT_SAFEARRAY
_initterm
__pformat_xdouble
VT_USERDEFINED
Sleep
._XMM_SAVE_AREA32
___crt_xi_end__
_onexit_t
.CRT$XIA
[^_H
.CRT$XIAA
__imp___set_app_type
__strcp_D2A
__imp_fputc
._CONTEXT
Unknown pseudo relocation bit size %d.
Version
PDWORD
test_sample.c
StartAddressOfRawData
__minor_os_version__
`.data
NumberOfSections
@[^_]A\A]A^
__imp_IsDBCSLeadByteEx
=mark_section_writable
__pformat_emit_inf_or_nan
va_list
CreatorBackTraceIndex
.idata$5(
dwXSize
wtypes.h
ContextRecord
_tls_used
*__isnanl
string.h
spec_case
:MZuYHcB<H
wcrtomb
dtoa_lock
PFORMAT_LENGTH_SHORT
.file
Comperand
Argument singularity (SIGN)
VectorRegister
e_maxalloc
__native_startup_lock
shift
.idata$5@
.idata$7D
DataSelector
&__pformat_fpreg_bits
__set_app_type
mingw_pformat.h
__imp_localeconv
VT_BOOL
TlsGetValue
uint32_t
.refptr._CRT_MT
__pformat_llong_t
_tmpfname
crt_handler.c
STRTOG_Underflow
__imp_MessageBoxA
__imp_calloc
Partial loss of significance (PLOSS)
__imp_abort
__imp___acrt_iob_func
__p__commode
_initterm
PFORMAT_LENGTH_LLONG128
_MINGW_INSTALL_DEBUG_MATHERR
minwindef.h
.CRT$XLD@
fiberid
dwYSize
_set_invalid_parameter_handler
.rdata$.refptr.__xi_z
PFORMAT_LENGTH_LLONG
__end__
mingw_pformat.c
Total loss of significance (TLOSS)
COINITBASE_MULTITHREADED
round_9_up
long long int
__imp_GetStartupInfoA
_lock_file
__imp_fprintf
.refptr.__mingw_oldexcpt_handler
Flink
__pformat_fpreg_exponent
Xmm10
0wcrtomb
.rdata$.refptr.__image_base__
.idata$7(
signal.h
__tinytens_D2A
VectorControl
_charbuf
dllargv.c
VT_BSTR
6localeconv
___chkstk_ms
([^_]
,__readgsqword
_tls_start
.idata$7t
.idata$48
.idata$7`
FirstThunk
__mingw_TLScallback
MajorOperatingSystemVersion
register_frame_ctor
,memcpy
key_dtor_list
_Mbstatet
STRTOG_Denormal
.l_end
%addr
.reloc
xtxtmode.c
long unsigned int
LastBranchFromRip
PMEMORY_BASIC_INFORMATION
_EXCEPTION_REGISTRATION_RECORD
__lshift_D2A
.refptr.__mingw_initltssuo_force
lpreserved
:__multadd_D2A
$lconv
dwXCountChars
new_protect
,tagCOINITBASE
LockSemaphore
size_t
yXf@T<<
___tls_end__
old_handler
.refptr.__imp___initenv
./mingw-w64-crt/crt/crtexe.c
Target
.idata$6f
.idata$6F
invalid_parameter_handler.c
_acmdln
BaseOfData
__native_vcclrit_reason
ForwarderChain
__gcc_deregister_frame
__p__acmdln
STRTOG_Zero
StackBase
P2Home
M128A
u HcS$
BaseAddress
mingw_matherr.
mb_wc_common.h
-__pformat_fpreg_t
.idata$40
.l_endw
long int
PFORMAT_LENGTH_INT
.refptr._matherr
./mingw-w64-crt/misc/wcrtomb.c
VT_I4
__subsystem__
shift_state
-__pformat_t
__size_of_stack_reserve__
.rdata$.refptr._fmode
DllCharacteristics
pTarget
@.xdata
__lib64_libuser32_a_iname
__quorem_D2A
STARTUPINFOA
MessageBoxA
\$xE1
fpreset
runtime_pseudo_reloc_v2
_RTL_CRITICAL_SECTION_DEBUG
./mingw-w64-crt/crt/_newmode.c
KERNEL32.dll
__mingw_winmain_nShowCmd
__pformat_xldouble
__imp__lock_file
__data_end__
__mingwthr_run_key_dtors.part.0
float
n_cs_precedes
__pformat_ptr_t
min_width
minwinbase.h
ilim0
.idata$7L
MxCsr_Mask
reldata
SizeOfInitializedData
#_cexit
G__mingw_pformat
.idata$6:
memset
try_quick
Natexit
MajorImageVersion
.idata$4X
_IMAGE_DOS_HEADER
NumberParameters
__mingw_winmain_lpCmdLine
/usr/x86_64-w64-mingw32/include
ControlWord
<restore_modified_sections
__lo0bits_D2A
/usr/x86_64-w64-mingw32/include/psdk_inc
pseudo-reloc-list.c
.refptr.__xc_z
_flag
.refptr.__imp__fmode
___crt_xp_start__
[^_A\]
quota
__C_specific_handler
exp_width
pre_cpp_init
__mingw_initltssuo_force
.idata$5`
__mingw_oldexcpt_handler
__imp_WideCharToMultiByte
RecursionCount
*__hi0bits_D2A
version
CRT_fp10.c
__pformat_length_t
short unsigned int
VT_VERSIONED_STREAM
ProcessLocksList
CRITICAL_SECTION
_IMAGE_OPTIONAL_HEADER64
_EXCEPTION_RECORD
__pformat_puts
!expression
stdio.h
__rt_psrelocs_end
&__pformat_fpreg_ldouble_t
winnls.h
5mSecs
lpReserved
__b2d_D2A
Argument domain error (DOMAIN)
.idata$7T
managedapp
%__gdtoa
@@$!s
positive_sign
PIMAGE_NT_HEADERS64
Flags
_file
dwFlags
#_pei386_runtime_relocator
lpTitle
localeconv
S$9S(~
stdint.h
__major_image_version__
@[^_]A\
_IMAGE_FILE_HEADER
maxlen
.refptr.__imp__acmdln
D$xA;E
PEXCEPTION_ROUTINE
intrin-impl.h
2%2$#
.refptr.__xi_z
.refptr._MINGW_INSTALL_DEBUG_MATHERR
strlen
VT_TYPEMASK
0mbrtowc
Pmemset
VT_ILLEGAL
<__Balloc_D2A
__imp_GetEnvironmentVariableA
__pformat_xint
#__mingw_oldexcpt_handler
Reserved1
unused
_gnu_exception_handler
width
.rdata$.refptr.__CTOR_LIST__
.idata$4@
HANDLE
lock_free
.idata$4P
VirtualProtect failed with code 0x%x
.idata$7@
prev_key
carry
__imp__lock
NumberOfRelocations
min_signed
signed char
_iobuf
T$pf.
pNTHeader64
ExceptionAddress
2_dbl_union
PIMAGE_OPTIONAL_HEADER64
mingw_pformat.
__RUNTIME_PSEUDO_RELOC_LIST__
processthreadsapi.h
Offset
.idata$74
__imp_GetLastError
,_InterlockedExchangePointer
__bss_start__
xncommod.c
PFORMAT_GET_PRECISION
L$x@H
SegGs
SegCs
__mingw_pformat
__globallocalestatus
0__hi0bits_D2A
___RUNTIME_PSEUDO_RELOC_LIST__
.idata$5h
VT_PTR
Signature
VT_INT
C Lexit
*__fpclassifyl
decimal_point
__rshift_D2A
.rdata$.refptr.__tens_D2A
signexp
__tmainCRTStartup
__pformat_emit_efloat
e_crlc
*__mingw_initltssuo_force
LPSTR
VT_LPSTR
ErrorOpcode
__mingwthr_key
SizeOfHeapReserve
.CRT$XIZ(
H[^_]
IMAGE_DOS_HEADER
n_sign_posn
P1Home
(null)
__file_alignment__
9ret_d
precision
abort
1abort
mon_decimal_point
uintptr_t
|$>E1
FPI_Round_up
.ctors.65535
locale.h
SizeOfCode
one_digit
fpi.0
saved_errno
_matherr(): %s in %s(%g, %g) (retval=%g)
___w64_mingwthr_remove_key_dtor
./mingw-w64-crt/misc/strnlen.c
cygming-crtend
VT_VARIANT
.idata$5H
__tens_D2A
.debug_rnglists
X X..
EVARENUM
_commode
*__lo0bits_D2A
strerror
__pformat_ushort_t
__pformat_putc
initialized
cygming-crtbeg
e_res
unsigned char
&_gnu_exception_handler
sSecInfo
e_csum
mingw_matherr.c
_f__p__acmdln
__native_startup_state
___RUNTIME_PSEUDO_RELOC_LIST_END__
_M128A
LPBOOL
mingw_vfprintf
__gcc_register_frame
__imp_VirtualQuery
#_fpreset
(2vfprintf
.debug_line_str
__IAT_end__
ExceptionList
iargval
./mingw-w64-crt/crt/merr.c
)D$p)
([^_]A\A]A^A_
pNTHeader
__section_alignment__
__pformat_cvt
gdtoa.h
VT_UI4
ExChange
__builtin_va_list
Unknown error
_IMAGE_DATA_DIRECTORY
SegSs
__size_of_heap_commit__
___w64_mingwthr_add_key_dtor
natstart.c
__image_base__
accept
IMAGE_FILE_HEADER
delta
__lib64_libkernel32_a_iname
fast_failed
StartupInfo
__gdtoa
tlsmcrt.c
.idata$58
"__mingwthr_run_key_dtors
.bitstob
stream
2memcpy
_bufsiz
frac_digits
pmem_next
AddressOfIndex
intlen
Q!file
__CTOR_LIST__
lpReserved2
=dtoa_lock
handler
rvaTarget
__pformat_state_t
count
.idata$50
.idata$4`
__rv_alloc_D2A
__Balloc_D2A
FPI_Round_down
PRTL_CRITICAL_SECTION
STRTOG_Normal
TimeDateStamp
VT_BLOB
cinitexe.c
_GetPEImageBase
region_size
__pformat_efloat
max_unsigned
negative_sign
._iobuf
_dbl_union
.text.startup
MEMORY_BASIC_INFORMATION
.rdata$.refptr.__mingw_app_type
EXCEPTION_ROUTINE
SegDs
___crt_xp_end__
H[^_]A\A]A^A_
_get_invalid_parameter_handler
leftright
VT_UNKNOWN
__imp_SetUnhandledExceptionFilter
*__mingw_initltsdrot_force
_W_mon_thousands_sep
__imp___setusermatherr
p05.0
_newmodep
./mingw-w64-crt/crt/tlsmcrt.c
mainCRTStartup
Rcheck_managed_app
__nrv_alloc_D2A
maxSections
__mingw_winmain_hInstance
.debug_abbrev
__builtin_fwrite
dwFillAttribute
./mingw-w64-crt/crt/crt_handler.c
__p__commode.c
__gnuc_va_list
ptrdiff_t
signal
__xi_a
8[^_]A\A]A^A_
'malloc
__mingw_module_is_dll
__p__fmode
nptrs
+malloc
+dtoa_lock_cleanup
pPEHeader
s_mbstate.0
7WinMainCRTStartup
__mingw_enum_import_library_names
VT_BSTR_BLOB
.idata$5
|$`E)
Value
kindp
winnt.h
BaseOfCode
StackLimit
.rdata$.refptr.__mingw_initltssuo_force
HcP<H
__mingw_invalidParameterHandler
_MEMORY_BASIC_INFORMATION
pSection
EXCEPTION_POINTERS
VT_R4
AllocationBase
D$xE1
hDllHandle
__tlregdtor
ContentionCount
_NT_TIB
SizeOfStackReserve
__major_subsystem_version__
./mingw-w64-crt/include
.idata$7X
PhysicalAddress
_pei386_runtime_relocator
topbit
_onexit
_FindPESectionExec
_invalid_parameter_handler
private_mem
wcslen
__pformat_emit_xfloat
Afwrite
.rdata$.refptr.__RUNTIME_PSEUDO_RELOC_LIST__
__tI128_2
__imp_LeaveCriticalSection
.xdata.startup
TagWord
MinorLinkerVersion
LPSTARTUPINFOA
LockCount
__d2b_D2A
;GNU C17 12 20220819 -m64 -mtune=generic -march=x86-64 -g -O2 -fno-PIE
VT_VECTOR
.idata$2
_newmode.c
__imp__initterm
./mingw-w64-crt/crt/pesect.c
_head_lib64_libmsvcrt_def_a
e_minalloc
new_handler
.rdata$zzz
4was_init
PHc5V
STRTOG_Neg
reason
clear_trailing0
VT_CY
)__pformat_ecvt
internal.h
.rdata$.refptr.__mingw_initltsdrot_force
fprintf
VT_VOID
_IMAGE_IMPORT_DESCRIPTOR
./mingw-w64-crt/stdio/../gdtoa
_Wchar
PointerToSymbolTable
%signal
IMAGE_TLS_DIRECTORY
mingw_set_invalid_parameter_handler
__imp_DeleteCriticalSection
STRTOG_Inexlo
target
bump_up
./mingw-w64-crt/stdio/mingw_vfprintf.c
WVSHcA
.idata$78
___crt_xi_start__
"_InterlockedExchange
flags
PointerToLinenumbers
MultiByteToWideChar
./mingw-w64-crt/crt/xtxtmode.c
P4Home
.data
.idata$4x
__initenv
)_STARTUPINFOA
$oldprot
Handler
"__i2b_D2A
.rdata$.refptr.__xi_a
__pformat_wputchars
wcsnlen.c
expmin
wchar.h
dwReason
DWORD
*__fpclassify
+_matherr
.text
__multadd_D2A
Reserved4
SizeOfRawData
__mingw_ldbl_type_t
__imp___p__acmdln
.idata$5p
UAWAVAUATWVSH
memcpy
stringapiset.h
6_errno
pName
cstate
LPTOP_LEVEL_EXCEPTION_FILTER
.idata$6d
_cexit
_CRT_MT
_IMAGE_TLS_DIRECTORY64
$_setargv
__DTOR_LIST__
__imp__unlock_file
PIMAGE_DOS_HEADER
VARENUM
__cmp_D2A
StatusWord
T$XfA
__imp_memset
ctype.h
'atexit
.refptr.__dyn_tls_init_callback
dwYCountChars
int64_t
[_TEB
.rdata$.refptr.__xc_a
HcH<H
$_iobuf
startinfo
PointerToRelocations
_unlock_file
msvcrt.dll
ErrorSelector
.debug_info
was_init.0
.pdata.startup
___crt_xl_start__
__size_of_heap_reserve__
pImageBase
__mingw_initltsdyn_force
EndAddressOfRawData
Magic
_PIFV
N__pformat_cvt
e_ovno
mon_thousands_sep
_W_currency_symbol
PointerToRawData
Address %p has no image-section
.idata$2(
,memset
PTOP_LEVEL_EXCEPTION_FILTER
reset_fpu
__p__fmode.c
AddressOfCallBacks
_TCHAR
pDOSHeader
./mingw-w64-crt/misc/wcsnlen.c
.CRT$XDAP
./mingw-w64-crt/crt/pseudo-reloc.c
rpchr
VT_ARRAY
mbrtowc
VT_R8
./mingw-w64-crt/crt/CRT_fp10.c
CriticalSection
MinorOperatingSystemVersion
PIMAGE_SECTION_HEADER
argval
double
HINSTANCE
@.pdata
./mingw-w64-crt/stdio
LcB<I
exponent2
short int
__main
reserved
LeaveCriticalSection
internal_mbstate
.idata$4
UWVSH
Jargret
Archive: overlay
| Filename |
d9612fd1e70de8bcda03c57b9d2ea0a56d408c5184b97b3e2ff8e944b5f2025e
|
|---|---|
| File Type | data |
| Associated Filenames |
overlay
|
| File Size | 42280 bytes |
| MD5 | ba25949b36da4bcaf41083b5c0e29670 |
| SHA1 | 619dd86fbd34223b55a2e3975462cb427ec291d4 |
| SHA256 | d9612fd1e70de8bcda03c57b9d2ea0a56d408c5184b97b3e2ff8e944b5f2025e VT MWDB Bazaar |
| SHA3-384 | 6ae22ce2be9e0a35c15e03741b2349e214b28cbe692e09327ab92b4d992e3d83b3943d5550ba49d9c1147a5d54041dae |
| CRC32 | 8B431B52 |
| TLSH | T1721356D436D85C87EA24637D45D69222373DBBE08B538B435A24B6321B13BC17EC726E |
| Ssdeep | 384:BLKF1IwdhNJ7+dv5px/+koEckYhBORhcJ1Mp1RUL/w8FttiRH:BG1I+rooNzmcJc1ijptt4H |
| Yara |
|
PE Information
Image Base
0x140000000
Entry Point
0x000014d0
Min OS
4.0
Compile Time
2026-03-06 06:34:43
Import Hash
10bcb861621198176cd748ec5e302b0c
| Name | RAW Addr | Virt Addr | Virt Size | Raw Size | Characteristics | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x00000600 | 0x00001000 | 0x00006d48 | 0x00006e00 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.27 |
| .data | 0x00007400 | 0x00008000 | 0x000000e0 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.95 |
| .rdata | 0x00007600 | 0x00009000 | 0x00000df0 | 0x00000e00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.81 |
| .pdata | 0x00008400 | 0x0000a000 | 0x00000474 | 0x00000600 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 3.33 |
| .xdata | 0x00008a00 | 0x0000b000 | 0x00000430 | 0x00000600 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 3.49 |
| .bss | 0x00000000 | 0x0000c000 | 0x00000ba0 | 0x00000000 | IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| .idata | 0x00009000 | 0x0000d000 | 0x00000790 | 0x00000800 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 3.80 |
| .CRT | 0x00009800 | 0x0000e000 | 0x00000060 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.26 |
| .tls | 0x00009a00 | 0x0000f000 | 0x00000010 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| .reloc | 0x00009c00 | 0x00010000 | 0x00000084 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 1.54 |
| /4 | 0x00009e00 | 0x00011000 | 0x00000650 | 0x00000800 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 1.50 |
| /19 | 0x0000a600 | 0x00012000 | 0x00011bab | 0x00011c00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 5.78 |
| /31 | 0x0001c200 | 0x00024000 | 0x00003261 | 0x00003400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 4.78 |
| /45 | 0x0001f600 | 0x00028000 | 0x000069d7 | 0x00006a00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 5.09 |
| /57 | 0x00026000 | 0x0002f000 | 0x00002158 | 0x00002200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 3.59 |
| /70 | 0x00028200 | 0x00032000 | 0x0000039d | 0x00000400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 4.62 |
| /81 | 0x00028600 | 0x00033000 | 0x00001662 | 0x00001800 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 4.60 |
| /97 | 0x00029e00 | 0x00035000 | 0x000078fd | 0x00007a00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 5.84 |
| /113 | 0x00031800 | 0x0003d000 | 0x0000051f | 0x00000600 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 5.27 |
| Address | Name |
|---|---|
| 0x14000d200 | DeleteCriticalSection |
| 0x14000d208 | EnterCriticalSection |
| 0x14000d210 | GetEnvironmentVariableA |
| 0x14000d218 | GetLastError |
| 0x14000d220 | GetStartupInfoA |
| 0x14000d228 | InitializeCriticalSection |
| 0x14000d230 | IsDBCSLeadByteEx |
| 0x14000d238 | LeaveCriticalSection |
| 0x14000d240 | MultiByteToWideChar |
| 0x14000d248 | SetUnhandledExceptionFilter |
| 0x14000d250 | Sleep |
| 0x14000d258 | TlsGetValue |
| 0x14000d260 | VirtualProtect |
| 0x14000d268 | VirtualQuery |
| 0x14000d270 | WideCharToMultiByte |
| Address | Name |
|---|---|
| 0x14000d280 | __C_specific_handler |
| 0x14000d288 | ___lc_codepage_func |
| 0x14000d290 | ___mb_cur_max_func |
| 0x14000d298 | __getmainargs |
| 0x14000d2a0 | __initenv |
| 0x14000d2a8 | __iob_func |
| 0x14000d2b0 | __set_app_type |
| 0x14000d2b8 | __setusermatherr |
| 0x14000d2c0 | _acmdln |
| 0x14000d2c8 | _amsg_exit |
| 0x14000d2d0 | _cexit |
| 0x14000d2d8 | _commode |
| 0x14000d2e0 | _errno |
| 0x14000d2e8 | _fmode |
| 0x14000d2f0 | _initterm |
| 0x14000d2f8 | _lock |
| 0x14000d300 | _onexit |
| 0x14000d308 | _unlock |
| 0x14000d310 | abort |
| 0x14000d318 | calloc |
| 0x14000d320 | exit |
| 0x14000d328 | fprintf |
| 0x14000d330 | fputc |
| 0x14000d338 | free |
| 0x14000d340 | fwrite |
| 0x14000d348 | localeconv |
| 0x14000d350 | malloc |
| 0x14000d358 | memcpy |
| 0x14000d360 | memset |
| 0x14000d368 | signal |
| 0x14000d370 | strerror |
| 0x14000d378 | strlen |
| 0x14000d380 | strncmp |
| 0x14000d388 | vfprintf |
| 0x14000d390 | wcslen |
| Address | Name |
|---|---|
| 0x14000d3a0 | MessageBoxA |
Processing 6.77s
- 5.426s CAPE
- 1.185s Suricata
- 0.083s NetworkAnalysis
- 0.061s AnalysisInfo
- 0.01s BehaviorAnalysis
- 0.002s Debug
Signatures 0.04s
- 0.006s ransomware_files
- 0.004s antiav_detectreg
- 0.004s ransomware_extensions_known
- 0.003s antiav_detectfile
- 0.002s antianalysis_detectfile
- 0.002s infostealer_ftp
- 0.002s territorial_disputes_sigs
- 0.001s network_open_proxy
- 0.001s antianalysis_detectreg
- 0.001s antivm_vbox_files
- 0.001s antivm_vbox_keys
- 0.001s geodo_banking_trojan
- 0.001s browser_security
- 0.001s disables_backups
- 0.001s disables_browser_warn
- 0.001s disables_power_options
- 0.001s azorult_mutexes
- 0.001s infostealer_bitcoin
- 0.001s echelon_files
- 0.001s infostealer_im
- 0.001s infostealer_mail
- 0.001s poullight_files
- 0.001s masquerade_process_name
- 0.001s revil_mutexes
- 0.001s ursnif_behavior
Reporting 0.00s
- 0.001s JsonDump
Signatures
Network activity detected but not expressed in monitor API logs
ip: 2.23.90.38
ip: 13.107.6.156
ip: 84.47.178.41
ip: 13.107.253.44
ip: 150.171.27.11
ip: 84.47.178.49
ip: 52.123.242.97
ip: 20.42.65.93
ip: 40.126.53.14
ip: 4.207.247.139
ip: 20.189.173.2
Contains .tls (Thread Local Storage) section
section: {'name': '.tls', 'raw_address': '0x00009a00', 'virtual_address': '0x0000f000', 'virtual_size': '0x00000010', 'size_of_data': '0x00000200', 'characteristics': 'IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE', 'characteristics_raw': '0xc0000040', 'entropy': '0.00'}
The binary contains an unknown PE section name indicative of packing
unknown section: {'name': '/4', 'raw_address': '0x00009e00', 'virtual_address': '0x00011000', 'virtual_size': '0x00000650', 'size_of_data': '0x00000800', 'characteristics': 'IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ', 'characteristics_raw': '0x42000040', 'entropy': '1.50'}
unknown section: {'name': '/19', 'raw_address': '0x0000a600', 'virtual_address': '0x00012000', 'virtual_size': '0x00011bab', 'size_of_data': '0x00011c00', 'characteristics': 'IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ', 'characteristics_raw': '0x42000040', 'entropy': '5.78'}
unknown section: {'name': '/31', 'raw_address': '0x0001c200', 'virtual_address': '0x00024000', 'virtual_size': '0x00003261', 'size_of_data': '0x00003400', 'characteristics': 'IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ', 'characteristics_raw': '0x42000040', 'entropy': '4.78'}
unknown section: {'name': '/45', 'raw_address': '0x0001f600', 'virtual_address': '0x00028000', 'virtual_size': '0x000069d7', 'size_of_data': '0x00006a00', 'characteristics': 'IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ', 'characteristics_raw': '0x42000040', 'entropy': '5.09'}
unknown section: {'name': '/57', 'raw_address': '0x00026000', 'virtual_address': '0x0002f000', 'virtual_size': '0x00002158', 'size_of_data': '0x00002200', 'characteristics': 'IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ', 'characteristics_raw': '0x42000040', 'entropy': '3.59'}
unknown section: {'name': '/70', 'raw_address': '0x00028200', 'virtual_address': '0x00032000', 'virtual_size': '0x0000039d', 'size_of_data': '0x00000400', 'characteristics': 'IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ', 'characteristics_raw': '0x42000040', 'entropy': '4.62'}
unknown section: {'name': '/81', 'raw_address': '0x00028600', 'virtual_address': '0x00033000', 'virtual_size': '0x00001662', 'size_of_data': '0x00001800', 'characteristics': 'IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ', 'characteristics_raw': '0x42000040', 'entropy': '4.60'}
unknown section: {'name': '/97', 'raw_address': '0x00029e00', 'virtual_address': '0x00035000', 'virtual_size': '0x000078fd', 'size_of_data': '0x00007a00', 'characteristics': 'IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ', 'characteristics_raw': '0x42000040', 'entropy': '5.84'}
unknown section: {'name': '/113', 'raw_address': '0x00031800', 'virtual_address': '0x0003d000', 'virtual_size': '0x0000051f', 'size_of_data': '0x00000600', 'characteristics': 'IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ', 'characteristics_raw': '0x42000040', 'entropy': '5.27'}
The PE file contains an overlay
overlay: Contains overlay at offset 0x00031e00 with size: 42280 bytes
Binary file triggered multiple YARA rules
Binary triggered YARA rule: spyeye
Binary triggered YARA rule: IsPE64
Binary triggered YARA rule: IsConsole
Binary triggered YARA rule: HasOverlay
Binary triggered YARA rule: Microsoft_Visual_Cpp_80_DLL
Yara detections observed in process dumps, payloads or dropped files
Hit: PID 2788 triggered the Yara rule 'IsPE64' with data '[]'
Hit: PID 2788 triggered the Yara rule 'IsConsole' with data '[]'
Hit: PID 2788 triggered the Yara rule 'Microsoft_Visual_Cpp_80_DLL' with data '['{ 48 83 EC 28 }']'
Screenshots
Hosts
| Direct | IP | Country Name | ASN |
|---|---|---|---|
| Y | 2.23.90.38 [VT] | unknown | |
| Y | 13.107.6.156 [VT] | unknown | |
| Y | 84.47.178.41 [VT] | unknown | |
| Y | 13.107.253.44 [VT] | unknown | |
| Y | 150.171.27.11 [VT] | unknown | |
| Y | 84.47.178.49 [VT] | unknown | |
| Y | 52.123.242.97 [VT] | unknown | |
| Y | 20.42.65.93 [VT] | unknown | |
| Y | 40.126.53.14 [VT] | unknown | |
| Y | 4.207.247.139 [VT] | unknown | |
| Y | 20.189.173.2 [VT] | unknown |
Summary
No results found.
No behavioral analysis data available.
Sorry! No strace.
Sorry! No tracee.
Hosts
No hosts contacted.
TCP Connections
No TCP connections recorded.
UDP Connections
No UDP connections recorded.
DNS Requests
No domains contacted.
HTTP Requests
No HTTP(s) requests performed.
SMTP Traffic
No SMTP traffic performed.
IRC Traffic
No IRC requests performed.
ICMP Traffic
No ICMP traffic performed.
CIF Results
No CIF Results
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Suricata HTTP
No Suricata HTTP
Sorry! No Suricata Extracted files.
No dropped files found.
Sorry! No process dumps.