Manalyze report for 01624d37aad36b11b1d11babba363ea3

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-Feb-10 01:37:18
Detected languages	English - United States
Comments	Malware Initial Assessment
CompanyName	www.winitor.com
FileDescription	Malware Initial Assessment - www.winitor.com
FileVersion	`9, 1, 0, 0`
InternalName	pestudio.exe
LegalCopyright	Copyright © 2009-2020 Marc Ochsenmeier
LegalTrademarks	www.winitor.com
OriginalFilename	pestudio.exe
ProductName	pestudio
ProductVersion	`9, 1, 0, 0`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress LoadLibraryW` `Can access the registry: RegSetValueExW RegCreateKeyExW RegSetValueW RegQueryValueW RegOpenKeyW RegEnumKeyW RegDeleteKeyW RegOpenKeyExW RegQueryValueExW RegCloseKey RegCreateKeyW` `Uses functions commonly found in keyloggers: CallNextHookEx GetForegroundWindow` `Enumerates local disk drives: GetVolumeInformationW` `Changes object ACLs: SetFileSecurityW` `Can take screenshots: GetDC BitBlt CreateCompatibleDC`
Suspicious	VirusTotal score: 2/73 (Scanned on 2020-02-12 01:59:35)	`APEX: Malicious` `Trapmine: suspicious.low.ml.score`

Hashes

MD5	`01624d37aad36b11b1d11babba363ea3`
SHA1	`ab8349b18ebb67f886dcdbbff80b20c2ed233ad6`
SHA256	`494ec773d1f86f62ab44ec5bfba31aaf4179a0f61da34eb1806143891fac1a26`
SHA3	`d2826b639fb2c77c16d01ea498113f59e90b76db15fbb70cd46487638ed44a33`
SSDeep	`12288:DomhNzkVt7WspxFmWKzOYkuIoBdxoFgThZtRn00jo:7iVWspeWAMFgThZ/01`
Imports Hash	`9a0ee310de7d248c528818c0f9e701c4`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2020-Feb-10 01:37:18
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`9.0`
SizeOfCode	`0x5e000`
SizeOfInitializedData	`0x2ba00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0004AD81 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x5f000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x90000`
SizeOfHeaders	`0x400`
Checksum	`0x949f8`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`8d2fdd49ace102e6f46a43506ba637b2`
SHA1	`41f559e74b8123889db6ce83801be867f5df71c6`
SHA256	`ee99bb464ed57e4b17456316c08494b25931cfb606dc8a4099aea8c60ed35f5d`
SHA3	`9d0995829e0d5ab813e0c6f36989dcea251e74b2a6c57d1c8c6b1c87e7d5725c`
VirtualSize	`0x5defb`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5e000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.53267`

.rdata

MD5	`cf8328acfc01076aef91e530309b63b9`
SHA1	`77887c64b5efa879772bf08a924c1c52333b3687`
SHA256	`7365a5b33ad0482ae945f5d117f545a63ab3b8dd020c16b88503b1cd15835869`
SHA3	`eacd5abc197c4d205938cc0f406945ff7f06a9ca17ce36cdb9d808d77fd336b4`
VirtualSize	`0x12500`
VirtualAddress	`0x5f000`
SizeOfRawData	`0x12600`
PointerToRawData	`0x5e400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.8626`

.data

MD5	`2937e21309f1861b09497c28121072b8`
SHA1	`a832964d6a568a975f5a8302b1fd8f2b8470691b`
SHA256	`518feabb88ee029647f9f5d2f5e35da222d62bec899a63e8dd70f1453c7b027f`
SHA3	`7fd226a92c9fcdabdb9662a76849e0f364f03efab349257d533372eb31eff13d`
VirtualSize	`0x6578`
VirtualAddress	`0x72000`
SizeOfRawData	`0x2a00`
PointerToRawData	`0x70a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.02296`

.rsrc

MD5	`4547a4cf9ef28360916ba915dfd627f7`
SHA1	`067a5df4b7cbd3def17895e29919bf6393429419`
SHA256	`140783910602801e8988eb9ef7658ae6f75f185a60de1bc65767ad4661a04a55`
SHA3	`d389c3ec62d26d735945b8d2d038a809e2fc6136e312572985339cc84552ce43`
VirtualSize	`0xcbf0`
VirtualAddress	`0x79000`
SizeOfRawData	`0xcc00`
PointerToRawData	`0x73400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.80192`

.reloc

MD5	`f48a3161fc61c7773a2c24af851dfabe`
SHA1	`930806c2149a1e2841107dd5b37a3065668e3899`
SHA256	`cc20d1c1e8f4be2b04888624ea2ce1ba1f917446b262a5a61df8ad44eb7db290`
SHA3	`b38a5f22008183b46edaaad84d53570f16db2831bcf22bc1fa97bb5885e7511b`
VirtualSize	`0x9df6`
VirtualAddress	`0x86000`
SizeOfRawData	`0x9e00`
PointerToRawData	`0x80000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.63588`

Imports

KERNEL32.dll	`RtlUnwind` `TerminateProcess` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsDebuggerPresent` `HeapAlloc` `HeapFree` `Sleep` `ExitProcess` `HeapReAlloc` `HeapSize` `GetStdHandle` `GetModuleFileNameA` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCommandLineW` `SetHandleCount` `GetFileType` `GetStartupInfoA` `HeapCreate` `VirtualFree` `QueryPerformanceCounter` `GetSystemTimeAsFileTime` `GetStartupInfoW` `GetACP` `GetOEMCP` `IsValidCodePage` `LCMapStringA` `LCMapStringW` `VirtualAlloc` `InitializeCriticalSectionAndSpinCount` `GetTimeZoneInformation` `GetLocaleInfoA` `GetConsoleCP` `GetConsoleMode` `GetStringTypeA` `GetStringTypeW` `SetStdHandle` `WriteConsoleA` `GetConsoleOutputCP` `WriteConsoleW` `CreateFileA` `SetEnvironmentVariableA` `SetErrorMode` `lstrlenA` `GetFileSizeEx` `SystemTimeToFileTime` `LocalFileTimeToFileTime` `GetFileAttributesExW` `FileTimeToLocalFileTime` `FileTimeToSystemTime` `GetShortPathNameW` `GetVolumeInformationW` `FindFirstFileW` `FindClose` `GetCurrentProcess` `DuplicateHandle` `GetFileSize` `SetEndOfFile` `UnlockFile` `LockFile` `FlushFileBuffers` `SetFilePointer` `ReadFile` `lstrcmpiW` `GetThreadLocale` `GetStringTypeExW` `DeleteFileW` `MoveFileW` `WritePrivateProfileStringW` `InterlockedIncrement` `GlobalFlags` `TlsFree` `DeleteCriticalSection` `LocalReAlloc` `TlsSetValue` `TlsAlloc` `InitializeCriticalSection` `GlobalHandle` `GlobalReAlloc` `EnterCriticalSection` `TlsGetValue` `LeaveCriticalSection` `LocalAlloc` `LocalFree` `GlobalGetAtomNameW` `MulDiv` `GetModuleHandleA` `GetProfileIntW` `GetTickCount` `GetDiskFreeSpaceW` `GetFullPathNameW` `GetTempFileNameW` `GetFileTime` `SetFileTime` `lstrlenW` `GetFileAttributesW` `GlobalFree` `GetCurrentProcessId` `GetCurrentThread` `ConvertDefaultLocale` `EnumResourceLanguagesW` `lstrcmpA` `GetLocaleInfoW` `CompareStringA` `InterlockedExchange` `InterlockedDecrement` `FreeResource` `GetCurrentThreadId` `GlobalAddAtomW` `GlobalFindAtomW` `GlobalDeleteAtom` `GetVersionExW` `CompareStringW` `lstrcmpW` `GetVersionExA` `CreateFileW` `WriteFile` `LoadLibraryA` `CloseHandle` `FreeLibrary` `GetLastError` `SetLastError` `GetProcAddress` `GetModuleHandleW` `LoadLibraryW` `GetModuleFileNameW` `lstrcpynW` `GlobalAlloc` `GlobalLock` `GlobalUnlock` `MultiByteToWideChar` `FindResourceW` `LoadResource` `LockResource` `SizeofResource` `RaiseException` `GetCPInfo` `WideCharToMultiByte`
USER32.dll	`IsZoomed` `GetSysColorBrush` `UnregisterClassW` `DestroyIcon` `CharUpperW` `EndPaint` `BeginPaint` `GetWindowDC` `GrayStringW` `DrawTextExW` `DrawTextW` `TabbedTextOutW` `FillRect` `ShowWindow` `MoveWindow` `SetWindowTextW` `IsDialogMessageW` `SetRectEmpty` `WindowFromPoint` `ClientToScreen` `SetRect` `GetDesktopWindow` `CreateDialogIndirectParamW` `GetNextDlgTabItem` `EndDialog` `GetWindowThreadProcessId` `IsWindowEnabled` `ShowOwnedPopups` `SetCursor` `GetMessageW` `TranslateMessage` `GetActiveWindow` `ValidateRect` `SetMenuItemBitmaps` `GetMenuCheckMarkDimensions` `LoadBitmapW` `ModifyMenuW` `DestroyMenu` `GetMenuItemInfoW` `LoadIconW` `UnpackDDElParam` `WinHelpW` `IsChild` `GetCapture` `SetWindowsHookExW` `CallNextHookEx` `GetClassLongW` `GetClassNameW` `SetPropW` `GetPropW` `RemovePropW` `GetFocus` `SetFocus` `GetWindowTextLengthW` `GetWindowTextW` `GetForegroundWindow` `GetLastActivePopup` `SetActiveWindow` `DispatchMessageW` `BeginDeferWindowPos` `EndDeferWindowPos` `GetDlgItem` `GetTopWindow` `DestroyWindow` `UnhookWindowsHookEx` `GetMessageTime` `PeekMessageW` `MapWindowPoints` `TrackPopupMenu` `SetMenu` `SetScrollPos` `GetScrollPos` `SetForegroundWindow` `PostMessageW` `GetMenuItemID` `MessageBoxW` `CreateWindowExW` `GetClassInfoExW` `GetClassInfoW` `RegisterClassW` `AdjustWindowRectEx` `GetParent` `EqualRect` `DeferWindowPos` `GetDlgCtrlID` `DefWindowProcW` `CallWindowProcW` `GetMenu` `GetWindowLongW` `SetWindowLongW` `SetWindowPos` `OffsetRect` `IntersectRect` `SystemParametersInfoA` `IsIconic` `GetWindowPlacement` `GetSystemMetrics` `ReuseDDElParam` `LoadAcceleratorsW` `InsertMenuItemW` `CreatePopupMenu` `BringWindowToTop` `TranslateAcceleratorW` `LoadCursorW` `DestroyCursor` `SetCursorPos` `ReleaseCapture` `SendDlgItemMessageW` `SetCapture` `GetCursorPos` `CheckMenuItem` `EnableMenuItem` `GetMenuItemCount` `GetSubMenu` `RemoveMenu` `LoadMenuW` `PostQuitMessage` `IsWindowVisible` `IsWindow` `SendMessageW` `CopyRect` `PtInRect` `InflateRect` `GetClientRect` `ScreenToClient` `GetDC` `ReleaseDC` `UpdateWindow` `InvalidateRect` `EnableWindow` `GetMessagePos` `CloseClipboard` `SetClipboardData` `EmptyClipboard` `GetWindow` `GetWindowRect` `GetMenuState` `RegisterWindowMessageW` `KillTimer` `SetTimer` `DeleteMenu` `GetKeyState` `ShowScrollBar` `SystemParametersInfoW` `CreateIconFromResourceEx` `SetParent` `RedrawWindow` `GetSysColor` `OpenClipboard` `SendDlgItemMessageA`
GDI32.dll	`SetViewportExtEx` `ScaleViewportExtEx` `SetWindowExtEx` `ScaleWindowExtEx` `CreatePatternBrush` `GetStockObject` `OffsetViewportOrgEx` `GetDeviceCaps` `GetTextMetricsW` `Escape` `SetViewportOrgEx` `TextOutW` `RectVisible` `PtVisible` `GetPixel` `CreateFontIndirectW` `IntersectClipRect` `ExcludeClipRect` `SetMapMode` `SetBkMode` `RestoreDC` `SaveDC` `PatBlt` `CreateCompatibleBitmap` `StretchDIBits` `DeleteDC` `CreateFontW` `SelectObject` `GetCharWidthW` `DeleteObject` `GetBkColor` `CreateBitmap` `ExtTextOutW` `BitBlt` `CreateCompatibleDC` `SetBkColor` `SetTextColor` `GetClipBox` `CreateSolidBrush` `GetTextExtentPoint32W` `GetCurrentObject` `GetObjectW`
COMDLG32.dll	`GetFileTitleW`
ADVAPI32.dll	`RegSetValueExW` `RegCreateKeyExW` `RegSetValueW` `GetFileSecurityW` `SetFileSecurityW` `RegQueryValueW` `RegOpenKeyW` `RegEnumKeyW` `RegDeleteKeyW` `RegOpenKeyExW` `RegQueryValueExW` `RegCloseKey` `RegCreateKeyW`
SHELL32.dll	`DragFinish` `DragQueryFileW` `ExtractIconW` `SHGetFileInfoW` `DragAcceptFiles`
SHLWAPI.dll	`PathFindFileNameW` `PathRemoveFileSpecW` `PathStripToRootW` `PathFindExtensionW` `PathIsUNCW`
ole32.dll	`CoTaskMemFree` `CoInitializeEx` `CoUninitialize` `RevokeDragDrop` `CoLockObjectExternal` `RegisterDragDrop` `CoCreateInstance`
OLEAUT32.dll	`#4` `#9` `#12` `#8`
OLEACC.dll (delay-loaded)	`LresultFromObject` `CreateStdAccessibleObject`

Delayed Imports

Attributes	`0x1`
Name	`OLEACC.dll`
ModuleHandle	`0x77400`
DelayImportAddressTable	`0x74814`
DelayImportNameTable	`0x6f554`
BoundDelayImportTable	`0x6f590`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

128

Type	`RT_BITMAP`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2c0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.3316`
MD5	`5087f8869d5bc5b9735b318102ce4722`
SHA1	`c61ab85f1afbddd7fa12d467b2d415b727ee2073`
SHA256	`c9c3d7e4cdecf0b518a3a107ba4cd2da72d5f86f376443f3da094f8b87bb8885`
SHA3	`67d21b041c12d21c5db95d2e5635b580eb555345f11644298e41b8dcd9a617ea`
Preview

131

Type	`RT_BITMAP`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x90`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.73566`
MD5	`9410762b2c68e26f1ea5f73bb7c567c3`
SHA1	`637735ebcb83f80e89dadf6ab225f1faca1cb25d`
SHA256	`123f4b83dca475eb31059bbc6035d8631f215f5fd46af7bd611737cf5fe9f295`
SHA3	`46f811ad0a5175fa7659350dc375da0a05ca947bc893c39cde66db735f6be616`
Preview

132

Type	`RT_BITMAP`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x90`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.73566`
MD5	`dd3fd7e8c6ef5faf23a22071eea44769`
SHA1	`bcfd5373d1b20fdbf38dbe23eade9022caed6cb0`
SHA256	`3db3e6873199efe3c16fdf1315076a3f4c892aece3af37e1dd844256b39ce1b9`
SHA3	`f42bc8bd78c20cf3f2a717fc74ad06a4e19ce085f817e2153773f97ad4321111`
Preview

133

Type	`RT_BITMAP`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x90`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.88979`
MD5	`94ea74b379359ce73aa6c3b0ea1169f9`
SHA1	`bf1d8c020954e93e77df251b2be28a78b207cd48`
SHA256	`96e8687e50da323f13bc445ec7e54c6d241653bae17f8c52d8566d3613c0719d`
SHA3	`8691239d7bbc2f96d3f9b9f91c64442792dedbee795eaa99ae1bf7f49e129905`
Preview

150

Type	`RT_BITMAP`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x5a28`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89401`
MD5	`bf4c7c0a41b05e63a22f39bcc99e2608`
SHA1	`b5ccf4187778edfe29fb5cfe7b9bcc682873dd07`
SHA256	`4cf9b35d09bb6915520c07b2f09ca56e24491fcb310c5472ce3d78341d3c9440`
SHA3	`7d9f32a4e442c46e188a16c22d82d30f85e478901b21060836445693c9a02984`
Preview

30994

Type	`RT_BITMAP`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xb8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.23666`
MD5	`8cf65be17e506ff24c2177078f88b56e`
SHA1	`3e397dc7597caeb844df0ea760b64231c8ce3dbf`
SHA256	`e7c0005285d1ab59732d5f99f77a9bdd6342b01cf44437ebd7a07611a227e272`
SHA3	`7da4c7aab356574679f0f9107740f01647864c846c04f699deef67577fd6aded`
Preview

30996

Type	`RT_BITMAP`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x144`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.87621`
MD5	`5a9c81cdbf480cf01daa71ba0e233c5f`
SHA1	`28e04c01584654e1974347d1baa462b2784e9c47`
SHA256	`abdf36bde89a26349f5741c17c235dacea88d441d8662ba16a598dc50c3c4864`
SHA3	`99dec83590ac444359a5a6f8924dae5615d93f4df527e10a8a61319ce3a5beaf`
Preview

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.85055`
MD5	`c97870590a647af3125054a28529f09c`
SHA1	`81a9bc87737a472db256240682f41779c66815af`
SHA256	`4ba6659168eb86ae2651758cf086f8f599e3dfee74ed89268fdf260110193d7f`
SHA3	`c06bf593e9150457069abef6687dea93a6c70050ef0e8db9fe88e49ea51b91d9`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.67406`
MD5	`e9f5b76fcf8b07475a8fd39e60b3688d`
SHA1	`c44f17c71432fa7e40046b72f820f520e3f66c1a`
SHA256	`6acaa703d4338e8b230f27dc89e810911cc90a75361dbbb4752ad75cebf8f541`
SHA3	`34ff11db1207763b2a42457ab1ae07aa28ce48138b1c78e9d7841ad8fe300855`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.33554`
MD5	`8b886e8326cfa70d3a67e755e9450e54`
SHA1	`e107899a5fe3caff3057c0584b4bf2b787230a21`
SHA256	`509830c07fc201854f12a49e02bf42dfdc1687d350fbe652b721c1fb38ab519a`
SHA3	`f8bffc39336eeaffddc9e5f7d7dbcb7b524839d5d616056bee36b702efd8afee`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.960066`
MD5	`c24a2b3586613a3027ee78699827b3f6`
SHA1	`7994e8990ea9a75cffed835ff0bc9f76793c88bd`
SHA256	`e31888b5775c899458e13f4e85b6f4d1b53e7439742a4e1546f9d0c8a7e235db`
SHA3	`6dbcbf32332f4368500ea93b6f476d89e44973139c2ba468fa7d4404d44f3f10`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.13848`
MD5	`cfc9a0fb39477bbd5f8e12a9c0a0f8bf`
SHA1	`9b31b4aaedc672066fbdec48c4be9c97491a53f7`
SHA256	`29612db231beb57400006a9b8ea3fd6edbd5262c03d72712f8624c04e1905c4b`
SHA3	`234b1449cf85b8a53f60c7f88aaf430ae944f93435a58385893aeec4dede29be`

128 (#2)

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x16c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.22187`
MD5	`cf4891e8b9ee14cc0dac1ae510c09f66`
SHA1	`55668241c5f97523fd196e6ffc5e32b291cffe78`
SHA256	`ef597cb56a58068c427d5bb57b3add37fce61fa0d32f453b767756af9de8ba53`
SHA3	`35c95a8fba7071855e163a916dcfed475f17bef9ddfef1016435c605da9f4805`

135

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.40306`
MD5	`556a1191dc2f5f8ead98edeb6cca9dcf`
SHA1	`149fc260939f4277d74afe5773e2baa0ab18d888`
SHA256	`22c52071b0c35d1c1b393d43c59d351b6c62c2a4a5b6f6455c1a89981bc68983`
SHA3	`bbc379b09288a4bf40ee5475cf964c859af7d2f1ea7b3138e911b78eaa44d8d1`

137

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x50`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.87537`
MD5	`df344fdde29f18c29f08e021521f928f`
SHA1	`0111678093347a020d704cce9e57ba581cab4e9f`
SHA256	`42cdeea84aa02b82bfa903048ed154564741f2e95de6a615540f802fa10b31d2`
SHA3	`c482b634e597e55d349924e9dfed5caa5b060a50d251584883bea52c11f3f311`

138

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x42`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.90038`
MD5	`e2e958b04d973f9af1205c62dc99103a`
SHA1	`028d10ec898301590165b2c2583bc4d62659c456`
SHA256	`a06d605d13c03a6a3093c017593bf34d709de6e82a7f3a37226c0382a2e65bed`
SHA3	`f0a50598fbee04adf3d841533f31c0eba3fcd1f4e8abc0dc814774da5732f85b`

139

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x180`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.28584`
MD5	`2a731b12d1b2260a64456e5bc044b005`
SHA1	`f959c336e863ddbf6961b12c470243f615d6e872`
SHA256	`52ce7060459e138b7cb9240523a9d8d9a884e5144854f6b3c29050185af59bec`
SHA3	`43829da5468f81be7979c57417a345d719824bdf09f02653bb35986ebc750b8f`

140

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.63011`
MD5	`3cc3d9c3c09b4e91090438936fdcbc91`
SHA1	`045e10bc414b92cc8f119be9a57b333fe1ca915d`
SHA256	`95ab8e9ae3a341534244fe08bbd7f4234523603f8c6978caee7d9ccbdff3274f`
SHA3	`a6ffe3209fefbe6ffc87064246d114ec0148f6b7791129c1d89dbbb191dff0fe`

141

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x178`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.30245`
MD5	`f50ae0d7fd79c64e0c4e161766febfc8`
SHA1	`cada92b8dfef1d53bd62bea6b1f32e23f648f01a`
SHA256	`e51c9ba9b6e228595f796836d07380c81bda7e86dd356c97f28820e050f08793`
SHA3	`304f71d0f0b056b927530941aa13fa7be0d91053ba7f1ec53d47dacf16895299`

142

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x38`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.88628`
MD5	`b715b57b99630461a1d6db503a6c09bb`
SHA1	`8a583f15c98fb4ac1f7d27e686fe64ae2c4badac`
SHA256	`233b074af5f4073cddc1e19b92ebdf04e01012bbcefe46f847baa24147654d87`
SHA3	`f53e867bafcae0936423c10c07e24e5f7f5df2a6ca210c2b4e61abbd23e66e02`

143

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xc2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.02917`
MD5	`0693b71a7f7186699bbe06d15c464253`
SHA1	`0f9bdc64ff1d9bd210272c3a1944542f0c850a9e`
SHA256	`eabe49e68f57272f8d0a6aa59d04ae3eb38153933bac45c31dc961ebbe3127dc`
SHA3	`48f278980a5d33e0de92ccd8653f3f696712bdd85eedb6f982e767d13510a30f`

144

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x26`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.56089`
MD5	`a7a040426f970d48f96bd6ccc917d633`
SHA1	`593e5ccba60554e5b39a6b4c672110f83d8bf156`
SHA256	`86b56864cafaa9cc011ae7b442f5e9847f3c44de26d989ff13ce45de62e2cae1`
SHA3	`a35b677b245c5d95c96710662ff26ed158809165529c88e7db257275ca753de5`

145

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x7c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.99219`
MD5	`b8986d3ec1ebd82d8723b4fd46275396`
SHA1	`7f7a3b35c950a575279e747820577ad0c54a70ea`
SHA256	`7750d8b2be768d1b5b6a6054e627e932ce7094693ef2cca4cf4803103f32164f`
SHA3	`ef4878362ecbb3fbab92142d7cfbcbc5f3c54d8da2a48befdf41eea9fbe85121`

146

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x90`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.9937`
MD5	`3692ea88f9a639fec747990cb26aafaf`
SHA1	`3bf488798152f81411aba23776ddb0d3c10deccb`
SHA256	`924debdf4e47ea3d544b1ac3823a5336c36ccd258bb2f35b06fe52e1fefea130`
SHA3	`49a0788eb1a87a039a602c214607b5039c8cd763d3a3c089c237b4551ad39b42`

147

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x9c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04549`
MD5	`6a9fa4fb6c65f705004384f1b96ffa09`
SHA1	`48839e4618b1521762554026360b26484ebb9c92`
SHA256	`40e8a36fcbe3014197caf2555a43da22f4a70f03d790a7f56f67d5cc3101df52`
SHA3	`e9b3f5fe8abc7bb0b809421fe8dfff516af0b4dcbbcdb9f435fb3e16fab1d9cc`

148

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xa8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.10493`
MD5	`a229d64c8ad0b780179cb5111059f44b`
SHA1	`835a917b0c503238877c228d4bdb112607008464`
SHA256	`73224c96051a21af972ee5bbef1b9580f1d523e19e48f3df634898f8778550db`
SHA3	`01f348d689ab31354d2113cc53d95d42f70cd83425e11e042ea7842489a00179`

149

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x102`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.3343`
MD5	`3914dfc0964c4099d42f608acd054ab0`
SHA1	`e82ffd5f7f7d108f1bded88e338890d388a8d8ee`
SHA256	`dd3defbacca9c9905d37cf7ab92dc85d7f45488546063155112fc94860e41120`
SHA3	`f151b0691c10a70abc4a2d7374be55fef3fbaaebef87f7bfc72987aebe85ca31`

152

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xa6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.12918`
MD5	`efcd5c30f30bd481e0290b62c8c525f4`
SHA1	`f93c6bd8dca8e773c8ac4e9caa94524f5c180426`
SHA256	`6960e32c03737461efbfd351447ed7162ba262e4071b84d03c7ba4957e82ba57`
SHA3	`d977dcb1afb8a018527a3e7bfffb0b045472a46369cb758e2096c63bee2d5064`

154

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x32`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.39603`
MD5	`1ae9f15578ba355ea0a241e83311c293`
SHA1	`19c1f95263f5226c0d16e430f4c055aa2a05e4ea`
SHA256	`26b08ca30313b0449e3d60bc209eb9089882faa178c44b27bbbd705d6486d8ac`
SHA3	`d6d1b91e83d997ee667c36763c59c42d8f66802cb14be6e579be486227548587`

155

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x24`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.55218`
MD5	`737e206378e16be9a6c0e335b891def5`
SHA1	`ee957fca07457ac6747feef2daffe6313b32d9b4`
SHA256	`527b12589cf4aa770afe35a96ad318411e84e9b03e72bf004af06d31a0ab15b5`
SHA3	`fbb0ff8de2745dc1ef4bb05e7c6d053c13771a6b5621fb918f2d47bf1ad75d1f`

161

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x66`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.03523`
MD5	`63b3518335906e360f055ae093f6d158`
SHA1	`3e670b5caece75fa2cc100b51b617f4c33c4d0c0`
SHA256	`404c10463704c48cf43811dc9c1ecc1d0783242fc55faca6fe7f7109a3734a8b`
SHA3	`50e7fc0f5dc416148e58a8c05c8793755221d200050f091efb049693ece16592`

162

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x76`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.95203`
MD5	`a5acc4294c2fec07473d34192a6c92fd`
SHA1	`401f7e7d670947c52519291a717e04d603db55aa`
SHA256	`c1630a8faf22e4ccd257567d7577f0b67f12ec99d1244e54e5962ba2ba26ea74`
SHA3	`14d697da6820c813b1da70b3b5dc2ee658b5c971c090afc33d63d3c9488949f6`

163

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x7e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.92874`
MD5	`529513b825bd31b66c2bc2f20c529d15`
SHA1	`ecef7451ab8c8a6dc421bcca3c100177d87d6ca3`
SHA256	`352575036de1251dcd106c2a72549839d05ee2ad9acdf55ac3f55593fe778586`
SHA3	`4584dc234590186c61faf0a4989dd56f97cc291b05e7ff99bb93b35926b05466`

164

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xa8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.10651`
MD5	`a6af6008685e2f975bf8aee82ebda2e4`
SHA1	`4f5a6f44f231f03b171317b3ffb95a4075471acd`
SHA256	`5d22636dedda6c42ad63470d356336a087032ac125239558dae9dec873c2cd4d`
SHA3	`765a5f9fce7bd6c61a90d2f47acf75ad8df8ea8d11d9c586a3e91105a0ed973b`

165

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x88`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.01294`
MD5	`386d7096bea33aed7a1836a70d854d67`
SHA1	`220ee0f4e083a525a0506b34b90aabd12e7874d4`
SHA256	`6fd6d74d8439b163f5e3b0f0d6cf3c1a46391e8046d3bd063e83f06e534d8f47`
SHA3	`08dca7370e0b1f6071fffb2eacd69ecc65b4d8eab2e925a6f37e72393aada611`

166

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x36`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.58656`
MD5	`8b695cae97ec881110cbc037321b6739`
SHA1	`55d7236188f3816608608f86d5e6647420b49a3a`
SHA256	`6dbc3cb7748816a41240f3b9dbd625cfc2405346944ac1dcb7a8854fc4d17410`
SHA3	`e377a8bf24ab884009ec9a6dc3ffee5f158b7245ed21348cd90e9cc8957cf223`

167

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x36`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.60054`
MD5	`8d991f68606f06e57a0fc9caa2e2a11b`
SHA1	`26c8d9146414ccfbc1358e3a41f8836c0efc32a4`
SHA256	`e123b7c18d1394f854619029718278196f47047adeae87a10f3d2807013c7301`
SHA3	`bc2f43cea54f19c16000779108bf664f3129d428a6e86a211049cdcd20e01481`

169

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x3a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.8235`
MD5	`78806f3cf24558e7b3a0277775b4f5f4`
SHA1	`bb3a0f9cbfc08ec306aa3dc2f4f17deeecad5571`
SHA256	`03a89d5b5e2a2ec55a6fa2e5fa0a8c132b1d7d11d343015434bab98c23f948a6`
SHA3	`1daa0ddcbbba1f4162e17737b68c90a0639b1709d9ff26f8f9afd4d58999550a`

170

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x58`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.96111`
MD5	`4ee13733b7f96783e316afd74185a4ab`
SHA1	`4fa47a2621f5e89a1fb873f61343f719f7989acd`
SHA256	`875b9e2f8c744b18ff0311b4145f8030a9e2f07edb63670060f890b4f9d53d0e`
SHA3	`31a6dd5da77aa99e37109aa4931af8b458aa9aea6fb5a2edde8a417f9342bc6b`

171

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x7e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.93342`
MD5	`3a5663b9edb1e15e5a86ac0262c59015`
SHA1	`29eb4500effe45bb77c1c2298f4e97073330a6ae`
SHA256	`c4ce3f54cecf2302e610d9a9fecae991be6b8cb9670b45bda3d20e647b26b3e4`
SHA3	`8baba2ac9fbd86bfeacf9dcca10298af102be1d09112621d25db0213f239146c`

172

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x24`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.44107`
MD5	`882faddba4cd655f556a6cd25d713a77`
SHA1	`cd056ea64708b757df5571af46ce1938c17d75e7`
SHA256	`5d10cb82cb4f7288879d8f6c78b4a3441d7790e5908d3bd4550ad9405eebd5d3`
SHA3	`9db3ccaedd9060ebc5b3cbe1aec46f365562ff3bee1f6c8f24d845ef1750a8af`

173

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.83349`
MD5	`68c8bee20d62c0c5ffa09a7b85350148`
SHA1	`3c2ab73d08049ca3292157db4e9744487ef7385d`
SHA256	`c101c0cc0c99f0aae247a51e32c1d77cae5096cf9cb1de385a4f225eb08c02d1`
SHA3	`7774262a82f094173c5c5f4e58b979a4ca3928f5f3b72a922441defed37136eb`

174

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x5e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.01828`
MD5	`96fd95bdd494d28b0a908b7808e65181`
SHA1	`e8796fcaabcbc32582874bdd6a40edaeb53ca9b9`
SHA256	`d33d99427490e7946d4821f453bf927890409bbebb419e414ca6d76e69129bee`
SHA3	`8021a1abe041f53827b5ce10268f347cfef413e9ecc543c5768fae86c0fd14fc`

175

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xd4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.2164`
MD5	`4a996c8f774072ecf562d3202ce28348`
SHA1	`6530893b20bf16385ac98ecd4c477a03c9092454`
SHA256	`75b80c4ef5d9c784f25de63dd2d7578adcc8109743dba0657f272806cb1084cb`
SHA3	`c18d66be692d861458a836a104edfc784f157c9750d550ecf403ec06e0eda248`

100

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x21c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.20428`
MD5	`d534255f4bc521cbb8fa96888c5b07b9`
SHA1	`da28ed78af5508b3443aba6877e17b22bc8a2403`
SHA256	`0b3f4d3250f5954397a18ac1fad47cada2925425fe0c2fcdb0ae759bb655c519`
SHA3	`8602bfe49b32e915e1b6818e9cd26a5c73e102c094f38850d0759b5d49c2af74`

160

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x250`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39498`
MD5	`9926d6e823386bab630ed8f948c88f96`
SHA1	`f90a24c160579f975adbb0d955f3cb308877b04e`
SHA256	`a6f6855a8e30826bd62b7c68990b0ca32dcf6046ee92dfeb047735c1b31b22c7`
SHA3	`7712669ca358b1d38c8422831fa31ee59490667447c3f2aa1c21bb781388f085`

9

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xb6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.75877`
MD5	`56e727d41a436247f9f931d2d9a856e4`
SHA1	`d38f59a7330f27fcc12eeabdaec19cfbac63fd07`
SHA256	`f126940838b3fe2b3ffe8cda962c7114ed77e9f2cd79104c25d2be6a25577337`
SHA3	`8e5e0801b76bc13d9420e86c01761ac1cee21e212fb760e9e82eef55c8cdd0d9`

10

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x38`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.09491`
MD5	`7ca0d33bd095f51e5d5d027774b1f7dd`
SHA1	`8dced15621186802a2e6f87477ad18838e6716e1`
SHA256	`3acbf95a75e9ea5f8ff400337d5d9f1384a976be22575160074049302f72b7ae`
SHA3	`f9dc6299d647d08bd82b57e2a7f3a9d57e96dc2bd98dbcabd4726d79ef2a9c23`

2049

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.07598`
MD5	`ff0145b14c6e77ec4ab056c0a1d0a9ea`
SHA1	`4fe20c1c7789528ead22dfe291a929143b4739f5`
SHA256	`a69cf4092e977d0d93ecca69b3e7902285404715a2c6a6549e084554a975fde3`
SHA3	`93e7bdc5cba500e75f83f190de1bb4b3c3065d7cf0cb3ea2ae459ac39646abdc`

2050

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01313`
MD5	`c6d7550068c5eab3075668e958e24b9c`
SHA1	`c51815e4eb151c4d0b3884cd02a2cb7fef3a3377`
SHA256	`72aa8c4294b822d8715a9823950a00490e498917d0ae4eff53dda2899ac0c57a`
SHA3	`c0568276406f3a929a081034eb2c080396442e635c02dd3baa65c30a25852d6f`

2055

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x36`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.52383`
MD5	`5ce01953195baa1c739906f452a6f725`
SHA1	`8e291f254d9a3e01123f327f25330c7fd45aff1c`
SHA256	`2d71bfa50a241880015b3ceb4c2bcaf2df2f2deb8d27d1110be7519f6d04a9f2`
SHA3	`fa56560f383bfde04c14f9ec940f7d1023fbcec08284a2ba731592a08b6bc183`

2060

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x6a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.33219`
MD5	`b91416d6485989ef9884ea26ec73bdf4`
SHA1	`2cba21e7dd466f2a3a7549ef322416f709b8c6a1`
SHA256	`629984f75660ce7b1ddd422bed9c3fe5c21ca3d63b91c6527dfb799afa831488`
SHA3	`86c34e6c456c7c901a0123c2dcf650889c798df18dee636a025f3e6fe44c421e`

3605

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xd4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.88207`
MD5	`d3faa3cdf3cfe64362a9266f51ca34e8`
SHA1	`c8a93717d43548c9c6298141b65d697e4ecd449e`
SHA256	`396e3b9400d6a92aee7958675fee024a7dea7d4506ad825d690cc29ded717984`
SHA3	`230abe8a4a3f55f02e2c3ef26a2046454215e5439bb0cc279d1423f1715b5cb9`

3697

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x26`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.695987`
MD5	`91e81e7d6afb30d015868f14f34f1db7`
SHA1	`06cded28530dc0ef2c474b691bb2e448f4b391bf`
SHA256	`24103701bf092d1ff258e2cdcb794397dd67fff72168f902e4245ae8f978de3e`
SHA3	`cc580702165cf34f521e00e305f618c920990a67c08097936891c762573b86ee`

3841

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x82`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.81705`
MD5	`8bb814f43734537868736a6df5dcc012`
SHA1	`3ae7a8f8678bc2aed76f745960730097032389b6`
SHA256	`d91dc4e26fd86def5ee907c72f32457bea07d21fa618012245f641d08501548d`
SHA3	`73fabbc3aad03738eda288b6d45b076e7f94f1ff8de37df5ac4d6e7dc7a48f98`

3842

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.960953`
MD5	`0131ce1c2237957b6926d5097b0af63d`
SHA1	`2ce37b98065cc4de92e99eb0777e0e1159102068`
SHA256	`05e0d5787611ed4f643733e3e6e62d00f426422b5d3e443ceebac22e9d294bc4`
SHA3	`9ee7bcb02f48332a4fac72465297312ef9c765b03edf2ab24a4b3de0840bda6c`

128 (#3)

Type	`RT_ACCELERATOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x20`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.60141`
MD5	`949c4c4a9cc357ed41a23d110826c137`
SHA1	`27cbc97250d919d6a30f1919aac84e82149c345a`
SHA256	`e53ef5f9d08ae2dd58f4fecc181a5fa71c63cddad2b8372a7c0bfd67c421f33c`
SHA3	`5038ba6fb1afbe4af15f41bcf25938915c3ad036b5ef277e58fce5cb92885d6d`

30997

Type	`RT_ACCELERATOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x18`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.18432`
MD5	`59234155b156d66fea9d83c8a6e73f61`
SHA1	`30c7284c38084198b70d9de87bd937d39e3fdeec`
SHA256	`ee48922b209123c07ce4f4b41e44e75a9f45c4cea136e2f2b33d3b190861c785`
SHA3	`79830d58204197303ee4f567cdf1174f2a8be4538638edcd04b7910f50ca4ce1`

128 (#4)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x30`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.45849`
Detected Filetype	Icon file
MD5	`409e1724611e0bc39356e2f58888db55`
SHA1	`c06c0e66cc2f7956256e2f018aa0294bfa914960`
SHA256	`6ab18c3b81a5d30c5a190a4504cae807d73b1a4d02d56ffddf641abbb62b7210`
SHA3	`315b2ad40793f4ef885ff4c878169b02c62f619b57780a98a76c8538cd0ee5c9`

151

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.47702`
Detected Filetype	Icon file
MD5	`a665b984e221714430cdefd7b3b60256`
SHA1	`f95500d733fe97d3147e2d174491ca3dfb811a4c`
SHA256	`602cd95160cc398d3189ff328eddd35709fcc1b346666ed805c13061e895b215`
SHA3	`59158624d2db32a8a2de9f2c52019dfe5ecb6693b07e68473deeca1aea82b67d`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x3d4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.36024`
MD5	`7ca7a508d0b1f6831de014f1dc8d7dab`
SHA1	`09a890279e7786c0e6f3e82db1d623f46fbc95ee`
SHA256	`982d99f5dd689befca321735c0a45d2ab230e974fe89bd735434aa053313098c`
SHA3	`97b8cd1c12f21f1ddf7aec9a5910bcd6fe3d602f909e7843440e91e4a3211e05`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x26c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.01246`
MD5	`7d471a416c480c691b70ebd2c1b966f8`
SHA1	`fe3c58a7469c95dc915b8c028fc016d27be8f300`
SHA256	`d9e9362080b827810db09aa7091f2a82a4b0b874018a131707f572454649484e`
SHA3	`1bce59de66f97843559f9b4e808b330b1396514cfa695ae32b07434f756fc208`

128 (#5)

Type	`UNKNOWN`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x12`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.16993`
MD5	`2568d018dfaf90954875f10f2a312611`
SHA1	`9eab334d3ad9cdcffb6ede2fa5c14c08cbac8250`
SHA256	`130c1f95d6e1ae20f30363f19139da55fcbc8c4243ddd3df959fe63f6c7b092a`
SHA3	`1cc3b9225dd97a1e254ddd3d979a041d6d330dc2764313d5f70d68f6f093d3b3`

String Table contents

pestudio

pestudio
Executable (*.exe)
.exe
pestudio.Document
pestudio
...
...
...
...
...
...
.
close file
.
open file
.
create an XML report
.
save file
Configure pestudio
Configure pestudio
display program information, version number and copyright
about pestudio
quit pestudio
exit
EXT
Open
Save As
All Files (.)
Untitled
an unnamed file
&Hide

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	9.1.0.0
ProductVersion	9.1.0.0
FileFlags	`VS_FF_PRIVATEBUILD` `VS_FF_SPECIALBUILD`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	Malware Initial Assessment
CompanyName	www.winitor.com
FileDescription	Malware Initial Assessment - www.winitor.com
FileVersion (#2)	9, 1, 0, 0
InternalName	pestudio.exe
LegalCopyright	Copyright © 2009-2020 Marc Ochsenmeier
LegalTrademarks	www.winitor.com
OriginalFilename	pestudio.exe
ProductName	pestudio
ProductVersion (#2)	9, 1, 0, 0

Resource LangID	English - United States

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x4734e0`
SEHandlerTable	`0x46c0d0`
SEHandlerCount	`149`

RICH Header

XOR Key	`0xe7de55a5`
Unmarked objects	`0`
C objects (VS2012 build 50727 / VS2005 build 50727)	`9`
Imports (VS2012 build 50727 / VS2005 build 50727)	`19`
Total imports	`528`
ASM objects (VS2008 SP1 build 30729)	`24`
C objects (VS2008 SP1 build 30729)	`149`
C++ objects (VS2008 build 21022)	`3`
C++ objects (VS2008 SP1 build 30729)	`231`
Linker (VS2008 build 21022)	`1`
Resource objects (VS2008 SP1 build 30729)	`1`