Manalyze report for 01b9607028ea83bf227cad4aa440b4ffcd4740ee2fa156c4c3e1489af31c110c

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2023-Nov-09 13:24:27
Detected languages	Process Default Language

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryW LoadLibraryExA GetProcAddress LoadLibraryExW` `Can create temporary files: CreateFileW GetTempPathW` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	The file contains overlay data.	`18427354 bytes of data starting at offset 0xefe00.` `The overlay data has an entropy of 7.99624 and is possibly compressed or encrypted.` `Overlay data amounts for 94.938% of the executable.`
Malicious	VirusTotal score: 15/67 (Scanned on 2026-05-08 22:07:21)	`Antiy-AVL: Trojan/Win32.SchoolGirl` `Bkav: W32.Malware.9B3BCC95` `CTX: exe.trojan.schoolgirl` `ClamAV: Win.Malware.Sdum-10013178-0` `CrowdStrike: win/malicious_confidence_60% (W)` `Cylance: Unsafe` `DrWeb: Trojan.Siggen31.27996` `Elastic: malicious (high confidence)` `Fortinet: W32/SchoolGirl.OY!tr` `Google: Detected` `Ikarus: Trojan.SchoolGirl` `Jiangmin: Trojan.SchoolGirl.oy` `McAfeeD: ti!01B9607028EA` `VBA32: Trojan.SchoolGirl` `Zillya: Trojan.SchoolGirl.Win32.1502`

Hashes

MD5	`fa17ff72227c3f2f91d94dd5a0556db4`
SHA1	`f8ddbc25b1e2d16a50edc0a72c9109f8edd32018`
SHA256	`01b9607028ea83bf227cad4aa440b4ffcd4740ee2fa156c4c3e1489af31c110c`
SHA3	`99ffa1f3246c5e15eb2345efb74e81a76f48aa9612dd45334e296d8779d60bf7`
SSDeep	`393216:Mzg8RTVKmYgysnH5JZoaHwtkqebNHRLk6D3FTiuUgogVprghq:l8RpCyHQtkqebNbBiu1tMq`
Imports Hash	`c4dc216f9722bed60866f706c426f43d`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2023-Nov-09 13:24:27
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x84c00`
SizeOfInitializedData	`0x6ae00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0006405D (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x86000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0xf4000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`89eb29e390430e266037bbaf4fdc4bce`
SHA1	`00509aa2fbed92c053289e9cb17067a62ddc938b`
SHA256	`d3ea604cfedac000b9b6b6ec01ad6ff966efa9a2aa7ca2abef84b3624f9947a4`
SHA3	`0c9122a683f0c68fc67f260d6e5feddd55132ac87c288865b138d1f00785a184`
VirtualSize	`0x84b43`
VirtualAddress	`0x1000`
SizeOfRawData	`0x84c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.60432`

.rdata

MD5	`864822c39cdccfdbb410fa84535c9c6d`
SHA1	`0680cf3aa8c049af93635d9023c8bd534606ddaa`
SHA256	`76b092fe45615502fe9a4a0b1032bafdf1ae82918f75674d701fb36fc4021d81`
SHA3	`e23b4e46893cf942115811c85bb12eeac73b28672e6693a8eff226e862eb4dad`
VirtualSize	`0x1a7d2`
VirtualAddress	`0x86000`
SizeOfRawData	`0x1a800`
PointerToRawData	`0x85000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.05336`

.data

MD5	`58e3e47aed0782ed7080350e2f2d6101`
SHA1	`74ab61a9638bf43a75c4c5903fa6519a444c4993`
SHA256	`a5b6e3a8fc6f02be93cc1b0ce053e041988e52f855ea97ce592cd204faa79888`
SHA3	`9b6403ec7a0d5760f83873220734b2ed8887df49a4dceded725322e5457e8557`
VirtualSize	`0x280c`
VirtualAddress	`0xa1000`
SizeOfRawData	`0x1a00`
PointerToRawData	`0x9f800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.0159`

.rsrc

MD5	`16dd44027019179769af02b0da18bbde`
SHA1	`1a6bf7fbb57636352fd1e17918280925b7778ff6`
SHA256	`92800fcbd1e6679ff151831a207d652502ac6e634ed423f4fd6baa240146c94d`
SHA3	`0bbde511eac48b9ebd52790d5aae7727dcf243c65637cf1c7ca8db47fdc88f3c`
VirtualSize	`0x48590`
VirtualAddress	`0xa4000`
SizeOfRawData	`0x48600`
PointerToRawData	`0xa1200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.21985`

.reloc

MD5	`f337305f88f422f06d5ffcab631fb506`
SHA1	`138975ae057efba86cc3c68897893c993a71ed69`
SHA256	`62a9c700a606473407bd6b181a64e950d36a528c482dfdfccd9e7c8804549a59`
SHA3	`4e71c8ec8398279406997ae64cdf80358c9af6bb85d504098bb07a3a4ad7188a`
VirtualSize	`0x65f0`
VirtualAddress	`0xed000`
SizeOfRawData	`0x6600`
PointerToRawData	`0xe9800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.72938`

Imports

COMCTL32.dll	`#17`
WINMM.dll	`timeBeginPeriod` `joyGetDevCapsW` `joyGetPosEx` `timeEndPeriod`
KERNEL32.dll	`MultiByteToWideChar` `WideCharToMultiByte` `GlobalAddAtomW` `GlobalDeleteAtom` `lstrlenW` `GetCommandLineW` `GetExitCodeProcess` `GlobalAlloc` `GlobalLock` `GlobalUnlock` `SetErrorMode` `GetCurrentDirectoryW` `GlobalFree` `LoadLibraryW` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCommandLineA` `FindNextFileA` `FindFirstFileExA` `DecodePointer` `GetFileType` `GetProcessHeap` `LCMapStringW` `EnumSystemLocalesW` `GetUserDefaultLCID` `IsValidLocale` `GetOEMCP` `IsValidCodePage` `GetStringTypeW` `GetCPInfo` `HeapFree` `HeapReAlloc` `HeapAlloc` `GetStdHandle` `FindNextFileW` `GetModuleHandleExW` `ExitProcess` `SetEnvironmentVariableW` `DeleteFileW` `HeapSize` `GetACP` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `EncodePointer` `RtlUnwind` `InitializeSListHead` `GetCurrentThreadId` `GetCurrentProcessId` `GetStartupInfoW` `IsDebuggerPresent` `IsProcessorFeaturePresent` `TerminateProcess` `GetCurrentProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `GetSystemTimeAsFileTime` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `InitializeCriticalSectionAndSpinCount` `SetLastError` `QueryPerformanceFrequency` `QueryPerformanceCounter` `LoadLibraryExA` `GetModuleHandleW` `VirtualQuery` `VirtualProtect` `GetSystemInfo` `RaiseException` `CreateMutexW` `GetModuleFileNameW` `Sleep` `SetCurrentDirectoryW` `ReleaseMutex` `WaitForSingleObject` `FindClose` `FindFirstFileW` `CloseHandle` `SetFilePointerEx` `SetFilePointer` `WriteFile` `GetLastError` `ReadFile` `CreateFileW` `CreateDirectoryW` `GetTempFileNameW` `GetTempPathW` `WriteConsoleW` `RemoveDirectoryW` `GetVersionExW` `GetLocaleInfoW` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `SetStdHandle` `GetConsoleCP` `GetConsoleMode` `FlushFileBuffers` `GetModuleFileNameA`
USER32.dll	`DrawTextW` `OffsetRect` `DestroyWindow` `PostQuitMessage` `DrawEdge` `GetUpdateRect` `DefMDIChildProcW` `EndPaint` `BeginPaint` `InflateRect` `GetClassNameW` `GetDlgItemTextW` `SendDlgItemMessageW` `EndDialog` `GetDlgItem` `SetDlgItemTextW` `GetTabbedTextExtentW` `MapVirtualKeyW` `GetInputState` `DrawMenuBar` `SetMenuInfo` `DestroyMenu` `LoadMenuIndirectW` `GetMenuItemCount` `SetWindowPlacement` `GetWindowPlacement` `EndDeferWindowPos` `DeferWindowPos` `BeginDeferWindowPos` `GetDesktopWindow` `GetSystemMenu` `UpdateWindow` `GetWindow` `RegisterClassW` `RegisterClassExW` `ModifyMenuW` `GetMenuStringW` `GetMenuItemID` `DialogBoxParamW` `FillRect` `LoadImageW` `LoadIconW` `GetMonitorInfoW` `MonitorFromWindow` `GetSystemMetrics` `RedrawWindow` `IsIconic` `IsDialogMessageW` `SetTimer` `GetClipboardData` `CloseClipboard` `SetClipboardData` `EmptyClipboard` `OpenClipboard` `IsClipboardFormatAvailable` `CheckMenuItem` `EnableMenuItem` `GetMenu` `PtInRect` `PostMessageW` `InvalidateRect` `SetFocus` `GetFocus` `CallWindowProcW` `RemovePropW` `SetPropW` `SetWindowLongW` `GetPropW` `MessageBoxW` `GetParent` `GetActiveWindow` `ShowCursor` `SetCapture` `ReleaseCapture` `GetKeyState` `GetWindowRect` `GetWindowDC` `SetCursorPos` `ClientToScreen` `ScreenToClient` `GetCursorPos` `LoadStringW` `MapWindowPoints` `SetWindowPos` `IsZoomed` `GetWindowLongW` `AdjustWindowRectEx` `SendMessageW` `LockWindowUpdate` `ShowWindow` `IsWindowVisible` `GetClientRect` `SetWindowTextW` `wsprintfW` `IntersectRect` `KillTimer` `DestroyIcon` `GetSubMenu` `DeleteMenu` `GetMenuState` `LoadCursorW` `SetCursor` `SystemParametersInfoW` `GetSysColor` `ReleaseDC` `CreateIconIndirect` `GetDC` `MsgWaitForMultipleObjects` `DispatchMessageW` `TranslateMessage` `TranslateMDISysAccel` `GetMessageW` `PeekMessageW` `DialogBoxIndirectParamW`
GDI32.dll	`CreatePalette` `SelectPalette` `RealizePalette` `EnumFontFamiliesExW` `GetStockObject` `SelectObject` `GetTextExtentPointW` `GetDeviceCaps` `GetObjectW` `CreateFontIndirectW` `DeleteObject` `CreatePen` `Rectangle` `LineTo` `SetBkColor` `ExtTextOutW` `SetTextColor` `SetBkMode` `CreateRectRgn` `GetClipRgn` `ExcludeClipRect` `SelectClipRgn` `SetDIBits` `CreateCompatibleBitmap` `CreateSolidBrush` `CreateBitmap`
COMDLG32.dll	`GetSaveFileNameW` `GetOpenFileNameW`
SHELL32.dll	`DragFinish` `DragQueryFileW` `ShellExecuteExW` `DragAcceptFiles`
MMFS2.dll (delay-loaded)	`#3` `#172` `#831` `#19` `#1033` `#1145` `#425` `#1144` `#423` `#430` `#1146` `#121` `#31` `#1105` `#255` `#281` `#174` `#419` `#688` `#192` `#120` `#333` `#80` `#468` `#280` `#67` `#125` `#249` `#276` `#366` `#959` `#945` `#123` `#124` `#11` `#1049` `#1036` `#173` `#493` `#487` `#372` `#520` `#585` `#341` `#342` `#417` `#355` `#610` `#445` `#344` `#50` `#62` `#34` `#982` `#1106` `#1017` `#876` `#361` `#32` `#63` `#832` `#742` `#102` `#101` `#17` `#16` `#103` `#753` `#536` `#47` `#756` `#757` `#343` `#686` `#443` `#1000` `#265` `#1068` `#162` `#765` `#1069` `#379` `#661` `#1031` `#433` `#184` `#191` `#825` `#201` `#158` `#177` `#186` `#163` `#176` `#189` `#1073` `#183` `#153` `#1072` `#10` `#9` `#6` `#8` `#7` `#766` `#64` `#43` `#65` `#66` `#264` `#587` `#448` `#286` `#568` `#169` `#849` `#571` `#701` `#703` `#170` `#51` `#74` `#83` `#97` `#81` `#979` `#79` `#187` `#82` `#76` `#78` `#106` `#107` `#105` `#168` `#691` `#75` `#241` `#272` `#245` `#274` `#363` `#645` `#584` `#519` `#356` `#739` `#713` `#137` `#554` `#155` `#786` `#619` `#462` `#761` `#411` `#1120` `#469` `#1134` `#95` `#1123` `#1126` `#94` `#1124` `#1125` `#98` `#91` `#24` `#59` `#61` `#60` `#70` `#69` `#68` `#819` `#820` `#77` `#72` `#389` `#755` `#795` `#1054` `#1077` `#204` `#205` `#1071` `#203` `#195` `#198` `#196` `#199` `#808` `#813` `#809` `#807` `#811` `#810` `#814` `#812` `#826` `#827` `#828` `#422` `#803` `#806` `#800` `#802` `#804` `#798` `#805` `#799` `#801` `#797` `#830` `#829` `#607` `#1074` `#494` `#1130` `#1029` `#611` `#1081` `#27` `#39` `#29` `#834` `#1101` `#1007` `#837` `#896` `#975` `#953` `#893` `#986` `#954` `#895` `#1048` `#929` `#677` `#412` `#234` `#612` `#678` `#413` `#679` `#1118` `#680` `#573` `#414` `#415` `#416` `#232` `#972` `#681` `#476` `#620` `#762` `#236` `#114` `#104` `#171` `#789` `#790` `#46` `#111` `#42` `#113` `#115` `#254` `#785` `#722` `#328` `#116` `#90` `#84` `#1010` `#92` `#1008` `#1011` `#117` `#997` `#996` `#998` `#108` `#109` `#73` `#110` `#71` `#913` `#859` `#878` `#994` `#894` `#974` `#882` `#948` `#991` `#269` `#267` `#268` `#976` `#1006` `#985` `#1037` `#794` `#1053` `#1128` `#35` `#1080` `#18` `#340` `#14` `#984` `#5` `#418` `#750` `#695` `#23` `#1070` `#373` `#740` `#546` `#4` `#1055` `#2` `#1104`

Delayed Imports

Attributes	`0x1`
Name	`MMFS2.dll`
ModuleHandle	`0xa28f0`
DelayImportAddressTable	`0xa23d0`
DelayImportNameTable	`0x9e734`
BoundDelayImportTable	`0x9ec50`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0xa2260`

NvOptimusEnablement

Ordinal	`2`
Address	`0xa2264`

1

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.92854`
MD5	`f717f8caa074daba1206266e9bd62464`
SHA1	`1637551b882445888ae46ae4100ab788600593e5`
SHA256	`54f1d140b9d2d84a3c145ee525741f98549ddcf3adcd9c4fbc919ec1782b31e7`
SHA3	`e47c63e7f65986b0085ba0014bdb9aad7f3a506aebd2e6025435c5ac9cfe36d7`

2

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.99773`
MD5	`cf827ab9deb647913237045cfa841cbc`
SHA1	`4606da709ace5c98160edca3593f5aea9bfbfcff`
SHA256	`0c90ed09db3ff455b2d684aaf489f366a14ba8c3b7fa3e7e0cea27fe9c82dd71`
SHA3	`b0e8eb9eaa546b0711f722766c7e9dbb3792b207ef9577fcc14e5bfbe770dc42`

3

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.58939`
MD5	`fa4afc6abe95e8971e039f30a8768d41`
SHA1	`7f11e496b205cb24dd6ae4314ef96128e67a227d`
SHA256	`16c6d3cf02803d67929ffb6ad2abc3913bd52583802a10b2782e9233099c61ad`
SHA3	`b03488c7d61448b3267fccee9390f12c2683f630bec1372ced99792fedf5e043`

4

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.08745`
MD5	`b9590f17ca67a84fa5a72c2e6110596a`
SHA1	`f5c28e30fecf97462d704449d9f9c1fc36793ba7`
SHA256	`0a71554b8e31ff057f2ba2b721eb31bd5d13e087fb262b29abbfc937cd61843c`
SHA3	`256658029e3158e6d9834ef20a9cbb7743f31ac9b337e4872d3d6c54dc4b29e5`

5

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.2601`
MD5	`1c98e0ad5050767586fbb226a820cdce`
SHA1	`dea2bc41ac818f71edaea1e28e9d91da974d73a0`
SHA256	`72d742c0ffc745ae2a6d767ecb9b0f27c9756c4e4afe645caf1651a5868ec0ca`
SHA3	`1a9a85645354bc802adbee3d1f1008fb09aa17d27cdccb0f2a1a942852b9ce31`

6

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.2453`
MD5	`4d7587f6678519a128e30245da5a9281`
SHA1	`25d2fad63ce1dd07104deb4a46b3940d6f0251e4`
SHA256	`8cb563af8f6ac570810893e0f56ecfd595e3c540d44bdbc06f11bc2422fd220d`
SHA3	`44edc6dafd9c1ff416cfa793c8a8b2eaa0e8dcd6028130dbc50befabab399c99`

7

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.38291`
MD5	`67f51be7c8d2d8518afff0559b73c268`
SHA1	`7d71c8aa5000ea3c24f9a1637c2b40d1334a3942`
SHA256	`de8dd355722cc66eaa28fe77cfe67ffafe990852bbf8215ba4c0aba2c971d958`
SHA3	`250ed5f028ebfef8d6a3614a38c7adc38272e3b992d19fa36cf1a5865ba88b35`

13

Type	`RT_STRING`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x3fa`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34988`
MD5	`005fe1f2bbbd3995165c36361f280214`
SHA1	`338116c90b8696e7204143152b8584498f59c436`
SHA256	`ea48bc01658a49984f7a3bf318219f36a02d65496f087039a50d06447a59f8d8`
SHA3	`87597142a8d78b3f9d8d7baf4aeef7d330b32c7f7aa2e409f3eca9a6391c3012`

11

Type	`RT_RCDATA`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.32193`
MD5	`1e38289635b35278e8ba641b79216991`
SHA1	`75b4b2281c1eb47be1a42968af2d41a04e278a87`
SHA256	`457f3a7cb71f50ba3c8db8849a45c8a6c3576f91438a0f746ab181d4740c089d`
SHA3	`2e4b3559e89129066e3af515e4051757726609ea6403f2790f0c4b8caf51ffb6`

100

Type	`RT_GROUP_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.71787`
Detected Filetype	Icon file
MD5	`eee2def6081be6fc6c237a1035cd0d47`
SHA1	`8806faa001a31ea3b44f50dd48cc65beaeaf5980`
SHA256	`b4a86ff543995d1a1dcad86ec767539180bbe55d27b306186eb5fa4bc3d5872f`
SHA3	`293718c08c74df16bc3e220b2edcbf174192ba2080a5b914811bc9c27d661b57`

1 (#2)

Type	`RT_VERSION`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x168`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.11177`
MD5	`4a6c4dbca4a6ba825c51d7a8a0b272d4`
SHA1	`4fd74829baec181dba30b3fc12cfed0a795c9b1d`
SHA256	`2b02b147f047620fd419443b05d2a4da1ed142d73ec62db0a6610dee1ff7fd81`
SHA3	`6f4359b08a5595f5b65efbb0e5b6207d33d0e045f6b880ef66a9bba61b2e6f78`

1 (#3)

Type	`RT_MANIFEST`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x535`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.40577`
MD5	`98d04ec737c212c9593ac2b650cda4d2`
SHA1	`4a9b4811a56f0d81903e0df74644b31f15d6e32f`
SHA256	`7f537991985500f48e00a9f5012a8b5fec17d0668e40a3aac50ccae49df2e6e4`
SHA3	`0c2251ddaa52f73f778bf572eeb96c308c17728885b50b4aea0fd54d164359d7`

String Table contents

c777c391-2b41-42f3-a951-b6cc7663559d
Impossible d'initialiser l'application.
Erreur lors de l'ouverture du fichier.
Pas assez de mémoire!
Erreur de fichier!
Impossible de trouver %s!
Impossible de charger %s. Cet objet a peut-être besoin d'un programme externe ou d'une librairie non installée.
Il n'y a pas assez d'espace disponible sur le drive temporaire. Libérez de l'espace disque et ré-essayez.
Cette application a été construite avec une version incompatible de Clickteam Fusion.
Format inconnu!

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	3.0.295.10
ProductVersion	3.0.295.10
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	Process Default Language

Resource LangID	Process Default Language

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2023-Nov-09 13:24:27
Version	`0.0`
SizeofData	`884`
AddressOfRawData	`0x9d4d4`
PointerToRawData	`0x9c4d4`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2023-Nov-09 13:24:27
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0xa0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x4a1014`
SEHandlerTable	`0x49d430`
SEHandlerCount	`41`

RICH Header

XOR Key	`0xdacfaccf`
Unmarked objects	`0`
241 (40116)	`46`
243 (40116)	`139`
242 (40116)	`35`
ASM objects (VS 2015/2017 runtime 26706)	`20`
C objects (VS 2015/2017 runtime 26706)	`20`
C++ objects (VS 2015/2017 runtime 26706)	`43`
Imports (VS2008 SP1 build 30729)	`15`
Total imports	`618`
C++ objects (LTCG) (27049)	`43`
Exports (27049)	`1`
Resource objects (27049)	`1`
Linker (27049)	`1`

Errors

Leave a comment

No comments yet.