Manalyze report for 025451e342ba1b8a6e1e3b31e699e3f5

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1992-Jun-19 22:22:17
Detected languages	Farsi - Iran German - Germany

Plugin Output

Suspicious	PEiD Signature:	`UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX v2.0 -> Markus, Laszlo & Reiser (h)` `UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX -> www.upx.sourceforge.net` `UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5`
Suspicious	The PE is packed with UPX	`Unusual section name found: UPX0` `Section UPX0 is both writable and executable.` `Unusual section name found: UPX1` `Section UPX1 is both writable and executable.` `The PE's resources are bigger than it is.`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Can access the registry: RegCloseKey`
Suspicious	The PE header may have been manually modified.	`Resource 101 is possibly compressed or encrypted.` `Resource 4082 is possibly compressed or encrypted.` `Resource 4083 is possibly compressed or encrypted.` `Resource 4084 is possibly compressed or encrypted.` `Resource 4085 is possibly compressed or encrypted.` `Resource 4087 is possibly compressed or encrypted.` `Resource 4088 is possibly compressed or encrypted.` `Resource 4089 is possibly compressed or encrypted.` `Resource 4090 is possibly compressed or encrypted.` `Resource 4091 is possibly compressed or encrypted.` `Resource 4092 is possibly compressed or encrypted.` `Resource 4093 is possibly compressed or encrypted.` `Resource 4094 is possibly compressed or encrypted.` `Resource 4095 is possibly compressed or encrypted.` `Resource 4096 is possibly compressed or encrypted.` `Resource PACKAGEINFO is possibly compressed or encrypted.` `The resource timestamps differ from the PE header: 2022-Jun-24 16:53:04` `Resources amount for 108.742% of the executable.`
Malicious	VirusTotal score: 47/66 (Scanned on 2022-06-26 08:55:46)	`ClamAV: Win.Virus.Induc-2` `FireEye: Win32.Induc.A` `CAT-QuickHeal: W32.Induc.A` `McAfee: W32/Induc` `Malwarebytes: Malware.Heuristic.1003` `K7AntiVirus: Virus ( f10009011 )` `BitDefender: Win32.Induc.A` `K7GW: Virus ( f10009011 )` `Arcabit: Win32.Induc.A` `Cyren: W32/Induc.A.gen!Eldorado` `Elastic: malicious (moderate confidence)` `ESET-NOD32: a variant of Win32/Induc.A` `APEX: Malicious` `Cynet: Malicious (score: 100)` `Kaspersky: Virus.Win32.Induc.b` `NANO-Antivirus: Virus.Win32.Induc.dffkeg` `MicroWorld-eScan: Win32.Induc.A` `Rising: Virus.Induc!1.9B53 (CLASSIC)` `Ad-Aware: Win32.Induc.A` `Emsisoft: Win32.Induc.A (B)` `Comodo: Virus.Win32.Induc.A0@1q1u4b` `DrWeb: Win32.Induc` `Zillya: Virus.Induc.Win32.1` `TrendMicro: PE_INDUC.A` `McAfee-GW-Edition: BehavesLike.Win32.Sytro.dc` `Trapmine: malicious.high.ml.score` `Sophos: W32/Induc-A` `SentinelOne: Static AI - Malicious PE` `Jiangmin: Win32/Induc.a` `Avira: W32/Induc.blr` `MAX: malware (ai score=81)` `Microsoft: Virus:Win32/Induc.A` `ZoneAlarm: Virus.Win32.Induc.b` `GData: Win32.Virus.Induct.A` `AhnLab-V3: Win32/Induc` `TACHYON: Virus/W32.Induc` `VBA32: Virus.Win32.Induc.c` `Cylance: Unsafe` `Panda: Generic Malware` `TrendMicro-HouseCall: PE_INDUC.A` `Yandex: Win32.Induc` `Ikarus: W32.Induc` `MaxSecure: Trojan.Malware.300983.susgen` `Fortinet: W32/Induc.A` `BitDefenderTheta: AI:FileInfector.CFA710080D` `AVG: FileRepMalware [Trj]` `Avast: FileRepMalware [Trj]`

Hashes

MD5	`025451e342ba1b8a6e1e3b31e699e3f5`
SHA1	`51ed96d694e8e3f3f836236d7022277f64c3cb13`
SHA256	`c8d47fc56180b34094e1d4981ab458b70baf8ada6a0b52bee8a924774a8f3e9e`
SHA3	`802227b00a0f23e3bdee0aea66cc3765941eb8360288877c1780f3ecb41eff1e`
SSDeep	`3072:koM+rrn8Xd/RqPz3fXGpR1f/XCrw/Le8bKT/TsJRHUVvmJKlmhg+fXqWv:HgXdRUbefXSrw/HKT/TUse2U6W`
Imports Hash	`b2ffe50101663960251616f00da3d5fb`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	1992-Jun-19 22:22:17
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_BYTES_REVERSED_HI` `IMAGE_FILE_BYTES_REVERSED_LO` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x32000`
SizeOfInitializedData	`0x1000`
SizeOfUninitializedData	`0x7c000`
AddressOfEntryPoint	`0x000AE280 (Section: UPX1)`
BaseOfCode	`0x7d000`
BaseOfData	`0xaf000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xb0000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

UPX0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x7c000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

UPX1

MD5	`1c63126cc8705707501bcd3b234217bf`
SHA1	`8237b562ca2da97b481fe9171bc39c5ccd56e67d`
SHA256	`e80af41fdc2fa634cd0034f497ce1845a4bc1e0a02e329cb121823a4bee96e7d`
SHA3	`0da6fdbe1bbcf2f860611519cd440c41e3332635cc6397584087bf0047cbcfce`
VirtualSize	`0x32000`
VirtualAddress	`0x7d000`
SizeOfRawData	`0x31600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.93066`

.rsrc

MD5	`96693bd155a28b996e44a83ad55430d3`
SHA1	`11f4dcd2210d801f6104df07b9f20e4b715e1634`
SHA256	`d640e8d5358fcdf31f8fe6eb0c35be45dca7b8ac56cbea9470ad53f93d440283`
SHA3	`96461dd994c99a93d9621ed22dea9cc334c9c1ee26cb8a7c712144fcd992a68d`
VirtualSize	`0x1000`
VirtualAddress	`0xaf000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x31a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.83383`

Imports

advapi32.dll	`RegCloseKey`
comctl32.dll	`ImageList_Add`
gdi32.dll	`SaveDC`
KERNEL32.DLL	`LoadLibraryA` `ExitProcess` `GetProcAddress` `VirtualProtect`
oleaut32.dll	`VariantCopy`
user32.dll	`GetDC`
version.dll	`VerQueryValueA`
winmm.dll	`waveOutGetNumDevs`

Delayed Imports

1

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

2

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

3

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

4

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

5

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

6

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

7

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

BBABORT

Type	`RT_BITMAP`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1d0`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

BBALL

Type	`RT_BITMAP`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1e4`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

BBCANCEL

Type	`RT_BITMAP`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1d0`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

BBCLOSE

Type	`RT_BITMAP`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1d0`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

BBHELP

Type	`RT_BITMAP`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1d0`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

BBIGNORE

Type	`RT_BITMAP`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1d0`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

BBNO

Type	`RT_BITMAP`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1d0`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

BBOK

Type	`RT_BITMAP`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1d0`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

BBRETRY

Type	`RT_BITMAP`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1d0`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

BBYES

Type	`RT_BITMAP`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1d0`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

PREVIEWGLYPH

Type	`RT_BITMAP`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xe8`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

101

Type	`RT_BITMAP`
Language	Farsi - Iran
Codepage	UNKNOWN
Size	`0x32968`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

DLGTEMPLATE

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x52`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`5.94292`
MD5	`d29046cfc3c09d719b8bc9c4b3bf63e1`
SHA1	`ef58e1cb856d3d0b86eea03248e71327ade1e7d7`
SHA256	`b7a459f9c15f84fa692f9c957a7f895d27a8c929bd781b46de600d2eaefc1cf6`
SHA3	`8f2cd91fb31fc290f332005e3010e59a8a11f8049326fa9a6b58c8a0898bc757`

101 (#2)

Type	`RT_DIALOG`
Language	German - Germany
Codepage	UNKNOWN
Size	`0x164`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`7.27972`
MD5	`740206b31e542def33556aa9029a2410`
SHA1	`d1a169b8ebde3215436dc9f9cc0e0d11161cb8c7`
SHA256	`555960ddb0f310ef7a1ef1de4edcb165cad8fa07109a031e5ca29e47db692fb1`
SHA3	`116eb530e32a0d0fde92463dc81ddf6731d6b8792b9a212854b7c58e3b4776d3`

4081

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xf4`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`6.94474`
MD5	`b26c9eab425cb8d9df3c2ef075bd83eb`
SHA1	`aca184355ab4cab4783ecde60afe48cbd065bb33`
SHA256	`9b8544fb43bb8e263d74f044db25d098201250b34bfa10254d3f797dfb42819b`
SHA3	`9c7190075b71c1fa091c4e732294673e9ea685a275305c8ea59b42707ac86975`

4082

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1dc`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`7.31876`
MD5	`18e36b93cbe716bc1524297a0b32b4f2`
SHA1	`5dbbd8edf6c74d38fe74e3f75996c82fd92f466d`
SHA256	`d2aa85fb07c573271aa64435639d72c0d6bee4451e90bf2907ca22957670469f`
SHA3	`e6640f4c81d04a8ab091c2646ce278d8054dd447c676bf0e89d054e3e7ee87f9`

4083

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x154`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`7.18064`
MD5	`6a0c805e67b3c1c70e41237b56db052e`
SHA1	`3f1396aadfb3d9393e5f31704878c1d808349b6f`
SHA256	`81d1fdb42bbf1f6ab6118816495ff50c6843ec06ccd2da27f7d534fdca5a63f1`
SHA3	`773dae59b76f1b5cce3f39d460dcb4ca288a923a39a5d87c1fa87a3f5dd64d56`

4084

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x240`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`7.40352`
MD5	`887c32f377c2f36c241979027fe532c0`
SHA1	`6071908d32f1d60e9a4cef7e886c913aad23172c`
SHA256	`7feca146a52627c3ca1f8fc167900a737bc336a5dd562c7ace23feb51d536c85`
SHA3	`38f0d37dd71f2be8578118ec81a32d87922a84d2e6489540e82d8ef64bd12b5e`

4085

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x184`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`7.29598`
MD5	`3396cc7e0df6acf3d81efa23647e1822`
SHA1	`ed822c79bfcb539e1cece0264685b7f82faca0ad`
SHA256	`dd56b7d53c02341257544afc48f736f92d5184eaad92f635e65220c1b0abcd73`
SHA3	`eef955f382c52d32b03ffc1ff89495d8b0eeb9a06da979004b96aaea1ccd4bd3`

4086

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xe8`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`6.85603`
MD5	`d60d382efb26d324805925d2cef8f87f`
SHA1	`df0ac407cafdf6824748d24c6542bda73b454734`
SHA256	`f7731b3422954f975541cb6651595449c1a520908379ae8562aa4d36cdb8a50c`
SHA3	`e422315eebe22e5b79fe507ddf884f616922cdce628af2a2fe261943a413daa7`

4087

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x154`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`7.19895`
MD5	`9a8637384618d3f5db582c93740851f1`
SHA1	`f7435a62ebb8b979bd92dc9f16fe1ad18295a660`
SHA256	`22de7a17e7ad48038f9ce5f20c7555cc98f5df8ad67efc28dc41a3beb82c1e66`
SHA3	`0c6ac26018dfde12681803a0cd5846ebfc711b559eafe95e1d99982c6b9651df`

4088

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x498`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`7.59961`
MD5	`133b9a86c36021109f7737748eaa304a`
SHA1	`4d22873eeb2f26b8c2d83453101fa5c8005cd2a6`
SHA256	`0e217a65bd4e3792b14eeb700c92ceea97f13b9255edc036bc20212f63c31310`
SHA3	`d49a4a1cedde70810ac93a942dd64b6eb18801921933545142eedddaa596021f`

4089

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x354`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`7.5062`
MD5	`5b8bdec6744caef84eb9351a3f7e60c3`
SHA1	`daaad1f775e60f95a18b0746d0bb67faf78c7e03`
SHA256	`191fa2ec0be401d6138bc3bd41687d13b26aa267edb85211749310186ccacb3b`
SHA3	`19298ccf9bfc1cecad9772bcfaf24438aeef9cb28885139e273d7821e281de33`

4090

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3e8`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`7.62974`
MD5	`449615642e32c47e13102abe9b1aa9a0`
SHA1	`07160ddd0cb5f9dccf21ac16d1305ba2fb16e914`
SHA256	`7bd239d015f7d81157b177d593b1ded57817728fa359ed125ff54cbfc0ee0bc1`
SHA3	`81bb19cdba2ce8548c02124dcbb9ab579215323fab4bb0a2549def9adf4961f8`

4091

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x234`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`7.43763`
MD5	`3c4af9a68b8f527eef7057ec29319725`
SHA1	`436121b710084c5072288b70c68050c61ca2bf7c`
SHA256	`a4a9d3879b965f06726973105cf2fd8e739af43be5b6d28b1c8cf07af69b476e`
SHA3	`1da39d939f691f3782c7df49f1bb520f379afea51233149496e047ed791ce9aa`

4092

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xec`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`7.03053`
MD5	`9509ee14669a14e68a50231a344c1392`
SHA1	`e66bb592a9a71972c19d6a3b428d2aa86f6ae7f9`
SHA256	`71115f22b34b45a46041e55e00cfc1bf0dd7f9754a91bb3b850c8fff111c728c`
SHA3	`fb6c0628e33507ce61acb96b7b94255142b1c2b24ab81c6ee1dd812bf48ade1b`

4093

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1b4`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`7.33633`
MD5	`7261046b820ffe591001baf5decee794`
SHA1	`c10cbd01af31d775f9b0d830e6f6feaf7c56ef7d`
SHA256	`e5699e354608563d7959347843d9a41b577d7fda7cd7ea9d02d618c600857bca`
SHA3	`2e58cb88d59096e4fdef4952cbf16f12a3259423072c22bc5213be6d86a15713`

4094

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3e4`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`7.55082`
MD5	`54bc08f455e2cb8e84659e6c7aeea825`
SHA1	`39f8ddc8a010986312b94049fb1e6a72ac135404`
SHA256	`ac7498fb709369658956b6002695650a77e3ee16903b6775cc07b2f0cd2992e7`
SHA3	`a11ff1b4faaa4e073a3b0d5ed98d1a0d0e7f4b903fc72095da3940e8086e9a2d`

4095

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x358`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`7.58895`
MD5	`7be38c0257427d4cab38ae59028159ed`
SHA1	`dcb989e80ab1d000893c7616e409d19bfa6ff542`
SHA256	`744c59a057ab5dcce056073579d4b726df8370347024f9cbb2e85971b328281a`
SHA3	`d87daf1d662fe89ee458fc29705e556110921b360a6054285bd056cd037d8e12`

4096

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2b4`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`7.53359`
MD5	`4c6cdd063c65f8802ee41e68308d79cb`
SHA1	`4854039757b7b6456b7fa2779c127e0a53b51916`
SHA256	`d196aa9e93e767f92f077b246c8cbcce1b0bc9caaa076980453c804ec6ba1cc0`
SHA3	`94b5b9fd0c6b77411672813469f9b340b77402e44c389d586a0d635c920a6611`

DVCLAL

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`3.875`
MD5	`5e2f38693163ab40df5e0620d5a50127`
SHA1	`58e72608edbe2ad409fc42ea6ddf71af1a78eb88`
SHA256	`43484a86df4fa325720485d1a6d72f8c4b242c5208a73e4506e2ad8f8d0fd005`
SHA3	`b92835eb3a238aa9345f485ce43d1d35608713db5646ed57fc730b3cf3adf4a4`

PACKAGEINFO

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x28c`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`7.49448`
MD5	`328d5f63965d308cda20dd2f0ccadeb7`
SHA1	`23e5a6c588908767024d27fde118b8d4f0a5933b`
SHA256	`12ab2b8d1285ecd81998065d8b0e1b48ff055b98a19a0dd05906e96f94f2f0c3`
SHA3	`a2c73cafc46b9a04c2cae614f8155646b5e860340446ce6052c8ff5d0edac1c0`

32761

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`3.82193`
MD5	`7ce038739c5b1020ae51e9132d05823d`
SHA1	`08713e877660a88defb3bb91e6c8b57fb250a87b`
SHA256	`e7a959a62d795dfbf8641eb1346f9368b8382ed6c90073a9802a16e2d89c4da3`
SHA3	`c3250a96782d879c113f0c1fff6c6e66e20c26a63bef982c747d43d80fb3a533`

32762

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`4.22193`
MD5	`08b1065f4d44901df60c7f9ed4845593`
SHA1	`85567148c6cbe38dc5ea7a91637f57b893e56f5c`
SHA256	`c97eb654c135fbe1aae209071df2c69951328263cfc2a65efa8dc86925c79051`
SHA3	`8c03c61ab0d76046f3d986691ee83d434d41f4063dd02ccdabcd6410247adbf0`

32763

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`4.12193`
MD5	`4731c6ef8ee04d571bc269c5f0efbfa6`
SHA1	`b06b11f9575b8c5c539d6a48c2bf958b096d40d7`
SHA256	`1dc587a5d1c1b683992f420808a4cd0623ff68279daf981fb48e3fc681fc8418`
SHA3	`fa627694061c8d711b167149a7f29b3602df900843553c610ba10384a1771cfa`

32764

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`4.32193`
MD5	`7fed35bbe6dc45abbb8ff0f88d6d3d4d`
SHA1	`bb8264f165ca95ca9f2f95f2bf4e62c8f5d594a1`
SHA256	`6d4c69195f011986ab3907c75895f19f541d24eb1aa2a9120120ec6da989c2e4`
SHA3	`27869433d4f19817290391156315770f9f11dc22a74a8f36d6451cce3004ee37`

32765

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`4.12193`
MD5	`84ba522944279479a476d4d623bcb621`
SHA1	`d6215b819a8cbc39ca2b5cbd1f7a5c8a5c096121`
SHA256	`204cba87b345e1193f69a6b54db9a72f2aaced91e91af6720378a3df4a240682`
SHA3	`79c98c1a282ce5fed65af214a199c6ea662cbbdc16ea84a346d37b0183a32784`

32766

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`4.32193`
MD5	`dbe5c8750bf87cd5e6e8b7efa1ccb486`
SHA1	`5d8c684539681feec99e1edc0d4e452ac5841a6b`
SHA256	`6d9f8f8c4ff7b4cd6e209e4d29dd30587a230a9c09b9332560453245f11f6b7a`
SHA3	`e0fde0869007312948c3e39686de79976e00dea3dbeba460b9afa2c508c052c6`

32767

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`4.22193`
MD5	`e6daa5948b1bbee87f45ebf297d2481d`
SHA1	`9592d7a03ceb15b3609544a08195504382815b8b`
SHA256	`14e1429ace05d1f8132ebc0b6f5aa105e0dcb031dcf1193b519d763a14aece14`
SHA3	`c4ff5bcb047ebb9e02e43e159a634c12b76fb2b9026dbbcefef805de3c0b782e`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x245`
TimeDateStamp	2022-Jun-24 16:53:04
Entropy	`4.95218`
MD5	`ec5f45455a2dc2584390b6ba8dac86b6`
SHA1	`c4430217c0673d86805482d90cf34fa38a3f758c`
SHA256	`a3eca8428248ea414fdceaf0b451393866fe413a5eae29264d1e29bb60c0c68c`
SHA3	`227245b0c93388712983c330d15338e56d8d46dbeb08c42d717f98c86d65706f`

String Table contents

污湯㵥礢獥㼢ാഊ㰊獡敳扭祬砠汭獮∽牵㩮捳敨慭⵳業牣獯景⵴潣㩭獡⹭ㅶ•慭楮敦瑳敖獲潩㵮ㄢ〮㸢਍†愼獳浥汢䥹敤瑮瑩൹ ठ祴数∽楷㍮∲਍††慮敭∽敄灬楨灁汰捩瑡潩≮਍††敶獲潩㵮ㄢ〮〮〮•਍†瀉潲散獳牯牁档瑩捥畴敲∽∪㸯਍†搼灥湥敤据㹹਍††搼灥湥敤瑮獁敳扭祬ാ ††㰠獡敳扭祬摉湥楴祴਍††††祴数∽楷㍮∲਍††††慮敭∽楍牣獯景⹴楗摮睯⹳潃浭湯䌭湯牴汯≳਍††††敶獲潩㵮㘢〮〮〮ഢ †††瀠扵楬䭣祥潔敫㵮㘢㤵戵㐶㐱挴晣搱≦਍††††慬杮慵敧∽∪਍††††牰捯獥潳䅲捲楨整瑣牵㵥⨢⼢ാ †㰠搯灥湥敤瑮獁敳扭祬ാ 㰠搯灥湥敤据㹹਍⼼獡敳扭祬ാ
ﶼ
ﵰ
﷉
ﵸ
﷖
ﶀ
﷠
ﶈ
﷭
ﶜ
ﷺ
ﶤ
︅
ﶬ
︑
ﶴ
︜
︪
︺
﹠
﹂
﹐
﹮
ﹾ
ﺌ
ﺔ
ﺤ
摡慶楰㈳搮汬挀浯瑣㍬⸲汤l摧㍩⸲汤l䕋乒䱅㈳䐮䱌漀敬畡㍴⸲汤l獵牥㈳搮汬瘀牥楳湯搮汬眀湩浭搮汬敒䍧潬敳敋y浉条䱥獩彴摁d慓敶䍄硅瑩牐捯獥s敇側潲䅣摤敲獳潌摡楌牢牡䅹楖瑲慵偬潲整瑣慖楲湡䍴灯y敇䑴C敖兲敵祲慖畬䅥慷敶畏䝴瑥畎䑭癥s
畡㍴⸲汤l獵牥㈳搮汬瘀牥楳湯搮汬眀湩浭搮汬敒䍧潬敳敋y浉条䱥獩彴摁d慓敶䍄硅瑩牐捯獥s敇側潲䅣摤敲獳潌摡楌牢牡䅹楖瑲慵偬潲整瑣慖楲湡䍴灯y敇䑴C敖兲敵祲慖畬䅥慷敶畏䝴瑥畎䑭癥s

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not reach the TLS callback table.
[*] Warning: Section UPX0 has a size of 0!
[!] Error: Bitmap BBABORT is malformed!
[!] Error: Bitmap BBALL is malformed!
[!] Error: Bitmap BBCANCEL is malformed!
[!] Error: Bitmap BBCLOSE is malformed!
[!] Error: Bitmap BBHELP is malformed!
[!] Error: Bitmap BBIGNORE is malformed!
[!] Error: Bitmap BBNO is malformed!
[!] Error: Bitmap BBOK is malformed!
[!] Error: Bitmap BBRETRY is malformed!
[!] Error: Bitmap BBYES is malformed!
[!] Error: Bitmap PREVIEWGLYPH is malformed!
[!] Error: Bitmap  is malformed!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Resource 32761 is empty!
[*] Warning: Resource 32762 is empty!
[*] Warning: Resource 32763 is empty!
[*] Warning: Resource 32764 is empty!
[*] Warning: Resource 32765 is empty!
[*] Warning: Resource 32766 is empty!
[*] Warning: Resource 32767 is empty!