Manalyze report for 034ab6771e69e53035ba914f8b56156099f22f7e1cecfcf4f5fa53a25c4f1f5e

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2005-Jan-30 07:50:29
Detected languages	Process Default Language

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C 5.0` `Microsoft Visual C++` `Microsoft Visual C++ v6.0`
Suspicious	The PE is possibly packed.	`Unusual section name found: .clean` `Section .clean is both writable and executable.`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Functions which can be used for anti-debugging purposes: FindWindowA` `Code injection capabilities (PowerLoader): GetWindowLongA FindWindowA` `Can access the registry: RegCloseKey RegOpenKeyExA RegCreateKeyExA RegSetValueExA RegQueryValueExA` `Possibly launches other programs: ShellExecuteA` `Uses functions commonly found in keyloggers: CallNextHookEx GetForegroundWindow GetAsyncKeyState` `Enumerates local disk drives: GetDriveTypeA GetVolumeInformationA` `Can take screenshots: FindWindowA GetDC BitBlt CreateCompatibleDC`
Suspicious	The PE header may have been manually modified.	`The resource timestamps differ from the PE header: 2009-Aug-29 08:52:09`
Malicious	VirusTotal score: 44/72 (Scanned on 2026-04-04 10:00:57)	`AVG: FileRepMalware [Misc]` `AhnLab-V3: Trojan/Win32.Agent.C731784` `Alibaba: Trojan:Win32/Hesv.3ea178da` `Avast: FileRepMalware [Misc]` `Avira: TR/Agent.BHZI.479232` `CAT-QuickHeal: InfoStealer.AuroraCiR` `CTX: exe.trojan.hesv` `ClamAV: Win.Malware.Agent-6388751-0` `CrowdStrike: win/malicious_confidence_100% (W)` `Cylance: Unsafe` `Cynet: Malicious (score: 99)` `DeepInstinct: MALICIOUS` `DrWeb: Win32.Polipos.6` `ESET-NOD32: Generik.FNTHHJW trojan` `F-Secure: Trojan.TR/Agent.BHZI.479232` `Fortinet: GenericRXCP.OP!tr` `Google: Detected` `Gridinsoft: Malware.Win32.Gen.cc!s1` `K7AntiVirus: Trojan ( 000f224b1 )` `K7GW: Trojan ( 000f224b1 )` `Kaspersky: Trojan.Win32.Hesv.dgzi` `Lionic: Worm.Win32.Polip.tndl` `Malwarebytes: Malware.AI.3168916104` `MaxSecure: Trojan.Malware.12191244.susgen` `McAfeeD: ti!034AB6771E69` `Microsoft: Trojan:Win32/Tiggre!rfn` `NANO-Antivirus: Trojan.Win32.Agent.criaa` `Paloalto: generic.ml` `Rising: Trojan.Undefined!8.1327C (KTSE)` `Sangfor: Trojan.Win32.Hesv.Vb2y` `Skyhigh: BehavesLike.Win32.Dropper.gm` `Sophos: Mal/Generic-S` `Symantec: ML.Attribute.HighConfidence` `Tencent: Win32.Trojan.Hesv.Nzfl` `Trapmine: malicious.moderate.ml.score` `TrellixENS: GenericRXTR-SU!F125ED1B34BD` `VBA32: Trojan.Hesv` `Varist: W32/Fuery.I.gen!Eldorado` `VirIT: Backdoor.Win32.Siggen.SVQ` `Webroot:` `Xcitium: Backdoor.Win32.Agent.~dy070@1xbov3` `Yandex: Trojan.Agent!WU3yHnSAwWE` `alibabacloud: Trojan:Win/Tiggre` `huorong: Trojan/Generic!6D528EAF12527C07`

Hashes

MD5	`f125ed1b34bd1b165980d35c96c5d8c8`
SHA1	`977e8f7ed1e1b6e4259a898b859326b9192a4035`
SHA256	`034ab6771e69e53035ba914f8b56156099f22f7e1cecfcf4f5fa53a25c4f1f5e`
SHA3	`06ca480d70d66e93ffe4030c4ba4da82678b47746c6cdd4e2def0001ecba26fb`
SSDeep	`6144:9uZUY7eiLnfnB7pRi8I+SzLqiZ49XCUgNqGyCYUE/1roDepfYXtdo6YUNL:9uZUY7eandid+SVGCUgM7Ck/1raE2`
Imports Hash	`0b82c45359b424170f07ff5684c33b2b`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2005-Jan-30 07:50:29
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`5.0`
SizeOfCode	`0x58e00`
SizeOfInitializedData	`0x2f200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000271B0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x4b000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x7b000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`8844f67e881fa912ed3fdcd47cd92297`
SHA1	`634619a235802706d55515dfe03e777f52d42a13`
SHA256	`96f1dedc0070f3b56af0ec6222310d273d9126e08d4a775b011ecf4ade7e3f1a`
SHA3	`8cdfcaeedbd41ddd0390878228905b4714e5e9b71e500c61a9b7b5a2f56fd507`
VirtualSize	`0x491fd`
VirtualAddress	`0x1000`
SizeOfRawData	`0x49200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.60129`

.rdata

MD5	`724ca494353ef626e6069b7c70ea42c3`
SHA1	`f82db0adb9b6dda078be2d7f76628c5ad9ff5d5f`
SHA256	`846adb65ac34cdbe2c8dfde3f275ce41919f2549be0f409e46553e3078ac8daa`
SHA3	`15b5ea59542bc8b80b24343f347f032351286ca199ed346f42127fb28a07f55e`
VirtualSize	`0xbf88`
VirtualAddress	`0x4b000`
SizeOfRawData	`0xc000`
PointerToRawData	`0x49600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.36015`

.data

MD5	`83173ed6248130863c66e2cfcaf8833a`
SHA1	`92da19fe60ea39cfdd1ca510ff89c95d90f8aa6a`
SHA256	`12c77b1da1fc136954265c17ba3a804f49a4d33673e99b08746a2c66b03d56ab`
SHA3	`33918955a73e0d2000089df843b11796d3a5a756cf155142d4a8e6d6782008a6`
VirtualSize	`0x8e20`
VirtualAddress	`0x57000`
SizeOfRawData	`0x5800`
PointerToRawData	`0x55600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.1968`

.idata

MD5	`ce891d17722390cd80ce6c5730413716`
SHA1	`09071c91e6a8f356d2f9cb7b7fd2f103eb34f2ae`
SHA256	`116c2ae17b5c01636c9eb0c476ce31f7e9a8a54f43a378a03529ef74d1b0f4d5`
SHA3	`825c351b168790c9f5e51dbb714e09f7080e6b3a8830893d6125eedfdc5c47f2`
VirtualSize	`0x2c00`
VirtualAddress	`0x60000`
SizeOfRawData	`0x2c00`
PointerToRawData	`0x5ae00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.65904`

.clean

MD5	`84954907ce800b42a5a5fbd0bb0b99d1`
SHA1	`4a9b66603d1b6446899a1e7fcbbd2bd8378d4e61`
SHA256	`ca8a4b28e8b434e231027bf5d9952a7d32014111151ed7e3e2efc0b6fe934a0a`
SHA3	`60b55574fa3c1fb36aa434f85c990813466f17f2e269c8aef297762542959c8e`
VirtualSize	`0xfac7`
VirtualAddress	`0x63000`
SizeOfRawData	`0xfc00`
PointerToRawData	`0x5da00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`97b97222a17a31f91da8d49c43abf4da`
SHA1	`83bfdddda4d46b7079330e6378e9b4a3f6e65bd1`
SHA256	`9da524b5ce2e884e3212f7ddd13f5ceabf5ddc6ca8293dbfd7fefa0f9263ec8a`
SHA3	`a70d1ff72496bab5cfde556d5af599770a64b40dd628a6eca3ae9a3af0bf462c`
VirtualSize	`0x78d0`
VirtualAddress	`0x73000`
SizeOfRawData	`0x7a00`
PointerToRawData	`0x6d600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.69567`

Imports

WINMM.dll	`PlaySoundA`
KERNEL32.dll	`GetSystemTime` `GetLocalTime` `GetFileType` `GetStartupInfoA` `GetCommandLineA` `RtlUnwind` `RaiseException` `ExitProcess` `TerminateProcess` `GetACP` `HeapDestroy` `HeapCreate` `VirtualFree` `VirtualAlloc` `GetDriveTypeA` `GetTimeZoneInformation` `LCMapStringA` `LCMapStringW` `UnhandledExceptionFilter` `FreeEnvironmentStringsA` `FreeEnvironmentStringsW` `GetEnvironmentStrings` `GetEnvironmentStringsW` `SetUnhandledExceptionFilter` `GetStringTypeA` `GetStringTypeW` `IsBadCodePtr` `GetLocaleInfoA` `GetLocaleInfoW` `CompareStringA` `CompareStringW` `SetEnvironmentVariableA` `HeapSize` `HeapReAlloc` `HeapAlloc` `HeapFree` `GetOEMCP` `GetCPInfo` `GlobalGetAtomNameA` `GlobalAddAtomA` `GetFileTime` `GetFileSize` `GetFileAttributesA` `GetCurrentDirectoryA` `WritePrivateProfileStringA` `GetProcessVersion` `GlobalFlags` `TlsGetValue` `LocalReAlloc` `TlsSetValue` `EnterCriticalSection` `GlobalReAlloc` `LeaveCriticalSection` `GlobalHandle` `DeleteCriticalSection` `TlsAlloc` `InitializeCriticalSection` `GetFullPathNameA` `GetVolumeInformationA` `SetEndOfFile` `UnlockFile` `LockFile` `CloseHandle` `FlushFileBuffers` `SetFilePointer` `WriteFile` `ReadFile` `CreateFileA` `GetCurrentProcess` `DuplicateHandle` `lstrcpyA` `SetErrorMode` `FormatMessageA` `GlobalDeleteAtom` `lstrcmpiA` `GetCurrentThread` `GetThreadLocale` `FileTimeToLocalFileTime` `FileTimeToSystemTime` `IsBadReadPtr` `IsBadWritePtr` `lstrcmpA` `MultiByteToWideChar` `WideCharToMultiByte` `lstrlenA` `lstrcatA` `GetCurrentThreadId` `GlobalLock` `GlobalUnlock` `GetModuleFileNameA` `GetVersion` `MulDiv` `RemoveDirectoryA` `CreateDirectoryA` `DeleteFileA` `CopyFileA` `SetConsoleTextAttribute` `SetStdHandle` `AllocConsole` `SetConsoleCtrlHandler` `GetConsoleTitleA` `GetCurrentProcessId` `GetTickCount` `SetConsoleTitleA` `Sleep` `GetConsoleScreenBufferInfo` `FillConsoleOutputCharacterA` `FillConsoleOutputAttribute` `SetConsoleCursorPosition` `GetDateFormatA` `SizeofResource` `PeekConsoleInputA` `ReadConsoleInputA` `FlushConsoleInputBuffer` `LoadLibraryA` `GetProcAddress` `FreeLibrary` `GetStdHandle` `WriteConsoleA` `FreeConsole` `FindNextFileA` `FindFirstFileA` `GetLastError` `SetLastError` `FindClose` `GlobalAlloc` `GlobalFree` `GetVersionExA` `lstrcpynA` `FindResourceA` `LoadResource` `LockResource` `LocalUnlock` `LocalAlloc` `LocalLock` `LocalFree` `InterlockedDecrement` `InterlockedIncrement` `GetModuleHandleA` `SetHandleCount`
USER32.dll	`ReleaseCapture` `ReuseDDElParam` `UnpackDDElParam` `IsIconic` `RegisterClipboardFormatA` `PostThreadMessageA` `IsClipboardFormatAvailable` `GetTabbedTextExtentA` `SetRect` `LoadStringA` `ShowOwnedPopups` `GetSysColorBrush` `GetDesktopWindow` `PtInRect` `GetMessageA` `ValidateRect` `GetCursorPos` `CharUpperA` `PostQuitMessage` `CharNextA` `DestroyMenu` `MapDialogRect` `GrayStringA` `DrawTextA` `TabbedTextOutA` `EndPaint` `BeginPaint` `GetWindowDC` `GetMenuCheckMarkDimensions` `LoadBitmapA` `GetMenuState` `ModifyMenuA` `SetMenuItemBitmaps` `ShowWindow` `MoveWindow` `SetWindowTextA` `SetDlgItemTextA` `GetNextDlgTabItem` `EndDialog` `GetActiveWindow` `CreateDialogIndirectParamA` `SendDlgItemMessageA` `SystemParametersInfoA` `MapWindowPoints` `GetFocus` `SetFocus` `AdjustWindowRectEx` `EqualRect` `DeferWindowPos` `BeginDeferWindowPos` `EndDeferWindowPos` `ScrollWindow` `SetScrollInfo` `ShowScrollBar` `IsWindowEnabled` `IsChild` `GetCapture` `WinHelpA` `GetClassInfoA` `TranslateAcceleratorA` `GetMenuItemCount` `GetMenuItemID` `TrackPopupMenu` `GetDlgItem` `GetWindowTextA` `GetKeyState` `DefWindowProcA` `DestroyWindow` `CreateWindowExA` `SetWindowsHookExA` `CallNextHookEx` `SetPropA` `UnhookWindowsHookEx` `GetLastActivePopup` `GetForegroundWindow` `SetForegroundWindow` `GetPropA` `CallWindowProcA` `RemovePropA` `GetMessageTime` `GetMessagePos` `GetWindow` `SetWindowPos` `RegisterWindowMessageA` `GetCaretPos` `SetWindowLongA` `GetWindowLongA` `RemoveMenu` `GetSubMenu` `OpenClipboard` `EnumClipboardFormats` `CloseClipboard` `CreatePopupMenu` `ClientToScreen` `CheckMenuItem` `EnableMenuItem` `DestroyCursor` `DestroyIcon` `DrawIcon` `GetScrollRange` `SetScrollRange` `GetScrollPos` `GetClassNameA` `SetScrollPos` `KillTimer` `SetTimer` `GetMenu` `InsertMenuA` `LoadMenuA` `CreateMenu` `AppendMenuA` `SetMenu` `DrawMenuBar` `GetTopWindow` `PeekMessageA` `TranslateMessage` `DispatchMessageA` `WaitMessage` `IsDialogMessageA` `FindWindowA` `BringWindowToTop` `GetAsyncKeyState` `wsprintfA` `MessageBoxA` `LoadIconA` `SetCursor` `IsWindow` `DefFrameProcA` `GetParent` `DefMDIChildProcA` `RedrawWindow` `InvalidateRect` `LoadAcceleratorsA` `SetRectEmpty` `CopyAcceleratorTableA` `GetNextDlgGroupItem` `RegisterClassA` `MessageBeep` `UpdateWindow` `GetUpdateRect` `IsWindowVisible` `GetWindowRect` `ScreenToClient` `GetClientRect` `SetActiveWindow` `LoadCursorA` `GetDC` `ReleaseDC` `IsRectEmpty` `IntersectRect` `GetDlgCtrlID` `PostMessageA` `EnableWindow` `CopyRect` `GetSystemMetrics` `InflateRect` `OffsetRect` `DrawFrameControl` `DrawStateA` `SendMessageA` `LoadImageA` `GetSysColor` `GetWindowTextLengthA`
GDI32.dll	`GetClipBox` `ExcludeClipRect` `IntersectClipRect` `MoveToEx` `LineTo` `SetTextAlign` `SetPixelV` `GetViewportExtEx` `GetWindowExtEx` `PtVisible` `ScaleWindowExtEx` `TextOutA` `ExtTextOutA` `GetMapMode` `DPtoLP` `CreateDCA` `LPtoDP` `GetCharWidthA` `SetAbortProc` `GetPixel` `CreatePen` `GetStockObject` `PatBlt` `SetBoundsRect` `CreateCompatibleBitmap` `GetCurrentPositionEx` `GetCurrentObject` `CreatePenIndirect` `GetBkMode` `GetBkColor` `GetROP2` `GetBoundsRect` `BitBlt` `AbortDoc` `CreateFontIndirectA` `GetTextMetricsA` `CreateCompatibleDC` `SelectObject` `GetDIBColorTable` `SetWindowExtEx` `SetWindowOrgEx` `ScaleViewportExtEx` `SetViewportExtEx` `OffsetViewportOrgEx` `SetViewportOrgEx` `SetROP2` `SetBkMode` `RestoreDC` `SaveDC` `CreateBitmap` `SetBkColor` `SetTextColor` `SetMapMode` `DeleteEnhMetaFile` `PlayEnhMetaFile` `GetEnhMetaFileA` `ExtFloodFill` `Ellipse` `CreateSolidBrush` `GetTextExtentPointA` `RectVisible` `DeleteObject` `DeleteDC` `SelectPalette` `RealizePalette` `GetDIBits` `Escape` `SetStretchBltMode` `StretchDIBits` `GetDeviceCaps` `StartDocA` `StartPage` `EndPage` `EndDoc` `GetObjectA` `Rectangle` `GetTextColor`
comdlg32.dll	`CommDlgExtendedError` `FindTextA` `ReplaceTextA` `GetFileTitleA` `GetOpenFileNameA` `GetSaveFileNameA` `ChooseFontA` `PrintDlgA` `ChooseColorA`
WINSPOOL.DRV	`EndDocPrinter` `DocumentPropertiesA` `WritePrinter` `EndPagePrinter` `OpenPrinterA` `StartDocPrinterA` `StartPagePrinter` `ClosePrinter`
ADVAPI32.dll	`RegCloseKey` `RegOpenKeyExA` `RegCreateKeyExA` `RegSetValueExA` `RegQueryValueExA`
SHELL32.dll	`DragQueryFileA` `DragFinish` `ShellExecuteA`
COMCTL32.dll	`#17` `ImageList_Destroy`
oledlg.dll	`#8`
ole32.dll	`CoTaskMemAlloc` `CLSIDFromString` `CLSIDFromProgID` `CoTaskMemFree` `OleInitialize` `OleUninitialize` `CreateStreamOnHGlobal` `CreateILockBytesOnHGlobal` `StgCreateDocfileOnILockBytes` `OleIsCurrentClipboard` `OleFlushClipboard` `CoRevokeClassObject` `CoRegisterMessageFilter` `CoFreeUnusedLibraries` `CoGetClassObject` `StgOpenStorageOnILockBytes`
OLEAUT32.dll	`VariantClear` `SysStringLen` `OleCreateFontIndirect` `SysAllocStringLen` `SafeArrayGetDim` `SafeArrayGetElemsize` `SafeArrayGetLBound` `SafeArrayGetUBound` `SafeArrayAccessData` `SafeArrayUnaccessData` `VariantChangeType` `SysFreeString` `SysAllocStringByteLen` `SysAllocString` `VariantCopy` `OleLoadPicture`

Delayed Imports

1

Type	`RT_ICON`
Language	Process Default Language
Codepage	UNKNOWN
Size	`0x668`
TimeDateStamp	2009-Aug-29 08:52:09
Entropy	`2.98209`
MD5	`dc816d87ee9a1c867229e7f9a564cafa`
SHA1	`7be8dd53290bcb3c2fa3e642f14846b7c1c1abe5`
SHA256	`f4dcf403e2c479d7c5f8c11218b9eff8ad40e1e02717b257ce0e4c65b635b8e5`
SHA3	`bbb4269a47ff2e80717962114913d246411452c60634b0ec816ebb259d4633a8`

2

Type	`RT_ICON`
Language	Process Default Language
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	2009-Aug-29 08:52:09
Entropy	`3.26736`
MD5	`d2ccfe31ada1dff6e9d595c931d00de4`
SHA1	`48fe2b34773f2b52b10ca18dd823ff63e4040984`
SHA256	`2587f3affd84e7ee6b005924cfb76126d29ef670ba5c7bb5236ca2a024a214c5`
SHA3	`b534890b2ec5062caee2cdf242cb03d7dd273034406379b20e6254dd9a1a06f9`

3

Type	`RT_ICON`
Language	Process Default Language
Codepage	UNKNOWN
Size	`0x1e8`
TimeDateStamp	2009-Aug-29 08:52:09
Entropy	`3.44521`
MD5	`d3c1f1b4ca88bdf728e14305c5c84610`
SHA1	`af6798680bcc98eafbc926520f68aa61028f9bbe`
SHA256	`1bbabdc7e3a2694a0a96042287c771ee69c662cc174468bcdb121c6c10e189ca`
SHA3	`7fcda722bab97146b6076e44abdb3e050a0001f19392e195e30eb0391a17a045`

4

Type	`RT_ICON`
Language	Process Default Language
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	2009-Aug-29 08:52:09
Entropy	`3.27588`
MD5	`72d5bcb03a8897f8950c8e82fc0186b9`
SHA1	`e268b36c93682b4a875f51e58ae41cfa4f74f7f6`
SHA256	`c65dd32cde50a481b4b30fa70f05560cfc0756b9406240924894e2fb2b9928b4`
SHA3	`374bfde3bcda2939fa92468d202a44bed68ebe4f4ef9d48a70e9aa73596e3402`

5

Type	`RT_ICON`
Language	Process Default Language
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	2009-Aug-29 08:52:09
Entropy	`5.15143`
MD5	`e5c2a03405e62d554d2ffffee471dce1`
SHA1	`e59c5c686ff54d55cf32fceea033b692c6c9d7a3`
SHA256	`50dbf88edcfb72acd1344d15a0dc9ad05348b9bd6eca08524ee41e5e8384b931`
SHA3	`e4bb19a44af2fb5be80814df3106f3f2f82afc60bc64e18032084e8a2cf889f6`

6

Type	`RT_ICON`
Language	Process Default Language
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	2009-Aug-29 08:52:09
Entropy	`4.72049`
MD5	`71ded636e1f3d8897a7d64998f28f4aa`
SHA1	`6bcc8f65adfe3b36c4b3a25bf0e6dad5e3eee861`
SHA256	`e969c6cec151ab905a11fd6405779a0918ca7722b4d71ac330090ddeb9ce547e`
SHA3	`c3ca2d08641c1e74855cebc9f48928ff93437eaf26dbdccc5899ddc422a561e6`

7

Type	`RT_ICON`
Language	Process Default Language
Codepage	UNKNOWN
Size	`0x6c8`
TimeDateStamp	2009-Aug-29 08:52:09
Entropy	`4.32945`
MD5	`bd75bd859e7063ff873cc1290bd71100`
SHA1	`ae08bec5ca01998b64ceda2030c5d350793d2b93`
SHA256	`26d7c79daf56728a6dec63ea875e3541d585939cd41a967c7f9927d5a52e4fd4`
SHA3	`8dd056239b27bfe0fecc6c52cb0b19e251a440d93466909e7e996911466223e6`

8

Type	`RT_ICON`
Language	Process Default Language
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	2009-Aug-29 08:52:09
Entropy	`5.14937`
MD5	`6df17d64f8065246fbf056dbff053e7a`
SHA1	`cd8c177e5ffe9647716dd9846d9b5b0d4c635e57`
SHA256	`150f210ee845904c249d1f2f85fc99b2da5b28247efe4869f91025513891152d`
SHA3	`77716f1d5615f685d771bd50701f860368099427777b3c404b6f486d24827fd4`

9

Type	`RT_ICON`
Language	Process Default Language
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	2009-Aug-29 08:52:09
Entropy	`5.6151`
MD5	`8d795b145ce03515d70f4618967cffc2`
SHA1	`3dcb0cebfa032f15a694d6141d3dfd1e057f5700`
SHA256	`91d15b966907b251f8b39339f29fe814e841bcdfb9092ca010cd7f17b0237127`
SHA3	`806af5010764430ee53bf07a9712f30fea6ef3051cbef309206b8d1de72149f2`

10

Type	`RT_ICON`
Language	Process Default Language
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	2009-Aug-29 08:52:09
Entropy	`5.49524`
MD5	`5617e218eaa56315c53c5e9d287633a4`
SHA1	`b12d559af5bd2278ac79b68b8b9365677e1b5ed2`
SHA256	`8d470fa3a3d01f283903f78522955d0a808c451ae3a745444cebbfc645fc7610`
SHA3	`916053acce6e9e0e07903c739d5e38d9e4032ed8f6e0c2405b91405b9f1f1699`

11

Type	`RT_ICON`
Language	Process Default Language
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	2009-Aug-29 08:52:09
Entropy	`5.45533`
MD5	`46d781ab7cee8352c6bfc0aa8dd96d17`
SHA1	`4614606cf0f5a3eb5042d24bcb01b25f6d952aa0`
SHA256	`f0eab823cd3a25555d43c11ff2b6fac12edb9738691e075c9d3530f0ec6ed64e`
SHA3	`3828cbaa7c04ab82252a911df711f3d95f6e540c855ec99aeb79e9b676ca1c36`

12

Type	`RT_ICON`
Language	Process Default Language
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	2009-Aug-29 08:52:09
Entropy	`4.80125`
MD5	`b23f741c4627640d11a5477ba464c265`
SHA1	`dd1b3f4b879b07df52d94646ae5d11a3f6a5ad4c`
SHA256	`a601f901dda1ec5422264b7c08fe8fd0f5654ba358802c2b1da331c8507ac77a`
SHA3	`d8ab64450735b70a6ffcea31de231a6b61aaf376525dfa7e50084de3f75dc721`

A6F2D1FB

Type	`RT_RCDATA`
Language	Process Default Language
Codepage	UNKNOWN
Size	`0xf3`
TimeDateStamp	2009-Aug-29 08:52:09
Entropy	`6.6411`
MD5	`7ece9f8d28a71b26af0a337a39eeb56f`
SHA1	`65082a2a409d6b817bc6b9abf604efeead03c447`
SHA256	`e80504ccf532f00b3b1322dd2cf10dc07d1d9318facbceed9735fe969f73a4a5`
SHA3	`9814110abb88bd84f703ecd66c800cabdfe93bf6123ad08c2f5441cab973e7c5`

101

Type	`RT_GROUP_ICON`
Language	Process Default Language
Codepage	UNKNOWN
Size	`0xae`
TimeDateStamp	2009-Aug-29 08:52:09
Entropy	`3.06492`
Detected Filetype	Icon file
MD5	`9f09cf7bb38a28604b82294714b5aff8`
SHA1	`92235b3d49fd27218a58fbfad27ad6a619b54ffb`
SHA256	`d2d8ccd68849e94ea6b84f6835d0fe98ffa5c11e74a1138529e3c0b8d8edfe60`
SHA3	`31d634f42904a006333aee6a5258ab8c02eb1729897f4083ef50dad9565e0da3`

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1251535929. Falling back to posix timestamp.

Leave a comment

No comments yet.