Manalyze report for 06609637774c01234f0db41c570f010d47a077f7a89fafca9740c4e026445455

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Jan-25 08:00:36
Detected languages	English - United States
FileVersion	`2.0.19`
ProductVersion	`2.0.19`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: .exe.bat.com autohotkey.com exe.bat.com http://www.w3.org http://www.w3.org/2001/XMLSchema http://www.w3.org/2001/XMLSchema-instance https://autohotkey.com www.w3.org`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress LoadLibraryW LoadLibraryExW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowW` `Code injection capabilities: OpenProcess WriteProcessMemory VirtualAllocEx` `Code injection capabilities (PowerLoader): FindWindowW GetWindowLongW` `Can access the registry: RegisterHotKey RegDeleteKeyW RegSetValueExW RegCreateKeyExW RegQueryValueExW RegDeleteValueW RegCloseKey RegOpenKeyExW RegQueryInfoKeyW RegEnumValueW RegEnumKeyExW RegDeleteKeyExW` `Possibly launches other programs: CreateProcessW CreateProcessWithLogonW` `Can create temporary files: CreateFileW GetTempPathW` `Uses functions commonly found in keyloggers: MapVirtualKeyW GetAsyncKeyState AttachThreadInput GetForegroundWindow CallNextHookEx` `Memory manipulation functions often used by packers: VirtualProtect VirtualAllocEx` `Has Internet access capabilities: InternetCloseHandle InternetReadFileExA InternetReadFile InternetOpenW InternetOpenUrlW` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Interacts with services: OpenSCManagerW` `Enumerates local disk drives: GetDriveTypeW GetVolumeInformationW` `Manipulates other processes: OpenProcess WriteProcessMemory ReadProcessMemory Process32FirstW Process32NextW` `Can take screenshots: GetDC FindWindowW CreateCompatibleDC BitBlt` `Reads the contents of the clipboard: GetClipboardData` `Can shut the system down or lock the screen: ExitWindowsEx`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`1aad9057082751d2db0f09fc910ee28d`
SHA1	`205a7916c481e5cd6788e3a5233b681559e0e082`
SHA256	`06609637774c01234f0db41c570f010d47a077f7a89fafca9740c4e026445455`
SHA3	`bc3f04093955309ed902beca990db626c456f2d35a6dfedbff9f6a5b756786ca`
SSDeep	`24576:NjZhmWcUs8EnqneJqexPvAzoCVCJBTvNu/3fzFfo0WV:N5pAnqnewedhpBrNunpfq`
Imports Hash	`095f38dd86d11207273c6e48ee9443b3`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2025-Jan-25 08:00:36
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xe3000`
SizeOfInitializedData	`0x55400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000BEC3C (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x141000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA`
SizeofStackReserve	`0x400000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`9272e9aca7014dd896806e3512d9fcaf`
SHA1	`2111d2a5cecd52953f7f150c42e368b8781c3abc`
SHA256	`c75baa76440c3362b1ac1d63003e3cdc079112f270131d3e493926e6a45a870f`
SHA3	`1f5095c447244de5800d47daf9a37301435cf2e1e5077f246fba66ed1cc20b64`
VirtualSize	`0xe2f66`
VirtualAddress	`0x1000`
SizeOfRawData	`0xe3000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.5254`

.rdata

MD5	`42e10ec4bbd5867dcde6fd6aadf6c7cd`
SHA1	`04f6874354dd973cf687317e73f0b13ffe6cf984`
SHA256	`6e3b5a0d32182a3e7744843f49b6d0d873901b5b1443f06e2a9ef7f9b1b7febd`
SHA3	`e29b70cdaf19c70cf99107e2b12715db8587865011b8dd225fb07e846a5f29db`
VirtualSize	`0x3c1f6`
VirtualAddress	`0xe4000`
SizeOfRawData	`0x3c200`
PointerToRawData	`0xe3400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.12017`

.data

MD5	`c096c26123ddc7b66761eb083c9d9bc3`
SHA1	`1366792ce00bd969b760c3212edb3c2e1981412c`
SHA256	`81faf33191e42dcb39e8244d2c3d32026f0d45a92d934ddc1bbd5f0f3672d4dd`
SHA3	`63a96ec8e9e5acbfcd0cf28f100799b34abc083dbdb6542614b8f07ee6832336`
VirtualSize	`0xd15c`
VirtualAddress	`0x121000`
SizeOfRawData	`0x8800`
PointerToRawData	`0x11f600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.23229`

.pdata

MD5	`dc7af3c53d803a4b54a0890937448288`
SHA1	`0f3fac23061b2e263a3b95f13f9cfdd90996893b`
SHA256	`2613933cfd500fa5177c8594acecb2928570cdcc1a8a7d83125cd73411f14c2c`
SHA3	`f84260a9a2aeec48bdd3bae25b7b682472a9ed43da3152fbbddbea89bdd664a8`
VirtualSize	`0x7fec`
VirtualAddress	`0x12f000`
SizeOfRawData	`0x8000`
PointerToRawData	`0x127e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.0205`

_RDATA

MD5	`6063ebc15738c7865f86c4f6454e3a94`
SHA1	`2d56a2f2d42dd03f36023e3ed0be62e2650e3f7a`
SHA256	`df8a6575784c2c0ba5f87f642a7d03a5439a36eab4f5db12d571ef7fb92f979b`
SHA3	`8f8957afd8800d21d4b83bec9e754ccc66d9147c74e9bb825eb1cfe1f9753f2b`
VirtualSize	`0x1f4`
VirtualAddress	`0x137000`
SizeOfRawData	`0x200`
PointerToRawData	`0x12fe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.23607`

.rsrc

MD5	`ef2b270d137d6314ec7de0137edecec8`
SHA1	`f0e160f84b1734f63eb90ee7c484e803637abd91`
SHA256	`75ba79aff419808e5045ef8e082481e549a32d34037f57f1805cbe6f6e3070c4`
SHA3	`e285861fb8fbdc14d3767e207ec8b2bac5a48e8335597ddb7100cf26c8686ef0`
VirtualSize	`0x8674`
VirtualAddress	`0x138000`
SizeOfRawData	`0x8800`
PointerToRawData	`0x130000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.31943`

Imports

WSOCK32.dll	`WSAGetLastError` `getservbyname` `htonl` `send` `recv` `inet_addr` `WSAAsyncSelect` `inet_ntoa` `gethostbyname` `WSASetLastError` `ioctlsocket` `htons` `gethostbyaddr` `getservbyport` `ntohs` `WSAStartup` `gethostname` `shutdown` `WSACleanup` `closesocket` `connect` `socket`
WINMM.dll	`joyGetPosEx` `mciSendStringW` `joyGetDevCapsW`
VERSION.dll	`GetFileVersionInfoW` `VerQueryValueW` `GetFileVersionInfoSizeW`
COMCTL32.dll	`ImageList_GetIconSize` `ImageList_Create` `ImageList_Destroy` `ImageList_AddMasked` `ImageList_ReplaceIcon` `CreateStatusWindowW`
PSAPI.DLL	`GetProcessImageFileNameW`
WININET.dll	`InternetCloseHandle` `InternetReadFileExA` `InternetReadFile` `InternetOpenW` `InternetOpenUrlW`
SHLWAPI.dll	`StrCmpLogicalW`
UxTheme.dll	`EnableThemeDialogTexture` `SetWindowTheme` `IsAppThemed`
dwmapi.dll	`DwmGetWindowAttribute`
KERNEL32.dll	`GlobalFree` `GlobalUnlock` `WideCharToMultiByte` `GetCPInfo` `GetSystemDirectoryA` `LoadLibraryA` `GetProcAddress` `FreeLibrary` `GetCurrentThreadId` `GetEnvironmentVariableW` `IsValidCodePage` `LoadLibraryW` `GetLastError` `OutputDebugStringW` `lstrcmpiW` `GetStringTypeExW` `CreateThread` `SetThreadPriority` `GetExitCodeThread` `CloseHandle` `CreateMutexW` `VirtualProtect` `SetLastError` `GetModuleHandleW` `GetDiskFreeSpaceExW` `GetDriveTypeW` `CreateFileW` `DeviceIoControl` `SetVolumeLabelW` `GetVolumeInformationW` `GetDiskFreeSpaceW` `SetEnvironmentVariableW` `MultiByteToWideChar` `GetFullPathNameW` `GetFileAttributesW` `CreateDirectoryW` `ReadFile` `DeleteFileW` `LoadResource` `LockResource` `WriteFile` `SizeofResource` `SetCurrentDirectoryW` `CompareStringOrdinal` `CopyFileW` `SetFileAttributesW` `FindFirstFileW` `FindNextFileW` `FindClose` `FileTimeToLocalFileTime` `LocalFileTimeToFileTime` `GetSystemTimeAsFileTime` `SetFileTime` `GetFileSizeEx` `MoveFileW` `GlobalLock` `OpenProcess` `TerminateProcess` `SetPriorityClass` `GetProcessId` `QueryDosDeviceW` `EnterCriticalSection` `LeaveCriticalSection` `Beep` `GetLocalTime` `GetDateFormatW` `GetTimeFormatW` `GetDateFormatEx` `GetTickCount64` `GetSystemTime` `GetSystemDefaultUILanguage` `GetComputerNameW` `GetCurrentDirectoryW` `GetSystemWindowsDirectoryW` `GetTempPathW` `WaitForSingleObject` `GetExitCodeProcess` `WriteProcessMemory` `ReadProcessMemory` `GetVersionExW` `InitializeCriticalSection` `DeleteCriticalSection` `GetModuleFileNameW` `SetDllDirectoryW` `GetModuleHandleExW` `GetShortPathNameW` `CreateProcessW` `FormatMessageW` `CompareStringW` `RemoveDirectoryW` `GetCurrentProcess` `CreateToolhelp32Snapshot` `Process32FirstW` `Process32NextW` `GetPrivateProfileStringW` `GetPrivateProfileSectionW` `GetPrivateProfileSectionNamesW` `WritePrivateProfileStringW` `WritePrivateProfileSectionW` `SetEndOfFile` `GetACP` `GetFileType` `GetStdHandle` `SetFilePointerEx` `SystemTimeToFileTime` `FileTimeToSystemTime` `GetFileSize` `IsWow64Process` `VirtualAllocEx` `VirtualFreeEx` `EnumResourceNamesW` `LoadLibraryExW` `GlobalSize` `FindResourceW` `SetErrorMode` `Sleep` `GetTickCount` `MulDiv` `RtlUnwindEx` `RtlPcToFileHeader` `RaiseException` `EncodePointer` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `GetCommandLineA` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCommandLineW` `ExitProcess` `HeapSize` `HeapReAlloc` `HeapQueryInformation` `HeapFree` `HeapAlloc` `GetProcessHeap` `FindFirstFileExW` `GetOEMCP` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `LCMapStringW` `GlobalAlloc` `SetStdHandle` `GetStringTypeW` `FlushFileBuffers` `GetConsoleOutputCP` `GetConsoleMode` `WriteConsoleW` `GetCurrentProcessId` `InitializeSListHead`
USER32.dll	`SetWindowPos` `EnumWindows` `IsZoomed` `IsIconic` `GetLayeredWindowAttributes` `SetLayeredWindowAttributes` `DestroyWindow` `RegisterClassExW` `SystemParametersInfoW` `CreateWindowExW` `GetMenu` `EnableMenuItem` `LoadAcceleratorsW` `AddClipboardFormatListener` `RemoveClipboardFormatListener` `LoadImageW` `PostQuitMessage` `CheckMenuItem` `RegisterWindowMessageW` `DefWindowProcW` `SetForegroundWindow` `MonitorFromPoint` `GetSystemMenu` `GetMenuItemCount` `GetMenuItemID` `GetSubMenu` `GetMenuStringW` `ExitWindowsEx` `GetPropW` `GetClassLongW` `SetMenu` `SetPropW` `RemovePropW` `GetSysColor` `RedrawWindow` `DrawTextW` `SetParent` `GetClassInfoExW` `AdjustWindowRectEx` `GetAncestor` `UpdateWindow` `FlashWindow` `GetMessagePos` `GetSysColorBrush` `FillRect` `GetClassLongPtrW` `CallWindowProcW` `CheckRadioButton` `IntersectRect` `GetUpdateRect` `PtInRect` `CreateDialogIndirectParamW` `CreateAcceleratorTableW` `DestroyAcceleratorTable` `InsertMenuItemW` `RemoveMenu` `SetMenuItemInfoW` `GetMenuItemInfoW` `SetMenuDefaultItem` `CreateMenu` `CreatePopupMenu` `SetMenuInfo` `DestroyMenu` `TrackPopupMenuEx` `CopyImage` `CreateIconIndirect` `CreateIconFromResourceEx` `DrawIconEx` `EnumClipboardFormats` `GetWindow` `BringWindowToTop` `GetQueueStatus` `GetLastActivePopup` `GetShellWindow` `MapVirtualKeyW` `VkKeyScanExW` `SetWindowRgn` `GetKeyboardLayoutNameW` `ActivateKeyboardLayout` `GetGUIThreadInfo` `GetWindowTextW` `mouse_event` `WindowFromPoint` `keybd_event` `SetKeyboardState` `GetKeyboardState` `GetCursorPos` `GetAsyncKeyState` `AttachThreadInput` `SendInput` `UnregisterHotKey` `RegisterHotKey` `SendMessageTimeoutW` `CharUpperW` `UnhookWindowsHookEx` `SetWindowsHookExW` `PostThreadMessageW` `IsCharAlphaNumericW` `IsCharUpperW` `IsCharLowerW` `ToUnicodeEx` `GetKeyboardLayout` `CharLowerW` `ReleaseDC` `GetDC` `DialogBoxParamW` `ScrollWindow` `GetSystemMetrics` `GetWindowRect` `GetWindowLongPtrW` `SetFocus` `DefDlgProcW` `MoveWindow` `MapWindowPoints` `GetClientRect` `EnableWindow` `MapDialogRect` `GetDlgItem` `SetWindowLongPtrW` `SetWindowTextW` `MessageBoxW` `OpenClipboard` `GetClipboardData` `GetClipboardFormatNameW` `CloseClipboard` `SetClipboardData` `EmptyClipboard` `PostMessageW` `FindWindowW` `IsChild` `IsWindowVisible` `SetActiveWindow` `EnumChildWindows` `GetLastInputInfo` `LoadCursorW` `GetCursorInfo` `ClientToScreen` `MessageBeep` `GetIconInfo` `GetWindowTextLengthW` `InvalidateRect` `AdjustWindowRect` `SetDlgItemTextW` `SendDlgItemMessageW` `IsCharAlphaW` `EndDialog` `IsWindow` `DispatchMessageW` `TranslateMessage` `ShowWindow` `IsClipboardFormatAvailable` `CountClipboardFormats` `SetWindowLongW` `ScreenToClient` `GetMonitorInfoW` `IsDialogMessageW` `SendMessageW` `IsWindowEnabled` `GetWindowLongW` `GetKeyState` `TranslateAcceleratorW` `KillTimer` `PeekMessageW` `GetFocus` `GetClassNameW` `GetWindowThreadProcessId` `GetForegroundWindow` `GetMessageW` `SetTimer` `GetParent` `GetDlgCtrlID` `EnumDisplayMonitors` `DestroyIcon` `MapVirtualKeyExW` `BlockInput` `CallNextHookEx`
GDI32.dll	`GdiFlush` `CreateDIBSection` `EnumFontFamiliesExW` `SetBrushOrgEx` `GetObjectW` `CreatePatternBrush` `GetClipBox` `SetBkMode` `SetBkColor` `GetDeviceCaps` `CreateCompatibleDC` `CreateFontIndirectW` `GetStockObject` `CreateSolidBrush` `GetCharABCWidthsW` `GetTextMetricsW` `GetPixel` `GetDIBits` `SelectObject` `CreateDCW` `CreateFontW` `CreatePolygonRgn` `CreateRectRgn` `CreateRoundRectRgn` `CreateEllipticRgn` `DeleteObject` `BitBlt` `CreateCompatibleBitmap` `DeleteDC` `GetSystemPaletteEntries` `SetTextColor`
ADVAPI32.dll	`UnlockServiceDatabase` `RegDeleteKeyW` `RegSetValueExW` `RegCreateKeyExW` `RegQueryValueExW` `AdjustTokenPrivileges` `LookupPrivilegeValueW` `OpenProcessToken` `RegDeleteValueW` `GetUserNameW` `RegConnectRegistryW` `RegCloseKey` `RegOpenKeyExW` `RegQueryInfoKeyW` `RegEnumValueW` `RegEnumKeyExW` `CreateProcessWithLogonW` `OpenSCManagerW` `LockServiceDatabase` `CloseServiceHandle` `RegDeleteKeyExW`
SHELL32.dll	`SHBrowseForFolderW` `DragFinish` `SHGetKnownFolderPath` `ExtractIconW` `DragQueryPoint` `SHEmptyRecycleBinW` `SHFileOperationW` `SHGetPathFromIDListW` `DragQueryFileW` `SHGetDesktopFolder` `SHGetMalloc` `SHCreateItemFromParsingName` `ShellExecuteExW` `SHGetFolderPathW` `Shell_NotifyIconW`
ole32.dll	`CoCreateInstance` `CoTaskMemFree` `CLSIDFromString` `OleInitialize` `OleFlushClipboard` `OleUninitialize` `CoInitialize` `CoUninitialize` `CLSIDFromProgID` `CoGetObject` `StringFromGUID2` `CreateStreamOnHGlobal`
OLEAUT32.dll	`SafeArrayUnaccessData` `SafeArrayGetElemsize` `SafeArrayDestroy` `SysFreeString` `GetActiveObject` `SysStringLen` `SafeArrayCreate` `OleLoadPicture` `VariantChangeType` `SysAllocString` `SafeArrayCopy` `SysAllocStringLen` `VariantCopyInd` `SafeArrayGetUBound` `SafeArrayGetLBound` `VariantClear` `SafeArrayGetDim` `SafeArrayLock` `SafeArrayPtrOfIndex` `SafeArrayUnlock` `SafeArrayAccessData`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x244`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.33249`
Detected Filetype	PNG graphic file
MD5	`9d07814a27f482c2d7c563ff6868c539`
SHA1	`bcfd3b11a28ff193373d7dab4ffca072b533c3de`
SHA256	`8f5cb2266f8445405c75921de831112f60a2262041ed60039e0871bffd6d7203`
SHA3	`e8c0f6c3cf8716e8c9e004156c373dbfa924237651b3d0306f07367cad85be43`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x197`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.85349`
Detected Filetype	PNG graphic file
MD5	`95eee4f269dc68bf7d0937d648cf38bf`
SHA1	`f9226a77de6ec90b53720252560cdd466ac244ef`
SHA256	`efe628398ba9727fe5341b60615e17b10977f05bce50adf6af5d4d1da7c740d2`
SHA3	`1929d34939e214cf8df483e60d239f7d70d422883bb4f9212f6124742a68b253`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1d1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.09487`
Detected Filetype	PNG graphic file
MD5	`9a3ea4fc3821f4b35ab512fe156de5df`
SHA1	`7fe5efea95e344b46d89b258e0235728bb1bf530`
SHA256	`18fc0f58bc71965f32e49f236adc23ee32155a8d00c805838692a3f98cffb1f9`
SHA3	`5f1691754db788ca6254c0c5f5d9cc1040a04b87f4eba36956671e52e92f96c8`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x229`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.29607`
Detected Filetype	PNG graphic file
MD5	`defd3602a640726e1335484c2ee9c265`
SHA1	`04f31f314ace2e0410a2c90c24c0df5cbe0da589`
SHA256	`53f2680efff7f2fb903f30bf590e8fb8111053f382011deaed2f6f90607d0a5e`
SHA3	`14e47b005e52020fe7315308c909705be19e9ca3c1ba9b0b9362dea6f5d31121`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x26f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.36765`
Detected Filetype	PNG graphic file
MD5	`6db39e3193561f607a6020f15fe6c1bd`
SHA1	`efaa36a2d23a92a8b315c07c27166d17d238cd7c`
SHA256	`7e4f77e0f5362354999d079e0f27f864c2a277922ce727da05d837c136cc146f`
SHA3	`c8ba3cb2955e14184b52c97d767f8966a789cbd49b3ba0db387765673139a6a6`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x322`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.53731`
Detected Filetype	PNG graphic file
MD5	`990feace7c4409fae8e239931c5abd5a`
SHA1	`c75d568990b914bf6a5ff158cffea8ba8c9f9eae`
SHA256	`48f08d3608f503a2d816727054dd09d8f2f42f079592a63f1de366224ba3af30`
SHA3	`d0e2060b781480d3753759ddc5e8cd3cfad31326a1cfb9d9ebe9441c242e873a`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x3ab`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.58591`
Detected Filetype	PNG graphic file
MD5	`d3d22e825073cc221f9a9fc53896ec1d`
SHA1	`14dfa1ce4e91c635f6682c124ac93a9e8a511504`
SHA256	`66f975428676309833a756c08a8baa591a61e24256e6227b194d42ec660473c4`
SHA3	`90de716265e2556928e97c414c8f8aa79941235312646d9f1815adca8e7e7f4c`

8

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x413`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.61505`
Detected Filetype	PNG graphic file
MD5	`55610ca28a4fef948e52acb26c9f22d0`
SHA1	`9bf26e1e03ecfb149cbd9efe3e049a1dcb2f78cf`
SHA256	`74a5a43f25592d2ce093f28b4c0a459a7726f9dbec604832e69ee50805474baa`
SHA3	`cb49c8bde1f4b67fbbb8200af86afd0dacced6970074ddfb9a7a95ae3a0f0ff3`

9

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x26b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.29574`
Detected Filetype	PNG graphic file
MD5	`1ddb64d710c05dafe3256176d12bc3ad`
SHA1	`4ef7a3714d72ef572a887f10c1c10afbf3ea41ad`
SHA256	`b6fbf3ceb35024a07fd66ee0824d2cef959ab17a1b68200710f3b0c880f72f32`
SHA3	`84e3a33e368b978c0672d43045526b49746cc0f58c73538693b0d8ad8a28b41d`

10

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x19b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.00148`
Detected Filetype	PNG graphic file
MD5	`6a35ea83990a3d13af252a5022572494`
SHA1	`abcb7f00e1c673c07ffbc882e47826c208417c3b`
SHA256	`8d6d8a637a5f657b305fddd9d66596005909bf53d5ab3d518923b1c3dca7652f`
SHA3	`37c122057bc5cd9719683a37328a4b747a72312067bdc885d3f014ed3d2c0ff2`

11

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1d8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.15376`
Detected Filetype	PNG graphic file
MD5	`e79ede524fa56efc003e874587f63206`
SHA1	`3d4bf14637525979fa60130c418e63e139bf2cfd`
SHA256	`942cf5c52660c7a527c9517493b60b4f60eb71dcfca736f0f8e8185cb5be2d0f`
SHA3	`af2673688f8bdf64d70f49b42b633d23b09d39d9c5b3f3b81fe5aca4159094f8`

12

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x22a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.28867`
Detected Filetype	PNG graphic file
MD5	`47395a13bc1650a3d82734b132aec81e`
SHA1	`e7eb5c0c4a184ed4ada61fa26e5e9bcaf6b3eb73`
SHA256	`7cf0fd6c17edcc198c60512f8421b4c1fe2d9fd28c73c4f4488e8a3be7b0c438`
SHA3	`53b53782fb4ac322c95967c33a6c565bcfab3bdf4b50106ae9ceedeb6328a221`

13

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x252`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.39902`
Detected Filetype	PNG graphic file
MD5	`7b8f4b199f8d141a44c0ba54790fede1`
SHA1	`060d69286cc4333d983f87c131f50c8a954c038f`
SHA256	`47669513bb1877096089bb363dcaf8daf877274381e8f6f2e4fb9e89f4b83a44`
SHA3	`376dc5063489cbd158e8c1482086a28ff5f8eb454ba59339781c2ac82967d66a`

14

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x16e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.69583`
Detected Filetype	PNG graphic file
MD5	`fec1048117bb1e558e784c7ba3793e7e`
SHA1	`b0517af8129fa5e61b6d44695c5e544945b14ba3`
SHA256	`dc3085cae57efefe7ff1b589740823f72eed1f5d20e6f5958479d8472a31237d`
SHA3	`aa12c4a92f09e24a803709a698272b1a3e7ce7560c6b7b231d5cf142ff21d8a7`

15

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1b0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.08313`
Detected Filetype	PNG graphic file
MD5	`4f9a17a9976d74d6047bc6c067748fba`
SHA1	`cf0958a9a3bee216684a5b48543441f17c3ebf39`
SHA256	`625e6ebc94122061e7bae32a778e666694569aa95a37093481c7d8df404bcf8c`
SHA3	`fe8b139dd869747c178bf9753ab1bd6b1ec13659c1403849c545939488816daa`

16

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1ed`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.17673`
Detected Filetype	PNG graphic file
MD5	`fa817e56e99d52835450e687d18e9bfd`
SHA1	`c3270b47bc88387b649c71da1049ced23e736ec7`
SHA256	`41db533b488d82833c324b20c9ba4e0ad6b0ce88aea4d80b93db7d017f01242e`
SHA3	`800598656c8625bd3d6dac5b335d7ef1b22bc40865fd7843db8cd7987e45c730`

17

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x22a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.25042`
Detected Filetype	PNG graphic file
MD5	`0cbacd3ff15622acdbcd00098b6ffb5d`
SHA1	`a4a605284ac1eb1962de2d2ce897ed7da8dc780f`
SHA256	`8543aca233240bd4b3c2f4f9d334afb94498f17fab05f0d75604bc52d15c6d2c`
SHA3	`fb7bcde5ef21e7a9476be6bc735abbf0b51720a207a4d7d198e64afd1d046423`

18

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x203`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.17458`
Detected Filetype	PNG graphic file
MD5	`df3fd59104aeb107f6a2e14bbaa70767`
SHA1	`f5857de0e40c8f975772af21229657bbd0828cac`
SHA256	`0f294cc35adb7f211ba0a6df3883c4df3d1433ddecba1c55ddc2c12bdb12647d`
SHA3	`8e998c215a0c603479d97e4bbb0c8c282183580fe7b8c2fdf8d05f709ba9c092`

19

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x163`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.74336`
Detected Filetype	PNG graphic file
MD5	`03aa5938612807bbac00d4a8610a75c1`
SHA1	`0b4293a1d0b38e2efacbe6b349a024a8263ac144`
SHA256	`b027d29c6b1e9ec2576b1e84e116c4142c0a52c28106dbde21184ae4c018d554`
SHA3	`1666547579c26ea1e309e5500360e1a9080abc2869f1305ffb8e2c8eb6a5c27d`

20

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x19f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.00224`
Detected Filetype	PNG graphic file
MD5	`61fe63e8d5cef481e88d801dc7e951d1`
SHA1	`d2e78a03ef9a776c4cb78fa6506f2f366a0564dc`
SHA256	`8f9a3ea6252e894176a5b0c1fe743f00d7c27d659682d3be5ca68bee7962b60c`
SHA3	`8861dde39d4e41da9ea0c7f45964a8b871afbf225eb615904363aaef3b349ba9`

21

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1d6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.13641`
Detected Filetype	PNG graphic file
MD5	`ae372a3fd458088ab25f071dea4cfcab`
SHA1	`0a54b45783828f63cd68da4ccef124b6bbb05f87`
SHA256	`e1022f2f3acdbe70f624fbee8d99b9ced7d97f6761be5fda371e6b2c4ddfbad9`
SHA3	`5ac0fa63ff019b9387d8761801926187ba0d807dcd9d3889936b935b13865be3`

22

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x20f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.23266`
Detected Filetype	PNG graphic file
MD5	`1e1e54d4fd4eb384c5930bb0e97edfcf`
SHA1	`b6feddd1e0e9950c4a78fcc934a940a274e7a082`
SHA256	`cd65509518e02434177b8bb71aa67018fbdfd9f5141cfe9c7c02f85a56086c33`
SHA3	`cb7845a017c90c16fcd2f38e1a2e20d1d06a1d155753a0772f99809becff90cc`

23

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1f0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.06546`
Detected Filetype	PNG graphic file
MD5	`98c9044262916ccd7f52c38ca67a2640`
SHA1	`b352c3fcac7381e3d5f3b092159d4b6edbbe81e9`
SHA256	`27322b9ead450123f89ef52e2f8d9738d90b28d423278e9104d9b34d22972c2e`
SHA3	`5e83f91edede7e303529c40299e929ad260eeade4a30663e04f2fec5c7ca814f`

24

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.60719`
MD5	`7a7fd531976bf5d5962ce6bd512ec4f9`
SHA1	`5d6dc5099fdac2d02ef7e225e392710810518a79`
SHA256	`028ea5589efb612bc2129a09b3e3ce73ab811de0344e9ef58a4b85af5fb3ca40`
SHA3	`2ffc02d1ad8fc89d9a4deb38df4ca7ccc6b486507f0a66967ead0547c292ae75`

25

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.60406`
MD5	`71ba081b94218e8364dd2e4e8b804c51`
SHA1	`63096c0a4dff3b067b6e619e5e6a38c5ed5cc943`
SHA256	`8a5ac6abb43180226052148a21c3b919701cfdf797b43b39ba2611d5230d3e80`
SHA3	`7908406b9e7ea05d6a597e10b9801003dab62e73a24157dae82aea95d9362170`

26

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.72735`
MD5	`4452d334b20a4a74f1c614d62c75d35c`
SHA1	`1c8aed9c27ab287ba8687bdd973c1bdc1fab02fc`
SHA256	`2c1bb9b12fb5684a5c1b89aca9e3870e658e12fc1c0e5bca453b18c93518862c`
SHA3	`5462052da40668ec7849fabe1a011a1287b06dc0eba1e12194c8ec554337b2d9`

27

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.19142`
MD5	`83f6a1c8b60d451f6851d741522a4501`
SHA1	`5b237fb5cac5086ed9c4bf904c5afbdbb9f094f9`
SHA256	`4b7f70d81e67bec9132a9d008a81be3717e430f6422c07cc5e5edf6e10783cba`
SHA3	`d20d8555d489a977a0cc43274a2b8e386f8430f57685db0b093d4853585ff366`

211

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.37124`
MD5	`2cfd05e0e8346abd1be8b6933d0684ad`
SHA1	`898c4f11bceec1fb399cc9e0f305e09b9a2df803`
SHA256	`c0306fb5f7462e74df09e5e0627c01a238f291bbdc89c24c0ea1f46e7341ab5a`
SHA3	`8f3778cee4660e3c85805aa4bce2602547080ca7cfc425029bce1441a5af9a1f`

205

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xe0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.7949`
MD5	`4b54c50878e900edccf0410ee62936bd`
SHA1	`e611915c5346058db710121d89c444aa7b5e503a`
SHA256	`ffa9c8ef0bc17102bd0afd2d82569ec0c1d1bc9b960183c191f5753f5c105703`
SHA3	`2fbe970575523b53f36fb2d5f9deb2c512807889cc39c4fbc22b133603816d1d`

500

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x18e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.96639`
MD5	`9f5f60327489567e64edbfb198a3af09`
SHA1	`7f23eee010f21944b8f18862b59442084acc5a85`
SHA256	`02c3c93be0afd7f1c05327dbe650b6514b8e7c468733d7fe2c78c25b3aeccd5b`
SHA3	`962fb4749aed110e5d2979f1fedf223f4ca69c3d69e4c3a1d1fa74b96661cdc2`

212

Type	`RT_ACCELERATOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x48`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.96144`
MD5	`7fb94687aa0fe2b18873dba5ac59ab1d`
SHA1	`e19e8d6b0e33da063de27c83fa0bab4058513332`
SHA256	`86286a59831ad1d0d84eb411ae6fa236b21bca5d3ebfc93a59cf4b6bf1d466d0`
SHA3	`33011788d35d1127a1ee6fbdb975c0d4ef6b36d3896e0d27d3f75f0ff68e3aec`

1 (#2)

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x18e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.1429`
MD5	`aa4cffbd2df34d6c0d6be97bc302976d`
SHA1	`571e31806b5a973a317203f0c96a303c6e683e83`
SHA256	`357630868aa9e74ff9602920d68f4dbc49407889a7d8bfd98bf1056b4fd215fd`
SHA3	`a522615b751426ab68bd9087d84f8829872727adacf5e2f728d9a3fbbbb61c89`

159

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x76`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.97241`
Detected Filetype	Icon file
MD5	`9fb9077af1c4b1a2a5b5d0a142cd53fb`
SHA1	`243b6f0733c5d6eba208ca108238a76119490bbc`
SHA256	`48523ac82d2330704737c7acba2691a35e6255c2c8f44704a0f76dcbc7aa70f8`
SHA3	`90c62cc33ea186e7f4a9e7a13b4a57b600c10369d1f22c638aa17bd859a4e007`

160

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.70265`
Detected Filetype	Icon file
MD5	`d3dacebc43cc41c482c0c6132c72d710`
SHA1	`f2fec6996b3e117810db48a987dbc4540eae9cb9`
SHA256	`0f60c796453a424ba91f01710162395f52287aefd2dabfe9f6c3cb7ea90d6fed`
SHA3	`7c5586ffc59c3ec52f93aa2be4a1e98defd677d3808816842943a4d0b3880421`

206

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.79349`
Detected Filetype	Icon file
MD5	`56bc843c2228363318721c8e48f8089d`
SHA1	`8a40b1efe5f5663ebf177e5c12e0579027b2e95b`
SHA256	`2407a1db2e60b58687d2ab4f936205a80833cc1c29331896b678cea298b29b7e`
SHA3	`898f9dc95fc47db0ed3dfa6a043cbe0d780c82618b06f5d6b4fed958adb6c422`

207

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.7339`
Detected Filetype	Icon file
MD5	`917012b14a88fcc79a3a6017cce15ba4`
SHA1	`4286eba6df373db6b6ebf28a1f5c818a52a5b289`
SHA256	`0894c6ebf577910dbeafa70b6167b9d39b2e80a1965d96ff8dabfea8799d0f42`
SHA3	`a67e97a621b81afb024740542b060f885b5cd30e43ad329da5a69ac267712f14`

208

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.6985`
Detected Filetype	Icon file
MD5	`81690092de8afae80c3e61469a647a9d`
SHA1	`9a4a9e8c2fddf362318017d24c4e12389b56c750`
SHA256	`bbf948d6ecb3a0dc2af289573953839b9a09e04a1cf5b5708ffad5dd2c1e7bbb`
SHA3	`afd8389134ab6a3e196e05b3b0d65b03d078068de7ae789c8966ef2648ed3263`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x140`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.0786`
MD5	`b1571d2edcb34537683d31d82548e276`
SHA1	`89e3f66513187c2802c90126337128085bf32440`
SHA256	`4afaffaa33b74e671de40c1ad6e3a7075d07b3d63639841d59189de269940ed6`
SHA3	`981a210c7ac76b66380e218c476ed6b4f2eadeb98433c2ed5e9152a31357c6b9`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x519`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.34899`
MD5	`ae6cbabd61462b1c75647641e27471e0`
SHA1	`ab09ac1c8f01cae017456ea50d62dded0f2d8e0a`
SHA256	`1ac065102b08a083e659f8c0bc22d36e611e9a3fd59af54f3e24a5759ad27e5f`
SHA3	`cf59127e0acec85cabbe5259628d30a408de2609c40f939b05b633df13caee74`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2.0.19.0
ProductVersion	2.0.19.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
FileVersion (#2)	2.0.19
ProductVersion (#2)	2.0.19

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Jan-25 08:00:36
Version	`0.0`
SizeofData	`896`
AddressOfRawData	`0x11333c`
PointerToRawData	`0x11273c`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2025-Jan-25 08:00:36
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140121040`

RICH Header

XOR Key	`0xf62ea54d`
Unmarked objects	`0`
ASM objects (30795)	`23`
Unmarked objects (#2)	`1`
C++ objects (33218)	`46`
C objects (33218)	`19`
ASM objects (33218)	`17`
C objects (30795)	`25`
C++ objects (30795)	`156`
C objects (CVTCIL) (30795)	`1`
Imports (30795)	`33`
Total imports	`495`
ASM objects (33523)	`2`
C++ objects (LTCG) (33523)	`66`
Resource objects (33523)	`1`
Linker (33523)	`1`

Errors

Leave a comment

No comments yet.