Manalyze report for 0919ef19612612260edc9258e375ca63

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2010-Feb-14 06:46:07
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 8` `MSVC++ v.8 (procedure 1 recognized - h)`
Suspicious	PEiD Signature:	`FASM 1.5x` `FASM v1.5x`
Suspicious	The PE is possibly packed.	`Section .text is both writable and executable.` `Section .rsrc is both writable and executable.`
Malicious	The PE contains functions mostly used by malware.	`Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Can access the registry: RegCloseKey RegSetValueExW RegOpenKeyExW` `Possibly launches other programs: ShellExecuteW` `Uses functions commonly found in keyloggers: GetAsyncKeyState MapVirtualKeyW` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Enumerates local disk drives: GetDriveTypeW` `Manipulates other processes: Process32FirstW OpenProcess Process32NextW` `Changes object ACLs: SetKernelObjectSecurity`
Suspicious	The PE is possibly a dropper.	`Resources amount for 87.0746% of the executable.`
Suspicious	The file contains overlay data.	`1 bytes of data starting at offset 0x49206.`
Malicious	VirusTotal score: 64/72 (Scanned on 2023-11-06 12:47:52)	`ALYac: Win32.Worm.Autorun.VN` `APEX: Malicious` `AVG: Win32:AutoRun-BPH [Wrm]` `AhnLab-V3: Trojan/Win32.Cosmu.R1380` `Alibaba: Malware:Win32/km_24901.None` `Antiy-AVL: Trojan/Win32.Unknown` `Arcabit: Win32.Worm.Autorun.VN` `Avast: Win32:AutoRun-BPH [Wrm]` `Avira: WORM/Autorun.hfp` `Baidu: Win32.Worm.Agent.as` `BitDefender: Win32.Worm.Autorun.VN` `BitDefenderTheta: Gen:NN.ZexaF.36792.sqX@a0CZ48ni` `Bkav: W32.AIDetectMalware` `CAT-QuickHeal: Worm.Autorun.WT` `ClamAV: Win.Trojan.VB-73727` `CrowdStrike: win/malicious_confidence_100% (W)` `Cybereason: malicious.4b9288` `Cylance: unsafe` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `DrWeb: Trojan.MulDrop6.39712` `ESET-NOD32: Win32/AutoRun.Agent.VS` `Elastic: malicious (high confidence)` `Emsisoft: Win32.Worm.Autorun.VN (B)` `F-Secure: Worm.WORM/Autorun.hfp` `FireEye: Generic.mg.0919ef1961261226` `Fortinet: W32/AutoRun.GP!worm` `GData: Win32.Worm.Autorun.VN` `Google: Detected` `Gridinsoft: Virus.Win32.Ramnit.rc!i` `Ikarus: Worm.Win32.AutoRun` `Jiangmin: Worm/AutoRun.uuv` `K7AntiVirus: EmailWorm ( 0017c39f1 )` `K7GW: EmailWorm ( 0017c39f1 )` `Kaspersky: Worm.Win32.AutoRun.hfp` `Lionic: Trojan.Win32.Generic.lrbN` `MAX: malware (ai score=100)` `Malwarebytes: Generic.Malware.AI.DDS` `MaxSecure: Worm.W32.AutoRun.hfp` `McAfee: W32/Autorun.worm.aaav` `MicroWorld-eScan: Win32.Worm.Autorun.VN` `Microsoft: Worm:Win32/Wecykler.A` `NANO-Antivirus: Trojan.Win32.Autoruner1.csgwlt` `Panda: Trj/Hexas.HEU` `Rising: Worm.Win32.Fednu.k (CLASSIC)` `SUPERAntiSpyware: Trojan.Agent/Gen-WinAlert` `Sangfor: Trojan.Win32.Save.a` `SentinelOne: Static AI - Malicious PE` `Skyhigh: BehavesLike.Win32.Generic.dz` `Sophos: W32/Autorun-BDV` `Symantec: W32.SillyFDC` `Tencent: Worm.Win32.Autorun.afe` `TrendMicro: WORM_OTORUN.SMXY` `TrendMicro-HouseCall: WORM_OTORUN.SMXY` `VBA32: Worm.AutoRun.Silly` `VIPRE: Win32.Worm.Autorun.VN` `Varist: W32/Risk.DYPU-6082` `ViRobot: Worm.Win32.AutoRun.364544.A` `VirIT: Worm.Win32.Generic.BDKN` `Webroot: W32.Autorun.Gen` `Xcitium: TrojWare.Win32.Autorun.KVS@4uwbxy` `Zillya: Worm.Autorun.Win32.81673` `ZoneAlarm: Worm.Win32.AutoRun.hfp` `Zoner: Trojan.Win32.14005`

Hashes

MD5	`0919ef19612612260edc9258e375ca63`
SHA1	`3ccec094b9288a1e8f6001b73e4d36236bb1e089`
SHA256	`2dde178aff9b650f5d7b1da3cb3254beee00aaada8fc6036fd3b5148cec1adf4`
SHA3	`89a904fe2787e45bc97f1a0dc24481e11eacc9231e96cd1c43c28973715f59b3`
SSDeep	`1536:MCPfFNz9GSGtGSGJAGOGlGln+VD4QVgd54vXQVgd54vy:5tNZGSGtGSGOGOGlGln+VD4L7aL7r`
Imports Hash	`141f2ce2f817f3ef05b46973f0173651`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2010-Feb-14 06:46:07
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x5000`
SizeOfInitializedData	`0x44000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00005581 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x6000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x4a000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`ce486fd0868044c595efd0e0235f5a4f`
SHA1	`e50c4577dfe8e33f0dd51119bb853d5db2b43c6d`
SHA256	`c65b6bac24fc5ceea395807c8eaad120b4178c11b2c3a4a1b569359754169ecd`
SHA3	`2d723923aba8646cc673db26a120575d3a3ec2a3debf7efd9494bb1d0def5986`
VirtualSize	`0x4a59`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.03341`

.rdata

MD5	`e2a868ff77f7fa818bb6b83b30b7639f`
SHA1	`bbbbd45fc73ff96163604789eac35cdc42a4a3f3`
SHA256	`087756952a71829be3c0f15ec0d2fc67b8f72f973d2f0fc5d8bd212b51d64aad`
SHA3	`935daa994bfda274afdb1082d835b7f2119fb784a783d5e47da7626968b10ef5`
VirtualSize	`0x1ec4`
VirtualAddress	`0x6000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x6000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.38733`

.data

MD5	`ac57b9da0c5bc7055450a58c9f96dbb6`
SHA1	`b5c9c801cd2ed8f8b085e72f9516adceb1242c41`
SHA256	`9e26664be38c9a68880d49200eb89b665b0c5b3be30e38b929c70d3d39a946b1`
SHA3	`0317fc6a5a74536c02a4212c8a012ac557ca21875c90e2db10267624bccd34b4`
VirtualSize	`0x6d8`
VirtualAddress	`0x8000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x8000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.990294`

.rsrc

MD5	`c415c47c578bb6be57ae1947713ac354`
SHA1	`16d8995eb85eaac1f89d3a71b6d843c2c8dc9d45`
SHA256	`adb9e2509d693a0e4ad18338c39cd90d2c8f0c99dbb7e3f98e88a08110d5d2b4`
SHA3	`86c522bbdd8e7748ee563dce7087f7f9d748242599ce8e387d84005be7553356`
VirtualSize	`0x40206`
VirtualAddress	`0x9000`
SizeOfRawData	`0x40206`
PointerToRawData	`0x9000`
PointerToRelocations	`0`
PointerToLineNumbers	`0x18`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.52366`

Imports

KERNEL32.dll	`MapViewOfFile` `VirtualQuery` `UnmapViewOfFile` `GetLastError` `SetFileAttributesW` `DeleteFileW` `WriteFile` `CreateDirectoryW` `CopyFileW` `GetCurrentProcess` `GetSystemDirectoryW` `FindFirstVolumeW` `GetVolumePathNamesForVolumeNameW` `GetDriveTypeW` `FindNextVolumeW` `FindVolumeClose` `Sleep` `SetPriorityClass` `SetErrorMode` `CreateMutexW` `WaitForSingleObject` `CreateThread` `CreateFileMappingW` `GetComputerNameW` `GetSystemTime` `CreateToolhelp32Snapshot` `Process32FirstW` `OpenProcess` `TerminateProcess` `Process32NextW` `Module32FirstW` `ReleaseMutex` `GlobalAlloc` `FindFirstFileW` `FindNextFileW` `GetFileAttributesW` `ExitProcess` `GetSystemTimeAsFileTime` `GetCurrentProcessId` `GetCurrentThreadId` `GetTickCount` `QueryPerformanceCounter` `IsDebuggerPresent` `SetUnhandledExceptionFilter` `CloseHandle` `HeapFree` `GetFileSize` `HeapCreate` `CreateFileW` `GetModuleFileNameW` `ReadFile` `SetFilePointer` `HeapAlloc` `ResumeThread` `UnhandledExceptionFilter` `GetStartupInfoW` `InterlockedCompareExchange` `InterlockedExchange`
USER32.dll	`GetKeyState` `GetKeyNameTextW` `CharLowerW` `GetAsyncKeyState` `MapVirtualKeyW`
ADVAPI32.dll	`ConvertStringSecurityDescriptorToSecurityDescriptorW` `RegCloseKey` `RegSetValueExW` `RegOpenKeyExW` `LookupPrivilegeValueW` `SetKernelObjectSecurity` `AdjustTokenPrivileges` `OpenProcessToken`
SHELL32.dll	`ShellExecuteW`
MSVCR80.dll	`__p__fmode` `wcscpy_s` `wcscat_s` `_vsnwprintf_s` `rand_s` `_wfopen` `perror` `fwprintf` `fflush` `_wcsicmp` `malloc` `free` `_amsg_exit` `__wgetmainargs` `_cexit` `_exit` `_XcptFilter` `exit` `_wcmdln` `_initterm` `_initterm_e` `_configthreadlocale` `__setusermatherr` `_adjust_fdiv` `__p__commode` `memset` `_encode_pointer` `__set_app_type` `_crt_debugger_hook` `_unlock` `__dllonexit` `_lock` `_onexit` `_decode_pointer` `_except_handler4_common` `_invoke_watson` `_controlfp_s`

Delayed Imports

129

Type	`H`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x18f7a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`c6da0269dfc74b752792231245db41b5`
SHA1	`fb791c397a28a7ec378d7d7cfc52dc17bb6606e3`
SHA256	`7538f64f9fc75ca3cbdaee08dc5c0500fb49b5b24569174c237e930289ce30ba`
SHA3	`51bed80226442d7a1dd997d332a835229d29ec1638cfee122d013fb99c2d9200`

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.7552`
MD5	`b40f3850d65c294635fb7659231e235d`
SHA1	`2c495a9e77228f19fef41746c85370b16d416ab0`
SHA256	`0f943fabdeb1c8cd7f7baef1e4d829ce14c0dda554f9bd2ddab37bc49fc24b4b`
SHA3	`81cfac9eac6e4f2a6f2bfa13b8f5866f05efd4de93dbd3cb59a49f3ea048a9a2`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.07781`
MD5	`1e738f21047a83a0aae9d911914f6343`
SHA1	`c8df9cbfb9e34fb1503178f3f6351b75b6bca56d`
SHA256	`b26f4cf1284200f1f93ee013b84e619d5681b24465ae234dcc2bf7d40200d655`
SHA3	`e14a17c9adebfd8912731859035f292ba42c6adc402d86c3a5c73f0df57702f9`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.31077`
MD5	`bdade9c9e6e62a205a185c86a3bcf424`
SHA1	`661ea52b96bda10bfe23636e8f8f7841d8b9638b`
SHA256	`858121b7bfeb21243476b839ea53b35a2c52fa9700851bc8ebe59ed526a712a9`
SHA3	`c36aa77db59dde87deff46160efffea7d459ca4a12dd9c028ba330df0c18b133`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.84352`
MD5	`d8ce71b0f9a7e4d452cd57672dc37bb7`
SHA1	`9b613f0cd5368b76d11f44d0e4f58a4769822d11`
SHA256	`77629cc5a79bc3f879d535e1d20f36af063eb2b862fdfd3a5fb6572d6ffa19c8`
SHA3	`df1c645b41370a9c66ee29637afd28e2447840bca958e8a856425c6ccd49b366`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.91649`
MD5	`e275e8778d820c47ab4276fb9153b509`
SHA1	`7403f7065e951d89b8cc718702382c06337891cb`
SHA256	`9c9c0f95384ae4f05f21c8cbaf6c39dd1093c771b0b756aa21db4d9acc619f62`
SHA3	`b0b39327c38f74938c7e731c959303aaf3ec0154ba3f690bd7009d86f4d25041`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x6c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.98653`
MD5	`361c9c3e652ec0903dad02d6edbab19f`
SHA1	`7dbcefa59aee67bf919da26cb07b7970540dd4f0`
SHA256	`d8af52fa15c2a2b07debaacccadcdbf3b457897ed8b60d07069341f045db79eb`
SHA3	`75c0756898de5542fa011699a03616e3647d08170784b214142392aa55ce78b4`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.84672`
MD5	`0807988d247c0de82fd74143c75df657`
SHA1	`23dd177890094ff88cb1847ef33d0409e5a70922`
SHA256	`62f901fe1e07ea44ba5aaf102116061ab8c206828dffd2e2d33a4bfa86656a1c`
SHA3	`5a8d2cf3e125aa7ca7a78b5a410995c7da6da482595dccc5bb448332c2665708`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.313`
MD5	`ab44cba7fc88c86cae78d18616ba83e6`
SHA1	`0f7bf25373043eb8f4529a223f68a939c6885ad9`
SHA256	`b37db3fcf779b568b2d44edac50af9b7d1e8aa5d32e82e38283a002894d1b705`
SHA3	`727a9f9c53e066d127696dae3ddd3b2db3a106042854afcc13825c369865bcdf`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.78865`
MD5	`7e8ed20b06ec05773b6a9b43860375f4`
SHA1	`f7af8fab0f3b6fededbaf234e79fd3197e6719ae`
SHA256	`a85b9e2eae5f2475ad4c2a23e83f91390f8053bdc56c83cd6b621908f6e8e738`
SHA3	`a1de10f4f4e6f4281ce9abc27a33b60e79140886fa5820d2cf9c2d54b86ceece`

10

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.9998`
MD5	`ab18205aa448ea37f42d29fd693bb1ae`
SHA1	`eb5c5e48372d6a06ff4dad4e991a7acde6d60663`
SHA256	`6763e2219bb9efbc5ae8b775d27edd35e59b96a54ceee096ecc4ae79a0abeff2`
SHA3	`b2d4b7736740b03080e5d66cb81608206c22d82fcca54d0a6318210d2c2180b2`

11

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.93119`
MD5	`e8f7620c5428108ed857933621be0178`
SHA1	`5b57998560f7c559211db7f317d7dfa658630668`
SHA256	`3b4cb11b67b625810f82506b2623c4b6f353937b9ecc8bed86d67b399521e942`
SHA3	`97f638c947db1e8b0aa8f54c5bc03f4625c46d54e8da24b33137559b7778f68c`

12

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2ca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.29182`
MD5	`8bb85c191887b9af25ea3396d84e209b`
SHA1	`9734cc27fc97d55f2134e935a3613cb006e99802`
SHA256	`7595599a03bc5c1a45f8ef8c8c704e7569ca5ed67a9f6ec220010da24941aac8`
SHA3	`e91b2651749e24156cedd905c24ed9879cc6c54b982e17262f45e737d2279e08`

13

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.23532`
MD5	`593b7f1e40ed9816a2f3eda589e662ae`
SHA1	`7d33590c1dbc9877a8a05ed45ec5fdcef7c3dd9f`
SHA256	`205e17734054a729c869d7758632dd40e37a7384e927b0f809da59152d056772`
SHA3	`976eae0bfa436b250fd9b78294f02b7004dd1e5676b79ac8abfa60b3a4ef87f6`

14

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.7552`
MD5	`b40f3850d65c294635fb7659231e235d`
SHA1	`2c495a9e77228f19fef41746c85370b16d416ab0`
SHA256	`0f943fabdeb1c8cd7f7baef1e4d829ce14c0dda554f9bd2ddab37bc49fc24b4b`
SHA3	`81cfac9eac6e4f2a6f2bfa13b8f5866f05efd4de93dbd3cb59a49f3ea048a9a2`

15

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.07781`
MD5	`1e738f21047a83a0aae9d911914f6343`
SHA1	`c8df9cbfb9e34fb1503178f3f6351b75b6bca56d`
SHA256	`b26f4cf1284200f1f93ee013b84e619d5681b24465ae234dcc2bf7d40200d655`
SHA3	`e14a17c9adebfd8912731859035f292ba42c6adc402d86c3a5c73f0df57702f9`

16

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.31077`
MD5	`bdade9c9e6e62a205a185c86a3bcf424`
SHA1	`661ea52b96bda10bfe23636e8f8f7841d8b9638b`
SHA256	`858121b7bfeb21243476b839ea53b35a2c52fa9700851bc8ebe59ed526a712a9`
SHA3	`c36aa77db59dde87deff46160efffea7d459ca4a12dd9c028ba330df0c18b133`

17

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.84352`
MD5	`d8ce71b0f9a7e4d452cd57672dc37bb7`
SHA1	`9b613f0cd5368b76d11f44d0e4f58a4769822d11`
SHA256	`77629cc5a79bc3f879d535e1d20f36af063eb2b862fdfd3a5fb6572d6ffa19c8`
SHA3	`df1c645b41370a9c66ee29637afd28e2447840bca958e8a856425c6ccd49b366`

18

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.91649`
MD5	`e275e8778d820c47ab4276fb9153b509`
SHA1	`7403f7065e951d89b8cc718702382c06337891cb`
SHA256	`9c9c0f95384ae4f05f21c8cbaf6c39dd1093c771b0b756aa21db4d9acc619f62`
SHA3	`b0b39327c38f74938c7e731c959303aaf3ec0154ba3f690bd7009d86f4d25041`

19

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x6c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.98653`
MD5	`361c9c3e652ec0903dad02d6edbab19f`
SHA1	`7dbcefa59aee67bf919da26cb07b7970540dd4f0`
SHA256	`d8af52fa15c2a2b07debaacccadcdbf3b457897ed8b60d07069341f045db79eb`
SHA3	`75c0756898de5542fa011699a03616e3647d08170784b214142392aa55ce78b4`

20

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.84672`
MD5	`0807988d247c0de82fd74143c75df657`
SHA1	`23dd177890094ff88cb1847ef33d0409e5a70922`
SHA256	`62f901fe1e07ea44ba5aaf102116061ab8c206828dffd2e2d33a4bfa86656a1c`
SHA3	`5a8d2cf3e125aa7ca7a78b5a410995c7da6da482595dccc5bb448332c2665708`

21

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.313`
MD5	`ab44cba7fc88c86cae78d18616ba83e6`
SHA1	`0f7bf25373043eb8f4529a223f68a939c6885ad9`
SHA256	`b37db3fcf779b568b2d44edac50af9b7d1e8aa5d32e82e38283a002894d1b705`
SHA3	`727a9f9c53e066d127696dae3ddd3b2db3a106042854afcc13825c369865bcdf`

22

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.78865`
MD5	`7e8ed20b06ec05773b6a9b43860375f4`
SHA1	`f7af8fab0f3b6fededbaf234e79fd3197e6719ae`
SHA256	`a85b9e2eae5f2475ad4c2a23e83f91390f8053bdc56c83cd6b621908f6e8e738`
SHA3	`a1de10f4f4e6f4281ce9abc27a33b60e79140886fa5820d2cf9c2d54b86ceece`

23

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.9998`
MD5	`ab18205aa448ea37f42d29fd693bb1ae`
SHA1	`eb5c5e48372d6a06ff4dad4e991a7acde6d60663`
SHA256	`6763e2219bb9efbc5ae8b775d27edd35e59b96a54ceee096ecc4ae79a0abeff2`
SHA3	`b2d4b7736740b03080e5d66cb81608206c22d82fcca54d0a6318210d2c2180b2`

24

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.93119`
MD5	`e8f7620c5428108ed857933621be0178`
SHA1	`5b57998560f7c559211db7f317d7dfa658630668`
SHA256	`3b4cb11b67b625810f82506b2623c4b6f353937b9ecc8bed86d67b399521e942`
SHA3	`97f638c947db1e8b0aa8f54c5bc03f4625c46d54e8da24b33137559b7778f68c`

25

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2ca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.29182`
MD5	`8bb85c191887b9af25ea3396d84e209b`
SHA1	`9734cc27fc97d55f2134e935a3613cb006e99802`
SHA256	`7595599a03bc5c1a45f8ef8c8c704e7569ca5ed67a9f6ec220010da24941aac8`
SHA3	`e91b2651749e24156cedd905c24ed9879cc6c54b982e17262f45e737d2279e08`

26

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.23532`
MD5	`593b7f1e40ed9816a2f3eda589e662ae`
SHA1	`7d33590c1dbc9877a8a05ed45ec5fdcef7c3dd9f`
SHA256	`205e17734054a729c869d7758632dd40e37a7384e927b0f809da59152d056772`
SHA3	`976eae0bfa436b250fd9b78294f02b7004dd1e5676b79ac8abfa60b3a4ef87f6`

109

Type	`RT_MENU`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x4a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.71163`
MD5	`2886ccd7dc1bd6dec8413a00b53046a0`
SHA1	`a09dea8ae745541a9d191d42d68510db8f648b5d`
SHA256	`a29831e4a3fac395e2aa86df5a0906ed2beebda018745be869477d636148f7af`
SHA3	`fc89873b946c12a8b176b7eff05b2c4445b56a96c045e40e9d49ecc09a4d0fcb`

103

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.35447`
MD5	`3fe7a58a01cb835cb783567c94dd9934`
SHA1	`68a2aa97ecb22a250d0d89b0734e590036af6b44`
SHA256	`625e8d3919714c2f67638ec860886afcee215d7aed71cbda05fd58b3221f6c6a`
SHA3	`7489b45ad246c85d33582cdf1ccc2b439ebf1776eb06a658547a4e167f940e0a`

7 (#2)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x34`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.56819`
MD5	`18ae74ccc8172c34279ea700622b37b5`
SHA1	`63483801e2adc0af99793dde127895640675f3d1`
SHA256	`5b723c481d83bce30724b05ab4548bdef1bc722578f5d0b3ea49db69f362d8e4`
SHA3	`edccb66f8c236a4754185a910870670235dc8c86650b31416e8f3ce467af0519`

109 (#2)

Type	`RT_ACCELERATOR`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.79879`
MD5	`3d2b1af3424dbcd504f73918619c7d99`
SHA1	`10d6ed54ea742211a14a05414883f6c00c03080a`
SHA256	`c2f0c188d6c493d7827bf83fb89c704815796445a0178bb2ae79658d96703a3c`
SHA3	`b8c5f28d2c132e5bc304e4dc1b314a3f32a2e48675c06828a2a8a014ea05e7fb`

107

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xbc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.13315`
Detected Filetype	Icon file
MD5	`2cb1ec8f1e508f9e27a841e166f69078`
SHA1	`57a132cacb3d7d30d5821ae9e30b845768ad5d22`
SHA256	`26a49c6171bf0919eecfe14d1adb733e4babbf6121ab5ab5cb3e7689929732f0`
SHA3	`6f2552e76f4a00b883ee7f050c5bd1890b6a4a58566509286a5f67e3f647c682`

108

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xbc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.20474`
Detected Filetype	Icon file
MD5	`ecca970c3c1c96e964d818fc1b90e6aa`
SHA1	`c18fa09132d8310dde479c1ccbd950f40b234ce3`
SHA256	`c6fcdfcdcccdc818a89234afe224b4ab41394684d985c5a46fa36824ba0fe526`
SHA3	`d8d5330293a1abff326d8c1e31b99fe8f776a1fe59e3e41b79ba176a213b6b12`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x152`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.05186`
MD5	`5bd48b8396ec876db87094c2a6a9cf13`
SHA1	`44a2adf25d872f37e40cca666de08ef3c11d835b`
SHA256	`3a3b2e9611f01c45710cf197c7820e76a756cceabbfad67c272dc9e807d594fd`
SHA3	`f9598fbab5abc1d57fa8e93c5b86552aeb27d248cc4d3320ddcbb9798c670bd8`

String Table contents

vsafe
VSAFE

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xdb79d4fd`
Unmarked objects	`0`
Imports (VS2012 build 50727 / VS2005 build 50727)	`2`
C++ objects (VS2012 build 50727 / VS2005 build 50727)	`1`
ASM objects (VS2012 build 50727 / VS2005 build 50727)	`1`
C objects (VS2012 build 50727 / VS2005 build 50727)	`20`
C objects (VS2003 (.NET) build 4035)	`1`
Imports (VS2003 (.NET) build 4035)	`11`
Total imports	`115`
114 (VS2012 build 50727 / VS2005 build 50727)	`2`
Resource objects (VS2012 build 50727 / VS2005 build 50727)	`1`
Linker (VS2012 build 50727 / VS2005 build 50727)	`1`

0919ef19612612260edc9258e375ca63

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

Imports

Delayed Imports

129

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

109

103

7 (#2)

109 (#2)

107

108

1 (#2)

String Table contents

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors