0b03d290bb6fb6519648c25278c1cd41

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2023-Feb-15 14:54:16
Detected languages English - United States
Comments This installation was built with Inno Setup.
CompanyName Sky-Watcher <app@skywatchertelescope.net>
FileDescription ASCOM Telescope driver for SynScan App Setup
FileVersion 1.0.0
LegalCopyright
OriginalFileName
ProductName ASCOM Telescope driver for SynScan App
ProductVersion 1.3.1

Plugin Output

Info Interesting strings found in the binary: Contains domain names:
  • https://jrsoftware.org
  • jrsoftware.org
  • skywatchertelescope.net
Suspicious The PE is possibly packed. Unusual section name found: .itext
Unusual section name found: .didata
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • LoadLibraryExW
  • GetProcAddress
  • LoadLibraryW
Functions which can be used for anti-debugging purposes:
  • SwitchToThread
Can access the registry:
  • RegQueryValueExW
  • RegCloseKey
  • RegOpenKeyExW
Possibly launches other programs:
  • CreateProcessW
Memory manipulation functions often used by packers:
  • VirtualProtect
  • VirtualAlloc
Functions related to the privilege level:
  • AdjustTokenPrivileges
  • OpenProcessToken
Queries user information on remote machines:
  • NetWkstaGetInfo
Can shut the system down or lock the screen:
  • ExitWindowsEx
Info The PE's resources present abnormal characteristics. The binary may have been compiled on a machine in the UTC+1 timezone.
Suspicious The file contains overlay data. 1047907 bytes of data starting at offset 0xcb400.
Malicious VirusTotal score: 3/71 (Scanned on 2023-05-25 05:58:34) Cynet: Malicious (score: 100)
McAfee-GW-Edition: BehavesLike.Win32.Trojan.tc
MaxSecure: Trojan.Malware.300983.susgen

Hashes

MD5 0b03d290bb6fb6519648c25278c1cd41
SHA1 9cd77b524ae9b7df98a97b7247013830343b7b91
SHA256 3c43a0fe390c3d2bb87890dd2fc6f342fc6d08bb59d1579fd76431c342c75e42
SHA3 a63b15ebfbff44c82f1e1253f08642b34485d90f4182c1e4e71ac7a521ee3f07
SSDeep 24576:s7FUDowAyrTVE3U5F/XvY6o9bKic6QL3E2vVsjECUAQT45deRV9RF:sBuZrEUzRo9bKIy029s4C1eH9z
Imports Hash fdee3b3ee79abb17ecbd4ec56b850c57

DOS Header

e_magic MZ
e_cblp 0x50
e_cp 0x2
e_crlc 0
e_cparhdr 0x4
e_minalloc 0xf
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0x1a
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 10
TimeDateStamp 2023-Feb-15 14:54:16
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0xb5200
SizeOfInitializedData 0x15e00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000B5EEC (Section: .itext)
BaseOfCode 0x1000
BaseOfData 0xb7000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.1
ImageVersion 6.0
SubsystemVersion 6.1
Win32VersionValue 0
SizeOfImage 0xd8000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x4000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 43af0a9476ca224d8e8461f1e22c94da
SHA1 343a0e7ec6c87dae257270b90b9988a3ff95a078
SHA256 a933eb68996d3f040a1fd1b96644bc5ecb4cf24db4dbf6a183c3bdf58cb970da
SHA3 4956636187217f5ab0bfacdc669a09eb1b32ca43e880e21a9a8b4485c76f638b
VirtualSize 0xb39e4
VirtualAddress 0x1000
SizeOfRawData 0xb3a00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.35764

.itext

MD5 185e04b9a1f554e31f7f848515dc890c
SHA1 171aebbe52333ffd36593522a712b96644b565e5
SHA256 f2300e07e9ec20796b49419889cf04e55373c6ea8882ebfc9e5b98293abf1f39
SHA3 a06644cc8a8b31ea9e64a6b397b580b922b0164df58ac18c0d844f1cb3f3a138
VirtualSize 0x1688
VirtualAddress 0xb5000
SizeOfRawData 0x1800
PointerToRawData 0xb3e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.97143

.data

MD5 cab2107c933b696aa5cf0cc6c3fd3980
SHA1 7a25edc4b9ed265b2ce19bbb507bad1985c6793e
SHA256 6989cae1abfc0b88395ba1b4bcba6666e761ebf84f60e307398aa3b1167f4391
SHA3 97e513aa29faa87a694f0eaed6c3eb70745d959d80266aa9dfb257240fea1c0e
VirtualSize 0x37a4
VirtualAddress 0xb7000
SizeOfRawData 0x3800
PointerToRawData 0xb5600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.04865

.bss

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x6de8
VirtualAddress 0xbb000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata

MD5 e7d1635e2624b124cfdce6c360ac21cd
SHA1 b7d043cca31864ef4b86887de77ebb3db089c2bd
SHA256 0fb442dbff26887e09155bb592264ecd1c79eb990c6f5f9fb19dfb5c06d013af
SHA3 febefe199e39e017a02fcaf2f07cbba1193d24bcd6a7ee89fc3043d716a527f4
VirtualSize 0xfdc
VirtualAddress 0xc2000
SizeOfRawData 0x1000
PointerToRawData 0xb8e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.02909

.didata

MD5 8ced971d8a7705c98b173e255d8c9aa7
SHA1 fc7a6c0a1f7068ea13be23c825b3ea7a9f3ea676
SHA256 69e13a7ca25a6aa8673b450efedcd45cd767524b6a7b0e73b41ce4ca0b60dab1
SHA3 a5bb9c6245d3a3b721b06f8e557e005524671c891c2546b064ca54f28b919565
VirtualSize 0x1a4
VirtualAddress 0xc3000
SizeOfRawData 0x200
PointerToRawData 0xb9e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.75098

.edata

MD5 8d4e1e508031afe235bf121c80fd7d5f
SHA1 f602c8394c4325ebe7c172a76ee1b74fa463888b
SHA256 1cf7e5628c2f379389b92c6d152f31340f59f5a7fa1962a4e21f463a9a43c4cd
SHA3 ea4abc307e8c9faf299edd25c2a6a3ab7a52e483834ccee85205392cf0728ef0
VirtualSize 0x9a
VirtualAddress 0xc4000
SizeOfRawData 0x200
PointerToRawData 0xba000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.87716

.tls

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x18
VirtualAddress 0xc5000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata

MD5 8f2f090acd9622c88a6a852e72f94e96
SHA1 735078338d2c5f1b3f162ce296611076a9ddcf02
SHA256 61da25d2beb88b55ef629fab530d506a37b56cfabfa95916c6c5091595d936e4
SHA3 4262d6da74e50fbc7d6e60433db7c15d7d5e5687da986212f46c20e57086ed57
VirtualSize 0x5d
VirtualAddress 0xc6000
SizeOfRawData 0x200
PointerToRawData 0xba200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.38389

.rsrc

MD5 683805187b8e6e5df56ccfd6fd5b928b
SHA1 ff956f144aa1c68149f8bd421107eec26aed3e93
SHA256 f1c662e6053f0eadd142a1d0dbf8a9093bdee69d2597d919359b07121db6f104
SHA3 93357802ad45bf6456ca3f906b1a94d01e10aa9d08ca5178ef99595d16c8b07b
VirtualSize 0x11000
VirtualAddress 0xc7000
SizeOfRawData 0x11000
PointerToRawData 0xba400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.6969

Imports

kernel32.dll GetACP
GetExitCodeProcess
LocalFree
CloseHandle
SizeofResource
VirtualProtect
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
CreateThread
CompareStringW
LoadLibraryA
ResetEvent
GetVersion
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetSystemWindowsDirectoryW
GetThreadPriority
SetThreadPriority
GetCurrentProcess
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetSystemDirectoryW
DeleteFileW
GetLocalTime
GetEnvironmentVariableW
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetUserDefaultLangID
RemoveDirectoryW
CreateEventW
SetThreadLocale
GetThreadLocale
comctl32.dll InitCommonControls
version.dll GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
user32.dll CreateWindowExW
TranslateMessage
CharLowerBuffW
CallWindowProcW
CharUpperW
PeekMessageW
GetSystemMetrics
SetWindowLongW
MessageBoxW
DestroyWindow
CharUpperBuffW
CharNextW
MsgWaitForMultipleObjects
LoadStringW
ExitWindowsEx
DispatchMessageW
oleaut32.dll SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
VariantChangeType
SafeArrayCreate
netapi32.dll NetWkstaGetInfo
NetApiBufferFree
advapi32.dll ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW
AdjustTokenPrivileges
GetTokenInformation
ConvertSidToStringSidW
LookupPrivilegeValueW
RegCloseKey
OpenProcessToken
RegOpenKeyExW
kernel32.dll (delay-loaded) GetACP
GetExitCodeProcess
LocalFree
CloseHandle
SizeofResource
VirtualProtect
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
CreateThread
CompareStringW
LoadLibraryA
ResetEvent
GetVersion
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetSystemWindowsDirectoryW
GetThreadPriority
SetThreadPriority
GetCurrentProcess
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetSystemDirectoryW
DeleteFileW
GetLocalTime
GetEnvironmentVariableW
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetUserDefaultLangID
RemoveDirectoryW
CreateEventW
SetThreadLocale
GetThreadLocale

Delayed Imports

Attributes 0x1
Name kernel32.dll
ModuleHandle 0xc3080
DelayImportAddressTable 0xc3090
DelayImportNameTable 0xc30b4
BoundDelayImportTable 0xc30d8
UnloadDelayImportTable 0xc30f0
TimeStamp 1970-Jan-01 00:00:00

dbkFCallWrapperAddr

Ordinal 1
Address 0xbe63c

__dbk_fcall_wrapper

Ordinal 2
Address 0xd0a0

TMethodImplementationIntercept

Ordinal 3
Address 0x541a8

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0xa68
TimeDateStamp 2023-Feb-15 15:54:18
Entropy 1.74641
MD5 2073a3bce01223d897c6e67e18e677e7
SHA1 f12d3ad97307acd4b6283883ff2535a1162b847f
SHA256 dadedca04ae6f15e735054a8844a0bb8c303e28e6a20a7b54393218ac9dac901
SHA3 e46bdf2c29fbea8826e7fbe4a23b787838298a2c57522375d89b84e0dadafb64

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x668
TimeDateStamp 2023-Feb-15 15:54:18
Entropy 1.98658
MD5 54aab9687517924a6f0872d3db85eefa
SHA1 62922bb6f27fbb4249513a00d0249079706901df
SHA256 49e1fd7235582a5fcda21ad7019a28f07be0bf5758e58ce433622ad2c186890f
SHA3 f088eafbfb352a9b54edad9f0b94b7222fb44a8593945940d99d3dd13d26e8dc

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x2e8
TimeDateStamp 2023-Feb-15 15:54:18
Entropy 2.01586
MD5 57086a45c3525554f76a843b8ea0ceb0
SHA1 bb3b05066884d9c430e0b242802c280ac263b894
SHA256 aaa0ec91899e3916e363e4670f8073cdd5de32024c330183e3e06a5c402ee7ae
SHA3 c79a0a88119906e5258eff43faafc4b86f3f5b6bb2871cce6de3d9cf379d4c66

4

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x128
TimeDateStamp 2023-Feb-15 15:54:18
Entropy 2.1704
MD5 c9113f4798daee1ff04397b4699fee20
SHA1 04a77a02cdada1d0adb3af383475cf77ed177e76
SHA256 029b2163ec401f4b713e6870760f636551fab3fa800dbb940d4b0c547a922072
SHA3 47db69117d269446375dfe691c9444c7f9bbd176e1d529ba1748f54262d34cb9

5

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x1628
TimeDateStamp 2023-Feb-15 15:54:18
Entropy 1.912
MD5 a3ecd0150aa90c103ffd60e970a79b04
SHA1 155aa3f218939e3accb8578679c03dcbc88f5e52
SHA256 5426a3cf123eedfefc4fc0e764de1bd8c8f69edf6e0c68af1984438b28074de3
SHA3 212acca720a6b223f41cece9fd8589bbd1a13bbda47f2594ef695cac349254ba

6

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0xea8
TimeDateStamp 2023-Feb-15 15:54:18
Entropy 1.8663
MD5 c519cde0a3de8b3fae65ec263d0211f2
SHA1 b5ec2ab4e4b832bbce774c34b575512f417dbea1
SHA256 aaa4217a07f23dc3124979542a8e1105ae36b6bd6e2951fd33e37fb66bfa6e97
SHA3 d126ff50d5c59f801cea6ba3220990d077af1349152fea03feb60a7e4fe71b0d

7

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x8a8
TimeDateStamp 2023-Feb-15 15:54:18
Entropy 1.49649
MD5 07484b7d7d2de97ae274c997b13fcd95
SHA1 505d59bc4593dc34851764ff10e31a163db98f2d
SHA256 eab50ea5ff7abfa5e9c64cc691ea9cce1cac6d3a913a599902f486a05ce951e6
SHA3 fe754e115793dab307b8d9c1cf7eed88457e4fbe84d43324f4ad20d29dbb95dc

8

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x568
TimeDateStamp 2023-Feb-15 15:54:18
Entropy 0.972379
MD5 d4e7ffb2c44d42dd0361bdf025ddc1cf
SHA1 b2f0d88ce66caf4e0efca16007174289977cf11b
SHA256 37265ae581f5649902228e063059ee88f390f5b67176020840d586a5cd55bd24
SHA3 0f814a879813c5f3705704e6b19fa66a7839ebf98df1941ad9e76825050843d9

9

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x12e5
TimeDateStamp 2023-Feb-15 15:54:18
Entropy 7.68913
Detected Filetype PNG graphic file
MD5 2bdb3ce74738954decb4aa7784bc1dad
SHA1 7c1a93a6508fd2ab9998c87735e2e4cefebfdfef
SHA256 463eae02434b126bc01fc4aa5b1efd88fcb53313b05d180a199bfe064273cefd
SHA3 974d364c75b622f15c6c3f9f6fe645353b7aeaaf881f9285c1a568181ea6512d

10

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x4228
TimeDateStamp 2023-Feb-15 15:54:18
Entropy 2.03031
MD5 2f8da60b986b88d85ae9bf8741138629
SHA1 35b96991f3c9de50adc6a854314d7c4b3b762b4c
SHA256 83e1da080a4c85ba6c53a8b73a88a43bda96f0af2f63565aeacc8020c57fb711
SHA3 422e7d3d156266b34b571d202b0d2dcd4c42ebf317ab5755e4d4ab84837f5ed4

11

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 2023-Feb-15 15:54:18
Entropy 2.4506
MD5 b7a61dbaf8fed9e8fd55586271a7a2fe
SHA1 1bf83736a9459f39e8ad4415a8a55f0fd03031d9
SHA256 1b9e2b76fb8a6306d71a58e8277e61cf775b329f259833b48539dabc55564dde
SHA3 ad3d753b9786fa2d2920812cb8dfb9cc077f392df40690a3dcf584e51d55b6e9

12

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 2023-Feb-15 15:54:18
Entropy 2.25978
MD5 74fa412d3b673173879e1694849b16fe
SHA1 fd666f6bd32077a3b3ad97d4591ed6e170179911
SHA256 e1cdcfc343bd2be7111edf269de89a61f6bed13a5780a79fec57110350d2b175
SHA3 59c23cb88d5b074c0e9d5dbc3af87739c0d65b11acab261f17e191f3575af7f4

13

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x468
TimeDateStamp 2023-Feb-15 15:54:18
Entropy 2.88786
MD5 208b4b138664f95bc9c28daa5d6240b7
SHA1 79131678428163495ffee79cf6c3cd70a4622804
SHA256 c98be6a1843a183920435a4ebcfcd9e8b1595b05aa7eb74e646fde7e2a22145b
SHA3 5f193d529afeb126339e38e17cffc7868ea66de29a81db907d1c031d9c5822e3

4086

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x360
TimeDateStamp 2023-Feb-15 15:54:18
Entropy 3.16547
MD5 98da6167be9a4eb3be8bab5877938ff2
SHA1 95641a365d88f070bcbd921d99bc1c034e92340e
SHA256 bb650ee3d30d21f22fc7853936b06be7cbfd05b4d88ed105d3e53774dae7f21f
SHA3 a9d9128c3f3c8d4c2c598c48390a012af7847fd0aadc64df63e86a25983aa7ad

4087

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x260
TimeDateStamp 2023-Feb-15 15:54:18
Entropy 3.40938
MD5 21cba6c9d478ce13ad53587cdd7f21f8
SHA1 ed16991f4f735f8258ff195bed5f1641d1405cc9
SHA256 0852b5fce0c5b7ff53fe4c4163983daf8a2057d5481911c24253f330bfd65d9a
SHA3 434f4417d656f3e62678eccd5c3445487e21059d8fc5084f62fc19899ef6d1dd

4088

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x45c
TimeDateStamp 2023-Feb-15 15:54:18
Entropy 3.31153
MD5 09208f24be8c3f3b08c323e9836db5e6
SHA1 054aa93663138220373081b25672499d38cb2eaf
SHA256 4be11ded6c924c3181c0b2a17cbf6f017fbf2b074adadaae213a330711e22cd1
SHA3 9e72f2e022b1768e8723c2c93ceb39a4909564dee4d43bb3537ddd9ae9e381f3

4089

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x40c
TimeDateStamp 2023-Feb-15 15:54:18
Entropy 3.33977
MD5 aeb11111a0334d20d978e15c3eb3ebab
SHA1 19969a1f68d497f0114538352da478b41c3d2060
SHA256 99b7194bf59ac43cbbdc441ab7ca14ab0330449accd33730281da09bb96bcbe3
SHA3 b734c35baae6e8fb009f07d3a20892bde53b7db5335b1327e1118e89d657251b

4090

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x2d4
TimeDateStamp 2023-Feb-15 15:54:18
Entropy 3.36723
MD5 d2467f70311fc072d9202909bdfa9fcb
SHA1 c8abb69fb38434daf6811309cc88e9d0df65e2cd
SHA256 51209c8034cd5c2127a7b877a3280699d6bad965bcc102e830420c836f535c97
SHA3 4386b5d28f8adc0eccd1a396c2d0689b85cd7cfcf727c8d08a87940c92bd64c7

4091

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0xb8
TimeDateStamp 2023-Feb-15 15:54:18
Entropy 3.33978
MD5 e8e4995b464abd85d77008d3750ca7af
SHA1 2c39cf9c2c1cfab48077cda2d4d6312fdb53c54b
SHA256 22296669c2c50d3fdfee9de9f7730d0a5cc498b7cc54cd2aa8ded74d7e69f654
SHA3 5480674ca53405ca327424ca774da73700d535e5ca7d51363d86511e5268bb0c

4092

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x9c
TimeDateStamp 2023-Feb-15 15:54:18
Entropy 3.15425
MD5 d0969cc9a96275d54a109de740708a5a
SHA1 2c365c0341faf71f810a39c69859a7eb5bc0de8d
SHA256 3c45c82b39b3c90c9c22342a8f6be98073faf1dcd26dbc578b3a6fa9a499cb46
SHA3 99f949ba47f1c5cd7b313b0b89e2b14f238be4bd78199a590c1f257e4f562967

4093

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x374
TimeDateStamp 2023-Feb-15 15:54:18
Entropy 3.31895
MD5 4ac29bb5f7361e85771807112cd4ec93
SHA1 b164bf0882b60c0d7d4643495a2c1db5a20a1343
SHA256 2e6d8102640132ccabd2fa3c3a61c77c2b41a80d7f60013cf7149819c2b5c9d2
SHA3 ee5ab8846732cb786d250fc1780293072aff157ae61cf7f671eb4e6e29018bf7

4094

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x398
TimeDateStamp 2023-Feb-15 15:54:18
Entropy 3.28786
MD5 110abe16232608d8671eaca8ee324f45
SHA1 30704560832bafa440df1fd20693653c2a30f815
SHA256 b33f156b0a8ce96c7182dfb6afa9f6a7020433a6e16ca21f6092ba03695bdd12
SHA3 0179804f22369dabd55b8e4ca79a33645191c197c0474cabc4e13546c7e7fcd6

4095

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x368
TimeDateStamp 2023-Feb-15 15:54:18
Entropy 3.33385
MD5 1c9252919f0a0d2072f3fe0565f0b443
SHA1 dc6002a243c7567105aef957d8b01142df42b3d2
SHA256 734b698aafc2cfabfd0750c88498022d650f6ee025250dc8795de56a6e122445
SHA3 4d0c5d27e1b222f09e17dc6fa9ec0bc174b3e58bba30ce90cb89b3594622e627

4096

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x2a4
TimeDateStamp 2023-Feb-15 15:54:18
Entropy 3.2935
MD5 d1efb0d972603f09c3a2a866a8b36d48
SHA1 64a194ea368bb16ffac3e7a4ca84b3c00bf15920
SHA256 351e7d3c756242cde2e4a2bef16d636d5e073e0cf3e9cfa2b1da1efccd7806ae
SHA3 545cc79af077359ed49f0ba5cdc74b58bef1f6fd71725c976ad9c892dc9a0b56

DVCLAL

Type RT_RCDATA
Language UNKNOWN
Codepage UNKNOWN
Size 0x10
TimeDateStamp 2023-Feb-15 15:54:18
Entropy 4
MD5 a40263c75fde7440b1086b7da9c51fc2
SHA1 139a84f87110fb5cb16a386adade21f30cae98b0
SHA256 e7dbe99baa5c1045cdf7004edb037018b2e0f639a5edcf800ec4514d5c8e35b5
SHA3 d3a734fa7d36868d301f9569de92e1bfc551e4b5cf6d7c59eace8d0a554093c0

PACKAGEINFO

Type RT_RCDATA
Language UNKNOWN
Codepage UNKNOWN
Size 0x2c4
TimeDateStamp 2023-Feb-15 15:54:18
Entropy 5.20462
MD5 def52a5b1e8bba58fe020b2c959f5c4f
SHA1 f9e4dd288cf9c760941cadb475675c52e660a4e3
SHA256 19151c084fcd30aed2f27deed3ec77351f27a94fd9618da56258ea03bbcbc7f3
SHA3 b618636930a1e8d8e18593541407308cd9e02d95555415c499c3a292b4693cc4

11111

Type RT_RCDATA
Language UNKNOWN
Codepage UNKNOWN
Size 0x2c
TimeDateStamp 2023-Feb-15 15:54:18
Entropy 4.45821
MD5 b7aea53c66e22934abe68ed82f069839
SHA1 b4478558b3799e87e6a849982ae51ff7d1a89df9
SHA256 6cbb65089036d639dfd87816889c159244cc6399b2a4acd8c840852ffde84262
SHA3 c3a1936f70e5d48681d111a65755ec3f9aefac283750d494649f3544a2a106d6

MAINICON

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0xbc
TimeDateStamp 2023-Feb-15 15:54:18
Entropy 3.08095
Detected Filetype Icon file
MD5 ee0da5fbb3d343c27941fb3f8b77164a
SHA1 c2be29713ab52dcf391d34d14f367cbbab966cc0
SHA256 81341db39d8fdec0bd34960423a41a5e2ba5c5830b957f070d1563580b52011b
SHA3 f3d78fc2b713ea2475d919525d0e8019ea390471c9899df1b1345093fb558919

1 (#2)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x584
TimeDateStamp 2023-Feb-15 15:54:18
Entropy 2.84019
MD5 f10e6a0b821b92976ad5f6eb3567df97
SHA1 a3fc16d60e33b8bf2c7f23fee724f2119a2b46bd
SHA256 decf54abd6ce04db1a9cac4021bbcccb27abd7a2721e43b372924ebe06e8c1f0
SHA3 5921f6a74ee6b87e438b042aa10522755e11e99105ba1d26d686a7886af6f163

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x7a8
TimeDateStamp 2023-Feb-15 15:54:18
Entropy 4.89085
MD5 e07ab8c9030f776ce0f6d9040d41c616
SHA1 593953973c74066bcd09b22402948425dab9b12f
SHA256 75bb01fe4bafdef22d879aaea5b85d1165a30ec0e558536e1b4c6002c4730d5d
SHA3 51b78d43db0954fcaa7c6fd2558eece5eb98a1c5f6e95a3033891777bfd00a7c

String Table contents

Windows 8.1
Windows 10
Observer is not supported
Cannot have multiple single cast observers added to the observers collection
The object does not implement the observer interface
No single cast observer with ID %d was added to the observer collection
No multi cast observer with ID %d was added to the observer collection
Must wait on at least one event
Cannot call BeginInvoke on a TComponent in the process of destruction
%s Service Pack %4:d (Version %1:d.%2:d, Build %3:d, %5:s)
32-bit Edition
64-bit Edition
Windows
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2
Windows 2000
Windows XP
Windows Server 2003
Windows Server 2003 R2
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Windows 8
Property is read-only
%s.Seek not implemented
Property %s does not exist
Stream write error
Thread creation error: %s
Thread Error: %s (%d)
Cannot terminate an externally created thread
Cannot wait for an externally created thread
Cannot call Start on a running or suspended thread
Argument out of range
Duplicates not allowed
Insufficient RTTI available to support this operation
Parameter count mismatch
Type '%s' is not declared in the interface section of a unit
VAR and OUT arguments must match parameter type exactly
%s (Version %d.%d, Build %d, %5:s)
Cannot assign a %s to a %s
CheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
List does not allow duplicates ($0%x)
A component named %s already exists
''%s'' is not a valid component name
Invalid property value
Invalid property path
Invalid property value
List capacity out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d)
Out of memory while expanding memory stream
%s has not been registered as a COM class
Error reading %s%s%s: %s
Stream read error
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Invalid source array
Invalid destination array
Character index out of bounds (%d)
Start index out of bounds (%d)
Invalid count (%d)
Invalid destination index (%d)
Invalid code page
No mapping for the Unicode character exists in the target multi-byte code page
Invalid StringBaseIndex
Ancestor for '%s' not found
May
June
July
August
September
October
November
December
Sun
Mon
Tue
Wed
Thu
Fri
Sat
Sunday
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
January
February
March
April
Invalid variant type
Operation not supported
Unexpected variant error
External exception %x
Assertion failed
Interface not supported
Exception in safecall method
Object lock not owned
Monitor support function not initialized
Feature not implemented
Method called on disposed object
%s (%s, line %d)
Abstract Error
Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
%s%s
A call to an OS function failed
Variant method calls not supported
Read
Write
Execution
Invalid access
Error creating variant or safe array
Variant or safe array index out of bounds
Variant or safe array is locked
Invalid variant type conversion
Invalid variant operation
Invalid NULL variant operation
Invalid variant operation (%s%.8x)
%s
Could not convert variant of type (%s) into type (%s)
Overflow while converting variant of type (%s) into type (%s)
Variant overflow
Invalid argument
Invalid floating point operation
Floating point division by zero
Floating point overflow
Floating point underflow
Invalid pointer operation
Invalid class typecast
Access violation at address %p. %s of address %p
Access violation
Stack overflow
Control-C hit
Privileged instruction
Operation aborted
Exception %s in module %s at %p.
%s%s
Application Error
Format '%s' invalid or incompatible with argument
No argument for format '%s'
'%s' is not a valid integer value
'%d.%d' is not a valid timestamp
Invalid argument to time encode
Invalid argument to date encode
Out of memory
I/O error %d
File not found
Invalid filename
Too many open files
File access denied
Read beyond end of file
Disk full
Invalid numeric input
Division by zero
Range check error
Integer overflow

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.0.0.0
ProductVersion 1.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments This installation was built with Inno Setup.
CompanyName Sky-Watcher <app@skywatchertelescope.net>
FileDescription ASCOM Telescope driver for SynScan App Setup
FileVersion (#2) 1.0.0
LegalCopyright
OriginalFileName
ProductName ASCOM Telescope driver for SynScan App
ProductVersion (#2) 1.3.1
Resource LangID English - United States

TLS Callbacks

StartAddressOfRawData 0x4c5000
EndAddressOfRawData 0x4c5018
AddressOfIndex 0x4b7c14
AddressOfCallbacks 0x4c6010
SizeOfZeroFill 0
Characteristics IMAGE_SCN_TYPE_REG
Callbacks (EMPTY)

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0! [*] Warning: Section .tls has a size of 0!
<-- -->