0dc7369908990725e53032ef989e3628

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2017-May-11 11:57:16
Detected languages English - United States

Plugin Output

Info Matching compiler(s): Nullsoft Install System v2.0
Borland Delphi v6.0 - v7.0
Microsoft Visual C++ 7.1
Watcom C/C++
Microsoft Visual Basic 5.0
Nullsoft Install System 2.0b4
Nullsoft Install System 2.06
Metrowerks CodeWarrior (DLL) v2.0
Free Pascal 0.99.10
FreePascal 1.0.4 Win32 DLL -> (Berczi Gabor, Pierre Muller & Peter Vreman)
Silicon Realms Install Stub
Inno Setup Module v3.0.4-beta/v3.0.6/v3.0.7
Metrowerks CodeWarrior v2.0 (Console)
Microsoft Visual C++ v6.0 DLL
Setup Factory v6.0.0.3 Setup Launcher
Patch Creation Wizard v1.2 Memory Patch
Inno Setup Module
Nullsoft Install System 2.0
Borland C++ DLL
Borland Delphi 3 -> Portions Copyright (c) 1983,97 Borland (h)
Microsoft Visual C++ 6.0 DLL (Debug)
Microsoft Visual C++ v7.0 (64 Bit)
FreePascal 1.0.4 Win32 -> (Berczi Gabor, Pierre Muller & Peter Vreman)
Dev-C++ v5
CreateInstall v2003.3.5
Microsoft Visual C++ 6.0 - 8.0
Dev-C++ v4
MS Visual C++ v.8 (h-good sig, but is it MSVC?)
Microsoft Windows Update CAB SFX module
MinGW 3.2.x (Dll_main)
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual C++ 6.0 DLL
Microsoft Visual C++ 7.0 DLL
Microsoft Visual C++ 8.0
Nullsoft Install System v2.0b4
Borland Delphi 5 -> Portions Copyright (c) 1983,99 Borland (h)
Microsoft Visual C++ 5.0 - 7.1
MASM/TASM - sig2(h)
Nullsoft Install System 2.0 RC2
Nullsoft Install System v2.0 RC2
MASM / TASM
Wise Installer Stub
Borland C / Borland Builder
.NET DLL -> Microsoft
Setup2Go Installer Stub
Nullsoft Install System 1.xx
Microsoft Visual Basic v5.0 - v6.0
Microsoft Visual C 5.0
Metrowerks CodeWarrior v2.0 (GUI)
MASM/TASM - sig1(h)
Nullsoft Install System 2.0a0
Microsoft Visual C++
Microsoft Visual C++ v6.0
Borland Delphi 3 -> Portions Copyright (c) 1983,96 Borland (h)
.NET executable -> Microsoft
Borland C++ for Win32 1999
MinGW 3.2.x (WinMain)
CreateInstall 2003.3.5
Microsoft Visual Basic v6.0
PerlApp 6.0.2 -> ActiveState
Nullsoft PiMP Install System 1.x
Microsoft (R) Incremental Linker Version 5.12.8078 (MASM/TASM)
Free Pascal v1.0.10 (win32 console)
Microsoft Visual C++ v7.0 DLL
MinGW 3.2.x (main)
MSVC++ v.8 (procedure 1 recognized - h)
Suspicious PEiD Signature: ACProtect/UltraProtect 1.0X-2.0X -> RiSco
Morphine v1.2 - v1.3
ST Protector V1.5 -> Silent Software
PESpin 0.3 -> Cyberbob (h)
SafeDisc v4
Free Pascal v1.0.10 (win32 GUI)
MEW 11 SE 1.0 -> Northfox
WinKript 1.0 -> Mr. Crimson (h)
EXECryptor 2.0/2.1 -> www.strongbit.com * Sign.By.haggar
RLPack v0.7.3beta -> ap0x (h)
PolyBox D -> Anskya
XWD graphics format
UPX Inliner v1.0 by GPcH
ASProtect 1.23 RC4 build 08.07 (dll) -> Alexey Solodovnikov (h)
ExeSplitter 1.2 -> Bill Prisoner / TPOC
MSLRH 0.32a (fake nSPack 1.3) -> emadicius
nBinder v3.6.1
Sun Icon Graphics format
Inno Installer v5.1.2
PEBundle v3.10
VMProtect V1.X -> PolyTech
WinUpack v0.30 beta -> By Dwing (h)
RAR Configuration file
UPX V1.94 -> Markus Oberhumer & Laszlo Molnar & John Reiser
Unnamed Scrambler 2.0 -> p0ke
PECompact v2.xx
PUNiSHER V1.5 -> FEUERRADER
DiskDupe (c) MSD Users file
MSLRH 0.32a (fake WWPack32 1.x) -> emadicius
EXECryptor 2.2.4 -> Strongbit/SoftComplete Development
Obsidium 1.3.0.4 -> Obsidium Software (h)
MSLRH v0.32a -> emadicius (h)
PE Spin v0.4x
EXE Shield V0.6 -> SMoKE
Private exe Protector V2.0 -> SetiSoft Team ! Sign by fly
NsPack v2.3 -> North Star (h)
BamBam v0.01
eXPressor v1.2 -> CGSoftLabs
UPack 0.11
eXPressor v1.3 -> CGSoftLabs
Patch Creation Wizard 1.2 Memory Patch
PolyCrypt PE - 2.1.4b/2.1.5 -> JLab Software Creations (h-oep)
yoda's Protector 1.01 -> Ashkbiz Danehkar (h)
Alex Protector 1.0 beta 2 by Alex
Armadillo 3.01, 3.05
D1NS1G -> D1N
PESpin 1.3beta -> Cyberbob (h)
VProtector 1.3X -> vcasm
Hying's PE-Armor 0.75.exe -> Hying [CCG]
MSLRH 0.32a (fake PC-Guard 4.xx) -> emadicius
NsPack 1.4 by North Star (Liu Xing Ping)
RLP v0.7.3beta -> ap0x (h)
dUP 2.x Patcher --> www.diablo2oo2.cjb.net
EXECryptor V2.2X -> softcomplete.com
PE-Protect 0.9 by Cristoph Gabler 1998
RatPacker (Glue) stub
R!SC's Process Patcher v1.5.1
PEQuake 0.06-> forgat
Thinstall 2.403 -> Jitit
nSpack V2.x -> LiuXingPing
Upack 0.38 beta -> Dwing
PESpin 0.7 -> Cyberbob (h)
Encapsulated Postscript graphics file v3.0 EPSF-3.0
Upack v0.32 Beta -> Sign by hot_UNP
Pe123 2006.4.4
Enigma protector 1.10/1.11 -> Vladimir Sukhov
Armadillo v4.30 - 4.40 -> Silicon Realms Toolworks
LY_WGKX -> www.szleyu.com
TheHyper's protector -> TheHyper (h)
Pelles C 4.50 DLL (X86 CRT-LIB)
FreeCryptor 0.1 (build 002) -> GlOFF
aPack v0.98b (DS & ES not saved)
mkfpack -> llydd
MSLRH 0.32a (fake PEtite 2.1) -> emadicius
VIRUS - I-Worm.KLEZ
[MSLRH] v0.1 -> emadicius
eXPressor v1.4 -> CGSoftLabs
FSG v2.0
SimplePack 1.21.build.09.09 (Method2) -> bagie
MarjinZ EXE-Scrambler SE - by MarjinZ
Unnamed Scrambler 2.5A -> p0ke
Packman 0.0.0.1 -> Bubbasoft (h)
SimplePack V1.1X (Method2) -> bagie ! Sign by fly
EXECryptor 2.1.17 -> Strongbit/SoftComplete Development (h)
Morphine v2.7 -> Holy_Father & Ratter/29A (h)
BGI Stroked Font v.1.1
PCIENC Cryptor
EXEStealth 2.76 Unregistered -> WebtoolMaster
North Star PE Shrinker v1.3 by Liuxingping
Crunch/PE v5.0
BeRoEXEPacker V1.00 -> BeRo
SDProtect(Èí¼þ±£»¤Éñ) -> Randy Li
IMP-Packer 1.0 -> Mahdi Hezavehi [IMPOSTER]
NTkrnl Secure Suite -> NTkrnl Team (Blue)
MSLRH
[MSLRH] v0.32a -> emadicius (h)
EncryptPE V2.2006.1.15 -> WFS
FreeBASIC 0.16b
PE Protect 0.9
PrincessSandy v1.0 eMiNENCE Process Patcher Patch
EXECryptor 2.xx (max. compressed resources) -> www.strongbit.com * Sign.By.haggar
PECompact 2.x -> Bitsum Technologies
PeCompact2 2.53-2.76 --> BitSum Technologies
NoodleCrypt 2.00 (Eng) -> NoodleSpa
USSR V0.31 -> SpiritST
PEZip 1.0 by BaGIE
Histogram graphics file
eXPressor v1.2.0b
nPack 1.1.250.2006.Beta -> NEOx/[uinC]
Trainer Creation Kit 5 Trainer
MSLRH v0.32a -> emadicius
Themida 1.2.0.1 -> Oreans Technologies (h)
MSLRH 0.32a (fake PEBundle 2.0x - 2.4x) -> emadicius
Armadillo v4.20 -> Silicon Realms Toolworks
LamCrypt 1.0 -> LaZaRuS
Apex 3.0 alpha -> 500mhz
R!SC's Process Patcher 1.4
FreeJoiner 1.5.3 (Stub engine 1.7.1) -> GlOFF
MSLRH 0.32a (fake PECompact 1.4x) -> emadicius
[MSLRH] v0.31a
MSLRH 0.32a (fake PE Lock NT 2.04) -> emadicius
ACProtect 1.4x -> RISCO soft
FSG 1.20 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)
Unnamed Scrambler 1.1C -> p0ke
RosAsm 2050a -> Betov
FASM 1.5x
UPolyX V0.1 -> Delikon
VIRUS - I-Worm.Hybris
Wise Installer Stub 1.10.1029.1
Private EXE v2.0a
Shrinker 3.4
Shrinker 3.3
Shrinker 3.2
Alex Protector 0.4 beta 1 by Alex
Private EXE Protector 1.8
NTkrnl Secure Suite V0.1 DLL -> NTkrnl Software
PESpin 1.1 -> Cyberbob (h)
RLP 0.7.3beta -> ap0x (h)
RCryptor v1.1 --> Vaska
tElock 0.98 -> tHE EGOiSTE (h)
Minke V1.0.1 -> Codius ! Sign by fly
AsCrypt v0.1 -> SToRM - #3
SimplePack 1.X (Method2) -> bagie
PolyCrypt PE - 2.1.4b/2.1.5 -> JLab Software Creations (h-signed)
ChinaProtect -> dummy * Sign.By.fly
Crunch 5 Fusion 4
Code Virtualizer V1.3.1.0 -> Oreans Technologies ! Sign by fly
AntiDote V1.2 -> SIS-Team ! Sign by fly
Crypto-Lock 2.02 (Eng) -> Ryan Thian
Turbo Profiler Areas file
aPack v0.98b (DS&ES not saved)
Sentinel SuperPro (Automatic Protection) 6.4.0 -> Safenet
ZipWorxSecureEXE 2.5 -> ZipWORX Technologies LLC (h)
Private EXE Protector 1.8 -> SetiSoft
NsPack v2.3 -> North Star
ASProtect SKE 2.3 -> Alexey Solodovnikov (h)
Gleam 1.00
eXPressor 1.4.5.1 -> CGSoftLabs (h)
Trainer Creation Kit v5 Trainer
ARM Protector v0.1 by SMoKE
FSG 1.20 (Eng) -> dulek/xt -> (Borland Delphi / Microsoft Visual C++)
GHF Protector (pack only) -> GPcH
Hying's PE-Armor 0.76 -> Hying [CCG
Unnamed Scrambler 1.2C / 1.2D -> p0ke
NTPacker V2.X -> ErazerZ ! Sign by fly
[MSLRH] v0.32a -> emadicius
PeStubOEP v1.x
PE Protect v0.9
ACE Archive
EXECryptor v1.5.3
FreeCryptor 0.2 (build 002) -> GlOFF
DMark Database file
PC-Guard 5.00d
EXECryptor 2.x -> SoftComplete Developement
ASProtect 2.0
PS-AdobeFont v.1.0
yP 1.0b by Ashkbiz Danehkar
iPBProtect v0.1.3
HQR data file
Armadillo v4.00.0053 -> Silicon Realms Toolworks
VMProtect 0.7x - 0.8 -> PolyTech
Morphine V3.3 -> Holy_Father & Ratter/29A
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
SafeDisc 4
Enigma Protector 1.X -> Sukhov Vladimir & Serge N. Markin
RLPack FullEdition V1.1X -> ap0x * Sign.By.fly
Petite 2.1
NTkrnl Secure Suite V0.1 -> NTkrnl Software
UPX v2.0 -> Markus, Laszlo & Reiser (h)
Encapsulated Postscript graphics file v2.0 EPSF-1.2
Armadillo 4.10 -> Silicon Realms Toolworks
ENIGMA Protector -> Sukhov Vladimir
NTkrnl Secure Suite -> NTkrnl team (h)
Crunch 4.0
MSLRH 0.32a (fake MSVC++ 6.0 DLL) -> emadicius
FSG 1.20 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)
Hying's PE-Armor 0.75.exe -> Hying [CCG] (h)
EXECryptor 2.3.9 (minimum protection) -> www.strongbit.com
PackItBitch V1.0-> archphase ! Sign by fly
SVK Protector 1.3x (Eng) -> Pavol Cerven
CICompress 1.0
ActiveMARK 5.x -> Trymedia Systems,Inc. (h)
SPLayer v0.08
NoodleCrypt v2.0
VProtector 0.X-1.2X -> vcasm
CipherWall Self-Extrator/Decryptor (Console) 1.5
MSLRH 0.32a (fake Neolite 2.0) -> emadicius
MSLRH 0.32a (fake EXE32Pack 1.3x) -> emadicius
yoda's Protector 1.02 (.exe,.scr,.com) -> Ashkbiz Danehkar (h)
GP-Install v5.0.3.32
iPBProtect 0.1.3
UPack v0.11
Anti007 V2.6 -> LiuXingPing ! Sign by fly
Armadillo 4.20 -> Silicon Realms Toolworks
LaunchAnywhere 4.0.0.1
MSLRH 0.32a (fake MSVC++ 7.0 DLL Method 3) -> emadicius
aPack v0.98b -> Jibz
ARM Protector 0.3 - by SMoKE
UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser
PC Guard for Win32 5.00 -> SofPro/Blagoje Ceklic (h)
PackItBitch 1.0 -> archphase
Sentinel SuperPro (Automatic Protection) 6.4.1 -> Safenet
* VMProtect v1.25 --> PolyTech
tElock 0.99 Special Build -> heXer & forgot
PeX 0.99 (Eng) -> bart/CrackPl
SDProtector Pro Edition 1.16 -> Randy Li
Private EXE Protector 2.0 -> SetiSoft
ENIGMA Protector V1.X-> Sukhov Vladimir
ORiEN 2.11 (DEMO)
ENIGMA Protector V1.X -> Sukhov Vladimir
Werus Crypter 1.0 -> Kas
SLVc0deProtector v1.1 -> SLV (h)
NakedPacker 1.0 - by BigBoote
UPX Inliner 1.0 by GPcH
Themida 1.0.x.x - 1.8.x.x (no compression) -> Oreans Technologies (h)
ASPack v2.12
SLVc0deProtector 0.60 -> SLV / ICU
ASDPack 2.0 -> asd
UPX V1.94 -> Markus Oberhumer & Laszlo Molnar & John Reiser
DotFix Nice Protect V2.1 -> GPcH Soft * Sign.By.haggar
BeRoEXEPacker V1.00 -> BeRo ! Sign by fly
NTKrnlPacker -> Ashkbiz Danehkar
PEStubOEP v1.x
AVP Antiviral Database
BeRoEXEPacker v1.00 -> BeRo / Farbrausch
WinUpack v0.30 beta -> By Dwing
Armadillo 4.40 -> Silicon Realms Toolworks (h)
NTkrnl Secure Suite V0.1 DLL -> NTkrnl Software ! Sign by fly
VMProtect v1.25 -> PolyTech
PolyEnE 0.01+ by Lennart Hedlund
AsCrypt v0.1 -> SToRM - needs to be added
SVK Protector 1.32 (Eng) -> Pavol Cerven
Dropper Creator V0.1 -> Conflict
Pelles C 3.00, 4.00, 4.50 EXE (X86 CRT-DLL)
EXECryptor 2.2.6 DLL (minimum protection) -> www.strongbit.com
PeCompact2 2.53-2.76 -> BitSum Technologies
Trilobyte's JPEG graphics Library
kkrunchy v0.17 -> F. Giesen
FixupPak 1.20
Pe123 2006.4.12
SVK-Protector v1.43 -> www.anticracking.sk
MSLRH 0.32a (fake PEX 0.99) -> emadicius
MSLRH 0.32a (fake PESHiELD 0.25) -> emadicius
Morphine v3.3 -> Silent Software & Silent Shield (c)2005
Themida/WinLicense V1.X NoCompression SecureEngine -> Oreans Technologies
KBys Packer 0.28 Beta -> Shoooo
R!SC's Process Patcher 1.5.1
Upack 0.22 - 0.23 beta -> Dwing
eXPressor.Protection 1.5.0.X -> CGSoftLabs
Symantec WinFax PRO 8.3 Coverpage Quick CoverPage
Fish PE Shield 1.12/1.16 -> HellFish
X-Pack v1.4.2
D1S1G v1.1 Beta ++ Scrambled EXE -> D1N
Protect Shareware V1.1 -> eCompserv CMS
EXECryptor 2.2/2.3 (compressed code) -> www.strongbit.com
NsPack V2.X -> LiuXingPing
MSLRH 0.32a (fake .BJFNT 1.3) -> emadicius
eXPressor.Protection V1.5.0.X -> CGSoftLabs ! Sign by fly
Exe Shield 2.7b
Upack 0.399 -> Dwing
NSPack -> Nort Star Software - http://www.nsdsn.com/
Alex Protector v0.4 beta 1 by Alex
aPack v0.98b (com)
ASProtect v1.2 -> Alexey Solodovnikov (h1)
FSG 1.31 (Eng) -> dulek/xt
UPX -> www.upx.sourceforge.net
Private exe Protector V2.0 -> SetiSoft Team
AntiDote 1.0.Demo -> SIS-Team
Patch Creation Wizard v1.2 Seek and Destroy Patch
EXE Stealth v2.5
Nullsoft PiMP Install System v1.x
AZProtect 0001 - by AlexZ aka AZCRC
Escargot 0.1 - by ueMeat
PECompact v1.4x+
EXECryptor 2.2.4 -> Strongbit/SoftComplete Development (h3)
UPX Protector v1.0x (2)
EXE Stealth 2.5
SafeDisc/SafeCast 2.xx - 3.xx -> Macrovision
Protect Shareware 1.1 -> eCompserv CMS
Patch Creation Wizard v1.2 Byte Patch
hmimys protect 0.1 -> hmimys
FreeJoiner Small (build 017) -> GlOFF
DzA Patcher v1.3 Loader
Pelles C 2.90 EXE (X86 CRT-LIB)
SLVc0deProtector 1.1 -> SLV (h)
Private EXE Protector 1.9.7 -> SetiSoft (h)
RLPack 1.16 (aPLib compression) -> ap0x (h)
Encrypted by? RSCC/286 v1.02
Encrypted by? RSCC/286 v1.01
yoda's Protector 1.0b -> Ashkbiz Danehkar
Morphine 2.7 -> Holy_Father & Ratter/29A (h)
FSG v1.3
ASDPack v1.0 -> asd
Armadillo 4.30a -> Silicon Realms Toolworks (h)
DEF 1.00 (Eng) -> bart/xt
Xtreme-Protector 1.06
SoftComp 1.x -> BG Soft PT
RCryptor v1.1 -> Vaska
ExeSplitter 1.3 (Split+Crypt Method) -> Bill Prisoner / TPOC
RLPack 1.16 (LZMA compression) -> ap0x (h)
MaskPE V2.0 -> yzkzero
INCrypter 0.3 (INinY) - by z3e_NiFe
MSLRH 0.32a (fake SVKP 1.11) -> emadicius
IMP-Packer 1.0 -> Mahdi Hezavehi [IMPOSTER] (h)
PE-Armor 0.460-0.759 -> hying
tElock 0.99
ACProtect v1.35 -> risco software Inc. & Anticrack Software (h)
MinGW 3.2.x (Dll_WinMain)
Utah RLE Graphics format
ExeSafeguard v1.0 -> simonzh (h)
PE-PaCK 1.0 -> (C) Copyright 1998 by ANAKiN (h)
Kbys Packer 0.28 Beta-> shoooo314
WinUpack v0.39 final -> By Dwing (c)2005 (h1)
DotFix Nice Protect 2.1 -> GPcH Soft
Armadillo 4.44a public build -> Silicon Realms Toolworks (h)
PESpin 0.1 -> Cyberbob (h)
ExeSafeguard 1.0 -> simonzh (h)
Upack v0.35 alpha -> Sign by hot_UNP
Inno Setup Module v2.0.18
FSG 1.20 (Eng) -> dulek/xt -> (Borland C++)
PE-PaCK v1.0 -> (C) Copyright 1998 by ANAKiN (h)
PE Crypt v1.02
FakeNinja v2.8 -> Spirit
PUNiSHER V1.5-> FEUERRADER
VProtector 1.1A-1.2 -> vcasm
UPX-Scrambler by Guru.eXe
North Star PE Shrinker 1.3 by Liuxingping
Patch Creation Wizard 1.2 Byte Patch
Launcher Generator 1.03
EXE Stealth v2.73
EXE Stealth v2.74
Pi Cryptor 1.0 - by Scofield
nSpack V2.3 -> LiuXingPing
UPolyX v0.5
Hying's PE-Armor 0.75.exe -> Hying
dUP 2.x Patcher -> www.diablo2oo2.cjb.net
AntiDote 1.0 Demo / 1.2 -> SIS-Team
Crunch/PE 4.0
codeCrypter 0.31
Upack_Patch -> Sign by hot_UNP
Nullsoft Install System v2.0a0
NsPacK .Net -> LiuXingPing ! Sign by fly
Hying's PE-Armor 0.75.exe -> Hying [CCG
MSLRH 0.32a (fake Microsoft Visual C++) -> emadicius
Upack 0.37 beta -> Dwing
ARM Protector 0.2-> SMoKE
EXECryptor 2.3.9 (compressed resources) -> www.strongbit.com
Crunch/PE v4.0
ASProtect SKE 2.1/2.2 (exe) -> Alexey Solodovnikov (h)
EXECryptor 2.1.17 -> Strongbit / SoftComplete Development (h)
PE Spin 0.b
ASProtect v1.23 RC4 build 08.07 (exe) -> Alexey Solodovnikov (h)
FreeCryptor 0.1 (build 001)-> GlOFF
Soft Defender v1.12
Fish PE Shield 1.01 -> HellFish
EXE Shield 0.5 -> Smoke
Enigma protector 1.10 (unregistered)
ExeStealth -> WebToolMaster
yC 1.3 by Ashkbiz Danehkar
EXECryptor 2.3.9 DLL (compressed resources) -> www.strongbit.com
Armadillo 3.10
D1S1G v1.1 beta --> D1N
PESpin 1.0 -> Cyberbob (h)
MEW 11 SE v1.2
Obsidium 1.3.0.0 -> Obsidium Software (h)
MSLRH v0.31a
FASM v1.5x
UPX$HiT v0.0.1
EXECryptor V2.1X -> softcomplete.com
yP v1.0b by Ashkbiz Danehkar
DEF v1.0
UPXFreak 0.1 (Borland Delphi) -> HMX0101
MSLRH 0.32a (fake ASPack 2.12) -> emadicius
Unnamed Scrambler 1.2B -> p0ke
FreePascal 2.0.0 Win32 -> (Berczi Gabor, Pierre Muller & Peter Vreman)
MPEG movie file
ASProtect v?.? -> If you know this version, post on PEiD board (h2)
NsPack 3.1 -> Liu Xing Ping
FSG 1.20 (Eng) -> dulek/xt -> (MASM32 / TASM32)
RLP V0.7.3.beta -> ap0x
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX$HiT 0.0.1 -> sibaway7@yahoo.com
EXECryptor 2.2.x -> SoftComplete Developement
Armadillo v4.10 -> Silicon Realms Toolworks
MoleBox v2.0
Armadillo 4.00.0053 -> Silicon Realms Toolworks
VIRUS - I-Worm.Bagle
VBOX v4.3 - v4.6
Private EXE Protector 1.8 -> SetiSoft (h)
yoda's Protector 1.0b -> Ashkbiz Danehkar (h)
VProtector -> vcasm
PEZip v1.0 by BaGIE
MSLRH v0.1 -> emadicius
Morphine 3.3 -> Silent Software & Silent Shield (c)2005 (h)
NsPack 3.1 -> North Star (h)
EP 1.0
aPack v0.98b [exe]
FreeJoiner Small (build 014/015) -> GlOFF
PAV.Cryptor (Pawning AntiVirus Cryptor) -> masha_dev
Crunch 5 -> Bit-Arts
Elicense System V4.0.0.0 -> ViaTech Inc
X-Hider 1.0 -> GlobaL
Pelles C 2.90, 3.00, 4.00 DLL (X86 CRT-LIB)
Upack v0.36 alpha -> Sign by hot_UNP
MEW 11 SE 1.2
Morphine 2.7 -> Holy_Father & Ratter/29A
Celsius Crypt 2.1 -> Z3r0
Upack 0.36 beta -> Dwing
Armadillo 4.30 - 4.40 -> Silicon Realms Toolworks
Private exe Protector V1.8X-V1.9X -> SetiSoft Team
PESpin 1.304 -> Cyberbob (h)
MSLRH 0.32a (fake MSVC++ DLL Method 4) -> emadicius
aPack v0.98 -m
EncryptPE V2.2006.7.10 -> WFS
ASProtect SKE 2.1/2.2 (dll) -> Alexey Solodovnikov (h)
MSLRH 0.32a (fake ASPack 2.11d) -> emadicius
MSLRH 0.32a (fake PE Crypt 1.02) -> emadicius
ChinaProtect -> dummy ! Sign by fly
PECompact v2.00 alpha 38
CALS Raster graphics format
UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser
MSLRH v32a -> emadicius
nMacro recorder 1.0
PDS graphics file format
MSLRH 0.32a (fake UPX 0.89.6 - 1.02 / 1.05 - 1.24) -> emadicius
Upack v0.37 ~ v0.38 Beta (Strip base relocation table Option)-> Sign by hot_UNP
MSLRH 0.32a (fake PEBundle 0.2 - 3.x) -> emadicius
IMP-Packer 1.0 -> Mahdi Hezavehi [IMPOSTER
CipherWall Self-Extrator/Decryptor (GUI) 1.5
PUNiSHER 1.5 (DEMO) -> FEUERRADER/AHTeam
BamBam 0.01
Fuck'n'Joy 1.0c -> UsAr
PECompact 2.00 alpha 38
MEW 10 by Northfox
yoda's Protector v1.03.2 by Ashkbiz Danehkar
HASP HL Protection 1.X -> Aladdin
Exe Guarder 1.8 -> Exeicon.com (h)
EXECryptor 2.3.9 DLL (minimum protection) -> www.strongbit.com
Morphine v2.7 -> Holy_Father & Ratter/29A
PE-Armor 0.760-0.765 -> hying
Patch Creation Wizard 1.2 Seek and Destroy Patch
EXECryptor 2.xx (compressed resources) -> www.strongbit.com * Sign.By.haggar
Upack v0.39 final -> Sign by hot_UNP
R!SC's Process Patcher v1.4
EXE Stealth 2.74
EXE Stealth 2.73
DiskDupe (c) MSD Configuration file
PESPin 1.3 -> Cyberbob (h)
EXECryptor 2.2.6 (minimum protection) -> www.strongbit.com
FSG 1.20 (Eng) -> dulek/xt -> (Borland Delphi / Borland C++)
hmimys-Packer 1.0 -> hmimys
Petite 1.3
Petite 1.4
EXEÎļþºÏ²¢Æ÷ -> Liuli
Upack v0.29 Beta ~ v0.31 Beta -> Sign by hot_UNP
Amiga AIFF 8SFX Audio file
ASProtect v2.0
Crunch 4
ORiEN 2.11 - 2.12 -> Fisun Alexander
PEQuake 0.06 by fORGAT
MaskPE 1.6 -> yzkzero
CorelDraw 8 CDR Graphics format
eXPressor 1.2 -> CGSoftLabs (h)
MoleBox v2.5.4 -> Teggo
ASProtect 2.3 SKE build 04.26 Beta
nBinder v4.0
FSG 1.00 (Eng) -> dulek/xt
NTkrnl Secure Suite V0.1 -> NTkrnl Software ! Sign by fly
eXPressor 1.2.0b
VProtector V1.3X -> vcasm
vprotector 1.2 -> vcasm
PEQuake v0.06 by fORGAT
PECompact 2.0beta/student version -> Jeremy Collake
Unnamed Scrambler 2.1(Beta) / 2.1.1 -> p0ke
Erdas LAN/GIS Image graphics format
PKLITE32 v1.1
ORiEN V1.X-V2.X -> Fisun A.V. ! Sign by fly
Upack v0.37 ~ v0.38 Beta (Strip base relocation table Option) -> Sign by hot_UNP
SimplePack 1.2.build.30.09 (Method2) -> bagie
ExeSplitter 1.3 (Split Method) -> Bill Prisoner / TPOC
Morphine 3.3 -> Holy_Father & Ratter/29A
PrincessSandy 1.0 eMiNENCE Process Patcher Patch
FSG 1.3
ASProtect 1.23 RC4 build 08.07 (exe) -> Alexey Solodovnikov (h)
EmbedPE V1.00-V1.24 -> cyclotron ! Sign by fly
Unnamed Scrambler 1.0 -> p0ke
Upack v0.32 Beta (Patch) -> Sign by hot_UNP
TPPpack-> clane
EXECryptor 2.0/2.1 (protected IAT) -> www.strongbit.com * Sign.By.haggar
ASProtect SKE 2.1x (exe) -> Alexey Solodovnikov (h)
VPacker -> ttui ! Sign by fly
USSR V0.31 -> SpiritST ! Sign by fly
MEW 11 SE v1.1
Launcher Generator v1.03
eXpressor v1.0 -> CGSoftLabs
PESpin v1.1 by cyberbob
MoleBox v2.3.0 -> Teggo
yC v1.3 by Ashkbiz Danehkar
MSLRH 0.32a (fake yoda's cryptor 1.2) -> emadicius
Morphine v3.3 -> Silent Software & Silent Shield (c)2005 (h)
Upack 0.28 - 0.399 (relocated image base - Delphi, .NET, DLL or something else -> Dwing (h)
Setup Factory 6.0.0.3 Setup Launcher
Matrix Dongle -> TDi GmbH
ARM Protector 0.1 by SMoKE
Safe 2.0
RLP V0.7.3.beta -> ap0x ! Sign by fly
eXcalibur v1.03 -> forgot/us (h)
Pelles C 3.00, 4.00, 4.50 EXE (X86 CRT-LIB)
SimplePack V1.1X (Method2) -> bagie
NsPack 2.3 -> Liu Xing Ping
Fly-Crypter 1.0 -> ut1lz
DzA Patcher 1.3 Loader
FakeNinja v2.8 (Anti-Debug) -> Spirit
Suspicious Strings found in the binary may indicate undesirable behavior: Contains references to system / monitoring tools:
  • Control.Exe
  • ethereal.exe
  • mshta.exe
  • procexp.exe
  • procmon.exe
  • regsvr32.exe
  • rundll32.exe
  • sc.exe
  • schtask
  • tcpdump.exe
  • wireshark.exe
 Contains references to internet browsers:
  • chrome.exe
  • firefox.exe
  • iexplore.exe
  • key3.db
  • signons.sqlite
 Contains references to debugging or reversing tools:
  • ollydbg.exe
  • windbg.exe
 Contains references to security software:
  • 360TRAY.EXE
  • AVGIDSAgent.exe
  • DefWatch.exe
  • Guard.exe
  • McpRoXy.exe
  • NAV.exe
  • NETINFO.EXE
  • avgtray.exe
  • avp.exe
  • blackd.exe
  • blackice.exe
  • lockdown.exe
  • lockdown2000.exe
  • monitor.exe
  • nUI.exe
  • netinfo.exe
  • processmonitor.exe
  • rshell.exe
  • smc.exe
  • zapro.exe
  • zonealarm.exe
 Tries to detect virtualized environments:
  • 0f 01 0d 00 00 00 00 c3
  • b3 eb 36 e4 4f 52 ce 11 9f 53 00 20 af 0b a7 70
  • d1 29 06 e3 e5 27 ce 11 87 5d 00 60 8c b7 80 66
 Looks for VMWare presence:
  • 00-05-69
  • 00-0C-29
  • 00-1C-14
  • 00-50-56
  • 000569
  • 000C29
  • 001C14
  • 005056
  • 00:05:69
  • 00:0C:29
  • 00:1C:14
  • 00:50:56
  • VEN_15ad
  • VMMEMCTL
  • VMTools
  • VMware
  • hgfs.sys
  • mhgfs.sys
  • prl_pv32.sys
  • prleth.sys
  • prlfs.sys
  • prlmouse.sys
  • prlvideo.sys
  • vmdebug
  • vmicexchange
  • vmicheartbeat
  • vmicshutdown
  • vmicvss
  • vmmouse
  • vmnet.sys
  • vmsrvc.sys
  • vmtools
  • vmware
  • vmx86
  • vmx86.sys
  • vpc-s3.sys
 Looks for Sandboxie presence:
  • SBieDll.dll
  • SbieDLL.dll
  • sbiedll.dll
 Looks for VirtualPC presence:
  • 0f 3f 07 0b
  • msvmmouf
  • vpc-s3
  • vpcbus
  • vpcuhub
 Looks for VirtualBox presence:
  • 08-00-27
  • 080027
  • 08:00:27
  • VBOX HARDDISK
  • VBoxGuest
  • VBoxGuestAdditions
  • VBoxHook.dll
  • VBoxMouse
  • VBoxSF
  • VBoxService
  • VBoxTray
  • VEN_80EE
  • vboxservice
  • vboxtray
 Looks for Parallels presence:
  • VEN_80EE
  • c!nu
  • magi
  • mber
 Looks for Qemu presence:
  • QEMU
  • qemu
 May have dropper capabilities:
  • %ALLUSERSPROFILE%
  • %TEMP%
  • %Temp%
  • %allusersprofile%
  • %temp%
 Is an AutoIT compiled script:
  • AutoIt Error
  • reserved for AutoIt internal use
 Contains obfuscated function names:
  • 21 03 12 36 14 09 05 27 02 02 14 03 15 15
 Contains a base64-encoded executable:
  • TVqQAAIAAAAEAA8A//8AALgAAAA
  • TVqQAAMAAAAEAAAA//8AALgAAAA
 Miscellaneous malware strings:
  • BackDoor
  • Backdoor
  • CWSandbox
  • Cmd.exe
  • EXPLOIT
  • Exploit
  • backdoor
  • cmd.exe
  • exploit
 References the BITS service
Contains references to mining pools:
  • stratum+tcp://cmd.so
Info Cryptographic algorithms detected in the binary: Uses constants related to SHA1
Uses constants related to RC5 or RC6
Uses constants related to TEA
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
Malicious VirusTotal score: 33/61 (Scanned on 2017-05-27 19:51:50) MicroWorld-eScan: Trojan.GenericKD.5098512
nProtect: Trojan-Exploit/W32.BypassUAC.2008064
McAfee: Artemis!0DC736990899
VIPRE: Trojan.Win32.Generic!BT
K7GW: Riskware ( 0040eff71 )
K7AntiVirus: Riskware ( 0040eff71 )
Arcabit: Trojan.Generic.D4DCC10
TrendMicro: JOKE_CYBERAVI
Baidu: Win32.Backdoor.KewS.a
Symantec: Trojan.Gen.8!cloud
TrendMicro-HouseCall: TROJ_GEN.R047H09EN17
Paloalto: generic.ml
ClamAV: Win.Trojan.Merong-1
GData: Trojan.GenericKD.5098512
Kaspersky: Exploit.Win32.BypassUAC.brg
BitDefender: Trojan.GenericKD.5098512
Avast: Krile-5880
Ad-Aware: Trojan.GenericKD.5098512
F-Secure: Trojan.GenericKD.5098512
Zillya: Exploit.BypassUAC.Win32.314
McAfee-GW-Edition: Artemis!Trojan
Emsisoft: Trojan.GenericKD.5098512 (B)
Cyren: W64/Trojan.MHUX-6302
AegisLab: Exploit.W32.Bypassuac!c
ZoneAlarm: Exploit.Win32.BypassUAC.brg
AhnLab-V3: Trojan/Win32.BypassUAC.C1947260
ALYac: Trojan.Agent.BypassUAC
AVware: Trojan.Win32.Generic!BT
Tencent: Win32.Virus.Sality.Jml
Ikarus: Exploit.Win32.BypassUAC
Fortinet: W32/BypassUAC.BRG!exploit
Panda: Trj/CI.A
CrowdStrike: malicious_confidence_88% (D)

Hashes

MD5 0dc7369908990725e53032ef989e3628
SHA1 6799845bb84d38053e8f426509c1cd03b7dc4228
SHA256 827b2f0f5664271ab98aa00dbca85d387ce6d96234608e301007ed5a46d88001
SHA3 7804bde11245db0eca27e5ef901e9c873c1937c769e6debd38e6b23c9c5bd0d4
SSDeep 24576:7MWHiFDV07ECXo4tu619SbX7ZwwjeJJV+CBqAKngOu8LNZZ/LJCPlyPlVzOCr:WJ6qbroCnlu8jhL0PMtVSCr
Imports Hash 6dfd283212216123373d6f57e66e4ef4

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x110

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 9
TimeDateStamp 2017-May-11 11:57:16
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x5ba00
SizeOfInitializedData 0x190600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000001B27 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x1f2000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 3529ef5fc304717c1961a0eaa46a0a4c
SHA1 b184ddb865405f5bda13c70617bdbbcf157343fc
SHA256 438a9512ad24b17c1c8cdb234685a5e4cded29ba46fec8a9cb06b2e5fe7b4ccf
SHA3 c442be2298df78a437b8e41dc3626fa15370acf59beed1fca4a186a68c28999d
VirtualSize 0x5b9df
VirtualAddress 0x1000
SizeOfRawData 0x5ba00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.76302

.rdata

MD5 99f4121ef2d6b9fa0edd78d09ae1df6f
SHA1 8a2117b7f348acd85dd124fda87cd584eb306426
SHA256 489279f6fc57614a5b3ebe2c04e37514cc28680f45a68e2434ee8cd37d815f26
SHA3 55ee23a220b650317990ec8f98bae1e1c2a2ce9d2fa5c82907e4920e8d612359
VirtualSize 0x1a123
VirtualAddress 0x5d000
SizeOfRawData 0x1a200
PointerToRawData 0x5be00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.69624

.data

MD5 bb186fa87eaf3e725f1517b91f7b5a4e
SHA1 1f3316dd8bb5818990075c1e4c94eb77a164c6ae
SHA256 a5213fd0cd754b52775c85cde852eab1e226d5b628f609702b0599d5093cafd3
SHA3 0614404d8f173d5d93082992ffdc8f61f6104893877da63aed344cbf8d27b31c
VirtualSize 0x2f29
VirtualAddress 0x78000
SizeOfRawData 0x1000
PointerToRawData 0x76000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.65038

.pdata

MD5 ed9d9e6bd727c13b9e078f5ef2a34d67
SHA1 25bfcbaf4705c4af9a30edb1bfab77a104d8cdc9
SHA256 71df6859557064cf6b0e0df3a21c362324bfdab0d76d33f1a678962fab175d9e
SHA3 0b63ccf4817b2ebef28f2070b616f87f16237466dd8329bea780348a3130e92d
VirtualSize 0x4698
VirtualAddress 0x7b000
SizeOfRawData 0x4800
PointerToRawData 0x77000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.3302

.idata

MD5 712c3470a5943c3b9020ab5e78254efc
SHA1 3ce92f85e58e14cad52bf4a33e5aa06337c74857
SHA256 9c00339ed08e66894bff11ef9635e4c329e6d25aea125f44064f5c52767c6b51
SHA3 1da6cadd4883ef185cd7dac6b023a7d4978cfbb889221c29d0c7d0facf99a20c
VirtualSize 0x1174
VirtualAddress 0x80000
SizeOfRawData 0x1200
PointerToRawData 0x7b800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.79633

.gfids

MD5 c4ad94585643ab7028a1c5e82c4c0c5f
SHA1 96afe485d51c55c57753cf93ca4c90762d998bf2
SHA256 911b89d2a4dc6a2ff92cc2f0955093279190aadfe766b2babcd60aa1fbb80bac
SHA3 4792fdb62584b5a7cc3114b7052ce6d744b96c77e4eceeb0d3c2bd631ba35250
VirtualSize 0x3d1
VirtualAddress 0x82000
SizeOfRawData 0x400
PointerToRawData 0x7ca00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.82751

.00cfg

MD5 b7c97bfc729e732ea987df623e7bc71b
SHA1 8af827f6018cdf824b5e34b720bc50ec593131ba
SHA256 762a7dfdf110ad84bd8b30622cdce0d154743314617636a36e0cd95313abe170
SHA3 272ec7e16258a31d0873c71783b9d8f223cf451fdbccfe5a71c75938fc8e3033
VirtualSize 0x11b
VirtualAddress 0x83000
SizeOfRawData 0x200
PointerToRawData 0x7ce00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.155178

.rsrc

MD5 9045570b0cc98193bcf58b8996a4b5b7
SHA1 633becf7c593d4ef08b12ee78fd298ad96995981
SHA256 a6505ef66d51d0b859cc3275f17f7213b8586a30ccfaef61bbe624063a9ead77
SHA3 d1a9146b822e0e7389f9cd2aeb5bbf4757231a27b41f89421b4513e563b3c475
VirtualSize 0x16b583
VirtualAddress 0x84000
SizeOfRawData 0x16b600
PointerToRawData 0x7d000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.43193

.reloc

MD5 ac4f7eeceb6499d54734aea6597e5676
SHA1 c889330e6b64871ef797e24f158834c14405158a
SHA256 2519a946cc699a9113783ebb45e7bdb0122537404ca5ed373bbc9115b57e57c7
SHA3 305193af849dee79e22c0ef7e7a01be3bb54219fd26cc857a1d8b779e0945f5d
VirtualSize 0x1dd6
VirtualAddress 0x1f0000
SizeOfRawData 0x1e00
PointerToRawData 0x1e8600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 2.13638

Imports

KERNEL32.dll ExpandEnvironmentStringsW
CreateFileW
WriteFile
CloseHandle
LoadResource
LockResource
SizeofResource
FindResourceA
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
IsDebuggerPresent
RaiseException
MultiByteToWideChar
WideCharToMultiByte
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
GetModuleHandleW
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
FreeLibrary
GetProcAddress
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
GetModuleFileNameW
LoadLibraryExW
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
GetACP
GetCurrentThread
OutputDebugStringA
OutputDebugStringW
WaitForSingleObjectEx
CreateThread
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
GetFileType
GetStringTypeW
SetConsoleCtrlHandler
HeapSize
HeapReAlloc
WriteConsoleW
ole32.dll CoCreateInstance
CoUninitialize
CoInitialize

Delayed Imports

102

Type CYB
Language UNKNOWN
Codepage UNKNOWN
Size 0xb3544
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.42101
MD5 437a6c1e6bf63e0f3e0a6350a698c730
SHA1 73d954f0b859b7f7ce050cf284b7dcbbfb6c90a1
SHA256 202d9e2d012dd57757b2dd2d1eeec3997dcdec09ee72d6de6cd3525b1f75c5b4
SHA3 ebc5866e2059d760348b848fe9ead68f910730cb496cf58f21f863475061d17e

101

Type LOL
Language UNKNOWN
Codepage UNKNOWN
Size 0x7b324
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.90514
Detected Filetype AVI Resource Interchange File Format
Detected Filetype (#2) Windows animated cursor
MD5 979128b6017961ec9f5b961ede4d8fb3
SHA1 08163ba22e83273398a851b164c4a2cd364dc809
SHA256 989101a0ae548a578aba8612ee89696bea81e899c92f0b697ea31e6db53f10fc
SHA3 d7d4b5fe841d1045ce2ecb7d02f5be9ca5c3cd266f0ae0b4771e911c96910d6d

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

TLS Callbacks

Load Configuration

Size 0x94
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140078000

RICH Header

XOR Key 0xc00f8072
Unmarked objects 0
241 (40116) 4
243 (40116) 120
242 (40116) 13
ASM objects (VS2015 UPD3 build 24123) 7
C++ objects (VS2015 UPD3 build 24123) 34
C objects (VS2015 UPD3 build 24123) 18
208 (65501) 1
Imports (65501) 5
Total imports 94
C++ objects (VS2015 UPD3.1 build 24215) 1
Resource objects (VS2015 UPD3 build 24210) 1
151 1
Linker (VS2015 UPD3.1 build 24215) 1

Errors

<-- -->