Manalyze report for 0e8592aa78d6e5a14043ab466601ef9b

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2016-May-11 14:51:07
Detected languages	Chinese - PRC Icelandic - Iceland Slovenian - Slovenia Spanish - Spain (International sort) Spanish - Spain (Traditional sort)
Comments
CompanyName
FileDescription	FaceDetect
FileVersion	`1, 0, 0, 1`
InternalName	FaceDetect
LegalCopyright	Copyright ? 2016
LegalTrademarks
OriginalFilename	FaceDetect.exe
PrivateBuild
ProductName	FaceDetect
ProductVersion	`1, 0, 0, 1`
SpecialBuild

Plugin Output

Suspicious	PEiD Signature:	`UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX v2.0 -> Markus, Laszlo & Reiser (h)` `UPX -> www.upx.sourceforge.net` `UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA1`
Suspicious	The PE is packed with UPX	`Unusual section name found: UPX0` `Section UPX0 is both writable and executable.` `Unusual section name found: UPX1` `Section UPX1 is both writable and executable.`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Can access the registry: RegCloseKey` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc`
Suspicious	The file contains overlay data.	`134914 bytes of data starting at offset 0x1c200.` `The overlay data has an entropy of 7.99325 and is possibly compressed or encrypted.`
Malicious	VirusTotal score: 34/57 (Scanned on 2016-05-25 09:52:30)	`MicroWorld-eScan: Trojan.GenericKD.3259066` `nProtect: Trojan.GenericKD.3259066` `McAfee: Artemis!0E8592AA78D6` `Malwarebytes: Trojan.PasswordStealer` `VIPRE: Trojan.Win32.Generic!BT` `K7GW: Riskware ( 0040eff71 )` `K7AntiVirus: Riskware ( 0040eff71 )` `Arcabit: Trojan.Generic.D31BABA` `Symantec: Infostealer.Limitail` `TrendMicro-HouseCall: TSPY_FAREIT.YYSVN` `Avast: Win32:Trojan-gen` `ClamAV: Win.Trojan.Ag-1` `Kaspersky: Trojan-PSW.Win32.Fareit.bvlj` `BitDefender: Trojan.GenericKD.3259066` `AegisLab: Psw.Generic13.Gtr!c` `Tencent: Win32.Trojan-qqpass.Qqrob.Iiv` `Ad-Aware: Trojan.GenericKD.3259066` `Emsisoft: Trojan.GenericKD.3259066 (B)` `F-Secure: Trojan.GenericKD.3259066` `DrWeb: Trojan.PWS.Stealer.1932` `TrendMicro: TSPY_FAREIT.YYSVN` `McAfee-GW-Edition: BehavesLike.Win32.Sality.dc` `Sophos: Mal/Generic-S` `Avira: TR/Spy.Fareit.slqs` `Microsoft: PWS:Win32/Fareit` `GData: Trojan.GenericKD.3259066` `ALYac: Trojan.GenericKD.3259066` `AVware: Trojan.Win32.Generic!BT` `Rising: Malware.Obscure/Heur!1.9E03` `Ikarus: Trojan-Spy.Fareit` `Fortinet: W32/Injector.CYQL!tr` `AVG: PSW.Generic13.GTR` `Panda: Trj/CI.A` `Qihoo-360: HEUR/QVM11.1.Malware.Gen`

Hashes

MD5	`0e8592aa78d6e5a14043ab466601ef9b`
SHA1	`3fd23bfd1f3adda6a0d5161aacb63b1a95700c52`
SHA256	`c8f4c6493767d24caf23a0c92e9efe7be0fd1f4ff97f74bd0ead7fd77a7ac228`
SHA3	`7d1c40fa10998f2c100000e63c88125bc71b498b50fc5d6e1871daf519aa6cab`
SSDeep	`6144:ODUJYCOaW3YdK904Am0kLbcPyoQ3DndopFS7JCHpjW9oYuCT:O4maW3oK90Lm/bcPViztCJ5YBT`
Imports Hash	`881a842c8a88f9854a76aa5457d3b7c4`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2016-May-11 14:51:07
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x18000`
SizeOfInitializedData	`0x5000`
SizeOfUninitializedData	`0x26000`
AddressOfEntryPoint	`0x0003E760 (Section: UPX1)`
BaseOfCode	`0x27000`
BaseOfData	`0x3f000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x44000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

UPX0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x26000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

UPX1

MD5	`e9b5193c1bd8cc843455469fb2cb36ee`
SHA1	`d6f2761a646d436e600abdfda2435f0116833a47`
SHA256	`8e26d67dcbef4a4c0b5b4b79097c30627f07a53dc1ad954929ef14ac841bf88a`
SHA3	`14aa097d1422763a4634ac0a918e4b9b497f6f2804402058f249a2ce07b77080`
VirtualSize	`0x18000`
VirtualAddress	`0x27000`
SizeOfRawData	`0x17a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.91343`

.rsrc

MD5	`9d2eae5be191c81346d0062b975e0112`
SHA1	`e61be2a7476033460e5830a7a255a7a56cda8e33`
SHA256	`1250339a2633b72a6aea5f226b3cb20c72f4eda25e8b8fb862edcf6e5ff31667`
SHA3	`86c6cd19e1289b5785e364dcce35c1c2ca7b13127fc2dcf022f730873a9a7af0`
VirtualSize	`0x5000`
VirtualAddress	`0x3f000`
SizeOfRawData	`0x4400`
PointerToRawData	`0x17e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.12767`

Imports

KERNEL32.DLL	`LoadLibraryA` `GetProcAddress` `VirtualProtect` `VirtualAlloc` `VirtualFree` `ExitProcess`
ADVAPI32.dll	`RegCloseKey`
COMCTL32.dll	`#17`
comdlg32.dll	`GetFileTitleA`
GDI32.dll	`SaveDC`
ole32.dll	`OleInitialize`
OLEAUT32.dll	`#2`
oledlg.dll	`#8`
OLEPRO32.DLL	`#253`
USER32.dll	`GetDC`
WINSPOOL.DRV	`ClosePrinter`

Delayed Imports

1

Type	`RT_CURSOR`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.02695`
MD5	`cab67e9ca149fb79ab4473998412b951`
SHA1	`2e793d35537bfb5d3f042ed0626d3b119d50519a`
SHA256	`fbeb3be87e80cb8e1d2af3d8140796c1bb80c6c7056f60897088ff9e355c3867`
SHA3	`0e72f5537421764effb2ed98e536358bb7e86eed7b0936e606e8d45559685684`

2

Type	`RT_CURSOR`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xb4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.74274`
MD5	`9fa8a914823ac7e5370652146901f4f1`
SHA1	`eb3224109abb341b6e464d2606fdbed1a7160bc6`
SHA256	`f64ccc0582bc7c66af8b40049e485e8e241335261ec95ace909293ba50b2e4a3`
SHA3	`bb348af06514e27cd1fa21ad524dfd037edcd3b36ef4cc6ab24c4a8ec38995ff`

26567

Type	`RT_BITMAP`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x5e4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.09838`
MD5	`055505a1940f27993d40e136bc915615`
SHA1	`f6223d2c97df05fa6b6ca54b47c92438777eae79`
SHA256	`a9bb58f43df34b3dc05b79015210b5a1ca84f8ff97555cf7344ef8bb662e1a6d`
SHA3	`cf77404babde2509159cac5542bdbc409a869e1633222f15e62ccb39bb8ad59b`
Preview

30994

Type	`RT_BITMAP`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xb8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.23666`
MD5	`8cf65be17e506ff24c2177078f88b56e`
SHA1	`3e397dc7597caeb844df0ea760b64231c8ce3dbf`
SHA256	`e7c0005285d1ab59732d5f99f77a9bdd6342b01cf44437ebd7a07611a227e272`
SHA3	`7da4c7aab356574679f0f9107740f01647864c846c04f699deef67577fd6aded`
Preview

30995

Type	`RT_BITMAP`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x16c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.20022`
MD5	`a2153b6134d93fd17964b36be4821db4`
SHA1	`43d43980d7e6c1f080cc3eca82d84dc2ab8241b1`
SHA256	`4406c7739acdebe7be0510fb2cf7043ebec1f3dfd4fd876e1b6d0eb29fa79a14`
SHA3	`c6bfd5b740368d3cc00322a1d1ed6905cefec2b5a411b2100444a37e72f79fe6`
Preview

30996

Type	`RT_BITMAP`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x144`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.87621`
MD5	`5a9c81cdbf480cf01daa71ba0e233c5f`
SHA1	`28e04c01584654e1974347d1baa462b2784e9c47`
SHA256	`abdf36bde89a26349f5741c17c235dacea88d441d8662ba16a598dc50c3c4864`
SHA3	`99dec83590ac444359a5a6f8924dae5615d93f4df527e10a8a61319ce3a5beaf`
Preview

1 (#2)

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.49516`
MD5	`7dea5aa4336af202d925fc494753b1bc`
SHA1	`ebaf44216f129d1739fa9d3267626e5cb006e3e9`
SHA256	`b1137910af1fca2f533fa9a833a87c8a374835a0db0823b1c7ae080a30cfa3ef`
SHA3	`423cae4836594d368a8b16af316de0a487fbf94603aa982a030096d3c6f72725`

2 (#2)

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.593`
MD5	`05e24079046c4e3cadbed75a846f51e0`
SHA1	`ddeaf9bbb998148d3142f2abc0e92fa5a25eefd0`
SHA256	`49daa1e0889468998a0b2a10387895dff1c7d5182d69ea22ae561720aa65fbe7`
SHA3	`ed5577e3445d22ee195cc02c099638bcd2689fd908d38bc21001b2e985364e4a`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.06167`
MD5	`90f7ffef4548038456ca60146cd95068`
SHA1	`9f4f3ca55d4550777e9ebde9ea19c868ad4625dc`
SHA256	`7dec754b41e9b0bc26c6e8c39efac57b84257e1ae47a27892dd9c59fad4271b8`
SHA3	`60fd9ed5189af26473ac2e3bf0874afc536b0b80594226b73476abbaaf7fec70`

100

Type	`RT_DIALOG`
Language	Spanish - Spain (Traditional sort)
Codepage	Latin 1 / Western European
Size	`0xe6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.1107`
MD5	`7a7bc14a5f48167708eedc2608ba1fb1`
SHA1	`22e160bb749c1916b758df7dd1b4a7bd1e18c717`
SHA256	`8b8c68c1ab01a19869b79e97f9d8e99c381309773e1bc586e1e9501ef947afd1`
SHA3	`960f3ed80649742af260c45a65774f74c0a248d060b9f9b7f4971a332d353e63`

102

Type	`RT_DIALOG`
Language	Slovenian - Slovenia
Codepage	Latin 1 / Western European
Size	`0x3b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.59623`
MD5	`ed42fc5a7013a4e1448822512c6d08c2`
SHA1	`483478d5bf7370676beb3d1ba26e16adeb42f248`
SHA256	`42b01efe6213337df91570e7521d7d26964f48ce63e55fb18e9e591ff81bb8c4`
SHA3	`1f66ab1801a951a34efb2f8d8657c541a78bef3bc57c97ffc8ead8179ad7fe17`

129

Type	`RT_DIALOG`
Language	Spanish - Spain (International sort)
Codepage	Latin 1 / Western European
Size	`0xa6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.54574`
MD5	`c442ccde6c378572ca21acea27ee3b96`
SHA1	`9e79864cb0566f8a9f2b0f258d76264a3885804d`
SHA256	`63984f270cc64118b21ef8097d9b2650a0a6d13df7f74aeb239531bcb247256f`
SHA3	`64a7e2610b568b4b15e1d1e3b8fc014147450e4cb1a289a5d060e81e319151ab`

130

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x7a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.86308`
MD5	`e9dfbd7e5dbd2820144757bd7a1b36d8`
SHA1	`53aa4bd5142c229f2164a17c943617f9e678b670`
SHA256	`5bdcb192482970ba0e3cd6188303659025d5455dc0a5318b86c789aac0c9ae49`
SHA3	`d6e1b1e768715e535632312ca7901feb9069bde7f9cd48a6abbefa58b27a1282`

30721

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xe2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.38941`
MD5	`085d5f15dba87cc77a4cad2d555d6c8c`
SHA1	`5299e0b15c862d118bed43251fd6ebde8d9f824d`
SHA256	`95681f43fb8cf9ff17d7a15cb0c12d9cb2b92282097283ec7388b18fe5d32f11`
SHA3	`c2751bef9db649f88eb88b6437728cbb74df17704c17242f5ebd14d96e6ee4aa`

3841

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x44`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.27092`
MD5	`8466a1aedcecb1c9d77662e1df572bcc`
SHA1	`d48f354de93616f8d184e08bd038e26ca7ffb3d1`
SHA256	`7b72cb8a4326d48c5b5b60ea16baf0ed0b1a3d49e5755fde6b4d6c7428fca0e2`
SHA3	`79494fce72944a680a45c3bb17db7d6b44ce139d1a5e08e47eba585ff7a829b3`

3842

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x2c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.37932`
MD5	`da86a7575ac8286809dd9481ec498fd8`
SHA1	`603b9d5525180b1dd7f12747c6686548abc3eb32`
SHA256	`0b985f127b9074f92daf51979d1228e8d0657682ed064beed98015d6775e51d0`
SHA3	`dfe329fb5f9e5b8c99125d3a6e59c3b7c9d3f58ceb00eddf3a2efe5c901decd8`

3843

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x78`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.07447`
MD5	`7c859626451a41d43bdb6e834b14377f`
SHA1	`da7c436fc04f4634e78d0e082ec2bd58df0d834f`
SHA256	`302aebc37216997e819a40d01fcf7bb9e167086ada2ebb0dd0e66ddfd01214b5`
SHA3	`579bfffbce971576d9259f238c3ba65c7dddab341ad697b96f24febf131b6a0c`

3857

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x1c4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.10651`
MD5	`ae6a056cefffe26b23eac60d04989987`
SHA1	`647f69e40048510c7bc2a85c56c31d3c5c93520e`
SHA256	`de0534ff3bbef338455e8429094952e27f2d32d55251eb0d06ff038a0712847a`
SHA3	`011f50fe2cdebe31e0f64c965e4764d31c9e8b301d36c77187675702c95eae4c`

3858

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x12a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.07121`
MD5	`7b9eb7d6204e8b40c165056d4f913aaa`
SHA1	`d6f0d252ab0d8a61a3b3bfa8d1d8f15b6b5980b4`
SHA256	`2ffbc578d90a3e38bdad4ec77d3af58a8658d50525c0181d367ecca3caa90343`
SHA3	`cfec62ae95d5501d7215671ed599e2836a1a68da564e36d75cec7714c40f0ffa`

3859

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x146`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.85681`
MD5	`8f0987ae2b73f266a0e1c3a542c98605`
SHA1	`5f255288183c4540cd3d17e77610727cc0abfec7`
SHA256	`d3d61705e766fd9a7fa182de39d008036d5806197e5f94069fb9639b7f8b3a7e`
SHA3	`b5960118e4788f9f9cfb34c06b009dcfb5aefd17cf426a2f83e57e021cf04bbd`

3865

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x40`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.16865`
MD5	`4231654bdf85b678bb14449fdbfc7551`
SHA1	`52a66153e54242d310b717fe2ceb53985355fc63`
SHA256	`bd48ebe7d5151a7972cf4ef7398aa32197c09c043018152b275e194079e6cb36`
SHA3	`62e4d63095a5b69fbf08e4210c0c7595bbd3d9fd7762ff6ad7d68f6c43e9d3ce`

3866

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x64`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.15663`
MD5	`161e87eb73081d55a22eca8a7599cec9`
SHA1	`cbf8b9f13b16195df9f6f5fafebad37512189db1`
SHA256	`90acf703f238b79f43ed45dd995adb3a9aed92a4e2898a542960390a79986247`
SHA3	`86b3a428d12470b7143b3824c56db5fb856b417f42c299561be4c6307a73612c`

3867

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x1d8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.71189`
MD5	`ffb2c960432dbc57036b37f0dc4f1801`
SHA1	`f4fc7c61b2081e62cd7dc0aa0bc87c6d9c4ae4fb`
SHA256	`4bcda3f9066ac6438067470cc7619e93d205234c739e6def0fd9b1c17d8da3e8`
SHA3	`9de813c33aad1aa2a1de01e596223e4a72af5427e781f518052a0e8c558ad1e6`

3868

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x114`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.40365`
MD5	`2d219af23f43c40235ddae8924570225`
SHA1	`3d5261d86f26957dedb0ec73ceece9ebee2321d4`
SHA256	`7f3e8f1e71164263cf0ea5b7483a0c96fb880d008edbf7f5fc8452b41d72cd74`
SHA3	`6e37f0ee58bc4fd6a882903d21d1c60f24396c49917488eb23b51c51012811b6`

3869

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x24`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.903812`
MD5	`3aeb0d04983923c5f3db08ff872ea9ea`
SHA1	`4464d409df76c913c59f2763bb0deb0eb2306e2b`
SHA256	`ae61f0cc506d48077e2c1df743ade849ee40e74ea228514f109782c78f402283`
SHA3	`98082029421f0596d00e3ce7c9599250fbb32c8ed767a6e8d132aeb329f4c377`

30977

Type	`RT_GROUP_CURSOR`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.05878`
Detected Filetype	Cursor file
MD5	`7e68da438d06972412341d26a0b154e0`
SHA1	`2e8b4399fad4b323487c836ad0ad8b3042ba877d`
SHA256	`1ae3e871bb24efadc5c3ed9b87b902421883b191abb09c3d1033e38d9e538d4b`
SHA3	`d24bacc625f1fc96c0271b4dba4103749c504fb542a9af06709a51eaff6aaf3e`
Preview

3 (#2)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x30`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.54942`
Detected Filetype	Icon file
MD5	`eb666dfa885dbff6449b139592c23a19`
SHA1	`1f02273387b64cd874b3b8451b38ec05acdb78fc`
SHA256	`09a436ecc464a68b329bfbc8a8830b0ea9c41f73c1ec49e81f1022035261f5c7`
SHA3	`ec9f35007ec740ed190d4cc50e11835fa1452bf74cd28141bf9b88077583289a`

1 (#3)

Type	`RT_VERSION`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x338`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.26613`
MD5	`9170978b846afde493c3e6e966f0a424`
SHA1	`1da908f55b1ab7e89b17188de7a00489fa0c3423`
SHA256	`7be1a6c72825c2d601ae4c34711b97a2ee76c3cbb9c150feb814a41ccbc57000`
SHA3	`248b196cdbb13d3a94df295f63bccd2dabd0f7c8f7ade34a733e52a3f4e4f23f`

String Table contents

打开
保存为
所有文件 (.)
无标题
隐藏(&H)
得不到出错信息。
试图执行系统不支持的操作。
必需的资源无法得到。
内存不足。
出现了未知的错误
无效的文件名。
打开文档失败。
保存文档失败。
将改动保存到 %1？
建立空文档失败。
该文件太大，无法打开。
无法启动打印作业。
启动帮助失败。
内部应用程序出错。
命令失败。
没有足够的内存执行操作。
系统注册项已被移除并且相应的 INI 文件（假如存在）也被删除。
不是所有的系统注册项（或 INI 文件）都被移除。
在系统中没有找到此程序需要的文件%s。
此程序连接到文件 %s 中丢失的输出 %s 。此机器可能有一个 %s 不兼容的版本。
请键入一个整数。
请键入一个数。
“请填入一个在%1和%2之间的整数。”
“请填入一个在%1和%2之间的数字。”
“请填入不多于%1个的字符。”
请选择一个按钮。
“请填入一个在0和255之间的整数。”
“请填入一个正整数。”
“请填入一个日期和/或时间值。”
“请填入一个货币值。”
非预期的文件格式。
无法找到该文件。
请验证给出的路径和文件名是否正确。
目的磁盘驱动器已满。
无法对 %1 进行读操作，它已经被其他人打开。
无法对 %1 进行写操作，因为它是只读文件或已经被其他人打开。
在对 %1 进行读操作时发生了一个非预期的错误。
在对 %1 进行写操作时发生了一个非预期的错误。
无法读只写特性。
无法写只读特性。
无法装入邮件系统支援。
邮件系统 DLL 无效。
传递邮件未能传递信息。
无错误发生。
在对 %1 进行访问时发生了一个不明错误。
没有找到 %1。
%1 中包含无效的路径。
无法打开 %1 因为太多文件已被打开。
对 %1 的存取被拒绝。
一个无效的文件柄与 %1 相关联。
无法删除 %1 因为它是当前目录。
该目录已满，无法创建 %1。
对 %1 进行查找失败。
在存取 %1 时一个硬件输入/输出错误被报告。
在存取 %1 时发生共享违例。
在存取 %1 时发生锁违例。
在存取 %1 时磁盘已满。
试图越过其尾端对 %1 进行读写。
无错误发生。
在对 %1 进行访问时发生了一个不明错误。
试图在对 %1 进行读操作的同时对其进行写操作。
试图越过其尾端对 %1 进行读写。
试图在对 %1 进行写操作的同时对其进行读操作。
%1 格式错。
%1 含有非预期的对象。
%1 包含错误的模式。
象素

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.1
ProductVersion	1.0.0.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	Icelandic - Iceland
Comments
CompanyName
FileDescription	FaceDetect
FileVersion (#2)	1, 0, 0, 1
InternalName	FaceDetect
LegalCopyright	Copyright ? 2016
LegalTrademarks
OriginalFilename	FaceDetect.exe
PrivateBuild
ProductName	FaceDetect
ProductVersion (#2)	1, 0, 0, 1
SpecialBuild

Resource LangID	Chinese - PRC

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x1f2de1ba`
Unmarked objects	`0`
Unmarked objects (#2)	`1`
C objects (VS2003 (.NET) build 4035)	`8`
Imports (VS2003 (.NET) build 4035)	`27`
Total imports	`508`
14 (7299)	`31`
C objects (VS98 SP6 build 8804)	`138`
C++ objects (VS98 SP6 build 8804)	`89`
C++ objects (VS98 build 8168)	`8`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

Errors

[*] Warning: Section UPX0 has a size of 0!