Manalyze report for 0fc9f308d2edd949aacbb8d5456d6e25

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2004-Dec-23 15:22:26
Detected languages	Chinese - Taiwan

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ v6.0 DLL` `Borland C++ DLL` `MASM/TASM - sig1(h)` `Borland C++ for Win32 1999`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryExA` `Functions which can be used for anti-debugging purposes: FindWindowA` `Code injection capabilities (PowerLoader): FindWindowA GetWindowLongA` `Can access the registry: RegCloseKey RegOpenKeyExA RegQueryValueExA` `Uses functions commonly found in keyloggers: CallNextHookEx GetForegroundWindow MapVirtualKeyA` `Can take screenshots: BitBlt CreateCompatibleDC FindWindowA GetDC GetDCEx` `Reads the contents of the clipboard: GetClipboardData`
Info	The PE's resources present abnormal characteristics.	`The binary may have been compiled on a machine in the UTC+8 timezone.`
Safe	VirusTotal score: 0/70 (Scanned on 2019-11-23 04:50:49)	`All the AVs think this file is safe.`

Hashes

MD5	`0fc9f308d2edd949aacbb8d5456d6e25`
SHA1	`27e074c2a383c74e6cfb69ecb90c1c7593fa80c3`
SHA256	`c62c2be581b2d4560e141529d09e65052cf009e36bbddc932f832d47cca462a7`
SHA3	`c44c1a5a108c3563cafbacf1e169da3646f648e97fdf1a5a78a1119c45cf8c69`
SSDeep	`12288:R+oUMeUoDFPS2udVlxSxj7CtEL3Q5o0rZtf:R+qgS2ML8kmQxltf`
Imports Hash	`72c09f7bb7d2246d17e006df7ecd9325`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x200`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	2004-Dec-23 15:22:26
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`5.0`
SizeOfCode	`0x6d000`
SizeOfInitializedData	`0xb000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001314 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x6e000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x8e000`
SizeOfHeaders	`0x600`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x2000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`91154502b4619466af1b677e3a3db958`
SHA1	`b9d8aa21f8053deae0861a7e55b6a5f9fec267da`
SHA256	`9cb02ef5fe6d02b64b985798ab358ad05698987c7c2437b1119deee181296b14`
SHA3	`edb0b1546acae6d14f01cd2582e521932b528abf9d62ea7d0bddf46a30c9041d`
VirtualSize	`0x6d000`
VirtualAddress	`0x1000`
SizeOfRawData	`0x6c600`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.53717`

.data

MD5	`e7e6d2c7b8af42f5adcc76390a9f73ec`
SHA1	`575f8d69fb72f07dec7b1a6d96e809fc7d4c035b`
SHA256	`c3ffc55acecabba983c4d08c2971b818e1f6c4aa7353fcc7c0e332605bb91ac7`
SHA3	`df8980728e42117ccdadf93ff80ceee1eed8df43246a720412c3e9a74629d507`
VirtualSize	`0xb000`
VirtualAddress	`0x6e000`
SizeOfRawData	`0x5800`
PointerToRawData	`0x6cc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.73448`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x1000`
VirtualAddress	`0x79000`
SizeOfRawData	`0x200`
PointerToRawData	`0x72400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rdata

MD5	`6c8316aaa3a371786a49ff3ff191f764`
SHA1	`fd46b0ef867210c545d12b7217822c1b24c1fbc6`
SHA256	`d657a6e7f08c0fb4f32ba37232d699f10a14b76799f83e541f78698479e73fb2`
SHA3	`948bae90d00b9c46c5a6f287140a394f2fb25b78430539e6a1edfaea97da4fe7`
VirtualSize	`0x1000`
VirtualAddress	`0x7a000`
SizeOfRawData	`0x200`
PointerToRawData	`0x72600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`0.204488`

.idata

MD5	`05789d01fe7aaa16ad19c07a6edf1393`
SHA1	`b606bdee10a386a2d0261ea79ce2a1c824c9544f`
SHA256	`2908b0ad9d2884ff9a084c5dab5058b5ded14664b5b8de5e6c1bab5b5027a147`
SHA3	`6321d1fac379885e63ce48255bb65531afbfaa80fef3a979c11eefe40f131564`
VirtualSize	`0x3000`
VirtualAddress	`0x7b000`
SizeOfRawData	`0x2600`
PointerToRawData	`0x72800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.23434`

.edata

MD5	`f32d96cabbcd18ae88350f18c2f8a7df`
SHA1	`6966d770d6b9f7442fd64e4fc7d897e41bcd4f0d`
SHA256	`6a2fd46c0ccb92680e40b513a7ac0d9c2cca2d00f7c95ac36924940b8032ca0b`
SHA3	`1e783251c26f3aed34a18d5c61ed8fad5d30e2ad22bdfdd82bf9f2122fdc854a`
VirtualSize	`0x1000`
VirtualAddress	`0x7e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x74e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.18491`

.rsrc

MD5	`55a15b9455dbfd811b39c672a2a71afb`
SHA1	`f720375c300467d19c56243c0528ec0ebe42d168`
SHA256	`cf2e3fd21bd4c7cfd849991eccd30245f5bea95058a7f5ba4933521e16ec5a7f`
SHA3	`9425c7fcfe07b8433068162c72d0a501725ee209f514435b78300890b5645c3d`
VirtualSize	`0x7000`
VirtualAddress	`0x7f000`
SizeOfRawData	`0x6200`
PointerToRawData	`0x75000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.0104`

.reloc

MD5	`fbb8ada84e7191544c35fa4e49d95bff`
SHA1	`20caa336051d0ec666040cc8054a2c651d87d09d`
SHA256	`84252faf9121fe835fe7e0255e083fb10aed5a0fe7c850b50631a2961d243867`
SHA3	`d965bf96f84d759b7e9406876752ffd03ecfd96e5703fd5add612402561b6108`
VirtualSize	`0x8000`
VirtualAddress	`0x86000`
SizeOfRawData	`0x7a00`
PointerToRawData	`0x7b200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`6.64837`

Imports

HID.DLL	`HidD_FreePreparsedData` `HidD_GetAttributes` `HidD_GetHidGuid` `HidD_GetPreparsedData` `HidP_GetCaps` `HidP_GetSpecificValueCaps`
SETUPAPI.DLL	`SetupDiDestroyDeviceInfoList` `SetupDiEnumDeviceInterfaces` `SetupDiGetClassDevsA` `SetupDiGetDeviceInterfaceDetailA`
ADVAPI32.DLL	`RegCloseKey` `RegOpenKeyExA` `RegQueryValueExA`
KERNEL32.DLL	`CloseHandle` `CompareStringA` `CreateEventA` `CreateFileA` `CreateThread` `DeleteCriticalSection` `EnterCriticalSection` `EnumCalendarInfoA` `ExitProcess` `FindClose` `FindFirstFileA` `FindResourceA` `FormatMessageA` `FreeLibrary` `FreeResource` `GetACP` `GetCPInfo` `GetCommandLineA` `GetCurrentProcessId` `GetCurrentThreadId` `GetDiskFreeSpaceA` `GetEnvironmentStrings` `GetFileSize` `GetFileType` `GetLastError` `GetLocalTime` `GetLocaleInfoA` `GetModuleFileNameA` `GetModuleHandleA` `GetOEMCP` `GetPrivateProfileStringA` `GetProcAddress` `GetProcessHeap` `GetStartupInfoA` `GetStdHandle` `GetStringTypeExA` `GetStringTypeW` `GetSystemInfo` `GetThreadLocale` `GetTickCount` `GetVersion` `GetVersionExA` `GlobalAddAtomA` `GlobalAlloc` `GlobalDeleteAtom` `GlobalFindAtomA` `GlobalFree` `GlobalHandle` `GlobalLock` `GlobalReAlloc` `GlobalUnlock` `HeapAlloc` `HeapFree` `InitializeCriticalSection` `InterlockedDecrement` `InterlockedIncrement` `LeaveCriticalSection` `LoadLibraryA` `LoadLibraryExA` `LoadResource` `LocalAlloc` `LocalFree` `LockResource` `MulDiv` `MultiByteToWideChar` `RaiseException` `ReadFile` `ResetEvent` `RtlUnwind` `SetConsoleCtrlHandler` `SetEndOfFile` `SetErrorMode` `SetEvent` `SetFilePointer` `SetHandleCount` `SetLastError` `SetThreadLocale` `SizeofResource` `Sleep` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `UnhandledExceptionFilter` `VirtualAlloc` `VirtualFree` `VirtualQuery` `WaitForSingleObject` `WideCharToMultiByte` `WriteFile` `lstrcpyA` `lstrcpynA` `lstrlenA`
COMCTL32.DLL	`ImageList_Add` `ImageList_BeginDrag` `ImageList_Create` `ImageList_Destroy` `ImageList_DragEnter` `ImageList_DragLeave` `ImageList_DragMove` `ImageList_DragShowNolock` `ImageList_Draw` `ImageList_DrawEx` `ImageList_EndDrag` `ImageList_GetBkColor` `ImageList_GetDragImage` `ImageList_GetIconSize` `ImageList_GetImageCount` `ImageList_Read` `ImageList_Remove` `ImageList_ReplaceIcon` `ImageList_SetBkColor` `ImageList_SetDragCursorImage` `ImageList_SetIconSize` `ImageList_Write`
GDI32.DLL	`BitBlt` `CopyEnhMetaFileA` `CreateBitmap` `CreateBrushIndirect` `CreateCompatibleBitmap` `CreateCompatibleDC` `CreateDIBSection` `CreateDIBitmap` `CreateFontIndirectA` `CreateHalftonePalette` `CreatePalette` `CreatePenIndirect` `CreateSolidBrush` `DeleteDC` `DeleteEnhMetaFile` `DeleteObject` `ExcludeClipRect` `ExtTextOutA` `GetBitmapBits` `GetBrushOrgEx` `GetClipBox` `GetCurrentPositionEx` `GetDCOrgEx` `GetDIBColorTable` `GetDIBits` `GetDeviceCaps` `GetEnhMetaFileBits` `GetEnhMetaFileHeader` `GetEnhMetaFilePaletteEntries` `GetObjectA` `GetPaletteEntries` `GetPixel` `GetStockObject` `GetSystemPaletteEntries` `GetTextExtentPoint32A` `GetTextMetricsA` `GetWinMetaFileBits` `GetWindowOrgEx` `IntersectClipRect` `LineTo` `MaskBlt` `MoveToEx` `PatBlt` `PlayEnhMetaFile` `RealizePalette` `RectVisible` `RestoreDC` `SaveDC` `SelectObject` `SelectPalette` `SetBkColor` `SetBkMode` `SetBrushOrgEx` `SetDIBColorTable` `SetEnhMetaFileBits` `SetPixel` `SetROP2` `SetStretchBltMode` `SetTextColor` `SetViewportOrgEx` `SetWinMetaFileBits` `SetWindowOrgEx` `StretchBlt` `UnrealizeObject`
USER32.DLL	`ActivateKeyboardLayout` `AdjustWindowRectEx` `BeginPaint` `CallNextHookEx` `CallWindowProcA` `CharLowerA` `CharLowerBuffA` `CharNextA` `CharUpperBuffA` `CheckMenuItem` `ClientToScreen` `CloseClipboard` `CreateIcon` `CreateMenu` `CreatePopupMenu` `CreateWindowExA` `DefFrameProcA` `DefMDIChildProcA` `DefWindowProcA` `DeleteMenu` `DestroyCursor` `DestroyIcon` `DestroyMenu` `DestroyWindow` `DispatchMessageA` `DrawEdge` `DrawFocusRect` `DrawFrameControl` `DrawIcon` `DrawIconEx` `DrawMenuBar` `DrawTextA` `EmptyClipboard` `EnableMenuItem` `EnableScrollBar` `EnableWindow` `EndPaint` `EnumClipboardFormats` `EnumThreadWindows` `EnumWindows` `EqualRect` `FillRect` `FindWindowA` `FrameRect` `GetActiveWindow` `GetCapture` `GetClassInfoA` `GetClassNameA` `GetClientRect` `GetClipboardData` `GetCursor` `GetCursorPos` `GetDC` `GetDCEx` `GetDesktopWindow` `GetFocus` `GetForegroundWindow` `GetIconInfo` `GetKeyNameTextA` `GetKeyState` `GetKeyboardLayout` `GetKeyboardLayoutList` `GetKeyboardState` `GetKeyboardType` `GetLastActivePopup` `GetMenu` `GetMenuItemCount` `GetMenuItemID` `GetMenuItemInfoA` `GetMenuState` `GetMenuStringA` `GetParent` `GetPropA` `GetScrollInfo` `GetScrollPos` `GetScrollRange` `GetSubMenu` `GetSystemMenu` `GetSystemMetrics` `GetTopWindow` `GetWindow` `GetWindowDC` `GetWindowLongA` `GetWindowPlacement` `GetWindowRect` `GetWindowTextA` `GetWindowThreadProcessId` `InflateRect` `InsertMenuA` `InsertMenuItemA` `IntersectRect` `InvalidateRect` `IsCharAlphaA` `IsCharAlphaNumericA` `IsChild` `IsDialogMessageA` `IsIconic` `IsRectEmpty` `IsWindow` `IsWindowEnabled` `IsWindowVisible` `IsZoomed` `KillTimer` `LoadBitmapA` `LoadCursorA` `LoadIconA` `LoadKeyboardLayoutA` `LoadStringA` `MapVirtualKeyA` `MapWindowPoints` `MessageBeep` `MessageBoxA` `OemToCharA` `OffsetRect` `OpenClipboard` `PeekMessageA` `PostMessageA` `PostQuitMessage` `PtInRect` `RedrawWindow` `RegisterClassA` `RegisterClipboardFormatA` `RegisterWindowMessageA` `ReleaseCapture` `ReleaseDC` `RemoveMenu` `RemovePropA` `ScreenToClient` `ScrollWindow` `SendMessageA` `SetActiveWindow` `SetCapture` `SetClassLongA` `SetClipboardData` `SetCursor` `SetFocus` `SetForegroundWindow` `SetKeyboardState` `SetMenu` `SetMenuItemInfoA` `SetPropA` `SetRect` `SetScrollInfo` `SetScrollPos` `SetScrollRange` `SetTimer` `SetWindowLongA` `SetWindowPlacement` `SetWindowPos` `SetWindowTextA` `SetWindowsHookExA` `ShowCursor` `ShowOwnedPopups` `ShowScrollBar` `ShowWindow` `SystemParametersInfoA` `TrackPopupMenu` `TranslateMDISysAccel` `TranslateMessage` `UnhookWindowsHookEx` `UnregisterClassA` `UpdateWindow` `WaitMessage` `WinHelpA` `WindowFromPoint` `wsprintfA` `GetSysColor`
OLEAUT32.DLL	`#15` `#25` `#20` `#19` `#148` `#26` `#40` `#4` `#6` `#5` `#125` `#116` `#113` `#114` `#104` `#94` `#64` `#173` `#174` `#84` `#147` `#9` `#10` `#11` `#8`

Delayed Imports

__GetExceptDLLinfo

Ordinal	`1`
Address	`0x136d`

@@Unit1@Initialize

Ordinal	`2`
Address	`0x4514`

@@Unit1@Finalize

Ordinal	`3`
Address	`0x4524`

___CPPdebugHook

Ordinal	`4`
Address	`0x6e098`

_Form1

Ordinal	`5`
Address	`0x73660`

1

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2004-Dec-23 23:22:26
Entropy	`2.6633`
MD5	`ff4e5862f26ea666373e5fab2bddfb11`
SHA1	`cfa13c0ab30f1bbd566900dee3631902f9b6451c`
SHA256	`b8e6fc93d423931acbddae3c27dd3c4eb2a394005d746951a971cb700e0ee510`
SHA3	`91dae12a9f43c5443e0661091a336f882fa1482f75fa9a57c9298d1d70c8ae69`

2

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2004-Dec-23 23:22:26
Entropy	`2.80231`
MD5	`2e87b3c111e3073a841775c1f8ec5a90`
SHA1	`20292304fa2ef1bfdc4a1000e90a1c16d4765a96`
SHA256	`ce19ace18e87b572e6912306776226af5b8e63959c61cde70a8ff05b3bbdcc41`
SHA3	`9527f09e739c2064835800a7e5c317cb422bdd7237f00fca079a1c62f58a2612`

3

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2004-Dec-23 23:22:26
Entropy	`3.00046`
MD5	`a04c3c368cb37c07bd5f63e7e6841ebd`
SHA1	`699300bceaa1256818c43fecfc8cad93a59156b2`
SHA256	`ee1c9c194199c320c893b367602ccc7ee7270bd4395d029f727e097634f47f8c`
SHA3	`58722e3138aad1382e284c1605ecd665ced536de4906749ac8d6e11252cc9558`

4

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2004-Dec-23 23:22:26
Entropy	`2.56318`
MD5	`9929115b21c2c59348058d4190392e75`
SHA1	`626fba1825d572ea441d36363307c9935de3c565`
SHA256	`9d9edf87ca203ecc60b246cc783d54218dd0ce77d3a025d0bafc580995a4abd8`
SHA3	`fea156e872544252c625076a6bf3baa733ee5b3d5399716e156734af7a841369`

5

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2004-Dec-23 23:22:26
Entropy	`2.6949`
MD5	`f321ad13d1c3f35a05d67773b4bc27d6`
SHA1	`30aded8525417e2531d5eb88bf2f868172945baa`
SHA256	`99676c52310db365580965ea646ece86c62951bfd97ec0aae9f738a202a90593`
SHA3	`04c839da98a8c50a36697076af5bc6d527560a69153b2f718f065908fd4fe3ad`

6

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2004-Dec-23 23:22:26
Entropy	`2.62527`
MD5	`5ca217e52bdc6f23b43c7b6a23171e6e`
SHA1	`d99dc22ec1b655a42c475431cc3259742d0957a4`
SHA256	`11726dcf1eebe23a1df5eb0ee2af39196b702eddd69083d646e4475335130b28`
SHA3	`b358d8a5b0f400dd2671956ec45486ae1035556837b5289df5f418fe69348b3f`

7

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2004-Dec-23 23:22:26
Entropy	`2.91604`
MD5	`6be7031995bb891cb8a787b9052f6069`
SHA1	`487eb59fd083cf4df02ce59d9b079755077ba1b5`
SHA256	`6f938aab0a03120de4ef8b27aff6ba5146226c92a056a6f04e5ec8d513ce5f9d`
SHA3	`0f1c6c0378a3646c9fbf3678bbeeccf929d32192f02d1ea9d6ba0be5c769e6ab`

1 (#2)

Type	`RT_ICON`
Language	Chinese - Taiwan
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	2004-Dec-23 23:22:26
Entropy	`3.05955`
MD5	`58e045272ed98cb6d12f192bf0664e4c`
SHA1	`e402e96fd07e1423c5fc6b7cd01a427d2c4171bf`
SHA256	`dada8aafb5eff7c712e8505e381b822b0727876c0861e0baa460527ff932c3b4`
SHA3	`185c575a75995c78b9dac9974a3fa8da35a384f8edef6616e9b27f3bb438d394`

4084

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1d4`
TimeDateStamp	2004-Dec-23 23:22:26
Entropy	`3.07301`
MD5	`da4a5d7b946f0fe755572039ff982c0c`
SHA1	`891fe640b3829b40b3757ab4f7fd155760823aaf`
SHA256	`b473de887d8ced7225c9580475eaf2fc25e256bee86725d2645fb8b93fe0bb3a`
SHA3	`6c3ce04a0c443f0a22c122e9f7fc6100f5f98d1c634494bd008e5f58464ceaa0`

4085

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x144`
TimeDateStamp	2004-Dec-23 23:22:26
Entropy	`3.19481`
MD5	`e51fc820511cd5ad87c76cf6fb16caa6`
SHA1	`29951fd05c1f1353e6792b7fe571207371e7fb0b`
SHA256	`c1882ee10d8d43bad01e6058864be9f7dc3f257d8b007e9b1bf1ea7996e21a8a`
SHA3	`20b851f8008335a56c39781e63da2862232ff62bc84d2057fd8ee0c1532afb1f`

4086

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xe8`
TimeDateStamp	2004-Dec-23 23:22:26
Entropy	`3.07219`
MD5	`1e385d8c552c5f4cc45df051ae51727a`
SHA1	`8aa0558a9d58c8f138d5c74c3ad18967ee98e8e2`
SHA256	`8abff6773b392989daf7307590eb4ad6e16fa3f517207a2c5adc6d6ece829c4e`
SHA3	`575618f198e17f33d33797894b1ead8b317ac9891a25b1b1d93a416004da6469`

4087

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3c0`
TimeDateStamp	2004-Dec-23 23:22:26
Entropy	`3.23754`
MD5	`86c99f142475545c210d15066f6a007c`
SHA1	`1dfb13d7cf45dcb2e2ccf07414a42768a81c8dea`
SHA256	`3d5db865a17910ea49cb02e11140c25010625dbeabbe37a69b2800094e39fc96`
SHA3	`c6ac947af3931ac83daa54b33d130c1b91fd4c453bb63bdbd92645156bd12892`

4088

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3e0`
TimeDateStamp	2004-Dec-23 23:22:26
Entropy	`3.19787`
MD5	`6face4eaa3c582c6151bd62b47dae721`
SHA1	`852605febb873ebf698ddc9f4261a4b273155a71`
SHA256	`315219efb389d3c799a366c2237c23226609fa152403c858df7ae1219b73dc51`
SHA3	`25e2767f7f32947c5123924cdc516501b1ccb4cf1fea8b0e1a7b3748e9ba111f`

4089

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x110`
TimeDateStamp	2004-Dec-23 23:22:26
Entropy	`3.03211`
MD5	`45d1492c862770a34630d5a18517b0b8`
SHA1	`813ff22e48365341f2d27bd3dc98a9658f7b744b`
SHA256	`5a6d7958afef4479418df82ffdc4bccd49288eeb0048d99a9a254818bc559518`
SHA3	`bbbc70b5b856084c76ff02f7555795e09f4a96f188007c2e9317739b7f3a142e`

4090

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xe4`
TimeDateStamp	2004-Dec-23 23:22:26
Entropy	`2.99785`
MD5	`65b3a9f9ed7e68e403d141705bdd55e0`
SHA1	`502261a54bdcbc522e55d57040fdc35884861db1`
SHA256	`d1e4f67dfdac88a2667aef19c9e56fc6d0deaca637f10b941f1724a4466f9225`
SHA3	`eb75571e9fcd0bca2e4b6e55ec828d3db73d3da5d8118420670601e1acde9ba5`

4091

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x24c`
TimeDateStamp	2004-Dec-23 23:22:26
Entropy	`3.24849`
MD5	`c62ed53e214b728d6b55694e369db6c9`
SHA1	`d03a44dbf21489187c61a59ae71a7a65b19033f9`
SHA256	`f7e5ec6b2be4b3242c344fe5c72b3a101ff430390bba560c4cf6bdc236a8e66b`
SHA3	`58c8765ce70df1f46306cf51dd6ba70f65b4336f0334d7959dc2c717ad8de68d`

4092

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x384`
TimeDateStamp	2004-Dec-23 23:22:26
Entropy	`3.1731`
MD5	`2fa528d01dfd51ee35eb30cf2c4e10cc`
SHA1	`9f0ecfa75985afb166336f2e82364fdc49ad5c2c`
SHA256	`be26dae8b78f6edf31d0791bb826e38996a97500743433a608628e03959077ff`
SHA3	`de9c5bcf07e62f144721f3af3842e00b3969193cfb8f4b98b3b2eec4c7b0e0f2`

4093

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3ac`
TimeDateStamp	2004-Dec-23 23:22:26
Entropy	`3.24919`
MD5	`1ea1332c41a9d10032dd3c03c019e132`
SHA1	`f62a3a48f6089a938a81807c22f75ffbc225ddf2`
SHA256	`d0c2e83a54f8911c51f4441303b335763edf3a70fb26d2dd7baa65bd7d1fb5eb`
SHA3	`2e9a3729862d85bbc0e00e86f8ba6d130dc65fd62de1a661c7c6be35f25812a7`

4094

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2c4`
TimeDateStamp	2004-Dec-23 23:22:26
Entropy	`3.20941`
MD5	`66cc2622d3bb66adfca0f3d85739787e`
SHA1	`370e8d242c9e72f0bd4526e26825fbb789b75e07`
SHA256	`248b39c4b037a1b8945e8d0ea98d3818272c3671a6e9488d54cec4e96b2161fc`
SHA3	`5192e267a308a94a51551ac753d65410a9dcb90117515d523a3bc5d851205d9a`

4095

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3a4`
TimeDateStamp	2004-Dec-23 23:22:26
Entropy	`3.21756`
MD5	`5404ad2ffae71b2848ece4c490a6686d`
SHA1	`ad2b478cf800cd6e35b06e0fe005e0a778bec248`
SHA256	`a0e9dbc6cf1e3b71ee1fa9b348d65991d1af92f0b8d90890c686c8fa7c60329f`
SHA3	`d24567aba941fecd6e11da0a2fb72e81b4d7449ce1103f1ce6ba0897c4e6e256`

4096

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x43c`
TimeDateStamp	2004-Dec-23 23:22:26
Entropy	`3.21779`
MD5	`0c48e3782a26cda8bdaa86dd1e2df329`
SHA1	`752f0f68121262070fa8b84f5607f694be20d945`
SHA256	`10457e4a52f2cb7005a856e4a4f36acff104573a02acc1485ae2f13c08db5d48`
SHA3	`f6ec364c9f946d7a06bfa4b691476fe13cd59f0fad8558f6d3fd0e9143d23a25`

DVCLAL

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10`
TimeDateStamp	2004-Dec-23 23:22:26
Entropy	`4`
MD5	`a40263c75fde7440b1086b7da9c51fc2`
SHA1	`139a84f87110fb5cb16a386adade21f30cae98b0`
SHA256	`e7dbe99baa5c1045cdf7004edb037018b2e0f639a5edcf800ec4514d5c8e35b5`
SHA3	`d3a734fa7d36868d301f9569de92e1bfc551e4b5cf6d7c59eace8d0a554093c0`

TFORM1

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2cc7`
TimeDateStamp	2004-Dec-23 23:22:26
Entropy	`5.588`
MD5	`c0a1b07216c2ee14d92aee8b0509f372`
SHA1	`81e27df2ebafed704e7abcf580f1d37df63e72fc`
SHA256	`3e492bc270ede3208b96fe0ac37c4b2a3ff437cc18f5d92230d1464d0df18232`
SHA3	`e7b61d5d7f7064cd7fa78d824e4001ad2faed4df01497150834397a810b971cb`

32761

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2004-Dec-23 23:22:26
Entropy	`1.83876`
Detected Filetype	Cursor file
MD5	`a2baa01ccdea3190e4998a54dbc202a4`
SHA1	`e8217df98038141ab4e449cb979b1c3bbea12da3`
SHA256	`c53efa8085835ba129c1909beaff8a67b45f50837707f22dfff0f24d8cd26710`
SHA3	`8874564c406835306368adf5e869422e1bb97109b97c1499caa8af219990e8dc`
Preview

32762

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2004-Dec-23 23:22:26
Entropy	`1.91924`
Detected Filetype	Cursor file
MD5	`aff0f5e372bd49ceb9f615b9a04c97df`
SHA1	`e3205724d7ee695f027ab5ea8d8e1a453aaad0dd`
SHA256	`b07e022f8ef0a8e5fd3f56986b2e5bf06df07054e9ea9177996b0a6c27d74d7c`
SHA3	`9cb042121a5269b80d18c3c5a94c0e453890686aedade960097752377dfa9712`
Preview

32763

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2004-Dec-23 23:22:26
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`48e064acaba0088aa097b52394887587`
SHA1	`310b283d52aa218e77c0c08db694c970378b481d`
SHA256	`43f40dd5140804309a4c901ec3c85b54481316e67a6fe18beb9d5c0ce3a42c3a`
SHA3	`38753084b0ada40269914e80dbacf7656dc94764048bd5dff649b08b700f3ed5`
Preview

32764

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2004-Dec-23 23:22:26
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`1ae28d964ba1a2b1b73cd813a32d4b40`
SHA1	`8883cd93b8ef7c15928177de37711f95f9e4cd22`
SHA256	`ff47a48c11c234903a7d625cb8b62101909f735ad84266c98dd4834549452c39`
SHA3	`a85dadd416ce2d22aa291c0794c45766a0613b853c6e3b884a2b05fc791427b8`
Preview

32765

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2004-Dec-23 23:22:26
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`0893f6ba80d82936ebe7a8216546cd9a`
SHA1	`0754cbdf56c53de9ed7fbd47859d20b788c6f056`
SHA256	`a0adcedb82b57089f64e2857f97cefd6cf25f4d27eefc6648bda83fd5fef66bb`
SHA3	`ce6148ade08ef9b829f83cb13b4c650d9d4a7012bfd1ab697a7870a05f4104f8`
Preview

32766

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2004-Dec-23 23:22:26
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`dcaa3c032fe97281b125d0d8f677c219`
SHA1	`58fe36409f932549e2f101515abee7a40cf47b2c`
SHA256	`6e1e7738a1b6373d8829f817915822ef415a1727bb5bb7cfe809e31b3c143ac5`
SHA3	`02ef292e1b4a70e439e362af6b4fa213e3816ade45222b78dabab712b6afba54`
Preview

32767

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2004-Dec-23 23:22:26
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`a95c7c78d0a0b30b87e3c4976e473508`
SHA1	`b19f3999f1b302a2d28977cb18a3416c918d486c`
SHA256	`326c048595bbc72e3f989cb3b95fbf09dc83739ced3cb13eb6f03336f95d74f1`
SHA3	`8157b4e6afa7ed2e2ffc174d655bec9fb81db609e4c5864faa5ead931ff60689`
Preview

MAINICON

Type	`RT_GROUP_ICON`
Language	Chinese - Taiwan
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2004-Dec-23 23:22:26
Entropy	`2.06096`
Detected Filetype	Icon file
MD5	`59517c0a5976f364558b42dbb1cabbc8`
SHA1	`cf9a68a0b175f131381d3d29245441a6f9d53e3d`
SHA256	`ff04c16f07007618c7723eb538f879f89e297950bfa77ed55d1a19776f312a37`
SHA3	`5b15005fa45f38fa9716594a7860ddc29a2ef7e6921e99c6e8f3ac5bef203fd6`

String Table contents

Cannot open clipboard
Text exceeds memo capacity
Menu '%s' is already being used by another form
Docked control must have a name
Error removing control from dock tree
- Dock zone not found
- Dock zone has no control
PgUp
PgDn
End
Home
Left
Up
Right
Down
Ins
Del
Shift+
Ctrl+
Alt+
Unable to insert a line
Invalid clipboard format
Clipboard does not support Icons
&Yes
&No
OK
Cancel
&Help
&Abort
&Retry
&Ignore
&All
N&o to All
Yes to &All
BkSp
Tab
Esc
Enter
Space
Cannot change Visible in OnShow or OnHide
Cannot make a visible window modal
Menu index out of range
Menu inserted twice
Sub-menu is not in menu
Not enough timers available
GroupIndex cannot be less than a previous menu item's GroupIndex
Cannot create form. No MDI forms are currently active
A control cannot have itself as its parent
Cannot drag a form
Invalid input value
Invalid input value. Use escape key to abandon changes
Warning
Error
Information
Confirm
Icon image is not valid
Metafile is not valid
Cannot change the size of an icon
Unsupported clipboard format
Out of system resources
Canvas does not allow drawing
Invalid image size
Invalid ImageList
Invalid ImageList Index
Failed to read ImageList data from stream
Failed to write ImageList data to stream
Error creating window device context
Error creating window class
Cannot focus a disabled or invisible window
Control '%s' has no parent window
Cannot hide an MDI Child Form
December
Sun
Mon
Tue
Wed
Thu
Fri
Sat
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Bitmap image is not valid
Aug
Sep
Oct
Nov
Dec
January
February
March
April
May
June
July
August
September
October
November
External exception %x
Assertion failed
Interface not supported
Exception in safecall method
%s (%s, line %d)
Abstract Error
Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
%s
A call to an OS function failed
Jan
Feb
Mar
Apr
May
Jun
Jul
Read
Write
Error creating variant array
Variant array index out of bounds
Variant array is locked
Invalid variant type conversion
Invalid variant operation
Invalid variant operation ($%.8x)
Variant is not an array
Could not convert variant of type (%s) into type (%s)
Overflow while converting variant of type (%s) into type (%s)
Variant overflow
Invalid argument
Invalid variant type
Operation not supported
Unexpected variant error
Integer overflow
Invalid floating point operation
Floating point division by zero
Floating point overflow
Floating point underflow
Invalid pointer operation
Invalid class typecast
Access violation at address %p. %s of address %p
Stack overflow
Control-C hit
Privileged instruction
Exception %s in module %s at %p.
%s%s

Application Error
Format '%s' invalid or incompatible with argument
No argument for format '%s'
Variant method calls not supported
Property %s does not exist
Stream write error
'%s' is not a valid integer value
'%s' is not a valid currency value
'%g' is not a valid date and time
Out of memory
I/O error %d
File not found
Invalid filename
Too many open files
File access denied
Read beyond end of file
Disk full
Invalid numeric input
Division by zero
Range check error
Invalid stream format
''%s'' is not a valid component name
Invalid property value
Invalid property path
Invalid property value
List capacity out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d)
Out of memory while expanding memory stream
Error reading %s%s%s: %s
Stream read error
Property is read-only
Resource %s not found
%s.Seek not implemented
Operation not allowed on sorted list
%s not in a class registration group
Unable to find a Table of Contents
No help found for %s
No context-sensitive help installed
No topic-based help system installed
Ancestor for '%s' not found
Cannot assign a %s to a %s
Bits index out of range
Can't write to a read-only resource stream
CheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
A class named %s already exists
List does not allow duplicates ($0%x)
A component named %s already exists
String list does not allow duplicates
Cannot create file %s
Cannot open file %s

Version Info

TLS Callbacks

StartAddressOfRawData	`0x479000`
EndAddressOfRawData	`0x4790b4`
AddressOfIndex	`0x473648`
AddressOfCallbacks	`0x47a010`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`(EMPTY)`

Load Configuration

RICH Header

0fc9f308d2edd949aacbb8d5456d6e25

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.data

.tls

.rdata

.idata

.edata

.rsrc

.reloc

Imports

Delayed Imports

__GetExceptDLLinfo

@@Unit1@Initialize

@@Unit1@Finalize

___CPPdebugHook

_Form1

1

2

3

4

5

6

7

1 (#2)

4084

4085

4086

4087

4088

4089

4090

4091

4092

4093

4094

4095

4096

DVCLAL

TFORM1

32761

32762

32763

32764

32765

32766

32767

MAINICON

String Table contents

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors