Manalyze report for 115a69488e9e8d5ca67f8e9e984588f6

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Jan-30 07:51:05
Detected languages	English - United Kingdom

Plugin Output

Suspicious	PEiD Signature:	`UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX -> www.upx.sourceforge.net` `UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser`
Suspicious	The PE is packed with UPX	`Unusual section name found: UPX0` `Section UPX0 is both writable and executable.` `Unusual section name found: UPX1` `Section UPX1 is both writable and executable.`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc`
Info	The PE's resources present abnormal characteristics.	`Resource 7 is possibly compressed or encrypted.` `Resource 8 is possibly compressed or encrypted.` `Resource 9 is possibly compressed or encrypted.` `Resource 10 is possibly compressed or encrypted.` `Resource 11 is possibly compressed or encrypted.` `Resource 12 is possibly compressed or encrypted.` `Resource 313 is possibly compressed or encrypted.` `Resource SCRIPT is possibly compressed or encrypted.`
Malicious	VirusTotal score: 20/66 (Scanned on 2019-08-11 03:04:33)	`MicroWorld-eScan: Trojan.GenericKD.32231849` `FireEye: Trojan.GenericKD.32231849` `McAfee: Artemis!115A69488E9E` `BitDefender: Trojan.GenericKD.32231849` `APEX: Malicious` `Paloalto: generic.ml` `Avast: Win32:Malware-gen` `Ad-Aware: Trojan.GenericKD.32231849` `Emsisoft: Trojan.GenericKD.32231849 (B)` `Invincea: heuristic` `McAfee-GW-Edition: BehavesLike.Win32.Downloader.gc` `Jiangmin: Trojan.Agent.bztk` `Antiy-AVL: Trojan[Dropper]/Win32.Sysn` `Arcabit: Trojan.Generic.D1EBD1A9` `Acronis: suspicious` `ALYac: Trojan.GenericKD.32231849` `GData: Trojan.GenericKD.32231849` `AVG: Win32:Malware-gen` `CrowdStrike: win/malicious_confidence_70% (D)` `MaxSecure: Trojan.Malware.300983.susgen`

Hashes

MD5	`115a69488e9e8d5ca67f8e9e984588f6`
SHA1	`4c323997fa26a77f397d3d26b2ef0685160b01d7`
SHA256	`c8677d1edc98ef58ff44cc96220ffce17c57abdd070b935d9a969ea133e5c6bf`
SHA3	`4a74b5df3981161f692c3f70e37c73a03edae4d0d00623db971d0a5cec113465`
SSDeep	`12288:+YV6MorX7qzuC3QHO9FQVHPF51jgcoc+Dvr9+KM0KG2z2:dBXu9HGaVH9+DTc0K/z2`
Imports Hash	`15ed82449d4cfe6c9ee944226b471de7`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2019-Jan-30 07:51:05
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`12.0`
SizeOfCode	`0x57000`
SizeOfInitializedData	`0x22000`
SizeOfUninitializedData	`0xa3000`
AddressOfEntryPoint	`0x000FA020 (Section: UPX1)`
BaseOfCode	`0xa4000`
BaseOfData	`0xfb000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x11d000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x400000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x400000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

UPX0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xa3000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

UPX1

MD5	`88f76d43ce884d861e565daf5051182c`
SHA1	`c6f7be00b87814c696a2145cee352859fb796e4c`
SHA256	`55e35a72505810fac1070192616c143c64bb1179c68cc3da88c98790bfdd8070`
SHA3	`4f070487aa2334217b3a6717de8dbe008253e0dc8136427a9cee090a61f81973`
VirtualSize	`0x57000`
VirtualAddress	`0xa4000`
SizeOfRawData	`0x56400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.93526`

.rsrc

MD5	`d5f771cd5645e80e8e6d6a32d761be15`
SHA1	`0286b3e82aa8cb25a60384fdaa3124e868d72a7d`
SHA256	`0832dfceb73de136df6635bd43d54aecf00e9ebcec739f636630c51200a3fa42`
SHA3	`7dadf60050d345d2dbf96434383566a2c4806948b48255db5702b0ddcef23b1f`
VirtualSize	`0x22000`
VirtualAddress	`0xfb000`
SizeOfRawData	`0x21c00`
PointerToRawData	`0x56800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.96811`

Imports

KERNEL32.DLL	`LoadLibraryA` `GetProcAddress` `VirtualProtect` `VirtualAlloc` `VirtualFree` `ExitProcess`
ADVAPI32.dll	`GetAce`
COMCTL32.dll	`ImageList_Remove`
COMDLG32.dll	`GetOpenFileNameW`
GDI32.dll	`LineTo`
IPHLPAPI.DLL	`IcmpSendEcho`
MPR.dll	`WNetUseConnectionW`
ole32.dll	`CoGetObject`
OLEAUT32.dll	`#8`
PSAPI.DLL	`GetProcessMemoryInfo`
SHELL32.dll	`DragFinish`
USER32.dll	`GetDC`
USERENV.dll	`LoadUserProfileW`
UxTheme.dll	`IsThemeActive`
VERSION.dll	`VerQueryValueW`
WININET.dll	`FtpOpenFileW`
WINMM.dll	`timeGetTime`
WSOCK32.dll	`#4`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.66371`
MD5	`d6f27bf763eb666af934477958acf362`
SHA1	`f724ee386cda31b32b5c88e08b9abf562c016a57`
SHA256	`62ba0b2575098d4428c9a99bd060ef7572071698bf9d03b4bd430f5f691378e5`
SHA3	`6f4a250c7a91ddfcc872e14b8ed1e4aa33a5ebb3280f7d021b47aa46edfb9586`

2

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.05883`
MD5	`78f30e363a0499f530d057b4d639d36e`
SHA1	`360bd6476101b0cddc23d2c7eade326c1b16ceaf`
SHA256	`08bcba5aa989c988ea18f8101c84daaee58d4f0b584535a85186c8b98b66147e`
SHA3	`001ac9f6e8e52f9c3eb7101189fb953e2f4babfdea5b6e26b23b99173af38de4`

3

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.25499`
MD5	`ad424f5f5d5ff4460343686c61e4f75e`
SHA1	`29a1f0faadc42f1b9f9767d8c724fdc58dd165c8`
SHA256	`245fc49e4e955e1db3975b826dcf27ad2eb32a6831caa4cb6b501a3914bcfaa9`
SHA3	`4f3a627ee7d533397f7f5c70bb2dafa8857150e674cb31edd96949c7905de509`

4

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.87612`
MD5	`a17ccc527404dcf6b6b4eb1810a11296`
SHA1	`7b21d058d45ba5dd1ca3b1e1b069d827a66dc0fa`
SHA256	`8cbe1211620dbc87b58a9a01662a8fe7438f2bf42c288899960065cac15fb276`
SHA3	`cf81b04aba364163ed4f44f02c2d46c78d26f78fcb65f7f3921c8396df5e18d5`

166

Type	`RT_MENU`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x50`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.04693`
MD5	`e8b115bbc33f27af07fefccaea005d86`
SHA1	`b209c1cb60b38a77c0dc8e08f69b1808ffce97f9`
SHA256	`63a8bd68d917c607aaecdc2f84922a6965960bf1bd1b5e91ac78e6027417c46e`
SHA3	`ad4133448a8fa3ddbe26336c231da8df11f778f7c4b7dea4eb1ffc60e6c06df6`

7

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x594`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.7739`
MD5	`60ce954d161f441fd572bd934e60358d`
SHA1	`d7ab622526c9dd3f97a0fed3a05af5f5df156399`
SHA256	`89175a62d961925c44b4427a69d55e4afd7692cd652554a06acef3e42e26c842`
SHA3	`10c01c8f064c6210b9e38e49165e9c720b6f6d762eaf8ded3fb8235c46a08d9b`

8

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x68a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.8123`
MD5	`a3c2e91b4d6ec2cd298ecfad18b31c27`
SHA1	`753bfc571beff2a66da716fb99ddb3c67aa7b740`
SHA256	`530d74093d7969ce0b3c68151b14801615397fcb7e2c55ceb4adbbe5b54b77af`
SHA3	`a32cc4da2460f6153d5a6f8f036ff777a20636295556ceee53e4d39b47e4681c`

9

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x490`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.76373`
MD5	`51ce9663282bfd44507e21bb5f91ff11`
SHA1	`760d1b5024c3c8ec1a3fff0cdfcf4679e3323d61`
SHA256	`20bc6ec21a1782514ae63c77e9814f220348ee556707e6a04f35af04667f408e`
SHA3	`b47421c1bcd6379ad0fceb82a82df286edbc1b15f9ff989021bbf60199d99d46`

10

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x5fc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.74023`
MD5	`7af7d7d988a298c6b7e653c5d4b654af`
SHA1	`fcce31beb58ffbf13ae4c7d3e44be8f2e75c63f9`
SHA256	`dea37cd53ac21236d6a93d9096d0b6a24cda0eb1e75e9ed59559a42f757c71fa`
SHA3	`fa6eaa0260e5488d772467dcfd3a2db114242d36f888327173353418a56a2d40`

11

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x65c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.7573`
MD5	`c9130cee4e0f450a0d8699752badf428`
SHA1	`c3cdf43177e6e86803d197cbe11f49777b6bf226`
SHA256	`7660bd2a65256401777de5fc3bfbdaa7d7d9989e6d0d38c0484d1554c41b9d1a`
SHA3	`b0ffaaae5f83542a99451aafa7587962fb3fc129e9f36b69d03bcd166dd71c16`

12

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x466`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.6943`
MD5	`24fa34f6e69eed90046aaaf9992a7926`
SHA1	`385639ba0a0b3813c4ee5eb41a4d30bd7450f15e`
SHA256	`bd4ff3cc413bbff36793dc29f4f5d776f457d4b107f7244b7932f1a4291518e6`
SHA3	`523b594f6d7ac282a68ff72d9a2c35d1cc8dab610a6431d71c0bfb62cf854dec`

313

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x158`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.07003`
MD5	`b8a6d864ca968071a955fc436542a8ec`
SHA1	`d62521f5cb56ddd7b3cb545310105769d7e1004c`
SHA256	`35115a45ade8c4928f40b48137a9907248d5922d379b48508375940bde3f929b`
SHA3	`4296111701badd1cec5e73c5f7788007d4f28f6a1f726e38f7822c6fdb2cde2a`

SCRIPT

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2070a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99878`
MD5	`ef0ba770199c40f537dc66c697e22c17`
SHA1	`187a8442bb1d9de4a1f5e00313c0712f4bfd3592`
SHA256	`36d2fcaa6e38303b0742b60c18c65ac97d22aefa8e30c141111f37e858910ada`
SHA3	`f6427b6ff96e71e8f31637775db52cabbabbe5910441916d4e072b6010d564eb`

99

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.22322`
Detected Filetype	Icon file
MD5	`25b4317405477359610e9d0120dae543`
SHA1	`b13ca8799b90f0050503c70ad42b8de6241ab325`
SHA256	`437eefb07f479ab5d002a5515ae0c3217542f162eae067c3107abf7fca02ad36`
SHA3	`f025d5740690a7014b61270c97d1916aece9f3f3c6d6612980649078010eddbf`

162

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.02322`
Detected Filetype	Icon file
MD5	`7a9605cb416b1a091d889b9d9f37ec66`
SHA1	`866c01641d672b6cd69901c1e055f174f47b35bb`
SHA256	`6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164`
SHA3	`af43e622bf6c842d1ada2985f8e68920ff7b22d8a0b1a12871968c23b5065651`

164

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.84274`
Detected Filetype	Icon file
MD5	`f64c60b749269fcf6659c450dda98486`
SHA1	`42945c3496bc4e1943a1a05926a9b5ee31d3e450`
SHA256	`ae172a9a2fd008910b537c92a95b38bfba0e5bbdaaca719bf686e6415a7a2ba1`
SHA3	`443830acdeb37f2b7f844756492b2b11f9fb93e9171617d8c799cebfd05cb37f`

169

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.02322`
Detected Filetype	Icon file
MD5	`60f05e3b8ea9e18928923bdbcc112277`
SHA1	`d97726a6e9c326a37507f879feca7e152157839c`
SHA256	`7698ef362b288a7e3b96304ca50814b42518cba38598db9dbb36d8b90212d76a`
SHA3	`390fd88c6012552aecc7f109e733a1bf00339b8b3758127752832484c9f13ce6`

1 (#2)

Type	`RT_VERSION`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0xdc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.77862`
MD5	`410f594f3ad95b1dd20e08e299b97c51`
SHA1	`523aa56f00d4d21ffcbd0f82cda655d88349a740`
SHA256	`ebfbc032f504c40d9098735ecfd8c80d996de100b07130e2855b9125e1f57fe5`
SHA3	`e785abf691c076cc1fc9cd02b8b7cc3ea433971151b12bd00999ac83071094c5`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x3ef`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.40026`
MD5	`a8983985aa631a15210e820fc8e1e52e`
SHA1	`fed4e5d714e5b12f8a61604ba61eaf6e2bee2fbd`
SHA256	`1bd8139910a81485aadb0bb28586e233768486de8c09f6a565ae457805702d39`
SHA3	`8582ac809cc76ad6f98d859f53bd4eed751c5aeb31783f353e10875eae68ce64`

String Table contents

㰉獡敳扭祬摉湥楴祴琠灹㵥眢湩㈳•慮敭∽楍牣獯景⹴楗摮睯⹳潃浭湯䌭湯牴汯≳瘠牥楳湯∽⸶⸰⸰∰氠湡畧条㵥⨢•牰捯獥潳䅲捲楨整瑣牵㵥⨢•異汢捩敋呹歯湥∽㔶㔹㙢ㄴ㐴捣ㅦ晤⼢ാ उ⼼敤数摮湥䅴獳浥汢㹹਍ठ⼼敤数摮湥祣ാ 㰉牴獵䥴普⁯浸湬㵳產湲猺档浥獡洭捩潲潳瑦挭浯愺浳瘮∳ാ उ猼捥牵瑩㹹਍ठउ爼煥敵瑳摥牐癩汩来獥ാ उउ爼煥敵瑳摥硅捥瑵潩䱮癥汥氠癥汥∽獡湉潶敫≲甠䅩捣獥㵳昢污敳⼢ാ उ㰉爯煥敵瑳摥牐癩汩来獥ാ उ⼼敳畣楲祴ാ 㰉琯畲瑳湉潦ാऊ挼浯慰楴楢楬祴砠汭獮∽牵㩮捳敨慭⵳業牣獯景⵴潣㩭潣灭瑡扩汩瑩⹹ㅶ㸢਍ठ㰉灡汰捩瑡潩㹮਍ठउ猼灵潰瑲摥协䤠㵤笢㉥㄰㐱㜵ㄭ㐵ⴶ㌴㕣愭昵ⵥ〰搸敥㍥㍤て≽㸯਍उ㰉畳灰牯整佤⁓摉∽㍻ㄵ㠳㥢ⵡ搵㘹㐭扦ⵤ攸搲愭㐲〴㈲昵㌹絡⼢ാऊउ猼灵潰瑲摥协䤠㵤笢愴昲㠲㍥㔭戳ⴹ㐴ㄴ戭㥡ⵣ㙤搹愴愴收㠳≽㸯਍उ㰉畳灰牯整佤⁓摉∽ㅻ㙦㘷㝣ⴶ〸ㅥ㐭㌲ⴹ㔹扢㠭搳昰搶搰㝡紸⼢ാऊउ猼灵潰瑲摥协䤠㵤笢攸昰愷㈱戭扦ⴳ昴㡥戭愹ⴵ㠴摦〵ㅡ愵愹≽㸯਍उ⼼灡汰捩瑡潩㹮਍ठ⼼潣灭瑡扩汩瑩㹹਍⼼獡敳扭祬ാ倊줬좈줹좤쥆좬쥓좴쥠좼쥪죄쥷죌쥿죔즉죜즖죤즠죬즬죴즷주짃줄짏줌짛줔짧줜짱줤짼쨊쨚쨪쨸쩆쩔쩜쩮쪀쪈쪖쪪耀쪸쫎쫚쫢쫴쬄쬔쬢耀䕋乒䱅㈳䐮䱌䄀噄偁㍉⸲汤l佃䍍䱔㈳搮汬䌀䵏䱄㍇⸲汤l䑇㍉⸲汤l偉䱈䅐䥐䐮䱌䴀剐搮汬漀敬㈳搮汬伀䕌啁㍔⸲汤l卐偁⹉䱄L䡓䱅㍌⸲汤l单剅㈳搮汬唀䕓䕒噎搮汬唀呸敨敭搮汬嘀剅䥓乏搮汬圀义义呅搮汬圀义䵍搮汬圀体䭃㈳搮汬潌摡楌牢牡䅹敇側潲䅣摤敲獳楖瑲慵偬潲整瑣楖瑲慵䅬汬捯楖瑲慵䙬敲e硅瑩牐捯獥s敇䅴散浉条䱥獩彴敒潭敶敇佴数䙮汩乥浡坥楌敮潔捉灭敓摮捅潨乗瑥獕䍥湯敮瑣潩坮潃敇佴橢捥t敇側潲散獳敍潭祲湉潦牄条楆楮桳敇䑴C潌摡獕牥牐景汩坥獉桔浥䅥瑣癩e敖兲敵祲慖畬坥瑆佰数䙮汩坥楴敭敇呴浩eꀀ〢㉀
偉䱈䅐䥐䐮䱌䴀剐搮汬漀敬㈳搮汬伀䕌啁㍔⸲汤l卐偁⹉䱄L䡓䱅㍌⸲汤l单剅㈳搮汬唀䕓䕒噎搮汬唀呸敨敭搮汬嘀剅䥓乏搮汬圀义义呅搮汬圀义䵍搮汬圀体䭃㈳搮汬潌摡楌牢牡䅹敇側潲䅣摤敲獳楖瑲慵偬潲整瑣楖瑲慵䅬汬捯楖瑲慵䙬
e硅瑩牐捯獥s敇䅴散浉条䱥獩彴敒潭敶敇佴数䙮汩乥浡坥楌敮潔捉灭敓摮捅潨乗瑥獕䍥湯敮瑣潩坮潃敇佴橢捥t敇側潲散獳敍潭祲湉潦牄条楆楮桳敇䑴C潌摡獕牥牐景汩坥獉桔浥䅥瑣癩e敖兲敵祲慖畬坥瑆佰数䙮汩坥楴敭敇呴浩eꀀ〢㉀
ࠉ
럠˨Ӥ¦İ耀ࠉň誸PӤƠ耀ǈ耀 ǰ耀
Ș耀ɀ耀ɨ耀Ĺʐ耀ࠉƸ謈֔ӤࠉǠ邜ڊӤࠉȈ霨ҐӤࠉȰ鮸׼ӤࠉɘꆴٜӤࠉʀꠐѦӤࠉʨ걸ŘӤш耀ː耀˨뫌܊Ӥc̨耀¢͐

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.0.0.0
ProductVersion	0.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United Kingdom

Resource LangID	English - United Kingdom

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x4bfd50`
SEHandlerTable	`0`
SEHandlerCount	`0`

RICH Header

XOR Key	`0xc1fc1252`
Unmarked objects	`0`
C++ objects (20806)	`2`
199 (41118)	`1`
ASM objects (VS2013 build 21005)	`51`
C objects (VS2013 build 21005)	`177`
C++ objects (VS2013 build 21005)	`53`
C objects (VS2008 SP1 build 30729)	`9`
Imports (VS2008 SP1 build 30729)	`37`
Total imports	`544`
234 (VS2013 UPD5 build 40629)	`80`
ASM objects (VS2013 UPD5 build 40629)	`1`
Resource objects (VS2013 build 21005)	`1`
151	`1`
Linker (VS2013 UPD5 build 40629)	`1`

Errors

[*] Warning: Section UPX0 has a size of 0!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!