Manalyze report for 128a3d2016c6827cb6878c7a85959db2

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Mar-16 06:02:54
Detected languages	English - United States
FileVersion	`1.1.37.02`
ProductVersion	`1.1.37.02`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++` `Microsoft Visual C++ v6.0`
Info	Interesting strings found in the binary:	`Contains domain names: .exe.bat.com autohotkey.com exe.bat.com https://autohotkey.com`
Info	Cryptographic algorithms detected in the binary:	`Uses known Mersenne Twister constants`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExA GetProcAddress LoadLibraryA LoadLibraryW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowA` `Code injection capabilities: WriteProcessMemory OpenProcess VirtualAllocEx` `Code injection capabilities (PowerLoader): FindWindowA GetWindowLongA` `Can access the registry: RegisterHotKey RegDeleteKeyA RegSetValueExA RegCreateKeyExA RegQueryValueExA RegEnumKeyExA RegEnumValueA RegQueryInfoKeyA RegOpenKeyExA RegCloseKey RegDeleteValueA` `Possibly launches other programs: CreateProcessA` `Can create temporary files: CreateFileA GetTempPathA CreateFileW` `Uses functions commonly found in keyloggers: MapVirtualKeyA GetAsyncKeyState AttachThreadInput CallNextHookEx GetForegroundWindow` `Memory manipulation functions often used by packers: VirtualProtect VirtualAllocEx` `Has Internet access capabilities: InternetOpenA InternetOpenUrlA InternetCloseHandle InternetReadFileExA InternetReadFile` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Interacts with services: OpenSCManagerA` `Enumerates local disk drives: GetDriveTypeA GetVolumeInformationA` `Manipulates other processes: WriteProcessMemory ReadProcessMemory OpenProcess Process32First Process32Next` `Can take screenshots: GetDC FindWindowA BitBlt CreateCompatibleDC` `Reads the contents of the clipboard: GetClipboardData` `Can shut the system down or lock the screen: ExitWindowsEx`
Malicious	VirusTotal score: 29/71 (Scanned on 2025-02-05 13:46:23)	`APEX: Malicious` `Antiy-AVL: Trojan[PSW]/Win32.Disco` `CAT-QuickHeal: Trojan.Ghanarava.1738565622959db2` `CTX: exe.trojan.disco` `CrowdStrike: win/malicious_confidence_60% (W)` `Cylance: Unsafe` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `Elastic: malicious (high confidence)` `FireEye: Generic.mg.128a3d2016c6827c` `Fortinet: Riskware/Application` `Google: Detected` `Gridinsoft: Trojan.Win32.Downloader.oa!s1` `Ikarus: PUA.HackTool.Agent` `Jiangmin: Trojan.Selfdel.uxp` `Kingsoft: malware.kb.a.885` `Lionic: Trojan.Win32.Disco.4!c` `Malwarebytes: Malware.AI.3591857095` `McAfee: GenericRXWP-FT!128A3D2016C6` `McAfeeD: ti!DA5AD36F1308` `NANO-Antivirus: Trojan.Win32.BuckBit.kpuuxe` `SentinelOne: Static AI - Suspicious PE` `Skyhigh: BehavesLike.Win32.GameHack.bh` `Symantec: ML.Attribute.HighConfidence` `Trapmine: malicious.high.ml.score` `VBA32: TrojanPSW.Disco` `Varist: W32/Filecoder.JHXM-5203` `Webroot: W32.Malware.gen` `Zillya: Trojan.Disco.Win32.11591`

Hashes

MD5	`128a3d2016c6827cb6878c7a85959db2`
SHA1	`633f693b195745cc5c4a5ab9e894d3c8b776dfd5`
SHA256	`da5ad36f1308331b10686b722dfb524592d081f18dd37081aaf49f48b93015b4`
SHA3	`8f00a2ec07e3e4368a9c6fdc769d3704f34d5b5c82a61b9eb408f6dea0c61f03`
SSDeep	`12288:FU+9H3900EJqrekLEyTYQcDL/TNuUCziP6VFGO5lrEaKYNtcBvAuvlee2NCFbLkG:FU+9XNrenyktDLdYNtcdvQNC9wHAP5c2`
Imports Hash	`9ff9e9f6ab5caab780768df74f57d5d0`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2024-Mar-16 06:02:54
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`10.0`
SizeOfCode	`0x98000`
SizeOfInitializedData	`0x25400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0008B4D4 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x99000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0xc5000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x400000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`3a12ce292de978527bc6b2d16e49d870`
SHA1	`ca95fd6bab821ce5db4957a9741156d3d37d24d3`
SHA256	`8ac06757573bb1173246169a650623a3f6f0f6b3ba0b3257790f71c6f18aaccf`
SHA3	`8f43bf5bca4315abb58b5e73aecd9fc4238d26147f6b54b8172bc164c7210b8a`
VirtualSize	`0x97f71`
VirtualAddress	`0x1000`
SizeOfRawData	`0x98000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.65359`

.rdata

MD5	`c99bd813abfc64d6b83da3804c849a1f`
SHA1	`cdce5a989d8092f63b36927fd3601900a6fdd915`
SHA256	`a989c19c7961aa0b2aa10714fc2e742394f7bc2f1e6061c5ce43a5c47f1bae57`
SHA3	`f164cf73cd13f6997caf92d6fbbc81cc372631cd4f0fd56d876284e218d2b948`
VirtualSize	`0xf1e6`
VirtualAddress	`0x99000`
SizeOfRawData	`0xf200`
PointerToRawData	`0x98400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.41244`

.data

MD5	`c11f7d28f0842884922c0f09b76c2d49`
SHA1	`0fee6b6a72d12a3e6588885d6ff75e0db6f2a3e6`
SHA256	`b59267210f313d90e1611143dcfd79c63ea728cd9b2a3864a3b16df1006eab0f`
SHA3	`6c9d49da3c81a9458626ad21abdc22116b50535c1f1a355806b4f8450218d511`
VirtualSize	`0x8724`
VirtualAddress	`0xa9000`
SizeOfRawData	`0x3200`
PointerToRawData	`0xa7600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.01818`

.rsrc

MD5	`3b98184ae21cc34063b1b8614ef10f9e`
SHA1	`891704abb959df1d5ac76cfc0a451694ec7da2d0`
SHA256	`e1177693b7526c939a7bab52abb4fca457a825a1fcd5da39e00d305e3f030b95`
SHA3	`0cda2b1f203ef2093bec09dfd55b0b1aebd635002b90a8c2b19bb14958246364`
VirtualSize	`0x12f6c`
VirtualAddress	`0xb2000`
SizeOfRawData	`0x13000`
PointerToRawData	`0xaa800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.46476`

Imports

WSOCK32.dll	`gethostbyname` `inet_addr` `WSACleanup` `gethostname` `WSAStartup`
WINMM.dll	`mixerGetLineInfoA` `mixerGetDevCapsA` `mixerOpen` `mciSendStringA` `joyGetPosEx` `mixerGetLineControlsA` `mixerGetControlDetailsA` `mixerSetControlDetails` `waveOutGetVolume` `mixerClose` `waveOutSetVolume` `joyGetDevCapsA`
VERSION.dll	`GetFileVersionInfoA` `VerQueryValueA` `GetFileVersionInfoSizeA`
COMCTL32.dll	`ImageList_Create` `#6` `ImageList_ReplaceIcon` `InitCommonControlsEx` `ImageList_GetIconSize` `ImageList_Destroy` `ImageList_AddMasked`
PSAPI.DLL	`GetModuleBaseNameA` `GetModuleFileNameExA`
WININET.dll	`InternetOpenA` `InternetOpenUrlA` `InternetCloseHandle` `InternetReadFileExA` `InternetReadFile`
KERNEL32.dll	`DeleteCriticalSection` `GetModuleFileNameA` `GetSystemTimeAsFileTime` `FindResourceA` `SizeofResource` `LoadResource` `LockResource` `GetFullPathNameA` `GetShortPathNameA` `FindFirstFileA` `FindNextFileA` `FindClose` `FileTimeToLocalFileTime` `SetEnvironmentVariableA` `Beep` `MoveFileA` `OutputDebugStringA` `CreateProcessA` `GetFileAttributesA` `GetExitCodeProcess` `WriteProcessMemory` `ReadProcessMemory` `GetCurrentProcessId` `OpenProcess` `TerminateProcess` `SetPriorityClass` `SetLastError` `GetEnvironmentVariableA` `GetLocalTime` `GetDateFormatA` `GetTimeFormatA` `GetDiskFreeSpaceExA` `SetVolumeLabelA` `CreateFileA` `DeviceIoControl` `GetDriveTypeA` `GetVolumeInformationA` `GetDiskFreeSpaceA` `GetCurrentDirectoryA` `CreateDirectoryA` `ReadFile` `GetACP` `WriteFile` `DeleteFileA` `SetFileAttributesA` `LocalFileTimeToFileTime` `SetFileTime` `GetFileSizeEx` `InitializeCriticalSection` `GetSystemDefaultUILanguage` `GetComputerNameA` `GetSystemWindowsDirectoryA` `GetTempPathA` `EnterCriticalSection` `LeaveCriticalSection` `VirtualProtect` `QueryDosDeviceA` `CompareStringA` `GetFullPathNameW` `RemoveDirectoryA` `CopyFileA` `GetCurrentProcess` `CreateToolhelp32Snapshot` `Process32First` `Process32Next` `FormatMessageA` `GetPrivateProfileStringA` `GetPrivateProfileSectionA` `GetPrivateProfileSectionNamesA` `WritePrivateProfileStringA` `WritePrivateProfileSectionA` `SetEndOfFile` `GetFileType` `GetStdHandle` `SetFilePointerEx` `SystemTimeToFileTime` `FileTimeToSystemTime` `GetFileSize` `VirtualAllocEx` `VirtualFreeEx` `EnumResourceNamesA` `LoadLibraryExA` `GlobalSize` `HeapSetInformation` `GetCommandLineA` `HeapQueryInformation` `HeapSize` `HeapReAlloc` `ExitProcess` `GetModuleHandleW` `HeapAlloc` `HeapFree` `IsValidCodePage` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `LCMapStringW` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsDebuggerPresent` `HeapCreate` `GetCPInfo` `GetVersionExW` `GetModuleHandleA` `FreeLibrary` `GetProcAddress` `LoadLibraryA` `MultiByteToWideChar` `GetLastError` `CreateMutexA` `CloseHandle` `GetExitCodeThread` `SetThreadPriority` `CreateThread` `GetStringTypeExA` `lstrcmpiA` `WideCharToMultiByte` `GetCurrentThreadId` `GlobalUnlock` `GlobalFree` `GlobalAlloc` `GlobalLock` `SetErrorMode` `SetCurrentDirectoryA` `Sleep` `GetTickCount` `MulDiv` `GetModuleFileNameW` `InitializeCriticalSectionAndSpinCount` `GetStartupInfoW` `InterlockedIncrement` `InterlockedDecrement` `LoadLibraryW` `IsProcessorFeaturePresent` `GetStringTypeW` `RaiseException` `RtlUnwind` `GetConsoleCP` `GetConsoleMode` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `SetHandleCount` `QueryPerformanceCounter` `SetFilePointer` `GetOEMCP` `WriteConsoleW` `SetStdHandle` `FlushFileBuffers` `GetProcessHeap` `CreateFileW` `GetSystemTime` `VirtualQuery`
USER32.dll	`SetWindowTextW` `SetDlgItemTextA` `MessageBeep` `GetCursorInfo` `GetLastInputInfo` `GetSystemMenu` `GetMenuItemCount` `GetMenuItemID` `GetSubMenu` `GetMenuStringA` `ExitWindowsEx` `SetMenu` `FlashWindow` `GetPropA` `SetPropA` `RemovePropA` `MapWindowPoints` `RedrawWindow` `SetParent` `SendMessageW` `GetClassInfoExA` `DefDlgProcA` `GetAncestor` `UpdateWindow` `GetMessagePos` `GetClassLongA` `CallWindowProcA` `CheckRadioButton` `IntersectRect` `GetUpdateRect` `PtInRect` `CreateDialogIndirectParamA` `CreateAcceleratorTableA` `DestroyAcceleratorTable` `InsertMenuItemA` `SetMenuDefaultItem` `RemoveMenu` `SetMenuItemInfoA` `IsMenu` `GetMenuItemInfoA` `CreateMenu` `CreatePopupMenu` `SetMenuInfo` `AppendMenuA` `DestroyMenu` `TrackPopupMenuEx` `CopyImage` `CreateIconIndirect` `CreateIconFromResourceEx` `EnumClipboardFormats` `GetWindow` `BringWindowToTop` `MessageBoxA` `GetTopWindow` `GetQueueStatus` `PostQuitMessage` `GetDlgItem` `ChangeClipboardChain` `SetClipboardViewer` `LoadAcceleratorsA` `EnableMenuItem` `GetMenu` `CreateWindowExA` `RegisterClassExA` `DestroyIcon` `DestroyWindow` `GetWindowTextLengthA` `MapVirtualKeyA` `MapVirtualKeyExA` `VkKeyScanExA` `GetGUIThreadInfo` `GetWindowTextA` `mouse_event` `WindowFromPoint` `GetSystemMetrics` `keybd_event` `SetKeyboardState` `GetKeyboardState` `GetCursorPos` `PostMessageW` `GetAsyncKeyState` `AttachThreadInput` `SendInput` `UnregisterHotKey` `RegisterHotKey` `SendMessageTimeoutA` `UnhookWindowsHookEx` `SetWindowsHookExA` `PostThreadMessageA` `IsCharAlphaNumericA` `IsCharUpperA` `IsCharLowerA` `ToAsciiEx` `GetKeyboardLayout` `CallNextHookEx` `CharLowerA` `ReleaseDC` `GetDC` `OpenClipboard` `GetClipboardData` `GetClipboardFormatNameA` `CloseClipboard` `SetClipboardData` `EmptyClipboard` `PostMessageA` `FindWindowA` `EndDialog` `IsWindow` `DispatchMessageA` `TranslateMessage` `ShowWindow` `CountClipboardFormats` `SendDlgItemMessageA` `DialogBoxParamA` `SetForegroundWindow` `DefWindowProcA` `FillRect` `DrawIconEx` `GetSysColorBrush` `GetSysColor` `RegisterWindowMessageA` `EnumDisplayMonitors` `IsIconic` `IsZoomed` `LoadImageA` `EnumWindows` `SetWindowLongA` `ScreenToClient` `IsDialogMessageA` `SendMessageA` `IsWindowEnabled` `GetWindowLongA` `GetKeyState` `TranslateAcceleratorA` `KillTimer` `PeekMessageA` `GetFocus` `EnableWindow` `InvalidateRect` `SetLayeredWindowAttributes` `SetWindowPos` `SetWindowRgn` `SetFocus` `SetActiveWindow` `ClientToScreen` `EnumChildWindows` `MoveWindow` `GetWindowRect` `GetMonitorInfoA` `MonitorFromPoint` `GetClientRect` `SystemParametersInfoA` `AdjustWindowRectEx` `DrawTextA` `SetRect` `GetIconInfo` `SetWindowTextA` `IsWindowVisible` `GetClassNameA` `GetWindowThreadProcessId` `GetForegroundWindow` `GetMessageA` `SetTimer` `GetParent` `GetDlgCtrlID` `CharUpperA` `IsClipboardFormatAvailable` `BlockInput` `IsCharAlphaA` `CheckMenuItem` `LoadCursorA`
GDI32.dll	`GetPixel` `GetClipRgn` `GetCharABCWidthsA` `SetBkMode` `CreatePatternBrush` `SetBrushOrgEx` `EnumFontFamiliesExA` `CreateDIBSection` `GdiFlush` `SetBkColor` `ExcludeClipRect` `SetTextColor` `GetClipBox` `BitBlt` `CreateCompatibleBitmap` `GetSystemPaletteEntries` `GetDIBits` `CreateCompatibleDC` `CreatePolygonRgn` `CreateRectRgn` `CreateRoundRectRgn` `CreateEllipticRgn` `DeleteDC` `GetObjectA` `GetTextMetricsA` `GetTextFaceA` `SelectObject` `GetStockObject` `CreateDCA` `CreateSolidBrush` `CreateFontA` `FillRgn` `GetDeviceCaps` `DeleteObject`
COMDLG32.dll	`CommDlgExtendedError` `GetSaveFileNameA` `GetOpenFileNameA`
ADVAPI32.dll	`RegDeleteKeyA` `RegSetValueExA` `RegCreateKeyExA` `RegQueryValueExA` `AdjustTokenPrivileges` `LookupPrivilegeValueA` `OpenProcessToken` `CloseServiceHandle` `UnlockServiceDatabase` `LockServiceDatabase` `OpenSCManagerA` `GetUserNameA` `RegEnumKeyExA` `RegEnumValueA` `RegQueryInfoKeyA` `RegOpenKeyExA` `RegCloseKey` `RegConnectRegistryA` `RegDeleteValueA`
SHELL32.dll	`DragQueryPoint` `SHEmptyRecycleBinA` `SHFileOperationA` `SHGetPathFromIDListA` `SHBrowseForFolderA` `SHGetDesktopFolder` `SHGetMalloc` `SHGetFolderPathA` `ShellExecuteExA` `Shell_NotifyIconA` `DragFinish` `DragQueryFileA` `ExtractIconA`
ole32.dll	`OleInitialize` `OleUninitialize` `CoCreateInstance` `CoInitialize` `CoUninitialize` `CLSIDFromString` `CLSIDFromProgID` `CoGetObject` `StringFromGUID2` `CreateStreamOnHGlobal`
OLEAUT32.dll	`SafeArrayGetLBound` `GetActiveObject` `OleLoadPicture` `SafeArrayUnaccessData` `SafeArrayGetElemsize` `SafeArrayAccessData` `SafeArrayUnlock` `SafeArrayPtrOfIndex` `SafeArrayLock` `SafeArrayGetDim` `SafeArrayDestroy` `SafeArrayGetUBound` `VariantCopyInd` `SafeArrayCopy` `SysAllocString` `VariantChangeType` `VariantClear` `SafeArrayCreate` `SysFreeString` `SysStringLen`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.37133`
MD5	`697019a3d7734d4528a3c4cda476a5c9`
SHA1	`ebdcc9c0f9c11072d36c622ba7ec5e96066aa4a9`
SHA256	`55ce6191c7041d3e681521bc84662fb83e8715db1403cef7a7750412c4a445ef`
SHA3	`882996525bb58dce1fe641a91d3dbb85ff6626773266d8f7a18c1168f97bf2f9`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.84157`
MD5	`1c93a14c5a485c11350ef568f5e423c1`
SHA1	`bead6553859c4ec6e647551a19b224dc2357fc5f`
SHA256	`ae6b56a4aabbeb5d22f508ed6d1522ba6e5b668d1ffb05e4d9cee348a14197cd`
SHA3	`5719b4dc9bcc5a323c95d760317d4a5b737343f709eee16eddf819e8054ee6dd`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.3349`
MD5	`266626c8655c67b9530c361ca939f01d`
SHA1	`4f799d89f7255ef58628605cc0f37a3420925a3d`
SHA256	`1bfebd87e8f7129fe598c91a87ff03e7962b95af723ea024faf9549e6442aa84`
SHA3	`85b69f2f4e1bfa507c52634afc60ad29f41321a0a4526654693b1dd7a6f516d9`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.46964`
MD5	`fbbd1dfd9481f55d0e9ebc890ce09c3c`
SHA1	`cbfd96b3e1c556af63424b3a153def765077b8fb`
SHA256	`5ef6e7b16676575434a274b3654dcc6c4934adcb5c86ee31939720568578d2c0`
SHA3	`108eb4ba2bc3e913cec2e0d5cd215901fb0f4ebffc7fbd7679673ea2c735a609`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.56056`
MD5	`9104d9f5acc220ac5a9a1c29a283e42d`
SHA1	`7e274a143071c4d7801c07669074cd8fa2972047`
SHA256	`e773c795d1dbb9bf8cd8f73f12c4f02c047f58dc516be4a629fe807610476917`
SHA3	`8cd4a3f7555bedc4ecddbcb83b34780f450c902a91ddda511b41f9b6f1c21103`

211

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.37124`
MD5	`2cfd05e0e8346abd1be8b6933d0684ad`
SHA1	`898c4f11bceec1fb399cc9e0f305e09b9a2df803`
SHA256	`c0306fb5f7462e74df09e5e0627c01a238f291bbdc89c24c0ea1f46e7341ab5a`
SHA3	`8f3778cee4660e3c85805aa4bce2602547080ca7cfc425029bce1441a5af9a1f`

205

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xe8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82326`
MD5	`fec66af562e184a3acd4ada5b1603016`
SHA1	`fe5cd5d19cfc12992d23a18db8edaf1c06f610c2`
SHA256	`0b54b12fc56db7f7a5a366544081e75cfd312d6db7dd0b298b8088ad2f748908`
SHA3	`36780025f039a7044aac6d427f489314299b398567b3b737bb5f229278d74563`

212

Type	`RT_ACCELERATOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x48`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.96144`
MD5	`7fb94687aa0fe2b18873dba5ac59ab1d`
SHA1	`e19e8d6b0e33da063de27c83fa0bab4058513332`
SHA256	`86286a59831ad1d0d84eb411ae6fa236b21bca5d3ebfc93a59cf4b6bf1d466d0`
SHA3	`33011788d35d1127a1ee6fbdb975c0d4ef6b36d3896e0d27d3f75f0ff68e3aec`

>AUTOHOTKEY SCRIPT<

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x97f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.79462`
MD5	`008a19aedd8c5335b257db8b98369a1f`
SHA1	`eb143839fcfd08c9bdb1e527fe364c7c287305a2`
SHA256	`ec918d2aa9854ce616b59cf3c4c97818ca265dcbb0625d10e3d6a93716e3a13f`
SHA3	`6aa1ce9e456ebf66a34748122ea06815884e20b7d8f918d4e437d14275fab1bb`

159

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.98048`
Detected Filetype	Icon file
MD5	`38388dda6548693f4d42f2241a4218d7`
SHA1	`78bedd12a20f97e31e58742381f3d0ca1edb4715`
SHA256	`cd0991dd595a1392452a8c7ccf089e73626bc6eed1fd3f54ee4c6aa7ffbaedba`
SHA3	`9ace1e9f008d60580379cdfdcd4119706c82d52d2e5fdb9e5745fa00864cc1a8`

160

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.02322`
Detected Filetype	Icon file
MD5	`6a368971d47678239d334269be28300e`
SHA1	`9fcfe92b319b372d6d59c9096cf13e9662e8299f`
SHA256	`45de95e2bc9da2d99016c89cba3816940f7ddb7f044c6d34b5f5c168c3b638ff`
SHA3	`10b30bfdab83169af38b453132bc26884230b58321aab1e2ebd88135cfae8457`

206

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.9815`
Detected Filetype	Icon file
MD5	`40c1414025bcc34e7ba97fd22bc9f5a4`
SHA1	`b53a6a13513b5205cef6fc6d7556ad80d8b62173`
SHA256	`d6659139f55adad2497df8d1a11fcd68324a00ccdadbc133ddd49fb79e9ccc1c`
SHA3	`88c00f73975983695c16e34c6a1750573250999152f5399a198b799e76349720`

207

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.0815`
Detected Filetype	Icon file
MD5	`9b2193af49fdb53892356f594e9f18b9`
SHA1	`448aa28721dd65475b37505de8140d88d5aa1501`
SHA256	`9b8ca9c6a330d0d17d1108ab5442d60ea574817a65caa860cceb24313cc4f0e4`
SHA3	`46527c3333b02958fd025cfdaa12d481f8505aa77c1cd0b5f15348e870530116`

208

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.0815`
Detected Filetype	Icon file
MD5	`5f51cbb6145d3a4c36cffa3b028b0199`
SHA1	`b2bbd2afcfa1c44725bf90df8948792d3bc7fb97`
SHA256	`fbb52a958caa73dce023ce27649d69f8886e86b5706e767153c41dde7b5eebf9`
SHA3	`93f253b05e0e42147b5a9000d421c3e105df42f9fafae5147c4e9a09958e3f79`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x21c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.27273`
MD5	`1a61de9a5f7811f42822e8a21ac2e298`
SHA1	`64a9ebceb0e83a5c30bf93e2c9ad411c527273d9`
SHA256	`488d89a43a389151f881f11f112c163af28788fd97dabf588bad18492f8307cf`
SHA3	`f8784d306b1b8d2e3eb0a18b0e2e8d44098afb71c9f7cc8838a7a9acb8159404`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4f4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.34908`
MD5	`fd97ad678377c9966ba3f8697c4e0aec`
SHA1	`a219c82a72b1a932c555f7b8ca0180f5b909d8ca`
SHA256	`0ca571f6485ac59097ce1d665a6c65086b8bc9f639715beb28666cb367f12f8a`
SHA3	`cf4561c34a35064efaa478d33745f6e1bb002dbf220524c3fe547d68cc0337ef`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.1.37.2
ProductVersion	1.1.37.2
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
FileVersion (#2)	1.1.37.02
ProductVersion (#2)	1.1.37.02

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xc8165f6c`
Unmarked objects	`0`
C++ objects (VS2010 SP1 build 40219)	`55`
C objects (VS2010 SP1 build 40219)	`125`
C objects (VS2008 SP1 build 30729)	`8`
Imports (VS2008 SP1 build 30729)	`29`
Total imports	`469`
ASM objects (VS2010 SP1 build 40219)	`31`
175 (VS2010 SP1 build 40219)	`38`
Resource objects (VS2010 SP1 build 40219)	`1`
Linker (VS2010 SP1 build 40219)	`1`

128a3d2016c6827cb6878c7a85959db2

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

Imports

Delayed Imports

1

4

5

6

7

211

205

212

>AUTOHOTKEY SCRIPT<

159

160

206

207

208

1 (#2)

1 (#3)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors