Manalyze report for 16021fe99c9900c594fcf22391491222

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2023-Mar-29 19:26:08
Detected languages	English - United States Portuguese - Brazil Spanish - Argentina Spanish - Spain (International sort)
TLS Callbacks	1 callback(s) detected.
Debug artifacts	HostAppServiceUpdater.pdb
CompanyName	SweetLabs, Inc
FileDescription	Host App Service Updater
FileVersion	`0.273.4.677`
InternalName	hostappserviceupdater
LegalCopyright	Copyright (C) 2010-2023 - SweetLabs, Inc
OriginalFilename	HostAppServiceUpdater.exe
ProductName	Host App Service Updater
ProductVersion	`0.273.4.677`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: example.com http://www.winimage.com http://www.winimage.com/zLibDll https://curl.se winimage.com www.winimage.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses constants related to Blowfish` `Uses known Diffie-Helman primes` `Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryW LoadLibraryExA LoadLibraryExW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowW` `Code injection capabilities (PowerLoader): FindWindowW GetWindowLongW` `Can access the registry: RegQueryValueExW RegCreateKeyExW RegDeleteValueW RegEnumKeyExW RegEnumValueW RegFlushKey RegQueryInfoKeyW RegSetValueExW RegOpenKeyExW RegCloseKey RegOpenKeyW SHRegDuplicateHKey` `Possibly launches other programs: ShellExecuteW` `Uses Microsoft's cryptographic API: CryptHashData CryptEnumProvidersW CryptSignHashW CryptDestroyHash CryptCreateHash CryptDecrypt CryptExportKey CryptGetUserKey CryptGetProvParam CryptSetHashParam CryptDestroyKey CryptReleaseContext CryptAcquireContextW CryptGetHashParam CryptQueryObject CryptVerifyMessageSignature CryptMsgGetParam CryptMsgClose` `Can create temporary files: CreateFileW CreateFileA GetTempPathA GetTempPathW` `Has Internet access capabilities: InternetQueryOptionW WinHttpCloseHandle WinHttpOpen WinHttpGetProxyForUrl` `Leverages the raw socket API to access the Internet: ntohs WSASetLastError WSAStartup WSACleanup setsockopt WSAIoctl htons socket __WSAFDIsSet select accept bind connect getsockname htonl listen recv getaddrinfo freeaddrinfo recvfrom sendto WSAGetLastError ioctlsocket gethostname gethostbyname getnameinfo getpeername getsockopt send WSACloseEvent closesocket WSAWaitForMultipleEvents WSACreateEvent WSAEnumNetworkEvents WSASetEvent WSAResetEvent WSAEventSelect` `Functions related to the privilege level: OpenProcessToken DuplicateTokenEx` `Enumerates local disk drives: GetVolumeInformationW GetDriveTypeW` `Manipulates other processes: Process32NextW Process32FirstW OpenProcess` `Changes object ACLs: SetSecurityInfo SetNamedSecurityInfoW` `Can take screenshots: CreateCompatibleDC GetDC FindWindowW` `Interacts with the certificate store: CertOpenStore CertOpenSystemStoreA`
Info	The PE is digitally signed.	`Signer: SweetLabs Inc` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Safe	VirusTotal score: 0/75 (Scanned on 2024-08-13 16:39:24)	`All the AVs think this file is safe.`

Hashes

MD5	`16021fe99c9900c594fcf22391491222`
SHA1	`7645a654f07ae04e4dedf734ed4ac9d1a0b4ba3a`
SHA256	`c4c0311a34401eae53fd45eae61cff431beb8f880dfd0d37fc312643651a2bd1`
SHA3	`d7ce619fd9cb51d5ee69d427876a30c7a63494a6dd8f0027327fe21c2794d662`
SSDeep	`98304:uVr4DbqfI5PUMOIo11vTKj9n1T1xI/4gKp8itUBU6H+Z31N+60t6yiugGD:uiDeQ5PBi11Afxw4WHiuN`
Imports Hash	`c9e5a89e6d85d9fe7ead2823aff17594`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x140`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2023-Mar-29 19:26:08
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x550c00`
SizeOfInitializedData	`0x1ef400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000038FBA8 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x744000`
SizeOfHeaders	`0x400`
Checksum	`0x7412da`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`502b8392713fd6114f1276a14771c407`
SHA1	`24308ec7af2dd0866a0475ce80300fb404fb7cdb`
SHA256	`db68a6e7326601f505f8fb2c7a9ec9fc9437b63a870f0590150a10209f315585`
SHA3	`1e0fc235ff91f4779c8f27547ce3e55e066ab9fddd89fcfe71d2c90abab69d49`
VirtualSize	`0x550b9c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x550c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.44444`

.rdata

MD5	`a35eb6ac2f74d9a37c81e29262981594`
SHA1	`e40fce60542db8d081f6c1efb06f94e147156c75`
SHA256	`badba6b6162ef51b45869e1302a9af68c6a4c2f31723fd4edec8887053552203`
SHA3	`b88b291849a2a235a87541b24ee56fea99e23ac76f7f3ebd0cfe2a0a62cf7536`
VirtualSize	`0x159f38`
VirtualAddress	`0x552000`
SizeOfRawData	`0x15a000`
PointerToRawData	`0x551000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.91221`

.data

MD5	`62a6ccc6b427cd75fedd36ca7738d172`
SHA1	`aa7cfe58fea3681abe789af1c91e9cddc12ffbe9`
SHA256	`b12a7b0ed199c842c3fc2169381fdb250ba7d6c5b3aeba49efd1d4e12bfbe93f`
SHA3	`7b342a93fe428a51d3c1dbe8319df6163ae78734900acec7c429a03896b1db28`
VirtualSize	`0x153ec`
VirtualAddress	`0x6ac000`
SizeOfRawData	`0xc400`
PointerToRawData	`0x6ab000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.33647`

.pdata

MD5	`c1ed1fc8364b2c63f5e5a22f2412da25`
SHA1	`ed0023a1919bb2a1f4862aaff96d20e88f7fd4e1`
SHA256	`e146360ca85e5cb42389e5392cd28292a0114322f04c5e44ae2b8409b3ca263a`
SHA3	`04b6a77f70d3f03de20b4d1bed2159b11be95018afa560252ad0b720561ee018`
VirtualSize	`0x4830c`
VirtualAddress	`0x6c2000`
SizeOfRawData	`0x48400`
PointerToRawData	`0x6b7400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.49961`

_RDATA

MD5	`52e7c7e45eae1f7d364e3695b30a1c3f`
SHA1	`a893f13c45f7662f0ecb26b8f83c217fe453cdc1`
SHA256	`9b0135c9e6f0b7eb2a492222b832ae369ddf58f45932494843e6b5d19162ca6e`
SHA3	`78fa797708c0bb94b106e9d0e86e8316dd68abf1ad0688fb4808260c4b807c2c`
VirtualSize	`0x15c`
VirtualAddress	`0x70b000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6ff800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.31383`

.rsrc

MD5	`f2da1bfd7a92568f567ca7bee93a0cc4`
SHA1	`a57aee5a46dbb62a6d2d5bdb75ac36ceca64d08d`
SHA256	`31e1f75e8f97f25fb9877efd3a02d6a469574690ca4d94c9a82e5ae2d02c7e95`
SHA3	`814e66a1950ecb0e4d2194b3b1a69aa1e733bb52861204b19556261371e67d2d`
VirtualSize	`0x2ee78`
VirtualAddress	`0x70c000`
SizeOfRawData	`0x2f000`
PointerToRawData	`0x6ffa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.67686`

.reloc

MD5	`d754f100ea7e765d23b1ded5e9d4cb51`
SHA1	`ad40fc1520d708696f538b8a45f225276f58fe5a`
SHA256	`857e2f0687a5b66a5e58c7e51f68af3c5806fd01f1bede9ccbf1a5008ee69aed`
SHA3	`a85e2834ff1c3037d5f48dec34afe35bcaa7f5e5a246fee881ff2301577bba87`
VirtualSize	`0x8998`
VirtualAddress	`0x73b000`
SizeOfRawData	`0x8a00`
PointerToRawData	`0x72ea00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.44975`

Imports

KERNEL32.dll	`GetCurrentThreadId` `TerminateProcess` `GetCurrentProcess` `CreateWaitableTimerW` `Sleep` `CancelWaitableTimer` `SetWaitableTimer` `CreateEventW` `WaitForSingleObject` `ResetEvent` `GetProcessHeap` `HeapSize` `HeapFree` `HeapReAlloc` `HeapAlloc` `HeapDestroy` `SetLastError` `SetUnhandledExceptionFilter` `SetDefaultDllDirectories` `CreateFileW` `CreateDirectoryW` `Process32NextW` `Process32FirstW` `CreateToolhelp32Snapshot` `WideCharToMultiByte` `FormatMessageW` `FormatMessageA` `LocalFree` `GetProcAddress` `GetModuleHandleW` `ProcessIdToSessionId` `GetCurrentProcessId` `CreateEventA` `SetEvent` `DeleteCriticalSection` `InitializeCriticalSectionEx` `LeaveCriticalSection` `EnterCriticalSection` `GetLastError` `SetDllDirectoryW` `OOBEComplete` `RegisterWaitUntilOOBECompleted` `UnregisterWaitUntilOOBECompleted` `DecodePointer` `GetGeoInfoW` `AreFileApisANSI` `HeapCreate` `GetDiskFreeSpaceW` `LockFile` `UnlockFileEx` `MapViewOfFile` `CreateFileMappingW` `LockFileEx` `UnlockFile` `HeapCompact` `DeleteFileA` `CreateFileA` `FlushViewOfFile` `GetFileAttributesA` `GetDiskFreeSpaceA` `GetTempPathA` `HeapValidate` `UnmapViewOfFile` `CreateMutexW` `WriteConsoleW` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `QueryPerformanceCounter` `GetTickCount` `QueryPerformanceFrequency` `GetSystemDirectoryA` `FreeLibrary` `GetModuleHandleA` `LoadLibraryA` `MultiByteToWideChar` `MoveFileExA` `WaitForSingleObjectEx` `CompareFileTime` `GetSystemTimeAsFileTime` `GetEnvironmentVariableA` `GetStdHandle` `GetFileType` `ReadFile` `PeekNamedPipe` `WaitForMultipleObjects` `SleepEx` `VerSetConditionMask` `VerifyVersionInfoW` `GetEnvironmentVariableW` `GetConsoleMode` `SetConsoleMode` `ReadConsoleA` `ReadConsoleW` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `WriteFile` `SwitchToFiber` `DeleteFiber` `CreateFiber` `ConvertFiberToThread` `ConvertThreadToFiber` `LoadLibraryW` `FindClose` `FindFirstFileW` `FindNextFileW` `GetSystemTime` `SystemTimeToFileTime` `RaiseException` `GetSystemInfo` `VirtualProtect` `VirtualQuery` `LoadLibraryExA` `GetTickCount64` `CreateHardLinkW` `DuplicateHandle` `TerminateThread` `CreateSemaphoreA` `GetStringTypeExW` `LCMapStringW` `GetLocaleInfoW` `GetSystemDefaultUILanguage` `GetUserDefaultUILanguage` `GetUserDefaultLCID` `GetLocaleInfoEx` `ExpandEnvironmentStringsA` `ExpandEnvironmentStringsW` `DeleteFileW` `FindFirstFileExW` `GetDiskFreeSpaceExW` `GetFileAttributesExW` `GetFileInformationByHandle` `GetLongPathNameW` `GetTempFileNameW` `SetFilePointer` `GetTempPathW` `IsWow64Process` `CopyFileW` `MoveFileExW` `SystemTimeToTzSpecificLocalTime` `FileTimeToSystemTime` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetEnvironmentVariableW` `OpenEventW` `OpenProcess` `LocalAlloc` `QueryFullProcessImageNameW` `GetVolumeInformationW` `GetSystemDirectoryW` `GetComputerNameW` `GetUserGeoID` `GetVersionExW` `GetModuleFileNameW` `GetCurrentPackageFamilyName` `LoadLibraryExW` `EnumResourceNamesW` `OutputDebugStringW` `GetCurrentThread` `GetThreadLocale` `SetThreadLocale` `GetExitCodeProcess` `GetFileAttributesW` `GetFileSizeEx` `FreeResource` `LoadResource` `LockResource` `SizeofResource` `FindResourceW` `CreateThread` `SetThreadPriority` `GetThreadPriority` `GetExitCodeThread` `InitializeCriticalSection` `TryEnterCriticalSection` `ReleaseMutex` `CreateMutexA` `FindResourceExW` `GetFileSize` `DosDateTimeToFileTime` `CompareStringW` `GlobalFree` `FreeConsole` `AttachConsole` `GetConsoleDisplayMode` `CreateDirectoryA` `IsDebuggerPresent` `InitializeSRWLock` `TryAcquireSRWLockExclusive` `GetStringTypeW` `EncodePointer` `LCMapStringEx` `CompareStringEx` `GetCPInfo` `SetFileInformationByHandle` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `InitOnceExecuteOnce` `InitializeConditionVariable` `WakeConditionVariable` `WakeAllConditionVariable` `SleepConditionVariableCS` `SleepConditionVariableSRW` `CreateEventExW` `CreateSemaphoreExW` `FlushProcessWriteBuffers` `GetCurrentProcessorNumber` `FreeLibraryWhenCallbackReturns` `CreateThreadpoolWork` `SubmitThreadpoolWork` `CloseThreadpoolWork` `CreateThreadpoolTimer` `SetThreadpoolTimer` `WaitForThreadpoolTimerCallbacks` `CloseThreadpoolTimer` `CreateThreadpoolWait` `SetThreadpoolWait` `CloseThreadpoolWait` `GetFileInformationByHandleEx` `CreateSymbolicLinkW` `ReleaseSemaphore` `WaitForMultipleObjectsEx` `OpenEventA` `ResumeThread` `GetLogicalProcessorInformation` `CreateWaitableTimerA` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `IsProcessorFeaturePresent` `GetStartupInfoW` `InitializeSListHead` `RtlPcToFileHeader` `RtlUnwindEx` `InterlockedPushEntrySList` `InterlockedFlushSList` `RtlUnwind` `ExitProcess` `GetModuleHandleExW` `GetDriveTypeW` `ExitThread` `FreeLibraryAndExitThread` `SetFilePointerEx` `SetConsoleCtrlHandler` `GetModuleFileNameA` `GetACP` `GetConsoleCP` `GetDateFormatW` `GetTimeFormatW` `IsValidLocale` `EnumSystemLocalesW` `FlushFileBuffers` `SetStdHandle` `SetEndOfFile` `SetCurrentDirectoryW` `GetCurrentDirectoryW` `GetFullPathNameW` `GetFullPathNameA` `GetTimeZoneInformation` `SetEnvironmentVariableA` `IsValidCodePage` `GetOEMCP` `FindFirstFileExA` `FindNextFileA` `GetCommandLineA` `GetCommandLineW` `OutputDebugStringA` `CloseHandle`
gdiplus.dll	`GdipFlush` `GdipSetImageAttributesColorMatrix` `GdipAlloc` `GdiplusShutdown` `GdipMeasureString` `GdipCreateFromHWND` `GdipCreateStringFormat` `GdipDeletePen` `GdipDeleteStringFormat` `GdipDrawString` `GdipDeleteFont` `GdipCreateSolidFill` `GdipDeleteBrush` `GdipCloneBrush` `GdipAddPathLine` `GdipClosePathFigures` `GdipDeletePath` `GdipCreatePath` `GdipSetStringFormatFlags` `GdipSetStringFormatTrimming` `GdipSetCompositingQuality` `GdipCreateFromHDC` `GdipCreateFromHWNDICM` `GdipGetImageEncoders` `GdipGetImageEncodersSize` `GdipSetPixelOffsetMode` `GdipBitmapSetPixel` `GdipBitmapGetPixel` `GdipBitmapUnlockBits` `GdipBitmapLockBits` `GdipCreateBitmapFromHICON` `GdipCreateBitmapFromHBITMAP` `GdiplusStartup` `GdipSaveImageToFile` `GdipDrawImageRectRectI` `GdipSetInterpolationMode` `GdipSetSmoothingMode` `GdipSetCompositingMode` `GdipDeleteGraphics` `GdipSetImageAttributesWrapMode` `GdipCreateFont` `GdipGetGenericFontFamilySansSerif` `GdipDeleteFontFamily` `GdipCreateFontFamilyFromName` `GdipSetClipRectI` `GdipDrawImageRectRect` `GdipDrawImage` `GdipFillPath` `GdipFillEllipse` `GdipDisposeImageAttributes` `GdipCreateImageAttributes` `GdipCreateBitmapFromScan0` `GdipGetImagePixelFormat` `GdipGetImageHeight` `GdipGetImageWidth` `GdipGetImageGraphicsContext` `GdipDisposeImage` `GdipCloneImage` `GdipFree` `GdipFillRectangle` `GdipGraphicsClear` `GdipDrawRectangle` `GdipDrawLines` `GdipDrawLine` `GdipCreatePen1` `GdipSetTextRenderingHint`
WLDAP32.dll	`#211` `#46` `#200` `#60` `#301` `#45` `#50` `#30` `#79` `#33` `#41` `#22` `#26` `#27` `#32` `#143` `#35` `#217`
Normaliz.dll	`IdnToAscii`
dbghelp.dll	`MiniDumpWriteDump`
WTSAPI32.dll	`WTSQueryUserToken` `WTSFreeMemory` `WTSEnumerateSessionsW` `WTSRegisterSessionNotification` `WTSUnRegisterSessionNotification`
Secur32.dll	`GetUserNameExW`
NETAPI32.dll	`NetApiBufferFree` `NetGetJoinInformation`
GDI32.dll	`SelectObject` `CreateDIBSection` `GetObjectW` `DeleteObject` `CreateCompatibleDC` `GetDIBits` `CreateBitmap` `DeleteDC`
ADVAPI32.dll	`CryptHashData` `OpenProcessToken` `RegQueryValueExW` `RegCreateKeyExW` `RegDeleteValueW` `RegEnumKeyExW` `RegEnumValueW` `RegFlushKey` `RegQueryInfoKeyW` `RegSetValueExW` `RegDeleteTreeW` `RegCopyTreeW` `AddAccessAllowedAceEx` `AddAce` `DuplicateTokenEx` `GetAce` `GetAclInformation` `GetLengthSid` `GetSecurityDescriptorSacl` `GetTokenInformation` `InitializeAcl` `CryptEnumProvidersW` `CryptSignHashW` `CryptDestroyHash` `CryptCreateHash` `CryptDecrypt` `CryptExportKey` `CryptGetUserKey` `CryptGetProvParam` `CryptSetHashParam` `CryptDestroyKey` `CryptReleaseContext` `CryptAcquireContextW` `ReportEventW` `RegisterEventSourceW` `DeregisterEventSource` `RegOpenKeyExW` `RegCloseKey` `GetUserNameW` `ConvertSidToStringSidW` `ConvertStringSidToSidW` `ConvertStringSecurityDescriptorToSecurityDescriptorW` `GetSecurityInfo` `SetSecurityInfo` `LookupAccountNameW` `CryptGetHashParam` `GetSidSubAuthority` `OpenThreadToken` `RegOpenKeyW` `SetEntriesInAclW` `GetNamedSecurityInfoW` `SetNamedSecurityInfoW`
SHELL32.dll	`SHEvaluateSystemCommandTemplate` `SHQueryUserNotificationState` `ShellExecuteExW` `SHGetSettings` `SHGetDesktopFolder` `SHGetKnownFolderPath` `SHGetFolderPathW` `SHCreateDirectoryExW` `SHGetMalloc` `SHGetFileInfoW` `SHFileOperationW` `ShellExecuteW` `SHAppBarMessage` `CommandLineToArgvW` `SHBindToParent`
ole32.dll	`PropVariantClear` `StringFromGUID2` `CoUninitialize` `CoInitializeEx` `CoTaskMemAlloc` `CoTaskMemFree` `CoCreateGuid` `CoSetProxyBlanket` `CoCreateInstance` `CoInitializeSecurity`
OLEAUT32.dll	`SysFreeString` `SysAllocString` `VariantClear` `VariantInit` `CreateErrorInfo` `SetErrorInfo` `VariantChangeType` `GetErrorInfo` `SysStringLen` `VariantCopy` `SysAllocStringLen`
bcrypt.dll	`BCryptGenRandom`
msi.dll	`#173` `#217`
RPCRT4.dll	`UuidCreateSequential` `UuidToStringW` `RpcStringFreeW`
WININET.dll	`InternetQueryOptionW` `DeleteUrlCacheEntryW`
WINHTTP.dll	`WinHttpCloseHandle` `WinHttpOpen` `WinHttpGetProxyForUrl`
WINTRUST.dll	`WinVerifyTrust` `WTHelperGetProvSignerFromChain` `WTHelperGetProvCertFromChain` `WTHelperProvDataFromStateData`
CRYPT32.dll	`CryptQueryObject` `CryptVerifyMessageSignature` `CertGetNameStringW` `CryptMsgGetParam` `CryptMsgClose` `CertGetCertificateContextProperty` `CertDuplicateCertificateContext` `CertFindCertificateInStore` `CertOpenStore` `CertCloseStore` `CertGetIntendedKeyUsage` `CertGetEnhancedKeyUsage` `CertFreeCertificateContext` `CertEnumCertificatesInStore` `CertOpenSystemStoreA`
USERENV.dll	`ExpandEnvironmentStringsForUserW` `GetUserProfileDirectoryW`
SHLWAPI.dll	`StrChrIW` `AssocQueryStringW` `PathGetArgsW` `#487` `SHRegDuplicateHKey` `#176` `PathFileExistsW` `StrRetToBufW`
WS2_32.dll	`ntohs` `WSASetLastError` `WSAStartup` `WSACleanup` `setsockopt` `WSAIoctl` `htons` `socket` `__WSAFDIsSet` `select` `accept` `bind` `connect` `getsockname` `htonl` `listen` `recv` `getaddrinfo` `freeaddrinfo` `recvfrom` `sendto` `WSAGetLastError` `ioctlsocket` `gethostname` `gethostbyname` `getnameinfo` `getpeername` `getsockopt` `send` `WSACloseEvent` `closesocket` `WSAWaitForMultipleEvents` `WSACreateEvent` `WSAEnumNetworkEvents` `WSASetEvent` `WSAResetEvent` `WSAEventSelect`
VERSION.dll	`VerQueryValueW`
COMDLG32.dll	`GetSaveFileNameW`
USER32.dll (delay-loaded)	`LoadStringW` `MonitorFromRect` `TranslateMessage` `DispatchMessageW` `PeekMessageW` `DefWindowProcW` `PostQuitMessage` `RegisterClassExW` `CreateWindowExW` `MsgWaitForMultipleObjects` `SetTimer` `KillTimer` `LoadCursorW` `LoadIconW` `UnregisterClassW` `GetProcessWindowStation` `GetUserObjectInformationW` `MessageBoxW` `GetSystemMetrics` `OpenInputDesktop` `CloseDesktop` `OpenWindowStationA` `CloseWindowStation` `SetProcessWindowStation` `DestroyWindow` `GetDC` `ReleaseDC` `EnumWindows` `GetWindowThreadProcessId` `SystemParametersInfoW` `FindWindowW` `IsWindowVisible` `AllowSetForegroundWindow` `GetShellWindow` `PostMessageW` `PrivateExtractIconsW` `DestroyIcon` `LoadImageW` `SetProcessDefaultLayout` `wsprintfW` `CreateIconIndirect` `CreatePopupMenu` `DestroyMenu` `SetActiveWindow` `SetForegroundWindow` `GetWindowRect` `CopyRect` `GetDesktopWindow` `EnumChildWindows` `FindWindowExW` `GetClassNameW` `MonitorFromWindow` `GetMonitorInfoW` `GetIconInfo` `ScreenToClient` `SetRect` `GetForegroundWindow` `IntersectRect` `EqualRect` `GetWindowLongW` `GetDisplayConfigBufferSizes` `QueryDisplayConfig` `EnumDisplayMonitors`

Delayed Imports

Attributes	`0x1`
Name	`USER32.dll`
ModuleHandle	`0x6bbd18`
DelayImportAddressTable	`0x6b81e8`
DelayImportNameTable	`0x6a7b30`
BoundDelayImportTable	`0x6a81b8`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

CA

Type	`TEXT`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x217d4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99624`
Detected Filetype	GZip Compressed Archive
MD5	`c014af1628411606fe7b77e42a3f1370`
SHA1	`760b97dc5c3b3d32d7f53ccde82a4a70a425bbb8`
SHA256	`ba179285008fc423a1726f99333743ebf21a5abfe503b080f00ab0cfd188bf85`
SHA3	`888492f9ac5d2697cea4a23c890f3538b3395593dbc78fdae76de94c5ea53561`

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.18158`
MD5	`aecaef26c8fc14efa961590d614f2e84`
SHA1	`a231ac119553d45c1fcf58a75055f0163fe30fc8`
SHA256	`aa7496d888fa49767c774eb667654f3fbb5553ac2e3f6cbe7c871337f955f2d0`
SHA3	`80ceed2ca6260fbc362672adb34b1e28919cacf75e70b626229d70fae662d726`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.29111`
MD5	`f0389960ba8e40a854720e5cd09c3a73`
SHA1	`f55bee6186f7c3e90658a0e6942cd1b2b156c4be`
SHA256	`6038d941a8a443d17f47e9b9e31cd7b3068b981515e98184daa2070dfe28a371`
SHA3	`e253baa49fad0ed1421d0802bfe6d0cadd182c4d9b97f8a9e591bed15d686df2`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.1705`
MD5	`4a507734ec1d13489f50b137dc1144ae`
SHA1	`b857b9a31b775bb267cfae79bfc70ae67ff6b7a5`
SHA256	`90c395a460932571581352ccb99e169e02bcce5cb3a808cc057d19a262f887ae`
SHA3	`4d8258ce3ee812783508845a42d53c78870870aa6bb0e02bccb769a8d26ec1b6`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.72442`
MD5	`fe0917fb80ea4a63e54d58b91e929402`
SHA1	`f6e5f8211cd1ea1addfeccf8ee3549975e728886`
SHA256	`23a635bebe91a39d43e88e7e285ad5a2d870d8f326528ca659ee4d7a81dfe6e9`
SHA3	`a276e571e2fb3a6bb0b4a12073088c3b14b785452870eeb401e41a522c8de95d`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.17423`
MD5	`1a0726560abaf945d0442d59eb2561b2`
SHA1	`3900f1510d7c46678a8c57c20f75bbc1acdcea96`
SHA256	`457308ab2455f4c54b5a15deb4a10d64204ad7cc09f45e213c2d5c620922e2ef`
SHA3	`0688f7e0754422e162545d0ac8c65e741a71493edb87004916816ea810ff57b3`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.09695`
MD5	`f0412717cf70ac11ae1af56bf02f5772`
SHA1	`4fe7ff16dc98646c0807e1b3d3dafc42fcd0b0db`
SHA256	`55cd02edf46530d9fc34915acaade250a92a33ad67eec10bea5be2e1a75a66f4`
SHA3	`44345e7ee6e058ff6d2948a54c599cc82aba88b117efcd8c5edf0d2f65043bb3`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x6c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.0117`
MD5	`3b294ead5b9791e0d545c0f57e622e28`
SHA1	`d39cd183ec1d0d4f9e70ef86e5ada93411ff499b`
SHA256	`ad8df15db1f67485befa156238a66bb84f6f1d1bcd54d300ec6e501fb6e28bbb`
SHA3	`30283282bd608ea5a16f7ff9f11e522039bccc4cccd06344909dfb3dd6868b50`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.03281`
MD5	`04decf93e7ae871cffa5f0543cffc150`
SHA1	`f09c1c525fbd6dcf1f5322945d06d403465bc995`
SHA256	`c644efb8b352139b90cea0c105de70e2c88ef3efb2acd480f40804b8adfe1867`
SHA3	`3e8f28453538272ac6daa213bcd104b649b027291e7762fe8b3874037e82b979`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x402e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.93561`
Detected Filetype	PNG graphic file
MD5	`8b231b8fd1b6791789675b54d7b143f4`
SHA1	`e1c536f6decf467a4ea03e5229ad05a697089cc1`
SHA256	`dce1e9388d151d213b2e91bec37ae1c89feedf82e1cb6fcc8bdeab29a36b1d5e`
SHA3	`f4738e1cc438af8b8026627bd6640dcef1302787e44405e4641c904ae6f4ce12`

10

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.52489`
MD5	`98c49503da74fab567576a28ea88b8b4`
SHA1	`f5ca864aa4340b40c862935c9b8ec79d95352c5d`
SHA256	`589b2873e29802a9848eb556c26e4c45ba49bc6c03eb54be9d1d8d97858872ba`
SHA3	`12063c4d8e1e59ce621a692be06a2cd6678a6b41f5880547fdd3fecd63f4a808`

11

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.65614`
MD5	`2b5142426a85c301377c33315edc1e01`
SHA1	`0716a424f250ae544c5952d3e2b786d8b97fa9a7`
SHA256	`397f4e1da1a40c89d4bffd7f0ed4606956efcd771162f0420affb41d9b3d3de6`
SHA3	`886a746fb477e24e5e1b839566903aae5d2edbff3280c5487cf399051691f6e0`

12

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.68031`
MD5	`7b52de00b91531e1b965f6d1cf3510d6`
SHA1	`cd07c11cd6ff638a4a01a8b555a9a15e84e77357`
SHA256	`01d926d10424809b469775f9e9e7749c763841968dc0ff96be847385429a329e`
SHA3	`71fe71ce46fa90b6fa5ec8fc96b5980d3057d4787bfc8cadaf593cf729865abc`

13

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.32052`
MD5	`3a2e2cc9ef53e9a29958913bbbffa740`
SHA1	`8e3f3e64271f8e842465d78391516396d06aaf52`
SHA256	`8792fb054a35bf3e0e3c7e08a6d2160adcedb803ce822ef3ef4ca6febd64da5b`
SHA3	`ef474785ee471734dc41d31464069442911dd75c72d187d456c8d73654e47702`

5009

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xec`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.95122`
MD5	`4e14b8e0d763f0c2fc1fa62cddb1fd26`
SHA1	`3b76da2fef17ee70b942e4278edcadc24cdc3185`
SHA256	`de413def67e86f02c3060e600b340b65928d86f7a98471e0a4f08879d763da3d`
SHA3	`fa1c03bd548168a90ea3a9d9df0232981cecfefe37f688c17eea49ee81c09a98`

5014

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xe6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.92811`
MD5	`b60a49dbfb6147ccec9ed2403c2bad55`
SHA1	`dfb7460b3437e1bdfb912f3ac784b3f1096034dd`
SHA256	`7ac3ccc03d1c11680cae434a26c3763c0b2b11895ea916df27c320562811657d`
SHA3	`409d401d435bea927d871fbc3e070f747acdfb5ab63779f6c8a7c01c164805b1`

7 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x74`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.66174`
MD5	`e4b9119334dee969932da46bb91dd4b2`
SHA1	`5ce2630c1dcd89327dc38b2e38bcdbe00f9d99e8`
SHA256	`0c37a4c983adc6ff6c542bf37bf6afb648fa81fba3bc51d089e037c71064bd27`
SHA3	`53e03ab8e6c0396a5fd601e8a5fbe6b1114fc69ae24f07b3dd9c604325d62c63`

313

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x38`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.73692`
MD5	`12cd03294b5ee2dcce9ba865a42e3706`
SHA1	`c5b9fcf7c9db70a75020eb7fd622839aa2cdc8ed`
SHA256	`ae2fbcc4d1077c76a3f0b04ca63095f72a20313729be28473c536b85d9693d22`
SHA3	`c6334b842f1cc78bfe5ac005603830407fccc5c38c4aef36b5cfe8547729c687`

313 (#2)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.62011`
MD5	`718871cbad1dd9c52a15d7414b0b03ec`
SHA1	`47b69b199dcb69d6e762c94ec10b16528b9e66f0`
SHA256	`f6c990f1ddc670f9700b6b43c4295599b734573485d976d80e7eabd0f4b57203`
SHA3	`0aaa1bdfed2b3a3733856ce7ce3bd2fd0a2d488035095c2d2b19269a86439b04`

313 (#3)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x60`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.5656`
MD5	`769f8dc050a474156524ee936adfe27b`
SHA1	`2bd3e5fda59486b3be349260bc1c8d0af150fff3`
SHA256	`721186faf71bac4b711c5fa9d0f3a04797be7b30cdf59241690023741c902ac9`
SHA3	`e95c6953a46f946c81801b52c37e26af3f999217c5b1349cca781b79ab7cebca`

313 (#4)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x66`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.56416`
MD5	`862530bd29edb94d5f1d0f694cee03a7`
SHA1	`31810f2a553697bfaa70488ad3daf8d502feb639`
SHA256	`3ee51c44eb7624ac2077a924958be0431d5af9a7ea4ac9699c334a2881b85167`
SHA3	`da015b82af39fbd32146e3a4a0e284c7718826a4a4babd324ee356cc094f09d8`

313 (#5)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x60`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.61816`
MD5	`989cefeb7493c18ff345c3f0f6e1bace`
SHA1	`b8c7b7dea05437248f8d14d0e901a2a0f494a7ba`
SHA256	`d040ce699517a4eb253e1be3c5f8230700cd5ae9c815b56e273a793950fc5fc1`
SHA3	`8a74b649a35b99ed1c5c362a4f6fcc904474961d61658636757fb94a7f5b8a00`

313 (#6)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x58`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.59342`
MD5	`8b05d220c665c00ba195c588382e2759`
SHA1	`623eea6323769ca0075b1c19d77a28112980699a`
SHA256	`11bd1d765f275fd5b4d4b67146bd12f0fca9d3444e8b951aba27e9bd52d78c82`
SHA3	`2d3d55a8b8bff43a5f61c1d39e7ab32b32a1e698189230e5b91c9460970d9896`

313 (#7)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x36`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.52646`
MD5	`28e350bb479049d2d17c4d7005923514`
SHA1	`37eeeb1461a7ddac99aa12ee7b63a29f29d2f644`
SHA256	`6c5502238a8e0c946f980b93c3e9dc175e19517ad3aafdc939a62bad847b701b`
SHA3	`7caaff6204a58455fe310e4616dff5f7e060ecd6952fbb932caf136b8d55a1e2`

313 (#8)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x36`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.58656`
MD5	`8692a353f6b2966b012ceed8439807bd`
SHA1	`5c3742dd1dde167e07052c0319ae01b6ba0382f5`
SHA256	`373f1f6a9a1a6156cf1825c85c5b2cd3233da35e843620e0d722e52aaf77c062`
SHA3	`2f631a03744620faf50f91a1124b3941bfd4686d5400f5651324ed0faf6bb01f`

313 (#9)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x60`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.60216`
MD5	`e0d10ad45b2c8ba70bc3741825ea5538`
SHA1	`5e40070f03c96070c1a28a249e01e1cc9c609e10`
SHA256	`6fb3f65b97d177a9298a578ee597b70ef48daee4a0b7b5a9e850544281b57a5e`
SHA3	`058a1b1a1f5077f48184fc2455b9972021495c427d3da261b90e17b8033a2d60`

313 (#10)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x54`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.193`
MD5	`46a920df67a814add80988a4c359a3be`
SHA1	`9ccfdd4ec3b1594146b6aa99d8fb098ee21ec36a`
SHA256	`883ace972905d99c7148dc5f9f0e03c0ccf0d154587566dd5c09de9c55e7aa3c`
SHA3	`8d6040eed05e9c7e63137ab47c5277b19056ceb9798d5592a8e8b5e0a456004f`

313 (#11)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x60`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.6657`
MD5	`7c6079606496531ebf9a4680f06ef6cd`
SHA1	`41e3523a94c059561221c5bc4142eb5ecc7543fc`
SHA256	`9dee61e884f8326cacb7871aee3ea3ca0d60e8105c1311aebcaedb7803bf680e`
SHA3	`8041a7c62943c0ecec500a28700f7e4c31b862a7ca6b35a4123860a2107b489c`

313 (#12)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.67093`
MD5	`7ea2f4c205ff20d40348ce8ea80cb68d`
SHA1	`884f33a66121f4f4e176b795a1ffb3c428e70062`
SHA256	`c4cc930e03e0de1651a0f48d6b1559af732b445de1e8a042fc48ebfe428d249b`
SHA3	`8cf4009bc471258c9590524ee7b99f2579d4f9ede42af598a090d493822a7417`

313 (#13)

Type	`RT_STRING`
Language	Portuguese - Brazil
Codepage	UNKNOWN
Size	`0x5c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.67738`
MD5	`c279ffaf4b371411606139ce4cc2d6db`
SHA1	`bad4deb1597b3fed9fd8704932da4633dc47fd7a`
SHA256	`7428cb0f422b5e028db52befea9c21422f633c3dd439e069594af0be7c25d57e`
SHA3	`14a242ecfd0945240ddbc29f8be31cb346a823d591e7fbd183b491a6cdd214f8`

313 (#14)

Type	`RT_STRING`
Language	Spanish - Spain (International sort)
Codepage	UNKNOWN
Size	`0x5c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.69912`
MD5	`bfd054f0006b7e64992770b60ee6ba6a`
SHA1	`37d7e3baccfc95776d24f8131a26e9fc383cdc72`
SHA256	`d7c86b40328bad5cf427e37ae94adc2afe4c598ec0353ae5be8b3395ad9e1956`
SHA3	`ea6f794fe9c6381feaf941ace1ea9b4054ffbd017e8b92854713d01eb6a22b33`

313 (#15)

Type	`RT_STRING`
Language	Spanish - Argentina
Codepage	UNKNOWN
Size	`0x5c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.69912`
MD5	`bfd054f0006b7e64992770b60ee6ba6a`
SHA1	`37d7e3baccfc95776d24f8131a26e9fc383cdc72`
SHA256	`d7c86b40328bad5cf427e37ae94adc2afe4c598ec0353ae5be8b3395ad9e1956`
SHA3	`ea6f794fe9c6381feaf941ace1ea9b4054ffbd017e8b92854713d01eb6a22b33`

313 (#16)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.77022`
MD5	`f6944b07785acb627dd8892b8f254acc`
SHA1	`34d42ca41268b8a197ad9d75e115751116e37658`
SHA256	`f2ed1f75942f07b6b6fdc8ebeb340a2ee5d01bc64b1f324c5f4b67e2f8daebd4`
SHA3	`82f25ea01f5e9ab0f1399ee44e9078b4aa8a9b1a17a11630bd87d958d63cf2df`

376

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x56`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.4147`
MD5	`ed940490df5e78e471616633da190e26`
SHA1	`3f203e8f04fad780adc9c27e162e2e4709b7a5bb`
SHA256	`601b4eb4902033028bde0405ddc7244dfe6aa8f6a6d1f139060036e6d927afa8`
SHA3	`e9e81f28382386dc41db28fa12bc7dd5acc171ce8fa97acb85a82a2dc8b88a62`

376 (#2)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x60`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.34502`
MD5	`ca94e4a17895cf24e6c573768aa5d260`
SHA1	`e9fe4cc6e3901d634e224a01e4b6218f0fedc454`
SHA256	`3942bd8c53c124d0976083f8685e252b560251fe403296a5518d9ac95bf52071`
SHA3	`372265d41e0da3e4670912961bc9d338b708d26ea1c64a3c4d3e448616d351df`

376 (#3)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.3214`
MD5	`2df5563d78511372334e9235399ac156`
SHA1	`579333c6fcd275c83366412d660c7a3f2aa676e0`
SHA256	`9ef197c232a3cd95321c3df0134e31971d71248f307de441b39bdff889abd0a1`
SHA3	`57e64e37a20849fc23e6560be15ff209f5d5fd8644997aa37801afaec6dbcf2c`

376 (#4)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x6e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.44616`
MD5	`21a6a04a30a88ccd6299ad8150a5b73a`
SHA1	`ef578e02ae87017170371b6f37f6e822d867a0aa`
SHA256	`fda0a51cd88534a52f8ea8e77cb6e088946e7e2189fe560682b190042de8395f`
SHA3	`2cab357914964e209e9cf83fa0d28cf641e0d19a8846f73642003feb525e1818`

376 (#5)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x62`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.35361`
MD5	`0b9ba5ce6a5e748b07b387a20837de8f`
SHA1	`77ff02862272291507e343afb97012423d2b5973`
SHA256	`18f936ff6002e46a9171f970bf407401948a83d9636076b597a864cbe4752ac5`
SHA3	`66b81d98eb1d9f8c3bb60959b0395476e261458cac5a282fc060bbd0c633314a`

376 (#6)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x76`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.4747`
MD5	`91e041b7c51724d12dc7ed898b00fab7`
SHA1	`b7b61b831f0c45e7ad99947ca2aabbdc4e321e32`
SHA256	`0ba5415f7aa02073688cfc850cedff2c90d1b75fd111e6f1b22f09b8072b19c6`
SHA3	`7bc1d9744fcf58b782ad994f4f216afae244920719176527aa3847463d5f84c3`

376 (#7)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x54`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.40388`
MD5	`c3d2951c0706a41d3c082ba1f595b654`
SHA1	`63daf262f0cd93b2f433bdfe1505940b1431f4cb`
SHA256	`90e3f104dd7c54b971500aaad332554ed7b9ed5931786d35c355b10cb66425f4`
SHA3	`13e05eb5f81d64320895845ecfaf3e07cb7e8f5fe8980c4127edf08d9ba16c40`

376 (#8)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x56`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.44674`
MD5	`2c00b5ff491eccf4df07ea03c69b4b74`
SHA1	`25e92e414edfa7da2ec56cbad2d783c8b269624a`
SHA256	`203d5d19566bcce2fd59fc754c36b22d38b1661350317a2b033e31ce72555b02`
SHA3	`d0be4d358af17ccf0cabed03893338f7638776200df38f64120c976a4a7b52bf`

376 (#9)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.42307`
MD5	`0def07b5ab4e9666a1cc810840a0a0a5`
SHA1	`e5bffb69c8d513bba22cd0c350ed477345ed89d0`
SHA256	`3356383f360cf6db4f20f43215298b5cca32da6234501dd276b5ee937357f64f`
SHA3	`1b73a455d822cb481d643dec149e815813b05acc93534d9439fed6b6bad6dbc1`

376 (#10)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x62`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.85716`
MD5	`f102416501f7bed08fac552a2cec39b3`
SHA1	`ca9c2941f99d48a1d579f5cb74bd72462254a75a`
SHA256	`67fc544545204d1bf4c7eafde65b94d56a6bac07a2bda50f493929d47b4cf584`
SHA3	`7aea74915eb7b7341008f28553713e35bfb6f08cf68ba9c0e29ff81c1bf44b11`

376 (#11)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x62`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.34887`
MD5	`929c1617ff6b68f4a49a947d192d7e92`
SHA1	`6fe3eeb7516c92b8139770cd295346357d26304d`
SHA256	`f088b0e54a150aa2a3cce56e37fc4da7f2b93223a33d5889108f6ab6088b0e46`
SHA3	`6f1896eacebdfe3863cfbd82d52a9d28d969d01d195e03d9901726f3271b88aa`

376 (#12)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.26746`
MD5	`fd5e0fd6b5b54f31ec6fd881fc871fed`
SHA1	`7e0305910cd18236e1857694e3bc99eb119c7203`
SHA256	`b8ffcb344057fdc5f5b68dae1855d5d49398f3a468e0173f420f10f7194af156`
SHA3	`f0fa53f7b09f01164e78f1f7d95bfdcc8da5f13fc6cd106faa5ae1c616f2455c`

376 (#13)

Type	`RT_STRING`
Language	Portuguese - Brazil
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.41622`
MD5	`12e3617de8f59ecba91fa5fa1c5a4c90`
SHA1	`1f9deb8e27e0352da027f856705448cc09dd392e`
SHA256	`9ae0c1551673976858261bb4c2ff1c6106465d16ed8cf30e8929c7403e67265c`
SHA3	`7e62dd91367931e48942c9a3b83171c891907cf41345542b0fdd42afc4a8727e`

376 (#14)

Type	`RT_STRING`
Language	Spanish - Spain (International sort)
Codepage	UNKNOWN
Size	`0x62`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.33718`
MD5	`c6e0cd2bd3d1efd631412c1001ca5524`
SHA1	`4cd2e7d6e3e5507a0023c89c16f4cb063bdfdac8`
SHA256	`142541b2cf83e6d8e0f9225d9381ec0a5bf53c6774529adc5f6737f5d5cd9074`
SHA3	`d1ad4959ab840de857a4938c6c7bab75f8503ea4009da763f8d911a61f7a4aff`

376 (#15)

Type	`RT_STRING`
Language	Spanish - Argentina
Codepage	UNKNOWN
Size	`0x62`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.33718`
MD5	`c6e0cd2bd3d1efd631412c1001ca5524`
SHA1	`4cd2e7d6e3e5507a0023c89c16f4cb063bdfdac8`
SHA256	`142541b2cf83e6d8e0f9225d9381ec0a5bf53c6774529adc5f6737f5d5cd9074`
SHA3	`d1ad4959ab840de857a4938c6c7bab75f8503ea4009da763f8d911a61f7a4aff`

376 (#16)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x58`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.53904`
MD5	`8a1f564c84a09cc17d6771b42ffeb07f`
SHA1	`49516ffce818d9ea91548225da6f2e8ec6bc2a27`
SHA256	`86b789d0062962d5a2dec1798e7b1fb8f1a73a4605a14c5675578f023283ebc4`
SHA3	`a68cdca0c54e85adfe7297653ddf578b24ed7ba27861c00f59641e5479a20d5f`

10 (#2)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xbc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.06903`
Detected Filetype	Icon file
MD5	`28e876c096248f78d1ecc6d10cc60254`
SHA1	`63a25bca951df7a3b10c3a9eb2b0cab9ae24d649`
SHA256	`9da2480da45a2f5d7330a14a96c28dbca4c570c240a656da2139d447ed3bc9ba`
SHA3	`4c863965f3289aa370c2db7fd1b45c0e7dab3fc89c7c9f1e434aee92b419d06b`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x360`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.52585`
MD5	`86cc5e145b0e6c56f620f917833fbc03`
SHA1	`4daf9a20a163d2341657122d9edc74b027ec0083`
SHA256	`4f4afb03253741aa3cb212df62697f6c234a1bb25e20a961913da490f081687c`
SHA3	`52b94118079a348b338e22d4da65100346b77fcb04bb4454a8b41df72e31e856`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x87a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.19577`
MD5	`e3650a4453e951c3110ead3707007fbe`
SHA1	`cc04a6a9099a3cc3ae42f3c5dcfe0457d8621eb5`
SHA256	`1646e671db505fffbeb4825a29c0bea4a883bf999e8eb5788f1b0c4d37088873`
SHA3	`d75b55dafa3b0cfbf26f0e3977b6885c8130c10093376f7006d1cf44cdedaa4d`

String Table contents

HOSTAPPSERVICEUPDATER
HostAppServiceUpdater
秒
分钟
小时
天
kB
MB
GB
sekunder
minutter
timer
dage
kB
MB
GB
Sekunden
Minuten
Stunden
Tage
kB
MB
GB
sekuntia
minuuttia
tuntia
päivää
Kt
Mt
Gt
secondes
minutes
heures
jours
Ko
Mo
Go
secondi
minuti
ore
giorni
KB
MB
GB
秒
分
時間
日
kB
MB
GB
초
분
시간
일
kB
MB
GB
sekunder
minutter
timer
dager
kB
MB
GB
секунд
минут
часов
дней
КБ
МБ
ГБ
sekunder
minuter
timmar
dagar
kB
MB
GB
seconds
minutes
hours
days
kB
MB
GB
segundos
minutos
horas
dias
kB
MB
GB
segundos
minutos
horas
días
kB
MB
GB
segundos
minutos
horas
días
kB
MB
GB
秒數
分鐘
小時
日
kB
MB
GB
{received}/{total}
剩下 {time}
{received}/{total}
{time} tilbage
{received}/{total}
Noch {time}
{received}/{total}
{time} jäljellä oleva
{received}/{total}
Il reste {time}
{received}/{total}
{time} di tempo rimanente
{received}/{total}
残り{time}
{received}/{total}
{time} 남음
{received}/{total}
{time} gjenværende
{received}/{total}
Осталось {time}
{received}/{total}
{time} återstår
{received}/{total}
{time} left
{received}/{total}
{time} restante(s)
{received}/{total}
{time} restante
{received}/{total}
{time} restante
{received}/{total}
還剩下 {time}

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.273.4.677
ProductVersion	0.273.4.677
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	SweetLabs, Inc
FileDescription	Host App Service Updater
FileVersion (#2)	0.273.4.677
InternalName	hostappserviceupdater
LegalCopyright	Copyright (C) 2010-2023 - SweetLabs, Inc
OriginalFilename	HostAppServiceUpdater.exe
ProductName	Host App Service Updater
ProductVersion (#2)	0.273.4.677

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2023-Mar-29 19:26:08
Version	`0.0`
SizeofData	`50`
AddressOfRawData	`0x62e1e0`
PointerToRawData	`0x62d1e0`
Referenced File	HostAppServiceUpdater.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2023-Mar-29 19:26:08
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x62e214`
PointerToRawData	`0x62d214`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2023-Mar-29 19:26:08
Version	`0.0`
SizeofData	`1292`
AddressOfRawData	`0x62e228`
PointerToRawData	`0x62d228`

TLS Callbacks

StartAddressOfRawData	`0x14062e758`
EndAddressOfRawData	`0x14062e760`
AddressOfIndex	`0x1406be818`
AddressOfCallbacks	`0x140553b50`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`0x000000014038E200`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1406b22d8`

RICH Header

XOR Key	`0xcb942923`
Unmarked objects	`0`
241 (40116)	`12`
242 (40116)	`35`
243 (40116)	`184`
253 (VS2022 Update 4 (17.4.2) compiler 31935)	`6`
ASM objects (VS2022 Update 4 (17.4.2) compiler 31935)	`10`
C objects (LTCG) (VS2022 Update 5 (17.5.0-2) compiler 32215)	`4`
C objects (VS2022 Update 5 (17.5.0-2) compiler 32215)	`1`
C++ objects (VS2022 Update 4 (17.4.2) compiler 31935)	`101`
C objects (VS2022 Update 4 (17.4.2) compiler 31935)	`707`
244 (40116)	`8`
C objects (VS2022 Update 3 (17.3.0-3) compiler 31629)	`8`
239 (40116)	`51`
Total imports	`605`
C++ objects (VS2022 Update 3 (17.3.0-3) compiler 31629)	`1`
C++ objects (VS2022 Update 5 (17.5.0-2) compiler 32215)	`81`
Resource objects (VS2022 Update 5 (17.5.0-2) compiler 32215)	`1`
151	`3`
Linker (VS2022 Update 5 (17.5.0-2) compiler 32215)	`1`

16021fe99c9900c594fcf22391491222

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

_RDATA

.rsrc

.reloc

Imports

Delayed Imports

CA

1

2

3

4

5

6

7

8

9

10

11

12

13

5009

5014

7 (#2)

313

313 (#2)

313 (#3)

313 (#4)

313 (#5)

313 (#6)

313 (#7)

313 (#8)

313 (#9)

313 (#10)

313 (#11)

313 (#12)

313 (#13)

313 (#14)

313 (#15)

313 (#16)

376

376 (#2)

376 (#3)

376 (#4)

376 (#5)

376 (#6)

376 (#7)

376 (#8)

376 (#9)

376 (#10)

376 (#11)

376 (#12)

376 (#13)

376 (#14)

376 (#15)

376 (#16)

10 (#2)

1 (#2)

1 (#3)

String Table contents

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors