Manalyze report for 1e02d6aa4a199448719113ae3926afb2

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2009-Dec-05 22:50:41
Detected languages	English - United States

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: rundll32.exe` `Contains another PE executable: This program cannot be run in DOS mode.` Contains domain names: aia.ws.symantec.com crl.thawte.com crl.ws.symantec.com cs-g2-crl.thawte.com g2-crl.thawte.com http://crl.thawte.com http://crl.thawte.com/ThawtePCA.crl0 http://crl.thawte.com/ThawteTimestampingCA.crl0 http://cs-g2-crl.thawte.com http://cs-g2-crl.thawte.com/ThawteCSG2.crl0 http://nsis.sf.net http://nsis.sf.net/NSIS_Error http://ocsp.thawte.com0 http://ts-aia.ws.symantec.com http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 http://ts-crl.ws.symantec.com http://ts-crl.ws.symantec.com/tss-ca-g2.crl0 http://ts-ocsp.ws.symantec.com07 nsis.sf.net symantec.com thawte.com ts-aia.ws.symantec.com ts-crl.ws.symantec.com ws.symantec.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA1`
Suspicious	The PE is an NSIS installer	`Unusual section name found: .ndata`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA LoadLibraryExA GetProcAddress` `Can access the registry: RegQueryValueExA RegSetValueExA RegEnumKeyA RegEnumValueA RegOpenKeyExA RegDeleteKeyA RegDeleteValueA RegCloseKey RegCreateKeyExA` `Possibly launches other programs: CreateProcessA ShellExecuteA` `Can create temporary files: CreateFileA GetTempPathA` `Can shut the system down or lock the screen: ExitWindowsEx`
Suspicious	The file contains overlay data.	`1025855 bytes of data starting at offset 0xce00.` `The overlay data has an entropy of 7.99765 and is possibly compressed or encrypted.` `Overlay data amounts for 95.1107% of the executable.`
Malicious	VirusTotal score: 33/71 (Scanned on 2022-11-23 09:20:08)	`Lionic: Riskware.Win32.Babylon.1!c` `Cynet: Malicious (score: 100)` `CAT-QuickHeal: AdWare.ToolBar` `Cylance: Unsafe` `CrowdStrike: win/grayware_confidence_60% (D)` `Cyren: W32/Babylon.HOBW-7746` `Symantec: PUA.Downloader` `ESET-NOD32: a variant of Win32/Toolbar.Babylon.E potentially unwanted` `Kaspersky: not-a-virus:WebToolbar.Win32.Babylon.bcb` `NANO-Antivirus: Riskware.Win32.Babylon.craswq` `SUPERAntiSpyware: Adware.Multi/Variant` `Tencent: Win32.Trojan.Malware.Bzcm` `Emsisoft: Application.Toolbar (A)` `Comodo: ApplicUnwnt@#17dvgmrmdfork` `F-Secure: Program.APPL/Toolbar.Babylon.10785` `DrWeb: Adware.Toolbar.493` `TrendMicro: PUA.Win32.Babylon.GA` `Ikarus: PUA.Optional.ToolBar` `GData: Win32.Application.Agent.0YJLRD` `Avira: APPL/Toolbar.Babylon.10785` `Antiy-AVL: RiskWare[WebToolbar]/Win32.Babylon` `Arcabit: Adware.Generic` `ViRobot: RiskTool.Unlocker.1078591` `ZoneAlarm: not-a-virus:WebToolbar.Win32.Babylon.bcb` `Microsoft: PUA:Win32/Presenoker` `Google: Detected` `AhnLab-V3: PUP/Win.Drop` `Malwarebytes: PUP.Optional.Babylon` `Zoner: Trojan.Win32.55558` `TrendMicro-HouseCall: PUA.Win32.Babylon.GA` `Rising: PUF.Babylon!1.B3CC (CLASSIC)` `Yandex: Trojan.Igent.bYph23.1` `Fortinet: Riskware/Babylon`

Hashes

MD5	`1e02d6aa4a199448719113ae3926afb2`
SHA1	`f1eff6451ced129c0e5c0a510955f234a01158a0`
SHA256	`fb6b1171776554a808c62f4045f5167603f70bf7611de64311ece0624b365397`
SHA3	`35aaa9c3983b3a17dd42ac42c1505552ba0f280bde45ddc4011a85122001e335`
SSDeep	`24576:eLMeYSiGTpTLDxxwqQcqOj5eyHox6ZGmAuXE7ZBlbT:+PbVvwqQpoLHontDrlbT`
Imports Hash	`7fa974366048f9c551ef45714595665e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2009-Dec-05 22:50:41
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x5a00`
SizeOfInitializedData	`0x1d400`
SizeOfUninitializedData	`0x400`
AddressOfEntryPoint	`0x000030CB (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x7000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`6.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x34000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`c69726ed422d3dcfdec9731986daa752`
SHA1	`4546608e3b1a2ab1d69a34018d2ddfa7fa411885`
SHA256	`da167f61fb84d3c5eb7bbcad3d8fac3a1106a633803d7a6241886b22fac9e22e`
SHA3	`aa2ef8535248305ad0859fa231f89a9939a933bf194c21f6269d23392dcbfe78`
VirtualSize	`0x58d2`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.4331`

.rdata

MD5	`a2c7710fa66fcbb43c7ef0ab9eea5e9a`
SHA1	`60485025c47935e745e57b6efc7042f2261b7d53`
SHA256	`68b13cb687c587beff511baf9a361b9c0266769c060b1c4521cf77feb6185c10`
SHA3	`f708834de93177e744fd9efd3b0e2c530a7ba924048f0699c30a377c91a8f3c9`
VirtualSize	`0x1190`
VirtualAddress	`0x7000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x5e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.17976`

.data

MD5	`e59cdcb732e4bfbc84cc61dd68354f78`
SHA1	`ffc24489dd56b406f9078ba1cb9c71e9b430dbee`
SHA256	`75dcd6ea146722e46abe7b69a0c0c202d88b980baedc3c0fed0b3f37ba189891`
SHA3	`56b9fc9dfaffcf5c9105fd8abb878cb4b6fe17194c8c0bb87228e0608f93a639`
VirtualSize	`0x1af78`
VirtualAddress	`0x9000`
SizeOfRawData	`0x400`
PointerToRawData	`0x7000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.6178`

.ndata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xa000`
VirtualAddress	`0x24000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rsrc

MD5	`8b67078cff291e2e620913fd415535fa`
SHA1	`07aba29158c7fe93f5bafad9764a04863a72b03c`
SHA256	`459635288a1a9c3f72317f93aabd619013b1552ea77fad18a737b6ab0499fdab`
SHA3	`2fefe5456766515a8b9b0a2988a82cf4ecf23382110a6270985da288fb18eb93`
VirtualSize	`0x5868`
VirtualAddress	`0x2e000`
SizeOfRawData	`0x5a00`
PointerToRawData	`0x7400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.41727`

Imports

KERNEL32.dll	`CompareFileTime` `SearchPathA` `GetShortPathNameA` `GetFullPathNameA` `MoveFileA` `SetCurrentDirectoryA` `GetFileAttributesA` `GetLastError` `CreateDirectoryA` `SetFileAttributesA` `Sleep` `GetTickCount` `GetFileSize` `GetModuleFileNameA` `GetCurrentProcess` `CopyFileA` `ExitProcess` `GetWindowsDirectoryA` `SetFileTime` `GetCommandLineA` `SetErrorMode` `LoadLibraryA` `lstrcpynA` `GetDiskFreeSpaceA` `GlobalUnlock` `GlobalLock` `CreateThread` `CreateProcessA` `RemoveDirectoryA` `CreateFileA` `GetTempFileNameA` `lstrlenA` `lstrcatA` `GetSystemDirectoryA` `GetVersion` `CloseHandle` `lstrcmpiA` `lstrcmpA` `ExpandEnvironmentStringsA` `GlobalFree` `GlobalAlloc` `WaitForSingleObject` `GetExitCodeProcess` `GetModuleHandleA` `LoadLibraryExA` `GetProcAddress` `FreeLibrary` `MultiByteToWideChar` `WritePrivateProfileStringA` `GetPrivateProfileStringA` `WriteFile` `ReadFile` `MulDiv` `SetFilePointer` `FindClose` `FindNextFileA` `FindFirstFileA` `DeleteFileA` `GetTempPathA`
USER32.dll	`EndDialog` `ScreenToClient` `GetWindowRect` `EnableMenuItem` `GetSystemMenu` `SetClassLongA` `IsWindowEnabled` `SetWindowPos` `GetSysColor` `GetWindowLongA` `SetCursor` `LoadCursorA` `CheckDlgButton` `GetMessagePos` `LoadBitmapA` `CallWindowProcA` `IsWindowVisible` `CloseClipboard` `SetClipboardData` `EmptyClipboard` `RegisterClassA` `TrackPopupMenu` `AppendMenuA` `CreatePopupMenu` `GetSystemMetrics` `SetDlgItemTextA` `GetDlgItemTextA` `MessageBoxIndirectA` `CharPrevA` `DispatchMessageA` `PeekMessageA` `DestroyWindow` `CreateDialogParamA` `SetTimer` `SetWindowTextA` `PostQuitMessage` `SetForegroundWindow` `wsprintfA` `SendMessageTimeoutA` `FindWindowExA` `SystemParametersInfoA` `CreateWindowExA` `GetClassInfoA` `DialogBoxParamA` `CharNextA` `OpenClipboard` `ExitWindowsEx` `IsWindow` `GetDlgItem` `SetWindowLongA` `LoadImageA` `GetDC` `EnableWindow` `InvalidateRect` `SendMessageA` `DefWindowProcA` `BeginPaint` `GetClientRect` `FillRect` `DrawTextA` `EndPaint` `ShowWindow`
GDI32.dll	`SetBkColor` `GetDeviceCaps` `DeleteObject` `CreateBrushIndirect` `CreateFontIndirectA` `SetBkMode` `SetTextColor` `SelectObject`
SHELL32.dll	`SHGetPathFromIDListA` `SHBrowseForFolderA` `SHGetFileInfoA` `ShellExecuteA` `SHFileOperationA` `SHGetSpecialFolderLocation`
ADVAPI32.dll	`RegQueryValueExA` `RegSetValueExA` `RegEnumKeyA` `RegEnumValueA` `RegOpenKeyExA` `RegDeleteKeyA` `RegDeleteValueA` `RegCloseKey` `RegCreateKeyExA`
COMCTL32.dll	`ImageList_AddMasked` `ImageList_Destroy` `#17` `ImageList_Create`
ole32.dll	`CoTaskMemFree` `OleInitialize` `OleUninitialize` `CoCreateInstance`
VERSION.dll	`GetFileVersionInfoSizeA` `GetFileVersionInfoA` `VerQueryValueA`

Delayed Imports

110

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x666`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82633`
MD5	`b6bf70baab40fe438feff063bfb9ff6f`
SHA1	`7d4659d43e08d368ddacd31945872461c0b06253`
SHA256	`0e90a9e4b8f3a5bf990e8aadfd8096ad7aeaf1a4e032ac7b6395ce191d61c142`
SHA3	`cab98fabaf20118d9a8a4d2bcff4383a7291a0e04ff11a8690e71eed619c75e7`
Preview

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.86229`
MD5	`69a68de8f06acdea407cb11911d51605`
SHA1	`40f82922aae5b3f43dd022159e05dfcc67152c12`
SHA256	`9a52e6fbdd931db6a32596fec4f0f9a5891c93f6d14a8eee50dbb94983ed0cb2`
SHA3	`e4df1d8f0b85c83cbb60b35fbfe8a097eb19fd7824e17e1992a5c7ec51990333`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.76086`
MD5	`a420cda21fcd5dc7b0308fe1cb767236`
SHA1	`bee8d682eaf456cecda6390607c20dea49075624`
SHA256	`b384bfc62501b03ba74b30155cc245f2672785d7b382493bd4015ef4446d0987`
SHA3	`0aa7e37ccdac1c7427356dc3cd7272a1b9f475e7821098ab114b7fc8a4542011`

102

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xb4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.71813`
MD5	`7add80697358fcc3e63354d269ea5ac9`
SHA1	`72c0a1363b9b4fee0a4acb42b31cd9b5e0664c4c`
SHA256	`b29c7a1301ddb0e896faf944d8ea8f4e57ff4f3d5fc3e5dc5bf3e64ed6be2fdd`
SHA3	`40a0e6b6b579b110550a4c3304eb33293a293d9aa288b02b11750143b52423fe`

103

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x120`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.56193`
MD5	`db6dd0434da4d7cac564518725167e09`
SHA1	`a65a1367d7cd96450f089a8f8108239bbcea9f5b`
SHA256	`c50631fc1f8425a95fd1edcc8e730d339e193a38f18d42372c32847a5ad2c016`
SHA3	`4e3be5455c51e1cb04836e318cb69ecdffd2deadd0f338d4bc985d8f5ca653ff`

104

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x118`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.6666`
MD5	`5d5a429855fa400f785316d80f880cd7`
SHA1	`5dffb70c795a3241a281f9636d94753ad5eb440a`
SHA256	`99ecc5a3f800a0ac164f6e5a7ae19f7cacedaa6a7b428a0e0105fa12a79ac377`
SHA3	`90320add8ff01554fa2afdf9bef0cd652aea4f1e9919ee0f0675bfdcdb494317`

105

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x202`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.73893`
MD5	`386770584473e271f23dced36427f4ff`
SHA1	`d14ce95f784b35e4e3ebee535476ebcd3e380c19`
SHA256	`425b8270f7ca42a927eae6bea468acf414a3e4b58b5ba2c56aaae4d1b2c11014`
SHA3	`db13e5969376b27e8443eebff685230e2b74685aeb2fba73973f06e5cddc8662`

106

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xf8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.91148`
MD5	`fa83652660409e90e0db9731ad2adb17`
SHA1	`0a8f0af67723c87fe26ccf676b8e19ec6357b4dc`
SHA256	`4a55bd714f5d50cd8eabba10e57f0618f1842717dcfa582d73a917b1933cd1d4`
SHA3	`5b3e1cb25be7a2dbae4f08f0d4794ed23dbd6ea37a3f9702be12dba588f42a7b`

111

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xee`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.92787`
MD5	`5dfa289639a3bcc0497da8db163f01fe`
SHA1	`6e2c6ea1e2594b66f563fb589276642c127e875f`
SHA256	`18466509968c3c0bf92ba410fea075def2b257a5a799a113cbc60f13e75f4b01`
SHA3	`85abdc8c431d91c72f3595a39881c96637ead09a0278d3cec0c1c9a8d873f031`

202

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xb4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.9709`
MD5	`dc6d11ad565c6f5607f43427d26ce8e7`
SHA1	`17147cbbee9dcab0094b850a16f796a65210fa50`
SHA256	`9bf8fb8e0765f511017f3502f09ac47dc79f8a92fc6c583d123795fb471ec3a9`
SHA3	`e434e61a8031988ddf8da056d52ea9949ebda6a66bb58c3f3644bc8315f920ea`

203

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x120`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.84487`
MD5	`12402b54eddc39fa3dae283957b4eb4c`
SHA1	`beccbeac143c7c78d7271c20c73df7e797c6224b`
SHA256	`4017b96a65ef43c2d6781adc75b048ed8568f3068b81ee971154b90886766250`
SHA3	`d1f0eb13adc7d47e9aa7da0e3a996fd742075668a840e149a5f391955e438793`

204

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x118`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.00806`
MD5	`3c9a9b12905d050a6b1f9dd4437e97ad`
SHA1	`9b41fdfa5f38fdfa49ba0f7d12daeb555ccbc809`
SHA256	`7c56fdd25614522ca1aa5b7afd88bcd5932e22b0d20676abd05a4df2b7ecf085`
SHA3	`06152c3cfe307fcf755c8e2fdf91a903105f4b766e1bf007f587d517cdf9b985`

205

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x202`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.03251`
MD5	`16e4e392aaffaa0ee7e77b5be867e10f`
SHA1	`f7f681d8ec7c8a1aaa98b7a1d6bf14cfe730bbec`
SHA256	`699e0b19b7a5592c6cd94847130b28d57bf86ea61019043b9a6a3c88e6debc3d`
SHA3	`e91dc6b4bb438e908867a57a350a8f08d1116bc10d1694ba284a5a44360277b3`

206

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xf8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.10966`
MD5	`1ffe62afd7fe045c34a23ea5c9c7eb22`
SHA1	`ac211007f1f7a65d868d6e9e658d5ff26dec9c8e`
SHA256	`184073a317c843cbe92b68cfacebcf5d73dedb538b3f79c048090f3ee5b614ff`
SHA3	`f34fe335d0a39aedd236cfe40879f6624bc468df8195f5360c1d7267f2bd0113`

211

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xee`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.06584`
MD5	`7ce8a17102daebb8d864cd1063e987d1`
SHA1	`072345a235d4947d36b53fd47da68e7e6a93fe62`
SHA256	`0fd40b240b9df8f2dece8947dabbebce898f12becca8e196136e4231efba2dc1`
SHA3	`59c7281c1d6dca36fed8a44ee5b408f11090812626d5c5fe1da3d72b526208ab`

302

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xb4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.9709`
MD5	`dc6d11ad565c6f5607f43427d26ce8e7`
SHA1	`17147cbbee9dcab0094b850a16f796a65210fa50`
SHA256	`9bf8fb8e0765f511017f3502f09ac47dc79f8a92fc6c583d123795fb471ec3a9`
SHA3	`e434e61a8031988ddf8da056d52ea9949ebda6a66bb58c3f3644bc8315f920ea`

303

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x120`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.84487`
MD5	`12402b54eddc39fa3dae283957b4eb4c`
SHA1	`beccbeac143c7c78d7271c20c73df7e797c6224b`
SHA256	`4017b96a65ef43c2d6781adc75b048ed8568f3068b81ee971154b90886766250`
SHA3	`d1f0eb13adc7d47e9aa7da0e3a996fd742075668a840e149a5f391955e438793`

304

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x118`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.00806`
MD5	`3c9a9b12905d050a6b1f9dd4437e97ad`
SHA1	`9b41fdfa5f38fdfa49ba0f7d12daeb555ccbc809`
SHA256	`7c56fdd25614522ca1aa5b7afd88bcd5932e22b0d20676abd05a4df2b7ecf085`
SHA3	`06152c3cfe307fcf755c8e2fdf91a903105f4b766e1bf007f587d517cdf9b985`

305

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x202`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.03251`
MD5	`16e4e392aaffaa0ee7e77b5be867e10f`
SHA1	`f7f681d8ec7c8a1aaa98b7a1d6bf14cfe730bbec`
SHA256	`699e0b19b7a5592c6cd94847130b28d57bf86ea61019043b9a6a3c88e6debc3d`
SHA3	`e91dc6b4bb438e908867a57a350a8f08d1116bc10d1694ba284a5a44360277b3`

306

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xf8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.10966`
MD5	`1ffe62afd7fe045c34a23ea5c9c7eb22`
SHA1	`ac211007f1f7a65d868d6e9e658d5ff26dec9c8e`
SHA256	`184073a317c843cbe92b68cfacebcf5d73dedb538b3f79c048090f3ee5b614ff`
SHA3	`f34fe335d0a39aedd236cfe40879f6624bc468df8195f5360c1d7267f2bd0113`

311

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xee`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.06584`
MD5	`7ce8a17102daebb8d864cd1063e987d1`
SHA1	`072345a235d4947d36b53fd47da68e7e6a93fe62`
SHA256	`0fd40b240b9df8f2dece8947dabbebce898f12becca8e196136e4231efba2dc1`
SHA3	`59c7281c1d6dca36fed8a44ee5b408f11090812626d5c5fe1da3d72b526208ab`

402

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xb4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.9709`
MD5	`dc6d11ad565c6f5607f43427d26ce8e7`
SHA1	`17147cbbee9dcab0094b850a16f796a65210fa50`
SHA256	`9bf8fb8e0765f511017f3502f09ac47dc79f8a92fc6c583d123795fb471ec3a9`
SHA3	`e434e61a8031988ddf8da056d52ea9949ebda6a66bb58c3f3644bc8315f920ea`

403

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x120`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.84487`
MD5	`12402b54eddc39fa3dae283957b4eb4c`
SHA1	`beccbeac143c7c78d7271c20c73df7e797c6224b`
SHA256	`4017b96a65ef43c2d6781adc75b048ed8568f3068b81ee971154b90886766250`
SHA3	`d1f0eb13adc7d47e9aa7da0e3a996fd742075668a840e149a5f391955e438793`

404

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x118`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.00806`
MD5	`3c9a9b12905d050a6b1f9dd4437e97ad`
SHA1	`9b41fdfa5f38fdfa49ba0f7d12daeb555ccbc809`
SHA256	`7c56fdd25614522ca1aa5b7afd88bcd5932e22b0d20676abd05a4df2b7ecf085`
SHA3	`06152c3cfe307fcf755c8e2fdf91a903105f4b766e1bf007f587d517cdf9b985`

405

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x202`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.03251`
MD5	`16e4e392aaffaa0ee7e77b5be867e10f`
SHA1	`f7f681d8ec7c8a1aaa98b7a1d6bf14cfe730bbec`
SHA256	`699e0b19b7a5592c6cd94847130b28d57bf86ea61019043b9a6a3c88e6debc3d`
SHA3	`e91dc6b4bb438e908867a57a350a8f08d1116bc10d1694ba284a5a44360277b3`

406

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xf8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.10966`
MD5	`1ffe62afd7fe045c34a23ea5c9c7eb22`
SHA1	`ac211007f1f7a65d868d6e9e658d5ff26dec9c8e`
SHA256	`184073a317c843cbe92b68cfacebcf5d73dedb538b3f79c048090f3ee5b614ff`
SHA3	`f34fe335d0a39aedd236cfe40879f6624bc468df8195f5360c1d7267f2bd0113`

411

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xee`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.06584`
MD5	`7ce8a17102daebb8d864cd1063e987d1`
SHA1	`072345a235d4947d36b53fd47da68e7e6a93fe62`
SHA256	`0fd40b240b9df8f2dece8947dabbebce898f12becca8e196136e4231efba2dc1`
SHA3	`59c7281c1d6dca36fed8a44ee5b408f11090812626d5c5fe1da3d72b526208ab`

502

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.85266`
MD5	`56a98b29f3e9e2490d3235a32d6c1e67`
SHA1	`558d421fa7c5e714708fc4165bd323414ea992fe`
SHA256	`6172e3f35478e9cd3989964257dce0633cf5c9e0858282e0023bd87a64cf64a0`
SHA3	`baeb6b875c38f08b0e9a52ce8950c622ce66501b6692ff236c9a87ded13571cd`

503

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x118`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.64541`
MD5	`44c009c9e1abc2355198b432965c61ef`
SHA1	`4c090f75f279e474a9ca4a07ac84935aa769b0dd`
SHA256	`85f659842e9aa525dc22d0ff4e18e14d4e4ccfc924d1fdfa03d50a0410e6c0d6`
SHA3	`f829f224ca0ee8e4f9b0c51c79cc819098ab16c3d55912e0c1aade1677d1a921`

504

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x110`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.76827`
MD5	`1f75a188b69b2dd1029c638abfd930c2`
SHA1	`9893497d98a85e9647c782410f9e8ca9482b0c5e`
SHA256	`3dcc70671211d34375fe9f715af85b474c799c928b836548149ac042b097841f`
SHA3	`a37bfdf413f6eab2d4d9ac5d06642a39f696743609c17b5359a352f1c018f672`

505

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1fa`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.78574`
MD5	`2c1f44c0a248a53a50a661eb9a65cdcf`
SHA1	`69a0418cac4aaa30203faa1f0bdbe74fe1cc29c6`
SHA256	`1382f1e9260b7e203ceafc6936ef1dae48898fcf8fb04a446cd27a4384bc40c3`
SHA3	`2391f29b4bbdb35210160bdff0e5454a66809bd69915f6c5af5ec10cbbf057aa`

506

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xf0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04696`
MD5	`c7239ce55362dabbe3887e5fc4bdf5fe`
SHA1	`a2908207ffb889a12da3cbdbe7446e04b254e7ed`
SHA256	`012557f58e68234d4a88df0b713c59800f798ecce19dfd589d326b458dddcbd8`
SHA3	`34f4adf15b3169820de0c298735a1ea7bc4e5c9737c5baac458a5fbfb356b1f6`

511

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xe6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.09674`
MD5	`30dab3583979c2008e8de9295ab7c36b`
SHA1	`186cd9560b358bbf8b523d1050573f22bb00264d`
SHA256	`8c64a2341dc473a7d8ab4956af589e9a7257c4f05a8dc229f862c16d49ba37e5`
SHA3	`4449f57b4725dc59d7d66dc9b817250112828d0f5d6b31cba247cd36ff544268`

602

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.62197`
MD5	`e6291e2e9f4a2bf617a2f5d609b73179`
SHA1	`4a1691980603e4b18f4d8d722e6051671559e045`
SHA256	`1edb8d1dabb534fbf24b5b03f6ec5596dc4961ded3ec76aaa73fd9e4e483948c`
SHA3	`5014bab44e3a140b8c02383e5dd7201e8c67e49db8231a40ef559dfc0755fa18`

603

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.484`
MD5	`b21b5bb94f7cb7111620ebfb32534430`
SHA1	`d4fa9452937d98ccb59bdc96660d588a5183bba9`
SHA256	`eb6f4dac693c6249bb157ef5cfe6057af4088d7bacfce7089e13a85f0661389a`
SHA3	`08dbbf11ee68c7b878492fecb06c7ac64f494ec1cde2b58149e4a6b1af9f3913`

604

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x104`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.6159`
MD5	`517a8e5280b001436e25ab7949e872a2`
SHA1	`82ced597150114a4dd37672a5e340688dd743b3e`
SHA256	`3598e7c081de284d86c60806a30730200b01068d1edb205694f5d65e5fbde1e5`
SHA3	`bd599ef71ec7a420d08ff741023361ad074920d8b6419daf84b9448676b572dd`

605

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1ee`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.68176`
MD5	`1cdff3870b4510f9c4a40874187787a2`
SHA1	`a7a0949b603bcbf6fdfe4a68eeba4c06cfda442b`
SHA256	`d542230218a67392c3e8d2c61f29f66f8724d837e83e9c0a49f30bdf02d722d7`
SHA3	`0ebf01d8f7e1f18047d7637f891d36fb662a028e2d4bbfd752c0cf4de4e50c9f`

606

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xe4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.86295`
MD5	`cc0021533c65b44747600689ff5fbd43`
SHA1	`b1d1e4594f5ad7b08d56a25cdbe6d9b9378e482b`
SHA256	`ab1e3ad5b5d87630cb0f6a6671c10fe49d9c33839be0d5daeba89ec053dda92c`
SHA3	`84d6def5cee15efe0091dd2b0c1f1293ccd14684a0736bd33e1c5aa70c3471f7`

611

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xda`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.92694`
MD5	`408a7443d8f432b28a248059d8669d1c`
SHA1	`c199828e8051a2825b1d5e216360eb57cd0b37f7`
SHA256	`4677979c1665998318fcb65b9a0c0b3dd9204c12dbddbd5e76df8822ed6e347a`
SHA3	`a3fbf76ef107912c1222e3203143386903416d7d7c171d53f3e0988bea2e4923`

702

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.63447`
MD5	`737dd1e8146ef8d56dac24dbc1957838`
SHA1	`15658c461b9fae98eb87e6ad4cbba100bbb51f1d`
SHA256	`09b17373dd40b89a1f1b428f387837db95bc729f40d7189dd3774495c34067b6`
SHA3	`7e5df0e25dc77b7e96d1e207a30515194c9961cda6af96b0c19efbf93ef99ce0`

703

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.47654`
MD5	`888fbcc92ebd6174786b32d45350005a`
SHA1	`ba4959d06247a07012fbca926691e2e709c7aa8f`
SHA256	`b98ac97ffc283bc465d34958c79f8a31480c0f98eb44c5e23977bee9ba52b703`
SHA3	`1ec3fb0c9114bc10f7c71e9bf1d15c48a5e39fd99193dfce3db02c097cbb626c`

704

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x104`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.60821`
MD5	`96bfd881956fc7f5e7ed898f1176119d`
SHA1	`e430d9629020da92683d40562f39b7452a1ad30a`
SHA256	`15b8c2802e6200086ef104eade54cf616e59bba1d2aa895e4beb3a6d9de165ae`
SHA3	`f74ec2236c31db5890a73fbb34c65277be122a4df21a0c32decbd47c9ef56be5`

705

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1ee`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.68733`
MD5	`c0c4f9be63c9d286b8d1265977ac9d86`
SHA1	`f9c0d915ded3ea188f342d0e5341e67701eed813`
SHA256	`349420ba5b5de0b0081e96a686c826e0f409f2f3413f2e9fb7e6f71cb544c325`
SHA3	`dce55e6d53e014b0786bba9e4f6c7d81ed0c04fde8279c3b54f7c2f5a9fe121a`

706

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xe4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.86626`
MD5	`8c69d2c81dd2d9050d0fa94df90ff16b`
SHA1	`cd71d904da747d7141e5abdde9363f7e240b26bd`
SHA256	`1a39a3aabdee2aa68c507c55ff37c38722b05b7f8bde66185a2462792381d8cd`
SHA3	`b80b33ab6bf40b07bc32c7a6a11831084f7c97a27dff86d576769d0aab14b979`

711

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xda`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.9304`
MD5	`2497a44fff8b76b5129662b60a617c85`
SHA1	`f73bd7c9caa4c1f7a0e4840d69b0accdc6d167a0`
SHA256	`a10617b39293152a65ad5c91ca4f35135845c7b785e3a582e58f6c8229045b85`
SHA3	`aaf1dc708c305944a11a7180ef5ee2c8f722c3dd6d4bf91e0ae0f6c2b1a331ca`

802

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.77222`
MD5	`e00685b7c73ac57d7f0bb3ac7c974224`
SHA1	`ded42aa32130a42138c8cd5e9260cfc86b21f55c`
SHA256	`8dd84d5d195a652dc01b940f9f9673bf5dd3696bf837646efbe87b12966f8f93`
SHA3	`4097931fdf69965d2b356b74d5a7abb368253ab3f0ed6500feb5c41db6cbd41f`

803

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x110`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.58011`
MD5	`088199de88ee4293982cec0b65748394`
SHA1	`ccce70fc022137c746dfb6bf52cd785b8675768d`
SHA256	`583b62d87b496612f7e10bf1da5113b8a4c83f0a2155184d03c0b2ec14fb5ed1`
SHA3	`855ba3bd893d691d7c7f704da34c23efd96142d6deefc65d3bdb0e2968f97d95`

804

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x108`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.69712`
MD5	`9ea9ba2e8c214d2e616d4d0969216393`
SHA1	`2bebd9005db37f879a9cf96f0c93e43bb23fc04c`
SHA256	`529a9a8766c9a587105147c14a2f7d67ec4aec76f4c4f7086f937ccd0144a1c4`
SHA3	`713e08e32304fa0f93501a27db963d684941fef7f951f4b2d0438bfe667003d5`

805

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1f2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.74143`
MD5	`0af4d59488d775d20c2e6725f3ed95a9`
SHA1	`f7c55407fa28f7d3eb8f6a4d4b988947f57c4c4a`
SHA256	`ab979c8f6052af662e37a55c3aa42a884f0ce537317ce85f25d6c2307eb198f5`
SHA3	`cbd4ee359d3f62e7dfb156ecd5dcd05351e2728ee88efb928161a5f2b62fd5c3`

806

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xe8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.96511`
MD5	`c33758ab32a791644973dfd60cbf6034`
SHA1	`ee7eb0a27279d39a959f5d35b6dfd4c18c7123fa`
SHA256	`6e7bca0054a1785929747807906d8527c2c2a231ca5975d8ebb3a3f98353f129`
SHA3	`8883e9e9fe2e8e33f0c0a0dcb5c13456e825a62100aa3e10099e225770ecc9ff`

811

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xde`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.03655`
MD5	`2802ee53bc08ac9a2cfaed81b3d79d05`
SHA1	`b7faac6a14545ea9c03651f69ae27cce0e62b010`
SHA256	`65fb71b054977a55435f45bbcddddedaa1e1cf43fdd9fc230938d625c3f7edcd`
SHA3	`1b03466617102ef078d2690bf5a361563eae8b960554205937f87a6c81d328c5`

103 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.32824`
Detected Filetype	Icon file
MD5	`f0e9efd69693c0cd3ed4bd2dec5427c2`
SHA1	`23ba40ab874096ed38b3bdba72f886057cc887b1`
SHA256	`9285c99f72073e1b5bcbf1e8598c0a9e3a311da5f28b3f8c45b3b6ce57f99b6f`
SHA3	`cd681932571a6c6af7939b5b7274017be10b5b0e0667690bbe32fd74e3875176`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3be`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.21482`
MD5	`18a65b0356650472e36d75deef2173b5`
SHA1	`ad8ae2a67c7258efa638901ff609cc6561b96b4f`
SHA256	`cb24fe30879e7b0870fb61f7c16bdb8c4fa9a2a8c2d945bd3ea8dd889e93c0ff`
SHA3	`55079671a0ec8905dde3e77ac6ab2a0ab33bc1d621f43b49f67d3539c1fd0723`

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x69ead975`
Unmarked objects	`0`
C objects (VS2003 (.NET) build 4035)	`2`
Total imports	`155`
Imports (VS2003 (.NET) build 4035)	`17`
48 (9044)	`10`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

Errors

[*] Warning: Section .ndata has a size of 0!