Manalyze report for 20127c15e4a153322c63a734aebf7513

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2012-Feb-24 19:19:59
Detected languages	English - United States
CompanyName	Restoro
FileDescription	Restoro Downloader
FileVersion	`2.016`
InternalName	Restoro Downloader
LegalCopyright	© Restoro 2019
LegalTrademarks	Restoro
ProductName	Restoro
ProductVersion	`2.016`

Plugin Output

Suspicious	The PE is an NSIS installer	`Unusual section name found: .ndata`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress LoadLibraryA LoadLibraryExW` `Can access the registry: RegEnumKeyW RegOpenKeyExW RegCloseKey RegDeleteKeyW RegDeleteValueW RegCreateKeyExW RegSetValueExW RegQueryValueExW RegEnumValueW` `Possibly launches other programs: CreateProcessW ShellExecuteW` `Can create temporary files: CreateFileW GetTempPathW` `Manipulates other processes: OpenProcess` `Can shut the system down or lock the screen: ExitWindowsEx`
Malicious	VirusTotal score: 3/68 (Scanned on 2019-09-11 03:50:42)	`ESET-NOD32: a variant of Win32/ReImageRepair.R potentially unwanted` `DrWeb: Program.Unwanted.3906` `Malwarebytes: PUP.Optional.Restoro`

Hashes

MD5	`20127c15e4a153322c63a734aebf7513`
SHA1	`43ee5c9c3970b48f2fe82c3ab3c6dcf1b1de1b07`
SHA256	`951ed0a81277e09e0416174c970fcdbed93745c9993d0fc649d576872d3c75a9`
SHA3	`6d8fe265bb7a7b96b406c085c1b66b9370476d68e07f8bacd3de053476db40ac`
SSDeep	`12288:REVLcMwpsGcDdHCfKbQTiHmHGluO0Q9zY8cEtDcZeOc2oVWX:RucLyNCClsO0Q97Xmep4`
Imports Hash	`9676d3254c05a4258dfb3154ab9a7a37`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2012-Feb-24 19:19:59
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`10.0`
SizeOfCode	`0x7000`
SizeOfInitializedData	`0x6d000`
SizeOfUninitializedData	`0x4200`
AddressOfEntryPoint	`0x000039E3 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x8000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`6.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x3f9000`
SizeOfHeaders	`0x400`
Checksum	`0xf1e02`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f569e353af0ed51bf4c216faa9bed4e7`
SHA1	`6a44a12f5af7cce9abbd9cd636f52401b2120209`
SHA256	`43b1b548befd5d2a4638048c6f234cbb66fa07c1fd709bbc3e73bb4d642da595`
SHA3	`2a5b3f035f6962e7f8bbe2adb74570e17e1925c226adfc81c2a4375bea2310a9`
VirtualSize	`0x6f10`
VirtualAddress	`0x1000`
SizeOfRawData	`0x7000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.49788`

.rdata

MD5	`91eee43954e068e650f7b73a8b0e6915`
SHA1	`b547eb6e6cac33ee3733ac68385899629a5e5f17`
SHA256	`e0f96857d54993cd0a9a734ab76698d270a5311129cc442a3344bb196b9afe4a`
SHA3	`0e15cfd9c8ce1462c26fb202da97515881abdf0e9729f0cadfda0e8fbe60c89b`
VirtualSize	`0x2a92`
VirtualAddress	`0x8000`
SizeOfRawData	`0x2c00`
PointerToRawData	`0x7400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.39389`

.data

MD5	`db9f7acbf1c3ddfe255077b699955dfa`
SHA1	`53188fc5923c982a5f95f3d84c9e65d33d887d59`
SHA256	`6db33451a2c8a909671725fe9d9e735e8c3bc704954f014503d33963aca37551`
SHA3	`defd360cc2dc6f7f28b1998314c9492a9f450dc1fad927840058dee2eb8cb32d`
VirtualSize	`0x67ebc`
VirtualAddress	`0xb000`
SizeOfRawData	`0x200`
PointerToRawData	`0xa000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.47278`

.ndata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x339000`
VirtualAddress	`0x73000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rsrc

MD5	`6d955beda33ddd993629bba1ad41c7b4`
SHA1	`5f73c047fcf8dea69cf4d6889613d93294ec4f36`
SHA256	`0d486b73b110c8abfbfabebc1640c91838dd1519f4b26c2836392b6d3652ba8c`
SHA3	`25133efe40715dd5884f008a54ab2930f0cbab76609f07965b3ea6802202afc5`
VirtualSize	`0x4bfe9`
VirtualAddress	`0x3ac000`
SizeOfRawData	`0x4c000`
PointerToRawData	`0xa200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.92449`

.reloc

MD5	`f4ad22215006a677ade6a73cdeab789f`
SHA1	`cb067a36b6292219258c8b584e1750c1595ccdc2`
SHA256	`3e52889b16c99832ffef571f3e130ca7fb82c765d4e223593f9c8bf7c77df9d2`
SHA3	`2f582dc38f18dc71c63c6cc199ad231f6088ac08959509fc227298273c8c6a1a`
VirtualSize	`0xf8a`
VirtualAddress	`0x3f8000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xb600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.2338`

Imports

KERNEL32.dll	`SetFileTime` `CompareFileTime` `SearchPathW` `GetShortPathNameW` `GetFullPathNameW` `MoveFileW` `SetCurrentDirectoryW` `GetFileAttributesW` `GetLastError` `CreateDirectoryW` `SetFileAttributesW` `Sleep` `GetTickCount` `CreateFileW` `GetFileSize` `GetModuleFileNameW` `GetCurrentProcess` `CopyFileW` `ExitProcess` `GetWindowsDirectoryW` `GetTempPathW` `GetCommandLineW` `SetErrorMode` `CloseHandle` `lstrlenW` `lstrcpynW` `GetDiskFreeSpaceW` `GlobalUnlock` `GlobalLock` `CreateThread` `LoadLibraryW` `CreateProcessW` `lstrcmpiA` `GetTempFileNameW` `lstrcatW` `GetProcAddress` `LoadLibraryA` `GetModuleHandleA` `OpenProcess` `lstrcpyW` `GetVersionExW` `GetSystemDirectoryW` `GetVersion` `lstrcpyA` `RemoveDirectoryW` `lstrcmpA` `lstrcmpiW` `lstrcmpW` `ExpandEnvironmentStringsW` `GlobalAlloc` `WaitForSingleObject` `GetExitCodeProcess` `GlobalFree` `GetModuleHandleW` `LoadLibraryExW` `FreeLibrary` `WritePrivateProfileStringW` `GetPrivateProfileStringW` `WideCharToMultiByte` `lstrlenA` `MulDiv` `WriteFile` `ReadFile` `MultiByteToWideChar` `SetFilePointer` `FindClose` `FindNextFileW` `FindFirstFileW` `DeleteFileW` `lstrcpynA`
USER32.dll	`GetAsyncKeyState` `IsDlgButtonChecked` `ScreenToClient` `GetMessagePos` `CallWindowProcW` `IsWindowVisible` `LoadBitmapW` `CloseClipboard` `SetClipboardData` `EmptyClipboard` `OpenClipboard` `TrackPopupMenu` `GetWindowRect` `AppendMenuW` `CreatePopupMenu` `GetSystemMetrics` `EndDialog` `EnableMenuItem` `GetSystemMenu` `SetClassLongW` `IsWindowEnabled` `SetWindowPos` `DialogBoxParamW` `CheckDlgButton` `CreateWindowExW` `SystemParametersInfoW` `RegisterClassW` `SetDlgItemTextW` `GetDlgItemTextW` `MessageBoxIndirectW` `CharNextA` `CharUpperW` `CharPrevW` `wvsprintfW` `DispatchMessageW` `PeekMessageW` `wsprintfA` `DestroyWindow` `CreateDialogParamW` `SetTimer` `SetWindowTextW` `PostQuitMessage` `SetForegroundWindow` `ShowWindow` `wsprintfW` `SendMessageTimeoutW` `LoadCursorW` `SetCursor` `GetWindowLongW` `GetSysColor` `CharNextW` `GetClassInfoW` `ExitWindowsEx` `IsWindow` `GetDlgItem` `SetWindowLongW` `LoadImageW` `GetDC` `EnableWindow` `InvalidateRect` `SendMessageW` `DefWindowProcW` `BeginPaint` `GetClientRect` `FillRect` `DrawTextW` `EndPaint` `FindWindowExW`
GDI32.dll	`SetBkColor` `GetDeviceCaps` `DeleteObject` `CreateBrushIndirect` `CreateFontIndirectW` `SetBkMode` `SetTextColor` `SelectObject`
SHELL32.dll	`SHBrowseForFolderW` `SHGetPathFromIDListW` `SHGetFileInfoW` `ShellExecuteW` `SHFileOperationW` `SHGetSpecialFolderLocation`
ADVAPI32.dll	`RegEnumKeyW` `RegOpenKeyExW` `RegCloseKey` `RegDeleteKeyW` `RegDeleteValueW` `RegCreateKeyExW` `RegSetValueExW` `RegQueryValueExW` `RegEnumValueW`
COMCTL32.dll	`ImageList_AddMasked` `ImageList_Destroy` `#17` `ImageList_Create`
ole32.dll	`CoTaskMemFree` `OleInitialize` `OleUninitialize` `CoCreateInstance`
VERSION.dll	`GetFileVersionInfoSizeW` `GetFileVersionInfoW` `VerQueryValueW`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.63819`
MD5	`0661e5558732cdd08c333a98733a5eb3`
SHA1	`16cdb8d0a2d2f0b19cfcb0d761348289ccac6da6`
SHA256	`6aea1516ac02b560f5e3899dec45abbc40c04e37f4e4d68b68eadb83a7ed8330`
SHA3	`a4cb7326817ceeb5f09a203a4306536b8e3b338d1665be7dc7dd4a82ba7932a0`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.65613`
MD5	`a87cd8455c1e3f1935b1bff3e3f251f5`
SHA1	`7d5e190480fa7e5ded07a9d263f534167e239d92`
SHA256	`c222a364dba1f0a7ac4f5211e912a0ac78f1ecd2429c1dcd2198c1f3ba8ba0b2`
SHA3	`215b2237cff5226139131472a62201908f2003741d2ad091a9fae92d91530a64`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.59698`
MD5	`e85563ba1f9b3066aead75ed67ca1bf3`
SHA1	`ff79948d966bf2a858478ff8cd210b8e7f8c2003`
SHA256	`fb34efc4fba222b1e09e743efd1c495b789940a3b0c4331ae082c4a1a4dffbdf`
SHA3	`8b904be8bdc9017ff76aff69cc860cf2c3cb312fb9ccae88c3193cf4bd271586`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.52127`
MD5	`e27f30e9e84b5cea1891eb431f13dabd`
SHA1	`e12af86f4b747e74f8bb7f3517a5fe12b793c292`
SHA256	`bb64906ef9a8342a86668215ec8dd70497051fc25ca5c1e22091308de6c7ce14`
SHA3	`659aeafd4912a297b22fd3c50b4a7e13e1287e0787ab1adb2b54562a4d27edac`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2d8b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.90837`
Detected Filetype	PNG graphic file
MD5	`fc6d6ab34be7a600be93b794abc41d4b`
SHA1	`fd7e14aeef21418fb3739d6e53c4da20840b544d`
SHA256	`f45441c729763360caedf9a6f4f9d0c4550705d2ce6681b243564b92c3c31a5d`
SHA3	`02a9b72b8cbb819a922dea103d92a6cb16eec5a05f7297c4799e112d5eee0c81`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.94594`
MD5	`745ffd43bac789dddb9f1dddf03bc509`
SHA1	`9bfcc8437fcc70e60f76885729382bee48ea08d4`
SHA256	`d8f7fcc84ba988d043fc78074951113b1e761fbbf550419e14aa2fe03c63b6c3`
SHA3	`0e64f60f6978c2257c96d7bbaeda2bef5c5ef53fc9c6f4a24203c7d2f37a9cc5`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.92383`
MD5	`6b648aac60c80033430009759519ac40`
SHA1	`a1c15d3501fe45d01a3953b196c2d9a77f35c243`
SHA256	`f82d438724667fcacebc485fcd7f5df5d466927d00f3eb0cd495af226c32fd89`
SHA3	`1e4e718a898017783f291402d431e628720e4c5ff32e45b11520936fde533299`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.13592`
MD5	`9660a385a7a6641e0fec9457138c168a`
SHA1	`b0029808d4c35a932f60539aabe7a3ae2a366fcc`
SHA256	`b353dd8cc47bc85e2c2207e15b8af73e0c6ddd0026790e9ca743db0eeea2560d`
SHA3	`caf06b3d08004e0a163db35717ca4735ad598e14e01a2b04e6e48a6a10422e71`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.47816`
MD5	`08eca33440469316592ef0f37df2ba98`
SHA1	`9494574fd4e7965fec4c49c5f64e1d01cc505e87`
SHA256	`493f8258f36b95a1b919594224a7e8ad7c33dc3aed3a070d0d7b7fb2aff4ea0a`
SHA3	`c0f3c0818ac99a103bd903c6fe51115625d112525a88db9bd8d1069d26362e29`

105

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x200`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.68135`
MD5	`d4b144317bc2ebee1b86398feee79228`
SHA1	`b1a08dc45b13167844d8120513134ba01956f4aa`
SHA256	`2864922452fc38e7034f87c8d90a3cb11c6a3ae8c4cf520a88fdb0b6ede9e6d8`
SHA3	`329535cb09ab01ffef289e600bcfa2231e23f3398b26ecd974685235d509c4ac`

106

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xf8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.91148`
MD5	`fa83652660409e90e0db9731ad2adb17`
SHA1	`0a8f0af67723c87fe26ccf676b8e19ec6357b4dc`
SHA256	`4a55bd714f5d50cd8eabba10e57f0618f1842717dcfa582d73a917b1933cd1d4`
SHA3	`5b3e1cb25be7a2dbae4f08f0d4794ed23dbd6ea37a3f9702be12dba588f42a7b`

111

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xee`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.92787`
MD5	`5dfa289639a3bcc0497da8db163f01fe`
SHA1	`6e2c6ea1e2594b66f563fb589276642c127e875f`
SHA256	`18466509968c3c0bf92ba410fea075def2b257a5a799a113cbc60f13e75f4b01`
SHA3	`85abdc8c431d91c72f3595a39881c96637ead09a0278d3cec0c1c9a8d873f031`

205

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1f8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.72642`
MD5	`647c2a3462bcd335ad7b418c4e9591e4`
SHA1	`c8327e21381c0d6c3b715af440972619a0003d2a`
SHA256	`f8f078bdfe1a30bc35a243dc998cd7b3dedad76c93fb69af0c54f6ffbf61e7f3`
SHA3	`fd722035592a1a4c18c69139ff2201664ef1cdeaa5a325cbe675e2a18c97c742`

206

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xf0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04696`
MD5	`c7239ce55362dabbe3887e5fc4bdf5fe`
SHA1	`a2908207ffb889a12da3cbdbe7446e04b254e7ed`
SHA256	`012557f58e68234d4a88df0b713c59800f798ecce19dfd589d326b458dddcbd8`
SHA3	`34f4adf15b3169820de0c298735a1ea7bc4e5c9737c5baac458a5fbfb356b1f6`

211

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xe6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.09674`
MD5	`30dab3583979c2008e8de9295ab7c36b`
SHA1	`186cd9560b358bbf8b523d1050573f22bb00264d`
SHA256	`8c64a2341dc473a7d8ab4956af589e9a7257c4f05a8dc229f862c16d49ba37e5`
SHA3	`4449f57b4725dc59d7d66dc9b817250112828d0f5d6b31cba247cd36ff544268`

305

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1ec`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.6202`
MD5	`c1d8d0b44d13ea1f9111ee1f36c755a1`
SHA1	`0d8d9744d3ae09708da96e1b968f4e8b93363e70`
SHA256	`2ffa12c6481451ebba453d55a929cf7e4a19309321fa37da5d1a84f8c2d60409`
SHA3	`ea011bd95bb40418969a614f69120e3b67e7de03fd0f99b2ac2622ebfb7e59ae`

306

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xe4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.86295`
MD5	`cc0021533c65b44747600689ff5fbd43`
SHA1	`b1d1e4594f5ad7b08d56a25cdbe6d9b9378e482b`
SHA256	`ab1e3ad5b5d87630cb0f6a6671c10fe49d9c33839be0d5daeba89ec053dda92c`
SHA3	`84d6def5cee15efe0091dd2b0c1f1293ccd14684a0736bd33e1c5aa70c3471f7`

311

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xda`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.92694`
MD5	`408a7443d8f432b28a248059d8669d1c`
SHA1	`c199828e8051a2825b1d5e216360eb57cd0b37f7`
SHA256	`4677979c1665998318fcb65b9a0c0b3dd9204c12dbddbd5e76df8822ed6e347a`
SHA3	`a3fbf76ef107912c1222e3203143386903416d7d7c171d53f3e0988bea2e4923`

405

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1ec`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.6258`
MD5	`d05e94c32c63be637d2428cbe027c83c`
SHA1	`85ba952007dfabb81f29b69d125c73d51c37c5a2`
SHA256	`52e32309f6089c8262b2557d9815350f23ad7db9dea720893a1f15fd2982fd66`
SHA3	`96cd69bd0aee0f0d2f34efa30b56efeac2fec08d226ba87e152a9c3eaab6add8`

406

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xe4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.86626`
MD5	`8c69d2c81dd2d9050d0fa94df90ff16b`
SHA1	`cd71d904da747d7141e5abdde9363f7e240b26bd`
SHA256	`1a39a3aabdee2aa68c507c55ff37c38722b05b7f8bde66185a2462792381d8cd`
SHA3	`b80b33ab6bf40b07bc32c7a6a11831084f7c97a27dff86d576769d0aab14b979`

411

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xda`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.9304`
MD5	`2497a44fff8b76b5129662b60a617c85`
SHA1	`f73bd7c9caa4c1f7a0e4840d69b0accdc6d167a0`
SHA256	`a10617b39293152a65ad5c91ca4f35135845c7b785e3a582e58f6c8229045b85`
SHA3	`aaf1dc708c305944a11a7180ef5ee2c8f722c3dd6d4bf91e0ae0f6c2b1a331ca`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.07075`
Detected Filetype	Icon file
MD5	`6807312794d6eceffd2525457bad90d1`
SHA1	`30970f73d4360a320606b09fadc2915d2fbbe7d0`
SHA256	`8a66259ad86f5f98798a11e14302a6f47a9667a04aab35abe8e84dc2506e4fdf`
SHA3	`f94b2014e21123ab83ee8bf36b6b205f5ea69b4c7bf55372afd5fd0c14d5c0d6`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.21858`
MD5	`038fc70571b8489dcaf7917b1858037f`
SHA1	`bca0c59d0363814dc23e5886477fce8b7d528e25`
SHA256	`0782c72a0156810d50a675f43d2d0eb391b0ce4afd8d949c2509b3f7efb13486`
SHA3	`c0e69cb6b665706e539019bf68287dd594510cbbf6285d874331ba18deae0999`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5b5`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.4032`
MD5	`faf01623d723ff93fe9e19346eb46a4a`
SHA1	`6a9fe03063400ca13cb82b63b379db28c0d96638`
SHA256	`d0b5191f9255969f4b6336605c17d2d0c0e93e4ec1fc64a4c48950b3b0ca4a8e`
SHA3	`c23deee785f0f022672f28e1c5aa3b88cae650488f2537db983231ff0023200f`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0`
FileVersion	2.0.1.6
ProductVersion	2.0.1.6
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	Restoro
FileDescription	Restoro Downloader
FileVersion (#2)	2.016
InternalName	Restoro Downloader
LegalCopyright	© Restoro 2019
LegalTrademarks	Restoro
ProductName	Restoro
ProductVersion (#2)	2.016

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not read an IMAGE_BASE_RELOCATION!
[*] Warning: Section .ndata has a size of 0!