Manalyze report for 264b6a2d214586ed9b213d29b2262046

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2009-Jul-13 23:19:35
Detected languages	English - United States
CompanyName	Microsoft Corporation
FileDescription	Load PerfMon Counters
FileVersion	`6.1.7600.16385 (win7_rtm.090713-1255)`
InternalName	LODCTR.EXE
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	LODCTR.EXE
ProductName	Microsoft® Windows® Operating System
ProductVersion	`6.1.7600.16385`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++` `Microsoft Visual C++ v6.0` `Microsoft Visual C++ v5.0/v6.0 (MFC)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: cmd.exe`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to AES` `Microsoft's Cryptography API`
Malicious	This program contains valid cryptocurrency addresses.	`Contains a valid Bitcoin address: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: FindWindowW` `Can access the registry: RegQueryValueExA RegSetValueExA RegCreateKeyW RegCloseKey` `Possibly launches other programs: CreateProcessA ShellExecuteA` `Uses Microsoft's cryptographic API: CryptReleaseContext` `Has Internet access capabilities: URLDownloadToFileA` `Leverages the raw socket API to access the Internet: #18 #4 #10 #2 #23 #9 #52 #11 #151 #111 #22 #19 #16 #21 #115 #12 #3` `Functions related to the privilege level: CheckTokenMembership` `Enumerates local disk drives: GetDriveTypeW` `Can take screenshots: FindWindowW CreateCompatibleDC BitBlt`
Malicious	VirusTotal score: 53/66 (Scanned on 2018-10-29 00:40:57)	`Bkav: W32.RansomwareTBK.Trojan` `MicroWorld-eScan: Trojan.Ransom.WannaCryptor.D` `CAT-QuickHeal: Trojan.Mauvaise.SL1` `McAfee: Ransom-WannaCry!264B6A2D2145` `BitDefender: Trojan.Ransom.WannaCryptor.D` `K7GW: Trojan ( 0050db011 )` `K7AntiVirus: Trojan ( 0050db011 )` `Symantec: Ransom.Wannacry` `ESET-NOD32: a variant of Win32/Filecoder.WannaCryptor.D` `TrendMicro-HouseCall: Ransom_WCRY.SM` `Paloalto: generic.ml` `ClamAV: Win.Ransomware.WannaCry-6313787-0` `Kaspersky: Trojan-Ransom.Win32.Wanna.c` `NANO-Antivirus: Trojan.Win32.Wanna.eovgej` `SUPERAntiSpyware: Ransom.WannaCrypt/Variant` `Avast: Win32:WanaCry-A [Trj]` `Tencent: Trojan.Win32.WannaCry.d` `Ad-Aware: Trojan.Ransom.WannaCryptor.D` `Emsisoft: Trojan.Ransom.WannaCryptor.D (B)` `F-Secure: Trojan.Ransom.WannaCryptor.D` `DrWeb: Trojan.Encoder.11432` `Zillya: Trojan.WannaCryptGen.Win32.1` `TrendMicro: Ransom_WCRY.SM` `McAfee-GW-Edition: BehavesLike.Win32.Backdoor.dh` `TheHacker: Trojan/Filecoder.WannaCryptor.d` `SentinelOne: static engine - malicious` `Cyren: W32/Trojan.BRWQ-8989` `Jiangmin: Trojan.WanaCry.a` `Webroot: W32.Ransom.Wannacry` `Avira: HEUR/AGEN.1008196` `Antiy-AVL: Trojan/Win32.Deshacop` `Microsoft: Ransom:Win32/WannaCrypt.C` `Endgame: malicious (high confidence)` `Arcabit: Trojan.Ransom.WannaCryptor.D` `AegisLab: Troj.Ransom.W32.Wanna.toNl` `ZoneAlarm: Trojan-Ransom.Win32.Wanna.c` `GData: Win32.Trojan-Ransom.WannaCry.E` `TACHYON: Ransom/W32.Wanna.245760` `Sophos: Mal/Wanna-A` `AhnLab-V3: Trojan/Win32.WannaCryptor.R200589` `VBA32: Trojan-Ransom.Wanna` `ALYac: Trojan.Ransom.WannaCryptor.D` `MAX: malware (ai score=100)` `Malwarebytes: Ransom.WannaCrypt` `Zoner: Trojan.Wannacry` `Yandex: Trojan.Filecoder!vJ8G5Dz20yg` `Ikarus: Trojan-Ransom.WannaCry` `Fortinet: W32/WannaCryptor.D!tr.ransom` `AVG: Win32:WanaCry-A [Trj]` `Cybereason: malicious.d21458` `Panda: Trj/RansomCrypt.I` `CrowdStrike: malicious_confidence_100% (W)` `Qihoo-360: Win32/Worm.WannaCrypt.J`

Hashes

MD5	`264b6a2d214586ed9b213d29b2262046`
SHA1	`0e838068e42a7bfbd7d40a4743fae3cf733f7ac1`
SHA256	`bf293bda73c5b4c1ec66561ad20d7e2bc6692d051282d35ce8b7b7020c753467`
SHA3	`298889b86e62b75f2f186d1d841c748aa26d4de457c08a265beff444b796f5fa`
SSDeep	`3072:Rmrhd5J1eigWcR+uiUg6p4FLlG4tlL8z+mmCeHFZjoHEo3m:REd5vIZiZhLlG4AimmCo`
Imports Hash	`af1ee2e2df6068e3516198d1c8194576`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2009-Jul-13 23:19:35
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x14000`
SizeOfInitializedData	`0x27000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00013102 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x15000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x3d000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e98b84d00a9faf78cd912feb1e58e63e`
SHA1	`fef4300a0061ffbc3736087defd0149a4ab9603c`
SHA256	`df21137ab016f977e271b1bbb61911e7cee9a2681aa0156a74b081ac575ebde3`
SHA3	`f226b5b2a52f151116f88a338b144ca18b1110689e778b12c1425101a4eddffa`
VirtualSize	`0x13395`
VirtualAddress	`0x1000`
SizeOfRawData	`0x14000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.24105`

.rdata

MD5	`5a89aac6c8259abbba2fa2ad3fcefc6e`
SHA1	`9ce4b8f15392037344f540cf61146613c3cad246`
SHA256	`8921608e704b40a5a050b40109ca8078cf1ee344678a0e33b41e2c1882f50b1b`
SHA3	`df7f65e3aefaaa36c387488f53fcc3e6cba4e81bf00b7b6c67c7dd7f23872d27`
VirtualSize	`0x9268`
VirtualAddress	`0x15000`
SizeOfRawData	`0xa000`
PointerToRawData	`0x15000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.87184`

.data

MD5	`05da32043b1e3a147de634c550f1954d`
SHA1	`c26428eede5b7cf39d1fb336be25815017dd6f0a`
SHA256	`ae353e821523269d37a6c2dcb8a5215b131fdca6d402a19edd01bde9dc818b03`
SHA3	`2c56d4d5689831a850c337655d9c0351bcb3a308bf117fbe326c1a52e17df821`
VirtualSize	`0x32a0`
VirtualAddress	`0x1f000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x1f000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.72665`

.rsrc

MD5	`8e97637474ab77441ae5add3f3325753`
SHA1	`f1f1be25b34f48eda4f4831e9f94d88973b8a2c7`
SHA256	`28ee2032cc5a2441e74f4f470cf2bdd29614c169ac3bae744d72639bcb7fb1b6`
SHA3	`2e42b2904dbc7e0156d109910ee5a5d0141c64e5838c68965baf00ffe54676f4`
VirtualSize	`0x19b7c`
VirtualAddress	`0x23000`
SizeOfRawData	`0x1a000`
PointerToRawData	`0x22000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.63519`

Imports

MFC42.DLL	`#6648` `#6778` `#922` `#5710` `#4129` `#923` `#4277` `#940` `#640` `#2405` `#5785` `#1640` `#323` `#1168` `#6197` `#4673` `#4274` `#6375` `#4486` `#2554` `#2512` `#5731` `#3922` `#1089` `#5199` `#2396` `#3346` `#5300` `#5302` `#2725` `#4079` `#4698` `#5307` `#5289` `#5714` `#4622` `#3738` `#561` `#815` `#609` `#781` `#6438` `#2621` `#1134` `#6334` `#3708` `#2575` `#4396` `#3574` `#1146` `#6215` `#665` `#1979` `#353` `#6136` `#6140` `#535` `#6876` `#939` `#941` `#4278` `#341` `#2971` `#5759` `#6192` `#5756` `#6186` `#4330` `#6189` `#6021` `#5873` `#5794` `#5678` `#5736` `#5579` `#5571` `#6061` `#5864` `#3596` `#3571` `#3797` `#2381` `#2754` `#6194` `#6734` `#6170` `#3706` `#5781` `#2818` `#2370` `#2289` `#289` `#613` `#2860` `#4284` `#3874` `#470` `#5789` `#5875` `#6172` `#755` `#6663` `#2864` `#4275` `#540` `#860` `#858` `#795` `#3721` `#2642` `#3998` `#3301` `#283` `#5787` `#4476` `#3089` `#1641` `#3996` `#2414` `#1576` `#616` `#3663` `#3626` `#693` `#3640` `#3370` `#4402` `#2582` `#3582` `#4398` `#2578` `#4218` `#2023` `#2411` `#3573` `#3619` `#823` `#3092` `#6199` `#4376` `#6453` `#924` `#1200` `#800` `#2379` `#5280` `#4710` `#537` `#4234` `#2302` `#765` `#825` `#324` `#567` `#641` `#3698` `#4424` `#4627` `#4080` `#3079` `#3825` `#3831` `#3830` `#3402` `#2976` `#3081` `#2985` `#3262` `#3136` `#4465` `#3259` `#3147` `#2982` `#5277` `#2124` `#2446` `#5261` `#1727` `#5065` `#3749` `#6376` `#2055` `#2648` `#4441` `#4837` `#3798` `#5290` `#4353` `#6374` `#5163` `#2385` `#5241` `#4407` `#1776` `#4078` `#6055` `#3597` `#4425` `#1775` `#6052` `#2514` `#4998` `#4853` `#654` `#5265`
MSVCRT.dll	`_XcptFilter` `_exit` `??1type_info@@UAE@XZ` `_onexit` `__dllonexit` `realloc` `exit` `_mbsstr` `_setmbcp` `_strnicmp` `_wcsnicmp` `_wcsicmp` `_acmdln` `__getmainargs` `_initterm` `__setusermatherr` `_adjust_fdiv` `__p__commode` `__p__fmode` `__set_app_type` `_controlfp` `__CxxFrameHandler` `fclose` `fread` `fopen` `sprintf` `rand` `fwrite` `time` `srand` `wcscpy` `wcscat` `wcslen` `_ftol` `_except_handler3` `_local_unwind2` `wcsrchr` `wcscmp` `swprintf` `wcsstr` `fgets` `malloc` `calloc` `free` `_purecall` `memmove` `strncpy` `_CxxThrowException` `??0exception@@QAE@ABQBD@Z` `??1exception@@UAE@XZ` `??0exception@@QAE@ABV0@@Z` `strrchr` `__p___argc` `__p___argv` `_mbscmp` `strncmp` `sscanf` `strtok`
KERNEL32.dll	`GlobalFree` `GetTickCount` `CreateProcessA` `TerminateProcess` `GetExitCodeProcess` `WaitForSingleObject` `TerminateThread` `CloseHandle` `GetFileAttributesA` `DeleteFileA` `CreateThread` `SystemTimeToTzSpecificLocalTime` `GetTimeZoneInformation` `CopyFileW` `CreateDirectoryA` `GetProcAddress` `CopyFileA` `GetComputerNameA` `SystemTimeToFileTime` `LocalFileTimeToFileTime` `GetModuleHandleA` `GetStartupInfoA` `LoadLibraryA` `GlobalAlloc` `SetCurrentDirectoryA` `GetCurrentDirectoryA` `SetFileTime` `SetFilePointerEx` `SetEndOfFile` `SetFilePointer` `GetFileTime` `MultiByteToWideChar` `FindClose` `FindNextFileW` `GetFileAttributesW` `FindFirstFileW` `CreateFileA` `GetExitCodeThread` `GlobalUnlock` `GlobalLock` `WideCharToMultiByte` `GetDiskFreeSpaceExW` `GetDriveTypeW` `GetLogicalDrives` `FindNextFileA` `FindFirstFileA` `InitializeCriticalSection` `DeleteCriticalSection` `ReadFile` `GetFileSize` `WriteFile` `LeaveCriticalSection` `EnterCriticalSection` `Sleep` `ExitProcess` `GetModuleFileNameA` `GetTempFileNameA` `GetUserDefaultLangID` `GetLocaleInfoA`
USER32.dll	`BringWindowToTop` `GrayStringA` `DrawTextA` `TabbedTextOutA` `SetActiveWindow` `GetSysColor` `ShowWindow` `SystemParametersInfoW` `IsIconic` `GetSystemMetrics` `SetFocus` `SetForegroundWindow` `OffsetRect` `SetWindowPos` `DrawIcon` `SetWindowTextW` `LoadIconA` `FindWindowW` `wsprintfA` `SystemParametersInfoA` `SetTimer` `SendMessageA` `FillRect` `RedrawWindow` `InvalidateRect` `SetCursor` `GetParent` `LoadCursorA` `OpenClipboard` `EmptyClipboard` `SetClipboardData` `CloseClipboard` `GetClientRect` `KillTimer` `EnableWindow`
GDI32.dll	`ExtTextOutA` `TextOutA` `RectVisible` `PtVisible` `CreateCompatibleBitmap` `CreateRectRgn` `GetWindowOrgEx` `GetViewportOrgEx` `GetDeviceCaps` `CreateCompatibleDC` `BitBlt` `DeleteObject` `GetTextExtentPoint32A` `GetObjectA` `CreateFontIndirectA` `PatBlt` `CreateSolidBrush` `CreateFontA` `Escape`
ADVAPI32.dll	`RegQueryValueExA` `GetUserNameA` `CryptReleaseContext` `RegSetValueExA` `RegCreateKeyW` `RegCloseKey` `AllocateAndInitializeSid` `CheckTokenMembership` `FreeSid`
SHELL32.dll	`ShellExecuteA` `ShellExecuteExA` `SHGetFolderPathW`
COMCTL32.dll	`_TrackMouseEvent` `#8`
OLEAUT32.dll	`#185`
urlmon.dll	`URLDownloadToFileA`
MSVCP60.dll	`??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ` `?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z` `?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z` `?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z` `?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z` `?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ` `?_Xran@std@@YAXXZ` `?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB` `?_Xlen@std@@YAXXZ` `?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB`
WS2_32.dll	`#18` `#4` `#10` `#2` `#23` `#9` `#52` `#11` `#151` `#111` `#22` `#19` `#16` `#21` `#115` `#12` `#3`
WININET.dll	`DeleteUrlCacheEntry`

Delayed Imports

134

Type	`RT_BITMAP`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4268`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.38987`
MD5	`053cb9b42aa55f9f01a2e777e44589f9`
SHA1	`d34c07a283aa1403103c7a980ffac215c0043473`
SHA256	`8b52f88f50a6a254280a0023cf4dc289bd82c441e648613c0c2bb9a618223604`
SHA3	`82cb02053680b3a4b75acfdcbc0e6dc8719d5952ea44fb77e4d3ecf116f050b3`
Preview

135

Type	`RT_BITMAP`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x5308`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.67223`
MD5	`e177012ab89bc2b6d47b3c2b8ee423e2`
SHA1	`3924b626e7945748ba34d3833f3c3ea552465726`
SHA256	`b54ea74f16da2285075cb68cc08518dc2cefca4eca23ddc043a1c5b572776dbe`
SHA3	`d64e52b6418ebfd75a777b6a9485e809bd2bfa114c21a4d77cbd667295df4663`
Preview

136

Type	`RT_BITMAP`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xb458`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.64644`
MD5	`4e4daa5c1c2954c306267524c93033a0`
SHA1	`08fd3b6c388da82feca6e8b8acb2346621a54fa5`
SHA256	`e100a6f74ed87f0c1278649ab6e994998ece79d577df2ceb9232ddbe3435045e`
SHA3	`099cc57e00bbc51de95adea3e62eca7871fe43e3d0f499fbb1cd8de7b9b6e6c6`
Preview

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.27412`
MD5	`4ae749d3104f6a1f4cfb34c5c0428f35`
SHA1	`845c644aa92ad6c9d16638089f242c3708c3e688`
SHA256	`aae9536875784fe6e55357900519f97fee0a56d6780860779a36f06765243d56`
SHA3	`5bc03dfd6e5e2637d39135a78e080349d03aee8947ae126510a2672de38a04bd`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.62517`
MD5	`74df1cc56549ee28f3fb8015def915f9`
SHA1	`70c63c9b5c6f4c14588746b3281c0e83ba1a33d7`
SHA256	`3ecc7b1ee872b45b534c9132c72d3523d2a1576ffd5763fd3c23afa79cf1f5f9`
SHA3	`b1cebbd0f3af87b6605cbe914b37ef9f5b788caf47a9d139f19bff6959e090df`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.90658`
MD5	`1976f46ba4fccdfb9487f471509b65a9`
SHA1	`b0ad2c9c85d214d6e997da40b434255992b82ca1`
SHA256	`8c3a91694ae0fc87074db6b3e684c586e801f4faed459587dcc6274e006422a4`
SHA3	`957819798b6d07c03f781ce394259d07f83bfcc86ed540bdc97022ecbdf34558`

102

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x688`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.54218`
MD5	`d50e408ca75519b1a9bcbc6a2cfaf324`
SHA1	`27db5e049073545851f916b435804388fc15aa84`
SHA256	`2372862afaa8e8720bc46f93cb27a9b12646a7cbc952cc732b8f5df7aebb2450`
SHA3	`4365f0b9d066fb7c02b101868e8489d02e234901f3f45aa17af87102a6384158`

137

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xc4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82947`
MD5	`f9fc70f49f772b6d2652e0eb0a91a614`
SHA1	`cba134ab3725353165f28d53b2b24f92cd356ca6`
SHA256	`616e60f031b6e7c4f99c216d120e8b38763b3fafd9ac4387ed0533b15df23420`
SHA3	`45df844d1aa114e603c83c6b749808e49d792361b7c0ac463e3787dc31ec589e`

138

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x19c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.50707`
MD5	`a4edae0fe79803f8329051e0461c80f9`
SHA1	`cb3100bbe89de7a3f14938f7ad6a2d0f85b0761b`
SHA256	`66334f10cb494b2d58219fa6d1c683f2dbcfc1fb0af9d1e75d49a67e5d057fc5`
SHA3	`2b0f9c53eda3aca564558aef08e935613495a693b5d3d637a66a4690b2e327b2`

141

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x112`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.26747`
MD5	`c095671bad49e32e7f76750294495d40`
SHA1	`5a510f2e40379e7b12b72a85fb90848a69a2866d`
SHA256	`21ed253b796f63b9e95b4e426a82303dfac5bf8062bfe669995bde2208b360fd`
SHA3	`bdc2e47d7eb88da19154930e39938cc54a1ac36d4009f87810df3f422d880aeb`

143

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x11a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.19527`
MD5	`712cb93371d130b8b50465d13133b0ad`
SHA1	`58c6e967279a14044583cf4eafbcd8e0b2d24316`
SHA256	`43d1ef55c9d33472a5532de5bbe814fefa5205297653201c30fdc91b8f21a0ed`
SHA3	`3b5ea01888be9bcfb277ba9ecf599add69250a46880885261bd021c78b4475c3`

128

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21059`
Detected Filetype	Icon file
MD5	`1ca559e52ba2941be4c2e87cc5728277`
SHA1	`c011eca07769f90224f28775462d15f9cfc00994`
SHA256	`e253d797afc8a4f3ad497c5b82981225b6a8d2843873a18dc2b3c155c91e0b36`
SHA3	`c4a71ffdf8bd18d49fc966d35a8337126f25be2b68a201a6191da4e136ac5bb3`

139

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.0815`
Detected Filetype	Icon file
MD5	`00ea652113ed90803b15f6167124172d`
SHA1	`9437bacfcf6dd0f02b3e72697d46b015e3355557`
SHA256	`af94dc83bc9ca7061efe49f703d79de5566553c171bfc94083a29489208c8622`
SHA3	`6d7e44ee7d97a0f72c48ff3dd644a6c3bebf383c0bac5e9e85970c107a53816d`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x390`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.58428`
MD5	`fe953411cfb9a4a566e0727e096c9eeb`
SHA1	`03758d81c5881d9508213440244ad82a1acc757d`
SHA256	`bffc8dc68a26d3c5f368295c91b98aee8a5c854f73e27eed61c3b6b215a0cce5`
SHA3	`807eadaeb290b1c76ae9df8a20a46bcfd1a369d4f826657d42b0d610c1f90cd8`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x27f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.85053`
MD5	`0585548eef8226c74c1d523108ed81f3`
SHA1	`285c7a6a07be4023ab281cf0501fa80da02dada4`
SHA256	`49fa2e0131340da29c564d25779c0cafb550da549fae65880a6b22d45ea2067f`
SHA3	`c2d3bf75dae31cd4efcebf49e7ce32acebdda9a5ac242ba28d40f1aebe2f4d98`

102 (#2)

Type	`UNKNOWN`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1e2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.37111`
MD5	`b485116506cc664bac6886aaac65d756`
SHA1	`9c9b62f23768cf6ace3fe653f0a273e57d2bf558`
SHA256	`ec5563e7e706d2d190b270a5cd61e03fde2e114d2ae3c051efe2242cca2acf58`
SHA3	`2f55ddcfd4954f095a940f65c2b578a2221c1a9594659ddb6e254b801cab1d59`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	6.1.7600.16385
ProductVersion	6.1.7600.16385
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Load PerfMon Counters
FileVersion (#2)	6.1.7600.16385 (win7_rtm.090713-1255)
InternalName	LODCTR.EXE
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	LODCTR.EXE
ProductName	Microsoft® Windows® Operating System
ProductVersion (#2)	6.1.7600.16385

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x90fc9b61`
Unmarked objects	`0`
12 (7291)	`3`
Imports (VS2003 (.NET) build 4035)	`20`
C++ objects (8047)	`1`
14 (7299)	`5`
C objects (8047)	`11`
Linker (8047)	`4`
Linker (VS98 SP6 build 8804)	`3`
Total imports	`461`
C++ objects (VS98 SP6 build 8804)	`18`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

264b6a2d214586ed9b213d29b2262046

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

Imports

Delayed Imports

134

135

136

1

2

3

102

137

138

141

143

128

139

1 (#2)

1 (#3)

102 (#2)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors