Manalyze report for 26a1ef6e5de45f7755e43a0147e80e4d7cc13d3c7348db3fb8be0f596c174165

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2012-May-10 15:58:59
Detected languages	English - United Kingdom Process Default Language

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++ v7.1 EXE` `Microsoft Visual Basic v5.0 - v6.0` `MASM/TASM - sig1(h)` `Microsoft Visual C++` `Microsoft Visual C++ v6.0`
Suspicious	PEiD Signature:	`PeStubOEP v1.x`
Info	Interesting strings found in the binary:	`Contains domain names: IN.Eye.xyz IN.LightMask.xyz IN.Pos.xyz LightMask.xyz ageia.com collada.org frogwares.com http://www.ageia.com http://www.collada.org http://www.collada.org/2005/11/COLLADASchema http://www.frogwares.com www.ageia.com www.collada.org www.frogwares.com www.lua.org`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Can access the registry: RegCloseKey RegOpenKeyExA RegQueryValueExA` `Possibly launches other programs: CreateProcessA system` `Reads the contents of the clipboard: GetClipboardData`
Malicious	The PE's digital signature is invalid.	`Signer: Frogwares Ireland ltd` `Issuer: COMODO RSA Extended Validation Code Signing CA` `The file was modified after it was signed.`
Safe	VirusTotal score: 0/75 (Scanned on 2024-09-05 07:57:35)	`All the AVs think this file is safe.`

Hashes

MD5	`164a7ca476aeffb09a0c5b5fadc66cf9`
SHA1	`cfad7c9b1fb5307f80b0afdca29195e4f71f9cf9`
SHA256	`26a1ef6e5de45f7755e43a0147e80e4d7cc13d3c7348db3fb8be0f596c174165`
SHA3	`c4897cd919bf34e99c9b4a797a55f2a5e2ddd62e2b97cea9dbd308b058174f18`
SSDeep	`98304:NHVQaEVH69Qs2jXmDf1A2Ztz7mnvjqZjtGnt:N1qVH6WrjWDf62Ztz6rYjtGt`
Imports Hash	`d2d1b93837f27e87a785b3ec2be19926`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x150`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2012-May-10 15:58:59
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`7.0`
SizeOfCode	`0x215000`
SizeOfInitializedData	`0x210000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0020F9DE (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x216000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x426000`
SizeOfHeaders	`0x1000`
Checksum	`0x427e08`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x800000`
SizeofStackCommit	`0x800000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f600d17adaac5a148d3a1ecc161283f5`
SHA1	`4335557f42e4c051af804d5fde8a78dd51742b72`
SHA256	`4a908412ae38770b07775bde9311d6885fbc89d5779b5866f5a75cc97561a8c7`
SHA3	`b5e6d92cbd70d85f7ebd4eaa17d28664847c8549a79ce750d46fb68147153fc6`
VirtualSize	`0x2142c4`
VirtualAddress	`0x1000`
SizeOfRawData	`0x215000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.56717`

.rdata

MD5	`192fc7e9501c12488a60cfd35df1849c`
SHA1	`6450d7f0fc755e9663b2a3b54a98f11a27971fcf`
SHA256	`06d49a2760457bd0d01425a8b4b8dfa2fca548b89e7a264edbbe51738743636f`
SHA3	`da84a7adcb9c965aba2d580d718218efd20c6696f86b9f2ebc3291c6ae20a21a`
VirtualSize	`0x50680`
VirtualAddress	`0x216000`
SizeOfRawData	`0x51000`
PointerToRawData	`0x216000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.23013`

.data

MD5	`fbe30e7cd038c227412818e516355def`
SHA1	`ce39a94d12c14a4085f488ccc6f5c8264e1e1a16`
SHA256	`41f18183b30eaf9d64977ba8d06b423ef336917295eb939fe7ff7ddc8eeb0ee4`
SHA3	`bc6297dde16b58d4ff76ded76a259b808467ac9247b4f61692d5165f2d7526b9`
VirtualSize	`0x10b5e8`
VirtualAddress	`0x267000`
SizeOfRawData	`0xfe000`
PointerToRawData	`0x267000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.95574`

.rsrc

MD5	`cfc6edd112c915524c221d7573873588`
SHA1	`6d41f3b00e118f383a50627983ee07a831923e7a`
SHA256	`4473805117fb4edb796bcb212f2d022a509c6735cad9c0b5ac0259028510d575`
SHA3	`a629b1eb0b013537b64e8903f5897be4bccad117b8f657fef3e8c76da7804455`
VirtualSize	`0x62678`
VirtualAddress	`0x373000`
SizeOfRawData	`0x63000`
PointerToRawData	`0x365000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.45363`

.reloc

MD5	`94ebde0d2009d46c973c450a8b298218`
SHA1	`a2870c53cd512c10b8102ee4a11e33f999043a7d`
SHA256	`13c45e52144f626a2c08d3d8b80a2545a04e2c9ec70802790202ab664aa86721`
SHA3	`043df4a640281fa68bb94c142cd193c98e128d2231dae9fc8c27351217b8a0e4`
VirtualSize	`0x4f934`
VirtualAddress	`0x3d6000`
SizeOfRawData	`0x50000`
PointerToRawData	`0x3c8000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.94177`

Imports

d3dx9_42.dll	`D3DXMatrixTranspose` `D3DXPlaneTransform` `D3DXPlaneFromPointNormal` `D3DXMatrixInverse` `D3DXSaveTextureToFileInMemory` `D3DXCreateRenderToSurface` `D3DXCheckCubeTextureRequirements` `D3DXFillCubeTexture` `D3DXFillTexture` `D3DXGetImageInfoFromFileInMemory` `D3DXCreateTextureFromFileInMemoryEx` `D3DXCreateCubeTextureFromFileInMemory` `D3DXCreateBuffer` `D3DXGetShaderConstantTable` `D3DXCheckTextureRequirements`
DINPUT8.dll	`DirectInput8Create`
PhysXLoader.dll	`NxGetCookingLib` `NxCreatePhysicsSDKWithID` `NxGetUtilLib` `NxReleasePhysicsSDK`
NxCharacter.dll	`NxCreateControllerManager` `NxReleaseControllerManager`
DSOUND.dll	`#11`
NxCooking.dll	`NxInitCooking` `NxCloseCooking` `NxCookTriangleMesh`
KERNEL32.dll	`CreateDirectoryA` `FlushFileBuffers` `FreeLibrary` `OutputDebugStringA` `ReadFile` `WriteFile` `SetFilePointer` `GetFileSize` `GetSystemInfo` `CreateFileMappingA` `GetStartupInfoA` `OpenEventA` `UnmapViewOfFile` `MapViewOfFile` `CreateFileA` `LocalFree` `TryEnterCriticalSection` `InitializeCriticalSection` `Sleep` `LeaveCriticalSection` `DeleteFileA` `GetDateFormatW` `SystemTimeToTzSpecificLocalTime` `GetTimeFormatW` `FileTimeToSystemTime` `FindFirstFileA` `FindClose` `FindNextFileA` `GetLocalTime` `QueryPerformanceCounter` `QueryPerformanceFrequency` `GetModuleHandleA` `GetModuleFileNameA` `CreateProcessA` `CloseHandle` `WaitForSingleObject` `SetEvent` `CreateEventA` `SetThreadPriority` `IsDebuggerPresent` `GetCurrentThreadId` `GetProcAddress` `LoadLibraryA` `GetVersion` `WideCharToMultiByte` `MultiByteToWideChar` `GetFileTime` `GetFileAttributesA` `TerminateThread` `EnterCriticalSection` `DeleteCriticalSection` `GlobalLock` `GlobalAlloc` `GlobalUnlock` `FormatMessageA` `GetLastError`
USER32.dll	`DestroyWindow` `SetCursor` `GetWindowRect` `DeleteMenu` `LoadIconA` `GetMonitorInfoA` `GetSystemMenu` `ShowCursor` `GetKeyboardState` `GetKeyboardLayout` `UnregisterClassA` `CreateWindowExA` `ReleaseDC` `DefWindowProcA` `SetWindowPos` `GetMenuItemInfoA` `GetMenuItemCount` `SystemParametersInfoA` `AdjustWindowRect` `LoadCursorA` `SetWindowTextW` `SetMenuItemInfoW` `ChangeDisplaySettingsA` `RegisterClassA` `ToUnicodeEx` `CloseClipboard` `GetClipboardData` `EmptyClipboard` `OpenClipboard` `GetDC` `PostQuitMessage` `SetForegroundWindow` `SetFocus` `ShowWindow` `GetSystemMetrics` `EnumDisplaySettingsA` `MessageBoxA` `ClipCursor` `TranslateMessage` `PeekMessageA` `DispatchMessageA` `SetClipboardData`
GDI32.dll	`GetDeviceCaps` `DeleteDC` `CreateICA`
ADVAPI32.dll	`RegCloseKey` `RegOpenKeyExA` `RegQueryValueExA`
SHELL32.dll	`SHGetFolderPathA`
binkw32.dll	`_BinkClose@4` `_BinkOpen@8` `_BinkGoto@12` `_BinkDoFrame@4` `_BinkWait@4` `_BinkGetRealtime@12` `_BinkNextFrame@4` `_BinkGetFrameBuffersInfo@8` `_BinkPause@8` `_BinkCopyToBuffer@28`
MSVCR71.dll	`_CxxThrowException` `_callnewh` `?what@exception@@UBEPBDXZ` `??0exception@@QAE@ABQBD@Z` `_strlwr` `qsort` `??1type_info@@UAE@XZ` `?terminate@@YAXXZ` `_except_handler3` `__dllonexit` `_onexit` `_iob` `_c_exit` `_exit` `_XcptFilter` `_ismbblead` `calloc` `localeconv` `setvbuf` `fscanf` `tmpfile` `_popen` `_pclose` `setlocale` `difftime` `mktime` `time` `localtime` `strftime` `clock` `tmpnam` `rename` `remove` `system` `strpbrk` `iscntrl` `__CxxFrameHandler` `ispunct` `isupper` `isxdigit` `toupper` `ldexp` `frexp` `modf` `_CIfmod` `ceil` `_CIacos` `_CIasin` `_CItanh` `_CIcosh` `_CIsinh` `fputs` `fgets` `_CIpow` `strcoll` `strcspn` `strncat` `strtoul` `_setjmp3` `getc` `ungetc` `_cexit` `_acmdln` `_amsg_exit` `__getmainargs` `_initterm` `__setusermatherr` `_adjust_fdiv` `__p__commode` `__p__fmode` `_local_unwind2` `__set_app_type` `_controlfp` `clearerr` `islower` `_errno` `strerror` `gmtime` `strtod` `abort` `getenv` `fprintf` `longjmp` `?before@type_info@@QBEHABV1@@Z` `wcscmp` `memmove` `free` `malloc` `_purecall` `??3@YAXPAX@Z` `exit` `sprintf` `??8type_info@@QBEHABV0@@Z` `??1exception@@UAE@XZ` `??0exception@@QAE@XZ` `??0exception@@QAE@ABV0@@Z` `?name@type_info@@QBEPBDXZ` `rand` `srand` `vsprintf` `_beginthreadex` `ctime` `memchr` `atoi` `atof` `strchr` `realloc` `__RTDynamicCast` `floor` `isdigit` `wcslen` `_fpclass` `_stricmp` `strstr` `strncpy` `fflush` `fopen` `fread` `fwrite` `ftell` `fseek` `fclose` `printf` `sscanf` `_snprintf` `strncmp` `isspace` `isalnum` `tolower` `isalpha` `strrchr`

Delayed Imports

?Initialize@InputCore@@QAE_NXZ

Ordinal	`1`
Address	`0x12560`

?Initialize@SaveGame@@QAE_NXZ

Ordinal	`2`
Address	`0x2930`

?initialize@AnimationCore@@QAE_NXZ

Ordinal	`3`
Address	`0xd8090`

?initialize@RenderCore@@QAE_NXZ

Ordinal	`4`
Address	`0x38490`

?initialize@ResourceManager@@QAE_NXZ

Ordinal	`5`
Address	`0x1dd980`

?initialize@SoundCore@@QAE_NXZ

Ordinal	`6`
Address	`0x1a19d0`

?initialize@VariablesCore@@QAE_NXZ

Ordinal	`7`
Address	`0x172430`

?initialize@VideoCore@@QAE_NXZ

Ordinal	`8`
Address	`0x29fc0`

?save_all@GameCore@@QAEHAAVDataStream@@@Z

Ordinal	`9`
Address	`0x1e0430`

?scene_setMainCharacter@GameCore@@QAE_NUGameObjectLink@@@Z

Ordinal	`10`
Address	`0x1e3620`

__GDF_THUMBNAIL

Type	`DATA`
Language	Process Default Language
Codepage	UNKNOWN
Size	`0x22ae1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99517`
Detected Filetype	PNG graphic file
MD5	`c8a160e4a3f137c5d0eb18f34b0cd53e`
SHA1	`fbe332cf4e8e6ba10bfe91f45767e347bbf22d7a`
SHA256	`4b323155ad6f12beefa1909cc94b3d4c8fd9d97f6aecce7f495ceaceb203ed24`
SHA3	`254d424a5fcbd80a4b1fbc5385218f55079ff44b4e2c363095d7572b4673fefd`

__GDF_XML

Type	`DATA`
Language	Process Default Language
Codepage	UNKNOWN
Size	`0xba8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.54038`
MD5	`39be4226f51013bd295bbc77fdf07950`
SHA1	`c164c4b05bc791d52a3d6b12939a39189d6c8ce8`
SHA256	`13ad43ae2b58fa12be5fd83673e3116893de7b6dfe9675569203533ac2df1670`
SHA3	`0426a0eb8db38b79b4b19f97f841d758c9b3ebdce5ae121ff74585f8c147f743`

1

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.84089`
MD5	`10869446d22780cbeff0c741c4971535`
SHA1	`68463367774e122bad7c05b09e8ea5f56038640a`
SHA256	`ae7acef10294c4cfe546289e30f2830408c30204fd65c94dc6f3f309af72f91d`
SHA3	`f1ed73487c9a8dcad47fa35a33b4e62895d38ca3b96ba1457c09e7c065627a59`

2

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.27531`
MD5	`dff7e3f90e0c0a776d3bc1e931e92bd8`
SHA1	`08f3abe7823785b0c3a152f393fa97063ea95974`
SHA256	`a6d1bacefa9a1cdc20416c623e98ee9d94463c8d48f725d9b8580d51f4c5ae3c`
SHA3	`4e1945c268a2bda5a6ef8b53bd228ffd03514dccafc4e0b1b77ec0fcfdbd7fb3`

3

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0xc828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.87511`
MD5	`4f41dbcd10e82f6d46fbcd9b223fdd6e`
SHA1	`3123e7d654742660051765bd01042e751c4dfdf6`
SHA256	`68694c46d18e12022b3284696758d8117927a7d29f6734124ade8b0f41ceed13`
SHA3	`4d1eca714ea4c63397fb22d610a6a59128a1ffef076b630876912d1a891686e1`

4

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x3228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.85536`
MD5	`8351072ca824a540265ea5f60002aeac`
SHA1	`fad8f37f5bffb9b2ed2e6e16df967e98c885ff3e`
SHA256	`286a6e22ec8c1215b3a073444a3e91d97e0d4780b566379fcfc7ef4de8c09aee`
SHA3	`894589af96ec61c9ed48ed8e34418f1c3e7a413b5da16670d72a1403ed7d33a1`

5

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0xca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.81258`
MD5	`946cdcea2c58f86eca07aece0397e05f`
SHA1	`3dc95593400a349d7e958e122fdbaf7f3d5ebb46`
SHA256	`d4de1975d8732b759e4e4f94d6dc8bd859ad6ca33e2ad2ae01e4be8485aae0ce`
SHA3	`de1e5f9f683b1c7362b689d962eb20696488c8e0833b89d9725fbd3bc95d9945`

6

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x368`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.49996`
MD5	`a736eba557cfa8ef4fbef82cb514c3ab`
SHA1	`830da56838013ad9122dfe71e1ddf820954390be`
SHA256	`ecfed0ad68097c954b5137101239044968f54d8c20bd06b9167337b91a43a1fc`
SHA3	`6672371ef3f4e12b46dfae75059cd1f46550053031ef8b230ca7d5b814696b02`

7

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.68846`
MD5	`3d4c51835ae0fa524c56ff535055aec4`
SHA1	`cab3a12a33996e8ab358ffcbc67733d4efa7dbd0`
SHA256	`bd366f81ef454fa8b7eea615a5f199a567458e2f83330e439984902fda9b2a08`
SHA3	`4f25eef8b784f07d25b6f3d2f6aa7d97a14e84b55b2bcbcbd4d7380092afb3b4`

8

Type	`RT_ICON`
Language	Process Default Language
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.84089`
MD5	`10869446d22780cbeff0c741c4971535`
SHA1	`68463367774e122bad7c05b09e8ea5f56038640a`
SHA256	`ae7acef10294c4cfe546289e30f2830408c30204fd65c94dc6f3f309af72f91d`
SHA3	`f1ed73487c9a8dcad47fa35a33b4e62895d38ca3b96ba1457c09e7c065627a59`

9

Type	`RT_ICON`
Language	Process Default Language
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.27531`
MD5	`dff7e3f90e0c0a776d3bc1e931e92bd8`
SHA1	`08f3abe7823785b0c3a152f393fa97063ea95974`
SHA256	`a6d1bacefa9a1cdc20416c623e98ee9d94463c8d48f725d9b8580d51f4c5ae3c`
SHA3	`4e1945c268a2bda5a6ef8b53bd228ffd03514dccafc4e0b1b77ec0fcfdbd7fb3`

10

Type	`RT_ICON`
Language	Process Default Language
Codepage	UNKNOWN
Size	`0xc828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.87511`
MD5	`4f41dbcd10e82f6d46fbcd9b223fdd6e`
SHA1	`3123e7d654742660051765bd01042e751c4dfdf6`
SHA256	`68694c46d18e12022b3284696758d8117927a7d29f6734124ade8b0f41ceed13`
SHA3	`4d1eca714ea4c63397fb22d610a6a59128a1ffef076b630876912d1a891686e1`

11

Type	`RT_ICON`
Language	Process Default Language
Codepage	UNKNOWN
Size	`0x3228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.85536`
MD5	`8351072ca824a540265ea5f60002aeac`
SHA1	`fad8f37f5bffb9b2ed2e6e16df967e98c885ff3e`
SHA256	`286a6e22ec8c1215b3a073444a3e91d97e0d4780b566379fcfc7ef4de8c09aee`
SHA3	`894589af96ec61c9ed48ed8e34418f1c3e7a413b5da16670d72a1403ed7d33a1`

12

Type	`RT_ICON`
Language	Process Default Language
Codepage	UNKNOWN
Size	`0xca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.81258`
MD5	`946cdcea2c58f86eca07aece0397e05f`
SHA1	`3dc95593400a349d7e958e122fdbaf7f3d5ebb46`
SHA256	`d4de1975d8732b759e4e4f94d6dc8bd859ad6ca33e2ad2ae01e4be8485aae0ce`
SHA3	`de1e5f9f683b1c7362b689d962eb20696488c8e0833b89d9725fbd3bc95d9945`

13

Type	`RT_ICON`
Language	Process Default Language
Codepage	UNKNOWN
Size	`0x368`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.49996`
MD5	`a736eba557cfa8ef4fbef82cb514c3ab`
SHA1	`830da56838013ad9122dfe71e1ddf820954390be`
SHA256	`ecfed0ad68097c954b5137101239044968f54d8c20bd06b9167337b91a43a1fc`
SHA3	`6672371ef3f4e12b46dfae75059cd1f46550053031ef8b230ca7d5b814696b02`

201

Type	`RT_RCDATA`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x30cf`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.29896`
MD5	`d93a9bff82f4117e44fa65c6682b01f9`
SHA1	`217fcbf200e10eae0810bb50ae0ca81cb3ae76df`
SHA256	`441be0a69a6d0a6c4c48eb4f7b6797d59972bb377be7eed742bbd35aecea6734`
SHA3	`dfb4fee2d0aeb18e8effc349dfd931c8be208a42f79a34fd44900031fd3eb660`

210

Type	`RT_RCDATA`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0xbef`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.23602`
MD5	`3b400e4f7da8d16d423f7ccd2cfe62e4`
SHA1	`57077ccb79e0bcc78f71ea3e5d5b77cf4e39903a`
SHA256	`747155973b5e5a9d1dd13c5cbc9114bb0585d51a5eef29f987ec3c60a74ef7fd`
SHA3	`3d77c3e429a4ba45c7a164501c0a158b8b21d6ad188c085ae9afc5c19ddfd801`

211

Type	`RT_RCDATA`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x926`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89639`
MD5	`18d3a647a73398e6552a15da6fe9436c`
SHA1	`6239dce521dff8c5f7b55eae2bbf315e7d9b8fb2`
SHA256	`080e9175d86540ba22627efcae29815c0ec03ee85a94c685c70ed959999fe261`
SHA3	`ac3647145400db8ffaac8c17061d2dcb43a5c2e73d3d267982d4cb30585567f8`

225

Type	`RT_RCDATA`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0xeaf`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.16758`
MD5	`910fec8820aaeb78e12b35257dcfb3ea`
SHA1	`873846265348f60d70047b82f5dbdb8729c16e53`
SHA256	`3ef4d8ee30d5c62d8cb4713c0f78167ba3b80ca555784223f7863a60583cebb6`
SHA3	`faf80646f38bad0bc942366569531aafcccb13f793cb24d8740e51c2b082a642`

240

Type	`RT_RCDATA`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x2dc0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.31139`
MD5	`fdcffa1cd4d1b774b8913f42e33280f2`
SHA1	`6add6feaa728d63eb7d4ff326723ffe305bde926`
SHA256	`1bc61e3b95cbc362bdae23bbf7f0f7c2ee36af251900a03f0bdc5578b117f21a`
SHA3	`e51f31c7ea0f78aed7745dfbcc91d972d26ac8e9bcfef86d33211e5bd01d09e6`

244

Type	`RT_RCDATA`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x247e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.33288`
MD5	`4433061a93abadfd45e3e6d3e77f2862`
SHA1	`e72691cfb0c3cf0e0c3849086fedb750cf962670`
SHA256	`4815dbcd98ddb0927a5235e45f618379ac2a40abf22c9fee5154f0463c143bef`
SHA3	`737c7ef15a4211ae192f99df771fa2c686ce593c1df715426b715c4446713d9e`

245

Type	`RT_RCDATA`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x24ee`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.34246`
MD5	`8bf9e1ddff92cbd87038f555671516b1`
SHA1	`2248637594ec2ab2deb9a12160af7d8e349b21e2`
SHA256	`728a991a33207bce0068f192ea5f569ff828c949a0659eac1f07c91119d79a50`
SHA3	`1acbe28c9dadf10c53eee696ede55f62ff71c28f0b440d275f9e5cffb51a6f4d`

255

Type	`RT_RCDATA`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x25fc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.23565`
MD5	`0403b3529610cd4d3cedbd3e668af53b`
SHA1	`aacdaf46cd6faab4594c3d22ed66c844eab39950`
SHA256	`db5bd3ae20ffe79887f4291fc2252d7aa112e946162977de2460af855549009b`
SHA3	`0c97a2d227646d8155779b3fb3a30e5e84ad34c00ef1237c2602a29069705591`

801

Type	`RT_RCDATA`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x1a6c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.45884`
MD5	`7af790423b5c3fb2c3b220dfc9e84fdb`
SHA1	`5ff52aa0b439211083d40df821c0a38e054b9bad`
SHA256	`b2484e21175631efdb4d7c9e34d718e646989d7d1401f82b16dafd9e20aaaacc`
SHA3	`52443ef5d840a0e68b20a1731cb7a692958205059792ab8c62fb46bc1cea37d3`

802

Type	`RT_RCDATA`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x19c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.71123`
MD5	`1a5e351c28c8301f7550d48b193f205e`
SHA1	`9a5541556109865c438d85ec806823e36c366d44`
SHA256	`aa5c18fd8919eecd1ff19e9d102a631ffef58fe842a83132614b01c26b8792ab`
SHA3	`9cb173fead6107e1c71a8aaa7b0b05b5f996a30319a7bad54b3132fadcb6b44d`

803

Type	`RT_RCDATA`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0xa20`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.1028`
MD5	`d74d08a47708644b51f0e5b89030eb26`
SHA1	`ff64cbca431d17b22feab2b0287ccae9845c9d10`
SHA256	`d14443373fd1af64fdae30d0d263a3a544c73333af0acd6aef75fde796ef230d`
SHA3	`632040d85150b5334016f8c5216bb8bdc987a6fd0bd1219072ae39142d59b8c7`

804

Type	`RT_RCDATA`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x2653`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.1784`
MD5	`789015677d50c26154ad1dd5c7b92927`
SHA1	`c981ebcdf4172b2d1a190388bf46db465c99b39c`
SHA256	`eb9f5cc632830b254c1bb37956ecf667705c589d3c270c6b74d3ec47ef4a313d`
SHA3	`8c834615569a1cc931e07ea6995bc1839cc52d0ed4fc9c06b883166fe46b6ed4`

805

Type	`RT_RCDATA`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x829`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.92327`
MD5	`96be4aca4d0827db144560491cef29f6`
SHA1	`6ac2c378d6d1ed7369abe93515ce15af24a7c231`
SHA256	`1670fef9fd4f77b810c2d8b99548d2e63b3cdef5d42bc2da4ca9bf208e469a56`
SHA3	`c1ec7d1b5804e6dc8080a726e3f7e5f03c44bcabd01fa80b92511f26829453e3`

806

Type	`RT_RCDATA`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0xd1f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.11414`
MD5	`8e4d90ad0cc710bea03b9a6eaa46f3f8`
SHA1	`e635e0e0a3cfbe3376a380cb3472c340b8d2cfe4`
SHA256	`5ed126f9d2b92a167394b53e781ebbcdf9f7f58e55abf0accf82c6a77789cc53`
SHA3	`1773ffdc17c02997e49fefaf802d97dd5912ba479e786cc5912f0f1316f12d71`

807

Type	`RT_RCDATA`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x126`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.6918`
MD5	`ce6d229ef7980e414c85d183b7e0fb98`
SHA1	`38a785a835aa3dd8c2ce6d73a54ce0e217427757`
SHA256	`ebe3378b8eceb6195bf063785291bc4884a6d2c4c3af0b25181c6e2e6f3cb945`
SHA3	`e9293c11b48c07d8f56f965d2058ba8cfdee616f2b06114d45cd7312a6d3fd4d`

808

Type	`RT_RCDATA`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x1f61`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.92654`
MD5	`6d2ca6635f903c4ea8fdee74372ffa66`
SHA1	`42658e2fcc2ce28a27d8bfd1c3016845c7c94468`
SHA256	`7bfe339807756c84202f64a58ce8badad887b48f7ff6cfcbc815b8a5178029c7`
SHA3	`d0cf3d707ed339ccc3a5376fa04f4e0183bb878e6d6fefa687a19c1f19ca8421`

809

Type	`RT_RCDATA`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x1724`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.23641`
MD5	`4d52f8a7174b91543c6cf5891c3001b3`
SHA1	`700439e200de56ab2ed1fec0b567ea786cb3903e`
SHA256	`3ee78e9d807857c0987d1d0cdcbe2544b4216335da357d23b1fd9d500915317b`
SHA3	`b035ad9b34db7c02400663032ecb7d83784bde2aa97cbfe0a2418ef577724ed2`

810

Type	`RT_RCDATA`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x353`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.97162`
MD5	`8eae8af8ad8e6eabde434d1821d24727`
SHA1	`f149830c09ddb2c07ed4d442e636618ded5dbe01`
SHA256	`1fbcc4a225c0e6492305808a4bbd6adda8322d89bfdd6a2b6b64ecc91e4304cd`
SHA3	`f09590956d487e4b41ed6ba4b9cb97c156a934219b10697a727c5df52cbcb1b6`

811

Type	`RT_RCDATA`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x253e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.29706`
MD5	`2eb28c050b7286399b8bd5dfae5a4025`
SHA1	`38b818a366d7990dbcab2d373008d8c51e664bc8`
SHA256	`875f10d2dcdfc031cc34ac2c7b4cf387cd7c5a4af147e29dd29e7ab6d535bd7c`
SHA3	`b10d10bf54d2ab1ff6db554a88df592f04f4bf96fcf5cf42fd8deaa55eeffc46`

101

Type	`RT_GROUP_ICON`
Language	Process Default Language
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.96146`
Detected Filetype	Icon file
MD5	`cb7970f6c2ac6fbc042540903dcc9732`
SHA1	`3ef38d83276e2012577c498c4f2a0c4634f0935f`
SHA256	`7b00e80e3c49fa1e6649f2ba3bd6d5e321d296d2cef0739201ba698935f8840d`
SHA3	`18a584f6309d8ef433792ea7e55b709d803ec80f2ee087c33843a47e5de18267`

101 (#2)

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.90476`
Detected Filetype	Icon file
MD5	`4f9b008ffb82a1fa303b0bc8799ec623`
SHA1	`7e96513b642a38407163fc18533646cf0ec86673`
SHA256	`ff02721b353d7017a8f39fa7e7745e93e1aaa28ea691957cf3d8906fe2b0d102`
SHA3	`7545bc1ab3f8b42443d79e6a42d833a49df310fb90ede7065b1c8b9ef06312e5`

102

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.32322`
Detected Filetype	Icon file
MD5	`5ae32d259c741094fd7321a97efab12f`
SHA1	`de0c9059c97a1395fffb9e9c713c69b87a2f80f3`
SHA256	`4420d38956c089533731669f88ae00ee4bdf4069a53932dc180b9a5a36ac6fd4`
SHA3	`46acabd2a8fde1e236e7bd40f606204cf74ad896f802e9e5baca1ea8d518abee`

Version Info

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x764660`
SEHandlerTable	`0x651940`
SEHandlerCount	`381`

RICH Header

XOR Key	`0x58f04140`
Unmarked objects	`0`
Imports (VS2003 (.NET) build 3077)	`2`
ASM objects (VS2003 (.NET) build 3077)	`10`
Imports (9210)	`2`
Imports (2067)	`2`
Imports (2179)	`8`
105 (2067)	`2`
C++ objects (VS2003 (.NET) build 3077)	`7`
C objects (2179)	`1`
Imports (VS2012 build 50727 / VS2005 build 50727)	`8`
C++ objects (VS2012 build 50727 / VS2005 build 50727)	`1`
Imports (VS2003 (.NET) build 4035)	`4`
C objects (VS2003 (.NET) build 4035)	`3`
Imports (VS2008 SP1 build 30729)	`3`
Total imports	`303`
C objects (VS2003 (.NET) build 3077)	`45`
99 (VS2003 (.NET) build 3077)	`442`
Exports (VS2003 (.NET) build 3077)	`1`
94 (VS2003 (.NET) build 3052)	`1`
Unmarked objects (#2)	`4`
Linker (VS2003 (.NET) build 3077)	`1`

Errors

Leave a comment

No comments yet.