Manalyze report for 27b324afa019a5cf99de908614e0e80f

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Nov-15 15:02:14
Detected languages	English - United States Russian - Russia
TLS Callbacks	1 callback(s) detected.
Debug artifacts	D:\TemporaryBuilds\installer_builder_1\172\s\_bin\architect8\Win32\analytics.pdb
CompanyName	© pdfforge GmbH.
FileVersion	`5.0.1.0`
LegalCopyright	© pdfforge GmbH. All rights reserved.
InternalName	analytics.dll
OriginalFilename	analytics.dll
ProductName	PDF Architect 8
ProductVersion	`5.0.1.0`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ v6.0 DLL` `Microsoft Visual C++ 6.0 - 8.0`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Accesses the WMI: ROOT\CIMV2` Contains domain names: http://schemas.xmlsoap.org http://schemas.xmlsoap.org/soap/encoding/ http://schemas.xmlsoap.org/soap/envelope/ http://tempuri.org http://upclick.com http://www.w3.org http://www.w3.org/2001/XMLSchema http://www.w3.org/2001/XMLSchema-instance https://stats.pdfarchitect.org https://stats.pdfarchitect.org/Tracking.asmx https://wsgeoip.pdfarchitect.org https://wsgeoip.pdfarchitect.org/ipservice.asmx pdfarchitect.org schemas.xmlsoap.org stats.pdfarchitect.org tempuri.org upclick.com wsgeoip.pdfarchitect.org www.w3.org xmlsoap.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Microsoft's Cryptography API`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress LoadLibraryA` `Can access the registry: RegQueryValueExW RegDeleteValueW RegCreateKeyExW RegSetValueExW RegOpenKeyExW RegEnumKeyExW RegQueryInfoKeyW RegCloseKey RegDeleteKeyW` `Uses Microsoft's cryptographic API: CryptAcquireContextA CryptGenRandom CryptReleaseContext CryptAcquireContextW` `Can create temporary files: GetTempPathA CreateFileW` `Has Internet access capabilities: InternetOpenW InternetSetOptionW InternetCloseHandle InternetConnectW InternetReadFile InternetQueryOptionW InternetErrorDlg` `Changes object ACLs: SetNamedSecurityInfoW`
Info	The PE is digitally signed.	`Signer: pdfforge GmbH` `Issuer: thawte SHA256 Code Signing CA`
Safe	VirusTotal score: 0/62 (Scanned on 2021-11-24 16:02:50)	`All the AVs think this file is safe.`

Hashes

MD5	`27b324afa019a5cf99de908614e0e80f`
SHA1	`6cf5042eaa055dcad380332a11968ce5998dbf06`
SHA256	`3ab11d0e5a237fc9b2222f377611ef87eb75d8627ea339deafaac7710ee67d4e`
SHA3	`4a9527500c27d9f76c629c4becb475e8afb9d50970e1b176b9e7205960973ef3`
SSDeep	`49152:agmc+AIw3a1UqrViU753d+xNg4GcWgmOorCgIi3Zmy:gcnF3a1RL+xNg4GcWYor`
Imports Hash	`659c16e3286d59c53c0e635fbcfe2ea9`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x138`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2021-Nov-15 15:02:14
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x150000`
SizeOfInitializedData	`0x84a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000E4108 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x151000`
ImageBase	`0x10000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x1d8000`
SizeOfHeaders	`0x400`
Checksum	`0x1c9dc2`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`671a11e88c3dde685d816c8a95d656b2`
SHA1	`944d7b7f9f0d72b484d2f97b5ca006240858bee4`
SHA256	`d99984b1cf3d7522ac67010e0276b09095937fc12ce3bcbfba4f96a48ff7011b`
SHA3	`c0d78ef6d545a5d37b308586cfa328a634e0347225896034e7ea00f3c30c5aa2`
VirtualSize	`0x14fec7`
VirtualAddress	`0x1000`
SizeOfRawData	`0x150000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.62552`

.rdata

MD5	`32a956fb16b60b57fc7320a62ba6fb03`
SHA1	`5cdbd400be4f4e4c1cd1c475dc38b93e17afdbf1`
SHA256	`6d6de55e7de0e177378d79fc332c87c49807a2e7e2b6aac2c233436ea6499ec7`
SHA3	`06dda5e3c3515f449e10f4db10145016ae3762a49c20b0e2380a578ff44b4bca`
VirtualSize	`0x494d2`
VirtualAddress	`0x151000`
SizeOfRawData	`0x49600`
PointerToRawData	`0x150400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.08846`

.data

MD5	`ea4d1344d34c7d4465f21a88a6be5fc3`
SHA1	`2f68642f5757afe5a4de0b163ce1009af64b0c5e`
SHA256	`72b154058f1bdfcbbee3a64af7387f87c7cf036448cdfac231f0aa0ea3abe3c9`
SHA3	`18cc6525daa3282d32e6bb6d27599f755f37ee1059349909098a108afa98ea34`
VirtualSize	`0x1fc14`
VirtualAddress	`0x19b000`
SizeOfRawData	`0xd600`
PointerToRawData	`0x199a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.10555`

.rsrc

MD5	`35dd052530e41030db9be4e71f79353f`
SHA1	`69bd63909aae78edee5368ce1009650420e615eb`
SHA256	`41e17c679ad8bf9a2c859881af76f52f8768ec20c741ae42ffdee9bc8dbdaddb`
SHA3	`e8600ab54d949f2edafd8b45dde9829985602a77ac53ef805ee2111009b2f613`
VirtualSize	`0x7208`
VirtualAddress	`0x1bb000`
SizeOfRawData	`0x7400`
PointerToRawData	`0x1a7000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.95418`

.reloc

MD5	`fa8e0c51f584c8742c6bdc168868c528`
SHA1	`75ca2a7c948375fe86db98c2b33c3fe04565e518`
SHA256	`46d252748a319b9fcc9cd69ebe7a32c2cdeb05ad7340d0f2239da4d4ea1d8bdd`
SHA3	`5ac90befe9f23e2c4c51e0f056c5e97d9ff624ed5fab69936223e509d373e7f1`
VirtualSize	`0x1404c`
VirtualAddress	`0x1c3000`
SizeOfRawData	`0x14200`
PointerToRawData	`0x1ae400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.53977`

Imports

KERNEL32.dll	`LeaveCriticalSection` `InitializeCriticalSectionAndSpinCount` `HeapFree` `HeapSize` `HeapReAlloc` `HeapAlloc` `HeapDestroy` `GetProcessHeap` `GetSystemTimeAsFileTime` `FormatMessageA` `FormatMessageW` `LocalFree` `CreateEventA` `GetCurrentProcess` `WaitForSingleObjectEx` `SetEvent` `IsWow64Process` `DeleteFileW` `SetLastError` `GetTickCount` `GetWindowsDirectoryW` `EnterCriticalSection` `GetUserDefaultLCID` `GetVersionExW` `GetSystemInfo` `Sleep` `QueryPerformanceCounter` `QueryPerformanceFrequency` `GetStdHandle` `GetTempPathA` `OutputDebugStringA` `InitializeCriticalSection` `GetWindowsDirectoryA` `GetConsoleScreenBufferInfo` `SetConsoleTextAttribute` `GetCurrentThreadId` `GetTimeZoneInformation` `ReadConsoleW` `FlushFileBuffers` `GetFileSizeEx` `EnumSystemLocalesW` `EncodePointer` `DecodePointer` `DeleteCriticalSection` `SetThreadLocale` `GetThreadLocale` `GetModuleFileNameW` `LoadLibraryExW` `FindResourceW` `LoadResource` `SizeofResource` `GetLastError` `RaiseException` `lstrcmpiW` `GetModuleHandleW` `GetProcAddress` `FreeLibrary` `WriteFile` `CreateDirectoryW` `GetFileAttributesW` `WideCharToMultiByte` `LocalFileTimeToFileTime` `MultiByteToWideChar` `GetCurrentDirectoryW` `SystemTimeToFileTime` `ReadFile` `CloseHandle` `SetFilePointer` `CreateFileW` `RtlUnwind` `GetFileAttributesExW` `IsValidLocale` `GetLocaleInfoW` `CompareStringW` `GetTimeFormatW` `SetEnvironmentVariableW` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCommandLineW` `GetCommandLineA` `GetOEMCP` `GetACP` `IsValidCodePage` `AreFileApisANSI` `DeviceIoControl` `SetFilePointerEx` `SetEndOfFile` `RemoveDirectoryW` `FindNextFileW` `GetDateFormatW` `FreeLibraryAndExitThread` `ExitThread` `CreateThread` `ExitProcess` `GetConsoleMode` `GetConsoleOutputCP` `WriteConsoleW` `GetModuleHandleExW` `GetFileType` `InterlockedFlushSList` `FindFirstFileExW` `SetStdHandle` `IsDebuggerPresent` `OutputDebugStringW` `GetStringTypeW` `InitializeSRWLock` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `InitializeCriticalSectionEx` `TryEnterCriticalSection` `LCMapStringEx` `GetLocaleInfoEx` `CompareStringEx` `GetCPInfo` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `TerminateProcess` `IsProcessorFeaturePresent` `ResetEvent` `CreateEventW` `InitializeSListHead` `GetStartupInfoW` `GetCurrentProcessId` `ReleaseSemaphore` `WaitForMultipleObjectsEx` `OpenEventA` `SetWaitableTimer` `ResumeThread` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `GetModuleHandleA` `CreateWaitableTimerA` `LoadLibraryA` `GetStringTypeExW` `LCMapStringW` `FindClose` `InterlockedPushEntrySList`
USER32.dll	`CharNextW` `LoadStringW` `GetSystemMetrics`
ADVAPI32.dll	`CryptAcquireContextA` `CryptGenRandom` `CryptReleaseContext` `CryptAcquireContextW` `RegQueryValueExW` `SetNamedSecurityInfoW` `InitializeAcl` `AddAce` `GetSidLengthRequired` `InitializeSid` `GetSidSubAuthority` `IsValidSid` `CopySid` `GetLengthSid` `RegDeleteValueW` `RegCreateKeyExW` `RegSetValueExW` `RegOpenKeyExW` `RegEnumKeyExW` `RegQueryInfoKeyW` `RegCloseKey` `RegDeleteKeyW`
SHELL32.dll	`SHGetFolderPathW` `SHGetSpecialFolderPathW`
ole32.dll	`CoInitializeSecurity` `CoInitializeEx` `CoSetProxyBlanket` `CoInitialize` `CoCreateInstance` `StringFromGUID2` `CoTaskMemAlloc` `CoTaskMemRealloc` `CoTaskMemFree` `CoUninitialize`
OLEAUT32.dll	`VariantInit` `VariantClear` `LoadRegTypeLib` `SysAllocStringByteLen` `SysStringLen` `SysAllocStringLen` `SysFreeString` `LoadTypeLib` `SysAllocString` `UnRegisterTypeLib` `VarUI4FromStr` `GetErrorInfo` `RegisterTypeLib` `VariantCopy`
SHLWAPI.dll	`PathFileExistsW`
WININET.dll	`InternetOpenW` `InternetSetOptionW` `InternetCloseHandle` `HttpSendRequestW` `InternetConnectW` `InternetReadFile` `HttpOpenRequestW` `InternetQueryOptionW` `HttpQueryInfoW` `InternetErrorDlg`
msi.dll	`#205` `#70`

Delayed Imports

DllCanUnloadNow

Ordinal	`1`
Address	`0x67d0`

DllGetClassObject

Ordinal	`2`
Address	`0x67f0`

DllInstall

Ordinal	`3`
Address	`0x6a80`

DllRegisterServer

Ordinal	`4`
Address	`0x6910`

DllUnregisterServer

Ordinal	`5`
Address	`0x69d0`

101

Type	`REGISTRY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x65`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.50116`
MD5	`8951ce9cb9a1970980da838826706dd3`
SHA1	`ec36e1501969a2d3373857dc45f1b78f9069e2a1`
SHA256	`0d6aa52ebcb80d19276e61cc3c5e0184b61911fdc70e3838deab4cb64a357a27`
SHA3	`80dc9ef0c90f7d30fcee2169b25d3a7790bdf2beaada90f2d538951df1c0133e`

109

Type	`REGISTRY`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x190`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.35646`
MD5	`19e8c762d689ebbfd9da6b789ffd79dd`
SHA1	`f399c92c79e44aa921a37b03e4feb14b2a1dfe28`
SHA256	`6aece4d9b5de60ffdfae1c1a29187997165c8c5370338d28c417c86573821764`
SHA3	`eda476bca40b30caa486e7d69d40f422100dc2228bfb36350fbab4ce21235727`

112

Type	`REGISTRY`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x145`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.34871`
MD5	`8b31e158014f688ff14e8b9b19f4777f`
SHA1	`42367c25a530755b235a0d4e25725ab17535ae9c`
SHA256	`171ea50ac236e7d8f0bee188d6014b3db9e0b70c55647dfcb992d7c3333e446f`
SHA3	`94c7cb78db74c731e9e0f3349c843a035253646059a9609f74e68b041b83b19e`

114

Type	`REGISTRY`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x138`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.31724`
MD5	`d245266e7f3153036f420b4269394def`
SHA1	`3ffb6030e6429e43470c5bfc654795d56eb4b25d`
SHA256	`4fa13f946036b66e038253894bef045126c2e882470ade68e576250aa0c6efe8`
SHA3	`0f6514c6d2b7462ad27d0401b2806aa51aaaab81a0945e38d6f446fdbe254d3b`

115

Type	`REGISTRY`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x13f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.33656`
MD5	`f7ede154ad2dcaac92e4ac603f107d40`
SHA1	`3587226ce80639eabab00e1cc062c25956717ab3`
SHA256	`ac03e88822939bd7f89cf86618ce612f52638f0d3cafdb3d68a30a416979e315`
SHA3	`f3ffb7359cd53bfd3b480f212a7d84d3b18af707ab2c8782538990e03c8a9619`

116

Type	`REGISTRY`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x142`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.34773`
MD5	`665a3d18f8a192fadb89d78c5d9113b1`
SHA1	`5f09bf85b62c3d4c1d93a5b007a4cd27935079ce`
SHA256	`13a0ec5ef56c986cb919653af2183ac271cfadd368a122d26b55a63fe232b569`
SHA3	`92947913f71c4b72acbdf40687251481c3a78f18bd92253f917f85b6d9415df0`

117

Type	`REGISTRY`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x143`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.29548`
MD5	`61f9aa325448c395677278c61621a057`
SHA1	`719848be8dd4f43543d50f82a64989b8baa92b7d`
SHA256	`7c210fb45091089193f921abcdac3a127ea7f00da14b88c51e0c0473d41b5bf9`
SHA3	`0b33055f3adc3f780fbb7367d2e953bf4a1f6a513402d27f94dd14231c23503f`

118

Type	`REGISTRY`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x28d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.3598`
MD5	`1e920961d7d7a3dd86e158d6954dfea5`
SHA1	`3fef686583749f93b67b739ef1b85687f631ea28`
SHA256	`20b4ab485fe1f117c12447ad731850ddfedecce0308ba45dead351c38ef79cda`
SHA3	`365d0022f6b24e8b3a8ef61b86aae77f0a315cd8703621e6ae496abc465bc04b`

119

Type	`REGISTRY`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x28f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.3485`
MD5	`af08168279f252518fec8c9c61c4f812`
SHA1	`3db0cfad75cadda44e63448b46e9c62cc9fac282`
SHA256	`73ba0e4952f1c8a31268239251c8373571760e0d1ddae2d2566c244f6ccf2edd`
SHA3	`93d07a98bf22c7e8ed576cbb7d2ccfcf5e06b59148c922d3b219ab38fc8e9921`

120

Type	`REGISTRY`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x142`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.35219`
MD5	`80c6eadf7b2c4f9e3984499221b9eb99`
SHA1	`0eed38030153a561dae841af2a72975830e1b687`
SHA256	`3dd5cbbbd2ed803d2089d549938ea8a7266d925f1049def2ea128f2edc1ddbc3`
SHA3	`12e10eea89c19a78f6bdcc4e9983931368a1054b0ef929ee53527e4eba86b578`

121

Type	`REGISTRY`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x145`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.36229`
MD5	`9bde8099ebc113b80c753083c0dfc064`
SHA1	`c8e928d601112682717c40127de425b1d3448a17`
SHA256	`3e0f84f984061a32993e6b66a28a8025d0643c3f84f8a24e9ad7ced944d995c9`
SHA3	`204c4c2a1350357b77aa5ac186e691fe853e979cb50e1e3cf2888d0435e03de6`

122

Type	`REGISTRY`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x142`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.33742`
MD5	`1fe2d6a5fed987f28c8b6cac8405023f`
SHA1	`50104a1146e3ff60f257657f0bfcc32016551da0`
SHA256	`3c43b209378901d9b4d82d313e252cab626adc427f87968a6e61c49a4739fa51`
SHA3	`191b4f4930f645b1d334e16692d5eade97ceeb27773e33ed227f653ff9f6cf3a`

123

Type	`REGISTRY`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x290`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.33594`
MD5	`7582c02dd7759aec02a6207c72c19fdd`
SHA1	`e34777c42a992bfb4128dc529a0c309a34e3456c`
SHA256	`f044cd68a709318596395f54928d202a0bbc902b8105e3ba69ed7c06f0b10f57`
SHA3	`c1e9bb8ab72903f53736f5122705031f9726b94de017baa3d1aa4c4e84f08d0e`

124

Type	`REGISTRY`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x143`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.32193`
MD5	`bf3fc5af919f3a470ffd43ecaa29144d`
SHA1	`22bb6c540d18fb9d03982650ee10f5d3ab9fc9dc`
SHA256	`1488e5dee8b412aab895f6a4e2b5de653ea3322dcce107342140a87a15ee704a`
SHA3	`c0a38104a6b46344770d1b1b6ddfd1ebfcadd9b407dd5f4e25591b20065c775f`

125

Type	`REGISTRY`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x13e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.32159`
MD5	`09128dee623d44c9b8f8fa0556641dd4`
SHA1	`9eb7eb43cd31a340611299c9ba572729e3d11208`
SHA256	`dbdd6b0c4d277c42ebacc2dbc8bbfc5e1407197eb4b2554c36db8f7bd558b815`
SHA3	`4bb8497c051658993eda13de5f1c42d40872f105bf3c725eb4e007d435419b8a`

129

Type	`REGISTRY`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x14b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.35227`
MD5	`23945b1a4d72d4ad12a9a1ac5707cad1`
SHA1	`ef814e1d4c9c31273db2e464d10ba1511a6ef50b`
SHA256	`e62c8840779a31f5b911cac4943bbf0d0befda97319e356c4d294636c78e0538`
SHA3	`d522c5e80e1500c804c208da29a78cff637276fd086933f3d25bfc545b8f01fe`

130

Type	`REGISTRY`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x14a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.35059`
MD5	`95f80a83ef799bf03fc9c6b3457c8b54`
SHA1	`b11be5ca4667386f96276ba441f777ea0f1b3ee6`
SHA256	`86c68a6d5cc74823c99a29f466efee73d696b6dd4ff6a0a688a7ef3763d40871`
SHA3	`cab8b78bec136ce828823ad8eeead04ee10c666d60add7719ed2afd97660a118`

131

Type	`REGISTRY`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x141`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.36076`
MD5	`74747e85371d00cee113c0f0d0d46ec5`
SHA1	`93c5aa8c0e0773f82418676aea351429e7343127`
SHA256	`939dc6246a8d8de744949fba5900f7ce78fd53ab740d734b52a4f37113fbcd48`
SHA3	`3f4f37d9fff6ed37021d56822ca445c180fa286e85a7087cfa44c478c73f71e8`

132

Type	`REGISTRY`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x141`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.33596`
MD5	`d337fe81aa0c539bacbb474cad72eb87`
SHA1	`eeca05c37771e1ff928b44b7505e3ea285c22454`
SHA256	`87b5e698ce708603a0964190f2f10187299c5b91b83bef15b0ee891332f2b314`
SHA3	`5af566d75f609c5e933b7487b05b2fe70f8ea524bfca02cbd4e0aa3c4b05c864`

1

Type	`TYPELIB`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4b6c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.2886`
MD5	`356d6c1476f9100106f9ba98610a44c8`
SHA1	`9bd449d6d1ab6b5f7f0082f41026f9294103eb7e`
SHA256	`7128fc6ff24e73a3f44f31bcda7d100361420fa700ced03e071d358b26f4a61e`
SHA3	`0f38605581b3122bd7ac63823877b4c7f5b5ad4aad9f01087e50e717a10cb60a`

7

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.7593`
MD5	`d7acdd03e7f2119501737b01f31b2ad9`
SHA1	`c1069a51247214b1509b52a668fb0174825d4f2b`
SHA256	`2991496bf3f9164eb3420bbfb1ee015c0a886f8c5a92658be43df7add1a1f662`
SHA3	`18ef2bd9c3c348c10476e38f2abeb78774de6590a94d6ded51c7bb6b34f88518`

8

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x9e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.95482`
MD5	`f7bd3325ce65774f5ea2ba7d9eaa1e98`
SHA1	`917ae490cf37a538fec5bd9d30fcfd0db7d0da2d`
SHA256	`209b587060148254e7acbe891b9f5e56e670895ce4c369ed276a66c7c4ac5b4c`
SHA3	`b8b6f7c1ea7f1ceeb86be8bf929605e13223e57645b4bd8ad02a8a2f92395bcc`

9

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.3288`
MD5	`411db97dacfcab49a309a301da8c469d`
SHA1	`a5e9972b9d8270d95c7382fa07db4f00608f5873`
SHA256	`50818101a359e36cb635cf354706c71e0ddaf99735e2778018cefff8b50e847a`
SHA3	`c036083514c5ef2a4f483d42ddc1cc9d002f835ec2870ffaa1c0b86a791faa17`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2dc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.40215`
MD5	`3670590bd6d02e040f1c2fd33d0d48e1`
SHA1	`4c545ec27f943243a6836df87b6e9165bc15bc0a`
SHA256	`aeb3decd573efb78c2186c45678188b6e9a7b9c16d3319f514a50776f920768a`
SHA3	`4ab675616f69c4398bce08749319e2ad6eee28c6b3af04aebc185e65d4883e78`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

String Table contents

PDF Architect 8
{E9048F8E-A294-4148-98DC-BEECF15E6C03}
PDF Architect 8 Installer
{3A9A27DE-E9E8-4397-99AC-4B28B69B14A2}

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	5.0.1.0
ProductVersion	5.0.1.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	© pdfforge GmbH.
FileVersion (#2)	5.0.1.0
LegalCopyright	© pdfforge GmbH. All rights reserved.
InternalName	analytics.dll
OriginalFilename	analytics.dll
ProductName	PDF Architect 8
ProductVersion (#2)	5.0.1.0

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2021-Nov-15 15:02:14
Version	`0.0`
SizeofData	`105`
AddressOfRawData	`0x184028`
PointerToRawData	`0x183428`
Referenced File	D:\TemporaryBuilds\installer_builder_1\172\s\_bin\architect8\Win32\analytics.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2021-Nov-15 15:02:14
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x184094`
PointerToRawData	`0x183494`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2021-Nov-15 15:02:14
Version	`0.0`
SizeofData	`1004`
AddressOfRawData	`0x1840a8`
PointerToRawData	`0x1834a8`

TLS Callbacks

StartAddressOfRawData	`0x101844a4`
EndAddressOfRawData	`0x101844ac`
AddressOfIndex	`0x101b9a10`
AddressOfCallbacks	`0x10151564`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`0x100E6F90`

Load Configuration

Size	`0xbc`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1019b1d8`
SEHandlerTable	`0x10183110`
SEHandlerCount	`966`

RICH Header

XOR Key	`0xae27b167`
Unmarked objects	`0`
ASM objects (27412)	`21`
C++ objects (27412)	`210`
262 (27412)	`1`
253 (28518)	`2`
C objects (VS 2015/2017/2019 runtime 29804)	`16`
ASM objects (VS 2015/2017/2019 runtime 29804)	`25`
C++ objects (VS 2015/2017/2019 runtime 29804)	`96`
C objects (27412)	`29`
C++ objects (VS2019 Update 7 (16.7.1) compiler 29111)	`5`
C++ objects (VS2019 Update 9 (16.9.2-3) compiler 29913)	`4`
Imports (27412)	`21`
Total imports	`276`
C++ objects (28106)	`72`
C++ objects (VS2019 Update 3 (16.3) compiler 28107)	`3`
265 (VS2019 Update 9 (16.9.2-3) compiler 29913)	`53`
Exports (VS2019 Update 9 (16.9.2-3) compiler 29913)	`1`
Resource objects (VS2019 Update 9 (16.9.2-3) compiler 29913)	`1`
151	`1`
Linker (VS2019 Update 9 (16.9.2-3) compiler 29913)	`1`

27b324afa019a5cf99de908614e0e80f

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

DllCanUnloadNow

DllGetClassObject

DllInstall

DllRegisterServer

DllUnregisterServer

101

109

112

114

115

116

117

118

119

120

121

122

123

124

125

129

130

131

132

1

7

8

9

1 (#2)

2

String Table contents

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors