Manalyze report for 2855f7bbf4ee5737e32e6dc2c43f91d705848b9a708fe095439cb82ff89f7289

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2017-Apr-19 08:20:26
Detected languages	English - United States Korean - Korea

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: \x00` `Section \x00 is both writable and executable.` `Unusual section name found: .naim\x00G` `Unusual section name found: .idata` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found: jaegsamj` `Section jaegsamj is both writable and executable.` `Unusual section name found: svjwyfda` `Section svjwyfda is both writable and executable.` `The PE only has 2 import(s).`
Info	The PE's resources present abnormal characteristics.	`Resource 210 is possibly compressed or encrypted.` `Resource 211 is possibly compressed or encrypted.` `Resource 127 is possibly compressed or encrypted.` `Resource 128 is possibly compressed or encrypted.` `Resource 202 is possibly compressed or encrypted.` `Resource 203 is possibly compressed or encrypted.` `Resource 204 is possibly compressed or encrypted.` `Resource 3 is possibly compressed or encrypted.` `Resource 4 is possibly compressed or encrypted.` `Resource 6 is possibly compressed or encrypted.` `Resource 7 is possibly compressed or encrypted.` `Resource 8 is possibly compressed or encrypted.` `Resource 9 is possibly compressed or encrypted.` `Resource 10 is possibly compressed or encrypted.` `Resource 11 is possibly compressed or encrypted.` `Resource 12 is possibly compressed or encrypted.`
Info	The PE is digitally signed.	`Signer: Game Cafe Services` `Issuer: Starfield Secure Certificate Authority - G2`
Safe	VirusTotal score: 0/64 (Scanned on 2024-05-20 05:01:53)	`All the AVs think this file is safe.`

Hashes

MD5	`c337597248c5af6926f2d3821767d617`
SHA1	`67766a524452c959e04df30655aeb73af6a1bab8`
SHA256	`2855f7bbf4ee5737e32e6dc2c43f91d705848b9a708fe095439cb82ff89f7289`
SHA3	`06c81e59db03c56300d5d418bc87b2522bbbe6228ad814f0cffa9f51828e85e3`
SSDeep	`98304:PNY0BO4Paok8BDesEFXAKudv1YILdO8OuE9/rs/f:P5A4Paj81esEFXOdKgtEhw3`
Imports Hash	`baa93d47220682c04d92f7797d9224ce`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x138`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`7`
TimeDateStamp	2017-Apr-19 08:20:26
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.1`
SizeOfCode	`0x744000`
SizeOfInitializedData	`0x1be000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00C85000 (Section: svjwyfda)`
BaseOfCode	`0x1000`
BaseOfData	`0x745000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.1`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xc86000`
SizeOfHeaders	`0x1000`
Checksum	`0x47ad18`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_NO_ISOLATION`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

\x00

MD5	`6e385e81bf27c53688397f859b313fc4`
SHA1	`3d343ae874df5bf08377f366d9c2818a356fee24`
SHA256	`a87f3e2f5d49f9d66b7cc46d8780c01701ff952d671de573cb380d0679b70a53`
SHA3	`6d842962e01a30466164bf2ee76f36d878c5866ec59b52b0460b5b12350e5b6e`
VirtualSize	`0xa11000`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2f9000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.91976`

.rsrc

MD5	`e6313f19c4d0b53774ad7db4a2b12516`
SHA1	`2a94f60b7dc044f465a76b1817a9d2119b2fa0cb`
SHA256	`9c36af0e03a60457f1342f5c089d12bf7b66f4ea1e152adfd4d5f588cbb05c0b`
SHA3	`db3b9ec11de90ccf84f005b765022d46935c55b6982970ee4a95af189ac0b6d4`
VirtualSize	`0xa6bd4`
VirtualAddress	`0xa12000`
SizeOfRawData	`0xa7000`
PointerToRawData	`0x2fa000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99688`

.naim\x00G

MD5	`806b95678f41195bee71c880bde50f13`
SHA1	`4151eea54e45f0d5c82cd18c4cbe9a5a32c25f26`
SHA256	`0e95dacc8933960ea0cb56de3c5d2800cc94bc3c2c750e61e25453dca855b419`
SHA3	`27c74e2f0060d845a4c986b9cf5fbd3c821d089dd0500e7d01a671e9f19ac196`
VirtualSize	`0x7460`
VirtualAddress	`0xab9000`
SizeOfRawData	`0x7460`
PointerToRawData	`0x3a1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.09076`

.idata

MD5	`6b13a2b8f53c6dba51671bf9454e371f`
SHA1	`428a989e1cc42e4dccc4916ed84ce533ba7eacd2`
SHA256	`9da1e2eb755b909ec16dcefaecc8402ba701d1c8ddb08a092a5ca331b8b06ad3`
SHA3	`0eef7b72e34dabc748eceaabc9df1c39e6f74444f687489f60941807c80f1237`
VirtualSize	`0x1000`
VirtualAddress	`0xac1000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x3a9000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.220958`

MD5	`c2ca170fbeabb804625143a97231e08a`
SHA1	`1754bdc222aab6bf42079a24a74d934a03538e4a`
SHA256	`e0136c413561930af6434efce863344a667f4e9ba9e725219bd7a03247e1ac58`
SHA3	`230eda916879fd35db8f06f0d2bc9c988077623a17def72362efeae40d3b5d89`
VirtualSize	`0xf9000`
VirtualAddress	`0xac2000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x3aa000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.041681`

jaegsamj

MD5	`b53b676a80959481365605f68140dd95`
SHA1	`d7bead5bf2a9f7c37abc7c600a184dcadc192234`
SHA256	`7232134e0ac7d41355b37c16165a3430f8c79c05e0917f58e8e1247ef36d462e`
SHA3	`ca1b3caed471d88d9f65165f6ef0fb546292f950aec7d1b39f786dd532bdfdfe`
VirtualSize	`0xca000`
VirtualAddress	`0xbbb000`
SizeOfRawData	`0xca000`
PointerToRawData	`0x3ab000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.8942`

svjwyfda

MD5	`bbf75698864cc8ece3250bcffcf25680`
SHA1	`8b4361d6792c4d803689748d9ae5565e3536fdf2`
SHA256	`5e2dfe3c75aa3f83165b0daa224366c7857dc5f93df27db68ed3f28ebf64fc34`
SHA3	`f2099cc393b12b710da05b8eda81043962541098363db082d0ef792a1a98f9c4`
VirtualSize	`0x1000`
VirtualAddress	`0xc85000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x475000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.87046`

Imports

kernel32.dll	`lstrcpy`
comctl32.dll	`InitCommonControls`

Delayed Imports

210

Type	`NP`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0x599f8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99855`
MD5	`ac093334914e626d307b7b09c2eaac7a`
SHA1	`12b9440f9ab304a3c6ce05671d4f50f2132b6692`
SHA256	`969ac55cc2126706c9eccb765bd4462fd3d461fd8b491fcbd7766407dc3e4b29`
SHA3	`66941432c377a9eb71af2f3edfcd06f1af394787a7c3da2a294639d330c4eec7`

211

Type	`NP`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0x13d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.36759`
MD5	`83e56ecf2be9a96f016cbbe1f81187ac`
SHA1	`996d3dba8814a30f6e3b2f33327aea2de7555628`
SHA256	`6fb507e5a09a724c84e6f26c0158b218a0d2061d8ab500f4ffbe2f1c81a0dfa2`
SHA3	`63bf8004c23bf9b2e1332d7364480b5e6a1ca53a34ac2cd628ae5f21eec90204`

127

Type	`TABLE`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0xf4d4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99689`
MD5	`b9769f2b8410a89fd277173536a5e285`
SHA1	`ed6d862c1a2c4cfa176cc226e3247d01ec58ea85`
SHA256	`cc42027cc96e1b970c0e3050d72481b1c1261de4962b414485ce6d7bbf5f1cd4`
SHA3	`70fd1039064d40296b1e4e88c8d5074aba5eb4a765c37bb974b124532cd18084`

128

Type	`TABLE`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0x105fc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99708`
MD5	`590d53571fcecdfdb23353e98f1d3378`
SHA1	`ac107af82eeb5b564145cd2e4b9e97c668e1c3a7`
SHA256	`cf87516fc8dcc0bd7c45bee55a1a7633ad91cf68d3ce2e000042d689a50751e4`
SHA3	`cdc3c8b9b68ab704e4ddb8706e715c95641f533eb98416e9102e100f27440508`

202

Type	`TABLE`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0x10a8c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.9971`
MD5	`383f127308d25c5e36765f21a3fd2418`
SHA1	`21b3c39bad6bc6cd60f05f407c63f66789297677`
SHA256	`ace4b11b0e11f80cef135b4185f7652a1d05ae54898c84aa87ed5a3e7baa9546`
SHA3	`33e3ee342c75c06077fe0ccd098727998983f7c472cf6c61ee8cd25aa1c37c3a`

203

Type	`TABLE`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0x124`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.2717`
MD5	`390770bfce748ff70440e9cf0b435b75`
SHA1	`413d010b0e4fadafd232efd0c3f87cc9efadf324`
SHA256	`9838fb699b54119a947c326db3bb76b243781ef051c74174f37bd2688d8016a5`
SHA3	`f9096c04dc64e5df22f3d4175911e5a3db5f37d20b4466dee38b8396a98e230f`

204

Type	`TABLE`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0x15574`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99797`
MD5	`b1847ea1d00a390c005e66918efdf000`
SHA1	`6c1b5c2b96f08ce6e3fa3ad8d02997ce476efcf4`
SHA256	`57d1b4c84a1c4d6e4f0ce14060d357431ef228f85ecc38f1876d3d6060795b27`
SHA3	`aeb8a936981fd6a551f56876def709a9a6201e30e7e24a2b37ec7c971d67cba8`

3

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.07488`
MD5	`a52bd4bdfafa7d634fc3e6c60baea01f`
SHA1	`64b2cea35133cf7843166588133754d48c78925a`
SHA256	`79bdb406e80daae255f5fc35202ad52a7a061bb813e7ff2dee8e15d3c86cab8a`
SHA3	`c3d86e6153888b5f12b8165b9520cb76e7a51982f0923b17d19c5576d323c22d`

4

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.04192`
MD5	`141a8c9883894f6d56dc289058eeaeba`
SHA1	`808765845d0dd3a20eb4fa3f70831bc1305a689f`
SHA256	`d1fe3fde8aaab8d0bedf0896a6c4ff9486f6dd2d9b9607839b35aacc34d1c702`
SHA3	`66b5c2a35fcced3603c10caa245eaae5dc17dad2a954092c9f88029f84bb47fb`

5

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.97347`
MD5	`ce93fb86b120f1a53773424361f64f1b`
SHA1	`0c00741d7bd3ffb82e7058884e113a89d985c6c9`
SHA256	`8591d311d72d7b0f7890cfd49d75c24fb346c952e480974c931f94a643929266`
SHA3	`b839f2c0f1aed1c73da7d8eb67bc6d68ec18630db87edc3d7da86adda7aeb475`

6

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.32434`
MD5	`5692f678ab345a24d36cf9fb7c298efd`
SHA1	`c49db4e2b8dc5647f4697c73364cc94b7184fc7d`
SHA256	`d92b652927c3322a5e6da1b5cf40b6c4b94f4646f7414aa5671dfac1f47a564c`
SHA3	`959e26d3d7cfaa61dea6d33c12006a2a75bace9c1e4ea2f6b76f3044cd966a7f`

7

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.34311`
MD5	`631e24b89dec1d42a493f717b5f6268d`
SHA1	`cf84257acaf827f1b0f9f7df80cb9750fab9d922`
SHA256	`ac4d320f0ebedcb22e3a72baf69d5ae9995618c5a5401763ba9c750a4f94a687`
SHA3	`effafb4c2e1ee518c120f6e229e2ea27964ba64b7625516538bf9bebd879ccba`

8

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.01528`
MD5	`be57b6321a3119ad0c61d2e977f77f18`
SHA1	`9c1687092ba886f3268d62b03586f611a72d7f13`
SHA256	`d116fef4aca4fc626605cd9740796fea1cd69727896a58ab97520b8e89b41298`
SHA3	`1351b26c12b774dd6993cae5c5fcbb394f95863a2ef3b666122e7fe618f6ca36`

9

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.02169`
MD5	`c021e292f6c02165e9f20b0c7485f891`
SHA1	`5fcf013c4588927315935998091e6aeb8e4e8e1c`
SHA256	`8131f9ec45ab44d6fd4ae201c0e809700390076bfba65f66285483389cbea18b`
SHA3	`82d018c0fbf29936c31d2598ec6d6f83baabc140bdc46440f668fb3c16c8918c`

10

Type	`RT_CURSOR`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0x8ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.56899`
MD5	`9b163c96d8a0298297feed7c640ed275`
SHA1	`80dbd2bb9032f8a949beb8f3c5bdf2c2e6102142`
SHA256	`7d12dd28424b687fef0e43b6289cc0f91a26da329db3a052107d80363f6e6686`
SHA3	`cec28d572cf65f25a3ac4d0f8427a7a1ac7f974640276aa3ca0114ca05f288b6`

11

Type	`RT_CURSOR`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0x8ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.49067`
MD5	`2152ae76850f8a9d670c281eb4d546ce`
SHA1	`ce7b57afbce90c40cd45290e7d519a3bd67ae5c3`
SHA256	`60fa5127ce9f1eb201fe99ec8bbcaafb0d65d8c8282c5d2d40e6aa1a95b7ecce`
SHA3	`100198f7eebc594c61cf4a3b09a3c2fdab3e657c38b8d6d59ef8dc5b26dcc502`

12

Type	`RT_CURSOR`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0x8ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.54481`
MD5	`c69cefa47c4b746295cae8ecbb43e0ec`
SHA1	`051139973376823a30baa200ed3f1aa6296a657d`
SHA256	`0e9a7ab828ac62308e1588b9e520f6c0ba65d148de82d428a29f22d90312b607`
SHA3	`615b9449fbdd3fae7fa4fba61ff9148fb979decb868c014af7cc4cd1eb0737b3`

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.9327`
MD5	`7cadb5b3fda4b4abc9680794d7dbbd8e`
SHA1	`84b9ee169754eb5ae1b247e540a516f110a1a87b`
SHA256	`4551e434638d2f8fd9a81c823f0e0d10821d722dc305ff651546b48be836f23b`
SHA3	`e3dc5534485d0d1d654482caf551131cc0986cad299d7cec3369b8a266305d88`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.60895`
MD5	`c1901f3f05ee9681186b6c8c596cc00a`
SHA1	`f97e02708c4d66295f6f00339a9015994ea28d52`
SHA256	`cad3d9a042e34d13f10c891af8723754b48385a6cfad67e0e1a57aaad3f285dc`
SHA3	`f2c40e9f05f917519d4ed8f58f0aa91f200d1fc4b63432d58fad3736a8c83e51`

201

Type	`RT_ACCELERATOR`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3`
MD5	`03d10ebaa4a80dd45cf67b987b3b246e`
SHA1	`bc6b20e2ca7b4e5357a9f74ca2ec817111a28bed`
SHA256	`76fc78e88abceb4a64e725142782f7007da6585d48a2b93aa313e776515c3a1b`
SHA3	`e5326398f5d648fbc1c80d126d2b218dddf6289704561e982bd73b6730a330d6`

1 (#2)

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.32193`
MD5	`2b6f237807ec1388e138818407c8ee0a`
SHA1	`ff75990aec2c04c15f26b2b2a94ac408ecf9785d`
SHA256	`a97cd408df2cfd604c55b349c2e0027cf705b860ec0cdd225ad669a3f70c33b7`
SHA3	`665b00bdd8610594ae9a8a8fdb85bd9d88816164dbaaf08ad293fe9866eb6334`

2 (#2)

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.22193`
MD5	`188c83f246c6d7a5c475cd636e430683`
SHA1	`6513c9f3c52dc61bf032546292d7f5674691b92c`
SHA256	`83b56f11deb4945a1b105116f3d527e41e6d1f03482a01e77b14caf305a7c6c9`
SHA3	`9082da83583dd5c608148d6212129fd2334179109acc7ba933e57c9a6ad5feb5`

3 (#2)

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.22193`
MD5	`fb0aa3a57dd76b5ab6afd388a3133a98`
SHA1	`0b9ba881fc86d41778423269e98adad55bb5f052`
SHA256	`bb732917e47fb45ed1f1d65547cc69316b6dbe03b1372e9ed5b66d5f1ecd8039`
SHA3	`c062169b2795738cdc9f13f01cf9b65b8efe3fc4c4c0c3a83b93845df089b671`

4 (#2)

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.32193`
MD5	`3059798ee3c8f3a9a65ce4616a8b4a1a`
SHA1	`7f8869b97e59c066c18ccd701343679f51b6ae74`
SHA256	`de72be4032fdaa377644023844cd56130133b1ac78827f27c6b0b63827999c24`
SHA3	`6b3ef22b0e84b1693d7d7948d73ab33fa8dca1ebf9d1edee3da2cd2cce4f01f6`

5 (#2)

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.22193`
MD5	`9be095150486265c94587a67b541abac`
SHA1	`097f1e98d4f60d0bd769410b35a5d10664d0bd0f`
SHA256	`a7f53e14c9232ed8273d1eea18e62641460b7ce45166a9f724eac29b7e1c9006`
SHA3	`a7cc3eeed9d8d2587d25c20edcb312439417a113a620f684603dacf78274e55b`

6 (#2)

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.22193`
MD5	`8fdb6af19027de29dc95b0576d05ee99`
SHA1	`6cf616ff28741197f8a5609fbdf0e4da6e89b216`
SHA256	`2e35bfcb054b1e823cb4ed3f2efefc44876941580fc9aad17ef08464bcd71a1f`
SHA3	`145188ad2aac3480e3e9a32b11343000f3b1ba2677b60fdad94f1a1cdd6553e2`

7 (#2)

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.22193`
MD5	`2fbd173757f2f1dbd40a0cebb7a89700`
SHA1	`1376d668717cec464a354fb84768dd4aa4e57487`
SHA256	`bc1d1b37a7e872ce45bf7221edb94d1d884716c0712e1b7ec73390d6a3007ce9`
SHA3	`76aeac0db831e5538f996d1cf6722f85032f016a111ddad9fb8dcf84779cc2a0`

122

Type	`RT_GROUP_CURSOR`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.22193`
MD5	`e9452477859927913176aebe4981fa59`
SHA1	`c34ef1bc94348dca0092ca3e67412b33dfaf6bfb`
SHA256	`01b7a44374b6fce97af02904dd5dd7eab3db2791ec44819ea060546a72c6515c`
SHA3	`0c4e162133d61c759dd794c9c9dce4f026bb46413efb9e9a836f3c98f7b4cc1b`

123

Type	`RT_GROUP_CURSOR`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.32193`
MD5	`894b847c539cef7f777095289fd52237`
SHA1	`c46eb630a41d0928d4ec8c6ad0c6441d3a26f49f`
SHA256	`431cbf719c94a10f23908ecd89bcf6b3712656f93907b8e821f81c25ba0fc58b`
SHA3	`1e098ba83e086f813498c33019f16649b1cd49088e37ee44a39e525181050462`

124

Type	`RT_GROUP_CURSOR`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.22193`
MD5	`d5749ad52f333ba40a4a36be4c45a5fd`
SHA1	`458b3111f2d8ae75a6b2eecd5ab8a35aa355367b`
SHA256	`5eed2218159389ddedde3c376a8f8035c76ad53588e421fa0987a1e668f6e819`
SHA3	`84ff68ddd066575209c5c0196a13b4de49de5930e3f9f44ad741121bc5c7aa0f`

101

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.32824`
Detected Filetype	Icon file
MD5	`98abddcf0c1dc29c999864264b78c981`
SHA1	`848c0e5121dad30e7b7381e85ddfeea5672366e7`
SHA256	`d58a6a1ee3d9ae7bb5bb4b019a84495af9b55381f295dc7beeaf222d58bd4c36`
SHA3	`791bcb018a1e72465a6006dbcdf1423c8740cdc634f355903df3c7738ba27552`

1 (#3)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x320`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41779`
MD5	`9b5111dd19b79366eabc98f1e1da4a4d`
SHA1	`28b1fd1df0f31bab4481def50d4a2c936a44dba3`
SHA256	`785fb5a77ac3191e415f454243fb333c59f3163acd877e3850860aa692c1e4e2`
SHA3	`611e61e9826b06d639944fea63e8525a380b10f862f5e9510df4924dc9b3840a`

MANIFEST_RESOURCE_ID

Type	`RT_MANIFEST`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0x23c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91577`
MD5	`4d3971723b5899df9b85c39f8301691d`
SHA1	`34ea87c319b3d5b900a0d6903260542b9187026a`
SHA256	`b18c614b6e39a6fd7708702659f23cdc9e03051c7a3bfcfa3de9b5d7e8b1b6f6`
SHA3	`746b532b277f6c6c115946235f9964601bf1b5bc6f51d7e21a3e3a6747bf67cf`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x209`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.92185`
MD5	`40d7966c12157e8608e4703c563af1de`
SHA1	`966dda9ba689f6470160d24673443329403039d5`
SHA256	`1be7a7bb877663bddae8169bf995766e25f8e5222873b60e739a204877aa26c8`
SHA3	`7d5013633bb9ead6463f6084d5c8c69daa09660c65e66ffc79317f9c044e8b99`

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xb9fb26b6`
Unmarked objects	`0`
126 (50327)	`5`
ASM objects (VS2012 build 50727 / VS2005 build 50727)	`66`
C objects (VS2012 build 50727 / VS2005 build 50727)	`214`
49 (9044)	`2`
C objects (2179)	`6`
Imports (VS2012 build 50727 / VS2005 build 50727)	`2`
Linker (VC++ 6.0 SP5 imp/exp build 8447)	`2`
C objects (VC++ 6.0 SP5 build 8804)	`44`
ASM objects (VS2003 (.NET) build 4035)	`6`
C++ objects (VS2003 (.NET) build 4035)	`154`
Imports (VS2003 (.NET) build 4035)	`31`
Total imports	`424`
Unmarked objects (#2)	`3`
C objects (VS2003 (.NET) build 4035)	`17`
C++ objects (VS2012 build 50727 / VS2005 build 50727)	`664`
Resource objects (VS2012 build 50727 / VS2005 build 50727)	`1`
Linker (VS2012 build 50727 / VS2005 build 50727)	`1`

Errors

[!] Error: Could not read a VS_FIXED_FILE_INFO!
[!] Error: Could not read a VS_FIXED_FILE_INFO!
[*] Warning: Could not parse a VERSION_INFO resource!
[!] Error: The number of ICON_DIRECTORY_ENTRIES is bigger than the number of resources in the file.
[*] Warning: Resource 1 is empty!
[!] Error: The number of ICON_DIRECTORY_ENTRIES is bigger than the number of resources in the file.
[*] Warning: Resource 2 is empty!
[!] Error: The number of ICON_DIRECTORY_ENTRIES is bigger than the number of resources in the file.
[*] Warning: Resource 3 is empty!
[!] Error: The number of ICON_DIRECTORY_ENTRIES is bigger than the number of resources in the file.
[*] Warning: Resource 4 is empty!
[!] Error: The number of ICON_DIRECTORY_ENTRIES is bigger than the number of resources in the file.
[*] Warning: Resource 5 is empty!
[!] Error: The number of ICON_DIRECTORY_ENTRIES is bigger than the number of resources in the file.
[*] Warning: Resource 6 is empty!
[!] Error: The number of ICON_DIRECTORY_ENTRIES is bigger than the number of resources in the file.
[*] Warning: Resource 7 is empty!
[!] Error: The number of ICON_DIRECTORY_ENTRIES is bigger than the number of resources in the file.
[*] Warning: Resource 122 is empty!
[!] Error: The number of ICON_DIRECTORY_ENTRIES is bigger than the number of resources in the file.
[*] Warning: Resource 123 is empty!
[!] Error: The number of ICON_DIRECTORY_ENTRIES is bigger than the number of resources in the file.
[*] Warning: Resource 124 is empty!
[*] Warning: [plugin_authenticode] Hashing algorithm 1.2.840.1015.13.2.5 is not supported.

Leave a comment

No comments yet.