Manalyze report for 2b5adc75d0f3423aba0da1b1c370f6d1

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Aug-30 17:16:30
Detected languages	English - United States
FileDescription
FileVersion	`1.1.30.01`
InternalName
LegalCopyright
OriginalFilename
ProductName
ProductVersion	`1.1.30.01`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++` `Microsoft Visual C++ v6.0`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress LoadLibraryW` `Functions which can be used for anti-debugging purposes: FindWindowW` `Code injection capabilities: WriteProcessMemory OpenProcess VirtualAllocEx` `Code injection capabilities (PowerLoader): FindWindowW GetWindowLongW` `Can access the registry: RegisterHotKey RegDeleteKeyW RegSetValueExW RegCreateKeyExW RegQueryValueExW RegEnumKeyExW RegEnumValueW RegQueryInfoKeyW RegOpenKeyExW RegCloseKey RegDeleteValueW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: CreateFileW GetTempPathW` `Uses functions commonly found in keyloggers: GetAsyncKeyState AttachThreadInput CallNextHookEx GetForegroundWindow MapVirtualKeyW` `Memory manipulation functions often used by packers: VirtualProtect VirtualAllocEx` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Interacts with services: OpenSCManagerW` `Enumerates local disk drives: GetDriveTypeW GetVolumeInformationW` `Manipulates other processes: WriteProcessMemory ReadProcessMemory OpenProcess` `Can take screenshots: PrintWindow GetDC FindWindowW BitBlt CreateCompatibleDC` `Reads the contents of the clipboard: GetClipboardData` `Can shut the system down or lock the screen: ExitWindowsEx`
Info	The PE's resources present abnormal characteristics.	`Resource 1 is possibly compressed or encrypted.`
Malicious	VirusTotal score: 27/70 (Scanned on 2019-10-29 00:08:16)	`MicroWorld-eScan: Gen:Variant.Strictor.219451` `FireEye: Gen:Variant.Strictor.219451` `CAT-QuickHeal: Trojan.Riskware` `McAfee: Artemis!2B5ADC75D0F3` `K7GW: Riskware ( 0040eff71 )` `K7AntiVirus: Riskware ( 0040eff71 )` `Arcabit: Trojan.Strictor.D3593B` `Symantec: Trojan.Gen.2` `APEX: Malicious` `BitDefender: Gen:Variant.Strictor.219451` `NANO-Antivirus: Trojan.Win32.Taskun.gayftt` `Ad-Aware: Gen:Variant.Strictor.219451` `Emsisoft: Gen:Variant.Strictor.219451 (B)` `Zillya: Trojan.DiscoStealer.Win32.10` `McAfee-GW-Edition: BehavesLike.Win32.Dropper.th` `Jiangmin: Trojan.Banker.ClipBanker.fq` `Webroot: W32.Malware.Gen` `MAX: malware (ai score=85)` `Antiy-AVL: Trojan[Banker]/Win32.ClipBanker` `Microsoft: Trojan:Win32/Generic!BV` `AegisLab: Trojan.Win32.Strictor.4!c` `VBA32: BScope.TrojanPSW.MSIL.DiscoStealer` `ALYac: Gen:Variant.Strictor.219451` `TrendMicro-HouseCall: TROJ_GEN.R002H09IS19` `Rising: Trojan.Generic@ML.91 (RDMK:X5c6JJqa4wD80pcqrlM+4A)` `GData: Gen:Variant.Strictor.219451` `AVG: FileRepMalware`

Hashes

MD5	`2b5adc75d0f3423aba0da1b1c370f6d1`
SHA1	`bb686ec5a4140a50a1511d4f55bbafb8e3186391`
SHA256	`8b8e8e968d6b9e495655e72756bc291d75ddc950dee9d7a9a5d3a62214fd5e7c`
SHA3	`9721c4cbd2103bef3afa7481cf6b96a5d0a11c12e3b16e7b76535146ca9ab0fa`
SSDeep	`24576:8XlnERbIaz+/lFvylKp90B6U2l6bLemSkt3Of3ciufDM+HaEIsB5J:8s9vJZAsiu4+pF`
Imports Hash	`02c33d1cf16ce5ece029fcaa81b0de14`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2019-Aug-30 17:16:30
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`10.0`
SizeOfCode	`0xdc800`
SizeOfInitializedData	`0x3c600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000C70AD (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xde000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x123000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x400000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`31bed194c40d428c678258e4640f06bb`
SHA1	`d8092b7933a16a3ea2bd396ef0fc97e9c7fc0034`
SHA256	`69ddcb510ea28d804e5c9c4be455b7e6668c02b26b6891a8300fb7d02cd29f92`
SHA3	`a6b9265cd902548a163b4bca3aed79b079c807519fea8eeea644448f21b5d38c`
VirtualSize	`0xdc696`
VirtualAddress	`0x1000`
SizeOfRawData	`0xdc800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.60529`

.rdata

MD5	`abfa3b1de86eb0c10f9a646292eac202`
SHA1	`0fd4d22725bbc8200528e39f62dfed6e8d6bb4e1`
SHA256	`7dc4dff826177c21afb48f0e378a73f8053b7e731a3d252c14b4cfb5ac5df831`
SHA3	`dbcac719a7e319b2a6613cfb71f0382c8c2ce32e3d0ed0e268cb93b73358a248`
VirtualSize	`0x2fafe`
VirtualAddress	`0xde000`
SizeOfRawData	`0x2fc00`
PointerToRawData	`0xdcc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.4498`

.data

MD5	`150d5a0c1a3327933ee2bc3587fcfcfb`
SHA1	`d7a873b913e37e7169a29c9cf8d83b852b512f5c`
SHA256	`85fcd0f159a27c0b0e150e6e1fe5a10ad0d2aa99573f7da9169bb2e4acea2402`
SHA3	`b7ef3b2b746ab99d7e0d445813c83f9189d4267376c774e8a60424e7f81626c1`
VirtualSize	`0xb978`
VirtualAddress	`0x10e000`
SizeOfRawData	`0x3c00`
PointerToRawData	`0x10c800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.19015`

.rsrc

MD5	`5a9c6b12a4b088961280631c2ab49f3c`
SHA1	`78b8b561f03496be88ae59c4a924adc73eedd405`
SHA256	`493f1998fd63f3cd32622e72e802f63682ddc12e5ca17c58ad564452172c17e9`
SHA3	`3b0725ce367cd8d092d3b32003bddd3261152e15301faf1f799c5d59cf9bf851`
VirtualSize	`0x8c30`
VirtualAddress	`0x11a000`
SizeOfRawData	`0x8e00`
PointerToRawData	`0x110400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.47044`

Imports

WSOCK32.dll	`#116` `#11` `#52` `#57` `#115`
WINMM.dll	`mixerSetControlDetails` `waveOutGetVolume` `joyGetPosEx` `mixerGetControlDetailsW` `mixerOpen` `mixerGetDevCapsW` `mixerGetLineControlsW` `waveOutSetVolume` `mixerClose` `mciSendStringW` `joyGetDevCapsW` `mixerGetLineInfoW`
VERSION.dll	`VerQueryValueW` `GetFileVersionInfoW` `GetFileVersionInfoSizeW`
COMCTL32.dll	`ImageList_Create` `CreateStatusWindowW` `ImageList_ReplaceIcon` `InitCommonControlsEx` `ImageList_GetIconSize` `ImageList_Destroy` `ImageList_AddMasked`
PSAPI.DLL	`GetModuleBaseNameW` `GetModuleFileNameExW`
KERNEL32.dll	`FindClose` `FileTimeToLocalFileTime` `SetEnvironmentVariableW` `Beep` `MoveFileW` `OutputDebugStringW` `CreateProcessW` `GetFileAttributesW` `TerminateProcess` `WaitForSingleObject` `GetExitCodeProcess` `PeekNamedPipe` `ReadFile` `WriteProcessMemory` `ReadProcessMemory` `GetCurrentProcessId` `OpenProcess` `SetPriorityClass` `SetLastError` `GetEnvironmentVariableW` `GetLocalTime` `GetDateFormatW` `GetTimeFormatW` `GetDiskFreeSpaceW` `SetVolumeLabelW` `CreateFileW` `DeviceIoControl` `GetDriveTypeW` `GetVolumeInformationW` `CreateDirectoryW` `WriteFile` `DeleteFileW` `FindResourceW` `LoadResource` `LockResource` `SizeofResource` `SetFileAttributesW` `LocalFileTimeToFileTime` `SetFileTime` `GetFileSizeEx` `GetSystemTime` `GetSystemDefaultUILanguage` `GetComputerNameW` `GetWindowsDirectoryW` `GetTempPathW` `GetFullPathNameW` `GetShortPathNameW` `FindNextFileW` `LeaveCriticalSection` `VirtualProtect` `QueryDosDeviceW` `CompareStringW` `RemoveDirectoryW` `CopyFileW` `FormatMessageW` `GetACP` `CreatePipe` `GetStdHandle` `GetPrivateProfileStringW` `GetVersion` `GetPrivateProfileSectionW` `GetPrivateProfileSectionNamesW` `WritePrivateProfileStringW` `WritePrivateProfileSectionW` `SetEndOfFile` `GetFileType` `SetFilePointerEx` `SetFilePointer` `SystemTimeToFileTime` `FileTimeToSystemTime` `GetFileSize` `VirtualAllocEx` `VirtualFreeEx` `EnumResourceNamesW` `LoadLibraryExW` `GlobalSize` `GetFileInformationByHandle` `CreateFileMappingW` `MapViewOfFile` `UnmapViewOfFile` `InterlockedDecrement` `InterlockedIncrement` `GetStartupInfoW` `HeapSetInformation` `GetCommandLineW` `HeapQueryInformation` `HeapSize` `HeapReAlloc` `HeapFree` `ExitProcess` `HeapAlloc` `TlsSetValue` `TlsFree` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsDebuggerPresent` `HeapCreate` `InitializeCriticalSectionAndSpinCount` `FindFirstFileW` `GetModuleFileNameW` `DeleteCriticalSection` `GetCPInfo` `WideCharToMultiByte` `MultiByteToWideChar` `FreeLibrary` `GetModuleHandleW` `GetLastError` `CreateMutexW` `CloseHandle` `GetExitCodeThread` `SetThreadPriority` `CreateThread` `GetStringTypeExW` `lstrcmpiW` `GetCurrentThreadId` `GlobalUnlock` `GlobalFree` `GlobalAlloc` `GlobalLock` `GetCurrentDirectoryW` `SetErrorMode` `InitializeCriticalSection` `SetCurrentDirectoryW` `Sleep` `GetTickCount` `MulDiv` `GetVersionExW` `GetModuleHandleA` `GetProcAddress` `LoadLibraryW` `GetSystemTimeAsFileTime` `GetCurrentProcess` `GetProcessTimes` `GetOEMCP` `IsValidCodePage` `TlsAlloc` `SetHandleCount` `IsProcessorFeaturePresent` `GetStringTypeW` `LCMapStringW` `RaiseException` `RtlUnwind` `GetConsoleCP` `GetConsoleMode` `FreeEnvironmentStringsW` `TlsGetValue` `GetEnvironmentStringsW` `QueryPerformanceCounter` `FlushFileBuffers` `WriteConsoleW` `SetStdHandle` `GetProcessHeap` `EnterCriticalSection` `VirtualQuery`
USER32.dll	`GetMenuStringW` `ExitWindowsEx` `SetMenu` `FlashWindow` `GetPropW` `SetPropW` `RemovePropW` `MapWindowPoints` `RedrawWindow` `SetParent` `GetClassInfoExW` `GetAncestor` `UpdateWindow` `GetMessagePos` `GetClassLongW` `DefDlgProcW` `CallWindowProcW` `CheckRadioButton` `IntersectRect` `GetUpdateRect` `PtInRect` `CreateDialogIndirectParamW` `CreateAcceleratorTableW` `DestroyAcceleratorTable` `InsertMenuItemW` `SetMenuDefaultItem` `RemoveMenu` `SetMenuItemInfoW` `IsMenu` `GetMenuItemInfoW` `CreateMenu` `CreatePopupMenu` `SetMenuInfo` `AppendMenuW` `DestroyMenu` `TrackPopupMenuEx` `DrawIcon` `PrintWindow` `GetDesktopWindow` `CopyImage` `CreateIconIndirect` `CreateIconFromResourceEx` `EnumClipboardFormats` `GetWindow` `BringWindowToTop` `MessageBoxW` `GetTopWindow` `SetRect` `GetIconInfo` `SetWindowTextW` `IsWindowVisible` `CheckMenuItem` `LoadImageW` `GetSubMenu` `SetClipboardViewer` `LoadAcceleratorsW` `EnableMenuItem` `GetMenu` `CreateWindowExW` `LoadCursorW` `DestroyIcon` `DestroyWindow` `IsCharAlphaW` `FillRect` `VkKeyScanExW` `MapVirtualKeyExW` `GetKeyboardLayoutNameW` `ActivateKeyboardLayout` `GetGUIThreadInfo` `GetWindowTextW` `mouse_event` `WindowFromPoint` `GetSystemMetrics` `keybd_event` `SetKeyboardState` `GetKeyboardState` `GetCursorPos` `GetAsyncKeyState` `AttachThreadInput` `SendInput` `UnregisterHotKey` `RegisterHotKey` `PostQuitMessage` `SendMessageTimeoutW` `UnhookWindowsHookEx` `SetWindowsHookExW` `PostThreadMessageW` `IsCharAlphaNumericW` `IsCharUpperW` `IsCharLowerW` `ToUnicodeEx` `GetKeyboardLayout` `CallNextHookEx` `CharLowerW` `ReleaseDC` `GetDC` `OpenClipboard` `GetClipboardData` `GetClipboardFormatNameW` `CloseClipboard` `SetClipboardData` `EmptyClipboard` `PostMessageW` `FindWindowW` `EndDialog` `IsWindow` `DispatchMessageW` `TranslateMessage` `ShowWindow` `GetMenuItemID` `GetMenuItemCount` `GetSystemMenu` `GetLastInputInfo` `GetCursor` `ClientToScreen` `MessageBeep` `SetDlgItemTextW` `GetDlgItem` `SendDlgItemMessageW` `DialogBoxParamW` `SetForegroundWindow` `ChangeClipboardChain` `DefWindowProcW` `CountClipboardFormats` `SetWindowLongW` `ScreenToClient` `IsDialogMessageW` `SendMessageW` `IsWindowEnabled` `GetWindowLongW` `GetKeyState` `TranslateAcceleratorW` `KillTimer` `DrawIconEx` `GetSysColorBrush` `GetSysColor` `RegisterWindowMessageW` `IsIconic` `IsZoomed` `EnumWindows` `GetWindowTextLengthW` `EnableWindow` `InvalidateRect` `SetLayeredWindowAttributes` `SetWindowPos` `SetWindowRgn` `SetFocus` `SetActiveWindow` `EnumChildWindows` `MoveWindow` `GetQueueStatus` `GetWindowRect` `GetClientRect` `SystemParametersInfoW` `PeekMessageW` `GetFocus` `GetClassNameW` `GetWindowThreadProcessId` `GetForegroundWindow` `GetMessageW` `SetTimer` `GetParent` `GetDlgCtrlID` `CharUpperW` `IsClipboardFormatAvailable` `AdjustWindowRectEx` `MapVirtualKeyW` `DrawTextW` `RegisterClassExW`
GDI32.dll	`GetCharABCWidthsW` `SetBkMode` `GetClipBox` `CreatePatternBrush` `SetBrushOrgEx` `GetCurrentObject` `CreateBitmap` `CreateDIBSection` `GetPixel` `SetDIBits` `EnumFontFamiliesExW` `GdiFlush` `FillRgn` `GetClipRgn` `BitBlt` `ExcludeClipRect` `SetTextColor` `SetBkColor` `GetSystemPaletteEntries` `GetDIBits` `CreateCompatibleDC` `CreatePolygonRgn` `CreateRectRgn` `CreateRoundRectRgn` `CreateEllipticRgn` `DeleteDC` `GetObjectW` `GetTextMetricsW` `GetTextFaceW` `SelectObject` `GetStockObject` `CreateDCW` `CreateSolidBrush` `CreateFontW` `CreateCompatibleBitmap` `GetDeviceCaps` `DeleteObject`
COMDLG32.dll	`GetOpenFileNameW` `GetSaveFileNameW` `CommDlgExtendedError`
ADVAPI32.dll	`RegDeleteKeyW` `RegSetValueExW` `RegCreateKeyExW` `RegQueryValueExW` `AdjustTokenPrivileges` `LookupPrivilegeValueW` `OpenProcessToken` `CloseServiceHandle` `UnlockServiceDatabase` `LockServiceDatabase` `OpenSCManagerW` `GetUserNameW` `RegEnumKeyExW` `RegEnumValueW` `RegQueryInfoKeyW` `RegOpenKeyExW` `RegCloseKey` `RegConnectRegistryW` `RegDeleteValueW`
SHELL32.dll	`DragQueryPoint` `SHEmptyRecycleBinW` `SHFileOperationW` `SHGetPathFromIDListW` `SHBrowseForFolderW` `SHGetDesktopFolder` `SHGetMalloc` `SHGetFolderPathW` `ShellExecuteExW` `Shell_NotifyIconW` `DragFinish` `DragQueryFileW` `ExtractIconW`
ole32.dll	`OleInitialize` `OleUninitialize` `CoCreateInstance` `CoInitialize` `CoUninitialize` `CLSIDFromString` `CoGetObject` `StringFromGUID2` `CreateStreamOnHGlobal`
OLEAUT32.dll	`#20` `#35` `#418` `#24` `#18` `#23` `#22` `#148` `#21` `#17` `#16` `#19` `#11` `#27` `#2` `#12` `#9` `#15` `#6` `#7`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.07839`
MD5	`1b87319d6556fa45708a7297fbbead24`
SHA1	`2d32d82a6ef1530c04b13226b772831e4e93b405`
SHA256	`7f38374c152d9bfe22466f763943bcc1fbe61a01e48868ea58e7cdb8061029ea`
SHA3	`3021308280feee1a98edde7b0e20c8f5163a0e2a0cecab669bda8a4843b6c645`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.43165`
MD5	`0e0c09835ec031923b863774f443379b`
SHA1	`fd1f385e83caaa1633e9db85919d0505b313455e`
SHA256	`b1499b8e7ce2a8406a57a3c4e9754f79f6b484fc765d18757bc0e6d941f59b61`
SHA3	`9e8cce0aac11506e80eaabeaba2a6f8944348e65c3f78d788daf0968dc811ca9`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.84157`
MD5	`1c93a14c5a485c11350ef568f5e423c1`
SHA1	`bead6553859c4ec6e647551a19b224dc2357fc5f`
SHA256	`ae6b56a4aabbeb5d22f508ed6d1522ba6e5b668d1ffb05e4d9cee348a14197cd`
SHA3	`5719b4dc9bcc5a323c95d760317d4a5b737343f709eee16eddf819e8054ee6dd`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.3349`
MD5	`266626c8655c67b9530c361ca939f01d`
SHA1	`4f799d89f7255ef58628605cc0f37a3420925a3d`
SHA256	`1bfebd87e8f7129fe598c91a87ff03e7962b95af723ea024faf9549e6442aa84`
SHA3	`85b69f2f4e1bfa507c52634afc60ad29f41321a0a4526654693b1dd7a6f516d9`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.46964`
MD5	`fbbd1dfd9481f55d0e9ebc890ce09c3c`
SHA1	`cbfd96b3e1c556af63424b3a153def765077b8fb`
SHA256	`5ef6e7b16676575434a274b3654dcc6c4934adcb5c86ee31939720568578d2c0`
SHA3	`108eb4ba2bc3e913cec2e0d5cd215901fb0f4ebffc7fbd7679673ea2c735a609`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.56056`
MD5	`9104d9f5acc220ac5a9a1c29a283e42d`
SHA1	`7e274a143071c4d7801c07669074cd8fa2972047`
SHA256	`e773c795d1dbb9bf8cd8f73f12c4f02c047f58dc516be4a629fe807610476917`
SHA3	`8cd4a3f7555bedc4ecddbcb83b34780f450c902a91ddda511b41f9b6f1c21103`

211

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.37124`
MD5	`2cfd05e0e8346abd1be8b6933d0684ad`
SHA1	`898c4f11bceec1fb399cc9e0f305e09b9a2df803`
SHA256	`c0306fb5f7462e74df09e5e0627c01a238f291bbdc89c24c0ea1f46e7341ab5a`
SHA3	`8f3778cee4660e3c85805aa4bce2602547080ca7cfc425029bce1441a5af9a1f`

205

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xe8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82326`
MD5	`fec66af562e184a3acd4ada5b1603016`
SHA1	`fe5cd5d19cfc12992d23a18db8edaf1c06f610c2`
SHA256	`0b54b12fc56db7f7a5a366544081e75cfd312d6db7dd0b298b8088ad2f748908`
SHA3	`36780025f039a7044aac6d427f489314299b398567b3b737bb5f229278d74563`

212

Type	`RT_ACCELERATOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x48`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.96144`
MD5	`7fb94687aa0fe2b18873dba5ac59ab1d`
SHA1	`e19e8d6b0e33da063de27c83fa0bab4058513332`
SHA256	`86286a59831ad1d0d84eb411ae6fa236b21bca5d3ebfc93a59cf4b6bf1d466d0`
SHA3	`33011788d35d1127a1ee6fbdb975c0d4ef6b36d3896e0d27d3f75f0ff68e3aec`

E0K6S8S2S6X1I69S63YF

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x5ca4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.83326`
MD5	`d9b7e3cb005c84e5dea2bf8572f67f06`
SHA1	`74eff765880ce1fe370979e223182aa7725362a2`
SHA256	`d86d2c45c8491b45fdd44717c798d6d8763efe994943ee330505b42d7f5ae060`
SHA3	`489a68fa6714880129232ae81a19b8df78b81dbe3c5b7966677f131df9bf5acc`

159

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.46809`
Detected Filetype	Icon file
MD5	`5a75eadf761045e41da0583e07fee243`
SHA1	`4171d72383c2734075a665b2132e8d43033f216a`
SHA256	`3b5cb3fd3ac04786e15665e415cf54f74fd9c642b6faf7a37f9e6b5d586e0c5b`
SHA3	`d607eac97e76fa9ece7c679db5ad671efc814ab0f2fb06e9f4a98d5b165c971b`

160

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.02322`
Detected Filetype	Icon file
MD5	`6a368971d47678239d334269be28300e`
SHA1	`9fcfe92b319b372d6d59c9096cf13e9662e8299f`
SHA256	`45de95e2bc9da2d99016c89cba3816940f7ddb7f044c6d34b5f5c168c3b638ff`
SHA3	`10b30bfdab83169af38b453132bc26884230b58321aab1e2ebd88135cfae8457`

206

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.9815`
Detected Filetype	Icon file
MD5	`40c1414025bcc34e7ba97fd22bc9f5a4`
SHA1	`b53a6a13513b5205cef6fc6d7556ad80d8b62173`
SHA256	`d6659139f55adad2497df8d1a11fcd68324a00ccdadbc133ddd49fb79e9ccc1c`
SHA3	`88c00f73975983695c16e34c6a1750573250999152f5399a198b799e76349720`

207

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.0815`
Detected Filetype	Icon file
MD5	`9b2193af49fdb53892356f594e9f18b9`
SHA1	`448aa28721dd65475b37505de8140d88d5aa1501`
SHA256	`9b8ca9c6a330d0d17d1108ab5442d60ea574817a65caa860cceb24313cc4f0e4`
SHA3	`46527c3333b02958fd025cfdaa12d481f8505aa77c1cd0b5f15348e870530116`

208

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.0815`
Detected Filetype	Icon file
MD5	`5f51cbb6145d3a4c36cffa3b028b0199`
SHA1	`b2bbd2afcfa1c44725bf90df8948792d3bc7fb97`
SHA256	`fbb52a958caa73dce023ce27649d69f8886e86b5706e767153c41dde7b5eebf9`
SHA3	`93f253b05e0e42147b5a9000d421c3e105df42f9fafae5147c4e9a09958e3f79`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1fc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.22709`
MD5	`dbd380bba34322c2c07b8875d38106ce`
SHA1	`9491063445b2484b2d7523af3aa8c1abe02621c8`
SHA256	`a84b0acf0e4a6ade533e6e8363ecac8dab27f21b3653087cad6347d1f63baa79`
SHA3	`fc67b3cecdbae64013b784b2320b4a4c402d2055ddd440aa2f7ea7e18d44b8ed`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x487`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.33598`
MD5	`860e627ae4633ebb9326e5a97f4c6cbd`
SHA1	`a2a09d7cc70c02b32b872c87d1a4817275cdca54`
SHA256	`29683761de7899822f4792623368bab484d93e2077fa91fc48c9d75a9d0228c7`
SHA3	`8407bd21860ad62fb4fadb9c8d3081ce755f71d75155c1d16ecddafe1bd8d94c`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.1.30.1
ProductVersion	1.1.30.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
FileDescription
FileVersion (#2)	1.1.30.01
InternalName
LegalCopyright
OriginalFilename
ProductName
ProductVersion (#2)	1.1.30.01

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xbb16a54c`
Unmarked objects	`0`
C++ objects (VS2010 build 30319)	`55`
C objects (VS2010 build 30319)	`150`
C objects (VS2008 SP1 build 30729)	`7`
Imports (VS2008 SP1 build 30729)	`27`
Total imports	`464`
ASM objects (VS2010 build 30319)	`35`
175 (VS2010 build 30319)	`53`
Resource objects (52519)	`1`
Linker (VS2010 build 30319)	`1`

2b5adc75d0f3423aba0da1b1c370f6d1

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

Imports

Delayed Imports

1

2

4

5

6

7

211

205

212

E0K6S8S2S6X1I69S63YF

159

160

206

207

208

1 (#2)

1 (#3)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors