Manalyze report for 2b8ad09d1a1ec76623751a0669192443

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2017-Oct-31 08:38:17
Detected languages	English - United States
CompanyName	Cloud Installer
FileDescription	IESettings
FileVersion	`4, 2, 0, 6`
InternalName	IESettings
LegalCopyright	Copyright (C) 2017 Cloud Installer
OriginalFilename	IESettings
ProductName	IESettings
ProductVersion	`4, 2, 0, 6`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA1` `Microsoft's Cryptography API`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress LoadLibraryExA` `Can access the registry: RegQueryInfoKeyW RegDeleteKeyW RegEnumKeyExW RegOpenKeyExW RegDeleteValueW RegCloseKey RegCreateKeyExW RegSetValueExW RegEnumKeyW RegQueryValueExW` `Possibly launches other programs: ShellExecuteW` `Uses Microsoft's cryptographic API: CryptCreateHash CryptAcquireContextW CryptHashData CryptDestroyHash CryptGetHashParam CryptReleaseContext` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc` `Has Internet access capabilities: InternetCloseHandle InternetCrackUrlW InternetOpenW InternetConnectW` `Can take screenshots: GetDC CreateCompatibleDC BitBlt`
Malicious	The PE is possibly a dropper.	`Resource 130 detected as a PE Executable.`
Info	The PE is digitally signed.	`Signer: Cloud Installer` `Issuer: GlobalSign CodeSigning CA - SHA256 - G3`
Malicious	VirusTotal score: 32/66 (Scanned on 2017-11-05 18:55:57)	`MicroWorld-eScan: Gen:Variant.Zusy.260852` `McAfee: StartPage-FAM` `Cylance: Unsafe` `K7GW: Adware ( 00516a1f1 )` `K7AntiVirus: Adware ( 00516a1f1 )` `Arcabit: Trojan.Zusy.D3FAF4` `GData: Gen:Variant.Zusy.260852` `Kaspersky: HEUR:Trojan.Win32.StartPage` `BitDefender: Gen:Variant.Zusy.260852` `NANO-Antivirus: Trojan.Win32.StartPage.esqohz` `Rising: Adware.Agent!1.ADA9 (CLASSIC)` `Ad-Aware: Gen:Variant.Zusy.260852` `Emsisoft: Application.AdSearch (A)` `F-Secure: Gen:Variant.Zusy.260852` `DrWeb: Adware.Downware.18374` `VIPRE: Trojan.Win32.Generic!BT` `Invincea: heuristic` `McAfee-GW-Edition: StartPage-FAM` `Ikarus: PUA.Agent` `Jiangmin: Trojan.StartPage.cop` `Avira: TR/Dropper.onxnv` `Endgame: malicious (high confidence)` `ZoneAlarm: HEUR:Trojan.Win32.StartPage` `AhnLab-V3: PUP/Win32.StartPage.R211933` `ALYac: Gen:Variant.Zusy.260852` `AVware: Trojan.Win32.Generic!BT` `MAX: malware (ai score=85)` `ESET-NOD32: a variant of Win32/Adware.Agent.NSS` `Yandex: PUA.Downware!` `SentinelOne: static engine - malicious` `Cybereason: malicious.1b8fb7` `CrowdStrike: malicious_confidence_90% (D)`

Hashes

MD5	`2b8ad09d1a1ec76623751a0669192443`
SHA1	`a6bc2045041bbc8ede0550905a841bef6e44347a`
SHA256	`514bd237e7a9ae8da02df218b9b093f001d314e9e9bc2bf610302f4c35e611af`
SHA3	`c718adbc61df2d5311bf54a9754302125e5c719ba2444740a381d6f8c49fbdfb`
SSDeep	`12288:VixBNzULnRq4s2v/gvi2nBtZnfVq4cz165pPKpx4CQH2m:237vM/gq2nBLfVqx1eApCt2m`
Imports Hash	`8ba3e30652a2906ffd8ae3e937221272`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2017-Oct-31 08:38:17
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x3fc00`
SizeOfInitializedData	`0xc9400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00020362 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x41000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x10b000`
SizeOfHeaders	`0x400`
Checksum	`0x10c27e`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`458f1c1fc21de0d5409d9045327de201`
SHA1	`2afb9a1cccbdcb6a213d3edbb7fb92317c541733`
SHA256	`022f8a780a85b8cc3d4602193907078cf54d8e454e5ec115cc7c65d5f337abde`
SHA3	`0a798a618f7e50d44f9da70f656634740f2c78d90c2e1a8f8e187423a3e02439`
VirtualSize	`0x3fbf7`
VirtualAddress	`0x1000`
SizeOfRawData	`0x3fc00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.64129`

.rdata

MD5	`f5c619f171110c2b1799b7042f541bff`
SHA1	`75469fda8a9a2bdf204060e9ba9d0174b7ab0357`
SHA256	`97957f5079440dc5216600c194f2a7072a75f3d3a5988a56f97a78572cdeea5a`
SHA3	`a9716fbaba40c4518f8ded29a0c4ca0410ed640fe1fcdc8d9b23b006261b9311`
VirtualSize	`0x15c7e`
VirtualAddress	`0x41000`
SizeOfRawData	`0x15e00`
PointerToRawData	`0x40000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.29602`

.data

MD5	`f3e901c25679fd6a78cbe1c7fa1cfea4`
SHA1	`0781eaf6b06aae2c19ed195c317815bb941a7a49`
SHA256	`cf30d41dc51ad97aa0616aeaf3987da01cc7f33c1d427c5900bb2696af04fcd8`
SHA3	`d67a5230c0eb15094eb1152f67cdf1deb049a351935cbe576ba051acb0d4d33d`
VirtualSize	`0x2c8c`
VirtualAddress	`0x57000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0x55e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.08121`

.rsrc

MD5	`7860165961dc0a55fd975796d1ceadff`
SHA1	`f7cf162ba49dfe94bf7aa5716fda4a47ed2447d4`
SHA256	`c685fb4ea9df95a7dfed9916b8d6eec404ce4939df2c2405d1df13b089ecef38`
SHA3	`52a5eb10e1a6e63246650d1b6d0c4f64baadfcdab853ac65b96453105223ad8f`
VirtualSize	`0xac980`
VirtualAddress	`0x5a000`
SizeOfRawData	`0xaca00`
PointerToRawData	`0x57c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.57296`

.reloc

MD5	`db8d0a17c6f484e61b2674cc26b2c25d`
SHA1	`61762d04c956a9f1c89671280e3197e3d5825844`
SHA256	`938490961d7711690ffb4ad77b416b8c5b8065d7538dc4128176533702867ed2`
SHA3	`99caa51d75b9a30fe4bd8789818a5285eeb9a7e4118003a9316dd542aa10fdcb`
VirtualSize	`0x3c3c`
VirtualAddress	`0x107000`
SizeOfRawData	`0x3e00`
PointerToRawData	`0x104600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.54049`

Imports

OLEACC.dll	`AccessibleObjectFromWindow`
KERNEL32.dll	`InterlockedIncrement` `lstrcmpiW` `LoadLibraryExW` `TlsSetValue` `LeaveCriticalSection` `InterlockedDecrement` `EnterCriticalSection` `WideCharToMultiByte` `GetCurrentProcessId` `CreateThread` `MultiByteToWideChar` `SetFileAttributesW` `GetFileAttributesW` `GetProcessId` `GetModuleFileNameW` `CreateDirectoryW` `MulDiv` `GetModuleHandleW` `FindResourceW` `ReadConsoleW` `SetEndOfFile` `WriteConsoleW` `SetFilePointerEx` `FlushFileBuffers` `SetStdHandle` `FreeLibrary` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCommandLineW` `GetCommandLineA` `GetOEMCP` `IsValidCodePage` `FindNextFileW` `FindFirstFileExW` `FindClose` `GetConsoleMode` `GetConsoleCP` `EnumSystemLocalesW` `LoadResource` `FindResourceExW` `LockResource` `Sleep` `SizeofResource` `GetProcessHeap` `DeleteCriticalSection` `HeapDestroy` `DecodePointer` `HeapAlloc` `RaiseException` `HeapReAlloc` `GetLastError` `HeapSize` `InitializeCriticalSectionAndSpinCount` `HeapFree` `GetProcAddress` `GetUserDefaultLCID` `IsValidLocale` `GetFileType` `GetACP` `WriteFile` `GetStdHandle` `GetModuleHandleExW` `ExitProcess` `VirtualQuery` `VirtualProtect` `GetSystemInfo` `RtlUnwind` `QueryPerformanceCounter` `GetStartupInfoW` `TerminateProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `WaitForSingleObjectEx` `ResetEvent` `SetEvent` `GetLocaleInfoW` `LCMapStringW` `CompareStringW` `GetCPInfo` `GetSystemTimeAsFileTime` `ReadFile` `SetFilePointer` `CreateFileW` `CloseHandle` `GetFileSize` `SetLastError` `GetCurrentThreadId` `GlobalAlloc` `GlobalLock` `GlobalUnlock` `lstrcmpW` `GetCurrentProcess` `GetEnvironmentVariableW` `TlsGetValue` `FormatMessageW` `LocalFree` `IsDebuggerPresent` `OutputDebugStringW` `EncodePointer` `InitializeSListHead` `InterlockedPopEntrySList` `InterlockedPushEntrySList` `FlushInstructionCache` `IsProcessorFeaturePresent` `VirtualAlloc` `VirtualFree` `LoadLibraryExA` `GetStringTypeW` `CreateEventW` `TlsAlloc` `TlsFree`
USER32.dll	`UpdateWindow` `GetDesktopWindow` `BeginPaint` `UnregisterClassW` `EndPaint` `KillTimer` `CallWindowProcW` `PostMessageW` `CharNextW` `MessageBoxW` `ShowWindow` `InvalidateRect` `GetWindowLongW` `GetWindowThreadProcessId` `GetMessageW` `DefWindowProcW` `GetWindowRect` `DestroyWindow` `GetDC` `IsWindowVisible` `SetWindowPos` `EqualRect` `EnumChildWindows` `CreateWindowExW` `GetSystemMetrics` `RegisterClassExW` `IsWindow` `DispatchMessageW` `SetTimer` `PeekMessageW` `GetWindowTextW` `GetCursorPos` `ReleaseDC` `SetForegroundWindow` `ReleaseCapture` `RegisterWindowMessageW` `GetParent` `GetClassInfoExW` `GetDlgItem` `GetClientRect` `SetCapture` `SetFocus` `CreateAcceleratorTableW` `GetSysColor` `IsChild` `DestroyAcceleratorTable` `ClientToScreen` `RedrawWindow` `InvalidateRgn` `SetWindowTextW` `SendMessageW` `ScreenToClient` `FillRect` `GetFocus` `GetWindow` `GetWindowTextLengthW` `MoveWindow` `EnumWindows` `LoadBitmapW` `SetLayeredWindowAttributes` `TranslateMessage` `LoadCursorW` `GetClassNameW` `SetWindowLongW` `DrawTextW`
GDI32.dll	`GetObjectW` `DeleteDC` `GetStockObject` `CreateCompatibleBitmap` `CreateSolidBrush` `CreateFontIndirectW` `SetBkMode` `SetTextColor` `GetDeviceCaps` `CreateCompatibleDC` `SelectObject` `BitBlt` `DeleteObject` `GetDIBits`
ADVAPI32.dll	`CryptCreateHash` `CryptAcquireContextW` `RegQueryInfoKeyW` `RegDeleteKeyW` `RegEnumKeyExW` `RegOpenKeyExW` `RegDeleteValueW` `RegCloseKey` `RegCreateKeyExW` `RegSetValueExW` `CryptHashData` `CryptDestroyHash` `CryptGetHashParam` `CryptReleaseContext` `RegEnumKeyW` `RegQueryValueExW`
SHELL32.dll	`SHGetFolderPathW` `ShellExecuteW` `ShellExecuteExW`
ole32.dll	`OleLockRunning` `CoGetClassObject` `OleUninitialize` `StringFromGUID2` `CoTaskMemRealloc` `CreateStreamOnHGlobal` `OleInitialize` `CLSIDFromString` `CLSIDFromProgID` `CoCreateGuid` `CoTaskMemFree` `CoCreateInstance` `CoTaskMemAlloc` `CoUninitialize` `CoInitialize`
OLEAUT32.dll	`#161` `#420` `#313` `#7` `#4` `#162` `#9` `#314` `#2` `#6` `#8` `#277`
SHLWAPI.dll	`UrlEscapeW` `PathAppendW` `PathAddBackslashW` `UrlUnescapeW`
WININET.dll	`InternetCloseHandle` `HttpSendRequestW` `InternetCrackUrlW` `InternetOpenW` `HttpOpenRequestW` `InternetConnectW`

Delayed Imports

STYLES.CSS

Type	`CSS`
Language	English - United States
Codepage	UNKNOWN
Size	`0xc7c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.10055`
MD5	`dd87afa2834dc77457e66767d66c5fe6`
SHA1	`8ee92cd85115d08a7839da3367d60e76ef9f436d`
SHA256	`3ce0d6b1c8cdaff66d39a63bfdd851467b688dcb5634c59f2277dbb0af37c447`
SHA3	`16fe6e49f398af9227b3999c6e94b4ed3c50662e497d5334416e58d956184b70`

130

Type	`FILES`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4f438`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.3821`
Detected Filetype	PE Executable
MD5	`1357c3a30fba77aee1849c87b317aecf`
SHA1	`aa8f32f26137fe724f2de6409e51f0dd94bbb5a4`
SHA256	`c93916f95d71ed5c2ee1c64607cd23cd7ddc54b57b10604f9a826c422ebcc1cc`
SHA3	`4c1351d3731e8f86914c2707b52835bc0b07bc46ca88b3a47080c9daef9470fa`

GREEN-BTN.PNG

Type	`IMG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x460`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.27294`
Detected Filetype	PNG graphic file
MD5	`128f37218d3a0cde6c6e3289e3d649ba`
SHA1	`f4ddee164ce9dba0c15794f8936e4b3fbbf7da87`
SHA256	`7370e527fc206d3d5ebd56eb6b15d91a96459eebcddffd488935d31402e7d329`
SHA3	`8df26898061ac4a806f4af1d7ebf5f8767c5b89df5376f5132282b76783cd295`

GREY-BTN.PNG

Type	`IMG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x458`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.20807`
Detected Filetype	PNG graphic file
MD5	`ec801557dff8b503b9338fe9b6bd61a4`
SHA1	`07b3af73c0f3b11535c618dbd6b1a89f5c7cb789`
SHA256	`06e6259b95a8854987189b3a082f390d29a9053f07909f9c82b9f8926b56dfaa`
SHA3	`5ab63fc4acd03f202389eaf6e8d60ae1cf187ef2ac1ae0f757b403d45095aca6`

IE.PNG

Type	`IMG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x906`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.54478`
Detected Filetype	PNG graphic file
MD5	`1d31771c35e9c075c7a3c0e87686a925`
SHA1	`be17d61d9e0fe0054812443ea7ac3f411648e973`
SHA256	`db0722e0b77342b96e8a7cd734192455e82e0717bcfe98520e085aac48895fae`
SHA3	`b2e238a0b22cc9bbd6801b04a1f5d1c607fc50e720694a5e33c0f6690deae16a`

DBG.JS

Type	`JS`
Language	English - United States
Codepage	UNKNOWN
Size	`0x19c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.37209`
MD5	`04be6b6b29ddc67de95f160d8398d521`
SHA1	`098b05e2bf08d3b6b2a3d94ea00025092824857a`
SHA256	`fc7c8b68e63efe64d422d410b1e234c7eaa21085d12288c93ec85121a3dbedc6`
SHA3	`f3a9e282de0f8d3884568cdfaef9488ed21cd87d7b501384c3a8b3017f270773`

SCRIPT.JS

Type	`JS`
Language	English - United States
Codepage	UNKNOWN
Size	`0x55c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.15525`
MD5	`9842fa10cbb9b16afb2dc0401bd4ea25`
SHA1	`45bfe0e096ce420e586d1ae177ad609587c94982`
SHA256	`6a2e67b64fbeb7d26dd4c4040fd3ae6029ca22de89dcd42735c4a9efe02dc681`
SHA3	`f7e31d33f5b3764d4df06df9e65313c1f54129689ead70f9d0a324b4b1f1790f`

132

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2118a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.3097`
MD5	`ea4d02f77714dd3615f23957e614e953`
SHA1	`1f7128e0e19076d222706733dc501d5ade4b88cd`
SHA256	`abc59fee7f3ef29490bb13a6a69f7c2a305815946029149f1aad57413cd6cae8`
SHA3	`c5dd679737e96e5373ffc7759384e4664caf53589ec8fa463c834f109a78315d`
Preview

133

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x267ba`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.18501`
MD5	`cee1f3e8173b436660cc761871b632ca`
SHA1	`5169c6020f40b7281fd95edea75aac75adfc318b`
SHA256	`e0279de88dc4c9a4ba0e6aa0471215b7aea9939e58dc541558dc35dc2d4eb3c8`
SHA3	`d80c04e79dc2d629180f07a13ec3688c73f1493a80230527f7930b52af26553d`
Preview

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.89005`
MD5	`6084b8ad73747b299699eb3eec45e7dc`
SHA1	`2c9ce3ea9a49025409f4fbe0fbaa8d505c07a378`
SHA256	`b4b2f722234d9e7f31ff4facd631adcc0482b81c4ad1eb1458fc822175277c21`
SHA3	`bb24114010889c9f80fd5363f152c6315e4f275b8582e304a385531de5d61957`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.54353`
MD5	`e8658c45887b965ef05fc75aa46500e3`
SHA1	`0091c56d319743f075ce4d7af0ef65b896a02041`
SHA256	`803572ed52c34a6b6c2efa70c0f7a5279e21bad55a4d5d18744b270937404fe2`
SHA3	`fe1cde23bbcac573b68e909b1f54a64f8d189045e58a9d185f6d93ee3d0ec3af`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.35478`
MD5	`d042f1c698b7e67ab19323c03defcfaa`
SHA1	`a7f6b7f33babceb621f66db8e4932e4668ad916d`
SHA256	`0a4938500c6f3d33430c7fed3c2271a78b34ee727a78475eb6d1a435f4a00bdb`
SHA3	`53ba211529ed344097e112c4d327f04e8f09951109c686c8291b58004de28755`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.17501`
MD5	`43553baed02ba66915b18d4e17cfce16`
SHA1	`f00698b999f0887c350c61e4aa083d79bea26cb7`
SHA256	`2ae3c5d4d767d49adf27595ac6e6c282cba327b4cdb89f9dc2a735c314eb7d18`
SHA3	`8acbc751b6d2a0f54b1ac8df53fc05b74e6774c176b94e6876afad010dd15e4f`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.47748`
MD5	`4ac79bef346bca3604bba0e200cbda0b`
SHA1	`f45f4f77b61adba0151d1942c978689e41e28dae`
SHA256	`b1f2927559496473b1bd7ca8d8cb21b67e56eefa87fc06945eba67c71d268645`
SHA3	`07ca004b480e2182e3be16a4706a0653bc4c76de33ba8853eb9529aeeeb34fed`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.83156`
MD5	`4786e9acb4ceb2b23d50e0dabb6cecd5`
SHA1	`164fadfaa648ed5c8adb7dd14b494b3501ed77de`
SHA256	`10f2dfcb31c0f0816447923633e79ef4ff7ca1bf89d5f6984e4cce62615ea729`
SHA3	`cc4907d29a3eeee6042b743fa967b659f8eef2975da67a6143489be39014d52f`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.44197`
MD5	`4f6369dca29c639671dd504fa585b183`
SHA1	`09b1ab98de685f3f09d47b93f6186963c03b7946`
SHA256	`aec3c266b0f119a982069893611ffd2cdd271fdbcf915b17fdf9b00d445676c9`
SHA3	`3ec84b0f83e5972044ed977444b56836a03dc0b42df2b59ccd78ad6ebedf83fd`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.05874`
MD5	`d10df39d7ee26d29c547f5df1da71fa1`
SHA1	`dcbba9f2f7c3c5f6e884d4ed8b36f6cb6055317c`
SHA256	`7ad7dd241cc84dad41c3f1ee55c9272bd835e6172e6144423af4be38ce3fe2a1`
SHA3	`ffd528465a691f1a4f797c3f9bfcdb4579dbc2708ad3c2ff0bf46f14563d6205`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.89005`
MD5	`6084b8ad73747b299699eb3eec45e7dc`
SHA1	`2c9ce3ea9a49025409f4fbe0fbaa8d505c07a378`
SHA256	`b4b2f722234d9e7f31ff4facd631adcc0482b81c4ad1eb1458fc822175277c21`
SHA3	`bb24114010889c9f80fd5363f152c6315e4f275b8582e304a385531de5d61957`

10

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.54353`
MD5	`e8658c45887b965ef05fc75aa46500e3`
SHA1	`0091c56d319743f075ce4d7af0ef65b896a02041`
SHA256	`803572ed52c34a6b6c2efa70c0f7a5279e21bad55a4d5d18744b270937404fe2`
SHA3	`fe1cde23bbcac573b68e909b1f54a64f8d189045e58a9d185f6d93ee3d0ec3af`

11

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.35478`
MD5	`d042f1c698b7e67ab19323c03defcfaa`
SHA1	`a7f6b7f33babceb621f66db8e4932e4668ad916d`
SHA256	`0a4938500c6f3d33430c7fed3c2271a78b34ee727a78475eb6d1a435f4a00bdb`
SHA3	`53ba211529ed344097e112c4d327f04e8f09951109c686c8291b58004de28755`

12

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.17501`
MD5	`43553baed02ba66915b18d4e17cfce16`
SHA1	`f00698b999f0887c350c61e4aa083d79bea26cb7`
SHA256	`2ae3c5d4d767d49adf27595ac6e6c282cba327b4cdb89f9dc2a735c314eb7d18`
SHA3	`8acbc751b6d2a0f54b1ac8df53fc05b74e6774c176b94e6876afad010dd15e4f`

13

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.47748`
MD5	`4ac79bef346bca3604bba0e200cbda0b`
SHA1	`f45f4f77b61adba0151d1942c978689e41e28dae`
SHA256	`b1f2927559496473b1bd7ca8d8cb21b67e56eefa87fc06945eba67c71d268645`
SHA3	`07ca004b480e2182e3be16a4706a0653bc4c76de33ba8853eb9529aeeeb34fed`

14

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.83156`
MD5	`4786e9acb4ceb2b23d50e0dabb6cecd5`
SHA1	`164fadfaa648ed5c8adb7dd14b494b3501ed77de`
SHA256	`10f2dfcb31c0f0816447923633e79ef4ff7ca1bf89d5f6984e4cce62615ea729`
SHA3	`cc4907d29a3eeee6042b743fa967b659f8eef2975da67a6143489be39014d52f`

15

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.44197`
MD5	`4f6369dca29c639671dd504fa585b183`
SHA1	`09b1ab98de685f3f09d47b93f6186963c03b7946`
SHA256	`aec3c266b0f119a982069893611ffd2cdd271fdbcf915b17fdf9b00d445676c9`
SHA3	`3ec84b0f83e5972044ed977444b56836a03dc0b42df2b59ccd78ad6ebedf83fd`

16

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.05874`
MD5	`d10df39d7ee26d29c547f5df1da71fa1`
SHA1	`dcbba9f2f7c3c5f6e884d4ed8b36f6cb6055317c`
SHA256	`7ad7dd241cc84dad41c3f1ee55c9272bd835e6172e6144423af4be38ce3fe2a1`
SHA3	`ffd528465a691f1a4f797c3f9bfcdb4579dbc2708ad3c2ff0bf46f14563d6205`

107

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x76`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.81158`
Detected Filetype	Icon file
MD5	`c0b3e66fcb80cecddabf09088b3e8188`
SHA1	`f112cc8039776eaebae28f9be81059bbdda5f357`
SHA256	`0f8e66b41e930335fa661b03299b12d6e7d8f04e7e35a117cb6966b9d1258497`
SHA3	`e25f05b084976b3701054e42f311d42d2ef54fe0f7ac69e7ec201d9b4f5959b6`

108

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x76`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.89031`
Detected Filetype	Icon file
MD5	`bec90fe8c2831d7b1f8c707f812be04c`
SHA1	`8645ad55a70014fc9cf51a362e9ccdb672f7c5fa`
SHA256	`a12825f060d10af25681c04a123353e9574a65314b0ae748c59f82b70992fde8`
SHA3	`37ccefbf86f4bb59536dd154102b535d974afee57dd5476d2e949ed3ff1efac7`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2ec`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34889`
MD5	`6aa272224c948e3355a17266c6033441`
SHA1	`a439350f6db89dc3f542341a2772c616e52e67db`
SHA256	`31483a3c1082b8e9eb2b00ecfe625002f11c5646a90c387f4a8b0dec85c86768`
SHA3	`349b29dbf23fdda68284dcc41a323cd186938e78a9720e87e1d3a0a1a5550e03`

MAIN.HTML

Type	`RT_HTML`
Language	English - United States
Codepage	UNKNOWN
Size	`0x713d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.97357`
MD5	`bc4bac22d9d0c1c7e9a5f1455ef2288d`
SHA1	`e6abf681a3c6858ce2000c7cab234e32358085df`
SHA256	`e331706cc3a1b6ae216c1026a5ea4d81643aaaba384e2a131a68a253ed48e096`
SHA3	`6d09318c71f9f797061d0bb6f8461738631a819e663db89a8db05f8746f5b944`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x336`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.3298`
MD5	`73faacbcdc7822a038c4e3786814611d`
SHA1	`287208b33c407a0b361d0ce2767111875e20a9f3`
SHA256	`411d4b3df3807e19bca735fd7415be9bbbfa9a87293a2d16bc53dda75845e50f`
SHA3	`0b3da7eac75b1a2f67eeda09933c30f1ff2415251fcfab020566826e9a344c08`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	4.2.0.6
ProductVersion	4.2.0.6
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
CompanyName	Cloud Installer
FileDescription	IESettings
FileVersion (#2)	4, 2, 0, 6
InternalName	IESettings
LegalCopyright	Copyright (C) 2017 Cloud Installer
OriginalFilename	IESettings
ProductName	IESettings
ProductVersion (#2)	4, 2, 0, 6

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2017-Oct-31 08:38:17
Version	`0.0`
SizeofData	`952`
AddressOfRawData	`0x527a4`
PointerToRawData	`0x517a4`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2017-Oct-31 08:38:17
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x452b6c`
EndAddressOfRawData	`0x452b74`
AddressOfIndex	`0x459318`
AddressOfCallbacks	`0x441470`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x98`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x45706c`
SEHandlerTable	`0x452560`
SEHandlerCount	`145`

RICH Header

XOR Key	`0xcf225d3b`
Unmarked objects	`0`
241 (40116)	`13`
243 (40116)	`155`
242 (40116)	`29`
ASM objects (25305)	`22`
C objects (25305)	`36`
C++ objects (25305)	`71`
C objects (VS2008 SP1 build 30729)	`5`
Imports (VS2008 SP1 build 30729)	`23`
Total imports	`275`
265 (25508)	`18`
Resource objects (25508)	`1`
151	`2`
Linker (25508)	`1`

2b8ad09d1a1ec76623751a0669192443

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

STYLES.CSS

130

GREEN-BTN.PNG

GREY-BTN.PNG

IE.PNG

DBG.JS

SCRIPT.JS

132

133

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

107

108

1 (#2)

MAIN.HTML

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors