Manalyze report for 372901f76eae50936f1cea20c7668ace

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2017-May-19 20:44:05
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: cmd.exe`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA LoadLibraryExA GetProcAddress LoadLibraryW LoadLibraryExW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot SwitchToThread` `Code injection capabilities: OpenProcess WriteProcessMemory VirtualAllocEx CreateRemoteThread VirtualAlloc` `Code injection capabilities (process hollowing): SetThreadContext ResumeThread WriteProcessMemory` `Can access the registry: RegQueryValueExA RegOpenKeyExA` `Possibly launches other programs: CreateProcessA ShellExecuteA` `Uses Microsoft's cryptographic API: CryptGenRandom CryptReleaseContext CryptAcquireContextW` `Can create temporary files: CreateFileW GetTempPathW` `Memory manipulation functions often used by packers: VirtualProtectEx VirtualProtect VirtualAllocEx VirtualAlloc` `Leverages the raw socket API to access the Internet: #9 #11 #13 #52 #116 #115 freeaddrinfo #3 #4 #10 #16 #18 #19 #21 #23 #111 #1 #2 getaddrinfo` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Enumerates local disk drives: GetVolumeInformationA` `Manipulates other processes: Process32First Process32Next ReadProcessMemory OpenProcess WriteProcessMemory` `Reads the contents of the clipboard: GetClipboardData`
Malicious	VirusTotal score: 9/60 (Scanned on 2017-05-24 02:47:23)	`MicroWorld-eScan: Gen:Variant.Graftor.372078` `ALYac: Gen:Variant.Graftor.372078` `AegisLab: Gen.Variant.Graftor!c` `Arcabit: Trojan.Graftor.D5AD6E` `BitDefender: Gen:Variant.Graftor.372078` `Ad-Aware: Gen:Variant.Graftor.372078` `Emsisoft: Gen:Variant.Graftor.372078 (B)` `F-Secure: Gen:Variant.Graftor.372078` `GData: Gen:Variant.Graftor.372078`

Hashes

MD5	`372901f76eae50936f1cea20c7668ace`
SHA1	`18e636df36d74d70f5b5c1ada3dc6addc115b859`
SHA256	`42e989d6956031dcd305b5bb30d9626bd36abba6e9f3f0bac5407a71c73d37b8`
SHA3	`92e275a1cca7c678421197c90bbec1caa55211f14dfab40cf8a9100d4a65d180`
SSDeep	`49152:Cu10hrApViu3mJCnBPLncJp0a/jFeZYARzu3FX0dfeLlyUK3cv1o45Xtr5A5h:Cu1NpViu3m7Jj/YZrK3FEdfeLPZt`
Imports Hash	`29a00695e061bc6598524c82010bbc7b`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x120`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`7`
TimeDateStamp	2017-May-19 20:44:05
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x1e4a00`
SizeOfInitializedData	`0x9e600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000CC0EB (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x1e6000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x28f000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`c9b46f0e3686f0cbbd32a458bfa8f6a1`
SHA1	`306d36727439ef36dfc135b5f3c0ed8007a8d1c1`
SHA256	`14c197b805eb07f647c3b379f90a2e210cbc28cfd9bf42983f1a3728f07be0b0`
SHA3	`fee1586963f658224b6d23688b60f3dee72f98786b94bebf36cca0e38776d659`
VirtualSize	`0x1e4865`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1e4a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.32676`

.rdata

MD5	`73d556fd7a73030d887a2eabd85903f7`
SHA1	`67e656058da19028027ff2df89ccf78d7af8aee0`
SHA256	`7f24709082e610a90d9107b6fc2437fdbff18ae1e343f27cc83108ca5ad512a0`
SHA3	`cef65145d83922af97f10aa1ae013c05f032ca58251b1c61541856b72ea5d793`
VirtualSize	`0x60124`
VirtualAddress	`0x1e6000`
SizeOfRawData	`0x60200`
PointerToRawData	`0x1e4e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.57406`

.data

MD5	`830c5d48b0a2188bb07c0b1cff6b714f`
SHA1	`7ec5cdfa82a39bd2c217d416df31927527273d2e`
SHA256	`05099512f1f427030fb1f170072f17459164c1201a8e9a3a83c6dad7d589c4ff`
SHA3	`63e10f22cb3a9910f6663d127ee45dc87316fd87013630696dcb9ccbeb59555d`
VirtualSize	`0x12e68`
VirtualAddress	`0x247000`
SizeOfRawData	`0xb200`
PointerToRawData	`0x245000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.06815`

.gfids

MD5	`81515042610b5c95a9a4801ff98c85fc`
SHA1	`8e90b299c469ca864172f2e5299ec21799770e8d`
SHA256	`124b20ff8899044e198518ed532c2b13763852e1e0a676814006a95bae75d2eb`
SHA3	`9431c70ada7fe333cdfc86c3901f60e58e63e4326f5d87a335de3d692dc7bdb8`
VirtualSize	`0xa9c`
VirtualAddress	`0x25a000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x250200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.60042`

.tls

MD5	`5f6e86653ec00ded10c030ed1880b89b`
SHA1	`3c219e496533ec1ad565fd6c10a3fad5770719e7`
SHA256	`85886b873430d0072cb7feb69b0f6b38a2fbf8d868de1a210d359ee7cacf21fe`
SHA3	`43eae1e27d4ed05f7237ae0f4974651ace3558346b370df296f0b41ce80e5fb1`
VirtualSize	`0x13a1`
VirtualAddress	`0x25b000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x250e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.00268838`

.rsrc

MD5	`473a1e69253cff3e016148a62b56dfcc`
SHA1	`1ea9230067307a151f8f3930fa09e0629e17a39e`
SHA256	`aae29f1601ed6c89ea32848973ea6ecd76736a474c73b36f31b1e990c3366bdd`
SHA3	`e5d8efd3ea95e40951f490bc8e084b261895d3599bbd56b0bbd50e1b57381550`
VirtualSize	`0x1e2e8`
VirtualAddress	`0x25d000`
SizeOfRawData	`0x1e400`
PointerToRawData	`0x252200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.1843`

.reloc

MD5	`e9bf9a304ddfcbde7415e286ecd177e5`
SHA1	`c17dc4fca2c80040e1cda04c8cfd2a60ae3cab58`
SHA256	`ed47e7ab2e457a8bd0016d4c6550fdcdad3050859acb4bcdde18757945a6e369`
SHA3	`b0233079d62f4b1ac53ccebcbdf7c6b8f3481553f1b945d084341b4326e4ecb5`
VirtualSize	`0x12c40`
VirtualAddress	`0x27c000`
SizeOfRawData	`0x12e00`
PointerToRawData	`0x270600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.66148`

Imports

KERNEL32.DLL	`CloseHandle` `CreateToolhelp32Snapshot` `Process32First` `Process32Next` `Thread32First` `Thread32Next` `WideCharToMultiByte` `ReadProcessMemory` `CreateDirectoryA` `GetModuleHandleA` `GetThreadContext` `SetThreadContext` `SuspendThread` `ResumeThread` `WaitForDebugEvent` `ContinueDebugEvent` `DebugActiveProcess` `DebugActiveProcessStop` `DebugSetProcessKillOnExit` `ReleaseMutex` `WaitForSingleObject` `CreateMutexA` `GetSystemTime` `CreateProcessA` `DeleteFileA` `Beep` `GetModuleHandleW` `SetConsoleCtrlHandler` `OpenProcess` `VirtualProtectEx` `VirtualFreeEx` `FindNextFileA` `FindFirstFileA` `LoadLibraryA` `FindClose` `Sleep` `GetCurrentThreadId` `TerminateProcess` `GetCurrentProcess` `MultiByteToWideChar` `GlobalFree` `GlobalAlloc` `GetModuleFileNameA` `InitializeCriticalSection` `LoadLibraryExA` `HeapSize` `SetEnvironmentVariableA` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCommandLineW` `GetCommandLineA` `WriteProcessMemory` `IsValidCodePage` `FindFirstFileExA` `GetProcessHeap` `SetStdHandle` `MoveFileExW` `DeleteFileW` `GetTimeZoneInformation` `CreatePipe` `GetFileAttributesExW` `GetExitCodeProcess` `SetFilePointerEx` `ReadConsoleW` `GetConsoleMode` `GetConsoleCP` `FlushFileBuffers` `EnumSystemLocalesW` `GetUserDefaultLCID` `IsValidLocale` `GetTimeFormatW` `GetDateFormatW` `GetACP` `WriteFile` `ExitThread` `SystemTimeToFileTime` `TzSpecificLocalTimeToSystemTime` `SetFileTime` `CreateFileW` `WriteConsoleW` `GetFileType` `GetStdHandle` `GetModuleHandleExW` `GetLastError` `GetProcAddress` `ExitProcess` `GetTempPathW` `ReadFile` `RtlUnwind` `RaiseException` `LoadLibraryW` `UnregisterWaitEx` `QueryDepthSList` `GetOEMCP` `OpenThread` `InterlockedFlushSList` `InterlockedPushEntrySList` `FreeLibrary` `SetEndOfFile` `FormatMessageA` `DuplicateHandle` `WaitForSingleObjectEx` `GetCurrentThread` `GetExitCodeThread` `EnterCriticalSection` `LeaveCriticalSection` `TryEnterCriticalSection` `DeleteCriticalSection` `QueryPerformanceCounter` `QueryPerformanceFrequency` `EncodePointer` `DecodePointer` `SetLastError` `InitializeCriticalSectionAndSpinCount` `CreateEventW` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `GetSystemTimeAsFileTime` `GetTickCount` `CompareStringW` `LCMapStringW` `GetLocaleInfoW` `GetStringTypeW` `GetCPInfo` `SetEvent` `ResetEvent` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetCurrentProcessId` `InitializeSListHead` `GlobalLock` `GlobalUnlock` `GlobalMemoryStatusEx` `LocalFree` `TerminateThread` `SetCurrentDirectoryA` `GetCurrentDirectoryA` `SetDllDirectoryA` `RemoveDirectoryA` `SetFileAttributesA` `GetFileAttributesA` `GetVolumeInformationA` `GetComputerNameA` `IsWow64Process` `AllocConsole` `FreeConsole` `Module32First` `Module32Next` `VirtualProtect` `VirtualQuery` `VirtualAllocEx` `CreateRemoteThread` `AddVectoredExceptionHandler` `HeapAlloc` `HeapReAlloc` `HeapFree` `VirtualAlloc` `VirtualFree` `CreateTimerQueue` `SignalObjectAndWait` `SwitchToThread` `CreateThread` `SetThreadPriority` `GetThreadPriority` `GetLogicalProcessorInformation` `CreateTimerQueueTimer` `ChangeTimerQueueTimer` `DeleteTimerQueueTimer` `GetNumaHighestNodeNumber` `GetProcessAffinityMask` `SetThreadAffinityMask` `RegisterWaitForSingleObject` `UnregisterWait` `OutputDebugStringW` `GetThreadTimes` `FreeLibraryAndExitThread` `GetModuleFileNameW` `LoadLibraryExW` `GetVersionExW` `ReleaseSemaphore` `InterlockedPopEntrySList` `GetSystemInfo`
ADVAPI32.dll	`GetTokenInformation` `CryptGenRandom` `CryptReleaseContext` `CryptAcquireContextW` `RegQueryValueExA` `RegOpenKeyExA` `GetCurrentHwProfileA` `LookupPrivilegeValueA` `AdjustTokenPrivileges` `OpenProcessToken`
COMCTL32.dll	`#17`
COMDLG32.dll	`GetOpenFileNameA`
GDI32.dll	`CreateFontA`
IMM32.dll	`ImmSetCompositionWindow` `ImmGetContext`
IPHLPAPI.DLL	`GetAdaptersInfo`
ole32.dll	`OleInitialize` `CoGetClassObject` `OleSetContainedObject`
OLEAUT32.dll	`#9` `#8` `#2`
PSAPI.DLL	`GetModuleFileNameExA` `GetProcessMemoryInfo`
SHELL32.dll	`ShellExecuteA`
USER32.dll	`FlashWindow` `DefWindowProcA` `RegisterClassExA` `CreateWindowExA` `ShowWindow` `GetSystemMetrics` `UpdateWindow` `GetClientRect` `GetWindowLongA` `SetWindowLongA` `SendMessageA` `SetWindowPos` `GetWindowRect` `IsWindowVisible` `GetDlgItem` `SendDlgItemMessageA` `SetCursorPos` `EnumDisplayDevicesA` `DialogBoxParamA` `CreateDialogParamA` `GetMessageA` `LoadImageA` `GetClassNameA` `GetKeyState` `GetFocus` `KillTimer` `SetTimer` `keybd_event` `PostMessageA` `SetForegroundWindow` `LoadCursorA` `ClientToScreen` `SetLayeredWindowAttributes` `DestroyWindow` `UnregisterClassA` `GetWindowThreadProcessId` `DispatchMessageA` `TranslateMessage` `SetFocus` `EndDialog` `PostQuitMessage` `SetDlgItemTextA` `GetForegroundWindow` `PeekMessageA` `SendMessageW` `GetDlgItemTextA` `OpenClipboard` `CloseClipboard` `SetClipboardData` `GetClipboardData` `EmptyClipboard` `mouse_event` `EnableWindow` `GetWindowTextA` `GetWindowTextLengthA` `MessageBoxA` `EnumWindows`
VERSION.dll	`GetFileVersionInfoSizeA` `GetFileVersionInfoA` `VerQueryValueA`
WS2_32.dll	`#9` `#11` `#13` `#52` `#116` `#115` `freeaddrinfo` `#3` `#4` `#10` `#16` `#18` `#19` `#21` `#23` `#111` `#1` `#2` `getaddrinfo`
libcef.dll (delay-loaded)	`cef_get_min_log_level` `cef_string_utf16_clear` `cef_string_utf8_to_utf16` `cef_string_utf16_to_utf8` `cef_string_userfree_utf16_free` `cef_string_utf16_set` `cef_string_utf8_clear` `cef_string_utf16_cmp` `cef_log` `cef_string_list_alloc` `cef_string_list_free` `cef_browser_host_create_browser` `cef_currently_on` `cef_post_task` `cef_execute_process` `cef_initialize` `cef_shutdown` `cef_run_message_loop` `cef_quit_message_loop` `cef_enable_highdpi_support` `cef_api_hash` `cef_string_map_alloc` `cef_string_map_free` `cef_urlrequest_create` `cef_string_list_size` `cef_string_list_value` `cef_string_list_append` `cef_string_map_size` `cef_string_map_key` `cef_string_map_value` `cef_string_map_append` `cef_string_multimap_size` `cef_string_multimap_key` `cef_string_multimap_value` `cef_string_multimap_append` `cef_string_multimap_alloc` `cef_string_multimap_free` `cef_string_list_copy`

Delayed Imports

Attributes	`0x1`
Name	`libcef.dll`
ModuleHandle	`0x2540b4`
DelayImportAddressTable	`0x2520dc`
DelayImportNameTable	`0x2441cc`
BoundDelayImportTable	`0x244600`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

5

Type	`AFX_DIALOG_LAYOUT`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`c4103f122d27677c9db144cae1394a66`
SHA1	`1489f923c4dca729178b3e3233458550d8dddf29`
SHA256	`96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7`
SHA3	`762ba6a3d9312bf3e6dc71e74f34208e889fc44e6ff400724deecfeda7d5b3ce`

9

Type	`AFX_DIALOG_LAYOUT`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`c4103f122d27677c9db144cae1394a66`
SHA1	`1489f923c4dca729178b3e3233458550d8dddf29`
SHA256	`96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7`
SHA3	`762ba6a3d9312bf3e6dc71e74f34208e889fc44e6ff400724deecfeda7d5b3ce`

103

Type	`AFX_DIALOG_LAYOUT`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`c4103f122d27677c9db144cae1394a66`
SHA1	`1489f923c4dca729178b3e3233458550d8dddf29`
SHA256	`96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7`
SHA3	`762ba6a3d9312bf3e6dc71e74f34208e889fc44e6ff400724deecfeda7d5b3ce`

107

Type	`AFX_DIALOG_LAYOUT`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`c4103f122d27677c9db144cae1394a66`
SHA1	`1489f923c4dca729178b3e3233458550d8dddf29`
SHA256	`96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7`
SHA3	`762ba6a3d9312bf3e6dc71e74f34208e889fc44e6ff400724deecfeda7d5b3ce`

114

Type	`AFX_DIALOG_LAYOUT`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`c4103f122d27677c9db144cae1394a66`
SHA1	`1489f923c4dca729178b3e3233458550d8dddf29`
SHA256	`96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7`
SHA3	`762ba6a3d9312bf3e6dc71e74f34208e889fc44e6ff400724deecfeda7d5b3ce`

116

Type	`AFX_DIALOG_LAYOUT`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`c4103f122d27677c9db144cae1394a66`
SHA1	`1489f923c4dca729178b3e3233458550d8dddf29`
SHA256	`96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7`
SHA3	`762ba6a3d9312bf3e6dc71e74f34208e889fc44e6ff400724deecfeda7d5b3ce`

117

Type	`AFX_DIALOG_LAYOUT`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`c4103f122d27677c9db144cae1394a66`
SHA1	`1489f923c4dca729178b3e3233458550d8dddf29`
SHA256	`96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7`
SHA3	`762ba6a3d9312bf3e6dc71e74f34208e889fc44e6ff400724deecfeda7d5b3ce`

118

Type	`AFX_DIALOG_LAYOUT`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`c4103f122d27677c9db144cae1394a66`
SHA1	`1489f923c4dca729178b3e3233458550d8dddf29`
SHA256	`96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7`
SHA3	`762ba6a3d9312bf3e6dc71e74f34208e889fc44e6ff400724deecfeda7d5b3ce`

119

Type	`AFX_DIALOG_LAYOUT`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`c4103f122d27677c9db144cae1394a66`
SHA1	`1489f923c4dca729178b3e3233458550d8dddf29`
SHA256	`96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7`
SHA3	`762ba6a3d9312bf3e6dc71e74f34208e889fc44e6ff400724deecfeda7d5b3ce`

121

Type	`AFX_DIALOG_LAYOUT`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`c4103f122d27677c9db144cae1394a66`
SHA1	`1489f923c4dca729178b3e3233458550d8dddf29`
SHA256	`96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7`
SHA3	`762ba6a3d9312bf3e6dc71e74f34208e889fc44e6ff400724deecfeda7d5b3ce`

125

Type	`AFX_DIALOG_LAYOUT`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`c4103f122d27677c9db144cae1394a66`
SHA1	`1489f923c4dca729178b3e3233458550d8dddf29`
SHA256	`96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7`
SHA3	`762ba6a3d9312bf3e6dc71e74f34208e889fc44e6ff400724deecfeda7d5b3ce`

131

Type	`AFX_DIALOG_LAYOUT`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`c4103f122d27677c9db144cae1394a66`
SHA1	`1489f923c4dca729178b3e3233458550d8dddf29`
SHA256	`96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7`
SHA3	`762ba6a3d9312bf3e6dc71e74f34208e889fc44e6ff400724deecfeda7d5b3ce`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.52181`
MD5	`3c801abd18786c97788563867bcfcb7e`
SHA1	`ce945f768b40ed82168608edd0b67adaebf15f9c`
SHA256	`ae3f5b1a80d0595f1b3297f5b0cf0682ee1cc98d504badbfd06ed688bddf9236`
SHA3	`1fd91983a8e50169c7fd09738e9f05fc398ad7e2bdc154aad0fd51dd0e3993f9`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.3351`
MD5	`341feb3cb75556ee65f5df3807171029`
SHA1	`8190d25599b5b6c53fdbaa085ec5427997d5f1cf`
SHA256	`905c927ae98b7f34d02307eef3c0262bcf4d08e0f245aa10c66a019ddad11bb6`
SHA3	`edc70779e5c005b2a8e914bbfc4f81ff6a18b6a0fab047f4f85be6253e2a6502`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.49793`
MD5	`5f50cb2b71ba3ce984209ecdf0e9fc10`
SHA1	`ac4a0cbd0e84cfadbf415fe1786931775cdf5783`
SHA256	`b525a553045527884829e6a5806755ab0db6472666ebb581090999536339b19a`
SHA3	`c0fbb5b4f167b5ab503e76bd5ce656f560bb33ef2d972d82dec37e16aa7fb878`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.0215`
MD5	`5f0e3aef743f372f1284c77f37db58bd`
SHA1	`093f797df4af3efc3e18a7de96fa712471bc8c75`
SHA256	`eefc266e4248103650b178632f48800083c7f38317dc8bad34aa73472aa23510`
SHA3	`1305632c99a3b7ecbd720fca389ce9b71dca133f5524a861a11b8d0e869d0fbe`

5 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.70966`
MD5	`8c5fdd3a0c3d1e9ec440859f94698578`
SHA1	`05f395d4cc37f614c06a86ae56b93e09bda78cf3`
SHA256	`0c378e665597758249e6296f99d9b10179906cbd4e886f0f215fcdd6ecf13896`
SHA3	`2feefe73d92987290078236ae9ff0a9d38d55ee966917607b970623b60e59ce6`

5 (#3)

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x74`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.76695`
MD5	`ff2e39d94fc1915a60b654ade14aba75`
SHA1	`e49b2423e813e622351296d25b6e01a5fb85b6d8`
SHA256	`12c782206e85c6e95ba8ecfe1a40728446e1ddffb4f314b4e51a7cf1b6be96f6`
SHA3	`14776ad4cd12df36db9e7d97dbfb627a5d99ccb8663cd5a504d4c6b72c3a8dc7`

9 (#2)

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x370`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.4361`
MD5	`11fd8cf489c0dd9f2b9e50fa1a38f2d9`
SHA1	`2a172bd840dcef5448590bf13a960809e4a3bb86`
SHA256	`312b9ec3b188322e9e95b982ac53bba0712b1f0277d148aa824ae13fcf59e334`
SHA3	`995e6a58d79e031dd3b7acda4c9a10fc227992a8f16f483c726bc4b1900a1191`

103 (#2)

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8f2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.50181`
MD5	`f411613b4f960c55d5893496d07c501e`
SHA1	`a8dbd71f68748ea2179295e474da79758982b5fb`
SHA256	`1e7859f75c1c9a77cc50d079543ab68bfc4ebd1caebcda8280ca0213d6e5d7af`
SHA3	`a10ba77a2b34d3cc686063db77de25da0ddcf9f6b4be858ce1bd9496def9dbba`

107 (#2)

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.76448`
MD5	`2feb092e5143de7bb1ab928b0ab9d1d0`
SHA1	`0d345fdcfbf0534f17ad0b9086a7789c52074473`
SHA256	`5e76248fbc6bf7d2ee7e9050ba1cefd7ae63fe13ce6b90c22f8c99351d65b133`
SHA3	`a431e4a299e158b73191f46b23ec3723c23828c8e64b8fa613fed534b1b2386f`

114 (#2)

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x11c6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39593`
MD5	`0e307d4eba707e1dc89884d94e202e5d`
SHA1	`9fcbe24c2e29f7c93d1db8d751388aa7947862f7`
SHA256	`452c04975828ce87eecf11d0f2e13a94b79aca60aec9171612e95e9e632bcf4f`
SHA3	`30f73f498a0acb4d3ba4084c7b509cf6ca3d7fc41fceeafc3eb7e7c6d3bd31e4`

116 (#2)

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x70c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.45326`
MD5	`60757ffbecfc41a100ea59400b9713ae`
SHA1	`a4a3d6e641f3cb03774c7f5e1326c1e529ec8fc5`
SHA256	`602401fec54b3e1ba627bacd247d86dc51cd7e2d040f2dfc9857b13c5d3ab5be`
SHA3	`e13a0637e2bd90a36a2d78be3c7cc12d668a5564fa0b905daf7c6136e5345f77`

117 (#2)

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xbac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.55002`
MD5	`23653642511727391ed623932bbdb39f`
SHA1	`55cbccd1e8944f8bce814f8ede84d42d466d873b`
SHA256	`a0b5132fc932ea2e04d899505cba41324e6a73cddb1a287b933972068578f028`
SHA3	`1161002982755f9cd62c7574e32a901bb72965bcaebfdc594a66a2e61001da37`

118 (#2)

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x51a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.54247`
MD5	`b4aff4fea6fb7d2cc927cc34455526c7`
SHA1	`e89bf2d354a85ea080d2f1da138889ffdaa2005d`
SHA256	`a36df92f7afb6c3ab43c5d842e8e118e9d73a5eeaea100b95ecab45254bfedb6`
SHA3	`f12f978087cfba92d38e2c05517c00d9460c6f71deb4bd7785c97737fe98e904`

119 (#2)

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xb5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39127`
MD5	`213ddf29f265650d6a2deb841d12efd2`
SHA1	`a3857222b89e84dd92745ac21a42d7387ec1a66d`
SHA256	`404f7d1e94ad4c4785a045bcc58791b7ed44a4ffc0ff2bc8297bafdf2dae61a7`
SHA3	`923f7a0f1038af0859271aa61d5d182d55443e9786b8aac266abde36b1002f31`

121 (#2)

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x802`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.49008`
MD5	`79f74ce5ab345927216dda9ad15bc764`
SHA1	`a592cb8f112d283a0783d707d435eea73a518037`
SHA256	`3f3be74a86f718b91c64069f4611bc0273d9a0abd6a5a2059666a1d97c978e9b`
SHA3	`f46eebc4035965e984f754f1617a7e10d2a35927bb98ce3b84960514abab5e46`

124

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x36e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39537`
MD5	`6523b5ac6e2ee31f1655303aa0aec6fa`
SHA1	`7b065fa2fd131210befa9e90b9064d5ed033ddb8`
SHA256	`948574f8b152725ae0472b75714a20fb8977d135925644e58498f8fbbf1a5817`
SHA3	`2083a7778db0bf398f3ec84d48d4212119007ecf7ff9c1c876ee759d8cc2b4bb`

125 (#2)

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2d8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.40479`
MD5	`798df6bb770b1cdedd6d8af895d51751`
SHA1	`82b525229653e8e64aaac4ea91d9f2b2f8d65d5a`
SHA256	`b05c9ca603f04570aac62ccc80385ca1f59816025c7bffbdc88ccea3061aae58`
SHA3	`35df6965a3d1ee886c20bcf88d0dd328c4bb4cc337612e43959b304dbdb353bb`

131 (#2)

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x398`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.47317`
MD5	`e66b4b0b5ea950d5fabf7397b3975503`
SHA1	`1e0c28ec4fbd36e1ba0a19b8f7ea99eb8b3a17b3`
SHA256	`020e93d112a0e24e1236e5099b9dc1996cec6cfa37739b20691c09f742e80a56`
SHA3	`d07e52f13066be5b88fc6cd669d23e693509c053ee81ba65c71bb8050adae5a8`

135

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.80283`
Detected Filetype	Icon file
MD5	`da9b70665374e3394540c51191a2dfd6`
SHA1	`c91b3f6407149e322850f6a257923abb260adeb5`
SHA256	`9595be7d246f12c7356d15b8facc45ea482de63d316af484c99156170b9d7362`
SHA3	`d75e51b150e9bb574412de784a1ecf652c36717a52f920f529a2c01e2dfce6af`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x289`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.05508`
MD5	`3c68661546578ea698d36587a218aa4c`
SHA1	`e90e89bedeefb439b697bf7fed736e31fbdc68fe`
SHA256	`71923b87e74057fc8cd4e2ce9c20f36e49575f3548f61bc2743176bce28ffbab`
SHA3	`5bc488e66cdfd4f1dd6c76a8b210266e05c5515850d08208e161c5b99352be11`

Version Info

TLS Callbacks

StartAddressOfRawData	`0x65b000`
EndAddressOfRawData	`0x65c3a0`
AddressOfIndex	`0x653d5c`
AddressOfCallbacks	`0x5e6790`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x5c`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x64b2d4`
SEHandlerTable	`0x631660`
SEHandlerCount	`779`

RICH Header

XOR Key	`0xd8351655`
Unmarked objects	`0`
241 (40116)	`47`
243 (40116)	`208`
242 (40116)	`40`
ASM objects (VS2015 UPD3 build 24123)	`28`
C objects (VS2015 UPD3 build 24123)	`41`
C++ objects (VS2015 UPD3 build 24123)	`124`
C objects (VS2008 SP1 build 30729)	`5`
Imports (VS2008 SP1 build 30729)	`31`
Total imports	`451`
C objects (VS2015 UPD3.1 build 24215)	`69`
C++ objects (VS2015 UPD3.1 build 24215)	`149`
Resource objects (VS2015 UPD3 build 24210)	`1`
151	`1`
Linker (VS2015 UPD3.1 build 24215)	`1`

372901f76eae50936f1cea20c7668ace

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.gfids

.tls

.rsrc

.reloc

Imports

Delayed Imports

5

9

103

107

114

116

117

118

119

121

125

131

1

2

3

4

5 (#2)

5 (#3)

9 (#2)

103 (#2)

107 (#2)

114 (#2)

116 (#2)

117 (#2)

118 (#2)

119 (#2)

121 (#2)

124

125 (#2)

131 (#2)

135

1 (#2)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors