Manalyze report for 37c727b441b4fee690f05dc805309331033b77ff6870e134018284a2d523050f

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1992-Jun-19 22:22:17
Detected languages	Russian - Russia

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: adobe.com http://ns.adobe.com http://ns.adobe.com/photoshop/1.0/ http://ns.adobe.com/xap/1.0/ http://ns.adobe.com/xap/1.0/mm/ http://ns.adobe.com/xap/1.0/sType/ResourceEvent# http://purl.org http://www.w3.org http://www.w3.org/1999/02/22-rdf-syntax-ns# ns.adobe.com www.w3.org`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExA GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: FindWindowA` `Code injection capabilities (PowerLoader): GetWindowLongA FindWindowA` `Can access the registry: RegQueryValueExA RegOpenKeyExA RegCloseKey RegUnLoadKeyW RegNotifyChangeKeyValue RegEnumKeyW` `Possibly launches other programs: WinExec` `Uses functions commonly found in keyloggers: MapVirtualKeyA GetForegroundWindow CallNextHookEx` `Has Internet access capabilities: InternetSetDialState` `Can take screenshots: CreateCompatibleDC BitBlt GetDCEx GetDC FindWindowA` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	The PE header may have been manually modified.	`The resource timestamps differ from the PE header: 2025-Oct-24 15:17:36`
Info	The PE is digitally signed.	`Signer: OOO` `Issuer: Sectigo RSA Code Signing CA`
Malicious	VirusTotal score: 43/65 (Scanned on 2026-03-31 11:10:05)	`APEX: Malicious` `AhnLab-V3: Adware/Win.Midie.R738975` `Antiy-AVL: GrayWare[AdWare]/Win32.WebaltaToolbar` `Arcabit: Trojan.Application.Fragtor.D28A7` `Avira: HEUR/AGEN.1331238` `BitDefender: Gen:Variant.Application.Fragtor.10407` `Bkav: W32.AIDetectMalware` `CAT-QuickHeal: Trojan.Ghanarava.177477249099ef1f` `CTX: exe.trojan.toolbar` `CrowdStrike: win/grayware_confidence_100% (W)` `Cylance: Unsafe` `Cynet: Malicious (score: 99)` `DeepInstinct: MALICIOUS` `DrWeb: Trojan.Packed2.44106` `ESET-NOD32: Win32/Adware.Toolbar.Webalta.IB application` `Elastic: malicious (high confidence)` `Emsisoft: Gen:Variant.Application.Fragtor.10407 (B)` `F-Secure: Heuristic.HEUR/AGEN.1331238` `GData: Gen:Variant.Application.Fragtor.10407` `Google: Detected` `Ikarus: Trojan.Inject` `K7AntiVirus: Adware ( 005b2d521 )` `K7GW: Adware ( 005b2d521 )` `Kingsoft: malware.kb.a.994` `Lionic: Trojan.Win32.Toolbar.4!c` `Malwarebytes: WebAlta.Adware.ToolBar.DDS` `MaxSecure: Trojan.Malware.338151687.susgen` `McAfeeD: ti!37C727B441B4` `MicroWorld-eScan: Gen:Variant.Application.Fragtor.10407` `Microsoft: PUA:Win32/WebaltaToolbar` `Paloalto: generic.ml` `Rising: Adware.Toolbar!8.CB (TFE:5:CHytBcYkcgL)` `Sangfor: Trojan.Win32.Save.a` `SentinelOne: Static AI - Suspicious PE` `Sophos: Generic Reputation PUA (PUA)` `Symantec: ML.Attribute.HighConfidence` `Tencent: Malware.Win32.Gencirc.11e266e6` `Trapmine: malicious.high.ml.score` `VBA32: BScope.Trojan.Packed` `VIPRE: Gen:Variant.Application.Fragtor.10407` `Varist: W32/ABApplication.LQVQ-8817` `ViRobot: PUP.Webaltatoolbar.913936.C` `tehtris: Generic.Malware`

Hashes

MD5	`8a5a0fe786c43ae40be058cd3999ef1f`
SHA1	`e20b7664d6a5fe9530f731ea84cbc1f2bbcb9ada`
SHA256	`37c727b441b4fee690f05dc805309331033b77ff6870e134018284a2d523050f`
SHA3	`6b6ba1c27a120438599b319a3522c1fbab013a4919dab8b61f12f41b006a7875`
SSDeep	`24576:6BXcNebGaPUdDahxxeHewhwl+uTy+hUAo:6jGaPcyh+Pue+h`
Imports Hash	`92751cd4da741dc91c54cc6568acd3c3`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	1992-Jun-19 22:22:17
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_BYTES_REVERSED_HI` `IMAGE_FILE_BYTES_REVERSED_LO` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x96400`
SizeOfInitializedData	`0x47200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000973A0 (Section: CODE)`
BaseOfCode	`0x1000`
BaseOfData	`0x98000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xe4000`
SizeOfHeaders	`0x400`
Checksum	`0xea1ef`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

CODE

MD5	`8a471e9b18e489e789639dba81fb85a1`
SHA1	`4554faa52fc244ae35bf44bd962e889c24f78f57`
SHA256	`580fae0d18618ea7eb34579b9b35ee8687ed768481705231cbec62acffd3373b`
SHA3	`96825a904033012dc1d23451b5b0e47bf2bdcb6d1c8dbbdf4f2f4148a8d79802`
VirtualSize	`0x96400`
VirtualAddress	`0x1000`
SizeOfRawData	`0x96400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.70219`

DATA

MD5	`2069b7120271858a15759d8bc4628da0`
SHA1	`de443c2e40a131bb44a31e200f6253ea8995dc27`
SHA256	`afcb0bc94843ae0bf64bf5ede56d57014df677f2b8f1c9fcef668a1a17e09aa4`
SHA3	`6fe69867525b645f4044b67ee71091f4ccc159f7e8fa36e3bf275b2003c5e46a`
VirtualSize	`0x1ca0`
VirtualAddress	`0x98000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0x96800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.63894`

BSS

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xf4d`
VirtualAddress	`0x9a000`
SizeOfRawData	`0`
PointerToRawData	`0x98600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`70ca34a473b4aff07442754a2373a5ba`
SHA1	`01ece934ec8df19ad4f9be6274975e74f8a14b6a`
SHA256	`b5dbf26ba12a2548920b016aa2c3bb0ef495e35f9381a5a95d3a1849ac5cf0b9`
SHA3	`9fb3203b5a8c394f6149b64b3eb54e4265e0874216a8c3e6ec389c2ceb677774`
VirtualSize	`0x2754`
VirtualAddress	`0x9b000`
SizeOfRawData	`0x2800`
PointerToRawData	`0x98600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.00544`

.tls

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x10`
VirtualAddress	`0x9e000`
SizeOfRawData	`0`
PointerToRawData	`0x9ae00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rdata

MD5	`483f648e76ebf3ab8ec06246ab1a10e8`
SHA1	`b41ba14ef4e6108419e9e5a61735c5f7f6015343`
SHA256	`4986e3713121c67e3a69aed7ee54bdaee2a2664aa6ce234d854e0eed9be82466`
SHA3	`136faa52a0bcdc9716b77990a71a57b425b75f6a0ee47f263149be3be07b3d90`
VirtualSize	`0x18`
VirtualAddress	`0x9f000`
SizeOfRawData	`0x200`
PointerToRawData	`0x9ae00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`0.195201`

.reloc

MD5	`c09736148b2f2d774dca50f05ee18a67`
SHA1	`db6ca5f2a3f12b83a34fe4439ba08c24dffd4b57`
SHA256	`cd21a6b2be9fb1d3f1f69167a6eba46e0ff184c9e0533e4ded4ea3ed864ae3f5`
SHA3	`d2bf21bb3e5e1f8549249a36f4c0c7bcf3b1556b7793205df49e88f7a6acc472`
VirtualSize	`0x9630`
VirtualAddress	`0xa0000`
SizeOfRawData	`0x9800`
PointerToRawData	`0x9b000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`6.6961`

.rsrc

MD5	`299bb0922fe61c024eb3b4f51511c4b2`
SHA1	`380a55e9d128fa6b2b5686a1d7d9d0f83d31b677`
SHA256	`ab8c2404cfdf9ab5bdbff2b1a3a302d397ac89041aa4ceef0630ad2077f8f88d`
SHA3	`1dcea6c1493bde729c16ab1683cf95cb34b92165854017dc934e101b0f01a302`
VirtualSize	`0x3a000`
VirtualAddress	`0xaa000`
SizeOfRawData	`0x39200`
PointerToRawData	`0xa4800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`7.46929`

Imports

kernel32.dll	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetCurrentThreadId` `InterlockedDecrement` `InterlockedIncrement` `VirtualQuery` `WideCharToMultiByte` `MultiByteToWideChar` `lstrlenA` `lstrcpynA` `LoadLibraryExA` `GetThreadLocale` `GetStartupInfoA` `GetProcAddress` `GetModuleHandleA` `GetModuleFileNameA` `GetLocaleInfoA` `GetLastError` `GetCommandLineA` `FreeLibrary` `FindFirstFileA` `FindClose` `ExitProcess` `WriteFile` `UnhandledExceptionFilter` `SetFilePointer` `SetEndOfFile` `RtlUnwind` `ReadFile` `RaiseException` `GetStdHandle` `GetFileSize` `GetFileType` `CreateFileA` `CloseHandle`
user32.dll	`GetKeyboardType` `LoadStringA` `MessageBoxA` `CharNextA`
advapi32.dll	`RegQueryValueExA` `RegOpenKeyExA` `RegCloseKey`
oleaut32.dll	`SysFreeString` `SysReAllocStringLen` `SysAllocStringLen`
kernel32.dll (#2)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetCurrentThreadId` `InterlockedDecrement` `InterlockedIncrement` `VirtualQuery` `WideCharToMultiByte` `MultiByteToWideChar` `lstrlenA` `lstrcpynA` `LoadLibraryExA` `GetThreadLocale` `GetStartupInfoA` `GetProcAddress` `GetModuleHandleA` `GetModuleFileNameA` `GetLocaleInfoA` `GetLastError` `GetCommandLineA` `FreeLibrary` `FindFirstFileA` `FindClose` `ExitProcess` `WriteFile` `UnhandledExceptionFilter` `SetFilePointer` `SetEndOfFile` `RtlUnwind` `ReadFile` `RaiseException` `GetStdHandle` `GetFileSize` `GetFileType` `CreateFileA` `CloseHandle`
advapi32.dll (#2)	`RegQueryValueExA` `RegOpenKeyExA` `RegCloseKey`
kernel32.dll (#3)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetCurrentThreadId` `InterlockedDecrement` `InterlockedIncrement` `VirtualQuery` `WideCharToMultiByte` `MultiByteToWideChar` `lstrlenA` `lstrcpynA` `LoadLibraryExA` `GetThreadLocale` `GetStartupInfoA` `GetProcAddress` `GetModuleHandleA` `GetModuleFileNameA` `GetLocaleInfoA` `GetLastError` `GetCommandLineA` `FreeLibrary` `FindFirstFileA` `FindClose` `ExitProcess` `WriteFile` `UnhandledExceptionFilter` `SetFilePointer` `SetEndOfFile` `RtlUnwind` `ReadFile` `RaiseException` `GetStdHandle` `GetFileSize` `GetFileType` `CreateFileA` `CloseHandle`
version.dll	`VerQueryValueW`
gdi32.dll	`UnrealizeObject` `StretchBlt` `SetWindowOrgEx` `SetWinMetaFileBits` `SetViewportOrgEx` `SetTextColor` `SetStretchBltMode` `SetROP2` `SetPixel` `SetEnhMetaFileBits` `SetDIBColorTable` `SetBrushOrgEx` `SetBkMode` `SetBkColor` `SelectPalette` `SelectObject` `SaveDC` `RestoreDC` `Rectangle` `RectVisible` `RealizePalette` `Polyline` `PlayEnhMetaFile` `PatBlt` `MoveToEx` `MaskBlt` `LineTo` `IntersectClipRect` `GetWindowOrgEx` `GetWinMetaFileBits` `GetTextMetricsA` `GetTextExtentPoint32A` `GetSystemPaletteEntries` `GetStockObject` `GetPixel` `GetPaletteEntries` `GetObjectA` `GetEnhMetaFilePaletteEntries` `GetEnhMetaFileHeader` `GetEnhMetaFileBits` `GetDeviceCaps` `GetDIBits` `GetDIBColorTable` `GetDCOrgEx` `GetCurrentPositionEx` `GetClipBox` `GetBrushOrgEx` `GetBitmapBits` `GdiFlush` `ExcludeClipRect` `DeleteObject` `DeleteEnhMetaFile` `DeleteDC` `CreateSolidBrush` `CreatePenIndirect` `CreatePalette` `CreateHalftonePalette` `CreateFontIndirectA` `CreateDIBitmap` `CreateDIBSection` `CreateCompatibleDC` `CreateCompatibleBitmap` `CreateBrushIndirect` `CreateBitmap` `CopyEnhMetaFileA` `BitBlt`
user32.dll (#2)	`GetKeyboardType` `LoadStringA` `MessageBoxA` `CharNextA`
kernel32.dll (#4)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetCurrentThreadId` `InterlockedDecrement` `InterlockedIncrement` `VirtualQuery` `WideCharToMultiByte` `MultiByteToWideChar` `lstrlenA` `lstrcpynA` `LoadLibraryExA` `GetThreadLocale` `GetStartupInfoA` `GetProcAddress` `GetModuleHandleA` `GetModuleFileNameA` `GetLocaleInfoA` `GetLastError` `GetCommandLineA` `FreeLibrary` `FindFirstFileA` `FindClose` `ExitProcess` `WriteFile` `UnhandledExceptionFilter` `SetFilePointer` `SetEndOfFile` `RtlUnwind` `ReadFile` `RaiseException` `GetStdHandle` `GetFileSize` `GetFileType` `CreateFileA` `CloseHandle`
oleaut32.dll (#2)	`SysFreeString` `SysReAllocStringLen` `SysAllocStringLen`
ole32.dll	`CoUninitialize` `CoInitialize`
oleaut32.dll (#3)	`SysFreeString` `SysReAllocStringLen` `SysAllocStringLen`
comctl32.dll	`ImageList_SetIconSize` `ImageList_GetIconSize` `ImageList_Write` `ImageList_Read` `ImageList_GetDragImage` `ImageList_DragShowNolock` `ImageList_SetDragCursorImage` `ImageList_DragMove` `ImageList_DragLeave` `ImageList_DragEnter` `ImageList_EndDrag` `ImageList_BeginDrag` `ImageList_Remove` `ImageList_DrawEx` `ImageList_Draw` `ImageList_GetBkColor` `ImageList_SetBkColor` `ImageList_ReplaceIcon` `ImageList_Add` `ImageList_GetImageCount` `ImageList_Destroy` `ImageList_Create` `InitCommonControls`
shell32.dll	`SHFileOperationW`
wininet.dll	`InternetSetDialState` `ReadUrlCacheEntryStream` `GopherCreateLocatorA` `GetUrlCacheEntryInfoA`
comdlg32.dll	`PageSetupDlgA` `FindTextA`
user32.dll (#3)	`GetKeyboardType` `LoadStringA` `MessageBoxA` `CharNextA`
advapi32.dll (#3)	`RegQueryValueExA` `RegOpenKeyExA` `RegCloseKey`

Delayed Imports

1

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2025-Oct-24 15:17:36
Entropy	`2.6633`
MD5	`ff4e5862f26ea666373e5fab2bddfb11`
SHA1	`cfa13c0ab30f1bbd566900dee3631902f9b6451c`
SHA256	`b8e6fc93d423931acbddae3c27dd3c4eb2a394005d746951a971cb700e0ee510`
SHA3	`91dae12a9f43c5443e0661091a336f882fa1482f75fa9a57c9298d1d70c8ae69`

2

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2025-Oct-24 15:17:36
Entropy	`2.80231`
MD5	`2e87b3c111e3073a841775c1f8ec5a90`
SHA1	`20292304fa2ef1bfdc4a1000e90a1c16d4765a96`
SHA256	`ce19ace18e87b572e6912306776226af5b8e63959c61cde70a8ff05b3bbdcc41`
SHA3	`9527f09e739c2064835800a7e5c317cb422bdd7237f00fca079a1c62f58a2612`

3

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2025-Oct-24 15:17:36
Entropy	`3.00046`
MD5	`a04c3c368cb37c07bd5f63e7e6841ebd`
SHA1	`699300bceaa1256818c43fecfc8cad93a59156b2`
SHA256	`ee1c9c194199c320c893b367602ccc7ee7270bd4395d029f727e097634f47f8c`
SHA3	`58722e3138aad1382e284c1605ecd665ced536de4906749ac8d6e11252cc9558`

4

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2025-Oct-24 15:17:36
Entropy	`2.56318`
MD5	`9929115b21c2c59348058d4190392e75`
SHA1	`626fba1825d572ea441d36363307c9935de3c565`
SHA256	`9d9edf87ca203ecc60b246cc783d54218dd0ce77d3a025d0bafc580995a4abd8`
SHA3	`fea156e872544252c625076a6bf3baa733ee5b3d5399716e156734af7a841369`

5

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2025-Oct-24 15:17:36
Entropy	`2.6949`
MD5	`f321ad13d1c3f35a05d67773b4bc27d6`
SHA1	`30aded8525417e2531d5eb88bf2f868172945baa`
SHA256	`99676c52310db365580965ea646ece86c62951bfd97ec0aae9f738a202a90593`
SHA3	`04c839da98a8c50a36697076af5bc6d527560a69153b2f718f065908fd4fe3ad`

6

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2025-Oct-24 15:17:36
Entropy	`2.62527`
MD5	`5ca217e52bdc6f23b43c7b6a23171e6e`
SHA1	`d99dc22ec1b655a42c475431cc3259742d0957a4`
SHA256	`11726dcf1eebe23a1df5eb0ee2af39196b702eddd69083d646e4475335130b28`
SHA3	`b358d8a5b0f400dd2671956ec45486ae1035556837b5289df5f418fe69348b3f`

7

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2025-Oct-24 15:17:36
Entropy	`2.91604`
MD5	`6be7031995bb891cb8a787b9052f6069`
SHA1	`487eb59fd083cf4df02ce59d9b079755077ba1b5`
SHA256	`6f938aab0a03120de4ef8b27aff6ba5146226c92a056a6f04e5ec8d513ce5f9d`
SHA3	`0f1c6c0378a3646c9fbf3678bbeeccf929d32192f02d1ea9d6ba0be5c769e6ab`

1 (#2)

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.21237`
MD5	`80332cf15769fbc5fbcd404bb4ce9750`
SHA1	`cf8d03205a011181169b6c578c6efd60e126bc77`
SHA256	`dc4e75f605b585bc91c2088fdae93aee02c598276186c9a18b0706ef40668797`
SHA3	`6e149a9d87845195e0b5734ef707916b4c94e1a32e6b0d5eba873988d7343e75`

2 (#2)

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.59748`
MD5	`eb85eaa1b9f8247b7ac76b039bc83d47`
SHA1	`910cd2428c287a854c16ff2e0118ebf8ab068bb4`
SHA256	`2200e59a6da074958aa15dd4e46b074b342882c2b7b0fa98f5baac5b3b7618e0`
SHA3	`e96e691f59b82c659468538ec84699397026d76eec3e901a782d3de5229ab4f6`

3 (#2)

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.24145`
MD5	`4496b7e9b149903cf1581c76462b4fbf`
SHA1	`eecd2b94649b64dd168adbbf28f89b6b0d35506a`
SHA256	`61cdc92d4068a7ebdb2fb80922ef90c3636933a05cfe4d47b040ee52ced740d9`
SHA3	`0b04817baf5d7fd0f77ec56d85bf7498e7aff81b6c7312e87275c858ca5dda00`

4 (#2)

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.48582`
MD5	`c84e8a790fb9884001c995e908a73ccc`
SHA1	`3dfe9d2793f483eab7467cfbfbb2e9e56d0ba712`
SHA256	`a26f78e3abd78a0b01510684981bbc7858746c15ee5b434e8165d68b027fc91e`
SHA3	`724871bf7b66e2f0ee4828c0433038e9b3401c8cf50d8c8f20ff996aedbbb38d`

5 (#2)

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.22047`
MD5	`c457c5048c58d20ca1461d1eab148745`
SHA1	`3bee6e46f8fde19c7b9eb4940f61a1b1e2a2d9c8`
SHA256	`efeeb2de14407154b161c2ffdcb5e6d9f7ac6e04d4979149687f6af08aa9ac0a`
SHA3	`d2ccaa41d4bbd1db7db5d900f7d0ee9623d35af9c38d7050b85fc3b3c5a36972`

6 (#2)

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x16b4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.31534`
MD5	`d2348b63c10fad41ae1ac667d6ebe47e`
SHA1	`d8906c9e78b42a536cc0f4bcc6a2aa4bc48c48d8`
SHA256	`ac662e3e794e23552fd0e40c2b6c7abbd94c445a1d562f8c3df7ab0b8ea2a4a6`
SHA3	`2ade869a81c18fb6b813bca7dd1a64202a3a3a3135baee4ad82dee9f651893c5`

7 (#2)

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x1a68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.38052`
MD5	`ed4837589d34cf234ae154491f0216f6`
SHA1	`2061620f2bab77a0b5f7c2ee73a899289ee212e5`
SHA256	`426aea4db9bc1300a257f8da0d28d94ffd223f3d2d72d2e80b64d39be57d48b8`
SHA3	`cfdae187efde1dd4aee0c32f856efdd51c9887f969045ba86ba9c053ba55faa2`

DLGTEMPLATE

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x52`
TimeDateStamp	2025-Oct-24 15:17:36
Entropy	`2.5627`
MD5	`db949b51eec31f37281a7fa424a3e158`
SHA1	`f61214ce31a91d174e77f12c90f18ddd4e265a1d`
SHA256	`771f64afb45a9edc8c4f6c5b2039f9b32623cea53bf0cab5bf1f371cc5d1abe4`
SHA3	`4a2bc09771734352d594a48fe2249ca0697c471d80a4001f60c6d86c46b6319e`

BITMAP

Type	`RT_RCDATA`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x9422`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.96472`
Detected Filetype	JPEG graphic file
MD5	`c0bc749657c910c923e958fee3ac04ae`
SHA1	`a365eb4be8c3d4261cc3be6dca07f9fa9370b326`
SHA256	`cefa1250e1d07538c61073f67624f741f60f3dd9fc0c048ce413f48547711400`
SHA3	`fa84e2ec206aa1d8eceb0dcbee93e76a51e55249f0128b0031a8f51db49777f7`

DVCLAL

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10`
TimeDateStamp	2025-Oct-24 15:17:36
Entropy	`4`
MD5	`d8090aba7197fbf9c7e2631c750965a8`
SHA1	`04f73efb0801b18f6984b14cd057fb56519cd31b`
SHA256	`88d14cc6638af8a0836f6d868dfab60df92907a2d7becaefbbd7e007acb75610`
SHA3	`a5a67ad8166061d38fc75cfb2c227911de631166c6531a6664cd49cfb207e8bb`

PACKAGEINFO

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x328`
TimeDateStamp	2025-Oct-24 15:17:36
Entropy	`5.3255`
MD5	`b7c91ea815bd14af6857003cf32fa6d4`
SHA1	`f7e63dc894da0b632829ca0c273384683d07fb40`
SHA256	`0adb258b0a0e97437b439002a74f6fd96a6a9bc2e11323a772558b26d7940f61`
SHA3	`ee2a27e45548d874eeffd6bd584d20577952212be88e4d7f807b184eb1290481`

TLOGINDIALOG

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x494`
TimeDateStamp	2025-Oct-24 15:17:36
Entropy	`5.41656`
MD5	`0a8f8f01d73a44db20db5228ff69bff5`
SHA1	`864f54c223cb1a63f774656e3bd917f6840eb62d`
SHA256	`4ced9507eb8afb32e0a8c3bb98492876cabadbda831202a629e84f4de35cac8d`
SHA3	`5cb9559ee1dc5151e0c17a9b2b02d53fd17c059290ee1707f8c5035911df634e`

TMVEOPQW

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xca8`
TimeDateStamp	2025-Oct-24 15:17:36
Entropy	`5.88197`
MD5	`c504202a22e693c25709c9b584052fbf`
SHA1	`bc0927224e5b16a4021449036c997e4cfd905615`
SHA256	`e98c6ee06f03e8688f1af28200957a2e45a76adec49eb6373910e12e2741763a`
SHA3	`7d23010cd996363e1bb32cff05a48d071093dade8aa7c585c56b9b5701186fc0`

TPASSWORDDIALOG

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3c4`
TimeDateStamp	2025-Oct-24 15:17:36
Entropy	`5.41548`
MD5	`72bff64571f7bc5f84fe6f90017730d5`
SHA1	`24d1404b46334cc82db6d8c7b9aaf38ae846d833`
SHA256	`4e5728d0faff235d9b94df07cfb963dfa005d1481835331448b88fc3873eb6a5`
SHA3	`89290d932895a31d1a8cc14a70fa764e1e048a7ebe3f190472ed7f7c1ba951fe`

TRHTRGH6556GHFGJ

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x135`
TimeDateStamp	2025-Oct-24 15:17:36
Entropy	`5.54034`
MD5	`b17b812083a3252513a9e000fcea4dab`
SHA1	`ba38e4b3a87f77067a39ffaa7e79e360d663ab20`
SHA256	`46b79870d68000a6e22f565571d9e87bab54e56b20a573a9e9a48bbb46cba5fa`
SHA3	`5ffa2c0bdf88936861500694c8d19a784106715aaa6e65e2b78d45f0abd6bcb6`

TVUDJUMNBCS40

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x107d`
TimeDateStamp	2025-Oct-24 15:17:36
Entropy	`5.8625`
MD5	`9804151d5ba0fa71025bfbe3e385772e`
SHA1	`3f1ca8010287ebdbabfabdc493aab2d6a1481ade`
SHA256	`7ec6c379c0e9bc3796e969aebf21b30772196b85680239bbf6fdc6655f4f8e8f`
SHA3	`27c31a480c31bbcfa73e336501891c9236c9aa9846371e869fa2699aa1df5b8c`

32761

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2025-Oct-24 15:17:36
Entropy	`1.83876`
Detected Filetype	Cursor file
MD5	`a2baa01ccdea3190e4998a54dbc202a4`
SHA1	`e8217df98038141ab4e449cb979b1c3bbea12da3`
SHA256	`c53efa8085835ba129c1909beaff8a67b45f50837707f22dfff0f24d8cd26710`
SHA3	`8874564c406835306368adf5e869422e1bb97109b97c1499caa8af219990e8dc`
Preview

32762

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2025-Oct-24 15:17:36
Entropy	`1.91924`
Detected Filetype	Cursor file
MD5	`aff0f5e372bd49ceb9f615b9a04c97df`
SHA1	`e3205724d7ee695f027ab5ea8d8e1a453aaad0dd`
SHA256	`b07e022f8ef0a8e5fd3f56986b2e5bf06df07054e9ea9177996b0a6c27d74d7c`
SHA3	`9cb042121a5269b80d18c3c5a94c0e453890686aedade960097752377dfa9712`
Preview

32763

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2025-Oct-24 15:17:36
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`48e064acaba0088aa097b52394887587`
SHA1	`310b283d52aa218e77c0c08db694c970378b481d`
SHA256	`43f40dd5140804309a4c901ec3c85b54481316e67a6fe18beb9d5c0ce3a42c3a`
SHA3	`38753084b0ada40269914e80dbacf7656dc94764048bd5dff649b08b700f3ed5`
Preview

32764

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2025-Oct-24 15:17:36
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`1ae28d964ba1a2b1b73cd813a32d4b40`
SHA1	`8883cd93b8ef7c15928177de37711f95f9e4cd22`
SHA256	`ff47a48c11c234903a7d625cb8b62101909f735ad84266c98dd4834549452c39`
SHA3	`a85dadd416ce2d22aa291c0794c45766a0613b853c6e3b884a2b05fc791427b8`
Preview

32765

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2025-Oct-24 15:17:36
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`0893f6ba80d82936ebe7a8216546cd9a`
SHA1	`0754cbdf56c53de9ed7fbd47859d20b788c6f056`
SHA256	`a0adcedb82b57089f64e2857f97cefd6cf25f4d27eefc6648bda83fd5fef66bb`
SHA3	`ce6148ade08ef9b829f83cb13b4c650d9d4a7012bfd1ab697a7870a05f4104f8`
Preview

32766

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2025-Oct-24 15:17:36
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`dcaa3c032fe97281b125d0d8f677c219`
SHA1	`58fe36409f932549e2f101515abee7a40cf47b2c`
SHA256	`6e1e7738a1b6373d8829f817915822ef415a1727bb5bb7cfe809e31b3c143ac5`
SHA3	`02ef292e1b4a70e439e362af6b4fa213e3816ade45222b78dabab712b6afba54`
Preview

32767

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2025-Oct-24 15:17:36
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`a95c7c78d0a0b30b87e3c4976e473508`
SHA1	`b19f3999f1b302a2d28977cb18a3416c918d486c`
SHA256	`326c048595bbc72e3f989cb3b95fbf09dc83739ced3cb13eb6f03336f95d74f1`
SHA3	`8157b4e6afa7ed2e2ffc174d655bec9fb81db609e4c5864faa5ead931ff60689`
Preview

MAINICON

Type	`RT_GROUP_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.96099`
Detected Filetype	Icon file
MD5	`31ba57977f44afee18df9e51cbc2fdfd`
SHA1	`7a0bbb268488b8c9dccf4e8ccc5ab294e1fb38c9`
SHA256	`24255097f257f1e1390a49b43b0b66d6d71029b5aa59b496c0907cf31ab9c671`
SHA3	`de1f58fb81e5013eeedd20a709e94fe64481f054775ff52775faeb1f423928e0`

1 (#3)

Type	`RT_MANIFEST`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x2c0`
TimeDateStamp	2025-Oct-24 15:17:36
Entropy	`5.15098`
MD5	`2d3663fe52ca04d109b426855a73c489`
SHA1	`8bd40e82f67f9d7d8f50704bc4c2d19647d7e60a`
SHA256	`a94a7d7c71e7ce682adca92ad7dca89b65fb26a62d0be10dccdb630bc07d8642`
SHA3	`4603130c456665053ac4e77eb8a63ab7243d26d5b5a5e00b396fa6a6a116ba11`

Version Info

TLS Callbacks

StartAddressOfRawData	`0x49e000`
EndAddressOfRawData	`0x49e010`
AddressOfIndex	`0x49a710`
AddressOfCallbacks	`0x49f010`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`(EMPTY)`

Load Configuration

RICH Header

Errors

[*] Warning: Section BSS has a size of 0!
[*] Warning: Section .tls has a size of 0!
[*] Warning: [plugin_authenticode] Hashing algorithm 1.2.840.1015.13.2.5 is not supported.

Leave a comment

No comments yet.