Manalyze report for 3951bb153223649f5921ff23ecc23620

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2006-Dec-07 08:33:40
Detected languages	English - United States French - France
Debug artifacts	c:\Prog\Totemtech\Zouna\Csr\CSRTNLBF.pdb

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 7.1` `Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++ v7.0` `Microsoft Visual C++ v7.1 EXE` `Microsoft Visual C++ 7.0 MFC` `MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Tries to detect virtualized environments: b3 eb 36 e4 4f 52 ce 11 9f 53 00 20 af 0b a7 70 d1 29 06 e3 e5 27 ce 11 87 5d 00 60 8c b7 80 66` `Miscellaneous malware strings: cmd.exe` `Contains domain names: -LightDir.xyz LightDir.xyz command.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Can access the registry: RegFlushKey RegQueryValueExA RegSetValueExA RegOpenKeyExA RegCreateKeyExA RegCloseKey` `Possibly launches other programs: CreateProcessA` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Enumerates local disk drives: GetDriveTypeA`
Safe	VirusTotal score: 0/61 (Scanned on 2017-03-17 15:19:27)	`All the AVs think this file is safe.`

Hashes

MD5	`3951bb153223649f5921ff23ecc23620`
SHA1	`a7a41018f3cd8be7f59c9c01fbf08c5c01e41f1a`
SHA256	`4c30ba8a6117f39fbe65f0d62cec9b2b92f38d7374e41ddd7af787ec5db17cfd`
SHA3	`19ca2b6a939418bc483ff6afdc1695cbb70af654dd055028de16f61add57dbde`
SSDeep	`24576:5XhuiHildwVfD9w1HQVdxMR9DPoPV+AL6/4oIMsp114kwec2IJmX0LV/G1dMB1d:dh2UfDe1GxSoPVjMsp1twecwHMBT1M`
Imports Hash	`f2d22917c2888e9ea1bac5d3d09e2003`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2006-Dec-07 08:33:40
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`7.0`
SizeOfCode	`0x181000`
SizeOfInitializedData	`0x7a000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0016397A (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x182000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x1fc000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`1c7cb833349ca69228b708c2f98d314a`
SHA1	`ff22a42b658a4788c21d93799a27ff9417e56470`
SHA256	`e58ab8b1a870cea6fe5420fd1c088c648e06c9d871715f635703b48502f99efe`
SHA3	`214a24808b0cc37687ed8b5c4a138485548e93aae77bc1cbf31ccbbade9257ec`
VirtualSize	`0x18097a`
VirtualAddress	`0x1000`
SizeOfRawData	`0x181000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.37553`

.rdata

MD5	`3c1f8de22cbbada10d1574cdb9eea0cc`
SHA1	`091af9e96e940e1783ef6fbf5de16ead4756d82f`
SHA256	`41e1f683ec1c5c535a420bebbddfa36cf8de49439dbb639284f2a326ffea1e08`
SHA3	`538515b23f1d2f8b162f109579b73c7691c7e9c2cecab843b5f7fe547a8d8a8d`
VirtualSize	`0x2e86c`
VirtualAddress	`0x182000`
SizeOfRawData	`0x2f000`
PointerToRawData	`0x182000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.72851`

.data

MD5	`7b608feb049e66fd99c972e897b57e97`
SHA1	`922ba8d1759df8dc31c5a2e9a154f2e5a375a3ca`
SHA256	`fe81b9d1ebc6fc208ad693b4c3c29cd4e034da653a9c2ff964ad4c4edfd110da`
SHA3	`d947e84b2159d255d623123c2f7a4ff8811fc49223ca2b13cacc08d88c4818a5`
VirtualSize	`0x21d24`
VirtualAddress	`0x1b1000`
SizeOfRawData	`0x7000`
PointerToRawData	`0x1b1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.09636`

.rsrc

MD5	`a7d61a8a70544bcf72d3bccc8e7dd190`
SHA1	`45b50f134030620d99d23ad0d8e14e5897728b67`
SHA256	`f4a342c73f269c945b235f63b5dfa9af9926ad3eced823da569b45e2c26b4a4c`
SHA3	`cb0d1bd1a8e1c03a4b1e2bfb3d5acb64d7ee4e47e0695c2074f151d3c9c82384`
VirtualSize	`0xd260`
VirtualAddress	`0x1d3000`
SizeOfRawData	`0xe000`
PointerToRawData	`0x1b8000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.05955`

.reloc

MD5	`892b9b13741adf06a7639dd4f5d1ef0c`
SHA1	`e77dc1f1def9255e6d61c500fd81d49871872a14`
SHA256	`0d6b803570e8c3bd7eefb736df420b60f26a2e1d1d3d2e1652ffb45c3430641d`
SHA3	`65445d73b05e9d90e82d75c9fee19dbf45b2dbae45625b3983afafecd58ee516`
VirtualSize	`0x1a67e`
VirtualAddress	`0x1e1000`
SizeOfRawData	`0x1b000`
PointerToRawData	`0x1c6000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.34685`

Imports

COMCTL32.dll	`#17`
DINPUT8.dll	`DirectInput8Create`
d3dx9_27.dll	`D3DXMatrixMultiply` `D3DXCompileShaderFromResourceA`
d3d9.dll	`Direct3DCreate9`
DDRAW.dll	`DirectDrawCreate`
DSOUND.dll	`#1`
WINMM.dll	`timeKillEvent` `timeSetEvent` `sndPlaySoundA`
KERNEL32.dll	`OutputDebugStringA` `MultiByteToWideChar` `LoadLibraryA` `Sleep` `LCMapStringA` `CreateFileA` `FlushFileBuffers` `SetStdHandle` `GetTimeZoneInformation` `RaiseException` `InterlockedExchange` `GetCPInfo` `GetOEMCP` `GetACP` `GetStringTypeW` `GetStringTypeA` `IsBadCodePtr` `IsBadReadPtr` `SetUnhandledExceptionFilter` `GetFileAttributesA` `VirtualQuery` `WaitForSingleObject` `GetTickCount` `ReadFile` `SetFilePointer` `CloseHandle` `GetFileType` `SetHandleCount` `GetEnvironmentStringsW` `WideCharToMultiByte` `FreeEnvironmentStringsW` `GetEnvironmentStrings` `FreeEnvironmentStringsA` `UnhandledExceptionFilter` `GetStdHandle` `WriteFile` `GetModuleFileNameA` `GetSystemTimeAsFileTime` `GetCurrentProcessId` `GetCurrentThreadId` `QueryPerformanceCounter` `HeapSize` `IsBadWritePtr` `VirtualAlloc` `VirtualFree` `HeapCreate` `GetCommandLineA` `GetDriveTypeA` `GetUserDefaultLangID` `LCMapStringW` `VirtualProtect` `GetExitCodeProcess` `SetConsoleCtrlHandler` `CreateProcessA` `HeapDestroy` `GetSystemInfo` `RemoveDirectoryA` `SetCurrentDirectoryA` `DeleteFileA` `CompareStringW` `CompareStringA` `SetEndOfFile` `GetCurrentDirectoryA` `HeapFree` `RtlUnwind` `HeapAlloc` `HeapReAlloc` `ExitProcess` `GetProcAddress` `GetModuleHandleA` `TerminateProcess` `GetCurrentProcess` `GetStartupInfoA` `GetVersionExA` `FindClose` `FileTimeToSystemTime` `FileTimeToLocalFileTime` `GetLastError` `FindFirstFileA` `FindNextFileA` `CreateDirectoryA` `SetEnvironmentVariableA` `GetLocaleInfoA`
USER32.dll	`LoadIconA` `GetKeyNameTextA` `ShowWindow` `GetSysColor` `GetDC` `ReleaseDC` `AppendMenuA` `CheckMenuItem` `EnableMenuItem` `ClientToScreen` `TrackPopupMenu` `LoadMenuA` `GetSubMenu` `MessageBoxA` `InvalidateRect` `GetClientRect` `GetWindowLongA` `EndDialog` `SetWindowTextA` `GetWindowTextA` `CallWindowProcA` `CreateDialogParamA` `GetDlgItem` `GetWindowRect` `LoadCursorA` `RegisterClassA` `CreateWindowExA` `GetSystemMetrics` `SetWindowLongA` `UpdateWindow` `SetFocus` `SetWindowPos` `ShowCursor` `PostQuitMessage` `DefWindowProcA` `SetCursor` `SendMessageA` `DispatchMessageA` `TranslateMessage` `PeekMessageA` `GetMessageA`
GDI32.dll	`CreateBrushIndirect` `StretchDIBits` `CreateFontA` `GetStockObject` `CreatePen`
ADVAPI32.dll	`RegFlushKey` `RegQueryValueExA` `RegSetValueExA` `RegOpenKeyExA` `RegCreateKeyExA` `RegCloseKey`
ole32.dll	`CoUninitialize` `CoInitialize` `CoCreateInstance`

Delayed Imports

1

Type	`RT_ICON`
Language	French - France
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.15279`
MD5	`6a3b24cf3070d58d196400cdcf85f690`
SHA1	`15ff9800727516f0eab7d4b1abecd59207d5dd90`
SHA256	`5219a0e1c6cd5cbbd6b584dc3abbf3ef2e00475699b52416d268ca10a4d45d5e`
SHA3	`340e7d4dd415d8e7ea9ec8669c3b783fc4db0d5686c2fb9f8623ba42480c94e6`

2

Type	`RT_ICON`
Language	French - France
Codepage	UNKNOWN
Size	`0xca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.62204`
MD5	`47e1c848a1998d2c5d6d0e13f50d1db1`
SHA1	`57eec810b1d556ffdbce79c2b526af0d1a93fe45`
SHA256	`e4eec5fb238406a87923fe6f8bd933ac4a057b1ea8e8b65d973853f83de59e61`
SHA3	`fa437fbef92b5b0755fc21e156e2101b20f342fe04bd933b7e99bad37aa165ed`

3

Type	`RT_ICON`
Language	French - France
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.49391`
MD5	`b6251fac8572df0eee2cacbfea423790`
SHA1	`2d6f6ab5307555996a20ee44ee42b2ff3f68f1ee`
SHA256	`b57f3db1c522ce0d2dc879f08cc0c726950e6df1da5401a938afe060cec120d7`
SHA3	`83a76e21f8ed969ef021d90e36f15a137dc1229663b8dedfa4cd0c3e376cf9af`

4

Type	`RT_ICON`
Language	French - France
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.53246`
MD5	`7dc03b62b48d4c357dfd14f1c62125ab`
SHA1	`7ac214abbbc7944db1a5554953f4bf87b5b81a1f`
SHA256	`4b7ed035b84bff2476024d8427492e03f6e55b667dc4a64f67606886f48ca516`
SHA3	`c7e1d8fe9a8694bd12e0adb269a60db43fdc280daac53a9f43ddea27d0c896e5`

117

Type	`RT_MENU`
Language	French - France
Codepage	UNKNOWN
Size	`0x890`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.44485`
MD5	`168fafd0894c4ace02a750330838c4ed`
SHA1	`ef58f66fa996bd957009e7d5af25d3b957ce08ef`
SHA256	`9701588754a762422ec2c4d20faa4cc946a72da9a5e0f726824ae7a614823951`
SHA3	`3fb7a01b15d4b66fe37fd16372200ef9eb0eb1ba0be3b0e202d294c88b593b4d`

109

Type	`RT_DIALOG`
Language	French - France
Codepage	UNKNOWN
Size	`0x2f8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.87112`
MD5	`3b904a071dd57590e7715672f5d4d1c5`
SHA1	`b42db359839a01ec0ffa89fc18cd7f25c71b7e88`
SHA256	`5ca5ad8447200b853da4e070428e86ca3f829dace891dc57305c69516a42cd86`
SHA3	`409ca8ecf09b46132a773267691c2437ce022b2616b9b709dd0499c365b15179`

114

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x28c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.51827`
MD5	`0f8f96efc87d175ba455308e886f471d`
SHA1	`d0e1f6e10b5c4a7c82eb271a510a986c8b6c191d`
SHA256	`9539106906e0cf44510decc6842ede493155742af07f5524078dd2b59fbccd5e`
SHA3	`7f02307712379dc2aa088be48f2470fe06a986f8f00845a4c090e06791522ea6`

123

Type	`RT_DIALOG`
Language	French - France
Codepage	UNKNOWN
Size	`0x3a0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.00687`
MD5	`5d42a718e3a168a7d82e19dc5ae06770`
SHA1	`9dd1abfebb594367918507555b6aa1f1847de163`
SHA256	`1ff0087d818b7e3ab4ab20ad557326ba85cad592847295de13cdf6c4363412b1`
SHA3	`311c30b10086578d8ba9ddb41e1c20d1da279a29b0a81cfec754bae521431ae9`

124

Type	`RT_DIALOG`
Language	French - France
Codepage	UNKNOWN
Size	`0x36`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.30526`
MD5	`2872aec2caf465b347291950ae0aced7`
SHA1	`0c49fb21c50e0ae63fa16cdba454ac28ef78312d`
SHA256	`94d57a85806cf435f38ad97e209b89a6e82dd6182e2964c97ab9aae584655eec`
SHA3	`4749306256d45aa70694042d87383cc0ca1c6e30f640f0c2a05f92724d7b82c8`

125

Type	`RT_DIALOG`
Language	French - France
Codepage	UNKNOWN
Size	`0x314`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.31785`
MD5	`f7a0cde99e752de030236772eaf433c5`
SHA1	`be6adf420d0c7724aa0d7f067fee8675cddd1d76`
SHA256	`eef4a0c9ac94ecb00fea3228c5014e7f6a1a411f384fae524614bd22bc066d53`
SHA3	`e4ecf7e3cbbfa38265c9abc399bc968ddbadaf820ebf324b3b6d9cd169b5c3bc`

126

Type	`RT_DIALOG`
Language	French - France
Codepage	UNKNOWN
Size	`0xf6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.35585`
MD5	`9a2352d6bdb22eeef7ca2c064a82d163`
SHA1	`3d65e3a207a49bd5e7a4faa1401f0ac01f537711`
SHA256	`c9761118abe2d0b305bbecf436139448891aa1fdb11d7f3b9d9d1e774b388e80`
SHA3	`74a7b7ba14dd361d440e2290ea47f86839b9006842cc9b01c105a62d3e8c3d97`

127

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x28a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41959`
MD5	`e9fec5610113d5d24f2e0e049ab549e3`
SHA1	`dd481f30653d2f21af95c876e830dbeea3406934`
SHA256	`50a7a2ec5770c44a74f9b8cad5acc768ec60b1013d09a4cef910bf4f1541717a`
SHA3	`9e5f485fdc364325c70ead8c60d67105512614fc7487074424224ccb62e26399`

133

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2dc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.48149`
MD5	`633e30f9346d51e8be3637531e12a3a2`
SHA1	`4a8fd6abaf4369a9f56d7e7d97eea11183070375`
SHA256	`dc42333853aabb401553391a89b0f4d02c7916254ed84685bd5bbcebe75ca3e5`
SHA3	`feb64154c45ee17c0184947d2e650275c86bf32d1bb2c1e8fc223a47a3389208`

134

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x88`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.10565`
MD5	`76576efb1880a77da340cb5d3b119fbe`
SHA1	`3b40c917a54315ea14692aedd31f6ea4f779ab83`
SHA256	`339fb79e4b24eb4d37b0b635cc126e078fe1dfc1df887c92a1ca7830c90ba5ba`
SHA3	`9ddb107faacf30191590c218650393bac7db24831d88c510798ddd3224b93ecc`

148

Type	`RT_RCDATA`
Language	French - France
Codepage	UNKNOWN
Size	`0x778`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.13815`
MD5	`7fe7c897d6ada1d06c44f74c544a6135`
SHA1	`8049b4b698311ae16a6fdacbbb73c7086d09f7a1`
SHA256	`9ec1e0e9edcf0da9fefb229e5571ee4f1185bd03c0b71e3a6d2cc3c5fd93bfa1`
SHA3	`1dfc050fd8ee89258b6722fb48d24b5d2e59991821c1a7b5ed7377f4b2e35960`

149

Type	`RT_RCDATA`
Language	French - France
Codepage	UNKNOWN
Size	`0x691`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.09588`
MD5	`753835134f9e67eec314acef2dc4a001`
SHA1	`93bea9db7552e981d4b0b828d810e9ea0939edfd`
SHA256	`388cb28eade336e07bf1e591a0b9cffc079086ba69810b8ec3077a47c670061c`
SHA3	`2edabdf0fd25188348a543bf3329a535154b85f499a2b6ac882296e59d455f38`

152

Type	`RT_RCDATA`
Language	French - France
Codepage	UNKNOWN
Size	`0x785`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.14784`
MD5	`e0ab29b8588cdbd70ca124d1e34666c2`
SHA1	`a790a0d65d90192400bc0ef8b8119feef7ff6eb0`
SHA256	`8681e45e0371affa8a21a9d34f55ac28e5756f52d3d756e966d91708f276e293`
SHA3	`14add8af72dd9db038991f71e77fa2b980009c1eef8d0ebcfc3ff6e7cc88e72a`

171

Type	`RT_RCDATA`
Language	French - France
Codepage	UNKNOWN
Size	`0x6bc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.1004`
MD5	`5cf2068e181acf8b677c7c7d87656b67`
SHA1	`1fb28e6c7445238c0965b21ba3561e7cb95b6458`
SHA256	`498b10863e70e29eec6bc9e1bd0466b7f574e43826289184835e068505116e64`
SHA3	`28944904c418017a605437582eff3bd353f561069ef12359f012b5dc9f49b363`

172

Type	`RT_RCDATA`
Language	French - France
Codepage	UNKNOWN
Size	`0x5b4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.03131`
MD5	`18d3ad30b7e170ff6592403ce5bb6150`
SHA1	`d0338f4af6b7ac57335ee003ab61efa03403e18d`
SHA256	`51fe5148d0c30608bfbb1c229c49a71bacfea38ac90c74c64ae39038b9444a82`
SHA3	`4b3efaf5eab95dc4b34eb9236005e60fd28918a74dad2dce419d53c6fb03f499`

173

Type	`RT_RCDATA`
Language	French - France
Codepage	UNKNOWN
Size	`0x810`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.16264`
MD5	`d9aab66d7ff9c1e9a19af4d2e663acd9`
SHA1	`3231de6b4fe1fcbee8f1055cbb9186201c02ec58`
SHA256	`f18586c8735c004c052e8cfde2a368a3dcc166cfe1ff2e9ba2be1be02c47b632`
SHA3	`8b05a3afe4ae2159e1cb0e604bc5c9f7133b096832e2bfbca08408ecf816c5a6`

176

Type	`RT_RCDATA`
Language	French - France
Codepage	UNKNOWN
Size	`0x5bd`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.04694`
MD5	`16e85211bfc6e4b058096161ec9e608f`
SHA1	`00138f4e64a819d6933d4db8c424d015760ad018`
SHA256	`d4e20b12f759872e8a413464fc753698e41fbeba13266b17d982e4bee6be7012`
SHA3	`91a901eeae78eb6f7cac15af6f92585b602d2afefeaaa28d1532a31f36e645b7`

177

Type	`RT_RCDATA`
Language	French - France
Codepage	UNKNOWN
Size	`0x883`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.17478`
MD5	`53583c0fce569d75d682096929c07411`
SHA1	`d403ffced045c9256c0f4a0c14516908e3e5e127`
SHA256	`cd0db9b9e9679ccc341e488d46e50f49cf6178c3a8ae108f20220ffcb399fcd6`
SHA3	`ccd3bb32258d99931036e66f604f0fcd42b52686b561940978debbbf9e26ae00`

156

Type	`RT_GROUP_ICON`
Language	French - France
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.73042`
Detected Filetype	Icon file
MD5	`24eddcdf3223e54e63e4e5b8b1db0263`
SHA1	`00695173a081836b0812607cd503afa39d0395c2`
SHA256	`c4022f01ffec0626d79c06464dd03705d957576060871cbce7e73b01e82b433a`
SHA3	`2c5b9e320fef0b2e0648bee21bfd0d1e4a3f520a6d969dac97c7c7eeb02789f0`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2006-Dec-07 08:33:40
Version	`0.0`
SizeofData	`65`
AddressOfRawData	`0x19e978`
PointerToRawData	`0x19e978`
Referenced File	c:\Prog\Totemtech\Zouna\Csr\CSRTNLBF.pdb

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x5b7060`
SEHandlerTable	`0x59e9c0`
SEHandlerCount	`1406`

RICH Header

XOR Key	`0xda7f1243`
Unmarked objects	`0`
105 (2067)	`4`
ASM objects (VS2003 (.NET) build 3077)	`35`
C objects (VS2003 (.NET) build 3077)	`135`
Imports (2067)	`2`
C objects (9178)	`2`
Imports (2179)	`13`
C objects (VS2003 (.NET) build 4035)	`2`
Total imports	`148`
Imports (VS2003 (.NET) build 4035)	`10`
C++ objects (VS2003 (.NET) build 4035)	`1`
C++ objects (VS2003 (.NET) build 3077)	`460`
94 (VS2003 (.NET) build 3052)	`1`
Linker (VS2003 (.NET) build 3077)	`1`

3951bb153223649f5921ff23ecc23620

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

117

109

114

123

124

125

126

127

133

134

148

149

152

171

172

173

176

177

156

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors