Manalyze report for 3e5bcae3953f43135103d3932c3d6370

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-May-09 04:45:59
Detected languages	English - United States Russian - Russia

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .itext` `Unusual section name found: .10` `Unusual section name found: .11`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA LoadLibraryExW GetProcAddress LoadLibraryW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Can access the registry: RegQueryValueExW RegOpenKeyExW RegCloseKey RegUnLoadKeyW RegSetValueExW RegSaveKeyW RegRestoreKeyW RegReplaceKeyW RegQueryInfoKeyW RegLoadKeyW RegFlushKey RegEnumValueW RegEnumKeyExW RegDeleteValueW RegDeleteKeyW RegCreateKeyExW` `Possibly launches other programs: CreateProcessW` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Enumerates local disk drives: GetVolumeInformationW` `Manipulates other processes: WriteProcessMemory`
Info	The PE's resources present abnormal characteristics.	`The binary may have been compiled on a machine in the UTC+3 timezone.`
Malicious	VirusTotal score: 49/72 (Scanned on 2024-04-01 07:46:09)	`ALYac: Gen:Variant.Fragtor.11325` `APEX: Malicious` `Antiy-AVL: Trojan/Win32.Wacatac` `Arcabit: Trojan.Fragtor.D2C3D` `BitDefender: Gen:Variant.Fragtor.11325` `BitDefenderTheta: Gen:NN.ZexaF.36802.ZRW@aeixG1jc` `Bkav: W32.AIDetectMalware` `CAT-QuickHeal: PUA.IgenericIH.S27829811` `CrowdStrike: win/malicious_confidence_70% (W)` `Cybereason: malicious.3953f4` `Cylance: unsafe` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `ESET-NOD32: a variant of Win32/RiskWare.GameHack.CJ.gen` `Elastic: malicious (high confidence)` `Emsisoft: Gen:Variant.Fragtor.11325 (B)` `FireEye: Generic.mg.3e5bcae3953f4313` `Fortinet: Riskware/GameHack` `GData: Gen:Variant.Fragtor.11325` `Google: Detected` `Gridinsoft: Trojan.Heur!.02296421` `K7AntiVirus: Riskware ( 00552d9b1 )` `K7GW: Riskware ( 00552d9b1 )` `Kingsoft: win32.heurc.kvmh017.a` `Lionic: Trojan.Win32.GameHack.4!c` `MAX: malware (ai score=88)` `Malwarebytes: Generic.Malware.AI.DDS` `MaxSecure: Trojan.Malware.300983.susgen` `McAfee: GenericRXLB-HF!3E5BCAE3953F` `MicroWorld-eScan: Gen:Variant.Fragtor.11325` `Microsoft: PUA:Win32/GameHack` `Rising: Trojan.Generic@AI.100 (RDML:1JCU24DbqekXys3q1H6PTg)` `Sangfor: Trojan.Win32.Save.a` `SentinelOne: Static AI - Malicious PE` `Skyhigh: BehavesLike.Win32.Generic.wc` `Sophos: Generic Reputation PUA (PUA)` `Symantec: ML.Attribute.HighConfidence` `Tencent: Malware.Win32.Gencirc.10bde5b9` `Trapmine: suspicious.low.ml.score` `TrendMicro: TROJ_GEN.R002C0PK723` `TrendMicro-HouseCall: TROJ_GEN.R002C0PK723` `VBA32: TScope.Malware-Cryptor.SB` `VIPRE: Gen:Variant.Fragtor.11325` `Varist: W32/ABApplication.ALKI-5962` `ViRobot: Adware.GameHack.3996160` `Xcitium: Malware@#zq4oh74w2cz9` `Yandex: RiskWare.GameHack!m2EWtd4GsBM` `Zillya: Tool.Gamehack.Win32.29` `alibabacloud: RiskWare:Win/Gamehack.93563590`

Hashes

MD5	`3e5bcae3953f43135103d3932c3d6370`
SHA1	`b04db6b6654f2ccb77d215737e14789fa1c3f434`
SHA256	`29f02bdb718fca91cd94eaf8b28f2c7bc6deecf7e29b27dd5686660fdd1b0d64`
SHA3	`337a571982b4ba12cca031953e40d1455588def236664eedf9812a0caa7ae56c`
SSDeep	`98304:WECisO9KelMwF/Tfk4emdcoBGf6v8/y17H0renNj6/IpRz:WsY3wF/TMrfoBGf6v8/y1j0KnEQpR`
Imports Hash	`24cfb2e7580a4a1f1cfb1bfc3c430c20`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`10`
TimeDateStamp	2020-May-09 04:45:59
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_BYTES_REVERSED_HI` `IMAGE_FILE_BYTES_REVERSED_LO` `IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED` `IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x3ea00`
SizeOfInitializedData	`0xcc00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x003A5751 (Section: .11)`
BaseOfCode	`0x1000`
BaseOfData	`0x41000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x651000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x3e170`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.itext

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x7a0`
VirtualAddress	`0x40000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.data

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x1294`
VirtualAddress	`0x41000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x4fb0`
VirtualAddress	`0x43000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x1214`
VirtualAddress	`0x48000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.tls

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x10`
VirtualAddress	`0x4a000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rdata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x18`
VirtualAddress	`0x4b000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.10

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x22aae5`
VirtualAddress	`0x4c000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.11

MD5	`41a1e8dfcd2443536075f52e223be301`
SHA1	`a25a9698def248b8d69c013a163037c526e4be49`
SHA256	`b2952d8c6054f217a2db12eff632547d3018e86e2ca2d58eadc6c8e322ef62e0`
SHA3	`279a63e8af2ca75f9f8cde9de2b557b8370df9881bc0b318e1ac903a8ea737dd`
VirtualSize	`0x3cee80`
VirtualAddress	`0x277000`
SizeOfRawData	`0x3cf000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.89682`

.rsrc

MD5	`cd056eff2c43273ffbe1b95cddf16c02`
SHA1	`8e3781e5606a6eac8f6cc24c415f03d7292e28be`
SHA256	`a1b92ef862cc78acab89433893baaeef88b68a071cdcc45528aba2ce54b3668a`
SHA3	`42b78d93882890e6ec52d85e154de785e5cdca1951f62d98a47de184ba25aeda`
VirtualSize	`0xa1b4`
VirtualAddress	`0x646000`
SizeOfRawData	`0x600`
PointerToRawData	`0x3cf400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.66373`

Imports

oleaut32.dll	`SysFreeString` `SysReAllocStringLen` `SysAllocStringLen`
advapi32.dll	`RegQueryValueExW` `RegOpenKeyExW` `RegCloseKey`
user32.dll	`LoadStringW` `MessageBoxA` `CharNextW`
kernel32.dll	`lstrcmpiA` `LoadLibraryA` `LocalFree` `LocalAlloc` `GetACP` `Sleep` `VirtualFree` `VirtualAlloc` `GetSystemInfo` `GetTickCount` `QueryPerformanceCounter` `GetVersion` `GetCurrentThreadId` `VirtualQuery` `WideCharToMultiByte` `MultiByteToWideChar` `lstrlenW` `lstrcpynW` `LoadLibraryExW` `IsValidLocale` `GetSystemDefaultUILanguage` `GetStartupInfoA` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetUserDefaultUILanguage` `GetLocaleInfoW` `GetLastError` `GetCommandLineW` `FreeLibrary` `FindFirstFileW` `FindClose` `ExitProcess` `CompareStringW` `WriteFile` `UnhandledExceptionFilter` `SetFilePointer` `SetEndOfFile` `RtlUnwind` `ReadFile` `RaiseException` `GetStdHandle` `GetFileSize` `GetFileType` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `CreateFileW` `CloseHandle`
kernel32.dll (#2)	`lstrcmpiA` `LoadLibraryA` `LocalFree` `LocalAlloc` `GetACP` `Sleep` `VirtualFree` `VirtualAlloc` `GetSystemInfo` `GetTickCount` `QueryPerformanceCounter` `GetVersion` `GetCurrentThreadId` `VirtualQuery` `WideCharToMultiByte` `MultiByteToWideChar` `lstrlenW` `lstrcpynW` `LoadLibraryExW` `IsValidLocale` `GetSystemDefaultUILanguage` `GetStartupInfoA` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetUserDefaultUILanguage` `GetLocaleInfoW` `GetLastError` `GetCommandLineW` `FreeLibrary` `FindFirstFileW` `FindClose` `ExitProcess` `CompareStringW` `WriteFile` `UnhandledExceptionFilter` `SetFilePointer` `SetEndOfFile` `RtlUnwind` `ReadFile` `RaiseException` `GetStdHandle` `GetFileSize` `GetFileType` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `CreateFileW` `CloseHandle`
user32.dll (#2)	`LoadStringW` `MessageBoxA` `CharNextW`
kernel32.dll (#3)	`lstrcmpiA` `LoadLibraryA` `LocalFree` `LocalAlloc` `GetACP` `Sleep` `VirtualFree` `VirtualAlloc` `GetSystemInfo` `GetTickCount` `QueryPerformanceCounter` `GetVersion` `GetCurrentThreadId` `VirtualQuery` `WideCharToMultiByte` `MultiByteToWideChar` `lstrlenW` `lstrcpynW` `LoadLibraryExW` `IsValidLocale` `GetSystemDefaultUILanguage` `GetStartupInfoA` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetUserDefaultUILanguage` `GetLocaleInfoW` `GetLastError` `GetCommandLineW` `FreeLibrary` `FindFirstFileW` `FindClose` `ExitProcess` `CompareStringW` `WriteFile` `UnhandledExceptionFilter` `SetFilePointer` `SetEndOfFile` `RtlUnwind` `ReadFile` `RaiseException` `GetStdHandle` `GetFileSize` `GetFileType` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `CreateFileW` `CloseHandle`
advapi32.dll (#2)	`RegQueryValueExW` `RegOpenKeyExW` `RegCloseKey`
kernel32.dll (#4)	`lstrcmpiA` `LoadLibraryA` `LocalFree` `LocalAlloc` `GetACP` `Sleep` `VirtualFree` `VirtualAlloc` `GetSystemInfo` `GetTickCount` `QueryPerformanceCounter` `GetVersion` `GetCurrentThreadId` `VirtualQuery` `WideCharToMultiByte` `MultiByteToWideChar` `lstrlenW` `lstrcpynW` `LoadLibraryExW` `IsValidLocale` `GetSystemDefaultUILanguage` `GetStartupInfoA` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetUserDefaultUILanguage` `GetLocaleInfoW` `GetLastError` `GetCommandLineW` `FreeLibrary` `FindFirstFileW` `FindClose` `ExitProcess` `CompareStringW` `WriteFile` `UnhandledExceptionFilter` `SetFilePointer` `SetEndOfFile` `RtlUnwind` `ReadFile` `RaiseException` `GetStdHandle` `GetFileSize` `GetFileType` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `CreateFileW` `CloseHandle`
oleaut32.dll (#2)	`SysFreeString` `SysReAllocStringLen` `SysAllocStringLen`
WTSAPI32.dll	`WTSSendMessageW`
kernel32.dll (#5)	`lstrcmpiA` `LoadLibraryA` `LocalFree` `LocalAlloc` `GetACP` `Sleep` `VirtualFree` `VirtualAlloc` `GetSystemInfo` `GetTickCount` `QueryPerformanceCounter` `GetVersion` `GetCurrentThreadId` `VirtualQuery` `WideCharToMultiByte` `MultiByteToWideChar` `lstrlenW` `lstrcpynW` `LoadLibraryExW` `IsValidLocale` `GetSystemDefaultUILanguage` `GetStartupInfoA` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetUserDefaultUILanguage` `GetLocaleInfoW` `GetLastError` `GetCommandLineW` `FreeLibrary` `FindFirstFileW` `FindClose` `ExitProcess` `CompareStringW` `WriteFile` `UnhandledExceptionFilter` `SetFilePointer` `SetEndOfFile` `RtlUnwind` `ReadFile` `RaiseException` `GetStdHandle` `GetFileSize` `GetFileType` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `CreateFileW` `CloseHandle`
user32.dll (#3)	`LoadStringW` `MessageBoxA` `CharNextW`
kernel32.dll (#6)	`lstrcmpiA` `LoadLibraryA` `LocalFree` `LocalAlloc` `GetACP` `Sleep` `VirtualFree` `VirtualAlloc` `GetSystemInfo` `GetTickCount` `QueryPerformanceCounter` `GetVersion` `GetCurrentThreadId` `VirtualQuery` `WideCharToMultiByte` `MultiByteToWideChar` `lstrlenW` `lstrcpynW` `LoadLibraryExW` `IsValidLocale` `GetSystemDefaultUILanguage` `GetStartupInfoA` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetUserDefaultUILanguage` `GetLocaleInfoW` `GetLastError` `GetCommandLineW` `FreeLibrary` `FindFirstFileW` `FindClose` `ExitProcess` `CompareStringW` `WriteFile` `UnhandledExceptionFilter` `SetFilePointer` `SetEndOfFile` `RtlUnwind` `ReadFile` `RaiseException` `GetStdHandle` `GetFileSize` `GetFileType` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `CreateFileW` `CloseHandle`
user32.dll (#4)	`LoadStringW` `MessageBoxA` `CharNextW`

Delayed Imports

4088

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x258`
TimeDateStamp	2020-May-09 07:45:58
Entropy	`0`
MD5	`a302a771ee0e3127b8950f0a67d17e49`
SHA1	`fb3d8fb74570a077e332993f7d3d27603501b987`
SHA256	`5dcc1b5872dd9ff1c234501f1fefda01f664164e1583c3e1bb3dbea47588ab31`
SHA3	`286e4ac4211e7ad56db02532a197cea507f6c19ab8e5d6213be5a14f21ac2149`

4089

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x380`
TimeDateStamp	2020-May-09 07:45:58
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

4090

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x38c`
TimeDateStamp	2020-May-09 07:45:58
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

4091

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xd0`
TimeDateStamp	2020-May-09 07:45:58
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

4092

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xb8`
TimeDateStamp	2020-May-09 07:45:58
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

4093

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x274`
TimeDateStamp	2020-May-09 07:45:58
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

4094

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x458`
TimeDateStamp	2020-May-09 07:45:58
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

4095

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x35c`
TimeDateStamp	2020-May-09 07:45:58
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

4096

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2a4`
TimeDateStamp	2020-May-09 07:45:58
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

CHARTABLE

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x82e8`
TimeDateStamp	2020-May-09 07:45:58
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

DVCLAL

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10`
TimeDateStamp	2020-May-09 07:45:58
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

PACKAGEINFO

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x140`
TimeDateStamp	2020-May-09 07:45:58
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

1

Type	`RT_MANIFEST`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x2be`
TimeDateStamp	2020-May-09 07:45:58
Entropy	`5.13025`
MD5	`65b43e17d1b1f6b6fea609f74ecaa2f4`
SHA1	`bdb5931ae1da9a60a1397e3ce4bda884a5e1cff1`
SHA256	`a165257a3aebf675c3f7974e596732551f97534afbbb615dc402324d8d080942`
SHA3	`1a0b2c5b8d236f152f0a8fa00340a5420adbbe20045557909018775671a97924`

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not read the exported DLL name.
[!] Error: Could not reach the TLS callback table.
[*] Warning: Section .text has a size of 0!
[*] Warning: Section .itext has a size of 0!
[*] Warning: Section .data has a size of 0!
[*] Warning: Section .bss has a size of 0!
[*] Warning: Section .idata has a size of 0!
[*] Warning: Section .tls has a size of 0!
[*] Warning: Section .rdata has a size of 0!
[*] Warning: Section .10 has a size of 0!
[*] Warning: Resource CHARTABLE is empty!
[*] Warning: Resource DVCLAL is empty!
[*] Warning: Resource PACKAGEINFO is empty!