Manalyze report for 3f6c3c5776fd255f21e50535786496f8

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1992-Jun-19 22:22:17
Detected languages	English - United States Russian - Russia
Comments
CompanyName	Xfer KeyGen
FileDescription	Xfer KeyGen 1.0 Installation
FileVersion	`1.0`
LegalCopyright	Xfer KeyGen

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: CurrentControlSet\services` `Contains domain names: minergate.com pool.minergate.com xmr.pool.minergate.com`
Malicious	This program may be a miner.	`Contains a valid Monero address: 49P7pttLu6jK4gMEGM4ujkD9ugCSUMaidQQMfdWz8kMpbZfzbkLNyoCHkyZd3tjCg8aoZGqQSiJRQhqhcoWzCHEPM4DNUxP`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Functions which can be used for anti-debugging purposes: FindWindowA` `Code injection capabilities (PowerLoader): GetWindowLongA FindWindowA` `Can access the registry: RegQueryValueExA RegOpenKeyExA RegCloseKey RegSetValueExA RegQueryInfoKeyA RegEnumKeyExA RegCreateKeyExA` `Possibly launches other programs: WinExec ShellExecuteA` `Can create temporary files: GetTempPathA CreateFileA` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges` `Manipulates other processes: OpenProcess` `Can take screenshots: CreateCompatibleDC BitBlt GetDCEx GetDC FindWindowA` `Can shut the system down or lock the screen: ExitWindowsEx`
Suspicious	The PE header may have been manually modified.	`The resource timestamps differ from the PE header: 2011-Nov-29 02:27:00`
Suspicious	The file contains overlay data.	`1948577 bytes of data starting at offset 0x4d400.` `The overlay data has an entropy of 7.99962 and is possibly compressed or encrypted.` `Overlay data amounts for 86.0302% of the executable.`
Malicious	VirusTotal score: 51/72 (Scanned on 2024-10-05 06:32:30)	`ALYac: Application.Generic.3558935` `APEX: Malicious` `AVG: Win64:CoinminerX-gen [Trj]` `Alibaba: Trojan:Win32/Miners.cb6a34b1` `Antiy-AVL: Trojan/Win32.SGeneric` `Arcabit: Application.Generic.D364E17` `Avast: Win64:CoinminerX-gen [Trj]` `BitDefender: Application.Generic.3558935` `CTX: exe.unknown.generic` `ClamAV: Win.Trojan.Miner-10015797-0` `CrowdStrike: win/grayware_confidence_100% (W)` `Cylance: Unsafe` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `DrWeb: Tool.Nssm.6` `ESET-NOD32: a variant of Win64/CoinMiner.IZ potentially unwanted` `Elastic: malicious (high confidence)` `Emsisoft: Application.Generic.3558935 (B)` `FireEye: Application.Generic.3558935` `Fortinet: W32/CoinMiner.FQ!tr` `GData: Application.Generic.3558935` `Google: Detected` `Ikarus: Trojan.Win64.CoinMiner` `K7AntiVirus: Unwanted-Program ( 0052f55b1 )` `K7GW: Unwanted-Program ( 0052f55b1 )` `Kaspersky: HEUR:Trojan.Win32.Miner.gen` `Kingsoft: malware.kb.a.962` `Lionic: Trojan.Win32.Miner.4!c` `Malwarebytes: Generic.Malware.AI.DDS` `MaxSecure: Trojan-Ransom.Win32.Crypmod.zfq` `McAfee: Artemis!3F6C3C5776FD` `McAfeeD: ti!4DA53A499B4D` `MicroWorld-eScan: Application.Generic.3558935` `Microsoft: Trojan:Win64/DisguisedXMRigMiner` `NANO-Antivirus: Trojan.Win64.Miner.kfditp` `Paloalto: generic.ml` `Panda: Trj/CI.A` `Rising: Trojan.Kryptik@AI.86 (RDML:vGUTHnScOZJ3+BNucqbgyQ)` `SentinelOne: Static AI - Malicious PE` `Skyhigh: BehavesLike.Win32.Dropper.vc` `Sophos: Generic Reputation PUA (PUA)` `Symantec: ML.Attribute.HighConfidence` `Tencent: Win32.Risktool.Bitcoinminer.Mqil` `TrendMicro: TROJ_GEN.R002C0DLV23` `TrendMicro-HouseCall: TROJ_GEN.R002C0DLV23` `VIPRE: Application.Generic.3558935` `Varist: W64/ABRisk.DMXH-3500` `Webroot: W32.Trojan.Miner` `Yandex: Trojan.Miner!G+9G/zlHK/U` `ZoneAlarm: not-a-virus:HEUR:RiskTool.Win32.BitCoinMiner.gen` `huorong: HackTool/CoinMiner.p`

Hashes

MD5	`3f6c3c5776fd255f21e50535786496f8`
SHA1	`8cfe976f5474be46e152b7c73b753459831fed9e`
SHA256	`4da53a499b4d7e65153ab5b230669c581f6f0029baf1191652372ac986fb484c`
SHA3	`9c656cb8650d48e4538a8b913370dd05fd0deb9b2f7d77e6f29bc428fc41dfda`
SSDeep	`49152:YXz+SoklTj2QvEB8UV4PYYAQlTAWPJG5WuZKsMcZrqdaifsT:YXz+SzPTE8yDY7l/PA5WuZppZv`
Imports Hash	`ce716da9251b947d59e469bddfc16f2f`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	1992-Jun-19 22:22:17
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_BYTES_REVERSED_HI` `IMAGE_FILE_BYTES_REVERSED_LO` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x24600`
SizeOfInitializedData	`0x28a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00025468 (Section: CODE)`
BaseOfCode	`0x1000`
BaseOfData	`0x26000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x54000`
SizeOfHeaders	`0x400`
Checksum	`0x5b023`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

CODE

MD5	`bac8bae7a5e5326cf49943b90d1c062a`
SHA1	`d71f59b9a5e078f9ba9facd24daf3e466ea0fea6`
SHA256	`78eca24ed96de9156e0463dd476781d73e66b39c254d5abac6e00ead7a5d2510`
SHA3	`99b0bfc83d1153875b6d6a1f634f44f7258b28086b3fd36daaae1150a20e28fc`
VirtualSize	`0x244cc`
VirtualAddress	`0x1000`
SizeOfRawData	`0x24600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.59438`

DATA

MD5	`abafcbfbd7f8ac0226ca496a92a0cf06`
SHA1	`e6d34e556463e08e8b1c5b5cbb9967c3c662c029`
SHA256	`1706c98e15f709d9343227787f451017d335ab86c060c7cbbb5cf12170f4e54d`
SHA3	`99ba741825583169851f5fc2106947193c1021ddc956a8bf921c453b2ee93673`
VirtualSize	`0x2894`
VirtualAddress	`0x26000`
SizeOfRawData	`0x2a00`
PointerToRawData	`0x24a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.79376`

BSS

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x10f5`
VirtualAddress	`0x29000`
SizeOfRawData	`0`
PointerToRawData	`0x27400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`7a4934595db0efc364c3982c4e335d8c`
SHA1	`ef5533e0aa30ca3fb193ac5f2701611d033f3215`
SHA256	`7d81aba86207985ddf5dd4b53d0e590967b3004273761b38c072081224ed18c2`
SHA3	`d6a708508a927c0da53acc10012f97e49edcfd88610833b466dcb03c13d774ef`
VirtualSize	`0x1798`
VirtualAddress	`0x2b000`
SizeOfRawData	`0x1800`
PointerToRawData	`0x27400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.88549`

.tls

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x8`
VirtualAddress	`0x2d000`
SizeOfRawData	`0`
PointerToRawData	`0x28c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rdata

MD5	`c4fdd0c5c9efb616fcc85d66056ca490`
SHA1	`7d9ccb6391020266050c96487449a1aadfbe589d`
SHA256	`47fb5182ffc61caf80b51da5ccc9690af4db7850e9606940aa64090eebb0561f`
SHA3	`e73ffc12e5d80d115e474806fa706823f53afebd7eb00e88f4d4c7917059f51e`
VirtualSize	`0x18`
VirtualAddress	`0x2e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x28c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`0.204488`

.reloc

MD5	`867a1120317d51734587a74f6ee70016`
SHA1	`4d98e9a5cd438d32008aa2db9c2af8f5714c89fd`
SHA256	`4bfa53f467e9ba6e24b464f4752e9b753fe097cfafc81796a450acc5bf3a8bd2`
SHA3	`739b765ee273d2e256360c45444e6e24c2c66a9164e4d6d331eae0dd622a393e`
VirtualSize	`0x1884`
VirtualAddress	`0x2f000`
SizeOfRawData	`0x1a00`
PointerToRawData	`0x28e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`6.58665`

.rsrc

MD5	`af09876ce835bc5a7591e1aabe4de5fd`
SHA1	`d0e322055c984eac3d45a6d77ae9602774ae659b`
SHA256	`12a0c7bffc7be047659912e2f3a54ac38dbc30d9cb18868b682fd44a93c77545`
SHA3	`b276cebf0bd9e9b76d7b13bbc9e775074c994b394ca819c36d01c90d6aa76182`
VirtualSize	`0x22b98`
VirtualAddress	`0x31000`
SizeOfRawData	`0x22c00`
PointerToRawData	`0x2a800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`6.0737`

Imports

kernel32.dll	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetVersion` `GetCurrentThreadId` `WideCharToMultiByte` `GetThreadLocale` `GetStartupInfoA` `GetLocaleInfoA` `GetCommandLineA` `FreeLibrary` `ExitProcess` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle`
user32.dll	`GetKeyboardType` `MessageBoxA`
advapi32.dll	`RegQueryValueExA` `RegOpenKeyExA` `RegCloseKey`
oleaut32.dll	`SysFreeString` `SysReAllocStringLen`
kernel32.dll (#2)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetVersion` `GetCurrentThreadId` `WideCharToMultiByte` `GetThreadLocale` `GetStartupInfoA` `GetLocaleInfoA` `GetCommandLineA` `FreeLibrary` `ExitProcess` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle`
advapi32.dll (#2)	`RegQueryValueExA` `RegOpenKeyExA` `RegCloseKey`
kernel32.dll (#3)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetVersion` `GetCurrentThreadId` `WideCharToMultiByte` `GetThreadLocale` `GetStartupInfoA` `GetLocaleInfoA` `GetCommandLineA` `FreeLibrary` `ExitProcess` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle`
gdi32.dll	`StretchDIBits` `StretchBlt` `SetWindowOrgEx` `SetTextColor` `SetStretchBltMode` `SetRectRgn` `SetROP2` `SetPixel` `SetDIBits` `SetBrushOrgEx` `SetBkMode` `SetBkColor` `SelectObject` `SaveDC` `RestoreDC` `OffsetRgn` `MoveToEx` `IntersectClipRect` `GetStockObject` `GetPixel` `GetDIBits` `ExtSelectClipRgn` `ExcludeClipRect` `DeleteObject` `DeleteDC` `CreateSolidBrush` `CreateRectRgn` `CreateDIBitmap` `CreateDIBSection` `CreateCompatibleDC` `CreateCompatibleBitmap` `CreateBrushIndirect` `CreateBitmap` `CombineRgn` `BitBlt`
user32.dll (#2)	`GetKeyboardType` `MessageBoxA`
advapi32.dll (#3)	`RegQueryValueExA` `RegOpenKeyExA` `RegCloseKey`
kernel32.dll (#4)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetVersion` `GetCurrentThreadId` `WideCharToMultiByte` `GetThreadLocale` `GetStartupInfoA` `GetLocaleInfoA` `GetCommandLineA` `FreeLibrary` `ExitProcess` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle`
gdi32.dll (#2)	`StretchDIBits` `StretchBlt` `SetWindowOrgEx` `SetTextColor` `SetStretchBltMode` `SetRectRgn` `SetROP2` `SetPixel` `SetDIBits` `SetBrushOrgEx` `SetBkMode` `SetBkColor` `SelectObject` `SaveDC` `RestoreDC` `OffsetRgn` `MoveToEx` `IntersectClipRect` `GetStockObject` `GetPixel` `GetDIBits` `ExtSelectClipRgn` `ExcludeClipRect` `DeleteObject` `DeleteDC` `CreateSolidBrush` `CreateRectRgn` `CreateDIBitmap` `CreateDIBSection` `CreateCompatibleDC` `CreateCompatibleBitmap` `CreateBrushIndirect` `CreateBitmap` `CombineRgn` `BitBlt`
user32.dll (#3)	`GetKeyboardType` `MessageBoxA`
shell32.dll	`SHGetFileInfoA`
comctl32.dll	`ImageList_Draw` `ImageList_SetBkColor` `ImageList_Create` `InitCommonControls`
ole32.dll	`OleInitialize`
oleaut32.dll (#2)	`SysFreeString` `SysReAllocStringLen`
winmm.dll	`timeKillEvent` `timeSetEvent`
shell32.dll (#2)	`SHGetFileInfoA`
cabinet.dll	`FDIDestroy` `FDICopy` `FDICreate`
ole32.dll (#2)	`OleInitialize`
shell32.dll (#3)	`SHGetFileInfoA`

Delayed Imports

50

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xd3f8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.92764`
Detected Filetype	PNG graphic file
MD5	`8e234213412bb448337cfb1e05dec880`
SHA1	`69ecdabb73f87016394c1248606bf4e300573343`
SHA256	`47fffaf216469bbbefc3ae26d70990b9892d38f70571cc9179ae48708d63346a`
SHA3	`88a6ee33d21749f4effc806de7844244ec14335679eadb696b1e0e28f991c543`

51

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.24511`
MD5	`5b5022130f1d1dbdc6cde71771a5d5a0`
SHA1	`40ed7aa2fd0ab46670369b4cc723c09ac09fc8e9`
SHA256	`6b5fdefe6dd2d528c9945b7278a00145a0ac1bd84e8add4e3e32fca419f25200`
SHA3	`58843017377f6ce0844f0901fc966ee454231422843696c71cbfd89d2a724ed0`

52

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.51849`
MD5	`be2b1e09de93e06a7fabe277f19fb858`
SHA1	`aac92694a24b2eb88ffefaed4b9a64aa85a38a60`
SHA256	`a41f6bb9977acd547d930b242992726149a0c1be828f2e8738c7086a8ba32c6d`
SHA3	`5038bc717043bd86c27084c5fcd5bd9b136ebdfd3ebb0475d49253ee752c40a6`

53

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.75617`
MD5	`b6c1f5f4eaebd8a47b1e6cde0071bed0`
SHA1	`1674ed40858aae69c1d6dcfcf5cf3edfc88951a8`
SHA256	`82c21bdf67b5d1541a332b95f4d608e53f62b082ddccd7ddce131a7031d0c32f`
SHA3	`d9b8121d1743d57722ef3df47c54a1cfe0c730cb74192464a26f11af428ffb06`

54

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.93004`
MD5	`bcc59368d45b5579e7800956bb51a186`
SHA1	`72b5b91b63245e85893efc630a91d67833bc4710`
SHA256	`61896d486a77df6beb5a61574023efe090d84e4d42466943ff1ea70c609b8050`
SHA3	`7448332a65762b449e00b9934a108b01e7cea71b7c66009f37659727ae5d7357`

55

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.08765`
MD5	`f6692c2cdee7c8ac30439647d13abbd5`
SHA1	`a5e21684a8975d88fd875976f1d303bfda80848b`
SHA256	`f3601da020c40d12ebd27f044fae5aef42a1516358fd6a134395428d0de07759`
SHA3	`d81b1a790f5e8ce789cc5f8b3546e145a5a99d940f11e51bd0259232a9958cb8`

DVCLAL

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10`
TimeDateStamp	2011-Nov-29 02:27:00
Entropy	`4`
MD5	`d8090aba7197fbf9c7e2631c750965a8`
SHA1	`04f73efb0801b18f6984b14cd057fb56519cd31b`
SHA256	`88d14cc6638af8a0836f6d868dfab60df92907a2d7becaefbbd7e007acb75610`
SHA3	`a5a67ad8166061d38fc75cfb2c227911de631166c6531a6664cd49cfb207e8bb`

PACKAGEINFO

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x110`
TimeDateStamp	2011-Nov-29 02:27:00
Entropy	`5.28362`
MD5	`cd3f3a95f32892104001a47b0ace7da6`
SHA1	`8b55295a662ca688b520ab42f03173c8b7901278`
SHA256	`ec34834c069d4c2c47f66567a10a9946065364f0fca50f321e89c4a03cd3b372`
SHA3	`bc878db0cc1382298b686e131b3bd0201410ec7f94340f0f8a08c69b0508fd2a`

MAINICON

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.91607`
Detected Filetype	Icon file
MD5	`8cc2bfb00fb0da9bc1f83b64978ba2fc`
SHA1	`b5ec43d87f8bb0bc8a75b9fd09e70e159c36b98b`
SHA256	`5449e0720d2cc3cf4c3334c16bbc648b406dfe1de6c7022825602980769ab38c`
SHA3	`3e6284218cb3f5b7d2616504baf09d38a6545397a98dcbe7b01c3907afa73099`

1

Type	`RT_VERSION`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x374`
TimeDateStamp	2011-Nov-29 02:27:00
Entropy	`2.65306`
MD5	`bd0f90f746494e03e639700eac947580`
SHA1	`b308ef53e5a1cd4d88e08676ee25067150826552`
SHA256	`91578e2ae7a4c3a243dfce2db4b1720525c34329bb24846c24cc7e83088f5ba2`
SHA3	`3f46c1973c168d870538622af8f60ace8d3a42174d0005c219be1c284f12f1f1`

1 (#2)

Type	`RT_MANIFEST`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x376`
TimeDateStamp	2011-Nov-29 02:27:00
Entropy	`4.93923`
MD5	`609957cfd6c1674f59c260b2da0a2a72`
SHA1	`2949d33d30c03887a101ebefca1db917f1d2bac7`
SHA256	`1e9cffb6544cb40c042cf9413e0481026699ef5f8e74613293bd60ae098f3c09`
SHA3	`413f25170a49ac4d961ec8a798af1da7800fb4d2db8734d4172695e4a2ebc823`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	0.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
Comments
CompanyName	Xfer KeyGen
FileDescription	Xfer KeyGen 1.0 Installation
FileVersion (#2)	1.0
LegalCopyright	Xfer KeyGen

Resource LangID	Russian - Russia

TLS Callbacks

StartAddressOfRawData	`0x42d000`
EndAddressOfRawData	`0x42d008`
AddressOfIndex	`0x42608c`
AddressOfCallbacks	`0x42e010`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`(EMPTY)`

Load Configuration

RICH Header

Errors

[*] Warning: Section BSS has a size of 0!
[*] Warning: Section .tls has a size of 0!