4190644b4dbbc22d46dcf015a3753231

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2016-Sep-19 05:22:47
Detected languages English - United Kingdom
FileVersion 2.1.9.0
Comments http://www.autoitscript.com/autoit3/
FileDescription Nexus Root Toolkit
ProductVersion 3.3.14.2
LegalCopyright WugFresh

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Suspicious Strings found in the binary may indicate undesirable behavior: Is an AutoIT compiled script:
  • AutoIt Error
  • reserved for AutoIt internal use
Contains domain names:
  • autoitscript.com
  • http://www.autoitscript.com
  • http://www.autoitscript.com/autoit3/
  • www.autoitscript.com
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
  • LoadLibraryExW
  • LoadLibraryW
Functions which can be used for anti-debugging purposes:
  • CreateToolhelp32Snapshot
  • FindWindowW
Code injection capabilities:
  • OpenProcess
  • VirtualAllocEx
  • WriteProcessMemory
  • VirtualAlloc
Code injection capabilities (PowerLoader):
  • FindWindowW
  • GetWindowLongW
Can access the registry:
  • RegisterHotKey
  • RegEnumValueW
  • RegDeleteValueW
  • RegDeleteKeyW
  • RegEnumKeyExW
  • RegSetValueExW
  • RegOpenKeyExW
  • RegCloseKey
  • RegQueryValueExW
  • RegCreateKeyExW
Possibly launches other programs:
  • CreateProcessW
  • CreateProcessAsUserW
  • CreateProcessWithLogonW
  • ShellExecuteW
Can create temporary files:
  • CreateFileW
  • GetTempPathW
Uses functions commonly found in keyloggers:
  • GetAsyncKeyState
  • AttachThreadInput
  • MapVirtualKeyW
  • GetForegroundWindow
Has Internet access capabilities:
  • InternetQueryDataAvailable
  • InternetCloseHandle
  • InternetOpenW
  • InternetSetOptionW
  • InternetCrackUrlW
  • InternetQueryOptionW
  • InternetOpenUrlW
  • InternetReadFile
  • InternetConnectW
Functions related to the privilege level:
  • AdjustTokenPrivileges
  • OpenProcessToken
  • DuplicateTokenEx
  • CheckTokenMembership
Enumerates local disk drives:
  • GetDriveTypeW
  • GetVolumeInformationW
Manipulates other processes:
  • OpenProcess
  • WriteProcessMemory
  • ReadProcessMemory
  • Process32FirstW
  • Process32NextW
Can take screenshots:
  • FindWindowW
  • GetDC
  • CreateCompatibleDC
Reads the contents of the clipboard:
  • GetClipboardData
Can shut the system down or lock the screen:
  • ExitWindowsEx
  • InitiateSystemShutdownExW
Info The PE's resources present abnormal characteristics. Resource SCRIPT is possibly compressed or encrypted.
Info The PE is digitally signed. Signer: Douglas Cohen
Issuer: COMODO RSA Code Signing CA
Safe VirusTotal score: 0/68 (Scanned on 2021-06-11 00:34:51) All the AVs think this file is safe.

Hashes

MD5 4190644b4dbbc22d46dcf015a3753231
SHA1 db32c80425e064ead7ab72a9f3c77adad0f82382
SHA256 f8c678a7f1c193fd1e43d4ffa9c4c91e9938e555cde8d0bef24e27dae0bdb47c
SHA3 84b5716c878b50100f376ff257f5aaf68619b6753976300e04515e64e4ddb0ae
SSDeep 49152:Nw80cTsjkWa/DoLubeVy5O632W0VdpJDY8tBMr1sfOVQPt4camLWk8:K8sjkrOuSVy5O632W0VdpJDYEMPv+W1
Imports Hash afcdf79be1557326c854b6e20cb900a7

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x110

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2016-Sep-19 05:22:47
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32
LinkerVersion 12.0
SizeOfCode 0x8de00
SizeOfInitializedData 0x22cc00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00027F4A (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x8f000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.1
ImageVersion 0.0
SubsystemVersion 5.1
Win32VersionValue 0
SizeOfImage 0x2c2000
SizeOfHeaders 0x400
Checksum 0x2c6d27
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x400000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x400000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 c2c2260508750422d20cd5cbb116b146
SHA1 6ca4f81d951a00335345adcc6c9699211bfef144
SHA256 e03ab6f996f08bade3b5867482a4a3e9d2931c28a2049bc57a6c7fd195e83066
SHA3 db5f54c51f8be25a39eb85e09df88bd435b0d87906aa1983f6309b4368a5d850
VirtualSize 0x8dd2e
VirtualAddress 0x1000
SizeOfRawData 0x8de00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.67588

.rdata

MD5 4513b58651e3d8d87c81a396e5b2f1d1
SHA1 57b47ecaac29f80d8daf40951c7d7f4f16ac6d05
SHA256 4626494d5c9bd144e8f620b2de1e4d03e683af1c5ad736a799ab1bc83d661b48
SHA3 da4b0089c0321bc64786d7c907f5fcfe1ab657c61494f8542c947eb8d70c999e
VirtualSize 0x2e10e
VirtualAddress 0x8f000
SizeOfRawData 0x2e200
PointerToRawData 0x8e200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.76073

.data

MD5 c2de4a3d214eae7e87c7bfc06bd79775
SHA1 bd045801410191cce6558498902a89353b03fcb6
SHA256 4f568b7ffcd305f4fe416d094421d0707f5d0181871bacabcca6c300027831d6
SHA3 4479d7e134a90471678f273f54c046c89eabeb6dfac0ebc47f7c5302d86a543d
VirtualSize 0x8f74
VirtualAddress 0xbe000
SizeOfRawData 0x5200
PointerToRawData 0xbc400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.19881

.rsrc

MD5 650143ccdfa9095bb13f3dcfe8016e51
SHA1 78f6f7c35b6bb20b0485e1c94f0b5473527f6176
SHA256 9edd69df8ffbbdd4f349c05acdc328812dfe813ac3cb6270beba139a8cec1219
SHA3 81f84f5d0461df4256ac0a39b5685dd68b74a0e8e25dbfbd06448b3eaeca52e2
VirtualSize 0x1f2580
VirtualAddress 0xc7000
SizeOfRawData 0x1f2600
PointerToRawData 0xc1600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.09884

.reloc

MD5 1254908a9a03d2bcf12045d49cd572b9
SHA1 55df6e389cdefeadf102dce6c3b142530d4153c5
SHA256 0b395d899973eeb3845b9d46588b4e06a72310d21fe9f0dd67dfc60eaa766dda
SHA3 f030f6fc4c7dee61592640ef4bc19b5558c04868ddb5fac0a70a908a4b0d19d1
VirtualSize 0x7130
VirtualAddress 0x2ba000
SizeOfRawData 0x7200
PointerToRawData 0x2b3c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.78238

Imports

WSOCK32.dll WSACleanup
socket
inet_ntoa
setsockopt
ntohs
recvfrom
ioctlsocket
htons
WSAStartup
__WSAFDIsSet
select
accept
listen
bind
closesocket
WSAGetLastError
recv
sendto
send
inet_addr
gethostbyname
gethostname
connect
VERSION.dll GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
WINMM.dll timeGetTime
waveOutSetVolume
mciSendStringW
COMCTL32.dll ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
InitCommonControlsEx
ImageList_Create
MPR.dll WNetUseConnectionW
WNetCancelConnection2W
WNetGetConnectionW
WNetAddConnection2W
WININET.dll InternetQueryDataAvailable
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryOptionW
HttpOpenRequestW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetReadFile
InternetConnectW
PSAPI.DLL GetProcessMemoryInfo
IPHLPAPI.DLL IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho
USERENV.dll DestroyEnvironmentBlock
UnloadUserProfile
CreateEnvironmentBlock
LoadUserProfileW
UxTheme.dll IsThemeActive
KERNEL32.dll DuplicateHandle
CreateThread
WaitForSingleObject
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentThreadId
MultiByteToWideChar
MulDiv
GetVersionExW
IsWow64Process
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
lstrcpyW
lstrlenW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
SetEndOfFile
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
SetCurrentDirectoryW
GetLongPathNameW
GetShortPathNameW
DeleteFileW
FindNextFileW
CopyFileExW
MoveFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
FindResourceW
LoadResource
LockResource
SizeofResource
EnumResourceNamesW
OutputDebugStringW
GetTempPathW
GetTempFileNameW
DeviceIoControl
GetLocalTime
CompareStringW
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
LoadLibraryExW
FindResourceExW
CopyFileW
VirtualFree
FormatMessageW
GetExitCodeProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
SetFileAttributesW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetSystemDirectoryW
HeapReAlloc
HeapSize
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetProcessIoCounters
CreateProcessW
GetProcessId
SetPriorityClass
LoadLibraryW
VirtualAlloc
IsDebuggerPresent
GetCurrentDirectoryW
lstrcmpiW
DecodePointer
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
GetCurrentThread
CloseHandle
GetFullPathNameW
EncodePointer
ExitProcess
GetModuleHandleExW
ExitThread
GetSystemTimeAsFileTime
ResumeThread
GetCommandLineW
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetStringTypeW
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
RtlUnwind
ReadConsoleW
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
FindClose
SetEnvironmentVariableA
USER32.dll AdjustWindowRectEx
CopyImage
SetWindowPos
GetCursorInfo
RegisterHotKey
ClientToScreen
GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
MonitorFromPoint
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
CallWindowProcW
ReleaseCapture
SetCapture
CreateIconFromResourceEx
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
TrackPopupMenuEx
GetCursorPos
DeleteMenu
SetRect
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
MonitorFromRect
keybd_event
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowLongW
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowTextW
ScreenToClient
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
GetUserObjectSecurity
MessageBoxW
DefWindowProcW
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
GetMessageW
LockWindowUpdate
DispatchMessageW
TranslateMessage
PeekMessageW
UnregisterHotKey
CheckMenuRadioItem
CharLowerBuffW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
SystemParametersInfoW
LoadImageW
GetClassNameW
GDI32.dll StrokePath
DeleteObject
GetTextExtentPoint32W
ExtCreatePen
GetDeviceCaps
EndPath
SetPixel
CloseFigure
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
StretchBlt
GetDIBits
LineTo
AngleArc
MoveToEx
Ellipse
DeleteDC
GetPixel
CreateDCW
GetStockObject
GetTextFaceW
CreateFontW
SetTextColor
PolyDraw
BeginPath
Rectangle
SetViewportOrgEx
GetObjectW
SetBkMode
RoundRect
SetBkColor
CreatePen
CreateSolidBrush
StrokeAndFillPath
COMDLG32.dll GetOpenFileNameW
GetSaveFileNameW
ADVAPI32.dll GetAce
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
CopySid
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
RegCreateKeyExW
FreeSid
GetTokenInformation
GetSecurityDescriptorDacl
GetAclInformation
AddAce
SetSecurityDescriptorDacl
GetUserNameW
InitiateSystemShutdownExW
SHELL32.dll DragQueryPoint
ShellExecuteExW
DragQueryFileW
SHEmptyRecycleBinW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateShellItem
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFolderPathW
SHFileOperationW
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW
DragFinish
ole32.dll CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoCreateInstance
IIDFromString
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
GetRunningObjectTable
CoGetInstanceFromFile
CoGetObject
CoSetProxyBlanket
CoCreateInstanceEx
CoInitializeSecurity
OLEAUT32.dll LoadTypeLibEx
VariantCopyInd
SysReAllocString
SysFreeString
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptorEx
SafeArrayCreateVector
RegisterTypeLib
CreateStdDispatch
DispCallFunc
VariantChangeType
SysStringLen
VariantTimeToSystemTime
VarR8FromDec
SafeArrayGetVartype
VariantCopy
VariantClear
OleLoadPicture
QueryPathOfRegTypeLib
RegisterTypeLibForUser
UnRegisterTypeLibForUser
UnRegisterTypeLib
CreateDispTypeInfo
SysAllocString
VariantInit

Delayed Imports

1

Type RT_ICON
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.25499
MD5 ad424f5f5d5ff4460343686c61e4f75e
SHA1 29a1f0faadc42f1b9f9767d8c724fdc58dd165c8
SHA256 245fc49e4e955e1db3975b826dcf27ad2eb32a6831caa4cb6b501a3914bcfaa9
SHA3 4f3a627ee7d533397f7f5c70bb2dafa8857150e674cb31edd96949c7905de509

2

Type RT_ICON
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x108028
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.96633
MD5 c6d36fb6a5740aeee06ca380f277e8c3
SHA1 f74fdaf3fa9998e138e2a9bc454a89d212c48f6d
SHA256 c521f1b7baa3215ab03c6bde12ded2c50bbae9dcce0dbe9c3255ee8d36a37ca5
SHA3 c7bbae68498613a5e69122a907f062b56efc288fb78138a9802bb09345938fe9

3

Type RT_ICON
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x42028
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.01762
MD5 e236eb17fd947deb831eabd932dd7896
SHA1 b282ca423de793392e810e6ec01e7995851069a9
SHA256 e20a76d466e1f7a7f6549de59ce442e7242a4d51ca260b483e67845e6bfd4e70
SHA3 c008b41a8b0bd8cc5c172584861db23c3ca09dcde638a5a0d2dee00da42285e8

4

Type RT_ICON
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x10828
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.1054
MD5 672c2c8d54c8ff14e9dcf5b9b8f6a8b9
SHA1 b084f007caaa99ff6dbaa6bdfe918c00ce6d3072
SHA256 f7f9a4fe87e48ae7b6a890a13dff36b28bc46c907a7cd78adad690e8032b0c9d
SHA3 4ee57dbf221144fef9fcaf453b5cc4a62c280f2d3507026b47945193462e8bd4

5

Type RT_ICON
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.26926
MD5 53ccc7810d4356b1d52319e8224a06a3
SHA1 16e57994fb5fe879f90550f350ce9fe894a1bb24
SHA256 174235a5dd15945b30c50b23cc500112fa528a2cebd861e0cf027dcddf705941
SHA3 815b831a416f6d819c5b4ea97943fa2e0814fc90cebae2738ca1075806ea8389

6

Type RT_ICON
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.32936
MD5 1647ea5bc651ab38a8e13cdd66b4b7f8
SHA1 6b73180a93c1f6d5a98f1751c5f391929c6999ac
SHA256 53ce171bcb574adb34acca692219eba66a5ed4ad764d8bdccde05e494e06b124
SHA3 3cd9bdf1f68f1a72aab82a0c07e21f6b536c8542d8b8272e52c1ffe6ac53304f

7

Type RT_ICON
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.52585
MD5 2ee24cf31176a37c90765f46c152c98b
SHA1 2a152b2fb195d426a49282a6eff85e35f468e731
SHA256 8235d8730cd54bb2b5ee9b2b2f2ed0e28a57a550af2d9dc041c6f7638f3655dc
SHA3 b2feaf2e332bf575e9f3cee9cb45c51ff432b09e4532de2f6d1ac2135b13bb62

8

Type RT_ICON
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x988
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.58565
MD5 c581613225ba3ec72ecba764423ad384
SHA1 53bd2ddc99acf4278fae61cc820403994553bd31
SHA256 252028020206560526ddf4e314bbf867e5130618ca2a772320343da8e35d1d88
SHA3 378a64b24dd72cfc540f41e313590433eaeabd4551b85d41d1619c70ae150155

9

Type RT_ICON
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.64256
MD5 5a75fe794df639315f8b2b69f1258b60
SHA1 c9d92efa1388d3ec46c37a15dde4d44fb11ac409
SHA256 bc572af1551bc33fd876aa41c85affc5ebbef5fc594a263f2aa0c8e735ddb044
SHA3 6978f71ab2b451bdca3183e2fa9af89948462a0fd422c2e5b84dde8e062aae9a

7 (#2)

Type RT_STRING
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x594
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.34702
MD5 d1f824f98742295a66a25225701dd6d8
SHA1 5b2075b778387182bf97314b593e73f30853435d
SHA256 4fe35e21717d34ceb4717f9e9de8fde1b3de80d76a59bb87405910c2f1d6284b
SHA3 294fc9961bf6eddc1dc7c5b525832f8aa8d3e90dac608e6421398510ab9c15b1

8 (#2)

Type RT_STRING
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x68a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.2817
MD5 5beaeebda5346956e395fad21661f382
SHA1 201f2f699e6917e953821d64105b226fdd8b5528
SHA256 9306910d4bb273465765832df77fb1fd78bd6e0bcbf9908636e323c34c92b613
SHA3 d6430a84edfc22e41b15dd4f7cfc2d249bf5a637189d9284f062644b1503f9ee

9 (#2)

Type RT_STRING
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x490
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.28849
MD5 6b12d17c7622d8215889a2288098fa15
SHA1 a511bf459e5043fcb234829bf66a99565c244652
SHA256 e47fa3aec12353f6370b941bc5855e5551530c7b26f925b5a2e2692a0201450c
SHA3 8e3541de418e1046806ffb977c8babecd093b9816c92883261b074d1c47d96fb

10

Type RT_STRING
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x5fc
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.28373
MD5 949955dbda367f0c790615f7817e7886
SHA1 ee0370fb4ad59a4cebc3dbfc83bb437343fb803b
SHA256 4854e5abce2237256df24b69c9759fc1e8caa423a54bfe661ba7031afd8375eb
SHA3 5e36df684c6f2c4058d1a2507989eb5fc3c873159d006088d40f4da3804f56f2

11

Type RT_STRING
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x65c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.26322
MD5 9bc568a6176f738ffb3109e53235b579
SHA1 b97786555bfa05f958f174e294080e235d91b571
SHA256 d38369002e36f73866a0d40b13e069b9ffdbda50957f4c88d52a72fecb9b4e45
SHA3 94318c553eb0928412a92e8cf9913ca5c35a03aa8c24bf151a6764793b2f6f90

12

Type RT_STRING
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x466
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.25812
MD5 899b8766aea5f88410c721620925754b
SHA1 53ba98192d7ea4fa9051ac220ed18960ab0507a6
SHA256 58ea125e6b5fa2cbc5a8ed819c7f50c9bca1cfe55f94c7cff3feb60f25ac6073
SHA3 7ad4457a556ba648b1d46e62549fdc4c7d093bbad286f9123daf6a94f0e5af62

313

Type RT_STRING
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x158
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.08572
MD5 193a9143563395ad14c6dac83d32e2ad
SHA1 87ca08eb609f9ceabbd8ea7a64263de9a05bbb22
SHA256 b3711acbe8e01fee7fd362112b4e42da05c728e98b85c0a3b4cb075977849cee
SHA3 7634b4daca191c6fa53de1d5964fa47f382afccebf5744e70a702fd179fad715

SCRIPT

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x8c582
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.99963
MD5 008a35e13106b583fac49540012f0c05
SHA1 2bc4eb0d90e12b97455fec3c0cb8fb5c0b8ac773
SHA256 e342199297a6b20c04ad7f832fccc8ca127aea5c4bcf58562a2dd2a31b1b86a8
SHA3 045194dff537dbc2c5e1dc8e2823b422b91207fc4048275ad1360d401d77fc8c

99

Type RT_GROUP_ICON
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x76
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.87152
Detected Filetype Icon file
MD5 7af800fd8197acedb1d86d053a4bbc42
SHA1 aa29d33ef49a6335193bdab739ac2a17d7273087
SHA256 5dc3110f669f82f37e2abb958bd8a1c8c849480296b2b14ef8567d1374d4c35d
SHA3 9c760be7e6f72795637ed09d23261b44119a7d107928f83ae4cd48885a99aef4

169

Type RT_GROUP_ICON
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.84274
Detected Filetype Icon file
MD5 f64c60b749269fcf6659c450dda98486
SHA1 42945c3496bc4e1943a1a05926a9b5ee31d3e450
SHA256 ae172a9a2fd008910b537c92a95b38bfba0e5bbdaaca719bf686e6415a7a2ba1
SHA3 443830acdeb37f2b7f844756492b2b11f9fb93e9171617d8c799cebfd05cb37f

1 (#2)

Type RT_VERSION
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x230
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.35974
MD5 e30cf4d4f8a3c727bae94d04355c9c61
SHA1 4cdab94f7199569dd75cca86aa3058cfd53ddb95
SHA256 e62da715e4263a95fd16cd65e9bfaa14022d142774b9446d64465bb1451262b7
SHA3 386dc9662efedecff775da19733e6707ae5c51fb358b2e1c4f6614088006ece1

1 (#3)

Type RT_MANIFEST
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x5cd
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.32665
MD5 b582ed0cd116e0f5373c296996d1e0b9
SHA1 d334d20527dc045c8e52ce43906cef7a8838d916
SHA256 41fa78cf8f61f9f7f25c0e5ccabe9e83a8ba161ff757ae741abf412f35bcf23d
SHA3 04dfdaccd6f26a15f249929dc451c9b0edb9b2ad4b1df53e3a275dc7824cba64

String Table contents

(Paused)
AutoIt Error
AutoIt has detected the stack has become corrupt.
Stack corruption typically occurs when either the wrong calling convention is used or when the function is called with the wrong number of arguments.
AutoIt supports the __stdcall (WINAPI) and __cdecl calling conventions. The __stdcall (WINAPI) convention is used by default but __cdecl can be used instead. See the DllCall() documentation for details on changing the calling convention.
"EndWith" missing "With".
Badly formatted "Func" statement.
"With" missing "EndWith".
Missing right bracket ')' in expression.
Missing operator in expression.
Unbalanced brackets in expression.
Error in expression.
Error parsing function call.
Incorrect number of parameters in function call.
"ReDim" used without an array variable.
Illegal text at the end of statement (one statement per line).
"If" statement has no matching "EndIf" statement.
"Else" statement with no matching "If" statement.
"EndIf" statement with no matching "If" statement.
Too many "Else" statements for matching "If" statement.
"While" statement has no matching "Wend" statement.
"Wend" statement with no matching "While" statement.
Variable used without being declared.
Array variable has incorrect number of subscripts or subscript dimension range exceeded.
Variable subscript badly formatted.
Subscript used on non-accessible variable.
Too many subscripts used for an array.
Missing subscript dimensions in "Dim" statement.
No variable given for "Dim", "Local", "Global", "Struct" or "Const" statement.
Expected a "=" operator in assignment statement.
Invalid keyword at the start of this line.
Array maximum size exceeded.
"Func" statement has no matching "EndFunc".
Duplicate function name.
Unknown function name.
Unknown macro.
Unable to get a list of running processes.
Invalid element in a DllStruct.
Unknown option or bad parameter specified.
Unable to load the internet libraries.
"Struct" statement has no matching "EndStruct".
Unable to open file, the maximum number of open files has been exceeded.
"ContinueLoop" statement with no matching "While", "Do" or "For" statement.
Invalid file filter given.
Expected a variable in user function call.
"Do" statement has no matching "Until" statement.
"Until" statement with no matching "Do" statement.
"For" statement is badly formatted.
"Next" statement with no matching "For" statement.
"ExitLoop/ContinueLoop" statements only valid from inside a For/Do/While loop.
"For" statement has no matching "Next" statement.
"Case" statement with no matching "Select"or "Switch" statement.
"EndSelect" statement with no matching "Select" statement.
Recursion level has been exceeded - AutoIt will quit to prevent stack overflow.
Cannot make existing variables static.
Cannot make static variables into regular variables.
Badly formated Enum statement
This keyword cannot be used after a "Then" keyword.
"Select" statement is missing "EndSelect" or "Case" statement.
"If" statements must have a "Then" keyword.
Badly formated Struct statement.
Cannot assign values to constants.
Cannot make existing variables into constants.
Only Object-type variables allowed in a "With" statement.
"long_ptr", "int_ptr" and "short_ptr" DllCall() types have been deprecated. Use "long*", "int*" and "short*" instead.
Object referenced outside a "With" statement.
Nested "With" statements are not allowed.
Variable must be of type "Object".
The requested action with this object has failed.
Variable appears more than once in function declaration.
ReDim array can not be initialized in this manner.
An array variable can not be used in this manner.
Can not redeclare a constant.
Can not redeclare a parameter inside a user function.
Can pass constants by reference only to parameters with "Const" keyword.
Can not initialize a variable with itself.
Incorrect way to use this parameter.
"EndSwitch" statement with no matching "Switch" statement.
"Switch" statement is missing "EndSwitch" or "Case" statement.
"ContinueCase" statement with no matching "Select"or "Switch" statement.
Assert Failed!
Obsolete function/parameter.
Invalid Exitcode (reserved for AutoIt internal use).
Variable cannot be accessed in this manner.
Func reassign not allowed.
Func reassign on global level not allowed.
Unable to parse line.
Unable to open the script file.
String missing closing quote.
Badly formated variable or macro.
Missing separator character after keyword.

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 2.1.9.0
ProductVersion 3.3.14.2
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_UNKNOWN
Language English - United Kingdom
FileVersion (#2) 2.1.9.0
Comments http://www.autoitscript.com/autoit3/
FileDescription Nexus Root Toolkit
ProductVersion (#2) 3.3.14.2
LegalCopyright WugFresh
Resource LangID English - United Kingdom

IMAGE_DEBUG_TYPE_RESERVED

Characteristics 0
TimeDateStamp 2015-Sep-18 14:02:32
Version 0.0
SizeofData 4
AddressOfRawData 0xb5438
PointerToRawData 0xb4638

TLS Callbacks

Load Configuration

Size 0x48
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x4bed50
SEHandlerTable 0
SEHandlerCount 0

RICH Header

XOR Key 0xc1fc1252
Unmarked objects 0
C++ objects (20806) 2
199 (41118) 1
ASM objects (VS2013 build 21005) 51
C objects (VS2013 build 21005) 177
C++ objects (VS2013 build 21005) 53
C objects (VS2008 SP1 build 30729) 9
Imports (VS2008 SP1 build 30729) 37
Total imports 544
234 (VS2013 UPD5 build 40629) 80
ASM objects (VS2013 UPD5 build 40629) 1
Resource objects (VS2013 build 21005) 1
151 1
Linker (VS2013 UPD5 build 40629) 1

Errors

<-- -->