Manalyze report for 41999a3d0da035ff8068905c90235ea50121329cb0661e38d745974ebf5e3ae2

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2022-Aug-22 12:42:14
Detected languages	English - United States
CompanyName	ACCA software S.p.A.
FileDescription	ABRSubProcess.exe
FileVersion	`1.2.0.0`
ProgramID	com.embarcadero.ABRStandaloneExecutable
ProductName	ABRStandaloneExecutable
ProductVersion	`1.2.0.0`
LegalCopyright	Copyright (c) ACCA software S.p.A. - Italy. All Rights Reserved
LegalTrademarks	ACCA Ã¨ un marchio registrato da ACCA software S.p.A. - Italy
OriginalFilename	ABRStandaloneExecutable.exe
InternalName	ABRSubProcess

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: accasoftware.com https://www.accasoftware.com https://www.accasoftware.com/ www.accasoftware.com`
Suspicious	The PE is possibly packed.	`Unusual section name found: .didata`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress LoadLibraryA LoadLibraryW` `Functions which can be used for anti-debugging purposes: FindWindowW SwitchToThread` `Can access the registry: RegQueryValueExW RegOpenKeyExW RegCloseKey RegUnLoadKeyW RegSetValueExW RegSaveKeyW RegRestoreKeyW RegReplaceKeyW RegQueryInfoKeyW RegLoadKeyW RegFlushKey RegEnumValueW RegEnumKeyExW RegDeleteValueW RegDeleteKeyW RegCreateKeyExW` `Uses functions commonly found in keyloggers: MapVirtualKeyW GetForegroundWindow CallNextHookEx` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Can take screenshots: GetDCEx GetDC FindWindowW CreateCompatibleDC BitBlt` `Queries user information on remote machines: NetWkstaGetInfo` `Reads the contents of the clipboard: GetClipboardData`
Info	The PE's resources present abnormal characteristics.	`The binary may have been compiled on a machine in the UTC+2 timezone.`
Info	The PE is digitally signed.	`Signer: ACCA software S.p.A.` `Issuer: Symantec Class 3 SHA256 Code Signing CA`
Safe	VirusTotal score: 0/70 (Scanned on 2026-06-26 09:14:25)	`All the AVs think this file is safe.`

Hashes

MD5	`cf64c7e2e3897ae5fce3d5414e3d1d27`
SHA1	`c333a821f1764abe2aed2c1ab27d2349f64e4264`
SHA256	`41999a3d0da035ff8068905c90235ea50121329cb0661e38d745974ebf5e3ae2`
SHA3	`ccbb813e62a430317d03478649fa7d0662d9ae285942c47d658dd443bb145627`
SSDeep	`49152:dcOFPISimLMS5M3B3Kul+XYbxzSv199mMc0NWd:F5z0`
Imports Hash	`5810b2d7142f9ffef410159e4664ed21`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`11`
TimeDateStamp	2022-Aug-22 12:42:14
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`8.2`
SizeOfCode	`0x2bec00`
SizeOfInitializedData	`0xa6400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000002B27B0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`5.2`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x376000`
SizeOfHeaders	`0x400`
Checksum	`0x436ccc2`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x2000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`ac48b71aa50de06d2725b7aac6a66dfa`
SHA1	`94e793fb83cf46f760265bbc80934f077fdc6ff6`
SHA256	`8c5cd8f3f8e08ddc53586843e3c772d3a7d5f6aa6b4ee1c2bf0b36361d1168c1`
SHA3	`95fa3b872cdc4111d94db7dd76cb405540469ed37b4d3935a9406574c4e826eb`
VirtualSize	`0x2bea10`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2bec00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.72139`

.data

MD5	`960aab0138a9e69fbe25d31b59feb12f`
SHA1	`cc5dea831efe12607ae3435afd3bdb689bb11d07`
SHA256	`fddaa650425460f9c4118d7e9f4bff37189fb32fb743dcea44d6c3b66f9e7876`
SHA3	`a8be444249f8716b22c1fd00b2d68842fa23f9bc3b06b5721dfa597f0a05ea1f`
VirtualSize	`0x3e898`
VirtualAddress	`0x2c0000`
SizeOfRawData	`0x3ea00`
PointerToRawData	`0x2bf000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.6705`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xb9c4`
VirtualAddress	`0x2ff000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`fc3f52ea6f4832c17f320290262cc49d`
SHA1	`32058fa1a90904ebea33c782f6665e3837dbf0c0`
SHA256	`5439fc677562a81f08982c8f98ed53213ee3f5d8abaec8e676f0ab602a791d11`
SHA3	`1a33f4b2017a863570fafe19f835f5bc39f57fd1c80e9923f73548cff6540e9e`
VirtualSize	`0x3fe8`
VirtualAddress	`0x30b000`
SizeOfRawData	`0x4000`
PointerToRawData	`0x2fda00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.3941`

.didata

MD5	`f4cd85f872c0e5fc4dfa68e9e57f0777`
SHA1	`a577cf91fd5cd53a262c1cba20273e0adda6b223`
SHA256	`dc0c238abf72ece178d84dc30a90ac986ad3cc42d8d752d065287f2cac13c0ad`
SHA3	`c16d754c417814df8f804f1729701a4db48aa390de735fcb0de8a4790a02a679`
VirtualSize	`0xd18`
VirtualAddress	`0x30f000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x301a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.20939`

.edata

MD5	`97479cfb6316386aa965ffe5c71f608d`
SHA1	`d956a0af3390ac9fb6513bf36f7018b50dae2da5`
SHA256	`2d12b3c31ba770778168e797f2df878a5ae5cf9f5ed66d5420e360808d4edb9e`
SHA3	`8a53eb163b45d702828799d02c400852dcbd87fe6f407300d047447a154fdc59`
VirtualSize	`0xa9`
VirtualAddress	`0x310000`
SizeOfRawData	`0x200`
PointerToRawData	`0x302800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.01721`

.tls

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x274`
VirtualAddress	`0x311000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rdata

MD5	`129d7b3ae7c8b3b71914e12c98771635`
SHA1	`475faf2d3f6a3a2e2abb091653b7e67f0eb66d33`
SHA256	`0e54c726e7af57118c4321a20b626879315757df1eca1417886917f8ed438d98`
SHA3	`13dfbfb20115666f019b429a8cd9d15f4497c926dabf11c16b823a28aa3ccdf7`
VirtualSize	`0x6d`
VirtualAddress	`0x312000`
SizeOfRawData	`0x200`
PointerToRawData	`0x302a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.36675`

.reloc

MD5	`9e2264ff80db4f6824bf6baa4b69a307`
SHA1	`d1383d1ca9d64b50c95122a63a6eb7f3aae218be`
SHA256	`16064f3634708e7e884753363c7dcb61f4f49ae40a20de8e1c10bd1fe83b64a2`
SHA3	`9ed3b8c24195c7c6e4f016dacd0056a94d49fe4c3b91ca7794022e7ec3ffbb75`
VirtualSize	`0x24dc0`
VirtualAddress	`0x313000`
SizeOfRawData	`0x24e00`
PointerToRawData	`0x302c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.47829`

.pdata

MD5	`8936616aa383f8e366f11e55c7536ab0`
SHA1	`c32a4702a57d63317f00620ee9507541fe0df600`
SHA256	`c40cb8059a44558034f71ce7cff9c32918b9ccb44c473f2e3a2c3f0f99bfc7c2`
SHA3	`cd8a0a1cbe5debe7c22d2fc5963cdfffafbb1642f1ec2bb99ad42128b0c8b939`
VirtualSize	`0x28e84`
VirtualAddress	`0x338000`
SizeOfRawData	`0x29000`
PointerToRawData	`0x327a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.27277`

.rsrc

MD5	`846411b5271c3ada16407362e4b51038`
SHA1	`3bf7b6a646dd99fe46dcc883fa1c3741945ba979`
SHA256	`004a0103624c383d0997247c1b0a029cb2723116eca55438ccc41306ed02c295`
SHA3	`38f23b1bcaba8ae9bfb7ac384ddd6cd5c82c2a28860b936d5db11529d7d94dd1`
VirtualSize	`0x14a00`
VirtualAddress	`0x361000`
SizeOfRawData	`0x14a00`
PointerToRawData	`0x350a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.81558`

Imports

oleaut32.dll	`SysFreeString` `SysReAllocStringLen` `SysAllocStringLen` `SafeArrayPtrOfIndex` `SafeArrayGetUBound` `SafeArrayGetLBound` `SafeArrayCreate` `VariantChangeType` `VariantCopy` `VariantClear` `VariantInit` `GetErrorInfo`
advapi32.dll	`RegQueryValueExW` `RegOpenKeyExW` `RegCloseKey` `RegUnLoadKeyW` `RegSetValueExW` `RegSaveKeyW` `RegRestoreKeyW` `RegReplaceKeyW` `RegQueryInfoKeyW` `RegLoadKeyW` `RegFlushKey` `RegEnumValueW` `RegEnumKeyExW` `RegDeleteValueW` `RegDeleteKeyW` `RegCreateKeyExW` `RegConnectRegistryW`
user32.dll	`CharNextW` `LoadStringW` `SetClassLongPtrW` `GetClassLongPtrW` `SetWindowLongPtrW` `GetWindowLongPtrW` `CreateWindowExW` `WindowFromPoint` `WaitMessage` `UpdateWindow` `UnregisterClassW` `UnhookWindowsHookEx` `TranslateMessage` `TranslateMDISysAccel` `TrackPopupMenu` `SystemParametersInfoW` `ShowWindow` `ShowScrollBar` `ShowOwnedPopups` `ShowCaret` `SetWindowRgn` `SetWindowsHookExW` `SetWindowTextW` `SetWindowPos` `SetWindowPlacement` `SetTimer` `SetScrollRange` `SetScrollPos` `SetScrollInfo` `SetRect` `SetPropW` `SetParent` `SetMenuItemInfoW` `SetMenu` `SetForegroundWindow` `SetFocus` `SetCursorPos` `SetCursor` `SetClipboardData` `SetCapture` `SetActiveWindow` `SendMessageA` `SendMessageW` `ScrollWindow` `ScreenToClient` `RemovePropW` `RemoveMenu` `ReleaseDC` `ReleaseCapture` `RegisterWindowMessageW` `RegisterClipboardFormatW` `RegisterClassW` `RedrawWindow` `PostQuitMessage` `PostMessageW` `PeekMessageA` `PeekMessageW` `OpenClipboard` `MsgWaitForMultipleObjectsEx` `MsgWaitForMultipleObjects` `MessageBoxW` `MessageBeep` `MapWindowPoints` `MapVirtualKeyW` `LoadKeyboardLayoutW` `LoadIconW` `LoadCursorW` `LoadBitmapW` `KillTimer` `IsZoomed` `IsWindowVisible` `IsWindowUnicode` `IsWindowEnabled` `IsWindow` `IsIconic` `IsDialogMessageA` `IsDialogMessageW` `IsChild` `InvalidateRect` `InsertMenuItemW` `InsertMenuW` `HideCaret` `GetWindowThreadProcessId` `GetWindowTextW` `GetWindowRect` `GetWindowPlacement` `GetWindowDC` `GetTopWindow` `GetSystemMetrics` `GetSystemMenu` `GetSysColorBrush` `GetSysColor` `GetSubMenu` `GetScrollRange` `GetScrollPos` `GetScrollInfo` `GetScrollBarInfo` `GetPropW` `GetParent` `GetWindow` `GetMessagePos` `GetMessageExtraInfo` `GetMenuStringW` `GetMenuState` `GetMenuItemInfoW` `GetMenuItemID` `GetMenuItemCount` `GetMenu` `GetLastActivePopup` `GetKeyboardState` `GetKeyboardLayoutNameW` `GetKeyboardLayoutList` `GetKeyboardLayout` `GetKeyState` `GetKeyNameTextW` `GetIconInfo` `GetForegroundWindow` `GetFocus` `GetDlgCtrlID` `GetDesktopWindow` `GetDCEx` `GetDC` `GetCursorPos` `GetCursor` `GetClipboardData` `GetClientRect` `GetClassNameW` `GetClassInfoExW` `GetClassInfoW` `GetCapture` `GetActiveWindow` `FrameRect` `FindWindowExW` `FindWindowW` `FillRect` `EnumWindows` `EnumThreadWindows` `EnumChildWindows` `EndPaint` `EndMenu` `EnableWindow` `EnableScrollBar` `EnableMenuItem` `EmptyClipboard` `DrawTextExW` `DrawTextW` `DrawMenuBar` `DrawIconEx` `DrawIcon` `DrawFrameControl` `DrawFocusRect` `DrawEdge` `DispatchMessageA` `DispatchMessageW` `DestroyWindow` `DestroyMenu` `DestroyIcon` `DestroyCursor` `DeleteMenu` `DefWindowProcW` `DefMDIChildProcW` `DefFrameProcW` `CreatePopupMenu` `CreateMenu` `CreateIcon` `CreateAcceleratorTableW` `CopyImage` `CopyIcon` `CloseClipboard` `ClientToScreen` `CheckMenuItem` `CharUpperBuffW` `CharUpperW` `CharLowerBuffW` `CharLowerW` `CallWindowProcW` `CallNextHookEx` `BeginPaint` `AdjustWindowRectEx` `ActivateKeyboardLayout` `EnumDisplayMonitors` `GetMonitorInfoW` `MonitorFromPoint` `MonitorFromRect` `MonitorFromWindow`
kernel32.dll	`Sleep` `VirtualFree` `VirtualAlloc` `lstrlenW` `VirtualQuery` `QueryPerformanceCounter` `GetTickCount` `GetSystemInfo` `GetVersion` `CompareStringW` `IsValidLocale` `SetThreadLocale` `GetSystemDefaultUILanguage` `GetUserDefaultUILanguage` `GetLocaleInfoW` `WideCharToMultiByte` `MultiByteToWideChar` `GetACP` `LoadLibraryExW` `GetStartupInfoW` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetCommandLineW` `FreeLibrary` `GetLastError` `UnhandledExceptionFilter` `RtlUnwindEx` `RtlUnwind` `RaiseException` `ExitProcess` `ExitThread` `SwitchToThread` `GetCurrentThreadId` `CreateThread` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `FindFirstFileW` `FindClose` `WriteFile` `GetStdHandle` `CloseHandle` `LoadLibraryA` `TlsSetValue` `TlsGetValue` `LocalFree` `LocalAlloc` `WaitForSingleObject` `WaitForMultipleObjectsEx` `VirtualQueryEx` `VirtualProtect` `VerSetConditionMask` `VerifyVersionInfoW` `TryEnterCriticalSection` `SuspendThread` `SizeofResource` `SetThreadPriority` `SetLastError` `SetFilePointer` `SetEvent` `SetErrorMode` `SetEndOfFile` `ResumeThread` `ResetEvent` `ReadFile` `QueryPerformanceFrequency` `IsDebuggerPresent` `MulDiv` `LockResource` `LoadResource` `LoadLibraryW` `HeapSize` `HeapFree` `HeapDestroy` `HeapCreate` `HeapAlloc` `GlobalUnlock` `GlobalLock` `GlobalFree` `GlobalFindAtomW` `GlobalDeleteAtom` `GlobalAlloc` `GlobalAddAtomW` `GetVersionExW` `GetThreadPriority` `GetThreadLocale` `GetLocalTime` `GetFullPathNameW` `GetFileAttributesW` `GetExitCodeThread` `GetDiskFreeSpaceW` `GetDateFormatW` `GetCurrentThread` `GetCurrentProcessId` `GetCurrentProcess` `GetCPInfoExW` `GetCPInfo` `FreeResource` `FormatMessageW` `FindResourceW` `EnumSystemLocalesW` `EnumResourceNamesW` `EnumCalendarInfoW` `CreateFileW` `CreateEventW` `CreateDirectoryW`
borlndmm.dll	`@Borlndmm@SysGetMem$qqri`
gdi32.dll	`UnrealizeObject` `StretchDIBits` `StretchBlt` `StartPage` `StartDocW` `SetWindowOrgEx` `SetWinMetaFileBits` `SetViewportOrgEx` `SetTextColor` `SetStretchBltMode` `SetRectRgn` `SetROP2` `SetPixel` `SetEnhMetaFileBits` `SetDIBits` `SetDIBColorTable` `SetBrushOrgEx` `SetBkMode` `SetBkColor` `SetAbortProc` `SelectPalette` `SelectObject` `SaveDC` `RoundRect` `RestoreDC` `Rectangle` `RectVisible` `RealizePalette` `Polyline` `Polygon` `PolyBezierTo` `PolyBezier` `PlayEnhMetaFile` `Pie` `PatBlt` `MoveToEx` `MaskBlt` `LineTo` `IntersectClipRect` `GetWindowOrgEx` `GetWinMetaFileBits` `GetTextMetricsW` `GetTextExtentPointW` `GetTextExtentPoint32W` `GetSystemPaletteEntries` `GetStretchBltMode` `GetStockObject` `GetRgnBox` `GetPixel` `GetPaletteEntries` `GetObjectW` `GetEnhMetaFilePaletteEntries` `GetEnhMetaFileHeader` `GetEnhMetaFileDescriptionW` `GetEnhMetaFileBits` `GetDeviceCaps` `GetDIBits` `GetDIBColorTable` `GetCurrentPositionEx` `GetClipBox` `GetBrushOrgEx` `GetBitmapBits` `GdiFlush` `FrameRgn` `ExtTextOutW` `ExtFloodFill` `ExcludeClipRect` `EnumFontsW` `EnumFontFamiliesExW` `EndPage` `EndDoc` `Ellipse` `DeleteObject` `DeleteEnhMetaFile` `DeleteDC` `CreateSolidBrush` `CreateRectRgn` `CreatePenIndirect` `CreatePalette` `CreateICW` `CreateHalftonePalette` `CreateFontIndirectW` `CreateDIBitmap` `CreateDIBSection` `CreateDCW` `CreateCompatibleDC` `CreateCompatibleBitmap` `CreateBrushIndirect` `CreateBitmap` `CopyEnhMetaFileW` `Chord` `BitBlt` `ArcTo` `Arc` `AngleArc` `AbortDoc`
version.dll	`VerQueryValueW` `GetFileVersionInfoSizeW` `GetFileVersionInfoW`
netapi32.dll	`NetWkstaGetInfo`
ole32.dll	`OleUninitialize` `OleInitialize` `CoTaskMemFree` `CoTaskMemAlloc` `CoCreateInstance` `CoUninitialize` `CoInitialize` `IsEqualGUID`
comctl32.dll	`InitializeFlatSB` `FlatSB_SetScrollProp` `FlatSB_SetScrollPos` `FlatSB_SetScrollInfo` `FlatSB_GetScrollPos` `FlatSB_GetScrollInfo` `_TrackMouseEvent` `ImageList_GetImageInfo` `ImageList_SetIconSize` `ImageList_GetIconSize` `ImageList_Write` `ImageList_Read` `ImageList_GetDragImage` `ImageList_DragShowNolock` `ImageList_DragMove` `ImageList_DragLeave` `ImageList_DragEnter` `ImageList_EndDrag` `ImageList_BeginDrag` `ImageList_Copy` `ImageList_LoadImageW` `ImageList_GetIcon` `ImageList_Remove` `ImageList_DrawEx` `ImageList_Replace` `ImageList_Draw` `ImageList_SetOverlayImage` `ImageList_GetBkColor` `ImageList_SetBkColor` `ImageList_ReplaceIcon` `ImageList_Add` `ImageList_SetImageCount` `ImageList_GetImageCount` `ImageList_Destroy` `ImageList_Create`
shell32.dll	`Shell_NotifyIconW`
winspool.drv	`OpenPrinterW` `EnumPrintersW` `DocumentPropertiesW` `ClosePrinter` `GetDefaultPrinterW`
kernel32.dll (delay-loaded)	`Sleep` `VirtualFree` `VirtualAlloc` `lstrlenW` `VirtualQuery` `QueryPerformanceCounter` `GetTickCount` `GetSystemInfo` `GetVersion` `CompareStringW` `IsValidLocale` `SetThreadLocale` `GetSystemDefaultUILanguage` `GetUserDefaultUILanguage` `GetLocaleInfoW` `WideCharToMultiByte` `MultiByteToWideChar` `GetACP` `LoadLibraryExW` `GetStartupInfoW` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetCommandLineW` `FreeLibrary` `GetLastError` `UnhandledExceptionFilter` `RtlUnwindEx` `RtlUnwind` `RaiseException` `ExitProcess` `ExitThread` `SwitchToThread` `GetCurrentThreadId` `CreateThread` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `FindFirstFileW` `FindClose` `WriteFile` `GetStdHandle` `CloseHandle` `LoadLibraryA` `TlsSetValue` `TlsGetValue` `LocalFree` `LocalAlloc` `WaitForSingleObject` `WaitForMultipleObjectsEx` `VirtualQueryEx` `VirtualProtect` `VerSetConditionMask` `VerifyVersionInfoW` `TryEnterCriticalSection` `SuspendThread` `SizeofResource` `SetThreadPriority` `SetLastError` `SetFilePointer` `SetEvent` `SetErrorMode` `SetEndOfFile` `ResumeThread` `ResetEvent` `ReadFile` `QueryPerformanceFrequency` `IsDebuggerPresent` `MulDiv` `LockResource` `LoadResource` `LoadLibraryW` `HeapSize` `HeapFree` `HeapDestroy` `HeapCreate` `HeapAlloc` `GlobalUnlock` `GlobalLock` `GlobalFree` `GlobalFindAtomW` `GlobalDeleteAtom` `GlobalAlloc` `GlobalAddAtomW` `GetVersionExW` `GetThreadPriority` `GetThreadLocale` `GetLocalTime` `GetFullPathNameW` `GetFileAttributesW` `GetExitCodeThread` `GetDiskFreeSpaceW` `GetDateFormatW` `GetCurrentThread` `GetCurrentProcessId` `GetCurrentProcess` `GetCPInfoExW` `GetCPInfo` `FreeResource` `FormatMessageW` `FindResourceW` `EnumSystemLocalesW` `EnumResourceNamesW` `EnumCalendarInfoW` `CreateFileW` `CreateEventW` `CreateDirectoryW`

Delayed Imports

Attributes	`0x1`
Name	`kernel32.dll`
ModuleHandle	`0x30f180`
DelayImportAddressTable	`0x30f1e0`
DelayImportNameTable	`0x30f3b8`
BoundDelayImportTable	`0x30f590`
UnloadDelayImportTable	`0x30f710`
TimeStamp	`1970-Jan-01 00:00:00`

dbkFCallWrapperAddr

Ordinal	`1`
Address	`0x3051f8`

__dbk_fcall_wrapper

Ordinal	`2`
Address	`0x18d60`

TMethodImplementationIntercept

Ordinal	`3`
Address	`0x8f420`

1

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`2.6633`
MD5	`ff4e5862f26ea666373e5fab2bddfb11`
SHA1	`cfa13c0ab30f1bbd566900dee3631902f9b6451c`
SHA256	`b8e6fc93d423931acbddae3c27dd3c4eb2a394005d746951a971cb700e0ee510`
SHA3	`91dae12a9f43c5443e0661091a336f882fa1482f75fa9a57c9298d1d70c8ae69`

2

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`2.80231`
MD5	`2e87b3c111e3073a841775c1f8ec5a90`
SHA1	`20292304fa2ef1bfdc4a1000e90a1c16d4765a96`
SHA256	`ce19ace18e87b572e6912306776226af5b8e63959c61cde70a8ff05b3bbdcc41`
SHA3	`9527f09e739c2064835800a7e5c317cb422bdd7237f00fca079a1c62f58a2612`

3

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`3.00046`
MD5	`a04c3c368cb37c07bd5f63e7e6841ebd`
SHA1	`699300bceaa1256818c43fecfc8cad93a59156b2`
SHA256	`ee1c9c194199c320c893b367602ccc7ee7270bd4395d029f727e097634f47f8c`
SHA3	`58722e3138aad1382e284c1605ecd665ced536de4906749ac8d6e11252cc9558`

4

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`2.56318`
MD5	`9929115b21c2c59348058d4190392e75`
SHA1	`626fba1825d572ea441d36363307c9935de3c565`
SHA256	`9d9edf87ca203ecc60b246cc783d54218dd0ce77d3a025d0bafc580995a4abd8`
SHA3	`fea156e872544252c625076a6bf3baa733ee5b3d5399716e156734af7a841369`

5

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`2.6949`
MD5	`f321ad13d1c3f35a05d67773b4bc27d6`
SHA1	`30aded8525417e2531d5eb88bf2f868172945baa`
SHA256	`99676c52310db365580965ea646ece86c62951bfd97ec0aae9f738a202a90593`
SHA3	`04c839da98a8c50a36697076af5bc6d527560a69153b2f718f065908fd4fe3ad`

6

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`2.62527`
MD5	`5ca217e52bdc6f23b43c7b6a23171e6e`
SHA1	`d99dc22ec1b655a42c475431cc3259742d0957a4`
SHA256	`11726dcf1eebe23a1df5eb0ee2af39196b702eddd69083d646e4475335130b28`
SHA3	`b358d8a5b0f400dd2671956ec45486ae1035556837b5289df5f418fe69348b3f`

7

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`2.91604`
MD5	`6be7031995bb891cb8a787b9052f6069`
SHA1	`487eb59fd083cf4df02ce59d9b079755077ba1b5`
SHA256	`6f938aab0a03120de4ef8b27aff6ba5146226c92a056a6f04e5ec8d513ce5f9d`
SHA3	`0f1c6c0378a3646c9fbf3678bbeeccf929d32192f02d1ea9d6ba0be5c769e6ab`

1 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`5.9896`
MD5	`19e5f3688b644efd0c7a09e5953383f4`
SHA1	`4dc6f04821b766db41b8366710312fa660c54810`
SHA256	`ee87d22d7f9284deb094e0ff49670706b3c77f4d7c7f8aeb7819d05a9f8f7200`
SHA3	`f3d26bf22df7c12e6ba95549cdae01c94327bd462b35d30372c0a312a1f8d180`

2 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`5.87569`
MD5	`dcb210d889bcd586d18004b39c079321`
SHA1	`babac3a5d98f9db51bf2ab56dbb9f7f829e024dd`
SHA256	`915ac298cdbb414edf3d25acb68d82b6433ddc74f595eb7d6af8bc50a89c8bb5`
SHA3	`ef2fc12cdf2bedfc4fb1e03b59d79463dfcf53448b6783cdefff5067aa85c71a`

3 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`5.63472`
MD5	`754b9cf5713a25f170142b308dd7ea78`
SHA1	`ffad71b3f1573ee836921d907281719171c6c31c`
SHA256	`c3f5a9645c3a08cb34c98098a94263e1ca3b2fc120ea2a9e6b8c3643fb00d820`
SHA3	`ba1d01e80c47ebb50215bc7b3c5b1f8d9dc43c8ab6cdbe58a51b441baabc1055`

4 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`5.31744`
MD5	`cbf633e0650df4b652e92aceab8db1f7`
SHA1	`23516679ac1a1cab579dd1e23bd51f8341b73e26`
SHA256	`bce9512ec52433781cbddc38f29a4f81c9cc27f424bdacc257a88177ebc3360f`
SHA3	`a050d71d2b0781e8e703d97e595a05c0f645968428fe17764f118324f2d933a4`

5 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x9978`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`7.96223`
Detected Filetype	PNG graphic file
MD5	`f83dada3786011b42984a2e8d09b4338`
SHA1	`d9e67ffb4e0a13b4903ecc0506b402a6f76b19b8`
SHA256	`7c612e8c1e06a90ba0252cda1575c80008bd75e50f699d0e285a0542ad7bb68d`
SHA3	`21ca7209df7273705c7382fb8c2dab44bbb59b8b3fb29c44392ee2d07afbf68a`

4075

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x424`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`3.24968`
MD5	`78890b0bf95923bda4b3e9f1aa6e389e`
SHA1	`ca4671ee3709340cfbf3ac2de228aa2c8ac3d544`
SHA256	`1cb8a1190a8318119863a38f319a442655a9f74665b7fa5882e7e60d270176d3`
SHA3	`b9798ab495e836c4fbf6e6bd4c36b292879f85336023b41f7bdc571b6a78db1e`

4076

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2ac`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`3.33162`
MD5	`5116519a3c4d11824041b4e4c3468b1a`
SHA1	`2a846a0e790d2fcb1049241f7d6873e9bf008b41`
SHA256	`0a2063cd5591ff87aed1129c6b73af8ef58c67cd73eafe88717d90d5f993eda0`
SHA3	`b6e1991c26e682b2fbdb6b38a183423e7f08f4778a2909f795cfb5589de28a31`

4077

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x424`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`3.29819`
MD5	`42ec51d1878b6d49df9534eef049aba6`
SHA1	`e13d2d639221a2649d27d85859c73c639153da45`
SHA256	`07609aa50a0afcd9ba7c4a4507d17e557a30a3191d880e420dfc3907f828bb37`
SHA3	`7ba43ebf5198335f4fa1a6a67dde5ed23f66da347e37e88779f6614cd5bc3288`

4078

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x9c`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`3.44967`
MD5	`210964f4e28003a874454a06a5c2fca1`
SHA1	`715336d8fe6c741ec768b35c455ef99362ea658e`
SHA256	`3c8133ad5dc190728cd90e6bfccd9132046b36df960d4d900b1ac3ddcf37e078`
SHA3	`4b00d35e2af286b15e1965f9b132081dc597e596a8edbe19e66f654a03c5da04`

4079

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xe8`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`3.37288`
MD5	`960f16982a86df542514b2269203a926`
SHA1	`2ac7e72fb923106362d6f42d213abf8304923027`
SHA256	`e557ee0e0b7d5aa10ba51091bd132ea08cd0041beff784069e22028c947f03b5`
SHA3	`d724692a5757379627e8e5c24e7ba17389eba7ee13340f8ba8fba405147f75fd`

4080

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x304`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`3.33494`
MD5	`f8af109a1aca4c9a457eaed4d5fd62bc`
SHA1	`c37092500dc97da338259a6f5cbd74f4dc62b50d`
SHA256	`fac6f7af2db4cb842dcd34c03ca114236608ad1aac3f2302287fe9f0877a8db3`
SHA3	`06e3331edcf6ff745b4001cddefbc67ba990313396485fd072b631e9f5097afd`

4081

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3e0`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`3.27727`
MD5	`43efa254fcb6a50fe73d27dab39225f7`
SHA1	`16273a584073ab05c22c006e5d5fa3d2774aaa88`
SHA256	`2cd8524b09407348629e61b563453c680f471a82ecd411ea8d3bdb191609270e`
SHA3	`b8b5a8cb2542e4296aaca159e5225dce4d8a346a04511c879faaa57af97198eb`

4082

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x39c`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`3.3112`
MD5	`4bbc6ef067cee4bcc960ab9ab702d48a`
SHA1	`3b221aca8155366114fe4fe1e85e406736001f3c`
SHA256	`78cbf46a3ecc41409415165632dc81b34ba5c77c033dff6ffd10b636e747e560`
SHA3	`4f1afdad960c88300a2ed41ce6a6d963be6e860d325df8de108f6bf4a56a4502`

4083

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4c4`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`3.23373`
MD5	`1709190a71b085d819deb6d4fc5e9ebd`
SHA1	`8a86b07d1b653a0aeed094f2bfb91f3007b8e66f`
SHA256	`ef95c6535fba6013f22e3a4c7575020378f7faf5b2c596d269cca3a42da9df62`
SHA3	`40e019f36176bebe8cd86e9c11769003c41e7eea22e3ba6f0a5f3c9c3c57cb47`

4084

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x250`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`3.42353`
MD5	`b3f2d9be495da0d16bc2e35c19f5c865`
SHA1	`259df6512a8bd5e77b7382e8280156db46b201ef`
SHA256	`c44f2236cec8645b52d9199d5948c6b650fc420536d07770089adcccfbe482d8`
SHA3	`e5b596edb75e8d569722456d7bfeb426ed35817e7f902b7cbb5962ace4705ec5`

4085

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x414`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`3.34414`
MD5	`8b75a21c7f6b3bc7866625fb4d08e598`
SHA1	`41b06648755029f39f59beaa5021f93a94982244`
SHA256	`c56f9bf03a4bc4defd1b858be7edd421c98e52dfe9e4325cee9401bc9333027f`
SHA3	`e5b428a1522e02f4bb615662723576937be3d281b734d0b213490dc48920190f`

4086

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4d4`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`3.30173`
MD5	`8364362de6e54e6affe2fb34dfb2255b`
SHA1	`f73464aefa7ae04ef8b597b20d8e736e67373ef7`
SHA256	`7e7eadfea24dd9fb1cf057cd70400e9fdd1a28369a31dc77127321495eeb6212`
SHA3	`dfb292de95e4c2dbd1bce59c67c4dce5dabfcdca07b6c88ba9612cceb309d7ba`

4087

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x490`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`3.21027`
MD5	`a61a957ebe291897dad415f98a715ae7`
SHA1	`be593e32ce555540a2587b3bfbcf7bd9c9bbf324`
SHA256	`e2694651a16108a5d21c282be9188817f514008e88a8721615d4be06bbc73beb`
SHA3	`63cf9ecfc71c1603e6dbcc95afed1869d6f6c8bca3cddf93a8f163268500d1c3`

4088

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x390`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`3.31341`
MD5	`a0c90e92bd33e508027b372fb57677a5`
SHA1	`c3105c1d576fa75fcd780378eb865dfe9ba16922`
SHA256	`7517c5d1a503a33d60de80887973f2010d95c7146371c43db6a44e349bb01b88`
SHA3	`642d80542cb44321556c3daf6b6af06ebfbac2b03c6053ca3ed5597e3627c310`

4089

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x458`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`3.31006`
MD5	`05f588bfd7304b12f6f47a204c24112f`
SHA1	`2cb028111e84490163e44815f7f420eca7550b90`
SHA256	`de356a2c2642ec506774b96a20d98f01118cbdc1f9b14120f65f167b81e7f4f3`
SHA3	`d33d048940e467921dee150990434c4f8c91f03e24d30caa81484ad85c621063`

4090

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ec`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`3.33528`
MD5	`06546f9d85965d608b41b0f4a8b347d6`
SHA1	`88ab8a2664ff77dd8734b0d0ac4a35ef6a28746f`
SHA256	`0b93ee8751b4de644d376611b6a2c4de4ff0690fc1182db64e22d6888cfe5a2c`
SHA3	`2e772a544aae3c6a91e15aadd630a665aee106b7e01d483dfdb6d30761492270`

4091

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xc4`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`3.36848`
MD5	`873a160a258fe8ed37ab496575f38fe5`
SHA1	`8bd60538dd0c33f71e8dc1f20f141482e023d70a`
SHA256	`261ab9391ea1dd60432853cabc6ae7f6dccdaecf49b030d461612254d00cc54a`
SHA3	`52657bda8cbc49e4365a61d53401d434a3f7bc4e21efece320bd9cce44734914`

4092

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x170`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`3.38849`
MD5	`06980ab5431b3a4b704a7bdc2b2e8530`
SHA1	`d7ab528e97076d3dd3cace450b550ff00d8ba9e9`
SHA256	`1343e9062c63d790a640659562cdd5aff064fe988852e49582de9a5857a7d838`
SHA3	`79d1106c9bc41ef4d1309e5844d2e02a740ad4f263c65697a80a57b8e3aa9e26`

4093

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x334`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`3.30898`
MD5	`d3869a47a6fc91de4f996fd17d352a16`
SHA1	`60150f57b9e2f7a795035aefb4b49278351bd908`
SHA256	`e122061418917643d00324e62fb53733bbc15d6dff5e289db1475fcf59e69239`
SHA3	`8650fcad63927dc9cd3698d4a35a73d9a0dc8e164b53d8974ba7bdc0c13f093b`

4094

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x408`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`3.30281`
MD5	`e48e298665e0a8372d84d540ada1c82f`
SHA1	`b4f58bc71a8e576446c89236298993a6212d94f2`
SHA256	`205ddedb4acb312145cb04ed22729a46251d2e04404ee180c54835c0a8907590`
SHA3	`30fb646770e32690ce195fcf68bd6223a118dda36aa3a08d53751bdcf4c608d1`

4095

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x38c`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`3.32482`
MD5	`618134c66caccc2120059a36ac364d52`
SHA1	`41a9ccf5c08d1309363670205b1fcad010f6c7a7`
SHA256	`ef198bffb824914591d3b3bd6883dfd23711c1808b9ffc7166a3ac134e5e2868`
SHA3	`1572b00c6e150c6a69ea6b98cbff9b41e847bdfd6dc329ba8cc4206acad30cd5`

4096

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2b4`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`3.34258`
MD5	`c89414bc9482a80d3c7822718ce0997a`
SHA1	`04cbe904526c7b8a45d86140ee86d190d9fa1b64`
SHA256	`fa9f4ae68a07930d01394037d6dc777b5a84b05c9d1e1a8c0a4f8c67eac929ae`
SHA3	`43333a6317559630b97478488d34997d5b0025a56d419aa9befcd7950be5f48d`

DVCLAL

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`4`
MD5	`d8090aba7197fbf9c7e2631c750965a8`
SHA1	`04f73efb0801b18f6984b14cd057fb56519cd31b`
SHA256	`88d14cc6638af8a0836f6d868dfab60df92907a2d7becaefbbd7e007acb75610`
SHA3	`a5a67ad8166061d38fc75cfb2c227911de631166c6531a6664cd49cfb207e8bb`

PACKAGEINFO

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x6f8`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`5.21272`
MD5	`160968cffc93d21c60a34aea97bfb7e2`
SHA1	`9aecdb3fbcda63215854f73275f20e6d75780442`
SHA256	`2d4fbca382f7c4b9e5f4f188b26698392817a361947fbc3b141335e96068c3e6`
SHA3	`57b1a1e6e5a2f8fd2bb7560e7c2e260ae3be28dd8d9f72038d274aab8eef0e10`

PLATFORMTARGETS

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`1`
MD5	`598f4fe64aefab8f00bcbea4c9239abf`
SHA1	`688934845f22049cb14668832efa33d45013b6b9`
SHA256	`9b4fb24edd6d1d8830e272398263cdbf026b97392cc35387b991dc0248a628f9`
SHA3	`2951e8c89ecc8e8aa730f646caa10afd48f0be1353aaf5cc35815497dc6ba0db`

TFORM1

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x17a`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`5.35275`
MD5	`054b8019f0b89c00b950b289b2cc994a`
SHA1	`3a463996c743b0bee8535231c09cae69e589a8e4`
SHA256	`41b5f5b4e7593f487668d957ac78899d944e10b1b80ec25c429fc4856dedc2e4`
SHA3	`3a94fe7394b0eefeeb4099cddfee443c610f7c20929a3fe3fcdc34208f91a51c`

32761

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`1.83876`
Detected Filetype	Cursor file
MD5	`a2baa01ccdea3190e4998a54dbc202a4`
SHA1	`e8217df98038141ab4e449cb979b1c3bbea12da3`
SHA256	`c53efa8085835ba129c1909beaff8a67b45f50837707f22dfff0f24d8cd26710`
SHA3	`8874564c406835306368adf5e869422e1bb97109b97c1499caa8af219990e8dc`
Preview

32762

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`1.91924`
Detected Filetype	Cursor file
MD5	`aff0f5e372bd49ceb9f615b9a04c97df`
SHA1	`e3205724d7ee695f027ab5ea8d8e1a453aaad0dd`
SHA256	`b07e022f8ef0a8e5fd3f56986b2e5bf06df07054e9ea9177996b0a6c27d74d7c`
SHA3	`9cb042121a5269b80d18c3c5a94c0e453890686aedade960097752377dfa9712`
Preview

32763

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`48e064acaba0088aa097b52394887587`
SHA1	`310b283d52aa218e77c0c08db694c970378b481d`
SHA256	`43f40dd5140804309a4c901ec3c85b54481316e67a6fe18beb9d5c0ce3a42c3a`
SHA3	`38753084b0ada40269914e80dbacf7656dc94764048bd5dff649b08b700f3ed5`
Preview

32764

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`1ae28d964ba1a2b1b73cd813a32d4b40`
SHA1	`8883cd93b8ef7c15928177de37711f95f9e4cd22`
SHA256	`ff47a48c11c234903a7d625cb8b62101909f735ad84266c98dd4834549452c39`
SHA3	`a85dadd416ce2d22aa291c0794c45766a0613b853c6e3b884a2b05fc791427b8`
Preview

32765

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`0893f6ba80d82936ebe7a8216546cd9a`
SHA1	`0754cbdf56c53de9ed7fbd47859d20b788c6f056`
SHA256	`a0adcedb82b57089f64e2857f97cefd6cf25f4d27eefc6648bda83fd5fef66bb`
SHA3	`ce6148ade08ef9b829f83cb13b4c650d9d4a7012bfd1ab697a7870a05f4104f8`
Preview

32766

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`dcaa3c032fe97281b125d0d8f677c219`
SHA1	`58fe36409f932549e2f101515abee7a40cf47b2c`
SHA256	`6e1e7738a1b6373d8829f817915822ef415a1727bb5bb7cfe809e31b3c143ac5`
SHA3	`02ef292e1b4a70e439e362af6b4fa213e3816ade45222b78dabab712b6afba54`
Preview

32767

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`a95c7c78d0a0b30b87e3c4976e473508`
SHA1	`b19f3999f1b302a2d28977cb18a3416c918d486c`
SHA256	`326c048595bbc72e3f989cb3b95fbf09dc83739ced3cb13eb6f03336f95d74f1`
SHA3	`8157b4e6afa7ed2e2ffc174d655bec9fb81db609e4c5864faa5ead931ff60689`
Preview

MAINICON

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4c`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`2.64638`
Detected Filetype	Icon file
MD5	`e577c3800c40d5ccf27323e26c91152e`
SHA1	`bc9678a50e687a7798ac1e76f5575b834a581982`
SHA256	`a2b14c7d58c2d51b1ea0f740f4b27feea93c04f1860dd6b0dc08be4997aad9e4`
SHA3	`30cfe727f964c94f500661d6226f6273d1843efe06c2f8f46a1dcbb6d457c638`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x478`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`3.4694`
MD5	`a8bf429dc5c8cab5e90373e67f809eef`
SHA1	`8ff40050bc0523e500385c474f85bc4c351fbecf`
SHA256	`ad8c2146865911841b84c7da9d04eef114fa5a355a564d9e402677b52ef35c48`
SHA3	`0058b082b65cbf89c028a4621b1f326936f2ca08439e28e644eb178c1a08dca1`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x696`
TimeDateStamp	2022-Aug-22 14:42:14
Entropy	`5.2779`
MD5	`f5434988a1a7bf4379b92addc081ef08`
SHA1	`61506a778633669352571998d6ec69600fb9ba12`
SHA256	`b8dd803fbebfd215ff08015877733c914c2eeab7ad74258ae7965b6e670cb3aa`
SHA3	`ea58bd5ccefb50a400b61eb9486ef1e3c413cfc0f95ec324f7eca314094eab87`

String Table contents

Invalid style format
Class '%s' is already registered for '%s'
Class '%s' is not registered for '%s'
%s parameter cannot be nil
Feature not supported by this style
Style '%s' is not registered
Cannot unregister the system style
Style not registered
Cannot call BeginInvoke on a control with no parent or window handle
OLE error %.8x
Method '%s' not supported by automation object
Variant does not reference an automation object
Dispatch methods do not support more than 64 parameters
Non è stato possibile caricare la libreria
&Username
&Password
&Domain
Login
Cannot remove shell notification icon
%s requires Windows Vista or later
Button%d
RadioButton%d
Caption cannot be empty
Unable to load style '%s'
Unable to load styles: %s
Style '%s' already registered
Style class '%s' already registered
Style '%s' not found
Style class '%s' not found
Invalid style handle
Ctrl+
Alt+
Value must be between %d and %d
All
Clipboard does not support Icons
Cannot open clipboard: %s
Operation not supported on selected printer
There is no default printer currently selected
Menu '%s' is already being used by another form
Docked control must have a name
Error removing control from dock tree
- Dock zone not found
- Dock zone has no control
Error loading dock zone from the stream. Expecting version %d, but found %d.
Length of value array must be >= length of prompt array
Prompt array must not be empty
BkSp
Tab
Esc
Enter
Space
PgUp
PgDn
End
Home
Left
Up
Right
Down
Ins
Del
Shift+
Warning
Error
Information
Confirm
&Yes
&No
OK
Cancel
&Help
&Abort
&Retry
&Ignore
&All
N&o to All
Yes to &All
&Close
Printer index out of range
Printer selected is not valid
%s on %s
GroupIndex cannot be less than a previous menu item's GroupIndex
Cannot create form. No MDI forms are currently active
Can only modify an image if it contains a bitmap
A control cannot have itself as its parent
Cannot drag a form
Metafiles
Enhanced Metafiles
Icons
Bitmaps
TIFF Images
JPEG Images
PNG Images
GIF Images
Error creating window device context
Error creating window class
Cannot focus a disabled or invisible window
Control '%s' has no parent window
Parent given is not a parent of '%s'
Cannot hide an MDI Child Form
Cannot change Visible in OnShow or OnHide
Cannot make a visible window modal
Scrollbar property out of range
%s property out of range
Menu index out of range
Menu inserted twice
Sub-menu is not in menu
Not enough timers available
Printer is not currently printing
Printing in progress
Invalid image
Scan line index out of range
Cannot change the size of an icon
Cannot change the size of a WIC Image
Unknown picture file extension (.%s)
Unsupported clipboard format
Out of system resources
Canvas does not allow drawing
Text format flag '%s' not supported
Invalid image size
Invalid ImageList
Unable to Replace Image
Unable to Insert Image
Invalid ImageList Index
Failed to read ImageList data from stream
Failed to write ImageList data to stream
Windows 10
Observer is not supported
Cannot have multiple single cast observers added to the observers collection
The object does not implement the observer interface
No single cast observer with ID %d was added to the observer collection
No multi cast observer with ID %d was added to the observer collection
Observer is not available
Invalid date string: %s
Invalid time string: %s
Invalid time Offset string: %s
Must wait on at least one event
Cannot call BeginInvoke on a TComponent in the process of destruction
Bitmap image is not valid
Icon image is not valid
Metafile is not valid
Invalid pixel format
%s Service Pack %4:d (Version %1:d.%2:d, Build %3:d, %5:s)
32-bit Edition
64-bit Edition
Windows
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2
Windows 2000
Windows XP
Windows Server 2003
Windows Server 2003 R2
Windows Server 2012
Windows Server 2012 R2
Windows 8
Windows 8.1
Unable to open Index
Unable to open Search
Unable to find a Table of Contents
No topic-based help system installed
No help found for %s
Argument out of range
Argument must not be nil
Item not found
Duplicates not allowed
Insufficient RTTI available to support this operation
Parameter count mismatch
Parameter count exceeded
Type '%s' is not declared in the interface section of a unit
VAR and OUT arguments must match parameter type exactly
Specified Login Credential Service not found
%s (Version %d.%d, Build %d, %5:s)
Invalid characters in path
The specified file was not found
No help viewer that supports filters
Index out of range (%d). Must be >= 0 and < %d
Length of Strings and Objects arrays must be equal
Class %s is not intended to be constructed
Invalid Timeout value: %s
SpinCount out of range. Must be between 0 and %d
Timespan too long
The duration cannot be returned because the absolute value exceeds the value of TTimeSpan.MaxValue
Value cannot be NaN
Negating the minimum value of a Timespan is invalid
Invalid Timespan format
Timespan element too long
No context-sensitive help installed
No help found for context %d
Resource %s not found
%s.Seek not implemented
Operation not allowed on sorted list
%s not in a class registration group
Property %s does not exist
Stream write error
Thread creation error: %s
Thread Error: %s (%d)
Cannot terminate an externally created thread
Cannot wait for an externally created thread
Cannot call Start on a running or suspended thread
Cannot call CheckTerminated on an externally created thread
Cannot call SetReturnValue on an externally create thread
Parameter %s cannot be nil
Parameter %s cannot be a negative value
Input buffer exceeded for %s = %d, %s = %d
''%s'' is not a valid component name
Invalid property value
Invalid property path
Invalid property value
Invalid data type for '%s'
List capacity out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d)
Out of memory while expanding memory stream
%s has not been registered as a COM class
Error reading %s%s%s: %s
Stream read error
Property is read-only
Failed to create key %s
Failed to get data for '%s'
Failed to set data for '%s'
Invalid encoding name
No mapping for the Unicode character exists in the target multi-byte code page
Ancestor for '%s' not found
Cannot assign a %s to a %s
Bits index out of range
Can't write to a read-only resource stream
CheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
A class named %s already exists
List does not allow duplicates ($0%x)
A component named %s already exists
String list does not allow duplicates
Cannot create file "%s". %s
Cannot open file "%s". %s
Invalid file name - %s
Invalid stream format
Fri
Sat
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Invalid source array
Invalid destination array
Character index out of bounds (%d)
Start index out of bounds (%d)
Invalid count (%d)
Invalid destination index (%d)
Invalid code page
February
March
April
May
June
July
August
September
October
November
December
Sun
Mon
Tue
Wed
Thu
Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
%s%s
A call to an OS function failed
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
January
Overflow while converting variant of type (%s) into type (%s)
Variant overflow
Invalid argument
Invalid variant type
Operation not supported
Unexpected variant error
External exception %x
Assertion failed
Interface not supported
Exception in safecall method
Object lock not owned
Monitor support function not initialized
Feature not implemented
Method called on disposed object
%s (%s, line %d)
Abstract Error
Read
Write
Execution
Invalid access
Error creating variant or safe array
Variant or safe array index out of bounds
Variant or safe array is locked
Invalid variant type conversion
Invalid variant operation
Invalid NULL variant operation
Invalid variant operation (%s%.8x)
%s
Custom variant type (%s%.4x) is out of range
Custom variant type (%s%.4x) already used by %s
Custom variant type (%s%.4x) is not usable
Too many custom variant types have been registered
Could not convert variant of type (%s) into type (%s)
Invalid floating point operation
Floating point division by zero
Floating point overflow
Floating point underflow
Invalid pointer operation
Invalid class typecast
Access violation at address %p. %s of address %p
Access violation
Stack overflow
Control-C hit
Privileged instruction
Exception %s in module %s at %p.
%s%s

Application Error
Format '%s' invalid or incompatible with argument
No argument for format '%s'
Variant method calls not supported
<unknown>
'%s' is not a valid integer value
'%d.%d' is not a valid timestamp
'%s' is not a valid GUID value
Invalid argument to time encode
Invalid argument to date encode
Out of memory
I/O error %d
Too many open files
File access denied
Read beyond end of file
Disk full
Invalid numeric input
Division by zero
Range check error
Integer overflow

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.2.0.0
ProductVersion	1.2.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	ACCA software S.p.A.
FileDescription	ABRSubProcess.exe
FileVersion (#2)	1.2.0.0
ProgramID	com.embarcadero.ABRStandaloneExecutable
ProductName	ABRStandaloneExecutable
ProductVersion (#2)	1.2.0.0
LegalCopyright	Copyright (c) ACCA software S.p.A. - Italy. All Rights Reserved
LegalTrademarks	ACCA Ã¨ un marchio registrato da ACCA software S.p.A. - Italy
OriginalFilename	ABRStandaloneExecutable.exe
InternalName	ABRSubProcess

Resource LangID	English - United States

TLS Callbacks

StartAddressOfRawData	`0x711000`
EndAddressOfRawData	`0x711274`
AddressOfIndex	`0x6c3310`
AddressOfCallbacks	`0x712020`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`(EMPTY)`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!
[*] Warning: Section .tls has a size of 0!

Leave a comment

No comments yet.