Manalyze report for 43552a97ad0ad4bd9b4bda6888689394

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2018-Jan-02 13:49:10

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA`
Malicious	VirusTotal score: 47/66 (Scanned on 2018-04-27 01:15:03)	`MicroWorld-eScan: Trojan.Generic.22846892` `CAT-QuickHeal: Worm.Dorkbot.ZZ4` `McAfee: Artemis!43552A97AD0A` `K7AntiVirus: Spyware ( 00505c591 )` `K7GW: Spyware ( 00505c591 )` `TrendMicro: Ransom_Foreign.R004C0RA718` `Baidu: Win32.Trojan.WisdomEyes.16070401.9500.9977` `Babable: Malware.HighConfidence` `Cyren: W32/Trojan.EDHI-6702` `Symantec: Packed.Generic.521` `TrendMicro-HouseCall: Ransom_Foreign.R004C0RA718` `Avast: Win32:Malware-gen` `Kaspersky: Trojan-Ransom.Win32.Foreign.nxgn` `BitDefender: Trojan.Generic.22846892` `NANO-Antivirus: Trojan.Win32.Kryptik.ewvbph` `Paloalto: generic.ml` `AegisLab: Troj.Ransom.W32.Foreign!c` `Tencent: Win32.Trojan.Foreign.Pavl` `Ad-Aware: Trojan.Generic.22846892` `Emsisoft: Trojan.Generic.22846892 (B)` `Comodo: UnclassifiedMalware` `F-Secure: Trojan.Generic.22846892` `VIPRE: Trojan.Win32.Generic!BT` `Invincea: heuristic` `McAfee-GW-Edition: BehavesLike.Win32.Generic.gh` `Sophos: Mal/Lethic-L` `Ikarus: Trojan.Win32.Crypt` `Jiangmin: Trojan.Foreign.ebn` `Webroot: W32.Trojan.Gen` `Avira: TR/Crypt.Xpack.qwmba` `Antiy-AVL: Trojan[Ransom]/Win32.Foreign` `Microsoft: TrojanSpy:Win32/Ursnif` `Endgame: malicious (high confidence)` `Arcabit: Trojan.Generic.D15C9DAC` `ZoneAlarm: Trojan-Ransom.Win32.Foreign.nxgn` `GData: Trojan.Generic.22846892` `AhnLab-V3: Spyware/Win32.Ursnif.C2342508` `VBA32: TrojanRansom.Foreign` `AVware: Trojan.Win32.Generic!BT` `Cylance: Unsafe` `ESET-NOD32: Win32/Spy.Ursnif.AO` `Yandex: Trojan.Foreign!uoelU78LXw4` `SentinelOne: static engine - malicious` `Fortinet: W32/Kryptik.GCLM!tr` `AVG: Win32:Malware-gen` `Panda: Trj/GdSda.A` `CrowdStrike: malicious_confidence_100% (W)`

Hashes

MD5	`43552a97ad0ad4bd9b4bda6888689394`
SHA1	`1d229e20a89a55daedfd28d57f0300f12957e5c7`
SHA256	`597c15244d0dac4a717a363849f81a56d678a39bc9dcf9438dd653cdbd9f33c3`
SHA3	`98dc672de0474dccdf96ec89caac8cca49aac06e1a42e8ecf58b07fe15a74b32`
SSDeep	`12288:/Q/DFw1YAudK8GiYpaBqZDvXOOJhBTHtE6r:/im1YAuk8GiIaSHBTy6`
Imports Hash	`0d43578f1fab41207b07793e6fc8db5c`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2018-Jan-02 13:49:10
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`33.0`
SizeOfCode	`0x11200`
SizeOfInitializedData	`0x8ee00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00007AA3 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x13000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0xa3000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`1506309e3ef45dc90fd4a0d194c15ee8`
SHA1	`479aa9a31b5ba324ca37b7adf01d1b1915f9a553`
SHA256	`a5e42bde4360a4329a19253d5cb79ffa6b16beaedbc9978b1766df214fedf9c6`
SHA3	`fc43508d29006711111123e1cbb1c1f4b9167a63826d77e877ee11c04450bacb`
VirtualSize	`0x110a4`
VirtualAddress	`0x1000`
SizeOfRawData	`0x11200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.45882`

.rdata

MD5	`77b48d65ffa8e9f8f6cf9c6a91dd2b8e`
SHA1	`c1b953860a270edbe091edc1fae3396f7febdad2`
SHA256	`5a08adc83a51deff5bfbe24cd6d58d56f134a136ce4d58946e8cc4b5eb65fd0a`
SHA3	`ce5277e5c5f00f7dad585dd1e22b7d653160035baebfc6be0e9238c8b02a2200`
VirtualSize	`0x4586`
VirtualAddress	`0x13000`
SizeOfRawData	`0x4600`
PointerToRawData	`0x11600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.36476`

.data

MD5	`80826740c56bdfb0b43673cc78e36b3f`
SHA1	`d4bd2962e01dce6571ee696e134130ba54edb941`
SHA256	`890d6c5072058313acbaac6ad2b98f853522fa231871c4a4d2cfe20da2b472b8`
SHA3	`c84c8f2cb2f031c8476e5eb75633f1d2b4c5cf23ba607f59bdd8617d59264553`
VirtualSize	`0x82ca8`
VirtualAddress	`0x18000`
SizeOfRawData	`0x5c200`
PointerToRawData	`0x15c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.19335`

.rsrc

MD5	`14c15a87c7956b428d984c303642fa47`
SHA1	`ea3250cbcc4eee117820ab46265295de593adaa3`
SHA256	`18a9df1c6e57b7738e0fb9b1d5b94334b5aff81948be3d80180d2a31a728cadb`
SHA3	`02c45340a60389a582fca44dc74b4f750feeefee11e2f5bc8bce0577d53b1974`
VirtualSize	`0x7998`
VirtualAddress	`0x9b000`
SizeOfRawData	`0x7a00`
PointerToRawData	`0x71e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.87666`

Imports

USER32.dll	`GetAsyncKeyState` `IsDlgButtonChecked` `ScreenToClient` `GetMessagePos` `CallWindowProcW` `IsWindowVisible` `LoadBitmapW` `CloseClipboard` `SetClipboardData` `EmptyClipboard` `OpenClipboard` `TrackPopupMenu` `GetWindowRect` `AppendMenuW` `CreatePopupMenu` `GetSystemMetrics` `EndDialog` `EnableMenuItem` `GetSystemMenu` `SetClassLongW` `IsWindowEnabled` `SetWindowPos` `DialogBoxParamW` `CheckDlgButton` `CreateWindowExW` `SystemParametersInfoW`
KERNEL32.dll	`TlsAlloc` `SetEnvironmentVariableA` `CompareStringW` `CompareStringA` `CreateFileA` `SetStdHandle` `WriteConsoleW` `GetConsoleOutputCP` `WriteConsoleA` `CloseHandle` `HeapSize` `SetFilePointer` `GetLocaleInfoA` `GetStringTypeW` `GetStringTypeA` `LCMapStringW` `MultiByteToWideChar` `LCMapStringA` `FlushFileBuffers` `GetConsoleMode` `GetConsoleCP` `GetProcAddress` `GetSystemTimeAsFileTime` `GetCommandLineA` `GetStartupInfoA` `EnterCriticalSection` `LeaveCriticalSection` `TerminateProcess` `GetCurrentProcess` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsDebuggerPresent` `HeapAlloc` `GetModuleHandleW` `Sleep` `ExitProcess` `WriteFile` `GetStdHandle` `GetModuleFileNameA` `FreeEnvironmentStringsA` `GetEnvironmentStrings` `FreeEnvironmentStringsW` `WideCharToMultiByte` `GetLastError` `GetEnvironmentStringsW` `SetHandleCount` `GetFileType` `DeleteCriticalSection` `TlsGetValue` `TlsSetValue` `TlsFree` `InterlockedIncrement` `SetLastError` `GetCurrentThreadId` `InterlockedDecrement` `HeapCreate` `VirtualFree` `HeapFree` `QueryPerformanceCounter` `GetTickCount` `GetCurrentProcessId` `GetCPInfo` `GetACP` `GetOEMCP` `IsValidCodePage` `RtlUnwind` `GetTimeZoneInformation` `VirtualAlloc` `HeapReAlloc` `LoadLibraryA` `InitializeCriticalSectionAndSpinCount`

Delayed Imports

110

Type	`RT_BITMAP`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x666`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82633`
MD5	`b6bf70baab40fe438feff063bfb9ff6f`
SHA1	`7d4659d43e08d368ddacd31945872461c0b06253`
SHA256	`0e90a9e4b8f3a5bf990e8aadfd8096ad7aeaf1a4e032ac7b6395ce191d61c142`
SHA3	`cab98fabaf20118d9a8a4d2bcff4383a7291a0e04ff11a8690e71eed619c75e7`
Preview

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x368`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.84542`
MD5	`43e4a2bedda67ecec41e54a54f5a9c09`
SHA1	`a540061c068d397daab6f49079fd2a3949248c7d`
SHA256	`8bcd97f5cac766ea87a44d949fe020e148f0c8e1ba3d8c4edd10659005db5abe`
SHA3	`b6089aee7d36265f9255fe23ec30f92ed2b4e0956a1ab3985ebd70358f53c4e3`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x748`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.15135`
MD5	`94ab7d739ed2f0bef62e2fc1caa0a18c`
SHA1	`726832ca323f3fda4e61955cdf3d2b25d554083f`
SHA256	`2600e32a5595a483d77f5c64559667fe6eaf6c9e20c256763950427824cd4375`
SHA3	`dfeb18da149c53c02e51c7a825d6fd5d68008a9aa3e3d5e3c0032aca82f2a9ad`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.17923`
MD5	`deb0a14f318e702d06ffbf9c42b2770c`
SHA1	`8c28577590741b025eb35594d3503db59a95020e`
SHA256	`58f9506884353b03d162642dc0e6a9edf201c7d679e85067a4730e02509a31cd`
SHA3	`93f9361e9326e2771683f3c0e7464268574641d5e5e9a604c1a677a829e93afc`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.67704`
MD5	`4599810be0bb1e3e24c4de95b46938ab`
SHA1	`37abb1040f16a96078a98380dee0b861f1767b65`
SHA256	`8b3b47b0b089c436381677b7e3f3eb577d55fe859d6539d7e4c2d10fc86588f9`
SHA3	`c81c51ab93697c04374b7b75f8e266591cd4db1b1411db7b99171a54d095a5da`

102

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3d2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.37751`
MD5	`9df284a7c9f7371052e0e19c05e286a6`
SHA1	`b32a091b4eec4d998b81e59a1ee233aeafbf7d20`
SHA256	`d55d93233715e2e231b161bdba2cb40af75d744963af70e85e823efe66a67677`
SHA3	`44db2ca57c36e04265fad133b41319f8fa64346496792a1070369d67f05a4e6d`

103

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x21c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.35716`
MD5	`2bde8bbfd244b36a7f75bf9274796dc1`
SHA1	`59c5a19cbc7f930e3e7416bb01c7959ac8511074`
SHA256	`108316f5d852d6a72a4b8df49c8a80464fdecaf638f6db67d5d7a578d81755cf`
SHA3	`fa64f14a18393dd507eba33cc18859a6158145698fe04e2bea296eb81160bf1a`

106

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ec`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.2787`
MD5	`08dfedaf57a928a65dc9816f22a80d36`
SHA1	`5958c4ef1e733605c01324cb096e79a280e65f30`
SHA256	`7d710a1e075478347ab5cd6d72f4f95611dd86321a2cf01845e01697189bff93`
SHA3	`ffa47f19e8882de651a812ef89b2fecc3e2fa7be847f0d936c977b34e99c7e4a`

108

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xb4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.89349`
MD5	`f35ae58ae1cd975337a16a2a0a72a0c6`
SHA1	`e19baac45825738ae2ce48a85f30a15b5af125ce`
SHA256	`da6ce1045305d4cac909a9b845ba3372e0570eacc37767c91b3eb1b2c2046aff`
SHA3	`11c3b6ef8682f2c33e5357998c4e1974c6e2f0f6867d9ee7737e353538cc7ff3`

110 (#2)

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x60`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.53778`
MD5	`517a9c43b3329645897c0680237cb4ab`
SHA1	`223c0eb7e961e7f917626f447d58d2bf1237751c`
SHA256	`7f66b4eb6a3e6987dc12337416014df6850d77c5663a13591d094cd9ee131eab`
SHA3	`f7c24547d1438f1f1ec15ea324bcf388c63e2f5428a9093bf37943e88a4fa990`

111

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x288`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.10467`
MD5	`3f5ec60c5928f1a430e3f2c08697024c`
SHA1	`d0cd9a7e30472571fc8c1556d9b202c2a637eebd`
SHA256	`60e5ae7ae6717ccf7b0ca5354044071bd89a56e18112e882d27470714b5c3aff`
SHA3	`229bf6189d50cc0f86aef2bd4b3a064239feb4caf5c2f7b30d19558fe2b78d50`

112

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xe0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.93048`
MD5	`3dcb04836e338e25539a71c98d3ff206`
SHA1	`47bb1a8b425849a44b4f29e579a2a0bbb1fa0af7`
SHA256	`59589a2e3312ecd2a4729b44116016f1d133e8459742408f3c07e720bb219a5b`
SHA3	`02748eb2d9629d6e4b190bf88887a9655d597b5398d1ad34282465c45aafb859`

113

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xa0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.98027`
MD5	`36a435f9de0d9391cbf9c274e44ccb4c`
SHA1	`4e367682c8d1e245dae4bb7fd32b391aa9a8df03`
SHA256	`0d87368a2013db3d96ed12c93227cc832be80c62cdd5b3a9fa9352c71bd699ad`
SHA3	`903e20ea388f5d76899e2e2bdc7a0914451077fad00558aab726339c6d807cd4`

114

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x7a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.77492`
MD5	`89d164e4a94a3f41adcdc301ab482c49`
SHA1	`7e8a4f9cf6c91713adeef4468d89a74756658056`
SHA256	`3698e60cd5ae372b26237a58701758e834b8194f3324d8b85789b94cac8f8f22`
SHA3	`9dc35d7f48a33b7a62ba73a6de6605057e0792b40feb953b128b916f30998e88`

503

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3d4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.51059`
MD5	`3318de2a808e7630c604082d0ae17ecc`
SHA1	`7ae806bdcd53f8c05f353026ea80876e3aec61ee`
SHA256	`0b37e6442eaeba343c03ae217c213cd147f207402221acddef9d1caae9741dce`
SHA3	`627b9551cb42748f580af355cbf5fd35a4ca4d3f00e9b66b62a36eb47077ea68`

504

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x578`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.47489`
MD5	`14bed85007f0cd67f09f1371d0572a74`
SHA1	`cb8ccec1a157fde1884b2b1e82083ff606c5df9d`
SHA256	`35fe7be4e36c6ac9c4461e7c521b5ab70b75c7a85113f812c37f232c389950c3`
SHA3	`6cf4c96f2d4d7aa5a818590631b814e763e811c33bb601e7d0f184b9b6892016`

505

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x49c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.47826`
MD5	`7aa9f54f190ea251e6a3f634ef2a0fe5`
SHA1	`731fd0d4a9c7e74ddc70c3c6b6b0764a6925d60b`
SHA256	`ac716b4ee983aa13e504dd91d8f43fd989b53efd801b74ca8a4f481e38bc0816`
SHA3	`1e6a1710b7d047dee853a23b88bc7eff812d95a963e5ee84f9bf3c8857294def`

508

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1da`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.09202`
MD5	`cbb3f271339441b0be7afb8bf4222c8d`
SHA1	`0133041b18b8f1cd5787b272f2f04eb83a4cd7ed`
SHA256	`1a36280ef325b59cb7b3bd0f8dffd8b9d8992bbaf54be696a0f94a016f197a8d`
SHA3	`0c7e4d2f96e3c95b7a71734695e52181e8c932798176c474f8848a7f8d1ca329`

509

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xb8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.03003`
MD5	`fcf93521e45a44a95c0d1683d7d8044f`
SHA1	`7e58376a225bfd6364de27d773b3880795265c37`
SHA256	`6e78f6e5db56e00b70c2f59ef155fd7f3dcd531b3be1990a9e6caa16ca0fdef7`
SHA3	`62af8eb5cf330f7230eb621c64a4c3a20d1e9fff04b12f9c5539a13f232d84e7`

510

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x100`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.16966`
MD5	`c170cd171de2d84e38a6d99af001e696`
SHA1	`c40a0052c938be123472b11e7bba4fd5944c7ee8`
SHA256	`a29546a886d714ed1d1ac98c8d8b2257c218be274a6a45ec7c21e8faaf3d9eff`
SHA3	`4e6e3c4a01d75e7ed73dcb9214b4f91e42e16c5f4cd8a5c940c897a6773dd7bb`

513

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x208`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.2996`
MD5	`4560111898842cf658e7e9e03f3d107d`
SHA1	`3bed9c1bf786ffe0cc6dd7103b401bfcea7af8c9`
SHA256	`49d3176e36c5912fc1289a4667ab542d6e2204cbe302476cce04f311aeb9f877`
SHA3	`89ff53714cdd4631505cded084eca1a7bae48ff9faa5132864d95f3513797469`

514

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x640`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.42721`
MD5	`4a576dbfc7b0f1134df5738927bf2a63`
SHA1	`aee181d89b3a5b866ea7ac56106b3586e6106e91`
SHA256	`0c965385be7a95aaa9a7b5878166ccfdd3d88eb4b59baeb342cfec0caee6d964`
SHA3	`66cf2028010a40c1b6431847ffbdf91873db35561a7ea8faa0e9bc8ef048eba0`

516

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x60`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.68161`
MD5	`fdf1b9b8ee466822c758016ed2e85ac2`
SHA1	`9ee7fbfd79dd6973e52a80fa3dad361dbaf3e781`
SHA256	`fb16cad21bd7a630992f0dedbf98814096002a137f573befd60642649abff740`
SHA3	`2b32a27e4fc84177af4c26cfa8bca566d3ed5aa272e43458fa4ae74bf473c22a`

537

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x118`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.17476`
MD5	`ad88887f314abcbe7ea827ebf0dd4a75`
SHA1	`b7ffae9a19ce64dd3a27db24e0902277b87a41d2`
SHA256	`9c462ce7c68aac40c238fcff0686f03173850be9c3ef6999cf3f20007ba13ec8`
SHA3	`30c9bfb31d65ec1f2cd02857361ba72d751d00b3abb32ce4d4f049326f73f3e1`

538

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1b4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.25972`
MD5	`94e17f759d60b6085e8c5235c9e00d9b`
SHA1	`d4504f1e5769af8f6faf2f07e5ceabcfbec0e355`
SHA256	`b9bd1c2f94fb82aa7a63b0ca645ecee182b18b7ba25bfe3cdbadba098938f930`
SHA3	`bf5bc88ff144da3bb1de470aa6e77c4620449d43e831965f112546253f7ffb1c`

539

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.23233`
MD5	`4778c793abfa66a47de589d9cb33bbc1`
SHA1	`e6d063d69cea8a3ef74a7dcb2dcdfd20058d6e38`
SHA256	`2c5b2c154828c22d05ff39ba63358a2052130b7ff346329144db7aeb914c9cae`
SHA3	`785f0101cb79439a4f1efcbe66f6ea3e0385f3fc9f929d79aa155e4706bfa004`

540

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x35c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.53049`
MD5	`0975f30eebf4a44d9b29483829c12bdf`
SHA1	`d05153f5623eeaddb69824bc9bdcc301bb6a13f2`
SHA256	`18ad7a4678b8d4f10ff9ac0ec0e048ae208191e41dda8ef03b1b298c0b11ba3e`
SHA3	`210b4f217f048b29b0d77f742b5de60d1aadba5504127f66f534b88e4acee270`

5011

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xc4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.97689`
MD5	`81e3aaa6aac22e10a6388cc1be5c603e`
SHA1	`a168ab245a027d1570c67cb9075fce5c2a1190e5`
SHA256	`f04f9626c030d7901a41ae99fbb7c44e021a5622fe0c87afd25bbea74c774ce7`
SHA3	`8069bd173aa8b87eb7dbe91f94f1d92cc2336a17c53db55a9da91e80a3725166`

5013

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.50101`
MD5	`5ee67655701ae2a64802f19e80bf3ff4`
SHA1	`256a53287b9e8f1f7a5a880b825e1860c312563b`
SHA256	`b5e5cde1b15e83b2ad47dd6d786135f2af8f9c925f1c1225475d1e7d526a8592`
SHA3	`cd35c4e215eed6f13a6ac903e19f78400d80c72ec798238fb72e13cd8116a1ab`

5015

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1e0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.7977`
MD5	`67f4a8a6e3f817046896dd728c5ec674`
SHA1	`9be76fec5304ede30dbfade16f21594c1044f96b`
SHA256	`e4de34e2427b167fadb229ae75eb2bcfe6efd0a9e39d46590ea0166405d323f8`
SHA3	`de6785edb7fcfa59168fdf4f8c6be3aa0eeca4d36853f113dc2cf0966e779a46`

5017

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xd6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.21771`
MD5	`156b24162fb739beed052accba5a1b34`
SHA1	`e853571a61f706503f1d25f906d8806ec9d50636`
SHA256	`76a7cc25a09de4f80f0d640b07e71a16df55de590e3f6b022184ee49c9e291df`
SHA3	`6d7440f465fbec875c988e16877ebb88835f0788dfd4fef3495e18e6e0824adf`

104

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.67969`
Detected Filetype	Icon file
MD5	`4109bc7c671b196b116e999d2ebdeeac`
SHA1	`c816dbc492d9da38450803c20d8f7aaadc627c2b`
SHA256	`f9b4014be9add968851b182b35be4bebf08b130659350120c5fc279bb2f99953`
SHA3	`5b75ba9909bf40304430f4181b00c25f41887768084a13ca38cac6ddf7be1b42`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x15a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.79597`
MD5	`24d3b502e1846356b0263f945ddd5529`
SHA1	`bac45b86a9c48fc3756a46809c101570d349737d`
SHA256	`49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e`
SHA3	`1244ed60820da52dc4b53880ec48e3b587dbdbd9545f01fa2b1c0fcfea1d5e9e`

Version Info

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x4731a8`
SEHandlerTable	`0x414440`
SEHandlerCount	`3`

RICH Header

XOR Key	`0x52986571`
Unmarked objects	`0`
ASM objects (VS2008 build 21022)	`19`
C objects (VS2008 build 21022)	`99`
Imports (VS2008 SP1 build 30729)	`5`
Total imports	`109`
C++ objects (VS2008 build 21022)	`32`
Linker (VS2008 build 21022)	`1`
Resource objects (VS2008 build 21022)	`1`

43552a97ad0ad4bd9b4bda6888689394

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

Imports

Delayed Imports

110

1

2

3

4

102

103

106

108

110 (#2)

111

112

113

114

503

504

505

508

509

510

513

514

516

537

538

539

540

5011

5013

5015

5017

104

1 (#2)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors