Manalyze report for 463a7d2e436192f8d68236ac24eae49a

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1970-Jan-04 19:01:20
Detected languages	English - United States
TLS Callbacks	2 callback(s) detected.

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: CurrentVersion\Run`
Suspicious	The PE contains functions most legitimate programs don't use.	`Can access the registry: RegCloseKey RegOpenKeyExA RegSetValueExA` `Possibly launches other programs: CreateProcessA` `Leverages the raw socket API to access the Internet: WSAConnect WSAGetLastError WSASocketA WSAStartup gethostbyname htons inet_addr inet_ntoa`
Suspicious	The PE is possibly a dropper.	`Resources amount for 86.1119% of the executable.`
Malicious	VirusTotal score: 27/73 (Scanned on 2019-05-13 15:23:23)	`MicroWorld-eScan: Gen:Variant.Ursu.372503` `Cylance: Unsafe` `BitDefender: Gen:Variant.Ursu.372503` `NANO-Antivirus: Trojan.Win32.Mlw.fmomfy` `F-Prot: W32/SelfStarterInternetTrojan!M` `GData: Gen:Variant.Ursu.372503` `Kaspersky: HEUR:Trojan.Win32.Generic` `Rising: Trojan.SAgent!8.10172/N3#82% (RDM+:cmRtazqlZHsu5Bo6HldHeV6KFSWf)` `Emsisoft: Gen:Variant.Ursu.372503 (B)` `F-Secure: Heuristic.HEUR/AGEN.1037508` `FireEye: Generic.mg.463a7d2e436192f8` `Cyren: W32/SelfStarterInternetTrojan!M` `Jiangmin: Trojan.Generic.cxyhe` `Avira: HEUR/AGEN.1037508` `MAX: malware (ai score=80)` `Microsoft: Trojan:Win32/Fuerboos.A!cl` `Arcabit: Trojan.Ursu.D5AF17` `ZoneAlarm: HEUR:Trojan.Win32.Generic` `AhnLab-V3: Malware/Win32.Generic.C2999064` `VBA32: suspected of Trojan.Downloader.gen.h` `ALYac: Gen:Variant.Ursu.372503` `Ad-Aware: Gen:Variant.Ursu.372503` `Panda: Trj/GdSda.A` `ESET-NOD32: a variant of Win32/Agent.TNJ` `AVG: Win32:Dh-A [Heur]` `Cybereason: malicious.e43619` `Avast: Win32:Dh-A [Heur]`

Hashes

MD5	`463a7d2e436192f8d68236ac24eae49a`
SHA1	`03ed75ed4efa33ef152079d338a6ff5d238f62a3`
SHA256	`ca29be7b230a0796aade7d4c510779a394633b7a82b07947e39587fd6847dd94`
SHA3	`833c8a8571eccf3a3fce343f39a94e8cbe3c66015f56f0e9e01d4cf378aacba3`
SSDeep	`3072:14PJNcOI/sdGgQAMVleHhwWHOtp4YKy+0FrWZCwO:14P/cOIUdG812WHS4YKy+DZJ`
Imports Hash	`75fd02fd2c484ede7ee1a4226bb5938c`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`9`
TimeDateStamp	1970-Jan-04 19:01:20
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x6800`
SizeOfInitializedData	`0x43600`
SizeOfUninitializedData	`0xe00`
AddressOfEntryPoint	`0x000012A0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x8000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x4a000`
SizeOfHeaders	`0x400`
Checksum	`0x47a84`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`4ecd4ec461398033a096c48c5fca4a2b`
SHA1	`403d999a49af398f540c519b84c03e9a363b1868`
SHA256	`31873b8f97eed6ee40a34a0ed3b0179a1ab7d47c0e41d06bde959ccb8989e33b`
SHA3	`3c5c3c9dbb8fd4f8e499a07e49bdafa6db612f119af48aade9c84c8a64c86c82`
VirtualSize	`0x6724`
VirtualAddress	`0x1000`
SizeOfRawData	`0x6800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.19477`

.data

MD5	`81d8f6a6b6cee65455a7b1def28ce406`
SHA1	`1297d4b2acc77c135afe22b74c0c64300ee17011`
SHA256	`48c3b9b328a4e6637f46c8a183b23cd10168562efeaed179f7229dd4c40d8728`
SHA3	`348c5f9973f9a462dce9df89eb77f259e3bc46721a736c90745decc94ee507f9`
VirtualSize	`0x28`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.340598`

.rdata

MD5	`541a62e8f964de28360eb39f50d0299b`
SHA1	`1500d49e6a61f3ec869ca974ba3e019bdd70b7df`
SHA256	`c1c362983e425fec0390ec57cf9fee36e2a29c97fff4c585de616c1dc35ba1da`
SHA3	`f1935e0aeb044a67934dbbf536643e7500ab307609a3254485a636f568a04a67`
VirtualSize	`0x538`
VirtualAddress	`0x9000`
SizeOfRawData	`0x600`
PointerToRawData	`0x6e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.05777`

.eh_fram

MD5	`3578870a49938dffa2db24222c1dd895`
SHA1	`dd51230f6d6add352626d4a25c255fd9625f05eb`
SHA256	`a1aa0cb922aa220cc5e5f4ea72181279bed94e504fe017ba49b672a01965f263`
SHA3	`0bc71c48a7ab16fbeb2bc8ee7437fb283bb1c21b5647961bed067ec0fa159399`
VirtualSize	`0xf88`
VirtualAddress	`0xa000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x7400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.8231`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xc38`
VirtualAddress	`0xb000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`bbb33a088b73ced859ba0ab009b7332e`
SHA1	`1159414349708ca8b070720ead1cdb5d14052e09`
SHA256	`4f77e3fb89294d3677b38539ac4286a3814ab2af442e2d2282eb3955b9a457d3`
SHA3	`8dde09eb334e44c228ec55b66590efb6bd98c02aa73c6a2b596db97bed298e55`
VirtualSize	`0x808`
VirtualAddress	`0xc000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x8400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.17718`

.CRT

MD5	`4781fa742672d181e014719185b90bef`
SHA1	`4969a86fcc196b355467d8df4459d521e9c3e5c4`
SHA256	`779dcd185ae9118f01b45911f189a492c2a212dc928e2020cb76cd053d4d156c`
SHA3	`15fdb94817e72fedb6e5f8e56927e9ea0c5d675c71996b6752c2612423931d26`
VirtualSize	`0x18`
VirtualAddress	`0xd000`
SizeOfRawData	`0x200`
PointerToRawData	`0x8e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.114463`

.tls

MD5	`fe6778d179e3250acc8348004287ff69`
SHA1	`f021af89f6ced5fecd40c7b3db818c9fc232992f`
SHA256	`4d0be593f65c95372da88231c5c07934d5b8f479ace423cc59ce227b7472a84f`
SHA3	`52d4778884883560200c93ede000f2918ac0dea4e5654d03f58411f6c40be057`
VirtualSize	`0x20`
VirtualAddress	`0xe000`
SizeOfRawData	`0x200`
PointerToRawData	`0x9000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.22482`

.rsrc

MD5	`be3e0d9f49267571ef4f680ecb8f7ade`
SHA1	`21d8e0df760303c7a97651e413c56b648493096d`
SHA256	`1ee17bc87bfe2f850f75a6caeb9e3f008a18e17fa5be013e4d0bb2bf556bf58d`
SHA3	`47e6f5cc07e9307eda2835e258c709782955c04039ca38e6ab680a931150b03f`
VirtualSize	`0x3a7a4`
VirtualAddress	`0xf000`
SizeOfRawData	`0x3a800`
PointerToRawData	`0x9200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.01733`

Imports

ADVAPI32.DLL	`RegCloseKey` `RegOpenKeyExA` `RegSetValueExA`
KERNEL32.dll	`CreateProcessA` `DeleteCriticalSection` `EnterCriticalSection` `ExitProcess` `GetFileAttributesA` `GetLastError` `GetModuleFileNameA` `GetModuleHandleA` `GetProcAddress` `InitializeCriticalSection` `InterlockedExchange` `IsDBCSLeadByteEx` `LeaveCriticalSection` `MultiByteToWideChar` `SetUnhandledExceptionFilter` `Sleep` `TlsGetValue` `VirtualProtect` `VirtualQuery` `WideCharToMultiByte`
msvcrt.dll	`__getmainargs` `__mb_cur_max` `__p__environ` `__p__fmode` `__set_app_type` `_cexit` `_errno` `_findclose` `_findfirst` `_findnext` `_fullpath` `_iob` `_mkdir` `_onexit` `_setmode` `abort` `atexit` `atoi` `calloc` `exit` `fclose` `fopen` `fputc` `fread` `free` `fwrite` `getenv` `localeconv` `malloc` `memcpy` `perror` `printf` `setlocale` `signal` `strcat` `strchr` `strcpy` `strlen` `strrchr` `vfprintf` `wcslen`
WS2_32.dll	`WSAConnect` `WSAGetLastError` `WSASocketA` `WSAStartup` `gethostbyname` `htons` `inet_addr` `inet_ntoa`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.89901`
MD5	`679559da39ef617420fb5ba00ad7fede`
SHA1	`cbf157d5a3f0ae87d8bc69372a507f03679df93f`
SHA256	`c538a007d476212a1c6c2594f1bdb4a0c71614f0a2670936c2b14d20946eab17`
SHA3	`ab1fe537f424fbedbaedf6928ef1c607839e2037427966d99c670b4f3e4669c0`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.909`
MD5	`a531516c4a3210eb71a310dd6e9cd1fa`
SHA1	`394916d53931b6eaf0a4d6e8f9d6986fc18bc854`
SHA256	`8e4a233397497ad55d904e7132149f1bd60508edcc2f18d8e3613cfb2b4fc391`
SHA3	`8efd1c56ae4282b479caba997c9178facb6fd146c29ce2b2416eb3c526b354f1`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.8598`
MD5	`b9e6067dc32382ec0585e0a0363a3273`
SHA1	`82027a19585ed29538090f6809126b5bb5e732a7`
SHA256	`1e25d428883e12b4ac197dc93933b7f67ce541493f3e9a7c62f3d09fb1ed14d7`
SHA3	`87df4ec316e6bb9d295e807f73a348a57fbc77200fc786f2223f411fcdff8f95`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.77381`
MD5	`3b6a17b1b1f9787a8a78ce305bb19f25`
SHA1	`9afb37ca572a76fb35f0cac0a63cb8ce1bbd89a5`
SHA256	`80a0fdc3c132366fa318481c67032860cd4806a9db3acd44318577ab79ff1303`
SHA3	`cdbd8a6b24c4ab3bdd33c4e70bc0d19327301ba6c672db3a7db5f94b82d4682a`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x9331`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.97157`
Detected Filetype	PNG graphic file
MD5	`2da33a3715c5fbb51ef3e13a224f883b`
SHA1	`fabb9ad788639d4e06a41fba97d0504ed39a5f89`
SHA256	`29bcba7892e33770dbf5c0b8c46cba9d792c7b37d186cc8982aeae83684a06e2`
SHA3	`955cf16b06a860d1452449a4b16af23f3fbc27d3e0a1bdb57f36e5019cda6eec`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.94065`
MD5	`5a8266ac91a7d3ca223a9053902bf83e`
SHA1	`1aa5485c8c81435b4ac828015dff5522e23afa4c`
SHA256	`420fa1e4bc253d9be1eaae4b64cffbffe6d7bf64c48120b23d7bb5db75180394`
SHA3	`c1baa873b22eaf450bf8a04558381cb1a3fc0998b3093f099b35e588bf15a298`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.34827`
MD5	`7bffcdb7d9cfea8b168672cb3517c02a`
SHA1	`87fbbdb9d6738feee966982ff8e1fd7a4f450d8c`
SHA256	`9f79f68a68df1538e5227a18f1323d0203312281ca744343d2c1d58e468cd6ca`
SHA3	`e005b06e78506c1cef768f8800a1718e14673f0b2b12f6b7f058b7a429fcaf44`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.99874`
MD5	`349b4fe5d4d828d2d06cf9616862d8f1`
SHA1	`fbd4595588ddb3f721479a88b03b2153f0190456`
SHA256	`24d1e435aaf7bfb7a413dfbc24b7f98693b0209d01825898ff7224939df9ab55`
SHA3	`013c3a605af7fc11fd61eb55b9eab5b7b833e0817cfac6cb202c6516c8f2b7b1`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.72407`
MD5	`80c4df0b1679d13a4ce2d585a05ffc95`
SHA1	`587a444f480c435c082b02b91964f2affe0513fa`
SHA256	`8c495c4208f1585ab7461cc78bf9ed0c6d7ac6ad0b2313651ffc4cef98da5d21`
SHA3	`77b9f55f4aad81a0463f1de4906ded175ae1544e790d1d44422f2b5a2439231f`

10

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.02059`
MD5	`1991fac8181412df45302062107ceacf`
SHA1	`b159b1b8af7f515eb1b193b7f51b47e4256ab323`
SHA256	`d7981c675295de726111943e00c6a20571947cb92bf86ef096dc8374592b6d07`
SHA3	`fdae546f9325178b0305b0f29a675ef8d635463a013f3abe5595e2742ccc001c`

11

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.38535`
MD5	`8d77db4adca86eb70b8741672c7a4487`
SHA1	`cbf951d72f48dc833bd9342aa1f80b4afbf872c8`
SHA256	`f5d7e2e53e7fbb02bdefa6939a7a8d813a151150fc3d43d4a4eacfde5e8832c7`
SHA3	`982726163f2bb234bafeb3171426945a1e15adc694bcac121d203356635ba44b`

12

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x67e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.385`
MD5	`09859c9b02717ea8a69d8e71979444a8`
SHA1	`b8c1693b13cae7f28ee9cfdc6c901cc4a02a938d`
SHA256	`70280d14dcc328b7f4df56edc78422ae32134dc3e1c50e009db314b978f063e0`
SHA3	`311e7ab24f912f8f7486e48114c572b5dd0299e98558d158d9ba6dc8608e62d6`

13

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.41529`
MD5	`6dec76830f4851e218208928822d4b13`
SHA1	`f1a0a2fbbb96073bda37b44814b0a6f84e343377`
SHA256	`f2d7903c67e14cadee8b4ab71da0f9401e017041242f63b54deab733aed3639e`
SHA3	`980710a3c2037facd8d68a821e0a3bc7ab4618c743ac256c00e73ce11485736f`

14

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.31716`
MD5	`a5c72607734ed6da4b56297555942833`
SHA1	`8075110e169c405079f0238b541de4fcf714ea85`
SHA256	`6f52e63da233b320829c8759806b12db9cea54842f50e226f10d434b50e65137`
SHA3	`3ea7a4d163383bd4c3780b58d1fb54fdf4e1721771a7269c3d4f897cdf3aae97`

15

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.62241`
MD5	`29794ad491ea7c2359e6211888b5e2e3`
SHA1	`8b7f8ed37f3904787f7cb60c4f244548fb3197c3`
SHA256	`2466a3b93a96894e995e2ea7a8fb1ac87947652ddfae3deba2abd6c0d643091a`
SHA3	`e9c620230866788969c296e9535f3bdccf8eb14b9b965b7e7f2dd7a7e329da6f`

16

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.57377`
MD5	`4d1ea3cac345c14372596906736c92f6`
SHA1	`1d83223665720d7d0d321916152eefe9e0d8a5cc`
SHA256	`adaf438ef11e8ebd9928f9bb7a67d1b10560f653cef3d58e9ea7904a4bf4bffa`
SHA3	`c3b49141cff1d0cd433c6cbff850cb75da65f0e9243e56ae1a404bb328fec062`

17

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.94348`
MD5	`de02d38ca826e4d405bc15864f1b57b0`
SHA1	`9904ec682caf2dbdc16277ac12d7899666c854d0`
SHA256	`0e52180f9e2d8cfa049e91383ea6e8825520c1ae4acc6133efa784de3af6cee0`
SHA3	`deb6302c6f968485ab448d02149fc348f4eeddbcf1097a69d0725fd6b0100958`

18

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.95597`
MD5	`e714a434e5b932dd49b25c5f56855b0f`
SHA1	`7c2db2e378d256b5eea638cb06d267062a2782d4`
SHA256	`ca02201e325df79315d4a4e65cab788a9d755fed511c442a8981bebc92b4f470`
SHA3	`b0b5810803de813365ab67f071860e61f28955c5125a908bea147deae793bf4a`

MAINICON

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x102`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.29655`
Detected Filetype	Icon file
MD5	`efe1077ab21651a2bca52d1710124932`
SHA1	`648ef3dcc2af95b24a6c12df0535380640bfe3f8`
SHA256	`5ea89d62a76ddb2f3f29261b19e37437e88b24ad2ae8da920ca6b6eafff92740`
SHA3	`62b5c089e5d195486d9531f618746133b44461a0704eb54a48dc3486d2fe170f`

Version Info

TLS Callbacks

StartAddressOfRawData	`0x40e001`
EndAddressOfRawData	`0x40e01c`
AddressOfIndex	`0x40b014`
AddressOfCallbacks	`0x40d004`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x004015D0` `0x00401580`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!