46f17aee23ceb1571f17eebc05d36e70

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2020-Jun-08 20:46:07
Detected languages Chinese - PRC

Plugin Output

Suspicious This PE is packed with VMProtect Unusual section name found: .vmp0
Unusual section name found: .vmp1
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
  • LoadLibraryW
Functions which can be used for anti-debugging purposes:
  • CreateToolhelp32Snapshot
Can access the registry:
  • RegQueryValueA
  • RegSetValueExA
  • RegOpenKeyExA
  • RegCloseKey
  • RegCreateKeyExA
Possibly launches other programs:
  • WinExec
  • ShellExecuteA
Can create temporary files:
  • CreateFileA
  • GetTempPathA
  • CreateFileW
Uses functions commonly found in keyloggers:
  • GetForegroundWindow
  • CallNextHookEx
Memory manipulation functions often used by packers:
  • VirtualAlloc
  • VirtualProtect
Leverages the raw socket API to access the Internet:
  • #17
  • #10
  • #16
  • #5
  • #1
  • #14
  • #101
  • #12
  • #3
  • #116
Enumerates local disk drives:
  • GetVolumeInformationA
Manipulates other processes:
  • WriteProcessMemory
Can take screenshots:
  • GetDC
  • BitBlt
  • CreateCompatibleDC
Reads the contents of the clipboard:
  • GetClipboardData
Malicious VirusTotal score: 29/72 (Scanned on 2020-06-16 22:08:35) Bkav: HW32.Packed.
CAT-QuickHeal: Trojan.Wacatac
McAfee: Artemis!46F17AEE23CE
Sangfor: Malware
CrowdStrike: win/malicious_confidence_100% (D)
K7GW: Trojan ( 00563cb01 )
K7AntiVirus: Trojan ( 00563cb01 )
Invincea: heuristic
Symantec: ML.Attribute.HighConfidence
APEX: Malicious
Avast: Win32:Malware-gen
Rising: Malware.Heuristic!ET#100% (RDMK:cmRtazqQZTRPi45qrXBtnIm93AeQ)
Sophos: Mal/Generic-S
F-Secure: Heuristic.HEUR/AGEN.1120065
McAfee-GW-Edition: Artemis
Trapmine: suspicious.low.ml.score
FireEye: Generic.mg.46f17aee23ceb157
SentinelOne: DFI - Malicious PE
Webroot: W32.Trojan.Gen
Avira: HEUR/AGEN.1120065
Endgame: malicious (high confidence)
Microsoft: Trojan:Win32/Occamy.C95
Cynet: Malicious (score: 100)
AhnLab-V3: Malware/Win32.Generic.C3520638
Acronis: suspicious
Ikarus: Trojan.Win32.Krypt
AVG: Win32:Malware-gen
Cybereason: malicious.bb4c74
Qihoo-360: Generic/HEUR/QVM19.1.D7DB.Malware.Gen

Hashes

MD5 46f17aee23ceb1571f17eebc05d36e70
SHA1 0fa3431bb4c74876a26a5be004f6eaea8229a195
SHA256 9542a772bbcdb25030314ef30e2f37906a7cd40b6e9a27fbdfaa3d3ecb8f1c7d
SHA3 f8017e196c315eb5f7ea57e855d1b9055083d98ba5074c7a3164154337804448
SSDeep 786432:+NXK6CYBtVvhrfjnnk8xE0RwpQFyXxrV:+NXK6Vvnnk8e0azBrV
Imports Hash 59c5bbee4803d1723968c198102ea56d

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 6
TimeDateStamp 2020-Jun-08 20:46:07
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0x140000
SizeOfInitializedData 0xa50000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x01CADD8B (Section: .vmp1)
BaseOfCode 0x1000
BaseOfData 0x141000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 5.0
ImageVersion 0.0
SubsystemVersion 5.0
Win32VersionValue 0
SizeOfImage 0x38a8000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x13fc66
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x9ff818
VirtualAddress 0x141000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x46068
VirtualAddress 0xb41000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x107e511
VirtualAddress 0xb88000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1

MD5 aa5a5b2d0844109b75fe7f93fb97c623
SHA1 5ad7b24cc480f38beb365b16c0c824094a940cb0
SHA256 5594981228d452c2d343bef111c034a082bd3ff278956e8f8339aaa592ec035d
SHA3 3310a4cd5f888cf8c6893a1190dd51b864fb886e55d13a96576198394ffe7924
VirtualSize 0x1c97ad0
VirtualAddress 0x1c07000
SizeOfRawData 0x1c98000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.99748

.rsrc

MD5 f2d90b8d32baf3fb12b7867dea9212ce
SHA1 cd2f7cebdfec034ea2dfc416485b07fc65f0061f
SHA256 2ed4e31d8fdb6525e4d7b6ea7910cdafecaecbb8ca968c470fe6a48bb685b372
SHA3 c12769a15ebbd99f7e77c81e134a426357f488ce13d3967a6d0c767d375332e6
VirtualSize 0x8eee
VirtualAddress 0x389f000
SizeOfRawData 0x6000
PointerToRawData 0x1c99000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.25154

Imports

KERNEL32.dll LockFile
FlushFileBuffers
SetFilePointer
DuplicateHandle
lstrcpynA
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
InterlockedDecrement
SuspendThread
ReleaseMutex
CreateMutexA
TerminateThread
GetCurrentProcess
GetWindowsDirectoryA
GetSystemDirectoryA
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
SetStdHandle
IsBadCodePtr
IsBadReadPtr
CompareStringW
CompareStringA
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualAlloc
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
TerminateProcess
RaiseException
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
ReadFile
lstrlenW
RemoveDirectoryA
GetModuleFileNameA
WideCharToMultiByte
MultiByteToWideChar
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrlenA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetUserDefaultLCID
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetLastError
GetVersionExA
WritePrivateProfileStringA
GetPrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
GetTempPathA
FindFirstFileA
FindClose
GetFileAttributesA
DeleteFileA
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
GetFileSize
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
GetDiskFreeSpaceA
MulDiv
SetLocalTime
GetCommandLineA
GetTickCount
WaitForSingleObject
CloseHandle
UnlockFile
SetEndOfFile
lstrcmpiA
GlobalDeleteAtom
InterlockedIncrement
USER32.dll GetMenuItemCount
wsprintfA
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
GetCursorPos
MessageBoxA
SetWindowPos
SendMessageA
DestroyCursor
SetParent
IsWindow
PostMessageA
GetTopWindow
GetParent
GetFocus
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
EqualRect
GetWindowRect
SetForegroundWindow
DestroyMenu
IsChild
ReleaseDC
IsRectEmpty
FillRect
GetDC
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon
IntersectRect
InflateRect
SetRect
SetScrollPos
SetScrollRange
GetScrollRange
SetCapture
GetCapture
ReleaseCapture
SetTimer
KillTimer
WinHelpA
LoadBitmapA
GetForegroundWindow
LoadIconA
TranslateMessage
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
SystemParametersInfoA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetClassInfoA
DefWindowProcA
GetMenu
SetMenu
GetWindowTextA
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
UnregisterClassA
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
GetClassNameA
GetDesktopWindow
LoadStringA
GetSysColorBrush
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
GDI32.dll CreatePalette
StretchBlt
SelectPalette
RealizePalette
GetDIBits
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
CreateBitmap
SelectObject
CreatePen
PatBlt
CombineRgn
CreateRectRgn
FillRgn
CreateSolidBrush
CreateFontIndirectA
GetStockObject
GetObjectA
EndPage
GetSystemPaletteEntries
DeleteDC
StartDocA
StartPage
BitBlt
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ExcludeClipRect
MoveToEx
LineTo
CreateDIBitmap
DeleteObject
SelectClipRgn
CreatePolygonRgn
GetClipRgn
SetStretchBltMode
CreateRectRgnIndirect
SetBkColor
EndDoc
GetTextMetricsA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetViewportExtEx
ExtSelectClipRgn
WINMM.dll midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutRestart
WINSPOOL.DRV ClosePrinter
DocumentPropertiesA
OpenPrinterA
ADVAPI32.dll RegQueryValueA
RegSetValueExA
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
SHELL32.dll ShellExecuteA
Shell_NotifyIconA
SHGetSpecialFolderPathA
ole32.dll CLSIDFromProgID
OleInitialize
OleUninitialize
CLSIDFromString
CoCreateInstance
OleRun
OLEAUT32.dll #9
#12
#19
#20
#17
#24
#23
#25
#11
#8
#2
#16
#15
#26
#163
#165
#161
#186
COMCTL32.dll ImageList_Destroy
#17
WS2_32.dll #17
#10
#16
#5
#1
#14
#101
#12
#3
#116
comdlg32.dll GetFileTitleA
GetSaveFileNameA
ChooseColorA
GetOpenFileNameA
WTSAPI32.dll WTSSendMessageW
KERNEL32.dll (#2) LockFile
FlushFileBuffers
SetFilePointer
DuplicateHandle
lstrcpynA
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
InterlockedDecrement
SuspendThread
ReleaseMutex
CreateMutexA
TerminateThread
GetCurrentProcess
GetWindowsDirectoryA
GetSystemDirectoryA
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
SetStdHandle
IsBadCodePtr
IsBadReadPtr
CompareStringW
CompareStringA
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualAlloc
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
TerminateProcess
RaiseException
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
ReadFile
lstrlenW
RemoveDirectoryA
GetModuleFileNameA
WideCharToMultiByte
MultiByteToWideChar
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrlenA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetUserDefaultLCID
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetLastError
GetVersionExA
WritePrivateProfileStringA
GetPrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
GetTempPathA
FindFirstFileA
FindClose
GetFileAttributesA
DeleteFileA
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
GetFileSize
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
GetDiskFreeSpaceA
MulDiv
SetLocalTime
GetCommandLineA
GetTickCount
WaitForSingleObject
CloseHandle
UnlockFile
SetEndOfFile
lstrcmpiA
GlobalDeleteAtom
InterlockedIncrement
USER32.dll (#2) GetMenuItemCount
wsprintfA
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
GetCursorPos
MessageBoxA
SetWindowPos
SendMessageA
DestroyCursor
SetParent
IsWindow
PostMessageA
GetTopWindow
GetParent
GetFocus
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
EqualRect
GetWindowRect
SetForegroundWindow
DestroyMenu
IsChild
ReleaseDC
IsRectEmpty
FillRect
GetDC
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon
IntersectRect
InflateRect
SetRect
SetScrollPos
SetScrollRange
GetScrollRange
SetCapture
GetCapture
ReleaseCapture
SetTimer
KillTimer
WinHelpA
LoadBitmapA
GetForegroundWindow
LoadIconA
TranslateMessage
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
SystemParametersInfoA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetClassInfoA
DefWindowProcA
GetMenu
SetMenu
GetWindowTextA
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
UnregisterClassA
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
GetClassNameA
GetDesktopWindow
LoadStringA
GetSysColorBrush
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
KERNEL32.dll (#3) LockFile
FlushFileBuffers
SetFilePointer
DuplicateHandle
lstrcpynA
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
InterlockedDecrement
SuspendThread
ReleaseMutex
CreateMutexA
TerminateThread
GetCurrentProcess
GetWindowsDirectoryA
GetSystemDirectoryA
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
SetStdHandle
IsBadCodePtr
IsBadReadPtr
CompareStringW
CompareStringA
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualAlloc
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
TerminateProcess
RaiseException
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
ReadFile
lstrlenW
RemoveDirectoryA
GetModuleFileNameA
WideCharToMultiByte
MultiByteToWideChar
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrlenA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetUserDefaultLCID
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetLastError
GetVersionExA
WritePrivateProfileStringA
GetPrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
GetTempPathA
FindFirstFileA
FindClose
GetFileAttributesA
DeleteFileA
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
GetFileSize
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
GetDiskFreeSpaceA
MulDiv
SetLocalTime
GetCommandLineA
GetTickCount
WaitForSingleObject
CloseHandle
UnlockFile
SetEndOfFile
lstrcmpiA
GlobalDeleteAtom
InterlockedIncrement
USER32.dll (#3) GetMenuItemCount
wsprintfA
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
GetCursorPos
MessageBoxA
SetWindowPos
SendMessageA
DestroyCursor
SetParent
IsWindow
PostMessageA
GetTopWindow
GetParent
GetFocus
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
EqualRect
GetWindowRect
SetForegroundWindow
DestroyMenu
IsChild
ReleaseDC
IsRectEmpty
FillRect
GetDC
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon
IntersectRect
InflateRect
SetRect
SetScrollPos
SetScrollRange
GetScrollRange
SetCapture
GetCapture
ReleaseCapture
SetTimer
KillTimer
WinHelpA
LoadBitmapA
GetForegroundWindow
LoadIconA
TranslateMessage
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
SystemParametersInfoA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetClassInfoA
DefWindowProcA
GetMenu
SetMenu
GetWindowTextA
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
UnregisterClassA
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
GetClassNameA
GetDesktopWindow
LoadStringA
GetSysColorBrush
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect

Delayed Imports

1

Type TEXTINCLUDE
Language Chinese - PRC
Codepage UNKNOWN
Size 0xb
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 74da4121dc1c0ed2a8e5b0741f824034
SHA1 e89931b7aa0422594a6876f9bd77450cdb6353ec
SHA256 71b6c1d53832f789a7f2435a7c629245fa3761ad8487775ebf4957330213a706
SHA3 8aca52847e66b1ed300b1465a9a253f9f74f2cf6df3c88c9caee389fea2d5ace

2

Type TEXTINCLUDE
Language Chinese - PRC
Codepage UNKNOWN
Size 0x16
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 db46e81649d6863b16bd99ab139c865b
SHA1 60ab0dd2ef31cfb96d52fa0a429c3803417db5c2
SHA256 6a4875ddaceaa91fb3369f0f6d962f77442daf1b1d97733457d12bcabdf79441
SHA3 261ba2959b6abbc6d419b9837a17b463c571b02982a9c7a5f265858ea4f7f54c

3

Type TEXTINCLUDE
Language Chinese - PRC
Codepage UNKNOWN
Size 0x151
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 402ffe63deabe286f6c3895b574fa973
SHA1 d359bf1d4aeb276b19543710b69fc9b4a71968a9
SHA256 3ad337042948f15072caf3da89730e6cc6d42657af2b2291806c4fd45ee1aae6
SHA3 304541a548f43e85a51f4296a90c0aa1385138205a4c5fe1c87eea4403bcad61

1 (#2)

Type RT_CURSOR
Language Chinese - PRC
Codepage UNKNOWN
Size 0x134
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 a2a5bb0f1f0a8eb31a3c60a6ad28543f
SHA1 80ae948ca52e33a2dcd21779fa392266aa4cd8e1
SHA256 9575b2125169377b2ade7b401ea36c81228331d971f49664d9648d4f255d4868
SHA3 013abf10282fa58151b0e6c5359f78e6ffbc5426ff76f3229c8eacbaf1973e38

2 (#2)

Type RT_CURSOR
Language Chinese - PRC
Codepage UNKNOWN
Size 0x134
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 a2a5bb0f1f0a8eb31a3c60a6ad28543f
SHA1 80ae948ca52e33a2dcd21779fa392266aa4cd8e1
SHA256 9575b2125169377b2ade7b401ea36c81228331d971f49664d9648d4f255d4868
SHA3 013abf10282fa58151b0e6c5359f78e6ffbc5426ff76f3229c8eacbaf1973e38

3 (#2)

Type RT_CURSOR
Language Chinese - PRC
Codepage UNKNOWN
Size 0x134
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 a2a5bb0f1f0a8eb31a3c60a6ad28543f
SHA1 80ae948ca52e33a2dcd21779fa392266aa4cd8e1
SHA256 9575b2125169377b2ade7b401ea36c81228331d971f49664d9648d4f255d4868
SHA3 013abf10282fa58151b0e6c5359f78e6ffbc5426ff76f3229c8eacbaf1973e38

4

Type RT_CURSOR
Language Chinese - PRC
Codepage UNKNOWN
Size 0xb4
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 c402ea01f458a9dfb9e0fafa0c5eb21e
SHA1 3c606ec5158614d4171a0806646ab861b142e766
SHA256 10b2a66888c58a54b277fe2e68fb6e87150c3cd2c537b7f6a2d84559017438c7
SHA3 91b260ef685eaef11d601c34debbcd44f1c3980b2571482920e884092f82e666

1031

Type RT_BITMAP
Language Chinese - PRC
Codepage UNKNOWN
Size 0x248
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 7a265747dc11d8a73c0ce39f3d0c6b7a
SHA1 915e7ce85d774de4bef9e65705fdced5b6ccb89c
SHA256 62ec1707572ac5078d31a687a5d23de0c6d2a58d3462efb7039957548a7986cc
SHA3 204a091aa695734976c9857008f3e7f8741ba397ce7b53a66e913b2b653da4aa
Preview

1038

Type RT_BITMAP
Language Chinese - PRC
Codepage UNKNOWN
Size 0x144
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 53e079183ddf7a114aed02f9f4d3efbd
SHA1 df6b573dde3185f29911af037f70a9319d40fb77
SHA256 7119f314d3837dac54bf984118de657f6f1e6dfd2a2b2a20510454f762dddf11
SHA3 71f6a6adba30bf6537cd7df2ef26312fb14317f64db2363aa229ada218776be7
Preview

1138

Type RT_BITMAP
Language Chinese - PRC
Codepage UNKNOWN
Size 0x158
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 15120767b40b12ccc180202acd5b968a
SHA1 78f77558d7b485ccfe1d413a06d0a067fd8d629d
SHA256 7c7f15ed27de2f3a51d1da31356b27ea1be15370faa3caab96606e5390ebbd0e
SHA3 3e5a8cf51cab27ed39e93fca04b33c8cd29876749e41b72dea1846f24830c315
Preview

1139

Type RT_BITMAP
Language Chinese - PRC
Codepage UNKNOWN
Size 0x158
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 905a0b9a5456ee962223033473666be3
SHA1 5a9d6079b8c59c67af90e507f2e99f16bc17f8e2
SHA256 46f531b7ea0428fbf2c3ca2b60e8dc33d6bbfa000e0fd1b489c5e39140a47006
SHA3 1898020df56c4293e6058b583fe4f971191c7ad4a70c1d140f9b494d93380a67
Preview

1140

Type RT_BITMAP
Language Chinese - PRC
Codepage UNKNOWN
Size 0x158
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

1141

Type RT_BITMAP
Language Chinese - PRC
Codepage UNKNOWN
Size 0x158
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

1142

Type RT_BITMAP
Language Chinese - PRC
Codepage UNKNOWN
Size 0x158
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

1143

Type RT_BITMAP
Language Chinese - PRC
Codepage UNKNOWN
Size 0x158
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

1144

Type RT_BITMAP
Language Chinese - PRC
Codepage UNKNOWN
Size 0x158
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

1145

Type RT_BITMAP
Language Chinese - PRC
Codepage UNKNOWN
Size 0x158
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

26567

Type RT_BITMAP
Language Chinese - PRC
Codepage UNKNOWN
Size 0x5e4
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

30994

Type RT_BITMAP
Language Chinese - PRC
Codepage UNKNOWN
Size 0xb8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

30995

Type RT_BITMAP
Language Chinese - PRC
Codepage UNKNOWN
Size 0x16c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

30996

Type RT_BITMAP
Language Chinese - PRC
Codepage UNKNOWN
Size 0x144
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

1 (#3)

Type RT_ICON
Language Chinese - PRC
Codepage UNKNOWN
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.12749
MD5 0cb42696bae18798cb7086367e1c8648
SHA1 c8c1ea6ee6ae4285986c9ef7e3df213a32d76150
SHA256 c70bbabb35024b71265ad0cbc6b6553146b8417e6469c7031b292f87ac7f027c
SHA3 6f2d62a1fa986d2ef581c9c32b9e13c28f1689842f0bb999dd64e6ad58ac8fd3

2 (#3)

Type RT_ICON
Language Chinese - PRC
Codepage UNKNOWN
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.18858
MD5 f7689df1f1046fd3a9329c2bed028a7a
SHA1 5c81380f4db520c34783768d528a1223ccc10298
SHA256 bfd6b9443d835d48f4872879c901fd73a9cb1dcd85ceb44ab769410cf282b756
SHA3 d8707398afb787b830b3e9fdd416041d648fd4ba2e0988a16906f692a85b7dc1

3 (#3)

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.8905
MD5 76f5fbb2c3421771509f05ebaa4c4a84
SHA1 671ce67567b57fe9d2f0f2a4989787d5268c8db6
SHA256 c114f513adcf1d48142e1e5cf51c857fbd1fc8300c7186176350eb53dcd1bf64
SHA3 ac02fe131d5750dd916faed84d455da8991c91b95e2a1131ef9f69a6d1abd535

127

Type RT_MENU
Language Chinese - PRC
Codepage UNKNOWN
Size 0xc
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

1039

Type RT_MENU
Language Chinese - PRC
Codepage UNKNOWN
Size 0x284
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

150

Type RT_DIALOG
Language Chinese - PRC
Codepage UNKNOWN
Size 0x98
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

286

Type RT_DIALOG
Language Chinese - PRC
Codepage UNKNOWN
Size 0x17a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

554

Type RT_DIALOG
Language Chinese - PRC
Codepage UNKNOWN
Size 0xfa
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

1037

Type RT_DIALOG
Language Chinese - PRC
Codepage UNKNOWN
Size 0xea
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

1084

Type RT_DIALOG
Language Chinese - PRC
Codepage UNKNOWN
Size 0x8ae
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

1124

Type RT_DIALOG
Language Chinese - PRC
Codepage UNKNOWN
Size 0xb2
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

1134

Type RT_DIALOG
Language Chinese - PRC
Codepage UNKNOWN
Size 0xcc
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

1150

Type RT_DIALOG
Language Chinese - PRC
Codepage UNKNOWN
Size 0xb2
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

30721

Type RT_DIALOG
Language Chinese - PRC
Codepage UNKNOWN
Size 0xe2
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

30722

Type RT_DIALOG
Language Chinese - PRC
Codepage UNKNOWN
Size 0x18c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

3841

Type RT_STRING
Language Chinese - PRC
Codepage UNKNOWN
Size 0x50
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

3842

Type RT_STRING
Language Chinese - PRC
Codepage UNKNOWN
Size 0x2c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

3843

Type RT_STRING
Language Chinese - PRC
Codepage UNKNOWN
Size 0x78
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

3857

Type RT_STRING
Language Chinese - PRC
Codepage UNKNOWN
Size 0x1c4
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

3858

Type RT_STRING
Language Chinese - PRC
Codepage UNKNOWN
Size 0x12a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

3859

Type RT_STRING
Language Chinese - PRC
Codepage UNKNOWN
Size 0x146
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

3865

Type RT_STRING
Language Chinese - PRC
Codepage UNKNOWN
Size 0x40
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

3866

Type RT_STRING
Language Chinese - PRC
Codepage UNKNOWN
Size 0x64
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

3867

Type RT_STRING
Language Chinese - PRC
Codepage UNKNOWN
Size 0x1d8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

3868

Type RT_STRING
Language Chinese - PRC
Codepage UNKNOWN
Size 0x114
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

3869

Type RT_STRING
Language Chinese - PRC
Codepage UNKNOWN
Size 0x24
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

1032

Type RT_GROUP_CURSOR
Language Chinese - PRC
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

1033

Type RT_GROUP_CURSOR
Language Chinese - PRC
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

30977

Type RT_GROUP_CURSOR
Language Chinese - PRC
Codepage UNKNOWN
Size 0x22
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

DEFAULT_ICON

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.0815
Detected Filetype Icon file
MD5 7ab4bec918d0a576bdc900b04936b73c
SHA1 f87fe25b1d9e7addfcc032c2ce6cd5a749e13e71
SHA256 28d38d528e682cb6a7330cc38828a3d79c559433b55829c017f7aaa73ba9ed8a
SHA3 4eb1f95ccaf68baa9e1b73d77c71e34bc1b90c1d8a32d8f3d21ea709017c015a

1151

Type RT_GROUP_ICON
Language Chinese - PRC
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.16096
Detected Filetype Icon file
MD5 42cf62b780813706e75fb9f2b2e8c258
SHA1 a022d5c1cfdd8aace0089f3e72f2eedd41bda464
SHA256 a0c9d012e2bf6b2fe05c2d97cb5594d97cf2f539e97935c12abd7a3562f4d9bf
SHA3 0aafc8e3d8b6bde595537da4ffe0efc5fe53f01dafe336a2a5828b6a71283d3c

1152

Type RT_GROUP_ICON
Language Chinese - PRC
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.02322
Detected Filetype Icon file
MD5 7a9605cb416b1a091d889b9d9f37ec66
SHA1 866c01641d672b6cd69901c1e055f174f47b35bb
SHA256 6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164
SHA3 af43e622bf6c842d1ada2985f8e68920ff7b22d8a0b1a12871968c23b5065651

1 (#4)

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0x2b9
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.02094
MD5 81bb5086381a0ba0ec82f9f535d4da09
SHA1 76cd4dc3c6cb2b87915fbc045bff77970b35bb59
SHA256 70b7f6ec24cf159809467626ceade9ba45e1c46660c86257e85db8caa6b1926b
SHA3 76b7110a1f59d6dc9cb205115491a75442c3246bdfee48e362a63c338fb5ac6f

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not read the exported DLL name. [*] Warning: Section .text has a size of 0! [*] Warning: Section .rdata has a size of 0! [*] Warning: Section .data has a size of 0! [*] Warning: Section .vmp0 has a size of 0! [!] Error: Bitmap is malformed! [!] Error: Bitmap is malformed! [!] Error: Bitmap is malformed! [!] Error: Bitmap is malformed! [!] Error: Bitmap is malformed! [!] Error: Bitmap is malformed! [!] Error: Bitmap is malformed! [!] Error: Bitmap is malformed! [!] Error: Bitmap is malformed! [!] Error: Bitmap is malformed! [*] Warning: Resource is empty! [*] Warning: Resource is empty! [*] Warning: Resource is empty! [*] Warning: Resource is empty! [*] Warning: Resource is empty! [*] Warning: Resource is empty! [*] Warning: Resource is empty! [*] Warning: Resource is empty! [*] Warning: Resource is empty! [*] Warning: Resource is empty! [*] Warning: Resource is empty! [*] Warning: Resource is empty! [*] Warning: Resource 1032 is empty! [*] Warning: Resource 1033 is empty! [*] Warning: Resource 30977 is empty!
<-- -->