Manalyze report for 47b2924f850d82ba10e064805367964d

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-May-14 11:05:36
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ v6.0 DLL` `Microsoft Visual C++ 6.0 - 8.0`
Suspicious	PEiD Signature:	`HQR data file`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Looks for Qemu presence: QEmu` `Miscellaneous malware strings: cmd.exe`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses constants related to Blowfish` `Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found: .qtmetad`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW LoadLibraryW LoadLibraryA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot CheckRemoteDebuggerPresent SwitchToThread` `Can access the registry: RegQueryInfoKeyW RegFlushKey RegEnumValueW RegEnumKeyExW RegDeleteValueW RegDeleteKeyW RegCreateKeyExW RegCloseKey RegOpenKeyExW RegQueryValueExW RegSetValueExW RegNotifyChangeKeyValue` `Possibly launches other programs: CreateProcessW CreateProcessA ShellExecuteW` `Uses Microsoft's cryptographic API: CryptAcquireContextA CryptReleaseContext CryptDestroyKey CryptSetHashParam CryptGetProvParam CryptGetUserKey CryptExportKey CryptDecrypt CryptCreateHash CryptDestroyHash CryptSignHashA CryptEnumProvidersA` `Can create temporary files: CreateFileW GetTempPathW GetTempPathA` `Uses functions commonly found in keyloggers: MapVirtualKeyW GetAsyncKeyState CallNextHookEx GetForegroundWindow AttachThreadInput` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Leverages the raw socket API to access the Internet: WSARecvFrom WSASend WSASendTo WSASocketW #16 #19 WSAConnect WSAAccept #21 WSARecv #13 WSANtohs #6 #5 #3 #2 #151 #7 #111 #52 #51 #22 #11 #8 WSANtohl #9 WSAHtonl #18 #112 #57 #115 #116 #101 WSAIoctl #14` `Functions related to the privilege level: CheckTokenMembership OpenProcessToken AdjustTokenPrivileges DuplicateToken` `Enumerates local disk drives: GetLogicalDriveStringsA GetDriveTypeW GetLogicalDriveStringsW GetVolumeInformationW GetDriveTypeA` `Manipulates other processes: OpenProcess Process32FirstW Process32NextW` `Can take screenshots: BitBlt CreateCompatibleDC GetDC` `Interacts with the certificate store: CertOpenStore`
Info	The PE is digitally signed.	`Signer: The Qt Company Oy` `Issuer: thawte SHA256 Code Signing CA`
Safe	VirusTotal score: 0/71 (Scanned on 2020-01-04 22:14:16)	`All the AVs think this file is safe.`

Hashes

MD5	`47b2924f850d82ba10e064805367964d`
SHA1	`480213c06154b17208557592314c2dac7e9acc6f`
SHA256	`37e3731cabc2f3cf837aa9e0a539c78b81a7f97b8e7f61dfbf594e17760e9b6c`
SHA3	`03001ba4fe38eb793312d597c65c52b4a4102b7a56c7c901f16e9f2072e15f9a`
SSDeep	`393216:24WpN1r9Ka/oXarElySJsv6tWKFdu9CioOb:UKawHOb`
Imports Hash	`94d9199dd1de8da60a0ceacacdaf1fe4`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x120`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`7`
TimeDateStamp	2019-May-14 11:05:36
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`12.0`
SizeOfCode	`0xd68c00`
SizeOfInitializedData	`0x5fba00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00CC9C50 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xd6a000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x1392000`
SizeOfHeaders	`0x400`
Checksum	`0x1378845`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e0fa36f89a26f61fee1b2ae966f90bb6`
SHA1	`b7e03af6ae7e15429409fb5b8cf710ff04ff8763`
SHA256	`903c912427d409ecd4dbecf637ec9c3b4f51ccc3b91a3e38c15dd74bf4ad73da`
SHA3	`a9cf3e7fa2de48ece0bd5154e935ba01b0b5f857fe89fe8ba8a0688110621d9b`
VirtualSize	`0xd68b31`
VirtualAddress	`0x1000`
SizeOfRawData	`0xd68c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.58735`

.rdata

MD5	`1cabe47a0e1f2539e1add97f8bbeb180`
SHA1	`c31121ecf0deacc8b3d2e13888c10019a1682c6a`
SHA256	`58d3918a324d0c0fef673668550f134045cf6b74da5280798335823169fb5697`
SHA3	`be21a8e930682bc05c0117589e3c40972cd20ea7cbb72b2f47c04eef6d1a1ccf`
VirtualSize	`0x52a668`
VirtualAddress	`0xd6a000`
SizeOfRawData	`0x52a800`
PointerToRawData	`0xd69000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.38343`

.data

MD5	`2c674a7d62728527cce6e27ba27d9733`
SHA1	`2a41568ae424e675684080b10834e18a06dbda3c`
SHA256	`ddedb038682752eba083f311408b3b0f87eb58b51704647edf5fcc475357108a`
SHA3	`af47415dd2225b338c47300eff8b76b5fb3580f6cb6e53fcfdd36030e26cc9f7`
VirtualSize	`0x54de8`
VirtualAddress	`0x1295000`
SizeOfRawData	`0x2bc00`
PointerToRawData	`0x1293800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.52466`

.qtmetad

MD5	`5dddf173ee990d6e17b94455ac91f763`
SHA1	`ce4e87b416246e5d1b23a23361367ad0683fcb84`
SHA256	`d2b42206dd6258562dcf1a7a4b5effb900298b4d546b6f7301d313bba9014537`
SHA3	`7eb1ac91d75e92cb6a5f3aae65dd5eec9cdd52be4902cad6c67c6558c69a240c`
VirtualSize	`0x110`
VirtualAddress	`0x12ea000`
SizeOfRawData	`0x200`
PointerToRawData	`0x12bf400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`2.96723`

_RDATA

MD5	`8c48bc5fdfe8016ff88837fdfdf83d8d`
SHA1	`72c3a4c3540fec8c5842972e1e44a6651ccfb3a4`
SHA256	`dfb728511bf1d940ad5c70c5f409dee7718ede3b3e06060108bf117fac82773e`
SHA3	`0aa130ab25f5db54f0daf5cd482097e945747301eece28f878d9c6ad0ac755b2`
VirtualSize	`0x124`
VirtualAddress	`0x12eb000`
SizeOfRawData	`0x200`
PointerToRawData	`0x12bf600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.51793`

.rsrc

MD5	`61ed2427593adf6a4f6337798624a9c2`
SHA1	`d9e5fa59268718a9cbb48acf193fd4dc837e565e`
SHA256	`94bce84d626f6ba7022191fec07aabcbb3e7af9b401cd5aa746e01b14024cdcd`
SHA3	`c0f448c9304ed7bbab5c9ec30d345c9b2e6b92d0a89dc7b6f142b1dd0d60fc4c`
VirtualSize	`0x25ecc`
VirtualAddress	`0x12ec000`
SizeOfRawData	`0x26000`
PointerToRawData	`0x12bf800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.16709`

.reloc

MD5	`385d4aeda7579d2c38ef2eca140ac3e9`
SHA1	`509a7d496f4a0339a0f832773402cc514f162988`
SHA256	`dc6be7e41b7e2ba80b8446a583f215a981c18ad06b67eb16a00ccd5672f3047a`
SHA3	`231d348c821942059891e006159ef41b9328637003928ff47e36160cbf2b62c0`
VirtualSize	`0x7f1c4`
VirtualAddress	`0x1312000`
SizeOfRawData	`0x7f200`
PointerToRawData	`0x12e5800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.60651`

Imports

IMM32.dll	`ImmAssociateContext` `ImmGetCompositionStringW` `ImmNotifyIME` `ImmSetCompositionWindow` `ImmSetCandidateWindow` `ImmGetVirtualKey` `ImmReleaseContext` `ImmGetContext` `ImmGetDefaultIMEWnd`
OLEAUT32.dll	`#184` `#12` `#8` `#7` `#6` `#10` `#9` `#4` `#2`
UxTheme.dll	`OpenThemeData` `DrawThemeBackground` `GetThemeColor` `GetThemeSysFont` `IsThemeActive` `GetThemeTransitionDuration` `GetCurrentThemeName` `IsAppThemed` `SetWindowTheme` `GetThemePropertyOrigin` `GetThemeMargins` `GetThemeEnumValue` `GetThemeInt` `GetThemeBool` `IsThemeBackgroundPartiallyTransparent` `GetThemePartSize` `GetThemeBackgroundRegion` `#47` `CloseThemeData` `DrawThemeTextEx` `SetWindowThemeAttribute`
dwmapi.dll	`DwmEnableBlurBehindWindow` `DwmIsCompositionEnabled` `DwmExtendFrameIntoClientArea` `DwmDefWindowProc`
IPHLPAPI.DLL	`GetAdaptersAddresses` `GetAdaptersInfo`
CRYPT32.dll	`CertGetCertificateChain` `CertGetCertificateContextProperty` `CertDuplicateCertificateContext` `CertFindCertificateInStore` `CertEnumCertificatesInStore` `CertCloseStore` `CertOpenStore` `CertCreateCertificateContext` `CertFreeCertificateContext` `CertFreeCertificateChain`
GDI32.dll	`GetRegionData` `CreateBitmap` `GetDIBits` `SetWorldTransform` `ExtTextOutW` `BitBlt` `CombineRgn` `CreateRectRgn` `DeleteObject` `OffsetRgn` `SelectClipRgn` `GetDeviceCaps` `CreateCompatibleBitmap` `CreateCompatibleDC` `CreateDCW` `DeleteDC` `SelectObject` `ChoosePixelFormat` `SetPixelFormat` `GetBitmapBits` `GetObjectW` `CreateFontIndirectW` `EnumFontFamiliesExW` `GetFontData` `GetStockObject` `AddFontResourceExW` `RemoveFontResourceExW` `AddFontMemResourceEx` `RemoveFontMemResourceEx` `GetTextMetricsW` `GetTextFaceW` `CreateDIBSection` `GdiFlush` `GetCharABCWidthsW` `GetCharABCWidthsFloatW` `GetGlyphOutlineW` `GetOutlineTextMetricsW` `GetTextExtentPoint32W` `GetCharABCWidthsI` `SetBkMode` `SetGraphicsMode` `SetTextColor` `SetTextAlign`
MPR.dll	`WNetGetUniversalNameA`
VERSION.dll	`GetFileVersionInfoW` `VerQueryValueW` `GetFileVersionInfoSizeW`
WS2_32.dll	`WSARecvFrom` `WSASend` `WSASendTo` `WSASocketW` `#16` `#19` `WSAConnect` `WSAAccept` `#21` `WSARecv` `#13` `WSANtohs` `#6` `#5` `#3` `#2` `#151` `#7` `#111` `#52` `#51` `#22` `#11` `#8` `WSANtohl` `#9` `WSAHtonl` `#18` `#112` `#57` `#115` `#116` `#101` `WSAIoctl` `#14`
KERNEL32.dll	`AreFileApisANSI` `HeapReAlloc` `IsProcessorFeaturePresent` `IsDebuggerPresent` `ExitThread` `HeapAlloc` `GetCPInfo` `GetCommandLineA` `RtlUnwind` `SetConsoleCtrlHandler` `HeapFree` `GetStringTypeW` `DecodePointer` `EncodePointer` `CreateMutexW` `ReleaseMutex` `ReadConsoleInputA` `ReadConsoleW` `GetConsoleCP` `GetConsoleMode` `RaiseException` `SetStdHandle` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `InitializeCriticalSectionAndSpinCount` `CreateTimerQueue` `SignalObjectAndWait` `GetLogicalProcessorInformation` `CreateTimerQueueTimer` `GetStdHandle` `GetFileType` `GetLargestConsoleWindowSize` `SetConsoleScreenBufferSize` `FreeConsole` `AttachConsole` `AllocConsole` `SetConsoleMode` `GetConsoleWindow` `GetCommandLineW` `CloseHandle` `CreateProcessW` `LocalFree` `FormatMessageW` `GetFileAttributesExW` `GetLongPathNameW` `GetShortPathNameW` `GetEnvironmentVariableW` `GetCurrentProcess` `IsWow64Process` `OpenProcess` `GetLogicalDriveStringsA` `CreateToolhelp32Snapshot` `Process32FirstW` `Process32NextW` `FindFirstVolumeW` `FindNextVolumeW` `FindVolumeClose` `GetDiskFreeSpaceExA` `ChangeTimerQueueTimer` `GetDriveTypeW` `GetVolumePathNamesForVolumeNameW` `SetErrorMode` `WaitForSingleObject` `TerminateProcess` `GetLastError` `FileTimeToSystemTime` `CreateFileW` `DeviceIoControl` `FlushFileBuffers` `LockFile` `UnlockFile` `WriteFile` `CompareFileTime` `GetProcAddress` `GetFileSize` `ReadFile` `SetEndOfFile` `SetFilePointer` `SetFileTime` `OpenEventW` `OpenFileMappingW` `MapViewOfFile` `UnmapViewOfFile` `SetCurrentDirectoryW` `GetCurrentDirectoryW` `CreateDirectoryW` `DeleteFileW` `RemoveDirectoryW` `SetFileAttributesW` `GetTempPathW` `SetLastError` `GetCurrentProcessId` `GetCurrentThreadId` `GetTickCount` `GetSystemDirectoryW` `GetModuleHandleW` `MoveFileW` `GetFileInformationByHandle` `FindClose` `FindCloseChangeNotification` `FindFirstChangeNotificationW` `FindFirstFileW` `FindNextFileW` `GetLogicalDriveStringsW` `GetModuleHandleA` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `MultiByteToWideChar` `WideCharToMultiByte` `FreeLibrary` `GetModuleFileNameW` `LoadLibraryExW` `LoadLibraryW` `GetSystemTimeAsFileTime` `FileTimeToDosDateTime` `GetVersionExW` `InitializeCriticalSection` `SetEvent` `ResetEvent` `ReleaseSemaphore` `CreateEventW` `CreateSemaphoreW` `VirtualAlloc` `VirtualFree` `GetSystemInfo` `GlobalMemoryStatus` `FileTimeToLocalFileTime` `WaitForMultipleObjects` `ExpandEnvironmentStringsW` `CheckRemoteDebuggerPresent` `GlobalAlloc` `GlobalLock` `GlobalUnlock` `GetLocaleInfoW` `LoadLibraryA` `GlobalSize` `GetUserDefaultLangID` `LocalAlloc` `lstrlenW` `GetVolumeInformationW` `lstrcmpW` `Sleep` `GetTempPathA` `GetTempFileNameA` `VerSetConditionMask` `VerifyVersionInfoW` `QueryPerformanceCounter` `QueryPerformanceFrequency` `ExitProcess` `GetSystemTime` `SystemTimeToFileTime` `GetTimeZoneInformation` `VirtualProtect` `CreateFileMappingW` `DisconnectNamedPipe` `WaitNamedPipeW` `GlobalFree` `ConnectNamedPipe` `CreateNamedPipeW` `GetOverlappedResult` `SetHandleInformation` `FlushConsoleInputBuffer` `GetNativeSystemInfo` `OutputDebugStringW` `CompareStringW` `GetUserDefaultLCID` `GetStartupInfoW` `GetLocalTime` `DuplicateHandle` `SwitchToThread` `CreateThread` `GetCurrentThread` `SetThreadPriority` `GetThreadPriority` `TerminateThread` `ResumeThread` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `WaitForSingleObjectEx` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `GetExitCodeProcess` `GetProcessId` `GetTickCount64` `GetDateFormatW` `GetTimeFormatW` `GetCurrencyFormatW` `GetUserPreferredUILanguages` `LCMapStringW` `ReadFileEx` `PeekNamedPipe` `CancelIoEx` `SleepEx` `WriteFileEx` `GetFileAttributesW` `GetFullPathNameW` `GetLogicalDrives` `CopyFileW` `GetFileInformationByHandleEx` `SetFilePointerEx` `MoveFileExW` `FindFirstFileExW` `GetModuleHandleExW` `FindNextChangeNotification` `GetGeoInfoW` `GetUserGeoID` `DeleteTimerQueueTimer` `GetNumaHighestNodeNumber` `GetProcessAffinityMask` `SetThreadAffinityMask` `RegisterWaitForSingleObject` `UnregisterWait` `IsValidLocale` `EnumSystemLocalesW` `HeapSize` `GetProcessHeap` `GetModuleFileNameA` `IsValidCodePage` `GetACP` `GetOEMCP` `SystemTimeToTzSpecificLocalTime` `SetEnvironmentVariableA` `SetEnvironmentVariableW` `WriteConsoleW` `GetThreadTimes` `FreeLibraryAndExitThread` `InitializeSListHead` `InterlockedPopEntrySList` `InterlockedPushEntrySList` `InterlockedFlushSList` `QueryDepthSList` `UnregisterWaitEx` `CreateProcessA` `GetDriveTypeA`
USER32.dll	`GetClientRect` `GetCursorPos` `ChildWindowFromPointEx` `GetSysColorBrush` `LoadImageW` `MonitorFromWindow` `GetMonitorInfoW` `EnumDisplayMonitors` `GetSysColor` `LoadIconW` `IsHungAppWindow` `SetClipboardViewer` `ChangeClipboardChain` `RegisterClipboardFormatW` `GetKeyboardLayout` `RegisterWindowMessageW` `CreateCaret` `DestroyCaret` `HideCaret` `SetCaretPos` `PeekMessageW` `IsZoomed` `GetKeyState` `GetKeyboardState` `ToAscii` `ToUnicode` `MapVirtualKeyW` `GetMenu` `TrackPopupMenuEx` `SetMenuItemInfoW` `NotifyWinEvent` `RegisterClassW` `SetCursorPos` `GetCursor` `GetFocus` `CreateCursor` `CreateIconIndirect` `GetIconInfo` `GetCursorInfo` `GetClipboardFormatNameW` `TrackMouseEvent` `GetMessageExtraInfo` `GetAsyncKeyState` `GetWindowTextW` `RealGetWindowClassW` `DrawIconEx` `MessageBoxW` `WindowFromDC` `CallWindowProcW` `SetPropW` `GetPropW` `RemovePropW` `GetProcessWindowStation` `GetUserObjectInformationW` `MessageBoxA` `PostThreadMessageW` `TranslateMessage` `DispatchMessageW` `GetQueueStatus` `MsgWaitForMultipleObjectsEx` `SetTimer` `KillTimer` `SetWindowsHookExW` `UnhookWindowsHookEx` `CallNextHookEx` `CharNextExA` `RegisterDeviceNotificationW` `UnregisterDeviceNotification` `RegisterClassExW` `GetClassInfoW` `UnregisterClassW` `GetKeyboardLayoutList` `GetAncestor` `DestroyIcon` `DestroyCursor` `SetParent` `GetParent` `SetWindowLongW` `GetWindowLongW` `ScreenToClient` `ClientToScreen` `SetCursor` `AdjustWindowRectEx` `GetWindowRect` `SetWindowTextW` `InvalidateRect` `GetUpdateRect` `SetWindowRgn` `EndPaint` `BeginPaint` `ReleaseDC` `GetDC` `SetForegroundWindow` `GetForegroundWindow` `EnableMenuItem` `GetSystemMetrics` `ReleaseCapture` `SetCapture` `GetCapture` `SetWindowPlacement` `SetFocus` `IsIconic` `IsWindowVisible` `LoadCursorW` `PostMessageW` `DrawMenuBar` `GetSystemMenu` `RemoveMenu` `EnumWindows` `GetWindowPlacement` `SetWindowPos` `MoveWindow` `FlashWindowEx` `SetLayeredWindowAttributes` `UpdateLayeredWindow` `ShowWindow` `DestroyWindow` `IsChild` `CreateWindowExW` `DefWindowProcW` `AttachThreadInput` `SendMessageW` `UpdateLayeredWindowIndirect` `SystemParametersInfoW` `GetDesktopWindow` `GetCaretBlinkTime` `MessageBeep` `IsWindow` `GetDoubleClickTime` `CharUpperW` `SendMessageTimeoutW` `GetWindowThreadProcessId`
SHELL32.dll	`CommandLineToArgvW` `SHParseDisplayName` `#155` `SHBrowseForFolderW` `SHGetKnownFolderIDList` `SHGetPathFromIDListW` `SHGetMalloc` `SHCreateItemFromParsingName` `SHCreateItemFromIDList` `ShellExecuteW` `#727` `SHGetStockIconInfo` `SHGetFileInfoW` `SHGetSpecialFolderPathW` `SHChangeNotify` `SHGetFolderLocation` `ShellExecuteExW` `SHGetFolderPathW` `SHGetKnownFolderPath`
ole32.dll	`ReleaseStgMedium` `OleIsCurrentClipboard` `OleFlushClipboard` `OleSetClipboard` `CoGetMalloc` `CoTaskMemAlloc` `CoCreateGuid` `StringFromGUID2` `DoDragDrop` `CoInitializeEx` `OleUninitialize` `OleInitialize` `RevokeDragDrop` `RegisterDragDrop` `CoLockObjectExternal` `CoTaskMemFree` `CoCreateInstance` `CoInitialize` `CoUninitialize` `OleGetClipboard`
ADVAPI32.dll	`AllocateAndInitializeSid` `RegQueryInfoKeyW` `RegFlushKey` `RegEnumValueW` `RegEnumKeyExW` `RegDeleteValueW` `RegDeleteKeyW` `RegCreateKeyExW` `MapGenericMask` `CheckTokenMembership` `FreeSid` `RegCloseKey` `RegOpenKeyExW` `RegQueryValueExW` `RegSetValueExW` `GetFileSecurityW` `OpenProcessToken` `AdjustTokenPrivileges` `LookupPrivilegeValueW` `RegNotifyChangeKeyValue` `AddAccessAllowedAce` `GetLengthSid` `GetTokenInformation` `InitializeAcl` `InitializeSecurityDescriptor` `SetSecurityDescriptorDacl` `SetSecurityDescriptorGroup` `SetSecurityDescriptorOwner` `DeregisterEventSource` `RegisterEventSourceA` `ReportEventA` `CryptAcquireContextA` `CryptReleaseContext` `CryptDestroyKey` `CryptSetHashParam` `CryptGetProvParam` `CryptGetUserKey` `DuplicateToken` `CryptExportKey` `CryptDecrypt` `CryptCreateHash` `CryptDestroyHash` `CryptSignHashA` `CryptEnumProvidersA` `AccessCheck` `CopySid`
WINMM.dll	`timeSetEvent` `PlaySoundW` `timeKillEvent`
d3d9.dll	`D3DPERF_GetStatus` `D3DPERF_SetMarker` `D3DPERF_EndEvent` `D3DPERF_BeginEvent` `Direct3DCreate9`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.80237`
MD5	`6c9c18a9a405ed09df250243b06012ba`
SHA1	`fe9ad5fef5db8f9079040ffd9c131f3f0ca07e37`
SHA256	`381dc2026c773f5b90f419ccdcefe2682ab89d269bce592dfaf50214a285a9a1`
SHA3	`415968d75cf2a17c791752ac0859a385425bf626660bce9f7a0140415b69ad09`

1 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.14637`
MD5	`c51e55c049add73d6aabd2ddbdb2aa7b`
SHA1	`4c20afa60b341a2ac5aac8953895b35f0637a2c9`
SHA256	`c53aa637b8e7968f352cd4b15c44e614bcd94974aa9ba50a403972543c09947b`
SHA3	`8aff6983e50e341ee0b14e65648c1ed6847081ac5306515ec50dcd50c26f6fdf`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x6b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.79008`
MD5	`926ca6669bc1ecb7f7cf92009fa0bb56`
SHA1	`3b29053ae4d372f4349c3470a541e89234bd1e15`
SHA256	`6c4533c9160c0775542ac2eecae53159378207a9169d92e349b4f6d8ff5beea1`
SHA3	`017db1226d284213e6e2bdc6a2dc5498b5e12f439075061ecb64eb119ffe7491`

2 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.30941`
MD5	`517b1ecd32447dcb2bcbddb54edb5d9a`
SHA1	`54bb77783ff628781592cf07c8ea1147d637ccd6`
SHA256	`728935e2583e2bc1886a76721d96fd9fb925ce4dedfb48b87b1e618b228caf6b`
SHA3	`88604c5fa67f7e388602d2d9ffd6f5ea0855e9b38ee26e5d51a5a6f900aebe44`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34906`
MD5	`949110d4c0bfd78a8ca4cb45f3cf2c92`
SHA1	`58d80dce32250d2d50f64b84a3acdfe4433640e0`
SHA256	`60b8bc858e0d33c5227266b2e330264bed3371312c5c07330563751bbd48fb52`
SHA3	`7f0b6608bf3ceca2672a402a287df04755d3215d993099379edcab8a8cecfbaf`

3 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.03304`
MD5	`8fb81b533e45ecf8ccdd2a35bb10a0f5`
SHA1	`9b8b720b9b59035d9db96d09dd7e2f4718091f6e`
SHA256	`e9e3d3a493742ce211b4c03ca09518dd7b5c0755a398ccbc9a4e8722096d8d57`
SHA3	`49a63544cf858110711e29fbfad6facfc07dcff5a1e8ebd9979c8a889a16b764`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.3403`
MD5	`964a9c5275fd73436096e1e095efa17e`
SHA1	`2efb9f2fecee70c117a840bfbdd0f4acde0c68a6`
SHA256	`2f7373c17e0b76a60ecb5d473d7dbdfd8b0cf15b49f60d082aedfb7efdac3ba9`
SHA3	`b0adbdf38c190f72a57f072f9d6ca899a73f04179e1fbab132af4645f07f406a`

4 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.4265`
MD5	`3b0272f7d0ef72ba4b3043f36b73d37c`
SHA1	`f652f9727832726c371cff48131274b19383e29a`
SHA256	`b56c3ef3dc5cf7b540ddb025c90d481b9c23e4c8dd6c487e208b0226e0c7c8b6`
SHA3	`6b832a1904a61269ac9f527356d1bb15ab2e61e9e528c4a89ffedf316b97bc7a`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1a68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.08311`
MD5	`2388cd65ea4890f9fa2a31087b377d89`
SHA1	`e21a506fa78951aa2d499162c8c3b4d7002ac321`
SHA256	`d239cd920b567aa742c0c61c5aad0da3959590ed81c32747dede1eac256ce3bc`
SHA3	`cbd3e6e71796514ce502cf880b158335dde1d472df65f5fa4aa48ba1fb970d2b`

5 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.64193`
MD5	`1a62f802dea9527dc790a2f94462a40a`
SHA1	`b3b9cdc71a55df4713b344dc09a728e2abbba970`
SHA256	`59012221861573b0022e804b9290133564cdb7e218ba8a77c1e305fcda47b251`
SHA3	`3e1286905b4c22f3bb51724d29e00a00887a5fb9359494dff70ada699c530144`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.07882`
MD5	`32d1833c788336a6e0714468483fdc61`
SHA1	`2cf034b3de9e3df0ff356161b03a573a1951e923`
SHA256	`cc7ff14b2a223242d1a2b07fed009b164690f80c7dd2c427ce47d4192907f674`
SHA3	`9f8b9114dc7778796bbd386f3c93338dcaa2ed751e9a0aed8f9c29599277a86f`

6 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.61672`
MD5	`e18cc830c74c9bfaf5aa0d27372f8184`
SHA1	`bf2f00ead43278dd229d20026c72ec218c5e2abf`
SHA256	`969de1921b83ae6b06a678b2e58f1a28f312d9c39c3350e17f3c9d4f940a1845`
SHA3	`74afc99318839d1c9dd3219248d3d882f192a9ad2bd0456eefda2d9b3c5a22d9`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.02538`
MD5	`e35610ffb6a45c729afa1a986aeafc0c`
SHA1	`02c938e05bccbe99a70139643bf87c031402d5b7`
SHA256	`712b9f10369ffddc8ef71aa473ba15138b73bede758fe81c6f96b1fd7a7b8445`
SHA3	`d05c89fee98403aa6de80bf35c9f4c4c1ec203b77fd662efe5abc541bb47065c`

7 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.11499`
MD5	`ca7014bf932d079515b605f40256f68a`
SHA1	`2603196bf61236e3687c4a911a10be78053831f2`
SHA256	`669dd55582fe1ee2646236e505fa2daabce5bb9748e223e246ca8290841a2466`
SHA3	`c06fc349d206a1f2e1eb2d6f8cc8ebef81d7f98e59fb6c22bf57b63bf651054a`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.10845`
MD5	`732d6665647c112562d81a6da6b3f6ee`
SHA1	`ee70a856d3244f6f10c62027f5e11750f5dac0e8`
SHA256	`da44e0f5452cec8ac0f68fc62f366c3cd404fad526c7c18be2bb541b720b9012`
SHA3	`4714b633481a0b29421ffe09ad43ad42baf751324f812a2b7a66f2360fa45e81`

8 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.62416`
MD5	`12a6fb74c9840e756751c4fdfee7bbf2`
SHA1	`6d15b0354601516de9432d9368413c0577089c60`
SHA256	`ade532f605de566cff35d61c8ea3bbe9758aeafef7879f443d387ad5ebe64c3d`
SHA3	`33b44a334b36fb1ed1c941005ddd661a4a65794e08fa8da9f81d6812c7ea9e1f`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x4442`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.93333`
Detected Filetype	PNG graphic file
MD5	`7679d64896037ec8de43592e879843eb`
SHA1	`f9198df4fee2d1566b2eaded7bcbe3d63e7269db`
SHA256	`14ea1f269eaf9ecc8947a45e1de71f6b1e291b15bcd933f812a70c1938a592e0`
SHA3	`63a214d29cfa86b850d6fbeec896830ce962a550dda01385172a004f31196ace`

9 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.05238`
MD5	`8e9ee4d43dd7dd41999522a5c9aa80a7`
SHA1	`376b36527a9a5cb21ea68066954ed1d9daf2db8a`
SHA256	`398676cdea09958ac559d2c4b7650e451f37bd3dac73ce53f6db1f81fc61c45b`
SHA3	`453c0dee36a673381d1912749dbfbae8c4c92fe289eb72c88e8f561f27041b42`

IDI_ICON1

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.99492`
Detected Filetype	Icon file
MD5	`bfbbefe44ceffc1ce14f47b916767639`
SHA1	`a8d5ab0c5e6696f842846ffe3a59990ffbfc5d74`
SHA256	`4d7faf2264a12d3aea0c46f6f8635465911f66bd22dcdc785e65bf0089f654f0`
SHA3	`43856d7b4623e654cd632e2a0ce092f06f41a68dc07d394cb1d5fafa45ef089a`

IDI_ICON1 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.89097`
Detected Filetype	Icon file
MD5	`a6469ac97a109b7c2bc1bf3020168af3`
SHA1	`53f3b4b4b61af9cde9de74a33fbc492c71f7660c`
SHA256	`ca82878ac6f8f5d26249f03257b496eebf06e2d20e02349a0b871bf92766535c`
SHA3	`15f2850e54173ca36462fa901e1019404484e4da82f3668cb938a5e593f2ed53`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x479`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.12566`
MD5	`81876856b731bc24db073fcff91e8013`
SHA1	`1b0240ce31ba6818e31a6e1a744bf36d4645cf77`
SHA256	`c6c6f6756e49faf11fc994e891ca254b892a77e047fa10802cac70fb99b3b2d0`
SHA3	`6154b41bc4239a50ca4ad8a3ed968a7cf94518cb103796611926aeda9769f72e`

Version Info

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x16aae60`
SEHandlerTable	`0x1638f50`
SEHandlerCount	`4005`

RICH Header

XOR Key	`0xd8c63f32`
Unmarked objects	`0`
C++ objects (20806)	`4`
199 (41118)	`3`
ASM objects (VS2013 build 21005)	`83`
C++ objects (VS2013 build 21005)	`141`
C objects (VS2013 build 21005)	`301`
C++ objects (65501)	`1`
C objects (65501)	`7`
208 (65501)	`1`
Unmarked objects (#2)	`20`
Imports (65501)	`35`
Total imports	`628`
C objects (VS2013 UPD5 build 40629)	`608`
C++ objects (VS2013 UPD5 build 40629)	`1441`
Resource objects (VS2013 build 21005)	`1`
Linker (VS2013 UPD5 build 40629)	`1`

47b2924f850d82ba10e064805367964d

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.qtmetad

_RDATA

.rsrc

.reloc

Imports

Delayed Imports

1

1 (#2)

2

2 (#2)

3

3 (#2)

4

4 (#2)

5

5 (#2)

6

6 (#2)

7

7 (#2)

8

8 (#2)

9

9 (#2)

IDI_ICON1

IDI_ICON1 (#2)

1 (#3)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors