Manalyze report for 47dd7fd5a31e542a33370735ee773b70

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Mar-09 09:53:04
Detected languages	English - United States
CompanyName	LogMeIn, Inc.
FileDescription	GoToAssist
FileVersion	`4.8 Build 1702`
InternalName	GoToAssist Remote Support
LegalCopyright	© 2019 LogMeIn, Inc.
OriginalFilename	GoToAssist Remote Support.exe
ProductName	GoToAssist
ProductVersion	`4.8 Build 1702`

Plugin Output

Suspicious	PEiD Signature:	`UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX v2.0 -> Markus, Laszlo & Reiser (h)` `UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser`
Suspicious	The PE is packed with UPX	`Unusual section name found: UPX0` `Section UPX0 is both writable and executable.` `Unusual section name found: UPX1` `Section UPX1 is both writable and executable.` `The PE's resources are bigger than it is.`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc` `Manipulates other processes: EnumProcesses`
Suspicious	The PE is possibly a dropper.	`Resource 4805 is possibly compressed or encrypted.` `Resource 201 is possibly compressed or encrypted.` `Resource 38 is possibly compressed or encrypted.` `Resource 39 is possibly compressed or encrypted.` `Resource 40 is possibly compressed or encrypted.` `Resource 269 is possibly compressed or encrypted.` `Resource 270 is possibly compressed or encrypted.` `Resource 294 is possibly compressed or encrypted.` `Resources amount for 588.727% of the executable.`
Info	The PE is digitally signed.	`Signer: LogMeIn` `Issuer: DigiCert SHA2 Assured ID Code Signing CA`
Safe	VirusTotal score: 0/70 (Scanned on 2023-09-17 23:34:21)	`All the AVs think this file is safe.`

Hashes

MD5	`47dd7fd5a31e542a33370735ee773b70`
SHA1	`69f7ea69774d8d092f9c99f477ce413c7d012c69`
SHA256	`a5c4f0f95a4c39b8be185a9c92c4496a9aaf95dfa4742626089fac050cb260ab`
SHA3	`1c383532bb23ccb655fc84867b03ab18362e9ab0d0686771b7c0232080df95d3`
SSDeep	`98304:9F+gOav+DsMSsP/j48tpg+iESjTaGe4OW:9F+gpv+DPP/k+k/aho`
Imports Hash	`aeeb0f063a90b4126d97270e2143bc03`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2021-Mar-09 09:53:04
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`12.0`
SizeOfCode	`0x325000`
SizeOfInitializedData	`0x4a000`
SizeOfUninitializedData	`0x1a7a000`
AddressOfEntryPoint	`0x01D9E440 (Section: UPX1)`
BaseOfCode	`0x1a7b000`
BaseOfData	`0x1da0000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x1dea000`
SizeOfHeaders	`0x1000`
Checksum	`0x37f665`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

UPX0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x1a7a000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

UPX1

MD5	`5be0bf7e50502d609a1494d7ab7264fb`
SHA1	`4351c2de5ad6de0c3836ae7baa8db3fe2bbec6a8`
SHA256	`e77a217ae45e7b5803c8b3fe4b2a58fd612c5dbd72b5353689298cd0221aea11`
SHA3	`5b6bf54871d864c78be3c605062f44a5e3eb78b8f651afb75bd8ce92497720e9`
VirtualSize	`0x325000`
VirtualAddress	`0x1a7b000`
SizeOfRawData	`0x324200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99993`

.rsrc

MD5	`72c00677f81b0328d153b3eabbf051a3`
SHA1	`a88224458855358941ef4d3d9870e8b2e6eefc09`
SHA256	`6589352014ba006a529cae6c0253c888e1c39263903bde5e580a309ed5558234`
SHA3	`8e0ce5d76940cd0a267ecc14497ac91ee22d56b3eec173aeeaa791f6ad3fe7f9`
VirtualSize	`0x4a000`
VirtualAddress	`0x1da0000`
SizeOfRawData	`0x49800`
PointerToRawData	`0x324600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.78579`

Imports

KERNEL32.DLL	`LoadLibraryA` `GetProcAddress` `VirtualProtect` `VirtualAlloc` `VirtualFree` `ExitProcess`
ole32.dll	`CoGetCurrentProcess`
PSAPI.DLL	`EnumProcesses`
SETUPAPI.dll	`SetupDecompressOrCopyFileW`
SHELL32.dll	`SHGetFileInfoW`
SHLWAPI.dll	`StrCatW`
USER32.dll	`IsWindow`
USERENV.dll	`CreateEnvironmentBlock`
VERSION.dll	`VerQueryValueW`

Delayed Imports

4501

Type	`TEXT`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x961c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

4502

Type	`TEXT`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x961c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

4503

Type	`TEXT`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x961c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

4504

Type	`TEXT`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xaa7c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

4505

Type	`TEXT`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x95dc8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

4506

Type	`TEXT`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x961c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

4507

Type	`TEXT`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1c7c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

4508

Type	`TEXT`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1ebc8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

4509

Type	`TEXT`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x53c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

4510

Type	`TEXT`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1c1c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

4800

Type	`TEXT`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2a9dc8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

4801

Type	`TEXT`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2ac5c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

4802

Type	`TEXT`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2ab5c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

4803

Type	`TEXT`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2acdc8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

4804

Type	`TEXT`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2ab3c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

4805

Type	`TEXT`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2ab5c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99994`
MD5	`35eff66235946a321752875a2fb6beca`
SHA1	`5e7dd8d50b4f574b759fa586e970cf2a0c9b0fa8`
SHA256	`f64b6347397bb1f5550ee083c8ea4e19cf2bb23a2cb66403ed81b104fe721f60`
SHA3	`c38c0d4d5563c0f648493f5fae0d835460da99f12d7ae381c0ddd53d6736fb55`

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.22328`
MD5	`9160d1cb33ce89dc339aba61c8a117e5`
SHA1	`8e19079152daf8efb64c0b7febcddd42405273d6`
SHA256	`96c48893c5f1cc03e3ed72c66b12d89f639f18d03d56dce2d72470966b47abb9`
SHA3	`1259b6fdc0cf6005c4919a9011d8b8fe56f5502ef1650ea906ddcfd1232e114b`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.31778`
MD5	`8e4bf9cf1bb7b87ddcb10c678e065099`
SHA1	`716ca3a84efb22750bec7b01f2dc61cbc0a134c1`
SHA256	`b2b13570b0c82d54c4c327ee9b94fd2bb349cf01b57bc4597936972c82268a8d`
SHA3	`45d5a76887934c757a17836fe32c8fdc955f8276b4251b846f505dfc67304e5f`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.03072`
MD5	`7d2823d8ce955c6116fc882369d8aeb8`
SHA1	`402d2283b348b5edcccb98f8223b64fc7b2b7fd9`
SHA256	`3e13e4853dd3959aeb6f949b955170a907759914369611adebe635abac821084`
SHA3	`04c79700a9912caf352759a387ac10688d9314be0406fbc65f6f0341d6b99b7c`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.76011`
MD5	`7c7476dfb5cb6abd5f5f723ea8341124`
SHA1	`284abfe9501878188f8017ef2abc5c8957b5fdc1`
SHA256	`ab097deec0199c92666115431ab42a79e86834b965dec729330d2f20fa468f87`
SHA3	`81544cb27fae6158ffcd0b0c5c786e768da2e489108914d6bae444b575c5b566`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.7042`
MD5	`5085c877ab6ef8d89674536a9aee2c5a`
SHA1	`0308ae3213b6fbfaeeece885c95b546fe115a432`
SHA256	`098afad68e0f67db540bc9d54f0a096afe37d16f94d058aeeb988bcca853720f`
SHA3	`e6fde0414fe8029e80873cabcec1848a874b067915538db513fa319bd55d6c25`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.65748`
MD5	`5b0da76f9d3e4f4828acb7f97dd2cabe`
SHA1	`2071a916b337d79a8ec8155dd938216dd61b0276`
SHA256	`c49c51c86aeaf99757f2937a8b99296e6378a500246b32dc507f0b1521787187`
SHA3	`9529c09b255805bab101f3b16d3fc6f2f217e43838301cc6452053995e17628f`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.03195`
MD5	`34b15dc1ee5805a9207a2dc783435a8f`
SHA1	`c674b36c04eed392ad7714257950e969d0430272`
SHA256	`be88999116507f4cbf251322f2b1afd36dc6cd6fcbe063f4a99da5e4fe247284`
SHA3	`151a6ff9a20b275a12cbbbc868c75f582798be8d51812ffab7489778b1efb36d`

8

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.75016`
MD5	`3b43c68a3f4103469c5475799a02aab8`
SHA1	`dfe36a0a5cb5360f949127815e07e4383b1ff8ed`
SHA256	`2066cca591c0ad169d5dbb72231228f6cbbd18b3e73cef09322d56d4c896e49b`
SHA3	`d5422d6c479404ef8dd37a2f554c5272ef3d9642ca7c349a7ceda355946e3261`

9

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.8361`
MD5	`973725aab84beac4ee113450178c9e0d`
SHA1	`14bc80bb86862391c2b708ba2ed2ac4c7f054cc7`
SHA256	`3190a4beed19c6add1f28411fca601928bc27b29c1b7c2b1bdb18741334998db`
SHA3	`b6247df84653ee1e7754dfab28401036eabdabd65dbf88ebe1d27d65c83f751b`

10

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.58285`
MD5	`6dc6964e85eec530a509a05cf33a8deb`
SHA1	`a2b9040e5dff1c1ec170d49b0449d99addc13a12`
SHA256	`15d07f018583467f4d33ae26f772b37b36a2d55691dd334f022df05835c99f28`
SHA3	`5ad3efb90495e57a54c34772168e30046a5ffeabb92221a1ebb36ec17c878032`

201

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xd4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.03194`
MD5	`5d9095ffc40ee2f8086ec6e5e49ccf16`
SHA1	`9046cf1dcaa5c3f4cf0d7b856306d4b1b9cd4d30`
SHA256	`92111e3007c82f953ec5dca6cd51f5aa082d25f111fb5481667348d9169020dd`
SHA3	`b2b86307caca23e4444d671b8d4fad3e2dcd97ea83d434885edcc41fec6e8587`

38

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x220`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.58128`
MD5	`f785e81b53620a5eb2bc29864635541c`
SHA1	`a888012981f0532b6a27cf6df91eb5b2b27461e9`
SHA256	`32edef4172265b8929a946a37e16e0255f23a753d022bf9a21171dec2b9959d7`
SHA3	`f02e1702cfb1b3c367cb486028d80ca26e4069df0c90cf1b0c759a637d2284ea`

39

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.86303`
MD5	`42e700666b5d456f2c6a5ecb043d2ca4`
SHA1	`dedafd380121bb94d8bec02d5928841be722a4c4`
SHA256	`175f345b495a043fb82f52b5fdce4c9eb10e4072c0e6b1a186d542ceaf02328f`
SHA3	`4570333254b18eb5b0d1f9d6d9b560740003318c15fe5d5130b874d89d1ae0ca`

40

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x26e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.71527`
MD5	`74d9210f5d7f7e05a2c9f842b656cc24`
SHA1	`80bd9abce61d5609d930bfc63bfb2ab95dc84bf8`
SHA256	`8c7dbce01ff0c7528c552b4d8831c91f296c89b3d37abad5fb829072f04ae96e`
SHA3	`0ba6f0ae7f94c2bc275af34663f57bda9fe13d6ba4f15df0cecac2f3a9d44cf1`

263

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.11952`
MD5	`5b9ea874460cf8182f5a6801c2abaae9`
SHA1	`e7302ba9b9a782ccbf04e0b300ce90b23ed04a70`
SHA256	`f371256a84f4e01a41ad4d748de741684207f9e8c0396fbe53e3088e0e403052`
SHA3	`26066952ca56c169d72488c230d73f32f00317b3f1ef0fabb4bf23d5878758bd`

269

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x116`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.33544`
MD5	`deebc819b179943e99d7bfd6cb4301cf`
SHA1	`634a651cfd13c1fb3cbc84b60f3bc8d29d2c6f7e`
SHA256	`021bd0efc729060a4fa72cb87acba0874c75238ffed54a34468e124647000363`
SHA3	`5c338840495d543f173108e9b64aa1f26552cc1708f894ed2ea0dab35f478c15`

270

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x170`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.38853`
MD5	`4c337aa92208763ac28b489f7918b883`
SHA1	`16d6de69e7473bc1101b8828d95016e91beb132c`
SHA256	`3f983c79cffbd2176bb51a5fb801fd7bb7e581874bc05fcb7ea7b3509cf091e2`
SHA3	`59b7f47d0d41ef2b68ccc6e78cec1e3e3441987003b1a4a6a6c34ec8c07abd06`

294

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x15e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.40419`
MD5	`3b135dccceaa569ab549ff76a2b3061c`
SHA1	`4276c12d9e82a1d0c7ad792019fc2c3c9c09ab38`
SHA256	`00228a51e1176b389bdaf118fdeb2796a5dd879cabd3bd6f47d197e84371e320`
SHA3	`5ecc94d6e97f9afd4f0c13b5fbd73d7a49aff963572913d6bd2de75aaf26ece1`

295

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xbc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.90893`
MD5	`2e985e53a9029e2d643449b9de97806d`
SHA1	`20a58d0da3b41d7a1c8ecb0118a09ed08096d0a1`
SHA256	`aed139ce7c2468e6c078b7c88435821a2613848a4bd93a35990b797b774d0418`
SHA3	`ee9f84800ed50ba242e4f7bfbfb3bc38bb66045efd99b7c1ce528d7828ba1c82`

4210

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2`
MD5	`4a4e1ed6d3bc559b52a0061f8c394df7`
SHA1	`0e34c086db39752ebf77559c14f08ca906235282`
SHA256	`16a714bfbabb5495f80ad0d963d12d52e139fca6e3e83bdff226e271770d1bb7`
SHA3	`f03eae7ac29ef623ef3641d574e1ce8de8b0b48371b5e1bdf5f37949c5be64b1`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x92`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.88162`
Detected Filetype	Icon file
MD5	`856ca23158ad29ed667eae48bb866164`
SHA1	`65f03e8373482d243d892f94179e62963e42e582`
SHA256	`2d287b567012b4a356769d1e8ea4ed3af529bdad84bf66a1c9ec7782fb7ca59e`
SHA3	`f1fa1fabb249b3305ceb77a448be742b5d061e9559f5211998068a1bff4ea686`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x31c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.46224`
MD5	`749099512ed0f4da8d4a693d0a96d1bc`
SHA1	`eb38e1115acd358c610f78328b802611bbf6c703`
SHA256	`45c00c4ace1a6fadc23019705da46e70382ebbca2a39643f410db609a15a63d7`
SHA3	`5a32275a2654a21820dbb8e42df946a64178f6a5b873288fb53187271a156f36`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x5ab`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.15352`
MD5	`23e5799a523d1818ecb1d21c28eef4e2`
SHA1	`628d12c07d54143fe050f1207242666addc355a0`
SHA256	`129f6f876bcec5103b7ffa1273819a2714503ca7ce97010c2fe7ed167e9941a0`
SHA3	`559a7ed6fe35945230c20cb1f2ed76668d14b6da2e87a6cb9d643bb8cd8440c5`

String Table contents

ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ舀ӣ舀᫣舀㷣舀壣舀擣舀胣舁ꋣ脂뛢脂볢脂뻢脂쓢脂췢脂쯢脂쫢脂쯢脂쯢脂쯢脂쯢脂쯢脂쯢脂쯢脂쯢脂쯢脂쯢脂쯢脂쯢脂쯢脂쯢脂쳢脂웢脂싢脂쟢脂쟢脂
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ欇㧙ꀥ뫰쉎﫾썏썏썏썏썏썏썏썏썏썏썏썏썏썏썏쉏쉎쉎쉎셎�셍뽍빍￻빍￺뱊￸띃￶뵝￴쾓￵�鱗�톔￵빜￳띂￶뱊

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	4.8.0.1702
ProductVersion	4.8.1702.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	LogMeIn, Inc.
FileDescription	GoToAssist
FileVersion (#2)	4.8 Build 1702
InternalName	GoToAssist Remote Support
LegalCopyright	© 2019 LogMeIn, Inc.
OriginalFilename	GoToAssist Remote Support.exe
ProductName	GoToAssist
ProductVersion (#2)	4.8 Build 1702

Resource LangID	English - United States

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x44e0e0`
SEHandlerTable	`0x44b250`
SEHandlerCount	`13`

RICH Header

XOR Key	`0xfb4e4889`
Unmarked objects	`0`
199 (41118)	`2`
ASM objects (VS2013 build 21005)	`36`
C++ objects (VS2013 build 21005)	`81`
Imports (VS2008 SP1 build 30729)	`23`
Total imports	`270`
C objects (VS2013 build 21005)	`236`
C++ objects (VS2013 UPD4 build 31101)	`71`
Resource objects (VS2013 build 21005)	`1`
Linker (VS2013 UPD4 build 31101)	`1`

Errors

[*] Warning: Could not read the name of the DLL to be delay-loaded!
[*] Warning: Ignored an invalid IMAGE_RESOURCE_DATA_ENTRY
[*] Warning: Section UPX0 has a size of 0!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!