Manalyze report for 48fc329ea410c3244461c907f7971a83

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2015-Oct-27 23:10:55
Detected languages	English - United States
CompanyName	Sysinternals
FileDescription	BGInfo - Wallpaper text configurator
FileVersion	`4.21`
InternalName	BGInfo
LegalCopyright	Copyright © 2000-2014 Mark Russinovich
OriginalFilename	Bginfo.exe
ProductName	BGInfo
ProductVersion	`4.21`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ v6.0 DLL` `Microsoft Visual C++ 6.0 - 8.0` `MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Tries to detect virtualized environments: HARDWARE\DESCRIPTION\System` `May have dropper capabilities: %TEMP% %Temp% CurrentControlSet\Services` `Accesses the WMI: ROOT\CIMV2` `Contains domain names: Systinternals.com http://schemas.microsoft.com http://schemas.microsoft.com/office/word/2003/wordml http://www.microsoft.com http://www.microsoft.com/exporting http://www.sysinternals.com microsoft.com schemas.microsoft.com sysinternals.com technet.microsoft.com winternals.com www.microsoft.com www.sysinternals.com`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryExW LoadLibraryW` `Can access the registry: RegSetValueA RegEnumKeyA RegEnumValueA RegDeleteKeyA RegCreateKeyExA RegDeleteValueA RegEnumKeyExA RegOpenKeyExA RegSetValueExA RegQueryValueExW RegQueryValueExA RegOpenKeyA RegCreateKeyA RegCloseKey` `Possibly launches other programs: CreateProcessAsUserA ShellExecuteA` `Can create temporary files: CreateFileW CreateFileA GetTempPathA` `Uses functions commonly found in keyloggers: MapVirtualKeyA GetAsyncKeyState GetForegroundWindow CallNextHookEx` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Functions related to the privilege level: OpenProcessToken` `Interacts with services: QueryServiceStatus OpenServiceA OpenSCManagerA DeleteService CreateServiceA` `Enumerates local disk drives: GetLogicalDriveStringsA GetVolumeInformationA GetDriveTypeA` `Manipulates other processes: OpenProcess` `Can take screenshots: GetDC CreateCompatibleDC BitBlt`
Info	The PE is digitally signed.	`Signer: Microsoft Corporation` `Issuer: Microsoft Code Signing PCA`
Safe	VirusTotal score: 0/69 (Scanned on 2022-02-17 17:28:54)	`All the AVs think this file is safe.`

Hashes

MD5	`48fc329ea410c3244461c907f7971a83`
SHA1	`687efce8fa372a64b8292aa5293d6128c0d796bb`
SHA256	`b29ff87127d45d2400ced4473058971b05b4ec9445b6838cde38e486ffbf68ef`
SHA3	`278bce51ac8ac241b9234230d3a89e57ee79faf315bf3c47dc2ef6cd1505659b`
SSDeep	`49152:nyJlathrHoxNx8/G9n/WEfziTIurk7xqJF+hJAjp5arpEh:elazHoLx8O1jziMurkAFeJAjpIpw`
Imports Hash	`8583c13ca2a8cc29b5040be06fa7a1eb`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2015-Oct-27 23:10:55
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`12.0`
SizeOfCode	`0x156a00`
SizeOfInitializedData	`0xa7c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x001333F8 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x158000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x202000`
SizeOfHeaders	`0x400`
Checksum	`0x2030a5`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`3344d33186637288595a66eefb2c03b1`
SHA1	`82e96ec6086b948d911f5b35d81a59ad7d23101c`
SHA256	`0e2983c0851a2df082695d2ca7b0f13295b0b2e69727c81bf94a6447e5a694df`
SHA3	`a9f5ff1ec9253fe03b187c1c6477dbcbee57d160db092bbf86d668a7897eed38`
VirtualSize	`0x1569f6`
VirtualAddress	`0x1000`
SizeOfRawData	`0x156a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.52729`

.rdata

MD5	`f95c640c49d7d134827a1c79ddd17c50`
SHA1	`558e34d3c0ac183f4ad7e139e005c4ec507ab972`
SHA256	`b0beeaab8c0f6768e7a15e1c6d962a0cdc4ad97f6ae873a4aaff2f024a57ef7d`
SHA3	`1723b58dd51be07a95f201271a1cb3f0fb0f176ef94868d06c2569b58f043354`
VirtualSize	`0x53388`
VirtualAddress	`0x158000`
SizeOfRawData	`0x53400`
PointerToRawData	`0x156e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.37168`

.data

MD5	`9bcd6676e116474b734eca9f4cf65b3b`
SHA1	`221305e9652969f6c9b386e8e0b628a620b5b45c`
SHA256	`9fbba85500ec2eb05f0373f042307b8253a94b057296c948a48e199466b63c25`
SHA3	`b475e4bd28361e266b7323d73db0af7978b9f5c23fe0d8760a35af9d754fb80a`
VirtualSize	`0x12120`
VirtualAddress	`0x1ac000`
SizeOfRawData	`0x6200`
PointerToRawData	`0x1aa200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.70071`

.rsrc

MD5	`00de56161953780333a61c016c73c6b0`
SHA1	`b593be5edf2dd54ba2fec4555854f7d995831c5f`
SHA256	`5b4a9dea17f03255d7832fef2c76ff715cf1c6854c43a46b5b7bb8c1cc62540b`
SHA3	`eabac2f402050d0b81c65f5a2d7e613fd74f27e1b13b98a1f7fc8f5da9bc442e`
VirtualSize	`0x24420`
VirtualAddress	`0x1bf000`
SizeOfRawData	`0x24600`
PointerToRawData	`0x1b0400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.33405`

.reloc

MD5	`ad948ee6ec8cb2eedee5cd12dbe41eb4`
SHA1	`8c38280092bdf52c6670bbe647744521e6ad2778`
SHA256	`2c00acb90f3c5fcdef3208dec123b5fa1a997e6662a9c8d75550e733afaa388d`
SHA3	`84b70fd84f943090d84a556a5722cb718edeae0848ef3eb650761d206657334a`
VirtualSize	`0x1dfa0`
VirtualAddress	`0x1e4000`
SizeOfRawData	`0x1e000`
PointerToRawData	`0x1d4a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.50912`

Imports

WSOCK32.dll	`WSAStartup`
COMCTL32.dll	`#17` `CreateToolbarEx`
VERSION.dll	`VerQueryValueA` `GetFileVersionInfoA` `GetFileVersionInfoSizeA`
snmpapi.dll	`SnmpUtilOidCpy` `SnmpUtilOidNCmp` `SnmpSvcGetUptime`
KERNEL32.dll	`GetStartupInfoW` `GetStringTypeW` `GetTimeZoneInformation` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `GetConsoleCP` `ReadConsoleW` `LCMapStringW` `OutputDebugStringW` `WriteConsoleW` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `SetFilePointerEx` `CreateFileW` `GetProcAddress` `LocalAlloc` `LocalFree` `LoadLibraryA` `GetModuleHandleA` `GetCommandLineW` `DecodePointer` `InterlockedIncrement` `InterlockedDecrement` `HeapAlloc` `HeapReAlloc` `HeapFree` `HeapSize` `GetProcessHeap` `RaiseException` `GetLastError` `InitializeCriticalSectionAndSpinCount` `DeleteCriticalSection` `WriteFile` `SetEndOfFile` `CloseHandle` `GetLocalTime` `FormatMessageA` `lstrlenA` `GetSystemDirectoryA` `CreateFileA` `LockResource` `GlobalMemoryStatus` `SetErrorMode` `LoadResource` `SizeofResource` `GetFileSize` `ReadFile` `FindClose` `GetStdHandle` `IsValidCodePage` `GetFileType` `SetStdHandle` `GetSystemTimeAsFileTime` `AreFileApisANSI` `GetModuleHandleExW` `ExitThread` `CreateThread` `HeapQueryInformation` `VirtualAlloc` `IsProcessorFeaturePresent` `IsDebuggerPresent` `RtlUnwind` `SetConsoleMode` `ReadConsoleInputA` `GetConsoleMode` `FindResourceExW` `SearchPathA` `GetProfileIntA` `GetTempFileNameA` `GetTempPathA` `VerifyVersionInfoA` `VerSetConditionMask` `GetFileTime` `GetFileSizeEx` `GetFileAttributesExA` `lstrcpyA` `lstrcmpiA` `DuplicateHandle` `UnlockFile` `GetNativeSystemInfo` `SystemTimeToFileTime` `FileTimeToLocalFileTime` `FileTimeToSystemTime` `GetTickCount` `LockFile` `FlushFileBuffers` `GetCurrentDirectoryA` `GetACP` `GetCPInfo` `GetOEMCP` `GetUserDefaultUILanguage` `CompareStringW` `ResumeThread` `SetThreadPriority` `WaitForSingleObject` `LocalReAlloc` `GlobalHandle` `GlobalReAlloc` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `CopyFileA` `GlobalSize` `InitializeCriticalSection` `lstrcmpA` `GlobalFlags` `GlobalGetAtomNameA` `GlobalFindAtomA` `GlobalAddAtomA` `lstrcmpW` `GlobalDeleteAtom` `LoadLibraryExW` `FreeResource` `GetSystemDirectoryW` `GetCurrentThreadId` `LeaveCriticalSection` `EnterCriticalSection` `EncodePointer` `GetCurrentProcessId` `LoadLibraryW` `GetModuleHandleW` `GetModuleFileNameW` `SetLastError` `OutputDebugStringA` `CompareStringA` `MultiByteToWideChar` `FindResourceW` `SystemTimeToTzSpecificLocalTime` `SetFilePointer` `GetLogicalDriveStringsA` `VirtualQuery` `VirtualProtect` `DeleteFileA` `GetFileAttributesA` `SetEnvironmentVariableA` `GetCommandLineA` `GetSystemInfo` `GetEnvironmentStrings` `FreeLibrary` `GetFullPathNameA` `GetModuleFileNameA` `WaitForMultipleObjects` `GetExitCodeProcess` `TerminateProcess` `ExitProcess` `GetCurrentProcess` `OpenProcess` `WideCharToMultiByte` `GetVersionExA` `CreateDirectoryA` `MulDiv` `Sleep` `GlobalFree` `GlobalUnlock` `GlobalLock` `GlobalAlloc` `GetDateFormatA` `GetTimeFormatA` `QueryPerformanceFrequency` `QueryPerformanceCounter` `GetComputerNameA` `GetVolumeInformationA` `FindFirstFileA` `GetDiskFreeSpaceA` `GetWindowsDirectoryA` `GetDriveTypeA` `FindResourceA` `ExpandEnvironmentStringsA` `GetEnvironmentVariableA`
USER32.dll	`LockWindowUpdate` `SetParent` `SetRect` `SetCursorPos` `CopyAcceleratorTableA` `DestroyAcceleratorTable` `CreateAcceleratorTableA` `LoadAcceleratorsW` `ToAsciiEx` `GetKeyboardState` `MapVirtualKeyExA` `GetKeyboardLayout` `CreateDialogIndirectParamA` `WaitMessage` `GetSystemMenu` `GetComboBoxInfo` `LoadMenuW` `TrackMouseEvent` `GetKeyNameTextA` `ReuseDDElParam` `UnpackDDElParam` `InsertMenuItemA` `BringWindowToTop` `MonitorFromPoint` `UpdateLayeredWindow` `IsMenu` `SetWindowRgn` `LoadImageW` `DrawStateA` `EnumDisplayMonitors` `SetLayeredWindowAttributes` `MapVirtualKeyA` `GetMenuDefaultItem` `CreatePopupMenu` `NotifyWinEvent` `LoadCursorW` `InvertRect` `HideCaret` `EnableScrollBar` `GetAsyncKeyState` `MessageBeep` `GetNextDlgTabItem` `GetIconInfo` `IsRectEmpty` `SetRectEmpty` `DrawFocusRect` `WindowFromPoint` `ReleaseCapture` `GetNextDlgGroupItem` `CharUpperA` `DestroyIcon` `DeleteMenu` `ShowOwnedPopups` `CopyImage` `DestroyMenu` `GetWindowDC` `TabbedTextOutA` `GrayStringA` `DrawTextExA` `RemoveMenu` `AppendMenuA` `InsertMenuA` `GetMenuState` `GetMenuStringA` `RealChildWindowFromPoint` `GetDesktopWindow` `ClientToScreen` `SendDlgItemMessageA` `GetMonitorInfoA` `MonitorFromWindow` `WinHelpA` `GetScrollInfo` `SetScrollInfo` `LoadIconW` `SetWindowsHookExA` `GetWindow` `GetTopWindow` `GetClassLongA` `EqualRect` `CopyRect` `RemovePropA` `ShowScrollBar` `GetScrollRange` `SetScrollRange` `GetScrollPos` `SetScrollPos` `ScrollWindow` `RedrawWindow` `ValidateRect` `GetForegroundWindow` `SetActiveWindow` `GetMenuItemCount` `GetMenuItemID` `SetClassLongA` `GetCapture` `GetKeyState` `GetDlgCtrlID` `IsChild` `IsWindow` `GetClassInfoExA` `GetClassInfoA` `RegisterClassA` `GetMessageTime` `GetMessagePos` `PeekMessageA` `RegisterWindowMessageA` `GetLastActivePopup` `GetWindowThreadProcessId` `IsWindowEnabled` `UnhookWindowsHookEx` `LoadBitmapW` `GetMenuCheckMarkDimensions` `SetMenuItemBitmaps` `GetFocus` `DrawIconEx` `EnableMenuItem` `CheckMenuItem` `SetCapture` `EmptyClipboard` `RegisterClipboardFormatA` `SetClipboardData` `CloseClipboard` `OpenClipboard` `DrawEdge` `IsDialogMessageA` `LoadStringA` `LoadIconA` `CheckMenuRadioItem` `GetClassNameA` `EnumChildWindows` `GetParent` `SetWindowLongA` `GetWindowLongA` `PtInRect` `UnionRect` `FrameRect` `ChildWindowFromPoint` `MapWindowPoints` `ScreenToClient` `GetCursorPos` `MessageBoxA` `AdjustWindowRectEx` `GetClientRect` `GetWindowTextLengthA` `GetWindowTextA` `GetPropA` `SetPropA` `InvalidateRect` `EndPaint` `BeginPaint` `SetForegroundWindow` `UpdateWindow` `SetMenuDefaultItem` `SetMenuItemInfoA` `GetMenuItemInfoA` `TrackPopupMenu` `GetSubMenu` `GetMenu` `LoadMenuA` `TranslateAcceleratorA` `LoadAcceleratorsA` `EnableWindow` `KillTimer` `SetTimer` `GetActiveWindow` `SetFocus` `IsDlgButtonChecked` `CheckRadioButton` `CheckDlgButton` `GetDlgItemTextA` `SetDlgItemTextA` `DialogBoxParamA` `CreateDialogParamA` `IsZoomed` `IsWindowVisible` `EndDeferWindowPos` `DeferWindowPos` `BeginDeferWindowPos` `SetWindowPlacement` `SetWindowPos` `MoveWindow` `GetDoubleClickTime` `CopyIcon` `ModifyMenuA` `CharUpperBuffA` `DrawMenuBar` `DefFrameProcA` `DefMDIChildProcA` `TranslateMDISysAccel` `IsClipboardFormatAvailable` `GetUpdateRect` `ShowWindow` `DestroyWindow` `CreateWindowExA` `RegisterClassExA` `CallWindowProcA` `PostQuitMessage` `DefWindowProcA` `PostMessageA` `DispatchMessageA` `TranslateMessage` `GetMessageA` `DrawFrameControl` `DrawIcon` `GetWindowRgn` `DestroyCursor` `MapDialogRect` `SetMenu` `CreateMenu` `DrawTextA` `PostThreadMessageA` `GetUserObjectInformationA` `GetProcessWindowStation` `SystemParametersInfoA` `LoadImageA` `OffsetRect` `SubtractRect` `IntersectRect` `FillRect` `SetSysColors` `GetSysColor` `GetWindowRect` `ReleaseDC` `GetDC` `GetSystemMetrics` `IsIconic` `GetWindowPlacement` `LoadCursorA` `InflateRect` `GetSysColorBrush` `SetCursor` `SetWindowTextA` `GetDlgItem` `EndDialog` `DialogBoxIndirectParamA` `SendMessageA` `CallNextHookEx` `IsCharLowerA`
GDI32.dll	`SetBkColor` `ExtTextOutA` `DPtoLP` `GetPixel` `PatBlt` `CopyMetaFileA` `CreateDCA` `CreateHatchBrush` `CreatePatternBrush` `CreateRectRgn` `Escape` `ExcludeClipRect` `GetObjectType` `GetViewportExtEx` `GetWindowExtEx` `IntersectClipRect` `PtVisible` `RectVisible` `RestoreDC` `SaveDC` `SelectClipRgn` `ExtSelectClipRgn` `SetLayout` `GetLayout` `SetPolyFillMode` `SetROP2` `SetTextAlign` `TextOutA` `SetViewportExtEx` `SetViewportOrgEx` `CreateFontIndirectA` `GetMapMode` `OffsetViewportOrgEx` `OffsetWindowOrgEx` `ScaleViewportExtEx` `ScaleWindowExtEx` `GetTextExtentPoint32A` `CombineRgn` `CreateRectRgnIndirect` `SetRectRgn` `GetNearestPaletteIndex` `GetBkColor` `GetTextMetricsA` `CreateDIBitmap` `EnumFontFamiliesA` `GetTextCharsetInfo` `CreateEllipticRgn` `UpdateColors` `GetTextColor` `CreatePolygonRgn` `Polygon` `Polyline` `Rectangle` `EnumFontFamiliesExA` `GetRgnBox` `OffsetRgn` `CreateRoundRectRgn` `RoundRect` `FrameRgn` `PtInRegion` `SetPixelV` `ExtFloodFill` `SetPaletteEntries` `FillRgn` `GetBoundsRect` `GetWindowOrgEx` `LPtoDP` `GetViewportOrgEx` `GetTextFaceA` `EnumFontsA` `CreateFontA` `CreateBitmap` `SetWindowOrgEx` `MoveToEx` `SetPixel` `LineTo` `CreatePen` `GdiFlush` `UnrealizeObject` `GetDCOrgEx` `SetBrushOrgEx` `GetObjectA` `SetDIBColorTable` `CreateDIBSection` `SetStretchBltMode` `StretchBlt` `SetBkMode` `SelectPalette` `SelectObject` `RealizePalette` `GetSystemPaletteEntries` `GetPaletteEntries` `GetNearestColor` `GetDIBits` `GetClipBox` `DeleteObject` `DeleteDC` `CreateSolidBrush` `CreatePalette` `CreateCompatibleDC` `CreateCompatibleBitmap` `BitBlt` `EndPage` `StartPage` `EndDoc` `SetTextColor` `Ellipse` `GetStockObject` `StartDocA` `SetWindowExtEx` `GetDeviceCaps` `SetMapMode`
WINSPOOL.DRV	`OpenPrinterA` `ClosePrinter` `DocumentPropertiesA`
COMDLG32.dll	`ChooseColorA` `GetSaveFileNameA` `GetOpenFileNameA` `PrintDlgA` `CommDlgExtendedError`
ADVAPI32.dll	`RegSetValueA` `RegEnumKeyA` `RegEnumValueA` `RegDeleteKeyA` `RegCreateKeyExA` `StartServiceA` `StartServiceCtrlDispatcherA` `SetServiceStatus` `RegisterServiceCtrlHandlerA` `QueryServiceStatus` `OpenServiceA` `OpenSCManagerA` `DeleteService` `CreateServiceA` `CloseServiceHandle` `CreateProcessAsUserA` `ImpersonateLoggedOnUser` `FreeSid` `AllocateAndInitializeSid` `EqualSid` `GetTokenInformation` `OpenProcessToken` `RevertToSelf` `RegDeleteValueA` `RegEnumKeyExA` `GetUserNameA` `RegOpenKeyExA` `RegSetValueExA` `RegQueryValueExW` `RegQueryValueExA` `RegOpenKeyA` `RegCreateKeyA` `RegCloseKey`
SHELL32.dll	`DragFinish` `ShellExecuteA` `Shell_NotifyIconA` `SHChangeNotify` `SHGetFileInfoA` `SHBrowseForFolderA` `SHAppBarMessage` `DragQueryFileA` `SHGetDesktopFolder` `SHGetSpecialFolderLocation` `SHGetPathFromIDListA`
ole32.dll	`RevokeDragDrop` `RegisterDragDrop` `CoLockObjectExternal` `OleGetClipboard` `IsAccelerator` `OleTranslateAccelerator` `OleDestroyMenuDescriptor` `OleCreateMenuDescriptor` `OleLockRunning` `DoDragDrop` `CoInitializeEx` `ReleaseStgMedium` `OleDuplicateData` `CoTaskMemFree` `CoTaskMemAlloc` `CoDisconnectObject` `OleInitialize` `CreateILockBytesOnHGlobal` `StgCreateDocfileOnILockBytes` `CreateStreamOnHGlobal` `OleRun` `CoCreateInstance` `CoUninitialize` `CoInitialize`
OLEAUT32.dll	`SysAllocString` `SafeArrayGetUBound` `SafeArrayGetLBound` `SysStringLen` `OleLoadPicture` `SysAllocStringLen` `LoadTypeLib` `VariantTimeToSystemTime` `VariantChangeType` `SafeArrayGetElement` `GetErrorInfo` `VariantCopy` `VarBstrFromDate` `VariantClear` `VariantInit` `SystemTimeToVariantTime` `SysAllocStringByteLen` `SysStringByteLen` `SysFreeString`
MSIMG32.dll	`AlphaBlend` `TransparentBlt`
SHLWAPI.dll	`PathRemoveFileSpecW` `StrFormatKBSizeA` `PathStripToRootA` `PathIsUNCA` `PathFindExtensionA` `PathFindFileNameA`
UxTheme.dll	`DrawThemeParentBackground` `OpenThemeData` `CloseThemeData` `DrawThemeBackground` `GetThemeColor` `GetCurrentThemeName` `IsAppThemed` `IsThemeBackgroundPartiallyTransparent` `GetThemeSysColor` `GetWindowTheme` `GetThemePartSize` `DrawThemeText`
OLEACC.dll	`AccessibleObjectFromWindow` `LresultFromObject` `CreateStdAccessibleObject`
gdiplus.dll	`GdipBitmapLockBits` `GdipCreateBitmapFromScan0` `GdipCreateBitmapFromStream` `GdipGetImagePaletteSize` `GdipGetImagePalette` `GdipGetImagePixelFormat` `GdipBitmapUnlockBits` `GdipGetImageWidth` `GdipGetImageGraphicsContext` `GdipDisposeImage` `GdipCloneImage` `GdiplusStartup` `GdipFree` `GdipAlloc` `GdiplusShutdown` `GdipDeleteGraphics` `GdipDrawImageI` `GdipCreateBitmapFromHBITMAP` `GdipCreateFromHDC` `GdipSetInterpolationMode` `GdipGetImageHeight` `GdipDrawImageRectI`
IMM32.dll	`ImmGetContext` `ImmGetOpenStatus` `ImmReleaseContext`
WINMM.dll	`PlaySoundA`

Delayed Imports

HELP

Type	`DLL`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1d44c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.04018`
Detected Filetype	RTF Document
MD5	`5ed708a863256dcbf0087d0c522ead5e`
SHA1	`6016ff31d10d570cadf1782535987fdb8378d9ca`
SHA256	`ff221dabc4d32b661277c3ac8d13d4a4ecd230ebf90ff30e81fdf9717dab0a5e`
SHA3	`9a6d643f2aeacff1353032efc22670b78d2d945cc6c917d68055d89f6f4c1bc6`

CREATEPROCESS_MANIFEST_RESOURCE_ID

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4ef`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.11664`
MD5	`853adc9385703cc80a6b96dae7005f76`
SHA1	`89d3bce5ddea88f39cf2121ec61f1b6ec5eddfb8`
SHA256	`246d7d62cb2ff66e6aad0f88dfdf479dbcdb4b45928bbcbe4cc2fba926c478c7`
SHA3	`cf0594d22a70940dfb995ead45c37a451599f21e2420634642a24269ad8b838a`

1

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.63332`
MD5	`0452715d3e18af5d09651ea978666782`
SHA1	`3c77ce2e19da9461154ac8d58f571b5c7626cd01`
SHA256	`e824feebd658ad65c6a2a0992f3bd199643864a73d47c09a340529f9c3d208a1`
SHA3	`a364aa9f212054d5d2b23d4676ac7a8a56ddd897aa3691939dff9ef56056e065`

106

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.85733`
MD5	`897f23ab017a26206705c3eadc04647b`
SHA1	`4122327438d6d51fa07b5c7f7e53076a0882a9b5`
SHA256	`7818a206cbe114a4feb5efb5270b023a351d080e78b8cae3002bfc146228ebdf`
SHA3	`f2b9adcda667b4bd4d79bf734752321a4d6584b2eeb8c3bc5108190141d51945`
Preview

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.5588`
MD5	`44b2c91abc69f8031dd87ca6ba5e89ab`
SHA1	`3d290e504ec9f444d546e6bbdfe245112a348c67`
SHA256	`b2e7a962080b4cf17e031c6ebf6cf7c48430d8f6abc7c1fd2de410e625d60f22`
SHA3	`f3acf64f521e567202b1b3e0aa6975c5377777d4bb9608160afbd7d154f64a14`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.5967`
MD5	`9950f8ce43ee99464a8823661a9e5579`
SHA1	`3e991d55e318e9190f9cf38b29b54e96d691c858`
SHA256	`592dc20a9e9c996c7f0c5414d37ad87db2fffe9fd04d531ada1a1c6aeb35dfa3`
SHA3	`bbeb19339cebcede8f08078425d0477416b7de890e34d701c2691a775a06e5b9`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.1773`
MD5	`be28a2fb84e1c28701f912d702624093`
SHA1	`96456e531e7e007b935200af13aa9d0d3d28b1b4`
SHA256	`1a1e2231cfcf176d0a19da06267cb70d90282c7cdf8baaea1c3a6700a0484247`
SHA3	`4ff921f981454ef5a4e2e57fee256c253f70b2bf7f2494e0daa4707370d465fd`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.4187`
MD5	`900105d919acbfa40f3b730234b5bfbd`
SHA1	`5c5fd1ac0763d0f775d7de0fb9e0d681e9aec72c`
SHA256	`38c7d0fe51719750dde910542afeb7b0d2f874a0819a4c5081117a80a9af7318`
SHA3	`42c814f69b16b3abb0fb2c39b56cd01f4289b340cbe211730122c8687ca5a59a`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.63265`
MD5	`348e48af352e6e9c3e5932f741b5d94f`
SHA1	`ef5efc9e3ff6bd7f7e3851c97b0a2b58f01978ec`
SHA256	`960faa27fa7ab98df58066177abe1a3c7f8dfde37caabaeda4addcaa44737eaa`
SHA3	`5377776780cd8ba4783ed6fd922074939da43bb03b4ac58754eeddd4e1dff3c3`

Type	`RT_MENU`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4da`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.30419`
MD5	`16c17493761335abf36b145d7d84cf04`
SHA1	`488b9b7b25161a43741aca25d843a4d26f0d8f70`
SHA256	`4d412df9f998ae2b84f342f75f13ee6785bb8c357cf4c2bbee345e1fb0088886`
SHA3	`35cfbb592c97d79ac929a8d4451337c34c08a7dbf1701cafd292a2ec3ead4270`

NOTIFICATION

Type	`RT_MENU`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.84043`
MD5	`01eff18cdf74a9605a1faf64603daaa9`
SHA1	`9b17a427f36278a7a7d593ba419571049e63a006`
SHA256	`325b171ef76e1a2bf957ab2a5fc26a82febee95e3b81276cf96231756aa57ee4`
SHA3	`a917065c2e5e06dc65fa67feede4ce1ebbe2b53d790c4bd1890cf3f47f6b0329`

ABOUT

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x18e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.27978`
MD5	`b295dc8009de92445a8af482603614c4`
SHA1	`0653bc863b3e9e8d295302ad17feebac00d6de46`
SHA256	`3e142f22de8b55c5c45e04744652b7633b2e5c2584bad6e4128e13851c5a0d56`
SHA3	`c1990f2ca6952f0e36e4d4d9158dcf73ed303dc4b152ad2929a56d81c68fe7d8`

BACKGROUND

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3cc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.54169`
MD5	`1a80b7f34d191211abd649ff5c60c741`
SHA1	`a6afa6131f3361f8b797a846cae3d9246f6aff15`
SHA256	`80afdd00a90034099d368dbbad7aa7d435f63764db027be675a77f7e4d2eade1`
SHA3	`e8097cfb8737acd955d8ad5d8390517f786777ec2e1122061fa4b661c457ac58`

DATABASE

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x742`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.45281`
MD5	`31de18a6da5e68a92eb18ab6053bc061`
SHA1	`4afa219b9695cc8891acb3a8fae92be6b4b9033f`
SHA256	`5828ae3dc0b026b9c2d24ccbf18e57ea79e77e1b2e498a38e49c332402434c78`
SHA3	`078ca91c82a860597c660b022c6604df4c48b5229c3ed4a3f6e9a8af8430a11c`

DEFINEFIELD

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x418`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.28489`
MD5	`ac2071762bc9134e8f57daf03c3e1ffc`
SHA1	`c6bf29477c7d8fa643a4a231e686712196d355a0`
SHA256	`712c0d8478c6f476c9a136f265ac78f992981f13a93948177c5325afa3c3c5ba`
SHA3	`22b57a7e332ea853d5c81dd61654797ecc9454ca983b9ac35459f9a758a4335f`

DESKTOPS

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x400`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.47649`
MD5	`94c6ea8acd6a2b24911629afb5d24891`
SHA1	`2a504515727a39aa254b81b09ed43717463a4434`
SHA256	`fcf10db53eabe984826c46850eb3f8bf5d71cd796159d4591323da5b13398301`
SHA3	`f681fe1e27901c05c399dd01685844f021f13584b6696d8d8576f43b9bc0af34`

ENVSTRINGS

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x118`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.19745`
MD5	`4ca631325fe01476a82f816e6c16ea10`
SHA1	`58e8b5c0263dca5ad53a23122a0acd5316213ce8`
SHA256	`0fc21b89aa50e517a67568b1d0c2221ea4ced32e9381cdfc85c1d0bb61b4e65d`
SHA3	`6687c9042af0de2cdda10f73c89da534cbbe3ef6bd35c1cda2a92e74e1089e8f`

HELP (#2)

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xb8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.07797`
MD5	`1d206c5f3ee5c2e51a20cae0cfa555e4`
SHA1	`fbc8e8c2e608e83b8abd602f21d520bc2092dd47`
SHA256	`a081a38f5a254467e7b6cfe554e0755eced4b1fe3f4d6b46d5fb7fc33ba330b5`
SHA3	`47b55a547156b97d00970b367ec25919224fc61c1144e656cd89b4d25866ee02`

MAIN

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x348`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.35248`
MD5	`321b962ef9bbd93cec192b7eb6294965`
SHA1	`bdb5ca2a7b86fb60b635061abad43e635a006b07`
SHA256	`33c0eb14347b02c13c83bec825ab9237109ed7cc264b3b463821b489940897a9`
SHA3	`a21f70df6f9298a8da0dc882e83295e19b65527597e502441a08b1a9200dea10`

MULTIMON

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3c2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41891`
MD5	`d993f59c8ce2b368384273f4ccbaf52e`
SHA1	`9120192140f299a6555a6666de1372c6fd9683ad`
SHA256	`bdf5a462e143dec9f9196320c028e5f0f669475e68ea4235fbe09104ad0d2ff0`
SHA3	`8ad528b11eb213be3c1f4771cf2ca51b4c8f4ac52ed428b37d608b8f471220a3`

OPTIONS

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x71a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.37428`
MD5	`2ea3302f950913ccc631c644e3dad4b0`
SHA1	`d59b3e67f925ce917df942545a4cb57b94bd426f`
SHA256	`b31bb388e840b2328e5217d34c8b740f20fe01c7e27825b5bd02bfbba4aede88`
SHA3	`bcb837637dec2534b56e90d061f398cd9dd4658e33742448b60eaa9ea53cf4c0`

OUTPUTFILE

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2d8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.2418`
MD5	`ebaa2c23718272c81680621c7d9c6b1f`
SHA1	`590f7686b64d0e7b8491046f6347d79732bb42bb`
SHA256	`5dc60076ef5fbd32d5be9a7522c8fa633edcf01851fe26aee2849b6c0613b1f0`
SHA3	`1d96990424017a522e0268798454cc7162034794099e36294ee0fe15128380f9`

POPUP

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.7888`
MD5	`b3290fddae3fd4ca2de2112db9e43057`
SHA1	`e936738ae3c905a65faa1a56a8582d5fd09edf25`
SHA256	`fd4c6beec520c32c63933bffd2e4a7423d0cb121ea0e805507182e5509c17bee`
SHA3	`df4ccf7fcbdda52f76eb5cb5306c089c71aa7d275078cc74d09c51cd01e8911d`

POSITION

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x362`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.45324`
MD5	`3f49bfbc300a035706f560538f68cdaf`
SHA1	`b20ca013e9c07672f3042be0e37b77ac87f7c32f`
SHA256	`2d20773451d55351cce371012ccdadaa0d2593a9dddcd5738f4f0470cb1dfe6d`
SHA3	`8c4e4e0efe8934dd2ecd9f252941c89294e43f93b6772763cf3eb41ef8921ac1`

REGISTRYEXAMPLE

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2c6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.44749`
MD5	`1b6e60ff765ed0b3de06dab2a84b9073`
SHA1	`0ebea3b521e27ef5e34656a7f6ecef58c3864972`
SHA256	`4279184b067019fd9da51b6079fc98e80babeb2759cc6cb943fa181dce52a784`
SHA3	`06c419ddcd38ff4e088747d4cc6fecbc7039568db9ee61f0c54abdf4010292b9`

SELECTCOLOR

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4e2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.92128`
MD5	`833efb0d9452d753f178c6bfc1cc4cf6`
SHA1	`57efa011f10b0dff67dcb65ac947ff4e8085224f`
SHA256	`eb9395b7be1e1f7e38514b915417ef7042608b41e35f8ffbcc8e27cc8e3d6d8e`
SHA3	`ad19a76108a903364c23dfb8da8341621546f0d24a0c86c3c046c96eecfcc9ea`

USERFIELDS

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2de`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.43996`
MD5	`006b70d5b76120e56955cc3bb23d55af`
SHA1	`ecc159da1ef6efd6f485e43b0c81e48db982affd`
SHA256	`268fa928cfde92f53d89d070bd6db664d0b973688407f096fe19319a7a3d69da`
SHA3	`7a189c917c4b377af8987e814ca346b5b16511fbbf60b35e505ba8312988b270`

WMIQUERY

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2b0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.4944`
MD5	`be53ab8b8e6079c2d956257d820366cd`
SHA1	`92c6b1a15549e87e5b6052d26a038e8772e8aad4`
SHA256	`cf507ba9ebbadaeb75d36f17db131326727b67309edae0dc363c5405a5bfa060`
SHA3	`ba7be1e1a6e709b155342d8462f5132843093fe28d058835f6bac9ea0a409746`

7

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.0333`
MD5	`57835ba55b7c2e53ddbdca68ecb5550a`
SHA1	`298ae905b65e1fa840c264c49319e87f68bb96af`
SHA256	`4c6703de683c7a6f758a19192b1d2a7d6f7d3d272c4cbffe6be7cdbe21fc09f5`
SHA3	`41b26801f9c7e8aac818452391e725ca7bc46d146ff1bff90128880cb3fd64c3`

8

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.913334`
MD5	`8ef5a7e98e03f2013d53e5b4c61c2fe1`
SHA1	`c2b8b3942517f59d6fae49276532b008b530a8b8`
SHA256	`45815cca1d41c78f1cbfcc302e5dfa18a142f66005513a387f0523c6fd8af58b`
SHA3	`566074b153999cb151c89b171c9bde99815c6beac8e5ae84bbcafca1c6c50f4e`

2501

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x50`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.12794`
MD5	`b6b858015f0732483e5c739b6dc0d186`
SHA1	`93ffd452b9f443b4856cbfc93149cf519e6d7c17`
SHA256	`83983c712fb33d21244e3da64bc8f141eb3d7e4982f75b4af37183f6d172732a`
SHA3	`b07b2dd1da0ae03d4d3069105b19c31bf0634bb758877f0d0c63f9f3e2ced041`

2502

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x62`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.67672`
MD5	`c8996a08699eebc9a26de727a4d83860`
SHA1	`ac7707bc3af80dd8105d98c3e4f907c8438cea3f`
SHA256	`a3be61cd9bfe8093e2be34773b633f8f829273d60a2e43ee923ccc9a6c6a18c8`
SHA3	`6b92dc19c8d60a72a1458750f46162507e0c105c64cab0a17e0a0c4c76a4b6a7`

ACCELERATORS

Type	`RT_ACCELERATOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x58`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.88724`
MD5	`7cd409a46c43b3d3fb5c7a83f17c019d`
SHA1	`17b1af892174bbb20cf51d0c4704c233724c59f9`
SHA256	`badedb7e0cd89963c3bb3b06a85d8018d850dd386234a4561e91ae16cf5d9ce5`
SHA3	`8c02913dda901d8220c6ee0c1e1f09c2f459630ac85e54fa76f19e5f668958ba`

HAND

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.83876`
Detected Filetype	Cursor file
MD5	`a2baa01ccdea3190e4998a54dbc202a4`
SHA1	`e8217df98038141ab4e449cb979b1c3bbea12da3`
SHA256	`c53efa8085835ba129c1909beaff8a67b45f50837707f22dfff0f24d8cd26710`
SHA3	`8874564c406835306368adf5e869422e1bb97109b97c1499caa8af219990e8dc`
Preview

APPICON

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.49212`
Detected Filetype	Icon file
MD5	`3d9b6f2e230f6e2372f571c6aeff64db`
SHA1	`5a07be692e86a1a97ec729850e15e2f59821e350`
SHA256	`964821077a83e8421611640447b603a6e6460bc2882a3a458107211a19cb41f5`
SHA3	`66e852342c4e1256a9bd224ca5bb33f430add4f1e4520bc1259f2f3336b3a569`

APPICON1

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.32322`
Detected Filetype	Icon file
MD5	`ce9c092856a8bcd1503927da430e18e7`
SHA1	`8eecabfe2727710867c6b7223b32f490b1caf133`
SHA256	`483aa261cce96256ff045257f2834d1cc43b6194f5d30533c0f18776aa7367f2`
SHA3	`203afac5a8b0c87581e30850450c0d112d2c7172b934b0bb67b442dd0f8a918e`

APPICON2

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.22322`
Detected Filetype	Icon file
MD5	`e113b50b534c1cf282bd8b50aa427dfe`
SHA1	`65f4cefce100e60fb5f37ee84f6c6079d8925964`
SHA256	`70c44df2204ba02cef387313aed59a095724ba4b8e0213b68e41418b1236e140`
SHA3	`889cd611ad8ce301ece0cff36f29c125c2350dba0106a153bf46ba8007f345cf`

TABICON

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.02322`
Detected Filetype	Icon file
MD5	`80b5fb843e4741ebe4a3330dcb8335ee`
SHA1	`27fbd9866c0d698196dda872f9bb2fe3dc26e086`
SHA256	`ebd302bcd1b84ecbb03112dca0827fd62e584e470e2e37f0e350ea9e1ca68c9c`
SHA3	`b864aa05e16b6f6e3e56655fc88ee2552c443689696138b46f3d7b0a7e17b19e`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2fc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.37124`
MD5	`8f27495768c8087cd9446d64db2418e8`
SHA1	`feab3c648e7de1bdab484c0dab367c15c9bd346c`
SHA256	`87915793175a2f2b31188095e72d64eaaa9714e690e07e27e7b68a675ef8052f`
SHA3	`eab91f89dd2a86202ba29e4de561b5cb562e378b075fda27f21e94d2966ad83d`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4ef`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.11664`
MD5	`853adc9385703cc80a6b96dae7005f76`
SHA1	`89d3bce5ddea88f39cf2121ec61f1b6ec5eddfb8`
SHA256	`246d7d62cb2ff66e6aad0f88dfdf479dbcdb4b45928bbcbe4cc2fba926c478c7`
SHA3	`cf0594d22a70940dfb995ead45c37a451599f21e2420634642a24269ad8b838a`

String Table contents

Bullet
Color
Align Left
Align Centered
Cut
Bold
Italic
Underline
Align Right

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	4.21.0.0
ProductVersion	4.21.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Sysinternals
FileDescription	BGInfo - Wallpaper text configurator
FileVersion (#2)	4.21
InternalName	BGInfo
LegalCopyright	Copyright © 2000-2014 Mark Russinovich
OriginalFilename	Bginfo.exe
ProductName	BGInfo
ProductVersion (#2)	4.21

Resource LangID	English - United States

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x5ad3f0`
SEHandlerTable	`0x5975e0`
SEHandlerCount	`876`

RICH Header

XOR Key	`0x4b3d24e2`
Unmarked objects	`0`
C++ objects (VS2008 SP1 build 30729)	`1`
C objects (VS2008 SP1 build 30729)	`15`
Imports (VS2008 SP1 build 30729)	`43`
Total imports	`854`
C++ objects (VS2013 build 21005)	`81`
ASM objects (VS2013 build 21005)	`49`
C objects (VS2013 build 21005)	`194`
C++ objects (20806)	`318`
C objects (VS2013 UPD4 build 31101)	`1`
C++ objects (VS2013 UPD4 build 31101)	`20`
Resource objects (VS2013 build 21005)	`1`
151	`1`
Linker (VS2013 UPD4 build 31101)	`1`

48fc329ea410c3244461c907f7971a83

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

HELP

CREATEPROCESS_MANIFEST_RESOURCE_ID

1

106

2

3

4

5

6

MENU

NOTIFICATION

ABOUT

BACKGROUND

DATABASE

DEFINEFIELD

DESKTOPS

ENVSTRINGS

HELP (#2)

MAIN

MULTIMON

OPTIONS

OUTPUTFILE

POPUP

POSITION

REGISTRYEXAMPLE

SELECTCOLOR

USERFIELDS

WMIQUERY

7

8

2501

2502

ACCELERATORS

HAND

APPICON

APPICON1

APPICON2

TABICON

1 (#2)

1 (#3)

String Table contents

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors