4bf28f0b6a5b20681a1378a0d8afe694

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2007-May-25 14:27:07
Detected languages English - United Kingdom
FileVersion 3, 2, 4, 9
CompiledScript AutoIt v3 Script : 3, 2, 4, 9

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 7.1
Microsoft Visual C++ 6.0 - 8.0
MASM/TASM - sig1(h)
Suspicious Strings found in the binary may indicate undesirable behavior: Is an AutoIT compiled script:
  • AutoIt Error
  • reserved for AutoIt internal use
Info Cryptographic algorithms detected in the binary: Uses constants related to MD5
Uses known Mersenne Twister constants
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryW
  • LoadLibraryExW
  • GetProcAddress
  • LoadLibraryA
 Functions which can be used for anti-debugging purposes:
  • FindWindowW
 Code injection capabilities:
  • OpenProcess
  • WriteProcessMemory
  • VirtualAlloc
 Code injection capabilities (PowerLoader):
  • GetWindowLongW
  • FindWindowW
 Can access the registry:
  • RegEnumValueW
  • RegDeleteValueW
  • RegDeleteKeyW
  • RegSetValueExW
  • RegCreateKeyExW
  • RegEnumKeyExW
  • RegCloseKey
  • RegQueryValueExW
  • RegOpenKeyExW
  • RegisterHotKey
 Possibly launches other programs:
  • CreateProcessW
  • ShellExecuteW
 Can create temporary files:
  • GetTempPathW
  • GetTempPathA
  • CreateFileA
  • CreateFileW
 Uses functions commonly found in keyloggers:
  • AttachThreadInput
  • MapVirtualKeyW
  • GetForegroundWindow
  • GetAsyncKeyState
 Memory manipulation functions often used by packers:
  • VirtualProtect
  • VirtualAlloc
 Functions related to the privilege level:
  • AdjustTokenPrivileges
  • OpenProcessToken
 Interacts with services:
  • OpenSCManagerW
 Enumerates local disk drives:
  • GetDriveTypeW
  • GetVolumeInformationW
 Manipulates other processes:
  • OpenProcess
  • WriteProcessMemory
  • ReadProcessMemory
 Can take screenshots:
  • BitBlt
  • CreateCompatibleDC
  • GetDC
  • FindWindowW
 Reads the contents of the clipboard:
  • GetClipboardData
 Can shut the system down or lock the screen:
  • ExitWindowsEx
Suspicious The file contains overlay data. 3113 bytes of data starting at offset 0x68c00.
The overlay data has an entropy of 7.94183 and is possibly compressed or encrypted.
Malicious VirusTotal score: 5/68 (Scanned on 2024-10-01 19:58:54) Cylance: Unsafe
Elastic: malicious (high confidence)
FireEye: Generic.mg.4bf28f0b6a5b2068
Kingsoft: malware.kb.a.987
Trapmine: malicious.moderate.ml.score

Hashes

MD5 4bf28f0b6a5b20681a1378a0d8afe694
SHA1 f606479738c2e8dbb67cd9998dc35c830425c559
SHA256 cf6b9d70a6b10490407df35b3fb8968de048328614171ab5c9de51d7638eed3a
SHA3 a760d1fcdce5f65de13d118a6cd2e68ea2c55d2a52b0c3b0a61977549217cce5
SSDeep 6144:94v4sIND/AB4jYWoyGN2Ik5AfPjFWFNAy/7+dOYG+/Wi+3I:WABhABEXotkI0A8AyzKOce4
Imports Hash 4b90ccbbc6da0baeb455b5c715000e88

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x110

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2007-May-25 14:27:07
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 7.0
SizeOfCode 0x57400
SizeOfInitializedData 0x2c800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0004BE98 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x59000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x86000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 bc894a6765d6f124be58ebcdcd3a7f98
SHA1 c258cf20f637405c35bc0834d5556e494fa9025e
SHA256 33da9cbd6ada3843570e733cedbe4e6ae2578f551a137d8fe6a4cdd22b87509d
SHA3 1c30cb26eee6636e29c67a3723a2b75847c16ec829926f8e9535c9d60a977c9a
VirtualSize 0x573a7
VirtualAddress 0x1000
SizeOfRawData 0x57400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.62976

.rdata

MD5 544a51546eeaec1f8b6fef255d861767
SHA1 ea472d2390eb6c619254fe619052b2be16f900e1
SHA256 bab550bfca3abe07dd45fca9ad7dc8907b7d216cdad13a19a4deac2812771dd8
SHA3 cbc0612dcc99dd5222a56cf1e4bd69e5623b4d616960a8f29ff6ea2b5a3b62c4
VirtualSize 0xbd9a
VirtualAddress 0x59000
SizeOfRawData 0xbe00
PointerToRawData 0x57800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.41544

.data

MD5 ee4624541522fff9a8824e447ed7a455
SHA1 f53cc53193e8c2fa0f3be2f3ab8eb0ef8240e0e3
SHA256 82ba1f073af47de266ac106d0888a801343fbbd4e55a5eb1809c7bcd183b67a8
SHA3 e046b2f0b6a8e9850228a027928d155f00c7ed5b4423ae6688854a5cfb8cb103
VirtualSize 0x1cbb4
VirtualAddress 0x65000
SizeOfRawData 0x2400
PointerToRawData 0x63600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.06037

.rsrc

MD5 a1d1b94101dc4946c92afbeed50f11f7
SHA1 404c4b3f150ad6c38d57501129dd508352373871
SHA256 878674b107a9678948f11e9609ee2a11604bb1a4b7cd8573b457fca3d8c10529
SHA3 f4e37073e4d7cb7e0c8ecb4456b219a80133f058c7774b00232790a864240dae
VirtualSize 0x4000
VirtualAddress 0x82000
SizeOfRawData 0x3200
PointerToRawData 0x65a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.75006

Imports

KERNEL32.DLL QueryPerformanceCounter
QueryPerformanceFrequency
UnmapViewOfFile
OpenProcess
CreateFileMappingW
MapViewOfFile
WriteProcessMemory
ReadProcessMemory
SetFilePointer
TerminateProcess
WaitForSingleObject
SetFileTime
GetFileAttributesW
FindFirstFileW
FindClose
DeleteFileW
FindNextFileW
lstrcmpiW
MoveFileW
CopyFileW
GetLastError
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
FindResourceW
LoadResource
LockResource
SizeofResource
EnumResourceNamesW
OutputDebugStringW
GetLocalTime
MultiByteToWideChar
WideCharToMultiByte
CompareStringW
InterlockedIncrement
InterlockedDecrement
FormatMessageW
GetExitCodeProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetModuleHandleW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
DeviceIoControl
SetFileAttributesW
GetShortPathNameW
GetEnvironmentVariableW
SetEnvironmentVariableW
SetProcessWorkingSetSize
GlobalMemoryStatus
Beep
GetComputerNameW
GetWindowsDirectoryW
GetSystemDirectoryW
GetTempPathW
GetCurrentProcessId
CreatePipe
DuplicateHandle
GetStdHandle
SetPriorityClass
WriteFile
GetFileType
PeekNamedPipe
SetLastError
GetTempPathA
GetTempFileNameA
DeleteFileA
CopyFileA
CreateFileA
GetModuleHandleA
ExitProcess
HeapFree
HeapAlloc
GetStartupInfoW
GetVersionExA
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
DeleteCriticalSection
HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
VirtualQuery
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
SetHandleCount
GetStartupInfoA
SetStdHandle
GetSystemInfo
GetCurrentProcess
GetVersionExW
GlobalFindAtomW
LoadLibraryW
LoadLibraryExW
GlobalFree
GlobalUnlock
ReadFile
GlobalLock
GlobalAlloc
GetFileSize
CreateFileW
CloseHandle
CreateProcessW
GetCurrentThreadId
Sleep
GetProcAddress
LoadLibraryA
FlushFileBuffers
LCMapStringA
LCMapStringW
FreeLibrary
GetModuleFileNameW
GetFullPathNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
ExitThread
CreateThread
ResumeThread
EnterCriticalSection
LeaveCriticalSection
RaiseException
GetTimeZoneInformation
GetModuleFileNameA
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
GetCPInfo
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
RtlUnwind
GetACP
GetOEMCP
InitializeCriticalSection
GetTickCount
InterlockedExchange
SetEndOfFile
CompareStringA
SetErrorMode
SetEnvironmentVariableA
ADVAPI32.dll RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
GetUserNameW
RegConnectRegistryW
RegEnumKeyExW
CloseServiceHandle
UnlockServiceDatabase
LockServiceDatabase
OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
COMCTL32.dll ImageList_Remove
ImageList_Destroy
ImageList_EndDrag
ImageList_DragLeave
ImageList_DragMove
ImageList_DragEnter
ImageList_BeginDrag
ImageList_SetDragCursorImage
ImageList_ReplaceIcon
ImageList_Create
InitCommonControlsEx
comdlg32.dll GetSaveFileNameW
GetOpenFileNameW
GDI32.dll PolyBezierTo
ExtCreatePen
StrokeAndFillPath
StrokePath
EndPath
SetPixel
CloseFigure
LineTo
AngleArc
MoveToEx
GetTextExtentPoint32W
CreateDIBSection
BitBlt
GetDIBits
CreateCompatibleBitmap
CreateDCW
GetTextFaceW
Ellipse
PolyDraw
BeginPath
Rectangle
SetViewportOrgEx
GetObjectW
DeleteDC
CreateCompatibleDC
CreateFontW
GetDeviceCaps
GetStockObject
SetBkMode
GetPixel
RoundRect
SetBkColor
SelectObject
CreatePen
CreateSolidBrush
DeleteObject
SetTextColor
MPR.dll WNetUseConnectionW
WNetGetConnectionW
WNetAddConnection2W
WNetCancelConnection2W
ole32.dll CreateStreamOnHGlobal
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
IIDFromString
StringFromIID
CLSIDFromString
OleInitialize
CreateBindCtx
CLSIDFromProgID
CoInitializeSecurity
CoCreateInstanceEx
CoSetProxyBlanket
StringFromCLSID
OleUninitialize
OLEAUT32.dll LoadRegTypeLib
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayAllocData
SafeArrayAllocDescriptorEx
SysAllocString
SafeArrayUnaccessData
SafeArrayAccessData
VarR4FromDec
VariantTimeToSystemTime
VariantClear
VariantCopy
VariantInit
OleLoadPicture
GetActiveObject
SHELL32.dll SHBrowseForFolderW
SHFileOperationW
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetMalloc
Shell_NotifyIconW
ExtractIconExW
DragFinish
DragQueryFileW
DragQueryPoint
ShellExecuteW
ShellExecuteExW
USER32.dll UnregisterHotKey
PeekMessageW
TranslateMessage
DispatchMessageW
GetMessageW
CharLowerBuffW
CharUpperW
OpenClipboard
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
CountClipboardFormats
EmptyClipboard
SetClipboardData
GetCursor
RegisterHotKey
GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
FlashWindow
GetWindowTextLengthW
SetMenuDefaultItem
SetMenu
CreateMenu
DeleteMenu
DestroyMenu
DrawMenuBar
SetMenuItemInfoW
GetDC
SetWindowPos
SetWindowLongW
RedrawWindow
wsprintfW
CharNextW
IsMenu
GetActiveWindow
LockWindowUpdate
CreateIconFromResourceEx
DestroyWindow
SetClassLongW
AdjustWindowRectEx
SetRect
SystemParametersInfoW
GetSystemMetrics
ReleaseDC
GetWindowDC
SetCursor
MessageBeep
VkKeyScanA
FillRect
SubtractRect
FrameRect
DrawTextW
DrawFocusRect
InflateRect
GetSysColor
CheckMenuRadioItem
GetMenuItemID
GetMenuItemCount
GetMenuItemInfoW
SetWindowTextW
ReleaseCapture
SetCapture
ClientToScreen
GetKeyState
WindowFromPoint
GetClientRect
TrackPopupMenuEx
GetCursorPos
IsDialogMessageW
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
ScreenToClient
InvalidateRect
GetWindowLongW
GetWindowThreadProcessId
AttachThreadInput
SendMessageTimeoutW
GetFocus
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
CreateIcon
SetForegroundWindow
IsIconic
FindWindowW
SetKeyboardState
GetKeyboardState
LoadImageW
keybd_event
GetWindowTextW
EnumChildWindows
CharUpperBuffW
GetClassNameW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
DefWindowProcW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
GetKeyboardLayoutNameA
MessageBoxW
LoadStringW
DialogBoxParamW
EndDialog
SendDlgItemMessageW
GetMenu
CopyRect
IsChild
GetWindow
GetNextDlgTabItem
GetClassWord
GetDlgItem
PtInRect
OffsetRect
LoadCursorW
GetSysColorBrush
GetForegroundWindow
DestroyIcon
EndPaint
BeginPaint
InsertMenuItemW
DrawFrameControl
CopyImage
GetAsyncKeyState
VERSION.dll GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
WINMM.dll waveOutSetVolume
timeGetTime
mciSendStringW
WSOCK32.dll __WSAFDIsSet
recv
send
socket
connect
closesocket
bind
select
accept
htons
sendto
recvfrom
ntohs
WSAGetLastError
ioctlsocket
WSACleanup
inet_addr
gethostbyname
WSAStartup
gethostname
listen

Delayed Imports

1

Type RT_ICON
Language English - United Kingdom
Codepage UNKNOWN
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.18785
MD5 b7ad1e1508a7e61baa9e0d15f8a7538a
SHA1 101b81b9cd6ad036c500e7d4bac292df9161ccc9
SHA256 7e63b5d1d58fd7a3702a3194754d471bbdf840f971980288c7cdd4e2492423e5
SHA3 316697d7e9ba6106b11fe4072d9312af1cbfe66966acb058ee17de51461a084d

4

Type RT_ICON
Language English - United Kingdom
Codepage UNKNOWN
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.66371
MD5 d6f27bf763eb666af934477958acf362
SHA1 f724ee386cda31b32b5c88e08b9abf562c016a57
SHA256 62ba0b2575098d4428c9a99bd060ef7572071698bf9d03b4bd430f5f691378e5
SHA3 6f4a250c7a91ddfcc872e14b8ed1e4aa33a5ebb3280f7d021b47aa46edfb9586

5

Type RT_ICON
Language English - United Kingdom
Codepage UNKNOWN
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.25499
MD5 ad424f5f5d5ff4460343686c61e4f75e
SHA1 29a1f0faadc42f1b9f9767d8c724fdc58dd165c8
SHA256 245fc49e4e955e1db3975b826dcf27ad2eb32a6831caa4cb6b501a3914bcfaa9
SHA3 4f3a627ee7d533397f7f5c70bb2dafa8857150e674cb31edd96949c7905de509

166

Type RT_MENU
Language English - United Kingdom
Codepage UNKNOWN
Size 0x50
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.68292
MD5 8140596ab00b98a11c13e6977d2d0977
SHA1 58abc231c2b5ac778a543a5dffcfabe867a6758d
SHA256 54f5e2ecbfc4f87380ca7466337676b99d0c4a21f806cf83f69fd48934c857ab
SHA3 7ccd3005ef4a3eccdb793d3b975a2f09338df5922357428238910610c0c59b70

1000

Type RT_DIALOG
Language English - United Kingdom
Codepage UNKNOWN
Size 0xfc
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.03986
MD5 08e5fdcbcb2ab21352c8fc0e05b07ddb
SHA1 25d4fcfaba7226a6b786bba3bcbad3ed7391b385
SHA256 7de7438fb4425f608109111fdce25be7d2381938f6c5984bcfb14b3b88e9c883
SHA3 90c82ad0c9f2d048ecb9664bee1556cb41f42f160749e3dec0bcdd28d05a8a5d

7

Type RT_STRING
Language English - United Kingdom
Codepage UNKNOWN
Size 0x598
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.31939
MD5 72ffeadf9891868d199d088704842ef6
SHA1 3dcf556aafb7dab9895cdc295382c195ddd06c12
SHA256 712800ff590c680fed9a2975b054bacb5c47ef1281ddfae4d8eaabf28292a564
SHA3 a0f0f136eed4f39f3d2e3ca5588f395dd3d93522360fa699873c6e955b76425d

8

Type RT_STRING
Language English - United Kingdom
Codepage UNKNOWN
Size 0x690
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.28624
MD5 51ebf59dba4e2b7083bc6c7119420181
SHA1 457a9ef64dd7f279b78396cad7839ee5c3b7bb86
SHA256 3f37dba0277dc704f072aaf3e740c2bee9ac04f79982fd41662dfc94e7bfda2e
SHA3 34df49c1d3ef91b4f878dd89581b90b98021694d83cb3c78586cbcef3730545b

9

Type RT_STRING
Language English - United Kingdom
Codepage UNKNOWN
Size 0x4ce
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.29473
MD5 ecc09cab7349a43055b6bf6784df82be
SHA1 1d57eed09abb5970045e4b37a34004106a45989f
SHA256 bde737e3274d48a74b108716c0e0940c28cb61da04e998cdb7f0b5615eeacfe2
SHA3 2a8301880da7512a3fd173f25d24a8beba557900f05e85e4859d07d86f516326

10

Type RT_STRING
Language English - United Kingdom
Codepage UNKNOWN
Size 0x5fa
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.31613
MD5 86a2a4fec293a0f805cc33b6a940db47
SHA1 fc69c068b996ec4192b6c4b002d67bd29fd5f9a7
SHA256 c368f679fa81d33cfbc768433ceacbae2094d9cec363a22a29d4c19f5570f644
SHA3 111c641fe5c58ade289a62fa3b3f94d84dcd75d4e31de1f15d529875b9076676

11

Type RT_STRING
Language English - United Kingdom
Codepage UNKNOWN
Size 0x572
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.22485
MD5 77e383d764900441746cb1045bf5c5a3
SHA1 a6457a78fe2d990d7954c729225736fb5a908fe1
SHA256 9a21e850a4202649ba3b17b6f19175edc3cd8d53be0b9a589bac67ae1112935a
SHA3 d2edc6d852b639c71a0ba8419d5a7667fe33c5859678e345cc820cb58e1e8ad9

12

Type RT_STRING
Language English - United Kingdom
Codepage UNKNOWN
Size 0x428
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.26362
MD5 39f0116ecce709931ddd644b02358a71
SHA1 7d3387c72372514696d816c2b26bbd695f29b267
SHA256 1de5e8949f9aa6e2d9600fddeb5a24dcd3eecca11ef6d9fa7475e39302018d99
SHA3 e4f1b0b56a13f11f028db9cc8636de2d15cfd149c5ef967d0927ef033f520991

161

Type RT_GROUP_ICON
Language English - United Kingdom
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.83321
Detected Filetype Icon file
MD5 716963c2a0dbd2423c1233c862ea0626
SHA1 314496dc16a379bae3275e26fe58239c3bc039fa
SHA256 ce779380320caaadd02d060188aaa21489ebdef69fef812c0d0f7300b8b4eccb
SHA3 ee2a107392fc59f84b6095f6ca1811665b1adbaecbae74ff14b085746ae4f058

164

Type RT_GROUP_ICON
Language English - United Kingdom
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.92322
Detected Filetype Icon file
MD5 e7c220fc6c844dbd7186f0f2016d8b7a
SHA1 04953c5c50b45158fcdbb41609f6da71df8ddeb2
SHA256 4849d8d44d61f01412f5dfab2c378386a26a8bc7b15f874a86e16009942d3632
SHA3 fdb5db1348e7ee7715dff507fb387de80adddc71f132cec5952f5b8f3d4b7ee6

169

Type RT_GROUP_ICON
Language English - United Kingdom
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.02322
Detected Filetype Icon file
MD5 2865db3d5cf79c998f982136e08bd1f4
SHA1 c052d513f959bfe63995e368f2d193ea2b1f4aab
SHA256 e7774eff56db093534b9cdb042d04bde0e85bb19b5bb356725314a933f0d2933
SHA3 9799117c0ff99283ea0fbc303f71ab43871b95f73b0598dc1f33102d7cdae699

1 (#2)

Type RT_VERSION
Language English - United Kingdom
Codepage UNKNOWN
Size 0x19c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.30619
MD5 fe8ac3a228073a488afd39ab4e730460
SHA1 8b9f3063498d1205ab1e2c02e6292e3a8724bee0
SHA256 80f6b2e4438986dcebefbfe9bc20a484d0d3afb24a0d099f12edd00c5957d5bc
SHA3 fcef650a7e96ea01bfeeef30358166a6a225fc08fe32cff6e9194582acf0202b

1 (#3)

Type RT_MANIFEST
Language English - United Kingdom
Codepage UNKNOWN
Size 0x3a3
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.11386
MD5 2d92515b6b78dced80114f0eaeae4710
SHA1 ddf0b6ebf7b6f3f354d31830731487a72b67173f
SHA256 3213571d23645217d89b0b6a8475c4113d7b013d4d11c0cd7180e977dc0d1c58
SHA3 c2ca10fb42ded6d9527d4688c2575351ebc3954f72a807b66fc23c4beae162d8

String Table contents

(Paused)
AutoIt Error
AutoIt has detected the stack has become corrupt.
Stack corruption typically occurs when either the wrong calling convention is used or when the function is called with the wrong number of arguments.
AutoIt supports the __stdcall (WINAPI) and __cdecl calling conventions. The __stdcall (WINAPI) convention is used by default but __cdecl can be used instead. See the DllCall() documentation for details on changing the calling convention.
Unable to open the script file.
Badly formatted "Func" statement.
Unable to parse line.
Missing right bracket ')' in expression.
Missing operator in expression.
Unbalanced brackets in expression.
Error in expression.
Error parsing function call.
Incorrect number of parameters in function call.
"ReDim" used without an array variable.
Illegal text at the end of statement (one statement per line).
"If" statement has no matching "EndIf" statement.
"Else" statement with no matching "If" statement.
"EndIf" statement with no matching "If" statement.
Too many "Else" statements for matching "If" statement.
"While" statement has no matching "Wend" statement.
"Wend" statement with no matching "While" statement.
Variable used without being declared.
Array variable has incorrect number of subscripts or subscript dimension range exceeded.
Array variable subscript badly formatted.
Subscript used with non-Array variable.
Too many subscripts used for an array.
Missing subscript dimensions in "Dim" statement.
No variable given for "Dim", "Local", "Global", "Struct" or "Const" statement.
Expected a "=" operator in assignment statement.
Invalid keyword at the start of this line.
Array maximum size exceeded.
"Func" statement has no matching "EndFunc".
Duplicate function name.
Unknown function name.
Unknown macro.
Unable to execute the external program.
Unable to get a list of running processes.
Missing separator character after keyword.
Invalid element in a DllStruct.
Unknown option or bad parameter specified.
Unable to load the internet libraries.
"Struct" statement has no matching "EndStruct".
Unable to open file, the maximum number of open files has been exceeded.
Invalid file handle used.
Invalid file filter given.
Expected a variable in user function call.
"Do" statement has no matching "Until" statement.
"Until" statement with no matching "Do" statement.
"For" statement is badly formatted.
"Next" statement with no matching "For" statement.
"ExitLoop/ContinueLoop" statements only valid from inside a For/Do/While loop.
"For" statement has no matching "Next" statement.
"Case" statement with no matching "Select"or "Switch" statement.
"EndSelect" statement with no matching "Select" statement.
Recursion level has been exceeded - AutoIt will quit to prevent stack overflow.
Unable to access RunAs API.
String missing closing quote.
Badly formated Enum statement
Badly formated variable or macro.
This keyword cannot be used after a "Then" keyword.
"Select" statement is missing "EndSelect" or "Case" statement.
"If" statements must have a "Then" keyword.
Badly formated Struct statement.
Cannot assign values to constants.
Cannot make existing variables into constants.
Only Object-type variables allowed in an "With" statement.
Object referenced outside a "With" statement.
Nested "With" statements are not allowed.
Variable must be of type "Object".
The requested action with this object has failed.
Variable appears more than once in function declaration.
ReDim array can not be initialized in this manner.
An array variable can not be used in this manner.
Can not redeclare a constant.
Can not redeclare a parameter inside a user function.
Can pass constants by reference only to parameters with "Const" keyword.
Can not initialize a variable with itself.
Incorrect way to use this parameter.
"EndSwitch" statement with no matching "Switch" statement.
"Switch" statement is missing "EndSwitch" or "Case" statement.
"ContinueCase" statement with no matching "Select"or "Switch" statement.
Assert Failed!
AutoIt has encountered a fatal crash as a result of:
Unable to execute DLLCall.
Obsolete function/parameter.
Invalid Exitcode (reserved for AutoIt internal use).

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 3.2.4.9
ProductVersion 3.2.4.9
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_UNKNOWN
Language English - United Kingdom
FileVersion (#2) 3, 2, 4, 9
CompiledScript AutoIt v3 Script : 3, 2, 4, 9
Resource LangID English - United Kingdom

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x9d4529d2
Unmarked objects 0
105 (2067) 2
C++ objects (VS2003 (.NET) SP1 build 6030) 5
ASM objects (VS2003 (.NET) SP1 build 6030) 31
C objects (VS2003 (.NET) SP1 build 6030) 174
C objects (2179) 8
C objects (9178) 1
Imports (2067) 2
C objects (VS2012 build 50727 / VS2005 build 50727) 9
Imports (9210) 4
Imports (2179) 21
Total imports 468
100 (VS2003 (.NET) SP1 build 6030) 53
94 (VS2003 (.NET) build 3052) 1
Linker (VS2003 (.NET) SP1 build 6030) 1

Errors

<-- -->