4f3e78c62891210812de608d445622073b0d8f3f046ae511f9f18d7297858c96

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2025-Mar-13 06:55:45
Detected languages English - United States
Comments This installation was built with Inno Setup.
CompanyName Cold Turkey Software, Inc.
FileDescription Cold Turkey Blocker Setup
FileVersion
LegalCopyright
OriginalFileName
ProductName Cold Turkey Blocker
ProductVersion 4.9

Plugin Output

Info Interesting strings found in the binary: Contains domain names:
  • https://jrsoftware.org
  • jrsoftware.org
Suspicious The PE is possibly packed. Unusual section name found: .itext
Unusual section name found: .didata
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • LoadLibraryExW
  • GetProcAddress
  • LoadLibraryW
 Functions which can be used for anti-debugging purposes:
  • SwitchToThread
 Can access the registry:
  • RegOpenKeyExW
  • RegQueryValueExW
  • RegCloseKey
 Possibly launches other programs:
  • CreateProcessW
 Memory manipulation functions often used by packers:
  • VirtualProtect
  • VirtualAlloc
 Functions related to the privilege level:
  • AdjustTokenPrivileges
  • OpenProcessToken
 Enumerates local disk drives:
  • GetVolumeInformationW
  • GetDriveTypeW
 Can shut the system down or lock the screen:
  • ExitWindowsEx
Info The PE is digitally signed. Signer: Cold Turkey Software Inc.
Issuer: Microsoft ID Verified CS EOC CA 02
Safe VirusTotal score: 0/71 (Scanned on 2026-05-01 19:54:18) All the AVs think this file is safe.

Hashes

MD5 bc28ebe4fcc506c7d06f9e2475c37d97
SHA1 9cc0a6853d58b354523e86246676f07b1b9fd791
SHA256 4f3e78c62891210812de608d445622073b0d8f3f046ae511f9f18d7297858c96
SHA3 7760660b367d80707207202cfea1969bf6aff1fac61ccf0537ff4581a2488cff
SSDeep 196608:hsbmkGvHa4ruV11xKdLM4LSRk1/25/0qPK:hg8/a3l0xS425/0qi
Imports Hash 2d6e459250971c14c22e07972bba6599

DOS Header

e_magic MZ
e_cblp 0x50
e_cp 0x2
e_crlc 0
e_cparhdr 0x4
e_minalloc 0xf
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0x1a
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 11
TimeDateStamp 2025-Mar-13 06:55:45
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0xac000
SizeOfInitializedData 0x7e600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000ACFE0 (Section: .itext)
BaseOfCode 0x1000
BaseOfData 0xae000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.1
ImageVersion 0.0
SubsystemVersion 6.1
Win32VersionValue 0
SizeOfImage 0x13a000
SizeOfHeaders 0x400
Checksum 0x829458
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x4000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 dfb8ad3dddf244fd1cf24923c71d0ee9
SHA1 ffe389f7168e88fe568110dc34ebc3cf940a14f2
SHA256 a2103a64b89dc9367f6f514de288b7ddd9fb9abfc65d57700220012e704ded9b
SHA3 6663397495433f757216f1c090fb09c86a098902219335f3af031ea1c4235b19
VirtualSize 0xaa6e8
VirtualAddress 0x1000
SizeOfRawData 0xaa800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.39049

.itext

MD5 5f4b1e9e79c8b34d6a04f97d624934e2
SHA1 b44d09223bd386c39c44d1fe0b5213336e85621e
SHA256 fbf363832b0a3951f3edcaf3b73d1efb304ceeeb476a74beb3c58ead068cfb17
SHA3 469abeb751b5f8763ed30fe40fd20c9e08cd331378a6a93944793f3b07a4e914
VirtualSize 0x1788
VirtualAddress 0xac000
SizeOfRawData 0x1800
PointerToRawData 0xaac00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.24871

.data

MD5 d06770f3f4f788f1a6b5745bcd756e66
SHA1 fb3fd19300f995e9b7d54391e30591d513401c8a
SHA256 43886a43127ee78a1e45f01ac3fdd5f40d591333033379d56b565b5c0010ddd8
SHA3 6148644000da2ef90f093eb935bdca44354947e2fa29f272919605e597312be2
VirtualSize 0x3bfc
VirtualAddress 0xae000
SizeOfRawData 0x3c00
PointerToRawData 0xac400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.96075

.bss

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x72a4
VirtualAddress 0xb2000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata

MD5 cfabbe97f496978be1d9ed2b0e76508c
SHA1 e2eb539daf29399a326a1f3a2a1946805f73b707
SHA256 ae2ddc805a73a571dfd040a50bff39cbd3155ee3d8b58d7c7909cebf83dc847f
SHA3 5dd42959f1063854fe6361d9b544e7561365c5b5a4c3452eff81d5c000b55af7
VirtualSize 0x1066
VirtualAddress 0xba000
SizeOfRawData 0x1200
PointerToRawData 0xb0000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.81671

.didata

MD5 6b25d6a3ba6793df88ceec45d9ed59b3
SHA1 1364b2f455ee4cafcc3a6634c8d459be095c93eb
SHA256 58b230c875515ffb398ef8a79b40e0d5501224bb3cb27a24c7986034091cde10
SHA3 29a3c2ec08c2936f5aaeca3eeee98fcf9697e4cdc2b7e6f207d6999e76229d8b
VirtualSize 0x1a4
VirtualAddress 0xbc000
SizeOfRawData 0x200
PointerToRawData 0xb1200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.75879

.edata

MD5 1f044b007f9a7c5e77e0a9392c1c3bcb
SHA1 44d02348c84b3ffb310d7c0753682d51ee82ce62
SHA256 306530c7b8ebffcc47810688fe90875b0d718077317ced9337a45ed7573c17db
SHA3 27332e927a5e4855c0e22d5aaa00126770f83515798de353346d49700370a0da
VirtualSize 0x71
VirtualAddress 0xbd000
SizeOfRawData 0x200
PointerToRawData 0xb1400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.32693

.tls

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x18
VirtualAddress 0xbe000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata

MD5 48bdf6e6093f9760e6f540d2b96a5683
SHA1 279f6169018518a5395cca1b17a40f102d2d519d
SHA256 e5deaa9340d94cffc875cfcc6462906702bc5393fa61c1a51f5be3561fec3550
SHA3 0d9b487a324f855235df8e07b750266cdfeee321a8c9f4074ca0770dde0b7e50
VirtualSize 0x5d
VirtualAddress 0xbf000
SizeOfRawData 0x200
PointerToRawData 0xb1600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.40023

.reloc

MD5 fdb36bdd1aa26cd89bafb86477cb558b
SHA1 eae36f7910441dd715f56ee1037087d4923b975f
SHA256 eaeb8206421bb10baba532e4d74e628719a3e34b02223c13b0d55260a136c0c6
SHA3 230801138bcff7627cea33ab6ae88b7f07ec2b5cd89e225b354ddb1e21efc15b
VirtualSize 0x11308
VirtualAddress 0xc0000
SizeOfRawData 0x11400
PointerToRawData 0xb1800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.71127

.rsrc

MD5 6b93f8b291cc0e3793cbe40861b56f9c
SHA1 18a2b251e79795b276b1efe226d98ff13ea632a8
SHA256 b89cfa1530ded7c5a974f03057c71f148bbc14836cf54788e145c5bf77e7ad90
SHA3 e1582d6576efc2c89201754216ca7f72950d8b002bf5b1e492dd50ff49010e95
VirtualSize 0x67c6c
VirtualAddress 0xd2000
SizeOfRawData 0x67e00
PointerToRawData 0xc2c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.93344

Imports

kernel32.dll GetACP
GetExitCodeProcess
CloseHandle
LocalFree
SizeofResource
VirtualProtect
QueryPerformanceFrequency
VirtualFree
GetFullPathNameW
GetProcessHeap
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
CreateThread
CompareStringW
LoadLibraryA
ResetEvent
GetVolumeInformationW
GetVersion
GetDriveTypeW
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetSystemWindowsDirectoryW
GetThreadPriority
SetThreadPriority
GetCurrentProcess
VirtualAlloc
GetCommandLineW
GetSystemInfo
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
LCMapStringW
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetSystemDirectoryW
DeleteFileW
GetLocalTime
GetEnvironmentVariableW
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetUserDefaultLangID
RemoveDirectoryW
CreateEventW
SetThreadLocale
GetThreadLocale
comctl32.dll InitCommonControls
user32.dll CreateWindowExW
TranslateMessage
CharLowerBuffW
CallWindowProcW
CharUpperW
PeekMessageW
GetSystemMetrics
SetWindowLongW
MessageBoxW
DestroyWindow
CharUpperBuffW
CharNextW
MsgWaitForMultipleObjects
LoadStringW
ExitWindowsEx
DispatchMessageW
oleaut32.dll SafeArrayPutElement
VariantInit
VariantClear
SysFreeString
SafeArrayAccessData
SysReAllocStringLen
SafeArrayCreate
SafeArrayGetElement
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetUBound
SafeArrayGetLBound
VariantChangeType
advapi32.dll ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenThreadToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExW
OpenProcessToken
FreeSid
AllocateAndInitializeSid
EqualSid
RegQueryValueExW
GetTokenInformation
ConvertSidToStringSidW
RegCloseKey
kernel32.dll (delay-loaded) GetACP
GetExitCodeProcess
CloseHandle
LocalFree
SizeofResource
VirtualProtect
QueryPerformanceFrequency
VirtualFree
GetFullPathNameW
GetProcessHeap
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
CreateThread
CompareStringW
LoadLibraryA
ResetEvent
GetVolumeInformationW
GetVersion
GetDriveTypeW
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetSystemWindowsDirectoryW
GetThreadPriority
SetThreadPriority
GetCurrentProcess
VirtualAlloc
GetCommandLineW
GetSystemInfo
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
LCMapStringW
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetSystemDirectoryW
DeleteFileW
GetLocalTime
GetEnvironmentVariableW
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetUserDefaultLangID
RemoveDirectoryW
CreateEventW
SetThreadLocale
GetThreadLocale

Delayed Imports

Attributes 0x1
Name kernel32.dll
ModuleHandle 0xbc080
DelayImportAddressTable 0xbc090
DelayImportNameTable 0xbc0b4
BoundDelayImportTable 0xbc0d8
UnloadDelayImportTable 0xbc0f0
TimeStamp 1970-Jan-01 00:00:00

dbkFCallWrapperAddr

Ordinal 1
Address 0xb563c

__dbk_fcall_wrapper

Ordinal 2
Address 0xe49c

100

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.60678
MD5 8f06cfca3374fd45d671e44a8385d338
SHA1 4bf2acb1bdbb39e4c2ecfcfc54908d12f972bf53
SHA256 b1d42be965eeced31a7eadac7e8e2ed5be27f32d5930c6720e22001a3f165067
SHA3 9c1d9edba5a4da875c0969300833ae50342cd511e5a78df9433c529df157a0dc

101

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x988
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.66452
MD5 3011d621f0ec75f66502fcbf312ec3ed
SHA1 0fc09800768de7268cfd4bc45aa35539872be25b
SHA256 87af68753c1af55e945bec05f3e6d5394f3eac461ff26653283743ad35259a4f
SHA3 073ace87bfc487e2c9de5d81fde56385a97eb8429366a941c5b7dcfc84d19b40

102

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.42434
MD5 6d42d5f34973c7602d8e0ef32721b9e0
SHA1 9ed893cea0c4f53644bfc7f698a5a214dcf9f9f1
SHA256 eef21315826bdaf0c1f63d8c4a9706e5cdf3f1a91ef9b87031a0a3af190196b8
SHA3 6749c98266c4f8828d773727c6ecd2f84b4c2b022ed530417e35c1ed6b918af4

103

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.32945
MD5 c7ba68f93713961fa8ebbbc2d8b0c25e
SHA1 c76674fb7584ae4a17887600b442aab595807561
SHA256 9c7dd91807de548beb59bd77eb1b5c73cdebf2f8ddb02db6ccbeb71f4650c6a1
SHA3 a6e21d7a6a4a75bc8ed0b6c7ee1b0f1c0cd34146be3c4fc6d5b66508ae5c1c42

104

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.18336
MD5 a475dfe2da9d1f299a9fe028a523f19d
SHA1 a114d24c2d632e2615ce6f30805bbad464c176ae
SHA256 922a61faed4963449ff8f9d2d5e562c94927bf8fd73d8c6a9ae0d2d96fa0af02
SHA3 134c0069f1b66950d0cd5be311627f63bb6407af85e883d34297ea675cd91dad

105

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x94a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.02125
MD5 24ab5a5738d3e0da8be45c069283b0c8
SHA1 77fd10a9c198c3ad609ffd1f484300e40296d878
SHA256 5e470730dc98e64fc2abeb979ec3670b68bbca355afd71511c7e3c48afbcd11f
SHA3 63aebdf3ea7351a1e2778371d0467bdafcdcdafb22a7c742b11b3977b8f2351e

106

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x10828
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91054
MD5 f60d26b861b71caf6d9ba253721c01bc
SHA1 b3b0192cd07b14428b1fd32ce45dca3f6d64fbf8
SHA256 1eea9bc3760ed91d565a098d383e3f7742dde42b263d0a019212f6c827f63ec7
SHA3 f2a7abd6238c6372623bd9b215e038a0916a878fcec94558779750c0c954585a

107

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x42028
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.6621
MD5 b9bf98df093659eac217b02f330dde05
SHA1 ab493b6ee43b41a423a7245a45d2d17d6303044b
SHA256 c0f4c7ade07c16582b3f9296271b8f97bfab261f0adb369bc7f15eaf103bf268
SHA3 fb50d6a453a074e2b6fcc3d411981dea96110cd33402f9e2d5d62c385cb0b1ad

4085

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x204
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.02911
MD5 742ec64fae19c3079d9e0d9cb5269777
SHA1 b4000fec117ee423dfa39a0278bbc26d11edb9ba
SHA256 3b5144db1705312e8cb3c5e15131fc6ae695b6d5afee9bc0414c5cf1e1f3c1a9
SHA3 f923c31e0750840a9ea6aadde2997be0d8e81316d534a855352cc111f8607d7a

4086

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x2e4
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.32885
MD5 f96fdce1c116135874fb82281b493ac0
SHA1 562daa783cc168f8e46b1a798879583176af22cc
SHA256 3ab3b2c63dc1c1810fca5518c1bb174be9ebf36547ed1feae9e357ccf8bc3ef1
SHA3 05d0914dffa4501268059355b689944d50e9aa4a986777d770f0e713d1a8d59c

4087

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x400
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.51239
MD5 7ee56b85a64cd12875800e5eb0f8a8cc
SHA1 aedd1bec33089176851004b6593393629eb0fa6f
SHA256 dc6b3544e2299b1708bb325f9eecdb6d3a7c96755eab1d83ea51fc8b5102715c
SHA3 5b5c207556b66f9b50ed909ae8d9a80068adcd483f406df26c87f8151450bc20

4088

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x3d0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.24302
MD5 44f76d42ead76c495e69824f453e64ec
SHA1 3fb0774ab962aa9cc511af9e8836164c477b9d9e
SHA256 98ffaee3d049334960e4f4bac5dd69ae5ea0e8a8f154a71ce30230508692db8d
SHA3 cbb48eb071e2f28c8b7c315c9192c0a8de0a4c75bcc188e12c72e8bad4b3230e

4089

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x3fc
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.34822
MD5 ba10a3e64b7ee79204e6728702cebcf5
SHA1 7c7298de979e3bb2f128be40f110a376be3350fc
SHA256 c0dce66eaf68d1a945a6c5ec96a54baeb9bf8ff533392a1c1d66cc0ac4f7e3fd
SHA3 3bce8f10959f4d33092d14e38f0d70b276193106f38f6066c66fdec4f62571ba

4090

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x2d4
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.36723
MD5 d2467f70311fc072d9202909bdfa9fcb
SHA1 c8abb69fb38434daf6811309cc88e9d0df65e2cd
SHA256 51209c8034cd5c2127a7b877a3280699d6bad965bcc102e830420c836f535c97
SHA3 4386b5d28f8adc0eccd1a396c2d0689b85cd7cfcf727c8d08a87940c92bd64c7

4091

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0xb8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.33978
MD5 e8e4995b464abd85d77008d3750ca7af
SHA1 2c39cf9c2c1cfab48077cda2d4d6312fdb53c54b
SHA256 22296669c2c50d3fdfee9de9f7730d0a5cc498b7cc54cd2aa8ded74d7e69f654
SHA3 5480674ca53405ca327424ca774da73700d535e5ca7d51363d86511e5268bb0c

4092

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x9c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.15425
MD5 d0969cc9a96275d54a109de740708a5a
SHA1 2c365c0341faf71f810a39c69859a7eb5bc0de8d
SHA256 3c45c82b39b3c90c9c22342a8f6be98073faf1dcd26dbc578b3a6fa9a499cb46
SHA3 99f949ba47f1c5cd7b313b0b89e2b14f238be4bd78199a590c1f257e4f562967

4093

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x374
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.31895
MD5 4ac29bb5f7361e85771807112cd4ec93
SHA1 b164bf0882b60c0d7d4643495a2c1db5a20a1343
SHA256 2e6d8102640132ccabd2fa3c3a61c77c2b41a80d7f60013cf7149819c2b5c9d2
SHA3 ee5ab8846732cb786d250fc1780293072aff157ae61cf7f671eb4e6e29018bf7

4094

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x398
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.28786
MD5 110abe16232608d8671eaca8ee324f45
SHA1 30704560832bafa440df1fd20693653c2a30f815
SHA256 b33f156b0a8ce96c7182dfb6afa9f6a7020433a6e16ca21f6092ba03695bdd12
SHA3 0179804f22369dabd55b8e4ca79a33645191c197c0474cabc4e13546c7e7fcd6

4095

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x368
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.33385
MD5 1c9252919f0a0d2072f3fe0565f0b443
SHA1 dc6002a243c7567105aef957d8b01142df42b3d2
SHA256 734b698aafc2cfabfd0750c88498022d650f6ee025250dc8795de56a6e122445
SHA3 4d0c5d27e1b222f09e17dc6fa9ec0bc174b3e58bba30ce90cb89b3594622e627

4096

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x2a4
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.2935
MD5 d1efb0d972603f09c3a2a866a8b36d48
SHA1 64a194ea368bb16ffac3e7a4ca84b3c00bf15920
SHA256 351e7d3c756242cde2e4a2bef16d636d5e073e0cf3e9cfa2b1da1efccd7806ae
SHA3 545cc79af077359ed49f0ba5cdc74b58bef1f6fd71725c976ad9c892dc9a0b56

DVCLAL

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x10
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.75
MD5 fa1c96712ab8720f82ad4095daf7cee5
SHA1 abe71b9873e6e494a7d9de8f1f1985c550fc6b59
SHA256 10ca7c7ba673f29383bc50d1becb5fbeddddecaa6109de088da9a94c74d4f1c4
SHA3 c3be1ab5871e6568c50c4c2dd73e7c8c09d9e9451b256e9871c537b6da54a299

PACKAGEINFO

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x380
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.11694
MD5 50e02a5a9a00b97db2ea6a265858d96b
SHA1 da6db0e306416c11d04a4e47daf449e29f978103
SHA256 2ae1627b8c63488e87a0b1ef0016e50fcf7b2ae06944de6b2be4de5fa978fee8
SHA3 01ec54185ac8b02dcc5f32d6d4d22ccd4dee06a4a8640abf90c2b728f05e692e

11111

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x2c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.50547
MD5 c9b84a8abf39a77ee97d944dcfe6192f
SHA1 5a7767a4fb9faac4983751c8f881953a27f94081
SHA256 859f01a1f213687e2f26cc97a25e83d8d3ab75fb42ba274b5c4df6c337488484
SHA3 3a48ba29ec7110041e4e09b62bc127c1e6e70d34d924e79a245b104c3a6420be

MAINICON

Type RT_GROUP_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x76
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.01865
Detected Filetype Icon file
MD5 ce2c6094e29db7997aa68926845135b3
SHA1 a8d81716dafaa635470b576e7f17da6191b5a244
SHA256 12b519c7d6bd5c6d9a8abfda6714cbb48d73dda738703b8923ee228e7f71cec5
SHA3 423b551f360e54aec34af48b2e3f1e23f031d684b6e640d78acf2a6c5c412d82

1

Type RT_VERSION
Language English - United States
Codepage Latin 1 / Western European
Size 0x584
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.61698
MD5 e71a5be85f0aa8a3106b67fc7b2ce768
SHA1 8775cff0cc85c68402a9432be260cb469f0332f3
SHA256 fe0f5df21eb224a9192e5caf922d45594e80f75d12654045b325c0e10d1030ab
SHA3 b34d107bde61340301717e3c3d8bc5aada69f14c2635c909bd12708757892b26

1 (#2)

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x7a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.89085
MD5 e07ab8c9030f776ce0f6d9040d41c616
SHA1 593953973c74066bcd09b22402948425dab9b12f
SHA256 75bb01fe4bafdef22d879aaea5b85d1165a30ec0e558536e1b4c6002c4730d5d
SHA3 51b78d43db0954fcaa7c6fd2558eece5eb98a1c5f6e95a3033891777bfd00a7c

String Table contents

No single cast observer with ID %d was added to the observer collection
No multi cast observer with ID %d was added to the observer collection
Must wait on at least one event
Cannot call BeginInvoke on a TComponent in the process of destruction
Windows 2000
Windows XP
Windows Server 2003
Windows Server 2003 R2
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Windows Server 2019
Windows Server 2022
Windows 8
Windows 8.1
Windows 10
Windows 11
Observer is not supported
Cannot have multiple single cast observers added to the observers collection
The object does not implement the observer interface
Insufficient RTTI available to support this operation
Parameter count mismatch
Type '%s' is not declared in the interface section of a unit
VAR and OUT arguments must match parameter type exactly
Property '%s' is read-only
Property '%s' is write-only
RTTI objects cannot be manually destroyed by application code
%s (Version %d.%d, Build %d, %5:s)
%s Service Pack %4:d (Version %1:d.%2:d, Build %3:d, %5:s)
32-bit Edition
64-bit Edition
Windows
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2
Error reading %s%s%s: %s
Stream read error
Property is read-only
%s.Seek not implemented
Property %s does not exist
Stream write error
Thread creation error: %s
Thread Error: %s (%d)
Cannot terminate an externally created thread
Cannot wait for an externally created thread
Cannot call Start on a running or suspended thread
Invalid argument
Source and Destination arrays must not be the same
SpinCount out of range. Must be between 0 and %d
Argument out of range
Duplicates not allowed
Cannot assign a %s to a %s
CheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
List does not allow duplicates ($0%x)
A component named %s already exists
''%s'' is not a valid component name
Invalid property value
Invalid property path
Invalid property value
List capacity out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d)
. %s range is 0..%d
. %s is empty
Out of memory while expanding memory stream
%s has not been registered as a COM class
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Invalid source array
Invalid destination array
Character index out of bounds (%d)
Start index out of bounds (%d)
Invalid count (%d)
Invalid destination index (%d)
Invalid code page
No mapping for the Unicode character exists in the target multi-byte code page
Invalid StringBaseIndex
Ancestor for '%s' not found
May
June
July
August
September
October
November
December
Sun
Mon
Tue
Wed
Thu
Fri
Sat
Sunday
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
January
February
March
April
Invalid variant type
Operation not supported
Unexpected variant error
External exception %x
Assertion failed
Interface not supported
Exception in safecall method
Object lock not owned
Monitor support function not initialized
Feature not implemented
Method called on disposed object
%s (%s, line %d)
Abstract Error
Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
%s%s
A call to an OS function failed
Variant method calls not supported
Read
Write
Execution
Invalid access
Error creating variant or safe array
Variant or safe array index out of bounds
Variant or safe array is locked
Invalid variant type conversion
Invalid variant operation
Invalid NULL variant operation
Invalid variant operation (%s%.8x)
%s
Could not convert variant of type (%s) into type (%s)
Overflow while converting variant of type (%s) into type (%s)
Variant overflow
Invalid argument
Invalid floating point operation
Floating point division by zero
Floating point overflow
Floating point underflow
Invalid pointer operation
Invalid class typecast
Access violation at address %p. %s of address %p
Access violation
Stack overflow
Control-C hit
Privileged instruction
Operation aborted
Exception %s in module %s at %p.
%s%s
Application Error
Format '%s' invalid or incompatible with argument
No argument for format '%s'
'%s' is not a valid integer value
'%d.%d' is not a valid timestamp
Invalid argument to time encode
Invalid argument to date encode
Out of memory
I/O error %d
File not found
Invalid filename
Too many open files
File access denied
Read beyond end of file
Disk full
Invalid numeric input
Division by zero
Range check error
Integer overflow

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 0.0.0.0
ProductVersion 0.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments This installation was built with Inno Setup.
CompanyName Cold Turkey Software, Inc.
FileDescription Cold Turkey Blocker Setup
FileVersion (#2)
LegalCopyright
OriginalFileName
ProductName Cold Turkey Blocker
ProductVersion (#2) 4.9
Resource LangID English - United States

TLS Callbacks

StartAddressOfRawData 0x4be000
EndAddressOfRawData 0x4be018
AddressOfIndex 0x4aec24
AddressOfCallbacks 0x4bf010
SizeOfZeroFill 0
Characteristics IMAGE_SCN_TYPE_REG
Callbacks (EMPTY)

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0! [*] Warning: Section .tls has a size of 0!
Leave a comment

No comments yet.