Manalyze report for 4f43122b446645486428f785468ec3fd

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2012-Nov-15 06:03:51
Detected languages	English - United States
CompanyName	Hummingbird Communications Ltd.
FileDescription	Overreacted
FileVersion	`190, 62, 118, 154`
InternalName	Intruders
LegalCopyright	Copyright © 2011
OriginalFilename	Lovelier.exe
ProductName	Omnibuses Injectable
ProductVersion	`6, 99, 18, 139`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ v6.0 DLL` `Microsoft Visual C++ 6.0 DLL (Debug)` `Microsoft Visual C++ 6.0 DLL`
Info	The PE contains common functions which appear in legitimate applications.	`Can access the registry: RegDeleteValueA RegSetValueExA RegDeleteKeyA RegSetValueA RegDeleteValueW RegNotifyChangeKeyValue RegisterHotKey` `Possibly launches other programs: CreateProcessAsUserA` `Can shut the system down or lock the screen: InitiateSystemShutdownA`
Suspicious	The file contains overlay data.	`8192288 bytes of data starting at offset 0x2c000.` `Overlay data amounts for 97.8474% of the executable.`
Malicious	VirusTotal score: 51/69 (Scanned on 2021-02-21 21:47:27)	`Bkav: W32.FamVT.UsbdlHQc.Trojan` `Elastic: malicious (high confidence)` `ClamAV: Win.Worm.Gamarue-9814694-0` `CAT-QuickHeal: Worm.Gamarue.WR5` `McAfee: Trojan-FHRE!4F43122B4466` `Cylance: Unsafe` `Zillya: Worm.Bundpil.Win32.121764` `Sangfor: Trojan.Win32.Save.a` `K7AntiVirus: Trojan ( 004d3cf31 )` `K7GW: Trojan ( 004d3cf31 )` `CrowdStrike: win/malicious_confidence_100% (D)` `Cyren: W32/S-964b3575!Eldorado` `Symantec: Packed.Dromedan!gen23` `ESET-NOD32: Win32/Bundpil.DF` `APEX: Malicious` `Cynet: Malicious (score: 100)` `Kaspersky: Trojan.Win32.Wauchos.ea` `BitDefender: Gen:Variant.Jaik.42846` `NANO-Antivirus: Trojan.Win32.Wauchos.elmjzq` `MicroWorld-eScan: Gen:Variant.Jaik.42846` `Avast: Win32:Papras-AV [Trj]` `Rising: Worm.Bundpil!8.139 (RDMK:cmRtazpB9wvKOYEerjhnubuPSBvh)` `Ad-Aware: Gen:Variant.Jaik.42846` `Emsisoft: Gen:Variant.Jaik.42846 (B)` `F-Secure: Trojan.TR/Crypt.ZPACK.Gen4` `DrWeb: Trojan.Bundpil.8` `McAfee-GW-Edition: Trojan-FHRE!4F43122B4466` `FireEye: Generic.mg.4f43122b44664548` `Sophos: ML/PE-A + Troj/Bundpil-Z` `Ikarus: Worm.Win32.Bundpil` `GData: Win32.Worm.Gamarue.AJ` `Jiangmin: Trojan.Generic.xzbb` `Avira: TR/Crypt.ZPACK.Gen4` `Antiy-AVL: Trojan/Win32.TSGeneric` `Gridinsoft: Trojan.Win32.Packed.oa!s1` `Arcabit: Trojan.Jaik.DA75E` `ZoneAlarm: Trojan.Win32.Wauchos.ea` `Microsoft: Worm:Win32/Gamarue` `AhnLab-V3: Worm/Win32.Gamarue.R184772` `BitDefenderTheta: Gen:NN.ZedlaF.34574.@x@@aq73Xuni` `ALYac: Gen:Variant.Jaik.42846` `MAX: malware (ai score=86)` `VBA32: Trojan.Wauchos` `Malwarebytes: Trojan.MalPack` `Tencent: Malware.Win32.Gencirc.114b3edc` `Yandex: Trojan.Wauchos!EvgJxX+xdBE` `SentinelOne: Static AI - Malicious PE` `Fortinet: W32/Generic.AC.34110C!tr` `AVG: Win32:Papras-AV [Trj]` `Panda: Trj/Gamarue.A` `Qihoo-360: HEUR/QVM27.0.723B.Malware.Gen`

Hashes

MD5	`4f43122b446645486428f785468ec3fd`
SHA1	`ca07b23c15acb0c9da4b4758252d5eb57826387f`
SHA256	`c8f736df9c7bd794dfcfc4863bd3c88988c1aa928c6e3cb7c86495ce6cfb793b`
SHA3	`6910492804ab07f03cbfcb2bb186899cdbebfc45be1d50507a0cad2c085aeabd`
SSDeep	`196608:eau0odBqLMJRLgG79v9/OeWLqdhBVdj2+/6VVxe:7u0qsSpN5e2dh9jlCXxe`
Imports Hash	`cc8c5d5c9f9cc75eb6d30274440bd97a`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2012-Nov-15 06:03:51
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x15000`
SizeOfInitializedData	`0x323000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000153BD (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x16000`
ImageBase	`0x10000000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x339000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`65d9cd49429508dcdd58bfe5e1e60d83`
SHA1	`e08a5fce4b3b0ec71d3ef4163ecdd26942e0e4b6`
SHA256	`82c236531fecce3c6bf4099eb8759262a74dac69c56ecb42e508b1d110d635a5`
SHA3	`fdc04cde1934b345f768c6a8f63c3dfff65cb05088795b49720095ac7c8d64bb`
VirtualSize	`0x14466`
VirtualAddress	`0x1000`
SizeOfRawData	`0x15000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.40833`

.rdata

MD5	`a0b639a2d82c149efb7c39bb3649768b`
SHA1	`80cea25175535711bda1b8db5157af4b6552221f`
SHA256	`0fd1ea6fb79a3a69c1823e8874b274f32240928b351842fe3cc58d656c822368`
SHA3	`ab048015e5975e615c3b5fccedf14d4d8c9f06ca1237e7c3ede03bb742a7348a`
VirtualSize	`0xf48b`
VirtualAddress	`0x16000`
SizeOfRawData	`0x10000`
PointerToRawData	`0x16000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.31256`

.data

MD5	`9b4ce0b32d7a4a95194e6adeea81b48d`
SHA1	`dffe1f805e366e0ce5d8716da59f86e4575b5b76`
SHA256	`05940ef9aadaf263a1f4b1c0836d3b6f189ffc616357c8e48d7552b82fe52c62`
SHA3	`e3f62acc35951dee69060ba2172b57c9369beb6627cbfed237c56ec07b864161`
VirtualSize	`0x30d668`
VirtualAddress	`0x26000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x26000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.38888`

.rsrc

MD5	`312a59b8d900df2c82a1fc059f814739`
SHA1	`da8c082484278128597f866218c6df4ca5950a9e`
SHA256	`1b0c8f638b367bad2fa15a0c2fda3da217ca5e929857f583944767a76f9a5e49`
SHA3	`1e46f962ff6b08d39df131be06fd80aa7ef0df1cc66c8abf9ad05f60fe6cf1e8`
VirtualSize	`0xba0`
VirtualAddress	`0x334000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x27000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.72263`

.reloc

MD5	`39c4c0077017e03225c74c7755d31992`
SHA1	`29b15a372861af463354f7d53b29fb4ba08d7db6`
SHA256	`6177e0ff3f20429ca04ed39539ef427efaaef183bd682ebb85201e668ca7a69a`
SHA3	`b8f07abf0a5701ae480b73d493f15517f55753d474ae388483606e0aad510608`
VirtualSize	`0x38a4`
VirtualAddress	`0x335000`
SizeOfRawData	`0x4000`
PointerToRawData	`0x28000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.54591`

Imports

ADVAPI32.dll	`ReadEventLogA` `RegDeleteValueA` `ReportEventA` `LsaOpenPolicy` `OpenEventLogA` `CreateProcessAsUserA` `RegSetValueExA` `DeregisterEventSource` `ReadEventLogW` `LsaAddAccountRights` `InitiateSystemShutdownA` `NotifyChangeEventLog` `GetNumberOfEventLogRecords` `RegDeleteKeyA` `IsTextUnicode` `LsaNtStatusToWinError` `BackupEventLogA` `EqualSid` `CloseEventLog` `RegSetValueA` `RegDeleteValueW` `RegNotifyChangeKeyValue` `RegisterEventSourceW`
SETUPAPI.dll	`SetupDiClassGuidsFromNameA` `SetupOpenInfFileA` `SetupDiEnumDeviceInterfaces`
USER32.dll	`CheckMenuItem` `DrawIconEx` `GetClientRect` `GetAsyncKeyState` `EnumDisplaySettingsA` `CharLowerBuffW` `IsWindowVisible` `EndDialog` `SetTimer` `CheckDlgButton` `DdeInitializeA` `wvsprintfA` `GetCaretBlinkTime` `LoadAcceleratorsA` `LoadBitmapA` `SetRect` `SetClassLongA` `AdjustWindowRect` `GetDlgItemTextA` `CloseClipboard` `FillRect` `RegisterHotKey` `SetMenuContextHelpId` `ClientToScreen` `IsWindowEnabled` `TranslateAcceleratorW` `UnregisterClassA` `CharToOemBuffA`

Delayed Imports

HydrostaticMatronIntonation

Ordinal	`1`
Address	`0xce54`

HypnoticNitpickingKinds

Ordinal	`2`
Address	`0x1366e`

IcecoldIntersperseOpportunities

Ordinal	`3`
Address	`0x123f9`

IllusionsPlanningMorphological

Ordinal	`4`
Address	`0xce54`

ImprovementPhilistinePeachiest

Ordinal	`5`
Address	`0x10aef`

InfanteOverestimatePontificated

Ordinal	`6`
Address	`0x123f9`

InferencesMistressPhoneticians

Ordinal	`7`
Address	`0x1366e`

IngressionMaximaInformative

Ordinal	`8`
Address	`0x10564`

IngressionPeeksMantel

Ordinal	`9`
Address	`0x10956`

InhaledMeasuresPotshots

Ordinal	`10`
Address	`0xce54`

InsultedLoveLaboursaving

Ordinal	`11`
Address	`0x12746`

IntentionalNeededMetastases

Ordinal	`12`
Address	`0x123f9`

InterleavePromontoriesPassionate

Ordinal	`13`
Address	`0xce54`

JumpedProsecutionsInstantiating

Ordinal	`14`
Address	`0xce54`

KentOverflowsLiberalised

Ordinal	`15`
Address	`0x10956`

KnowledgeMirageOnward

Ordinal	`16`
Address	`0x1366e`

LarksProvidersOvershadows

Ordinal	`17`
Address	`0xce54`

LeakinessMinutePackable

Ordinal	`18`
Address	`0xce54`

LessonsPoloneckLattice

Ordinal	`19`
Address	`0x1366e`

LichenOutstepPlayboys

Ordinal	`20`
Address	`0x10564`

LinkedLacksIsolated

Ordinal	`21`
Address	`0x12746`

LipreadingImpassionedModelling

Ordinal	`22`
Address	`0xce54`

LitresInsteadJoins

Ordinal	`23`
Address	`0x10564`

LittersPaginalMinimalists

Ordinal	`24`
Address	`0x12746`

LizardMobilityLowercase

Ordinal	`25`
Address	`0x10564`

LlamasPortmanteausMortices

Ordinal	`26`
Address	`0xce54`

LocationPanickedOk

Ordinal	`27`
Address	`0x123f9`

LoungeMartianPredefine

Ordinal	`28`
Address	`0xce54`

MagnetiseIntimidatedObserver

Ordinal	`29`
Address	`0xce54`

MannerInadvertentMedium

Ordinal	`30`
Address	`0x123f9`

MarigoldOutwitLacking

Ordinal	`31`
Address	`0xce54`

MaroonsPropellingNeutering

Ordinal	`32`
Address	`0x128ad`

MasseuseMossierImmaterial

Ordinal	`33`
Address	`0xce54`

MaternallyPausesIntrinsic

Ordinal	`34`
Address	`0xce54`

MembraneMonetaristIntentionality

Ordinal	`35`
Address	`0xce54`

MenaceImpassivityNurse

Ordinal	`36`
Address	`0xce54`

MendaciousMoralismInitiation

Ordinal	`37`
Address	`0xce54`

MergesIntoleranceInterpolating

Ordinal	`38`
Address	`0xce54`

MeshesPanickyIslamic

Ordinal	`39`
Address	`0xce54`

MexicansOrchestrationIncinerator

Ordinal	`40`
Address	`0x1265e`

MexicoPerfectedPossum

Ordinal	`41`
Address	`0x10956`

MillsPoutedInuits

Ordinal	`42`
Address	`0x8e39`

MinisteriallyNumeralLances

Ordinal	`43`
Address	`0xce54`

MintedLamentationsIndicated

Ordinal	`44`
Address	`0x12746`

MiresInspectorsMounded

Ordinal	`45`
Address	`0xce54`

MistypingInterveningKisser

Ordinal	`46`
Address	`0xce54`

MobilisableIrrelevanceMandrill

Ordinal	`47`
Address	`0xce54`

MoonlightingPendingParabolic

Ordinal	`48`
Address	`0x10564`

MuscadelIncriminatesOwe

Ordinal	`49`
Address	`0x1366e`

B3X1hBrLpVBfX1Vz

Ordinal	`50`
Address	`0x1370`

NanosecondLayersMealies

Ordinal	`51`
Address	`0xce54`

NarcissismIsolationMinimalism

Ordinal	`52`
Address	`0xce54`

NegationsMisuserParietal

Ordinal	`53`
Address	`0x15300`

NematodeHumaneIntuited

Ordinal	`54`
Address	`0xce54`

NematodesPausedLaces

Ordinal	`55`
Address	`0x1366e`

NeuroticsPreviewedIntrinsic

Ordinal	`56`
Address	`0xce54`

NumericHyperplanesInductions

Ordinal	`57`
Address	`0xce54`

OpenheartInnovativeLifestyles

Ordinal	`58`
Address	`0x1265e`

OperandsLyricsMitosis

Ordinal	`59`
Address	`0xce54`

OrchestraPacesImplodes

Ordinal	`60`
Address	`0xce54`

OsmosisPettedImmunise

Ordinal	`61`
Address	`0xce54`

OutbreaksIncantationsPlainest

Ordinal	`62`
Address	`0xce54`

OversimplifyLikeliestOperation

Ordinal	`63`
Address	`0x10956`

ParadesInfraIdols

Ordinal	`64`
Address	`0xb959`

ParadisesIlladvisedMotivations

Ordinal	`65`
Address	`0x12746`

ParaphrasingLibratePatriarchal

Ordinal	`66`
Address	`0x10564`

ParticulatesPorePints

Ordinal	`67`
Address	`0xce54`

PaschalPhilosophicallyPosters

Ordinal	`68`
Address	`0x12746`

PathfindersPicnickingOn

Ordinal	`69`
Address	`0x123f9`

PedalsPropagatorsMonotone

Ordinal	`70`
Address	`0xce54`

PerkedNatureMethodology

Ordinal	`71`
Address	`0xce54`

PeruPhonedMexicans

Ordinal	`72`
Address	`0x10956`

PetrelsHousesInfinitives

Ordinal	`73`
Address	`0xce54`

PhotographicPolicyOverturns

Ordinal	`74`
Address	`0x1265e`

PiedPantiesMultiform

Ordinal	`75`
Address	`0x10aef`

PleasureOpeningObstetricians

Ordinal	`76`
Address	`0x10564`

PlotsOfficersPresumed

Ordinal	`77`
Address	`0xce54`

PolitenessInterlockedPacks

Ordinal	`78`
Address	`0x10564`

PopulationPacificationPremium

Ordinal	`79`
Address	`0x1366e`

PopulismOverflowedPantiled

Ordinal	`80`
Address	`0xce54`

PosturalPinePriestess

Ordinal	`81`
Address	`0xce54`

PrecipitousOrdinationLichee

Ordinal	`82`
Address	`0xce54`

PremonitionMetamorphosedProtest

Ordinal	`83`
Address	`0xce54`

PricingIntuitionMates

Ordinal	`84`
Address	`0x12746`

PriseOfficerPleural

Ordinal	`85`
Address	`0xce54`

PrisonsOriginallyParatroop

Ordinal	`86`
Address	`0x128ad`

ProgrammaticMusclingJack

Ordinal	`87`
Address	`0xce54`

ProminentNonessentialIntercessions

Ordinal	`88`
Address	`0x12746`

ProportionatelyPredominanceLiberator

Ordinal	`89`
Address	`0x8e39`

ProteaseJunctionJuggler

Ordinal	`90`
Address	`0xce54`

ProxyPrecedentLobotomist

Ordinal	`91`
Address	`0x10564`

363

Type	`RT_MENU`
Language	English - United States
Codepage	UNKNOWN
Size	`0x204`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.74233`
MD5	`689baa747d2478b26cbfbd0f4eaab860`
SHA1	`8601c8ff2fadd9abe39992222e5f32b69581a5b9`
SHA256	`ec9a57f6c9a8ad5f9a5e6738bc8c635fcb18099a642510a397783d4db91b53bb`
SHA3	`b1b0722f7cb3732e58cf3d4a014455739e984cb1e429b3625f8f06ee0d7b2d0c`

362

Type	`RT_MENU`
Language	English - United States
Codepage	UNKNOWN
Size	`0x20`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.05504`
MD5	`d6063a49e6b96341db6b5706f9d47532`
SHA1	`160054b92ea0301102778cb88fa9e0ac69c77051`
SHA256	`b5fca0d804ae90a828b9ff63bf49e02edfb7818e09516dd73c8c19fc2237ac11`
SHA3	`a361d4e7fb5a522554613fc99d31bdef145ff3d3b1de60814c1159465519dae9`

4039

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.50977`
Detected Filetype	Icon file
MD5	`d38d7317f6f6e00316718c84b54054c0`
SHA1	`fd30a18a199fef495364a525c95d986e7fdef4b2`
SHA256	`d3df97be9ad3dece7c62fc4d052b274759e272d8b01143e7620c5d96b8fdd832`
SHA3	`724af2bede59371b6f54ae3492204d1eea6142d58474a04dec618b82a08d837a`

3478

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x39f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.25793`
MD5	`c300c70a33d89fac564c551f621f9432`
SHA1	`930c8cb784245bcd499bd9774e0d4e93dfa2841c`
SHA256	`30595ea7743f20fbc80f5d124f5087ead36f6d61a8af479fa2f8a3fb8f6f85c4`
SHA3	`c423cd8f757067389246a402abf21d42efb9c47bb64e33a946ba38d0b5e895f6`

3479

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x40d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.55602`
MD5	`6e8282c5f4a8c4484911256138cfeb2f`
SHA1	`6d6030731843f1a1269d6e70dcc8f74f6aea6120`
SHA256	`10a666b0bd259434582c7f6fdfe9f5cbdaae3418d484256c8a9efa64ccb681ec`
SHA3	`8e297f812bcc09e1c3dd95eef6629ce075d228bb8c783386552bb0ad2e5ba4ff`

3477

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x39c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.87105`
MD5	`4badbd06395bf8a208fd39ee721db6a8`
SHA1	`6d48bb984a56e21c85ccbb59aa62b8d73e1d2a26`
SHA256	`bf975d8c0f058bd5abb3834b1a64f91db58037f3f906207e49d03129e9858fa0`
SHA3	`969578ba11f4cfc275ae97c77859fef4c86c5f2e76500392136fe84ae4db6f78`

3480

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x32d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.72158`
MD5	`0432700f740a76c1974d098d95d72e32`
SHA1	`fb1f4edaa38d09dfbe7520d63958190b4ef85d80`
SHA256	`7aa16e9a0232bb77f490c5ae8fc8770420b602348c70ad1c6503006fa7115a05`
SHA3	`8452879cd6cc475358f425196d8059c19518c9fbe7dd58ca59d1d5c2ad622e6c`

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x300`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.45178`
MD5	`7bff15cd00918cd3637e4b703189f0dc`
SHA1	`8473e680ddd3804252034556dcf1384a712be90d`
SHA256	`e96f127de2265565bfe12c47a4e5a9685e84be08042006a73be6f5b9ea355be3`
SHA3	`8015ff8ae073be6f91133429e0a48391a1604894e33b43b62ea9ac3c762d76c5`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.186.139.116
ProductVersion	0.25.172.70
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	UNKNOWN
CompanyName	Hummingbird Communications Ltd.
FileDescription	Overreacted
FileVersion (#2)	190, 62, 118, 154
InternalName	Intruders
LegalCopyright	Copyright © 2011
OriginalFilename	Lovelier.exe
ProductName	Omnibuses Injectable
ProductVersion (#2)	6, 99, 18, 139

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x92da7ff1`
Unmarked objects	`0`
C objects (VS98 build 8168)	`4`
Total imports	`60`
19 (8034)	`7`
Unmarked objects (#2)	`1`
C++ objects (VS98 build 8168)	`2`
Resource objects (VS98 cvtres build 1720)	`1`
Linker (VS98 build 8168)	`3`