Manalyze report for 500286eaf9eb11b34eb413bb0df5543b

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Mar-18 18:09:22
Detected languages	Chinese - PRC Swedish - Sweden
InternalSurname	dhrj.uxe
Copyright	Copyrighd (C) 2020, odfrjv
ProductVersion	`1.0.4.6`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA`
Info	The PE's resources present abnormal characteristics.	`Resource 14 is possibly compressed or encrypted.`
Malicious	The PE's digital signature is invalid.	`Signer: AVG Technologies USA` `Issuer: DigiCert SHA2 Assured ID Code Signing CA` `The file was modified after it was signed.`
Malicious	VirusTotal score: 54/72 (Scanned on 2020-07-22 07:59:49)	`MicroWorld-eScan: Trojan.GenericKDZ.68606` `CAT-QuickHeal: Trojan.Wacatac` `McAfee: Ursnif-FSNX!500286EAF9EB` `Cylance: Unsafe` `VIPRE: Trojan.Win32.Generic!BT` `Sangfor: Malware` `CrowdStrike: win/malicious_confidence_90% (W)` `BitDefender: Trojan.GenericKDZ.68606` `K7GW: Trojan ( 0056a7061 )` `K7AntiVirus: Trojan ( 0056a7061 )` `Arcabit: Trojan.Generic.D10BFE` `TrendMicro: Ransom.Win32.SODINOKIBI.AUWUJDEI` `F-Prot: W32/Ursnif.DA.gen!Eldorado` `Symantec: ML.Attribute.HighConfidence` `ESET-NOD32: a variant of Win32/Kryptik.HEUM` `APEX: Malicious` `Paloalto: generic.ml` `Kaspersky: Trojan.Win32.Injuke.gyw` `Alibaba: Trojan:Win32/Injuke.25aec537` `NANO-Antivirus: Trojan.Win32.Injuke.hnokep` `Rising: Trojan.Kryptik!1.C8F8 (CLASSIC)` `Ad-Aware: Trojan.GenericKDZ.68606` `Emsisoft: Trojan.GenericKDZ.68606 (B)` `F-Secure: Trojan.TR/Crypt.Agent.arrem` `DrWeb: Trojan.Encoder.32115` `MaxSecure: Trojan.Malware.300983.susgen` `Invincea: heuristic` `Fortinet: W32/GenKryptik.EOAC!tr` `Trapmine: malicious.moderate.ml.score` `FireEye: Generic.mg.500286eaf9eb11b3` `Sophos: Troj/Agent-BFEH` `SentinelOne: DFI - Malicious PE` `Cyren: W32/Ursnif.DA.gen!Eldorado` `Avira: TR/Crypt.Agent.arrem` `MAX: malware (ai score=89)` `Endgame: malicious (high confidence)` `Microsoft: Trojan:Win32/Glupteba.DSC!MTB` `ZoneAlarm: Trojan.Win32.Injuke.gyw` `Cynet: Malicious (score: 100)` `AhnLab-V3: Malware/Win32.Generic.R344196` `Acronis: suspicious` `ALYac: Trojan.GenericKDZ.68606` `VBA32: BScope.Trojan.Gozi` `Malwarebytes: Trojan.MalPack.GS` `Panda: Trj/GdSda.A` `TrendMicro-HouseCall: Ransom.Win32.SODINOKIBI.AUWUJDEI` `Tencent: Win32.Trojan.Injuke.Sqte` `Ikarus: Trojan.Win32.Krypt` `eGambit: PE.Heur.InvalidSig` `GData: Trojan.GenericKDZ.68606` `BitDefenderTheta: Gen:NN.ZexaF.34136.sq2@aCWGNTaG` `AVG: Win32:DropperX-gen [Drp]` `Avast: Win32:DropperX-gen [Drp]` `Qihoo-360: Win32/Trojan.ae4`

Hashes

MD5	`500286eaf9eb11b34eb413bb0df5543b`
SHA1	`b889ff1138b2bd7a3033ca4c4868189dc8588f9b`
SHA256	`f67d2bb9157ba5ccacbe051ac737812226fb2b43fe209867ae276695a8a929a4`
SHA3	`396126f4ddd92dd693724d317ef39470cddb336e0a8bc788ab53aacd07e930ae`
SSDeep	`3072:EbVja8HGRWBX6aty+wZ9mbZzMFqYObz6kp8BNABNKz51sHQW6p+xmvVSU9MGLi/5:2Vj1mRWBLtwZYZoey7qirlUxmvVSaTE`
Imports Hash	`3f2e6168d574cc14fad3ec5f7fd67501`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2019-Mar-18 18:09:22
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`9.0`
SizeOfCode	`0x22000`
SizeOfInitializedData	`0x2e8fc00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000216D (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x23000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x2eae000`
SizeOfHeaders	`0x400`
Checksum	`0x50b8f`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f99f63d45cd71ab5f4e28053a2abb667`
SHA1	`c044da7568154f43b9f5493ebedc30ed9bde3af6`
SHA256	`7617fa26f48e03c5d9541068cfc7164b2ea4ed9089a93a22ff5b5e4c25d4aedb`
SHA3	`bacf50dc30f34da9a1d1bde883893094170d12bc36e8d3e4b2328b3683756752`
VirtualSize	`0x21e48`
VirtualAddress	`0x1000`
SizeOfRawData	`0x22000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.6987`

.rdata

MD5	`4cc7beea1d84e00411cc4cda0495851f`
SHA1	`1089631729143fd54c9d6ed6e6848ad80b57b6ac`
SHA256	`74768f91f2b176df29146f8e709cb39037852dd752fcdbf9415f637b8f90b031`
SHA3	`ea51e079f65ff24e4fa9a8156aa5e2f9caed26bf208204c50ead9a96407e3733`
VirtualSize	`0x5330`
VirtualAddress	`0x23000`
SizeOfRawData	`0x5400`
PointerToRawData	`0x22400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.93449`

.data

MD5	`24b26eed5eae8db10f8fe5b0cb35f3d2`
SHA1	`00d380d1aadac7bf1046e071efa14926309e5eee`
SHA256	`e3d0a9dd7715f2ec8c3d450634ed89d31aa0cbd09cfc37dd4ca468950ceb3725`
SHA3	`9357cb468b32b5e4955ace7e26804c634e7ea107a51f67ee8100e4b43e63a97b`
VirtualSize	`0x2e6aea8`
VirtualAddress	`0x29000`
SizeOfRawData	`0x2c00`
PointerToRawData	`0x27800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.76332`

.rsrc

MD5	`6d50cd559ff5c2c13720a3206ef5640a`
SHA1	`08a6a19d0e1155d6d76395144fbece1e717e0682`
SHA256	`8f87843955a0489b16c624792ba58279b95b81b3dfc78d7bfef6793827824fe1`
SHA3	`ca8927deabc71628d7f7b2c619f2452f6a02537ba7472d22a928ceee612fbea3`
VirtualSize	`0x19918`
VirtualAddress	`0x2e94000`
SizeOfRawData	`0x19a00`
PointerToRawData	`0x2a400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.89666`

Imports

KERNEL32.dll	`CreateMutexW` `CommConfigDialogA` `lstrcpynA` `InterlockedIncrement` `WaitForSingleObject` `SetEvent` `GetModuleHandleW` `GetTickCount` `GetWindowsDirectoryA` `WaitNamedPipeW` `WriteFile` `FindActCtxSectionStringA` `GetEnvironmentStrings` `GlobalAlloc` `SetFileShortNameW` `GetSystemPowerStatus` `GetCalendarInfoW` `GetFileAttributesW` `SetSystemPowerState` `lstrcatA` `GetACP` `lstrlenW` `ReleaseActCtx` `GetProcAddress` `AttachConsole` `WaitForMultipleObjects` `GetModuleFileNameA` `CreateMutexA` `DeleteFileW` `lstrcpyA` `GetCommandLineA` `GetStartupInfoA` `HeapAlloc` `EnterCriticalSection` `LeaveCriticalSection` `TerminateProcess` `GetCurrentProcess` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsDebuggerPresent` `TlsGetValue` `TlsAlloc` `TlsSetValue` `TlsFree` `SetLastError` `GetCurrentThreadId` `GetLastError` `InterlockedDecrement` `Sleep` `HeapSize` `ExitProcess` `SetFilePointer` `HeapFree` `CloseHandle` `GetStdHandle` `FreeEnvironmentStringsA` `FreeEnvironmentStringsW` `WideCharToMultiByte` `GetEnvironmentStringsW` `SetHandleCount` `GetFileType` `DeleteCriticalSection` `HeapCreate` `VirtualFree` `QueryPerformanceCounter` `GetCurrentProcessId` `GetSystemTimeAsFileTime` `VirtualAlloc` `HeapReAlloc` `GetCPInfo` `GetOEMCP` `IsValidCodePage` `MultiByteToWideChar` `RtlUnwind` `LoadLibraryA` `InitializeCriticalSectionAndSpinCount` `GetModuleHandleA` `SetStdHandle` `GetConsoleCP` `GetConsoleMode` `FlushFileBuffers` `LCMapStringA` `LCMapStringW` `GetStringTypeA` `GetStringTypeW` `GetLocaleInfoA` `RaiseException` `WriteConsoleA` `GetConsoleOutputCP` `WriteConsoleW` `CreateFileA`

Delayed Imports

963

Type	`CAZADOTUTAFODIVASOHE`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x322`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.59806`
MD5	`2cd65ce3dc00f1f77f127fc1b8f889f4`
SHA1	`13e227a2b4746203214b02b2e18a881ecd65a5c1`
SHA256	`928f543ec688de25ff87a03bd0f0e3a625c2098a79e2171ed28529f417a9eea2`
SHA3	`43cc5b7a242fb2d8dcb9f8c77a9201a1e680b7bb4cf4fc1dcac68ceef150c8cb`

738

Type	`KER`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xacd`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.63701`
MD5	`8cd8342376e4b570b933fe5e7b28a5ce`
SHA1	`ed6b589df19a7ac1f368e9bafb0752fef1add70e`
SHA256	`b7f04c20bdd7e17012a2bfe512d8815accf48eb2f8f06e49a5eb2f2372eb5b76`
SHA3	`ca2f2aaa9f9768fa6ceb42f96735e9c75c62f7183f35558ace4d2e8fc7da4d84`

130

Type	`RUFEFEXAKUBUPEXAXUKECAVIPENUVORI`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x685`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.63947`
MD5	`ca503f3b7a6397f6ef7dcd60451e8b2d`
SHA1	`76ca1058214ae236b20924f38153453322bb34d3`
SHA256	`8b496ca70d5d0807912f31849b944ef4db8b4d88fa724eee9c40fbbcef659ba6`
SHA3	`9481e7dde4306dc605dbedfb938c784cc59ef6b0f11a15d551d5a217e6a20e9d`

27

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x130`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.44093`
MD5	`df7040d6bfffe170275ea7f8f46bc89d`
SHA1	`eb470be9aa613998d303922cd0a90dc0c89eb686`
SHA256	`665c5c54de11054a0fdbfe66f7a55567f1354657b489dc4c272ce44443f6131c`
SHA3	`888352f2739763b1ef7f94ec022fcc317a1e64b7164fad21068faec235da3d6c`

28

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.697`
MD5	`43a50c2f09e0a5994b49ed27a7cd89f3`
SHA1	`fbe8d240f3c5c5ef8c48e44fee1d4ea2e868e726`
SHA256	`688c7705da1cf555e6cd446aca007277e9dbc97967bb261e1f23f31a4f6721c1`
SHA3	`8b53d1fbe374e0be8bd64ef443fa782a894e705ac186b0f3ec32c08a60b2d2ab`

29

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.76287`
MD5	`53fae6172bd9e2af02f0cee75c62384c`
SHA1	`f5fb873564c65f3d6cb39dbd3305936f67e953c1`
SHA256	`3060c1f6855b4c81c6ab44cf155ca716021863a192a5e778d5626e1cb8f8f028`
SHA3	`f8c0ba633e60acc9cd1cbbae84bc0448b8d8aafe2bb0de93b59e2da57a2ba4ac`

1

Type	`RT_ICON`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.70405`
MD5	`c1547ae4c33feaa0885d0d5ca0fee3fc`
SHA1	`a176db8a09eb92715be7daa8b5848015b3212be4`
SHA256	`8874718d304a3516ddfc6ceddaeaab2bd3307b9527b756b3a540d11e7221cea1`
SHA3	`d1073de54d7a3a426fcf75ed01d778da94ce8721f1444511bb77a800256637aa`

2

Type	`RT_ICON`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.5331`
MD5	`200b0f0e35004164f6e50b8cb0082d35`
SHA1	`b416954bc911741f39e4b5f9acc93277c66bf771`
SHA256	`65dd8f176165bd3835c26e034f42737128e104ded66e917e59f821e7a9fcd9c7`
SHA3	`bd53d925bf80e65a31ddd2676d3fb30685357db07cea46b7be37dbb5671fb682`

3

Type	`RT_ICON`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.40433`
MD5	`fa04b000fd43212f443ab80f8a5ff30e`
SHA1	`0573b824148e68bff551010ed8428400cef1030d`
SHA256	`f9ed445c1469c245e1ca4cdd933c6ee7f56fa7869af7332109205070d41fe7ee`
SHA3	`9a997fa51c2bcab66aa51be80eebde034e19cd7e1a2ae939af281c7557220e48`

4

Type	`RT_ICON`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.59374`
MD5	`2e86c48a87d863d22afc58caee1b2235`
SHA1	`327cc688f0fca9a6b36e9db120251ded1412068a`
SHA256	`aa85dea02c9649b23bbcca05ce2fed43b04e2f6fdea9975b266a42f68733bea8`
SHA3	`b076305c1b461f9b93dc3d3cb34b4e7021fa086a773668167ed5957a8665282d`

5

Type	`RT_ICON`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.23204`
MD5	`1ab1b9858c4cf391d12603da954778c8`
SHA1	`e2b123541d0d4a8382c6860f6f8c8b133aa0a6ea`
SHA256	`a8c85c44f4be552f62a06da8d9289fd300a6f66ee56cc882409aae722e495923`
SHA3	`5d4a3664192ed0561262f69f9b19d5b9e1b5d331438460de6ed56a194893aca9`

6

Type	`RT_ICON`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.35137`
MD5	`23d56f51754a1817e97ceae0359fd543`
SHA1	`16507bb3a7f205ebe2c5bf5faa76cf52279f0f27`
SHA256	`d23a4819b283884509071fdca0b546eb8e5200ba4bbbec5bbe20c49d554beaa8`
SHA3	`88a72c20852c359710743567e33adf3ec0c811716e74b8ebdfa3bd6c45c0d465`

7

Type	`RT_ICON`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.26395`
MD5	`b48c4fc5be7548161c42684c9000cbd7`
SHA1	`9d019a5cbc5cf9e23a2d25aae6410619cd630932`
SHA256	`1930c4f5e94da64508e4c280cb143aa6afc74d15fa035a6297e03d9021729db2`
SHA3	`8c8bb1ac854d7ccc15396932cf542d362d32029799a3405193dbe167fa218284`

8

Type	`RT_ICON`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.7755`
MD5	`5174c2fdb698d575ca9c5c85a1678f97`
SHA1	`1ff190ef14029f8a16db41202a6e367cc556d549`
SHA256	`db3adb01ff86ae6eb0f7a93ee68ecab2e327c560f3583afb8dd415ad82f755bd`
SHA3	`38490174d12105727583beab67560ef53fe9a9068437b8c51cfd8f17d9ce1766`

9

Type	`RT_ICON`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.73551`
MD5	`d54c2878a21f4b587edf1b4fbf32f042`
SHA1	`46e9579d698c7d4000318618093d816b7a8f7b3e`
SHA256	`7c48d5a89ce7fd1731689671a6e9ea116c0c7b847affd8e66667c9e0a3b735b1`
SHA3	`1266a28bf364aba2d431fbc0de0f0dada14dc9cbef740aae550438376c0ed870`

10

Type	`RT_ICON`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0x6c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.52154`
MD5	`ffd84dced0b92a7aef968a97b632b014`
SHA1	`77b9551daa224db4d6fa8304c3aba495f22f4702`
SHA256	`ac654afd0c248e2f37389a75208be874d3449e569bf894952959b58572e9c28d`
SHA3	`efca8dd51f5762d24f9504a5faf0f8f7e9f30f70f012709601cfab0db4897e28`

11

Type	`RT_ICON`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.33034`
MD5	`0ea09f0c2334be7d2783fd3d9c7dfb38`
SHA1	`ac279702f2fcb18cd4d8622782d713e5b394b954`
SHA256	`56c1421527637ecc63ad8dc76be6c1e141fba3248c4649d28c9fef1de10bc944`
SHA3	`9320f503010c86e44bd116decdef39bd9cf7052ab123095845395fc218cc81d9`

12

Type	`RT_ICON`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.47071`
MD5	`a3a2f4d013f4f3e89590cf90cfb94aa8`
SHA1	`a8904b0c30aed3f1f8221a272b6f071ced345ad5`
SHA256	`2de19acc9844361ae06dcd18cefb7aea46943893dc0a1e17bc6873a7f6249dc7`
SHA3	`ad103c9d2bd43c4f19a7bde09bacb17a133134c99be1912dbe2a8b36b33a2693`

13

Type	`RT_ICON`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.75969`
MD5	`84e65db04c6ce1931b90efe75417825e`
SHA1	`5d4f9bcddd4d403f5fb81c50ecd68238c786f3b7`
SHA256	`9e685cad970d023d2449643f372e050cd735c0d0af18c70a7d76a806b9308192`
SHA3	`fb424670c6962b9988e4c05bea0cc5febe889d9603cb0d772fcdc00b3c5055b4`

14

Type	`RT_ICON`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.08602`
MD5	`49818fca89e97b3148c4f8e65737c857`
SHA1	`13449cc15de3b3ed9ed51898e90f9a11c3412ffc`
SHA256	`a763e6fedb2e4b3884cee6b06c64b6dc173a4dd59cf9acb6dcb97e4c317296c1`
SHA3	`d60c5d7e17f0b04074cdab751aacf26f9f4fd8eedbe41dc485b91d475314b4fc`

15

Type	`RT_ICON`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.82266`
MD5	`5b3bbd3760333b0504c60341084be0fa`
SHA1	`5832ad34e26adb8be39cbfcaf844a6db0bd281ef`
SHA256	`7929c6a86d1de8a4722f9d4abd855de6ef9b70120b3fd16067e58f3315d73c88`
SHA3	`58d9db811ba3dcf6227385589722fd14cde5807a8e07f1f98f010339fdafdf55`

16

Type	`RT_ICON`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.68739`
MD5	`8c906e712698a49743965487ff906c6a`
SHA1	`5ed3572aa612673bbdd226171f96b99c29b939c9`
SHA256	`c9a64fe47a4ef81682ecb80daef261d298cd5c749d6f91b063ed1e7469a144be`
SHA3	`93735cbaa8098620a23323df0c6abf8e22e3a95b6fc708a927831e98f35335f2`

17

Type	`RT_ICON`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.2681`
MD5	`1217e3d3acd0b98798cdf76489b03470`
SHA1	`e400e1f8028f5b73c43f20d3007144582f5b649a`
SHA256	`4c7ab8796909fede98b4b65a8568570f892e96dc0fc97d0adfbf68d73de0578c`
SHA3	`105f7b7abe9841a9d893ad2b436684828fed1c2ab31c3212001cbe14f4a5b328`

18

Type	`RT_ICON`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0x6c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.25272`
MD5	`1f6b7a4f9d5dcf56037e59f359b76a2f`
SHA1	`bafb3543d31e5b6af22a3add78ad94cde583eb49`
SHA256	`a52bf2e0cb18445ff2bcf63874201117fb58ae7656bd8d44de5b127d6f4ab9ad`
SHA3	`7e308fcf99680918490490d3c7b7d7eb27cc246362543e92b38624830ad89443`

19

Type	`RT_ICON`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.23492`
MD5	`39b451932d9214d61a58d7fef65eae11`
SHA1	`e8533fd23b7fd0bb763f02a46e42aff052eb3285`
SHA256	`0f9bb6e2fd4bbacf32ddf78ba974329e2ce89ee1b8243d85cc7837fcb2fc5c91`
SHA3	`d283ea88359d3e2b2971d2fbe93133d3a640de5f585f9b2131bb16645a3115d3`

20

Type	`RT_ICON`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.32007`
MD5	`cef6d7162fdc417427d59917a07735b1`
SHA1	`b3c1df0d1cda4f59ffff622bdb4f07952630331e`
SHA256	`a4b90192396bddd3bb59ed8aa1fc02cc604a162f020a2af7f4cc3ce81045b59a`
SHA3	`cea019b6cf7fef38a25e3607399979c7587781b3fdda5e52ed564d33490e2813`

21

Type	`RT_ICON`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.55692`
MD5	`c1c79a45031d1034a0442f25f6de01ae`
SHA1	`4855c0b264f1156f4783851bcb3b2db53ecf0dfe`
SHA256	`de4143d06c46acde5519b5614994d80840d8e3524ea5df42f4693bb4b52f1d28`
SHA3	`d875fa8d41c619c6e3e778ec8d1a92cb4ee3ad9048dc9564623b4b226ba27679`

22

Type	`RT_ICON`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.82515`
MD5	`0a4ac3cd9f9172e27d6b8785feedfe4a`
SHA1	`173183388f933d69f59a0caa91b5ea24236e3758`
SHA256	`3e4ddd1e87f60cb7b545e36926a6663f87c216a0adb8ba21b280207f71acb8a2`
SHA3	`4c8de340282524b033f601bfb5cb341f3cbc72c026d1125c9af260c6a1f034ca`

23

Type	`RT_ICON`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0x6c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.88259`
MD5	`991c3e1a1f80a702859407d1012b8bbe`
SHA1	`a219faafbb466fbead93dc1aa4129be28aec1ff5`
SHA256	`ba84260149e41ab53c7eca6642f91cabe291cf5a61194332e504249170350e45`
SHA3	`0a9377830601b5d178408ed5e6bf6c6bb959f151ebf73d3dc82de0848e38736f`

24

Type	`RT_ICON`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.62088`
MD5	`79c878f83276fb92ad286df63e9baa8d`
SHA1	`98dc0ff0bf91dc859ce2ddb892f21bad16c3a7e3`
SHA256	`9d72f9907183541b26a4aa7a07041492b0fe516552e4f1780497a9d8b250b7ae`
SHA3	`183d443d5be181a4d99230f1b0e25830ccd3bccda975bc63fcca8529b3c57adf`

25

Type	`RT_ICON`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.892`
MD5	`e4285d2c16b6ca75c3aff47ba8134789`
SHA1	`6081f9f1ac2c1e6c7ce744b80e125e00523eb46e`
SHA256	`8bcfbca2acf26932d8ab375e156c6603ead60c25cd51acfdaf37e65a5da70eb8`
SHA3	`f75c96317727f94f8e1a8b3106ff03f93caf048968f037fd8c249a7703ba9334`

26

Type	`RT_ICON`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.40329`
MD5	`04ca8b925a11064c45a28427408741ce`
SHA1	`8a11345dd43a3ac87a36e4f49b415e4da774d373`
SHA256	`3aae094dd6228f748fe0da0145481490bcf73c7b2cb9107152cb2558b7d1062e`
SHA3	`62418202bb972e6f8527545ebc80a1ea120a062d3a529dac1a52bf849bda7d47`

25 (#2)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x21a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.15238`
MD5	`defe3cecd9bbcae7128ee2b4889fb6ae`
SHA1	`f2405f2e4a8ea8e83b80651aadbb2de6f2cc4183`
SHA256	`0d81805e92d6c4e9a61700ac2268fdc014f506ff9755ae32251f2e4de099c0f1`
SHA3	`9ce1b30811412af7803bbd8bb9ab78f3a757253fbb41d409eafbc22358340bbe`

723

Type	`RT_ACCELERATOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x28`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.84209`
MD5	`7e808ac50e9cf05b88bb7ce978ce7be3`
SHA1	`a8f1d8fa1d62306421bf0a84a6d5369e920e9f77`
SHA256	`b26722778e208dd069bfa0e895f4e67952eeca67b8f9322c0f568d7cfe5fd737`
SHA3	`72fedfdb32fe316f9c1bce43494221a6f44d3f7d523f5480beb1a9b4bf470e79`

2384

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.42369`
Detected Filetype	Icon file
MD5	`9fac76833c6be6a9aee2b56144ad0579`
SHA1	`3cd1d68044c4979b4240056b99bc2a00110cecff`
SHA256	`4a2907349c7e93fc37a1b54ff2fa56bcb58b5b6d8a45a45d6f39fab76088d021`
SHA3	`977acdae8860be29e840b358c3bafcce22c0139f0431f7d1b83019ac047347e5`

2385

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.98048`
Detected Filetype	Icon file
MD5	`aad2ee16adb19f266c376a45d00c492a`
SHA1	`78a7706a680aab2ad58d128572c907198d997c87`
SHA256	`30235c9624716e07d7681a6f2ce21be3ce3f01f14a6e6291d4f5939200d15f08`
SHA3	`0be8f5f27bb77f1427723f04120afea3360818db9bd9cff86644228acdccb56f`

117

Type	`RT_GROUP_ICON`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.90861`
Detected Filetype	Icon file
MD5	`03879dc415ccef9ecd68530895c9f3c0`
SHA1	`f8cdd377f66bf83ba337fdbf2a53e5aa79669cac`
SHA256	`715c363160d7a6d349aef7d1abf609838ab16c53b3c435df55618bcce5bb3b2d`
SHA3	`148d862ea81cc5fad6d3ba3bf4bcc3eb1eb888cc8afb06121240ba07b22ad876`

118

Type	`RT_GROUP_ICON`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.83776`
Detected Filetype	Icon file
MD5	`eeb80c69c9fbf3358c8ff259c7a17b19`
SHA1	`bf3c11c0133e3e80dd1cb460f1d19963166d79a1`
SHA256	`582b16b3a55169ebdd7885cfa96227e80a971f13f6b395fe0469e06e2ce8b800`
SHA3	`cba4568dc45c11c33ae4c764adc6d4f4122d82c4cb62f4ac665b70538d6da01a`

119

Type	`RT_GROUP_ICON`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0x76`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.91481`
Detected Filetype	Icon file
MD5	`3fd594196581d8b66ec6a6c9c2c260c7`
SHA1	`d3f7187f7cbde5f8c20760f151e9ed89cc7e9886`
SHA256	`655b3bf20a9f1e6eb73a7379af92bcc79931147f2203b3792d58f747746ee557`
SHA3	`c9da016c0c5ddcc8d29a7595a2b966fffe6be2b4a6307515cdf630efb50f4acf`

121

Type	`RT_GROUP_ICON`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.81928`
Detected Filetype	Icon file
MD5	`9aeae978449e1caeac9e8ad714712f8c`
SHA1	`714ffdb2cb20da8916769c536cb4997dc22f1705`
SHA256	`b407e02c9a4613f954675f03975607ee08b84ec2899cb1789e4d9e8b8c485ff5`
SHA3	`a57998cc744d354982a5121063679f1ad649de876cab3006c5966e16ad0b7b78`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1a4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34933`
MD5	`0fd0e3a5484d39ef7e2d60d327c70c92`
SHA1	`9467100ea8fc6ea5eb164b10ed262046dbc420e1`
SHA256	`9c5701628d6ddcbac0748820cb6b5ee726765da4d2709a1851b0c3a6c01d260c`
SHA3	`b3d557f9edf0c89b22ab8565fb78c0512c460c0ba2c7d60551a547fe33a18099`

String Table contents

Favigomad bifavuve yolic nesutixikusane welokusosay pewebizaw
Wohicozelacey yewinucap cugupinexifepu gupigigamafe nexuxikajux zasuzogurujijav bevopowikokege
Delomufu nazekecibalap yama rumogekinexezig fuvaribamusem zubowohul
Dube bahevic rulexe pehudojipok

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.1
ProductVersion	1.0.0.1
FileFlags	`VS_FF_PATCHED` `VS_FF_PRERELEASE`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_STATIC_LIB`
Language	Chinese - PRC
InternalSurname	dhrj.uxe
Copyright	Copyrighd (C) 2020, odfrjv
ProductVersion (#2)	1.0.4.6

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x901cf85d`
Unmarked objects	`0`
C++ objects (VS2008 build 21022)	`37`
ASM objects (VS2008 build 21022)	`26`
C objects (VS2008 build 21022)	`122`
Imports (VS2012 build 50727 / VS2005 build 50727)	`3`
Total imports	`128`
138 (VS2008 build 21022)	`1`
Linker (VS2008 build 21022)	`1`
Resource objects (VS2008 build 21022)	`1`

Errors

[!] Error: Could not locate RT_ICON with ID 28!
[*] Warning: Resource 2384 is empty!
[!] Error: Could not locate RT_ICON with ID 27!
[*] Warning: Resource 2385 is empty!