Manalyze report for 50a5e891da27e63d54e68511e48aa026

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2016-Sep-09 21:39:00
Detected languages	English - United States
CompanyName	Tous Les Drivers
FileDescription	Mes Drivers
FileVersion	`3. 0. 4. 0`
InternalName
LegalCopyright	Copyright © 2016 Tous Les Drivers - Tous droits réservés
LegalTrademarks
OriginalFilename
ProductName	Mes Drivers
ProductVersion	`3. 0. 4. 0`
Comments

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: abyssmedia.com http://www.abyssmedia.com www.abyssmedia.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to RC5 or RC6`
Suspicious	The PE is possibly packed.	`Unusual section name found: .itext` `Unusual section name found: .didata`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress LoadLibraryA LoadLibraryW` `Can access the registry: RegQueryValueExW RegOpenKeyExW RegCloseKey RegSetValueExW RegDeleteKeyW RegCreateKeyExW` `Can create temporary files: GetTempPathW CreateFileW`
Suspicious	The PE is possibly a dropper.	`Resource RC_SCRIPT is possibly compressed or encrypted.` `Resources amount for 76.6289% of the executable.`
Info	The PE is digitally signed.	`Signer: Tous Les Drivers` `Issuer: COMODO Code Signing CA 2`
Malicious	VirusTotal score: 12/72 (Scanned on 2020-07-08 13:33:09)	`FireEye: Generic.mg.50a5e891da27e63d` `Sangfor: Malware` `APEX: Malicious` `Rising: Trojan.Wacatac!8.10C01 (RDMK:cmRtazq1Wxlgo7KwYOEaUtOojc4V)` `Zillya: Trojan.Generic.Win32.145` `Invincea: heuristic` `Jiangmin: Trojan.Agent.asds` `Webroot: W32.Adware.Gen` `VBA32: Trojan.MulDrop` `Ikarus: Trojan-Ransom.FileCrypter` `eGambit: Unsafe.AI_Score_99%` `MaxSecure: Trojan.Malware.11973.susgen`

Hashes

MD5	`50a5e891da27e63d54e68511e48aa026`
SHA1	`87073d85a7ba420b15c8bb9a9e4adc64db2bcfef`
SHA256	`0788aaea249d92a84f70047efcacaa54c26320b439c490ba3ce00457955031d6`
SHA3	`d1b0723c325ed0ebf73f2d2370574c1037b042da8b2d95e9e3349b56ceb820a7`
SSDeep	`24576:AfHFw5b9DOnFYrv+kjqipUompMEoNMDYSkbDknoI6JK+ZYtEi8ETtAM5B:sjFYrv+kjV45oeYSRnyJhOtEVcf5B`
Imports Hash	`4d1593f44a92d73f4ea9f088e5fc3214`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`10`
TimeDateStamp	2016-Sep-09 21:39:00
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_BYTES_REVERSED_HI` `IMAGE_FILE_BYTES_REVERSED_LO` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x55a00`
SizeOfInitializedData	`0x133c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0005678C (Section: .itext)`
BaseOfCode	`0x1000`
BaseOfData	`0x57000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x19f000`
SizeOfHeaders	`0x400`
Checksum	`0x18d8a0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`800e4957827a1c24c596699f76b0c69c`
SHA1	`fd070046529b5cde599ef04b53b869ef74a04358`
SHA256	`b6193f5a9da379706b5f75c92239f812923fe80acc0130646aa78671ecfa4c55`
SHA3	`cfa05fa7431fb119a72879dab729d69c582b737c59ed10b9694e78dab8e40a87`
VirtualSize	`0x54bac`
VirtualAddress	`0x1000`
SizeOfRawData	`0x54c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.34359`

.itext

MD5	`c5b9727d1aab330304b8405bbba975b0`
SHA1	`208fea796d5a02b2400894100e957c653bbbe021`
SHA256	`179cdb4396aab3f731557c9d2c2df71a25ffc851c631b5e9fd3aa964bfe9b036`
SHA3	`b336fd1ae3a7780741f67561c76aeadfd41300676260a780f64561b09324f9ca`
VirtualSize	`0xcd0`
VirtualAddress	`0x56000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x55000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.76395`

.data

MD5	`3ca4bced8d1e9c36b59158f134bd8052`
SHA1	`39db35fcf9b55d0008ff02c4edccf5e032fba2d7`
SHA256	`c4a5dba3285f973f53c3952f9214607979c3b6cd5a0c0dd541bf31393d24c507`
SHA3	`56dc6d725a64464bcf2f90f183c92eee07d72151a1580e05d95116072344830a`
VirtualSize	`0x1c90`
VirtualAddress	`0x57000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0x55e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.91883`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x6098`
VirtualAddress	`0x59000`
SizeOfRawData	`0`
PointerToRawData	`0x57c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`a01052e301b3ee86296ad3a1829fbe18`
SHA1	`442871ae8675ae635d34b3dcd875069b0601e04e`
SHA256	`a24a05a68d757677d02347720d28d4a7e9e6f1f775937b4aa77951904b1076d4`
SHA3	`22d1336dffb22068d180b299e3b729d07ee39c03990e707651b4a683335aa618`
VirtualSize	`0x1486`
VirtualAddress	`0x60000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x57c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.84799`

.didata

MD5	`b5187faa3a7cc1349cbd30ccacedd95d`
SHA1	`c3a8dc5f1ffc0eedc67e2365e03e28230c07d8c1`
SHA256	`d75e9c3b15fdb455fa7b2209a263917a5f4f618d1898b10ea618cd977d83387c`
SHA3	`501c6d036d95480d3b012881efcde706d5aec39d0c3d6d93c0ccfa3c2553e967`
VirtualSize	`0x154`
VirtualAddress	`0x62000`
SizeOfRawData	`0x200`
PointerToRawData	`0x59200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.41945`

.tls

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x10`
VirtualAddress	`0x63000`
SizeOfRawData	`0`
PointerToRawData	`0x59400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rdata

MD5	`64672f66414b05f1d6804cb6ef253ae1`
SHA1	`cdae6a959735d4646b00a6c841f3e40bff43dae5`
SHA256	`6e7bb05adce5730ec3d05706b801169126809aae4f6d263e2cc3939db3c9050a`
SHA3	`959057e79c3ff822128e00280c27711dca8a81ab50478e2b3b36721a5bfa788a`
VirtualSize	`0x18`
VirtualAddress	`0x64000`
SizeOfRawData	`0x200`
PointerToRawData	`0x59400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.20692`

.reloc

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x80a8`
VirtualAddress	`0x65000`
SizeOfRawData	`0`
PointerToRawData	`0x59600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`

.rsrc

MD5	`08b3496c86b67d3ddb5a415d170fcaf5`
SHA1	`0da36d93e4c6c694eaef8f25e9f76466f1af6eb0`
SHA256	`1225f0bac0dbf24be29a27b6887259eaaa76594b5666b4e98e2bbbf55f979f5f`
SHA3	`38cba3dae7c930a50a209e2f01ca69740f251c57a35d5c88795f60b03940ae33`
VirtualSize	`0x13029c`
VirtualAddress	`0x6e000`
SizeOfRawData	`0x130400`
PointerToRawData	`0x59600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.981`

Imports

oleaut32.dll	`SysFreeString` `SysReAllocStringLen` `SysAllocStringLen`
advapi32.dll	`RegQueryValueExW` `RegOpenKeyExW` `RegCloseKey`
user32.dll	`MessageBoxA` `CharNextW` `LoadStringW`
kernel32.dll	`Sleep` `VirtualFree` `VirtualAlloc` `lstrlenW` `lstrcpynW` `VirtualQuery` `GetTickCount` `GetSystemInfo` `GetVersion` `CompareStringW` `IsValidLocale` `SetThreadLocale` `GetSystemDefaultUILanguage` `GetUserDefaultUILanguage` `GetLocaleInfoW` `WideCharToMultiByte` `MultiByteToWideChar` `GetACP` `LoadLibraryExW` `GetStartupInfoW` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetCommandLineW` `FreeLibrary` `GetLastError` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `ExitProcess` `GetCurrentThreadId` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `FindFirstFileW` `FindClose` `WriteFile` `GetStdHandle` `CloseHandle`
kernel32.dll (#2)	`Sleep` `VirtualFree` `VirtualAlloc` `lstrlenW` `lstrcpynW` `VirtualQuery` `GetTickCount` `GetSystemInfo` `GetVersion` `CompareStringW` `IsValidLocale` `SetThreadLocale` `GetSystemDefaultUILanguage` `GetUserDefaultUILanguage` `GetLocaleInfoW` `WideCharToMultiByte` `MultiByteToWideChar` `GetACP` `LoadLibraryExW` `GetStartupInfoW` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetCommandLineW` `FreeLibrary` `GetLastError` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `ExitProcess` `GetCurrentThreadId` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `FindFirstFileW` `FindClose` `WriteFile` `GetStdHandle` `CloseHandle`
user32.dll (#2)	`MessageBoxA` `CharNextW` `LoadStringW`
version.dll	`VerQueryValueW` `GetFileVersionInfoSizeW` `GetFileVersionInfoW`
kernel32.dll (#3)	`Sleep` `VirtualFree` `VirtualAlloc` `lstrlenW` `lstrcpynW` `VirtualQuery` `GetTickCount` `GetSystemInfo` `GetVersion` `CompareStringW` `IsValidLocale` `SetThreadLocale` `GetSystemDefaultUILanguage` `GetUserDefaultUILanguage` `GetLocaleInfoW` `WideCharToMultiByte` `MultiByteToWideChar` `GetACP` `LoadLibraryExW` `GetStartupInfoW` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetCommandLineW` `FreeLibrary` `GetLastError` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `ExitProcess` `GetCurrentThreadId` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `FindFirstFileW` `FindClose` `WriteFile` `GetStdHandle` `CloseHandle`
advapi32.dll (#2)	`RegQueryValueExW` `RegOpenKeyExW` `RegCloseKey`
oleaut32.dll (#2)	`SysFreeString` `SysReAllocStringLen` `SysAllocStringLen`
ole32.dll	`CreateBindCtx` `CoTaskMemFree` `CLSIDFromProgID` `StringFromCLSID` `CoCreateInstance` `CoLockObjectExternal` `CoDisconnectObject` `CoRevokeClassObject` `CoRegisterClassObject` `CoUninitialize` `CoInitialize` `IsEqualGUID`
kernel32.dll (#4)	`Sleep` `VirtualFree` `VirtualAlloc` `lstrlenW` `lstrcpynW` `VirtualQuery` `GetTickCount` `GetSystemInfo` `GetVersion` `CompareStringW` `IsValidLocale` `SetThreadLocale` `GetSystemDefaultUILanguage` `GetUserDefaultUILanguage` `GetLocaleInfoW` `WideCharToMultiByte` `MultiByteToWideChar` `GetACP` `LoadLibraryExW` `GetStartupInfoW` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetCommandLineW` `FreeLibrary` `GetLastError` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `ExitProcess` `GetCurrentThreadId` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `FindFirstFileW` `FindClose` `WriteFile` `GetStdHandle` `CloseHandle`
oleaut32.dll (#3)	`SysFreeString` `SysReAllocStringLen` `SysAllocStringLen`
URLMON.DLL	`MkParseDisplayNameEx`
shell32.dll	`SHGetSpecialFolderPathW`
kernel32.dll (delay-loaded)	`Sleep` `VirtualFree` `VirtualAlloc` `lstrlenW` `lstrcpynW` `VirtualQuery` `GetTickCount` `GetSystemInfo` `GetVersion` `CompareStringW` `IsValidLocale` `SetThreadLocale` `GetSystemDefaultUILanguage` `GetUserDefaultUILanguage` `GetLocaleInfoW` `WideCharToMultiByte` `MultiByteToWideChar` `GetACP` `LoadLibraryExW` `GetStartupInfoW` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetCommandLineW` `FreeLibrary` `GetLastError` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `ExitProcess` `GetCurrentThreadId` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `FindFirstFileW` `FindClose` `WriteFile` `GetStdHandle` `CloseHandle`

Delayed Imports

Attributes	`0x1`
Name	`kernel32.dll`
ModuleHandle	`0x62060`
DelayImportAddressTable	`0x6206c`
DelayImportNameTable	`0x62088`
BoundDelayImportTable	`0x620a4`
UnloadDelayImportTable	`0x620b8`
TimeStamp	`1970-Jan-01 00:00:00`

1

Type	`TYPELIB`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x204c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.33973`
MD5	`f2f8ddd7d7563aeeb08ed6e7afbc3bd7`
SHA1	`5c22ce19217ab9eed405fba18d62cf9946d40277`
SHA256	`c2218ea909e66f3887d352cccf38308e786b704f3f1a4949fc2c8c7333763a30`
SHA3	`abece710019ffe1ce83444c365baff62cfd9344033d379359e79803fa61dde7a`

1 (#2)

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.47539`
MD5	`13946be41dccc3388debfe24da560102`
SHA1	`676f52494a469dbe0b7b9b1167d1cd90ec8dd095`
SHA256	`d2777c68b0e84f41ac13714738f48f8d8c72d27fd5b10be92cb9ac70652bace9`
SHA3	`59b01db25fcb842af14a96462793a54d2ebe32be0ada9280969adea4ef3dc6b8`

4086

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x38`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.56933`
MD5	`bae4e02fd0b15b675659d76d6dee4af4`
SHA1	`a7b09cd24d9b63177b6b523cc40eca4d06586207`
SHA256	`aea486c70aef08437a7651a209f71962236b3a1b99b6105ba26681b17bec30ee`
SHA3	`048201f97f04766502cabbc726591f25535313dafbeabb8b2d9d56468411b0d6`

4087

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x6f8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.32676`
MD5	`4aca53f4f82b650cfa938e990027524f`
SHA1	`5fffd565c6e80c3587cefe9419da3d7a417295e8`
SHA256	`721c939f05e4d46f54169188c2611928a9930b35fcf3ed27926a5dca1598f096`
SHA3	`b09ed05ea2584b3d5ca6868f49cdc9bc89a4afee59028da068f8f6b4969a98a8`

4088

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x32c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.47416`
MD5	`eebc68ebac0416779a2d6d0af7aeb489`
SHA1	`97638192eb00c28815981af982f6397a27e6378d`
SHA256	`4af3011693ca397fa76ef7728d90853d506bc3979dc0cd420634b2fc1b0f2bf2`
SHA3	`e3a37a63ddf0f89d0f306fc23de61393635c74f2ce39ff23503730684c6fbd61`

4089

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x388`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.29282`
MD5	`e9be0626adee5510e3f0092b886d3716`
SHA1	`6e52563aaacc1babdbb9dcc9c04113eb7b6452ed`
SHA256	`31e3de6623d9cd817fa5e06ab9c56523917d34dc973194a6e856e694fb738e8d`
SHA3	`5f08c8464a3f4f3f95d79cd1f698379cb85f29f3d48a78928d1198ea9dbbfcc1`

4090

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x3a4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.27923`
MD5	`08bde3809f9662a9f00c49f14780124b`
SHA1	`c5f536fba4c350a2b55525483f1f96da86ebf84a`
SHA256	`73e18c6f554db3e8edc571986817119549e0a54bc6fce552a2b1230b4ed42cae`
SHA3	`af94577a44609d61008b3c816a5ca5730299e3ebc5d57b18f7b0a11b5a671077`

4091

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x148`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.30087`
MD5	`c252188606422991583f9dea8c7a8636`
SHA1	`2fff622b585356909842f9916e802f2cb9145fb1`
SHA256	`7542005a74103f4c52ac7cf93bba9cc0052a6fe6ced2a4724f3cf93ddb6a040e`
SHA3	`bcb69a19e5e591ee26b9ff195883dfc801680f9ca28bbade197952f4130d64e0`

4092

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xcc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34889`
MD5	`41e84c55d83e38e1b0ccab4f95866254`
SHA1	`450faac12f2e13711bfc14c90b000d3cf66d9e5c`
SHA256	`e04403c92735b3fc70823791da7ca19ed2a76b68328a76743f07290479c44652`
SHA3	`5ebd657deaf91b038845ad4b68ebcec97e3c47da836a637a570e0d27d0a48024`

4093

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x204`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.38228`
MD5	`566d517be57b878457cba61f750a46f2`
SHA1	`a5057f29d14a22d532df8ce02872559737a5d898`
SHA256	`e3c67eaeb9ea2bd12962278f6875d2c4ebd5cb57ce7fce739813e7fb34ba77bf`
SHA3	`13b94b61069f6a277e9fc9c02099162ec513734535640eb6a8288400c1869db0`

4094

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x39c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.30205`
MD5	`db9a77ea3b0d0a3601430f7d914b2ab0`
SHA1	`d83a4f3c85030561385a8b729b5edf2c537ea930`
SHA256	`4acb0394d898fb2a05eeaad5520615fbeff2f3e6bbd059b577a480c9d1f54aaf`
SHA3	`4e0f158fb688895f7d84ed22bb8a885cfac5e128ee5e022070f00036501fb8a6`

4095

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x368`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.33504`
MD5	`3741a2bd1f45a6f7dd565b861bd29133`
SHA1	`29762905c357eaac6a985602401c60cd0424efe9`
SHA256	`f10da121b0f0bf3d5f5ac0760f62683d08cd0bad56af12fdf8e8f7fad4529973`
SHA3	`f5ad39eb8f57df7a7a77cedbc330999efe91d329313f5c42d35f7fe782a10a44`

4096

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.29724`
MD5	`33f363afbd02e7a492a2d081ba9ed2fa`
SHA1	`1d1fe7fd9e688b457cf737c16410aac80fbccfd4`
SHA256	`874de24ce29db1509dffb3a7da9c5c619afb33cb2c2506adce870cab7c22d95c`
SHA3	`f29524b889b461f2618faea6eb75f6b601e501e0f54a38575962ed2c4746d3a2`

RC_SCRIPT

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x12acd2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98776`
MD5	`34968f14f13edfd0a8b1f9a11e9679a3`
SHA1	`fbac39b51dfe7a11332670c9eabce07e4744a698`
SHA256	`dd86003b6d4b0c4938c2cb020fbd1dfdf783a022be67087d26c3e76daf003946`
SHA3	`941ffabf7385ab1436bceef066ee474fa2e37e05daee104d42d62f1a19109e54`

MAINICON

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91924`
Detected Filetype	Icon file
MD5	`6f191f45d2ea96b2d22e9eafa1a55bd7`
SHA1	`aa9a0930cb6ae38dd9645dbd2e85cf3796ed2977`
SHA256	`f01c223e6cf0e0f5c1d990ad720488af398180adb1b92e61c2144cf11d3130f8`
SHA3	`ab7f66f51b1cb5a30df00c2674a3a04e8323578947f36708e2e82dd5d04f0416`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x33c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.30473`
MD5	`53557164462bd7cb5cc387de3638ac49`
SHA1	`5614f80038e965b497d1ef29d0779604eb307da4`
SHA256	`74077a6c447b7cecc49e96c7c9c075aa88b169d0f1fc2865b4eb69454c56381c`
SHA3	`985ffd0fc758f9042c319d71c2f52646d1d00dbf3a015310d7bd18e8ba8af447`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x205`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.07702`
MD5	`e9ecae76eacbd463ba624258b228cb7c`
SHA1	`1f7a4ac818668409a72b84d61f503bc99750ce95`
SHA256	`3d5c4c22cf7b6f19338c3d8edf909f12c21aa390708c5443324dba0c40288729`
SHA3	`a13054f845e4d3b11934cc848c6977ec73e8690eab48da654b5a5ef8bde53716`

String Table contents

Demo Version
The object does not implement the observer interface
Error creating system registry entry
OLE error %.8x
Object factory for class %s missing
Type information missing for class %s
Incorrect type information for class %s
Dispatch interface missing from class %s
Method '%s' not supported by automation object
Variant does not reference an automation object
Dispatch methods do not support more than 64 parameters
DAX Error
COM Server Warning
There are still active COM objects in this application. One or more clients may have references to these objects, so manually closing
this application may cause those client application(s) to fail.

Are you sure you want to close this application?
Error: %s
Line: %d
Position: %d
%s
This program created with Unregistered version of ScriptCryptor.
Please register your copy to remove this window.
Visit http://www.abyssmedia.com for details.
''%s'' is not a valid integer value
%s (Version %d.%d, Build %d, %5:s)
%s Service Pack %4:d (Version %1:d.%2:d, Build %3:d, %5:s)
32-bit Edition
64-bit Edition
Windows
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2
Windows 2000
Windows XP
Windows Server 2003
Windows Server 2003 R2
Observer is not supported
Cannot have multiple single cast observers added to the observers collection
Invalid property path
Invalid property value
List capacity out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d)
Out of memory while expanding memory stream
%s has not been registered as a COM class
Error reading %s%s%s: %s
Stream read error
Property is read-only
Resource %s not found
%s.Seek not implemented
Operation not allowed on sorted list
Property %s does not exist
Stream write error
The specified file was not found
Start index out of bounds (%d)
Invalid count (%d)
Invalid destination index (%d)
Invalid code page
Ancestor for '%s' not found
Cannot assign a %s to a %s
Can't write to a read-only resource stream
Class %s not found
List does not allow duplicates ($0%x)
A component named %s already exists
String list does not allow duplicates
Cannot create file "%s". %s
Cannot open file "%s". %s
Invalid file name - %s
''%s'' is not a valid component name
Invalid property value
Mon
Tue
Wed
Thu
Fri
Sat
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Invalid source array
Invalid destination array
Character index out of bounds (%d)
Oct
Nov
Dec
January
February
March
April
May
June
July
August
September
October
November
December
Sun
Monitor support function not initialized
Feature not implemented
%s (%s, line %d)
Abstract Error
Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
%s
A call to an OS function failed
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Invalid variant type conversion
Invalid variant operation
Invalid NULL variant operation
Invalid variant operation (%s%.8x)
%s
Could not convert variant of type (%s) into type (%s)
Overflow while converting variant of type (%s) into type (%s)
Variant overflow
Invalid argument
Invalid variant type
Operation not supported
Unexpected variant error
External exception %x
Assertion failed
Interface not supported
Exception in safecall method
Object lock not owned
Invalid class typecast
Access violation at address %p. %s of address %p
Access violation
Stack overflow
Control-C hit
Privileged instruction
Exception %s in module %s at %p.
%s%s

Application Error
Format '%s' invalid or incompatible with argument
No argument for format '%s'
Variant method calls not supported
Read
Write
Error creating variant or safe array
Variant or safe array index out of bounds
Variant or safe array is locked
'%d.%d' is not a valid timestamp
Out of memory
I/O error %d
Too many open files
File access denied
Read beyond end of file
Disk full
Invalid numeric input
Division by zero
Range check error
Integer overflow
Invalid floating point operation
Floating point division by zero
Floating point overflow
Floating point underflow
Invalid pointer operation

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	3.0.4.0
ProductVersion	3.0.4.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
CompanyName	Tous Les Drivers
FileDescription	Mes Drivers
FileVersion (#2)	3. 0. 4. 0
InternalName
LegalCopyright	Copyright © 2016 Tous Les Drivers - Tous droits réservés
LegalTrademarks
OriginalFilename
ProductName	Mes Drivers
ProductVersion (#2)	3. 0. 4. 0
Comments

Resource LangID	English - United States

TLS Callbacks

StartAddressOfRawData	`0x463000`
EndAddressOfRawData	`0x463010`
AddressOfIndex	`0x457c04`
AddressOfCallbacks	`0x464010`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`(EMPTY)`

Load Configuration

RICH Header

Errors

[*] Warning: directory 5 has a size of 0! This PE may have been manually crafted!
[*] Warning: Section .bss has a size of 0!
[*] Warning: Section .tls has a size of 0!
[*] Warning: Section .reloc has a size of 0!