50a5e891da27e63d54e68511e48aa026

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2016-Sep-09 21:39:00
Detected languages English - United States
CompanyName Tous Les Drivers
FileDescription Mes Drivers
FileVersion 3. 0. 4. 0
InternalName
LegalCopyright Copyright © 2016 Tous Les Drivers - Tous droits réservés
LegalTrademarks
OriginalFilename
ProductName Mes Drivers
ProductVersion 3. 0. 4. 0
Comments

Plugin Output

Info Interesting strings found in the binary: Contains domain names:
  • abyssmedia.com
  • http://www.abyssmedia.com
  • www.abyssmedia.com
Info Cryptographic algorithms detected in the binary: Uses constants related to RC5 or RC6
Suspicious The PE is possibly packed. Unusual section name found: .itext
Unusual section name found: .didata
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryExW
  • GetProcAddress
  • LoadLibraryA
  • LoadLibraryW
Can access the registry:
  • RegQueryValueExW
  • RegOpenKeyExW
  • RegCloseKey
  • RegSetValueExW
  • RegDeleteKeyW
  • RegCreateKeyExW
Can create temporary files:
  • GetTempPathW
  • CreateFileW
Suspicious The PE is possibly a dropper. Resource RC_SCRIPT is possibly compressed or encrypted.
Resources amount for 76.6289% of the executable.
Info The PE is digitally signed. Signer: Tous Les Drivers
Issuer: COMODO Code Signing CA 2
Malicious VirusTotal score: 12/72 (Scanned on 2020-07-08 13:33:09) FireEye: Generic.mg.50a5e891da27e63d
Sangfor: Malware
APEX: Malicious
Rising: Trojan.Wacatac!8.10C01 (RDMK:cmRtazq1Wxlgo7KwYOEaUtOojc4V)
Zillya: Trojan.Generic.Win32.145
Invincea: heuristic
Jiangmin: Trojan.Agent.asds
Webroot: W32.Adware.Gen
VBA32: Trojan.MulDrop
Ikarus: Trojan-Ransom.FileCrypter
eGambit: Unsafe.AI_Score_99%
MaxSecure: Trojan.Malware.11973.susgen

Hashes

MD5 50a5e891da27e63d54e68511e48aa026
SHA1 87073d85a7ba420b15c8bb9a9e4adc64db2bcfef
SHA256 0788aaea249d92a84f70047efcacaa54c26320b439c490ba3ce00457955031d6
SHA3 d1b0723c325ed0ebf73f2d2370574c1037b042da8b2d95e9e3349b56ceb820a7
SSDeep 24576:AfHFw5b9DOnFYrv+kjqipUompMEoNMDYSkbDknoI6JK+ZYtEi8ETtAM5B:sjFYrv+kjV45oeYSRnyJhOtEVcf5B
Imports Hash 4d1593f44a92d73f4ea9f088e5fc3214

DOS Header

e_magic MZ
e_cblp 0x50
e_cp 0x2
e_crlc 0
e_cparhdr 0x4
e_minalloc 0xf
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0x1a
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 10
TimeDateStamp 2016-Sep-09 21:39:00
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0x55a00
SizeOfInitializedData 0x133c00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0005678C (Section: .itext)
BaseOfCode 0x1000
BaseOfData 0x57000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.0
ImageVersion 0.0
SubsystemVersion 5.0
Win32VersionValue 0
SizeOfImage 0x19f000
SizeOfHeaders 0x400
Checksum 0x18d8a0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x4000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 800e4957827a1c24c596699f76b0c69c
SHA1 fd070046529b5cde599ef04b53b869ef74a04358
SHA256 b6193f5a9da379706b5f75c92239f812923fe80acc0130646aa78671ecfa4c55
SHA3 cfa05fa7431fb119a72879dab729d69c582b737c59ed10b9694e78dab8e40a87
VirtualSize 0x54bac
VirtualAddress 0x1000
SizeOfRawData 0x54c00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.34359

.itext

MD5 c5b9727d1aab330304b8405bbba975b0
SHA1 208fea796d5a02b2400894100e957c653bbbe021
SHA256 179cdb4396aab3f731557c9d2c2df71a25ffc851c631b5e9fd3aa964bfe9b036
SHA3 b336fd1ae3a7780741f67561c76aeadfd41300676260a780f64561b09324f9ca
VirtualSize 0xcd0
VirtualAddress 0x56000
SizeOfRawData 0xe00
PointerToRawData 0x55000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.76395

.data

MD5 3ca4bced8d1e9c36b59158f134bd8052
SHA1 39db35fcf9b55d0008ff02c4edccf5e032fba2d7
SHA256 c4a5dba3285f973f53c3952f9214607979c3b6cd5a0c0dd541bf31393d24c507
SHA3 56dc6d725a64464bcf2f90f183c92eee07d72151a1580e05d95116072344830a
VirtualSize 0x1c90
VirtualAddress 0x57000
SizeOfRawData 0x1e00
PointerToRawData 0x55e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.91883

.bss

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x6098
VirtualAddress 0x59000
SizeOfRawData 0
PointerToRawData 0x57c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata

MD5 a01052e301b3ee86296ad3a1829fbe18
SHA1 442871ae8675ae635d34b3dcd875069b0601e04e
SHA256 a24a05a68d757677d02347720d28d4a7e9e6f1f775937b4aa77951904b1076d4
SHA3 22d1336dffb22068d180b299e3b729d07ee39c03990e707651b4a683335aa618
VirtualSize 0x1486
VirtualAddress 0x60000
SizeOfRawData 0x1600
PointerToRawData 0x57c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.84799

.didata

MD5 b5187faa3a7cc1349cbd30ccacedd95d
SHA1 c3a8dc5f1ffc0eedc67e2365e03e28230c07d8c1
SHA256 d75e9c3b15fdb455fa7b2209a263917a5f4f618d1898b10ea618cd977d83387c
SHA3 501c6d036d95480d3b012881efcde706d5aec39d0c3d6d93c0ccfa3c2553e967
VirtualSize 0x154
VirtualAddress 0x62000
SizeOfRawData 0x200
PointerToRawData 0x59200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.41945

.tls

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x10
VirtualAddress 0x63000
SizeOfRawData 0
PointerToRawData 0x59400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata

MD5 64672f66414b05f1d6804cb6ef253ae1
SHA1 cdae6a959735d4646b00a6c841f3e40bff43dae5
SHA256 6e7bb05adce5730ec3d05706b801169126809aae4f6d263e2cc3939db3c9050a
SHA3 959057e79c3ff822128e00280c27711dca8a81ab50478e2b3b36721a5bfa788a
VirtualSize 0x18
VirtualAddress 0x64000
SizeOfRawData 0x200
PointerToRawData 0x59400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.20692

.reloc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x80a8
VirtualAddress 0x65000
SizeOfRawData 0
PointerToRawData 0x59600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc

MD5 08b3496c86b67d3ddb5a415d170fcaf5
SHA1 0da36d93e4c6c694eaef8f25e9f76466f1af6eb0
SHA256 1225f0bac0dbf24be29a27b6887259eaaa76594b5666b4e98e2bbbf55f979f5f
SHA3 38cba3dae7c930a50a209e2f01ca69740f251c57a35d5c88795f60b03940ae33
VirtualSize 0x13029c
VirtualAddress 0x6e000
SizeOfRawData 0x130400
PointerToRawData 0x59600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.981

Imports

oleaut32.dll SysFreeString
SysReAllocStringLen
SysAllocStringLen
advapi32.dll RegQueryValueExW
RegOpenKeyExW
RegCloseKey
user32.dll MessageBoxA
CharNextW
LoadStringW
kernel32.dll Sleep
VirtualFree
VirtualAlloc
lstrlenW
lstrcpynW
VirtualQuery
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
kernel32.dll (#2) Sleep
VirtualFree
VirtualAlloc
lstrlenW
lstrcpynW
VirtualQuery
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
user32.dll (#2) MessageBoxA
CharNextW
LoadStringW
version.dll VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
kernel32.dll (#3) Sleep
VirtualFree
VirtualAlloc
lstrlenW
lstrcpynW
VirtualQuery
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
advapi32.dll (#2) RegQueryValueExW
RegOpenKeyExW
RegCloseKey
oleaut32.dll (#2) SysFreeString
SysReAllocStringLen
SysAllocStringLen
ole32.dll CreateBindCtx
CoTaskMemFree
CLSIDFromProgID
StringFromCLSID
CoCreateInstance
CoLockObjectExternal
CoDisconnectObject
CoRevokeClassObject
CoRegisterClassObject
CoUninitialize
CoInitialize
IsEqualGUID
kernel32.dll (#4) Sleep
VirtualFree
VirtualAlloc
lstrlenW
lstrcpynW
VirtualQuery
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
oleaut32.dll (#3) SysFreeString
SysReAllocStringLen
SysAllocStringLen
URLMON.DLL MkParseDisplayNameEx
shell32.dll SHGetSpecialFolderPathW
kernel32.dll (delay-loaded) Sleep
VirtualFree
VirtualAlloc
lstrlenW
lstrcpynW
VirtualQuery
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle

Delayed Imports

Attributes 0x1
Name kernel32.dll
ModuleHandle 0x62060
DelayImportAddressTable 0x6206c
DelayImportNameTable 0x62088
BoundDelayImportTable 0x620a4
UnloadDelayImportTable 0x620b8
TimeStamp 1970-Jan-01 00:00:00

1

Type TYPELIB
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x204c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.33973
MD5 f2f8ddd7d7563aeeb08ed6e7afbc3bd7
SHA1 5c22ce19217ab9eed405fba18d62cf9946d40277
SHA256 c2218ea909e66f3887d352cccf38308e786b704f3f1a4949fc2c8c7333763a30
SHA3 abece710019ffe1ce83444c365baff62cfd9344033d379359e79803fa61dde7a

1 (#2)

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0xca8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.47539
MD5 13946be41dccc3388debfe24da560102
SHA1 676f52494a469dbe0b7b9b1167d1cd90ec8dd095
SHA256 d2777c68b0e84f41ac13714738f48f8d8c72d27fd5b10be92cb9ac70652bace9
SHA3 59b01db25fcb842af14a96462793a54d2ebe32be0ada9280969adea4ef3dc6b8

4086

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x38
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.56933
MD5 bae4e02fd0b15b675659d76d6dee4af4
SHA1 a7b09cd24d9b63177b6b523cc40eca4d06586207
SHA256 aea486c70aef08437a7651a209f71962236b3a1b99b6105ba26681b17bec30ee
SHA3 048201f97f04766502cabbc726591f25535313dafbeabb8b2d9d56468411b0d6

4087

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x6f8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.32676
MD5 4aca53f4f82b650cfa938e990027524f
SHA1 5fffd565c6e80c3587cefe9419da3d7a417295e8
SHA256 721c939f05e4d46f54169188c2611928a9930b35fcf3ed27926a5dca1598f096
SHA3 b09ed05ea2584b3d5ca6868f49cdc9bc89a4afee59028da068f8f6b4969a98a8

4088

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x32c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.47416
MD5 eebc68ebac0416779a2d6d0af7aeb489
SHA1 97638192eb00c28815981af982f6397a27e6378d
SHA256 4af3011693ca397fa76ef7728d90853d506bc3979dc0cd420634b2fc1b0f2bf2
SHA3 e3a37a63ddf0f89d0f306fc23de61393635c74f2ce39ff23503730684c6fbd61

4089

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x388
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.29282
MD5 e9be0626adee5510e3f0092b886d3716
SHA1 6e52563aaacc1babdbb9dcc9c04113eb7b6452ed
SHA256 31e3de6623d9cd817fa5e06ab9c56523917d34dc973194a6e856e694fb738e8d
SHA3 5f08c8464a3f4f3f95d79cd1f698379cb85f29f3d48a78928d1198ea9dbbfcc1

4090

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x3a4
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.27923
MD5 08bde3809f9662a9f00c49f14780124b
SHA1 c5f536fba4c350a2b55525483f1f96da86ebf84a
SHA256 73e18c6f554db3e8edc571986817119549e0a54bc6fce552a2b1230b4ed42cae
SHA3 af94577a44609d61008b3c816a5ca5730299e3ebc5d57b18f7b0a11b5a671077

4091

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x148
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.30087
MD5 c252188606422991583f9dea8c7a8636
SHA1 2fff622b585356909842f9916e802f2cb9145fb1
SHA256 7542005a74103f4c52ac7cf93bba9cc0052a6fe6ced2a4724f3cf93ddb6a040e
SHA3 bcb69a19e5e591ee26b9ff195883dfc801680f9ca28bbade197952f4130d64e0

4092

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0xcc
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.34889
MD5 41e84c55d83e38e1b0ccab4f95866254
SHA1 450faac12f2e13711bfc14c90b000d3cf66d9e5c
SHA256 e04403c92735b3fc70823791da7ca19ed2a76b68328a76743f07290479c44652
SHA3 5ebd657deaf91b038845ad4b68ebcec97e3c47da836a637a570e0d27d0a48024

4093

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x204
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.38228
MD5 566d517be57b878457cba61f750a46f2
SHA1 a5057f29d14a22d532df8ce02872559737a5d898
SHA256 e3c67eaeb9ea2bd12962278f6875d2c4ebd5cb57ce7fce739813e7fb34ba77bf
SHA3 13b94b61069f6a277e9fc9c02099162ec513734535640eb6a8288400c1869db0

4094

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x39c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.30205
MD5 db9a77ea3b0d0a3601430f7d914b2ab0
SHA1 d83a4f3c85030561385a8b729b5edf2c537ea930
SHA256 4acb0394d898fb2a05eeaad5520615fbeff2f3e6bbd059b577a480c9d1f54aaf
SHA3 4e0f158fb688895f7d84ed22bb8a885cfac5e128ee5e022070f00036501fb8a6

4095

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x368
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.33504
MD5 3741a2bd1f45a6f7dd565b861bd29133
SHA1 29762905c357eaac6a985602401c60cd0424efe9
SHA256 f10da121b0f0bf3d5f5ac0760f62683d08cd0bad56af12fdf8e8f7fad4529973
SHA3 f5ad39eb8f57df7a7a77cedbc330999efe91d329313f5c42d35f7fe782a10a44

4096

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x2b8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.29724
MD5 33f363afbd02e7a492a2d081ba9ed2fa
SHA1 1d1fe7fd9e688b457cf737c16410aac80fbccfd4
SHA256 874de24ce29db1509dffb3a7da9c5c619afb33cb2c2506adce870cab7c22d95c
SHA3 f29524b889b461f2618faea6eb75f6b601e501e0f54a38575962ed2c4746d3a2

RC_SCRIPT

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x12acd2
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.98776
MD5 34968f14f13edfd0a8b1f9a11e9679a3
SHA1 fbac39b51dfe7a11332670c9eabce07e4744a698
SHA256 dd86003b6d4b0c4938c2cb020fbd1dfdf783a022be67087d26c3e76daf003946
SHA3 941ffabf7385ab1436bceef066ee474fa2e37e05daee104d42d62f1a19109e54

MAINICON

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.91924
Detected Filetype Icon file
MD5 6f191f45d2ea96b2d22e9eafa1a55bd7
SHA1 aa9a0930cb6ae38dd9645dbd2e85cf3796ed2977
SHA256 f01c223e6cf0e0f5c1d990ad720488af398180adb1b92e61c2144cf11d3130f8
SHA3 ab7f66f51b1cb5a30df00c2674a3a04e8323578947f36708e2e82dd5d04f0416

1 (#3)

Type RT_VERSION
Language English - United States
Codepage Latin 1 / Western European
Size 0x33c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.30473
MD5 53557164462bd7cb5cc387de3638ac49
SHA1 5614f80038e965b497d1ef29d0779604eb307da4
SHA256 74077a6c447b7cecc49e96c7c9c075aa88b169d0f1fc2865b4eb69454c56381c
SHA3 985ffd0fc758f9042c319d71c2f52646d1d00dbf3a015310d7bd18e8ba8af447

1 (#4)

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x205
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.07702
MD5 e9ecae76eacbd463ba624258b228cb7c
SHA1 1f7a4ac818668409a72b84d61f503bc99750ce95
SHA256 3d5c4c22cf7b6f19338c3d8edf909f12c21aa390708c5443324dba0c40288729
SHA3 a13054f845e4d3b11934cc848c6977ec73e8690eab48da654b5a5ef8bde53716

String Table contents

Demo Version
The object does not implement the observer interface
Error creating system registry entry
OLE error %.8x
Object factory for class %s missing
Type information missing for class %s
Incorrect type information for class %s
Dispatch interface missing from class %s
Method '%s' not supported by automation object
Variant does not reference an automation object
Dispatch methods do not support more than 64 parameters
DAX Error
COM Server Warning
There are still active COM objects in this application. One or more clients may have references to these objects, so manually closing
this application may cause those client application(s) to fail.
Are you sure you want to close this application?
Error: %s
Line: %d
Position: %d
%s
This program created with Unregistered version of ScriptCryptor.
Please register your copy to remove this window.
Visit http://www.abyssmedia.com for details.
''%s'' is not a valid integer value
%s (Version %d.%d, Build %d, %5:s)
%s Service Pack %4:d (Version %1:d.%2:d, Build %3:d, %5:s)
32-bit Edition
64-bit Edition
Windows
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2
Windows 2000
Windows XP
Windows Server 2003
Windows Server 2003 R2
Observer is not supported
Cannot have multiple single cast observers added to the observers collection
Invalid property path
Invalid property value
List capacity out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d)
Out of memory while expanding memory stream
%s has not been registered as a COM class
Error reading %s%s%s: %s
Stream read error
Property is read-only
Resource %s not found
%s.Seek not implemented
Operation not allowed on sorted list
Property %s does not exist
Stream write error
The specified file was not found
Start index out of bounds (%d)
Invalid count (%d)
Invalid destination index (%d)
Invalid code page
Ancestor for '%s' not found
Cannot assign a %s to a %s
Can't write to a read-only resource stream
Class %s not found
List does not allow duplicates ($0%x)
A component named %s already exists
String list does not allow duplicates
Cannot create file "%s". %s
Cannot open file "%s". %s
Invalid file name - %s
''%s'' is not a valid component name
Invalid property value
Mon
Tue
Wed
Thu
Fri
Sat
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Invalid source array
Invalid destination array
Character index out of bounds (%d)
Oct
Nov
Dec
January
February
March
April
May
June
July
August
September
October
November
December
Sun
Monitor support function not initialized
Feature not implemented
%s (%s, line %d)
Abstract Error
Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
%s
A call to an OS function failed
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Invalid variant type conversion
Invalid variant operation
Invalid NULL variant operation
Invalid variant operation (%s%.8x)
%s
Could not convert variant of type (%s) into type (%s)
Overflow while converting variant of type (%s) into type (%s)
Variant overflow
Invalid argument
Invalid variant type
Operation not supported
Unexpected variant error
External exception %x
Assertion failed
Interface not supported
Exception in safecall method
Object lock not owned
Invalid class typecast
Access violation at address %p. %s of address %p
Access violation
Stack overflow
Control-C hit
Privileged instruction
Exception %s in module %s at %p.
%s%s
Application Error
Format '%s' invalid or incompatible with argument
No argument for format '%s'
Variant method calls not supported
Read
Write
Error creating variant or safe array
Variant or safe array index out of bounds
Variant or safe array is locked
'%d.%d' is not a valid timestamp
Out of memory
I/O error %d
Too many open files
File access denied
Read beyond end of file
Disk full
Invalid numeric input
Division by zero
Range check error
Integer overflow
Invalid floating point operation
Floating point division by zero
Floating point overflow
Floating point underflow
Invalid pointer operation

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 3.0.4.0
ProductVersion 3.0.4.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_UNKNOWN
Language English - United States
CompanyName Tous Les Drivers
FileDescription Mes Drivers
FileVersion (#2) 3. 0. 4. 0
InternalName
LegalCopyright Copyright © 2016 Tous Les Drivers - Tous droits réservés
LegalTrademarks
OriginalFilename
ProductName Mes Drivers
ProductVersion (#2) 3. 0. 4. 0
Comments
Resource LangID English - United States

TLS Callbacks

StartAddressOfRawData 0x463000
EndAddressOfRawData 0x463010
AddressOfIndex 0x457c04
AddressOfCallbacks 0x464010
SizeOfZeroFill 0
Characteristics IMAGE_SCN_TYPE_REG
Callbacks (EMPTY)

Load Configuration

RICH Header

Errors

[*] Warning: directory 5 has a size of 0! This PE may have been manually crafted! [*] Warning: Section .bss has a size of 0! [*] Warning: Section .tls has a size of 0! [*] Warning: Section .reloc has a size of 0!
<-- -->