Manalyze report for 51edc65c82e856667a05f6bd2e8ba9633cf7bc565f3e5293011d2f909b99d596

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2023-Jul-27 22:43:38
Detected languages	English - United States

Plugin Output

Suspicious	This PE is packed with Themida	`Unusual section name found:` `Unusual section name found:` `Unusual section name found:` `Unusual section name found:` `Unusual section name found:` `Unusual section name found: .themida` `Section .themida is both writable and executable.` `Unusual section name found: .boot`
Suspicious	The PE contains functions most legitimate programs don't use.	`Can access the registry: RegCloseKey` `Possibly launches other programs: ShellExecuteW` `Leverages the raw socket API to access the Internet: getpeername`
Malicious	VirusTotal score: 8/70 (Scanned on 2026-01-22 11:08:17)	`Bkav: W32.AIDetectMalware` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `Gridinsoft: Malware.Win32.Gen.cc` `Malwarebytes: Malware.Heuristic.2123` `SentinelOne: Static AI - Suspicious PE` `Trapmine: malicious.moderate.ml.score` `tehtris: Generic.Malware`

Hashes

MD5	`3bdb3520650560409ae671778a786deb`
SHA1	`6373e625a77586e9c1af362e18690dd1d9f91d6d`
SHA256	`51edc65c82e856667a05f6bd2e8ba9633cf7bc565f3e5293011d2f909b99d596`
SHA3	`3d6f99e3edd6b93babf0a316243c00fed26dd963c943f28e47012076a4fee741`
SSDeep	`196608:c0lpAJBgjoz3rhfLumvDoLA9abU1JeKhXYPqsUQRGKGfKpz6a7zydFL:c0oJO8HvDoLuabUeKdOWSGf+Wa7zyd9`
Imports Hash	`f6ec3ede6be10ccdebf8ff7934db9aad`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x168`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`12`
TimeDateStamp	2023-Jul-27 22:43:38
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x52e400`
SizeOfInitializedData	`0x38f200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x010C8058 (Section: .boot)`
BaseOfCode	`0x1000`
BaseOfData	`0x530000`
ImageBase	`0x10000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x157d000`
SizeOfHeaders	`0x600`
Checksum	`0x82f6d2`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

MD5	`284804988e4efd314faad96ddebc6b1d`
SHA1	`2482c773b5a5393e2bde62551a85f6df110d59c5`
SHA256	`b1b65567183f541e7587b24bf024b2f40eb4f3cb5ea9b45a490eb3f5105b5efc`
SHA3	`4dccda103be74b286168e7de165c68172317899b87734659752678429e350098`
VirtualSize	`0x52e30a`
VirtualAddress	`0x1000`
SizeOfRawData	`0x24ec00`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.98623`

(#2)

MD5	`46f484f515125d24522de58c38d61a08`
SHA1	`432fd573659e98d68fb7b4cabb57388d2785a492`
SHA256	`d0b768ddef72ca207c24cce62eb8b6433814e7482a850754a66711c7eb411353`
SHA3	`ce06c8624447d3f2cd3043524d60fccc12aa605053a1d339fb69052129237cdb`
VirtualSize	`0x24a6bc`
VirtualAddress	`0x530000`
SizeOfRawData	`0xa8800`
PointerToRawData	`0x24f200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.93862`

(#3)

MD5	`f0087bb6108f0759dd64df8a131ad0e1`
SHA1	`55b424457d302f09d368e3bd0217b57a6b46e95f`
SHA256	`534bc2fdb0f2cc2028ae2baf654b81962baded2f094e9425e56c31e7dd0c016a`
SHA3	`28d83f2fcad3ddc67620d1ec66be92ca94f90b17e739ca6f53aa7b86e8d2c557`
VirtualSize	`0xf4674`
VirtualAddress	`0x77b000`
SizeOfRawData	`0x48e00`
PointerToRawData	`0x2f7a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.95039`

(#4)

MD5	`9bc8ebd8c026192ab466e627f404a664`
SHA1	`ff4c615367273d44418d56034a09459a954402f5`
SHA256	`a16a9752977e4b167cae417b5d673fa62991f2e474f8310dc04a95c8060a4755`
SHA3	`37b278a57d034d631ef4ad3b25c69ab4d984877f94041d7dca445c496466f3cb`
VirtualSize	`0x11f78`
VirtualAddress	`0x870000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x340800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.95162`

(#5)

MD5	`5c4b3e089b7a891392b33754490ccb30`
SHA1	`d8088bc54f8bf473f290e19a65b73d64e27c4bc8`
SHA256	`4721e58ce2a004e773ac53a23d3e8c435c737776fb370829f4e8567d3e7a15da`
SHA3	`5f7d9f925cb0f4899955706436a71b9f003db174ae9a56653ddb3f7fd5e7063c`
VirtualSize	`0x3e150`
VirtualAddress	`0x882000`
SizeOfRawData	`0x25800`
PointerToRawData	`0x343800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.97857`

.edata

MD5	`6b6a86e510682a0720f1fa1d65fb4acc`
SHA1	`32c158e9c88996ca58abfc98e51599d9fd7a1f7a`
SHA256	`aa81215cc9f31686e2df14cfd8fcb74546aa6154ec8e4bc1b7f979a44189fb26`
SHA3	`0649db5a5364522cfad81abebd6733fb36faa108865a7cd28c6db8d235163ab5`
VirtualSize	`0x1000`
VirtualAddress	`0x8c1000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x369000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.35617`

.idata

MD5	`ea94f595648c3634b2eb4604d6ec7792`
SHA1	`ece2cbf3eb991212f3b88155b54574b94ce9c057`
SHA256	`f7327fd0e68c4cb63b95c59df7ab59f2f2e966d0186202952425430c762e558c`
SHA3	`2440751896407cf293633ff2403ef226b4632501b8c977553a482f2399837a6c`
VirtualSize	`0x1000`
VirtualAddress	`0x8c2000`
SizeOfRawData	`0x800`
PointerToRawData	`0x369e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.95352`

.tls

MD5	`6cefe7f2a46cf2de542cd648dd764cd4`
SHA1	`43d613d1f5c01ff724a122cb2d1e3fcc4d4eef13`
SHA256	`5d769f955b2bfdf709b625f821e16596d9edd1ca2ca353a22adeb830f196ff15`
SHA3	`018a42982948df59b94fc6e6d7eb101aadb72366d8d56a294f27a1c824a77558`
VirtualSize	`0x1000`
VirtualAddress	`0x8c3000`
SizeOfRawData	`0x200`
PointerToRawData	`0x36a600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.226572`

.rsrc

MD5	`7679c39b56be450dbd7e5def6704fad4`
SHA1	`8706ea90368a8118f119da738cf2f741681aadb3`
SHA256	`1f8bbacefa449d25679ef2d7572e34d8b931903758f99488b9614710a4320b4f`
SHA3	`ab22de64396d976c16dc93fb82b131b6b3a541466feefbbb7ebc747377e7a5eb`
VirtualSize	`0x1c00`
VirtualAddress	`0x8c4000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0x36a800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.52732`

.themida

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x802000`
VirtualAddress	`0x8c6000`
SizeOfRawData	`0`
PointerToRawData	`0x36c400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.boot

MD5	`ee1faf3c9e083d2311442a728487f0d8`
SHA1	`1c01c98e0b750cb8c6d5579a2fe9de93b8f4c44e`
SHA256	`d508b703cdcf57018a946098b852288f3c4afe530d0279668716c1417f382a29`
SHA3	`c5ad59681e87b57eb112c629c4c46160b603e4b3d4a9d856ba48ad2c2cabe5cc`
VirtualSize	`0x4b3c00`
VirtualAddress	`0x10c8000`
SizeOfRawData	`0x4b3c00`
PointerToRawData	`0x36c400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.95279`

.reloc

MD5	`d94e8960f64c250ce6fd937c5bd2cd0d`
SHA1	`22a2b216d7756ea912421f4d525deb7ff714f2af`
SHA256	`d6c336c4699c3bb3b4d3c78e8af90622804c3a05d292b37deee336f82bd45a8a`
SHA3	`408e4dc5b2b8bf7471aee2bf9c9810d96fb242ba704c96095997fb7960452934`
VirtualSize	`0x1000`
VirtualAddress	`0x157c000`
SizeOfRawData	`0x10`
PointerToRawData	`0x820000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ`
Entropy	`2.27178`

Imports

kernel32.dll	`GetModuleHandleA`
dbghelp.dll	`SymGetModuleBase`
dwmapi.dll	`DwmExtendFrameIntoClientArea`
OPENGL32.dll	`wglMakeCurrent`
glew32.dll	`__glewFramebufferTexture2DEXT`
gdiplus.dll	`GdiplusStartup`
libcocos2d.dll	`?create@CCShow@cocos2d@@SAPAV12@XZ`
libExtensions.dll	`?send@CCHttpClient@extension@cocos2d@@QAEXPAVCCHttpRequest@23@@Z`
fmod.dll	`?removeDSP@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@PAVDSP@2@@Z`
discord_game_sdk.dll	`DiscordCreate`
steam_api.dll	`SteamAPI_GetHSteamUser`
CRYPT32.dll	`CertEnumCertificatesInStore`
WS2_32.dll	`getpeername`
ntdll.dll	`RtlUnwind`
USER32.dll	`SetClipboardData`
GDI32.dll	`CreateDIBitmap`
COMDLG32.dll	`GetSaveFileNameW`
ADVAPI32.dll	`RegCloseKey`
SHELL32.dll	`ShellExecuteW`
ole32.dll	`CoTaskMemFree`
OLEAUT32.dll	`OleCreatePropertyFrame`
MFPlat.DLL	`MFStartup`
MF.dll	`MFEnumDeviceSources`
MFReadWrite.dll	`MFCreateSourceReaderFromURL`
dxgi.dll	`CreateDXGIFactory`
d3d11.dll	`D3D11CreateDevice`
SHLWAPI.dll	`#219`

Delayed Imports

?Create@Button@MegaHackExt@@SAPAV12@PBD@Z

Ordinal	`1`
Address	`0xa7190`

?Create@CheckBox@MegaHackExt@@SAPAV12@PBD@Z

Ordinal	`2`
Address	`0xa7310`

?Create@ColourPicker@MegaHackExt@@SAPAV12@UColour@2@@Z

Ordinal	`3`
Address	`0xa7d70`

?Create@ComboBox@MegaHackExt@@SAPAV12@PBD0@Z

Ordinal	`4`
Address	`0xa7520`

?Create@HorizontalLayout@MegaHackExt@@SAPAV12@PAX0@Z

Ordinal	`5`
Address	`0xa6f40`

?Create@Label@MegaHackExt@@SAPAV12@PBD@Z

Ordinal	`6`
Address	`0xa6fa0`

?Create@SelectionBox@MegaHackExt@@SAPAV12@PBD@Z

Ordinal	`7`
Address	`0xa7ef0`

?Create@Spinner@MegaHackExt@@SAPAV12@PBD0@Z

Ordinal	`8`
Address	`0xa7b10`

?Create@TextBox@MegaHackExt@@SAPAV12@PBD@Z

Ordinal	`9`
Address	`0xa78a0`

?Create@Window@MegaHackExt@@SAPAV12@PBD@Z

Ordinal	`10`
Address	`0xa6d90`

?HPX_CallOnMainThread@@YAXP6GXPAX@Z@Z

Ordinal	`11`
Address	`0xa65f0`

?HackproAddButton@@YA_NPAXPBDP6GX0@Z@Z

Ordinal	`12`
Address	`0xa5b20`

?HackproAddCheckbox@@YAPAXPAXPBDP6GX0@Z2@Z

Ordinal	`13`
Address	`0xa5ce0`

?HackproAddComboBox@@YAPAXPAXP6GX0HPBD@Z@Z

Ordinal	`14`
Address	`0xa5f60`

?HackproAddTextBox@@YAPAXPAXP6GX0@Z@Z

Ordinal	`15`
Address	`0xa6210`

?HackproCommitExt@@YA_NPAX@Z

Ordinal	`16`
Address	`0xa64f0`

?HackproGetTextBoxText@@YAPBDPAX@Z

Ordinal	`17`
Address	`0xa64a0`

?HackproGetUserData@@YAPAXPAX@Z

Ordinal	`18`
Address	`0xa64e0`

?HackproInitialiseExt@@YAPAXPBD@Z

Ordinal	`19`
Address	`0xa5960`

?HackproIsReady@@YA_NXZ

Ordinal	`20`
Address	`0x60320`

?HackproSetCheckbox@@YA_NPAX_N@Z

Ordinal	`21`
Address	`0xa5ee0`

?HackproSetComboBoxIndex@@YA_NPAXH@Z

Ordinal	`22`
Address	`0xa61f0`

?HackproSetComboBoxStrs@@YA_NPAXPAPBD@Z

Ordinal	`23`
Address	`0xa60a0`

?HackproSetTextBoxPlaceholder@@YA_NPAXPBD@Z

Ordinal	`24`
Address	`0xa63d0`

?HackproSetTextBoxText@@YA_NPAXPBD@Z

Ordinal	`25`
Address	`0xa6310`

?HackproSetUserData@@YAXPAX0@Z

Ordinal	`26`
Address	`0xa64c0`

?add@Window@MegaHackExt@@QAEXPAX@Z

Ordinal	`27`
Address	`0xa6f20`

?commit@Client@MegaHackExt@@YAXPAX@Z

Ordinal	`28`
Address	`0xa6d80`

?get@CheckBox@MegaHackExt@@QBE_NXZ

Ordinal	`29`
Address	`0xa7510`

?get@ColourPicker@MegaHackExt@@QBE?AUColour@2@XZ

Ordinal	`30`
Address	`0xa7ec0`

?get@ComboBox@MegaHackExt@@QBEHXZ

Ordinal	`31`
Address	`0xa7890`

?get@SelectionBox@MegaHackExt@@QBE_NH@Z

Ordinal	`32`
Address	`0xa8290`

?get@Spinner@MegaHackExt@@QBENXZ

Ordinal	`33`
Address	`0xa7d60`

?get@TextBox@MegaHackExt@@QBEPBDXZ

Ordinal	`34`
Address	`0xa7af0`

?getKeybind@Client@MegaHackExt@@YAABV?$vector@EV?$allocator@E@std@@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z

Ordinal	`35`
Address	`0xa6ac0`

?getKeys@Client@MegaHackExt@@YAABV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@XZ

Ordinal	`36`
Address	`0xa6a40`

?getModEnabled@Client@MegaHackExt@@YA_NPBD@Z

Ordinal	`37`
Address	`0xa69a0`

?set@CheckBox@MegaHackExt@@QAEX_N0@Z

Ordinal	`38`
Address	`0xa7500`

?set@ColourPicker@MegaHackExt@@QAEXUColour@2@_N@Z

Ordinal	`39`
Address	`0xa7e90`

?set@ComboBox@MegaHackExt@@QAEXH_N@Z

Ordinal	`40`
Address	`0xa7880`

?set@Label@MegaHackExt@@QAEXPBD@Z

Ordinal	`41`
Address	`0xa70d0`

?set@SelectionBox@MegaHackExt@@QAEXH_N@Z

Ordinal	`42`
Address	`0xa8210`

?set@Spinner@MegaHackExt@@QAEXN_N@Z

Ordinal	`43`
Address	`0xa7d40`

?set@TextBox@MegaHackExt@@QAEXPBD@Z

Ordinal	`44`
Address	`0xa7a30`

?setCallback@Button@MegaHackExt@@QAEXP6GXPAV12@@Z@Z

Ordinal	`45`
Address	`0xa7290`

?setCallback@CheckBox@MegaHackExt@@QAEXP6GXPAV12@_N@Z@Z

Ordinal	`46`
Address	`0xa7420`

?setCallback@ColourPicker@MegaHackExt@@QAEXP6GXPAV12@UColour@2@@Z@Z

Ordinal	`47`
Address	`0xa7e10`

?setCallback@ComboBox@MegaHackExt@@QAEXP6GXPAV12@HPBD@Z@Z

Ordinal	`48`
Address	`0xa7710`

?setCallback@SelectionBox@MegaHackExt@@QAEXP6GXPAV12@@Z@Z

Ordinal	`49`
Address	`0xa8030`

?setCallback@Spinner@MegaHackExt@@QAEXP6GXPAV12@N@Z@Z

Ordinal	`50`
Address	`0xa7cc0`

?setCallback@TextBox@MegaHackExt@@QAEXP6GXPAV12@PBD@Z@Z

Ordinal	`51`
Address	`0xa79b0`

?setKeybind@Client@MegaHackExt@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$vector@EV?$allocator@E@std@@@4@@Z

Ordinal	`52`
Address	`0xa6c20`

?setModEnabled@Client@MegaHackExt@@YAXPBD_N@Z

Ordinal	`53`
Address	`0xa68e0`

?setValues@ComboBox@MegaHackExt@@QAEXQAPBD_N@Z

Ordinal	`54`
Address	`0xa7790`

?setValues@SelectionBox@MegaHackExt@@QAEXQAPBD@Z

Ordinal	`55`
Address	`0xa80b0`

1

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x198`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.74189`
MD5	`4ae0ce58741b1b45a85642d69ca0dd2e`
SHA1	`0d14f6fc9ded4ef716465b691ec4270ceb6932fd`
SHA256	`1b97f3ecd4c9a0902651c3fb050672f6901ef50afc1644d7a54db335a4597a0c`
SHA3	`d1717b9e56f47adadabe5e609be11eee3b3b2afc567060344a50049196453554`

2

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xec`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.59393`
MD5	`8efbb9b2d5cae66d892c4de8c0bc6b00`
SHA1	`90033b7af4d7a4dc9fb1e0d0b25f6700bd1eee11`
SHA256	`d491034642b2306f28e998fbfbb9789233844fc17bfd9466d125785cfebcab5f`
SHA3	`dfcf91b4ce3f9e9ebd568d153915874a95bb5f4e145b9de37e9fd4197439011a`

3

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xc4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.51453`
MD5	`55e550ed1b53554246a9a582a11f5f59`
SHA1	`59861fe3f6d8d2baf7810b48d41a1223730147a6`
SHA256	`d13c51a78389d2c4425700b5e4c75cfbf3c20ecfcc91d533f5ef1183d808f6e1`
SHA3	`8f6e3d493c88ef71bb52588d8a4927c91d0aa8721a74e62818bb076896921c8e`

4

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xd8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.6607`
MD5	`47ebc24f66f5b2b08bce62e9ff032679`
SHA1	`3a2d42be2aca885552ebfc91b8475955310c976d`
SHA256	`99ae3612f6b13584a3da949f31630a5cea3588b32b5b052766232c99126f4031`
SHA3	`204899312839714e3c795aa3310ba9b83846c3a5acdb518e2a96d6bc296b911c`

5

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x100`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.64197`
MD5	`a9ddfdbb98b787f9fbeef1dd0109a898`
SHA1	`94bf48ff565e0e6a3db1baea14627e2711939ade`
SHA256	`7812c110a0b532eb9247e33907c70916d3d00b7c4af414e0a4dcf9bc2d686b2a`
SHA3	`ad22c209eb01b6b5f3979407be255d475308368db7a93e4b82f669ec089defec`

6

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x90`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.59589`
MD5	`573cfa701f5ddf14cbdfad824428a27c`
SHA1	`42b0a35568e0b684d8a5536771ed8ac591a2364d`
SHA256	`95abf8efc16534205114622f3940c571a8e7742e906c048bb78008e10cc8239c`
SHA3	`3ceb24e87d6a0d6a45cf4494fb2b0e088019e2bbb48fa752f17f62e1e4d69bbe`

7

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xe8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.62398`
MD5	`b68744dbb1df5ad27f640663a8419f72`
SHA1	`02c8dc6ab7ec92d51a334dab89eda6477d31963a`
SHA256	`b6266de3b586ea53b283ee08d34c262f1bb42ef74ba9a3621832fafad7ac5b08`
SHA3	`ee042f04e1d5aafb604858a15fab5526ff440f859e51c676ba3d66ea152f3fe6`

8

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x98`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.64148`
MD5	`8f1af64e3619bbef09eaa49b8cc23eca`
SHA1	`7790fad41bed08931c77947be736f2c3b6df29c6`
SHA256	`46bec06062b5b5f28b0a601f76acf3228041776ce44b94092446c4c1887f8736`
SHA3	`de2acc2c14b72fc408188b5917fada58f062b5ba04101abae455fef1971fc431`

9

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x144`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.6765`
MD5	`83cafe8bded0b4b7e885e28dd81ec77e`
SHA1	`44945c59fa6989434d0bcc004657b48748d5ee1b`
SHA256	`cfadf6abf5910cba444a265c459b474cf8e13b17c4dc9764324472b0e7991183`
SHA3	`fc99d38faf7aaeb7fc04ccfdfc892a01b7dcb3c2c9b2a90b2f4d98cdb479c335`

1 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.32193`
MD5	`c5617b10cdf8b997e64a62ba88503583`
SHA1	`8c04d607c465cc3d46c2c86c754292275d5c215e`
SHA256	`d3d43f9e064594aab98f8d07edf5e65b68617623942a50298a02a10e765ade4a`
SHA3	`9ea16ec4bec222f40a26436c963596b9e0039abe040e0048a54cd25142c58571`

2 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x7`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.12809`
MD5	`b5d5150593f288c36bdc8d66c557e251`
SHA1	`57cd64faaa5ca1110f673656c04cf11369e908dc`
SHA256	`8788947d282b4595c8644e2131cb7f9a709f248b985c0fc424c0ff1fcddc46ef`
SHA3	`1bbbb32d9e6c7b6ce90e0a13d651ed38bf2831233e327757cfc5e18496b16c6e`

3 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x9`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.9477`
MD5	`0903bd1fc0c6b78667d0684eeaf9cc07`
SHA1	`f64a274a0863b63ceed8d6bd6b4df0bfe384f532`
SHA256	`e0a91878b6f858f4b9feb21ff063e007effe527e57656909a2823173e2c2c5ba`
SHA3	`8b045fb9991225eca25362ae1c65c709af7353eec2c35edf90477793f752c1c0`

4 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.92193`
MD5	`8718fae7a34e85261603f2f6d9c09490`
SHA1	`aa05e56dbf8a2720b0f199c3171deeb3b27e4abc`
SHA256	`4fa4ae66870a0fde7cee6c21bf949472c9fd7e6f22a7ebaa646cfb720b6a4486`
SHA3	`1bedf7029ea52ccda68344f16ff9a38212f7a65cce59ea06e175285f8dd74793`

5 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.25163`
MD5	`a115b428d4d8076209f9161977eda070`
SHA1	`f88894a3084d59d22d12b75f533326b7e67defbe`
SHA256	`92e4a4dbabdc9a6a6a4edeb6f3b9aaa2fb55ab2009dd8eb44a5025e8d574b9cd`
SHA3	`b3b9238761912202fbddc723c15b455dd83a57ce327b94a8e783cdfe566fd50d`

6 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.92193`
MD5	`47015af3f4d88399147e4db5de2616d8`
SHA1	`c0d594b0be0e2040dfde231558232c02bf8ccf77`
SHA256	`1265e8713e72c6cc3d3224324d8b83bc63314c042140b3de4bddb085d4235d90`
SHA3	`fce49dd1542e22f466221e324aca201537f90a7e180233de483e3d2f8e12e667`

7 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.75`
MD5	`4ed7529c30b4fc4c6078e038f36ac8b0`
SHA1	`975a89ba5b4ad208b7205b4c8f3079ec2eef9329`
SHA256	`87021d3c523e10dbf0f86dff7c84073371ba7b3318c38e043f7c4b08b2984d39`
SHA3	`37e232a3738046f1605f21517aac8124b971d985843db5abc8444ff0284afaba`

1 (#3)

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x15a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.84459`
MD5	`8bd71a96784cd7f2bcfb6c92bb2967af`
SHA1	`7ef4da73a8bb7c6a683e343c65fd5f3b7f648d53`
SHA256	`efef1ba299c11e3b7395b8eb8a53beba2902c827c40e7953c9487149a933549c`
SHA3	`4626d5dcb239327a841b165117be2274b7089c2096a1fb7e435ccdf75b9ec48e`

2 (#3)

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x289`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.9656`
MD5	`ac14e0eec4b1202f5be41289bbcc6e35`
SHA1	`56a87780d728c5a356c0fdf7129a2b3411351c85`
SHA256	`fcf79fb3d0da02dde75c4cedd8a2c563995057883a22eb61256e6a1fed2b1620`
SHA3	`48b604edf792f48c58e3d41b75194e94938bdb1ec497576deff991e94f5b3469`

3 (#3)

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x282`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.79044`
MD5	`b8c1b9874953eb0c4c886277abbbcdea`
SHA1	`047550fb35b37ca2045bacbbf485187f8d62d293`
SHA256	`4a4037928cdc6223657337dd402d4e2668a9413da3d4f8c6ff4bd7a30a58aa8e`
SHA3	`7ec0c7e137d136af2d0210a4147e824170c52a5f1ef2082bfeaa697485100c06`

4 (#3)

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x162`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.87807`
MD5	`95210794aa21c517b1429e31993eaec6`
SHA1	`a308f9c0d9e28567bbcb586a167a87d4bafcd0c7`
SHA256	`6d310aa447a7f58405fe9b2200bfdda8fecb1d411e229c1d76b053f91114a5d8`
SHA3	`45866a0152bf3175246a0366601217edfc003caae89c04b6a2244147bdc8da0c`

5 (#3)

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.85806`
MD5	`a850338e8180e67c05702c508e50b8e5`
SHA1	`de1f25faa2e1fc5b82a936c508dc5e7c3dd5fc3f`
SHA256	`be04ac6bdb84bd0ab78d6714d11dc607f938b8019cb6d29f5cdbf5d46d3b43f9`
SHA3	`8d541909b64fe27c81eedf9f913c65067491ccfe14f5d48f90d5eba177a23d94`

6 (#3)

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x336`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.81338`
MD5	`51ab77101de81ea1314d9fcb3977e511`
SHA1	`af7fca58b5fa727c1a1327398d2aa41d8d5eba32`
SHA256	`e7243567940cb81082733e221e6aa590ebf537ab50258bf208ae5a229294d18a`
SHA3	`0ad14d563b93ffe616ff106a268ac86fe6486c6291000cb30df88a8372ccf315`

2 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x91`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.8858`
MD5	`f7ad1eab748bc07570a57ec87787cf90`
SHA1	`0b1608da9fef218386e825db575c65616826d9f4`
SHA256	`d2952e57023848a37fb0f21f0dfb38c9000f610ac2b00c2f128511dfd68bde04`
SHA3	`6c9541b36948c19ae507d74223621875b3af4064f7cd8200bdb97e15a047e96a`

String Table contents

븥蹂䑈ⱶ㸀赩咉㽚ⓠ

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xbf838f7b`
Unmarked objects	`0`
ASM objects (29395)	`45`
C objects (VS 2015-2022 runtime 31823)	`19`
ASM objects (VS 2015-2022 runtime 31823)	`28`
C++ objects (VS 2015-2022 runtime 31823)	`149`
C objects (29395)	`38`
C objects (CVTCIL) (29395)	`1`
C objects (VS 2015/2017/2019 runtime 29913)	`198`
C++ objects (VS 2015/2017/2019 runtime 29913)	`164`
Unmarked objects (#2)	`21`
C objects (VS2017 v15.9.16-18 compiler 27034)	`495`
Imports (29918)	`2`
Imports (VS2017 v15.9.14-15 compiler 27032)	`2`
C++ objects (29395)	`207`
Imports (VS2012 UPD4 build 61030)	`2`
Imports (VS2019 Update 8 (16.8.4) compiler 29336)	`2`
Imports (VS2019 Update 8 (16.8.3) compiler 29335)	`2`
Imports (VS2012 build 50727 / VS2005 build 50727)	`2`
C++ objects (50522)	`2`
Imports (29395)	`43`
Total imports	`854`
C++ objects (LTCG) (VS2022 Update 4 (17.4.0-1) compiler 31933)	`175`
Exports (VS2022 Update 4 (17.4.0-1) compiler 31933)	`1`
Resource objects (VS2022 Update 4 (17.4.0-1) compiler 31933)	`1`
151	`1`
Linker (VS2022 Update 4 (17.4.0-1) compiler 31933)	`1`

Errors

[!] Error: Could not reach the TLS callback table.
[*] Warning: Section .themida has a size of 0!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!

Leave a comment

No comments yet.