Architecture |
IMAGE_FILE_MACHINE_I386
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date |
2018-Jul-21 05:53:40
|
Detected languages |
English - Canada
|
Suspicious |
PEiD Signature: |
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX v2.0 -> Markus, Laszlo & Reiser (h)
UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX -> www.upx.sourceforge.net
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser
|
Malicious |
The PE is packed with UPX |
Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
The RICH header checksum is invalid.
|
Info |
The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
- LoadLibraryA
- GetProcAddress
Has Internet access capabilities:
|
Suspicious |
No VirusTotal score. |
This file has never been scanned on VirusTotal.
|
MD5 |
58bf8647083489b17ad5fc00f6672b62
|
SHA1 |
feab3c96bb516d1643189e3a6a72a4b09eaf2413
|
SHA256 |
cf268d3e09d1498f5ceba8f75dd00f50dd3a2e20c2140b2537c1ba827eec5a65
|
SHA3 |
eb71e3627adfb2cdd445fc78c2e5671a68cc5bab5e469185028f607093481b30
|
SSDeep |
3072:43XpjYA5CVfN0QRgb7RYXBhnwRioODEXTcP:43XZxABik
|
Imports Hash |
c2f6b2e981d7d145c21cfd6f243edb29
|
e_magic |
MZ
|
e_cblp |
0x90
|
e_cp |
0x3
|
e_crlc |
0
|
e_cparhdr |
0x4
|
e_minalloc |
0
|
e_maxalloc |
0xffff
|
e_ss |
0
|
e_sp |
0xb8
|
e_csum |
0
|
e_ip |
0
|
e_cs |
0
|
e_ovno |
0
|
e_oemid |
0
|
e_oeminfo |
0
|
e_lfanew |
0xe8
|
Signature |
PE
|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections |
3
|
TimeDateStamp |
2018-Jul-21 05:53:40
|
PointerToSymbolTable |
0
|
NumberOfSymbols |
0
|
SizeOfOptionalHeader |
0xe0
|
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic |
PE32
|
LinkerVersion |
9.0
|
SizeOfCode |
0x25000
|
SizeOfInitializedData |
0x4000
|
SizeOfUninitializedData |
0x2c000
|
AddressOfEntryPoint |
0x00051B60 (Section: UPX1)
|
BaseOfCode |
0x2d000
|
BaseOfData |
0x52000
|
ImageBase |
0x400000
|
SectionAlignment |
0x1000
|
FileAlignment |
0x200
|
OperatingSystemVersion |
5.0
|
ImageVersion |
0.0
|
SubsystemVersion |
5.0
|
Win32VersionValue |
0
|
SizeOfImage |
0x56000
|
SizeOfHeaders |
0x1000
|
Checksum |
0
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve |
0x100000
|
SizeofStackCommit |
0x1000
|
SizeofHeapReserve |
0x100000
|
SizeofHeapCommit |
0x1000
|
LoaderFlags |
0
|
NumberOfRvaAndSizes |
16
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
VirtualSize |
0x2c000
|
VirtualAddress |
0x1000
|
SizeOfRawData |
0
|
PointerToRawData |
0x400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
MD5 |
e960612d0ac483afb5c8d13151df8d4f
|
SHA1 |
b9aa82de82fc4161dd09ac6903573dbbc2644600
|
SHA256 |
f56faa794791396fad72698520f019ccc007c9c9f084cb7994469482284b83d8
|
SHA3 |
48fb325387fbbfed4815d4f0d1a614c24a4d3164f13ff339d439043705fe0a11
|
VirtualSize |
0x25000
|
VirtualAddress |
0x2d000
|
SizeOfRawData |
0x24e00
|
PointerToRawData |
0x400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
7.76644
|
MD5 |
80b6d3565d9f1db9ad4cc1ba4c818730
|
SHA1 |
9cd0fddd02a4b083976aeaba399d384664b06b66
|
SHA256 |
a49c846ea2a3b6f3f894d01a61fcb27531558d77232a7a9a527601535f79e6ce
|
SHA3 |
89ef1dad34e935ac81d059a9c6a6e0a837e93f993a45f1244d9f9692ab41e518
|
VirtualSize |
0x4000
|
VirtualAddress |
0x52000
|
SizeOfRawData |
0x3800
|
PointerToRawData |
0x25200
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
4.69542
|
ADVAPI32.dll |
CopySid
|
GDI32.dll |
Escape
|
KERNEL32.DLL |
LoadLibraryA
ExitProcess
GetProcAddress
VirtualProtect
|
ole32.dll |
DoDragDrop
|
SHELL32.dll |
DragQueryFileA
|
USER32.dll |
WinHelpW
|
WINHTTP.dll |
WinHttpConnect
|
Type |
RT_ICON
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x8a8
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
5.56513
|
MD5 |
74cd76bbb55cc8c24b6bac8737e94b2a
|
SHA1 |
5262ac5783e5d9fdba98eb1c52f894f088daa8d1
|
SHA256 |
13414ad918c3276cea5aef98f578e608393343b59d43dd78c54bb5c1e34e448b
|
SHA3 |
9ecb3e600216a22f29bca50109c9dd0ff3ae40ea0d30ffcce40d25ec86e6da7b
|
Type |
RT_ICON
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x25a8
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
4.29081
|
MD5 |
f3f6546393ab2c760d381547a5aadf72
|
SHA1 |
5459cc3b9771aad7f1c0a5fdb1c796102f9111de
|
SHA256 |
be377148375b003e5d1d37051d9b942467f5e2c7ee386eea9af5b40d378daa7b
|
SHA3 |
8a4c47b2556cad9e0bcbf9830f185bc8d7490cdd6fc2293f9634fc2bd3f1aa07
|
Type |
RT_STRING
|
Language |
English - Canada
|
Codepage |
UNKNOWN
|
Size |
0x64
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
6.04121
|
MD5 |
0ceed59d4af8a0ad85c8d4b67c6cb968
|
SHA1 |
0042cd6af4a222e61f56cbba8765ee64b53a0721
|
SHA256 |
732fe1d58cab73d3efee5a9a499af2c2dd1b5e81bc574ea9ff9d866da4fee7dd
|
SHA3 |
fe2f98a5d874520e9bf73d1e9d8d321a2baec891842ca4ff99f21f528d8fa3cd
|
Type |
RT_STRING
|
Language |
English - Canada
|
Codepage |
UNKNOWN
|
Size |
0x52
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
6.03127
|
MD5 |
4f94a6fbc18a8cd4c54f7ad2080d3cc3
|
SHA1 |
6d46e55347e2c309d88b88dc93122df8ef0a999b
|
SHA256 |
e89eda356ae4ed268d9a4dbb9797e3610fc81ec94d37333bdc9b6152b2c79279
|
SHA3 |
857a0a6e5f55a6ff5045553caf408243b2685c30779cbf12dae7b886c3f74cc9
|
Type |
RT_STRING
|
Language |
English - Canada
|
Codepage |
UNKNOWN
|
Size |
0x28
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
5.12193
|
MD5 |
fd8b403cf0df75cd84ef77f93a3dcdcd
|
SHA1 |
8b55adf9e27a5c8a3f331a982b77c3b564cba21b
|
SHA256 |
dd12897aca3b007f8cdac0e5787b785023b165c6d41832e51de6530e8500726e
|
SHA3 |
74183f20ac37763bf71e88de7b03d88cdcc8c2a2ba299368d4f702045df1ed7d
|
Type |
RT_STRING
|
Language |
English - Canada
|
Codepage |
UNKNOWN
|
Size |
0xd4
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
6.78956
|
MD5 |
f3b09b0d63e032159812dd348e3d57e0
|
SHA1 |
c8343b1da8ebf28ff96dafe38948ef0764b542f7
|
SHA256 |
076262536566c5b89463afe7c82313eb11fa8f38400ec73eb3a76f5d27ba8afa
|
SHA3 |
6d180b3aa98c54c97ac0a74bb4451da4c436f6c37f8232001429ece75788096a
|
Type |
RT_STRING
|
Language |
English - Canada
|
Codepage |
UNKNOWN
|
Size |
0x4e
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
5.89111
|
MD5 |
8dbe8a65331ab586652bb6699d7f234d
|
SHA1 |
5ac8bf6c5686fcaf01a59a1d727c4828867dbb99
|
SHA256 |
e5081345e64638b7f1d74ee221189c34adbae45a84e8794531a474c3e0b0281c
|
SHA3 |
2baa13f7457d10ea71856dd8d147842a12a7b59dae89ddcd137bcef9ad757ff6
|
Type |
RT_STRING
|
Language |
English - Canada
|
Codepage |
UNKNOWN
|
Size |
0x70
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
6.19549
|
MD5 |
f2286e50b819be921fe516c3469f2375
|
SHA1 |
bfa3536f0cd2eefeb2e1082db8143a0a3ec78823
|
SHA256 |
b43e6dc8d77a887fbdbe66a602b44884cae63d93cc53cbf6684c7a8f0b18d9f0
|
SHA3 |
d469ea7368fec69b4bf8d479b9b8eefcd98487775e32b13645faab6609bb29c9
|
Type |
RT_STRING
|
Language |
English - Canada
|
Codepage |
UNKNOWN
|
Size |
0x64
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
6.08611
|
MD5 |
413ff7317d2f196eaa96c6e42ef6e181
|
SHA1 |
30b1fff3af6ef965c087ae93251a0940d18e8c81
|
SHA256 |
a2dc54272e5a5e316cd73e9b42eedee6d574e6f8c9942084f16c51b70fe3ddcb
|
SHA3 |
b65bf9ef750285e7a72581bd48d101cbd1fea549f1db1f6c0f8bf979804aa57b
|
Type |
RT_STRING
|
Language |
English - Canada
|
Codepage |
UNKNOWN
|
Size |
0xd0
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
6.63567
|
MD5 |
1f95854787f389ad748c57ad90b5eec2
|
SHA1 |
1cacc3114a1898d5e3ea70fd1b645fd0764db40b
|
SHA256 |
5815b5979c6ccef9ea622dec050ae9ad23cb145097907a6334d6b5570448da55
|
SHA3 |
d2784c1b98dd910199758511dd0e65b5e3b6ad8ff8b68f7b096c61da5d22845c
|
Type |
RT_STRING
|
Language |
English - Canada
|
Codepage |
UNKNOWN
|
Size |
0x6a
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
6.16401
|
MD5 |
2977049e9c7e1e9101778921f166464e
|
SHA1 |
c51489585f5ba5dc2d2645bd3994d4a63c0a0328
|
SHA256 |
8b426c9140a07692695aeead90f85ebbdec5be8ce8fd7e3a4b10d097c18a3abc
|
SHA3 |
feb35c05f6a0814c549b93d9d2ea7f84e0b0e7435fd0b2a92938398723ce9ca4
|
Type |
RT_STRING
|
Language |
English - Canada
|
Codepage |
UNKNOWN
|
Size |
0x58
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
5.95642
|
MD5 |
bf4ec254608361cb9a7d119a6288d7da
|
SHA1 |
c66263b73b52631dc1959335c6a96a3033e1bcae
|
SHA256 |
3de7a27184da72c0fc226b8d3beb9605b904f16140a31787168f425eaa376b9a
|
SHA3 |
110c766bd3c93634316b1ed2bbdd441d0f550e919398e9a5b6bd0b0cdc0a6504
|
Type |
RT_STRING
|
Language |
English - Canada
|
Codepage |
UNKNOWN
|
Size |
0x50
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
5.88749
|
MD5 |
75207b73131880035aed54062bf8fa30
|
SHA1 |
2202eb2ac5a2d6a6c162c3a0bb7a1dfa2f2791f4
|
SHA256 |
f605eafd019c158a37179af61a18326be29c4f7d3e4788fe144bf9d21f002959
|
SHA3 |
a0a0eab98dbdcaba0ddcbbceb1c0be92e2b098c2fabd9d223a7ab693fb47746d
|
Type |
RT_STRING
|
Language |
English - Canada
|
Codepage |
UNKNOWN
|
Size |
0x4c
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
5.82687
|
MD5 |
f7428bcf5632dfaf0fe33b8ade1eba34
|
SHA1 |
572897a3e166227d816c0c1ba4a42c81a1afdf06
|
SHA256 |
0d14421f6a3d3e9f3ad3819014f8a00b19d077536488be980e3bc7b494e6457e
|
SHA3 |
fa0b0580a8359bd2a4c30e5d3ddfb479e7d64deca187272920ad336d97eed443
|
Type |
RT_STRING
|
Language |
English - Canada
|
Codepage |
UNKNOWN
|
Size |
0x44
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
5.70511
|
MD5 |
43b4b44c23121ca8370fa2db26c92fda
|
SHA1 |
331f4687f317f1ef95c56d46137d5bebafb193b6
|
SHA256 |
f9149466ad1880274d05b08c70a3127b941cd8b100c21a92c4659f1d5f7cb4d3
|
SHA3 |
e245ba63613ca8a625c5c2cc5669c27a490af64fe379e708fcce3c4050b29301
|
Type |
RT_STRING
|
Language |
English - Canada
|
Codepage |
UNKNOWN
|
Size |
0x2e
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
5.34965
|
MD5 |
1309c27d1ac0785290c6a39b189395f0
|
SHA1 |
785a791838f7ab3881f7b3ad6fc7f8b4f77f6223
|
SHA256 |
10801b484bc48da699f3dfdd0e6b45ac227d05bbf42c3630211641c760b5a1db
|
SHA3 |
e7c996d3ac68d16d4ea6ca6cb55ce9eddebc1635efa5f030a4651e0c624d7e8f
|
Type |
RT_STRING
|
Language |
English - Canada
|
Codepage |
UNKNOWN
|
Size |
0x66
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
6.03498
|
MD5 |
011e74b34f47b848cdba380a70f600a7
|
SHA1 |
bb348063798ab3e2d93a2d224581a50d98f01525
|
SHA256 |
2123ea7bf0cfee87bdb824a7eaeabcae0be0b6df28d1a43267a0bd24c818c1a8
|
SHA3 |
13ac6e9affdd8b656a1b42b157a6f84eed9be03ac3b121a449675b52798b9ece
|
Type |
RT_STRING
|
Language |
English - Canada
|
Codepage |
UNKNOWN
|
Size |
0x6e
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
6.22423
|
MD5 |
afacc56f8d066505e4f2281cd725194a
|
SHA1 |
b6887bed1ddc3993585ab87731523b3c7a7aa191
|
SHA256 |
9437b7b27f5548ec1c47fd837d74d7f7936e90a4dd6b03e9a018c5e1a37bf4b1
|
SHA3 |
28d66b98b9658c983796c3d1a0b99b89208541b13ab7bd78171ea6e7d33d7a18
|
Type |
RT_STRING
|
Language |
English - Canada
|
Codepage |
UNKNOWN
|
Size |
0x6a
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
6.18288
|
MD5 |
33812293c22e6b2342580d2581944a9c
|
SHA1 |
2456252511e7e859a466173b4b6641bc0aba9dde
|
SHA256 |
c573a4a2370c4f83ce476ef803c99d75bcadd488b3496006b93a60d98d3089a7
|
SHA3 |
77ec4bd165dd71bf2c4ead3a6ec173044f73dd81623a03c78d4de0885b1c29c5
|
Type |
RT_STRING
|
Language |
English - Canada
|
Codepage |
UNKNOWN
|
Size |
0x9a
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
6.5101
|
MD5 |
4ecc524b2f7e39140daf8de8038ae84c
|
SHA1 |
f7474620a9d100d30dda192f64afea825dc89427
|
SHA256 |
9eaec6bc9f6552c193f0109ef069f580399bbcd18f3a7058b7695bee355eb165
|
SHA3 |
cec005c95874e6d91dab737ccd525337bc4928ebba124027305601a85a3327ce
|
Type |
RT_STRING
|
Language |
English - Canada
|
Codepage |
UNKNOWN
|
Size |
0x82
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
6.36557
|
MD5 |
5cae89f36e78a7688b0e90c042a8f7ce
|
SHA1 |
d1dab0947fd9d1db788099e2811bbee8448dd69c
|
SHA256 |
d53056d0bae15f7051212ccbe33832eda6590f35e612dafe907e38c118b2086b
|
SHA3 |
1c3c10c899870180d0003f1c487ca0c54980b1a956f2e90437100b1cb91343e2
|
Type |
RT_STRING
|
Language |
English - Canada
|
Codepage |
UNKNOWN
|
Size |
0x3e
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
5.36928
|
MD5 |
89a12391530645fed30c3d2d5ff732f6
|
SHA1 |
882e4f142eb6d1ec34fac38f7fb9298db5661c2a
|
SHA256 |
c2a92e0113fa84bc3d8c45552cd072cb7448efcb624d7dee1eae3ba6b949521e
|
SHA3 |
3744fa346af88e01fd6e0c263eac3396ff54f4b8f89e3dbb06b49915f7882854
|
Type |
RT_STRING
|
Language |
English - Canada
|
Codepage |
UNKNOWN
|
Size |
0x5a
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
6.03902
|
MD5 |
041f74134923ac0731a61e56c5659c09
|
SHA1 |
88c65b16de8265765b0f1469a00edcd1379dcfec
|
SHA256 |
3d2a94977faa7430098e41fc9c5d6adf434b16c1d421c6d6cb08fcea64c70330
|
SHA3 |
3cbd5ca1326bacc181fa59bf28994d8d9ab8eacb63d871ae861ef38922b45634
|
Type |
RT_STRING
|
Language |
English - Canada
|
Codepage |
UNKNOWN
|
Size |
0x5a
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
5.90819
|
MD5 |
9a28dbddf6a36169e10fb57ef8e48365
|
SHA1 |
5a94762eca0fcd50cdba3fd8af1a6ffa796381c7
|
SHA256 |
3a199446424d649aba054377f16a0668d3f4f3fe5e5b169970ff310753780d9a
|
SHA3 |
1b7634596caa13af2ed1902d914bdd8e3f3780efa9aec1056cff26e3c05a3b56
|
Type |
RT_STRING
|
Language |
English - Canada
|
Codepage |
UNKNOWN
|
Size |
0x86
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
6.37557
|
MD5 |
eb4c9a4ced4005660e3fb68d3771fec0
|
SHA1 |
ae28cc2394218c7c3b92bc5441142a9d4b8a9be8
|
SHA256 |
7fcefebbd0342f9cbfa55898c1b57a8789018f3163ae4cd930ddc5517c5b1d62
|
SHA3 |
af3e96ffe893822f216f9dc0eb63e1ecd7b695c69c0cf930a4342604d9db21c6
|
Type |
RT_STRING
|
Language |
English - Canada
|
Codepage |
UNKNOWN
|
Size |
0xaa
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
6.48804
|
MD5 |
2282b0560e49b67b514926b174e168b8
|
SHA1 |
126d93c0b522e67510b1a2ce37439053938e85fc
|
SHA256 |
e5992a1c4d3882fafbe936a81fb8fe1a8e4c9d68aaa03b57423f047de610e769
|
SHA3 |
23749e52f0438a033cf0898e9bdebbd5416eb4fe6d50fa59858ad947b869edfd
|
Type |
RT_ACCELERATOR
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x18
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
4.50163
|
MD5 |
b715a452b771276615e4d7cb30dd36af
|
SHA1 |
5aeb61837e7e6554d9fed04ab2b389c12a9f63dd
|
SHA256 |
452894ce2ecf14b30499d7b472998ab31524f58bc8b1a313163e597895bf7a5c
|
SHA3 |
74e185f9c0b76f206457d39fd39fd157c1407820b4f61145c4f7568da3d0d161
|
Type |
RT_ACCELERATOR
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x40
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
5.40211
|
MD5 |
a8e9f2dee29097af7d64bd8e413910f7
|
SHA1 |
a2eb42a72a21e5ef6fa1fd5bd8d520dc6245533f
|
SHA256 |
307ed7f24c2697dc3bdebd233b979675885baf13f5f29291b4021f41365ae0c0
|
SHA3 |
0c1d78244c433b50b8cb82fd1cc90c2de88e35f1fc369669b2a2d410ba0accf6
|
Type |
RT_GROUP_ICON
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x22
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
2.26942
|
Detected Filetype |
Icon file
|
MD5 |
e448a213a9b0b2abf8d84da160945bc4
|
SHA1 |
a61b8a4cc7e9e1ba2fea29ebe92f2ca46b350100
|
SHA256 |
341817eab856deeff43cc86d07fe33b92a329dc5a80ae99557a419725df00e87
|
SHA3 |
77db2721b91f84a1645472374eb1f50e89b8d34818ca57a5d5b94089ab29de53
|
Size |
0x48
|
TimeDateStamp |
1970-Jan-01 00:00:00
|
Version |
0.0
|
GlobalFlagsClear |
(EMPTY)
|
GlobalFlagsSet |
(EMPTY)
|
CriticalSectionDefaultTimeout |
0
|
DeCommitFreeBlockThreshold |
0
|
DeCommitTotalFreeThreshold |
0
|
LockPrefixTable |
0
|
MaximumAllocationSize |
0
|
VirtualMemoryThreshold |
0
|
ProcessAffinityMask |
0
|
ProcessHeapFlags |
(EMPTY)
|
CSDVersion |
0
|
Reserved1 |
0
|
EditList |
0
|
SecurityCookie |
0
|
SEHandlerTable |
0
|
SEHandlerCount |
0
|
XOR Key |
0x4afed1c5
|
Unmarked objects |
0
|
C++ objects (VS2008 build 21022) |
32
|
ASM objects (VS2008 build 21022) |
19
|
C objects (VS2008 build 21022) |
110
|
Imports (VS2012 build 50727 / VS2005 build 50727) |
15
|
Total imports |
156
|
47011 (31972) |
1
|
Linker (VS2008 build 21022) |
1
|
32884 (3359) |
1
|
[*] Warning: IMAGE_EXPORT_DIRECTORY field Characteristics is reserved and should be 0!
[!] Error: Could not read the exported DLL name.
[*] Warning: Section UPX0 has a size of 0!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!