Manalyze report for 5ccfa7ae853b2ba29445ecea0e09a4d3

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-Nov-05 01:42:25
Detected languages	English - United States

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: virus` Contains domain names: RetroUSB.com adobe.com http://ns.adobe.com http://ns.adobe.com/exif/1.0/ http://ns.adobe.com/photoshop/1.0/ http://ns.adobe.com/tiff/1.0/ http://ns.adobe.com/xap/1.0/ http://ns.adobe.com/xap/1.0/mm/ http://ns.adobe.com/xap/1.0/sType/ResourceEvent# http://purl.org http://www.openssl.org http://www.openssl.org/support/faq.html http://www.vape.gg http://www.vape.gg/update.php?edition http://www.w3.org http://www.w3.org/1999/02/22-rdf-syntax-ns# ns.adobe.com openssl.org raphnet.net www.openssl.org www.w3.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses constants related to Blowfish`
Suspicious	This PE is packed with Themida	`Unusual section name found:` `Unusual section name found: .themida` `Section .themida is both writable and executable.` `Unusual section name found: .boot`
Suspicious	The PE contains functions most legitimate programs don't use.	`Can access the registry: RegDeleteKeyA` `Has Internet access capabilities: WinHttpOpen` `Leverages the raw socket API to access the Internet: #23`
Info	The PE is digitally signed.	`Signer: Manthe Industries` `Issuer: DigiCert EV Code Signing CA (SHA2)`
Malicious	VirusTotal score: 10/72 (Scanned on 2020-11-21 13:32:15)	`McAfee: Artemis!5CCFA7AE853B` `Cybereason: malicious.233639` `Avast: Win32:IcedID-A [Trj]` `Paloalto: generic.ml` `McAfee-GW-Edition: Artemis!Trojan` `FireEye: Generic.mg.5ccfa7ae853b2ba2` `Gridinsoft: Trojan.Heur!.012100A3` `Webroot: W32.Trojan.TR.Bulta.drycn` `AVG: Win32:IcedID-A [Trj]` `Qihoo-360: Win32/Trojan.b2d`

Hashes

MD5	`5ccfa7ae853b2ba29445ecea0e09a4d3`
SHA1	`5fc155f233639d600f2e07ed72eaefedfe800e10`
SHA256	`dc53f3286e12e31529cb7dd8775e04f5a62b176d60093013ebbfae2d4beaf1e6`
SHA3	`e708643592adf65ae36b429a11f58285d2fd59427d6f3b5a0b97f55ba1d4e40c`
SSDeep	`98304:e08oqEGSxQo0nYD20QB/2IuD4fb9e9z2FkZgFkrSyt85ZOnhAug8HrtqM:znZr0YyG25eIFkKFFZ18H4M`
Imports Hash	`33906de482ac8e03a0029dd2640f9bce`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x130`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`12`
TimeDateStamp	2020-Nov-05 01:42:25
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x294400`
SizeOfInitializedData	`0x18e400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000972058 (Section: .boot)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xcea000`
SizeOfHeaders	`0x600`
Checksum	`0x79961d`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`c91a2c4863dc12d61b760d796961cebe`
SHA1	`17652c602e755b3d59edd7b8cfb595b3913a1ba2`
SHA256	`8c54aef077f56f28d246378d3ffda9176f3054defa64baa26f50b625efa0820a`
SHA3	`69d8e9e61f16a11da2dd5a22666c2487505693c138d7dc898db1fd433d64d40f`
VirtualSize	`0x294308`
VirtualAddress	`0x1000`
SizeOfRawData	`0x294400`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.15126`

.rdata

MD5	`59ed0d5438e0f777bac45f28a78cbd63`
SHA1	`f80330e24e966a94aa159d61fc12dd5cd8e97dc2`
SHA256	`819460ad438a0bc485a4f1e1aedf6cbd7aa536ae5366fa55b7cb303c00cbfb05`
SHA3	`46ed4e7db392f6444c237b00427871b18ea834ded4d1b149a483bdb5fc645932`
VirtualSize	`0xcb462`
VirtualAddress	`0x296000`
SizeOfRawData	`0xcb600`
PointerToRawData	`0x294a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.39316`

.data

MD5	`28d85cc156666e0a808f8d7260d8eb32`
SHA1	`c745cd4c322ada264ae1534da16997937bae8955`
SHA256	`364b29393da95a94d711635916675125a4041d286282ec30ac658f5eed746791`
SHA3	`2fbcdb637918269824addfc5004ae8ad425e183bef528e183f3ab676a9314929`
VirtualSize	`0x8f464`
VirtualAddress	`0x362000`
SizeOfRawData	`0x86e00`
PointerToRawData	`0x360000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.66238`

.pdata

MD5	`7f488e7987ac559de1894716072f77af`
SHA1	`1a14358ba6beafa0f606849078ddef54ff78f36a`
SHA256	`08e831b2e4495e9822f65d498d4f38fe7db0c433489fa9aee9797fd8fe8256d9`
SHA3	`dd9dbfc87e8f5dccd4705e60c103815a5c7f19354f412546930c9e3229634a78`
VirtualSize	`0x2c10c`
VirtualAddress	`0x3f2000`
SizeOfRawData	`0x2c200`
PointerToRawData	`0x3e6e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.2226`

MD5	`29ae537aa69bbe491bc6588c300e51db`
SHA1	`1d44cdfc4ada629e3e9d38257e6b2220d00130c8`
SHA256	`590db8295d9e17a16ea9c46caacdb2eb2b3daa664c73714db17e95f4f1739bbb`
SHA3	`2dcc7a8fa1235a29d51cf3145705c42e33dcf521ad480d175fa7fc0176e60f97`
VirtualSize	`0x1e0`
VirtualAddress	`0x41f000`
SizeOfRawData	`0x200`
PointerToRawData	`0x413000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.52137`

.reloc

MD5	`cbcd3cf15b88e82094ac9f0724b6ad04`
SHA1	`36e58a755ec8cd0c52ae131fb8f16235da36eff0`
SHA256	`bd9fc546064cfb6ed536f2e881a108dd515460470514b331bdf0a010eb02dd21`
SHA3	`13ec9f53ef144e3836f61057050b93c209b0ad86083f473ef27c3bd4a271ac7c`
VirtualSize	`0x7340`
VirtualAddress	`0x420000`
SizeOfRawData	`0x7400`
PointerToRawData	`0x413200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.45678`

.idata

MD5	`9b46ca7b5a9c317074afe3d3d9577005`
SHA1	`4a22458907a7cb213cebe217f32600d357565c6c`
SHA256	`a5e723c368f15e0892fa996624fc16daaa2a270eb150b68c5a4b5dfbdd3eeac0`
SHA3	`d9341f8edbb3f71f2235818a2abc9cd62b732792a8adbdcf9776087130042ffe`
VirtualSize	`0x1000`
VirtualAddress	`0x428000`
SizeOfRawData	`0x400`
PointerToRawData	`0x41a600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.85414`

.tls

MD5	`edfa8271eade2d007ebf7e9bd5e3f5d0`
SHA1	`617923eae7055fb00086e7d02a4d4ca9b867323a`
SHA256	`a367b50dffe0f63b50ef742b33259526372c2b837778661861b74bb843999491`
SHA3	`8174d85ff6ea0ce152665a0549063cf4a397369b736d2b2ddfb37e1496302e67`
VirtualSize	`0x1000`
VirtualAddress	`0x429000`
SizeOfRawData	`0x200`
PointerToRawData	`0x41aa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.284569`

.rsrc

MD5	`e1986d997aad41395c11dd5178f8fe4e`
SHA1	`fccd6449cb9b573ba1e523c97c45b80c727a92dd`
SHA256	`f8e1ae7bb9153fb1bfbe7962f05a92b610cc8d33802f3f4e0f59aeb7a22816ea`
SHA3	`08c627770516ea1b04cedb657fe4500ecd77a47aa1056e073620c64988f59fc0`
VirtualSize	`0x1c00`
VirtualAddress	`0x42a000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0x41ac00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.62743`

.themida

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x546000`
VirtualAddress	`0x42c000`
SizeOfRawData	`0`
PointerToRawData	`0x41c800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.boot

MD5	`88fbe5ac147f2064acc4fa1ee528c95c`
SHA1	`087dcfa0c01ee4082c14b87b427941aa9835ab97`
SHA256	`754283d39a23cbaf893d90e74ad5022d8e9dd15a2ea536de7cae31606dff8157`
SHA3	`3b9c44ab46082ae393375e1597a2e9bc60e6928712eda4159d1cb1bb0c312561`
VirtualSize	`0x376400`
VirtualAddress	`0x972000`
SizeOfRawData	`0x376400`
PointerToRawData	`0x41c800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.95107`

.reloc (#2)

MD5	`d830fb37ed9ef5759fbf17fc5d9b0897`
SHA1	`d2f036bf423294368c5a86a91e14474471e4e12b`
SHA256	`c165dc0430ef1f79e5b86ef6a1b2bde61aa816de7010a2ced3085455baf10928`
SHA3	`d221e9d66ae69bc258c0b1214172277eec435634805e38aed05153a9de49a426`
VirtualSize	`0x1000`
VirtualAddress	`0xce9000`
SizeOfRawData	`0x10`
PointerToRawData	`0x792c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ`
Entropy	`2.4746`

Imports

kernel32.dll	`GetModuleHandleA`
OPENGL32.dll	`glClear`
USER32.dll	`SetClipboardData`
GDI32.dll	`GetDeviceCaps`
ADVAPI32.dll	`RegDeleteKeyA`
SHELL32.dll	`CommandLineToArgvW`
WININET.dll	`HttpQueryInfoA`
IMM32.dll	`ImmSetCompositionWindow`
WS2_32.dll	`#23`
IPHLPAPI.DLL	`GetAdaptersInfo`
WINHTTP.dll	`WinHttpOpen`

Delayed Imports

1

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x154`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.69681`
MD5	`621b15cfa432be45d189b493535cf6b8`
SHA1	`4533618c517382c4cadef23255850b43ec8760a4`
SHA256	`41cf27401fea8130c084a4a096f6bc1be9374afdf95d7dc80388442c8b1c4110`
SHA3	`fc101ef248f8d478244b9624b5aca8f8d0275cfaaf470310eef361a7ae96102e`

2

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.68999`
MD5	`055f72e8573b8e8f48e9761321987349`
SHA1	`f527aae1ce0483dce49ff5d6c80562a802034b65`
SHA256	`5e7ad5ca7ad97606c65532ee3f990d089a9fa43bc485faece13d0fabf2ccae2d`
SHA3	`4c77b190038d0e4e6c9d9fab1762ff224cfe8a70838f3282f8e22438d1192a5b`

3

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xc4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.51453`
MD5	`55e550ed1b53554246a9a582a11f5f59`
SHA1	`59861fe3f6d8d2baf7810b48d41a1223730147a6`
SHA256	`d13c51a78389d2c4425700b5e4c75cfbf3c20ecfcc91d533f5ef1183d808f6e1`
SHA3	`8f6e3d493c88ef71bb52588d8a4927c91d0aa8721a74e62818bb076896921c8e`

4

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x98`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.56266`
MD5	`6bbefdd8141032f47ed8e799e22a8904`
SHA1	`7b75427972fdc8207edb1bf7f35d80e13ed507fb`
SHA256	`e7668d26e73401ab46feb0b780616f42442c6cf17bfde19bc1dec631f9db349c`
SHA3	`33e84515db19499e4be2986f39af9cc873db3e658815572e348cbd52a53bc0f9`

5

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x198`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.74189`
MD5	`4ae0ce58741b1b45a85642d69ca0dd2e`
SHA1	`0d14f6fc9ded4ef716465b691ec4270ceb6932fd`
SHA256	`1b97f3ecd4c9a0902651c3fb050672f6901ef50afc1644d7a54db335a4597a0c`
SHA3	`d1717b9e56f47adadabe5e609be11eee3b3b2afc567060344a50049196453554`

6

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.61139`
MD5	`e79f3f07d67847385e779356dceb04f9`
SHA1	`bafd662b6c5173ac2b850f90c9eae88cba346934`
SHA256	`97ceff7c01cc88945d300738cb6b8168c6fbca95ef20a43fc252517b9a213c7c`
SHA3	`45771b09a5d6e48be8f3bdf8f6654d2f9254ced0a8465ca845bbaa9a6c14192f`

1 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x11`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.29277`
MD5	`92f8efeafe2641e54864255e3a3bf463`
SHA1	`835f7fe5ab5ef0d83159cefdad39aea1d714c6c8`
SHA256	`4e2ff2dba8bc345e45db0caeb37a73313c7c9d3532c0e3fbbf33d4a127cf9f7c`
SHA3	`b6df8106523b86c5c936d53f4e09d04972cb666c4266dd1eb66bf431c73c175d`

2 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x9`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.72548`
MD5	`266ca022393418c8f3682d7f3de59e28`
SHA1	`dd519e0033cb2035f8c32ca164a9b0ba50bb0cf0`
SHA256	`540fedec4380e772cb9352e096f7d86075807882e1a51c43ec3266f88c06283d`
SHA3	`c39473bb23bca8940c627e11ef8037c25d048ac5c1dd78d8fbddddb0d3d07e0e`

3 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.15564`
MD5	`b3a23f1b588c01721f331bb204b429dc`
SHA1	`4ff65f49113638fa37874a23dedd769e605f8989`
SHA256	`5f9c9a46300f2e5027c34f13047bacf3ddeac670a4da9cb6d226705857c1d9a5`
SHA3	`c6ddec03d460a6bc01d8605ef7056ced3d0e41dff50d1c994808fa63818c3aba`

4 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0xd`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39275`
MD5	`71570e0a28a76aa1d0a12c5394071ed3`
SHA1	`c629c57fdc1c8d5b3f892c46e652a4cb8d83330c`
SHA256	`ea68be33a5afd461c53d16c2172feb415df72065fe0069c48a3bbd0ef1d2c815`
SHA3	`3f8c30c714b983f63853e9653025e82081bc38c564565b5205314145231378ae`

5 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x12`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.28104`
MD5	`8e4e2316c41786b2c53a2fe5b15e0d15`
SHA1	`fefa5e181ec84206b08a1f536f47f194ed4f895f`
SHA256	`5e304bc3f6d3038f3571253da51ed46c928aeecbf68d604c8e3bf95a41e73f1a`
SHA3	`d40d248333dd1f98b47a65c436bbdb296605ff1acc9ed0eb5583f5371d4f7bb4`

6 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2`
MD5	`1ff6d5bd9b4b66a16abacf56d117caac`
SHA1	`c72ed7a985157a15e83021dd4f20e264819815f5`
SHA256	`825eb71b1bdd8063deb484cad4a7a41e35f9e21694567ec622bc2701f79b6839`
SHA3	`cdc9202fee909195511e36f8f00760e577682723375f3b4a6d6983cdd3bf90f6`

7

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.72193`
MD5	`5f9b6bbba9261ba27ee88993e12c30a3`
SHA1	`7904ac4acb6e1fd8a13c007fc9eaf69b65b5580b`
SHA256	`95b830435a273f93b2c172258f10f6cfb90cac85be6f153baaa94070aee28414`
SHA3	`fa20a7737578b959a92b2085416226717822549e6c133203877ec382ecde0d41`

1 (#3)

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.96661`
MD5	`cebc461b5ee33cdea282fdeb745af3c3`
SHA1	`c719ab27dac1f885a7b794b139d6f5483f16e330`
SHA256	`5391c8a6de1ad4b28d32453e28ca8521a9b85eec9f6315a97fb138aa08e47642`
SHA3	`928052ba48ca2b3119fab29a6a030e5692380cb255b09734d26745572c95cb38`

2 (#3)

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x36f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.83372`
MD5	`d9d4dfc00da0f393faafd39630f515a1`
SHA1	`3696b08e3ae37944eb2afefd059d4bc713af526d`
SHA256	`421fc2f844a6e2b6dbe867de86315b5930e9803287f5d77cde97ffd6e539f37a`
SHA3	`1b47510896339de0163f41c935276cfa955af2dcb17ad608632b14a549d7699f`

3 (#3)

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x117`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.61201`
MD5	`ee0fdbcc99c5df6566d7527c8b7ffe68`
SHA1	`0eef24c6defacb6d944b9bcd25f890e1823b5034`
SHA256	`724204e6f7c500e4d090c1931815b73dfe816fb63c2c792dcf19adbdfae70ef3`
SHA3	`3aa4af72d4a0ac9ff5d8721737778eaa49ff7ed4ad10b6b4afc4a910166c086f`

4 (#3)

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xb8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.69749`
MD5	`b0b1050c718e7226760dd183145c160f`
SHA1	`d6ed0acd58eed07c1a5ec23c0f7fc57e558bf2e6`
SHA256	`49e6e11a53695ed1626d27ce51493075c81b89c61c5c843828266ac605922aa2`
SHA3	`91b31d270a8c2edf593362ae70282a91801819d7d5624a831421c7eac7bf94c6`

5 (#3)

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2e9`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.93547`
MD5	`6efc379b76f1a5fbc4bdca53c6d80f9b`
SHA1	`b4a0a1687c7f8d7a1d5104e5c523dc43a8c31043`
SHA256	`1e3d8cd558c7d5d1b457d5310c718675f6ecf9d6b1902c31a995f83f4cc2a99b`
SHA3	`7bd80a09ef538df2498b4879f5fb00c0ff26bde4b12424ee1fbb92ef937d5997`

6 (#3)

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2a3`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.93595`
MD5	`81b5d34b0a0679f9e0f5a554db04d86d`
SHA1	`ce8dadc8fbaa449233535bb0f3724aaecff9c6a7`
SHA256	`64635de23a5e8e2071a54645c1def63001e2586bdb87980781e16ccac9a17178`
SHA3	`6fae9ef7f95b7cc51728a8577ebe4abbc6a5cd3c816c094fa75c3086aa406ada`

7 (#2)

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xcd`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.7265`
MD5	`e876757af4b722510e8ee6b3034c306c`
SHA1	`12ac2f8333fdf9fb460c80e88a86171592518131`
SHA256	`af132ff0b55a82a5248202961b5830e0f88ec947a2b1c858e73be07772005ac0`
SHA3	`ad83f0237ee1d5264ab1cf7dd09a4140ceecfb1e9b75f5313f7d9b2be1dd2804`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xbd1ec094`
Unmarked objects	`0`
C objects (26213)	`26`
ASM objects (26213)	`21`
C++ objects (26213)	`201`
C++ objects (VS2017 v15.9.0-1 compiler 27023)	`1`
ASM objects (VS 2015/2017 runtime 26706)	`9`
Imports (2207)	`2`
C++ objects (VS 2015/2017 runtime 26706)	`130`
C objects (VS 2015/2017 runtime 26706)	`38`
C++ objects (VS2017 v15.3.* compiler 25506)	`33`
ASM objects (VS2017 v15.3.* compiler 25506)	`1`
C objects (24231)	`480`
C objects (VS2017 v15.9.5-6 compiler 27026)	`14`
Imports (26213)	`29`
Total imports	`424`
265 (VS2017 v15.9.5-6 compiler 27026)	`47`
Resource objects (VS2017 v15.9.5-6 compiler 27026)	`1`
Linker (VS2017 v15.9.5-6 compiler 27026)	`1`

Errors

[!] Error: Could not reach the TLS callback table.
[*] Warning: Section .themida has a size of 0!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!