Manalyze report for 62d58ad7efbee6d102a7347c111c98ec

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1995-Jul-10 13:58:29
TLS Callbacks	2 callback(s) detected.

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryExW` `Possibly launches other programs: CreateProcessW` `Leverages the raw socket API to access the Internet: ntohl`
Suspicious	The file contains overlay data.	`8419288 bytes of data starting at offset 0x22c00.` `The overlay data has an entropy of 7.99844 and is possibly compressed or encrypted.` `Overlay data amounts for 98.3375% of the executable.`
Malicious	VirusTotal score: 16/67 (Scanned on 2019-12-03 16:39:48)	`McAfee: Artemis!62D58AD7EFBE` `Cylance: Unsafe` `Zillya: Trojan.Scar.Win32.102921` `Kaspersky: Trojan-Dropper.Win32.Dapato.pzlk` `Alibaba: TrojanDropper:Win32/Dapato.dbbd5b12` `NANO-Antivirus: Trojan.Win64.Dapato.gfkfvr` `DrWeb: Trojan.DownLoader30.33352` `McAfee-GW-Edition: BehavesLike.Win64.Backdoor.rc` `Sophos: Generic PUA EK (PUA)` `Cyren: W64/Trojan.XJNF-0093` `Jiangmin: Trojan.Agent.agzx` `ZoneAlarm: Trojan-Dropper.Win32.Dapato.pzlk` `VBA32: TrojanDropper.Dapato` `Fortinet: W32/Dapato.PZLK!tr` `CrowdStrike: win/malicious_confidence_60% (W)` `Qihoo-360: Win32/Trojan.Dropper.c67`

Hashes

MD5	`62d58ad7efbee6d102a7347c111c98ec`
SHA1	`4a007e642859cc49deb20169df57e30eb1564867`
SHA256	`ae62e7daa4ed529bcb08c65e614c57cd38bb7bcd308f1121c1c7e01cd2a5f09d`
SHA3	`f83d814b3a7efc30435b9f06bb0c06f7a68d26153cb218872968ffd333182851`
SSDeep	`196608:qYXLymzWPaRN/zROsi1V64/C2QHTPOUf2h5n5JvaQKXk5jG:j7Jkar/zRehC2gzjk5`
Imports Hash	`194c30fba0b8ac24ec6f577e3c2e13e6`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`10`
TimeDateStamp	1995-Jul-10 13:58:29
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0xa000`
SizeOfInitializedData	`0x22800`
SizeOfUninitializedData	`0xce00`
AddressOfEntryPoint	`0x00000000000014F0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x36000`
SizeOfHeaders	`0x400`
Checksum	`0x25607`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`9e8de42bd3fdabce1c9495443de8e781`
SHA1	`43194c3b61956f3f5425b339336acafa8f491cf8`
SHA256	`0e34869b0456e8b1a4ec974ef0629a56d760094159ea708b66c62abcbd550a03`
SHA3	`7301d6c3d473247ded403a0d12300890b432378d5a775bfc33a86a7ccaddd456`
VirtualSize	`0x9ec8`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.21411`

.data

MD5	`7614715b9870015ef9b93b3ddfa60b1e`
SHA1	`768eccdb7fdf970ed9b6135f3a2f075eb95f5d73`
SHA256	`3cab3a5e72d28e11685f8d686025b61e7262e77a3205d61b31a88e5346fd7071`
SHA3	`51f519ad2e909fa9c39cccd1d0a8d8ee694bb372b5445f09c6edf4944691d230`
VirtualSize	`0xa8`
VirtualAddress	`0xb000`
SizeOfRawData	`0x200`
PointerToRawData	`0xa400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.690436`

.rdata

MD5	`eeb3e8bc49100eb5bf7acf61b4e4e311`
SHA1	`edad10d2adae17f12264a0d2f51b393c1408a181`
SHA256	`6ca2ab82c05d4b17248edb31aae28922a7e5a04477cd34a224bd13cb3a634c56`
SHA3	`3357800987b32b38f49b1dff11b29d44c0ce546ed85c507a3c4e3991be6f2f5d`
VirtualSize	`0x5070`
VirtualAddress	`0xc000`
SizeOfRawData	`0x5200`
PointerToRawData	`0xa600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.65013`

.pdata

MD5	`6a263ff0b25703d9836c7d6e0f06e97d`
SHA1	`fcf2cf10a0d40cfbfbc07119b4f7a597acd72fe6`
SHA256	`b9c5f7d5ca3ab13d9f683e8510a57ae574152305fdb58cfe20386a797a6abfdc`
SHA3	`1284d172c95c71ce18d6ca4d1b1167bd46023e23adc83838428ebe246d1c0d2f`
VirtualSize	`0x810`
VirtualAddress	`0x12000`
SizeOfRawData	`0xa00`
PointerToRawData	`0xf800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.05312`

.xdata

MD5	`7c9d13cb8f143dec5e40a2585fcc49ea`
SHA1	`330126f5645623980b8ab6b461d38336dcc158cc`
SHA256	`5b1e139f98e11cffd1cec0601c3da93c0d58aeea30e8fb0e0b1177f6d96f6a08`
SHA3	`1ec669aba818e27a1e48eaf35aae518d3a0f4d35f5a8661a0a3ac96b99fb1cf9`
VirtualSize	`0x788`
VirtualAddress	`0x13000`
SizeOfRawData	`0x800`
PointerToRawData	`0x10200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.1126`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xcca0`
VirtualAddress	`0x14000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`17fc95fc486f71f8b57e05badf11819e`
SHA1	`6ecb5838410e912d70eb5876fd3a862979b89566`
SHA256	`cd390ab22ed7fb1975fb7fbeae960aae61457765a3af1f1941b6da5a4f7f3b0d`
SHA3	`97acfd3f44542015abec103c4d70843b3357b241398999ae0adac9cdef167a33`
VirtualSize	`0x1098`
VirtualAddress	`0x21000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x10a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.19581`

.CRT

MD5	`d7007818b641509d1ba7f4fa705b5fc6`
SHA1	`6af3ca1f20058c296159356cb14fa1630c1d4211`
SHA256	`c00ada13b4b1f303e906af18ff8ef98a75b5b843dde34b98c7a85eb5aa0fffc5`
SHA3	`219c53d2181b54a113f09fe3df1e9552186e696afd99e5d3c7d8cc67a1c6c903`
VirtualSize	`0x68`
VirtualAddress	`0x23000`
SizeOfRawData	`0x200`
PointerToRawData	`0x11c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.263302`

.tls

MD5	`a62a054df17d57218a760f0e8160bdc4`
SHA1	`4c94c42cdf1dfa1ee0205c2f595da1594ff9dc94`
SHA256	`e3ba9ae9a8fc6c6363eacf9f1587c7e3259ae2bc044b2e27bc24c94d8aca15ad`
SHA3	`2c76ceab78a3f9f56e3d0efaf593e3718c5dca47e89bb4ebedc2d18a9c423743`
VirtualSize	`0x68`
VirtualAddress	`0x24000`
SizeOfRawData	`0x200`
PointerToRawData	`0x11e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.199108`

.rsrc

MD5	`fcbc32b5fefd0f6ddeca7fa9b3575adf`
SHA1	`de4b8d754abfd227de3a002de5079b61130d29c3`
SHA256	`2889fe98be8da8e9fbe99359cf1beb66fdcf2d12383607484eecf33700ebbb7a`
SHA3	`c068b936108213c01ed0a58402f3279916e2aabb8295fd284b7109d11832117d`
VirtualSize	`0x10b28`
VirtualAddress	`0x25000`
SizeOfRawData	`0x10c00`
PointerToRawData	`0x12000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.17891`

Imports

KERNEL32.dll	`CreateProcessW` `DeleteCriticalSection` `EnterCriticalSection` `ExpandEnvironmentStringsW` `FormatMessageA` `GetCommandLineW` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThreadId` `GetEnvironmentVariableW` `GetExitCodeProcess` `GetLastError` `GetModuleFileNameW` `GetModuleHandleA` `GetProcAddress` `GetShortPathNameW` `GetStartupInfoW` `GetSystemTimeAsFileTime` `GetTempPathW` `GetTickCount` `InitializeCriticalSection` `LeaveCriticalSection` `LoadLibraryA` `LoadLibraryExW` `MultiByteToWideChar` `QueryPerformanceCounter` `RtlAddFunctionTable` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `SetDllDirectoryW` `SetEnvironmentVariableW` `SetUnhandledExceptionFilter` `Sleep` `TerminateProcess` `TlsGetValue` `UnhandledExceptionFilter` `VirtualProtect` `VirtualQuery` `WaitForSingleObject` `WideCharToMultiByte` `__C_specific_handler`
msvcrt.dll	`__argc` `__dllonexit` `__iob_func` `__lconv_init` `__set_app_type` `__setusermatherr` `__wargv` `__wgetmainargs` `__winitenv` `_amsg_exit` `_cexit` `_fileno` `_findclose` `_fmode` `_fullpath` `_get_osfhandle` `_getpid` `_initterm` `_lock` `_onexit` `_setmode` `_stat64` `_strdup` `_unlock` `_vsnprintf` `_vsnwprintf` `_wcmdln` `_wfindfirst64` `_wfindnext64` `_wfopen` `_wmkdir` `_wremove` `_wrmdir` `_wstat64` `_wtempnam` `abort` `calloc` `clearerr` `exit` `fclose` `feof` `ferror` `fflush` `fprintf` `fread` `free` `fseek` `ftell` `fwrite` `getenv` `malloc` `mbstowcs` `memcpy` `setbuf` `setlocale` `signal` `sprintf` `strcat` `strchr` `strcmp` `strcpy` `strlen` `strncat` `strncmp` `strncpy` `strrchr` `strtok` `vfprintf` `wcscat` `wcscmp` `wcscpy` `wcslen`
USER32.dll	`MessageBoxA`
WS2_32.dll	`ntohl`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.69257`
MD5	`a2b7fb7597297aa22f82b10ece5b1b16`
SHA1	`7fd3a309209156740fbb19d4534b6041a8eb493b`
SHA256	`9344b7e976aa9caf482b2a46bd2876d8110e8dbe6426259aefc0e5e19f8e83fb`
SHA3	`74904b37b91beb5402867a5b6ac99cd21ac29d3a46f1c14137b96b151dc2b25a`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.93251`
MD5	`d258a201af6130ec52ec8e1ba22d4484`
SHA1	`28266a02d06ae0619adaff4129c81badc77a761f`
SHA256	`94583d12381ef132bde2083072be531d046bd8f332b7d815be6eea0152a81987`
SHA3	`0cddabff0fca386b87ba7e3164598dc5fdc9a1b29858a3bc60b64ab887fe68f2`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.68627`
MD5	`70ad508595d3634d833cede380f4c7f0`
SHA1	`b69404beb47fb7c3574bcba74e8333c6fc19674f`
SHA256	`3f23d46d78d3aa745324d9e4986b61bfff45a6339feb7fc8e9c3d68ba1f6e7c1`
SHA3	`ec90eaf6b8574b7cec595e5693d582455c1c0c0e9d35fb573b38f20582a5fae6`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.74915`
MD5	`71203732e3ffa06054aee0d9925efb93`
SHA1	`55134c9f59576ca253b080f37d96787913fcca4e`
SHA256	`77ae15f324e7ac1cb2ffcf5a006e4c32c94b780ef17bfd11eb9c8460daceac13`
SHA3	`283b0e7da4840ffdb20272965998801b49b4783db56dab25432c1dbedc9982df`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.25824`
MD5	`3d5f088af64e626d66a87213c3dfc69b`
SHA1	`45fc2958989ec400f168693dfbce9ceb396feb53`
SHA256	`2af2d285ac6ca312c71dad5c3cdfa68178519c06ab20a46c909a3ca6911b29d8`
SHA3	`b04004b68f5a67e0cc8d87c73ff40df52813f6bfdbce778fbdacfb697123cefe`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.35511`
MD5	`ae33adadc53bf7733c5cc8fd685b329f`
SHA1	`6d52739a1a3731610d842a6c99abf8a546e83d37`
SHA256	`ed749606ef4bdf305e2ef9b58efe76a5f97ef850d00d2bb70ecbbee44dbdb045`
SHA3	`0467c49e0d4841109d62ac091ed3d06218c58d638995091f2cec1f1614d6211b`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xa5c2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98837`
Detected Filetype	PNG graphic file
MD5	`eb256989c56413246a6a8f2f72782377`
SHA1	`0153e66e560c788421c37348629f37c194b6d351`
SHA256	`4c660710f7a9dceca21ecde1d53514a0c11383e1afd0bfc336f5c6af951c0253`
SHA3	`c430975e583ff4152fbd5f8f826296eba74de071908a2842ab0f0f00e8338691`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.36822`
MD5	`35539268c359f7fd52f90025b4001767`
SHA1	`2976496fa998e0e928d33a7609a77c3e9c272167`
SHA256	`768e648df1c766910cb890f5caed53a3e2f3e6b4aabc367042ad8bcd0f9fb8a8`
SHA3	`7ab8b7a545b2492ac5be8e82d61694f4eb16cae6715654f9f7e0ed72f6dbca66`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.46333`
MD5	`70cf4c4c1a6bc734004be77147076b25`
SHA1	`673418b8073dd565d689d3861f7679ade28e2017`
SHA256	`87f30ef4fca6435ec8470a715c5c14459da06086b421d765fd112713424a1aef`
SHA3	`0c7eafb72bfe309ae1415b231f4b4af69a60782ece75ff494b5b4271ec6eac95`

10

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.19199`
MD5	`4ab7b84ce91da05c8e31d03e213d06d4`
SHA1	`06ff4c1439cabcb084780dd9d98a2a5947777f33`
SHA256	`3edb9eaffd89b858731fed849094d584d0578db1b8e1dc1fec6ca715a1028c41`
SHA3	`0ef4c78cfeea2d0dd1b537c2d06d7dfc2ffb595644d3f660b4b5e48c2d815104`

0

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x92`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.90294`
Detected Filetype	Icon file
MD5	`f2565da7c399986f2e1a280123efd349`
SHA1	`f5b3a0ac4facbb31bfbc61b4567254f89f7a1deb`
SHA256	`22976610795775c9c81ff923c735b529e5662786859f34f27972dee76f57ed8f`
SHA3	`d5c6cd4b377e0661b8a4d50e6fba1985600347939e2f86fa6b0a017430421d2b`

101

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.71858`
Detected Filetype	Icon file
MD5	`cd3a631eace19041876b4c4c6ec8461a`
SHA1	`d4b3f99c4d648e3446dc05e7fb6e444e42dfed01`
SHA256	`f5b94a42f1c77c9eef858a0dfd656419fea900b00318c2c0bf49c2fce345d838`
SHA3	`b6dcbb1b4c262eb5aee12773a52c29ff20fef809a4e61822700d005457944b9f`

Version Info

TLS Callbacks

StartAddressOfRawData	`0x424000`
EndAddressOfRawData	`0x424060`
AddressOfIndex	`0x42089c`
AddressOfCallbacks	`0x423040`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x0000000000409590` `0x0000000000409560`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!