Manalyze report for 67f4f7638559cb64bc4770c069d367e4

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2018-Oct-20 17:06:52
Detected languages	Chinese - PRC English - United States
CompanyName	Riyue Tongxing Information Technology (Beijing) Co.,Ltd.
FileDescription	downer for windows
FileVersion	`1.3.6.26`
InternalName
LegalCopyright	Riyue Tongxing Information Technology (Beijing) Co.,Ltd.
LegalTrademarks
OriginalFilename	downer
ProductName	downer for windows
ProductVersion	`1.3.6.26`
Comments

Plugin Output

Suspicious	PEiD Signature:	`UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX v2.0 -> Markus, Laszlo & Reiser (h)` `UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX -> www.upx.sourceforge.net` `UPX Protector v1.0x (2)` `UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5`
Suspicious	The PE is packed with UPX	`Unusual section name found: UPX0` `Section UPX0 is both writable and executable.` `Unusual section name found: UPX1` `Section UPX1 is both writable and executable.`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Can access the registry: RegFlushKey` `Possibly launches other programs: ShellExecuteW` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc` `Has Internet access capabilities: URLDownloadToFileW WinHttpOpen InternetOpenW`
Info	The PE's resources present abnormal characteristics.	`Resource 1 is possibly compressed or encrypted.` `Resource 2 is possibly compressed or encrypted.` `Resource 3 is possibly compressed or encrypted.` `Resource 4 is possibly compressed or encrypted.` `Resource 5 is possibly compressed or encrypted.` `Resource 6 is possibly compressed or encrypted.` `Resource 7 is possibly compressed or encrypted.` `Resource 4078 is possibly compressed or encrypted.` `Resource 4079 is possibly compressed or encrypted.` `Resource 4080 is possibly compressed or encrypted.` `Resource 4081 is possibly compressed or encrypted.` `Resource 4082 is possibly compressed or encrypted.` `Resource 4084 is possibly compressed or encrypted.` `Resource 4085 is possibly compressed or encrypted.` `Resource 4086 is possibly compressed or encrypted.` `Resource 4087 is possibly compressed or encrypted.` `Resource 4088 is possibly compressed or encrypted.` `Resource 4089 is possibly compressed or encrypted.` `Resource 4090 is possibly compressed or encrypted.` `Resource 4091 is possibly compressed or encrypted.` `Resource 4093 is possibly compressed or encrypted.` `Resource 4094 is possibly compressed or encrypted.` `Resource 4095 is possibly compressed or encrypted.` `Resource 4096 is possibly compressed or encrypted.` `Resource BTN_BAIDU is possibly compressed or encrypted.` `Resource BTN_CLOSE is possibly compressed or encrypted.` `Resource BTN_INSTALL is possibly compressed or encrypted.` `Resource BTN_KNOW is possibly compressed or encrypted.` `Resource BTN_OPEND is possibly compressed or encrypted.` `Resource BTN_OPENF is possibly compressed or encrypted.` `Resource CHARTABLE is possibly compressed or encrypted.` `Resource HTTPMODE is possibly compressed or encrypted.` `Resource IMG_CHECK is possibly compressed or encrypted.` `Resource IMG_CHECK2 is possibly compressed or encrypted.` `Resource IMG_INSTALLBK is possibly compressed or encrypted.` `Resource IMG_INSTALLICON is possibly compressed or encrypted.` `Resource LOAD_BK is possibly compressed or encrypted.` `Resource MAIN_BK is possibly compressed or encrypted.` `Resource MAIN_BORDER is possibly compressed or encrypted.` `Resource PACKAGEINFO is possibly compressed or encrypted.` `Resource PROGRESS_BK is possibly compressed or encrypted.` `Resource PROGRESS_FORCE is possibly compressed or encrypted.` `Resource TFFRMINSTALL is possibly compressed or encrypted.` `Resource TFFRMLOAD is possibly compressed or encrypted.` `Resource TFFRMMAIN is possibly compressed or encrypted.` `Resource THUNDER is possibly compressed or encrypted.` `The binary may have been compiled on a machine in the UTC+8 timezone.`
Malicious	VirusTotal score: 47/68 (Scanned on 2019-04-13 04:57:15)	`MicroWorld-eScan: Trojan.GenericKD.41135074` `FireEye: Generic.mg.67f4f7638559cb64` `CAT-QuickHeal: Trojan.Downer` `McAfee: RDN/Generic PUP.z` `Malwarebytes: Adware.ChinAd` `VIPRE: Trojan.Win32.Generic!BT` `Alibaba: Downloader:Win32/Agent.2c582171` `K7GW: Riskware ( 00544e421 )` `K7AntiVirus: Riskware ( 00544e421 )` `NANO-Antivirus: Trojan.Win32.Donex.fnxxjv` `ESET-NOD32: a variant of Win32/Gaofenquming.B potentially unwanted` `TrendMicro-HouseCall: PUA.Win32.Downer.AA` `Kaspersky: not-a-virus:HEUR:Downloader.Win32.Agent.gen` `BitDefender: Trojan.GenericKD.41135074` `Paloalto: generic.ml` `Endgame: malicious (moderate confidence)` `Emsisoft: Trojan.GenericKD.41135074 (B)` `Comodo: ApplicUnwnt@#3b0on1ar7a3sg` `F-Secure: Adware.ADWARE/Gaofenq.Gen` `DrWeb: Adware.Downware.19347` `Invincea: heuristic` `McAfee-GW-Edition: RDN/Generic PUP.z` `SentinelOne: DFI - Malicious PE` `Cyren: W32/Application.FEUH-6606` `Jiangmin: Downloader.Agent.lhc` `Avira: ADWARE/Gaofenq.Gen` `Antiy-AVL: RiskWare[Downloader]/Win32.Agent` `Microsoft: PUA:Win32/Downer` `Arcabit: Trojan.Generic.D273ABE2` `ViRobot: Adware.Gaofenquming.911040` `ZoneAlarm: not-a-virus:HEUR:Downloader.Win32.Agent.gen` `GData: Win32.Application.RiyueDowner.A` `Sophos: Downloader (PUA)` `AhnLab-V3: PUP/Win32.Qiwmonk.R215616` `VBA32: BScope.Downloader.Donex` `ALYac: Trojan.GenericKD.41135074` `MAX: malware (ai score=100)` `Ad-Aware: Trojan.GenericKD.41135074` `Rising: PUA.Downer!8.F658 (CLOUD)` `Yandex: PUA.Downloader!` `Ikarus: PUA.Gaofenquming` `eGambit: Unsafe.AI_Score_80%` `Fortinet: Riskware/Agent` `AVG: FileRepMalware [PUP]` `Cybereason: malicious.38559c` `Panda: Trj/Genetic.gen` `CrowdStrike: win/malicious_confidence_80% (D)`

Hashes

MD5	`67f4f7638559cb64bc4770c069d367e4`
SHA1	`1d59a97fa9e0369a9cd8cf44837334ebaa0094bf`
SHA256	`b4a8472ec0d3e5c8103439fa34cbe351bc8561ba725c631963ab8f584f75d07b`
SHA3	`3acfd41741546c524e6d55781b802bf2b39d529366161b8c70e1481f4bb6f685`
SSDeep	`24576:57BYJlneadwqBYZ+Ndrjds/CWoAHceTXSwSnjDwNrbgd:5tYbdwUFrjdEJo0XMnjDwNrbgd`
Imports Hash	`cd4b439c00a45d534f4d943ffca8aee8`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2018-Oct-20 17:06:52
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_BYTES_REVERSED_HI` `IMAGE_FILE_BYTES_REVERSED_LO` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0xd5000`
SizeOfInitializedData	`0x8000`
SizeOfUninitializedData	`0x115000`
AddressOfEntryPoint	`0x001EA270 (Section: UPX1)`
BaseOfCode	`0x116000`
BaseOfData	`0x1eb000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x1f3000`
SizeOfHeaders	`0x1000`
Checksum	`0xeaf2b`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

UPX0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x115000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

UPX1

MD5	`b794952cca606f53ff4b6a5090c32f97`
SHA1	`0d9dd8d9ac7ce0a9715815a9cff892369c9ad158`
SHA256	`91a2d3a6dbf1fe1f0aed99d1bc5285bf794d255bc8345ed0f71a87d2da7f5dab`
SHA3	`96d3d758b06d7c98187ef332871c3cd04ee04ecb78fc757f14390e414078f201`
VirtualSize	`0xd5000`
VirtualAddress	`0x116000`
SizeOfRawData	`0xd4600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.90026`

.rsrc

MD5	`bd7205c0a4e3dce215b17217ddb68e8e`
SHA1	`8591eb808f355c2b5d0fa46f43d1d6f6a3886df5`
SHA256	`5f03c926cac2dfa327b4dd96c470fb314e92402869ce160f86aabcacf77d006f`
SHA3	`9096d3f5eb50f85cbb35296b3036fcd3bc14dd5fae16ffe007cd09dce574fc88`
VirtualSize	`0x8000`
VirtualAddress	`0x1eb000`
SizeOfRawData	`0x7600`
PointerToRawData	`0xd4a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.14926`

Imports

KERNEL32.DLL	`LoadLibraryA` `GetProcAddress` `VirtualProtect` `VirtualAlloc` `VirtualFree` `ExitProcess`
advapi32.dll	`RegFlushKey`
comctl32.dll	`ImageList_Add`
gdi32.dll	`Pie`
msimg32.dll	`AlphaBlend`
ole32.dll	`OleDraw`
oleaut32.dll	`VariantCopy`
shell32.dll	`ShellExecuteW`
URLMON.DLL	`URLDownloadToFileW`
user32.dll	`GetDC`
version.dll	`VerQueryValueW`
Winhttp.dll	`WinHttpOpen`
wininet.dll	`InternetOpenW`

Delayed Imports

1

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.20143`
MD5	`b1c504293dd85fcc34e5cdcea3878c46`
SHA1	`3b45e236ada2b66c2ccaaaa1b0535c487eb0fa63`
SHA256	`db5ac27235fa479256a044c36105f09fe6fbc23ab3eb12a860199c2e7dde6f20`
SHA3	`1af316a638d5a2904556f97d8503ae7335cafa8e735f5a0ad9213f050767034c`

2

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.10305`
MD5	`fd118730d388fb46133fe5961efbd545`
SHA1	`bb40ae2c96018b40430bb58987467506991c2568`
SHA256	`0b28efb1b1dfb45bc2d8b3ae0b8403eac7aca2105468126da66ac6eced0369c4`
SHA3	`07a7ee69e6f70998b7eeb6bd5db8be0570f0ca787642b0988f66214e6d5a19a9`

3

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.14659`
MD5	`c914047237baace8bcb0f52a49d30ade`
SHA1	`f97d79b36e76c17df83f425d07dc8bb3049933df`
SHA256	`79b35d144b89ff0303c7ac43aff03725fe8e4a75117bdfb112e3be294ddea80d`
SHA3	`aa5490eb28e5dcd8361a0e6d5e63079036ebe15a1a71936792c9002999d9daf0`

4

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.14328`
MD5	`687144fc18986a8a64458570269b3ec2`
SHA1	`1d8343f6c09ffa79301e1ce42a1538f42f459e40`
SHA256	`25acb117c2edb7132e2328703c1b95c68fd02bc54a1a50b567d211d372175116`
SHA3	`3cba43e8c46d1d148bff34e77af5f9d4316cb7558320a1bc45bd7165349545f2`

5

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.02672`
MD5	`06e858b9782a7536ecfed5cbca370f56`
SHA1	`4fed0c1db27a00ed862eaa60f72729ada1c50630`
SHA256	`55f24149e61584f73bcef19ff4491379054ebf913cbefddc20a5c642d6f594d4`
SHA3	`dd4acf866c6cadc6477707e149b7f06afe4e31e7e27e20a9523f2d88f52eb5da`

6

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.04435`
MD5	`1c33a706c752700e18699b6b8dcc5b0e`
SHA1	`1ea4f089eff3ad2a4902a80b2bae6982ec105ac9`
SHA256	`8ddfecd7df4ad9b2b6b9d5357ae31013caf0a0b85612058bf67f1731f6a5b4b0`
SHA3	`4369618ab47924cd5e1e52e80891de992989dbb11a20efb659b763617e13b65e`

7

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.06554`
MD5	`926fab264355bfc4f2cc5e22c07d1018`
SHA1	`8afb3686e8ec2dac59c8d146a51aa881132f4975`
SHA256	`3df1ee70e22ae3f56fcc97994a6ca303f0d8a13e4a400d527b5681e3f26ef020`
SHA3	`462bbf4c6764163fe202a509b6139995d15fe3cec9b7b05f7573ea26a3ed9839`

1 (#2)

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`3.90277`
MD5	`ce00634493a8e039b7129ca3099f6338`
SHA1	`b53a314db8813a3e5660a8b182cd43046746cf2d`
SHA256	`2fee7ec390b5a54e6cb5c7c072a713db04d7cbfa63773207e523dbab6343d8c0`
SHA3	`f10100807271bd7f12e1b6303e40b56074b9513ecb4f924002a07ae4b22cd0d2`

2 (#2)

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`3.24731`
MD5	`5050d58a70e8a055ba69e3080fc823d7`
SHA1	`12502d8550470fc7499d0bac1a9e46ee5592b38d`
SHA256	`c7d4953f5faf6e401ade87da1c1ddf5218633a9e3a9e9ef2ec4e64cdf33967e8`
SHA3	`b38036e10de15200749d4f4392300931a4f374b96f09be7316d9478bea9e35ef`

3 (#2)

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`3.27183`
MD5	`35cbe1b23bc44d1a20ec9eed48142b7c`
SHA1	`f305b5fed0b22e5c38d37b96c00ef73d05e353f2`
SHA256	`d374d231f40ffe2da7c71bbf1b2dfd78a0e66ad603e851121df1c71051f80203`
SHA3	`43a67f9c32cf146ec576887367cfa7acf62960120eade39e03741bc549b08ad3`

4 (#2)

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`3.91452`
MD5	`ce8863e95c72eca7a39af0ad5c5916b5`
SHA1	`4600ab20aa762e749710fb27f3c2def1c7fd4f59`
SHA256	`5f01e215ebce2b9199812cc3c7afab11185fc47c23906c332cf71a8332c56413`
SHA3	`202ed04d6374d5587ea1861ffb7e5c809fbe606e803fb66c2c110eb1dc0ab4d2`

5 (#2)

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`3.47417`
MD5	`68e94c4af7f6e53897145733adbbffab`
SHA1	`f2d9ca9bff7e87116851507d75d1661b30291751`
SHA256	`22c113e4cab4b01d0a348ba8bb75fa32c57dc62fb3f52c372e486d8feeb5af20`
SHA3	`a830cf4076b874c4ca77a70c493fb8324dab20de6928983c3befd4afcdafca1e`

6 (#2)

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`3.02843`
MD5	`1458108bd5067537165e4b946539c111`
SHA1	`e91cbfe9130ce020f6e7eb31e50a3c70a6c92d50`
SHA256	`f9d16c7942ac9ab18b0600667e591acd1da35aaec7c6c3cad7479c96d8cef6b2`
SHA3	`d28387d71797de97be43c81d9a82e55cdaa64780349ef4965493c9dcb1d03e3d`

7 (#2)

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`2.82055`
MD5	`b52fe931134d2e74ca41c55d64faa62c`
SHA1	`7eaae35611ffec0500e825b879d22aa01e45ede2`
SHA256	`1fc972ea11bf0494ab62f7a8ca6f66ad4c6366e0e1377e4aeb570e82cc212aef`
SHA3	`0d8331ba3fa32b73e533410fd9c89743774598f94f7c7f76a754f23dfc6c7c24`

8

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`2.44525`
MD5	`9f7b86f32d2e309b75ddf923ebb14b1b`
SHA1	`8bd2b202c1f27586018bf66254fa1f2ab6a13283`
SHA256	`a129c763d7d0971e4bd99dc029c0a071493bba853ddc047b565c88d76bae9e4b`
SHA3	`da05ed61612895e7c9e56b4d7611fcee53b2fbbcf9fddd074401d0f230b49a61`

4078

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1e8`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.44295`
MD5	`c53c2c2ec2022aad64e704ac403d9ba1`
SHA1	`3a71aebaff080b30eb5aed582eb7868104e2e2b5`
SHA256	`14e0d33cf1d46778a3dd2257203554f3e3c4becd64ec311a84be543d1bcb54dd`
SHA3	`db1c7c741d32af94acf42ef04ff65ebbc3882d160c6c74e73f12c89dc52fd248`

4079

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x29c`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.53555`
MD5	`48ed8cc018dc783e3badb81f8f87a499`
SHA1	`a598fbec43fc7982f05979009048500ac700ab82`
SHA256	`a983ebebcd7cd94afd383d3fa3c20ca416b326803f4d6afb417c6e72c28c9db5`
SHA3	`763529fc1b42924c48a885ef2c8c0fb57859f5408b07268055b5cd01bbf1c70a`

4080

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3a4`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.66026`
MD5	`492e8ca660d98bd40b19ebdb7b29f2b8`
SHA1	`aa0284a6ac7610d6a2ed2616169503b1eb52ad28`
SHA256	`26cdc273bfda8309cff95efec7af0437bd56a4ec9bec72c5fce346f690e2005d`
SHA3	`9d31625ebea46881812265f1d45667ef56aa71a84d3ff35b5b9be630f331998f`

4081

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4c0`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.68095`
MD5	`6cac9864b6601459986b7891f9b6a620`
SHA1	`023adc588f0c92bb2fe2b1a4c96988d73c853fd4`
SHA256	`1c89c49c7c8d47447ca7e8a4bb17152b88da089a8b64ad1ed012cb71d14f3edc`
SHA3	`26dace88048e67b774acd4382a54449b06daad2e7bc2962e8a159cb49dcbe175`

4082

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x288`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.45843`
MD5	`0b544ef1066823dd3aec02283b988dea`
SHA1	`7bed31871ab5323a41227fd0f6ab53dd682a4cdb`
SHA256	`704e054632a542ffc9f1de145797be2abbd6236b434a54a5408bc4d20b335349`
SHA3	`be3978ad2016732f35640968640083ee6a1d00c8ac6a64a54a326e6286c43ce9`

4083

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xcc`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`6.81429`
MD5	`f24a30cb3a7dcc0b1a63c6afe2b9638f`
SHA1	`c605fc3b8829f6aef890434c1c555164c1c8e594`
SHA256	`44fe8c593c6bbab9979403e379aec7bdbd3cfeb8bc83a1361a85e95eaeef1706`
SHA3	`0588005415246b33f0e9606e3d52e025fd40cda869d3a4aa17f17e96676e9482`

4084

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x160`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.21802`
MD5	`6b97955a1fa84adf9286ddb928f50c22`
SHA1	`a8749d63972bfc9eae7954c3e488de8f0b390dcc`
SHA256	`8ef43db3f8f216818ce0f8951322e1e894b5d92066d18f936e313f2a58456b00`
SHA3	`1a1fee8ead7b9dcbc69b8a9bf5cb3af27fb358e9cf4938ba2942a0352e673e1e`

4085

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x494`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.6269`
MD5	`62ec181b0d5c0d9f44597bd7193dad3e`
SHA1	`0e6d46603ee6971c7eca189cccdcc0bf87e41b57`
SHA256	`b115991f13bbfc2f1b2faa7972e0898897d9cf13527600c64320d29be51bcaf2`
SHA3	`2c3af39ab261733a0da40d5ac75629e5db645f7cf1a281a2287289b3963922f7`

4086

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x340`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.57827`
MD5	`dbf75d8c3ed589df9916d598baa10e8e`
SHA1	`8c38ac41276f8f1368c4085983fc30c2ddc89c69`
SHA256	`7008a68380fcca663a115f988926d4c16d9636f20fd8a302359ffd9aec192345`
SHA3	`b500cedd58038912bf5c745d9a2f5c0445f6cb73d4b7976258007647c99dc8ae`

4087

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x59c`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.57997`
MD5	`853f4a58c269076a93f94a8d5c11bb09`
SHA1	`f3139e893bb9384d96f61a94065420fbd2bd6c3c`
SHA256	`db11f4a91d74628ee0f88b1fb7870878e7f307b93a6052a3db680f8f4416a12e`
SHA3	`d0a6460b068df61618a0051789c66853f5ce4c320fecdebe2a08754e6a61261c`

4088

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3a8`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.5827`
MD5	`65ef8a802ded7f321f4da5766521180a`
SHA1	`98b70b0910e16b7d73203e35668dc0129a629df5`
SHA256	`18f586edf37ed4a5057b210ef3f7696e49a9b4c4c60b6fe51ad32dd85d49d441`
SHA3	`1acb34b4888016227e5725e6cad9a325cb9998b8106a60d93df84bfcd4bea2b9`

4089

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x384`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.58597`
MD5	`4a6288f1626ae4edb198edc8ebeb9bac`
SHA1	`4cb4b0707e0046edfe34579ae4f283b8ad25bf2e`
SHA256	`0a70e2a06b363c690bde8e4e2e505efcdea9e673b356b1c8382c8f8fb56b502a`
SHA3	`9322fd9e9d90d7e1d3a8aa0ada9f30e60d06eb942b1f9b074dd5958bf27ab0ea`

4090

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3e4`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.64017`
MD5	`0b4ed36a21156761361e5375f449e461`
SHA1	`6372acce4621e042542438bfe8ad668b0d738fe9`
SHA256	`144b2086ec0d78419144cc27098557233ed6e8c8e225f826111c2dd20a949cbf`
SHA3	`fed9d59a1a8c1f8ae01ebc0b816a38b53c2dc04cda0f9f6610f500f5605bf06b`

4091

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xf4`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.06987`
MD5	`b2e2e347093681dd6b639f4ad973d9ea`
SHA1	`d07ec7e62e455376c7b2491e999283bd4f19f88b`
SHA256	`4b77efa1a31dd0d82102c5938b026dd221b447b5076eb16e43c2578f4ad2d5f4`
SHA3	`4e6c6a5fb3c1da61a969236bfabafa3bbc3933239a89bc9f7d9fc6c16cfa94c7`

4092

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xc4`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`6.83079`
MD5	`84653085c873ad4069abee1e74e7d58e`
SHA1	`5ed6a5e2e5f00d17345edb83bc12d2fc97308c44`
SHA256	`597b070a148732bad9994689d7a0a2881f082791264b94d81d84f511a56a08ef`
SHA3	`39bb0b2684dd743b530c0a5cbe5d2a77cc4963337dce0175fab6cedc8feb24a4`

4093

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25c`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.48566`
MD5	`c5d1e34f7a944fec37fa36ae8591ff16`
SHA1	`8f1ab3eee5b34addd47b069a51e1734753b0c2a8`
SHA256	`aef378897e403fb0016231932f937a940663cb742a59df417999e9f5cf1dbdb7`
SHA3	`a54291a334f41fdd249b5208d2742a72f08e8127ca42a8541a4e9d6515e4dbb4`

4094

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3e4`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.67809`
MD5	`42ad14fd84e6e1af20ddc43b32d824c0`
SHA1	`53d7cf638ab2b0263f3bd0b75bd1720dac54e76a`
SHA256	`5f39f0358defd071be58366f363f71aa650d85d8a12a16e6cd27d1b9feaff297`
SHA3	`43353c7e922f5d2cf2953119168f015ff2cb5e00d6cfc0a8ae8d5de768bf642d`

4095

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x31c`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.48403`
MD5	`2edf6e67be15ee9177459072e18ce4ac`
SHA1	`93bda3b4b587464606def895fa411a3b6654832a`
SHA256	`1ab2c7a644ad546a37841ff189fac89939087aea318f8f2d8027955389bbc751`
SHA3	`0b885b9cf0a4ceafb120c02e99c809accfd1b1c62a7cabe5b0a16a46d006c25e`

4096

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2e4`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.46189`
MD5	`83a3883a5bd3f5e77473cf1930b200f5`
SHA1	`eef60943fba350eeb18434f4151976e632491834`
SHA256	`0d39216df41e7be297dbc1dd47d048fb9c998290c91e34024a2d02a10c18fb3b`
SHA3	`e9c0fa464285efd0f5c3980a984339582589c4138b45f0502560cfd1c8a0b4e5`

BTN_BAIDU

Type	`RT_RCDATA`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x2aac`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.83402`
MD5	`8eb886a71da03baf7480435037b775bf`
SHA1	`66d322a2e54e0863e84a16c6797fa82b9ce07703`
SHA256	`cba70a60e32ec8a7d3ff56a316564548d6677038f16605ed6ab2c6b2a4256f72`
SHA3	`d1ee3deb74d541c7b87e8bca1be3a0ad8872cde29453671d8d1e42074046de85`

BTN_CLOSE

Type	`RT_RCDATA`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x11a0`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.80262`
MD5	`d594b3855dda77aa028c6bd79e2223b4`
SHA1	`3f8a507c1f990ae9a6cf74e22748ca783b1820da`
SHA256	`1b9e205c483d3bb44da1f7808125fc3929db3665bec7562f4f248e3f3c4ac98e`
SHA3	`0d3f25e2e149e1d3a0bff8464a135570638db5bb47a0d8975695d7c2dce28640`

BTN_INSTALL

Type	`RT_RCDATA`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x32cc`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.82374`
MD5	`25c5131f849f75ae1ab08bb24848e0c2`
SHA1	`4ed40ff972115bc49f68ab19c9535b8d25102b61`
SHA256	`ed21c92bdd319a0759836389fa923857c6c3de18a111396b94d4f7d99d11fa3b`
SHA3	`910641a1b587c51805461fa04c218bf0956fcd54c31bd75dc6d6b4c49fa71b70`

BTN_KNOW

Type	`RT_RCDATA`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x24d2`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.7276`
MD5	`2ca4babfd737469f030729bcc8b03672`
SHA1	`5d5d03988894b4038996c62c0e26ba05cff2f942`
SHA256	`4d21d2f109ad26bea964d87eee7601dab3fae4f107443bb25e25d9b41990850c`
SHA3	`18c723a23b14e64e29d7ef889cf7c21abe91f9fe06c3e635a2db3634ddfbe1cd`

BTN_OPEND

Type	`RT_RCDATA`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x274a`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.83522`
MD5	`4064fb10c6b97a2b35f28f310a20d192`
SHA1	`160ce1ae8bc148afb5ad07386a68d8604b8a1534`
SHA256	`56b31c0c76a099e950aeb6075d230beb5adcac04a38620103b876e237b6c5db4`
SHA3	`e72ad9836ede713a3fb3c55f593ffcb077cb7270b2530bfd6b8232043dfa5a31`

BTN_OPENF

Type	`RT_RCDATA`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x2005`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.80983`
MD5	`b1d1e09f14fe71db8df1b5d566837233`
SHA1	`8b9cfda5eef3aef63f376b03da2d49021cf16664`
SHA256	`1fb41448e860908146a14cac115ef137521df1963de5b1094f157b72d5108c01`
SHA3	`aeba31711647efb6bcabdf69e8e7d86ac1761f2879910fd335112d862fcbb289`

CHARTABLE

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x82e8`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.78845`
MD5	`688e18b08088f8d49b296c2df05f74c0`
SHA1	`5e2a817049afdb9a4b12095ce3fbf9451be4d797`
SHA256	`4b1860681ff361dc57725eb0a9c5874c4009dc611245c571a439997cf828d567`
SHA3	`75a4f7e73529f9bddf381f11cdf2997ccdd858207331672a8c0bd3268d1ccc40`

DVCLAL

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`4`
MD5	`697cecca9155fe891ad85379fabbc32c`
SHA1	`8d93c4cc1dc41e99e4806357d3f2747b158e9245`
SHA256	`cd7e58b73cd9524e56cea35698725b54e8cf20a7ace0a230be207d06867af868`
SHA3	`f1192f81f6383f42299bab27668c3684db6da215876c3d0df3a4f82431240739`

HTTPMODE

Type	`RT_RCDATA`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x367f4`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.76691`
MD5	`2998851d7f4676e9345fa1f96a2dc697`
SHA1	`1c24a05454ba48a40068bec0f758d5e3c864f4d1`
SHA256	`13b06a2209628cdf218e586b14895eeebc34833d4da61052f982f8b1aee9ebd2`
SHA3	`78946cfeb5e7b3118e7950080c9b0aac616b5fc42b22b553825b842f1c51e4ab`

IMG_CHECK

Type	`RT_RCDATA`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0xe08`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.69616`
MD5	`c83c4e3fb50ba86699f4993e4cf4c1cc`
SHA1	`be57889bd7a3c6fe2a8d049db36d01f597e928df`
SHA256	`44d5e3082b462eb0d1da3372dc09ec14c45d79122063f50e9f0ddbaa185117cb`
SHA3	`d3d417553a0ca8cd23cf44e6c52be8a9ebfe0d252dc743868fdfba2d56a40a72`

IMG_CHECK2

Type	`RT_RCDATA`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0xdc9`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.71584`
MD5	`8b3482385fe80dcfe558ebcd8aa6d98e`
SHA1	`6044afb122fe9489afb575364c82dc28acb398c5`
SHA256	`77fbae946d1a24c22a40f358e555670fe8160e25b3a8429b67ac4395ede1405e`
SHA3	`71e7a718cd4298301598d70e9438f53469c82f6221069e0f41d9502b44f7c7d2`

IMG_INSTALLBK

Type	`RT_RCDATA`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0xbeb`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.7031`
MD5	`502ae290ed17151516cdd75cd854b12c`
SHA1	`c50cf20ac03080ef65984445da97870fbabb1ad3`
SHA256	`cea5962cb1aa76d1eed6ef1beaaf4b0a9d37ddf563978968355e435d3c2cb028`
SHA3	`3694ba0016ac5483db856fa8f669d165f11570ad3ea19d7f20cc54e9645c5dbe`

IMG_INSTALLICON

Type	`RT_RCDATA`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x111a`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.70601`
MD5	`84cf20012e8e70205bc80c2d572013a0`
SHA1	`2d81aa4e20b9f176b625ccf6ec93f06137e88a8f`
SHA256	`c04858a25b37f6a026e23c1387b378ab8286dc850afac526ab99d3a3e200d3eb`
SHA3	`1d38b18a3ae39275e9137cff5289a80b406f0e35923ad1c5c23ac08343e6fe66`

LOAD_BK

Type	`RT_RCDATA`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x11d5a`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.82448`
MD5	`fe8bb0045c9a2a4efd4f4ba4eefddc2d`
SHA1	`1501a45321e179bbfb12a79d0e1c619edb2b279b`
SHA256	`d05960ce266824f7c648af6699d6fdb079e2ee4aa702b4251a8a2ff90fd93067`
SHA3	`36c33745a66e63e77abeb87cd66362b0daf6ee1f2c41237e2519b50fea33dbce`

MAIN_BK

Type	`RT_RCDATA`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x4ac2`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.82358`
MD5	`94602f462ea84c5ea456b559c3231272`
SHA1	`038a2795bddafeb8fa76fda7a462d4a0d532cf89`
SHA256	`d5af6b791a85c9cf1cf0492542f8a4e4cfd8269be02380b2a20a4a3e79f555b1`
SHA3	`288754e0506c816cdf0be220748c7ad5c84e4059f15b154536fb42b392fc3dca`

MAIN_BORDER

Type	`RT_RCDATA`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0xb0f`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.77285`
MD5	`b066d86c7681f1d0cfe1c2b2c13d917c`
SHA1	`1a7d54eab1a82a68b74ff574b74dd043cf84676f`
SHA256	`54bcdcf130b8462e3db3626f4083fb1e0cd0719c7daf8aa5df854f269f602a04`
SHA3	`0be34ce35ea1ba60656622354b332236757402fb86f0e83c37ee9ecdda6e93f7`

PACKAGEINFO

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x83c`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.73705`
MD5	`f7bb6d8881979469b91c9bb207bdd89d`
SHA1	`52a620fd118f7791b00e4231ab191a577abd6d75`
SHA256	`db47536c9611862a3d08f4d4f364638e804df1faed15bf2f6968c1f07a7e9066`
SHA3	`0801504882d10df0c72e878f04debfcd71f71d5ebd09dd374a057169a476b901`

PROGRESS_BK

Type	`RT_RCDATA`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0xaf4`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.76012`
MD5	`a340b8ae1aff7e181f55e978769856f8`
SHA1	`9804904b01ffdcec42d11569be0abc50b339a974`
SHA256	`1c251bc8d583dde3d944a1bbb23ba8fa73a048c9ce7472986b104677e0c9b01c`
SHA3	`78fc0edfa7909cada865116e9935a8595b37cc2ad609ff5a931833384ea9f775`

PROGRESS_FORCE

Type	`RT_RCDATA`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0xaf4`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.78841`
MD5	`eea89137c02434fc96c17b7d1fe4632a`
SHA1	`f501253d9ecbe1beb943d66b563c883769cd8438`
SHA256	`1947c6d0b4dc5426f2ede7edbbe2f86e3ac7a0a7af5c46e1c1d07b1244a72297`
SHA3	`d948fb22778bafb53668e5cf67f4082302d8b6d6924c7ac1d4cce6572debac19`

TFFRMINSTALL

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x116`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.14539`
MD5	`8c568a93b8dbe5876b4b43c6c317a6bf`
SHA1	`8af70d727085108809d22d9377c700e4e188c37f`
SHA256	`0589249d5f9bde869c24d4f2aef92ac0498c0f05851a80ba1f93e3a9d8c01a9b`
SHA3	`923731d8ead8ce626a1194b702866d782a9ce174f31729b90e1b10a15cc63c28`

TFFRMLOAD

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1bc`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.35156`
MD5	`190844ce175172e4bba3e476b7355706`
SHA1	`62a48caff73a5e0656424d233b9a53bbf25ac393`
SHA256	`4c87b787565aa613e4a7178efd827f3e33c44ce747d4ec4663e99aadbb36eade`
SHA3	`1cd4d1e92409d728ea932751b190187965273d95be18647bfcbdd6d992c79b3a`

TFFRMMAIN

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x503`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.7845`
MD5	`e4bff2da8295c276637acaa124b0cf50`
SHA1	`de5208abfec0cba7f6b565988c4a20ffe86811ee`
SHA256	`81280a7ebc924063d6bf3e154bd0be88c743db180901d3d951e3efd15bb3c88a`
SHA3	`fe2b7bbf40d1a111f658613117e2bc6f340789ebcbc98ff45e4a356b5437504a`

THUNDER

Type	`RT_RCDATA`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x1ade`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`7.83782`
MD5	`fbae25036ebe40425243e2751623f955`
SHA1	`444dfa2de2a8b42a7288ad310b6877882a673fc2`
SHA256	`c04b26077c22d9b1c90fdaa571b4fb0a5942b842026d6c6b1a46eb06820f28d8`
SHA3	`e375586a1c968c5f95fe36840d9be65bb26c0867c2bcfd95ee6f84b228b49f01`

32761

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`4.08418`
MD5	`c326eeeaeee48b4b47f2bc40bd493fd1`
SHA1	`af4eff538c89b64abd977114fd976a7189d5e2f6`
SHA256	`f3d0c77353e92100d51ff5792eb718889bd3c8939a60f438a89042687468d93b`
SHA3	`4b6ceecb1abc2174a5f2716bcaf05004bcb5eec67acc7c698aeda6525a028f49`

32762

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`4.22193`
MD5	`5d3246858079de54c0d867f51fc21ffe`
SHA1	`ebea577bf183b8609a84f9f2b4a27a75e2775795`
SHA256	`24f4a1c6651fda3fc250645e27411723aec0fb90d8e61d51077e33af95436c88`
SHA3	`1f1afd2928aca6f0075c6f9e4471beed0b37f795c2a141c8573193883c03e6ad`

32763

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`4.08418`
MD5	`8245bafff25700e37e6901038adc8a37`
SHA1	`044a5f4442a3eab45d51e1beeab0d4e43d84c504`
SHA256	`c6d7f360ed899acc72c7b08e605db7d2301ecbc7904952d98e57ca06dda751e5`
SHA3	`d9cba94b04141e481cfbcf746ae00f65cec8be4ff79b9f75427feec9361bd120`

32764

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`4.32193`
MD5	`a8fd4cce283a85e09647dc3f4ea48d82`
SHA1	`c8b0a3ef2902d8fc7131e433bedf91eaa51f4de0`
SHA256	`c2515bca654df5948091fd70ed02f1284796aa2eb175a59d217beab1fcaea1a6`
SHA3	`b9fc57f8171abea5de42cf2d4646ca606901e7fd9e0ec099e2591d13034f09be`

32765

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`4.32193`
MD5	`c4ba5661acfcd88dc54fb0e1c9698ffd`
SHA1	`8cececcdfe70846c6b3a062bdab4681f212ffc78`
SHA256	`aa7a99b7ac8a766159f1717b651cbf5212948fae61fdcf798916cb3bf2fd16b4`
SHA3	`20faf3cb0dc04effd5b450a4e38dd674e0c0cfcc44069b8f11a41f0f18b4e99a`

32766

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`3.92193`
MD5	`4acfb37fab0b9c34505a27bc9af43fe9`
SHA1	`f1b4b0ed05f35038e45fe5c05c42ee6ecf91f8cd`
SHA256	`1bf49be7d9ca34c90d80281b52de8013a4387256ecf0857667bd11f570c32604`
SHA3	`aad182e14897b5589bb892b7f8dacd8a433b134e0977275c0b81e5b56bb0b5fc`

32767

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`4.12193`
MD5	`31f7591d3327b920c7b844a29d20fcb2`
SHA1	`e33c8e1fbe3ea8917f5f41056a2d8c2dbccabd1e`
SHA256	`cc802bccf33c5bcf58f785e85280e191ff6e0c1f5ed35ad662f4ba4b81b1d145`
SHA3	`9ccfbe55bed4cd2b31150e2629ee2ac254a8b65fd8e9710e69b1b0f977e79355`

MAINICON

Type	`RT_GROUP_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x76`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`2.81487`
Detected Filetype	Icon file
MD5	`881e3e116c50ff13d25c2f0b0f9a8bda`
SHA1	`982aeb8d3631e3f3b59d19f9e547a38a52037d96`
SHA256	`6e75b916785f34a8f76bd4efc392559c46df359b9840208823bef6ddf4654de5`
SHA3	`99784b076b9e068e2738faad1f2e5ef4dc8b725dc7d6a7ad185a1ef5888b8781`

1 (#3)

Type	`RT_VERSION`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x3b0`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`3.38538`
MD5	`b2ee671e9bb5bfad7fee94e604bf242a`
SHA1	`7853ff3a75ac8717f724865ab7138bfcdf5e1ef3`
SHA256	`b0213710ba102ad16acc0033f7300b531b760e455468130651ea7f893adba9bd`
SHA3	`f172bc9484fbbd79620f403d484e8744ea52d9ebd41d80a1f8d1abb0be40dbaa`

1 (#4)

Type	`RT_MANIFEST`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x35d`
TimeDateStamp	2018-Oct-21 01:06:50
Entropy	`4.91616`
MD5	`821b9ebdc7a24f4b906c664c6d4b271a`
SHA1	`ab071bde0b908ec38b5d1e67611b06974fe78e95`
SHA256	`596b7f930375ab7dc5ca2351463f5a817f095a5df95fc1ea58b8a151dc515446`
SHA3	`cce14483c8755627f22e779587096ecee03cc396f6972e5c0375a7fb41ee0979`

String Table contents

ÿÌÌÿ餀㎙Ì㌳f㏌ÿ昀昳㍦暙曌㏿餳饦香駌駿찀찳챦f척쳌쳿＀Ｓ챦ﾙￌÌ3fÌÌÌÌ㌀㌳Ì㍦Ì㎙Ì㏌Ì㏿Ì昀Ì昳Ì晦暙Ì曌Ì替
䈈Ѵ⏐䁑鸘橄Ǜ썖瀡䉆䷳⪨␨Ĕදᑉ洢Ĥ廴ᔕ봣耶欣鈣珦쁔ᰢਜⶈ∋
ࣙ䵕࿮Ϩ耀࿯А耀࿰и耀࿱Ѡ耀࿲҈耀࿳Ұ耀࿴Ә耀࿵Ԁ耀࿶Ԩ耀࿷Ր耀࿸ո耀࿹֠耀࿺׈耀࿻װ耀࿼ؘ耀࿽ـ耀࿾٨耀࿿ڐ耀ကڸ耀ࣙ䵕Ѐ獌Ǩࣙ䵕Ш甴ʜࣙ䵕ѐ矐Τࣙ䵕Ѹ筴Ӏࣙ䵕Ҡ耴ʈࣙ䵕ӈ芼Ìࣙ䵕Ӱ莈Šࣙ䵕Ԙ蓨Ҕࣙ䵕Հ襼̀ࣙ䵕ը貼֜ࣙ䵕֐鉘Ψࣙ䵕ָ阀΄ࣙ䵕נ馄Ϥࣙ䵕؈鵨ôࣙ䵕ذ鹜Äࣙ䵕٘鼠ɜࣙ䵕ڀꅼϤࣙ䵕ڨꕠ̜ࣙ䵕ې꡼ˤࣙ䵕ൠ耀ި耀൴耀ߐ耀ඈ耀߸耀ච耀ࠠ耀඲耀ࡈ耀ෆ耀ࡰ耀ේ耀࢘耀෮耀ࣀ耀෼耀ࣨ耀ฎ耀ऐ耀ย耀स耀ุ耀ॠ耀๔耀ঈ耀๴耀র耀ຄ耀৘耀ດ耀਀耀ຬ耀ਨ耀ໄ耀੐耀ໜ耀੸耀໺耀ઠ耀༔耀ૈ耀༨耀૰耀༼耀ଘ耀ࣙ䵕ࠄ߀ꭠ⪬ࣙ䵕ࠄߨ혌ᆠࣙ䵕ࠄࠐ㋌ࣙ䵕ࠄ࠸᩸ⓒࣙ䵕ࠄࡠ㽌❊ࣙ䵕ࠄ࢈暘 ࣙ䵕Љࢰ蚠苨ࣙ䵕ࣘঈࣙ䵕ࠄऀঘ柴ࣙ䵕ࠄन熌จࣙ䵕ࠄॐ羔෉ࣙ䵕ࠄॸ赠௫ࣙ䵕ࠄঠ饌ᄚࣙ䵕ࠄৈꩨᵚࣙ䵕ࠄৰ쟄䫂ࣙ䵕ࠄਘኈଏࣙ䵕ੀᶘ࠼ࣙ䵕ࠄ੨◔૴ࣙ䵕ࠄઐト૴ࣙ䵕સ㮼Ėࣙ䵕ૠ㳔Ƽࣙ䵕ଈ㺐ԃࣙ䵕ࠄର䎔᫞ࣙ䵕翹ஈ耀翺ர耀翻௘耀翼ఀ耀翽న耀翾౐耀翿౸耀ࣙ䵕Љ஠年ࣙ䵕Љை庈ࣙ䵕Љ௰府ࣙ

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.3.6.26
ProductVersion	1.3.6.26
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	Chinese - PRC
CompanyName	Riyue Tongxing Information Technology (Beijing) Co.,Ltd.
FileDescription	downer for windows
FileVersion (#2)	1.3.6.26
InternalName
LegalCopyright	Riyue Tongxing Information Technology (Beijing) Co.,Ltd.
LegalTrademarks
OriginalFilename	downer
ProductName	downer for windows
ProductVersion (#2)	1.3.6.26
Comments

Resource LangID	Chinese - PRC

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Could not read the name of the DLL to be delay-loaded!
[!] Error: Could not reach the TLS callback table.
[*] Warning: Section UPX0 has a size of 0!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Resource 32761 is empty!
[*] Warning: Resource 32762 is empty!
[*] Warning: Resource 32763 is empty!
[*] Warning: Resource 32764 is empty!
[*] Warning: Resource 32765 is empty!
[*] Warning: Resource 32766 is empty!
[*] Warning: Resource 32767 is empty!