Manalyze report for 6862f65be14fd3ce88086ec79777db6e

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2016-May-30 16:33:32
Detected languages	English - United Kingdom English - United States
Comments	www.goldensoft.org
FileDescription	GS Auto Clicker
FileVersion	`3.1.4`
LegalCopyright	goldensoft.org
ProductName	GS Auto Clicker
ProductVersion	`3.1.4`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `MASM/TASM - sig2(h)`
Info	Interesting strings found in the binary:	`Contains domain names: autoitscript.com goldensoft.org www.goldensoft.org`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses known Mersenne Twister constants`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryW LoadLibraryExW GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowW` `Code injection capabilities: OpenProcess VirtualAllocEx WriteProcessMemory VirtualAlloc` `Code injection capabilities (PowerLoader): FindWindowW GetWindowLongW` `Can access the registry: RegisterHotKey RegEnumValueW RegDeleteValueW RegDeleteKeyW RegSetValueExW RegCreateKeyExW RegEnumKeyExW RegCloseKey RegQueryValueExW RegOpenKeyExW` `Possibly launches other programs: CreateProcessW CreateProcessAsUserW CreateProcessWithLogonW ShellExecuteW` `Can create temporary files: CreateFileW GetTempPathW CreateFileA` `Uses functions commonly found in keyloggers: GetAsyncKeyState AttachThreadInput MapVirtualKeyW GetForegroundWindow` `Has Internet access capabilities: InternetReadFile InternetCloseHandle InternetOpenW InternetSetOptionW InternetCrackUrlW InternetConnectW InternetOpenUrlW InternetQueryOptionW InternetQueryDataAvailable` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken DuplicateTokenEx` `Interacts with services: OpenSCManagerW` `Enumerates local disk drives: GetDriveTypeW GetVolumeInformationW` `Manipulates other processes: EnumProcesses EnumProcessModules OpenProcess WriteProcessMemory ReadProcessMemory Process32FirstW Process32NextW` `Can take screenshots: FindWindowW GetDC CreateCompatibleDC` `Reads the contents of the clipboard: GetClipboardData` `Can shut the system down or lock the screen: ExitWindowsEx InitiateSystemShutdownExW`
Suspicious	The file contains overlay data.	`219049 bytes of data starting at offset 0x9e400.` `The overlay data has an entropy of 7.99918 and is possibly compressed or encrypted.`
Malicious	VirusTotal score: 4/71 (Scanned on 2023-06-10 02:03:28)	`Bkav: W32.AIDetectMalware` `APEX: Malicious` `Jiangmin: Trojan.Generic.ecdsu` `MaxSecure: Trojan.Malware.74623402.susgen`

Hashes

MD5	`6862f65be14fd3ce88086ec79777db6e`
SHA1	`7f0eb7535b59a926446a400ff93f48165b58ac95`
SHA256	`7c90795c9b28fac978386626f5a54033dc9cba46ef6a3f742fc7d52b394590f2`
SHA3	`008767ff473f81bb680552bf87be017409b00da224a34f01fe44807ca94cd30d`
SSDeep	`12288:saWzgMg7v3qnCibErQohh0F4zCJ8lnywQ8S8Xe74050MOm:TaHMv6Cbrj/nywQ8Sfs+7`
Imports Hash	`aaaa8913c89c8aa4a5d93f06853894da`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2016-May-30 16:33:32
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`9.0`
SizeOfCode	`0x80200`
SizeOfInitializedData	`0x1de00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00016310 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x82000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0xb5000`
SizeOfHeaders	`0x400`
Checksum	`0xd72a0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x400000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x400000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`2dbaea09b92aff2a23fb90133ffbb9a6`
SHA1	`60ec177f287382fcb62db5191dc30eefc3292a1c`
SHA256	`e800b046bbf7f5919344f5703e155a3032f2d8e4d8ec6f73d4bbce731d16b47a`
SHA3	`cb3ca49be943cce3ce0ae5783f169669164435fa8870d879f2ad179c436e7678`
VirtualSize	`0x80017`
VirtualAddress	`0x1000`
SizeOfRawData	`0x80200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.63489`

.rdata

MD5	`7a75746a057d3e0b1ac5c5b9bcb2c6b9`
SHA1	`0cb1800d663d33a72cefcd4129e761c876c51627`
SHA256	`7b02e56f50eb5215aa2fdf8538daca8ab4fbdd11ce6b0b46040416ad659a00ee`
SHA3	`2978c74b5656ce8faebfa996c54909880e8393d2181ec6e0b45d46822b581f27`
VirtualSize	`0xd95c`
VirtualAddress	`0x82000`
SizeOfRawData	`0xda00`
PointerToRawData	`0x80600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.88444`

.data

MD5	`56af83db6167fe1c3889dcabd192a76f`
SHA1	`dd5cc679dbfbba152661243ab505b173399c2d7a`
SHA256	`82ae19080b8d2f11d13311bf2ecfb941376c7f47f47270c68f95e3841e2f8c7b`
SHA3	`c5a9f0946aed9823377f9253710069f39c06d4e9817bb41ae8b7178c5967fc2f`
VirtualSize	`0x1a518`
VirtualAddress	`0x90000`
SizeOfRawData	`0x6800`
PointerToRawData	`0x8e000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.20188`

.rsrc

MD5	`0be88fdcdc69b17fb54a09c13cb0f99f`
SHA1	`13b19cd503e7eec927641493bb58ca5e0989f742`
SHA256	`9b0f0763ada09d1d0674c56de7fcf52c161608995b0bf4800934a8546765d060`
SHA3	`55c4e2d798f27d7bf024348fdb5337d6aa604040b9533cbb49140b77ebb18ea4`
VirtualSize	`0x9abc`
VirtualAddress	`0xab000`
SizeOfRawData	`0x9c00`
PointerToRawData	`0x94800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.43059`

Imports

WSOCK32.dll	`__WSAFDIsSet` `setsockopt` `ntohs` `recvfrom` `sendto` `htons` `select` `listen` `WSAStartup` `bind` `closesocket` `connect` `socket` `send` `WSACleanup` `ioctlsocket` `accept` `WSAGetLastError` `inet_addr` `gethostbyname` `gethostname` `recv`
VERSION.dll	`VerQueryValueW` `GetFileVersionInfoW` `GetFileVersionInfoSizeW`
WINMM.dll	`timeGetTime` `waveOutSetVolume` `mciSendStringW`
COMCTL32.dll	`ImageList_Remove` `ImageList_SetDragCursorImage` `ImageList_BeginDrag` `ImageList_DragEnter` `ImageList_DragLeave` `ImageList_EndDrag` `ImageList_DragMove` `ImageList_ReplaceIcon` `ImageList_Create` `InitCommonControlsEx` `ImageList_Destroy`
MPR.dll	`WNetCancelConnection2W` `WNetGetConnectionW` `WNetAddConnection2W` `WNetUseConnectionW`
WININET.dll	`InternetReadFile` `InternetCloseHandle` `InternetOpenW` `InternetSetOptionW` `InternetCrackUrlW` `HttpQueryInfoW` `InternetConnectW` `HttpOpenRequestW` `HttpSendRequestW` `FtpOpenFileW` `FtpGetFileSize` `InternetOpenUrlW` `InternetQueryOptionW` `InternetQueryDataAvailable`
PSAPI.DLL	`EnumProcesses` `GetModuleBaseNameW` `GetProcessMemoryInfo` `EnumProcessModules`
USERENV.dll	`CreateEnvironmentBlock` `DestroyEnvironmentBlock` `UnloadUserProfile` `LoadUserProfileW`
KERNEL32.dll	`HeapAlloc` `Sleep` `GetCurrentThreadId` `RaiseException` `MulDiv` `GetVersionExW` `GetSystemInfo` `MultiByteToWideChar` `WideCharToMultiByte` `GetModuleHandleW` `QueryPerformanceCounter` `VirtualFreeEx` `OpenProcess` `VirtualAllocEx` `WriteProcessMemory` `ReadProcessMemory` `CreateFileW` `SetFilePointerEx` `ReadFile` `WriteFile` `FlushFileBuffers` `TerminateProcess` `CreateToolhelp32Snapshot` `Process32FirstW` `Process32NextW` `SetFileTime` `GetFileAttributesW` `FindFirstFileW` `FindClose` `DeleteFileW` `FindNextFileW` `lstrcmpiW` `MoveFileW` `CopyFileW` `CreateDirectoryW` `RemoveDirectoryW` `SetSystemPowerState` `QueryPerformanceFrequency` `FindResourceW` `LoadResource` `LockResource` `SizeofResource` `GetProcessHeap` `OutputDebugStringW` `GetLocalTime` `CompareStringW` `CompareStringA` `InterlockedIncrement` `InterlockedDecrement` `DeleteCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionAndSpinCount` `GetStdHandle` `CreatePipe` `InterlockedExchange` `TerminateThread` `GetTempPathW` `GetTempFileNameW` `VirtualFree` `FormatMessageW` `GetExitCodeProcess` `SetErrorMode` `GetPrivateProfileStringW` `WritePrivateProfileStringW` `GetPrivateProfileSectionW` `WritePrivateProfileSectionW` `GetPrivateProfileSectionNamesW` `FileTimeToLocalFileTime` `FileTimeToSystemTime` `SystemTimeToFileTime` `LocalFileTimeToFileTime` `GetDriveTypeW` `GetDiskFreeSpaceExW` `GetDiskFreeSpaceW` `GetVolumeInformationW` `SetVolumeLabelW` `CreateHardLinkW` `DeviceIoControl` `SetFileAttributesW` `GetShortPathNameW` `CreateEventW` `SetEvent` `GetEnvironmentVariableW` `SetEnvironmentVariableW` `GlobalLock` `GlobalUnlock` `GlobalAlloc` `GetFileSize` `GlobalFree` `GlobalMemoryStatusEx` `Beep` `GetComputerNameW` `GetWindowsDirectoryW` `GetSystemDirectoryW` `GetCurrentProcessId` `GetCurrentThread` `GetProcessIoCounters` `CreateProcessW` `SetPriorityClass` `LoadLibraryW` `VirtualAlloc` `LoadLibraryExW` `HeapFree` `WaitForSingleObject` `CreateThread` `DuplicateHandle` `GetLastError` `CloseHandle` `GetCurrentProcess` `GetProcAddress` `LoadLibraryA` `FreeLibrary` `GetModuleFileNameW` `GetFullPathNameW` `ExitProcess` `ExitThread` `GetSystemTimeAsFileTime` `SetCurrentDirectoryW` `IsDebuggerPresent` `GetCurrentDirectoryW` `ResumeThread` `GetStartupInfoW` `TlsGetValue` `TlsAlloc` `TlsSetValue` `TlsFree` `SetLastError` `HeapSize` `GetCPInfo` `GetACP` `GetOEMCP` `IsValidCodePage` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetModuleFileNameA` `HeapReAlloc` `HeapCreate` `SetHandleCount` `GetFileType` `GetStartupInfoA` `SetStdHandle` `GetConsoleCP` `GetConsoleMode` `LCMapStringW` `LCMapStringA` `RtlUnwind` `SetFilePointer` `GetTimeZoneInformation` `GetTimeFormatA` `GetDateFormatA` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCommandLineW` `GetTickCount` `GetStringTypeA` `GetStringTypeW` `GetLocaleInfoA` `GetModuleHandleA` `WriteConsoleA` `GetConsoleOutputCP` `WriteConsoleW` `CreateFileA` `SetEndOfFile` `EnumResourceNamesW` `SetEnvironmentVariableA`
USER32.dll	`SetWindowPos` `GetCursorInfo` `RegisterHotKey` `ClientToScreen` `GetKeyboardLayoutNameW` `IsCharAlphaW` `IsCharAlphaNumericW` `IsCharLowerW` `IsCharUpperW` `GetMenuStringW` `GetSubMenu` `GetCaretPos` `IsZoomed` `MonitorFromPoint` `GetMonitorInfoW` `SetWindowLongW` `SetLayeredWindowAttributes` `FlashWindow` `GetClassLongW` `TranslateAcceleratorW` `IsDialogMessageW` `GetSysColor` `InflateRect` `DrawFocusRect` `DrawTextW` `FrameRect` `DrawFrameControl` `FillRect` `PtInRect` `DestroyAcceleratorTable` `CreateAcceleratorTableW` `SetCursor` `GetWindowDC` `GetSystemMetrics` `GetActiveWindow` `CharNextW` `wsprintfW` `RedrawWindow` `DrawMenuBar` `DestroyMenu` `SetMenu` `GetWindowTextLengthW` `CreateMenu` `IsDlgButtonChecked` `DefDlgProcW` `ReleaseCapture` `SetCapture` `WindowFromPoint` `CreateIconFromResourceEx` `mouse_event` `ExitWindowsEx` `SetActiveWindow` `FindWindowExW` `EnumThreadWindows` `SetMenuDefaultItem` `InsertMenuItemW` `IsMenu` `TrackPopupMenuEx` `GetCursorPos` `DeleteMenu` `CheckMenuRadioItem` `CopyImage` `GetMenuItemCount` `SetMenuItemInfoW` `GetMenuItemInfoW` `SetForegroundWindow` `IsIconic` `FindWindowW` `SystemParametersInfoW` `PeekMessageW` `SendInput` `GetAsyncKeyState` `SetKeyboardState` `GetKeyboardState` `GetKeyState` `VkKeyScanW` `LoadStringW` `DialogBoxParamW` `MessageBeep` `EndDialog` `SendDlgItemMessageW` `GetDlgItem` `SetWindowTextW` `CopyRect` `ReleaseDC` `GetDC` `EndPaint` `BeginPaint` `GetClientRect` `GetMenu` `DestroyWindow` `EnumWindows` `GetDesktopWindow` `IsWindow` `IsWindowEnabled` `IsWindowVisible` `EnableWindow` `InvalidateRect` `GetWindowThreadProcessId` `AttachThreadInput` `GetFocus` `GetWindowTextW` `ScreenToClient` `SendMessageTimeoutW` `EnumChildWindows` `CharUpperBuffW` `GetClassNameW` `GetParent` `GetDlgCtrlID` `SendMessageW` `MapVirtualKeyW` `PostMessageW` `GetWindowRect` `SetUserObjectSecurity` `GetUserObjectSecurity` `CloseDesktop` `CloseWindowStation` `OpenDesktopW` `SetProcessWindowStation` `GetProcessWindowStation` `OpenWindowStationW` `MessageBoxW` `DefWindowProcW` `MoveWindow` `AdjustWindowRectEx` `SetRect` `SetClipboardData` `EmptyClipboard` `CountClipboardFormats` `CloseClipboard` `GetClipboardData` `IsClipboardFormatAvailable` `OpenClipboard` `BlockInput` `GetMessageW` `LockWindowUpdate` `DispatchMessageW` `GetMenuItemID` `TranslateMessage` `SetFocus` `PostQuitMessage` `KillTimer` `CreatePopupMenu` `RegisterWindowMessageW` `SetTimer` `ShowWindow` `CreateWindowExW` `RegisterClassExW` `LoadIconW` `LoadCursorW` `GetSysColorBrush` `GetForegroundWindow` `MessageBoxA` `DestroyIcon` `UnregisterHotKey` `CharLowerBuffW` `MonitorFromRect` `keybd_event` `LoadImageW` `GetWindowLongW`
GDI32.dll	`DeleteObject` `GetObjectW` `GetTextExtentPoint32W` `ExtCreatePen` `StrokeAndFillPath` `StrokePath` `EndPath` `SetPixel` `CloseFigure` `CreateCompatibleBitmap` `CreateCompatibleDC` `SelectObject` `StretchBlt` `GetDIBits` `LineTo` `AngleArc` `MoveToEx` `Ellipse` `PolyDraw` `BeginPath` `Rectangle` `GetDeviceCaps` `SetBkMode` `RoundRect` `SetBkColor` `CreatePen` `CreateSolidBrush` `SetTextColor` `CreateFontW` `GetTextFaceW` `GetStockObject` `CreateDCW` `GetPixel` `DeleteDC` `SetViewportOrgEx`
COMDLG32.dll	`GetSaveFileNameW` `GetOpenFileNameW`
ADVAPI32.dll	`RegEnumValueW` `RegDeleteValueW` `RegDeleteKeyW` `RegSetValueExW` `RegCreateKeyExW` `GetUserNameW` `RegConnectRegistryW` `RegEnumKeyExW` `CloseServiceHandle` `UnlockServiceDatabase` `LockServiceDatabase` `OpenSCManagerW` `InitiateSystemShutdownExW` `AdjustTokenPrivileges` `RegCloseKey` `RegQueryValueExW` `RegOpenKeyExW` `OpenThreadToken` `OpenProcessToken` `LookupPrivilegeValueW` `DuplicateTokenEx` `CreateProcessAsUserW` `CreateProcessWithLogonW` `InitializeSecurityDescriptor` `InitializeAcl` `GetLengthSid` `SetSecurityDescriptorDacl` `CopySid` `LogonUserW` `GetTokenInformation` `GetAclInformation` `GetAce` `AddAce` `GetSecurityDescriptorDacl`
SHELL32.dll	`DragQueryPoint` `ShellExecuteExW` `SHGetFolderPathW` `DragQueryFileW` `SHEmptyRecycleBinW` `SHBrowseForFolderW` `SHFileOperationW` `SHGetPathFromIDListW` `SHGetDesktopFolder` `SHGetMalloc` `ExtractIconExW` `Shell_NotifyIconW` `ShellExecuteW` `DragFinish`
ole32.dll	`OleSetMenuDescriptor` `MkParseDisplayName` `OleSetContainedObject` `CoInitialize` `CoUninitialize` `CoCreateInstance` `CreateStreamOnHGlobal` `CoTaskMemAlloc` `CoTaskMemFree` `CLSIDFromString` `StringFromCLSID` `IIDFromString` `StringFromIID` `OleInitialize` `CreateBindCtx` `CLSIDFromProgID` `CoInitializeSecurity` `CoCreateInstanceEx` `CoSetProxyBlanket` `OleUninitialize`
OLEAUT32.dll	`SafeArrayAllocData` `SafeArrayAllocDescriptorEx` `SysAllocString` `OleLoadPicture` `SafeArrayGetVartype` `SafeArrayDestroyData` `SafeArrayAccessData` `VarR8FromDec` `VariantTimeToSystemTime` `VariantClear` `VariantCopy` `VariantInit` `SafeArrayDestroyDescriptor` `LoadRegTypeLib` `GetActiveObject` `SafeArrayUnaccessData`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.05883`
MD5	`78f30e363a0499f530d057b4d639d36e`
SHA1	`360bd6476101b0cddc23d2c7eade326c1b16ceaf`
SHA256	`08bcba5aa989c988ea18f8101c84daaee58d4f0b584535a85186c8b98b66147e`
SHA3	`001ac9f6e8e52f9c3eb7101189fb953e2f4babfdea5b6e26b23b99173af38de4`

2

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.66371`
MD5	`d6f27bf763eb666af934477958acf362`
SHA1	`f724ee386cda31b32b5c88e08b9abf562c016a57`
SHA256	`62ba0b2575098d4428c9a99bd060ef7572071698bf9d03b4bd430f5f691378e5`
SHA3	`6f4a250c7a91ddfcc872e14b8ed1e4aa33a5ebb3280f7d021b47aa46edfb9586`

3

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.25499`
MD5	`ad424f5f5d5ff4460343686c61e4f75e`
SHA1	`29a1f0faadc42f1b9f9767d8c724fdc58dd165c8`
SHA256	`245fc49e4e955e1db3975b826dcf27ad2eb32a6831caa4cb6b501a3914bcfaa9`
SHA3	`4f3a627ee7d533397f7f5c70bb2dafa8857150e674cb31edd96949c7905de509`

4

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.21099`
MD5	`b17979e1f20c3c959495415bcb8170af`
SHA1	`56077e6280342fd33c4b31cebc76ce8ac0daf68f`
SHA256	`d8de645ef6108e054516f2619e1e26df8b6c24c61d4f981ad6b39fd8e6494a47`
SHA3	`0ef525c28b6587b9b2fb75ac3a31cc2d7d1fab87b037839f2a867c15da084ea6`

5

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.94881`
MD5	`8014f4987453b56aaed70c8db0fd6024`
SHA1	`ae7f1bd284fb756be8d921f10725ad824831dc76`
SHA256	`e841bcd49361ca23a9cfa86beeed1bc595c009126c11cd6d68127f912bcaaf85`
SHA3	`3c6cb815b2acf3e44b2ae2f0db91b4c5e4fd506c63df72328b4932df9a35a5c5`

6

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.95646`
MD5	`af9e5a1229ae0263df9705ec75a3fac0`
SHA1	`ef403547f71ed48e506959887bca9689205765ba`
SHA256	`a994edee6306c282677ffd270118f0a301de2509381b4d691d25da3986ebe09a`
SHA3	`dbf1e061cf2a3ddf9473a3bb7954a32a85217c075c728fb03f201032959ac18a`

7

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.76434`
MD5	`26c60bbc6aa250524a868db10f0c1aa0`
SHA1	`e88096085e5b35fe5890afa5e01e7de390c528fe`
SHA256	`27bb85a38a2da549d7133cb0ace0f78055c60151d83e954c1272d226e28603cb`
SHA3	`342b1b02a99f8f0e55b31e1db35fd3aa2f8bd91ce85db0bb8077c8c56488158a`

166

Type	`RT_MENU`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x4e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.52359`
MD5	`4ac3af5cee13d254483d63c38f6299da`
SHA1	`c66abde41885e370498a4caf13a272bcb11fa522`
SHA256	`fbf38fe5a733a875883f997d340d91d7d68e745f9eee7749669fd95d7649a627`
SHA3	`9b2c01a1f77b90120a85a0ef7ca0e5da3f9d232a3366da13a9a4457cd2590612`

1000

Type	`RT_DIALOG`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0xf0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.19877`
MD5	`0ff759eca8d3d6f75c3496a98ea3dfb2`
SHA1	`0b4be4bc11f232f4eda229fb0e83515f555e349e`
SHA256	`4c719af047144eca0ada49305d9fc1c2494604fcdd7cbdd5a47664a53fdfa507`
SHA3	`30994879efa55b197729ccf6a92b388cb232aa945ec78ec6f17a8f1326724098`

7 (#2)

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x222`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.29676`
MD5	`998f5ffa64d55cf5abb1ecf0664f81dc`
SHA1	`b9c423339a3cefc8d224d41c1e8f3abd1b5a1c75`
SHA256	`54079cc859ce484833898fb208732e03133c24d0d1cf1bf331c03698f8c8373f`
SHA3	`ae468af796321cd1cb94d90bb21b892ae8b4531cd4cd5af39aac7001460a10e3`

8

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x2aa`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.15897`
MD5	`aa8734d5e52060ba8d90b8852c008edc`
SHA1	`0a4a236518856cd96bf9a39ac720c731c8eec18f`
SHA256	`2379a9ddf1a0434f806eed3e51da25372896e9c1532c6842576dd0985b6cf8c0`
SHA3	`1f100b715c87dbdabbea45f564fc024613f88ee32cc2540177bdc9081b65b7b6`

9

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x1b6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.76901`
MD5	`c63fd1b2a3cd9957ab0d01ebf0ef1341`
SHA1	`52a181afd24bbe704e33d93c62fac0ac4a4e37e1`
SHA256	`a06356ce890cb00f683c98a5d3e3944d77a06df23bdfbbabb027d92c7e7979ad`
SHA3	`66d7e21c081c068dacf1659390b9299aa956d641b834ee4f059fdf5c5cc96d26`

10

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x2dc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.76637`
MD5	`b1fe435ef34be0c0f0ec85ee03799137`
SHA1	`868026cbed2acd8cf90b3b4bbab5d93675fe12d0`
SHA256	`aaddb296d88ee770126c8bd50b1c15804925fa47aee0c0dc2ce1fe95526c67e7`
SHA3	`9088ca501137d6809c72644de12dd30885d181c6c183604ddc9266eae73bd871`

11

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x2fa`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.43832`
MD5	`625f40247b0e84e8c008fcea4f4d396b`
SHA1	`326539c608b8724e46a9ddeb1593135aec371936`
SHA256	`0c0d5868ad2d14f97305d1bb98473e8fd17bcd8b6ffc9872c59f514603ab000b`
SHA3	`f54dcbb557d2c69d838f6c4146e3651d3d12312ea2bedd9c08471dafe4417477`

12

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x22a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.65753`
MD5	`015c200416bd2993671f2bce469aa5d7`
SHA1	`1ff4198bc72bfae24d51d17d032c29ce2ced0e2c`
SHA256	`aa2e4de2127d0d5f65e7ec96f502589ff791b091df2ec4364d3f1d48c7e743ec`
SHA3	`a363472126eb44682a2280e06c59ab9bb9649e4028fd817c30c030a016c2b322`

313

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.96297`
MD5	`3c659437c67c8d7089e8d6161c426398`
SHA1	`a88fdba5796780ec2a91576835526e82060e76bf`
SHA256	`2e0b7cc57160ac6609d88413e0ea24682ac4a229559680148088b4a8684c4ec0`
SHA3	`2d190c34f6270c7bc7a0147d0413c57535aad6ccdc9c05aab27836e0c7c3568f`

99

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.45199`
Detected Filetype	Icon file
MD5	`071ff868498f525bf1069f3a8c1ad1a7`
SHA1	`37cce019e61b1b40cc64e1e82605bdd48986a880`
SHA256	`623f379af16376fb51d48a5af7001a7d1bd37cf4e2b82a5600c56f8f955525ff`
SHA3	`0fd109c762718da37549dbdf2e6df29c14400269b4e8046bd1ef880f08ef6567`

162

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.84274`
Detected Filetype	Icon file
MD5	`f64c60b749269fcf6659c450dda98486`
SHA1	`42945c3496bc4e1943a1a05926a9b5ee31d3e450`
SHA256	`ae172a9a2fd008910b537c92a95b38bfba0e5bbdaaca719bf686e6415a7a2ba1`
SHA3	`443830acdeb37f2b7f844756492b2b11f9fb93e9171617d8c799cebfd05cb37f`

164

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.02322`
Detected Filetype	Icon file
MD5	`7a9605cb416b1a091d889b9d9f37ec66`
SHA1	`866c01641d672b6cd69901c1e055f174f47b35bb`
SHA256	`6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164`
SHA3	`af43e622bf6c842d1ada2985f8e68920ff7b22d8a0b1a12871968c23b5065651`

169

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.02322`
Detected Filetype	Icon file
MD5	`60f05e3b8ea9e18928923bdbcc112277`
SHA1	`d97726a6e9c326a37507f879feca7e152157839c`
SHA256	`7698ef362b288a7e3b96304ca50814b42518cba38598db9dbb36d8b90212d76a`
SHA3	`390fd88c6012552aecc7f109e733a1bf00339b8b3758127752832484c9f13ce6`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x254`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.26517`
MD5	`14243ca7f71eb202bb6585dda3ec6a63`
SHA1	`07bb1c6e1ab3b6463746ab9934273f9d26e75a48`
SHA256	`0a29bf85fc478e50eb7a89d642c2ffde36f04e2bc5a60d3508a36bfc4704819b`
SHA3	`e6b4ae1345364e41c09a4558f8be7f9df7761e198a76064aca05d7bb644bb0a2`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x26c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.01246`
MD5	`ab1c2991848ba460acaeb7f4aca529e5`
SHA1	`d67e3f44e27557565ab42347d1e73dda25c33191`
SHA256	`6fb2f428ceb740481a982bfa8d6718e01c1cac512f6848fcd78ddf56df9ec877`
SHA3	`4f02e6cbf164319f69e522d4f320a5fa893809ad135cf71512d0a22f7da45ac1`

String Table contents

(暂停中)
AutoIt 错误
AutoIt 检测到堆栈错误.

堆栈错误一般出现在错误的调用函数,或者使用了错误的参数之后.

AutoIt 支持 __stdcall (WINAPI) 和 __cdecl 两种调用方式. __stdcall (WINAPI) 为默认使用的方法,但是 __cdecl 也可以用来替代. 请参考 DllCall() 文档得到详细信息.
错误格式的 "Func" 声明.
表达式里面丢失右括号 ')'.
表达式里面没有任何操作.
表达式里面的括号错乱.
表达式错误.
解析函数Call错误.
函数call里面包含错误的参数.
"ReDim" 没有使用到数组变量.
结束语句包含非法文本.
"If" 声明没有与之匹配的 "EndIf" 声明.
"Else" 声明没有匹配的 "If" 声明.
"EndIf" 声明没有匹配的 "If" 声明.
太多的 "Else" 声明都没有 "If" 声明匹配.
"While" 声明没有匹配的 "Wend" 声明.
"Wend" 声明没有匹配的 "While" 声明.
变量没有在开始声明.
错误的数组或者数组超出界限.
数组变量格式错误.
子脚本使用了非数组变量.
太多子脚本使用了数组.
"Dim" 声明丢失子脚本维度.
没有给 "Dim", "Local", "Global", "Struct" 或者 "Const" 声明赋值.
没有给 "=" 操作分配一个声明.请检查您的代码
行首有错误的关键字.
数组超出界限.
"Func" 声明没有匹配的 "EndFunc".
重复的函数名.
未知函数名.
未知宏.
不能得到运行的进程列表.
关键字过后丢失分隔符.
DllStruct 中含有错误的元素.
指定了一个未知的选项或者参数.
不能载入因特网的库文件.
"Struct" 声明没有匹配的 "EndStruct".
不能打开文件,超出了最大可以打开文件的限制.
错误的文件筛选赋值.
Expected a variable in user function call.
"Do" 声明没有匹配的 "Until" 声明.
"Until" 声明没有匹配的 "Do" 声明.
"For" 声明格式错误.
"Next" 声明没有匹配的 "For" 声明.
"ExitLoop/ContinueLoop" 声明只能在 For/Do/While loop 里面才有效.
"For" 声明没有匹配的 "Next" 声明.
"Case" 声明没有匹配的 "Select" 或者 "Switch" 声明.
"EndSelect" 声明没有匹配的 "Select" 声明.
递归等级超出限制 - AutoIt 为了避免堆栈溢出而退出.
错误格式的 Enum 声明
这个关键字不能在 "Then" 后面使用.
"Select" 声明没有匹配的 "EndSelect" 或者 "Case" 声明.
"If" 声明必须有一个 "Then" 关键字.
错误格式的 Struct 声明.
不能对常量赋值！
不能把一个存在的常量转为变量！
只有对象类型的变量才允许使用 "With" 声明.
"long_ptr", "int_ptr" 和 "short_ptr" DllCall() 类型能不被支持. 请使用 "long", "int" 和 "short*" 代替.
对象参考在 "With" 声明外面.
不允许 "With" 声明嵌套使用.
变量类型必须为对象类型("Object").
请求动作失败(请求于对象).
这个变量貌似已经不止一次被声明.
重新定义一个数组不能这样初始化.
一个数组变量不能如此使用.
不能重新声明一个常量.
不能重新声明一个用户函数中的参数.
Can pass constants by reference only to parameters with "Const" keyword.
不能初始化一个变量本身.
您使用这个参数时使用了不正确的方法.
"EndSwitch" 声明没有匹配的 "Switch" 声明.
"Switch" 声明没有匹配的 "EndSwitch" 或者 "Case" 声明.
"ContinueCase" 声明没有匹配的 "Select" 或者 "Switch" 声明.
声明失败!
无效的函数/参数.
错误的退出代码 (AutoIt 保留内部使用).
不能解析行.
不能打开脚本文件.
字符串丢失引号的下一半.
错误格式的变量或者宏.
关键字过后丢失分隔字符.

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	3.1.4.0
ProductVersion	3.1.4.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
Comments	www.goldensoft.org
FileDescription	GS Auto Clicker
FileVersion (#2)	3.1.4
LegalCopyright	goldensoft.org
ProductName	GS Auto Clicker
ProductVersion (#2)	3.1.4

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xbeafe369`
Unmarked objects	`0`
150 (20413)	`2`
ASM objects (VS2008 SP1 build 30729)	`30`
C objects (VS2008 SP1 build 30729)	`178`
C++ objects (VS2008 SP1 build 30729)	`57`
C objects (VS2012 build 50727 / VS2005 build 50727)	`10`
Imports (VS2012 build 50727 / VS2005 build 50727)	`33`
Total imports	`525`
143 (VS2008 SP1 build 30729)	`70`
ASM objects (VS2008 build 21022)	`2`
Linker (VS2008 build 21022)	`1`
151	`1`
Resource objects (VS2008 SP1 build 30729)	`1`

Errors

[*] Warning: Raw bytes from section .text could not be obtained.