6862f65be14fd3ce88086ec79777db6e

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2016-May-30 16:33:32
Detected languages English - United Kingdom
English - United States
Comments www.goldensoft.org
FileDescription GS Auto Clicker
FileVersion 3.1.4
LegalCopyright goldensoft.org
ProductName GS Auto Clicker
ProductVersion 3.1.4

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
MASM/TASM - sig2(h)
Info Interesting strings found in the binary: Contains domain names:
  • autoitscript.com
  • goldensoft.org
  • www.goldensoft.org
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Uses constants related to MD5
Uses known Mersenne Twister constants
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryW
  • LoadLibraryExW
  • GetProcAddress
  • LoadLibraryA
Functions which can be used for anti-debugging purposes:
  • CreateToolhelp32Snapshot
  • FindWindowW
Code injection capabilities:
  • OpenProcess
  • VirtualAllocEx
  • WriteProcessMemory
  • VirtualAlloc
Code injection capabilities (PowerLoader):
  • FindWindowW
  • GetWindowLongW
Can access the registry:
  • RegisterHotKey
  • RegEnumValueW
  • RegDeleteValueW
  • RegDeleteKeyW
  • RegSetValueExW
  • RegCreateKeyExW
  • RegEnumKeyExW
  • RegCloseKey
  • RegQueryValueExW
  • RegOpenKeyExW
Possibly launches other programs:
  • CreateProcessW
  • CreateProcessAsUserW
  • CreateProcessWithLogonW
  • ShellExecuteW
Can create temporary files:
  • CreateFileW
  • GetTempPathW
  • CreateFileA
Uses functions commonly found in keyloggers:
  • GetAsyncKeyState
  • AttachThreadInput
  • MapVirtualKeyW
  • GetForegroundWindow
Has Internet access capabilities:
  • InternetReadFile
  • InternetCloseHandle
  • InternetOpenW
  • InternetSetOptionW
  • InternetCrackUrlW
  • InternetConnectW
  • InternetOpenUrlW
  • InternetQueryOptionW
  • InternetQueryDataAvailable
Functions related to the privilege level:
  • AdjustTokenPrivileges
  • OpenProcessToken
  • DuplicateTokenEx
Interacts with services:
  • OpenSCManagerW
Enumerates local disk drives:
  • GetDriveTypeW
  • GetVolumeInformationW
Manipulates other processes:
  • EnumProcesses
  • EnumProcessModules
  • OpenProcess
  • WriteProcessMemory
  • ReadProcessMemory
  • Process32FirstW
  • Process32NextW
Can take screenshots:
  • FindWindowW
  • GetDC
  • CreateCompatibleDC
Reads the contents of the clipboard:
  • GetClipboardData
Can shut the system down or lock the screen:
  • ExitWindowsEx
  • InitiateSystemShutdownExW
Suspicious The file contains overlay data. 219049 bytes of data starting at offset 0x9e400.
The overlay data has an entropy of 7.99918 and is possibly compressed or encrypted.
Malicious VirusTotal score: 4/71 (Scanned on 2023-06-10 02:03:28) Bkav: W32.AIDetectMalware
APEX: Malicious
Jiangmin: Trojan.Generic.ecdsu
MaxSecure: Trojan.Malware.74623402.susgen

Hashes

MD5 6862f65be14fd3ce88086ec79777db6e
SHA1 7f0eb7535b59a926446a400ff93f48165b58ac95
SHA256 7c90795c9b28fac978386626f5a54033dc9cba46ef6a3f742fc7d52b394590f2
SHA3 008767ff473f81bb680552bf87be017409b00da224a34f01fe44807ca94cd30d
SSDeep 12288:saWzgMg7v3qnCibErQohh0F4zCJ8lnywQ8S8Xe74050MOm:TaHMv6Cbrj/nywQ8Sfs+7
Imports Hash aaaa8913c89c8aa4a5d93f06853894da

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x110

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2016-May-30 16:33:32
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 9.0
SizeOfCode 0x80200
SizeOfInitializedData 0x1de00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00016310 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x82000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.0
ImageVersion 0.0
SubsystemVersion 5.0
Win32VersionValue 0
SizeOfImage 0xb5000
SizeOfHeaders 0x400
Checksum 0xd72a0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x400000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x400000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 2dbaea09b92aff2a23fb90133ffbb9a6
SHA1 60ec177f287382fcb62db5191dc30eefc3292a1c
SHA256 e800b046bbf7f5919344f5703e155a3032f2d8e4d8ec6f73d4bbce731d16b47a
SHA3 cb3ca49be943cce3ce0ae5783f169669164435fa8870d879f2ad179c436e7678
VirtualSize 0x80017
VirtualAddress 0x1000
SizeOfRawData 0x80200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.63489

.rdata

MD5 7a75746a057d3e0b1ac5c5b9bcb2c6b9
SHA1 0cb1800d663d33a72cefcd4129e761c876c51627
SHA256 7b02e56f50eb5215aa2fdf8538daca8ab4fbdd11ce6b0b46040416ad659a00ee
SHA3 2978c74b5656ce8faebfa996c54909880e8393d2181ec6e0b45d46822b581f27
VirtualSize 0xd95c
VirtualAddress 0x82000
SizeOfRawData 0xda00
PointerToRawData 0x80600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.88444

.data

MD5 56af83db6167fe1c3889dcabd192a76f
SHA1 dd5cc679dbfbba152661243ab505b173399c2d7a
SHA256 82ae19080b8d2f11d13311bf2ecfb941376c7f47f47270c68f95e3841e2f8c7b
SHA3 c5a9f0946aed9823377f9253710069f39c06d4e9817bb41ae8b7178c5967fc2f
VirtualSize 0x1a518
VirtualAddress 0x90000
SizeOfRawData 0x6800
PointerToRawData 0x8e000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.20188

.rsrc

MD5 0be88fdcdc69b17fb54a09c13cb0f99f
SHA1 13b19cd503e7eec927641493bb58ca5e0989f742
SHA256 9b0f0763ada09d1d0674c56de7fcf52c161608995b0bf4800934a8546765d060
SHA3 55c4e2d798f27d7bf024348fdb5337d6aa604040b9533cbb49140b77ebb18ea4
VirtualSize 0x9abc
VirtualAddress 0xab000
SizeOfRawData 0x9c00
PointerToRawData 0x94800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.43059

Imports

WSOCK32.dll __WSAFDIsSet
setsockopt
ntohs
recvfrom
sendto
htons
select
listen
WSAStartup
bind
closesocket
connect
socket
send
WSACleanup
ioctlsocket
accept
WSAGetLastError
inet_addr
gethostbyname
gethostname
recv
VERSION.dll VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
WINMM.dll timeGetTime
waveOutSetVolume
mciSendStringW
COMCTL32.dll ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
ImageList_ReplaceIcon
ImageList_Create
InitCommonControlsEx
ImageList_Destroy
MPR.dll WNetCancelConnection2W
WNetGetConnectionW
WNetAddConnection2W
WNetUseConnectionW
WININET.dll InternetReadFile
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetQueryOptionW
InternetQueryDataAvailable
PSAPI.DLL EnumProcesses
GetModuleBaseNameW
GetProcessMemoryInfo
EnumProcessModules
USERENV.dll CreateEnvironmentBlock
DestroyEnvironmentBlock
UnloadUserProfile
LoadUserProfileW
KERNEL32.dll HeapAlloc
Sleep
GetCurrentThreadId
RaiseException
MulDiv
GetVersionExW
GetSystemInfo
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
FindClose
DeleteFileW
FindNextFileW
lstrcmpiW
MoveFileW
CopyFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
OutputDebugStringW
GetLocalTime
CompareStringW
CompareStringA
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
GetTempPathW
GetTempFileNameW
VirtualFree
FormatMessageW
GetExitCodeProcess
SetErrorMode
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
DeviceIoControl
SetFileAttributesW
GetShortPathNameW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetComputerNameW
GetWindowsDirectoryW
GetSystemDirectoryW
GetCurrentProcessId
GetCurrentThread
GetProcessIoCounters
CreateProcessW
SetPriorityClass
LoadLibraryW
VirtualAlloc
LoadLibraryExW
HeapFree
WaitForSingleObject
CreateThread
DuplicateHandle
GetLastError
CloseHandle
GetCurrentProcess
GetProcAddress
LoadLibraryA
FreeLibrary
GetModuleFileNameW
GetFullPathNameW
ExitProcess
ExitThread
GetSystemTimeAsFileTime
SetCurrentDirectoryW
IsDebuggerPresent
GetCurrentDirectoryW
ResumeThread
GetStartupInfoW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleFileNameA
HeapReAlloc
HeapCreate
SetHandleCount
GetFileType
GetStartupInfoA
SetStdHandle
GetConsoleCP
GetConsoleMode
LCMapStringW
LCMapStringA
RtlUnwind
SetFilePointer
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetTickCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetModuleHandleA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEndOfFile
EnumResourceNamesW
SetEnvironmentVariableA
USER32.dll SetWindowPos
GetCursorInfo
RegisterHotKey
ClientToScreen
GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
MonitorFromPoint
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
ReleaseCapture
SetCapture
WindowFromPoint
CreateIconFromResourceEx
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
TrackPopupMenuEx
GetCursorPos
DeleteMenu
CheckMenuRadioItem
CopyImage
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
SystemParametersInfoW
PeekMessageW
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowTextW
ScreenToClient
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetClassNameW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
GetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
MessageBoxW
DefWindowProcW
MoveWindow
AdjustWindowRectEx
SetRect
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
GetMessageW
LockWindowUpdate
DispatchMessageW
GetMenuItemID
TranslateMessage
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
UnregisterHotKey
CharLowerBuffW
MonitorFromRect
keybd_event
LoadImageW
GetWindowLongW
GDI32.dll DeleteObject
GetObjectW
GetTextExtentPoint32W
ExtCreatePen
StrokeAndFillPath
StrokePath
EndPath
SetPixel
CloseFigure
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
StretchBlt
GetDIBits
LineTo
AngleArc
MoveToEx
Ellipse
PolyDraw
BeginPath
Rectangle
GetDeviceCaps
SetBkMode
RoundRect
SetBkColor
CreatePen
CreateSolidBrush
SetTextColor
CreateFontW
GetTextFaceW
GetStockObject
CreateDCW
GetPixel
DeleteDC
SetViewportOrgEx
COMDLG32.dll GetSaveFileNameW
GetOpenFileNameW
ADVAPI32.dll RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
GetUserNameW
RegConnectRegistryW
RegEnumKeyExW
CloseServiceHandle
UnlockServiceDatabase
LockServiceDatabase
OpenSCManagerW
InitiateSystemShutdownExW
AdjustTokenPrivileges
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
SetSecurityDescriptorDacl
CopySid
LogonUserW
GetTokenInformation
GetAclInformation
GetAce
AddAce
GetSecurityDescriptorDacl
SHELL32.dll DragQueryPoint
ShellExecuteExW
SHGetFolderPathW
DragQueryFileW
SHEmptyRecycleBinW
SHBrowseForFolderW
SHFileOperationW
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetMalloc
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW
DragFinish
ole32.dll OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoInitialize
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
StringFromCLSID
IIDFromString
StringFromIID
OleInitialize
CreateBindCtx
CLSIDFromProgID
CoInitializeSecurity
CoCreateInstanceEx
CoSetProxyBlanket
OleUninitialize
OLEAUT32.dll SafeArrayAllocData
SafeArrayAllocDescriptorEx
SysAllocString
OleLoadPicture
SafeArrayGetVartype
SafeArrayDestroyData
SafeArrayAccessData
VarR8FromDec
VariantTimeToSystemTime
VariantClear
VariantCopy
VariantInit
SafeArrayDestroyDescriptor
LoadRegTypeLib
GetActiveObject
SafeArrayUnaccessData

Delayed Imports

1

Type RT_ICON
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.05883
MD5 78f30e363a0499f530d057b4d639d36e
SHA1 360bd6476101b0cddc23d2c7eade326c1b16ceaf
SHA256 08bcba5aa989c988ea18f8101c84daaee58d4f0b584535a85186c8b98b66147e
SHA3 001ac9f6e8e52f9c3eb7101189fb953e2f4babfdea5b6e26b23b99173af38de4

2

Type RT_ICON
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.66371
MD5 d6f27bf763eb666af934477958acf362
SHA1 f724ee386cda31b32b5c88e08b9abf562c016a57
SHA256 62ba0b2575098d4428c9a99bd060ef7572071698bf9d03b4bd430f5f691378e5
SHA3 6f4a250c7a91ddfcc872e14b8ed1e4aa33a5ebb3280f7d021b47aa46edfb9586

3

Type RT_ICON
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.25499
MD5 ad424f5f5d5ff4460343686c61e4f75e
SHA1 29a1f0faadc42f1b9f9767d8c724fdc58dd165c8
SHA256 245fc49e4e955e1db3975b826dcf27ad2eb32a6831caa4cb6b501a3914bcfaa9
SHA3 4f3a627ee7d533397f7f5c70bb2dafa8857150e674cb31edd96949c7905de509

4

Type RT_ICON
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.21099
MD5 b17979e1f20c3c959495415bcb8170af
SHA1 56077e6280342fd33c4b31cebc76ce8ac0daf68f
SHA256 d8de645ef6108e054516f2619e1e26df8b6c24c61d4f981ad6b39fd8e6494a47
SHA3 0ef525c28b6587b9b2fb75ac3a31cc2d7d1fab87b037839f2a867c15da084ea6

5

Type RT_ICON
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.94881
MD5 8014f4987453b56aaed70c8db0fd6024
SHA1 ae7f1bd284fb756be8d921f10725ad824831dc76
SHA256 e841bcd49361ca23a9cfa86beeed1bc595c009126c11cd6d68127f912bcaaf85
SHA3 3c6cb815b2acf3e44b2ae2f0db91b4c5e4fd506c63df72328b4932df9a35a5c5

6

Type RT_ICON
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.95646
MD5 af9e5a1229ae0263df9705ec75a3fac0
SHA1 ef403547f71ed48e506959887bca9689205765ba
SHA256 a994edee6306c282677ffd270118f0a301de2509381b4d691d25da3986ebe09a
SHA3 dbf1e061cf2a3ddf9473a3bb7954a32a85217c075c728fb03f201032959ac18a

7

Type RT_ICON
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.76434
MD5 26c60bbc6aa250524a868db10f0c1aa0
SHA1 e88096085e5b35fe5890afa5e01e7de390c528fe
SHA256 27bb85a38a2da549d7133cb0ace0f78055c60151d83e954c1272d226e28603cb
SHA3 342b1b02a99f8f0e55b31e1db35fd3aa2f8bd91ce85db0bb8077c8c56488158a

166

Type RT_MENU
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x4e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.52359
MD5 4ac3af5cee13d254483d63c38f6299da
SHA1 c66abde41885e370498a4caf13a272bcb11fa522
SHA256 fbf38fe5a733a875883f997d340d91d7d68e745f9eee7749669fd95d7649a627
SHA3 9b2c01a1f77b90120a85a0ef7ca0e5da3f9d232a3366da13a9a4457cd2590612

1000

Type RT_DIALOG
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0xf0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.19877
MD5 0ff759eca8d3d6f75c3496a98ea3dfb2
SHA1 0b4be4bc11f232f4eda229fb0e83515f555e349e
SHA256 4c719af047144eca0ada49305d9fc1c2494604fcdd7cbdd5a47664a53fdfa507
SHA3 30994879efa55b197729ccf6a92b388cb232aa945ec78ec6f17a8f1326724098

7 (#2)

Type RT_STRING
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x222
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.29676
MD5 998f5ffa64d55cf5abb1ecf0664f81dc
SHA1 b9c423339a3cefc8d224d41c1e8f3abd1b5a1c75
SHA256 54079cc859ce484833898fb208732e03133c24d0d1cf1bf331c03698f8c8373f
SHA3 ae468af796321cd1cb94d90bb21b892ae8b4531cd4cd5af39aac7001460a10e3

8

Type RT_STRING
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x2aa
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.15897
MD5 aa8734d5e52060ba8d90b8852c008edc
SHA1 0a4a236518856cd96bf9a39ac720c731c8eec18f
SHA256 2379a9ddf1a0434f806eed3e51da25372896e9c1532c6842576dd0985b6cf8c0
SHA3 1f100b715c87dbdabbea45f564fc024613f88ee32cc2540177bdc9081b65b7b6

9

Type RT_STRING
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x1b6
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.76901
MD5 c63fd1b2a3cd9957ab0d01ebf0ef1341
SHA1 52a181afd24bbe704e33d93c62fac0ac4a4e37e1
SHA256 a06356ce890cb00f683c98a5d3e3944d77a06df23bdfbbabb027d92c7e7979ad
SHA3 66d7e21c081c068dacf1659390b9299aa956d641b834ee4f059fdf5c5cc96d26

10

Type RT_STRING
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x2dc
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.76637
MD5 b1fe435ef34be0c0f0ec85ee03799137
SHA1 868026cbed2acd8cf90b3b4bbab5d93675fe12d0
SHA256 aaddb296d88ee770126c8bd50b1c15804925fa47aee0c0dc2ce1fe95526c67e7
SHA3 9088ca501137d6809c72644de12dd30885d181c6c183604ddc9266eae73bd871

11

Type RT_STRING
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x2fa
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.43832
MD5 625f40247b0e84e8c008fcea4f4d396b
SHA1 326539c608b8724e46a9ddeb1593135aec371936
SHA256 0c0d5868ad2d14f97305d1bb98473e8fd17bcd8b6ffc9872c59f514603ab000b
SHA3 f54dcbb557d2c69d838f6c4146e3651d3d12312ea2bedd9c08471dafe4417477

12

Type RT_STRING
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x22a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.65753
MD5 015c200416bd2993671f2bce469aa5d7
SHA1 1ff4198bc72bfae24d51d17d032c29ce2ced0e2c
SHA256 aa2e4de2127d0d5f65e7ec96f502589ff791b091df2ec4364d3f1d48c7e743ec
SHA3 a363472126eb44682a2280e06c59ab9bb9649e4028fd817c30c030a016c2b322

313

Type RT_STRING
Language English - United States
Codepage Latin 1 / Western European
Size 0x84
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.96297
MD5 3c659437c67c8d7089e8d6161c426398
SHA1 a88fdba5796780ec2a91576835526e82060e76bf
SHA256 2e0b7cc57160ac6609d88413e0ea24682ac4a229559680148088b4a8684c4ec0
SHA3 2d190c34f6270c7bc7a0147d0413c57535aad6ccdc9c05aab27836e0c7c3568f

99

Type RT_GROUP_ICON
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x3e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.45199
Detected Filetype Icon file
MD5 071ff868498f525bf1069f3a8c1ad1a7
SHA1 37cce019e61b1b40cc64e1e82605bdd48986a880
SHA256 623f379af16376fb51d48a5af7001a7d1bd37cf4e2b82a5600c56f8f955525ff
SHA3 0fd109c762718da37549dbdf2e6df29c14400269b4e8046bd1ef880f08ef6567

162

Type RT_GROUP_ICON
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.84274
Detected Filetype Icon file
MD5 f64c60b749269fcf6659c450dda98486
SHA1 42945c3496bc4e1943a1a05926a9b5ee31d3e450
SHA256 ae172a9a2fd008910b537c92a95b38bfba0e5bbdaaca719bf686e6415a7a2ba1
SHA3 443830acdeb37f2b7f844756492b2b11f9fb93e9171617d8c799cebfd05cb37f

164

Type RT_GROUP_ICON
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.02322
Detected Filetype Icon file
MD5 7a9605cb416b1a091d889b9d9f37ec66
SHA1 866c01641d672b6cd69901c1e055f174f47b35bb
SHA256 6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164
SHA3 af43e622bf6c842d1ada2985f8e68920ff7b22d8a0b1a12871968c23b5065651

169

Type RT_GROUP_ICON
Language English - United Kingdom
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.02322
Detected Filetype Icon file
MD5 60f05e3b8ea9e18928923bdbcc112277
SHA1 d97726a6e9c326a37507f879feca7e152157839c
SHA256 7698ef362b288a7e3b96304ca50814b42518cba38598db9dbb36d8b90212d76a
SHA3 390fd88c6012552aecc7f109e733a1bf00339b8b3758127752832484c9f13ce6

1 (#2)

Type RT_VERSION
Language English - United States
Codepage Latin 1 / Western European
Size 0x254
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.26517
MD5 14243ca7f71eb202bb6585dda3ec6a63
SHA1 07bb1c6e1ab3b6463746ab9934273f9d26e75a48
SHA256 0a29bf85fc478e50eb7a89d642c2ffde36f04e2bc5a60d3508a36bfc4704819b
SHA3 e6b4ae1345364e41c09a4558f8be7f9df7761e198a76064aca05d7bb644bb0a2

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x26c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.01246
MD5 ab1c2991848ba460acaeb7f4aca529e5
SHA1 d67e3f44e27557565ab42347d1e73dda25c33191
SHA256 6fb2f428ceb740481a982bfa8d6718e01c1cac512f6848fcd78ddf56df9ec877
SHA3 4f02e6cbf164319f69e522d4f320a5fa893809ad135cf71512d0a22f7da45ac1

String Table contents

(暂停中)
AutoIt 错误
AutoIt 检测到堆栈错误.
堆栈错误一般出现在错误的调用函数,或者使用了错误的参数之后.
AutoIt 支持 __stdcall (WINAPI) 和 __cdecl 两种调用方式. __stdcall (WINAPI) 为默认使用的方法,但是 __cdecl 也可以用来替代. 请参考 DllCall() 文档得到详细信息.
错误格式的 "Func" 声明.
表达式里面丢失右括号 ')'.
表达式里面没有任何操作.
表达式里面的括号错乱.
表达式错误.
解析函数Call错误.
函数call里面包含错误的参数.
"ReDim" 没有使用到数组变量.
结束语句包含非法文本.
"If" 声明没有与之匹配的 "EndIf" 声明.
"Else" 声明没有匹配的 "If" 声明.
"EndIf" 声明没有匹配的 "If" 声明.
太多的 "Else" 声明都没有 "If" 声明匹配.
"While" 声明没有匹配的 "Wend" 声明.
"Wend" 声明没有匹配的 "While" 声明.
变量没有在开始声明.
错误的数组或者数组超出界限.
数组变量格式错误.
子脚本使用了非数组变量.
太多子脚本使用了数组.
"Dim" 声明丢失子脚本维度.
没有给 "Dim", "Local", "Global", "Struct" 或者 "Const" 声明赋值.
没有给 "=" 操作分配一个声明.请检查您的代码
行首有错误的关键字.
数组超出界限.
"Func" 声明没有匹配的 "EndFunc".
重复的函数名.
未知函数名.
未知宏.
不能得到运行的进程列表.
关键字过后丢失分隔符.
DllStruct 中含有错误的元素.
指定了一个未知的选项或者参数.
不能载入因特网的库文件.
"Struct" 声明没有匹配的 "EndStruct".
不能打开文件,超出了最大可以打开文件的限制.
错误的文件筛选赋值.
Expected a variable in user function call.
"Do" 声明没有匹配的 "Until" 声明.
"Until" 声明没有匹配的 "Do" 声明.
"For" 声明格式错误.
"Next" 声明没有匹配的 "For" 声明.
"ExitLoop/ContinueLoop" 声明只能在 For/Do/While loop 里面才有效.
"For" 声明没有匹配的 "Next" 声明.
"Case" 声明没有匹配的 "Select" 或者 "Switch" 声明.
"EndSelect" 声明没有匹配的 "Select" 声明.
递归等级超出限制 - AutoIt 为了避免堆栈溢出而退出.
错误格式的 Enum 声明
这个关键字不能在 "Then" 后面使用.
"Select" 声明没有匹配的 "EndSelect" 或者 "Case" 声明.
"If" 声明必须有一个 "Then" 关键字.
错误格式的 Struct 声明.
不能对常量赋值!
不能把一个存在的常量转为变量!
只有对象类型的变量才允许使用 "With" 声明.
"long_ptr", "int_ptr" 和 "short_ptr" DllCall() 类型能不被支持. 请使用 "long*", "int*" 和 "short*" 代替.
对象参考在 "With" 声明外面.
不允许 "With" 声明嵌套使用.
变量类型必须为对象类型("Object").
请求动作失败(请求于对象).
这个变量貌似已经不止一次被声明.
重新定义一个数组不能这样初始化.
一个数组变量不能如此使用.
不能重新声明一个常量.
不能重新声明一个用户函数中的参数.
Can pass constants by reference only to parameters with "Const" keyword.
不能初始化一个变量本身.
您使用这个参数时使用了不正确的方法.
"EndSwitch" 声明没有匹配的 "Switch" 声明.
"Switch" 声明没有匹配的 "EndSwitch" 或者 "Case" 声明.
"ContinueCase" 声明没有匹配的 "Select" 或者 "Switch" 声明.
声明失败!
无效的函数/参数.
错误的退出代码 (AutoIt 保留内部使用).
不能解析行.
不能打开脚本文件.
字符串丢失引号的下一半.
错误格式的变量或者宏.
关键字过后丢失分隔字符.

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 3.1.4.0
ProductVersion 3.1.4.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_UNKNOWN
Language English - United States
Comments www.goldensoft.org
FileDescription GS Auto Clicker
FileVersion (#2) 3.1.4
LegalCopyright goldensoft.org
ProductName GS Auto Clicker
ProductVersion (#2) 3.1.4
Resource LangID English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0xbeafe369
Unmarked objects 0
150 (20413) 2
ASM objects (VS2008 SP1 build 30729) 30
C objects (VS2008 SP1 build 30729) 178
C++ objects (VS2008 SP1 build 30729) 57
C objects (VS2012 build 50727 / VS2005 build 50727) 10
Imports (VS2012 build 50727 / VS2005 build 50727) 33
Total imports 525
143 (VS2008 SP1 build 30729) 70
ASM objects (VS2008 build 21022) 2
Linker (VS2008 build 21022) 1
151 1
Resource objects (VS2008 SP1 build 30729) 1

Errors

[*] Warning: Raw bytes from section .text could not be obtained.
<-- -->