Manalyze report for 6e1730e6aeb97c0df9e6379c14ed3c0bfabea201afe77745f089b1e3d84389a1

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Aug-29 00:00:17
Detected languages	English - United States
FileVersion	`1.1.33.10`
ProductVersion	`1.1.33.10`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: .exe.bat.com autohotkey.com exe.bat.com https://autohotkey.com`
Info	Cryptographic algorithms detected in the binary:	`Uses known Mersenne Twister constants`
Suspicious	The PE is possibly packed.	`Unusual section name found: text` `Unusual section name found: data`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress LoadLibraryW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowW` `Code injection capabilities: WriteProcessMemory OpenProcess VirtualAllocEx` `Code injection capabilities (PowerLoader): FindWindowW GetWindowLongW` `Can access the registry: RegisterHotKey RegDeleteKeyW RegSetValueExW RegCreateKeyExW RegQueryValueExW RegEnumKeyExW RegEnumValueW RegQueryInfoKeyW RegOpenKeyExW RegCloseKey RegDeleteValueW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: CreateFileW GetTempPathW` `Uses functions commonly found in keyloggers: GetAsyncKeyState AttachThreadInput CallNextHookEx GetForegroundWindow MapVirtualKeyW` `Memory manipulation functions often used by packers: VirtualProtect VirtualAllocEx` `Has Internet access capabilities: InternetOpenW InternetOpenUrlW InternetCloseHandle InternetReadFileExA InternetReadFile` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Interacts with services: OpenSCManagerW` `Enumerates local disk drives: GetDriveTypeW GetVolumeInformationW` `Manipulates other processes: WriteProcessMemory ReadProcessMemory OpenProcess Process32FirstW Process32NextW` `Can take screenshots: GetDC FindWindowW BitBlt CreateCompatibleDC` `Reads the contents of the clipboard: GetClipboardData` `Can shut the system down or lock the screen: ExitWindowsEx`
Suspicious	VirusTotal score: 1/72 (Scanned on 2025-12-27 18:12:22)	`McAfeeD: ti!6E1730E6AEB9`

Hashes

MD5	`00562d576363fd4aa59c1efee2a9e1b3`
SHA1	`4fe31f2edeb4b7cf9d05919fff637a5cec2df757`
SHA256	`6e1730e6aeb97c0df9e6379c14ed3c0bfabea201afe77745f089b1e3d84389a1`
SHA3	`189c7087ad9586b956fd1aded1bf2bd928c864a3f3df7e0eae5f9233b4c19413`
SSDeep	`24576:ijdvkUZ0pDZe+Bczu3+ZO0IRR3wTkgr9BNpiUU11Wsp1Igj20wqZb:ijdvkY0pDZe+Bczu3+ZO0IRR3eFr9B/E`
Imports Hash	`2004a5f6f543f8c26e144c1ceb66f943`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2021-Aug-29 00:00:17
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`10.0`
SizeOfCode	`0xdce00`
SizeOfInitializedData	`0x4b200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000CC550 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x133000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x400000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a717d880a5590abfb7764852fd4d19eb`
SHA1	`9e30fe99309546af9dcb6d45c8a6719872c91f92`
SHA256	`ef9e3348f7fcba691ca1c1640d8c73799bc477d7334f3201da0c3e6560520215`
SHA3	`f1b1bcf7f855495eca5ad9fbbcdc160dc34e7db755021c4aa42477d035d085bf`
VirtualSize	`0xdcc06`
VirtualAddress	`0x1000`
SizeOfRawData	`0xdce00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.54243`

.rdata

MD5	`5781b7664a5d2b5105f5749ccc4e6fe4`
SHA1	`f872ad010097ed5ad28606417622560070f4fdb6`
SHA256	`cfe075d79da321e3968ef5ebba1880940c70bcee113a5309936c5f3a922f20ba`
SHA3	`663c64304237625a29d57636008be0af99f98d0b533894c6a1c46e2206d6ee13`
VirtualSize	`0x30e86`
VirtualAddress	`0xde000`
SizeOfRawData	`0x31000`
PointerToRawData	`0xdd200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.98366`

.data

MD5	`233c9071e6709b885cb8b57f11f22958`
SHA1	`17f44f5ba87c8bc791cd6c8b069bc14638821d8a`
SHA256	`d2588de978ff760c944bf3fe74179ac5cf86d288632622452411d4b307d862dc`
SHA3	`3285cc19b9ebc9b10ff311eff749eff5fd571ea43ee9cfc16038e080ccf848a8`
VirtualSize	`0xc3c8`
VirtualAddress	`0x10f000`
SizeOfRawData	`0x5000`
PointerToRawData	`0x10e200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.33355`

.pdata

MD5	`6ec777258442d33c04809fda2f06a8b8`
SHA1	`308d143f993a93265efc0c39b6f8dd439c7d199c`
SHA256	`75c86e2d3900eb6248b27bf6e922dd00e04df7eed467e75fb4ca1455320e75bb`
SHA3	`ce1068d2620a29cdf5c82fc3dd48643eeb0f3daeb97c5d16d52b7a83259cb27a`
VirtualSize	`0x78b4`
VirtualAddress	`0x11c000`
SizeOfRawData	`0x7a00`
PointerToRawData	`0x113200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.99413`

text

MD5	`648bb61ffda80e1d555e32a70474e814`
SHA1	`0987cecd4f4c1a9cf8d934554ef551e8563d0d38`
SHA256	`4af327f1eb2e5676d2bbcf65b6effabbd25f542e269c745b80b8dea2c25b63f8`
SHA3	`09c627061ef2a9d5a8891c5fe4a7c1ce5608ac00b1ea08247c13a5c03b9fb181`
VirtualSize	`0x258d`
VirtualAddress	`0x124000`
SizeOfRawData	`0x2600`
PointerToRawData	`0x11ac00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE`
Entropy	`5.77638`

data

MD5	`8f4275b626558a8640120f611553e570`
SHA1	`353e3345d0a3058c1fee970144c22844ac1d4560`
SHA256	`f1ee9c61cd936b223504365c8f4ff63ca0b67a72ecfbb6480562140739308433`
SHA3	`127cdb09b38e90d67b8dd08ee4cee51745e7ddfe4ff0e4df5d977ada62a6ca02`
VirtualSize	`0x6ec0`
VirtualAddress	`0x127000`
SizeOfRawData	`0x7000`
PointerToRawData	`0x11d200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.45736`

.rsrc

MD5	`9c206e5d5c6a9286d682b3e9aaf30e76`
SHA1	`9346870995680cf44fe5d31d53fab679782c5ce5`
SHA256	`18f77b26e834bec76b87c1ae254b585c19cc43612bcab600541e5d8bbc8a4f52`
SHA3	`e13cb9ec81785a830121705eb6f1d96af3ac6d38c7adb2db9099c34413a31885`
VirtualSize	`0x41e4`
VirtualAddress	`0x12e000`
SizeOfRawData	`0x4200`
PointerToRawData	`0x124200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.02388`

Imports

WSOCK32.dll	`gethostbyname` `inet_addr` `WSACleanup` `gethostname` `WSAStartup`
WINMM.dll	`mixerGetLineInfoW` `mixerGetDevCapsW` `mixerOpen` `mciSendStringW` `joyGetPosEx` `mixerGetLineControlsW` `mixerGetControlDetailsW` `mixerSetControlDetails` `waveOutGetVolume` `mixerClose` `waveOutSetVolume` `joyGetDevCapsW`
VERSION.dll	`GetFileVersionInfoW` `VerQueryValueW` `GetFileVersionInfoSizeW`
COMCTL32.dll	`ImageList_Create` `CreateStatusWindowW` `ImageList_ReplaceIcon` `ImageList_GetIconSize` `ImageList_Destroy` `ImageList_AddMasked`
PSAPI.DLL	`GetProcessImageFileNameW` `GetModuleBaseNameW` `GetModuleFileNameExW`
WININET.dll	`InternetOpenW` `InternetOpenUrlW` `InternetCloseHandle` `InternetReadFileExA` `InternetReadFile`
KERNEL32.dll	`GetModuleFileNameW` `GetSystemTimeAsFileTime` `FindResourceW` `SizeofResource` `LoadResource` `LockResource` `GetFullPathNameW` `GetShortPathNameW` `FindFirstFileW` `FindNextFileW` `FindClose` `FileTimeToLocalFileTime` `SetEnvironmentVariableW` `Beep` `MoveFileW` `OutputDebugStringW` `CreateProcessW` `GetFileAttributesW` `WideCharToMultiByte` `MultiByteToWideChar` `GetExitCodeProcess` `WriteProcessMemory` `ReadProcessMemory` `GetCurrentProcessId` `OpenProcess` `TerminateProcess` `SetPriorityClass` `SetLastError` `GetEnvironmentVariableW` `GetLocalTime` `GetDateFormatW` `GetTimeFormatW` `GetDiskFreeSpaceExW` `SetVolumeLabelW` `CreateFileW` `DeviceIoControl` `GetDriveTypeW` `GetVolumeInformationW` `GetDiskFreeSpaceW` `GetCurrentDirectoryW` `CreateDirectoryW` `ReadFile` `WriteFile` `DeleteFileW` `SetFileAttributesW` `LocalFileTimeToFileTime` `SetFileTime` `DeleteCriticalSection` `GetSystemTime` `GetSystemDefaultUILanguage` `GetComputerNameW` `GetSystemWindowsDirectoryW` `GetTempPathW` `EnterCriticalSection` `LeaveCriticalSection` `VirtualProtect` `QueryDosDeviceW` `CompareStringW` `RemoveDirectoryW` `CopyFileW` `GetCurrentProcess` `CreateToolhelp32Snapshot` `Process32FirstW` `Process32NextW` `FormatMessageW` `GetPrivateProfileStringW` `GetPrivateProfileSectionW` `GetPrivateProfileSectionNamesW` `WritePrivateProfileStringW` `WritePrivateProfileSectionW` `SetEndOfFile` `GetACP` `GetFileType` `GetStdHandle` `SetFilePointerEx` `SystemTimeToFileTime` `FileTimeToSystemTime` `GetFileSize` `IsWow64Process` `VirtualAllocEx` `VirtualFreeEx` `EnumResourceNamesW` `LoadLibraryExW` `GlobalSize` `HeapReAlloc` `EncodePointer` `HeapFree` `DecodePointer` `ExitProcess` `HeapAlloc` `IsValidCodePage` `FlsGetValue` `FlsSetValue` `FlsFree` `FlsAlloc` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsDebuggerPresent` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `GetCPInfo` `GetVersionExW` `GetModuleHandleW` `FreeLibrary` `GetProcAddress` `LoadLibraryW` `GetLastError` `CreateMutexW` `CloseHandle` `GetExitCodeThread` `SetThreadPriority` `CreateThread` `GetStringTypeExW` `lstrcmpiW` `GetCurrentThreadId` `GlobalUnlock` `GlobalFree` `GlobalAlloc` `GlobalLock` `SetErrorMode` `InitializeCriticalSection` `SetCurrentDirectoryW` `Sleep` `GetTickCount` `MulDiv` `RtlCaptureContext` `HeapSetInformation` `GetVersion` `HeapCreate` `InitializeCriticalSectionAndSpinCount` `HeapSize` `HeapQueryInformation` `GetCommandLineW` `GetStartupInfoW` `RtlUnwindEx` `SetHandleCount` `GetStringTypeW` `RaiseException` `RtlPcToFileHeader` `LCMapStringW` `GetConsoleCP` `GetConsoleMode` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `QueryPerformanceCounter` `GetOEMCP` `SetFilePointer` `FlushFileBuffers` `WriteConsoleW` `SetStdHandle` `GetFileSizeEx` `GetProcessHeap`
USER32.dll	`MessageBeep` `ClientToScreen` `GetCursorInfo` `GetLastInputInfo` `GetSystemMenu` `GetMenuItemCount` `GetMenuItemID` `GetSubMenu` `GetMenuStringW` `ExitWindowsEx` `SetMenu` `FlashWindow` `GetPropW` `SetPropW` `RemovePropW` `MapWindowPoints` `RedrawWindow` `SetWindowLongPtrW` `SetParent` `GetClassInfoExW` `DefDlgProcW` `GetAncestor` `UpdateWindow` `GetMessagePos` `GetClassLongPtrW` `CallWindowProcW` `CheckRadioButton` `IntersectRect` `GetUpdateRect` `PtInRect` `CreateDialogIndirectParamW` `GetWindowLongPtrW` `CreateAcceleratorTableW` `DestroyAcceleratorTable` `InsertMenuItemW` `SetMenuDefaultItem` `RemoveMenu` `SetMenuItemInfoW` `IsMenu` `GetMenuItemInfoW` `CreateMenu` `CreatePopupMenu` `SetMenuInfo` `AppendMenuW` `DestroyMenu` `TrackPopupMenuEx` `GetDesktopWindow` `CopyImage` `CreateIconIndirect` `CreateIconFromResourceEx` `EnumClipboardFormats` `GetWindow` `BringWindowToTop` `MessageBoxW` `GetTopWindow` `GetQueueStatus` `SetDlgItemTextW` `LoadAcceleratorsW` `EnableMenuItem` `GetMenu` `CreateWindowExW` `RegisterClassExW` `LoadCursorW` `DestroyIcon` `IsCharAlphaW` `IsZoomed` `VkKeyScanExW` `MapVirtualKeyExW` `GetKeyboardLayoutNameW` `ActivateKeyboardLayout` `GetGUIThreadInfo` `GetWindowTextW` `mouse_event` `WindowFromPoint` `GetSystemMetrics` `keybd_event` `SetKeyboardState` `GetKeyboardState` `GetCursorPos` `GetAsyncKeyState` `AttachThreadInput` `SendInput` `UnregisterHotKey` `RegisterHotKey` `PostQuitMessage` `SendMessageTimeoutW` `UnhookWindowsHookEx` `SetWindowsHookExW` `PostThreadMessageW` `IsCharAlphaNumericW` `IsCharUpperW` `IsCharLowerW` `ToUnicodeEx` `GetKeyboardLayout` `CallNextHookEx` `CharLowerW` `ReleaseDC` `GetDC` `OpenClipboard` `GetClipboardData` `GetClipboardFormatNameW` `CloseClipboard` `SetClipboardData` `EmptyClipboard` `PostMessageW` `FindWindowW` `EndDialog` `IsWindow` `DispatchMessageW` `TranslateMessage` `ShowWindow` `CountClipboardFormats` `SetWindowLongW` `ScreenToClient` `IsDialogMessageW` `GetDlgItem` `SendDlgItemMessageW` `DialogBoxParamW` `SetForegroundWindow` `DefWindowProcW` `FillRect` `DrawIconEx` `GetSysColorBrush` `GetSysColor` `RegisterWindowMessageW` `GetMonitorInfoW` `EnumDisplayMonitors` `SetClipboardViewer` `IsIconic` `SendMessageW` `IsWindowEnabled` `GetWindowLongW` `GetKeyState` `TranslateAcceleratorW` `KillTimer` `PeekMessageW` `GetFocus` `GetClassNameW` `GetWindowThreadProcessId` `GetForegroundWindow` `EnumWindows` `GetWindowTextLengthW` `EnableWindow` `InvalidateRect` `SetLayeredWindowAttributes` `SetWindowPos` `SetWindowRgn` `SetFocus` `SetActiveWindow` `EnumChildWindows` `MoveWindow` `GetWindowRect` `GetClientRect` `SystemParametersInfoW` `AdjustWindowRectEx` `DrawTextW` `SetRect` `GetIconInfo` `SetWindowTextW` `IsWindowVisible` `BlockInput` `GetMessageW` `SetTimer` `GetParent` `GetDlgCtrlID` `CharUpperW` `IsClipboardFormatAvailable` `CheckMenuItem` `LoadImageW` `MapVirtualKeyW` `ChangeClipboardChain` `DestroyWindow`
GDI32.dll	`GetPixel` `GetClipRgn` `GetCharABCWidthsW` `SetBkMode` `CreatePatternBrush` `SetBrushOrgEx` `EnumFontFamiliesExW` `CreateDIBSection` `GdiFlush` `SetBkColor` `ExcludeClipRect` `SetTextColor` `GetClipBox` `BitBlt` `CreateCompatibleBitmap` `GetSystemPaletteEntries` `GetDIBits` `CreateCompatibleDC` `CreatePolygonRgn` `CreateRectRgn` `CreateRoundRectRgn` `CreateEllipticRgn` `DeleteDC` `GetObjectW` `GetTextMetricsW` `GetTextFaceW` `SelectObject` `GetStockObject` `CreateDCW` `CreateSolidBrush` `CreateFontW` `FillRgn` `GetDeviceCaps` `DeleteObject`
COMDLG32.dll	`CommDlgExtendedError` `GetSaveFileNameW` `GetOpenFileNameW`
ADVAPI32.dll	`RegDeleteKeyW` `RegSetValueExW` `RegCreateKeyExW` `RegQueryValueExW` `AdjustTokenPrivileges` `LookupPrivilegeValueW` `OpenProcessToken` `CloseServiceHandle` `UnlockServiceDatabase` `LockServiceDatabase` `OpenSCManagerW` `GetUserNameW` `RegEnumKeyExW` `RegEnumValueW` `RegQueryInfoKeyW` `RegOpenKeyExW` `RegCloseKey` `RegConnectRegistryW` `RegDeleteValueW`
SHELL32.dll	`DragQueryPoint` `SHEmptyRecycleBinW` `SHFileOperationW` `SHGetPathFromIDListW` `SHBrowseForFolderW` `SHGetDesktopFolder` `SHGetMalloc` `SHGetFolderPathW` `ShellExecuteExW` `Shell_NotifyIconW` `DragFinish` `DragQueryFileW` `ExtractIconW`
ole32.dll	`OleInitialize` `OleUninitialize` `CoCreateInstance` `CoInitialize` `CoUninitialize` `CLSIDFromString` `CLSIDFromProgID` `CoGetObject` `StringFromGUID2` `CreateStreamOnHGlobal`
OLEAUT32.dll	`SafeArrayGetLBound` `GetActiveObject` `SysStringLen` `OleLoadPicture` `SafeArrayUnaccessData` `SafeArrayGetElemsize` `SafeArrayAccessData` `SafeArrayUnlock` `SafeArrayPtrOfIndex` `SafeArrayLock` `SafeArrayGetDim` `SafeArrayDestroy` `SafeArrayGetUBound` `VariantCopyInd` `SafeArrayCopy` `SysAllocString` `VariantChangeType` `VariantClear` `SafeArrayCreate` `SysFreeString`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41309`
MD5	`64b23621028eccceed91891648c0dd79`
SHA1	`b2880ea88b80aa5aecb8578d3a3752490db8f3cb`
SHA256	`59e4d113f8d8b2a4e4b02e431052ea33c89ad207bc57765c0dfa6be2faa7ee0b`
SHA3	`8dd3c9210088699cf3c8553b89601c219858b53182613e55b37e9d8eadd5b9c4`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.84157`
MD5	`1c93a14c5a485c11350ef568f5e423c1`
SHA1	`bead6553859c4ec6e647551a19b224dc2357fc5f`
SHA256	`ae6b56a4aabbeb5d22f508ed6d1522ba6e5b668d1ffb05e4d9cee348a14197cd`
SHA3	`5719b4dc9bcc5a323c95d760317d4a5b737343f709eee16eddf819e8054ee6dd`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.3349`
MD5	`266626c8655c67b9530c361ca939f01d`
SHA1	`4f799d89f7255ef58628605cc0f37a3420925a3d`
SHA256	`1bfebd87e8f7129fe598c91a87ff03e7962b95af723ea024faf9549e6442aa84`
SHA3	`85b69f2f4e1bfa507c52634afc60ad29f41321a0a4526654693b1dd7a6f516d9`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.46964`
MD5	`fbbd1dfd9481f55d0e9ebc890ce09c3c`
SHA1	`cbfd96b3e1c556af63424b3a153def765077b8fb`
SHA256	`5ef6e7b16676575434a274b3654dcc6c4934adcb5c86ee31939720568578d2c0`
SHA3	`108eb4ba2bc3e913cec2e0d5cd215901fb0f4ebffc7fbd7679673ea2c735a609`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.56056`
MD5	`9104d9f5acc220ac5a9a1c29a283e42d`
SHA1	`7e274a143071c4d7801c07669074cd8fa2972047`
SHA256	`e773c795d1dbb9bf8cd8f73f12c4f02c047f58dc516be4a629fe807610476917`
SHA3	`8cd4a3f7555bedc4ecddbcb83b34780f450c902a91ddda511b41f9b6f1c21103`

211

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.37124`
MD5	`2cfd05e0e8346abd1be8b6933d0684ad`
SHA1	`898c4f11bceec1fb399cc9e0f305e09b9a2df803`
SHA256	`c0306fb5f7462e74df09e5e0627c01a238f291bbdc89c24c0ea1f46e7341ab5a`
SHA3	`8f3778cee4660e3c85805aa4bce2602547080ca7cfc425029bce1441a5af9a1f`

205

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xe8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82326`
MD5	`fec66af562e184a3acd4ada5b1603016`
SHA1	`fe5cd5d19cfc12992d23a18db8edaf1c06f610c2`
SHA256	`0b54b12fc56db7f7a5a366544081e75cfd312d6db7dd0b298b8088ad2f748908`
SHA3	`36780025f039a7044aac6d427f489314299b398567b3b737bb5f229278d74563`

212

Type	`RT_ACCELERATOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x48`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.96144`
MD5	`7fb94687aa0fe2b18873dba5ac59ab1d`
SHA1	`e19e8d6b0e33da063de27c83fa0bab4058513332`
SHA256	`86286a59831ad1d0d84eb411ae6fa236b21bca5d3ebfc93a59cf4b6bf1d466d0`
SHA3	`33011788d35d1127a1ee6fbdb975c0d4ef6b36d3896e0d27d3f75f0ff68e3aec`

>AUTOHOTKEY SCRIPT<

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x30a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.24413`
MD5	`828a55c11f90d2e244cbffbc783210cd`
SHA1	`7f20f27d6a04773ab4a5f94c80a9423f3f144776`
SHA256	`e4d289d72e2364404ec2a23928f6274a805572c2dbcae2db0bff3ab6cb45858d`
SHA3	`60ae4ccc16a1c59e5ecbc3a96d9d823bd3c4152c270ded09824a8b69f5674c3f`

159

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91924`
Detected Filetype	Icon file
MD5	`e5e5a43c3fe2d6ce9e1c48462c08de9b`
SHA1	`102da52437d828765fe09d1fafca1cb2acb2824a`
SHA256	`ebdbbf828eaca2f5930352386aa667a45402d6afd4c724b611da2a06a05579f2`
SHA3	`3ebbf0e7a0a9ee8a285b5f627c5a49fb3677ca649575b7a0a81149bba1fd3e70`

160

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.02322`
Detected Filetype	Icon file
MD5	`6a368971d47678239d334269be28300e`
SHA1	`9fcfe92b319b372d6d59c9096cf13e9662e8299f`
SHA256	`45de95e2bc9da2d99016c89cba3816940f7ddb7f044c6d34b5f5c168c3b638ff`
SHA3	`10b30bfdab83169af38b453132bc26884230b58321aab1e2ebd88135cfae8457`

206

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.9815`
Detected Filetype	Icon file
MD5	`40c1414025bcc34e7ba97fd22bc9f5a4`
SHA1	`b53a6a13513b5205cef6fc6d7556ad80d8b62173`
SHA256	`d6659139f55adad2497df8d1a11fcd68324a00ccdadbc133ddd49fb79e9ccc1c`
SHA3	`88c00f73975983695c16e34c6a1750573250999152f5399a198b799e76349720`

207

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.0815`
Detected Filetype	Icon file
MD5	`9b2193af49fdb53892356f594e9f18b9`
SHA1	`448aa28721dd65475b37505de8140d88d5aa1501`
SHA256	`9b8ca9c6a330d0d17d1108ab5442d60ea574817a65caa860cceb24313cc4f0e4`
SHA3	`46527c3333b02958fd025cfdaa12d481f8505aa77c1cd0b5f15348e870530116`

208

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.0815`
Detected Filetype	Icon file
MD5	`5f51cbb6145d3a4c36cffa3b028b0199`
SHA1	`b2bbd2afcfa1c44725bf90df8948792d3bc7fb97`
SHA256	`fbb52a958caa73dce023ce27649d69f8886e86b5706e767153c41dde7b5eebf9`
SHA3	`93f253b05e0e42147b5a9000d421c3e105df42f9fafae5147c4e9a09958e3f79`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1fc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.24287`
MD5	`345c54828a87b305c1d4be8d7a168687`
SHA1	`102efdab129d28f10e66d62b4f2a601752297da4`
SHA256	`225a4320705eedf197908f0df09efc9096b4226ecd070b0a67e64c5116f9b115`
SHA3	`191cc2f45b5c863e5466ec3eef3703cb90bcc60f62f5cee0125c3de4a788cc2c`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4f4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.34908`
MD5	`fd97ad678377c9966ba3f8697c4e0aec`
SHA1	`a219c82a72b1a932c555f7b8ca0180f5b909d8ca`
SHA256	`0ca571f6485ac59097ce1d665a6c65086b8bc9f639715beb28666cb367f12f8a`
SHA3	`cf4561c34a35064efaa478d33745f6e1bb002dbf220524c3fe547d68cc0337ef`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.1.33.10
ProductVersion	1.1.33.10
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
FileVersion (#2)	1.1.33.10
ProductVersion (#2)	1.1.33.10

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x17a34758`
Unmarked objects	`0`
C++ objects (VS2010 SP1 build 40219)	`53`
C objects (VS2010 SP1 build 40219)	`144`
C objects (VS2008 SP1 build 30729)	`6`
135 (VS2008 SP1 build 30729)	`1`
Imports (VS2008 SP1 build 30729)	`29`
Total imports	`467`
ASM objects (VS2010 SP1 build 40219)	`23`
175 (VS2010 SP1 build 40219)	`43`
Resource objects (VS2010 SP1 build 40219)	`1`
Linker (VS2010 SP1 build 40219)	`1`

Errors

Leave a comment

No comments yet.