Manalyze report for 73a054be9556196614f90fb36dbde96df0c3a6f8764946fe26871352a499cc01

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Oct-09 10:37:35
Detected languages	English - United States French - France Portuguese - Brazil Russian - Russia Spanish - Spain (International sort)
Debug artifacts	C:\BUILD\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb
CompanyName	Gen Digital Inc.
Edition	15
FileDescription	AVG Installer
FileVersion	`2.1.137.0`
InternalName	microstub
LegalCopyright	Copyright ÃÂ© 2025 Gen Digital Inc. All rights reserved.
OriginalFilename	microstub.exe
ProductName	AVG
ProductVersion	`2.1.137.0`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ v6.0 DLL` `Microsoft Visual C++ 6.0 - 8.0`
Info	Interesting strings found in the binary:	`Contains domain names: 9s-iavg.avcdn.net Jhonzik.avcdn.net analytics.com avast.com avcdn.net ff.avast.com google-analytics.com iavg.avcdn.net info.ff.avast.com ip-info.ff.avast.com s-iavg.avcdn.net stats.avast.com v7event.stats.avast.com www.google-analytics.com`
Info	Libraries used to perform cryptographic operations:	`Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryW LoadLibraryExA LoadLibraryA LoadLibraryExW GetProcAddress` `Functions which can be used for anti-debugging purposes: FindWindowW` `Possibly launches other programs: CreateProcessW` `Uses Microsoft's cryptographic API: CryptDestroyHash CryptHashData CryptCreateHash CryptGenRandom CryptGetHashParam CryptReleaseContext CryptAcquireContextA` `Functions related to the privilege level: OpenProcessToken` `Can take screenshots: FindWindowW GetDC`
Info	The PE is digitally signed.	`Signer: Gen Digital Inc.` `Issuer: Sectigo Public Code Signing CA R36`
Safe	VirusTotal score: 0/71 (Scanned on 2026-05-18 19:49:09)	`All the AVs think this file is safe.`

Hashes

MD5	`9d5c615993f7f8c670dbb2fa6fce5cac`
SHA1	`af5804e7a3732575487285cfc4818607fe1a7fb9`
SHA256	`73a054be9556196614f90fb36dbde96df0c3a6f8764946fe26871352a499cc01`
SHA3	`4e579b855ad050fdd64fff677e92009f0921623a90a465e9055bc612cc79577c`
SSDeep	`6144:wrRG+16NMD16oK3bbLuaTBmgrj3EVEezVK59V:wrRxD1rK3fL/mRdJy9V`
Imports Hash	`a0ecf19b5c4206ea0302535c91541360`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x128`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2025-Oct-09 10:37:35
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x23200`
SizeOfInitializedData	`0x19200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001020 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x25000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x41000`
SizeOfHeaders	`0x400`
Checksum	`0x4446a`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`503e62a62f34151c2bba09b89875c6f7`
SHA1	`6d823f508d9be5957a6598b8a5aceb13f8ed2855`
SHA256	`43fcc60862845c1ac61295056ae959dc7fcccab396556fd46dccf35a4645f473`
SHA3	`762f67ebb6f0ba944effaad41e875d1407ab5034793bf3a59d308496d33f9904`
VirtualSize	`0x2310a`
VirtualAddress	`0x1000`
SizeOfRawData	`0x23200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.53848`

.rdata

MD5	`81733885ad6dc6664bb35341e4b85e88`
SHA1	`de05acc11b1227bad196bae4472ae57cda3835f3`
SHA256	`29704513bd8bff506659fda808700d5f1426edf26a94049941d31f422d055c0e`
SHA3	`506658fde782a1835037648370f48ecf8f685c4829127035a9c8928bf273de60`
VirtualSize	`0xa3b8`
VirtualAddress	`0x25000`
SizeOfRawData	`0xa400`
PointerToRawData	`0x23600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.4385`

.data

MD5	`64d75cd24f7ac5d016fc62ab3f42c8c1`
SHA1	`46104e236d99b80c502cd10fb4915192e6dbaa83`
SHA256	`2511886a0875db959c535ebe92ae1846d35c852ae973bc2fe8f10fd462218a84`
SHA3	`06fea089ad28e4c7f6d7e53b90ae489ace24187e930e749c4fe1fca0d732e03c`
VirtualSize	`0x1638`
VirtualAddress	`0x30000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x2da00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.91648`

.didat

MD5	`4c706e96380a62b5843f26b34921e6d3`
SHA1	`b79209d88e36e5cd2c570915226fe37d5d885d3d`
SHA256	`1663dad60f92ffe9d85bb7c030b98038ea4205c976150878366c9246fc4d91d4`
SHA3	`cd3d5d7360689f125d6cd6421720db739d38a06050535c6d00b64ee37d4e3c1a`
VirtualSize	`0x50`
VirtualAddress	`0x32000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2e400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.740688`

.rsrc

MD5	`6ad8bc423e2fde9ad805146b4d9bd00c`
SHA1	`c9cc4b191cddf95096e49bfc1e0163c16e73c6cf`
SHA256	`b53bf312bef577075393130f09bb7b56ef61fbc67c01a3db6ef710c01b0e8060`
SHA3	`c6533545d4c8b3a8fe451828826191bad2434b76e9bd7f207ca5429e160ea278`
VirtualSize	`0xb690`
VirtualAddress	`0x33000`
SizeOfRawData	`0xb800`
PointerToRawData	`0x2e600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.82202`

.reloc

MD5	`6bbb67bf6c1c390ae0292fee4f27ac80`
SHA1	`d78ae743d965fb8230d59f33ff75bae07a186e79`
SHA256	`03e335284ef32cf93992818507d282f7a8f676d34fb8ff03e6acb5c357c5f5af`
SHA3	`909d82692f387aa267e8f752ddac8c0a4aa5fb65813bdc92dce9979ee057afef`
VirtualSize	`0x1df0`
VirtualAddress	`0x3f000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0x39e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.67342`

Imports

KERNEL32.dll	`InterlockedExchangeAdd` `HeapFree` `GetLastError` `SetLastError` `Sleep` `GetFileSizeEx` `WriteFile` `SetEndOfFile` `SetFilePointerEx` `CloseHandle` `MapViewOfFile` `UnmapViewOfFile` `CreateFileMappingW` `FindResourceExW` `EnumResourceNamesW` `GetWindowsDirectoryW` `CreateDirectoryW` `CreateFileW` `MultiByteToWideChar` `WideCharToMultiByte` `CreateThread` `GetSystemTimeAsFileTime` `GetNativeSystemInfo` `lstrcatA` `lstrlenA` `GetVersionExA` `GetCurrentProcess` `GetExitCodeProcess` `ResumeThread` `ReleaseMutex` `WaitForSingleObject` `CreateMutexW` `CreateProcessW` `GetPrivateProfileIntA` `GetPrivateProfileIntW` `GetPrivateProfileStringA` `GetPrivateProfileStringW` `GetDiskFreeSpaceExW` `CopyFileW` `MoveFileExW` `CreateHardLinkW` `LocalFree` `HeapAlloc` `GetProcessHeap` `HeapSetInformation` `ExitProcess` `IsProcessorFeaturePresent` `lstrcpyW` `GetModuleHandleW` `GetCommandLineW` `GetSystemDirectoryW` `SetDllDirectoryW` `WriteConsoleW` `FlushFileBuffers` `GetConsoleMode` `GetConsoleCP` `SetStdHandle` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCPInfo` `GetOEMCP` `IsValidCodePage` `FindNextFileW` `FindFirstFileExW` `FindClose` `LCMapStringW` `FindResourceW` `LoadLibraryW` `SizeofResource` `LoadResource` `GlobalFree` `GlobalUnlock` `GlobalLock` `GlobalAlloc` `GetVersionExW` `FreeLibrary` `LockResource` `GetFileType` `GetStringTypeW` `InterlockedExchange` `GetUserDefaultLangID` `GetACP` `GetModuleHandleExW` `RaiseException` `GetSystemInfo` `VirtualProtect` `VirtualQuery` `LoadLibraryExA` `LoadLibraryA` `DecodePointer` `GetVersion` `HeapDestroy` `HeapReAlloc` `HeapSize` `InitializeCriticalSectionAndSpinCount` `DeleteCriticalSection` `DeviceIoControl` `GetVolumeNameForVolumeMountPointW` `GetVolumePathNameW` `EnterCriticalSection` `LeaveCriticalSection` `SetEvent` `ResetEvent` `WaitForSingleObjectEx` `CreateEventW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `InitializeSListHead` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `TerminateProcess` `OutputDebugStringW` `RtlUnwind` `EncodePointer` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `LoadLibraryExW` `GetCommandLineA` `GetStdHandle` `GetModuleFileNameW` `GetProcAddress`
USER32.dll	`ReleaseDC` `GetMessageW` `TranslateMessage` `DispatchMessageW` `AllowSetForegroundWindow` `PostMessageW` `wsprintfA` `LoadStringW` `MessageBoxExW` `wsprintfW` `SystemParametersInfoW` `IsDialogMessageW` `LoadImageW` `DestroyIcon` `FindWindowW` `FillRect` `GetWindowRect` `SendMessageW` `EndPaint` `BeginPaint` `InvalidateRect` `GetDC` `SetForegroundWindow` `GetSystemMetrics` `KillTimer` `SetTimer` `SetFocus` `SetWindowPos` `DestroyWindow` `CreateWindowExW` `RegisterClassExW` `PostQuitMessage` `DefWindowProcW`
GDI32.dll	`GetObjectW` `CreateDIBSection` `SelectObject` `GetTextExtentPoint32W` `DeleteObject` `CreateSolidBrush` `CreatePatternBrush` `CreateFontIndirectW`
ADVAPI32.dll	`CryptDestroyHash` `CryptHashData` `CryptCreateHash` `CryptGenRandom` `CryptGetHashParam` `CryptReleaseContext` `CryptAcquireContextA` `GetSidSubAuthorityCount` `GetSidSubAuthority` `IsValidSid` `GetTokenInformation` `OpenProcessToken` `ConvertStringSecurityDescriptorToSecurityDescriptorA`
ole32.dll	`CoInitializeEx` `CoCreateInstance` `CreateStreamOnHGlobal` `CoUninitialize`
COMCTL32.dll	`#17`
SHLWAPI.dll	`StrStrW` `StrToIntW`
WindowsCodecs.dll (delay-loaded)	`WICConvertBitmapSource`

Delayed Imports

Attributes	`0x1`
Name	`WindowsCodecs.dll`
ModuleHandle	`0x30a48`
DelayImportAddressTable	`0x32048`
DelayImportNameTable	`0x2e0e4`
BoundDelayImportTable	`0x2e22c`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

200

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x91d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.74285`
Detected Filetype	PNG graphic file
MD5	`6f60bd1f2cca29b2c741498213d2027f`
SHA1	`1f6d9d6379b0a22fc5c561c59b980d984f9b077f`
SHA256	`a17e3c4b0df6c16e89ccd1d69c0552a526199fbd23d45a694c156ff467c0b8ce`
SHA3	`bb7156e56b8c6edefceb29cbd551f1f2144b2cb309482884011b0e82f1b4786c`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x376`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.69103`
Detected Filetype	PNG graphic file
MD5	`6a6b3bdfb2f26fb995d7fcc02fe4c20c`
SHA1	`3ecd4f795f53e45e11127384542f5ddc3c50eaf3`
SHA256	`39dcb184d6d9704afb2ee84845b8a13b554a01d07964ff87e98d3a13861df253`
SHA3	`87f56bd93dce58b6de6571c5b68f4560ec0305185a0662120bd350321e559640`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa1e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.89333`
Detected Filetype	PNG graphic file
MD5	`3b167871c7e49302cc8280f62cb9a4a4`
SHA1	`596fe4723bbe29e078bdb31c5d11704ef1c82fa1`
SHA256	`b2109046cee010bda043b95c724dcf6f05546bda005852135b44dc8d980b059a`
SHA3	`399e78f4d3fbaba482eaa45484d755a67d733562946cea7ab55bb9f70c90106f`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1251`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.9432`
Detected Filetype	PNG graphic file
MD5	`9fc2690b4fae34edc6e46b32b566c7db`
SHA1	`7655cdbe6a28712304c77262d1c9aac59c2d1794`
SHA256	`4e306434469be5dea6231d3b977dde8eac8c21a49a8d4c2e7247d72b26efb822`
SHA3	`ce0ad0586abf3d55ddb4578ee0254b83f68ed02f5d3f6a49e1990bbcd3310c4f`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x419c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.90914`
Detected Filetype	PNG graphic file
MD5	`153dbe7d133ffb7328670a8f32971cb0`
SHA1	`06fb5fb77c1796834655ad153d0a0b92f0b281e3`
SHA256	`3187adad0c6e7d3aa89074197c5c77616adc3ab001a8f9c1bbafdb1ba61ebf31`
SHA3	`febda0854ba00047d3f20747d88baa74b6f2dd089cc4fb0db2cd72928290d291`

76

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1a4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.40038`
MD5	`cef30d63dd1b25153be5a6e7fc6d9afd`
SHA1	`5282dc618da8f22eea75629b544e45d2244d9ebf`
SHA256	`9d03c658200eb5cc99e56dc204b397ad326da196ef14b2c0ffc9733ebfa0966f`
SHA3	`4f8f862da1cb0a50e6c13c7f2bddd5d72813288c4876abea4558c29313fb5879`

126

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x44`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.93757`
MD5	`c6b1927022bfb2b7209f241aa96d73c4`
SHA1	`8884cfb16c9f45a9d8e9986413340e392c51ba61`
SHA256	`bab3042b8ffbd6cf30db6e1e37f8089f8a2bf06e89bca758fbccd48428ad95a4`
SHA3	`7e72d9b70888beec85a52c56e6ab70a339d3722d214456cc338234d1830b8b77`

132

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.0711`
MD5	`e5680f707412ff6fc5fc3ff3ca9d377d`
SHA1	`9ac2ffd890a5ffba1990e669c422290486a34d49`
SHA256	`96947fb8ba18134ba8016584c036945661e65b387e2d32b01d2153388eca6d79`
SHA3	`92335ab9624771e66c350479646f20128d4a718b202a1ca6240aa003d0c276e8`

201

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.191433`
MD5	`876e1adfc79d3d99c47b8219c27e50b7`
SHA1	`68ac473d8b97284b787287079bcb9ac34a9a144d`
SHA256	`8185902b4daea4ea7000be05c06f8295eef6a121dc697ce6c89e056a95a5b44e`
SHA3	`789ea18ce8d65ca3cdf00292607ca10e5b8d2b92d413c4c14efa02d4ebb3c950`

401

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.191433`
MD5	`876e1adfc79d3d99c47b8219c27e50b7`
SHA1	`68ac473d8b97284b787287079bcb9ac34a9a144d`
SHA256	`8185902b4daea4ea7000be05c06f8295eef6a121dc697ce6c89e056a95a5b44e`
SHA3	`789ea18ce8d65ca3cdf00292607ca10e5b8d2b92d413c4c14efa02d4ebb3c950`

626

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.32133`
MD5	`a9ca88e661acceae0592f05fdf00d504`
SHA1	`4154a8bab4b90c10638155a7858e65fabd644e6b`
SHA256	`cec6a4f18ad03e18cb22425794b77926e90da3f9c9c13533412b6606fa6da2d4`
SHA3	`9df5f9087dc9479ba3c3370d931ec02f235b429265900e1ad496da94118ef91a`

626 (#2)

Type	`RT_STRING`
Language	French - France
Codepage	UNKNOWN
Size	`0x8e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.67561`
MD5	`3bd200e2c678ef25f51ec2c2bb4dcfd9`
SHA1	`cb503f9fa89e2cb3019a4c38c2eb4b2ecc831e2d`
SHA256	`54cee6f69d30d13c7e14bf166e5c8eb074314fdfd8d7b258dc8f8924b45db64d`
SHA3	`2f4e1a3c19da7ecd3422de5b871fdc14ce205e25b9ef0b3b72240fe579d56cdb`

626 (#3)

Type	`RT_STRING`
Language	Portuguese - Brazil
Codepage	UNKNOWN
Size	`0x74`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.40523`
MD5	`13d16c9c24b740f38cbb30281c0cd313`
SHA1	`b21a4886c16216d5a4eca1b93bf69002a78a9fe3`
SHA256	`cd4c39ec8abbe8900d01fb383267ec1f4652a7a59bb65a6b5b980fbaaf3ed1b7`
SHA3	`39610d5dca6ba0c41202d6d049bd6355d46a7fe30d4123eccac648a77b8901ac`

626 (#4)

Type	`RT_STRING`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x6e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.84173`
MD5	`596b029ecb97e01d383fcc78620b96d5`
SHA1	`f0c44241e7f05ff40288d1d0e884f5f4a84b9ea5`
SHA256	`aa4684cd0a9c9dacbc330b92270e4660fe633d16d88774a122560958fa4f3348`
SHA3	`bbc032daf3cf014de7dfb9d95adc1d72ed26547fa378b6a84f45ed3d9eb2b67b`

626 (#5)

Type	`RT_STRING`
Language	Spanish - Spain (International sort)
Codepage	UNKNOWN
Size	`0x74`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.42247`
MD5	`6c9f0bf0031d6a6eb646b05150a34805`
SHA1	`3e9727f25ea5874409355c36540d8e54b6bb66df`
SHA256	`b294a44edf7000fc1855fa7fc3dbcaba7be31e33a2c05060c2b22b062d1dc7fb`
SHA3	`9f0c2243143529b93effc965904d19e3bdb31653e2b08aeec6fe412fb0f8ee9e`

627

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x46`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.82509`
MD5	`b3c913fc90143f34d3359af3397a7900`
SHA1	`1010e8bdc08ebdce7230962094b4d5351b53cb12`
SHA256	`d7d89c5fad3ce5ac0533c46accf103352b1cbd068538413ab6a42bcf4955d827`
SHA3	`e48642420989232af9a93690b8b9e14f9a2ef678321c02eb38e666e413047a77`

627 (#2)

Type	`RT_STRING`
Language	French - France
Codepage	UNKNOWN
Size	`0x46`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.82509`
MD5	`b3c913fc90143f34d3359af3397a7900`
SHA1	`1010e8bdc08ebdce7230962094b4d5351b53cb12`
SHA256	`d7d89c5fad3ce5ac0533c46accf103352b1cbd068538413ab6a42bcf4955d827`
SHA3	`e48642420989232af9a93690b8b9e14f9a2ef678321c02eb38e666e413047a77`

627 (#3)

Type	`RT_STRING`
Language	Portuguese - Brazil
Codepage	UNKNOWN
Size	`0x46`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.82509`
MD5	`b3c913fc90143f34d3359af3397a7900`
SHA1	`1010e8bdc08ebdce7230962094b4d5351b53cb12`
SHA256	`d7d89c5fad3ce5ac0533c46accf103352b1cbd068538413ab6a42bcf4955d827`
SHA3	`e48642420989232af9a93690b8b9e14f9a2ef678321c02eb38e666e413047a77`

627 (#4)

Type	`RT_STRING`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x46`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.82509`
MD5	`b3c913fc90143f34d3359af3397a7900`
SHA1	`1010e8bdc08ebdce7230962094b4d5351b53cb12`
SHA256	`d7d89c5fad3ce5ac0533c46accf103352b1cbd068538413ab6a42bcf4955d827`
SHA3	`e48642420989232af9a93690b8b9e14f9a2ef678321c02eb38e666e413047a77`

627 (#5)

Type	`RT_STRING`
Language	Spanish - Spain (International sort)
Codepage	UNKNOWN
Size	`0x46`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.82509`
MD5	`b3c913fc90143f34d3359af3397a7900`
SHA1	`1010e8bdc08ebdce7230962094b4d5351b53cb12`
SHA256	`d7d89c5fad3ce5ac0533c46accf103352b1cbd068538413ab6a42bcf4955d827`
SHA3	`e48642420989232af9a93690b8b9e14f9a2ef678321c02eb38e666e413047a77`

629

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.37544`
MD5	`4d591449cf9fe6e7aeca6d8c467041e9`
SHA1	`4203eecfac007ed653b6b23105b1367403b2fc8e`
SHA256	`aaadce18d206d44528111d02e2c219e036388bebbd86ae70c3a9e1ec5cc1ba81`
SHA3	`23d87376b7b7f4577770dfd8dc5c30fd26110c32cda80710536de5d0438c7993`

629 (#2)

Type	`RT_STRING`
Language	French - France
Codepage	UNKNOWN
Size	`0x6c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.37596`
MD5	`17758b5903cea9ec2e653bb3b83a552e`
SHA1	`eaed598ba5d6e14b24e09a054df60c9e167b03c0`
SHA256	`8bce5232bf57eda96323ecd6ba6133a6ad7f12b94a49f6261e728b344d26c421`
SHA3	`4eb4fb727594eb3cfecfd8e63e0b7fedb1fd6e6299596aec3daf9ebf0a5e0534`

629 (#3)

Type	`RT_STRING`
Language	Portuguese - Brazil
Codepage	UNKNOWN
Size	`0x76`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.39705`
MD5	`d1b4c32f8b7170c4de24d0d053b15165`
SHA1	`4e5e491b63e9f87ebb99b0831df76d446c6749c3`
SHA256	`388e006388c7fb0af5c58cb51a76e977015304f4e1695e67d6c645df9436e355`
SHA3	`72150d7b56f809dbd79e30193fe09f82c43f52963939c86552777a8987b48b78`

629 (#4)

Type	`RT_STRING`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x6c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.9861`
MD5	`200358b1aefb07a8f5419dc671077378`
SHA1	`3b2f8c6b7a5394cb2bc70fc54a4d39aa2400f748`
SHA256	`a8bd8be09929e6ad36c893e43db2e7091a500eec2cb20f9d7cb692d99f6ddf57`
SHA3	`9d93352e0a84f3f6da48081cfe546c0c3d7b50d34a5bc2b6c801d2883d034508`

629 (#5)

Type	`RT_STRING`
Language	Spanish - Spain (International sort)
Codepage	UNKNOWN
Size	`0x72`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.40327`
MD5	`eaaf00e39fb863df194075212a1b02de`
SHA1	`b14decb16038b4d2a25dbef1589e9e91250b46f5`
SHA256	`d93e7743cb4b29947d4292e07b0201ed459a140e55478a1edf41a467ad7cb17f`
SHA3	`12f26d4de1e0e56147fd6250ed82f1ea7cc90044c1883c958d8cd2fff2301b95`

631

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0xc0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.65288`
MD5	`474820dd09a0a65b18c0c5f694e1c493`
SHA1	`e5ed2fe8f313b2c818127fe67a0db8e1e2d3b1ab`
SHA256	`fceee7d82c333e2b9a15ce684f8239774bbd091cbb3215f577eb201f45bcb2b3`
SHA3	`00e064465e693582e489b8ad47e04b4486bf2ff0004daacb2385a64bac332ee3`

631 (#2)

Type	`RT_STRING`
Language	French - France
Codepage	UNKNOWN
Size	`0x104`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.86052`
MD5	`150b95981616f94fd6a18c1d7b4313e4`
SHA1	`943dd07786cf02f25864b79e3dd76d6bec00a548`
SHA256	`64c72e554c42242a7c8e693f7090dea10b3c7fa844a74d23fe6f1f0631431777`
SHA3	`0f07c2ff70fe944e2aeb7e0cc268e59fc360030770117d94b71464bd320f40bc`

631 (#3)

Type	`RT_STRING`
Language	Portuguese - Brazil
Codepage	UNKNOWN
Size	`0xce`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.74688`
MD5	`7c8daae813dd10c30b6f15afa043e6a5`
SHA1	`e1ad212e077c8cd23921890c594836de808633a0`
SHA256	`5c00e579cde77e60c5ee0ed374ba84b30869c4f31b81378d085988ca8a68d8c7`
SHA3	`a0f6ee5ebdb0870988199d4970d1b9ad635ca23860c2403462e934dd9bcf3607`

631 (#4)

Type	`RT_STRING`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x116`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.48786`
MD5	`0f26613f65cc8488ec834dd35c8439eb`
SHA1	`81f7785b0910b05a725b3c6e0049ab17070d644e`
SHA256	`dddd3eae8c69c85a171541f46b214219189e5d1d2a34210f09531678b8b89363`
SHA3	`13fe9769c06c4d8139188e77f427974265929c020e63bb83743e9a15d1c8536f`

631 (#5)

Type	`RT_STRING`
Language	Spanish - Spain (International sort)
Codepage	UNKNOWN
Size	`0xee`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.81378`
MD5	`dabb2b1009ad675a9b823178cad6f141`
SHA1	`ad71c9bc26214c41d3df1de8927a0e17d1a002d5`
SHA256	`37123c32767d5d2f105fe81a2c15a5476c7e246374929fa4d44c2891b0899d89`
SHA3	`31bfe2a716ec5782ec98750d467b0cc2080f3520b78ce24348a4e65dc8e89ac9`

632

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x832`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.17476`
MD5	`9c79c92511ad36aa39599c04d5df996d`
SHA1	`aa8132151bc9bf06099f40199f7d7cbd633f2a83`
SHA256	`16111bfab5d77e989b9b4851deaec530ed7f38aab18f9bd2cd8bbbc1481123d1`
SHA3	`d55cd09b5f4bbd1eeeaafc231f145e467b535de08546627f7dce84ab46d17cd0`

632 (#2)

Type	`RT_STRING`
Language	French - France
Codepage	UNKNOWN
Size	`0xa30`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.26527`
MD5	`9efbc74c363ce2765a959fe373727601`
SHA1	`ab6b49ecd1378339d9efedaf453d5dde5d7916bf`
SHA256	`f579f2a49436431382e698b7871687d19aeedd2f4f806661ebadcc31299e6c80`
SHA3	`07fa21f48cfcf6edfd391c1343e41fa8c864a641910e4c8a1f308a1124ad2db8`

632 (#3)

Type	`RT_STRING`
Language	Portuguese - Brazil
Codepage	UNKNOWN
Size	`0x8e6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.24753`
MD5	`e49b06d74b60fe658b7a8e6ec9a77b77`
SHA1	`b97bc2c7580e6a58fb9b9a5ab3cb4c7ce335c4c5`
SHA256	`2327dc67546d12e34b20bf67c05d2dfc6e8d4f80644710babc9b6360c18ecc23`
SHA3	`9626465dea2ea678eaebe31304d4ada6d4afdc1f4840538b340c5c4c15cd21d4`

632 (#4)

Type	`RT_STRING`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x8de`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.81977`
MD5	`f9d6af0f2c9763a00b2360d6cb43fa8f`
SHA1	`b1b65a553bfc17688ebd874c6fdb5389595f79a9`
SHA256	`ca506a36ff3b0a05619f6be9495d93069c106b3d7cab8ca993d3cc2e3f9b34c7`
SHA3	`c445378bce16f763cc9f08263aafbc282391119996af7f122680e972fe7e6b9c`

632 (#5)

Type	`RT_STRING`
Language	Spanish - Spain (International sort)
Codepage	UNKNOWN
Size	`0x950`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.20517`
MD5	`55f1b21bf174337ea86db6289bdde6e9`
SHA1	`629c015db86d1ed6869befc8226b3a69d22abbd4`
SHA256	`39990cb92ea49360dc1017cf4f1d81f4a521e65b7102fa268db7fb5c98f55456`
SHA3	`07d59a0706925c418ee056e6d77f08527c49b79685c37aab7055ed53745fb018`

EDAT_ECOO

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.8642`
MD5	`6af2d08169700452ed5ab231f8c97227`
SHA1	`ebfc425fa166114d651358cdf9dd19c5be50c271`
SHA256	`cb277db05cef110464a15649f0c1078204c3a4c79edb9265bf9f975d2f254537`
SHA3	`cb7d5e57b983aa0ba1b49c267fd160f15b71dca33f308d5f2c991b4c77b3f6c9`

EDAT_EREF

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.20765`
MD5	`2a540afae1e1acd87dd84741acdc2b83`
SHA1	`41ed376e70fef8d18ce0c9efe5790d36120bd433`
SHA256	`0c8b2f329c7e9a4a8d94feab0362286df03d25b4da1c9ec064824de812882b89`
SHA3	`b208ae93b7af4191eb5f9f9f5167eb296d7de8af0361c7c8a175dec4e8b9f12a`

100

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.80711`
Detected Filetype	Icon file
MD5	`063454b0f4516a9294b161fd4025ab20`
SHA1	`c290d60e89737a16ebb36ae48d6bed4fa9252fd3`
SHA256	`b21da1a27f1645478bdee54003ed66322dc242041904886c390c6c76c0cbf2cc`
SHA3	`6a1cbe75f4701cfeea0bdf758cd021834d664b09f110bbbbdbf5d11d798f4575`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x324`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.43354`
MD5	`2afe53c8521ddf607b8c7100be89c2f5`
SHA1	`89ce73c77ae9b2f5335c929140172ec080ae1035`
SHA256	`0b7281ad18e616ce71cde336f94a8e56c639d2ab12b397856a49bab4d90ace71`
SHA3	`e9072167e0889911e3dafe1e97561a24bacb2d8b2ec9c2a1b7a5f607fcd4b893`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x437`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.32507`
MD5	`dfdf22478dbe23bf33b65a6e90fbf948`
SHA1	`36eb53578b6c6c322702016fa993458f5a6a060c`
SHA256	`4afc053684a3a3a3b3716d5fe02e98c16b4e000cdbc30b88896425b872987e07`
SHA3	`fba24993b4289ecdd27af187dd2697e67a6f0f514d2fa648df5450f1c628b6df`

String Table contents

Global\{32B25EF2-80FD-4C66-97E1-0890D9E9F87B}
{08CF729B-3FA8-477D-B80C-42CA25A49937}
avgSfxProgressClass
UA-58120669-4
G-0DKJC5WS6X
oM1HsGwPRq6kClvE8VLkzw
{08CF729B-3FA8-477D-B80C-42CA25A49938}
AVG Microstub/2.1
s-iavg.avcdn.net/avg/iavs9x/avg_antivirus_free_setup.exe
s-iavg.avcdn.net/avg/iavs9x/avg_antivirus_free_setup_x64.exe
honzik.avcdn.net/setup/avg-av/release/avg_antivirus_free_online_setup.exe
honzik.avcdn.net/setup/avg-av/release/avg_antivirus_free_online_setup.exe
honzik.avcdn.net/setup/avg-av/release/avg_antivirus_free_online_setup.exe


AVG Antivirus
AVG Antivirus Installer
AVG Antivirus
Programme d’installation d’AVG Antivirus
AVG Antivirus
Instalador do AVG Antivirus
AVG Antivirus
Установщик AVG AntiVirus
AVG Antivirus
Instalador de AVG Antivirus
AVG AntiVirus Free
AVG AntiVirus Free
AVG AntiVirus Free
AVG AntiVirus Free
AVG AntiVirus Free
Ready to install AVG AntiVirus Free?
Prêt à installer AVG AntiVirus Free ?
Pronto para instalar o AVG AntiVirus Free?
Готовы установить AVG AntiVirus Free?
¿Listo para instalar AVG AntiVirus Free?
Feel free to surf the web or grab a coffee.
We'll let you know when we're done.
N’hésitez pas à naviguer sur Internet ou à vous préparer un café.
Nous vous préviendrons dès que ce sera terminé.
Fique à vontade para navegar na Web ou tomar um café.
Vamos avisar quando terminarmos.
Тем временем вы можете просмотреть что-нибудь в Интернете или выпить чашечку кофе.
Мы сообщим вам, когда все будет готово.
Mientras tanto, puede navegar tranquilamente o ir por un café.
Le avisaremos cuando hayamos terminado.
Install
Cancel
Connect to the internet to install %s
You need an active internet connection to install %s. Please connect to your network and try again.
AVG is being installed. Do not shutdown.
We are sorry but AVG Antivirus cannot run on your computer because your processor does not support SSE2 instruction set.
We are sorry but AVG Antivirus requires at least Windows 7 SP1.
We are sorry but there is not enough free space available! Free some space and run the installer again.
We are sorry but there seems to be a problem connecting to AVG servers! Check your Internet connection and run the installer again.
We are sorry but the installer must be run at high integrity level!

Tip: Run it under an Administrator account or use a different browser to download the installer.
We are sorry but the AVG Antivirus installer cannot run on arm64 devices.

Tip: Check our website if there is a supported version.
We are sorry but AVG Antivirus cannot run on your computer because your processor does not support SSE3 instruction set.
Installer
Annuler
Pour installer %s, vous devez vous connecter à Internet
Pour installer %s, vous devez disposer d'une connexion Internet active. Veuillez vous connecter à votre réseau et réessayer.
AVG est en cours d'installation. N'éteignez pas l'ordinateur.
Malheureusement, votre ordinateur ne peut pas exécuter AVG Antivirus car son processeur ne prend pas en charge le jeu d'instructions SSE2.
Malheureusement, AVG Antivirus requiert au moins Windows 7 SP1.
Malheureusement, vous n'avez pas assez d'espace libre ! Libérez de l'espace et relancez le programme d'installation.
ll semble y avoir un problème de connexion avec les serveurs d'AVG. Vérifiez votre connexion Internet et relancez le programme d'installation.
Nous sommes désolés mais le programme d’installation doit être exécuté à un niveau d’intégrité élevé.

Conseil : Exécutez-le sous un compte Administrateur ou utilisez un autre navigateur pour télécharger le programme d’installation.
Nous sommes désolés mais le programme d'installation d'AVG Antivirus ne peut pas fonctionner sur les appareils ARM64.

Astuce : Vérifiez sur notre site web s'il existe une version compatible.
Malheureusement, votre ordinateur ne peut pas exécuter AVG Antivirus car son processeur ne prend pas en charge le jeu d'instructions SSE3.
Instalar
Cancelar
Conecte-se à internet para instalar o %s
Você precisa de uma conexão de internet ativa para instalar o %s. Conecte-se à sua rede e tente de novo.
O AVG está sendo instalado. Não desligue.
Infelizmente seu computador não pode executar o AVG Antivirus porque seu processador não é compatível com o conjunto de instruções SSE2.
Lamentamos, mas o AVG Antivirus necessita pelo menos do Windows 7 SP1.
Infelizmente não há espaço em disco suficiente! Libere espaço para executar o programa de instalação novamente.
Lamentamos, mas parece que há um problema para conectar os servidores AVG! Verifique sua conexão de internet e execute o programa de instalação novamente.
O instalador deve ser executado em alto nível de integridade!

Dica: execute-o em uma conta de administrador ou use outro navegador para baixar o instalador.
Lamentamos, mas o instalador do AVG Antivirus não pode ser executado em dispositivos arm64.

Dica: Veja se há uma versão compatível em nosso site.
Infelizmente seu computador não pode executar o AVG Antivirus porque seu processador não é compatível com o conjunto de instruções SSE3.
Установить
Отменить
Подключитесь к Интернету, чтобы установить %s
Чтобы установить %s, требуется исправное подключение к Интернету. Подключитесь к своей сети и повторите попытку.
Устанавливается антивирус AVG. Не выключайте систему.
К сожалению, невозможно запустить AVG AntiVirus на вашем компьютере, поскольку ваш процессор не поддерживает набор инструкций SSE2.
К сожалению, для работы AVG AntiVirus требуется как минимум Windows 7 SP1.
К сожалению, недостаточно свободного места! Освободите место и снова запустите установщик.
К сожалению, похоже, возникла проблема с подключением к серверам AVG! Проверьте подключение к Интернету и снова запустите установщик.
К сожалению, установщик должен работать на высоком уровне целостности!

Совет. Запустите его под учетной записью администратора или используйте другой браузер для загрузки установщика.
К сожалению, установщик AVG AntiVirus не работает на устройствах arm64.

Совет: проверьте на нашем сайте, есть ли поддерживаемая версия.
К сожалению, невозможно запустить AVG AntiVirus на вашем компьютере, поскольку ваш процессор не поддерживает набор инструкций SSE3.
Instalar
Cancelar
Conéctese a Internet para instalar %s
Necesita una conexión a Internet activa para instalar %s. Por favor, conéctese a su red e inténtelo de nuevo.
AVG se está instalando. No apague.
Lo sentimos, AVG AntiVirus no se puede ejecutar en su equipo porque su procesador no es compatible con el conjunto de instrucciones SSE2.
Lo sentimos, AVG AntiVirus requiere al menos Windows 7 SP1.
Lo sentimos, no queda espacio disponible suficiente. Libere algo de espacio y vuelva a ejecutar el programa de instalación.
Lo sentimos, parece que hay un problema para conectarse a los servidores de AVG. Compruebe su conexión a Internet y vuelva a ejecutar el programa de instalación.
El instalador debe ejecutarse con un alto nivel de integridad.

Sugerencia: Ejecútelo con una cuenta de administrador o use un navegador diferente para descargar el instalador.
Lo sentimos, el programa de instalación de AVG AntiVirus no se puede ejecutar en dispositivos arm64.

Consejo: compruebe en nuestro sitio web si existe una versión compatible.
Lo sentimos, AVG AntiVirus no se puede ejecutar en su equipo porque su procesador no es compatible con el conjunto de instrucciones SSE3.

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2.1.137.0
ProductVersion	2.1.137.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Gen Digital Inc.
Edition	15
FileDescription	AVG Installer
FileVersion (#2)	2.1.137.0
InternalName	microstub
LegalCopyright	Copyright ÃÂ© 2025 Gen Digital Inc. All rights reserved.
OriginalFilename	microstub.exe
ProductName	AVG
ProductVersion (#2)	2.1.137.0

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Oct-09 10:37:35
Version	`0.0`
SizeofData	`106`
AddressOfRawData	`0x2cbbc`
PointerToRawData	`0x2b1bc`
Referenced File	C:\BUILD\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Oct-09 10:37:35
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x2cc28`
PointerToRawData	`0x2b228`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Oct-09 10:37:35
Version	`0.0`
SizeofData	`1016`
AddressOfRawData	`0x2cc3c`
PointerToRawData	`0x2b23c`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2025-Oct-09 10:37:35
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x42d044`
EndAddressOfRawData	`0x42d04c`
AddressOfIndex	`0x430ae0`
AddressOfCallbacks	`0x425340`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0xa0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x430008`
SEHandlerTable	`0x42cb30`
SEHandlerCount	`35`
GuardCFCheckFunctionPointer	`4346632`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x5dff3765`
Unmarked objects	`0`
241 (40116)	`11`
243 (40116)	`128`
242 (40116)	`24`
C objects (VS 2015/2017 runtime 26706)	`18`
ASM objects (VS 2015/2017 runtime 26706)	`22`
C objects (27054)	`2`
C++ objects (VS 2015/2017 runtime 26706)	`48`
C objects (VS2008 SP1 build 30729)	`1`
Imports (VS2008 SP1 build 30729)	`15`
Total imports	`221`
C++ objects (VS2008 SP1 build 30729)	`1`
C++ objects (27054)	`13`
Resource objects (27054)	`1`
151	`2`
Linker (27054)	`1`

Errors

Leave a comment

No comments yet.