| Architecture |
IMAGE_FILE_MACHINE_I386
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date |
2026-May-11 20:33:37
|
| Detected languages |
English - United States
|
| TLS Callbacks |
1 callback(s) detected.
|
| Info |
Cryptographic algorithms detected in the binary: |
Uses constants related to MD5
Uses constants related to SHA256
Uses constants related to SHA512
Uses known Mersenne Twister constants
Microsoft's Cryptography API
|
| Suspicious |
The PE is packed with UPX |
Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
|
| Suspicious |
The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
- LoadLibraryA
- GetProcAddress
Can access the registry:
Possibly launches other programs:
Uses Microsoft's cryptographic API:
Memory manipulation functions often used by packers:
- VirtualProtect
- VirtualAlloc
Has Internet access capabilities:
- WinHttpOpen
- InternetSetOptionW
Leverages the raw socket API to access the Internet:
Can take screenshots:
|
| Info |
The PE's resources present abnormal characteristics. |
Resource 11 is possibly compressed or encrypted.
Resource 12 is possibly compressed or encrypted.
Resource 13 is possibly compressed or encrypted.
Resource 14 is possibly compressed or encrypted.
Resource 15 is possibly compressed or encrypted.
Resource 16 is possibly compressed or encrypted.
Resource 17 is possibly compressed or encrypted.
Resource 18 is possibly compressed or encrypted.
Resource 19 is possibly compressed or encrypted.
Resource 20 is possibly compressed or encrypted.
Resource 21 is possibly compressed or encrypted.
Resource 22 is possibly compressed or encrypted.
Resource 23 is possibly compressed or encrypted.
Resource 24 is possibly compressed or encrypted.
Resource 25 is possibly compressed or encrypted.
Resource 26 is possibly compressed or encrypted.
Resource 27 is possibly compressed or encrypted.
Resource 28 is possibly compressed or encrypted.
Resource 29 is possibly compressed or encrypted.
Resource 30 is possibly compressed or encrypted.
Resource COUNTRY_DIALING_CODES.JSON is possibly compressed or encrypted.
Resource 132 is possibly compressed or encrypted.
Resource BANNER.PNG is possibly compressed or encrypted.
Resource FLAGS32.PNG is possibly compressed or encrypted.
Resource FLAG_UNKNOWN_32.PNG is possibly compressed or encrypted.
Resource FLAG_UNKNOWN_64.PNG is possibly compressed or encrypted.
Resource ICOMOON.EOT is possibly compressed or encrypted.
Resource LOGO-BW.PNG is possibly compressed or encrypted.
Resource LOGO.PNG is possibly compressed or encrypted.
Resource MAIN.HTML is possibly compressed or encrypted.
Resource PSICASH_COIN.PNG is possibly compressed or encrypted.
Resource PSICASH_COIN_GREY.PNG is possibly compressed or encrypted.
Resource ROCKET.PNG is possibly compressed or encrypted.
Resource SPEED-BOOST-BUTTON-1-DAY.PNG is possibly compressed or encrypted.
Resource SPEED-BOOST-BUTTON-1-HOUR.PNG is possibly compressed or encrypted.
Resource SPEED-BOOST-BUTTON-1-MONTH.PNG is possibly compressed or encrypted.
Resource SPEED-BOOST-BUTTON-1-WEEK.PNG is possibly compressed or encrypted.
Resource TURTLE.PNG is possibly compressed or encrypted.
|
| Info |
The PE is digitally signed. |
Signer: Psiphon Inc.
Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
|
| Safe |
VirusTotal score: 0/69 (Scanned on 2026-07-03 13:20:24) |
All the AVs think this file is safe.
|
| MD5 |
a15aafde4b821e2171a6a5cf1bda4f8b
|
| SHA1 |
df36ed086a4ed95e2fe1645d43d941bafc16746d
|
| SHA256 |
78c29797f12fc3289bd1b1765f711b6922e0552ec28f04ce2d41d5bc83b5040b
|
| SHA3 |
13678409b0a9eb7c46e679de814693712d2499f170bfabf1cf04c6fa5c9d8e5c
|
| SSDeep |
196608:8R2wuPte7R6J73Fo+LOaJOTpfB2fj6S5gkD0:txw+jFo+Lc72fj6S5tY
|
| Imports Hash |
097a53de9532d3605d91ff5bc1276e25
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x118
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections |
3
|
| TimeDateStamp |
2026-May-11 20:33:37
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xe0
|
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
| Magic |
PE32
|
| LinkerVersion |
14.0
|
| SizeOfCode |
0x959000
|
| SizeOfInitializedData |
0x16000
|
| SizeOfUninitializedData |
0x12a5000
|
| AddressOfEntryPoint |
0x01BFBFE0 (Section: UPX1)
|
| BaseOfCode |
0x12a6000
|
| BaseOfData |
0x1bff000
|
| ImageBase |
0x400000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
6.0
|
| ImageVersion |
0.0
|
| SubsystemVersion |
6.0
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x1c15000
|
| SizeOfHeaders |
0x1000
|
| Checksum |
0x980c6e
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve |
0x100000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x12a5000
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
f43c8e59f6529d486feea555c493cf1a
|
| SHA1 |
d8b27512cd1e26c18af8b2ffa477a01e99f9c08c
|
| SHA256 |
69f26388da429572a39acf652718de51ee44aa0672e86896b4b56f7c0fe1dd1b
|
| SHA3 |
3d56d10ac877c2385896ca406679d4487078a8c5ca84d9649244e9df9d71386e
|
| VirtualSize |
0x959000
|
| VirtualAddress |
0x12a6000
|
| SizeOfRawData |
0x958a00
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
7.93357
|
| MD5 |
5e7639c82f1bca75f0b32f8021e5a77e
|
| SHA1 |
f2480267ad67469e546769cb5b2b2ed33f2f58e6
|
| SHA256 |
7faf7f44c20f66782b5fe139de0dc499adc0518f55454b1e68d7645fff72ee70
|
| SHA3 |
7378c93cc2092a1f0c5c64626aac7a44a0033fb91ec5cf617ccccaa9e654b054
|
| VirtualSize |
0x16000
|
| VirtualAddress |
0x1bff000
|
| SizeOfRawData |
0x16000
|
| PointerToRawData |
0x958e00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
7.48184
|
| KERNEL32.DLL |
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
|
| ADVAPI32.dll |
RegCloseKey
|
| COMCTL32.dll |
#17
|
| CRYPT32.dll |
CryptBinaryToStringA
|
| GDI32.dll |
BitBlt
|
| IPHLPAPI.DLL |
GetAdaptersAddresses
|
| ole32.dll |
OleInitialize
|
| OLEAUT32.dll |
VariantChangeType
|
| RASAPI32.dll |
RasDialW
|
| SHELL32.dll |
ShellExecuteW
|
| SHLWAPI.dll |
AssocQueryStringW
|
| USER32.dll |
GetDCEx
|
| VERSION.dll |
VerQueryValueW
|
| WINHTTP.dll |
WinHttpOpen
|
| WININET.dll |
InternetSetOptionW
|
| WS2_32.dll |
WSACleanup
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x128
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.68879
|
| MD5 |
18233d0be3f1b682130d31696ef7028a
|
| SHA1 |
74263c0d8566d38754dcb39f6f28f26c219929e5
|
| SHA256 |
931a1c48f52e193a0df5f65f1b6220a28245e898c05e3c59d97caa16dfc9c3ff
|
| SHA3 |
2d6008be2b8951b35f26cbec691278bbf7284cbcd612a2c72622b36e6f65601d
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x2e8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
4.0192
|
| MD5 |
7f240d7fbef48c2c1ad7f6130320e4dc
|
| SHA1 |
95aa53ef7434fa147fccaa4dc497347b365556cb
|
| SHA256 |
d57bb351e7a91bacf840ad93690bccd19ff4e7c142f2112387a59b38fc4d9d07
|
| SHA3 |
36e3a159f85614060b75b907b7ed493d7cfde5c9d2c4c158d29403ff966aea78
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x568
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.62289
|
| MD5 |
0497599ab053b9f097dd149e3d520253
|
| SHA1 |
a0948a230928baf29bc64db0e10b8797ad8ee4b5
|
| SHA256 |
1596acf7eac8986836e35979516581639d22b22dbd89311dbda70c75a81d16be
|
| SHA3 |
4f81e3c01e5c107af0d97a493c99c450d7d72a1fffb88d1c1cce5db4fddba969
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x8a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.86281
|
| MD5 |
cd63f56b5836c65088c5ce61cff2c971
|
| SHA1 |
80e4099311efe0f29adabb846a8a74528455b9b2
|
| SHA256 |
3dedf8909cb36d4e3c7312ab591e0ddbb60c858e4685c46b1cddea6de98b92d7
|
| SHA3 |
465c038e3b59ac5f784e2ea0f288c67fa86d64dd6b9830b13acac30e55e4d5a1
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0xea8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.32737
|
| MD5 |
3f38b0896420d34de7d27a9ffd69796f
|
| SHA1 |
71e8b4dba7a1b927060f1924aafd3d05c356c787
|
| SHA256 |
7d5083c6974f800f77285c5b7b240205556e2f161a25dcf3e34ebaad3d69892d
|
| SHA3 |
ede68be4b682e0b2b8e11c6021bdf1d5a9b07f13c7ec8d587ca677978323be16
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x468
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.87817
|
| MD5 |
70b901a24ef9b3b5135bc32fea5f9c41
|
| SHA1 |
5ffd46e778645ed0849ed11a0d1118e904d2cb3b
|
| SHA256 |
6f0bcc31342da6a0d9b2d056d859b12ab49596cef811c326e91215aa025c1488
|
| SHA3 |
6b7c45cc6d586e6a460e0474573b6f0c2fb662364295e899d309565b45117013
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x10a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.18342
|
| MD5 |
03b98c1254c359aa5b7d693e795e5dfc
|
| SHA1 |
323f55eb68ee9bedd93eb40796666e50b242082b
|
| SHA256 |
b93d225708d527d8a6fd951fbdab5d137cd7889a0a8c00cf022474caa591655e
|
| SHA3 |
b89415c65bb14a8aa12c3e68a4b8963d56a2eff3d47c22995758fd401798e960
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x25a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
4.79539
|
| MD5 |
cd65d54ea5e1629a4bc4438196f5ebf6
|
| SHA1 |
b91eb9cba17f12585b619d5f0b3a4c8bc322a45d
|
| SHA256 |
13ceb7b89aa9f5d26e1887cf2e578d0ce4bc080edcead11241b6daf4fce6fac9
|
| SHA3 |
b0269e734dfab37942de1934ff20c2ccb17dc36c994de4bc36eb20fd7473baf6
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x4c57
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.96592
|
| Detected Filetype |
PNG graphic file
|
| MD5 |
5caed698c1089585886e0aa5d8c72c59
|
| SHA1 |
5c083ebbc0b22efd62a232c969361f80b163615b
|
| SHA256 |
bfa113baadcd9bfc492259b0f3d289ab13651281cbe4144cb6253558d3f8d954
|
| SHA3 |
3e1cbc7fdc85f89585e82c041e9517b8eee16dd3796c6affc54de5c3fe0cc9ae
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0xa311
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.94804
|
| Detected Filetype |
PNG graphic file
|
| MD5 |
22abd09adce5b3a73552e9e81a3899f7
|
| SHA1 |
8df8caaa4553b0ae73be81983f3f03b0bcc14fbf
|
| SHA256 |
2017d25c3d2d41590e75e255369758412b71331f0d620e4071c199a27e778635
|
| SHA3 |
53b9f3559c84cbd736b6b229c258b7a8315e332a84692bfdeb1da822f0165998
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x128
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.17586
|
| MD5 |
cc7f63574dc018a98dc8113bc4c80a65
|
| SHA1 |
c0115ab1df586123a5c2679f55a86627829de190
|
| SHA256 |
313f16809cabaf253c7d83cc77c778398458560b3424230b7e0f429fd4d870de
|
| SHA3 |
6b8b85711d49e799812b3126a58f0ba79b58919275539953f4e966634fd73e7c
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x2e8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.56351
|
| MD5 |
c761c3d19ec75e54d38b8c78f6dc5d19
|
| SHA1 |
612d6fa8a4277e5f14c99fc740db3b94b95dc3d6
|
| SHA256 |
eec3df8088a10fbae2b5d52c61ba17cb114c35053ce82c5c3fb8751a7479c9b6
|
| SHA3 |
7ebfb7af41ede3af1f905f658d092380abdaa01387a7c597ebef92b9e15cf6e6
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x568
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.74998
|
| MD5 |
b706bb6f2ca9112308354a20d72ead8a
|
| SHA1 |
27280890464434d711ff4ca8706feba104be21f3
|
| SHA256 |
1f07c3d74a34d9106e98b3590c17f9e445e94bc62be3e0b53646a5a0863a951d
|
| SHA3 |
e3fe914de078e31f6a1fc561120626d867563e512be0ba720f55f0b7429794ce
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x8a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.81543
|
| MD5 |
b3b45f81cd5e6e724560d02f46143628
|
| SHA1 |
b372baec448f45f7fe2b922e0e7345b305cc89e6
|
| SHA256 |
b2891526239694ccd82321e09b4cef0af7aa4798499b800703dcb24477ef6dc0
|
| SHA3 |
d9ffdd977d22307e9c08f10c22923d7af0ddd363d433811ab1096e57acce8e1a
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0xea8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.86602
|
| MD5 |
c58b4c8552124a6622e072de65722898
|
| SHA1 |
fcc395e1b8c16ce1ac1a42f0be55fb09809ae4a3
|
| SHA256 |
788c5768cb5873d69446d49f8aef77ddcbedad1ed0c68b9f76829f638e710679
|
| SHA3 |
1ec7f00effbcfa2529e4b1462f25b38aecae9e737e169ccea516e105276e1ac1
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x468
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.73179
|
| MD5 |
4c4b7a7ff0eca0c21ca96f03fb0458db
|
| SHA1 |
97d92da28e20446be49fb7aa460439c51327dd75
|
| SHA256 |
6843cb5f5f34ea5a518582dda68be921c7e1328a7a4c4a6b17d99a96d1c4c2d9
|
| SHA3 |
820565c8512598b6fe0668ef56490a89711dcc61804495fdb6bbbab95a73ba8f
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x10a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.8356
|
| MD5 |
d14f46fc0d1ebc478cdb4a06c5bbaa15
|
| SHA1 |
5802e007a4b786889b38b0ccc434a412057552dd
|
| SHA256 |
66eaefbcf3537bb295ec2a1ad723141abdad5f11da1bc72c62500674456cd367
|
| SHA3 |
0c092f8682ae9df24c7ebc7223e1be5fe011f5c1d24ec3acca6bac595f396cec
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x25a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.89363
|
| MD5 |
f7ed46f01c228e6c8c99012a256ab6b9
|
| SHA1 |
21f3af99739397149400f32f3663dfa24e054e65
|
| SHA256 |
cb41e0a11647f3ea97b2340c26a7c07dd066bf7ae1f4e1b1901bb97eef76a288
|
| SHA3 |
480431753b3313ff021db9d68651b9189664e4a795fb2485a1615660de3c353a
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x4899
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.89326
|
| MD5 |
458d8bb4c21ccbc844aa94126d58e84a
|
| SHA1 |
ca25f10c9dc2e47e1d645a1c75fb776965c6fb5a
|
| SHA256 |
b3d4cb5f5a021e9735b206b5a4fe563f2bb247f592486f72878ab95ec7bb43fa
|
| SHA3 |
ff4108b823f689b66ad1eee853361e5d9e45348521e02cb8d8bce5ec01974b98
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x9d72
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.91544
|
| MD5 |
23b9b1e6b59dd7ab432421b8104dd5f4
|
| SHA1 |
ce354f570f415c392c629f51111c1363b199e5aa
|
| SHA256 |
ca9ad85bef20526c2dbd48a7c16bda3162ef07ab300ac5357e6432a9ab589790
|
| SHA3 |
dbcdb89408b946957113c2b2b10061eebee343fdaea9b6fba096ee3cb39fe7dc
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x128
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.13936
|
| MD5 |
b496103181c1d22581d86eca05d90579
|
| SHA1 |
8bf24b80f909226567850420b21e78e3080be832
|
| SHA256 |
58a6437e8e9d466642bff89ae75080025c0199b31ab409daf3d78c8a0a4613d6
|
| SHA3 |
24e2a59342af986db0652b8293920ff1ce2c844da848c042c4ede07d21cddfc7
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x2e8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.64377
|
| MD5 |
6037e3ef043630373d99ab9a1797dbdf
|
| SHA1 |
b534fa74d96bb5c5f88ecaa4ec519c72598d5002
|
| SHA256 |
cf3d357409a54eba0110f5ba1f1de77c3ee405504033c8e7b14cf826c1981eb7
|
| SHA3 |
73950f410962bf6a4fd0aa25efcb3d8e2214000e8be737046735c947daf38481
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x568
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.79942
|
| MD5 |
9a20cd91003484943d2ea41e58ff902c
|
| SHA1 |
d5a30e8883f3c0fd3a332d9e37ed2f985d00877c
|
| SHA256 |
15b4229f8ed21c437f11c116c557cead625991c7bfc108ce00a080358f1454d5
|
| SHA3 |
c8bec0f1fd1f6f05a0b1243e8ee78634f5c1d71d164037204dba6e22048f6af5
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x8a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.82172
|
| MD5 |
c9e065434445248664bc11f27dccc918
|
| SHA1 |
a8dcfa421cc77bc7b2b80eeeaca6509d31705809
|
| SHA256 |
af7e4566c26de7ef93e8453c599a019062c65079d3e2bc0c7a31e6469903f23b
|
| SHA3 |
e837e346160fa0c2d81afc73d02315749364de6b72e9e2d9720322850f082a4c
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0xea8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.84843
|
| MD5 |
89c5d18c9eb658c1e4bfa1d9a56deb35
|
| SHA1 |
adec350b40e932cb4536e8fef8073504899e474c
|
| SHA256 |
04ccab285552dee0671c62c3a7526491f084f8c30f061b9dd990900c353a212f
|
| SHA3 |
52a20e6c68642b630a658a325f434c03670a34e61ae1480456f72b5a2e128bb1
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x468
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.69261
|
| MD5 |
62c383b3cb9fba1528b8dfbc9e285616
|
| SHA1 |
660435a23c7b654e11bc797b9c4081b7d6479d7a
|
| SHA256 |
905f60424bdb8d9dfdb9538020c130efcaf4fe8c045759ac5c010eb1c4828973
|
| SHA3 |
4bcfce602fde7ea2925a71b09dc122b5eeb21b4192272d84c964ab875b0a19ae
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x10a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.86349
|
| MD5 |
95b9854c0a114f1074fd1ac96deeaadf
|
| SHA1 |
e1f96f999f0483743628a2d50960e9f2051d2d9f
|
| SHA256 |
86ff2769c349809237826d4532081a1e69f9289a3e19ffc08ee798a194b1df35
|
| SHA3 |
480491d12e9d0283e2f70a0a124592756d749ed83adf768bcd7fadf5b7de7368
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x25a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.90538
|
| MD5 |
1c09d08e14b35f8cdc0c827d1958a846
|
| SHA1 |
6442135df73b7a633b7384f33fd895283ff73661
|
| SHA256 |
a377fdb064373aad0a57742c1dc331516070ba08c5844b4c27f0021a10817388
|
| SHA3 |
b61583afa05982f0e80a129574c3b9e6a349fcc1da16d93f9ea4ef7902136ea4
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x4c57
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.91233
|
| MD5 |
e38f91a9326c454708cfbcc667d7c247
|
| SHA1 |
14b355ada8a1280204b23af390d573e4dcc5cb07
|
| SHA256 |
1b5c47ad76f6246896d39378a2415d8f9834b4d670afbab7e0d49e68565c5a97
|
| SHA3 |
cfdf059f874183a24e205440890d2d9a6ac9e0c3bb8f818c89a002e26cdef5a8
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0xa311
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.91239
|
| MD5 |
bf03b50111ee7daa52e896b7db664249
|
| SHA1 |
e193624996ccb48528bd72be04fd2c917742d055
|
| SHA256 |
07d3998b529ae6680331948128d4cc0951b569a47283f66681f8249e22ebf88b
|
| SHA3 |
6be66f6bb7a788069604c91951fcbe649658c34995e1d0d9a91894d7cbc5e1f4
|
| Type |
RT_STRING
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x42
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.68819
|
| MD5 |
f932d3c29dd88b31425ba481b32b854c
|
| SHA1 |
bd762e8624ce44e3185925374bc897c29e7fb507
|
| SHA256 |
a017bbb20dd70953b4eec1ad17db664a909d179d135036ca81ff8c7dd4f03599
|
| SHA3 |
ad271009d4b9d8bd8211bd4a0e3848299aa97a25fc67e2a6ee414069398ebc88
|
| Type |
RT_RCDATA
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x711c
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.73815
|
| MD5 |
ba788cc5190cf9817de52f7e8b667c32
|
| SHA1 |
00a15800a60440cd23097eb1cecc7888c71fe744
|
| SHA256 |
8f47bb705960913e6b10511407edcef9e562a56ccf104abd2a3007f2ea2d13d7
|
| SHA3 |
4481aa12d82ae78518d34a0cb98c2466fc6e7c30b9f44f83f439dc47e9e0e030
|
| Type |
RT_RCDATA
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x46710
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.91959
|
| MD5 |
1b383c7b4ef21fb0fa863d226e2b8273
|
| SHA1 |
185f69f64637c9708abf90f86000240a7472febe
|
| SHA256 |
0f8879c865249aadfeb11fa9de741e1f121b24f623213755869397c95c1c193b
|
| SHA3 |
5e90caac54417c07bc16a0f12d4c98c5d3267755ea3a454b17160800f6fef893
|
| Type |
RT_GROUP_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x92
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.85324
|
| Detected Filetype |
Icon file
|
| MD5 |
b88cbc2005b07c62d51cb073fe0a3436
|
| SHA1 |
c961b5ad03f9e7735f1f81d80251088f929b958b
|
| SHA256 |
70f48d1dbed89598f436f309ea1b35c6047a8b836200926c24ad429f10422bea
|
| SHA3 |
ca9da856de99015f87ac8690711f575234fc2983fe6c6b699649eaf08cf375e1
|
| Type |
RT_GROUP_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x92
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
6.70856
|
| MD5 |
a505e149b6ce6681a475a559ff8a16ad
|
| SHA1 |
7aa075d176362aa8a384917125e52d7db663ee83
|
| SHA256 |
ebde1b5939e3eee40c54c0aeb04a84eadedb6e553c601767ad347c6c3673ee45
|
| SHA3 |
d792105a1169708531ff5e650a4f4f1a47815a3961825aa073c479a668c720bf
|
| Type |
RT_GROUP_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x92
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
6.6212
|
| MD5 |
5fa31a0577c2147e9aba2a3054f01b3e
|
| SHA1 |
eddaa227ca4dfc3afc7a22a1d59e1bf2893c1623
|
| SHA256 |
e42c685528ed72ebb6387d755673a862fcff74815fdf04ed257200ed66121185
|
| SHA3 |
933aac0875627e67fbf4a96b8e0aefb4c36eb8129c798625bd3ae276db4601ac
|
| Type |
RT_HTML
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x4064
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.83455
|
| MD5 |
e7a92c3edf4692c7d5c76441dee14b74
|
| SHA1 |
98232a6c87888ddbb6f171673dbc445d02413cc0
|
| SHA256 |
defeb191bbf1b3d571c3756c4cd96172599a62eb6b4c8b6f71a3317cf8ca3c3c
|
| SHA3 |
4dabdb45dc1af848d7a4d3ac338bde8c9dc68983dbf41c503a5bde2ea9079816
|
| Type |
RT_HTML
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0xcbef
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.86402
|
| MD5 |
ed03b6e20f8088aeb103ec051b68194e
|
| SHA1 |
691640d1024a93b4330bcc54faad651ee687255f
|
| SHA256 |
c791ad29c8ed0593684355a10ebaf8aed24465b955c47e73753a53c5bb187c23
|
| SHA3 |
1afc7f1bd464adfae88a5bb2c7e1dc941466413fd73526c72ad71f4acca679da
|
| Type |
RT_HTML
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x3ab
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.57318
|
| MD5 |
ddab3e8ed45cb64488866a658215b14d
|
| SHA1 |
e9b5284f57bb54b9251e87fc80233aff4a20697a
|
| SHA256 |
60f72e68e5d3fc70139c549087ce0440df9e187f71c891401d3aea2d5e9d4be9
|
| SHA3 |
815f7584fd829e94f32d9cb5e1cd8314acd61d0299d37d6e9576db276c3c7487
|
| Type |
RT_HTML
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x946
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.7988
|
| MD5 |
7566199d078526b8955fd4aeacb99e28
|
| SHA1 |
b6953028edac0c100a3b46a00aed077117fe23fa
|
| SHA256 |
d1844184530f57ce6631ff1b42d6fa4c9529ba727146881edcbb5b1ddeeee903
|
| SHA3 |
57a47c4d84a099bd7cf3ca885c449ed2b0dc92d7e5d047e6613b45767ed583e9
|
| Type |
RT_HTML
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x63c8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.85091
|
| MD5 |
1544087004fba8710d6a4dafa9c8bdf3
|
| SHA1 |
766976774762341aef71d17c649dfc0eaeab9124
|
| SHA256 |
990a2073d4b6b210bf1698881a855ebd8f15bd404d9ed6dca92b6b99f9750f3a
|
| SHA3 |
7efca60d87ae2dc3ac02ed3ae37095810f5dd6270ff06e9c09ca43886b175d76
|
| Type |
RT_HTML
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x10b0
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.82506
|
| MD5 |
c65ec9d200e7b79a6a75c3a6db25f82d
|
| SHA1 |
138607daf637a955168319696bb58de0e97c8705
|
| SHA256 |
f14222894d5438f801d05a000bd1855557338a2f842abed77cecfc12b3994222
|
| SHA3 |
06213ede62a068750d2360cac8955be0bee4ce955165effe108b44521ab79b5f
|
| Type |
RT_HTML
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x10bb
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.77785
|
| MD5 |
2ecbb25b24c353784191e274880cc7d0
|
| SHA1 |
9cf4381ca77b733ca7fdca65335ceeffd9494cf8
|
| SHA256 |
48cf3ffd1603ab3afb876fde9b7893c02be1374dd6b0dd6910c5cf1bb824773b
|
| SHA3 |
d31946b5fc731f0fecd11b52c8b5dd34ba3de5a7aa23106aac5264c1ef139814
|
| Type |
RT_HTML
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x2f710c
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.92613
|
| MD5 |
e47ea7b437e4e93d09301b5ab4d76360
|
| SHA1 |
78dc02d762fb61f9e9f53dec2c2eca24fec8d45c
|
| SHA256 |
4dcddff5229220e64fcace042fa6e87ef40681565e7027a7a9180f469b205e49
|
| SHA3 |
05f46ac922cd91051bb5efc9d39eff2028b36ed481b5c8178a9d02ab5bbb5064
|
| Type |
RT_HTML
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0xa65
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.78693
|
| MD5 |
c0638b8583a0060866da38d525784d01
|
| SHA1 |
bedb36870d5df1d251f93b767bf3020d4412cb04
|
| SHA256 |
afc22886432b022dcb00200820f35652ec80ef48d6d9dea30a0a4935bc83ec35
|
| SHA3 |
57fdd13a410bc221d47a208dbd7b52e0a8d8f70ee13307790f9b47223b6710ae
|
| Type |
RT_HTML
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x5f8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.67418
|
| MD5 |
5582730bd5980ed9a912ade73cc103da
|
| SHA1 |
8ba5ffa675b9861af54140cb2f06f6108ce6a037
|
| SHA256 |
b970d0cf17bd407be1047e26c43e00e750e51489899a954b56cfcf38c7d75610
|
| SHA3 |
d5b542a9e1f816332684f805916c010d1d2e4fcc1edcac80dfa88ea09a02cc39
|
| Type |
RT_HTML
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x1759
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.85973
|
| MD5 |
e6c3e8e99bcda14fe288303932cb0ba7
|
| SHA1 |
93c18c56dee575239679178476260e2dee5c406d
|
| SHA256 |
3a9998dcbeea3f52dfbcc7733cbfd3d89d31e540cfc628b319a144ec8dfec6f0
|
| SHA3 |
dcd74e3c61bbc66c3926f1b53e383a9bc2e8d32dce5cee2ea48602a2e4960ab8
|
| Type |
RT_HTML
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x230e
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.80875
|
| MD5 |
6e3f511db7768d7000d2eb85504c32cb
|
| SHA1 |
9d799190361d8365fc03913c0987560d83935ca6
|
| SHA256 |
94b512a49a6bca1d24664afb02decdcef5b9043c30a7a255434d533d26386e3f
|
| SHA3 |
abc0f97270bca3399ee49df9797114bdccbaa6ca9b359aacbf1587e8e2dca577
|
| Type |
RT_HTML
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x2316
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.83131
|
| MD5 |
4e79f9d1957102cdb688dcc12b06ab76
|
| SHA1 |
998640c0e8593ec215d4f0ae92faab253af002a3
|
| SHA256 |
6dc90addb6dfba38f02045695c2951bbb4b049344b4e4b5dd9dfd7788235fe9a
|
| SHA3 |
c27cffc60913ff39031129e9aa67425e612988e45964e0f7a2971b5a948b67f2
|
| Type |
RT_HTML
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x23da
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.82266
|
| MD5 |
06caf4c0e32db2e1616646d6f00a4f67
|
| SHA1 |
98b69ae581fab58228b59b8eebd3c053d1a6b5a9
|
| SHA256 |
e55c0248c849095f762a2fe1a62a4444b5fe535ee62ad271bd128d6f9e0b6a36
|
| SHA3 |
bf2df81d7ea8778a96217e11119c07fd84542324e1b3a131422ee9e9fd3a4013
|
| Type |
RT_HTML
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x26b6
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.81587
|
| MD5 |
7534b0e34094de5fe377a09ce61e7281
|
| SHA1 |
473eb21f232b5fd8485ea51978adf113f7aa5815
|
| SHA256 |
2808179265affb4d8e97876d7b10b6dfb585f738c79a9fd7f26932638e893385
|
| SHA3 |
674503639db402238a152fb0cdd0ee9f0eca910b1d45ac51d90d14b2db09aa1b
|
| Type |
RT_HTML
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x1e18
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.85403
|
| MD5 |
62939789d791777a1a320e8e0482dfb2
|
| SHA1 |
828546f02cefdd7ba4976cb2bd6c216ffa5e012b
|
| SHA256 |
7af09ce570685a99fb3f8f88c64479f6a33e93ad587319cbae8db9e1c4e90b4e
|
| SHA3 |
02ef992fe77d3543cda657a1b60f1a678de74d965c9c0c6505cfe82aa240a20c
|
| Type |
RT_MANIFEST
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x30e
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.18815
|
| MD5 |
9cb08c39cf7471dbc6a1def890817311
|
| SHA1 |
a427014792927fcf951afda0a933e88cc945adb2
|
| SHA256 |
6869f7f08f1b7d9a40b6b900cb225530b10cfce04a91b5b457174775b46e316b
|
| SHA3 |
78b43bd3e74710dc6b977499963c0b3fbc652bee4017675719e0ff9a2dec995c
|
| StartAddressOfRawData |
0x1ffc214
|
| EndAddressOfRawData |
0x1ffe93c
|
| AddressOfIndex |
0x5d8a38
|
| AddressOfCallbacks |
0x1ffe93c
|
| SizeOfZeroFill |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_8BYTES
|
| Callbacks |
0x01FFC1DA
|
| Size |
0x5c
|
| TimeDateStamp |
1970-Jan-01 00:00:00
|
| Version |
0.0
|
| GlobalFlagsClear |
(EMPTY)
|
| GlobalFlagsSet |
(EMPTY)
|
| CriticalSectionDefaultTimeout |
0
|
| DeCommitFreeBlockThreshold |
0
|
| DeCommitTotalFreeThreshold |
0
|
| LockPrefixTable |
0
|
| MaximumAllocationSize |
0
|
| VirtualMemoryThreshold |
0
|
| ProcessAffinityMask |
0
|
| ProcessHeapFlags |
(EMPTY)
|
| CSDVersion |
0
|
| Reserved1 |
0
|
| EditList |
0
|
| SecurityCookie |
0x5d1390
|
| SEHandlerTable |
0x5b5380
|
| SEHandlerCount |
1072
|
| XOR Key |
0x3a171e8f
|
| Unmarked objects |
0
|
| ASM objects (27412) |
27
|
| C++ objects (27412) |
198
|
| C objects (CVTCIL) (27412) |
1
|
| ASM objects (VS2015 UPD3 build 24123) |
25
|
| C++ objects (VS2015 UPD3 build 24123) |
126
|
| C objects (VS2015 UPD3 build 24123) |
38
|
| C objects (27412) |
44
|
| Imports (27412) |
33
|
| Total imports |
416
|
| C objects (24245) |
22
|
| C++ objects (24245) |
8
|
| C++ objects (LTCG) (VS2015 UPD3.1 build 24215) |
78
|
| Resource objects (VS2015 UPD3 build 24210) |
1
|
| Linker (VS2015 UPD3.1 build 24215) |
1
|
[*] Warning: Ignored an invalid IMAGE_RESOURCE_DATA_ENTRY
[*] Warning: Section UPX0 has a size of 0!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[!] Error: The number of ICON_DIRECTORY_ENTRIES is bigger than the number of resources in the file.
[*] Warning: Resource 146 is empty!
[!] Error: The number of ICON_DIRECTORY_ENTRIES is bigger than the number of resources in the file.
[*] Warning: Resource 147 is empty!