Manalyze report for 798c4779d54e63037dce767d4dbda9a3043e268a4383c2d4a656bedb862ef25d

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2024-Apr-09 19:33:50
Detected languages	English - United States

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: github.com https://github.com`
Suspicious	The PE is possibly packed.	`Unusual section name found: .itext` `Unusual section name found: .didata`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Can access the registry: RegQueryValueExW RegOpenKeyExW RegCloseKey`
Info	The PE's resources present abnormal characteristics.	`The binary may have been compiled on a machine in the UTC+2 timezone.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`997daed7e5e39c667c8145140643ab41`
SHA1	`53cddd27a69e8a20f0c61dcbf46ca8f26373c8f0`
SHA256	`798c4779d54e63037dce767d4dbda9a3043e268a4383c2d4a656bedb862ef25d`
SHA3	`68a55737e0792b25629c043544b0f0dc4f0f2e660c205204b55000a0bc65a5b4`
SSDeep	`12288:MBhMHQivP0ONvjgPMGGddlkAcimQcHpcmhf1z0I7:KMnvP0ONvEPMFvlkAmQXafm`
Imports Hash	`8e10943a87218a2860387d45456e339a`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`10`
TimeDateStamp	2024-Apr-09 19:33:50
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_BYTES_REVERSED_HI` `IMAGE_FILE_BYTES_REVERSED_LO` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0xc1400`
SizeOfInitializedData	`0x1d800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000C2CB4 (Section: .itext)`
BaseOfCode	`0x1000`
BaseOfData	`0xc3000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0xed000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`aebc307a1efed0366e7ea4e023b58d1d`
SHA1	`adf88db632dccc388d083ab7a17b9fa41a2d260b`
SHA256	`c9766b2d7a0546fdaaa314c71fcfc3585f87932017fa7e8d3d122400c01fb65d`
SHA3	`e3f45809ec779779c1ab49b4ec6cfcf0720b37dd2f761b70e15eefd55497d2e5`
VirtualSize	`0xbd4dc`
VirtualAddress	`0x1000`
SizeOfRawData	`0xbd600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.46796`

.itext

MD5	`5f12273d9559f551194a5cecab05e4fe`
SHA1	`7d7ba5427448b1d4c355a6d220a87aaea01fd208`
SHA256	`10e927d03c58263c0c9d2ed7b29bdeedbcf23d668f0610f5d58b37b3596f4088`
SHA3	`1d82974f19aab0cbb6dd7b12bba9b472b844b160d07a2c11711fad93872ded04`
VirtualSize	`0x3db4`
VirtualAddress	`0xbf000`
SizeOfRawData	`0x3e00`
PointerToRawData	`0xbda00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.71104`

.data

MD5	`86a51628e50080826b952330af33acb7`
SHA1	`221740205fd736124b3df86f04ffb389cac624da`
SHA256	`8cb22322c9437081529a5abd9b26760ec4bce75fe05bc6234d257eeb3ef20a2a`
SHA3	`b99e37737d1ca241eefb798b80993ba1f3c48156fc2ecb8bdb8c4a0da8d23a52`
VirtualSize	`0x6a34`
VirtualAddress	`0xc3000`
SizeOfRawData	`0x6c00`
PointerToRawData	`0xc1800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.28223`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x6234`
VirtualAddress	`0xca000`
SizeOfRawData	`0`
PointerToRawData	`0xc8400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`aa2ba175440c41348d3e8b2b7f35a145`
SHA1	`896d6f82320b75d203cc29837384bb1b2311ddf3`
SHA256	`3da9a6fd1f2713fc31c2c35b9931515572baa8ff5990931a01d899551fd0ba53`
SHA3	`33818431ec2724bbf1cd256fa711b9bc3441e2e37e824183ff9f4de6caffd695`
VirtualSize	`0x1296`
VirtualAddress	`0xd1000`
SizeOfRawData	`0x1400`
PointerToRawData	`0xc8400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.81928`

.didata

MD5	`f80ba2ebd2c6df42286e611edd644bb7`
SHA1	`dca12fd35de7ec7599c117fc94d4e101fee5d866`
SHA256	`cbe4ee03e0feceb5a7c91d22944032d0803a20e64e835c03155398e7a37965f4`
SHA3	`0fd5499dcf8c0a308eeb06beef360d2312f97da89bbba7dd1ade4e0dbada760b`
VirtualSize	`0x184`
VirtualAddress	`0xd3000`
SizeOfRawData	`0x200`
PointerToRawData	`0xc9800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.88307`

.tls

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x14`
VirtualAddress	`0xd4000`
SizeOfRawData	`0`
PointerToRawData	`0xc9a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rdata

MD5	`cea961037c72adfb8d8918ad78157b48`
SHA1	`46ec6f46329ab2ce46e769cff3ffcb12b7095f01`
SHA256	`8040a3120f835a0fc3742e32e8a4fbe556d4fb21786774aa611041ce2dc2a1fc`
SHA3	`75403731fc8eecabbfe1238e245b5067dca7686a0f05287df6cd3cee30e4c7c7`
VirtualSize	`0x18`
VirtualAddress	`0xd5000`
SizeOfRawData	`0x200`
PointerToRawData	`0xc9a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.210826`

.reloc

MD5	`6314a103876369d258a1c713be6dc1cd`
SHA1	`0c7fac0eb47a0beab8801b2f5760e36e4f2e4ba6`
SHA256	`1651ee976533689c4209d848afe86d2b64b434bd9aa9fc79acb0a491f417c9cd`
SHA3	`c270b8dc217f65f1dd41c2fee6e1cf40ba498ff6b4959968e2fe6a42769d1f8e`
VirtualSize	`0x11184`
VirtualAddress	`0xd6000`
SizeOfRawData	`0x11200`
PointerToRawData	`0xc9c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.65778`

.rsrc

MD5	`a55e52d10814ff923be32e60e5bac573`
SHA1	`3b9e7de9a5e75fc8fc463c3134cc14417247c2cd`
SHA256	`5263f6972c88de2331079b5b117457066e55a1ec471c39f9894661e9df63d602`
SHA3	`dd8eaa62cb197e9085174d5dbd6458100efa8ac8c1e39953eea3bde7d4c10d72`
VirtualSize	`0x4200`
VirtualAddress	`0xe8000`
SizeOfRawData	`0x4200`
PointerToRawData	`0xdae00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.94241`

Imports

oleaut32.dll	`SysFreeString` `SysReAllocStringLen` `SysAllocStringLen`
advapi32.dll	`RegQueryValueExW` `RegOpenKeyExW` `RegCloseKey`
user32.dll	`MessageBoxA` `CharNextW` `LoadStringW`
kernel32.dll	`Sleep` `VirtualFree` `VirtualAlloc` `lstrlenW` `lstrcpynW` `VirtualQuery` `GetTickCount` `GetSystemInfo` `GetVersion` `CompareStringW` `IsDBCSLeadByteEx` `IsValidLocale` `SetThreadLocale` `GetSystemDefaultUILanguage` `GetUserDefaultUILanguage` `GetLocaleInfoW` `WideCharToMultiByte` `MultiByteToWideChar` `GetConsoleOutputCP` `GetConsoleCP` `GetACP` `LoadLibraryExW` `GetStartupInfoW` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetCommandLineW` `FreeLibrary` `GetLastError` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `ExitProcess` `GetCurrentThreadId` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `FindFirstFileW` `FindClose` `WriteFile` `SetFilePointer` `SetEndOfFile` `ReadFile` `GetFileType` `GetFileSize` `CreateFileW` `GetStdHandle` `CloseHandle`
kernel32.dll (#2)	`Sleep` `VirtualFree` `VirtualAlloc` `lstrlenW` `lstrcpynW` `VirtualQuery` `GetTickCount` `GetSystemInfo` `GetVersion` `CompareStringW` `IsDBCSLeadByteEx` `IsValidLocale` `SetThreadLocale` `GetSystemDefaultUILanguage` `GetUserDefaultUILanguage` `GetLocaleInfoW` `WideCharToMultiByte` `MultiByteToWideChar` `GetConsoleOutputCP` `GetConsoleCP` `GetACP` `LoadLibraryExW` `GetStartupInfoW` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetCommandLineW` `FreeLibrary` `GetLastError` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `ExitProcess` `GetCurrentThreadId` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `FindFirstFileW` `FindClose` `WriteFile` `SetFilePointer` `SetEndOfFile` `ReadFile` `GetFileType` `GetFileSize` `CreateFileW` `GetStdHandle` `CloseHandle`
user32.dll (#2)	`MessageBoxA` `CharNextW` `LoadStringW`
kernel32.dll (#3)	`Sleep` `VirtualFree` `VirtualAlloc` `lstrlenW` `lstrcpynW` `VirtualQuery` `GetTickCount` `GetSystemInfo` `GetVersion` `CompareStringW` `IsDBCSLeadByteEx` `IsValidLocale` `SetThreadLocale` `GetSystemDefaultUILanguage` `GetUserDefaultUILanguage` `GetLocaleInfoW` `WideCharToMultiByte` `MultiByteToWideChar` `GetConsoleOutputCP` `GetConsoleCP` `GetACP` `LoadLibraryExW` `GetStartupInfoW` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetCommandLineW` `FreeLibrary` `GetLastError` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `ExitProcess` `GetCurrentThreadId` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `FindFirstFileW` `FindClose` `WriteFile` `SetFilePointer` `SetEndOfFile` `ReadFile` `GetFileType` `GetFileSize` `CreateFileW` `GetStdHandle` `CloseHandle`
kernel32.dll (#4)	`Sleep` `VirtualFree` `VirtualAlloc` `lstrlenW` `lstrcpynW` `VirtualQuery` `GetTickCount` `GetSystemInfo` `GetVersion` `CompareStringW` `IsDBCSLeadByteEx` `IsValidLocale` `SetThreadLocale` `GetSystemDefaultUILanguage` `GetUserDefaultUILanguage` `GetLocaleInfoW` `WideCharToMultiByte` `MultiByteToWideChar` `GetConsoleOutputCP` `GetConsoleCP` `GetACP` `LoadLibraryExW` `GetStartupInfoW` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetCommandLineW` `FreeLibrary` `GetLastError` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `ExitProcess` `GetCurrentThreadId` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `FindFirstFileW` `FindClose` `WriteFile` `SetFilePointer` `SetEndOfFile` `ReadFile` `GetFileType` `GetFileSize` `CreateFileW` `GetStdHandle` `CloseHandle`
kernel32.dll (#5)	`Sleep` `VirtualFree` `VirtualAlloc` `lstrlenW` `lstrcpynW` `VirtualQuery` `GetTickCount` `GetSystemInfo` `GetVersion` `CompareStringW` `IsDBCSLeadByteEx` `IsValidLocale` `SetThreadLocale` `GetSystemDefaultUILanguage` `GetUserDefaultUILanguage` `GetLocaleInfoW` `WideCharToMultiByte` `MultiByteToWideChar` `GetConsoleOutputCP` `GetConsoleCP` `GetACP` `LoadLibraryExW` `GetStartupInfoW` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetCommandLineW` `FreeLibrary` `GetLastError` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `ExitProcess` `GetCurrentThreadId` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `FindFirstFileW` `FindClose` `WriteFile` `SetFilePointer` `SetEndOfFile` `ReadFile` `GetFileType` `GetFileSize` `CreateFileW` `GetStdHandle` `CloseHandle`
oleaut32.dll (#2)	`SysFreeString` `SysReAllocStringLen` `SysAllocStringLen`
kernel32.dll (delay-loaded)	`Sleep` `VirtualFree` `VirtualAlloc` `lstrlenW` `lstrcpynW` `VirtualQuery` `GetTickCount` `GetSystemInfo` `GetVersion` `CompareStringW` `IsDBCSLeadByteEx` `IsValidLocale` `SetThreadLocale` `GetSystemDefaultUILanguage` `GetUserDefaultUILanguage` `GetLocaleInfoW` `WideCharToMultiByte` `MultiByteToWideChar` `GetConsoleOutputCP` `GetConsoleCP` `GetACP` `LoadLibraryExW` `GetStartupInfoW` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetCommandLineW` `FreeLibrary` `GetLastError` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `ExitProcess` `GetCurrentThreadId` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `FindFirstFileW` `FindClose` `WriteFile` `SetFilePointer` `SetEndOfFile` `ReadFile` `GetFileType` `GetFileSize` `CreateFileW` `GetStdHandle` `CloseHandle`

Delayed Imports

Attributes	`0x1`
Name	`kernel32.dll`
ModuleHandle	`0xd3060`
DelayImportAddressTable	`0xd306c`
DelayImportNameTable	`0xd308c`
BoundDelayImportTable	`0xd30ac`
UnloadDelayImportTable	`0xd30c4`
TimeStamp	`1970-Jan-01 00:00:00`

4081

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xd8`
TimeDateStamp	2024-Apr-09 21:33:50
Entropy	`2.91405`
MD5	`30e6911231db2c6e8deea5575a61a1da`
SHA1	`f3f8519250a9afbd20b190460888219535fccfd7`
SHA256	`f907a8c93ae6b31f1c0ee714f686a62d6ef0b7f1b70a3776fda35c542779a4c5`
SHA3	`febfaeda8fee9eb82143f67634ea82133851165136714ee3a327eb8aed580362`

4082

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x38c`
TimeDateStamp	2024-Apr-09 21:33:50
Entropy	`3.23181`
MD5	`7b0b3165ab44268dd39301f776971f35`
SHA1	`309ff95bc4ce572ce490b42c52d7f3f35f3f8835`
SHA256	`e160b117c1c4cca1ec713efb5cdaa73cd9dd1db21a8fa29b01042ce5166e25f6`
SHA3	`7401a7aa2bae7e4938ad7d758de5447acd91dff09741e746382005d228b24dcd`

4083

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x490`
TimeDateStamp	2024-Apr-09 21:33:50
Entropy	`3.29117`
MD5	`a3fe094510e389f5a04bc4983a10bf48`
SHA1	`433027445d703e97483c219b20dcfc236c98bd1f`
SHA256	`db7ca1dd9d8707504ccfeeda0aa5e55bace40428c42102be2789b44b017ae5a4`
SHA3	`366bb3cbac530d537aba4b8349aa4239574f85e7a2d5b91028af25970109caff`

4084

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x474`
TimeDateStamp	2024-Apr-09 21:33:50
Entropy	`3.23337`
MD5	`19726f24071c79efeed58d4872d14d4b`
SHA1	`109a7228015bad6b4b2c2bb81723e54bedb0a39b`
SHA256	`3aa53d9259623284a3811ebf378c25952b5fd5e4561ae8492676725187abda70`
SHA3	`b92e6b1a323ddeb69031e5ce33e7f477b78ff1b0d41d915733c877e38a43fdf1`

4085

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x520`
TimeDateStamp	2024-Apr-09 21:33:50
Entropy	`3.44587`
MD5	`e6debe47c09e60f9deceef6b8aea9418`
SHA1	`15818321f67f923ee6d37a7f2b7240e1f72af44c`
SHA256	`a181214f361bc732954a2156675ad4a91f8822a55773419e259d2c6a274edb6d`
SHA3	`86b4858066289a66659549f676e216a543a796fe6d285e5db3aae2cfb0b8c222`

4086

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x34c`
TimeDateStamp	2024-Apr-09 21:33:50
Entropy	`3.47366`
MD5	`1e16bd3c7fee3002614368bc6df9d12e`
SHA1	`59d573af73c15691de5cfbdb92f121559b9efe17`
SHA256	`2613b9eeccca69d9dd7f207e3885b1868d9c83f2b5e7014db008330faab02795`
SHA3	`2405003d7c5876c7b87ee26a5848ba572a4611f3be1550fb6885cf7e1d043c53`

4087

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4a8`
TimeDateStamp	2024-Apr-09 21:33:50
Entropy	`3.27958`
MD5	`6314219fe97af4ce163b3ee29638acd2`
SHA1	`8e71430aa69ef79fd12ac222f12e570408d7ef64`
SHA256	`282549f1b67563982f94234a36465646f195673c22d439e91862cef4ba8d90bf`
SHA3	`9bc3cd5165046fdc107cf621bdf10aba0ee4630a8b3d0a4223562cc2ad238094`

4088

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3a4`
TimeDateStamp	2024-Apr-09 21:33:50
Entropy	`3.27878`
MD5	`40558d2f5c4e4ce61fc435cbd65ebef6`
SHA1	`ba8534ca590333d3402bff20fab36f5a0125d2a6`
SHA256	`aee1543afab691c7e850da31439a86ddb7566a10d99fcab3d9bb8a66acffaf69`
SHA3	`3bb0114d336ca442cbc1c86183e76f80699b05d41181838c7371d2addfae7cad`

4089

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3ac`
TimeDateStamp	2024-Apr-09 21:33:50
Entropy	`3.27071`
MD5	`25bc134f68543948ae362e28b8a2fa52`
SHA1	`f3a5851779166d7b6ecc8766115a87c1d35cbda9`
SHA256	`32eac44b0b58204686e402cce2295e6d7e2f38859e855f603eafcfe34ed0bcd0`
SHA3	`be9c6856750396296e082d6339194e6d514c8739b5ee77ad467811403bc71d6a`

4090

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x240`
TimeDateStamp	2024-Apr-09 21:33:50
Entropy	`3.34225`
MD5	`599e772b5190adb1c8ac4c0a0df145a2`
SHA1	`7f21e8c8f18eb947e218f08a7324438107e35044`
SHA256	`02875c3d9d2b4f6acf626c69cd808ddd2cec0a125616b6c122d69398248ac228`
SHA3	`6cece6172b20facf54c30ee69f73010cc2d5dcb7c30e03a79c07de698fc87b56`

4091

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xb8`
TimeDateStamp	2024-Apr-09 21:33:50
Entropy	`3.34235`
MD5	`032202aebb86c9cd02f74935cea9f678`
SHA1	`989e42adbe1557b65c91efe96260ea42c79442b9`
SHA256	`fdc5a10957d05b09b96894fde7b40cce336d32469e3542fb05a3c0a4a7deaae2`
SHA3	`8c43e8353c29ee672e3745d35ddf682e3ad2d05eddb31a050a4b5d5936857b4f`

4092

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xd0`
TimeDateStamp	2024-Apr-09 21:33:50
Entropy	`3.27608`
MD5	`5414cdc49ce654a6465aa840aa1a8107`
SHA1	`26521a3f46ca55c77953f382be108efd6239015a`
SHA256	`9ea3f9f827888532e291f2db17180dddcca4a519a85cbec7fdb9ac13342da321`
SHA3	`8bede8ae89b74b44155d482d0034d8812c13d192b776932b2edf3e48a73c84bc`

4093

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x330`
TimeDateStamp	2024-Apr-09 21:33:50
Entropy	`3.34523`
MD5	`1d4bb9a328eb0edae7f5cffa72057f1e`
SHA1	`3872e7383589179edd1e65ed86de61f8aecc53aa`
SHA256	`938ee8f2e167af40d9b96396084fbd0b7609aedd38d0bd57205298cd14db76dc`
SHA3	`6cf4d9e124a708eb6882eb374744e44202cbdc89fbe0a934ac13842afb6d3791`

4094

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x480`
TimeDateStamp	2024-Apr-09 21:33:50
Entropy	`3.30208`
MD5	`9b63db49e4ab58b8d4980c783df977ef`
SHA1	`e1a6ce58efed88bb413b4a86ce2b175480f1532e`
SHA256	`f78a03a5fa3eb9578ee36f5b39d3670db30d76d40ea611c3b95e7b9705c86c31`
SHA3	`23121a90769cd84a4a67cf884cada69592c103ff0eb7e43039bdad72772d9ba4`

4095

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x36c`
TimeDateStamp	2024-Apr-09 21:33:50
Entropy	`3.3507`
MD5	`bf196a4ad42e87eeefa60d34c6f3e30e`
SHA1	`4462175b6ff7e0fbaececa4989fe4b59e6a81836`
SHA256	`dc9018a5f24c3a8c57b791c2722791729e1abb084b49f50e54f294676d28d72e`
SHA3	`b4ba021d9c8f4605df2701d362423b71f7aab4e426778637be40ee3c08a3aa29`

4096

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2c4`
TimeDateStamp	2024-Apr-09 21:33:50
Entropy	`3.33673`
MD5	`121a4dffa6bb56a9aec9a5092ccb00dc`
SHA1	`217ddcd82e225057bc890dfb15d90b9b65ac1063`
SHA256	`cfd35ea0368128bde503fd58e1bca3278e8c02c0248e668a236b6de0067f3f23`
SHA3	`621721948e80c1b568536e0de9cfca308cdcafa7176bc4a13db29e94b33b4e9b`

DVCLAL

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10`
TimeDateStamp	2024-Apr-09 21:33:50
Entropy	`4`
MD5	`a40263c75fde7440b1086b7da9c51fc2`
SHA1	`139a84f87110fb5cb16a386adade21f30cae98b0`
SHA256	`e7dbe99baa5c1045cdf7004edb037018b2e0f639a5edcf800ec4514d5c8e35b5`
SHA3	`d3a734fa7d36868d301f9569de92e1bfc551e4b5cf6d7c59eace8d0a554093c0`

PACKAGEINFO

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3f4`
TimeDateStamp	2024-Apr-09 21:33:50
Entropy	`5.21153`
MD5	`318d1df56634b2a7bf8371c4b7615b8a`
SHA1	`b6e0d3b21e9c22540567f28db92e15d035fe602d`
SHA256	`cd9e705ec8b25fe702e1df248b8744b3244f5579820f60449578523c550d6131`
SHA3	`beeda40a5232f589cc4891274668525fbf9b56f3f1dc8baab4360756eb36e44e`

PLATFORMTARGETS

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	2024-Apr-09 21:33:50
Entropy	`1`
MD5	`25daad3d9e60b45043a70c4ab7d3b1c6`
SHA1	`0e356ba505631fbf715758bed27d503f8b260e3a`
SHA256	`47dc540c94ceb704a23875c11273e16bb0b8a87aed84de911f2133568115f254`
SHA3	`47b7fb6f259cfa242dc8e381efb31dad613f8bfe5a8a92f524d1a0a7058c56dc`

RES_HELP

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1d5`
TimeDateStamp	2024-Apr-09 21:33:50
Entropy	`4.52323`
MD5	`87796a09d11ccfd218d55651efb2ba48`
SHA1	`a1e82dfaee9a7f13be9830a40dadab175ba1658c`
SHA256	`d342222a49f2f5e463bf8f54e8f4ef865aadc7f5c218c801bca970f67152308c`
SHA3	`ddf77c75dce8644b97aac72a6ab9c12e9f3f44d0ff69518e323c4144552c3210`

RES_HELP2

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3ea`
TimeDateStamp	2024-Apr-09 21:33:50
Entropy	`4.55486`
MD5	`d55d08b5004a74ac3a0d75467af8d9be`
SHA1	`c28441affece825aa6e05cfa44b8c3676109ca55`
SHA256	`d667ccd7b7eec2045500a7842a9bc8d737273e63e48e9b21eee5f9a99e37eccb`
SHA3	`3378f7b8ec4a1971639319622f78783c0ef8cb8d74024714e2e1dc5ddaa91d72`

String Table contents

%s is not a valid BCD value
Could not parse SQL TimeStamp string
Invalid SQL date/time values
Dataset not in edit or insert mode
Cannot perform this operation on a closed dataset
Cannot perform this operation on an empty dataset
Cannot modify a read-only dataset
Nested dataset must inherit from %s
False
True
Parameter '%s' not found
Unable to load bind parameters
Field '%s' is of an unsupported type
SQL not supported
Execute not supported
Operation not allowed on a unidirectional dataset
Unassigned variant value
Record not found
BCD overflow
Type mismatch for field '%s', expecting: %s actual: %s
Size mismatch for field '%s', expecting: %d actual: %d
Invalid variant type or size for field '%s'
Value of field '%s' is out of range
Field '%s' must have a value
Field '%s' has no dataset
Field '%s' cannot be a calculated or lookup field
Field '%s' cannot be modified
Duplicate index name '%s'
No index for fields '%s'
Index '%s' not found
Duplicate name '%s' in %s
Circular datalinks are not allowed
Lookup information for field '%s' is incomplete
DataSource cannot be changed
Cannot perform this operation on an open dataset
Source file open error, skipped.
Skipped, destination file exists.
DELETED
Invalid field size
Invalid FieldKind
Field '%s' is of an unknown type
Field name missing
Duplicate field name '%s'
Field '%s' not found
Cannot access field '%s' as type %s
Invalid value for field '%s'
%g is not a valid value for field '%s'. The allowed range is %g to %g
%s is not a valid value for field '%s'. The allowed range is %s to %s
'%s' is not a valid integer value for field '%s'
'%s' is not a valid boolean value for field '%s'
'%s' is not a valid floating point value for field '%s'
No single cast observer with ID %s was added to the observer collection
No multi cast observer with ID %s was added to the observer collection
dbf2csv
1.00
Copyright (c) 2024 TinyCthulu
https://github.com/TinyCthulhu/dbf2csv
Unknown command. Type: "dbf2csv -help" for help.
<source_name> not declared, type: "dbf2csv -help" for help.
Too many parameters. Type: "dbf2csv -help" for help.
Invalid parameter, file "%s" does not exist.
Error in parameter <%s>, source directory is invalid.
Error in parameter <%s>, <destination_name> is invalid.
No matching files.
%d out of %d file(s) converted.
Error: cannot convert itself.
Error while reading record data.
%s (Version %d.%d, Build %d, %5:s)
%s Service Pack %4:d (Version %1:d.%2:d, Build %3:d, %5:s)
32-bit Edition
64-bit Edition
Windows
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2
Windows 2000
Windows XP
Windows Server 2003
Windows Server 2003 R2
Observer is not supported
Cannot have multiple single cast observers added to the observers collection
The object does not implement the observer interface
The given "%s" local time is invalid (situated within the missing period prior to DST).
Length of Strings and Objects arrays must be equal
Timespan too long
The duration cannot be returned because the absolute value exceeds the value of TTimeSpan.MaxValue
Value cannot be NaN
Negating the minimum value of a Timespan is invalid
Invalid Timespan format
Timespan element too long
''%s'' is not a valid date
''%s'' is not a valid date and time
''%s'' is not a valid integer value
''%s'' is not a valid time
Invalid argument to time encode
Argument out of range
Item not found
Duplicates not allowed
Invalid property value
List capacity out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d)
Out of memory while expanding memory stream
%s has not been registered as a COM class
Error reading %s%s%s: %s
Stream read error
Property is read-only
Resource %s not found
%s.Seek not implemented
Operation not allowed on sorted list
%s not in a class registration group
Property %s does not exist
Stream write error
The specified file was not found
Cannot assign a %s to a %s
Can't write to a read-only resource stream
Class %s not found
A class named %s already exists
List does not allow duplicates ($0%x)
A component named %s already exists
String list does not allow duplicates
Cannot create file "%s". %s
Cannot open file "%s". %s
Invalid file name - %s
Invalid stream format
''%s'' is not a valid component name
Invalid property value
Invalid property element: %s
Invalid property path
Invalid property type: %s
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Invalid source array
Invalid destination array
Character index out of bounds (%d)
Start index out of bounds (%d)
Invalid count (%d)
Invalid destination index (%d)
Invalid code page
Invalid encoding name
Ancestor for '%s' not found
April
May
June
July
August
September
October
November
December
Sun
Mon
Tue
Wed
Thu
Fri
Sat
A call to an OS function failed
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
January
February
March
Variant overflow
Invalid argument
Invalid variant type
Operation not supported
Unexpected variant error
External exception %x
Assertion failed
Interface not supported
Exception in safecall method
Object lock not owned
Monitor support function not initialized
Feature not implemented
%s (%s, line %d)
Abstract Error
Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
%s
Read
Write
Format string too long
Error creating variant or safe array
Variant or safe array index out of bounds
Variant or safe array is locked
Invalid variant type conversion
Invalid variant operation
Invalid NULL variant operation
Invalid variant operation (%s%.8x)
%s
Custom variant type (%s%.4x) is out of range
Custom variant type (%s%.4x) already used by %s
Custom variant type (%s%.4x) is not usable
Too many custom variant types have been registered
Could not convert variant of type (%s) into type (%s)
Overflow while converting variant of type (%s) into type (%s)
Floating point division by zero
Floating point overflow
Floating point underflow
Invalid pointer operation
Invalid class typecast
Access violation at address %p. %s of address %p
Access violation
Stack overflow
Control-C hit
Privileged instruction
Operation aborted
Exception %s in module %s at %p.
%s%s

Application Error
Format '%s' invalid or incompatible with argument
No argument for format '%s'
Variant method calls not supported
<unknown>
'%s' is not a valid floating point value
'%d.%d' is not a valid timestamp
'%s' is not a valid GUID value
Invalid argument to date encode
Out of memory
I/O error %d
Too many open files
File access denied
Read beyond end of file
Disk full
Invalid numeric input
Division by zero
Range check error
Integer overflow
Invalid floating point operation

Version Info

TLS Callbacks

StartAddressOfRawData	`0x4d4000`
EndAddressOfRawData	`0x4d4014`
AddressOfIndex	`0x4c3c0c`
AddressOfCallbacks	`0x4d5010`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`(EMPTY)`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!
[*] Warning: Section .tls has a size of 0!

Leave a comment

No comments yet.