Manalyze report for 7a87fcb3b4a0b9f35688fd9633361fc0f177e0f2f8f46396c40164d96e840aab

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Apr-26 11:35:40
Detected languages	English - United States
FileDescription	Top Family
FileVersion
ProductVersion
LegalCopyright	Abstract Righteous Top Family 2018-2026
ProductName	Top Family
CompanyName	Abstract Righteous Top Family

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ v6.0 DLL` `Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++` `Microsoft Visual C++ v6.0`
Info	Interesting strings found in the binary:	`Contains domain names: example.com https://curl.se`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to AES` `Uses known Mersenne Twister constants`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress LoadLibraryW LoadLibraryA` `Enumerates local disk drives: GetDriveTypeW GetLogicalDriveStringsW GetLogicalDriveStringsA`
Malicious	VirusTotal score: 21/69 (Scanned on 2026-05-13 16:13:22)	`AhnLab-V3: Malware/Win.Generic.C5878287` `Alibaba: AdWare:Win32/AdLoad.e05ad7a0` `CTX: exe.trojan.adload` `CrowdStrike: win/grayware_confidence_100% (D)` `DeepInstinct: MALICIOUS` `Google: Detected` `Gridinsoft: Adware.Win32.Adload.cl` `Kaspersky: Trojan-Downloader.Win32.Adload.vjpu` `Kingsoft: Win32.Trojan-Downloader.Adload.vjpu` `Lionic: Trojan.Win32.Adload.a!c` `McAfeeD: ti!7A87FCB3B4A0` `Microsoft: PUA:Win32/Presenoker` `Rising: Downloader.Adload!8.D1 (LESS:bWQ1Okfa4zXAKIXu)` `Skyhigh: Artemis` `Sophos: Generic Reputation PUA (PUA)` `Symantec: Trojan.Gen.MBT` `Tencent: Win32.Trojan-Downloader.Adload.Xtjl` `TrellixENS: Artemis!0A437C4161B4` `Varist: W32/ABApplication.EINQ-5188` `Xcitium: ApplicUnwnt@#38ecsarqus12m` `alibabacloud: Trojan[downloader]:Win/Presenoker.Gen`

Hashes

MD5	`0a437c4161b4ed8de7850f8de970824d`
SHA1	`2444ba5caad85622a91008d1953d1d49430a9e7b`
SHA256	`7a87fcb3b4a0b9f35688fd9633361fc0f177e0f2f8f46396c40164d96e840aab`
SHA3	`a39c14d2ffa31607ed00daced2fc312d430014f1e6b7bb542b55972310e4d38a`
SSDeep	`393216:nZEs6eAfeQ3oVWntJa6BxTCz6tmey3Hok9g38qfFROj+U7/Z/LxuPIz/:n4f5ZntsQIsreO8qfFUCUz1L8wz`
Imports Hash	`688c7a85437011a8099ce32ba4a18dc1`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x120`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2026-Apr-26 11:35:40
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x3fd200`
SizeOfInitializedData	`0x48200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00384AE0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x3ff000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x449000`
SizeOfHeaders	`0x400`
Checksum	`0x1584d4e`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`bc2ddf594564ce9fd34d49158675d6cc`
SHA1	`6a463afbc2e45aee76244d35c25f714aad88bf00`
SHA256	`2dbcb46b4e056a2e340b68c6d00d0ceb2ad87ae1cf9ced1f94b1d7d9b8310e4f`
SHA3	`155c7b2a1aa6cb307beec3b3c39af0597a5b6a96757a483f7d5f8ef73c0f9ae8`
VirtualSize	`0x3fd133`
VirtualAddress	`0x1000`
SizeOfRawData	`0x3fd200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.75675`

.rdata

MD5	`b9213b7c58b22d39569af47dba63157b`
SHA1	`2225ac7bdd42cdc4424c9b1ea1a41fbd6a5cf0e0`
SHA256	`cca5fdf4b7eca04d3c5d534a7312a4c93a6a74a2e587073c8281ed9b0736de14`
SHA3	`dd8223c300eeb1af58fc288fe71de528d287ad39a0f7adb149c2cb97b8e5c821`
VirtualSize	`0x2f3de`
VirtualAddress	`0x3ff000`
SizeOfRawData	`0x2f400`
PointerToRawData	`0x3fd600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.6769`

.data

MD5	`2438d792e050ba1ca69921aa4b1df629`
SHA1	`d8d994ed48f1f407dea063f51f591f369e79e6d3`
SHA256	`ab2925c1fc70912f7955ea93025369e2f23f7bcb2cb0ace9cbe075812683c6b1`
SHA3	`79665555180489ebe00b273510f481c9811857842120c00d0600e99476cc11c6`
VirtualSize	`0x79ac`
VirtualAddress	`0x42f000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x42ca00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.5775`

.rsrc

MD5	`59cd02439a9f287d35542461ee131a8e`
SHA1	`278e443866ba55ceb5cae674b85c12d073990869`
SHA256	`e15391c497c5771889dd7ebd8acc36ec9de9338fc16a48943394165c511f9edc`
SHA3	`0cab8fc188a7983c3cfe98b916d8a5e0f890964298eaa03b4ce6e4f48e9566ca`
VirtualSize	`0x2490`
VirtualAddress	`0x437000`
SizeOfRawData	`0x2600`
PointerToRawData	`0x42de00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.84637`

.reloc

MD5	`b2bbe38ff13328e7338b3e14581147d8`
SHA1	`2d46a2cde09b1af72fdf90cadca3c1413471a4c9`
SHA256	`712fdea3a0de0d4315ef9d1924b15e9a77feea00b3d52d8b46d517b9778f409e`
SHA3	`b09ede2315e57d7076ec1cb6bb2d59b9c3769da44a08bf97a1403f7ab1a3364e`
VirtualSize	`0xedfc`
VirtualAddress	`0x43a000`
SizeOfRawData	`0xee00`
PointerToRawData	`0x430400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.56813`

Imports

KERNEL32.dll	`SetEnvironmentVariableW` `GetCommandLineW` `GetLastError` `QueryPerformanceFrequency` `FormatMessageW` `InitializeCriticalSectionAndSpinCount` `LoadLibraryExW` `SetStdHandle` `VerSetConditionMask` `FreeLibraryAndExitThread` `GetModuleHandleW` `InitializeSListHead` `LocalFree` `MoveFileA` `AreFileApisANSI` `SetPriorityClass` `CreateDirectoryW` `IsProcessorFeaturePresent` `SystemTimeToTzSpecificLocalTime` `FileTimeToSystemTime` `TerminateProcess` `SetFileTime` `GetTimeFormatW` `GetCurrentDirectoryA` `CreateDirectoryA` `GlobalMemoryStatus` `RaiseException` `PeekNamedPipe` `SetUnhandledExceptionFilter` `GetModuleFileNameW` `GetTickCount` `CompareFileTime` `GetProcAddress` `FileTimeToLocalFileTime` `GetCurrentThreadId` `TryEnterCriticalSection` `SleepConditionVariableSRW` `VirtualQuery` `WaitForSingleObject` `WriteConsoleW` `GetUserDefaultLCID` `GetACP` `EncodePointer` `InitializeCriticalSectionEx` `FreeEnvironmentStringsW` `GetSystemInfo` `ExitThread` `GetProcessHeap` `SetFilePointerEx` `InitializeSRWLock` `FindNextFileW` `DeleteFileA` `CreateSemaphoreA` `GetSystemDirectoryW` `GetFileSizeEx` `GetLocaleInfoW` `RemoveDirectoryW` `GetStartupInfoW` `CreateFileW` `GetFileInformationByHandle` `GetModuleHandleExW` `SleepEx` `DeleteFileW` `LoadLibraryW` `TlsAlloc` `WaitForMultipleObjects` `FindClose` `ReadFile` `HeapReAlloc` `GetConsoleOutputCP` `GetDriveTypeW` `RemoveDirectoryA` `GetOEMCP` `QueryPerformanceCounter` `IsDebuggerPresent` `FindFirstFileW` `SetFileAttributesW` `WakeAllConditionVariable` `TlsGetValue` `GetCurrentProcessId` `ReleaseSemaphore` `SetEvent` `GetFileAttributesA` `SetFileAttributesA` `GetFileAttributesExW` `GetStdHandle` `GetModuleHandleA` `LCMapStringW` `SetEndOfFile` `DecodePointer` `CreateThread` `GetFullPathNameW` `RtlUnwind` `SetLastError` `CloseHandle` `ResetEvent` `TlsSetValue` `SleepConditionVariableCS` `CreateEventA` `EnterCriticalSection` `GetSystemTimeAsFileTime` `FreeLibrary` `GetConsoleMode` `GetCommandLineA` `CreateFileA` `GlobalFree` `VerifyVersionInfoW` `GetCurrentDirectoryW` `HeapSize` `FindFirstFileA` `WaitForSingleObjectEx` `WriteFile` `IsValidLocale` `EnumSystemLocalesW` `GetModuleFileNameA` `UnhandledExceptionFilter` `GetFileAttributesW` `ReleaseSRWLockExclusive` `LeaveCriticalSection` `Sleep` `DeleteCriticalSection` `GetDateFormatW` `LoadLibraryA` `GetEnvironmentVariableA` `GetCurrentProcess` `GetExitCodeThread` `LCMapStringEx` `WideCharToMultiByte` `GetFileType` `GetLogicalDriveStringsW` `InitializeCriticalSection` `GlobalLock` `WakeConditionVariable` `SetFilePointer` `GetLogicalDriveStringsA` `GetProcessAffinityMask` `GetStringTypeW` `GetFileSize` `FormatMessageA` `InitializeConditionVariable` `FindNextFileA` `VirtualFree` `VirtualAlloc` `MoveFileW` `GetVersion` `MoveFileExW` `HeapFree` `HeapAlloc` `TlsFree` `GetTimeZoneInformation` `FlushFileBuffers` `CompareStringW` `GetEnvironmentStringsW` `ReadConsoleW` `AcquireSRWLockExclusive` `GetVersionExA` `GlobalUnlock` `MultiByteToWideChar` `IsValidCodePage` `FindFirstFileExW` `ExitProcess` `GetCPInfo` `GlobalAlloc`
USER32.dll	`LoadStringA` `SetTimer` `InvalidateRect` `CharUpperW` `DestroyIcon` `GetWindowTextA` `ScreenToClient` `SetWindowTextA` `GetWindowLongA` `SendMessageW` `CloseClipboard` `ShowWindow` `DialogBoxParamA` `GetWindowTextW` `GetFocus` `SendMessageA` `LoadStringW` `EndDialog` `SetFocus` `LoadIconA` `GetWindowTextLengthW` `MonitorFromWindow` `MessageBoxW` `SetClipboardData` `CheckDlgButton` `GetParent` `OpenClipboard` `MapDialogRect` `KillTimer` `GetWindowTextLengthA` `GetMonitorInfoA` `GetDlgItem` `SetWindowTextW` `PostMessageA` `EmptyClipboard` `IsDlgButtonChecked` `LoadCursorA` `SystemParametersInfoA` `MoveWindow` `EnableWindow` `CharUpperA` `SetWindowLongA` `DialogBoxParamW` `GetKeyState` `SetCursor` `GetWindowRect`
ole32.dll	`CoUninitialize` `OleInitialize` `CoInitialize` `CoTaskMemFree` `CoCreateInstance`
OLEAUT32.dll	`SysStringLen` `SysAllocStringLen` `SysAllocString` `VariantClear` `SysFreeString`
SHELL32.dll	`SHGetPathFromIDListA` `SHBrowseForFolderA` `SHGetFileInfoA`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.39918`
MD5	`28683b6aa3bf8a170d1ceb9fa05bf362`
SHA1	`40845066b357fff695ee2d3e41c19e28442671ac`
SHA256	`728d514fdcaab8770f1a113f141428b4860027f6685356d74274c03e194d68a6`
SHA3	`43d751bf866f5bd39b82678daca2d56a0ad157584ad31fdd9433508ff72fd4d8`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.68942`
MD5	`794fe7995c967ebd479f68359353ebc4`
SHA1	`7454c492fdd935a58fad5713290c48b8abb277ba`
SHA256	`d06002f9e317adc6377c0bc9af92fa7e9392fd74cd9928fd911729a1e8e3e6df`
SHA3	`6262f83326cca2298109be4fca6a38bc56c2410be8c357b160a2992d551489b5`

97

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.32442`
MD5	`82932b97af779fda168dbb95b511566e`
SHA1	`807be5b131946a331a9f88824cef881ce7e13a3a`
SHA256	`5ebf19448593be9c1377a2641b630a59827b70c5c5db14a02b95e6701a5b993c`
SHA3	`4465c38cde17cc409f958f36bd12d5de64f31ac2a0207a189280738afb712163`

3400

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x12e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.28547`
MD5	`ac779ebabbc85bea9cff922f2a87677a`
SHA1	`bdbddf271b4de1f36146d9c2c8d35f20bc75f742`
SHA256	`fda996f2725ae25bdd305bb72782c5f1fdfecbcab072719d30dd06e9494aff7d`
SHA3	`95ff49675efc4b913f8d0db8636e7440c0a7e1fa642760a5474933f2b440d915`

3500

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x32c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.38938`
MD5	`f4f850e7a29c6887bfeeb354c4d94278`
SHA1	`680cb7c7f57424eed19e16ebbd0cae2cdadba453`
SHA256	`7b51a91ddd68df018fb22a44875d31c7efb427152f0b12d5c9de8d2ff533dabd`
SHA3	`104386d438573a0d88cefe42667cd79d1203b5e5395d633fc4682e70ad6326b1`

3800

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x126`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.26881`
MD5	`b9021d0534ce913c1a9af7f7eebb59f3`
SHA1	`5fd2fe5ac1ef83162303c1d0523230afe83398e0`
SHA256	`002978525dbd56c9651b7946ad7a4c23f649c3ee2d72b0e871fd2204b302656a`
SHA3	`a7616b22a1fd0325359bafb74363b7d02077c3fa222ed738b05ced26cbfe9515`

26

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.80688`
MD5	`60d7c6ccf106d46a0cfaecef6681e6a3`
SHA1	`e447e8731751bd21d4857a76f3a1a8d1bc083502`
SHA256	`0c89918e2489ac58c58f323bca964bbe918e0a9a0a910c50e340e7d95b176ad5`
SHA3	`cb025b24105b6987a49e1c63d0d68f4a9febdacd1dbf43980fa2c1c21effe2e7`

28

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.93734`
MD5	`829071f8961b61bb31c144dee61ce714`
SHA1	`ca59535b01fe49f8d63cfb828eda66b3f7be94a9`
SHA256	`d64089e84c92f7fd2a71a403849a5e3149c5ddbed7e092de15531c13b2e6d5fe`
SHA3	`ad99fcec19cbfd00f167c30a97b7283c22968d935a12dc2d922dfc43db0eb9ed`

29

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x60`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.18408`
MD5	`707061e8c9a3af9e7943cf4a62caad05`
SHA1	`60197d1ea2c64115486980c24e719b0934607cc5`
SHA256	`51b2c960ccca0292fc31d0993c5b240e9963377ba0094bf873aff189a28da63f`
SHA3	`71df531013c690897494b966b4010abd01c79a012caa3343763a608e4a907f23`

64

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x30`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.20724`
MD5	`5f176bbbd5235c3b11dff0d72541a026`
SHA1	`6836e4d29e7451567eade65968e09a119a53d592`
SHA256	`984a6875f612643284df5d6f8276736b413e8871417222828622b49e2a7f9c50`
SHA3	`5b7ec8b9b250df9b7aee555d129bdbe0da52915a10623564b2e743316c6ff81c`

188

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x208`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.16852`
MD5	`a0c944087a08a15772f38040d7167694`
SHA1	`e3e710a00799900f92ce3897349b2bddc57663cd`
SHA256	`809c9c9e0f0161bd31c24eee38a04082e46860b0bc692350b99d6b75ceb30359`
SHA3	`1c9ad4b13edbc7936d574c8a774579a2eeb5e8b448addb6f9a8df887e7d234f7`

189

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0xe2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.80844`
MD5	`a822118d1653d4668857207ea7d48a56`
SHA1	`0e003d71128522b9d75113f157c229aabb2766bd`
SHA256	`c5e51e1d96192bd5228942c1c6b02e3f5d70abe77cdcbaef6b6c2550b2c568e7`
SHA3	`ea459f8fa23ba56dfd8a33536aa662a8d91e5fc553ea61560495d2206c1373be`

207

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x34`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.43775`
MD5	`716f3259b70c376b8757003128391219`
SHA1	`a1b172c455640670db67ade9d9c7b62d9d2d3396`
SHA256	`5b51218d289f8381b271c6d4d224c67e99c9cdbf9d3f529bb8da29687f7180ec`
SHA3	`d9f9ec98368534575af8442776bcb377303669e86ec003f9af3b5508c1d21d26`

208

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x30`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.20724`
MD5	`0f0991aa1f51fd6b4512972cdf569b23`
SHA1	`d3f7a1aaf9f44625b336ea0d47ac187520e9efb8`
SHA256	`85ea34e98e1467fa1548e9ba0accad08984c86623e813c7d7e1daa0661b056d3`
SHA3	`adaa310ae284db2ddd07db719b5ead62905dae301526e9504c5b2de061620433`

213

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.40692`
MD5	`64a42ae078ee1c142b8f179fd415b3a4`
SHA1	`ab5fb725dbda534c90d2b080c8c75e74909c8e7d`
SHA256	`2a19272422c7eaab59685bcfcd8d3c25dd1c14106e93ba0caacc8eee532ea6be`
SHA3	`fbcf413e89c32aec17957c7ecccea49d91bfe8f8f9c41b901780d00024f9ee8b`

214

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x11a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.11449`
MD5	`3a7154cb838e8f1db566f8614c374c65`
SHA1	`51babcb40b7e80f890aecbb2c302669f3b2fc48f`
SHA256	`45da808e1c9a8ace80a3f40fa139cb89f4628e0a8e6c29884b87ffaded1cabef`
SHA3	`05c7afec654d6661b919a35bd72b8cd1323bf918f318742ab5a607fae771351e`

215

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.40526`
MD5	`1d90fe40e592441fdca3e0592d0e993b`
SHA1	`60c73323cc561a17e837e77262430461aad4824e`
SHA256	`89e2a2e39ce2f374cc9cffd92b06b04cf713069c3ddeca7f2560c1fed4c7e575`
SHA3	`8d3bdd13f1a6af559992c0a0dbf3e8695fce1348ccd72a7a83ae62542e764ba3`

220

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x32`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.38631`
MD5	`4efe7ad953e61c94842acb9433e5bc6e`
SHA1	`c517be31d050405e8b3ac8c9d3121e1efdda3bfc`
SHA256	`76f0360979c9e8d9100c9fd03f4b5042fd36ad096056f36f88c6f8d85a38cb31`
SHA3	`c0c5460b3d9d4b4ed9a3c973da73efa7db646083e578042596574394baf9a74c`

232

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.2423`
MD5	`549e2d5c3eb0fda6b95627c7d57aab2f`
SHA1	`f8bdb943bacbf31d87a478c4b52d242116e1f2be`
SHA256	`4f50ca8bfdbec08dec33590aa05e35d48aed8969364b6059c6bf0695f8ab0d0f`
SHA3	`60a33a3a0950ec180e02057f96bf096ef014bb4e5a988dec5286987dacdec694`

233

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x156`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.0437`
MD5	`7103422d52fd9a304d74e452e8278e64`
SHA1	`dd01b6cc3d7776b90e17557a1022508362e8d682`
SHA256	`264c61c819ab2efb38c1c873430a1e9ba40e7614c28ebd01f87b741c06e71fa4`
SHA3	`cdfa6f7a0f9045a5e12822f8395b8526c76e64944e87263eb3099692b9d22dfa`

234

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x56`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.17633`
MD5	`add7d923b829c966ee100101c816b457`
SHA1	`b64ce6009f62b0f27077f75af2dae80614358636`
SHA256	`101ca1ee5fe9422b7a34aa4e5aab14be4e45ec72106988d17000cdd717cd3617`
SHA3	`1f38d2ec72145366c781946e764b2df332786dfcb3b26cec34fb4e26d7d2030a`

236

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0xb6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.7917`
MD5	`eedb74f782ef47d1b99a3a7b7fb24010`
SHA1	`b60771c7ccf7dc0ce67817aae522a7ef1d1afcdc`
SHA256	`294b0175ff4b98391ccdd7829718562fadbd1aa08e24469a0c39ce8345951c31`
SHA3	`41d210d38a8e7e578fa4eb46e8906f5d1f6ea21f7fb8e61bcba22c2f494be832`

1 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.37086`
Detected Filetype	Icon file
MD5	`d59e0d372ea5fd8c1f4de744376a6af4`
SHA1	`6883ce60e71a83424db0b41d0ab6bf61080e3de2`
SHA256	`b10e28a32eddb2ab20a46ceae59d9c0786911eb20f0c8dd2a28421f226ea2b8b`
SHA3	`5e39df982879204dd9f129a37d1e1c2ff906e88de9ae01b4418db5e8455e7ae1`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x274`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.33071`
MD5	`8b036d954f7d9d7cf50424c6a30f37c9`
SHA1	`0a6197b42b99ba7ef045b1465657311bd027e00b`
SHA256	`55ecbc8c9d22cd2cfb1f9a41e6cd27cff2acd484dc04a389dbe2e83785b46f1b`
SHA3	`2065dd25a15f15c114286aea80280abca53d3f1053b539da9c89fb3cbbc0e2f2`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x688`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.41608`
MD5	`3319d0a3734be464da5add93a6752bd8`
SHA1	`6767adbddc2c7587efcaf00300db33323d5ac0e3`
SHA256	`007b26f21ef37aa4d2bdc3e5fd0a603b570423a77c2c61ada15dbbc71677c6c2`
SHA3	`42c29f783693dc365545b86c56080626e65f005e51e6839e3b9a88c28faea209`

String Table contents

&Close
&Continue
&Foreground
Paused
Are you sure you want to cancel?
Modified
The system cannot allocate the required amount of memory
Cannot create folder '{0}'
Update operations are not supported for this archive.
Cannot open file '{0}' as archive
Cannot open encrypted archive '{0}'. Wrong password?
Unsupported archive type
Cannot open the file as {0} archive
The file is open as {0} archive
The archive is open with offset
Extracting
Skipping
Specify a location for extracted files.
Full pathnames
No pathnames
Absolute pathnames
Relative pathnames
Ask before overwrite
Overwrite without prompt
Skip existing files
Auto rename
Auto rename existing files
{0} bytes
Unsupported compression method for '{0}'.
Data error in '{0}'. File is broken
CRC failed in '{0}'. File is broken.
Data error in encrypted file '{0}'. Wrong password?
CRC failed in encrypted file '{0}'. Wrong password?
Wrong password?
Unsupported compression method
Data error
CRC failed
Unavailable data
Unexpected end of data
There are some data after the end of the payload data
Is not archive
Headers Error
Wrong password
Unavailable start of archive
Unconfirmed start of archive
Unsupported feature

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.4.1
ProductVersion	1.0.4.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
FileDescription	Top Family
FileVersion (#2)
ProductVersion (#2)
LegalCopyright	Abstract Righteous Top Family 2018-2026
ProductName	Top Family
CompanyName	Abstract Righteous Top Family

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Apr-26 11:35:40
Version	`0.0`
SizeofData	`852`
AddressOfRawData	`0x427614`
PointerToRawData	`0x425c14`

TLS Callbacks

Load Configuration

Size	`0xbc`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x82f01c`
SEHandlerTable	`0x827104`
SEHandlerCount	`216`

RICH Header

XOR Key	`0x15b2e28b`
Unmarked objects	`0`
C objects (30623)	`1`
C objects (65501)	`5`
Imports (65501)	`7`
Total imports	`222`
C objects (25025)	`1`
C objects (LTCG) (25025)	`2`
Exports (25025)	`1`
Resource objects (25025)	`1`
Linker (25025)	`1`

Errors

[!] Error: Could not read a WIN_CERTIFICATE's data.

Leave a comment

No comments yet.