Manalyze report for 7f5e4aff699456f7a1f37b769395983d

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2010-Nov-20 12:00:05
Detected languages	English - United States
Debug artifacts	imm32.pdb
CompanyName	Microsoft Corporation
FileDescription	Multi-User Windows IMM32 API Client DLL
FileVersion	`6.1.7601.17514 (win7sp1_rtm.101119-1850)`
InternalName	imm32
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	imm32
ProductName	Microsoft® Windows® Operating System
ProductVersion	`6.1.7601.17514`

Plugin Output

Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress` `Functions which can be used for anti-debugging purposes: NtQuerySystemInformation` `Can access the registry: RegDeleteKeyExW RegCloseKey RegCreateKeyExW RegSetValueExW RegQueryValueExW RegEnumKeyExW RegOpenKeyExW` `Uses functions commonly found in keyloggers: MapVirtualKeyW GetForegroundWindow` `Functions related to the privilege level: CheckTokenMembership` `Can take screenshots: GetDC CreateCompatibleDC BitBlt`
Safe	VirusTotal score: 0/64 (Scanned on 2022-01-31 08:10:09)	`All the AVs think this file is safe.`

Hashes

MD5	`7f5e4aff699456f7a1f37b769395983d`
SHA1	`3bf8a06321a26c8bda73560eb5f7b861a946e632`
SHA256	`23d1fc32c929836b94953f5b3c05c172814d00bd0d7b57747616f6e369703073`
SHA3	`7e1fd05e97dd2b670267a0b7bf11998946aeaa15669991c8dc9ca7abbf14c43d`
SSDeep	`384:B2fZBr2QEyim4QRNjR/c9SSJ4XUIiUMvBfTopgJyXcW7zLW7qGMqG:MxF/USW+sFTygWYqjq`
Imports Hash	`e0be0937be9496a917197b024e47b8aa`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2010-Nov-20 12:00:05
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`9.1`
SizeOfCode	`0x16800`
SizeOfInitializedData	`0x6800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001355 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x18000`
ImageBase	`0x75a40000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.1`
ImageVersion	`6.1`
SubsystemVersion	`6.1`
Win32VersionValue	`0`
SizeOfImage	`0x1f000`
SizeOfHeaders	`0x400`
Checksum	`0x27a42`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x40000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`dc51e0e4e2ffd590e7fdb109f68f9d66`
SHA1	`7eb352f98ae36c65e5bb01cc517055c4a0aaa40a`
SHA256	`8e1b97338b27e53ec2612d1977130c8205610459b20d4f34df39ab11506326eb`
SHA3	`7f7508c94a90b7e95b60efdfc338dee0044c341453f8ef091e82d5abb2ffaa15`
VirtualSize	`0x166d2`
VirtualAddress	`0x1000`
SizeOfRawData	`0x16800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`1.81231`

.data

MD5	`4339c4a326256f250e54c770d78ca2b0`
SHA1	`dbfe4b54e35a795a5b4608c32efae8ae326c66e0`
SHA256	`c33eba53115d3e36d9689869f989a29c3684c00c9d12ce2bd9fde6a2f3d6dbf7`
SHA3	`fcc5d79147585d8b5a17ce586bf832385bd29089cfd4c3159395e7c8969606fc`
VirtualSize	`0xb28`
VirtualAddress	`0x18000`
SizeOfRawData	`0x600`
PointerToRawData	`0x16c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.899717`

.rsrc

MD5	`cecc57ba4837890747dda2cea41a525e`
SHA1	`5db05e54a7c4e7ccc9699a6693a95fe7b7645cad`
SHA256	`4043e0671e9e188b499a431df85691e1716d2e16e2f0fd77c07e430c8b5c831c`
SHA3	`813fb16e74c23de57bc793604be3c10c5208d7932eb984d4e272e0b1e58b03c1`
VirtualSize	`0x4c40`
VirtualAddress	`0x19000`
SizeOfRawData	`0x4e00`
PointerToRawData	`0x17200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.994221`

.reloc

MD5	`b4202f7fe985b9648b4676e6f70832bd`
SHA1	`d37c2b3927946ed617455b3c5913fcab0bc1af52`
SHA256	`6cf1b57d59e7111bc218dfb01dda93ac0f776715599a1c69f89035bd20c16a10`
SHA3	`a51cde69090452f3e45491306e2e536dabdde61d5bde0a832f35ab4a6afc5552`
VirtualSize	`0xc88`
VirtualAddress	`0x1e000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x1c000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0`

Imports

USER32.dll	`SystemParametersInfoW` `GetClassInfoExW` `LoadIconW` `RegisterClassExW` `GetParent` `GetCapture` `DrawEdge` `BeginPaint` `EndPaint` `InvalidateRect` `DefWindowProcW` `ReleaseCapture` `SetWindowPos` `GetWindow` `keybd_event` `GetMonitorInfoW` `SetCursor` `GetCursorPos` `ScreenToClient` `SetCapture` `MessageBeep` `GetSystemMetrics` `GetWindowRect` `DrawTextExW` `GetWindowLongW` `SetWindowLongW` `GetClientRect` `GetDC` `ReleaseDC` `LoadBitmapW` `UnloadKeyboardLayout` `CharUpperW` `User32InitializeImmEntryTable` `LoadKeyboardLayoutW` `GetFocus` `GetActiveWindow` `GetClassInfoW` `GetWindowThreadProcessId` `GetKeyboardLayoutList` `SendMessageA` `PostMessageW` `PostMessageA` `WCSToMBEx` `GetKeyboardLayout` `IsWindow` `MonitorFromWindow` `UpdateWindow` `ShowWindow` `CreateWindowExW` `MapVirtualKeyW` `DestroyWindow` `ToAsciiEx` `ToUnicode` `GetKeyboardState` `ClientToScreen` `GetForegroundWindow` `MapWindowPoints` `CharNextA` `CharNextW` `IsWindowUnicode` `GetDesktopWindow` `SendMessageTimeoutW` `SendMessageW` `LoadCursorW`
ntdll.dll	`RtlUnwind` `RtlIsThreadWithinLoaderCallout` `RtlDllShutdownInProgress` `RtlUnicodeToMultiByteSize` `wcstol` `_wcsicmp` `RtlUnicodeStringToInteger` `RtlIntegerToUnicodeString` `RtlDeleteCriticalSection` `NtQuerySystemInformation` `_vsnwprintf` `RtlEnterCriticalSection` `RtlLeaveCriticalSection` `memset` `memcpy` `RtlInitializeCriticalSection` `RtlSetLastWin32Error`
API-MS-Win-Core-LocalRegistry-L1-1-0.dll	`RegDeleteKeyExW` `RegCloseKey` `RegCreateKeyExW` `RegSetValueExW` `RegQueryValueExW` `RegEnumKeyExW` `RegOpenKeyExW`
API-MS-Win-Security-Base-L1-1-0.dll	`AllocateAndInitializeSid` `FreeSid` `CheckTokenMembership`
KERNEL32.dll	`Sleep` `TlsGetValue` `TlsSetValue` `TlsAlloc` `OpenFileMappingW` `GetCurrentProcessId` `CreateFileMappingW` `MapViewOfFile` `UnmapViewOfFile` `CloseHandle` `GetLastError` `lstrlenA` `IsDBCSLeadByte` `GetProfileIntW` `CreateThread` `GlobalSize` `SetLastError` `GlobalAlloc` `GlobalLock` `TlsFree` `GlobalUnlock` `HeapAlloc` `GetLocaleInfoW` `LocalSize` `LocalReAlloc` `LocalFlags` `GetFullPathNameW` `lstrlenW` `OpenFile` `_lclose` `GetThreadLocale` `GetSystemDirectoryW` `LocalAlloc` `GetACP` `FreeLibrary` `GetModuleHandleW` `LoadLibraryW` `GetProcAddress` `LocalFree` `GetSystemDefaultLCID` `IsDBCSLeadByteEx` `MultiByteToWideChar` `WideCharToMultiByte` `GetCurrentThreadId` `InterlockedDecrement` `LocalLock` `LocalUnlock` `HeapFree` `InterlockedIncrement` `QueryPerformanceCounter` `GetTickCount` `GetSystemTimeAsFileTime` `TerminateProcess` `GetCurrentProcess` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GlobalFree` `lstrcmpW` `BaseCheckAppcompatCache`
GDI32.dll	`CreateCompatibleDC` `DeleteDC` `DeleteObject` `BitBlt` `GetStockObject` `SelectObject` `Rectangle` `PatBlt` `TranslateCharsetInfo` `CreateDIBitmap` `GetDIBits` `ExtTextOutW` `GetTextMetricsW` `GetTextExtentPoint32W` `CreateDCW` `GetObjectW` `CreateFontIndirectW` `SetBkColor` `CreateCompatibleBitmap`
MSCTF.dll	`CtfImeProcessCicHotkey` `CtfImeDestroyInputContext` `TF_CreateLangBarMgr` `CtfImeGetGuidAtom` `CtfImeIsGuidMapEnable` `CtfImeCreateInputContext` `TF_Notify` `TF_SetDefaultRemoteKeyboardLayout` `TF_GetCompatibleKeyboardLayout` `CtfImeCreateThreadMgr` `CtfImeDestroyThreadMgr` `CtfImeDispatchDefImeMessage` `TF_CleanUpPrivateMessages` `TF_CanUninitialize` `CtfImeEscapeEx` `CtfImeInquireExW` `CtfImeInquire` `CtfImeConversionList` `CtfImeRegisterWord` `CtfImeUnregisterWord` `CtfImeGetRegisterWordStyle` `CtfImeEnumRegisterWord` `CtfImeConfigure` `CtfImeDestroy` `CtfImeEscape` `CtfImeProcessKey` `CtfImeSelect` `CtfImeSetActiveContext` `CtfImeToAsciiEx` `CtfNotifyIME` `CtfImeSetCompositionString` `TF_GetAppCompatFlags` `CtfImeSetFocus` `CtfImeSelectEx` `CtfImeAssociateFocus` `TF_MapCompatibleKeyboardTip`

Delayed Imports

CtfImmAppCompatEnableIMEonProtectedCode

Ordinal	`1`
Address	`0x15ed7`

CtfImmCoUninitialize

Ordinal	`2`
Address	`0x3f7e`

CtfImmDispatchDefImeMessage

Ordinal	`3`
Address	`0x1579`

CtfImmEnterCoInitCountSkipMode

Ordinal	`4`
Address	`0x4ab7`

CtfImmGenerateMessage

Ordinal	`5`
Address	`0xbf72`

CtfImmGetCompatibleKeyboardLayout

Ordinal	`6`
Address	`0x15ec7`

CtfImmGetGuidAtom

Ordinal	`7`
Address	`0x15cae`

CtfImmGetIMEFileName

Ordinal	`8`
Address	`0x15eed`

CtfImmGetTMAEFlags

Ordinal	`9`
Address	`0x36da`

CtfImmHideToolbarWnd

Ordinal	`10`
Address	`0x15c51`

CtfImmIsCiceroEnabled

Ordinal	`11`
Address	`0x15e93`

CtfImmIsCiceroStartedInThread

Ordinal	`12`
Address	`0x4466`

CtfImmIsGuidMapEnable

Ordinal	`13`
Address	`0x15d27`

CtfImmIsTextFrameServiceDisabled

Ordinal	`14`
Address	`0x2d3c`

CtfImmLastEnabledWndDestroy

Ordinal	`15`
Address	`0x4259`

CtfImmLeaveCoInitCountSkipMode

Ordinal	`16`
Address	`0x4ad0`

CtfImmNotify

Ordinal	`17`
Address	`0x152d`

CtfImmRestoreToolbarWnd

Ordinal	`18`
Address	`0x15c1a`

CtfImmSetAppCompatFlags

Ordinal	`19`
Address	`0x4648`

CtfImmSetCiceroStartInThread

Ordinal	`20`
Address	`0x2e7c`

CtfImmSetDefaultRemoteKeyboardLayout

Ordinal	`21`
Address	`0x15eb7`

CtfImmTIMActivate

Ordinal	`22`
Address	`0x2ed6`

GetKeyboardLayoutCP

Ordinal	`23`
Address	`0xbc7d`

ImmActivateLayout

Ordinal	`24`
Address	`0x9b87`

ImmAssociateContext

Ordinal	`25`
Address	`0x3515`

ImmAssociateContextEx

Ordinal	`26`
Address	`0x6449`

ImmCallImeConsoleIME

Ordinal	`27`
Address	`0x14e3a`

ImmConfigureIMEA

Ordinal	`28`
Address	`0x9cde`

ImmConfigureIMEW

Ordinal	`29`
Address	`0x9eac`

ImmCreateContext

Ordinal	`30`
Address	`0x4c0c`

ImmCreateIMCC

Ordinal	`31`
Address	`0x3a10`

ImmCreateSoftKeyboard

Ordinal	`32`
Address	`0xfa86`

ImmDestroyContext

Ordinal	`33`
Address	`0x4ba0`

ImmDestroyIMCC

Ordinal	`34`
Address	`0x3fef`

ImmDestroySoftKeyboard

Ordinal	`35`
Address	`0xfc16`

ImmDisableIME

Ordinal	`36`
Address	`0x35ab`

ImmDisableIme

Ordinal	`37`
Address	`0x35ab`

ImmDisableTextFrameService

Ordinal	`38`
Address	`0x15ead`

ImmEnumInputContext

Ordinal	`39`
Address	`0x40d2`

ImmEnumRegisterWordA

Ordinal	`40`
Address	`0xca4e`

ImmEnumRegisterWordW

Ordinal	`41`
Address	`0xcbac`

ImmEscapeA

Ordinal	`42`
Address	`0xa08a`

ImmEscapeW

Ordinal	`43`
Address	`0xa309`

ImmFreeLayout

Ordinal	`44`
Address	`0xa548`

ImmGenerateMessage

Ordinal	`45`
Address	`0xbe02`

ImmGetAppCompatFlags

Ordinal	`46`
Address	`0x443d`

ImmGetCandidateListA

Ordinal	`47`
Address	`0x8da2`

ImmGetCandidateListCountA

Ordinal	`48`
Address	`0x8d6c`

ImmGetCandidateListCountW

Ordinal	`49`
Address	`0x8d87`

ImmGetCandidateListW

Ordinal	`50`
Address	`0x8dc3`

ImmGetCandidateWindow

Ordinal	`51`
Address	`0x2d87`

ImmGetCompositionFontA

Ordinal	`52`
Address	`0x6c07`

ImmGetCompositionFontW

Ordinal	`53`
Address	`0x6ca3`

ImmGetCompositionStringA

Ordinal	`54`
Address	`0x84b9`

ImmGetCompositionStringW

Ordinal	`55`
Address	`0x77b0`

ImmGetCompositionWindow

Ordinal	`56`
Address	`0x2d44`

ImmGetContext

Ordinal	`57`
Address	`0x299d`

ImmGetConversionListA

Ordinal	`58`
Address	`0x7c96`

ImmGetConversionListW

Ordinal	`59`
Address	`0x7de6`

ImmGetConversionStatus

Ordinal	`60`
Address	`0x37dc`

ImmGetDefaultIMEWnd

Ordinal	`61`
Address	`0x27f2`

ImmGetDescriptionA

Ordinal	`62`
Address	`0xab9d`

ImmGetDescriptionW

Ordinal	`63`
Address	`0xafd3`

ImmGetGuideLineA

Ordinal	`64`
Address	`0x8de4`

ImmGetGuideLineW

Ordinal	`65`
Address	`0x8e05`

ImmGetHotKey

Ordinal	`66`
Address	`0x91b4`

ImmGetIMCCLockCount

Ordinal	`67`
Address	`0xbc14`

ImmGetIMCCSize

Ordinal	`68`
Address	`0xbc60`

ImmGetIMCLockCount

Ordinal	`69`
Address	`0xbdc3`

ImmGetIMEFileNameA

Ordinal	`70`
Address	`0xb1b9`

ImmGetIMEFileNameW

Ordinal	`71`
Address	`0xb076`

ImmGetImeInfoEx

Ordinal	`72`
Address	`0x2dd7`

ImmGetImeMenuItemsA

Ordinal	`73`
Address	`0x1594e`

ImmGetImeMenuItemsW

Ordinal	`74`
Address	`0x15975`

ImmGetOpenStatus

Ordinal	`75`
Address	`0x6766`

ImmGetProperty

Ordinal	`76`
Address	`0x4af6`

ImmGetRegisterWordStyleA

Ordinal	`77`
Address	`0xc848`

ImmGetRegisterWordStyleW

Ordinal	`78`
Address	`0xc94f`

ImmGetStatusWindowPos

Ordinal	`79`
Address	`0x6799`

ImmGetVirtualKey

Ordinal	`80`
Address	`0xc0a8`

ImmIMPGetIMEA

Ordinal	`81`
Address	`0x106d3`

ImmIMPGetIMEW

Ordinal	`82`
Address	`0x1069f`

ImmIMPQueryIMEA

Ordinal	`83`
Address	`0x10610`

ImmIMPQueryIMEW

Ordinal	`84`
Address	`0x10504`

ImmIMPSetIMEA

Ordinal	`85`
Address	`0x103a8`

ImmIMPSetIMEW

Ordinal	`86`
Address	`0x10280`

ImmInstallIMEA

Ordinal	`87`
Address	`0xbace`

ImmInstallIMEW

Ordinal	`88`
Address	`0xb7e1`

ImmIsIME

Ordinal	`89`
Address	`0x2ceb`

ImmIsUIMessageA

Ordinal	`90`
Address	`0xbd81`

ImmIsUIMessageW

Ordinal	`91`
Address	`0xbda2`

ImmLoadIME

Ordinal	`92`
Address	`0x2fc6`

ImmLoadLayout

Ordinal	`93`
Address	`0x4356`

ImmLockClientImc

Ordinal	`94`
Address	`0x2730`

ImmLockIMC

Ordinal	`95`
Address	`0x2827`

ImmLockIMCC

Ordinal	`96`
Address	`0x2967`

ImmLockImeDpi

Ordinal	`97`
Address	`0x2ac6`

ImmNotifyIME

Ordinal	`98`
Address	`0x49cd`

ImmProcessKey

Ordinal	`99`
Address	`0x48bf`

ImmPutImeMenuItemsIntoMappedFile

Ordinal	`100`
Address	`0x1599c`

ImmReSizeIMCC

Ordinal	`101`
Address	`0xbc3a`

ImmRegisterClient

Ordinal	`102`
Address	`0x25b2`

ImmRegisterWordA

Ordinal	`103`
Address	`0xc0f3`

ImmRegisterWordW

Ordinal	`104`
Address	`0xc230`

ImmReleaseContext

Ordinal	`105`
Address	`0x2a67`

ImmRequestMessageA

Ordinal	`106`
Address	`0x912a`

ImmRequestMessageW

Ordinal	`107`
Address	`0x9148`

ImmSendIMEMessageExA

Ordinal	`108`
Address	`0x10441`

ImmSendIMEMessageExW

Ordinal	`109`
Address	`0x10426`

ImmSetActiveContext

Ordinal	`110`
Address	`0x2b63`

ImmSetActiveContextConsoleIME

Ordinal	`111`
Address	`0x14f8d`

ImmSetCandidateWindow

Ordinal	`112`
Address	`0x6eb9`

ImmSetCompositionFontA

Ordinal	`113`
Address	`0x6d3f`

ImmSetCompositionFontW

Ordinal	`114`
Address	`0x47ef`

ImmSetCompositionStringA

Ordinal	`115`
Address	`0x9166`

ImmSetCompositionStringW

Ordinal	`116`
Address	`0x918d`

ImmSetCompositionWindow

Ordinal	`117`
Address	`0x4772`

ImmSetConversionStatus

Ordinal	`118`
Address	`0x4c7d`

ImmSetHotKey

Ordinal	`119`
Address	`0x2596`
ForwardName	`USER32.CliImmSetHotKey`

ImmSetOpenStatus

Ordinal	`120`
Address	`0x4d84`

ImmSetStatusWindowPos

Ordinal	`121`
Address	`0x6e51`

ImmShowSoftKeyboard

Ordinal	`122`
Address	`0xfc27`

ImmSimulateHotKey

Ordinal	`123`
Address	`0x964c`

ImmSystemHandler

Ordinal	`124`
Address	`0xbd2a`

ImmTranslateMessage

Ordinal	`125`
Address	`0xfdb9`

ImmUnlockClientImc

Ordinal	`126`
Address	`0x27a0`

ImmUnlockIMC

Ordinal	`127`
Address	`0x28a8`

ImmUnlockIMCC

Ordinal	`128`
Address	`0x2982`

ImmUnlockImeDpi

Ordinal	`129`
Address	`0x2a79`

ImmUnregisterWordA

Ordinal	`130`
Address	`0xc37f`

ImmUnregisterWordW

Ordinal	`131`
Address	`0xc4bc`

ImmWINNLSEnableIME

Ordinal	`132`
Address	`0x10171`

ImmWINNLSGetEnableStatus

Ordinal	`133`
Address	`0x10198`

ImmWINNLSGetIMEHotkey

Ordinal	`134`
Address	`0x15ead`

100

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.00703`
MD5	`678166e4aef453593495a64b8a0f6c05`
SHA1	`c70906809972fd2223fc49d5e4c8d9322f2d8d0c`
SHA256	`08ee6638447c75b74d1ec09827ee105077120cc0a778279227b198c91746da7e`
SHA3	`a88bdc67870275caa80dfb4aa82020ebbe15719284306bb524a0ae434aa0741b`
Preview

101

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.51826`
MD5	`3cbffc74fe7399f2e1f4b81089127f9f`
SHA1	`4b065d6bb397d5ff790c07431ea8bf572202005d`
SHA256	`7a84814368effd574641cac173b2861d2a5b4228816a61d769847a5c596e4732`
SHA3	`ca45a1a5e079aab96e5fcd15f8fa536b7d71a5e40e3f3c716f69284c2704880f`
Preview

102

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x500`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`a5058431022ad56a091a49521b5cb35b`
SHA1	`e2ee9e7b884c1f0ca6b637eacd0a2b48572459ad`
SHA256	`bfe492baf731a0dbf6e1e050f5bc3fe8c1b049383194dcdf82f023bfa409f462`
SHA3	`a6d2446d2c52f291e363e713c80f5e2e056445860f389800d581bbc3cc7ea951`
Preview

103

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x524`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`8ab4b211dc3d2947d2466033f6d524f7`
SHA1	`7c457aa6cb3b704da3c977bbcf3953c3c1a7a7bb`
SHA256	`5bc633d52bc4345c9cc4ea7cf49422a85a9fe401faf3239ef72b53aa0dd667ee`
SHA3	`f28b92e089bba178002b5ff6e4dcda6bdfddb22d501d5716b190fbacf9ac0a99`
Preview

104

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x500`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`a5058431022ad56a091a49521b5cb35b`
SHA1	`e2ee9e7b884c1f0ca6b637eacd0a2b48572459ad`
SHA256	`bfe492baf731a0dbf6e1e050f5bc3fe8c1b049383194dcdf82f023bfa409f462`
SHA3	`a6d2446d2c52f291e363e713c80f5e2e056445860f389800d581bbc3cc7ea951`
Preview

105

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`e6cac7c8bbd43fe2143bfd898b8482ed`
SHA1	`39aaa86b0b3ffae902d53caa85b2fcee95c08ac1`
SHA256	`83e89195b31736ad0c35ecc6fe7132f35f7195bd8b0b9d49fafbdc5d8353c5b5`
SHA3	`edfb0da94857a3f1d7839d1f81e484e6a9e7077f9ea45330d01aa12410595262`
Preview

106

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4dc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`3ecf4f30fef4854b5ab445d0ccc2ccc9`
SHA1	`1c5d26364b297271dc6ff4df8a5e7456ab9d7b51`
SHA256	`d34cc9193a9c79ff60a8eb8dbd47afb8bd3308d64e85fe0cd936150ba625c1a6`
SHA3	`8072095728d64297daa1d2aff0ad7ff1c2246b44cbc3605403fc26e1491c01ea`
Preview

107

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`e6cac7c8bbd43fe2143bfd898b8482ed`
SHA1	`39aaa86b0b3ffae902d53caa85b2fcee95c08ac1`
SHA256	`83e89195b31736ad0c35ecc6fe7132f35f7195bd8b0b9d49fafbdc5d8353c5b5`
SHA3	`edfb0da94857a3f1d7839d1f81e484e6a9e7077f9ea45330d01aa12410595262`
Preview

108

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x648`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`240c101021f4fb1f6040c0c16a555451`
SHA1	`81ec16df628dd51070e4b761706aa7e58e605a78`
SHA256	`5560728cd337269adfd6161f2c48cdffaaeff9eca07f5fd09956967cf4c87e2f`
SHA3	`d635cf354b07ed78442f783711706b4e67b1e208934adce925a24bce54fe0d9d`
Preview

201

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`cc47869e3b4a5dedfc1831bb15dee3a9`
SHA1	`b3eca1862c3ea0da9b9a5ebba1f2f9d1789f0e9f`
SHA256	`f8afcaf4ddde4b7d144069a66a2a5f6ee05b9652f6de33095ae49251486216af`
SHA3	`7efdc4ef6ed4576da2626bf5cf624812cc945e6c8957f51a10d463337ca2a462`
Preview

202

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`cc47869e3b4a5dedfc1831bb15dee3a9`
SHA1	`b3eca1862c3ea0da9b9a5ebba1f2f9d1789f0e9f`
SHA256	`f8afcaf4ddde4b7d144069a66a2a5f6ee05b9652f6de33095ae49251486216af`
SHA3	`7efdc4ef6ed4576da2626bf5cf624812cc945e6c8957f51a10d463337ca2a462`
Preview

203

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x248`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`7a265747dc11d8a73c0ce39f3d0c6b7a`
SHA1	`915e7ce85d774de4bef9e65705fdced5b6ccb89c`
SHA256	`62ec1707572ac5078d31a687a5d23de0c6d2a58d3462efb7039957548a7986cc`
SHA3	`204a091aa695734976c9857008f3e7f8741ba397ce7b53a66e913b2b653da4aa`
Preview

204

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x248`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`7a265747dc11d8a73c0ce39f3d0c6b7a`
SHA1	`915e7ce85d774de4bef9e65705fdced5b6ccb89c`
SHA256	`62ec1707572ac5078d31a687a5d23de0c6d2a58d3462efb7039957548a7986cc`
SHA3	`204a091aa695734976c9857008f3e7f8741ba397ce7b53a66e913b2b653da4aa`
Preview

205

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x308`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`51a0f2ace29ef86f6f71a72f908f3add`
SHA1	`a0d717054788d319d415f8d19a1dcbfd9a5bf281`
SHA256	`508f5ba745944e982367cdbcd6a240acc7f895583df43b519b7d6745f5d86f7b`
SHA3	`fbc94418c8eacd6e0376079ba2e82254891b6ba7138aee1600555a3810308e26`
Preview

206

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1f8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`5d2a33958ebe530732fd9c258850c5aa`
SHA1	`8a1d854c73b0a9adb04dc4db317a0b9dd1708b76`
SHA256	`696bda342649ec9268da57b6a279df6f24b0e857d5e6d0605fd25af95adc3cee`
SHA3	`1d639fec6b52e03e127b8a0bdc53e88f198e26bfa221f0e8881b0717fb18261a`
Preview

207

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1f8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`5d2a33958ebe530732fd9c258850c5aa`
SHA1	`8a1d854c73b0a9adb04dc4db317a0b9dd1708b76`
SHA256	`696bda342649ec9268da57b6a279df6f24b0e857d5e6d0605fd25af95adc3cee`
SHA3	`1d639fec6b52e03e127b8a0bdc53e88f198e26bfa221f0e8881b0717fb18261a`
Preview

208

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1f8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`5d2a33958ebe530732fd9c258850c5aa`
SHA1	`8a1d854c73b0a9adb04dc4db317a0b9dd1708b76`
SHA256	`696bda342649ec9268da57b6a279df6f24b0e857d5e6d0605fd25af95adc3cee`
SHA3	`1d639fec6b52e03e127b8a0bdc53e88f198e26bfa221f0e8881b0717fb18261a`
Preview

209

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x648`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`240c101021f4fb1f6040c0c16a555451`
SHA1	`81ec16df628dd51070e4b761706aa7e58e605a78`
SHA256	`5560728cd337269adfd6161f2c48cdffaaeff9eca07f5fd09956967cf4c87e2f`
SHA3	`d635cf354b07ed78442f783711706b4e67b1e208934adce925a24bce54fe0d9d`
Preview

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3a4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.57817`
MD5	`2ed734532bcd81fe0094b745083e6fc6`
SHA1	`bcd58a6659eec43af377a105133c5a2342100e18`
SHA256	`737f6e221f7f8bb28dee2ab29760322b62e4733a882131e3781bbbee48131e60`
SHA3	`cbda8f11cc59b9c609a8201bbabc2c41db5a92ed34a4de1eff75c63730c524a3`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	6.1.7601.17514
ProductVersion	6.1.7601.17514
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Multi-User Windows IMM32 API Client DLL
FileVersion (#2)	6.1.7601.17514 (win7sp1_rtm.101119-1850)
InternalName	imm32
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	imm32
ProductName	Microsoft® Windows® Operating System
ProductVersion (#2)	6.1.7601.17514

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2010-Nov-20 09:06:58
Version	`0.0`
SizeofData	`34`
AddressOfRawData	`0x176b0`
PointerToRawData	`0x16ab0`
Referenced File	imm32.pdb

IMAGE_DEBUG_TYPE_RESERVED

Characteristics	`0`
TimeDateStamp	2010-Nov-20 09:06:58
Version	`565.6526`
SizeofData	`4`
AddressOfRawData	`0x176ac`
PointerToRawData	`0x16aac`

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x75a58198`
SEHandlerTable	`0x75a45da0`
SEHandlerCount	`2`

RICH Header

XOR Key	`0x618b0652`
Unmarked objects	`0`
ASM objects (VS2008 SP1 build 30729)	`4`
Imports (VS2008 SP1 build 30729)	`15`
Total imports	`209`
Exports (VS2008 SP1 build 30729)	`1`
C objects (VS2008 SP1 build 30729)	`37`
Linker (VS2008 SP1 build 30729)	`1`
Resource objects (VS2008 SP1 build 30729)	`1`