Manalyze report for 867c64941d958e8976917bc7bb07c40d

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Jun-05 10:17:30
Detected languages	Process Default Language
TLS Callbacks	2 callback(s) detected.

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`Can access the registry: RegCloseKey RegEnumKeyExA RegOpenKeyExA RegQueryValueExA` `Possibly launches other programs: CreateProcessA ShellExecuteA`
Malicious	The file contains overlay data.	`19259208 bytes of data starting at offset 0x10a00.` `The file contains a Zip Compressed Archive after the PE data.` `Overlay data amounts for 99.6477% of the executable.`
Suspicious	VirusTotal score: 2/67 (Scanned on 2024-07-04 16:49:10)	`Jiangmin: Trojan.PSW.Worgtop.ak` `Zillya: Trojan.Worgtop.Win32.63`

Hashes

MD5	`867c64941d958e8976917bc7bb07c40d`
SHA1	`aeaf7224bc5e64c87617e7e917331f1edb58332d`
SHA256	`dd174fb653e6a0c4228d44ae8a847354029196a7e0ebbcf6a04d11cc40f6277a`
SHA3	`96aa0375cfe0f92669580cd14b8c9411eeecfcbe9879b330e0b1ca63720c376c`
SSDeep	`393216:KetqGJdnzQZImy1YXjN5HcBWdl6HAM7YFPHO/1KghHeyZnW:LtqGJdrjqn88lIAyM/OtKghH5FW`
Imports Hash	`678c98de23ed05ac566dd767b5eaebed`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`9`
TimeDateStamp	2024-Jun-05 10:17:30
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0xac00`
SizeOfInitializedData	`0x5a00`
SizeOfUninitializedData	`0x9800`
AddressOfEntryPoint	`0x00001590 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xc000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x1f000`
SizeOfHeaders	`0x400`
Checksum	`0x11efa`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`33e576d4351c548351b72f32b07bda11`
SHA1	`9631d54c382e844a1e1432d689e8de0fab0b3702`
SHA256	`5e5b888004170495561752f7bc7e8152be72addcc6f178c7bc69e5f71f98dde7`
SHA3	`3c7fcd01e46837fea758a8167d28523e18d5d846b812978831493be98a321af7`
VirtualSize	`0xab20`
VirtualAddress	`0x1000`
SizeOfRawData	`0xac00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.25355`

.data

MD5	`88a2b3221ee6ae6c9e54a9a6f1b5ca29`
SHA1	`9ac89c70c7aaf9f04e7c346a841245a3790cbd20`
SHA256	`019e25b98b40d5aad4687addf29cef7728fe2f198a4694f4751a16c31680ba71`
SHA3	`4727c25e8df390784d7ae5c4e0e135ae1853658d010c3641a4617165147cd915`
VirtualSize	`0x28`
VirtualAddress	`0xc000`
SizeOfRawData	`0x200`
PointerToRawData	`0xb000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.312429`

.rdata

MD5	`618daefd50bfb717d536c65b2b2a401c`
SHA1	`6696837065b8284e687c47d971d7f28a0775759d`
SHA256	`2a941c8c3050548ff958be5d516efe6bfbf0f36855209ec4e1f8b731876e9265`
SHA3	`28fc2b16cd3bc051f5b41e4808db5a5c1e6cdb5b96f7b33fdcfdff37309da03e`
VirtualSize	`0xf18`
VirtualAddress	`0xd000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xb200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.55669`

.eh_fram

MD5	`f9747eb26dfb3c00b741544776b88f4c`
SHA1	`f6de99e0af691716ceafcf7ec5fc0cbe1d7dd532`
SHA256	`6b487b7de91294b28c3103f4d284148899436af012ca5289691ced97fb6b9bf6`
SHA3	`131b1e74d040f5528291f8ba9d7d9fc5758529aab61232c5567fefb69f9d00ff`
VirtualSize	`0x1d10`
VirtualAddress	`0xe000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0xc200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.88369`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x9678`
VirtualAddress	`0x10000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`f3f34beb12ab4e6fa44d8ec2bd39e3b3`
SHA1	`58e24db50ed85f23bef261e0144bc5594eb8ab09`
SHA256	`21d03ae2aa4b0a1730d43d286a8a1ee973da11ff4949e4f52b9c947969f76888`
SHA3	`11fd907f60281e1f279a4c5b7b313810d23b37705adab67a3df6fe7358cd2404`
VirtualSize	`0xe28`
VirtualAddress	`0x1a000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xe000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.92285`

.CRT

MD5	`37ec714908b8947c8236ff693ffd0138`
SHA1	`5b041db3f77d60ea4ec6ac31355f4189ff566a5b`
SHA256	`7bbb416aa611b261900efc380145010be55dfa084ceb71e9b4b6bdefb845b4ba`
SHA3	`b91962f7263448ee46ca6b813d481f81f0d66534be7fd88d49c56ee05ab160aa`
VirtualSize	`0x18`
VirtualAddress	`0x1b000`
SizeOfRawData	`0x200`
PointerToRawData	`0xf000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.11837`

.tls

MD5	`686c4cfe6945a031ac65029366ab5de3`
SHA1	`02342ebf9c7641378e61e608d76e311fb73d87b6`
SHA256	`30af9ea6c346f57ff5fd9693c8ffb1bd98f068974c3f39c37ec710c387a8b8bb`
SHA3	`f0da3e3b382a5b28ef1b86185a7bfb1e664fbb791faba3e425d431b4078d2930`
VirtualSize	`0x20`
VirtualAddress	`0x1c000`
SizeOfRawData	`0x200`
PointerToRawData	`0xf200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.204488`

.rsrc

MD5	`a7b36e62ab64a9902275ff44c049c4ed`
SHA1	`40680a887bb61fdd744b3828b7db1467f46d4351`
SHA256	`105e93669726826bec464eda969ca0bd24c7cccbd8734dc7b6ad86cded0d42e3`
SHA3	`dc2fabec3010b2d281b8278d6b692346d07c02b58ca92c6e227e185e4f803276`
VirtualSize	`0x1460`
VirtualAddress	`0x1d000`
SizeOfRawData	`0x1600`
PointerToRawData	`0xf400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.74407`

Imports

advapi32.dll	`RegCloseKey` `RegEnumKeyExA` `RegOpenKeyExA` `RegQueryValueExA`
kernel32.dll	`CloseHandle` `CreateMutexA` `CreatePipe` `CreateProcessA` `DeleteCriticalSection` `EnterCriticalSection` `ExitProcess` `FindResourceExA` `FormatMessageA` `GetCommandLineA` `GetCurrentDirectoryA` `GetCurrentProcess` `GetEnvironmentVariableA` `GetExitCodeProcess` `GetLastError` `GetModuleFileNameA` `GetModuleHandleA` `GetProcAddress` `GetStartupInfoA` `GlobalMemoryStatusEx` `InitializeCriticalSection` `InterlockedExchange` `IsDBCSLeadByteEx` `LeaveCriticalSection` `LoadResource` `LocalFree` `LockResource` `MultiByteToWideChar` `ReadFile` `SetEnvironmentVariableA` `SetHandleInformation` `SetLastError` `SetUnhandledExceptionFilter` `Sleep` `TlsGetValue` `VirtualProtect` `VirtualQuery` `WaitForSingleObject` `WideCharToMultiByte`
msvcrt.dll	`_strdup` `_stricoll`
msvcrt.dll (#2)	`_strdup` `_stricoll`
shell32.dll	`ShellExecuteA`
user32.dll	`CreateWindowExA` `DispatchMessageA` `EnumWindows` `FindWindowExA` `GetMessageA` `GetSystemMetrics` `GetWindowLongA` `GetWindowRect` `GetWindowTextA` `GetWindowThreadProcessId` `KillTimer` `LoadImageA` `MessageBoxA` `PostQuitMessage` `SendMessageA` `SetForegroundWindow` `SetTimer` `SetWindowPos` `ShowWindow` `TranslateMessage` `UpdateWindow`

Delayed Imports

1

Type	`RT_ICON`
Language	Process Default Language
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	2024-Jun-05 10:17:30
Entropy	`6.02281`
MD5	`1f7463932b15d494048cf692fa713628`
SHA1	`22a9c64a7ec75aeadbae1ddc096afec5db893c1b`
SHA256	`998c78457b3020ce698597f21a691b900872b1bb55f8e285c4cb443735a1dd38`
SHA3	`305b09ddac1bb5585bef2cf32b1f367920724790773599c566d1d7dbcf450978`

1 (#2)

Type	`RT_RCDATA`
Language	Process Default Language
Codepage	UNKNOWN
Size	`0x13`
TimeDateStamp	2024-Jun-05 10:17:30
Entropy	`3.47135`
MD5	`a40b51e4e07f789e7d6dbf4eee9cb1cc`
SHA1	`dd09989594382d531b40fcaced85702272bb14f8`
SHA256	`05c9618a76fce16a0bfcde836324a89ab367ba62981f6d80480cd99f3b7aeb88`
SHA3	`4ff7961054f04f2a7184b4d6353c7e37b704a4f1a2bcce290e91c42fff3ed8f9`

2

Type	`RT_RCDATA`
Language	Process Default Language
Codepage	UNKNOWN
Size	`0x9`
TimeDateStamp	2024-Jun-05 10:17:30
Entropy	`2.72548`
MD5	`3edae761dc778078446bab6c5a5e376c`
SHA1	`c4f1f4144771f3c8e5a89feb2cbd8253e491d594`
SHA256	`abb8aefbfea9e3c81fc0fe4c4e8284e4c324a56ff9f32d6784dbd0060790f555`
SHA3	`bc50cb8735ee906b1463831f80b876a9811629060ae96ded1510785f4d11a49b`

8

Type	`RT_RCDATA`
Language	Process Default Language
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	2024-Jun-05 10:17:30
Entropy	`1`
MD5	`5d0b26628424c6194136ac39aec25e55`
SHA1	`f3e84b722399601ad7e281754e917478aa9ad48d`
SHA256	`075d3ddf5a3a826e13a92288e853bc4b2cb17fb05367ae865f401a4bb11f05ce`
SHA3	`edd9a75065afa5bb8908de22e7dfa82223ae1d6c8bbb66aca0162116d631ac33`

17

Type	`RT_RCDATA`
Language	Process Default Language
Codepage	UNKNOWN
Size	`0x5`
TimeDateStamp	2024-Jun-05 10:17:30
Entropy	`2.32193`
MD5	`cc04a27b7e4921cad6340357dea87002`
SHA1	`6327dc7237d67e8099089dad4c84c2cca4992e06`
SHA256	`debc2f07db78d52d2def07b7bc620d7042367501d9439a62ba09b559a98e0957`
SHA3	`2dbccc2e90fcda82baad7a2059c60bb370e6c2e41815ec714c412cb32a3c61e8`

20

Type	`RT_RCDATA`
Language	Process Default Language
Codepage	UNKNOWN
Size	`0x3`
TimeDateStamp	2024-Jun-05 10:17:30
Entropy	`1.58496`
MD5	`00ccbaa75e32b1a555509ae4aa03970d`
SHA1	`b8d2d275b8e18b128218e64a4d6494a97189c8ed`
SHA256	`91c2a5652b88665d5de623e946a59451f7527d2c704c30a5650cc10bb225ff02`
SHA3	`c624bb3c48d93e0c92d7168ea049495ea4f8f3917334ee727feb661a39811f48`

101

Type	`RT_RCDATA`
Language	Process Default Language
Codepage	UNKNOWN
Size	`0x32`
TimeDateStamp	2024-Jun-05 10:17:30
Entropy	`4.04307`
MD5	`5543dda0068cad802d1a66943873faf3`
SHA1	`927138fcb8945141429e999e92f5cfbe50082cd8`
SHA256	`4ef9e51eb916d15bf8901e8ae324390cdedf728297a729d0fb823964730801fe`
SHA3	`b06418d850e2e0fcc623d3d85e663444a69583ac633d3fe67e836b2ac2390da5`

102

Type	`RT_RCDATA`
Language	Process Default Language
Codepage	UNKNOWN
Size	`0x36`
TimeDateStamp	2024-Jun-05 10:17:30
Entropy	`4.20399`
MD5	`86a3c1ca9da5e80fbbb350021bd618d8`
SHA1	`e94d2b7cc56af615837c349916eff9849bdfeed2`
SHA256	`2621256c93375617aba5a69d36c418c44381c5e913dddfaca576702aa105a2b1`
SHA3	`5828a6f0f07a0794c18151cefcc2d078fb5de35b3362271d095e53d2edef2a40`

103

Type	`RT_RCDATA`
Language	Process Default Language
Codepage	UNKNOWN
Size	`0x35`
TimeDateStamp	2024-Jun-05 10:17:30
Entropy	`4.14776`
MD5	`de13262b91fa9ac1a9a1119dcfa949af`
SHA1	`52b6eda6148a9802ccb4c7d8e35cd2a32c01aad3`
SHA256	`0bf65805e92c10fa89fbeaf313dedeaaf166f8f8cee5827f7478f2a7d4c3bd9d`
SHA3	`50cc4ec50a982a8afc58491e28132f174f86399f71f563d6857394e5632718e6`

104

Type	`RT_RCDATA`
Language	Process Default Language
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	2024-Jun-05 10:17:30
Entropy	`4.11008`
MD5	`0098ee1e5282941a123051f1d9056aae`
SHA1	`253ae65f8a2a8d7e3a4135985cc8814739204897`
SHA256	`a9c88a2082dfa1f26c8ee0d9f6f58ad42142baa0f111d239011830a847fea5c5`
SHA3	`6a7e8eefdc45dad04fa11e5ea59b3b0dfbeeda27c6b3d93d8bd862091949881b`

1 (#3)

Type	`RT_GROUP_ICON`
Language	Process Default Language
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2024-Jun-05 10:17:30
Entropy	`1.7815`
Detected Filetype	Icon file
MD5	`3c68f77c35c26ff079a1c410ee44fa62`
SHA1	`0b40150c95fc2c6414c90d44ee78b8d8814b3393`
SHA256	`a14e70ed824f3f17d3a51136aa08839954d6d3ccadaa067415c7bfc08e6636b0`
SHA3	`590dcbf2ec3f485a6c24e3e627f383ee7588eb49978321f12c07d8190a6c1396`

Version Info

TLS Callbacks

StartAddressOfRawData	`0x41c019`
EndAddressOfRawData	`0x41c01c`
AddressOfIndex	`0x410034`
AddressOfCallbacks	`0x41b004`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x00404B30` `0x00404AE0`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!