Manalyze report for 86e3765bd385c07ee8130bcc8818b0f7

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-May-14 12:13:09
Debug artifacts	D:\WinToolkit_v1\WTK1\obj\x86\Release\WinToolkit.pdb
Comments	Modifying Windows 7, 8, 8.1 and 10 Images.
CompanyName	Legolash2o / Unantastbar
FileDescription	Win Toolkit
FileVersion	`1.7.0.15`
InternalName	WinToolkit.exe
LegalCopyright	Copyright © Legolash2o 2012-18 © Unantastbar 2019-20
LegalTrademarks
OriginalFilename	WinToolkit.exe
ProductName	Win Toolkit
ProductVersion	`1.7.0.15`
Assembly Version	1.7.0.15

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 7.1` `Microsoft Visual C++ v6.0 DLL` `Microsoft Visual C++ 6.0 DLL (Debug)` `Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C# v7.0 / Basic .NET` `Microsoft Visual C++ 6.0 DLL` `Borland C / Borland Builder` `.NET DLL -> Microsoft` `Microsoft Visual C++` `Microsoft Visual C++ v6.0` `.NET executable -> Microsoft`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: bcdedit.exe regedit.exe rundll32.exe taskmgr.exe` `Contains references to internet browsers: iexplore.exe` `Contains references to security software: sfc.exe` `Looks for VMWare presence: VMWare vmware` `May have dropper capabilities: %ALLUSERSPROFILE% %TEMP% CurrentControlSet\SERVICES CurrentControlSet\Services CurrentControlSet\services CurrentVersion\Run currentcontrolset\services` `Accesses the WMI: root\CIMV2 root\Security root\cimv2` `Contains another PE executable: This program cannot be run in DOS mode.` `Miscellaneous malware strings: Virus cmd.exe virus` Contains domain names: 2004-aia.verisign.com 2004-crl.verisign.com CSC3-2004-aia.verisign.com CSC3-2004-crl.verisign.com ETFSBOOT.com Repacks.net Unattended.de Win-Unattended.de Wincert.net aia.verisign.com angusj.com apple.com blackviper.com blogs.technet.com clients5.google.com crl.microsoft.com crl.verisign.com dl.dropboxusercontent.com docs.microsoft.com drive.google.com dropbox.com dropboxusercontent.com etfsboot.com google.co.uk google.com greenfishsoftware.org http://CSC3-2004-aia.verisign.com http://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer0 http://CSC3-2004-crl.verisign.com http://CSC3-2004-crl.verisign.com/CSC3-2004.crl0D http://blogs.technet.com http://blogs.technet.com/b/zhou_minxiao/archive/2007/04/05/what-is-norpfix-switch-and-what-does-it-do.aspx http://clients5.google.com http://clients5.google.com/complete/search?hl http://crl.microsoft.com http://crl.microsoft.com/pki/crl/products/CSPCA.crl0H http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl0Z http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_2010-07-06.crl0Z http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0 http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0X http://crl.microsoft.com/pki/crl/products/WinIntPCA.crl0U http://crl.microsoft.com/pki/crl/products/WinPCA.crl http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T http://crl.microsoft.com/pki/crl/products/tspca.crl0H http://crl.verisign.com http://crl.verisign.com/ThawteTimestampingCA.crl0 http://crl.verisign.com/pca3.crl0 http://crl.verisign.com/tss-ca.crl0 http://msdn.microsoft.com http://msdn.microsoft.com/evalcenter/jj554510 http://ocsp.verisign.com0 http://ocsp.verisign.com0? http://schemas.microsoft.com http://schemas.microsoft.com/SMI/2005/WindowsSettings http://schemas.microsoft.com/WMIConfig/2002/State http://search.microsoft.com http://search.microsoft.com/en-us/SupportResults.aspx?q http://support.apple.com http://support.apple.com/en_US/downloads/#safari http://support.microsoft.com http://support.microsoft.com/kb/ http://support.microsoft.com/kb/2483139 http://support.microsoft.com/kb/2496290 http://support.microsoft.com/kb/2718695 http://support.microsoft.com/kb/2847882 http://support.microsoft.com/kb/982861 http://technet.microsoft.com http://technet.microsoft.com/en-US/evalcenter/dn205286.aspx http://update.wintoolkit.co.uk http://update.wintoolkit.co.uk/updateCache.xml http://wallpaperswide.com http://wincert.net http://windows.microsoft.com http://windows.microsoft.com/en-US/windows/downloads/personalize/themes http://windows.microsoft.com/en-US/windows/downloads/personalize/wallpaper-desktop-background http://windows.microsoft.com/en-us/internet-explorer/ie-11-worldwide-languages http://wintoolkit.win-unattended.de http://wintoolkit.win-unattended.de/Update/ http://www.angusj.com http://www.angusj.com/resourcehacker/ http://www.blackviper.com http://www.blackviper.com/service-configurations/black-vipers-windows-10-service-configurations/ http://www.google.co.uk http://www.google.co.uk/?#q http://www.google.com http://www.google.com/favicon.ico http://www.google.com/search?hl http://www.greenfishsoftware.org http://www.greenfishsoftware.org/ http://www.iegallery.com http://www.iegallery.com/DownloadHandler.ashx?ResourceId http://www.majorgeeks.com http://www.majorgeeks.com/files/details/windows_hotfix_downloader.html http://www.microsoft.com http://www.microsoft.com/PKI/docs/CPS/default.htm0 http://www.microsoft.com/en-us/download/details.aspx?id http://www.microsoft.com/en-us/software-recovery http://www.microsoft.com/pki/certs/CSPCA.crt0 http://www.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt0 http://www.microsoft.com/pki/certs/MicCodSigPCA_2010-07-06.crt0 http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0 http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0 http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0 http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0 http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0 http://www.microsoft.com/pki/certs/MicrosoftWinIntPCA.crt0 http://www.microsoft.com/pki/certs/MicrosoftWinPCA.crt0 http://www.microsoft.com/pki/certs/tspca.crt0 http://www.microsoft.com/pki/crl/products/WinPCA.crl0R http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0 http://www.microsoft.com/pkiops/certs/MicWinProPCA2011_2011-10-19.crt0 http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0a http://www.microsoft.com/pkiops/crl/MicWinProPCA2011_2011-10-19.crl0a http://www.microsoft.com/pkiops/docs/primarycps.htm0 http://www.microsoft.com/provisioning/eaptlsuserpropertiesv1 http://www.microsoft.com/windows/virtual-pc/download.aspx http://www.microsoft.com/windows0 http://www.microsoft.com0 http://www.ntlite.com http://www.ntlite.com/ http://www.opera.com http://www.opera.com/download/ http://www.paypal.com http://www.paypal.com/cgi-bin/webscr?cmd http://www.pcdiy.com http://www.pcdiy.com/146/windows-7-service-pack-1-language-packs-download http://www.piriform.com http://www.piriform.com/ http://www.w3.org http://www.w3.org/1999/XSL/Transform http://www.w3.org/2000/09/xmldsig# http://www.w3.org/2000/xmlns/ http://www.w3.org/2001/XMLSchema-instance http://www.w3.org/XML/1998/namespace http://www.wincert.net http://www.wincert.net/forum/index.php?/forum/129-switchless-installers/ http://www.wincert.net/forum/index.php?/forum/180-win-toolkit-addons/ http://www.wincert.net/forum/index.php?/forum/180-windows-7-toolkit-addons/ http://www.wincert.net/forum/index.php?/forum/213-win-toolkit-v2x/ http://www.wincert.net/forum/index.php?showforum https://dl.dropboxusercontent.com https://dl.dropboxusercontent.com/s/fdha92fk7z8ry35/Office2010-x86.7z https://dl.dropboxusercontent.com/s/jymdkcqszxxz7ms/Windows8.1-x86.7z https://dl.dropboxusercontent.com/s/l8sqopd2kwsob8g/Windows7-x64.7z https://dl.dropboxusercontent.com/s/qizw50fnkcmvpol/Windows7-x86.7z https://dl.dropboxusercontent.com/s/wri6xw9adg80hat/Office2013-x86.7z https://dl.dropboxusercontent.com/s/xbb25ns1y25f03r/Windows8.1-x64.7z https://dl.dropboxusercontent.com/s/xdaps6k0l7f33q2/Office2010-x64.7z https://dl.dropboxusercontent.com/s/yk87gu4on1h1vj5/Office2013-x64.7z https://docs.microsoft.com https://docs.microsoft.com/en-us/windows/desktop/menurc/preprocessor-directives https://drive.google.com https://drive.google.com/uc?id https://msdn.microsoft.com https://msdn.microsoft.com/en-us/library/windows/desktop/aa380610 https://msdn.microsoft.com/en-us/library/windows/desktop/aa380911 https://msdn.microsoft.com/en-us/library/windows/desktop/aa381002 https://msdn.microsoft.com/en-us/library/windows/desktop/aa381024 https://msdn.microsoft.com/en-us/library/windows/desktop/aa381025 https://msdn.microsoft.com/en-us/library/windows/desktop/aa381027 https://msdn.microsoft.com/en-us/library/windows/desktop/aa381030 https://msdn.microsoft.com/en-us/library/windows/desktop/aa381043 https://msdn.microsoft.com/en-us/library/windows/desktop/aa381043.aspx https://msdn.microsoft.com/en-us/library/windows/desktop/aa381050 https://msdn.microsoft.com/en-us/library/windows/desktop/aa381058 https://msdn.microsoft.com/en-us/library/windows/desktop/dn742486 https://my.vmware.com https://my.vmware.com/web/vmware/free#desktop_end_user_computing/vmware_player/ https://support.google.com https://support.google.com/chrome/answer/95346?co https://www.dropbox.com https://www.dropbox.com/s/014xrz7u0f6jbe2/Win7SP1x64_Sept2014.iso?dl https://www.dropbox.com/s/pusv6zo9khrp928/Win7SP1x86_Sept2014.iso?dl https://www.dropbox.com/s/r6c7n1xscoczn2q/Win7SP1x64_NET_Sept2014.iso?dl https://www.dropbox.com/s/vpqmvmk6sj0oxqo/Win7SP1x86_NET_Sept2014.iso?dl https://www.microsoft.com https://www.microsoft.com/en-au/software-download/windows10 https://www.microsoft.com/en-gb/download/details.aspx?id https://www.microsoft.com/pki/ssl/cps/WindowsPCA.htm0f https://www.microsoftstore.com https://www.microsoftstore.com/store/msusa/en_US/cat/categoryID.70036700 https://www.mozilla.org https://www.mozilla.org/en-US/firefox/all/ https://www.verisign.com https://www.verisign.com/rpa https://www.verisign.com/rpa0 https://www.verisign.com/rpa01 https://www.virtualbox.org https://www.virtualbox.org/wiki/Downloads https://www.win-unattended.de https://www.win-unattended.de/ https://www.win-unattended.de/&cancel_return https://www.win-unattended.de/app.php/dlext/?cat https://www.win-unattended.de/viewforum.php?f https://www.win-unattended.de/viewtopic.php?f https://www.wincert.net https://www.wincert.net/forum/forum/179-win-toolkit/ https://www.wincert.net/forum/forum/209-wintoolkit-bugs/ iegallery.com inkscape.org majorgeeks.com microsoft.com microsoftstore.com mozilla.org msdn.microsoft.com my.vmware.com ntlite.com opera.com paint.net paypal.com pcdiy.com piriform.com schemas.microsoft.com search.microsoft.com support.apple.com support.google.com support.microsoft.com technet.com technet.microsoft.com time.nist.gov unattended.de update.wintoolkit.co.uk verisign.com virtualbox.org vmware.com wallpaperswide.com win-unattended.de wincert.net windows.microsoft.com wintoolkit.co.uk wintoolkit.win-unattended.de www.angusj.com www.blackviper.com www.dropbox.com www.google.co.uk www.google.com www.greenfishsoftware.org www.iegallery.com www.inkscape.org www.majorgeeks.com www.microsoft.com www.microsoftstore.com www.mozilla.org www.ntlite.com www.opera.com www.paypal.com www.pcdiy.com www.piriform.com www.verisign.com www.virtualbox.org www.w3.org www.win-unattended.de www.wincert.net
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES`
Info	The PE is digitally signed.	`Signer: Win-Unattended` `Issuer: Win-Unattended`
Suspicious	VirusTotal score: 1/72 (Scanned on 2026-02-01 02:04:46)	`MaxSecure: Trojan.Malware.300983.susgen`

Hashes

MD5	`86e3765bd385c07ee8130bcc8818b0f7`
SHA1	`3132600be547a702097dbd92d852c0e2d9893086`
SHA256	`9df3185347ef7d85e2252dbb233369bd1183bf969e65413d07867cb6975509ab`
SHA3	`621123bfbb7f2b97708aaeef0552aaffd1c796777bceb735597ab6d099d1db7f`
SSDeep	`393216:Rn2R47DAB2HsdCjoZO/0Va7yMDudoP65kL2FA3CBcTeN4fKp0bm1QHSxsjO9Iva3:Rn2R47DAB2HsdCjoZO/0Va7yMDudoP6X`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2020-May-14 12:13:09
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x10e4000`
SizeOfInitializedData	`0x2ba00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x010E5EF6 (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x10e6000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x1114000`
SizeOfHeaders	`0x200`
Checksum	`0x111fc48`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`fae4baa98997ac9924f2a0812b63d5ca`
SHA1	`62ae3d5def3fdfa70399ce236512dc4680db56ee`
SHA256	`6656bcef970be99206bb045a6c39b693644d43883c04e5ba40ae9c4e566440a7`
SHA3	`6f0da229b6d639cfc4131f5e99813fe3785be2908932b68e9b8e316a6e5b012b`
VirtualSize	`0x10e3f54`
VirtualAddress	`0x2000`
SizeOfRawData	`0x10e4000`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.20495`

.rsrc

MD5	`75bb78a919fcb1f7f06ff9f1827d32eb`
SHA1	`95e1b287488200c21ca16cd86eb4ae43c19ede15`
SHA256	`0a02929beabf8b7029829d48da529616bc00a4d800e6a45230fc9b9c848b7b68`
SHA3	`c6144eda7824bbdb1cc938b44b622dce9f08c8d6ac1aa0d6a09d510c1c018c7a`
VirtualSize	`0x2b7c4`
VirtualAddress	`0x10e6000`
SizeOfRawData	`0x2b800`
PointerToRawData	`0x10e4200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.02761`

.reloc

MD5	`1ddf0ea2e4ce28680b3de9e27d7a43b2`
SHA1	`6bfa516f7817f6c6b83c19b1300265d00be3c4b8`
SHA256	`5c92ce553bd7bb7f1c0650f416ad7b02d16e0cabb585382a385482c075ee2024`
SHA3	`a2d64fe1f6e137fac8299b18d933e29e58e1fb321f31e57b2931be1b77983ebf`
VirtualSize	`0xc`
VirtualAddress	`0x1112000`
SizeOfRawData	`0x200`
PointerToRawData	`0x110fa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.122276`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.02649`
MD5	`b67b9f067625b76f19dc1922d1ed1ca4`
SHA1	`59019cb9475479303e282fa30c62b3b49fafb218`
SHA256	`efce1110c23647392934b276ef65719d2de2ca016361103112c85dfb3af29bea`
SHA3	`ea962c951d90352f15f9a92cbed4bd25c9f942f0bfa77db0a80513726c1e8500`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.0028`
MD5	`2a709c3ad91982f4a53713c404addf90`
SHA1	`1d18b14ccca2a16ea31b214d4bddb50e1699f2c6`
SHA256	`dc309c24674191f5b5a32742d6ab4488ed4f3e45e503df30282817bc534b928b`
SHA3	`78c73e4d04a6faae6aaaa3124369c6e019378c1169b8469b289b735e2ee4eee9`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.93778`
MD5	`90817fd571422150f15d45f47618a40d`
SHA1	`c6813fac951c073fde0b4286918ba8a458fc748c`
SHA256	`b31592115e471ecf19b7632a0e3a037335846128c5261ca76f729463bbe6937a`
SHA3	`046c272d2761a90d55f9d9cc49b0361be8ffb6f310ed1694afb7219917033a86`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.58017`
MD5	`18c32ddc6ee567f99195ae51b64623b6`
SHA1	`bb5811e6b9d2211b79ef06187493f3835d829869`
SHA256	`667c6c846cafd8827e4013da927c16df096a484df20c8f3f1f7bb433a7c0c72c`
SHA3	`37b1f44b68ae3e7acb1ce390da6578554d9f1948e0c06c688a8353e9085d9788`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.97507`
MD5	`317e1f8da87f508dbbb5602592f5b3ae`
SHA1	`a5a3f86ad7eb24681d6632f31b7a22a8df0fa722`
SHA256	`7e8fcbe5d0c712cc4038687c76e0d0048e46004847b786cd8050b16d42dd018f`
SHA3	`75785e5a78772b6b03cbd940c8ff3223cf5857c2947b1b2627ad7b15c05d2e06`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.59494`
MD5	`c191aa4e075f3b2e14db19bbe4d06886`
SHA1	`fa00fa9ad637447fc681ac6b166b01cc6d5076ad`
SHA256	`1bea4fb143e47eb9f91310e07d251e404f69aad04ecb44d227bf7701888092ec`
SHA3	`8913c81a75edc94d89ddb1f2bd585ea2bd087b7de301e1587ce8d270ebbb750f`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.4802`
MD5	`9a649365869f91636d3ca9bbfae9f31a`
SHA1	`df7b9c199620460d0f9deb317864e06bd2a2ed63`
SHA256	`74ce2f7d38cf0bf08e41ad8cdeb369cc825bbdbc5f7192b61410b4f37e9972dd`
SHA3	`a62f7d11a565af5632c5d273d06f6213350c8dc665d4f14f2eefb9d49c35b562`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.50373`
MD5	`d4f37e303d40ff6b558b450b975ae5b2`
SHA1	`8b0712206d46e8f93a727bf266b912aeef38e6ed`
SHA256	`d5eb9bfa0dc47ad51c8e1c7f281e35b056b2774dbfce8ef9a2b958eec522aea6`
SHA3	`d37132cfc02fabc4235937f49d55c47c3b162e4c50601419b2cb48fe396532a2`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2d7a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.93752`
Detected Filetype	PNG graphic file
MD5	`8e0cfa232f8a1b9549a1dfe5e27790ea`
SHA1	`7b883c0f2139335b610fbbe2dd43591dfcedf872`
SHA256	`2ac9f4bfeed855240c28631d164e0f4f8b941aacbc33da43ec3d0433e8703632`
SHA3	`b097d8792d4d62205f0f7b9b68af39d0e14f82103f105f3078b9090b1c92ab2e`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.03466`
Detected Filetype	Icon file
MD5	`7f4f4e5fda9093fd314c77abc2cb1dca`
SHA1	`81e3bb9f54891728c2b558334bfbd79fb939bf7e`
SHA256	`7c4b85e13be0a5592b4f678150e29bbd062af7216799ad62573e6c49bfd720b1`
SHA3	`0b308eaff7c0e816c954faffb291b616eb581f8c4a757be86c6ee47354686006`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x402`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.42586`
MD5	`6f810eb4e60d5f8ca1b144ef0460f74c`
SHA1	`be31ce5927cb224d2d5c433a9c4838133cd699dc`
SHA256	`d433fb773391286db03a21031bffb878f3e3e9b8dd2c0564d08dd8c0102affc6`
SHA3	`7194a79ea0b55bf9f3460d6975a2786a483bb25c64248fc200b09f9f07ccf391`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xb49`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.95183`
MD5	`daea54e50ce6d0df68b41707f7390365`
SHA1	`6da5028a73f582d3026d134bdfc9efc7710ac168`
SHA256	`cb873fa9f8141d87d5cfd3e7a3b93ec5e763c7809a08dcd289541fd2f071770c`
SHA3	`f6b219d7bbb47dd8b25e53bbdf048e9da3071f5dc2e8fba1eaaeea431bf813f3`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.7.0.15
ProductVersion	1.7.0.15
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	Modifying Windows 7, 8, 8.1 and 10 Images.
CompanyName	Legolash2o / Unantastbar
FileDescription	Win Toolkit
FileVersion (#2)	1.7.0.15
InternalName	WinToolkit.exe
LegalCopyright	Copyright © Legolash2o 2012-18 © Unantastbar 2019-20
LegalTrademarks
OriginalFilename	WinToolkit.exe
ProductName	Win Toolkit
ProductVersion (#2)	1.7.0.15
Assembly Version	1.7.0.15

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2020-May-14 12:13:09
Version	`0.0`
SizeofData	`284`
AddressOfRawData	`0x10e5d88`
PointerToRawData	`0x10e3f88`
Referenced File	D:\WinToolkit_v1\WTK1\obj\x86\Release\WinToolkit.pdb

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Yara callback received an unhandled message (6).