Manalyze report for 87ff0ddec7e4a61a3aad9a9f3c15e5ac

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2020-Aug-08 12:28:18

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW LoadLibraryA` `Possibly launches other programs: CreateProcessW` `Can create temporary files: GetTempPathW CreateFileW` `Leverages the raw socket API to access the Internet: ntohl` `Enumerates local disk drives: GetDriveTypeW`
Suspicious	The file contains overlay data.	`12270733 bytes of data starting at offset 0xbd800.` `The overlay data has an entropy of 7.96214 and is possibly compressed or encrypted.` `Overlay data amounts for 94.0508% of the executable.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`87ff0ddec7e4a61a3aad9a9f3c15e5ac`
SHA1	`4b2d8b49114f54173b05d4a4cb319176a3ea847d`
SHA256	`418084543a48ba91226a7824e7c6dc54a7a46045b7579c255dd0c457376c321b`
SHA3	`9239cdb8ea4066bc3947e6cc32b42058ef6a0d8e406cdb51b844f96eae38f25e`
SSDeep	`393216:+ZTP1hmzLgtIGtYXIotN3ZWLU4Vj7aiBo:g9hm0tttYVtN30UW`
Imports Hash	`58053a2a3020fdc7713b576ad93bf7bd`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2020-Aug-08 12:28:18
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x21000`
SizeOfInitializedData	`0x9c400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000008654 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0xcc000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`db3405ebf9c03c5408d69757198848a0`
SHA1	`1306f1717d01ddc00c653fa5c6002edb17983491`
SHA256	`28e52a174601a004c6d50c0916b169483baab35e8b1ffea761343b25df02880e`
SHA3	`121fa7c2b74dd2aaa2fee6ffef3c9d25bd6c966f3a1942b783215de939ad6521`
VirtualSize	`0x20ff0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x21000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.46338`

.rdata

MD5	`a1ccafc259fdeab90aad44cfacee0915`
SHA1	`1137213290e0f033935343c552bfb07599168546`
SHA256	`42d43e71273c5511aef4d8743c97d36c364467ce02c1cde6adafa22b94c3599b`
SHA3	`885687fca57c585fec42d09f80a95e4f2a7b4501531cf313ad07e5d8271625dd`
VirtualSize	`0xf6d2`
VirtualAddress	`0x22000`
SizeOfRawData	`0xf800`
PointerToRawData	`0x21400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.83806`

.data

MD5	`4fac933499e097894ee311fbf7464ac0`
SHA1	`91a5fd4281f3667bab2fe49c05372beff015be4c`
SHA256	`5dcc34dda7507b68864cd0e093ba7d868b171e3aedd25cec7a4c6a2b2a075415`
SHA3	`7dd4d5bace3f962f8931400445fda7f119a93f9c86f1925ca2bee5ec64932c33`
VirtualSize	`0xb0f8`
VirtualAddress	`0x32000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x30c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.83869`

.pdata

MD5	`d00161f46412ad0c79c06026c2849be7`
SHA1	`e153f2cc5fb9b198fdaea16acb6ab1e4b9b7c0dc`
SHA256	`d8a743db97c7dcf721fd2a5f06e03aeffbaac8c1c0c01d01d7a55a630362d997`
SHA3	`efcf9202e2310c23f3bc3171da1e9b14948556e0f03cda3c75f1a84a21b2275f`
VirtualSize	`0x1d28`
VirtualAddress	`0x3e000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0x31800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.24915`

.gfids

MD5	`0a20ca79306da83dc4cf95d7d7b52e97`
SHA1	`6028c910fcccf287ff901223de4679bb018c1a4c`
SHA256	`7ec67faf89d1adbfa5eda1699d18b1f9d67985893c887927a26bfaaf4f16decd`
SHA3	`039c0a3611fbcbb4c80ac4fc2b002ef5c1c81194fa837e657e57c65c1ac67a3a`
VirtualSize	`0xac`
VirtualAddress	`0x40000`
SizeOfRawData	`0x200`
PointerToRawData	`0x33600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.75456`

.rsrc

MD5	`bc52053a3ed32337986e69b26afeebad`
SHA1	`55579d526a100c08324e26bcce031537682cac74`
SHA256	`261d56f25516084b8df7948ac6c1cca5bb90701b9524be2294c425b94de84826`
SHA3	`04de9067233e2b6dee170310586d8ee7227fc7c6d18597f6d62bca4bdbbdf2ca`
VirtualSize	`0x8973c`
VirtualAddress	`0x41000`
SizeOfRawData	`0x89800`
PointerToRawData	`0x33800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.90892`

.reloc

MD5	`f186f235d075bc468bd92b65d816b991`
SHA1	`d45ec48431f8aac33a8f75ae6a4d884e0050549e`
SHA256	`a111e4596d0a8eb34d7478c48515c0ffbfcff15a6a1cdd778bc768a14dfb7b73`
SHA3	`3fe93e347bd5f999e6e2ab3955f97762e08e75cefc0e01b8a04f2a3b94f48125`
VirtualSize	`0x690`
VirtualAddress	`0xcb000`
SizeOfRawData	`0x800`
PointerToRawData	`0xbd000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.99813`

Imports

KERNEL32.dll	`GetModuleFileNameW` `GetProcAddress` `GetCommandLineW` `GetEnvironmentVariableW` `SetEnvironmentVariableW` `ExpandEnvironmentStringsW` `GetTempPathW` `WaitForSingleObject` `SetDllDirectoryW` `GetExitCodeProcess` `CreateProcessW` `GetStartupInfoW` `LoadLibraryExW` `CreateDirectoryW` `FormatMessageW` `LoadLibraryA` `MultiByteToWideChar` `WideCharToMultiByte` `Sleep` `GetLastError` `SetEndOfFile` `HeapReAlloc` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `GetModuleHandleW` `RtlUnwindEx` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetCommandLineA` `ReadFile` `CreateFileW` `GetDriveTypeW` `GetFileType` `CloseHandle` `PeekNamedPipe` `SystemTimeToTzSpecificLocalTime` `FileTimeToSystemTime` `GetFullPathNameW` `GetFullPathNameA` `RemoveDirectoryW` `FindClose` `FindFirstFileExW` `FindNextFileW` `SetStdHandle` `SetConsoleCtrlHandler` `DeleteFileW` `GetStdHandle` `WriteFile` `ExitProcess` `GetModuleHandleExW` `GetACP` `HeapFree` `HeapAlloc` `GetConsoleMode` `ReadConsoleW` `SetFilePointerEx` `GetConsoleCP` `CompareStringW` `LCMapStringW` `GetCurrentDirectoryW` `FlushFileBuffers` `SetEnvironmentVariableA` `GetFileAttributesExW` `IsValidCodePage` `GetOEMCP` `GetCPInfo` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `GetStringTypeW` `GetProcessHeap` `WriteConsoleW` `GetTimeZoneInformation` `HeapSize` `RaiseException`
ADVAPI32.dll	`ConvertStringSecurityDescriptorToSecurityDescriptorW`
WS2_32.dll	`ntohl`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xa068`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.28112`
MD5	`42798907e12405ae8e79af1c02b0169c`
SHA1	`8bad45dea2c7b4abbd85692a16e8e8da9ec440f2`
SHA256	`f1ac655951ee884d6c9d175cea3c14809f16ce51ffa3905d585eb8e69c66ac90`
SHA3	`40b6134b97607ab78dfd834d773c8e000a1841c09ad901bf5ebc243da41be723`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.79754`
MD5	`b7732221328e6faec3a254f9f9d655d9`
SHA1	`50dff1ca7253fb4bc662a0a5081c116f961ed31c`
SHA256	`f21ebe90706e03b44e47cc74ba4282bed26326f555d0ddbf34196b3d1c6af67a`
SHA3	`cb5407b6fff009a21fe4cde5336097eccf4526cb9d0e40a213ef5f9d89837819`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.08168`
MD5	`138fa69f3212aa1b576394583e9d2362`
SHA1	`b773bedf563a3afe287c76394ff2ce6329b1808b`
SHA256	`9c175c3c9cb4e928b1626295d2e6380f2b34e4fc84f8ace8aed219913719c072`
SHA3	`6ad5b50354003c19e7dd98d71ba23a5595d838726a745afed75bd0ee6a470b87`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.96575`
MD5	`3de53166bb9df3ccca753b729f59373b`
SHA1	`a856db5ad7d23bbe180891053fa60d06d27b98f5`
SHA256	`fab97aca132f190a21bb9bb9120ce8a300054d4edc530e7802a15dc3f18b072a`
SHA3	`70a004d121fd8261f44dc7576d2c069c472174e120cd3ee68a5cdc61b6462a2e`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.44873`
MD5	`a0cff37b65841eab27501d50afc02064`
SHA1	`1d3fc2d2fdd96ac9ede88bc67ea0ae35090d7746`
SHA256	`3c03f85c1444ae4c6ccd52b58226bca18783bff391d2d483f5c0ae11a195939a`
SHA3	`2c564ee22bd4fc0cbda94edce8ed6426f0ff04398f5340fdbed18a86e8033620`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x12428`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.00341`
MD5	`98d9af12a604377c004ef95295780b22`
SHA1	`b8bd206dcbd50ac74d9680bdfc0dd22289754110`
SHA256	`135b81b48d333ee71166a27b45bec534d45587cecb0d2df74eacaac019eee671`
SHA3	`2bf88befe3636fb0a6fe3a067da848f73d82f41ffb1cbb4c8a6e0d14a340f7ca`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.03701`
MD5	`63a21c932c96b471a88f53d14e0326c3`
SHA1	`dbc6b12bf679242712ded5beee74edd583370f0f`
SHA256	`0ef7bd89459c55a761f47255fb76daca8e40b4772329f04001c8e4932382e975`
SHA3	`a663e38ea9857f69d8ec0a4eeff1b9928c75d35fe3ae6dcb391eabe42933bed1`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.35676`
MD5	`325fe5a8534a640e00ee2e4589594d46`
SHA1	`2301c7cf03fa9e5a7352a77e9475ad555466067b`
SHA256	`3bc454a0926220f38fc23397c9f0540b48d7d840245194831b81e3d1a5f20dfd`
SHA3	`55c16efc38f5789f2cd4ad0c696826d0266cfd91b6a5d0f98d263769613ec5e5`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x6c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.98922`
MD5	`af79ff7c886f991177d7acefec848c1a`
SHA1	`b6ddf4129f03969d68b6dc0cd91aa0a1f93f6f48`
SHA256	`ce7f095b55d3d335bfe0fcf859483c8fa2b6d4bb048207b57e035674aabfd7ea`
SHA3	`3b406f8da30037c768ea9aac930f3e2284338d076ea71d2c0d990aa23ee34b93`

10

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.63699`
MD5	`1566fabc4b3dfb35fbc00bf170d2bc19`
SHA1	`87a65befd49b7795f76a277d0325671e6d2a5ee6`
SHA256	`c975cb42cc41f2de55159602ff4a8a3e30dfb8aff733d130e97b637c441136ee`
SHA3	`49e5a8a1cb886b0465dc3e50db905dac665d40fc9bdb241caba0b95ca342d107`

11

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.30979`
MD5	`d1aefd8c025aa5d1a0b07d833eaa6f73`
SHA1	`088c0da47b147387829a13f49939f3d6a3aef5ac`
SHA256	`5d78aeef4ae00220ce453ea5376b2a9cf565dd69efe977809ef0a165635859c1`
SHA3	`caf60295ffa1946004b133b44f504542f1bccaafbebe6d7810c6c993c68d92d5`

12

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.47068`
MD5	`93ba5be71f810f94ae330f9194b499a8`
SHA1	`f0c970b41f726c55692be3dea41cc496bc05374b`
SHA256	`0bc32f95e61a474c23f7a78dff29f09c9d5e086759d06d1e398a39f2f14c769f`
SHA3	`294bd0e4c49e7d2b46ecee75bf8e75300608f8e6594d95b66f76f8d56b20512a`

13

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.58069`
MD5	`47871e17dd54f3aef8faa1b9364bf822`
SHA1	`0e0ac29df4564bca738766634b7f92d77350cb55`
SHA256	`0215a1eed3c488e95c99fa09d198072b2ec00a8e33b5e9a6dc30dd990db94119`
SHA3	`4ea206a07acf2997c2bd22d5e65372a79d6b49d5d79bed45ee0b93fdbb40c3ef`

14

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x5488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.81965`
MD5	`a6c2168e495f8484710801a9218b5735`
SHA1	`1d5c59518242b86a68b3080f6aa8034d47798189`
SHA256	`a312af06b8c95e73a544c8a2749023bcd81077c873a9b065be7a6736f6ddf707`
SHA3	`5af398851c98a4b3a1cefec52b5b9acce34f99c5b219771a5723697d7db2574b`

15

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.95339`
MD5	`31f15984dab32a56646f4389b8dd23d4`
SHA1	`ffe1f20a0462a74f69993499c7f333909c71d743`
SHA256	`10446811475181783380253a184c2739419ccca6e3b29e1537e46d0589f44049`
SHA3	`bfd7dba8e023226c0f751e24995c30cbe37f6fdbad0f035518516f1f2d663ed4`

16

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.2405`
MD5	`639ceee61328ac034ff189864b50be9d`
SHA1	`30b42c11c0b1f4970bc27a0a949c626a48af7aea`
SHA256	`bf79eb5129750fc1d498816557cd2c90092cee43e0f4201ed3d6984c6d98901e`
SHA3	`de4f92c3f0f5d59367ee892b861d323f93f7966bdaf765a4c24dc183d6422cb9`

17

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.6587`
MD5	`a7a3410fc8a02c9d8d2dcbb379e5ab28`
SHA1	`7016f4072d96acbb04b32b1d7de03876c20f44e5`
SHA256	`0130024e686482b2bf00b20c729e0663576f169e39ca170f0d0517b3a33896fc`
SHA3	`7166d2f5aae87c0752fe24e9dda2b38cc81d14dbebfde986776bfeefbccca038`

18

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.99938`
MD5	`325fdeb1dab9b94ca802d19f3f1e4598`
SHA1	`435fcf5b638c94e63b27cd6cf2952687eab0b898`
SHA256	`a71242714a61fedc821f814f8d880f4f7e726516b3b79ecd1754707fce504645`
SHA3	`0d35bb914c28a454b209d213f9421e90bba14b05f4827318d0c8096d244efc0d`

19

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.21171`
MD5	`ba3fc97f5a0eb4c86a58959fcb149e43`
SHA1	`c4a329a5005f2d9855ae8d49ad026fbd88c45fa8`
SHA256	`e393d3d232ced8c0480839265ed6328cb2e8d2105372fd2f8d97aef36286482a`
SHA3	`0ee5f3cb2714b0c7db6c85b4f1c85dd4ac3a294f1e90eb4e1e8971bd6d141ff5`

0

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x110`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.23244`
Detected Filetype	Icon file
MD5	`ed7e652d50da7cee2966682e688be327`
SHA1	`2e79c36def7e96caba3e9a5c7e0bdef2784894f8`
SHA256	`40cc9dba70bea1e2cc44c753fabb7e3f064886ff02566a127a4cfb7e3702db9f`
SHA3	`c96a37daccac1fbe61ad1c324655318e42d1536c69e9d3fdc24a178cc91d916c`

101

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.71858`
Detected Filetype	Icon file
MD5	`d06bb5f499a7e63fdebdde478b53af68`
SHA1	`f4b46ca808dc838d436be1d2c13a40d51bdd8f4f`
SHA256	`038506ab04814afcdce660ffc0de198ebe40a5b0d8e090799549e208c689fed5`
SHA3	`af3d6a80a0ad9e117953a9e1466a44d29b3d32a19a456a9297995e94ead2efd7`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x4f3`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.26685`
MD5	`6a84711931e92432ee50a9480c047476`
SHA1	`a4b0b147ef6824c0cee3c4fcec9c47f022eac5a0`
SHA256	`ce9cbff140d4328df3c50988b0d6ac7b84e16f5127638240f0014a8b507866c8`
SHA3	`0f32eb5a271394549d019491912dadb5221521f9e1bc991732b829cd5a63d4f7`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2020-Aug-08 12:28:18
Version	`0.0`
SizeofData	`720`
AddressOfRawData	`0x2ecd8`
PointerToRawData	`0x2e0d8`

TLS Callbacks

Load Configuration

Size	`0x94`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140032010`

RICH Header

XOR Key	`0x281a5b95`
Unmarked objects	`0`
241 (40116)	`7`
243 (40116)	`169`
242 (40116)	`13`
ASM objects (VS2015 UPD3 build 24123)	`7`
C++ objects (VS2015 UPD3 build 24123)	`28`
C objects (VS2015 UPD3 build 24123)	`19`
Imports (65501)	`7`
Total imports	`114`
C objects (VS2015 UPD3 build 24210)	`16`
Resource objects (VS2015 UPD3 build 24210)	`1`
Linker (VS2015 UPD3 build 24210)	`1`

87ff0ddec7e4a61a3aad9a9f3c15e5ac

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.gfids

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

0

101

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors