Manalyze report for 8e437da3d9b48bf6e54b8182b1842a1d

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-Mar-25 19:38:41
Detected languages	English - United States
CompanyName	PGWARE LLC
FileDescription	Typographic Prayer
Languages	English
InternalName	Worker Acyclic
LegalCopyright	(C) 2007-2015
FileVersion	`7.4.2.789`
PrivateBuild	7.4.2.789
OriginalFilename	Worker Acyclic.exe
ProductName	Worker Acyclic
LegalTrademarks	(C) 2007-2015
ProductVersion	`7.4.2.789`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: cmd.exe` `Contains domain names: cs.nott.ac.uk http://www.plantontology.org http://www.plantontology.org/xml-dtd/po.dtd nott.ac.uk plantontology.org www.plantontology.org`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW LoadLibraryA GetProcAddress` `Can access the registry: RegCloseKey RegQueryValueExA RegOpenKeyExA RegOpenKeyA` `Possibly launches other programs: CreateProcessA CreateProcessAsUserA` `Functions related to the privilege level: DuplicateTokenEx` `Can take screenshots: GetDC BitBlt CreateCompatibleDC`
Info	The PE's resources present abnormal characteristics.	`Resource 141 is possibly compressed or encrypted.` `Resource 165 is possibly compressed or encrypted.` `Resource 173 is possibly compressed or encrypted.` `Resource 194 is possibly compressed or encrypted.` `Resource 212 is possibly compressed or encrypted.` `Resource 285 is possibly compressed or encrypted.` `Resource 353 is possibly compressed or encrypted.` `Resource 357 is possibly compressed or encrypted.` `Resource 404 is possibly compressed or encrypted.` `Resource 522 is possibly compressed or encrypted.` `Resource 561 is possibly compressed or encrypted.` `Resource 593 is possibly compressed or encrypted.` `Resource 704 is possibly compressed or encrypted.` `Resource 77 is possibly compressed or encrypted.` `Resource 852 is possibly compressed or encrypted.` `Resource 854 is possibly compressed or encrypted.` `Resource 876 is possibly compressed or encrypted.` `Resource 890 is possibly compressed or encrypted.` `Resource 90 is possibly compressed or encrypted.`
Malicious	VirusTotal score: 11/70 (Scanned on 2020-03-25 23:30:16)	`Sangfor: Malware` `CrowdStrike: win/malicious_confidence_70% (D)` `APEX: Malicious` `Endgame: malicious (high confidence)` `Trapmine: suspicious.low.ml.score` `FireEye: Generic.mg.8e437da3d9b48bf6` `SentinelOne: DFI - Suspicious PE` `Webroot: Trojan.Dropper.Gen` `Ikarus: Trojan-Banker.UrSnif` `BitDefenderTheta: Gen:NN.ZexaF.34104.fr0@aGtlBUli` `Qihoo-360: HEUR/QVM10.1.2183.Malware.Gen`

Hashes

MD5	`8e437da3d9b48bf6e54b8182b1842a1d`
SHA1	`b56ff711b575d77a19f7b6b2eb132133ca6a1eb4`
SHA256	`3c630ef685a02e611037b6ae52a89d10355620ca159dd3fa136ca294ef2e7f7a`
SHA3	`e24f23260050e87d15ef91f5f6185b5510cf03f577289952a4709da92dd23344`
SSDeep	`24576:uziOpl4G7ZFryG/TCIeKIQPV7aNDUsYEelQ:uGpG7ZFD76DU2elQ`
Imports Hash	`1dc365c50747a06aa7b706553e8cef2e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2020-Mar-25 19:38:41
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`12.0`
SizeOfCode	`0x95600`
SizeOfInitializedData	`0x81600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0007A851 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x97000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x182000`
SizeOfHeaders	`0x400`
Checksum	`0x12645f`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`4d3fce07fff4373ede59027b8f2f73be`
SHA1	`9aa274ec38d224cb0401a2d467a32c0f907471de`
SHA256	`20958232b9537e807fd998c75ac60fa183b8335ed1f6c8d6d1ee702cfa36cae9`
SHA3	`b9a63b4e86e1f128f69769c6ecc986048b3ee12014131969feae2abcd49eecce`
VirtualSize	`0x9550d`
VirtualAddress	`0x1000`
SizeOfRawData	`0x95600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.47166`

.rdata

MD5	`6cf5426fb5241ec1c0584b9529fcad67`
SHA1	`8b8ed82b8667bc1c7c51228e999e73f485fd9eec`
SHA256	`2f32c04b56b3296e768587c700f014746fbb50bb91ea9917614badd358fa993d`
SHA3	`3be6ffa58016d9232c66b28e333bf5f9ad6a9e04c2a36a861f252660d3fcd624`
VirtualSize	`0x33172`
VirtualAddress	`0x97000`
SizeOfRawData	`0x33200`
PointerToRawData	`0x95a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.45478`

.data

MD5	`2ec7d9a0db60adf6db6d0485c5881753`
SHA1	`4cca1fd3d05174b533255d02b01b26307817bec7`
SHA256	`160cfb0e17efb16ec1f4633b4904eb22ac05df26d504022e66604dd58a92ae66`
SHA3	`60093232f8ebd59191714573759a76d833973777346ff1ecc31dc039765d05ad`
VirtualSize	`0x6d508`
VirtualAddress	`0xcb000`
SizeOfRawData	`0x6200`
PointerToRawData	`0xc8c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.13425`

.rsrc

MD5	`edcc9b9538cf84a5e2d455a04b1f870d`
SHA1	`1142d6b90236b7b03232905340539412ad8e162a`
SHA256	`04ec252efe9665e3d1f2196dec5fa051660e939e39147e88ffd70b5b8521c0a2`
SHA3	`4c57826933c5c40e659901bebd4a789a9683189141817f4db422be1aae11d979`
VirtualSize	`0x481cc`
VirtualAddress	`0x139000`
SizeOfRawData	`0x48200`
PointerToRawData	`0xcee00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.66055`

Imports

KERNEL32.dll	`GetModuleFileNameA` `GetOEMCP` `GetACP` `IsValidCodePage` `LoadLibraryExW` `SetFilePointerEx` `GetConsoleMode` `GetConsoleCP` `GetModuleFileNameW` `GetCurrentThreadId` `IsDebuggerPresent` `GetProcessHeap` `HeapSize` `EnumSystemLocalesW` `GetUserDefaultLCID` `IsValidLocale` `GetLocaleInfoW` `LCMapStringW` `CompareStringW` `IsProcessorFeaturePresent` `GetModuleHandleW` `GetStartupInfoW` `TlsFree` `GetEnvironmentStringsW` `TlsGetValue` `QueryPerformanceCounter` `TerminateProcess` `GetCurrentProcess` `Sleep` `InitializeCriticalSectionAndSpinCount` `SetLastError` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `GetCPInfo` `GetCommandLineA` `AreFileApisANSI` `GetModuleHandleExW` `HeapAlloc` `GetSystemTimeAsFileTime` `GetFileType` `SetStdHandle` `RtlUnwind` `RaiseException` `HeapFree` `GetStringTypeW` `MultiByteToWideChar` `DecodePointer` `EncodePointer` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `FreeEnvironmentStringsW` `HeapReAlloc` `OutputDebugStringW` `WriteConsoleW` `TlsAlloc` `GetCurrentProcessId` `ReadConsoleW` `GetExitCodeProcess` `CreateProcessA` `GetFileAttributesExW` `SetEnvironmentVariableA` `CreateFileW` `ReleaseMutex` `WideCharToMultiByte` `LoadLibraryA` `CreateEventA` `lstrcatA` `GetLastError` `VirtualAlloc` `GetLocalTime` `GetExitCodeThread` `GetProcAddress` `BuildCommDCBA` `SetCommTimeouts` `SetCommState` `GetCommTimeouts` `GetCommState` `FlushFileBuffers` `WriteFile` `FindNextFileA` `FindFirstFileA` `CreateFileA` `CreateMutexA` `CloseHandle` `FindClose` `ReadFile` `GetFileSize` `GlobalUnlock` `GlobalLock` `GlobalAlloc` `GetConsoleWindow` `SetConsoleTitleA` `FreeConsole` `AllocConsole` `WriteConsoleInputA` `GetModuleHandleA` `GetStdHandle` `CreateThread` `ExitProcess` `WaitForSingleObject` `TlsSetValue` `SetEndOfFile`
USER32.dll	`CallWindowProcA` `RegisterClassExA` `SetLayeredWindowAttributes` `SetDlgItemInt` `GetDlgItemInt` `GetDlgCtrlID` `GetFocus` `KillTimer` `DrawMenuBar` `GetSystemMenu` `TrackPopupMenu` `DrawTextW` `GetForegroundWindow` `CheckMenuRadioItem` `GetWindowTextA` `EnableScrollBar` `GetWindowTextLengthA` `MapWindowPoints` `GetScrollInfo` `DrawFocusRect` `SetRectEmpty` `InflateRect` `PtInRect` `GetParent` `DestroyIcon` `DrawIconEx` `GetMenuItemInfoA` `ModifyMenuA` `CheckMenuItem` `TranslateAcceleratorA` `LoadAcceleratorsA` `GetMenu` `EnableMenuItem` `SetWindowPos` `DialogBoxParamA` `EndDialog` `GetDlgItemTextA` `GetSysColor` `SetScrollInfo` `SetScrollPos` `GetWindowTextW` `wsprintfA` `DefMDIChildProcA` `SendMessageA` `GetDlgItem` `WindowFromDC` `SetDlgItemTextA` `GetAncestor` `GetIconInfo` `CheckDlgButton` `CheckRadioButton` `IsDlgButtonChecked` `OpenClipboard` `CloseClipboard` `SetClipboardData` `EmptyClipboard` `EnableWindow` `UpdateWindow` `InvalidateRect` `GetWindowRect` `MessageBoxA` `GetWindowLongA` `SetWindowLongA` `EnumDisplayMonitors` `ShowCursor` `AdjustWindowRectEx` `DestroyWindow` `CreateWindowExA` `UnregisterClassA` `CopyRect` `SetRect` `GetMonitorInfoA` `MonitorFromWindow` `OffsetRect` `ChildWindowFromPoint` `GetClientRect` `SetWindowTextA` `GetUpdateRect` `EndPaint` `BeginPaint` `SetActiveWindow` `MsgWaitForMultipleObjects` `ReleaseCapture` `SetCapture` `ToAscii` `GetKeyboardState` `GetKeyState` `IsZoomed` `IsIconic` `ShowWindow` `PostQuitMessage` `DefWindowProcA` `GetMessagePos` `PeekMessageA` `DispatchMessageA` `TranslateMessage` `GetMessageA` `TrackMouseEvent` `LoadIconA` `GetDesktopWindow` `ReleaseDC` `GetDC` `GetSystemMetrics` `GetClassInfoA` `RegisterClassA` `EnumDisplaySettingsA` `ChangeDisplaySettingsExA` `LoadCursorA` `SetClassLongA` `ScreenToClient` `ClientToScreen` `GetCursorPos` `SetCursor` `SetCursorPos` `PostMessageA`
GDI32.dll	`BitBlt` `CreateEllipticRgn` `CreateFontA` `CreatePen` `EnumFontsA` `ExcludeClipRect` `GetPixel` `GetStockObject` `GetWindowOrgEx` `SetStretchBltMode` `SetDCPenColor` `SetBkMode` `SelectObject` `CreateDIBSection` `SetAbortProc` `GetObjectA` `SetViewportOrgEx` `SetWindowOrgEx` `StretchBlt` `CreateDCA` `SetBitmapBits` `DeleteDC` `GetDeviceCaps` `DescribePixelFormat` `GetPixelFormat` `ChoosePixelFormat` `SetPixelFormat` `CreateCompatibleBitmap` `DeleteObject` `SetTextColor` `SwapBuffers` `CreateCompatibleDC` `Rectangle` `CreateSolidBrush`
COMDLG32.dll	`GetOpenFileNameA` `GetSaveFileNameA`
ADVAPI32.dll	`RegCloseKey` `RegQueryValueExA` `DuplicateTokenEx` `CreateProcessAsUserA` `AllocateAndInitializeSid` `RegOpenKeyExA` `RegOpenKeyA`
SHELL32.dll	`SHGetSpecialFolderPathA` `SHGetFileInfoW` `SHBrowseForFolderA` `SHGetPathFromIDListA` `DragFinish` `DragQueryFileA` `#43` `#47`
ole32.dll	`CoTaskMemFree` `CreateStreamOnHGlobal` `StringFromCLSID`
OLEAUT32.dll	`#161`
OPENGL32.dll	`glVertex3f` `glScalef` `glRotatef` `glReadPixels` `glRasterPos2f` `glNormal3f` `glLightfv` `glLightModelfv` `glEnable` `glColor3f` `glColor3d` `glClearColor` `glClear` `wglGetCurrentDC` `wglDeleteContext` `glGetIntegerv` `glGetBooleanv` `wglMakeCurrent` `wglGetCurrentContext` `wglCreateContext` `wglGetProcAddress` `glDrawBuffer` `glGetString` `glGetError` `glVertex2i` `glRasterPos2i` `glPushMatrix` `glPushAttrib` `glPopMatrix` `glPopAttrib` `glOrtho` `glMatrixMode` `glLoadIdentity` `glDisable` `glColor4fv` `glVertexPointer` `glTexCoordPointer` `glEnableClientState` `glGetFloatv` `glDrawElements` `glDrawArrays` `glDisableClientState` `glReadBuffer` `glNormalPointer` `glViewport` `glFlush` `glBegin` `glBitmap` `glEnd` `glPixelStorei` `glPopClientAttrib` `glPushClientAttrib` `glTranslatef` `glVertex2f` `glColor4f`
GLU32.dll	`gluPerspective`
COMCTL32.dll	`CreateToolbarEx` `#413`
WINMM.dll	`timeGetTime` `joyGetPosEx` `timeBeginPeriod` `timeEndPeriod` `joyGetDevCapsA`
SHLWAPI.dll	`PathFindExtensionA`
SETUPAPI.dll	`SetupDefaultQueueCallbackA` `SetupTermDefaultQueueCallback` `SetupInitDefaultQueueCallback` `SetupSetDirectoryIdA` `SetupCloseInfFile` `SetupOpenInfFileA` `SetupInstallFromInfSectionA`
MSIMG32.dll	`AlphaBlend`
urlmon.dll	`HlinkNavigateMoniker` `CreateFormatEnumerator` `HlinkGoForward`
WTSAPI32.dll	`WTSQuerySessionInformationA` `WTSEnumerateSessionsA` `WTSFreeMemory` `WTSQueryUserToken`
pdh.dll	`PdhCollectQueryData`
credui.dll	`CredUIConfirmCredentialsA` `CredUICmdLinePromptForCredentialsA`
AUTHZ.dll	`AuthzUnregisterSecurityEventSource`

Delayed Imports

701

Type	`REGISTRY`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2a3`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.45532`
MD5	`38b805314fa7d8521d373d61d857efd0`
SHA1	`b45f5f403fe42c5df4d672331aacc7d0b5e488e3`
SHA256	`af49e0ecda8db4bcee098ad396d0a75fc58d947c07306a988a008d120fac50d8`
SHA3	`c11b965ea73fd7cad96ee88040b889e84bae3a493609f247f28319a1b2a235c0`

1832

Type	`REGISTRY`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2c3`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.27628`
MD5	`25bc502f3d763a639e139a3fb51a5303`
SHA1	`4e83c90e3e1f0c4a288731c8797fd202314db2aa`
SHA256	`f7df2e858f4b6b874b1c07152c175ac4a1381c26a49d39b1ce6a8b0224c93ea4`
SHA3	`03cc17a1a801de880faab472466a416a4c4bdbd9b044d25ace24d62e32e5f0ca`

4654

Type	`REGISTRY`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x31a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.34268`
MD5	`279fc6c33b67caa8f23035fa5af1ce08`
SHA1	`72386fab40db9449ef1761b2ff51cce867d71282`
SHA256	`e9dd26725282dcc6c33f76202327f92ca3e672c2a326346914f368836641964e`
SHA3	`0e901d5d2be1d37396f5a7065fe98aacf5d89ebbdc0c40b505b2a4016f3d05f5`

10874

Type	`REGISTRY`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.79248`
MD5	`0faf7d9daad9eaf6481b7bb69bdb26b7`
SHA1	`f487bfff48f35946a8ae9cff98bcc5219e0a6cf4`
SHA256	`07d923e8f7f69e6f36e2226723e8c1abed527b999942669a8eff8c50a0be65f6`
SHA3	`5e8f495602f8c55786615e8d1898609eb7328208ce406dcc9bb8927feb64a60c`

11140

Type	`REGISTRY`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x20d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.29184`
MD5	`ef77d2a8671250d6356489458631fe4d`
SHA1	`f8c7d6fbb30f5c1d395999770242c946e6ff661a`
SHA256	`f5e87f6cc8c7691ab0b1462f93b37d1e9d7e112cfd764b62584af80d594391b8`
SHA3	`6e3b094232d3bc9e9804d637c6da16582484f274242dc9e22855edadd9a7268f`

11670

Type	`REGISTRY`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x29f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.29591`
MD5	`000e0be9cd22a4133953875cf9774490`
SHA1	`043b8d12e9aa1b8db37d87c43f2243e1b920b5d9`
SHA256	`83981cb2fe9f0297490280eceb4f175f00bc15d641c7750439e6cd0ef193c5c7`
SHA3	`6cbbfbe81a11adc5cbffafea5bc21b9885a9f51f71087d5b4b7eabe89686002d`

141

Type	`STYLE_XML`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x5f81`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99286`
MD5	`4cd107c9824c13844d816cf2eb189860`
SHA1	`9382f492329c54b6c1ff440160c987c36df18d1f`
SHA256	`c5e219e022664ce0e06f62e30947a41654b48ef13dfa6890bee723f0b6a711f0`
SHA3	`8bc2a74a515fe0a60fca5a2e4a459c1982b82b230e2d16d0a35cec8ab3157efa`

165

Type	`STYLE_XML`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x3f53`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98735`
MD5	`5058f55eb26f61fcf190524d99fde99b`
SHA1	`4e004149b1829805a447a8f9b1fa4ff6d951ef0d`
SHA256	`81cedfc4d722226f20d394f2fec1d19b8b6485a4bc09b1c706d2d6d980a8e3db`
SHA3	`35804d9b3ee70726a96a3f7d379f95e20012e5d35bd17b919b693f92fae42424`

173

Type	`STYLE_XML`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4230`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98845`
MD5	`710cc830aa6e8ead2de78ae3a1845e41`
SHA1	`acce9989b54f3e28960669fab4a36d893fada288`
SHA256	`7f92c024920b29a6da8e48912ccd493ed9379d9a0270b24b4e5be190da7171d2`
SHA3	`dd8185f016bc15fc7afb8ed951ab52744e74bc01caf95376c88a7264587e52ab`

194

Type	`STYLE_XML`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2f18`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98474`
MD5	`b5275b41537f0a9f6693e504004862ce`
SHA1	`670c4d1e112a7ab94a8510168103e2b6e7ddf8ee`
SHA256	`139471e6c123db315e692f6a844abc62d35ec58fed5d2fee2ffd589a9db5529b`
SHA3	`bb694b107abbff784aa6b2260b6ee39f310aa2f047f86a54bea79ab88c558505`

212

Type	`STYLE_XML`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xbfc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.93154`
MD5	`b0ce5cb1036f3e1d807f55ab3094bac2`
SHA1	`9016d0eba0306932629695593c8a298f191bab78`
SHA256	`516b979810caedaa3d5142bd0a78e0890a73f9efcd6e97144fcc6a55e8379766`
SHA3	`ae4cdc2a09493bef88600204ed12975f6fac789b4edcd3784cc9f6953507ff16`

285

Type	`STYLE_XML`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xa61`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.92531`
MD5	`4fc683fe4ad210c5814aa7da1a8b25f5`
SHA1	`3f9b60e8eec28d1d6b2eed4e00cbfc7fcb9db0d8`
SHA256	`00e4e2c04cefeb0855965fc6ee9cd108753d69038805b3a50bad076b58593441`
SHA3	`80f73ea675bfef733dab14c71a3c6d9a3005f98b84fdad3783a5ce8f18c3ba5e`

353

Type	`STYLE_XML`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2daa`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98402`
MD5	`a7992a071e43560aa002a4bd94dce270`
SHA1	`5766fa14131e92b66459305c03561da5dfb974df`
SHA256	`9bfb5e1631699d3631d65a36a758a763c52f87e1c8260fe4bd5188437b4832ca`
SHA3	`b4a1cf9be4b67fe697978e2d9d5beee00e86e7a822fa4739705f9d2258d769f2`

357

Type	`STYLE_XML`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x510a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98986`
MD5	`068f1dfce1dcde533352f6cbfe02134f`
SHA1	`17c0f4040ab889fa8eebfd85bd7a7cfa5ea24496`
SHA256	`e444f57a472281953625de1ac903e6ac5724889b360dcfeba5a0e92f9daeadc8`
SHA3	`187e7f60075dec5d7a8d81880b35040bf08cb0564a4939061ae114d417f64f68`

404

Type	`STYLE_XML`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x497c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98949`
MD5	`7e4ee24357e1e07c5f416bca5b5620cb`
SHA1	`badbdde36c0f4e6417c3ca72b23634e197ec4b4e`
SHA256	`4a141e45a35d7b420fc5904e163bf4d773ec1a54ad2932d84e70efe1539955de`
SHA3	`9dcda29784dd06a3e0c50d25c406902f220058127df859c1f8fd6e8e24e0b5f9`

522

Type	`STYLE_XML`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2958`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98325`
MD5	`7b5dbeaa8f3b878c8c6ea8703943d97c`
SHA1	`9604288057e7613775c5b365543d656a582300cc`
SHA256	`e0523505d3af1dd65b180fe8398ac5ea80d67b31c35204a7738475e9fe84b6fe`
SHA3	`3ae33e09a85f147473700633353589e75370997e3b31a93f1cfc3468561b200c`

561

Type	`STYLE_XML`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2d89`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98296`
MD5	`25d71c77cd672ba047e760d4d547d952`
SHA1	`86f57c3d367e158a0e6f6c08b0a7881a87ccda6d`
SHA256	`490bd4dc2450790e76aca7b18c676fbcc29c2e81d687369e266febe0a88eb8d4`
SHA3	`46b3fdd2b75a1f44b52c183e94b9ae6819623591f8633336e593a9f34f9cc708`

593

Type	`STYLE_XML`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2066`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.97942`
MD5	`ebdeab04425d513794c14ed9116e14db`
SHA1	`7196426566e420c49cc68d54682213e42b774f15`
SHA256	`16bc08741837b1bb0247e8ac395f61f3b7766f9d17d4464b9e9b28e73f3fee38`
SHA3	`385643c783fea4d407f6cfc46f71c9366325d756cce8d30aa5860d8de74214ac`

704

Type	`STYLE_XML`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2dd5`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98444`
MD5	`347ee408d297b1f08b387c25bd9a90c3`
SHA1	`9832e6da439125cfca7bc33015cac47d2214116e`
SHA256	`77e76222ede07b61ca6d76754a5084b6f1944855443c305c71320b47698b1189`
SHA3	`6eabad239393d49d4c8ff434e1f883b8b8b87fec31f2ae3046538b26678fb5d8`

77

Type	`STYLE_XML`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x3678`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98777`
MD5	`8a5db7fc481c50fea9d5ccaddc5c3216`
SHA1	`27ed4bcee504ff4714f810b0159311e10bfee6d5`
SHA256	`94f7510793f1c693b3c448ec6079b1fbe4efef728797ade180c867c98073b490`
SHA3	`bd23b175ae4ff795e10d07bf295224703bedfbb3473e5fbb739e12541273a1e4`

852

Type	`STYLE_XML`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2c2b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98351`
MD5	`2793b3e31706a069ca56fcd5d9fc73d5`
SHA1	`57a82dca4ed4ac09cd0d940d47c088f09de44b40`
SHA256	`11a1e2a4bce7cc627edc2025753d422e3a3a6eb796ab237e29e8ca267b8f663c`
SHA3	`72368dbc0f0c1403869d6610a7d3c8e59dae7d319e6741336eb20ce45a25ac2d`

854

Type	`STYLE_XML`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x3076`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.9856`
MD5	`a19c25fbb0bca108c62226a63c1e4c3b`
SHA1	`1fd8536d6d2b212fa5dd8931e6c2d60c61000d63`
SHA256	`698e1ff6fd6f2e0fd598428f7aef8e9e834b3ca19b24883a6d447c59195e1a17`
SHA3	`496df9f015f01982a142b76ccbfc83912bfd60029e2333ab1fe02ed8bcaf748f`

876

Type	`STYLE_XML`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2f25`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98205`
MD5	`c9ba0430a42f634f496b7ea8fa744edb`
SHA1	`95bc05c5b43e0802370afad8a131884cc1aa6e8f`
SHA256	`43b5d3631eb78af6500b5373a9598d6a1cac5c571603c6dcd3c290752fa643a5`
SHA3	`ab46bbb3942d1c1050ee66064aa67388d2fad8b6637a841810b4c76fadab19fd`

890

Type	`STYLE_XML`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x3398`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98526`
MD5	`c6b7e0fd54e52081d0f659e72105217d`
SHA1	`b2fdadf43fac6fc3bd02419a0d194e18f1700c9d`
SHA256	`4f6693f369ddf118aec77b6f18a2f8091905c3db0a58e53089bb9f3c8941bb79`
SHA3	`600c6e3704cf8fc170926a16b1b9306e6e62a3444a3b1a3cdf1d77ba3e045371`

90

Type	`STYLE_XML`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1031`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.95632`
MD5	`0b6c4e65fcc99c1be27e916acd69c9bf`
SHA1	`3739e409f5d1792992121046c77c564a30c00c08`
SHA256	`b905557766dfffb75938120d584361aa660ad1da4ebf4b2ba2cb00c0583bc336`
SHA3	`e9966250b7051427c7e557942094ed8bd8ceba9ba5895b57b3618c16e8e0e536`

1298

Type	`RT_CURSOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.40163`
MD5	`9f8bed0e96d3a3f70f98386a4e1a52f7`
SHA1	`6818ba2b5256229158d2e2ab68d6200b38647037`
SHA256	`82d14b20a8d9635d59f1432a9a220864bf429cfbd888c5256377e4a2b710bd3e`
SHA3	`57d41639cb36de10f25c9acd33e187884376a6164f2ad45bc77b429199ec7e0e`

2306

Type	`RT_CURSOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.51649`
MD5	`9936fbf67a1d9f755c37852015d09527`
SHA1	`426016ba6a10cc2634ab7357e4223793c51aa304`
SHA256	`368f9cb089d206a8b61251f0c85eeda97ee08a56b33be8579246e964d3af6169`
SHA3	`6bdb1e7d667efe7812e162384a6341edec73311ee7dfcb122adf0cc0f08e7a8f`

4968

Type	`RT_CURSOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.81313`
MD5	`858a63dc597812b0885e8a8f9689227c`
SHA1	`0a816cd0e6f10038f43bde278eb613f1c7281b33`
SHA256	`2bf742d2beb4c56dd6eb68347dd8ee28da85bed9e6d165b36c6edb91da01d5d6`
SHA3	`6974d714fd124f0de87b6f088039e52bcf3123b5e6ae24c7c61864b70b894963`

7529

Type	`RT_CURSOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.6949`
MD5	`f321ad13d1c3f35a05d67773b4bc27d6`
SHA1	`30aded8525417e2531d5eb88bf2f868172945baa`
SHA256	`99676c52310db365580965ea646ece86c62951bfd97ec0aae9f738a202a90593`
SHA3	`04c839da98a8c50a36697076af5bc6d527560a69153b2f718f065908fd4fe3ad`

8122

Type	`RT_CURSOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.31114`
MD5	`49ca9d25ceb458297ddf84fff64c8d55`
SHA1	`fbd6d992b7e2a59c9e24372ea8d30a5dcdbd46f9`
SHA256	`f9c81ce9b4176b305c554a15f0ca2b98b11be76c1f13ef22169999aa07e9612f`
SHA3	`03f7002b636940864ef7d399ba60fb8de3f455da32f311ee39cdf6602c5d348b`

8988

Type	`RT_CURSOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.56318`
MD5	`9929115b21c2c59348058d4190392e75`
SHA1	`626fba1825d572ea441d36363307c9935de3c565`
SHA256	`9d9edf87ca203ecc60b246cc783d54218dd0ce77d3a025d0bafc580995a4abd8`
SHA3	`fea156e872544252c625076a6bf3baa733ee5b3d5399716e156734af7a841369`

11501

Type	`RT_CURSOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.40163`
MD5	`9f8bed0e96d3a3f70f98386a4e1a52f7`
SHA1	`6818ba2b5256229158d2e2ab68d6200b38647037`
SHA256	`82d14b20a8d9635d59f1432a9a220864bf429cfbd888c5256377e4a2b710bd3e`
SHA3	`57d41639cb36de10f25c9acd33e187884376a6164f2ad45bc77b429199ec7e0e`

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1703`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.89024`
Detected Filetype	PNG graphic file
MD5	`bb0baabee2014449f3deb6a6516e7b71`
SHA1	`500a21bc0b723c1e86a597ed898576b8d1451a0b`
SHA256	`2e9aa0e196405874fcfcf04fc471df069baeb5abbca90142f8ce7e7f7b324b9e`
SHA3	`a2689dcf1cb5480d89fc859dc4f8814c43aa50c26528b0ff0e46d62eab2366de`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.40777`
MD5	`4cceb8116a32697413cc027c0ad7c799`
SHA1	`591e589dc7e5da3a8cb556c1b077ac91f26524a7`
SHA256	`edd855bfae7a79033c34001346e1f0b865298c5f78ba69eec954d14c4c8e03cd`
SHA3	`eb623191b44b1536f50b8057ff6f02ea87801398ebf86277e4d58f6000e708ee`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.86253`
MD5	`dfd91dfd14f978b440adb5f2011c1b31`
SHA1	`24a175001c21d0edba32457b69b470903f7545ce`
SHA256	`5885a9b445d502f8bbd85d30cf612c82b240c9808779557621795d7d3c18b042`
SHA3	`e4eb8340211dbe33db948c360e807a0c666225be569d368b836071266795e2bb`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.1435`
MD5	`944a6424bbd20257fbe564a32a1c6cea`
SHA1	`100c25a522b8b8e41e89ad20dc04223701f833f7`
SHA256	`a7aee2b11dccb0b5156da74c8736ef7ddc3c35bf6c90ee97b6274e9bf26ef4b0`
SHA3	`eb7e9b44994d38726f8f6fb471b25ebeafae224d962cbf5499582f5c95666b5f`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2868`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.46283`
MD5	`c95f3ac033dc6c56b38ebba452e23f7c`
SHA1	`bf59998223479ac7237217cd11d5f1fa885ea372`
SHA256	`417c002b2dff6ec2dcf6771afae4015a4f706090cd4a8bd937c56990e03933c3`
SHA3	`f0fb01040592cf72f912d64a6ef066fceca17c15281edc1670eab6384e7f42df`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.76242`
MD5	`3e13d116c6064172a50e369e96b7864f`
SHA1	`be3ba8a68781de06455cc446bda1f969f5620ccc`
SHA256	`6d58acce2542aad4be9c5b4d549a81294ec5219545c137ee10d109f0deaa77ae`
SHA3	`ce80af8a827506c48290a26c7a07683d2f75ed6c06d1aa8aa656bbaed834d9cd`

696

Type	`RT_ACCELERATOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1d8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.76331`
MD5	`2f4983aa03b6dc1700b8c3072e27e67c`
SHA1	`b8c4241f08a6f794936796e7a3d4e2672a3b4872`
SHA256	`30a5ac13ed48f1a13c3e9e065524891ca1c888adbb1295bfeed3182d42a9e025`
SHA3	`b93b694c09f4404b7da990057e3d9a5753cd2b68887be94243a71693431c05a8`

3212

Type	`RT_ACCELERATOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.375`
MD5	`8449eb8f1bf1896b96b401d5e68cfef9`
SHA1	`8526ee10447eb28bac9d17cdc89edde4ecbcb890`
SHA256	`b37d3726ea58f54a8f511756e2573d2c1912d693ef04250bc88ded00dfad0b84`
SHA3	`8fefb64692241d04fb5848bd2225d8f49a3fcd2b19eeeb1723ef4796bad9613a`

3329

Type	`RT_ACCELERATOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2`
MD5	`d98a0e6ab6db2e745ba8cf1ae0f0f134`
SHA1	`e4b148aa62fa73e97f4a21b4cc36587253f81eee`
SHA256	`3b1eee02f7778a82e5350f0f41240f9221af36f7ce5a915b5c1a3b686f3dd7b1`
SHA3	`286539c00600cf897b86f675acf803772c248d8902bdcfab33daed49c09b3b9d`

4519

Type	`RT_ACCELERATOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x18`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.18432`
MD5	`59234155b156d66fea9d83c8a6e73f61`
SHA1	`30c7284c38084198b70d9de87bd937d39e3fdeec`
SHA256	`ee48922b209123c07ce4f4b41e44e75a9f45c4cea136e2f2b33d3b190861c785`
SHA3	`79830d58204197303ee4f567cdf1174f2a8be4538638edcd04b7910f50ca4ce1`

6654

Type	`RT_ACCELERATOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.54879`
MD5	`051334b2e1f6a2be6f87f733052a599d`
SHA1	`9b8d6c732c83118d491517264910f65a06a2d9ed`
SHA256	`8be044373857d0abcf3c171b27d6112601de96b538d4ebc8c812e47aca732ee3`
SHA3	`b640a8a899adb2d12aceb3972970017255b96fd163cae964ff82e9f6804b40d0`

8053

Type	`RT_ACCELERATOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x98`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.0832`
MD5	`e10b7272c7e315c9f73a45b5d5bae390`
SHA1	`90635ba8ce5270a16cbaa3604876e6e53e8e96e1`
SHA256	`21cb7b1a551ec0b2d73cb647e947873c3e231fff31f01c426275da4e86a68476`
SHA3	`96cfd04f0b64674497b86c5f449872dfed583428db710cf9a03796cffa60e967`

9845

Type	`RT_ACCELERATOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x18`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.51103`
MD5	`374324bd0355d44976ad1442b68eda4b`
SHA1	`590750cf83baf8e87adaf3c9d023eafd697541ee`
SHA256	`97ca7c06c5254d19e11f2cfecc005f8096eb3393f77105bed290019cbedcab55`
SHA3	`baa6e8722259a848e60d5ca0aa409d0306cb7345cd25b4783892c5a39949c40a`

10210

Type	`RT_ACCELERATOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x18`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.18432`
MD5	`59234155b156d66fea9d83c8a6e73f61`
SHA1	`30c7284c38084198b70d9de87bd937d39e3fdeec`
SHA256	`ee48922b209123c07ce4f4b41e44e75a9f45c4cea136e2f2b33d3b190861c785`
SHA3	`79830d58204197303ee4f567cdf1174f2a8be4538638edcd04b7910f50ca4ce1`

11315

Type	`RT_ACCELERATOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.79879`
MD5	`3d2b1af3424dbcd504f73918619c7d99`
SHA1	`10d6ed54ea742211a14a05414883f6c00c03080a`
SHA256	`c2f0c188d6c493d7827bf83fb89c704815796445a0178bb2ae79658d96703a3c`
SHA3	`b8c5f28d2c132e5bc304e4dc1b314a3f32a2e48675c06828a2a8a014ea05e7fb`

VT_MOVESE

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.46096`
Detected Filetype	Cursor file
MD5	`8c80e48ccd75e1ae2cf33e68c9dc204b`
SHA1	`24d910da92a3681b9568eab8276855fd08bc3cc5`
SHA256	`71a3c8ce753daa298543fde053aa45d6e4725cdd475577842089722664ee0cb0`
SHA3	`74dfb4af946b4ac3eafde101e153816e3e0406ee434e36945957d67055acc3bc`

2244

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.25451`
Detected Filetype	Cursor file
MD5	`e391948f8cb85454194df7a7e5468d77`
SHA1	`3a6f8849ef60e46f951354a1887a81e3e2377834`
SHA256	`e6fc8368a8c704f1a924feb04a717084f5a583851417800117892804c4b8afb3`
SHA3	`9d225ec24505a7b2a482ff24b3b5af9962591f1c158044039f907b427d37442b`

7825

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`b17264d20faaa8ae0bcfffd2a28b5821`
SHA1	`cc3a0c683d3a70e81de9bd8dca7c7da25df1ec9a`
SHA256	`04fe4c49379fb61d65560745031cf797d5234fbc2886e1ee5245141e3f71cdba`
SHA3	`b9748f87bc9a8bad6f25bd2088709ce4bf07c044674cd302e3cc76e3bc878a83`

9262

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`690a20e696fc4e33ffb377a8ef54fb97`
SHA1	`972159605fa069921dbdee9b7a35879e6f1928a6`
SHA256	`6c2ef97bca5cdc6aa6de65b1f1ae8328bcb3494a16025eee870231d991e2cd56`
SHA3	`fd9d56519b5bf976a4ae748fe0c51dcd47ac27ce6a7c271fa2bbb3e00f473b22`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.78661`
Detected Filetype	Icon file
MD5	`7df02443c2644e5dade6a34ba93c81f1`
SHA1	`9cb28c22cbdf66d09064c55e268be9152491fb25`
SHA256	`9e4c4d016c5793b49bfdc1204ae56eab1af797c95045824421b90dd50dfb0cee`
SHA3	`89daa1a7b9ab3a95c00ead79f3326342c4ae1673e37e04a65535411d296455bd`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x38c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.51553`
MD5	`ace056c27fa972e598d2c9b9ac970dfd`
SHA1	`164f28d5de1618c9d81cec44646fcb8553420346`
SHA256	`c80d09965d623c0ea04513378aea7a51e704dc888ee5c4ef573d246464b4f767`
SHA3	`501216fcde38e0f6270b60231ab076ab7ac779015234d32c2f8011f3f0b6057f`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2e1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.05843`
MD5	`73405b30abf67047784c1a1f61a5f7c0`
SHA1	`5b9144d009dd4debf54ffa412e4655248848003a`
SHA256	`35a66c02f507cc071b58bccde39e473583f432d132503f49963cbb5fdbcffa06`
SHA3	`77fb006a017896a9deff9bfd3c8d1a8dffbd5585b110bf041f2a2be66d8ca321`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	7.4.2.789
ProductVersion	7.4.2.789
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	PGWARE LLC
FileDescription	Typographic Prayer
Languages	English
InternalName	Worker Acyclic
LegalCopyright	(C) 2007-2015
FileVersion (#2)	7.4.2.789
PrivateBuild	7.4.2.789
OriginalFilename	Worker Acyclic.exe
ProductName	Worker Acyclic
LegalTrademarks	(C) 2007-2015
ProductVersion (#2)	7.4.2.789

Resource LangID	English - United States

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x4cf5d0`
SEHandlerTable	`0x4c3d50`
SEHandlerCount	`182`

RICH Header

XOR Key	`0x6edbae4c`
Unmarked objects	`0`
199 (41118)	`1`
ASM objects (VS2013 build 21005)	`56`
C++ objects (VS2013 build 21005)	`78`
C objects (VS2013 build 21005)	`227`
Imports (65501)	`41`
Total imports	`366`
C objects (VS2013 UPD5 build 40629)	`38`
C++ objects (VS2013 UPD5 build 40629)	`14`
Resource objects (VS2013 build 21005)	`1`
151	`1`
Linker (VS2013 UPD5 build 40629)	`1`

Errors

[!] Error: Could not locate RT_ICON with ID 24!
[*] Warning: Resource 0 is empty!
[!] Error: Could not locate RT_ICON with ID 37!
[*] Warning: Resource 2244 is empty!
[!] Error: Could not locate RT_ICON with ID 27!
[*] Warning: Resource 7825 is empty!
[!] Error: Could not locate RT_ICON with ID 22!
[*] Warning: Resource 9262 is empty!