Manalyze report for 901d893f665c6f9741aa940e5f275952

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2018-Aug-07 14:31:20
Detected languages	English - United States Russian - Russia
Debug artifacts	G:\Doc\My work (C++)\_New 2018\Encryption\Release\encrypt.pdb

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ v6.0 DLL` `Microsoft Visual C++ 6.0 - 8.0` `MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: CurrentVersion\Run`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW LoadLibraryA LoadLibraryW` `Functions which can be used for anti-debugging purposes: SwitchToThread CreateToolhelp32Snapshot` `Code injection capabilities (atom bombing): QueueUserAPC GlobalAddAtomW GlobalGetAtomNameW` `Can access the registry: RegQueryValueExA RegCloseKey RegEnumKeyExW RegEnumValueW RegQueryValueW RegEnumKeyW RegDeleteKeyW RegCreateKeyExW RegQueryValueExW RegSetValueExW RegDeleteValueW RegOpenKeyExW` `Possibly launches other programs: CreateProcessA CreateProcessW ShellExecuteW` `Can create temporary files: CreateFileW CreateFileA GetTempPathW` `Uses functions commonly found in keyloggers: MapVirtualKeyW GetForegroundWindow GetAsyncKeyState CallNextHookEx` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Leverages the raw socket API to access the Internet: #112 #6 #7 #4 #2 #1 #8 freeaddrinfo getaddrinfo #111 #21 WSASocketW WSASend WSARecv #13 #18 #10 #3 #151 #116 #115 WSAIoctl` `Interacts with services: DeleteService QueryServiceStatusEx QueryServiceStatus ControlService OpenServiceW OpenSCManagerW` `Enumerates local disk drives: GetDriveTypeA GetVolumeInformationW` `Manipulates other processes: OpenProcess Process32FirstW Process32NextW EnumProcesses EnumProcessModules` `Can take screenshots: GetDC CreateCompatibleDC BitBlt`
Malicious	VirusTotal score: 45/66 (Scanned on 2018-08-16 04:08:33)	`MicroWorld-eScan: Trojan.GenericKD.31166491` `CAT-QuickHeal: Trojan.IGENERIC` `McAfee: Artemis!901D893F665C` `Cylance: Unsafe` `BitDefender: Trojan.GenericKD.31166491` `K7GW: Trojan ( 0053a0921 )` `K7AntiVirus: Trojan ( 0053a0921 )` `Arcabit: Trojan.Generic.D1DB901B` `TrendMicro: Ransom_ENCODER.THHADAH` `Symantec: Trojan.Gen.2` `ESET-NOD32: Win32/Filecoder.NRR` `TrendMicro-HouseCall: Ransom_ENCODER.THHADAH` `Paloalto: generic.ml` `ClamAV: Win.Trojan.Agent-6644902-0` `Kaspersky: Trojan-Ransom.Win32.Encoder.n` `Avast: Win32:Trojan-gen` `Tencent: Win32.Trojan.Encoder.Hoxx` `Ad-Aware: Trojan.GenericKD.31166491` `Emsisoft: Trojan.GenericKD.31166491 (B)` `Comodo: .UnclassifiedMalware` `F-Secure: Trojan.GenericKD.31166491` `Invincea: heuristic` `McAfee-GW-Edition: BehavesLike.Win32.BadFile.vh` `Sophos: Mal/Ransom-FS` `Cyren: W32/Trojan.YATI-8672` `Jiangmin: Trojan.Encoder.a` `Webroot: W32.Ransom.Gen` `Avira: TR/FileCoder.pfzxh` `Antiy-AVL: Trojan[Ransom]/Win32.Encoder` `Endgame: malicious (moderate confidence)` `Microsoft: Trojan:Win32/Occamy.C` `ZoneAlarm: Trojan-Ransom.Win32.Encoder.n` `GData: Trojan.GenericKD.31166491` `TACHYON: Ransom/W32.Encoder.2958848` `AhnLab-V3: Trojan/Win32.Ransom.R233970` `ALYac: Trojan.Ransom.Filecoder` `MAX: malware (ai score=100)` `Malwarebytes: Ransom.KeyPass` `Rising: Ransom.FileCryptor!8.1A7 (CLOUD)` `Ikarus: Trojan-Ransom.KeyPass` `Fortinet: W32/Filecoder.NRR!tr` `AVG: Win32:Trojan-gen` `Panda: Trj/GdSda.A` `CrowdStrike: malicious_confidence_100% (W)` `Qihoo-360: Win32/Trojan.Ransom.873`

Hashes

MD5	`901d893f665c6f9741aa940e5f275952`
SHA1	`3b5369c0aeffe5c0d0b164a3d90ec245b093674d`
SHA256	`ee74c63faa2eb9709b1d738762e28072aece2e7b9eeffc5913eb6a5fd1564752`
SHA3	`35d7ed1a78825f754068746a0cb282912a8b2ff207a56809f9336d94a1a6152d`
SSDeep	`49152:0u1ImfQE5L1PtWHeHoQAOs1dKvHHg/o2S1pj798JGKCO8C/eZkwCr:dzV5JPtWHeHoIs1dGHHx2S1998JGKCO`
Imports Hash	`02e4a66b602d72c2856a9c47fb7b3053`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2018-Aug-07 14:31:20
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`12.0`
SizeOfCode	`0x1fc200`
SizeOfInitializedData	`0xdf200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00162227 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x1fe000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x2df000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`3bdac384d13d04bbd6a626086e003ded`
SHA1	`a51ab074d11a987c40f9fcd08095fddc79ded1b9`
SHA256	`4c86e5544f2a5ff090bfad0b465c1b8fe7bbd0c78a8edef91802d467dfbd6e8c`
SHA3	`b2fb9da52fabd9702a01bc8192a376ab2d0a6ced20d71cbe41161a44a1bb3ff4`
VirtualSize	`0x1fc1e1`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1fc200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.62579`

.rdata

MD5	`cbc662aeed596ee8df5a2380f9f74e88`
SHA1	`bce151d7049cd20da86d0d7e6e48d91056777538`
SHA256	`891a1679bd8e0226b03f358e9d70b18802909dc9ac243685a542210de40158bd`
SHA3	`bef3ae0403e215f959abcf317a2a8fc89d431cb825162983fbff2f2663a50994`
VirtualSize	`0x775be`
VirtualAddress	`0x1fe000`
SizeOfRawData	`0x77600`
PointerToRawData	`0x1fc600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.11154`

.data

MD5	`b53d5cbd6d9624ae95e1712c09fed007`
SHA1	`2383464bd5c0a343e6e76c06ba964ae558957da5`
SHA256	`7ff6f5136f5fef79de6cd215cb51afc6ed7373adbadd266daffc128042210899`
SHA3	`6df4c181efca5e1962a4a63e2faff2b063a9ecb614ef3c2aeb80c2ce2a26c126`
VirtualSize	`0x1562c`
VirtualAddress	`0x276000`
SizeOfRawData	`0xc600`
PointerToRawData	`0x273c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.98387`

.rsrc

MD5	`864d32796c4643b9cbb4abc3c394b330`
SHA1	`568ba01017bcda50933abc84ed644552af9a972e`
SHA256	`c3b720e075bd793862dadc9b2b06d86f88a051ba39f12feae767af2fc4511d2b`
SHA3	`c6d35b90cefed2ceff626765bcb1f3530d61064659108bcf08ee3f2310d37834`
VirtualSize	`0x2b360`
VirtualAddress	`0x28c000`
SizeOfRawData	`0x2b400`
PointerToRawData	`0x280200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.51266`

.reloc

MD5	`edd1774b1efef6829923c435c9a84a82`
SHA1	`89f8341ac97568e651854564962c768dca343c60`
SHA256	`98f7e83590f780b327b65e3a593bb096541c1f47413ddf444dc01336dcd4a609`
SHA3	`05025eb7370630f45da7248e703c6bf75253ba6db40283cb4854448828afc139`
VirtualSize	`0x26e14`
VirtualAddress	`0x2b8000`
SizeOfRawData	`0x27000`
PointerToRawData	`0x2ab600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.50309`

Imports

KERNEL32.dll	`VirtualQuery` `SetStdHandle` `GetFileType` `GetStdHandle` `GetStartupInfoW` `QueryPerformanceCounter` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `CreateSemaphoreW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetStringTypeW` `GetConsoleCP` `GetConsoleMode` `SetFilePointerEx` `GetTimeZoneInformation` `ReadConsoleW` `OutputDebugStringW` `GetDateFormatW` `LCMapStringW` `IsValidLocale` `EnumSystemLocalesW` `WriteConsoleW` `SetEnvironmentVariableA` `OpenProcess` `GetSystemInfo` `UnregisterWaitEx` `QueryDepthSList` `InterlockedFlushSList` `InterlockedPushEntrySList` `InterlockedPopEntrySList` `InitializeSListHead` `ReleaseSemaphore` `FreeLibraryAndExitThread` `UnregisterWait` `RegisterWaitForSingleObject` `SetThreadAffinityMask` `GetProcessAffinityMask` `GetNumaHighestNodeNumber` `DeleteTimerQueueTimer` `ChangeTimerQueueTimer` `CreateTimerQueueTimer` `GetLogicalProcessorInformation` `GetThreadPriority` `SwitchToThread` `SignalObjectAndWait` `WaitForSingleObjectEx` `CreateTimerQueue` `FormatMessageA` `GetThreadTimes` `HeapQueryInformation` `IsProcessorFeaturePresent` `CloseHandle` `IsDebuggerPresent` `GetModuleFileNameW` `GetModuleHandleW` `Sleep` `SizeofResource` `LockResource` `LoadResource` `FindResourceW` `GlobalFree` `GetCurrentProcess` `GlobalAlloc` `GetLastError` `GetTickCount` `CreateToolhelp32Snapshot` `Process32FirstW` `Process32NextW` `CreateFileW` `GetFileSize` `MoveFileW` `VirtualAlloc` `SetFilePointer` `ReadFile` `WriteFile` `VirtualFree` `FindFirstFileW` `FindNextFileW` `GetLogicalDrives` `SetErrorMode` `GetDriveTypeA` `GetTimeFormatW` `TerminateProcess` `GetModuleFileNameA` `GetEnvironmentVariableA` `DeleteFileA` `CreateFileA` `FlushFileBuffers` `SetLastError` `CreateProcessA` `WideCharToMultiByte` `MultiByteToWideChar` `FormatMessageW` `LocalAlloc` `lstrlenW` `LocalSize` `lstrcpynW` `LocalFree` `GetTempPathW` `DeleteFileW` `CopyFileW` `WaitForSingleObject` `GetExitCodeProcess` `CreateProcessW` `CreateThread` `GetComputerNameW` `SetEvent` `HeapReAlloc` `HeapAlloc` `HeapFree` `GetProcessHeap` `InitializeCriticalSectionAndSpinCount` `LeaveCriticalSection` `RaiseException` `HeapSize` `EnterCriticalSection` `DecodePointer` `DeleteCriticalSection` `TlsAlloc` `InterlockedIncrement` `InterlockedExchange` `InterlockedDecrement` `InterlockedExchangeAdd` `WaitForMultipleObjects` `TerminateThread` `QueueUserAPC` `CreateEventW` `SleepEx` `PostQueuedCompletionStatus` `CreateIoCompletionPort` `SetWaitableTimer` `GetQueuedCompletionStatus` `InterlockedCompareExchange` `VerSetConditionMask` `VerifyVersionInfoW` `CreateWaitableTimerW` `GetSystemTimeAsFileTime` `TlsGetValue` `TlsSetValue` `TlsFree` `GlobalSize` `GlobalLock` `GlobalUnlock` `MulDiv` `OutputDebugStringA` `EncodePointer` `GetCurrentThreadId` `GetSystemDirectoryW` `FreeLibrary` `FreeResource` `GetModuleHandleA` `GetProcAddress` `LoadLibraryExW` `GlobalDeleteAtom` `lstrcmpW` `LoadLibraryA` `LoadLibraryW` `GlobalAddAtomW` `GlobalFindAtomW` `GetCurrentProcessId` `GetCurrentThread` `GetVersionExW` `lstrcmpA` `lstrcpyW` `SetThreadPriority` `ResumeThread` `GetPrivateProfileIntW` `GetPrivateProfileStringW` `WritePrivateProfileStringW` `GlobalGetAtomNameW` `FileTimeToSystemTime` `GetThreadLocale` `InitializeCriticalSection` `GlobalReAlloc` `GlobalHandle` `LocalReAlloc` `CompareStringW` `GetLocaleInfoW` `GetSystemDefaultUILanguage` `GetUserDefaultUILanguage` `GlobalFlags` `GetCurrentDirectoryW` `GetFileAttributesW` `FindClose` `GetFullPathNameW` `GetVolumeInformationW` `LockFile` `SetEndOfFile` `UnlockFile` `DuplicateHandle` `lstrcmpiW` `GetStringTypeExW` `GetTempFileNameW` `GetWindowsDirectoryW` `SearchPathW` `GetProfileIntW` `FileTimeToLocalFileTime` `GetFileAttributesExW` `GetFileSizeEx` `GetFileTime` `VirtualProtect` `FindResourceExW` `GetUserDefaultLCID` `GetCPInfo` `ExitThread` `RtlUnwind` `ExitProcess` `GetModuleHandleExW` `AreFileApisANSI` `GetCommandLineW`
USER32.dll	`SetRectEmpty` `SetLayeredWindowAttributes` `LoadCursorW` `SetCursor` `ShowOwnedPopups` `TranslateMessage` `GetMessageW` `MapVirtualKeyW` `GetKeyNameTextW` `DrawIconEx` `IsRectEmpty` `OffsetRect` `InflateRect` `DrawFocusRect` `GetSysColorBrush` `SetWindowRgn` `GetSystemMetrics` `DrawFrameControl` `DrawEdge` `MapDialogRect` `SetWindowContextHelpId` `PostQuitMessage` `SendDlgItemMessageA` `GetCursorPos` `ClientToScreen` `EndPaint` `BeginPaint` `ReleaseDC` `GetWindowDC` `GetDC` `TabbedTextOutW` `GrayStringW` `DrawTextExW` `DrawTextW` `GetWindowThreadProcessId` `GetDesktopWindow` `GetActiveWindow` `GetNextDlgTabItem` `EndDialog` `CreateDialogIndirectParamW` `LoadMenuW` `SetMenuItemInfoW` `GetMenuCheckMarkDimensions` `SetMenuItemBitmaps` `EnableMenuItem` `CheckMenuItem` `IsDialogMessageW` `SetWindowTextW` `IsWindowEnabled` `CheckDlgButton` `MoveWindow` `GetMonitorInfoW` `MonitorFromWindow` `SystemParametersInfoW` `GetScrollInfo` `SetScrollInfo` `LoadIconW` `GetWindow` `GetLastActivePopup` `GetTopWindow` `GetParent` `GetClassLongW` `SetWindowLongW` `GetWindowLongW` `PtInRect` `EqualRect` `CopyRect` `GetSysColor` `MapWindowPoints` `InvalidateRgn` `AdjustWindowRectEx` `GetWindowTextLengthW` `GetWindowTextW` `MonitorFromPoint` `GetPropW` `SetPropW` `ShowScrollBar` `GetScrollRange` `SetRect` `GetNextDlgGroupItem` `SetParent` `SendMessageW` `PeekMessageW` `LoadStringW` `DispatchMessageW` `SetScrollRange` `GetScrollPos` `SetScrollPos` `ScrollWindow` `RedrawWindow` `ValidateRect` `GetForegroundWindow` `SetActiveWindow` `TrackPopupMenu` `SetMenu` `GetMenu` `GetCapture` `GetKeyState` `GetFocus` `SetFocus` `GetDlgCtrlID` `GetDlgItem` `EndDeferWindowPos` `DeferWindowPos` `BeginDeferWindowPos` `SetWindowPlacement` `GetWindowPlacement` `SetWindowPos` `DestroyWindow` `IsChild` `CreateWindowExW` `GetClassInfoExW` `EnumDisplayMonitors` `DestroyMenu` `GetMenuItemInfoW` `CopyImage` `RealChildWindowFromPoint` `IntersectRect` `TrackMouseEvent` `IsIconic` `IsZoomed` `CharUpperW` `GetAsyncKeyState` `SetCapture` `ReleaseCapture` `KillTimer` `GetSystemMenu` `GetClassInfoW` `RegisterClassW` `DeleteMenu` `MessageBeep` `WindowFromPoint` `NotifyWinEvent` `CreatePopupMenu` `GetMenuDefaultItem` `SetMenuDefaultItem` `IsMenu` `UpdateLayeredWindow` `EnableScrollBar` `WinHelpW` `UnionRect` `LoadAcceleratorsW` `MessageBoxW` `EnableWindow` `SetWindowsHookExW` `UnhookWindowsHookEx` `PostThreadMessageW` `IsWindowVisible` `ShowWindow` `SetForegroundWindow` `CallNextHookEx` `GetWindowRect` `GetClientRect` `UpdateWindow` `SetTimer` `IsWindow` `UnregisterClassW` `GetMenuStringW` `GetMenuState` `GetSubMenu` `GetMenuItemID` `GetMenuItemCount` `InsertMenuW` `AppendMenuW` `RemoveMenu` `DrawStateW` `InvalidateRect` `FillRect` `GetClassNameW` `LoadBitmapW` `RegisterWindowMessageW` `GetMessagePos` `GetMessageTime` `PostMessageW` `DefWindowProcW` `CallWindowProcW` `OpenClipboard` `CloseClipboard` `SetClipboardData` `EmptyClipboard` `WaitMessage` `CharNextW` `RemovePropW` `CopyAcceleratorTableW` `DestroyIcon` `LoadImageW` `SetCursorPos` `BringWindowToTop` `LockWindowUpdate` `GetDoubleClickTime` `GetIconInfo` `CopyIcon` `ModifyMenuW` `DestroyAcceleratorTable` `SetClassLongW` `GetUpdateRect` `ToUnicodeEx` `GetKeyboardLayout` `GetKeyboardState` `DrawIcon` `GetWindowRgn` `DestroyCursor` `CreateMenu` `GetComboBoxInfo` `TranslateMDISysAccel` `DefMDIChildProcW` `DefFrameProcW` `DrawMenuBar` `MapVirtualKeyExW` `IsCharLowerW` `IsClipboardFormatAvailable` `SubtractRect` `InvertRect` `HideCaret` `FrameRect` `ReuseDDElParam` `UnpackDDElParam` `InsertMenuItemW` `TranslateAcceleratorW` `CharUpperBuffW` `RegisterClipboardFormatW` `CreateAcceleratorTableW` `ScreenToClient`
GDI32.dll	`GetTextFaceW` `SetPixelV` `GetWindowOrgEx` `LPtoDP` `GetViewportOrgEx` `PtInRegion` `GetBoundsRect` `FrameRgn` `FillRgn` `EnumFontFamiliesExW` `SetPaletteEntries` `ExtFloodFill` `GetSystemPaletteEntries` `GetNearestPaletteIndex` `GetPaletteEntries` `CreatePalette` `RoundRect` `OffsetRgn` `Rectangle` `SetDIBColorTable` `StretchBlt` `SetPixel` `RealizePalette` `GetRgnBox` `CreateDIBSection` `CreateRoundRectRgn` `DPtoLP` `SetRectRgn` `GetMapMode` `GetTextCharsetInfo` `EnumFontFamiliesW` `CreateFontIndirectW` `CreateDIBitmap` `CreateCompatibleBitmap` `GetTextMetricsW` `Polyline` `Polygon` `CreatePolygonRgn` `PatBlt` `GetTextExtentPoint32W` `GetTextColor` `GetBkColor` `Ellipse` `CreateRectRgnIndirect` `CreateEllipticRgn` `CombineRgn` `ScaleWindowExtEx` `ScaleViewportExtEx` `OffsetWindowOrgEx` `OffsetViewportOrgEx` `SetWindowOrgEx` `SetWindowExtEx` `SetViewportOrgEx` `SetViewportExtEx` `ExtTextOutW` `TextOutW` `MoveToEx` `SetTextAlign` `SetROP2` `SetPolyFillMode` `GetLayout` `SetLayout` `SetMapMode` `SetBkMode` `SelectPalette` `SelectObject` `ExtSelectClipRgn` `SelectClipRgn` `SaveDC` `RestoreDC` `RectVisible` `PtVisible` `LineTo` `IntersectClipRect` `GetWindowExtEx` `GetViewportExtEx` `GetPixel` `GetObjectType` `GetClipBox` `ExcludeClipRect` `Escape` `CreateRectRgn` `CreatePatternBrush` `CreatePen` `CreateHatchBrush` `CreateCompatibleDC` `BitBlt` `CreateBitmap` `SetTextColor` `SetBkColor` `GetObjectW` `GetStockObject` `DeleteObject` `CreateSolidBrush` `GetDeviceCaps` `CreateDCW` `CopyMetaFileW` `DeleteDC`
MSIMG32.dll	`TransparentBlt` `AlphaBlend`
WINSPOOL.DRV	`ClosePrinter` `DocumentPropertiesW` `OpenPrinterW`
ADVAPI32.dll	`RegQueryValueExA` `RegCloseKey` `RegEnumKeyExW` `RegEnumValueW` `RegQueryValueW` `RegEnumKeyW` `RegDeleteKeyW` `RegCreateKeyExW` `RegQueryValueExW` `DeleteService` `QueryServiceStatusEx` `CloseServiceHandle` `QueryServiceStatus` `ControlService` `OpenServiceW` `OpenSCManagerW` `RegSetValueExW` `RegDeleteValueW` `RegOpenKeyExW`
SHELL32.dll	`DragQueryFileW` `SHGetFolderPathW` `ShellExecuteExW` `ShellExecuteW` `SHGetMalloc` `SHGetPathFromIDListW` `SHGetSpecialFolderLocation` `SHBrowseForFolderW` `SHGetDesktopFolder` `SHAppBarMessage` `DragFinish` `CommandLineToArgvW` `SHGetFileInfoW`
COMCTL32.dll	`InitCommonControlsEx`
SHLWAPI.dll	`PathFindFileNameW` `PathAppendW` `PathFileExistsW` `PathFindExtensionW` `PathFileExistsA` `StrTrimW` `PathRemoveFileSpecW` `PathIsUNCW` `PathStripToRootW` `StrFormatKBSizeW`
UxTheme.dll	`IsAppThemed` `OpenThemeData` `CloseThemeData` `DrawThemeBackground` `GetThemeColor` `GetCurrentThemeName` `DrawThemeParentBackground` `DrawThemeText` `GetThemePartSize` `IsThemeBackgroundPartiallyTransparent` `GetThemeSysColor` `GetWindowTheme`
ole32.dll	`OleGetClipboard` `OleUninitialize` `OleInitialize` `CoFreeUnusedLibraries` `DoDragDrop` `OleIsCurrentClipboard` `CoLockObjectExternal` `RegisterDragDrop` `RevokeDragDrop` `OleLockRunning` `CoInitializeEx` `OleCreateMenuDescriptor` `OleDestroyMenuDescriptor` `OleTranslateAccelerator` `IsAccelerator` `CoRevokeClassObject` `CoRegisterMessageFilter` `CreateStreamOnHGlobal` `CreateILockBytesOnHGlobal` `StgOpenStorageOnILockBytes` `StgCreateDocfileOnILockBytes` `CoGetClassObject` `CoDisconnectObject` `CoInitialize` `CoCreateInstance` `CLSIDFromProgID` `CLSIDFromString` `CoCreateGuid` `CoUninitialize` `ReleaseStgMedium` `OleDuplicateData` `CoTaskMemFree` `CoTaskMemAlloc` `OleFlushClipboard`
OLEAUT32.dll	`#16` `#2` `#185` `#10` `#114` `#161` `#420` `#12` `#9` `#8` `#4` `#184` `#7` `#6`
oledlg.dll	`OleUIBusyW`
gdiplus.dll	`GdipBitmapLockBits` `GdipDrawImageRectI` `GdiplusShutdown` `GdipAlloc` `GdipFree` `GdiplusStartup` `GdipCloneImage` `GdipDisposeImage` `GdipGetImageGraphicsContext` `GdipGetImageWidth` `GdipGetImageHeight` `GdipGetImagePixelFormat` `GdipGetImagePalette` `GdipGetImagePaletteSize` `GdipCreateBitmapFromStream` `GdipCreateBitmapFromScan0` `GdipSetInterpolationMode` `GdipBitmapUnlockBits` `GdipDeleteGraphics` `GdipDrawImageI` `GdipCreateBitmapFromHBITMAP` `GdipCreateFromHDC`
WINMM.dll	`PlaySoundW` `timeGetTime`
MPR.dll	`WNetEnumResourceW` `WNetCloseEnum` `WNetOpenEnumW`
PSAPI.DLL	`EnumProcesses` `GetModuleBaseNameW` `EnumProcessModules`
WS2_32.dll	`#112` `#6` `#7` `#4` `#2` `#1` `#8` `freeaddrinfo` `getaddrinfo` `#111` `#21` `WSASocketW` `WSASend` `WSARecv` `#13` `#18` `#10` `#3` `#151` `#116` `#115` `WSAIoctl`
OLEACC.dll	`AccessibleObjectFromWindow` `LresultFromObject` `CreateStdAccessibleObject`
IMM32.dll	`ImmGetContext` `ImmGetOpenStatus` `ImmReleaseContext`

Delayed Imports

102

Type	`AFX_DIALOG_LAYOUT`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`c4103f122d27677c9db144cae1394a66`
SHA1	`1489f923c4dca729178b3e3233458550d8dddf29`
SHA256	`96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7`
SHA3	`762ba6a3d9312bf3e6dc71e74f34208e889fc44e6ff400724deecfeda7d5b3ce`

142

Type	`AFX_DIALOG_LAYOUT`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`c4103f122d27677c9db144cae1394a66`
SHA1	`1489f923c4dca729178b3e3233458550d8dddf29`
SHA256	`96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7`
SHA3	`762ba6a3d9312bf3e6dc71e74f34208e889fc44e6ff400724deecfeda7d5b3ce`

1

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x30a4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.92546`
Detected Filetype	PNG graphic file
MD5	`8c0520191c43bda521b1d314c275330a`
SHA1	`dda07f6ab32011ea2a58c069beef170afad6d688`
SHA256	`1ad6e5d541142508ff8490f335f1559028d18e2bc68f2448d0093442ccf8c9fa`
SHA3	`0bfeb7d31fea7615ba098c6382ba58dd8574d980e2af9cc93df927a8a7f8d03c`

2

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.33305`
MD5	`9fc17a8e2117222462e076fdb65b0dc7`
SHA1	`9402b43ed9522e7dd116a1c73d08a03d3d5019ee`
SHA256	`7c1a7609149ca500b4d773d5cbcd7adc8bff6a38d1b992b6198ed7aa303b89d6`
SHA3	`eb08ea852f8d88c2ad304f0b331ed882733cd71d9d810fcce6129fe170663a34`

3

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.96182`
MD5	`59baf04c61a528d80fa940f1094331f8`
SHA1	`b8e61edac92bf988239e73b7c2674b16a6c882ff`
SHA256	`dde14fa63fcb1f9fdf8534aaaf587fc4e7002e9687fbf9d034fafdad29c24c5e`
SHA3	`e0293e253aef5523151a148cdf09e99863cecb2c1fb8c96b5ed76b49cd083676`

4

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x5488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.04976`
MD5	`e9f141578e1da9a40bd337d50de577fa`
SHA1	`d01f1a03dad80f449243a48b450bb94219180003`
SHA256	`589fc4b3043eb50aea320ce0369baf3397ed7bdc83f658f62d68acd5fdf54fe7`
SHA3	`2538c12d47476218ac997d654bf43d21c3ee2b94b2f78d768acb3a76f8959082`

5

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.807`
MD5	`a92f370a1ddc05627f7abc0af2775cf2`
SHA1	`9632c71fefe0847d6351b72be19826153f438f30`
SHA256	`746ead0740af0dd9bbc98c4f45faf8062d70d58f20797975ef03b87e48a04248`
SHA3	`0c9630d4ac82e9a08b436c1fa6af003e68707ecd92f80283f8b6d1139907973d`

6

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.23467`
MD5	`c8f0be05f04aac749d9eec2832184478`
SHA1	`ea78724cc97ca342ca12705120d90f2e3f0f7db4`
SHA256	`72767dd02fdc2ac3e43d4103c33bd18c4f13dbee6832726a78236d753a6998e5`
SHA3	`22cfed16b4b04b315b87774ca8e0e7ae09055f2cc55f390ef364e5326317993d`

7

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.43779`
MD5	`c8a0690ad014b81b929be6adaade93ae`
SHA1	`c0b9f880766a9f0f08677bf1a169a5f4bffc0a2f`
SHA256	`5de6b1d97228bfb130423309b214c1bcff8f48b38f628c9b67a71c712e7a9792`
SHA3	`ca0dfbe391a3e01f1ca9267a349a06ba17fed5a517b7b9875985cd8e18605949`

8

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.69066`
MD5	`75d9d9f97ed5f972a8d70be7b5d1cf3d`
SHA1	`90e9122b63129bce81719888f546a2416c14591b`
SHA256	`b0bafd4e09a08ef92f94f89bf92f43f579df34ad661efe0793ad273855fcbd12`
SHA3	`131a5b591b7d041dce08a0bdef97c2a76c7417ae42dce58fb5f5a7f3ab774223`

9

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.12399`
MD5	`9e1c5ea08aec73c5fe89ea102a6246e3`
SHA1	`078440c68ea2d414f0d955ef59106dfdcc3d9278`
SHA256	`dd4d29f96bd15892a2f0823403c2681ab6c135ecd6a61d893f0707fd0eb70969`
SHA3	`9294b82389e507e975d3791f7c39090a3d9528c00cad9f40cb0348fa252a93a2`

102 (#2)

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x200`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.20698`
MD5	`7b5f10ca83958ce46e0798e1e0887d55`
SHA1	`027486840ad6cfe42b16a75915b01318726aa83e`
SHA256	`9fc2994b609779ff8252b3e79133fc049e891b3c551d76f6abcd55ce1d305071`
SHA3	`015d943259b8177f3679b0fbcc9d68badff769ba46aa571f409504b94c64ca5f`

129

Type	`RT_DIALOG`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0xcc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.05311`
MD5	`3cfa42059ae377e32c0eb93d3769333b`
SHA1	`598678cafe3e16341841f1e4536b3ec970e097ec`
SHA256	`c9b451bdad06beede278be8b7d85258598974b6e0ed48f55dda54ebb18728683`
SHA3	`eac89fee5ef2b4ccbd7336bb9aea5e1a88703b88bd401fdb7992afeb1295ec6f`

142 (#2)

Type	`RT_DIALOG`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0xbc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.16611`
MD5	`b998255787eb07e1649adbefe87455bf`
SHA1	`be0515032dfee2ef1063fa6c93c4a75851a48671`
SHA256	`43a324f79c2434aaed9b90e24bc5bd4dae706745730aa0b48e5c9299daa43706`
SHA3	`1fbdc82e69d868fc8766b69e07f04fb385eb7c67799af87b2ab9c00ebf98ef29`

140

Type	`RT_GROUP_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.01379`
Detected Filetype	Icon file
MD5	`533e005c6c3606f2cacb940a46098112`
SHA1	`6cd31dd9aa2efe22669e4b2309ba105bc855304f`
SHA256	`aa9dfe3c71750d518e903be5f6f958d9698b0f1b29b2e4a69f70b8d9ed69dde4`
SHA3	`18bca361d7abf7bd1088b33b2dd66ae334b3dd4e64ce8bb74bb0a80f1980b164`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x31c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.12107`
MD5	`f369ce03ef6e6f75be36380826e9bbaa`
SHA1	`63988e09c73fae3cc57067d88bed96040b1f89b9`
SHA256	`e56b4abc7f5ed56d0d980c4a6121aef45d178bbf32c53c392446890862d0c1ca`
SHA3	`cbbd6af5b4629766d3b254337a5e0e4bd702a279428f2add55679ffa364345e8`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2018-Aug-07 14:31:20
Version	`0.0`
SizeofData	`86`
AddressOfRawData	`0x246698`
PointerToRawData	`0x244c98`
Referenced File	G:\Doc\My work (C++)\_New 2018\Encryption\Release\encrypt.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2018-Aug-07 14:31:20
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x2466f0`
PointerToRawData	`0x244cf0`

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x677440`
SEHandlerTable	`0x656570`
SEHandlerCount	`1462`

RICH Header

XOR Key	`0xadd7855d`
Unmarked objects	`0`
C++ objects (VS2013 UPD5 build 40629)	`38`
C++ objects (VS2008 SP1 build 30729)	`1`
C objects (VS2008 SP1 build 30729)	`15`
Imports (VS2008 SP1 build 30729)	`41`
Total imports	`874`
C++ objects (VS2013 build 21005)	`139`
ASM objects (VS2013 build 21005)	`55`
C objects (VS2013 build 21005)	`262`
C++ objects (20806)	`322`
229 (VS2013 UPD5 build 40629)	`13`
Resource objects (VS2013 build 21005)	`1`
151	`1`
Linker (VS2013 UPD5 build 40629)	`1`

901d893f665c6f9741aa940e5f275952

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

102

142

1

2

3

4

5

6

7

8

9

102 (#2)

129

142 (#2)

140

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

TLS Callbacks

Load Configuration

RICH Header

Errors