9063a3fd9e185242428908b62c8a3a0d

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2016-Apr-06 14:39:04
Detected languages English - United States
Comments This installation was built with Inno Setup.
CompanyName http://daxstudio.codeplex.com
FileDescription DAX Studio Setup
FileVersion 2.7.4.102
LegalCopyright
ProductName DAX Studio
ProductVersion 2.7.4.102

Plugin Output

Suspicious The PE is possibly packed. Unusual section name found: .itext
Malicious The PE contains functions mostly used by malwares. [!] The program may be hiding some of its imports:
  • LoadLibraryExW
  • GetProcAddress
  • LoadLibraryW
Possibly launches other programs:
  • CreateProcessW
Memory manipulation functions often used by packers:
  • VirtualAlloc
  • VirtualProtect
Functions related to the privilege level:
  • OpenProcessToken
  • AdjustTokenPrivileges
Can shut the system down or lock the screen:
  • ExitWindowsEx
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 9063a3fd9e185242428908b62c8a3a0d
SHA1 bb526d14631c953782e3beb0edb0ceb49e82210b
SHA256 1922425d4ff03672791fbe5e5ed354b385dc2c2206aa7b1e36d0584515a18588
SHA3 4d7968b10407ea30522200b062279257867310d4b1675e39b55faff811d7a570
SSDeep 98304:CZW00bjoeolt76/BruMrYfBJMuB/SM0vk41XMyxTx3h2awjBHwZ3FWF:5oXz6/gDBq3vN1rRphklHwZ3sF
Imports Hash c60f9a83fcd28ab2eb686b76b194eb79

DOS Header

e_magic MZ
e_cblp 0x50
e_cp 0x2
e_crlc 0
e_cparhdr 0x4
e_minalloc 0xf
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0x1a
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 8
TimeDateStamp 2016-Apr-06 14:39:04
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0x10400
SizeOfInitializedData 0x18200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x117dc (Section: .itext)
BaseOfCode 0x1000
BaseOfData 0x12000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.0
ImageVersion 6.0
SubsystemVersion 5.0
Win32VersionValue 0
SizeOfImage 0x33000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x4000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 a33e9ff7181115027d121cd377c28c8f
SHA1 3dafbb4f2d1eb2164e193102e863ce4d7cabb6fb
SHA256 11a963697f424d62b984f4a71b5b39a9212a2ccb07f320d98d9f84c2da74c6dd
SHA3 49db185d2d743d81ac544b62705259e0d5c4fd3cf9ece3d03d774dab919d18e0
VirtualSize 0xf244
VirtualAddress 0x1000
SizeOfRawData 0xf400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.37521

.itext

MD5 caec456c18277b579a94c9508daf36ec
SHA1 2f9d566890abd0f66230a92bedf71afe6d110b37
SHA256 7f26d734f1c91987ba9e8f9100bb4d742f5bfef70e88763bbdbc3ce181bf6651
SHA3 d23d55a58020f569ec41e4639d1d620f4298eab3609ce15ca285a4e244ce4924
VirtualSize 0xf64
VirtualAddress 0x11000
SizeOfRawData 0x1000
PointerToRawData 0xf800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.7322

.data

MD5 746954890499546d73dce0e994642192
SHA1 2e71d1453d5d7fed43fd87a4ad48ae14c4969c6f
SHA256 42f6faae65550b06e3ebbb5a5a19d6ac41911ca2690b14db237928bc63453d96
SHA3 ce0284de8aa2e3026203524106c9794d4f4556e3ad3989c620c09dcf8f30595f
VirtualSize 0xc88
VirtualAddress 0x12000
SizeOfRawData 0xe00
PointerToRawData 0x10800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.29672

.bss

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 c5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470
VirtualSize 0x56bc
VirtualAddress 0x13000
SizeOfRawData 0
PointerToRawData 0x11600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.idata

MD5 e9b9c0328fd9628ad4d6ab8283dcb20e
SHA1 fd2927174e310130a51bdd648aefde6f89fe0007
SHA256 68a126ba6dddfa52cdc395cca81ae415921071acf02f75b7c00faf9d90353760
SHA3 9cc8c32ce727f232a303aa4735a2063a61dae2e0cc276d8fedfe7a35f9854ec1
VirtualSize 0xe04
VirtualAddress 0x19000
SizeOfRawData 0x1000
PointerToRawData 0x11600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.59781

.tls

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 c5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470
VirtualSize 0x8
VirtualAddress 0x1a000
SizeOfRawData 0
PointerToRawData 0x12600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.rdata

MD5 3dffc444ccc131c9dcee18db49ee6403
SHA1 45d8f890e32cc1adf7ded113fd19004c8869f419
SHA256 821b0bda5922cc6f5fb74fb3a160e39c97727c21beb1ecf4f96e3bcfad9edbe3
SHA3 acf247e1cd2d5fdf9bf43e4d881073c618ee721f8cb38b62759150dc68e16c50
VirtualSize 0x18
VirtualAddress 0x1b000
SizeOfRawData 0x200
PointerToRawData 0x12600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.204488

.rsrc

MD5 2b1856d831e6eb132da0b437c9edae3c
SHA1 0dfd503f31c4d855e8ad1976f4e7d8d940f4511d
SHA256 9fab44648b70e16a0cf5deb7f65a2c39da25ff56a2bc303f83b52771809c59bb
SHA3 b54270dee14357064a74089f6416bd3e24f922d13d358f0ac5fe6cc06faca8de
VirtualSize 0x161ec
VirtualAddress 0x1c000
SizeOfRawData 0x16200
PointerToRawData 0x12800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.62029

Imports

oleaut32.dll SysFreeString
SysReAllocStringLen
SysAllocStringLen
advapi32.dll RegQueryValueExW
RegOpenKeyExW
RegCloseKey
user32.dll GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
kernel32.dll GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
kernel32.dll (#2) GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
user32.dll (#2) GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
kernel32.dll (#3) GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
advapi32.dll (#2) RegQueryValueExW
RegOpenKeyExW
RegCloseKey
comctl32.dll InitCommonControls
kernel32.dll (#4) GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
advapi32.dll (#3) RegQueryValueExW
RegOpenKeyExW
RegCloseKey

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x4673
Entropy 7.95247
Detected Filetype PNG graphic file
MD5 01fc882eb068d34befcbc7864c74cc48
SHA1 28804815f70c2b082c74dfa9bc4186cf0b984b84
SHA256 bf82bb164893de8e2e40963baf0ccf0542c22ad56387eaf91221ce1d2c9dff5f
SHA3 d78d7102ae253c3d12fee9a27d261374b6f1334b188ae69cc4eba5cc938eca4e

2

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x4228
Entropy 4.1357
MD5 08ee4ff2cec1204840e27bc891be824e
SHA1 a5153f2434c33604046de2277b3d5c8704aa589a
SHA256 b95f366ff39f98a812abc2e84cff79087be64f9f2dff51e049c54c12202aff07
SHA3 5f54d4dec1ed7fc56e9d3edc30e5e586becf153eaa999c8c18a149c2ceeb8067

3

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x25a8
Entropy 4.91926
MD5 0cfb8177d98f6071e7697eda78bf146c
SHA1 fbe85591dd876bb24b930e9078ed08bf7971571e
SHA256 afbd3b71e14ec88a6a74853e42af5d69b8df1538e746b0ad510e6014a33c5b84
SHA3 05766e6358433ebc777374a5320d29fe625ce5a37a7dd50876f5e0e6c0954487

4

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x10a8
Entropy 4.60052
MD5 20f92cbd22eaa413c5f9e2860c785984
SHA1 8fce857b27ba87b3eacbf64429e010075c630c48
SHA256 7016558a0f9317a954ea77e53b1e5bd2200d425c0904107b0edbbe34a79e8bff
SHA3 6d44adb27802a72fbc18eebeb46f3895415542c2d04b1323237985909786454b

5

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x468
Entropy 5.0115
MD5 22e37b767f09d2632e28977bb958ed1a
SHA1 8b72d7ba705f33f81b3cd1a3ce23ba727650723d
SHA256 03cf8c10abfce9ef37f5d9f5732b9867071ebd8e9925706c21898fa3c5d0a56f
SHA3 169ef71c81abf1fd538f9dbffb0f251d5bb76db4a02573fe0fd4d4d8b2f1188f

4091

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x68
Entropy 2.56031
MD5 e518b8ae009986dd90363fcc61d7fff7
SHA1 24ed3f9f44fce167e79b53ea5f9b0505c4d567e1
SHA256 34ea1c2173226ecc593f8a2b0224c51ebbee1928715bda9339eec7717a822b89
SHA3 ec5b4cb9c07febbcaa3b422aea95fea3de2a5737477c4eecfe3de7ad39978020

4092

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0xd4
Entropy 3.25287
MD5 ac85ded4e576ce909f5460536b63a4f1
SHA1 07e0380006e58eec02eaaa047a58aceeef1552d3
SHA256 e1d818d622875ce2cf81883816ef982aa05a724c46f82b3e67875e0bc24228b1
SHA3 009f71594f5ae196c2b470e70a884267f4b673dbf53c6c662ac4a6840a65f0f0

4093

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0xa4
Entropy 3.26919
MD5 519a33f5d2b4442ef3caf6d4501995fb
SHA1 e54df9d112555eb11a132bfee15b69ac186b422e
SHA256 80bc91470ef70d527d0c4e0824945bc3b17ff84f464bca425661c3e7e1972ce7
SHA3 9982dabb46db17ebb98ee133d448bd8c9130563ba75f5d8651f03d6d0d17b605

4094

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x2ac
Entropy 3.33268
MD5 234c2763997eec9c8a72ef190b928d68
SHA1 089fcaabba97f63455ce8a47e2d5d07fa56ba55b
SHA256 33ef72f38fc1fe2842c44e11bb351f94385bb186fee0fadbefc9364ed52aeb93
SHA3 1005ebf7a1dbf462a93c4e5a18304b6da4876341a94e5176248c5e9edf66daad

4095

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x34c
Entropy 3.34579
MD5 2596d19a6b88cbba9c9c9cb003affbc6
SHA1 37091a716fd1eed000e0c3bb195fbd589a750608
SHA256 7f63f3f944a0b62f8f3b35a60141081599f7f175605ced7e1b4dcb80fda58c8a
SHA3 ae8d8f22c73a8b3bbefa2a50ba9c62178ce82094fb2e1f42db8aa2bc9cc13db9

4096

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x294
Entropy 3.28057
MD5 1f9009e4d5b61392e05aa8ac6eceb6aa
SHA1 4af6f3144fff0951da37370a3d200e8d74fc4862
SHA256 cb21f2b28bfc6b8046348c7a96bf97149dc5f91e1cc1a4f2904a1044a008425a
SHA3 f6a632c13858acd96169f2c66ab504ec74a17acaaaa7caab48f40cf1c85ff337

CHARTABLE

Type RT_RCDATA
Language English - United States
Codepage Latin 1 / Western European
Size 0x82e8
Entropy 3.5072
MD5 6e9c1c8c0a0ec8d73165779560cd7ba4
SHA1 d044c45e2ffd24e1abef00079577df385e325ab4
SHA256 677245e2a6b2eb5495b4965b8c26025a4b26e8b8c21a825f658cb390b493b9a0
SHA3 1d092e2165553a9d834adad2350d3ac9348c40b2f190bb23e49c4e55d3b9350c

DVCLAL

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x10
Entropy 4
MD5 d8090aba7197fbf9c7e2631c750965a8
SHA1 04f73efb0801b18f6984b14cd057fb56519cd31b
SHA256 88d14cc6638af8a0836f6d868dfab60df92907a2d7becaefbbd7e007acb75610
SHA3 c6c76d2cc1f3d53733b805a2d82178b366a8a5e3867bc0e99134cb004cde57a0

PACKAGEINFO

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x150
Entropy 5.17906
MD5 9247d9dfc002426bf15a38569e1117d6
SHA1 724fbe0b18bf415f1871fbc45570b1ba809b1acd
SHA256 05efbff33471fec1389d42d84ee0572448b1dabb86c18ee38dd6463ff7f927af
SHA3 50f29135925ae15fc9a113719838097e08c080f72b41c0c995d39aaa3148ae1a

11111

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x2c
Entropy 4.50547
MD5 61be85ba9f3b6f57a893c6a890bfc603
SHA1 bebdce714ee2b1e4ccf6d106aba609c4af6f2eaa
SHA256 ae21b5ee50bc47dd513af2010abbe604898677cc077b1924ae3a3f63103f02d5
SHA3 f083525d63aa99e914e319e1f1b4e036c871a0bbb4047834b33c439d4ca3022b

MAINICON

Type RT_GROUP_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x4c
Entropy 2.64638
Detected Filetype Icon file
MD5 21ba5cd00a25d98ec5275a887ddd55ab
SHA1 ecd3da62b2c92e5ffe6f984c52cc352e9c4ff699
SHA256 0263ed46ab779ba1f1e6ff6c42f2b64eb9a91e9bb1f3cb0e30fbca7749c5818a
SHA3 87f577c28c6033ade6f9edac3a47770da15067deafb34ed33c2882cca1470d86

1 (#2)

Type RT_VERSION
Language English - United States
Codepage Latin 1 / Western European
Size 0x4f4
Entropy 2.75917
MD5 1d1e1292086a2a1bc9249dcc06738aa4
SHA1 da9de38c45a12976e5df83c8b171305b34a8f777
SHA256 d66d3412921afef673b88e63235c58246c15eafc890e5d9cdc83ec4aa682f3e5
SHA3 c4e9d7dcfe36e146ee8bc9357f6ae3bca5d9d4b9e732381cb586cc10143fa90a

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x62c
Entropy 5.13965
MD5 f78a870573f5bf2f15570e286257fae7
SHA1 eaccbf47cd42836b0e21ab2196b86d98a28733ca
SHA256 356ca8abf11d97bf9dcbff47c04bf1ddcb8685ef84d38e6850ec6c28a37655b9
SHA3 bed5c332856389cc6c874441adb1ba3a3eaeb8f57eb93b87b138ee0a44501780

String Table contents

Friday
Saturday
Invalid file name - %s
September
October
November
December
Sun
Mon
Tue
Wed
Thu
Fri
Sat
Sunday
Monday
Tuesday
Wednesday
Thursday
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
January
February
March
April
May
June
July
August
Invalid variant type conversion
Invalid variant operation
Invalid argument
External exception %x
Assertion failed
Interface not supported
Exception in safecall method
Object lock not owned
Monitor support function not initialized
%s (%s, line %d)
Abstract Error
Access violation at address %p in module '%s'. %s of address %p
Jan
Feb
Mar
Apr
Invalid class typecast
Access violation at address %p. %s of address %p
Access violation
Stack overflow
Control-C hit
Privileged instruction
Operation aborted
Exception %s in module %s at %p.
%s%s
Application Error
Format '%s' invalid or incompatible with argument
No argument for format '%s'
Variant method calls not supported
Read
Write
Error creating variant or safe array
Variant or safe array index out of bounds
Out of memory
I/O error %d
File not found
Too many open files
File access denied
Read beyond end of file
Disk full
Invalid numeric input
Division by zero
Range check error
Integer overflow
Invalid floating point operation
Floating point division by zero
Floating point overflow
Floating point underflow
Invalid pointer operation

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 2.7.4.102
ProductVersion 2.7.4.102
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments This installation was built with Inno Setup.
CompanyName http://daxstudio.codeplex.com
FileDescription DAX Studio Setup
FileVersion (#2) 2.7.4.102
LegalCopyright
ProductName DAX Studio
ProductVersion (#2) 2.7.4.102
Resource LangID English - United States

TLS Callbacks

StartAddressOfRawData 0x41a000
EndAddressOfRawData 0x41a008
AddressOfIndex 0x4127ac
AddressOfCallbacks 0x41b010
SizeOfZeroFill 0
Characteristics IMAGE_SCN_TYPE_REG
Callbacks (EMPTY)

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0! [*] Warning: Section .bss has a size of 0! [*] Warning: Section .tls has a size of 0! [*] Warning: Section .tls has a size of 0!