9226b9a9fb04434df44abca0c4bf531f

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2012-Jun-07 15:59:53
Detected languages English - United States
French - France
Comments Remote Service Application
CompanyName Microsoft Corp.
FileDescription Remote Service Application
FileVersion 1, 0, 0, 1
InternalName MSRSAAPP
LegalCopyright Copyright (C) 1999
OriginalFilename MSRSAAP.EXE
ProductName Remote Service Application
ProductVersion 4, 0, 0, 0

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: Contains references to system / monitoring tools:
  • taskmgr.exe
Contains references to internet browsers:
  • iexplore.exe
Tries to detect virtualized environments:
  • HARDWARE\DESCRIPTION\System
  • b3 eb 36 e4 4f 52 ce 11 9f 53 00 20 af 0b a7 70
May have dropper capabilities:
  • CurrentControlSet\Services
  • CurrentVersion\Run
Miscellaneous malware strings:
  • cmd.exe
Info Cryptographic algorithms detected in the binary: Uses constants related to MD5
Suspicious The PE is possibly packed. Unusual section name found: .itext
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryExA
  • GetProcAddress
  • LoadLibraryA
Functions which can be used for anti-debugging purposes:
  • FindWindowA
  • NtQuerySystemInformation
Code injection capabilities:
  • VirtualAlloc
  • WriteProcessMemory
  • VirtualAllocEx
  • OpenProcess
  • CreateRemoteThread
Code injection capabilities (process hollowing):
  • WriteProcessMemory
  • SetThreadContext
  • ResumeThread
Code injection capabilities (PowerLoader):
  • GetWindowLongW
  • GetWindowLongA
  • FindWindowA
Code injection capabilities (mapping injection):
  • MapViewOfFile
  • CreateRemoteThread
  • CreateFileMappingA
Can access the registry:
  • RegQueryValueExA
  • RegOpenKeyExA
  • RegCloseKey
  • RegSetValueExA
  • RegQueryInfoKeyA
  • RegOpenKeyA
  • RegFlushKey
  • RegEnumValueA
  • RegEnumKeyExA
  • RegDeleteValueA
  • RegDeleteKeyA
  • RegCreateKeyExA
  • RegCreateKeyA
Possibly launches other programs:
  • WinExec
  • CreateProcessA
  • ShellExecuteA
Uses Windows's Native API:
  • ntohs
  • NtQuerySystemInformation
  • NtUnmapViewOfSection
Can create temporary files:
  • CreateFileA
  • GetTempPathA
Uses functions commonly found in keyloggers:
  • MapVirtualKeyA
  • GetForegroundWindow
  • CallNextHookEx
Memory manipulation functions often used by packers:
  • VirtualAlloc
  • VirtualProtectEx
  • VirtualProtect
  • VirtualAllocEx
Has Internet access capabilities:
  • URLDownloadToFileA
  • InternetReadFile
  • InternetOpenUrlA
  • InternetOpenA
  • InternetConnectA
  • InternetCloseHandle
Leverages the raw socket API to access the Internet:
  • WSAIoctl
Functions related to the privilege level:
  • OpenProcessToken
  • AdjustTokenPrivileges
Interacts with services:
  • QueryServiceStatus
  • OpenServiceA
  • OpenSCManagerA
  • EnumServicesStatusA
  • DeleteService
  • CreateServiceA
  • ControlService
Enumerates local disk drives:
  • GetVolumeInformationA
  • GetDriveTypeA
Manipulates other processes:
  • WriteProcessMemory
  • ReadProcessMemory
  • OpenProcess
Can take screenshots:
  • GetDCEx
  • GetDC
  • FindWindowA
  • CreateCompatibleDC
  • BitBlt
Can use the microphone to record audio:
  • waveInOpen
Reads the contents of the clipboard:
  • GetClipboardData
Can shut the system down or lock the screen:
  • LockWorkStation
  • ExitWindowsEx
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 9226b9a9fb04434df44abca0c4bf531f
SHA1 80200347da129ae495f748eaeebf62b27f99d095
SHA256 e97a7df2a94583cd26d2826823878a3df52eeaaf23bb467ac9aa70ed12a1dc2b
SHA3 649e32a895a1e41a4cc77118d9b8f3ff2ddcb4e94048d6b1992769bd480ec831
SSDeep 12288:i9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hV:OZ1xuVVjfFoynPaVBUR8f+kN10EBf
Imports Hash 6bb7562c7e0849ed51005a0b3b2aee90

DOS Header

e_magic MZ
e_cblp 0x50
e_cp 0x2
e_crlc 0
e_cparhdr 0x4
e_minalloc 0xf
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0x1a
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 9
TimeDateStamp 2012-Jun-07 15:59:53
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0x8f400
SizeOfInitializedData 0x15000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0008F888 (Section: .itext)
BaseOfCode 0x1000
BaseOfData 0x91000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0xb2000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x4000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 8067456c5dc713997e61924c501c8cb2
SHA1 a31e9403bbcd95793846f9619bda7cfde9229e20
SHA256 01b42ecb845b58dd02287d6882985f8f92331f04a03494c9c529b4d6d1085b8e
SHA3 50a2fd0a8cd0c45996676819e48c78b35ad4126686d7bbb159ed2370d89ec09a
VirtualSize 0x8d8f0
VirtualAddress 0x1000
SizeOfRawData 0x8da00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.55342

.itext

MD5 3f63b5c2974302201afb8afa01b8ac10
SHA1 7e49535face98e2cd7183ec3e98c2a95894ebcd5
SHA256 5818d492ae7d7bebb8ff50205d50a05c21dfb355ffa5e7b374e5b392b4f39cfa
SHA3 f79d8ba9a2ff6406285b1c45d26ae220db0b0913c1d5711a81be247be083e579
VirtualSize 0x1954
VirtualAddress 0x8f000
SizeOfRawData 0x1a00
PointerToRawData 0x8de00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.95375

.data

MD5 81fa247370ecc3476b5c17086c0f2024
SHA1 57a1468ce4eaa810ed0ffdb3622c1d142eb61123
SHA256 dc85bddaf44df093343ea9ba7792794de39962d8b0ee4c5c135a33d7aeb8881f
SHA3 2933eabebcd7beed8c43d5495e57cfc0cf6dee6f6a7ead906a5128aabbd05237
VirtualSize 0x3d3c
VirtualAddress 0x91000
SizeOfRawData 0x3e00
PointerToRawData 0x8f800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.83487

.bss

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x7404
VirtualAddress 0x95000
SizeOfRawData 0
PointerToRawData 0x93600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata

MD5 cd30ca2b6ff5111155dec94ee29ec186
SHA1 e5fd41be7799ae8933dbc4c297e57fc2fc8d2368
SHA256 b60bee150de6a1a9b99e268fe9541362dc4ea76fc35ad8c1cb996794c0358736
SHA3 e7e4309670ae249c9d73b4c80a5d529fb68fffa77d0e74e526ef18b0e8f62aea
VirtualSize 0x4140
VirtualAddress 0x9d000
SizeOfRawData 0x4200
PointerToRawData 0x93600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.26814

.tls

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x38
VirtualAddress 0xa2000
SizeOfRawData 0
PointerToRawData 0x97800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata

MD5 c1788dfeb92bbf0cff5aeaeaf1270ff8
SHA1 469a55b2d8c433d2a38eb7d9398cf0c8965abf15
SHA256 f8fe161e8bf0b3595489be6b4d41e4e75d4fcebff73fbc62542cceb9b6e1ec84
SHA3 2e069e5f7642978c8784bb02f8646b0bc0868bd1fbe7f5fda92d2d5a0d9512b1
VirtualSize 0x18
VirtualAddress 0xa3000
SizeOfRawData 0x200
PointerToRawData 0x97800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.210826

.reloc

MD5 e55564594dad16a2ca19fb85903b9300
SHA1 7ef009dc015904e2abf1868ff1c92a15317b0df4
SHA256 4f97b7a27e9b734668bffc4288c02a36685c9d48d11780ca9830d8bee88642f8
SHA3 af14755ff0d4d924ae3d48e0de73bbbd8fce064a19c337859dfa3605890e755b
VirtualSize 0x8adc
VirtualAddress 0xa4000
SizeOfRawData 0x8c00
PointerToRawData 0x97a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.72501

.rsrc

MD5 187ce48af44354f592f04c579b92779a
SHA1 a826c0b4f6c3e18951476b1da946ac15f49fb46e
SHA256 22dec2eebd8ca429224136d4f5d48aa3bc7b0f94a3c75ad5122878408c85d442
SHA3 eeb05daf5f9d61f914509b516fcfaf100eb5e0ebea732e5c7a136807af65f65f
VirtualSize 0x41f8
VirtualAddress 0xad000
SizeOfRawData 0x4200
PointerToRawData 0xa0600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.23394

Imports

oleaut32.dll SysFreeString
SysReAllocStringLen
SysAllocStringLen
advapi32.dll RegQueryValueExA
RegOpenKeyExA
RegCloseKey
user32.dll GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
kernel32.dll GetACP
Sleep
VirtualFree
VirtualAlloc
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringA
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
kernel32.dll (#2) GetACP
Sleep
VirtualFree
VirtualAlloc
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringA
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
user32.dll (#2) GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
gdi32.dll UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
RectVisible
RealizePalette
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
ExtTextOutA
ExcludeClipRect
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
BitBlt
version.dll VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
kernel32.dll (#3) GetACP
Sleep
VirtualFree
VirtualAlloc
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringA
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
advapi32.dll (#2) RegQueryValueExA
RegOpenKeyExA
RegCloseKey
wsock32.dll __WSAFDIsSet
WSACleanup
WSAStartup
WSAGetLastError
gethostname
getservbyname
gethostbyname
gethostbyaddr
socket
shutdown
sendto
send
select
recv
ntohs
listen
ioctlsocket
inet_ntoa
inet_addr
htons
getsockname
connect
closesocket
bind
accept
kernel32.dll (#4) GetACP
Sleep
VirtualFree
VirtualAlloc
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringA
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
ole32.dll CoTaskMemFree
StringFromCLSID
shell32.dll ShellExecuteExA
ShellExecuteA
SHGetFileInfoA
SHFileOperationA
DragQueryFileA
oleaut32.dll (#2) SysFreeString
SysReAllocStringLen
SysAllocStringLen
ole32.dll (#2) CoTaskMemFree
StringFromCLSID
URLMON.DLL URLDownloadToFileA
oleaut32.dll (#3) SysFreeString
SysReAllocStringLen
SysAllocStringLen
comctl32.dll _TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
wininet.dll InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetConnectA
InternetCloseHandle
HttpQueryInfoA
FtpPutFileA
shell32.dll (#2) ShellExecuteExA
ShellExecuteA
SHGetFileInfoA
SHFileOperationA
DragQueryFileA
winmm.dll waveInUnprepareHeader
waveInStart
waveInReset
waveInPrepareHeader
waveInOpen
waveInClose
waveInAddBuffer
PlaySoundA
mciSendStringA
netapi32.dll Netbios
gdiplus.dll GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImageRectI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdipSaveImageToStream
GdipDisposeImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
advapi32.dll (#3) RegQueryValueExA
RegOpenKeyExA
RegCloseKey
msacm32.dll acmStreamUnprepareHeader
acmStreamPrepareHeader
acmStreamConvert
acmStreamReset
acmStreamSize
acmStreamClose
acmStreamOpen
ntdll.dll NtQuerySystemInformation
netapi32.dll (#2) Netbios
WS2_32.DLL WSAIoctl
SHFolder.dll SHGetFolderPathA
ntdll NtUnmapViewOfSection
user32.dll (#3) GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
SHELL32.DLL SHEmptyRecycleBinA
AVICAP32.DLL capGetDriverDescriptionA

Delayed Imports

1

Type RT_CURSOR
Language English - United States
Codepage Latin 1 / Western European
Size 0x134
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.6633
MD5 ff4e5862f26ea666373e5fab2bddfb11
SHA1 cfa13c0ab30f1bbd566900dee3631902f9b6451c
SHA256 b8e6fc93d423931acbddae3c27dd3c4eb2a394005d746951a971cb700e0ee510
SHA3 91dae12a9f43c5443e0661091a336f882fa1482f75fa9a57c9298d1d70c8ae69

2

Type RT_CURSOR
Language English - United States
Codepage Latin 1 / Western European
Size 0x134
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.80231
MD5 2e87b3c111e3073a841775c1f8ec5a90
SHA1 20292304fa2ef1bfdc4a1000e90a1c16d4765a96
SHA256 ce19ace18e87b572e6912306776226af5b8e63959c61cde70a8ff05b3bbdcc41
SHA3 9527f09e739c2064835800a7e5c317cb422bdd7237f00fca079a1c62f58a2612

3

Type RT_CURSOR
Language English - United States
Codepage Latin 1 / Western European
Size 0x134
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.00046
MD5 a04c3c368cb37c07bd5f63e7e6841ebd
SHA1 699300bceaa1256818c43fecfc8cad93a59156b2
SHA256 ee1c9c194199c320c893b367602ccc7ee7270bd4395d029f727e097634f47f8c
SHA3 58722e3138aad1382e284c1605ecd665ced536de4906749ac8d6e11252cc9558

4

Type RT_CURSOR
Language English - United States
Codepage Latin 1 / Western European
Size 0x134
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.56318
MD5 9929115b21c2c59348058d4190392e75
SHA1 626fba1825d572ea441d36363307c9935de3c565
SHA256 9d9edf87ca203ecc60b246cc783d54218dd0ce77d3a025d0bafc580995a4abd8
SHA3 fea156e872544252c625076a6bf3baa733ee5b3d5399716e156734af7a841369

5

Type RT_CURSOR
Language English - United States
Codepage Latin 1 / Western European
Size 0x134
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.6949
MD5 f321ad13d1c3f35a05d67773b4bc27d6
SHA1 30aded8525417e2531d5eb88bf2f868172945baa
SHA256 99676c52310db365580965ea646ece86c62951bfd97ec0aae9f738a202a90593
SHA3 04c839da98a8c50a36697076af5bc6d527560a69153b2f718f065908fd4fe3ad

6

Type RT_CURSOR
Language English - United States
Codepage Latin 1 / Western European
Size 0x134
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.62527
MD5 5ca217e52bdc6f23b43c7b6a23171e6e
SHA1 d99dc22ec1b655a42c475431cc3259742d0957a4
SHA256 11726dcf1eebe23a1df5eb0ee2af39196b702eddd69083d646e4475335130b28
SHA3 b358d8a5b0f400dd2671956ec45486ae1035556837b5289df5f418fe69348b3f

7

Type RT_CURSOR
Language English - United States
Codepage Latin 1 / Western European
Size 0x134
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.91604
MD5 6be7031995bb891cb8a787b9052f6069
SHA1 487eb59fd083cf4df02ce59d9b079755077ba1b5
SHA256 6f938aab0a03120de4ef8b27aff6ba5146226c92a056a6f04e5ec8d513ce5f9d
SHA3 0f1c6c0378a3646c9fbf3678bbeeccf929d32192f02d1ea9d6ba0be5c769e6ab

4083

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x20c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.16951
MD5 bfde8fc69a6a60c8f364adc5579faded
SHA1 38d6693013fd0392891c2e52be467703ec7484d8
SHA256 977195d0465f3794b621715c49a5a6de8bd79c312e57402cf0a7a06c92a10c64
SHA3 b3d4352816490b2e706d4079c49aa62297375ec13980acbfae485ffb18ff97f8

4084

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x3fc
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.32488
MD5 436deb321e2dee8be68d1d3e5d14420f
SHA1 95cb0ea51e6a5bed754359b1a3e0bf37070cb7ae
SHA256 07b275caeb18621dd9a2cd5202bcd2e029d3aa8c3e8b2bd89f7e6f4fd8e95c88
SHA3 a524b21e33a0f4b564b79f7750bd3180fdbddc573091c9afa84e5d8078a6b53a

4085

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0xa8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.46183
MD5 424aba466e276648572c1408de227561
SHA1 40582332710bf8981c25ab4e2538907d0f8b4c0c
SHA256 8800fbd9199428531f3c0fb4d8d1e2359c8eb58996221c2782d447237b0c675b
SHA3 d11fdea921396f32da959a569234e6392a9b4c7e690735abbb6f337ab20b9de9

4086

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x140
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.36759
MD5 c1c3906ef505a62ccb7db51456478f26
SHA1 fad75550752427f661a52158a0788988151e02af
SHA256 31661964224bf2e5376234357df765ae6c7f5965812912ca66ca8212bcacd590
SHA3 b86e30d87f33cb0be6e888ff6672c8990967e7a9d29100c962ced96435f0aeea

4087

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x478
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.30108
MD5 283b20443e6e0d0f2ad671180ad4e1dd
SHA1 f8ee1540ca326406be7f7d8e0e9b768fb5690a67
SHA256 f775ecef589d6fd344520763bd87fedcbc1a5d05070814a491aef4dcee26ea2e
SHA3 e15d02a874d24f58b629b9bc776b2a30e708a79af349e6a7345b2fcb7171ed9b

4088

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x330
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.29369
MD5 2cb02604cb891d94317156f5a11e784c
SHA1 8bbdc926bd0024ab77ac835c5613ca597309ba84
SHA256 e5e3ea4faadefbfdd62b1dbcb8c9a0991481a9c4db5f6d95729386df05c96cf3
SHA3 3c63541f59e740ab66f78feb52783e9b5068cf93fd07bdeb3ef2551366f092ef

4089

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x36c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.30957
MD5 59a1f265f7bcd344dccda6b38543ac22
SHA1 fd6fd7018c669dd5c6eeece34d65a7bf1cc3ce82
SHA256 83074ba964f9665ce2e148ab993faa6b1fc38418ab9ebd691dd9f47e62d17c3b
SHA3 365f16081380e8b5d018b87ad4b165f2aa962861efe708d35b9137b311263f70

4090

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x3f0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.31357
MD5 1761877e945c8b1997ad6479f89d567d
SHA1 c141d2e202e01a085b37cf5a173f3270360b9a06
SHA256 9a90e503424ee4c5f76973a21de138e72576319a0d77a66046f2d655dd36b4a3
SHA3 9dfa20e3731b2dcf8e64a487b95e1b95dc3a02e38edcb180cc78370e29654489

4091

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0xcc
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.27116
MD5 fbfc238a45378c31fbae9bf45ec7f746
SHA1 5ce4e6515469074eb3c19bec6ecc8ac8a3e8642a
SHA256 786bc22aaa9dcb464caebde8e8d8b06a54bdb4c7abd7b1c53d0928be3650b386
SHA3 51c31b1c773f38ad457f08d3f91512a7dc41ac104f11460e1ef1c1036278c58b

4092

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0xb0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.32381
MD5 dca3a6c0c0a3c64d21555423c09e6c7f
SHA1 20b22b413f0e6157971189cd3646dd6a6d950dee
SHA256 676b0f607a54bc7a1d9c6e5c81ee45f5fcc11836860c714ca8df8ba1c3c4af4c
SHA3 d0f4388748387b467b6f9d71a6ec2752a6c27e0aa54aaba0e865f61a4574b944

4093

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x2ac
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.34815
MD5 4050b46f61adc7fbb3460fa83f37e5a2
SHA1 2886da1cc4dd4793d82cc9f7c2a31e186a595bf3
SHA256 f204744509fc5ba96a7a34589cdeb406970289c9fff0f5d55c7cdfb8ff9aa8eb
SHA3 62594ad9ef327025ac8679fc744499ae96e565eb7ec600131bc65b1b08cc2343

4094

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x3b8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.27865
MD5 e3730635290db93ef13aed6ed00d1b46
SHA1 209d0960fea4bc26b76e13985540401055ea2081
SHA256 cfb7265bfe250112b6ef09f27146bf86f1eaa9f578aa813351a666da6a5876b8
SHA3 2dcf3c842725846353d993b7c222ad2d7e301cf8f696b245c3cc63a6a03dd6e5

4095

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x354
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.32737
MD5 c923d562e6bffdab843dd41743621c2a
SHA1 3581fd1e39f474f0eec94bfca6d1e4857f5a3f79
SHA256 b71dd4c8b1a31e49b72cec2cda5929b8acabbb082dec2397258111e5a9f18556
SHA3 00ca1d0c6d0f1200dca193289c7e5411c8d9e390424a0467d8d050a8420cc068

4096

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x2f0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.25696
MD5 a890aeac493c47293f5198fbc5335679
SHA1 ff583dba20cb7d353ce72a6881463f69f1023250
SHA256 62deb514f08c7a4ea6b35ac0cbbb5b43487b4e8e7fcef87107f7476553ef6c77
SHA3 9740a2de0cea2234ba1fc24b601d0e38a0a5ed2afb51bd0e75f40fc99697c1ff

DCDATA

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x1d0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.96882
MD5 f321ebc8910fe8db0fcbbbe7465cca4f
SHA1 5582ef5b0ac2b9cd8cd7ef1a1a366ea99951887d
SHA256 d343b02e88d349ae88ba0846341aec59d893207ba60ac65a389cdf104938a842
SHA3 0ef6427e6296a25e106ab6c5fa1e97a432537194a1f60c185ed59c4502317c07

DVCLAL

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x10
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4
MD5 a40263c75fde7440b1086b7da9c51fc2
SHA1 139a84f87110fb5cb16a386adade21f30cae98b0
SHA256 e7dbe99baa5c1045cdf7004edb037018b2e0f639a5edcf800ec4514d5c8e35b5
SHA3 d3a734fa7d36868d301f9569de92e1bfc551e4b5cf6d7c59eace8d0a554093c0

PACKAGEINFO

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x7f4
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.41222
MD5 ebbc7b1655fbb35f9eb59f8e2b7733b4
SHA1 51a79e283b119ee22e191588d126f15b8fff5ab2
SHA256 0d85b233878fe6dc712e2832f52d91bcb8f1a0895f15b49053de2efbe03fc43f
SHA3 88a099ee7e7761f2fb587cd95affd954f713f3132cadb009254f15afb40accd8

32761

Type RT_GROUP_CURSOR
Language English - United States
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.83876
Detected Filetype Cursor file
MD5 a2baa01ccdea3190e4998a54dbc202a4
SHA1 e8217df98038141ab4e449cb979b1c3bbea12da3
SHA256 c53efa8085835ba129c1909beaff8a67b45f50837707f22dfff0f24d8cd26710
SHA3 8874564c406835306368adf5e869422e1bb97109b97c1499caa8af219990e8dc
Preview

32762

Type RT_GROUP_CURSOR
Language English - United States
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.91924
Detected Filetype Cursor file
MD5 aff0f5e372bd49ceb9f615b9a04c97df
SHA1 e3205724d7ee695f027ab5ea8d8e1a453aaad0dd
SHA256 b07e022f8ef0a8e5fd3f56986b2e5bf06df07054e9ea9177996b0a6c27d74d7c
SHA3 9cb042121a5269b80d18c3c5a94c0e453890686aedade960097752377dfa9712
Preview

32763

Type RT_GROUP_CURSOR
Language English - United States
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.01924
Detected Filetype Cursor file
MD5 48e064acaba0088aa097b52394887587
SHA1 310b283d52aa218e77c0c08db694c970378b481d
SHA256 43f40dd5140804309a4c901ec3c85b54481316e67a6fe18beb9d5c0ce3a42c3a
SHA3 38753084b0ada40269914e80dbacf7656dc94764048bd5dff649b08b700f3ed5
Preview

32764

Type RT_GROUP_CURSOR
Language English - United States
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.01924
Detected Filetype Cursor file
MD5 1ae28d964ba1a2b1b73cd813a32d4b40
SHA1 8883cd93b8ef7c15928177de37711f95f9e4cd22
SHA256 ff47a48c11c234903a7d625cb8b62101909f735ad84266c98dd4834549452c39
SHA3 a85dadd416ce2d22aa291c0794c45766a0613b853c6e3b884a2b05fc791427b8
Preview

32765

Type RT_GROUP_CURSOR
Language English - United States
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.01924
Detected Filetype Cursor file
MD5 0893f6ba80d82936ebe7a8216546cd9a
SHA1 0754cbdf56c53de9ed7fbd47859d20b788c6f056
SHA256 a0adcedb82b57089f64e2857f97cefd6cf25f4d27eefc6648bda83fd5fef66bb
SHA3 ce6148ade08ef9b829f83cb13b4c650d9d4a7012bfd1ab697a7870a05f4104f8
Preview

32766

Type RT_GROUP_CURSOR
Language English - United States
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.01924
Detected Filetype Cursor file
MD5 dcaa3c032fe97281b125d0d8f677c219
SHA1 58fe36409f932549e2f101515abee7a40cf47b2c
SHA256 6e1e7738a1b6373d8829f817915822ef415a1727bb5bb7cfe809e31b3c143ac5
SHA3 02ef292e1b4a70e439e362af6b4fa213e3816ade45222b78dabab712b6afba54
Preview

32767

Type RT_GROUP_CURSOR
Language English - United States
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.01924
Detected Filetype Cursor file
MD5 a95c7c78d0a0b30b87e3c4976e473508
SHA1 b19f3999f1b302a2d28977cb18a3416c918d486c
SHA256 326c048595bbc72e3f989cb3b95fbf09dc83739ced3cb13eb6f03336f95d74f1
SHA3 8157b4e6afa7ed2e2ffc174d655bec9fb81db609e4c5864faa5ead931ff60689
Preview

1 (#2)

Type RT_VERSION
Language French - France
Codepage Latin 1 / Western European
Size 0x358
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.34616
MD5 fd07a2df78e784fe61442f1ae70aa051
SHA1 90d10eceedd6a0e1228102e45e8126accf14e194
SHA256 78a8455b3860c17c73e16a076ea920b1dfbb42bfff2d23f8ebbda50ebb957747
SHA3 d806312c5ebf8a45d562a8138f1f86f96fc401abbea18997b83a4be0260425a2

String Table contents

DCOM not installed
Unable to find a Table of Contents
No help found for %s
No context-sensitive help installed
No help found for context
No topic-based help system installed
Unable to retrieve a pointer to a running object registered with OLE for %s/%s
Shift+
Ctrl+
Alt+
Invalid clipboard format
Clipboard does not support Icons
Cannot open clipboard
Menu '%s' is already being used by another form
Docked control must have a name
Error removing control from dock tree
- Dock zone not found
- Dock zone has no control
Error loading dock zone from the stream. Expecting version %d, but found %d.
OLE error %.8x
Method '%s' not supported by automation object
Variant does not reference an automation object
Dispatch methods do not support more than 64 parameters
Yes to &All
BkSp
Tab
Esc
Enter
Space
PgUp
PgDn
End
Home
Left
Up
Right
Down
Ins
Del
A control cannot have itself as its parent
Cannot drag a form
Warning
Error
Information
Confirm
&Yes
&No
OK
Cancel
&Help
&Abort
&Retry
&Ignore
&All
N&o to All
Invalid ImageList Index
Failed to read ImageList data from stream
Failed to write ImageList data to stream
Error creating window device context
Error creating window class
Cannot focus a disabled or invisible window
Control '%s' has no parent window
Cannot hide an MDI Child Form
Cannot change Visible in OnShow or OnHide
Cannot make a visible window modal
Menu index out of range
Menu inserted twice
Sub-menu is not in menu
Not enough timers available
GroupIndex cannot be less than a previous menu item's GroupIndex
Cannot create form. No MDI forms are currently active
%s not in a class registration group
Property %s does not exist
Stream write error
Thread creation error: %s
Thread Error: %s (%d)
Bitmap image is not valid
Icon image is not valid
Metafile is not valid
Invalid pixel format
Scan line index out of range
Cannot change the size of an icon
Unsupported clipboard format
Out of system resources
Canvas does not allow drawing
Invalid image size
Invalid ImageList
Invalid property path
Invalid property value
Invalid data type for '%s'
List capacity out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d)
Out of memory while expanding memory stream
Error reading %s%s%s: %s
Stream read error
Property is read-only
Failed to create key %s
Failed to get data for '%s'
Failed to set data for '%s'
Resource %s not found
%s.Seek not implemented
Operation not allowed on sorted list
Saturday
Unable to create directory
Ancestor for '%s' not found
Cannot assign a %s to a %s
Bits index out of range
Can't write to a read-only resource stream
CheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
A class named %s already exists
List does not allow duplicates ($0%x)
A component named %s already exists
String list does not allow duplicates
Cannot create file "%s". %s
Cannot open file "%s". %s
Invalid stream format
''%s'' is not a valid component name
October
November
December
Sun
Mon
Tue
Wed
Thu
Fri
Sat
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Jun
Jul
Aug
Sep
Oct
Nov
Dec
January
February
March
April
May
June
July
August
September
Unexpected variant error
External exception %x
Assertion failed
Interface not supported
Exception in safecall method
%s (%s, line %d)
Abstract Error
Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
%s
A call to an OS function failed
Application is not licensed to use this feature
Jan
Feb
Mar
Apr
May
No argument for format '%s'
Variant method calls not supported
Read
Write
Error creating variant or safe array
Variant or safe array index out of bounds
Variant or safe array is locked
Invalid variant type conversion
Invalid variant operation
Invalid variant operation (%s%.8x)
%s
Could not convert variant of type (%s) into type (%s)
Overflow while converting variant of type (%s) into type (%s)
Variant overflow
Invalid argument
Invalid variant type
Operation not supported
Range check error
Integer overflow
Invalid floating point operation
Floating point division by zero
Floating point overflow
Floating point underflow
Invalid pointer operation
Invalid class typecast
Access violation at address %p. %s of address %p
Access violation
Stack overflow
Control-C hit
Privileged instruction
Exception %s in module %s at %p.
%s%s
Application Error
Format '%s' invalid or incompatible with argument
'%s' is not a valid integer value
'%s' is not a valid floating point value
'%s' is not a valid date and time
'%s' is not a valid GUID value
Invalid argument to time encode
Invalid argument to date encode
Out of memory
I/O error %d
File not found
Invalid filename
Too many open files
File access denied
Read beyond end of file
Disk full
Invalid numeric input
Division by zero

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 4.0.0.0
ProductVersion 4.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
Comments Remote Service Application
CompanyName Microsoft Corp.
FileDescription Remote Service Application
FileVersion (#2) 1, 0, 0, 1
InternalName MSRSAAPP
LegalCopyright Copyright (C) 1999
OriginalFilename MSRSAAP.EXE
ProductName Remote Service Application
ProductVersion (#2) 4, 0, 0, 0
Resource LangID French - France

TLS Callbacks

StartAddressOfRawData 0x4a2000
EndAddressOfRawData 0x4a2038
AddressOfIndex 0x4917b8
AddressOfCallbacks 0x4a3010
SizeOfZeroFill 0
Characteristics IMAGE_SCN_TYPE_REG
Callbacks (EMPTY)

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0! [*] Warning: Section .tls has a size of 0!
<-- -->