Manalyze report for 931b8a9eeb9ca685ac5fb7d9ca2f0c28

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2016-May-30 13:27:22
Detected languages	English - United States
Comments	KeePass Password Safe
CompanyName	Dominik Reichl
FileDescription	KeePass
FileVersion	`2.37.0.0`
InternalName	KeePass.exe
LegalCopyright	Copyright © 2003-2017 Dominik Reichl
OriginalFilename	KeePass.exe
ProductName	KeePass
ProductVersion	`2.37.0.0`
Assembly Version	2.37.0.18738

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++` `Microsoft Visual C++ v6.0`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains obfuscated function names: 4e 6d 63 66 4e 6b 60 70 63 70 7b`
Suspicious	The PE contains functions most legitimate programs don't use.	`Manipulates other processes: ReadProcessMemory`
Suspicious	The PE is possibly a dropper.	`Resource 8 is possibly compressed or encrypted.` `Resource 9 is possibly compressed or encrypted.` `Resource 10 is possibly compressed or encrypted.` `Resource 11 is possibly compressed or encrypted.` `Resource 12 is possibly compressed or encrypted.` `Resource 13 is possibly compressed or encrypted.` `Resource 14 is possibly compressed or encrypted.` `Resource 15 is possibly compressed or encrypted.` `Resource 16 is possibly compressed or encrypted.` `Resource 17 is possibly compressed or encrypted.` `Resource 18 is possibly compressed or encrypted.` `Resource 19 is possibly compressed or encrypted.` `Resources amount for 99.0804% of the executable.`
Malicious	VirusTotal score: 51/71 (Scanned on 2019-04-22 22:08:12)	`MicroWorld-eScan: Gen:Variant.Zusy.293235` `CAT-QuickHeal: Trojan.Mauvaise.SL1` `McAfee: GenericRXFX-BV!931B8A9EEB9C` `Cylance: Unsafe` `Zillya: Downloader.Upatre.Win32.66666` `BitDefender: Gen:Variant.Zusy.293235` `K7GW: Trojan ( 004f12cd1 )` `K7AntiVirus: Trojan ( 004f12cd1 )` `Arcabit: Trojan.Zusy.D47973` `Paloalto: generic.ml` `Kaspersky: Trojan-Downloader.Win32.Upatre.guit` `NANO-Antivirus: Trojan.Win32.Attack.elxloz` `ViRobot: Trojan.Win32.Agent.286208.N` `Avast: Win32:Malware-gen` `Tencent: Win32.Trojan-downloader.Upatre.Hqbj` `Endgame: malicious (high confidence)` `Sophos: Mal/Generic-S` `Comodo: Malware@#2pnoavg6aw6f6` `F-Secure: Heuristic.HEUR/AGEN.1024226` `DrWeb: DDoS.Attack.349` `VIPRE: Trojan.Win32.Generic!BT` `Invincea: heuristic` `McAfee-GW-Edition: GenericRXFX-BV!931B8A9EEB9C` `Trapmine: malicious.moderate.ml.score` `FireEye: Generic.mg.931b8a9eeb9ca685` `Emsisoft: Gen:Variant.Zusy.293235 (B)` `Jiangmin: Trojan.Selfdel.cdw` `Webroot: W32.Trojan.Gen` `Avira: HEUR/AGEN.1024226` `MAX: malware (ai score=99)` `Antiy-AVL: Trojan/Win32.SGeneric` `Microsoft: Trojan:Win32/Tiggre!rfn` `AegisLab: Trojan.Win32.Generic.lwox` `ZoneAlarm: Trojan-Downloader.Win32.Upatre.guit` `GData: Win32.Trojan-Dropper.Crypt.O` `AhnLab-V3: Trojan/Win32.Agent.R195054` `Acronis: suspicious` `VBA32: Backdoor.Androm` `ALYac: Gen:Variant.Zusy.293235` `Ad-Aware: Gen:Variant.Zusy.293235` `ESET-NOD32: a variant of Win32/Injector.CZMZ` `Rising: Backdoor.Zegost!8.177 (CLOUD)` `Yandex: Trojan.DL.Upatre!` `Ikarus: Trojan.Win32.Injector` `Fortinet: W32/Injector.CZMZ!tr` `MaxSecure: Trojan.Malware.12163317.susgen` `AVG: Win32:Malware-gen` `Cybereason: malicious.eeb9ca` `Panda: Trj/CI.A` `CrowdStrike: win/malicious_confidence_60% (D)` `Qihoo-360: Win32/Trojan.5fc`

Hashes

MD5	`931b8a9eeb9ca685ac5fb7d9ca2f0c28`
SHA1	`cd53eac1f145016df639ca73b65f9ed7bcebcb1e`
SHA256	`28ef8c4e0bea0efab0fa751105b2ee4927c99fae4b4726252ef47e801686fa06`
SHA3	`73799e95174f2dc2fe2dde4a01f9a422dfbb0f6ec42bdc4ab859cb7f49135686`
SSDeep	`24576:W0udVX6Ya7AUg8USDUzqVjfclM/DKoGrDgeY6t31:NIV6cU/0EjfTGr1t31`
Imports Hash	`a4ea1f6c9df4c137af80e2f26749ac68`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2016-May-30 13:27:22
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x1e00`
SizeOfInitializedData	`0x160e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00002B22 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x3000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x166000`
SizeOfHeaders	`0x400`
Checksum	`0x168d12`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`ad589b440dffcc597bb94c733e9c3076`
SHA1	`55f7da6505918404430d5d7f4539e156a73f91e1`
SHA256	`d12509c988ade38b3e22a7d615b6e004f923f6ca0a90c5a96afca931a3c5d1ec`
SHA3	`fa79bc6f469ddcdc759901983799d045322b21f5882373aca64aeaadf5dc5cc5`
VirtualSize	`0x1cc0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.8022`

.rdata

MD5	`1d5dabd41fc0faf231b2180156728fc1`
SHA1	`7e1d36ad6465bfe5ce37d42cab8f2f695b27d37a`
SHA256	`0fc6f2cf44a7ec2dcdd5fa40487edb8d56a6880a67c64f472768ada9e951234c`
SHA3	`db187062cef8e93b376483f45c3fe2cf05482ff3591bca585a153a24ff275ca1`
VirtualSize	`0x3b8`
VirtualAddress	`0x3000`
SizeOfRawData	`0x400`
PointerToRawData	`0x2200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.55403`

.data

MD5	`9fe53c498ed3a69545c5b24d85bdfd6f`
SHA1	`109fe4a2d4f7cb0d144edf50856a9ffa1d778e55`
SHA256	`8fb6fb7736ae3222b97b20b833d279f26d9357d7dd2acba3355b06305f017862`
SHA3	`554dc2a2fa617af78c0fa61ec332fe8c383899989f5508dd2c57a01af511412b`
VirtualSize	`0x2a4`
VirtualAddress	`0x4000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.16248`

.rsrc

MD5	`a0dd39b0d9fb7a852b448f485d3c7276`
SHA1	`e4772ad16f8a6f4c8095737ac7bd4fb93558b2df`
SHA256	`cf6d1501337ce12f6701c3d8f8d1dd71161dd514be917e1ae450e7fc4e270148`
SHA3	`6d1bcd15de046598668aa918238b0382836e9e36c0f727cd481bd22e037fafa0`
VirtualSize	`0x160684`
VirtualAddress	`0x5000`
SizeOfRawData	`0x160800`
PointerToRawData	`0x2800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.8079`

Imports

KERNEL32.dll	`GetProcAddress` `GetModuleHandleA` `lstrcatA` `lstrcpyA` `VirtualFree` `VirtualAlloc` `lstrcmpA` `Sleep` `GetTickCount` `GetCurrentProcess` `ReadProcessMemory` `GetStartupInfoA`
USER32.dll	`wsprintfA`
MSVCRT.dll	`strlen` `strtok` `strstr` `atoi` `??3@YAXPAX@Z` `memset` `??2@YAPAXI@Z` `strcmp` `getenv` `memcpy` `_exit` `_XcptFilter` `exit` `_acmdln` `__getmainargs` `_initterm` `__setusermatherr` `_adjust_fdiv` `__p__commode` `__p__fmode` `__set_app_type` `_except_handler3` `_controlfp` `_itoa`

Delayed Imports

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.10839`
MD5	`bc4d982e21acae3ec3baa68ce4385fd4`
SHA1	`512a8632e033243e9a2306d30c434c75ce0da9c8`
SHA256	`caa551eca3f40f1d15c0a2c21c6b700865a8c9854ceec7228cab511c58dbde4f`
SHA3	`cdece8f23fb697769d83715f550ca1a0c1c3be2779dfb0262e2e3ba2596f00cd`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.75074`
MD5	`a3cc58169c0497c238756cfe4a78f984`
SHA1	`4af2d9ff84bab3e49b843d39ffdbad99d2d7aa9c`
SHA256	`7b5c3afaa48ca79d22d72f6a543f7886cdaf671f7e7003d266cd2cc6cfa299b4`
SHA3	`2bd27cdb7e870c87afd6be54ddee9d30113badd76c4c7913d5305e7b9f5d358d`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.77375`
MD5	`5a02ec9d2c2c8049e0e10131d86f71fd`
SHA1	`56a9e35f43fcfa8c8289e7117a42c5d9351fae62`
SHA256	`90421e0dd7a17131560bb248a06155a1d7afa687bb030218488d7d2054e2be6b`
SHA3	`e9c496a1cd6e1fd579861cbae91247873d65ead50262dfc8c51d7ed3f7ea493d`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.25579`
MD5	`6252e8576b25b47aa13265eec93a15c0`
SHA1	`d5cbc23fdec6c4a02b135392e0690d7402c8bb58`
SHA256	`36d80014c41e62e911ef47e1c30a3e9843eef5e779b378d8c27e109fec05146e`
SHA3	`24f7121d9794b66b3330131dc0e30115c1102e9b5372787acc034fba972f8107`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.7266`
MD5	`48decc4040c45f652b5309eef33bb183`
SHA1	`01cfa22e6ca77831aaad56c31564e9be2b5b61ec`
SHA256	`559e26a42e684c829d72f2bd029bb3bcfba4aaf04666bfa46bcf476a825a3e8f`
SHA3	`eaec9f9510b4c297096f488a62e435ff8538394a74228ed97c9c03f3b815e6cc`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4dab`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.95283`
Detected Filetype	PNG graphic file
MD5	`cb48944fbdfc1d37613dbb3677233ee3`
SHA1	`d40d3ad653a9b4ae3888b821d83f9b99d49d89b1`
SHA256	`c8efdbc84f5a0dc0d606671f0611e929d89613db68047f98e50911fc40e49aaa`
SHA3	`1500ba65cd89c3174c52743da3a4fd8c2cffa46a9b201cf1134eae68e33af1be`

8

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.65575`
MD5	`f93e0ef2608ff40127a42bddc8a8206a`
SHA1	`857279c4739c77f31c254cc1db54d2ecda430b10`
SHA256	`6bf60ab32bb32b2047dbeb0f1e5d49fee8a9e6902d397add1622bdf617364836`
SHA3	`a60c1d1e2c58f074f2b962a71916d83e2043cf5ee98e13d58b2cb83b54cf8743`

9

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.83026`
MD5	`ed1cc69ef6301adefd5541e4eb5bde33`
SHA1	`71af794b2b6ac8cf66cb4523bd6dd9ef0788ec1d`
SHA256	`d74452758cbf685c54503f75bc73b44845aaf41d670f81da458eee5a95327feb`
SHA3	`de0c83aecd9adc2f686f20c04a69b3b69154e9bac0e9969cefb1ab50a0c4c49b`

10

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.21791`
MD5	`71650038bda1490027a83fc665b48618`
SHA1	`2365e1e111fd07212ac69f4f249a18476631d305`
SHA256	`d573a7593f83cf94cc3e20e5bc4be6dd6b3b077708826bcbd78f15c2141f7c91`
SHA3	`95a125f91e8880321fdd2b4f050ecf873dbb120833437c7b30d1799b36e293f7`

11

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.18537`
MD5	`ed3eddc0b5a55f15e5e1b5ecd1a2aed8`
SHA1	`2c946eadb2cc291155392a85b65cae547d4b585e`
SHA256	`615fa06e4f9d3fb0cc6360b7edb00ad3d1aa88ac1e08706a2a08645286b3482e`
SHA3	`94076f74fbcc3fbb020b668b5fbed6da00d01361c6aa4c268f19b415299d04c0`

12

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x6b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.40695`
MD5	`e166d5adef30deb52e71a0d70a38d8e7`
SHA1	`54a57e1811bd76004f51e12fa659f935c0c12fb4`
SHA256	`7f29f1b1089b0570822aa2a0cb498445f151486011c3abb4dbd287cb944e2f29`
SHA3	`94afda39e676d0c756881b6a74d929e2e83dc220e8b1addf916aff997b3f85dd`

13

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.59555`
MD5	`69a51d8dfb869b4d19a52906373edb2e`
SHA1	`f78bfdfa151d0d5a9bef2753c6980a251980b542`
SHA256	`422b2caaa2a62ee2030f3ddaf1aac3fb654de2991e3e6e62d62947098464f882`
SHA3	`b11070cb3afe17d7c260de39e6a4f5fa346431aab78ee9e9db20b0ac1fbf906e`

32512

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xae`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.10974`
Detected Filetype	Icon file
MD5	`40932c4de49e9ffc179386ab07ef5c76`
SHA1	`a3feb4d7747496aaf38031c928023930fabc271d`
SHA256	`b1a490635a447285bd0cd7438a819b8ef8abb306c94395371b8edd31166f42e4`
SHA3	`266c2a9be0401954d92840fe6ae4288b147e8be2cf05962713f158986dd2ea40`

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x6c4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.03066`
MD5	`534f8b22e653831d2b8b490f1fe58eb6`
SHA1	`2560c08614dfa91b5d0adeb88f1630049d16964a`
SHA256	`44e8b6b9432dee84119b00025f92a85dcb6285ed91e99cee454dce4e8d341d2e`
SHA3	`118cb2ab80b8fcc4c0a46ab132c082d746a0d390070c94a14796817fc08e9b75`

1 (#2)

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.54356`
MD5	`b77b332ad93f8a8acb8786dbfb389798`
SHA1	`9b756530c275c6f1fa603b6c737716cf3bcd4b66`
SHA256	`259d4a6a2569789b74fcba5ecb5ff9d20059132a116512c46e790a994cabf81f`
SHA3	`6da02b4d96e642b559128ad8ad153dfcd1862a3ad8583f8444ef44de9076a68e`

2 (#2)

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x11`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.96982`
MD5	`d9526c50cc59cdae933f3df6590d2032`
SHA1	`7f1d0eae9648907f43141a2906e850630b346650`
SHA256	`8b218eee416fe6c14113ba0ae5212e3faf39205eb67be2a9a29e12fdb2437e84`
SHA3	`aa59cd25c2e94b1dbe3cf9bb14257ba5cea6c1426f3d8a750cc159273c742435`

3 (#2)

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x4e4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.22051`
MD5	`c7ab972912fa8e01bdc23f869a012de4`
SHA1	`cc21d911d3abca9346067afcfa9212f4974be4c6`
SHA256	`7aba2a71219493b3a8a9212ccc946d95579ff853495ebacbf025aa2ba1b58f57`
SHA3	`45a7c0c711729139f40189880fe4df40cb958e7a6f4f31158a0baf3de6a4c48a`

1 (#3)

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x9`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.89106`
MD5	`d9d75aca8f61fc8db5a145621ec04762`
SHA1	`3e9b7077a5a808925e4af27daf68b3c1d7bb28fc`
SHA256	`06ca648d7a2af4b8d5f1c830b144e7438563fd33b339a74e70a74d4e63edc21d`
SHA3	`86c083f7614bc335e2252358b2d5a25727062d374a539754f048d209eb81414f`

2 (#3)

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x12`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41938`
MD5	`3a9a264408cfdc00d7e0c61eb45faab2`
SHA1	`b641be525aa7c56a11598c6e7c7fbc230b85fe62`
SHA256	`b9006d55486c0184255f0dc534e88a4324b295beafee577eb16b215ee2deb010`
SHA3	`25cfd88e89a79665e9e2899f182ca9429d4ae499bc5f8e7e6f5e35def31ed34a`

3 (#3)

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.75`
MD5	`3b106c447d20b1dbb8cd7895abb058e1`
SHA1	`4033f7208c7551b7500e64565f7dd0687f82f4f9`
SHA256	`e6c179a8ebd5c091d0675e0e1861fa2a9b63b9bf16d3d93a2c55057218f5a3a4`
SHA3	`2c8c87d6d8d8ce2f23346a197f63030e1edcc30a3ca83126b6863c940a6a6ef4`

5 (#2)

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x11`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.96982`
MD5	`e9b9e6e11fc939e5baff0e4327b0767f`
SHA1	`58549e46f1dfcbce7c2967e8b38b44ba9c61f968`
SHA256	`eb43bdb814a7c7b2d8b6d1fec68119642fe63d3821ccdbd630a63eb1c9ae30f0`
SHA3	`b928176d2f9d3d3825daa2eaffe8270ff03c3ab795658cad96de9e8c9251b722`

6 (#2)

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x11`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.85217`
MD5	`c628fe6697984b9d2e4c5838bce3dcab`
SHA1	`aa83610a091833bc20bfce186517a64a3c32c6de`
SHA256	`f1fed28d3f977fe1fd394746cee12a85eff713cd47f9ce1c42936b2333bb16ae`
SHA3	`997f0b2a501da02514e4d3c9bd13eaa4de2c39d45703e25e1d59f8cbc05ddc00`

7 (#2)

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`93b885adfe0da089cdf634904fd59f71`
SHA1	`5ba93c9db0cff93f52b521d7420e43f6eda2784f`
SHA256	`6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d`
SHA3	`5d53469f20fef4f8eab52b88044ede69c77a6a68a60728609fc4a65ff531e7d0`

8 (#2)

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1bbc4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.70258`
MD5	`b0996b4a5ad388091ae1caa262bef045`
SHA1	`553834d0cc0efb1cc6ed3f018811afa306b90f56`
SHA256	`966861e7850aba1811fcaf593acb3b04b2a8f8c606b44742730a921f673efe31`
SHA3	`b8dd1a7c66827aa5f5e855b0d630fe338527792b9c4f54d0f9e936d90d700a5f`

9 (#2)

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1bbc4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.68859`
MD5	`12a099c351aa2fe8dabf8d745c44e415`
SHA1	`e3d86da517866a95e9e913355bea2f5a711dfd3d`
SHA256	`b968e97412b216a00724b728f332388c664aabb722b1a33e3a53e5201acd7ad7`
SHA3	`d7fb037f05807c48c74828627d3a794f070a599432e275b0f5d4b36cde8908b0`

10 (#2)

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1bbc4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.43466`
MD5	`fcae1a9eee74526735dbfc2469320c2b`
SHA1	`62346f1d92aa1ed53f0241099fbdcf17849595ef`
SHA256	`7191c81e3fb84ef42cb74d08cd121f23ff51ab86dd02ed08dd50007f1722dea8`
SHA3	`96e89c75af8416746870682174ab3dcdb8ae09763deb66265cf0b53d3c586ae3`

11 (#2)

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1bbc4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.1511`
MD5	`65b35ded4e8fe177575887425462e32f`
SHA1	`0a9b752c8380da70b627ef48c322517d0a18894f`
SHA256	`0d6710b335faec5743c839dbaef688ee9d26dbb1fca16d455af80bc088aabc88`
SHA3	`0b8af24b8a90b9442518aed10a3addb76def3ba1a53cb5091286f633c0f032fa`

12 (#2)

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1bbc4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.78922`
MD5	`717dd1de511011d1202d3dccdc3ff58f`
SHA1	`b4c1699dec126bc0948d20f4b6ccfde6c346b96f`
SHA256	`81b605bd2316292cd20aef8fb81c262ac820cfd72e57ed43a3c7adb93fd9fda2`
SHA3	`b10a6581782b6e69cf31b1e008f314b0a2d1d10f3a803396a8dcdd992c8db3ea`

13 (#2)

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1bbc4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.50973`
MD5	`f69c23d27011f78ead959e362bd53bd0`
SHA1	`0a9f79a1198ea52c18ee7317e9a0d908b98cad53`
SHA256	`9d4948f1eb2ad0f918298a29f04e39f78f19d9b13a7d86ee5e5af8d985ccacf2`
SHA3	`a82f5f8db168bb78ee36504deddf9fc6e2063cc12f48e2d8db5e3b314737e590`

14

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1bbc4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.65796`
MD5	`6154753a68649539550a9e5ef691767a`
SHA1	`42391ff48270b3c4a15c219e80557c26767ca833`
SHA256	`629c26a9ef2a68cfcef92534604d6114c0eecefdd49768ff7a7afe16007d377a`
SHA3	`03a1525ad305d890033903c5cdaea0256d382da432a04a6a7bd7996c570b4f9f`

15

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1bbc4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.73262`
MD5	`bc5991553b5840ec596c92468fd6ab81`
SHA1	`b5ee129c5c8c42e7ab62377a0276fbdb9971966f`
SHA256	`e12424f97129e9dc32b3bb4aed8d449c99876506adc0ad53f6a77d0cf528d597`
SHA3	`6b244f62f9039b450fb6c2e42386d8c99107ca6670f96060b2e987d25fe0d8de`

16

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1bbc4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.38368`
MD5	`2ced354bd28401417ce5d1359d89ad98`
SHA1	`f6068b1a01fbdf8e1b25085c4ddf0e2cdaebe280`
SHA256	`117f03f3703cbe3d76a64bc22f15efac2549bc68171ea125c556ecccd7f4cf26`
SHA3	`08951a0a06aeaf7a5185189e31cd8953997f217811b174976a0f34f34dd33fc1`

17

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1bbc4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.69794`
MD5	`20072628abe95e9ca6bd32823376c80c`
SHA1	`a3d10b4223a9faffe73e737f71e2db3e232e126e`
SHA256	`8bc4397f7999261e41cc4df421c55188c7abeb11a04034313de40a49bfd46419`
SHA3	`f1d2625cb771385dce9e0f09c8b67559cdc5aa87c755288df78c8c4e064d1ad5`

18

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1bbc4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.51589`
MD5	`40d25d4592764bb49bd8e82ddba771cb`
SHA1	`b1a994e9185cc21af9b0ffd9a1a1a81871ba0d84`
SHA256	`15298f65b6dd4395b82f867d49351724269b864e8ed46ee5fe46dfbd35390435`
SHA3	`338f6f88051c2d7100b85ecb9be4e9063dd7c4b92799c7a4e70068e34543dcce`

19

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1bbc4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.28134`
MD5	`0cb0354ab405cc392750239cf0c36b7d`
SHA1	`34644b82860a49c6d53db1f57e2bcaec3c022ef4`
SHA256	`1ef988ddb5310d9bffcc603a58d623efdb92942f8bd6758170372d4a239d7be8`
SHA3	`1ff7a1e612ba61fd535d08d890b5d6137e1a6348840ff3662fa02940539a5352`

1 (#4)

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x9`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.89106`
MD5	`d9d75aca8f61fc8db5a145621ec04762`
SHA1	`3e9b7077a5a808925e4af27daf68b3c1d7bb28fc`
SHA256	`06ca648d7a2af4b8d5f1c830b144e7438563fd33b339a74e70a74d4e63edc21d`
SHA3	`86c083f7614bc335e2252358b2d5a25727062d374a539754f048d209eb81414f`

2 (#4)

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.88418`
MD5	`50b099d67f9272c644535acba172858b`
SHA1	`af70298028df2b5a850c69e4eaeb3fe651f97da8`
SHA256	`38ab0218009399ec5dbd1a048c3ae56d997e19c25065b9b8fca6dfa693168458`
SHA3	`48f44140eb244fb687888adbbd1bb51787178e2a021297ac219e6026eb20da70`

3 (#4)

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x5`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.32193`
MD5	`046552032a22153c8a7712d36650bac6`
SHA1	`e6b6658316c72eefc9304728f9a5bf7555a43513`
SHA256	`57ee7e393b6d1503bac67e4b6a5a80bb3799f3f6b24c621c98823870278442d9`
SHA3	`fbbd6be3d280a899e45e29d0f623371f124cb75b932e00ca38859dea97164a14`

5 (#3)

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x11`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.73452`
MD5	`d0dabb002033062a5c8952f0bf34193f`
SHA1	`e5a7f4bfffb2414ffdcae6a9653e0c8884f10a89`
SHA256	`321750d273881098c0e010ee940878b8aa866487dbceb2769496b04650b758fb`
SHA3	`8ce8166e617206378a19b62aebb7f03b51bb0280430ebf981d59e3af8087ea88`

6 (#3)

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x11`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.69012`
MD5	`3e35ee35ce3f3655159f41af89dbfadc`
SHA1	`85c7c850fe58139b1a581b8a4908ee1a98f44dbf`
SHA256	`b395063062fe60765d421a4354d0de98dc2f799a0e21982b6473f43328b1b1b2`
SHA3	`e6ac8c8386f99972365a2bd45b6f392fc7e42416c3666cdb7f1522bed4bb2acb`

7 (#3)

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`93b885adfe0da089cdf634904fd59f71`
SHA1	`5ba93c9db0cff93f52b521d7420e43f6eda2784f`
SHA256	`6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d`
SHA3	`5d53469f20fef4f8eab52b88044ede69c77a6a68a60728609fc4a65ff531e7d0`

8 (#3)

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x32b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.52423`
MD5	`28051dce436084236d96a87bc03709bb`
SHA1	`0a8151a913f1be654a877d343004319d3822aeb5`
SHA256	`c55b86b73253718c68cf3510c53eb1ee97cd53793616d408a0c8003475f4fd42`
SHA3	`660791bb87e2a19f231b96d5c08c5ae920165757ca5c57dd92729deb3702d197`

9 (#3)

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x32b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.01611`
MD5	`d3510ebd2c523f6a095421645fd18ea2`
SHA1	`147242fa83db9d0c152796e816af139df3b6babd`
SHA256	`88edff1f48cb3aa11719b60cc191643b0f9fdf5d2f01906f8773316cf6f2d314`
SHA3	`d2b3bc240aa571dd7c608fff17b6edbc999112d13c3487818088c11761ad4e4c`

10 (#3)

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x32b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.39566`
MD5	`f2782a545a804e18865d9b6a3395b9af`
SHA1	`a4e50d4d32f9a87b0d52d1b3b63e9cb80e2dfbc8`
SHA256	`b61374d009017f9f106b015ae5c3386795487fd7d065d571621c4d853317e9ad`
SHA3	`8bf2e021ca122b1e95c033f3ba179fedab149b44c3556d53f1b9b664870214a9`

11 (#3)

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x32b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.485`
MD5	`b2b60a06e55c76fcaf4f018b8e39e07f`
SHA1	`f814be820dcc946d01e273c8f5ad03a99cb49c33`
SHA256	`8a369563adbd9c85066029c91de075ccdbc546c3c22610b4195369658ff4a7ae`
SHA3	`07798e915c844011942a6bd1c87d90a94dfa34892336b14923370f8f624c0243`

12 (#3)

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x32b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.26959`
MD5	`1308d23fe1946b48845901046d421553`
SHA1	`44bca6757ea25bd59eefba6165fc6e9a4944b96e`
SHA256	`b2c49a4fe94a18c8155e17dafac3337e6687b89fcc8921a0adf613faf4955116`
SHA3	`a66d46b42cd1b365aa7f63932d261e72a5ac4ddfdb63448df19a48d1a58afab9`

13 (#3)

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x32b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.13489`
MD5	`52a706659ab1ec620d8965df01bdfa0b`
SHA1	`cd88e2526580583d0602ba7db71954b9acb012f1`
SHA256	`4494019e9ba96df5902116ed0273fb30104b5c51d92efe7033c3504adbc5ac47`
SHA3	`e7d86e735ae0b833f4f1c7c0df2bf03b16a615fe0cd82421a2b03dc22b99f107`

14 (#2)

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x32b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.17868`
MD5	`3d243479857f19dc78adabfb517d21b0`
SHA1	`a1e1aecd890b3a0f807c636e07a665a35105dda4`
SHA256	`cc5e7e4eaee408f47d9a7b778247d3185986d0aaebdee351f88cff3530cd8fc5`
SHA3	`a047abd7474c2290c92c6736780c84d42bc8bf00be18f3685986e542d81fe25f`

15 (#2)

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x32b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.67225`
MD5	`c952510a82adb9998ae85f345691784b`
SHA1	`ca49100b810ce86bd90d86f4e3da6847c9a16cd4`
SHA256	`04a4c33ceb3022b108b488b992061354b09ba2a85ab228f3be530b47c8843e6e`
SHA3	`5530ba09891f2daa54edef22137f5ab2869d072c11203b169240365ce056b150`

16 (#2)

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x32b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.5274`
MD5	`6175ac68f507e951de4868a2e7820d3b`
SHA1	`b88bfe19c5aa7eee5312cb5e106655f182f06122`
SHA256	`d88aca1fb3fcc5ab24b3998f8afdfd370f04bbaa65652bd974125264ea282812`
SHA3	`f859934e1176af44b0aa1b1a1bdc6a821ee117177586b4574946c3bc799b8bcb`

17 (#2)

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x32b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.76787`
MD5	`bb0296f50ebf751206c37e3226958b0a`
SHA1	`ce4324fd67387d6435a0808e23553e2d287fca6b`
SHA256	`9fc9aeccd72a203dec4b027de0e29736b6eab0e1a55d428d9371024c658ec011`
SHA3	`ba037039a002cd0f9c6a83b7eafb16150bd0fe0465ec91367e8655f7bd1c8179`

18 (#2)

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x32b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.07468`
MD5	`c0858a943daa9e0431cf93df7b9246c0`
SHA1	`bb15ecc17c82cbe2e1ea48e3e631fbd870074885`
SHA256	`f531c35b0ea2602c17b86ef944c66845259bd543e2999bb7de3f14bf1e752af4`
SHA3	`aad5b2dd861b2850978838c44a91df853863a3d6dbfe7c18ccb25fc53031dc6a`

19 (#2)

Type	`UNKNOWN`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x327`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.06809`
MD5	`ec9a351999aa193700b6928aa57f725a`
SHA1	`e0966741efe3f9b9e295732f613e34d3131df350`
SHA256	`63381e80fef2354eb3f530a3af3054b5fba19cada09d17cb6f0a136a56e03d0f`
SHA3	`a9fa8491ad0c8bf7e340382acf621a195bc1fe3c8c90f9c3b0cf003bb9467015`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2.37.0.0
ProductVersion	2.37.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	KeePass Password Safe
CompanyName	Dominik Reichl
FileDescription	KeePass
FileVersion (#2)	2.37.0.0
InternalName	KeePass.exe
LegalCopyright	Copyright © 2003-2017 Dominik Reichl
OriginalFilename	KeePass.exe
ProductName	KeePass
ProductVersion (#2)	2.37.0.0
Assembly Version	2.37.0.18738

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xdc8d91cd`
Unmarked objects	`0`
12 (7291)	`1`
C objects (VS98 build 8168)	`11`
14 (7299)	`1`
Linker (VS98 build 8168)	`2`
19 (8034)	`5`
Total imports	`39`
C++ objects (VS98 build 8168)	`1`

Errors