Manalyze report for 93355605502c665af6ff8bd4552f8be7bffa120a9edde22c6a31e6e676b1c634

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2011-Apr-06 21:41:06
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 7.1` `Microsoft Visual C++ 6.0 - 8.0` `MASM/TASM - sig2(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: CurrentVersion\Run` `Contains domain names: adobe.com google.com http://www.google.com screentime.com www.adobe.com www.google.com www.screentime.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to Blowfish`
Suspicious	The PE is possibly packed.	`Unusual section name found: mProject`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowW` `Code injection capabilities: WriteProcessMemory VirtualAllocEx OpenProcess VirtualAlloc` `Code injection capabilities (PowerLoader): FindWindowW GetWindowLongA` `Can access the registry: RegDeleteValueA RegSetValueExW RegCloseKey RegSetValueExA RegOpenKeyExA RegQueryValueExA RegCreateKeyExA RegCreateKeyExW RegDeleteKeyA RegDeleteKeyW RegOpenKeyExW RegDeleteValueW RegQueryValueExW RegEnumKeyA RegEnumKeyW RegEnumValueA RegEnumValueW RegQueryInfoKeyA RegQueryInfoKeyW` `Possibly launches other programs: ShellExecuteW ShellExecuteA` `Can create temporary files: CreateFileW CreateFileA GetTempPathA GetTempPathW` `Memory manipulation functions often used by packers: VirtualProtect VirtualAllocEx VirtualAlloc` `Has Internet access capabilities: InternetCloseHandle InternetQueryOptionA InternetReadFileExA InternetOpenA InternetOpenUrlA InternetOpenUrlW InternetConnectA InternetGetLastResponseInfoA InternetFindNextFileA` `Leverages the raw socket API to access the Internet: WSAStartup WSACleanup gethostbyname` `Manipulates other processes: WriteProcessMemory OpenProcess Process32NextW Process32FirstW` `Can take screenshots: GetDC FindWindowW CreateCompatibleDC` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	The file contains overlay data.	`407859 bytes of data starting at offset 0xc3c00.` `The overlay data has an entropy of 7.98462 and is possibly compressed or encrypted.`
Safe	VirusTotal score: 0/42 (Scanned on 2012-04-29 20:04:32)	`All the AVs think this file is safe.`

Hashes

MD5	`436e55dfa2628e6dfc217ed4d8f48bff`
SHA1	`a6caf0a02330ef1d7c6a67cd6c591d55970deddf`
SHA256	`93355605502c665af6ff8bd4552f8be7bffa120a9edde22c6a31e6e676b1c634`
SHA3	`ceb32b95871f4b49e2cc42b2db492389a16489d29672dfcb7b9061c8ebe108d7`
SSDeep	`24576:lhUBoSbNy3vSLTu+6vXeXSBYgOa523WzSURSGKU+CSLpEocF:eoS5M6TpyOiBYmwG7jl+CiYF`
Imports Hash	`50a074483e7ffa2f30bc95435451307c`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2011-Apr-06 21:41:06
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`7.0`
SizeOfCode	`0x40600`
SizeOfInitializedData	`0x5c200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00037699 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x42000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xcd000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`db9b7be1c437d6978b1c9684485d9035`
SHA1	`ab6da1adc8aabf88dcbdcd334a0df0c4043ee35a`
SHA256	`98ef88685c7f0fac0fbc84e3d988fec4ecd45b7aec9ac1e6c32f66d61c91a3df`
SHA3	`49af9edbf11f31bbacbc9c1f6e30424b4a6ea8eed32a103cb564245c117bfb0d`
VirtualSize	`0x4040f`
VirtualAddress	`0x1000`
SizeOfRawData	`0x40600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.22847`

.rdata

MD5	`e2d7b958c478f5555f100f8597485081`
SHA1	`fc4a84de7fb0c9599f785dd1ca1f60a91957029d`
SHA256	`0a374bc7be26cad4bac7a0707baa064f0f0f3733189a809113652081cd54fda0`
SHA3	`095a1ae306ad7b3f8886951a7da0148c3d31a4c250a39ade34d1a0520a07dbc9`
VirtualSize	`0x1560a`
VirtualAddress	`0x42000`
SizeOfRawData	`0x15800`
PointerToRawData	`0x40a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.95681`

.data

MD5	`4f7253bc1a2869af5c0977029d919b7d`
SHA1	`a0ad226f9b015fb8eb257193151f29d879fd05f9`
SHA256	`da4e486ad0edf6af702f39e78a5d666d3ba519fe102f50937889c3ece5d395a9`
SHA3	`7c0fc574b9a4a787478b55a3720993aa98753d27cb357a5d7036b77a573758cd`
VirtualSize	`0x2f6b8`
VirtualAddress	`0x58000`
SizeOfRawData	`0x29e00`
PointerToRawData	`0x56200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.81334`

mProject

MD5	`35f6ca496f7939de84a2fbb40327aa35`
SHA1	`b2ae8d6eeed7fc29b7b529a4c16403cbe73c4f8c`
SHA256	`7df691c7aa8c335270b06fbdf2a80be1d73c70f176a5ea4e5d5d0c7705ccf0bb`
SHA3	`af100b220f63a4cb8da4405326359a9190b9482c8122ac3c77600dea38917e83`
VirtualSize	`0x808`
VirtualAddress	`0x88000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x80000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.016818`

.rsrc

MD5	`9ea901bdec45947b78fbde6a55961ee1`
SHA1	`9e6a997011c5550ffb7f6b4f3a7d0fed3e652bed`
SHA256	`809a65fe8bfa3c13086b35cf165777b4fd725973dad25e410b54f93165f94db3`
SHA3	`f64f38303b056abe05e65fb1c6d4aea3498fa7a71c18b69c2708f27945454157`
VirtualSize	`0x431ec`
VirtualAddress	`0x89000`
SizeOfRawData	`0x43200`
PointerToRawData	`0x80a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.08622`

Imports

urlmon.dll	`CreateURLMoniker` `CreateURLMonikerEx`
VERSION.dll	`GetFileVersionInfoW` `GetFileVersionInfoSizeW` `VerQueryValueA`
WININET.dll	`InternetCloseHandle` `InternetQueryOptionA` `HttpQueryInfoA` `InternetReadFileExA` `InternetOpenA` `InternetOpenUrlA` `InternetOpenUrlW` `InternetConnectA` `InternetGetLastResponseInfoA` `FtpGetFileA` `FtpPutFileA` `FtpDeleteFileA` `FtpRenameFileA` `FtpCreateDirectoryA` `FtpRemoveDirectoryA` `FtpSetCurrentDirectoryA` `FtpGetCurrentDirectoryA` `InternetFindNextFileA` `FtpFindFirstFileA`
RPCRT4.dll	`RpcStringFreeA` `UuidCreate` `UuidToStringA`
WS2_32.dll	`WSAStartup` `WSACleanup` `gethostbyname`
KERNEL32.dll	`UnmapViewOfFile` `CloseHandle` `WriteFile` `GetFileSize` `MapViewOfFile` `CreateFileMappingA` `CreateFileW` `GetProcAddress` `LoadLibraryA` `GetProcessTimes` `GetCurrentProcess` `InterlockedDecrement` `InterlockedIncrement` `GetModuleFileNameW` `CreateFileA` `GetTickCount` `InitializeCriticalSection` `FreeLibrary` `LoadLibraryW` `GetTempPathA` `GetTempPathW` `GetModuleFileNameA` `GetCommandLineW` `GlobalFree` `GetVersionExA` `GlobalSize` `DeleteFileA` `DeleteFileW` `ReadFile` `SetCurrentDirectoryW` `VirtualProtect` `GetCurrentThreadId` `MultiByteToWideChar` `WideCharToMultiByte` `WaitForSingleObject` `MoveFileExW` `VirtualFreeEx` `WriteProcessMemory` `VirtualAllocEx` `OpenProcess` `HeapAlloc` `GetProcessHeap` `VirtualAlloc` `VirtualFree` `GlobalAlloc` `HeapFree` `GetFileAttributesA` `GetFileAttributesW` `GetFileAttributesExA` `GetFileAttributesExW` `SetFileTime` `GetFileTime` `GetSystemTime` `SetLastError` `CreateDirectoryA` `CreateDirectoryW` `CopyFileA` `CopyFileW` `MoveFileA` `MoveFileW` `SetFilePointer` `RemoveDirectoryA` `RemoveDirectoryW` `FindClose` `FindNextFileA` `FindFirstFileA` `FindNextFileW` `FindFirstFileW` `GetComputerNameA` `GetComputerNameW` `GetSystemDirectoryA` `GetSystemDirectoryW` `GetWindowsDirectoryA` `GetWindowsDirectoryW` `GetEnvironmentVariableA` `GetEnvironmentVariableW` `SetEnvironmentVariableA` `SetEnvironmentVariableW` `WritePrivateProfileStringA` `GetShortPathNameA` `Process32NextW` `Process32FirstW` `CreateToolhelp32Snapshot` `GlobalLock` `GlobalUnlock` `Sleep` `EnterCriticalSection` `CreateThread` `LeaveCriticalSection` `CopyFileExW` `GetLastError` `SystemTimeToFileTime` `FileTimeToSystemTime` `HeapSize` `LCMapStringA` `LCMapStringW` `GetStdHandle` `RtlUnwind` `HeapReAlloc` `GetModuleHandleA` `UnhandledExceptionFilter` `FreeEnvironmentStringsA` `GetEnvironmentStrings` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCommandLineA` `SetHandleCount` `GetFileType` `GetStartupInfoA` `SetUnhandledExceptionFilter` `IsBadCodePtr` `GetStringTypeA` `GetStringTypeW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetSystemTimeAsFileTime` `SetStdHandle` `FlushFileBuffers` `GetLocaleInfoA` `GetCPInfo` `GetSystemInfo` `VirtualQuery` `InterlockedExchange` `GetStartupInfoW` `ExitProcess` `TerminateProcess` `HeapDestroy` `HeapCreate` `IsBadWritePtr` `GetACP` `GetOEMCP` `IsBadReadPtr` `SetEndOfFile`
USER32.dll	`GetUserObjectInformationA` `OpenDesktopA` `SetThreadDesktop` `IsZoomed` `LoadImageA` `GetClipboardData` `OpenClipboard` `EmptyClipboard` `SetClipboardData` `CloseClipboard` `LoadAcceleratorsA` `GetMessageA` `TranslateAcceleratorA` `TranslateMessage` `DispatchMessageA` `PostThreadMessageA` `LoadIconA` `LoadCursorA` `RegisterClassExA` `GetFocus` `SetFocus` `GetCursorPos` `ClientToScreen` `ReleaseCapture` `GetThreadDesktop` `EndPaint` `SetCapture` `GetWindowThreadProcessId` `PostMessageA` `DefWindowProcA` `GetDC` `UpdateLayeredWindow` `ReleaseDC` `PtInRect` `IsWindowUnicode` `UpdateWindow` `MessageBoxA` `FlashWindowEx` `CreatePopupMenu` `CreateWindowExA` `SetForegroundWindow` `TrackPopupMenu` `DestroyWindow` `DestroyMenu` `GetMenuItemCount` `InsertMenuW` `DestroyIcon` `SetWindowTextA` `GetWindowTextW` `GetWindowTextA` `IntersectRect` `CloseDesktop` `ChangeDisplaySettingsA` `EnumDisplaySettingsW` `ChangeDisplaySettingsW` `MessageBoxW` `GetWindow` `GetSysColor` `FindWindowW` `BeginPaint` `LoadImageW` `InvalidateRect` `KillTimer` `SetTimer` `PostQuitMessage` `SetWindowLongA` `SetLayeredWindowAttributes` `GetWindowRect` `GetWindowLongA` `AdjustWindowRectEx` `ShowWindow` `SystemParametersInfoA` `GetSystemMetrics` `GetClientRect` `SetWindowPos` `RedrawWindow` `IsWindow` `SendMessageA` `IsIconic` `IsWindowVisible` `GetDesktopWindow` `CreateWindowExW` `SetWindowTextW`
GDI32.dll	`GetTextExtentPoint32W` `PatBlt` `GetTextColor` `CreateDIBSection` `DeleteObject` `GetRgnBox` `CombineRgn` `CreateRectRgnIndirect` `GetTextMetricsA` `GetClipRgn` `OffsetRgn` `ExtTextOutW` `GetCurrentObject` `GetObjectA` `GetCurrentPositionEx` `GetClipBox` `CreateCompatibleDC` `SelectObject` `DeleteDC` `CreateSolidBrush` `SelectClipRgn` `CreateRectRgn` `GetBkColor`
comdlg32.dll	`GetSaveFileNameA` `GetOpenFileNameW` `GetSaveFileNameW` `ChooseColorA` `GetOpenFileNameA`
ADVAPI32.dll	`RegDeleteValueA` `GetUserNameW` `GetUserNameA` `RegSetValueExW` `RegCloseKey` `RegSetValueExA` `RegOpenKeyExA` `RegQueryValueExA` `RegCreateKeyExA` `RegCreateKeyExW` `RegDeleteKeyA` `RegDeleteKeyW` `RegOpenKeyExW` `RegDeleteValueW` `RegQueryValueExW` `RegEnumKeyA` `RegEnumKeyW` `RegEnumValueA` `RegEnumValueW` `RegQueryInfoKeyA` `RegQueryInfoKeyW`
SHELL32.dll	`SHFileOperationW` `SHFileOperationA` `SHChangeNotify` `Shell_NotifyIconW` `ShellExecuteW` `SHGetSpecialFolderLocation` `SHGetPathFromIDListW` `SHGetPathFromIDListA` `DragQueryFileW` `DragQueryFileA` `ShellExecuteA`
ole32.dll	`RevokeDragDrop` `RegisterDragDrop` `ReleaseStgMedium` `CreateStreamOnHGlobal` `CoCreateInstance` `OleUninitialize` `OleInitialize` `CoGetMalloc` `CoUninitialize` `CoInitialize` `CoTaskMemAlloc` `OleSetContainedObject` `OleCreate` `CLSIDFromProgID` `CLSIDFromString` `CoTaskMemFree`
OLEAUT32.dll	`VariantInit` `LoadTypeLibEx` `VariantChangeType` `SafeArrayGetDim` `SafeArrayGetLBound` `SafeArrayGetUBound` `SafeArrayGetElement` `DispInvoke` `VariantClear` `SysStringLen` `QueryPathOfRegTypeLib` `SysAllocStringLen` `SysReAllocStringLen` `SystemTimeToVariantTime` `VariantTimeToSystemTime` `SysAllocString` `SysFreeString` `SysReAllocString`

Delayed Imports

mApplication_FunctionTable

Ordinal	`1`
Address	`0x7f3b8`

mComponent_FunctionTable

Ordinal	`2`
Address	`0x7f8e8`

mFTP_FunctionTable

Ordinal	`3`
Address	`0x7fea8`

mFile_FunctionTable

Ordinal	`4`
Address	`0x7fa28`

mMenu_FunctionTable

Ordinal	`5`
Address	`0x80240`

mRegistry_FunctionTable

Ordinal	`6`
Address	`0x80470`

mSystem_FunctionTable

Ordinal	`7`
Address	`0x805f0`

mWindow_FunctionTable

Ordinal	`8`
Address	`0x80d20`

129

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x143f8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.76799`
MD5	`7a240c8b162d8278608db82b5da17588`
SHA1	`d66ad2e0a2ec4cd51652dd7458daaae0293aeeb4`
SHA256	`217452ece923a2890fd571db107c35e9012ee5a02afb1dba87a762bf4eecc513`
SHA3	`8f50c98d4144048575a5c39e7e5e5ee253f71bae32a256562b56dca1de177688`
Preview

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2cf28`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99385`
Detected Filetype	PNG graphic file
MD5	`cbab6d2c53fafb71f91d2df826c6125a`
SHA1	`0cfe7e78e1b40898f995a3bb8bdd80c731744abe`
SHA256	`f5641f1e454cef89dde75acd533744035adaa7fd554c749c8dd76ed801bf7320`
SHA3	`5b366c1c369e6800cf569c43721c8946faba67b5b3518b22862768cda44454e6`

1 (#2)

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.49381`
MD5	`0586bf6f6d7ba9363466d144a686c1a5`
SHA1	`c6319a871280ae619e1409d21666d99847ff2ea8`
SHA256	`fbfdce5f10dda89e4dd54a51118768a01bc4f8e7ee0294afd19c7e0f5817fb5b`
SHA3	`3e6512bdc367f21ab4255620c9392d1f78f298eb1d967750104b40bc382f7556`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.5928`
MD5	`f851c293582ecfcd1f77469182105eb6`
SHA1	`1d35ca908dafbf0d68bf658f27aba7919f6754c8`
SHA256	`6178d1945df71095ee170ce8c47cb0deb60d4b27bd7695b90515ff4a7bfbcdfc`
SHA3	`6b7e62b346c87f9ab0f0fef10391056a3a077c178de764aad8ff0056801c196a`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.97958`
MD5	`46f4bc1386c3993bfd7a65bf5a8fe4df`
SHA1	`462603667972ccd2ff83cf85af42f7222627ca77`
SHA256	`b048ed17c43cff388a4ce07d2bca06fcaffa5e8cc0a3ae30aeaed13d7766b5c7`
SHA3	`862d011e807aa2b186d1b4fe3627f5228acd5a5155ab508887f0a1c502d875d0`

109

Type	`RT_ACCELERATOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.79879`
MD5	`3d2b1af3424dbcd504f73918619c7d99`
SHA1	`10d6ed54ea742211a14a05414883f6c00c03080a`
SHA256	`c2f0c188d6c493d7827bf83fb89c704815796445a0178bb2ae79658d96703a3c`
SHA3	`b8c5f28d2c132e5bc304e4dc1b314a3f32a2e48675c06828a2a8a014ea05e7fb`

107

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.26096`
Detected Filetype	Icon file
MD5	`6b0701d39120f3347f3c189a0dc67d57`
SHA1	`61141373e67fc690e150b42d8359afc7acabc315`
SHA256	`e07baf6f31fa57fb4c9842d6daa68c37506ab593ac1ec4ef6b9f8e76d711c114`
SHA3	`86501899d8a0f3096823366269b2e2a47e49f995e003db1c33d4944d60405fb9`

107 (#2)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x30`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.54942`
Detected Filetype	Icon file
MD5	`22686d3d933533dc46367b83530d1e7c`
SHA1	`d0487e5eea2ad93c6b954e74dbb78ad8b2ce1ffe`
SHA256	`e2c591362535bee1e0d4cd93d2b061be0d0f76bf4eddd1d55b7539ce26fb8b2b`
SHA3	`f351671c6efe7dbbb5eeefb9a17c1851eb0c69d9b641378c556e67a82089078c`

Version Info

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x481444`
SEHandlerTable	`0x453100`
SEHandlerCount	`185`

RICH Header

XOR Key	`0x9057d7c6`
Unmarked objects	`0`
105 (2067)	`5`
ASM objects (VS2003 (.NET) build 3077)	`22`
37 (8755)	`2`
C objects (9178)	`12`
Imports (2067)	`2`
Imports (2179)	`16`
Imports (9210)	`7`
Total imports	`341`
C objects (VS2003 (.NET) build 3077)	`137`
C++ objects (VS2003 (.NET) build 3077)	`72`
Exports (VS2003 (.NET) build 3077)	`1`
94 (VS2003 (.NET) build 3052)	`1`
Linker (VS2003 (.NET) build 3077)	`1`

Errors

Leave a comment

No comments yet.