Manalyze report for 9810bc3caab35164ce18297699213b0d

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Mar-29 17:25:43
Detected languages	English - United States
TLS Callbacks	1 callback(s) detected.
Debug artifacts	C:\ci\gitlab\builds\openfin\rvm\rvm\openfinrvm\Release-Production\OpenFinRVM.pdb
CompanyName	OpenFin Inc.
FileDescription	OpenFin RVM
FileVersion	`13.0.1.2`
InternalName	OpenFinRVM.exe
LegalCopyright	Copyright (C) 2019
OriginalFilename	OpenFinRVM.exe
ProductName	RVM
ProductVersion	`13.0.1.2`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ v6.0 DLL` `Microsoft Visual C++ 6.0 - 8.0`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: cmd.exe` Contains domain names: adobe.com casedieresis.cn casetilde.cn commaaccentright.cn cyrillictail.cn cyrillictic.cn github.com http://cdn.openfin.co http://cdn.openfin.co/release/rvm/ApiLanguage http://ns.adobe.com http://ns.adobe.com/tiff/1.0/ http://scripts.sil.org http://scripts.sil.org/OFL http://www.w3.org http://www.w3.org/1999/02/22-rdf-syntax-ns# https://cdn.openfin.co https://cdn.openfin.co/ https://cdn.openfin.co/release/ https://cdn.openfin.co/system-panel/app.json https://config.openfin.co https://developers.openfin.co https://developers.openfin.co/of-docs/page/review-security-permissions https://dl.openfin.co https://dl.openfin.co/services/ https://github.com https://ingest.openfin.co https://ingest.openfin.co/desktop-analytics/ https://ingest.openfin.co/desktop-analytics/upload https://install.openfin.co https://install.openfin.co/download/?os https://log-manager.openfin.co https://of.os.openfin.co https://of.os.openfin.co/api/dos https://of.os.openfin.co/signup/api/app.json https://openfin.zendesk.com https://openfin.zendesk.com/hc/en-us https://rsms.me https://workspace.openfin.co https://workspace.openfin.co/release/ koronisaccentleft.cn ns.adobe.com openfin.zendesk.com scripts.sil.org www.w3.org zendesk.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses known Mersenne Twister constants` `Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress LoadLibraryA LoadLibraryExW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot SwitchToThread FindWindowW` `Code injection capabilities (PowerLoader): FindWindowW GetWindowLongW` `Can access the registry: RegDeleteKeyW RegSetValueExW RegCloseKey RegEnumKeyExW RegOpenKeyExW RegCreateKeyExW RegQueryValueExW RegQueryInfoKeyW RegGetValueW RegDeleteKeyExW RegDeleteValueW` `Possibly launches other programs: CreateProcessW ShellExecuteW` `Uses Microsoft's cryptographic API: CryptMsgClose CryptQueryObject CryptMsgGetParam CryptAcquireContextW CryptGenRandom CryptAcquireContextA CryptReleaseContext` `Can create temporary files: GetTempPathW CreateFileW` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Has Internet access capabilities: InternetCloseHandle InternetErrorDlg InternetGetLastResponseInfoW InternetGetConnectedState InternetCrackUrlW InternetOpenW InternetQueryOptionW InternetQueryDataAvailable InternetReadFile InternetConnectW InternetSetOptionW InternetSetStatusCallbackW` `Functions related to the privilege level: OpenProcessToken` `Manipulates other processes: ReadProcessMemory OpenProcess Process32FirstW Process32NextW` `Can take screenshots: FindWindowW GetDC CreateCompatibleDC`
Info	The PE is digitally signed.	`Signer: OpenFin Inc.` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`9810bc3caab35164ce18297699213b0d`
SHA1	`883c3965cfd11dd1f940066cd3080628bfa9d7a0`
SHA256	`6c54a03314e9e5f333d2a2d0507db25a6771f360195e0b6c2f20f5a42bc00d52`
SHA3	`4b16b97c2b187f97f81ce79ee25f7fb1f5664f7e40a8186ef4858365a67723d3`
SSDeep	`98304:QmEWD4em1QvrJsfski75lsml2r+6GZgO0FQE0KU76YgQo/MD:T0auUkM2r40N0K+67SD`
Imports Hash	`a5d16ac0c2e08818c1a0b5e92b200ed7`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2024-Mar-29 17:25:43
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`12.0`
SizeOfCode	`0x349800`
SizeOfInitializedData	`0x275a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00269D90 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x34b000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x5c4000`
SizeOfHeaders	`0x400`
Checksum	`0x5bdcaa`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f95579a4b5dd875dab1d2547281d74db`
SHA1	`f3507afe38436b4833697b7aa980374a74e0a152`
SHA256	`df7649d9082fcaf89e4bf57b1a9c6d6e85b111957d395765f1d77f091713c84f`
SHA3	`f5f3fe45acb39d6fbd906c7448614788480374b0342ce2aa9b25215f2eae2985`
VirtualSize	`0x3496bb`
VirtualAddress	`0x1000`
SizeOfRawData	`0x349800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.51279`

.rdata

MD5	`0916f55b4425c09d84e37d5f6eb1349c`
SHA1	`06c93363b5a25c4cc59747d564c1e57bff9e1b2e`
SHA256	`7ad52f1573416de4ea26bbf64a686873cbfa46e3394cf904a70ae6183caa23f7`
SHA3	`6c4d4657d8fd5f8ad3aa05364d940dd39b50f7af6e886bfb1ded7dd6f94fa1f5`
VirtualSize	`0xdd098`
VirtualAddress	`0x34b000`
SizeOfRawData	`0xdd200`
PointerToRawData	`0x349c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.94259`

.data

MD5	`4574ff4a25edb91507eccc3c345b8ad0`
SHA1	`23c2f197f0f4e6098a894b5a321e6010b1ac18ce`
SHA256	`1091699623da04f0c5783397a2eb3986a751ce319a48caf6866e29e89ce44e6e`
SHA3	`2fa5b97a79e9acd4899fa6fb3a0f93e779c4b72a695c7c3d9c2e7bc9b92883ca`
VirtualSize	`0x306ac`
VirtualAddress	`0x429000`
SizeOfRawData	`0x27200`
PointerToRawData	`0x426e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.04026`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x2`
VirtualAddress	`0x45a000`
SizeOfRawData	`0x200`
PointerToRawData	`0x44e000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`2ff0922dac23831ae28703d34d428026`
SHA1	`02d4d3b9da392d200825d08f59e40a66c80b91e3`
SHA256	`b18ab7ec845da66bfc6b8bffd063007e28c8718b715bc26ca4099a8839a4f186`
SHA3	`ee1d9a4ded26e22d61f38f4213fa4d7f50885100ff68b3bcccbf0f4a5faa0daf`
VirtualSize	`0x136178`
VirtualAddress	`0x45b000`
SizeOfRawData	`0x136200`
PointerToRawData	`0x44e200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.58806`

.reloc

MD5	`778f1a5762cdb9146a55de7e92d9633c`
SHA1	`854d908411a47b468069c683d61a456c9b0904a1`
SHA256	`4f88057b22c689868ded09f38f9adb89b6b5eb788f3b5e8a55553b155975712e`
SHA3	`8a7c8ef20936ad8293cb524685a48808338b556dbd093ba5fa1ec0d7173d5423`
VirtualSize	`0x31a18`
VirtualAddress	`0x592000`
SizeOfRawData	`0x31c00`
PointerToRawData	`0x584400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.65815`

Imports

KERNEL32.dll	`QueryPerformanceFrequency` `K32GetModuleFileNameExW` `ReadProcessMemory` `GetExitCodeProcess` `GlobalLock` `GlobalAlloc` `GlobalUnlock` `GlobalFree` `ConnectNamedPipe` `CreateNamedPipeW` `CreateMutexW` `InitializeCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `DeleteCriticalSection` `LocalFree` `GetLastError` `GetSystemTimeAsFileTime` `GetFileAttributesW` `GetEnvironmentVariableA` `GetModuleHandleW` `LoadLibraryW` `RaiseException` `GetProcAddress` `LocalAlloc` `DecodePointer` `DuplicateHandle` `ExpandEnvironmentStringsW` `WideCharToMultiByte` `MultiByteToWideChar` `FormatMessageW` `lstrlenW` `K32GetProcessImageFileNameW` `OpenProcess` `LoadLibraryA` `GetFileTime` `GetShortPathNameW` `Sleep` `GetModuleFileNameW` `SetFilePointer` `SystemTimeToFileTime` `SetFileTime` `WriteFile` `ReadFile` `GetCurrentDirectoryW` `LocalFileTimeToFileTime` `GetFileSize` `UnmapViewOfFile` `GetTickCount` `FileTimeToSystemTime` `GetFileInformationByHandle` `QueryPerformanceCounter` `SystemTimeToTzSpecificLocalTime` `GetProcessTimes` `FindResourceW` `LoadResource` `SizeofResource` `LockResource` `CreateProcessW` `WaitForSingleObject` `CreateEventW` `WaitForMultipleObjects` `Process32FirstW` `Process32NextW` `CreateToolhelp32Snapshot` `GetProcessId` `SetHandleInformation` `CreatePipe` `TerminateProcess` `K32EnumProcesses` `MulDiv` `GetStringTypeW` `GetCurrentThread` `GetExitCodeThread` `EncodePointer` `GetModuleHandleA` `ReleaseMutex` `ReleaseSemaphore` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FormatMessageA` `RtlUnwind` `GetCommandLineW` `IsProcessorFeaturePresent` `GetCPInfo` `IsDebuggerPresent` `CreateTimerQueue` `InterlockedPopEntrySList` `InterlockedPushEntrySList` `InterlockedFlushSList` `QueryDepthSList` `SignalObjectAndWait` `SwitchToThread` `CreateThread` `SetThreadPriority` `GetThreadPriority` `GetLogicalProcessorInformation` `CreateTimerQueueTimer` `ChangeTimerQueueTimer` `DeleteTimerQueueTimer` `GetNumaHighestNodeNumber` `GetProcessAffinityMask` `SetThreadAffinityMask` `RegisterWaitForSingleObject` `UnregisterWait` `HeapReAlloc` `ExitThread` `LoadLibraryExW` `UnhandledExceptionFilter` `SetLastError` `InitializeCriticalSectionAndSpinCount` `GetStartupInfoW` `CreateSemaphoreW` `GetDateFormatW` `GetTimeFormatW` `CompareStringW` `LCMapStringW` `GetLocaleInfoW` `IsValidLocale` `GetUserDefaultLCID` `EnumSystemLocalesW` `ExitProcess` `GetModuleHandleExW` `AreFileApisANSI` `HeapSize` `IsValidCodePage` `GetACP` `GetOEMCP` `GetStdHandle` `GetFileType` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `GetTimeZoneInformation` `SetFilePointerEx` `FlushFileBuffers` `GetConsoleCP` `GetConsoleMode` `OutputDebugStringW` `GetThreadTimes` `FreeLibrary` `FreeLibraryAndExitThread` `InitializeSListHead` `UnregisterWaitEx` `GetVersionExW` `VirtualAlloc` `VirtualFree` `VirtualProtect` `ReadConsoleW` `SetStdHandle` `WriteConsoleW` `SetEnvironmentVariableW` `SetEndOfFile` `SetEnvironmentVariableA` `GetEnvironmentVariableW` `SetCurrentDirectoryW` `DeleteFileW` `FindClose` `FindFirstFileW` `FindNextFileW` `GetFileAttributesExW` `RemoveDirectoryW` `SetFileAttributesW` `DeviceIoControl` `GetWindowsDirectoryW` `CreateDirectoryExW` `CopyFileW` `MoveFileExW` `GetLongPathNameW` `GetStringTypeExW` `GetCurrentThreadId` `GetLocalTime` `GetTempPathW` `InitializeCriticalSectionEx` `CreateFileW` `CreateDirectoryW` `GetCurrentProcess` `SetUnhandledExceptionFilter` `HeapFree` `HeapAlloc` `GetProcessHeap` `ResetEvent` `SetEvent` `GetCurrentProcessId` `WaitForSingleObjectEx` `CloseHandle` `OpenEventA` `CreateEventA`
USER32.dll	`SetWindowTextW` `EnableWindow` `SetDlgItemTextW` `SetWindowPos` `SendDlgItemMessageW` `EndDialog` `GetDlgItem` `GetClientRect` `DialogBoxParamW` `ScreenToClient` `IsWindowVisible` `GetSysColorBrush` `ShowWindow` `GetWindowTextW` `EnumWindows` `PostThreadMessageW` `MonitorFromRect` `SendMessageW` `FlashWindowEx` `WaitForInputIdle` `PostMessageW` `ReplyMessage` `SendMessageTimeoutW` `InSendMessage` `LoadImageW` `PostQuitMessage` `SetForegroundWindow` `FindWindowW` `wsprintfW` `GetDesktopWindow` `UpdateLayeredWindow` `RegisterWindowMessageW` `RegisterClassExW` `GetWindowLongW` `SetWindowLongW` `IsWindow` `CreateWindowExW` `DefWindowProcW` `UnregisterClassW` `SetTimer` `KillTimer` `GetMessageW` `TranslateMessage` `DispatchMessageW` `MessageBoxW` `GetWindowRect` `LoadStringW` `SetCursor` `MonitorFromPoint` `SetCapture` `GetDC` `GetCapture` `LoadIconW` `TrackMouseEvent` `LoadCursorW` `GetCursorPos` `GetWindowPlacement` `GetMonitorInfoW` `SetClassLongW` `ReleaseDC` `ReleaseCapture` `DestroyWindow`
dbghelp.dll	`MiniDumpWriteDump`
SHLWAPI.dll	`PathFileExistsW` `PathCreateFromUrlW` `UrlCreateFromPathW` `PathIsRelativeW` `SHStrDupW`
CRYPT32.dll	`CryptMsgClose` `CryptQueryObject` `CertGetNameStringW` `CertFreeCertificateContext` `CertFindCertificateInStore` `CertCloseStore` `CryptMsgGetParam`
WININET.dll	`InternetCloseHandle` `InternetErrorDlg` `InternetGetLastResponseInfoW` `InternetGetConnectedState` `InternetCrackUrlW` `InternetOpenW` `InternetQueryOptionW` `InternetQueryDataAvailable` `InternetReadFile` `InternetConnectW` `HttpSendRequestW` `InternetSetOptionW` `InternetSetStatusCallbackW` `HttpQueryInfoW` `HttpOpenRequestW`
VERSION.dll	`GetFileVersionInfoSizeW` `VerQueryValueW` `GetFileVersionInfoW`
COMCTL32.dll	`#17` `#345`
GDI32.dll	`SelectObject` `RemoveFontResourceW` `AddFontResourceW` `CreateFontIndirectW` `GetDeviceCaps` `SetTextColor` `SetBkMode` `DeleteDC` `CreateDIBSection` `DeleteObject` `CreateCompatibleDC`
ADVAPI32.dll	`RegDeleteKeyW` `CryptAcquireContextW` `CryptGenRandom` `CryptAcquireContextA` `CryptReleaseContext` `RegSetValueExW` `RegCloseKey` `RegEnumKeyExW` `RegOpenKeyExW` `OpenProcessToken` `GetSidSubAuthority` `GetUserNameW` `GetSidSubAuthorityCount` `GetTokenInformation` `LookupAccountNameW` `ConvertSidToStringSidW` `RegCreateKeyExW` `RegQueryValueExW` `RegQueryInfoKeyW` `RegGetValueW` `RegDeleteTreeW` `RegDeleteKeyExW` `RegDeleteValueW`
SHELL32.dll	`SHGetPropertyStoreForWindow` `SHGetFolderPathW` `ShellExecuteW` `Shell_NotifyIconW` `CommandLineToArgvW`
ole32.dll	`CoCreateInstance` `CoUninitialize` `CoInitialize` `CreateStreamOnHGlobal` `CoTaskMemFree`
urlmon.dll	`IsValidURL`
gdiplus.dll	`GdipDrawCachedBitmap` `GdipFillRectangleI` `GdipCloneImage` `GdipCreateStringFormat` `GdipCreatePath` `GdipCreatePen1` `GdipDeleteStringFormat` `GdipAddPathPieI` `GdipDrawRectangleI` `GdipSetLineBlend` `GdipSetPathGradientCenterPointI` `GdipGetImageHeight` `GdipGetImageWidth` `GdipMeasureString` `GdipCreateFromHDC` `GdipDeleteGraphics` `GdipCreateFontFamilyFromName` `GdipResetClip` `GdipDrawString` `GdipGetGenericFontFamilySansSerif` `GdipDeleteRegion` `GdipDeletePath` `GdipCreateRegionPath` `GdipCreateCachedBitmap` `GdipCreateBitmapFromFile` `GdipDisposeImage` `GdipAlloc` `GdipCreateSolidFill` `GdipDeleteFont` `GdipSetPathGradientPresetBlend` `GdipCreateLineBrushFromRectI` `GdipDeletePen` `GdipSetClipRegion` `GdipFree` `GdipDeleteBrush` `GdipDeleteCachedBitmap` `GdiplusStartup` `GdiplusShutdown` `GdipCreateBitmapFromStream` `GdipResetPath` `GdipClosePathFigure` `GdipDeleteFontFamily` `GdipSetSmoothingMode` `GdipGraphicsClear` `GdipDrawImageRectI` `GdipGetImageGraphicsContext` `GdipCreateFont` `GdipFillPath` `GdipCreatePathGradientFromPath` `GdipCreateBitmapFromScan0` `GdipCloneBrush` `GdipAddPathArcI`

Delayed Imports

143

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1f3a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.93759`
Detected Filetype	PNG graphic file
MD5	`36a2f6866e968086fe05d0da1d25186b`
SHA1	`119156d54869fc91a3f03737daa67fa2f5c5830c`
SHA256	`ca4e6d736f2a759b9a544bdf9f95dd7ed937d8c6c167962bf24b37e5bd9a831d`
SHA3	`98795d823fbcd48fe6548414b69cabcf629b29604b28c12dc91b8183f8a556e0`

149

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.02959`
MD5	`78f7ee45326869cb7b2626553ac22843`
SHA1	`a161f71a17111f497f67e840e2b5e92e5fb41116`
SHA256	`d5263fb3be3b9cfb4a5638f7b19d130c3d734fc7916dbbdb896866b4c778b415`
SHA3	`19d33f660b4a9047164ae553593367340c457721ef74fca947d75519936c6d33`
Preview

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.27842`
MD5	`e6c03fdee2857b76e3a7a46c0857003c`
SHA1	`f048938575ec5a5393b7faee029e11e3b495d1aa`
SHA256	`2de2f8adf386c04ae3209503d75396590390ca86bdad8666359b218a31adb793`
SHA3	`9f859f425be609d1f1ab7dea703e7fa59e6a2b68ae54e8a082a6cf3a4c3dab0a`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.95035`
MD5	`c263f5d3d43658d69d067ea8914325cf`
SHA1	`a3336f033aa17c11243522f3cb907ea7453cffb8`
SHA256	`343faf76b076049bad49da698651cbf7b02f36987261d7855fa67aa093ebcbb9`
SHA3	`7e2e9f2716add93f1ed906a4684f722fc63d7bacabb41339e6f4d0740cea0380`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.81524`
MD5	`02db27fd4c16b8f7e49960190586d616`
SHA1	`f0508e10dc057ad841fd03b4fceab7712316a68e`
SHA256	`01d52d665c4a9239f9d7ea91c8d01d47a1c2393d1039c91f5c125e98f6f13014`
SHA3	`79ca14dfa390cb2e3a68f786b52bee25c1da1a004cce7729b0e329ebb6ad646c`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.44666`
MD5	`5bed22f3bda381aef62df868ae6c0adc`
SHA1	`048bcb9bf96c43762a720ae5dc19e9658e5305a7`
SHA256	`9bf61c8f954cd8b8eb1279d4f893365ca2b60ecc241ad27e7a8e1963c0ec39bd`
SHA3	`b6f27050def317187b4f364a1360a6ec871567239d006a35bb6e66856baba7ec`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.30122`
MD5	`8bae167c79b1ba11e9458242a54be218`
SHA1	`6761475c41415a1b4d4e0608587ff126e6196125`
SHA256	`7ae27ae51eb1712b04b70b51823f607fbaa24c510ad169dee26d01c8f760f992`
SHA3	`6bc03d81ed12558a650395e9a53f485239f664fbd003ac77501bba73dbc44fa2`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.11591`
MD5	`d6a78c16970bbdaefddede6d81824a16`
SHA1	`8af8a4ecc4274269603ac36c6669c185da40c470`
SHA256	`34ae7a9864171e24aa165299fd2b0fbe2df995fc00236402ebcfa7367f745af8`
SHA3	`52012d4946882abe2b01c9b12567ac5fca63844e665527c98e9cc65dc43ef817`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.03356`
MD5	`43925254beaf0120158e556c96b1cb40`
SHA1	`56d0837eb74d49559fa7b5ba0e9bfcfd27f5e7cd`
SHA256	`cd5023d25d3c6a22732a775f3a287c64649b790441c5e92c7bf42b752ea0f34a`
SHA3	`7d0f674b8e801e8e90e4a4465d744c7c2f710ef29b96317e7bbc42cc1aaa0f6b`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.92614`
MD5	`14684fdce7dd29ccbceb96f936c25f66`
SHA1	`053edb66b47239988a9a6deca1e420a10d317ab3`
SHA256	`0fe1069a082b54ad62f3ca8edf7cabb3af34187cf4b363d53a68b13e3c512bf0`
SHA3	`5a8c15148dbd3352e3779d71bcadee79076312e15f706491a96e6b4fdf4a0fbd`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1e99`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.85651`
Detected Filetype	PNG graphic file
MD5	`8bfdd3744912c8280ea58b3c7e365022`
SHA1	`f3911d5b553d8160181660e561d78d5272c7ea93`
SHA256	`284de163c7c83d0e4e287f8b43cbb539525639450547b86adf235feadc4433ff`
SHA3	`2e3220ee5edb21ea37d4a490a24fec85a096d0b0ca6484c7472a569a6f7416aa`

10

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.99953`
MD5	`a111262040c9ecd62eb710b2bed8d690`
SHA1	`26d312ee7d63ac4720072554d6e8856267208007`
SHA256	`7e9a60601a8a3906c120b19f893f595e49ab8a341278d9be3b5aef691f642ea1`
SHA3	`f27042f2660f4ac113cae18c04541b70ef5d8de18092593f18a3d1a4bc1de1bf`

11

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.56236`
MD5	`b010482bad053963afae18f341945119`
SHA1	`5676fd2de85a4f6e762476dcf03e8296656d967e`
SHA256	`f2ba7aeb406d1d27ee9bc21b8fbe8bd8f44f36a37c272d8585be4e43fc08b9a9`
SHA3	`1e317b5cba742cd8a7a65a6346c03be0e7be34c90fdc332b1114c49fab08477b`

12

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.29845`
MD5	`d9a53a1ba69c381c4a3941221463a54b`
SHA1	`2b77a44fd408f2a75d3d709cc2ce7fe060ccb9bc`
SHA256	`a4ffb16022f2a7b2c5c03baeec718f95dee4888a7fa687b989bf84de7ccfc865`
SHA3	`ecddbf1c7115b37a94a4bb5d2103a6f4ac5cc105370b6a1abab182176a3d6782`

13

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.16472`
MD5	`a9e1c971ce712270c677685489ec6455`
SHA1	`3e50b754b465cd7ea691967172f00e4e38a8e1f4`
SHA256	`bd2cfd92d7b2b862c6fb9b31a6fd061a798ab4b6632de6a9df6beaea315f61b8`
SHA3	`bafaebea53d83d7c17095dca00f12ad0bff7715bc3fab82bc1e444e2e016b0a5`

14

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.93278`
MD5	`5b031aa9e2b665020d45279618ca6828`
SHA1	`92b1bd747b626174754cf8daaad4d83107649c8c`
SHA256	`a8891db8f830219ee61225594e761c77501f22ed0baf1dcdfc06aa99813113a5`
SHA3	`7a937181ed0bbe1168fb16c6472ccf255fbea7ddaeac3086993d890e465a3ef6`

15

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22aa`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.90478`
Detected Filetype	PNG graphic file
MD5	`a9e637b3f8bbb915a60f42ac1ab9518c`
SHA1	`cb92dc78409a1fe49d1b2c36b5b7f22d58365d0e`
SHA256	`15501679eb444302c1970d61e264345b83b6a04b027d926c734239a2d4a0766f`
SHA3	`b9613ec716d1f7ba9209478c4f0a9a883b1f1c5b24ffdd04a4d11e1fdb6102ce`

16

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x509c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.94846`
Detected Filetype	PNG graphic file
MD5	`d18d86d298eb3b8e98c36b1b47904b48`
SHA1	`f07e0047949f021def6d78b294d2292e184d5db2`
SHA256	`9645ca8860364f95d6e81d4be43dd4d2092645f96b64183a190096178ed20418`
SHA3	`5d6aeaf3799f47380c82561bc3435c62255279e384581d90f1c60cf4c95d74d0`

17

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.9984`
MD5	`2f6ad20fa7218f9736dfa85a3298f949`
SHA1	`60035376dc35dd46257786d65901fb315e1ef44e`
SHA256	`a9dd69e32cc98975cf2a4389fd350652335719aa6caf0c95351e738ec95571ce`
SHA3	`17f6b684147cff71142de4f508be22ccb42cb2140a353b049046fd150dab0626`

18

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.98704`
MD5	`9df503591abba62fbb3263bff87ad61a`
SHA1	`8109d2d66d4f9558a9c82fabfde76957e06d3891`
SHA256	`bf89fed73a4763d6b28f10e444ce7e5393772c3eed6c3b70a776f40ea20db9a2`
SHA3	`420c790c1c9893f23d202e889237fffb438bd9d77ba12a71294fb36e2ed69729`

19

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.00781`
MD5	`97ca1147e1200a0811d5e866e5238b5e`
SHA1	`49a9f00236c65cb7169e5061c29b1386f25c0cdd`
SHA256	`d2a1a9d24f6fccccd2cc146862637f9bfecae4a9eeade2d90a1ec5d2ad34c7bf`
SHA3	`20ddd585b196dc4fbc888bc702589721dc8fee79e2ddd4717dd3ad5188b5bf85`

20

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.16667`
MD5	`8e064a9c3bb971d520eb30cb196d29f1`
SHA1	`6942cc359f767a2cda0b64d482cbb995169b68aa`
SHA256	`a37d4689f9ce815959d54e1b9b1f5beb9ce713a5cf9ce5499995676730d4d217`
SHA3	`836e823a4cdf7e5ebb8273736853bb0b6429fa69eaddc068c7bce623e02890ad`

21

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.42501`
MD5	`66c8cf47a5cf117c3a35b924725070e8`
SHA1	`0f202974774247b0a179871d07e68a00f30a96d3`
SHA256	`b932f0333763c7b4d101277b3ec7b7f4146a3d26e86bf3ea01855ca0fabfc5ad`
SHA3	`3a90d50f1b2819be8a6f29363a5c88cca507a9f014d2d8de6d360b4683c3b343`

22

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1a68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.54221`
MD5	`459c343e30f74ab261102798c0d25c71`
SHA1	`167d34feb1639910024f29266530bc1db3ff43fa`
SHA256	`064530fd7271d0d133c7056b35f9aa85c4a28399db49636abfaa043804e98628`
SHA3	`99cc617aa72b7ecc1d8798283d62f50140eff81bcedd886ecf26f0ff1ea03dee`

23

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.82939`
MD5	`6231ba61597edb825ed2f3c973988eef`
SHA1	`9d7c2feefd52b4f2138d1c4616769a3548324bc7`
SHA256	`2a68704b9cdf7599d17792f6949f03a6a5a25483bb754c31d5e9c881c28ae102`
SHA3	`51ed9a25c84c277fb01f9af06f593cdb336d81807838f5744daaf01546282357`

24

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.09977`
MD5	`fadf693b80de79265cbdcb7e2146e90f`
SHA1	`46e0e6a8a66e3244926d33a834cbd00784665692`
SHA256	`daee638a25fd164129cbcd8a0f5d7554d21f6dfc9d5ea292aebf31eec0f612ed`
SHA3	`f43e3a916b77092d9daa5966d9077fbb9b50f65d6ca6f5fef8c6e9868c3367bc`

25

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.61971`
MD5	`9293b44b6f5565f4642b10952a3f71ce`
SHA1	`2cef8a35672c4c532be67356f878cb8bb74f5103`
SHA256	`3b4fca1fa36d07185223ce8516f54ba1781b5d1bdcb64f52a791d2957403a34a`
SHA3	`804432df6ca5fb00a80c311879a010f4095ccbbc0d12a0093b88923347cd44d7`

103

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x13c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.19659`
MD5	`f6113eba49b478b6fd4c83c227d621a0`
SHA1	`682f7e1e0451d2702a217678c325a195cd3095e3`
SHA256	`425611ea9643c252a4d77c3b9be34a1ae622ccca8ca6368795d88c4de6ae1505`
SHA3	`c849aa67715405a2aa64b4ffe16c5fbd411e16030811662652919757b5ab14e7`

107

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3e2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.31563`
MD5	`83ea5e0bd7b17c08fc0ba89e915cce70`
SHA1	`4931fb381d65af17083f4834452799510f3b2b06`
SHA256	`3200f45dfea19304d1e51041173a7588e99507a8e7a51a6780500b48f81ec703`
SHA3	`022144b42d89558e94099c02951e7d0ad32849b256aa75340b0ba54a5515495c`

145

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x13c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.1162`
MD5	`27f3c7c02160458503eaf4c163c009dd`
SHA1	`f3a4359ddd930b0bb5131ca63eaa51467b6156da`
SHA256	`1d43e93e644bed41037ac6c70e7211e8ad4708d3c92fe2944222cd1375efd9e1`
SHA3	`53d6469e60659a7b0591ceabb4d2378e1e02a246164aa2d428fbd47a4cfbbb4b`

147

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x220`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.32906`
MD5	`f373718de45a005805029d912ebb3c57`
SHA1	`36e667e060f5a3e5450a73f3b46a73cb3f0e2ff9`
SHA256	`71a7053973f7a3ba4e62ffe22d48cebe1ce3fdda03994fbd39826af1f07ff424`
SHA3	`88e6e27bbf4cabb546a6da69f62061c376c5aece6ee4e50e8816d61093cb0531`

7 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x48`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.02836`
MD5	`2ce15bf5fdde34c5f726d65bfd084b71`
SHA1	`9a3f2e618b6d3678b17a812d1abb28c8cfc000d6`
SHA256	`324752bcefd9f5340e1262d21574120d8bbc9e6aa0174593b80f333aa5ab8d20`
SHA3	`0f12c89a22cca71fc71580f50f54d520e1fb22aebc9f9e34ba3e4dec1fc6356c`

313

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1e6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.16439`
MD5	`d8bd4fd87fccc523fb2697ec26842e55`
SHA1	`1e650fa755aa4d5a2e0664a9669be505fec5219b`
SHA256	`fa3ffa6baf1a0f9e553c8c6c18d3a296cb79171269554c6afd898003b26e01aa`
SHA3	`1065dc37f3d8ae48929e3be0b935f1a49c70333523095b847387cf3d2e8ebde4`

314

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x394`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.26275`
MD5	`d6d3d96914e6668f8657119c7f382ee7`
SHA1	`4ff40cd639026e836a9315a360768eb6c6ee9fb9`
SHA256	`068ad5c521921f69c084474982e120fa2b27de2b9e16c29255b076481cd88ea6`
SHA3	`12821d2a4c87386b13ad60d2df81d8047291ddc542278672e64618806a5fceda`

315

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0xc6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.94008`
MD5	`0be7d4659f88f4f203b34275caf2da6f`
SHA1	`fec7587ff5186446adc86523c3a83452cda0067a`
SHA256	`87b984cd89f1928c0e6a4139b33f33b5d3a90895f07842f4a07328754d77b76c`
SHA3	`06acd59308cff9af824f930a88efce796f5727b54dab16a9f7410be681d78cc2`

FONTDIR

Type	`RT_FONTDIR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x9a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.19295`
MD5	`3a3deee411b80d840a53fda4a0d565c6`
SHA1	`bb66e720dd0331b11bf63aa73dd661e6c4d1e3af`
SHA256	`7384c602db45eaa6d57031aa23bad18be2df597c941cf4fb3320050d01130d76`
SHA3	`f3703da0937d642fc3e5833ec79baf26837cc0adfd0505d04c7b54fb7a44834c`

153

Type	`RT_FONT`
Language	English - United States
Codepage	UNKNOWN
Size	`0x64dc0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.21397`
Detected Filetype	TrueType font file
MD5	`a9f2b2f2814240097c72f259540ad406`
SHA1	`7e66bc8135c21faafd0019ecb567ae2fda7ca58a`
SHA256	`32705570dcf1b128ca49278fb092b99c5afca80178ee249015729dd16c5f21aa`
SHA3	`4a525655095fee36c1cd9a056f49cac8466a819cf69c6a34c3e1bf54f010e6bd`

109

Type	`RT_ACCELERATOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.79879`
MD5	`3d2b1af3424dbcd504f73918619c7d99`
SHA1	`10d6ed54ea742211a14a05414883f6c00c03080a`
SHA256	`c2f0c188d6c493d7827bf83fb89c704815796445a0178bb2ae79658d96703a3c`
SHA3	`b8c5f28d2c132e5bc304e4dc1b314a3f32a2e48675c06828a2a8a014ea05e7fb`

128

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1a818`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.85358`
Detected Filetype	Icon file
MD5	`666aedd5c995d85688bb89485339aa68`
SHA1	`5f7cf9d0bfd49d89979ce154c6f42622ad4b2f0e`
SHA256	`58630282ad01bad0a5717ed15751d7baeeebf417a6095986d3b8bac3ca067c6a`
SHA3	`d0af4141e04ce9235964fab069cfeda3ea647bcf4c3467ab732e36c0103dc6c8`

107 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.07075`
Detected Filetype	Icon file
MD5	`73bd8e8eabd60c626e85019e66e5a149`
SHA1	`f90a723f075738bbff08690774b3d2a46dcf3881`
SHA256	`fa9f7faac1e0f694d5f767612d40336add95c8680afec7e74dcff2d774b500a7`
SHA3	`50e86f3a72ede386e69ba9a6e14d6dad10f1d711918f2983101c5561d1a7fe11`

156

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x92`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.17162`
Detected Filetype	Icon file
MD5	`f661f57de0104e5c3cc7adbf0b41b92f`
SHA1	`0ac8e55078cc5c179820cb1e713028bd44b50075`
SHA256	`3d13a21e7190acf88d9e35fd9970912b1fd9e3a888ca7719f2c526ec4c70b28f`
SHA3	`37ac42bd26dbd0f86d9f200c16029d6d090507d613c8dce460c7c2e80eb70d75`

1039

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.89385`
Detected Filetype	Icon file
MD5	`cd878ed5299b10a882655479bd8eac5b`
SHA1	`18122a02cdb729e0eb963559a954621c629f5af3`
SHA256	`d372b77b7872abc104ded15a2a27607a7973cdc087497921c23d3c0c20814bc4`
SHA3	`f302100327384d5389395bcff9fec7ce613e2bd7015679cc38f108ebf0a858cd`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2c0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.35818`
MD5	`b5b2f87af54c792f1cce403afe22c75d`
SHA1	`f93fc20847d3d76a0c72cfb097c93dd5ee3dd610`
SHA256	`63fc55e2985cff49049ab4ab24a21e5e04d27e3bc8d1a069ccbf2942cee33a10`
SHA3	`0456df2cd80bfddece3824fe88958dcae3ac0d522e1413b1ff3f849bdcdb802d`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x27e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.06467`
MD5	`d875a3e09bd74a8f760449a19a351827`
SHA1	`870df3cd183e92816fb4f92427cafa686f946a33`
SHA256	`a148bb733a7a6233501d6e615bcd37bedb995c29670798088e6c9c325b4429c8`
SHA3	`782f36c3fdf8521b0f1ebd9c721ce82161d3bd77c965734f3fd2714a3113db23`

String Table contents

OpenFinRVM
OPENFINRVM
Set file location for auto-download
Download remote files
Launch external processes
Read from the registry
End external processes
Get information about other apps' windows
Get information about another app's window
Access system audio
Read the clipboard
Write to the clipboard
Play videos
Access location data
Send system notifications
Use hardware-specific audio functions
Modify how the mouse works
Run in full screen mode
Open links in external applications
Save and restore external application windows
Open the default web browser
Write to the clipboard
View file location for auto-download
Set file download location
Register custom protocol handlers
Unregister custom protocol handlers
View custom protocol handlers
Access USB devices
Access human interface devices (HID)

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	13.0.1.2
ProductVersion	13.0.1.2
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	OpenFin Inc.
FileDescription	OpenFin RVM
FileVersion (#2)	13.0.1.2
InternalName	OpenFinRVM.exe
LegalCopyright	Copyright (C) 2019
OriginalFilename	OpenFinRVM.exe
ProductName	RVM
ProductVersion (#2)	13.0.1.2

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2024-Mar-29 17:25:43
Version	`0.0`
SizeofData	`105`
AddressOfRawData	`0x3c92b8`
PointerToRawData	`0x3c7eb8`
Referenced File	C:\ci\gitlab\builds\openfin\rvm\rvm\openfinrvm\Release-Production\OpenFinRVM.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2024-Mar-29 17:25:43
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x3c9324`
PointerToRawData	`0x3c7f24`

TLS Callbacks

StartAddressOfRawData	`0x85a000`
EndAddressOfRawData	`0x85a001`
AddressOfIndex	`0x852d14`
AddressOfCallbacks	`0x74ca24`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_1BYTES`
Callbacks	`0x00665D60`

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x829768`
SEHandlerTable	`0x7dbde0`
SEHandlerCount	`3252`

RICH Header

XOR Key	`0x7142ece7`
Unmarked objects	`0`
C++ objects (20806)	`2`
ASM objects (VS2013 build 21005)	`46`
C++ objects (VS2013 build 21005)	`146`
C objects (VS2013 build 21005)	`258`
C++ objects (VS2013 UPD5 build 40629)	`35`
209 (65501)	`1`
C objects (65501)	`2`
208 (65501)	`1`
Imports (65501)	`29`
Total imports	`411`
C++ objects (VS2013 UPD4 build 31101)	`29`
229 (VS2013 UPD5 build 40629)	`295`
Resource objects (VS2013 build 21005)	`1`
151	`1`
Linker (VS2013 UPD5 build 40629)	`1`

9810bc3caab35164ce18297699213b0d

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.tls

.rsrc

.reloc

Imports

Delayed Imports

143

149

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

103

107

145

147

7 (#2)

313

314

315

FONTDIR

153

109

128

107 (#2)

156

1039

1 (#2)

1 (#3)

String Table contents

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

TLS Callbacks

Load Configuration

RICH Header

Errors