Manalyze report for 99bf014966d027f192200f7adde03632

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2020-Aug-10 21:20:32
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: cmd.exe` `Contains domain names: adobe.com curl.haxx.se example.com http://ns.adobe.com http://ns.adobe.com/exif/1.0/ http://ns.adobe.com/photoshop/1.0/ http://ns.adobe.com/tiff/1.0/ http://ns.adobe.com/xap/1.0/ http://ns.adobe.com/xap/1.0/mm/ http://ns.adobe.com/xap/1.0/sType/ResourceEvent# http://ns.adobe.com/xap/1.0/sType/ResourceRef# http://purl.org http://www.w3.org http://www.w3.org/1999/02/22-rdf-syntax-ns# https://curl.haxx.se https://curl.haxx.se/docs/http-cookies.html ns.adobe.com www.w3.org`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to SHA256` `Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Functions which can be used for anti-debugging purposes: FindWindowA` `Possibly launches other programs: system` `Uses Microsoft's cryptographic API: CryptAcquireContextA CryptReleaseContext CryptHashData CryptDestroyHash CryptDestroyKey CryptImportKey CryptEncrypt CryptGenRandom CryptGetHashParam CryptCreateHash CryptStringToBinaryA CryptDecodeObjectEx CryptQueryObject` `Uses functions commonly found in keyloggers: GetForegroundWindow CallNextHookEx` `Leverages the raw socket API to access the Internet: #8 #13 #10 #111 inet_pton #151 #18 #112 #2 #4 #5 #6 #7 #9 #15 #21 WSAIoctl #115 #116 #1 #3 #16 #23 #57 #20 #17 #19 freeaddrinfo #14 getaddrinfo` `Enumerates local disk drives: GetVolumeInformationA` `Reads the contents of the clipboard: GetClipboardData` `Interacts with the certificate store: CertOpenStore CertAddCertificateContextToStore`
Malicious	VirusTotal score: 3/70 (Scanned on 2020-09-25 14:31:53)	`Bkav: W32.AIDetectVM.malware1` `Elastic: malicious (high confidence)` `APEX: Malicious`

Hashes

MD5	`99bf014966d027f192200f7adde03632`
SHA1	`a444e0548730ceeab7e11d532d6ff117f164d5f9`
SHA256	`9f827051517f56472ada21fe2f84fe932acaa0b2ff7e3f0411aca85987c66430`
SHA3	`6ac854ba7d06fd1bc16acf611032655bfad8208933ca5bab1a9dde82f14f0650`
SSDeep	`24576:cio8GNWyjtZgsFpjKbpQ0SU2UlHS73qpTpZ/j:cRNhjtimpApQks3uTpl`
Imports Hash	`00f562ead28338fa52b8a9c0514e3b29`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2020-Aug-10 21:20:32
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x97600`
SizeOfInitializedData	`0x63000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0009689D (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x99000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xfe000`
SizeOfHeaders	`0x400`
Checksum	`0x106543`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`32abbd77592fea8374ec0df0db68df5d`
SHA1	`8237919c1f0d8dd8ba067d945406a1c93be48c40`
SHA256	`e084701cdc01ebfcae0d848adf08d730a2923e4786b57089b2ebce5cf0a498f0`
SHA3	`c2a2b03e1329b75e6f131e3e8b2e4351efb22211809c8da18b2efded7acf8ccb`
VirtualSize	`0x97570`
VirtualAddress	`0x1000`
SizeOfRawData	`0x97600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.51193`

.rdata

MD5	`5b8d91cb755b53b5f05699d7db431fda`
SHA1	`d188991c13244bf37e7dccce62ebd547a64cfc0e`
SHA256	`43dee5ae04c7446cffcf0be33e5aa26e8cf551bd631ade1cab236cd4884e473b`
SHA3	`53e1f80af9e27e461d1794993a2305ba2669743c71dd56a42f7a51927e0e213b`
VirtualSize	`0x19f06`
VirtualAddress	`0x99000`
SizeOfRawData	`0x1a000`
PointerToRawData	`0x97a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.27178`

.data

MD5	`5dbab42f47a604d13f55868e8ca5cc0c`
SHA1	`997ed71c0333f2074c8d1fe7b9843389ab02c384`
SHA256	`cf6ab5d489891d31dd4b7fdca40ac94c08de64249ad57200520d0cf16515c4fc`
SHA3	`a4e5b960bd540b26d5478c95a65cc7498367f7dc3b8854647f360fd3688ac4c8`
VirtualSize	`0xca0`
VirtualAddress	`0xb3000`
SizeOfRawData	`0x800`
PointerToRawData	`0xb1a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.34272`

.rsrc

MD5	`818e58aace52638af0b6130f23bb242d`
SHA1	`3606ebdc35e69d2b2048ab05b676dd40a6027d59`
SHA256	`56b29a44a7f27b26598b4fd10f56e1ed9d2306d1e690d2195cbf824a3ae433d6`
SHA3	`17b1499f10cbe8d1706550014ece455e5ea58005777b40dba80823e4bbd34144`
VirtualSize	`0x43158`
VirtualAddress	`0xb4000`
SizeOfRawData	`0x43200`
PointerToRawData	`0xb2200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.69459`

.reloc

MD5	`f880fb82d8f79284406f7b67e5b45228`
SHA1	`3337cccee411f2e0da7a3577842f632ce1699a07`
SHA256	`bc19b6fad92ca07423e5432cf1d36218e2b5c1952fad7b95c159b1b99c40a183`
SHA3	`e761ca5f25511264e519da0e43d773914785457f84948a2d5c677c1d0c53b345`
VirtualSize	`0x5508`
VirtualAddress	`0xf8000`
SizeOfRawData	`0x5600`
PointerToRawData	`0xf5400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.71675`

Imports

d3d11.dll	`D3D11CreateDeviceAndSwapChain`
WLDAP32.dll	`#26` `#22` `#143` `#46` `#211` `#60` `#45` `#50` `#41` `#33` `#32` `#35` `#79` `#27` `#30` `#200` `#301`
WS2_32.dll	`#8` `#13` `#10` `#111` `inet_pton` `#151` `#18` `#112` `#2` `#4` `#5` `#6` `#7` `#9` `#15` `#21` `WSAIoctl` `#115` `#116` `#1` `#3` `#16` `#23` `#57` `#20` `#17` `#19` `freeaddrinfo` `#14` `getaddrinfo`
ADVAPI32.dll	`GetCurrentHwProfileA` `CryptAcquireContextA` `CryptReleaseContext` `CryptHashData` `CryptDestroyHash` `CryptDestroyKey` `CryptImportKey` `CryptEncrypt` `CryptGenRandom` `CryptGetHashParam` `CryptCreateHash`
CRYPT32.dll	`CryptStringToBinaryA` `CryptDecodeObjectEx` `CertFindCertificateInStore` `CertEnumCertificatesInStore` `CertCloseStore` `CertOpenStore` `CertAddCertificateContextToStore` `CertFindExtension` `PFXImportCertStore` `CertGetNameStringA` `CryptQueryObject` `CertCreateCertificateChainEngine` `CertFreeCertificateChainEngine` `CertGetCertificateChain` `CertFreeCertificateContext` `CertFreeCertificateChain`
KERNEL32.dll	`SetLastError` `WaitForMultipleObjects` `PeekNamedPipe` `ReadFile` `GetFileType` `GetStdHandle` `GetEnvironmentVariableA` `GetLastError` `WaitForSingleObjectEx` `CloseHandle` `MoveFileExA` `VerifyVersionInfoA` `FormatMessageA` `GetSystemDirectoryA` `SleepEx` `DeleteCriticalSection` `InitializeCriticalSectionEx` `LeaveCriticalSection` `EnterCriticalSection` `GetTickCount` `WideCharToMultiByte` `MultiByteToWideChar` `GlobalFree` `LoadLibraryA` `GetProcAddress` `CreateFileA` `GetFileSizeEx` `FreeLibrary` `VerSetConditionMask` `IsProcessorFeaturePresent` `InitializeCriticalSectionAndSpinCount` `CreateEventW` `GetModuleHandleW` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `Sleep` `GetConsoleWindow` `GetModuleHandleA` `LoadResource` `LockResource` `SizeofResource` `FindResourceA` `GetVolumeInformationA` `IsDebuggerPresent` `GetCurrentProcessId` `GlobalAlloc` `GlobalUnlock` `GlobalLock` `GetComputerNameA` `InitializeSListHead` `QueryPerformanceCounter` `QueryPerformanceFrequency`
USER32.dll	`GetForegroundWindow` `GetClientRect` `SetCursorPos` `SetCursor` `ClientToScreen` `ScreenToClient` `LoadCursorA` `GetClipboardData` `ShowWindow` `SetCapture` `GetCapture` `GetKeyState` `IsChild` `EmptyClipboard` `SetClipboardData` `CloseClipboard` `OpenClipboard` `FindWindowA` `GetCursorPos` `PostMessageW` `CallNextHookEx` `UnhookWindowsHookEx` `SetWindowsHookExA` `GetMessageA` `LoadIconA` `UpdateWindow` `GetKeyNameTextA` `SetWindowPos` `DestroyWindow` `CreateWindowExA` `RegisterClassExA` `UnregisterClassA` `PostQuitMessage` `DefWindowProcA` `PeekMessageA` `DispatchMessageA` `TranslateMessage` `ReleaseCapture`
MSVCP140.dll	`?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ` `?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ` `?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z` `?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z` `?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ` `?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ` `?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z` `?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z` `?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ` `?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ` `?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ` `??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z` `?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z` `?always_noconv@codecvt_base@std@@QBE_NXZ` `?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ` `??Bid@locale@std@@QAEIXZ` `??1_Lockit@std@@QAE@XZ` `??0_Lockit@std@@QAE@H@Z` `?_Random_device@std@@YAIXZ` `_Thrd_sleep` `_Query_perf_frequency` `_Query_perf_counter` `_Xtime_get_ticks` `?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?_Throw_Cpp_error@std@@YAXH@Z` `_Cnd_do_broadcast_at_thread_exit` `_Thrd_id` `_Thrd_join` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ` `?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ` `?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z` `?uncaught_exceptions@std@@YAHXZ` `?_Xlength_error@std@@YAXPBD@Z` `??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ`
XINPUT1_4.dll	`#2` `#4`
D3DCOMPILER_47.dll	`D3DCompile`
IMM32.dll	`ImmReleaseContext` `ImmGetContext` `ImmSetCompositionWindow`
VCRUNTIME140.dll	`__current_exception` `__std_terminate` `__std_exception_copy` `__std_exception_destroy` `_CxxThrowException` `__CxxFrameHandler3` `memcpy` `memmove` `memset` `strstr` `memchr` `strchr` `_except_handler4_common` `strrchr` `__current_exception_context`
api-ms-win-crt-runtime-l1-1-0.dll	`_initialize_onexit_table` `_invalid_parameter_noinfo_noreturn` `_errno` `system` `strerror` `terminate` `_c_exit` `_cexit` `__p___argv` `__p___argc` `_exit` `_crt_atexit` `exit` `_initterm_e` `_getpid` `_beginthreadex` `_controlfp_s` `_initterm` `__sys_nerr` `_configure_narrow_argv` `_get_initial_narrow_environment` `_register_onexit_function` `_seh_filter_exe` `_set_app_type` `_register_thread_local_exe_atexit_callback` `_initialize_narrow_environment`
api-ms-win-crt-stdio-l1-1-0.dll	`feof` `_lseeki64` `fopen` `_set_fmode` `_get_stream_buffer_pointers` `fgets` `fflush` `fgetpos` `fputc` `fsetpos` `ungetc` `__p__commode` `fputs` `_fseeki64` `fwrite` `setvbuf` `__stdio_common_vsscanf` `__stdio_common_vsprintf` `_wfopen` `ferror` `ftell` `_read` `_write` `_close` `_open` `fseek` `fgetc` `fread` `__acrt_iob_func` `fclose`
api-ms-win-crt-string-l1-1-0.dll	`_strdup` `strcpy_s` `isupper` `strspn` `strcspn` `strncmp` `strpbrk` `tolower` `strncpy`
api-ms-win-crt-math-l1-1-0.dll	`_libm_sse2_pow_precise` `__setusermatherr` `ldexp` `_CIfmod` `floor` `_libm_sse2_cos_precise` `_libm_sse2_sin_precise` `_libm_sse2_acos_precise` `_libm_sse2_sqrt_precise` `ceil`
api-ms-win-crt-heap-l1-1-0.dll	`calloc` `free` `_callnewh` `malloc` `realloc` `_set_new_mode`
api-ms-win-crt-convert-l1-1-0.dll	`strtoll` `atoi` `strtoul` `atof` `strtol`
api-ms-win-crt-time-l1-1-0.dll	`clock` `_gmtime64` `_time64`
api-ms-win-crt-filesystem-l1-1-0.dll	`_access` `_lock_file` `_stat64` `_fstat64` `_unlink` `_unlock_file`
api-ms-win-crt-utility-l1-1-0.dll	`qsort`
api-ms-win-crt-environment-l1-1-0.dll	`getenv`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x15fb`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.75865`
Detected Filetype	PNG graphic file
MD5	`66437ffdf1ea7d3f9082b21a5d31e118`
SHA1	`ea2ca945361ba26b811ffaa17473c9949c0e9fde`
SHA256	`d6c9db92943ba816987abeac2b7363f01d0d44fea3166f0fd6d842d4a33cd21e`
SHA3	`4223feb1636b48dd4e2870675dae900846cec14219476ef1a3619215b75c7fe7`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.96759`
MD5	`01280c41db06e89b83c19e3fcd143c3f`
SHA1	`b68951fa35229567855b25c8d1aee553f8b59047`
SHA256	`9b5f6a7a17c173f0fd0986bde073a977a95b8046bfbdda9a0f604e50d548b2fc`
SHA3	`07651c508e2aa5aaf26e61376b192944c3797b06304888fd2c5c7000ba709b56`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.07537`
MD5	`eb5fc6714156df06194ec51c38dbe4df`
SHA1	`052f29f8f756de47472838810fdb4b0eb45655d1`
SHA256	`1f556af1899d51cb50c17eb0bf63db8797d531a1051f30f295f27c7d143307ab`
SHA3	`38dede9ea1b972499df184a6c0c510fa704489e56c9e5ded842b8de4ae12e1f4`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.25177`
MD5	`581b1a01c36a57ac0805bf67fb13d2d9`
SHA1	`2fb1024fb389cd608b2fcae8c523af7380d18d2c`
SHA256	`1762a9657fd95f8155c51ce406b6f2944eeeef18041907af4edf90470b8cd4ea`
SHA3	`7c31e779d6cd36599c51eb68eb955d848bbd22c8e629e8bf9fe64a4320d43ae7`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.37754`
MD5	`f7f21b961ace2537d3a1a84252ae36d7`
SHA1	`3d82c6c59c6fb0433a060da1afc3ec1d4e62fc11`
SHA256	`9b1f75247d898495d6dda774d0ff1dfb8ed61d06c5f8c946949ee567bdc1597e`
SHA3	`2f4a3ad70115558c5eb89fc419c6386a0653427c875a52298e492d0611ee2163`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.63606`
MD5	`198275d04a7c776b97c444f9d32fc62c`
SHA1	`30e386623b5020ac76b8c6d1529addf7edf417fa`
SHA256	`af03677069b60185728c80ed195775c910f9577fadbbd0da1d5109ff355324ec`
SHA3	`1a58449f5430086d7b60397848920d1c2ce8df9cfc62a76536509adc101f0984`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x858a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98431`
Detected Filetype	PNG graphic file
MD5	`c1786d07e7b57e5524981962d1ef751c`
SHA1	`4422db7c0c8b855f4a9425d6ded675a924cf9028`
SHA256	`9f37a368c8c769ec11c89395f64fe2d071bc1715e46c710ea166602d64569998`
SHA3	`e8be543a053c6feaa89bc13a0dbbde189c3b47e4827e440c448ec9c2a054e3ab`

8

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.87694`
MD5	`03b22367eb9b0dcdb1143d6aceb1f850`
SHA1	`ff9ec9d68d696abe0cbfbd4acfcf529f8404d452`
SHA256	`f8b7130cbd26894be7625c3842e7e19a5b25196eaa0fc12ae8a12410d8639c21`
SHA3	`59fe36b174844908355afee39a782303700b0bbea14233c5d08e14c9bbe79850`

9

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.08277`
MD5	`23ddc570b346bc8d7caa06ff64523586`
SHA1	`f0a1a2ed8cee89201f81a1e4f422c726c52d157b`
SHA256	`c642cfb8c29e030ea90d6e0c01deb47c4703fbc9cb99890a701a956e95568556`
SHA3	`4f1de01a9b78a53413b2561febfebf14a7358bbb7369f4750ab679d12cdd7678`

10

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.21363`
MD5	`132861639b31ce194b1eb2d90fefbb35`
SHA1	`01e7c635d96d6a0524ac3e118536b527cef87208`
SHA256	`0af7a6580f891781629efc258a291ebde6732552f777c4c9ece81b8bc1c47afb`
SHA3	`ff788a71e4a32ea10b2368496ccd925eade78540ea0d26ca8a0e4585752d802b`

11

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.36678`
MD5	`28849a59f6ad5d2250831e9541762992`
SHA1	`6b4f6e14b09f6104e9fb805e6e4a5cc7e8a111dc`
SHA256	`f6ba7b1bbeccbe22f1443246f1b2ea419ff7d14e568a5d520bce66e805124749`
SHA3	`7e6653c4b99f720ea676d2063adf70f6d5f28c97e1b23c906a3dde5b0e8fadf7`

12

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.61494`
MD5	`d9ce69e535e6fd1d96d0cd0e60b8cede`
SHA1	`8881cec21265f98480ae636f6aaa159bec2d5ee3`
SHA256	`f15bf341ea3fde299b9ddcf82cf055a860ff9bf2591244c9a40d7d5fc6fc1237`
SHA3	`e7d51e8fdd2198ece817938182415d495e3dbd113149725d925d04ac81353ce7`

1002

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x8632`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.9609`
Detected Filetype	PNG graphic file
MD5	`f62c8e9042073bea775cae3424ee62ec`
SHA1	`9d7f1b2994d2e081d4073fe1779368ae440a4293`
SHA256	`d33412fb648a9841c62dc5d948e301bab8dd71a2508bc72a36b0b0d07990d6be`
SHA3	`e43ef0a44777d8bb3157d2297c0554d908e2bd8f939d481190bad255938efe35`

ID

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.79908`
Detected Filetype	Icon file
MD5	`efca5f5ee2e2e3b2a3a7a6251f4959a9`
SHA1	`c4c7a0e4f44b355f075aafd1272ad778b7949883`
SHA256	`a7a026e306defff66905d3f6d3ec076df9f9c821f98285678b48a055e1f977f7`
SHA3	`79be5beee3eea9c11902ef6d03535bbe31c3100a804a9db973110a325165445e`

1001

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.87162`
Detected Filetype	Icon file
MD5	`a9b795408e27511725fa5cb33d352d5b`
SHA1	`d4f003abb29271f0d6f311cc0ec64b44cbe20797`
SHA256	`d8adee467ab072259bcfa93f66ce603f30913f96c01dd3d4678a11de0775fa32`
SHA3	`6f18ee1d3ae5c7fb2e83dad0627f1d0315bea4c000ad375299a0e032edd5ae3e`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x15a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.79597`
MD5	`24d3b502e1846356b0263f945ddd5529`
SHA1	`bac45b86a9c48fc3756a46809c101570d349737d`
SHA256	`49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e`
SHA3	`1244ed60820da52dc4b53880ec48e3b587dbdbd9545f01fa2b1c0fcfea1d5e9e`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2020-Aug-10 21:20:32
Version	`0.0`
SizeofData	`860`
AddressOfRawData	`0xaf8d0`
PointerToRawData	`0xae2d0`

TLS Callbacks

StartAddressOfRawData	`0x4afc3c`
EndAddressOfRawData	`0x4afc50`
AddressOfIndex	`0x4b3908`
AddressOfCallbacks	`0x4995e8`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0xb8`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x4b32e0`
SEHandlerTable	`0x4af82c`
SEHandlerCount	`41`

RICH Header

XOR Key	`0x76d43c8b`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`22`
199 (41118)	`6`
C objects (VS 2015/2017/2019 runtime 28619)	`12`
ASM objects (VS 2015/2017/2019 runtime 28619)	`11`
C++ objects (VS 2015/2017/2019 runtime 28619)	`30`
Imports (VS 2015/2017/2019 runtime 28619)	`4`
Imports (26715)	`23`
Total imports	`363`
C objects (VS2019 Update 6 (16.6.1-5) compiler 28806)	`111`
C++ objects (VS2019 Update 6 (16.6.1-5) compiler 28806)	`10`
Resource objects (VS2019 Update 6 (16.6.1-5) compiler 28806)	`1`
Linker (VS2019 Update 6 (16.6.1-5) compiler 28806)	`1`

99bf014966d027f192200f7adde03632

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

7

8

9

10

11

12

1002

ID

1001

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors