99bf014966d027f192200f7adde03632

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2020-Aug-10 21:20:32
Detected languages English - United States

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Suspicious Strings found in the binary may indicate undesirable behavior: Miscellaneous malware strings:
  • cmd.exe
Contains domain names:
  • adobe.com
  • curl.haxx.se
  • example.com
  • http://ns.adobe.com
  • http://ns.adobe.com/exif/1.0/
  • http://ns.adobe.com/photoshop/1.0/
  • http://ns.adobe.com/tiff/1.0/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/sType/ResourceEvent#
  • http://ns.adobe.com/xap/1.0/sType/ResourceRef#
  • http://purl.org
  • http://www.w3.org
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • https://curl.haxx.se
  • https://curl.haxx.se/docs/http-cookies.html
  • ns.adobe.com
  • www.w3.org
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Uses constants related to SHA256
Microsoft's Cryptography API
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Functions which can be used for anti-debugging purposes:
  • FindWindowA
Possibly launches other programs:
  • system
Uses Microsoft's cryptographic API:
  • CryptAcquireContextA
  • CryptReleaseContext
  • CryptHashData
  • CryptDestroyHash
  • CryptDestroyKey
  • CryptImportKey
  • CryptEncrypt
  • CryptGenRandom
  • CryptGetHashParam
  • CryptCreateHash
  • CryptStringToBinaryA
  • CryptDecodeObjectEx
  • CryptQueryObject
Uses functions commonly found in keyloggers:
  • GetForegroundWindow
  • CallNextHookEx
Leverages the raw socket API to access the Internet:
  • #8
  • #13
  • #10
  • #111
  • inet_pton
  • #151
  • #18
  • #112
  • #2
  • #4
  • #5
  • #6
  • #7
  • #9
  • #15
  • #21
  • WSAIoctl
  • #115
  • #116
  • #1
  • #3
  • #16
  • #23
  • #57
  • #20
  • #17
  • #19
  • freeaddrinfo
  • #14
  • getaddrinfo
Enumerates local disk drives:
  • GetVolumeInformationA
Reads the contents of the clipboard:
  • GetClipboardData
Interacts with the certificate store:
  • CertOpenStore
  • CertAddCertificateContextToStore
Malicious VirusTotal score: 3/70 (Scanned on 2020-09-25 14:31:53) Bkav: W32.AIDetectVM.malware1
Elastic: malicious (high confidence)
APEX: Malicious

Hashes

MD5 99bf014966d027f192200f7adde03632
SHA1 a444e0548730ceeab7e11d532d6ff117f164d5f9
SHA256 9f827051517f56472ada21fe2f84fe932acaa0b2ff7e3f0411aca85987c66430
SHA3 6ac854ba7d06fd1bc16acf611032655bfad8208933ca5bab1a9dde82f14f0650
SSDeep 24576:cio8GNWyjtZgsFpjKbpQ0SU2UlHS73qpTpZ/j:cRNhjtimpApQks3uTpl
Imports Hash 00f562ead28338fa52b8a9c0514e3b29

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x108

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2020-Aug-10 21:20:32
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x97600
SizeOfInitializedData 0x63000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0009689D (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x99000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0xfe000
SizeOfHeaders 0x400
Checksum 0x106543
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 32abbd77592fea8374ec0df0db68df5d
SHA1 8237919c1f0d8dd8ba067d945406a1c93be48c40
SHA256 e084701cdc01ebfcae0d848adf08d730a2923e4786b57089b2ebce5cf0a498f0
SHA3 c2a2b03e1329b75e6f131e3e8b2e4351efb22211809c8da18b2efded7acf8ccb
VirtualSize 0x97570
VirtualAddress 0x1000
SizeOfRawData 0x97600
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.51193

.rdata

MD5 5b8d91cb755b53b5f05699d7db431fda
SHA1 d188991c13244bf37e7dccce62ebd547a64cfc0e
SHA256 43dee5ae04c7446cffcf0be33e5aa26e8cf551bd631ade1cab236cd4884e473b
SHA3 53e1f80af9e27e461d1794993a2305ba2669743c71dd56a42f7a51927e0e213b
VirtualSize 0x19f06
VirtualAddress 0x99000
SizeOfRawData 0x1a000
PointerToRawData 0x97a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.27178

.data

MD5 5dbab42f47a604d13f55868e8ca5cc0c
SHA1 997ed71c0333f2074c8d1fe7b9843389ab02c384
SHA256 cf6ab5d489891d31dd4b7fdca40ac94c08de64249ad57200520d0cf16515c4fc
SHA3 a4e5b960bd540b26d5478c95a65cc7498367f7dc3b8854647f360fd3688ac4c8
VirtualSize 0xca0
VirtualAddress 0xb3000
SizeOfRawData 0x800
PointerToRawData 0xb1a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.34272

.rsrc

MD5 818e58aace52638af0b6130f23bb242d
SHA1 3606ebdc35e69d2b2048ab05b676dd40a6027d59
SHA256 56b29a44a7f27b26598b4fd10f56e1ed9d2306d1e690d2195cbf824a3ae433d6
SHA3 17b1499f10cbe8d1706550014ece455e5ea58005777b40dba80823e4bbd34144
VirtualSize 0x43158
VirtualAddress 0xb4000
SizeOfRawData 0x43200
PointerToRawData 0xb2200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.69459

.reloc

MD5 f880fb82d8f79284406f7b67e5b45228
SHA1 3337cccee411f2e0da7a3577842f632ce1699a07
SHA256 bc19b6fad92ca07423e5432cf1d36218e2b5c1952fad7b95c159b1b99c40a183
SHA3 e761ca5f25511264e519da0e43d773914785457f84948a2d5c677c1d0c53b345
VirtualSize 0x5508
VirtualAddress 0xf8000
SizeOfRawData 0x5600
PointerToRawData 0xf5400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.71675

Imports

d3d11.dll D3D11CreateDeviceAndSwapChain
WLDAP32.dll #26
#22
#143
#46
#211
#60
#45
#50
#41
#33
#32
#35
#79
#27
#30
#200
#301
WS2_32.dll #8
#13
#10
#111
inet_pton
#151
#18
#112
#2
#4
#5
#6
#7
#9
#15
#21
WSAIoctl
#115
#116
#1
#3
#16
#23
#57
#20
#17
#19
freeaddrinfo
#14
getaddrinfo
ADVAPI32.dll GetCurrentHwProfileA
CryptAcquireContextA
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
CryptGenRandom
CryptGetHashParam
CryptCreateHash
CRYPT32.dll CryptStringToBinaryA
CryptDecodeObjectEx
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertAddCertificateContextToStore
CertFindExtension
PFXImportCertStore
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateContext
CertFreeCertificateChain
KERNEL32.dll SetLastError
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
GetEnvironmentVariableA
GetLastError
WaitForSingleObjectEx
CloseHandle
MoveFileExA
VerifyVersionInfoA
FormatMessageA
GetSystemDirectoryA
SleepEx
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetTickCount
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
LoadLibraryA
GetProcAddress
CreateFileA
GetFileSizeEx
FreeLibrary
VerSetConditionMask
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetSystemTimeAsFileTime
Sleep
GetConsoleWindow
GetModuleHandleA
LoadResource
LockResource
SizeofResource
FindResourceA
GetVolumeInformationA
IsDebuggerPresent
GetCurrentProcessId
GlobalAlloc
GlobalUnlock
GlobalLock
GetComputerNameA
InitializeSListHead
QueryPerformanceCounter
QueryPerformanceFrequency
USER32.dll GetForegroundWindow
GetClientRect
SetCursorPos
SetCursor
ClientToScreen
ScreenToClient
LoadCursorA
GetClipboardData
ShowWindow
SetCapture
GetCapture
GetKeyState
IsChild
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
FindWindowA
GetCursorPos
PostMessageW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetMessageA
LoadIconA
UpdateWindow
GetKeyNameTextA
SetWindowPos
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
PostQuitMessage
DefWindowProcA
PeekMessageA
DispatchMessageA
TranslateMessage
ReleaseCapture
MSVCP140.dll ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Random_device@std@@YAIXZ
_Thrd_sleep
_Query_perf_frequency
_Query_perf_counter
_Xtime_get_ticks
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Thrd_join
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?uncaught_exceptions@std@@YAHXZ
?_Xlength_error@std@@YAXPBD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
XINPUT1_4.dll #2
#4
D3DCOMPILER_47.dll D3DCompile
IMM32.dll ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow
VCRUNTIME140.dll __current_exception
__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
memset
strstr
memchr
strchr
_except_handler4_common
strrchr
__current_exception_context
api-ms-win-crt-runtime-l1-1-0.dll _initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_errno
system
strerror
terminate
_c_exit
_cexit
__p___argv
__p___argc
_exit
_crt_atexit
exit
_initterm_e
_getpid
_beginthreadex
_controlfp_s
_initterm
__sys_nerr
_configure_narrow_argv
_get_initial_narrow_environment
_register_onexit_function
_seh_filter_exe
_set_app_type
_register_thread_local_exe_atexit_callback
_initialize_narrow_environment
api-ms-win-crt-stdio-l1-1-0.dll feof
_lseeki64
fopen
_set_fmode
_get_stream_buffer_pointers
fgets
fflush
fgetpos
fputc
fsetpos
ungetc
__p__commode
fputs
_fseeki64
fwrite
setvbuf
__stdio_common_vsscanf
__stdio_common_vsprintf
_wfopen
ferror
ftell
_read
_write
_close
_open
fseek
fgetc
fread
__acrt_iob_func
fclose
api-ms-win-crt-string-l1-1-0.dll _strdup
strcpy_s
isupper
strspn
strcspn
strncmp
strpbrk
tolower
strncpy
api-ms-win-crt-math-l1-1-0.dll _libm_sse2_pow_precise
__setusermatherr
ldexp
_CIfmod
floor
_libm_sse2_cos_precise
_libm_sse2_sin_precise
_libm_sse2_acos_precise
_libm_sse2_sqrt_precise
ceil
api-ms-win-crt-heap-l1-1-0.dll calloc
free
_callnewh
malloc
realloc
_set_new_mode
api-ms-win-crt-convert-l1-1-0.dll strtoll
atoi
strtoul
atof
strtol
api-ms-win-crt-time-l1-1-0.dll clock
_gmtime64
_time64
api-ms-win-crt-filesystem-l1-1-0.dll _access
_lock_file
_stat64
_fstat64
_unlink
_unlock_file
api-ms-win-crt-utility-l1-1-0.dll qsort
api-ms-win-crt-environment-l1-1-0.dll getenv
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x15fb
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.75865
Detected Filetype PNG graphic file
MD5 66437ffdf1ea7d3f9082b21a5d31e118
SHA1 ea2ca945361ba26b811ffaa17473c9949c0e9fde
SHA256 d6c9db92943ba816987abeac2b7363f01d0d44fea3166f0fd6d842d4a33cd21e
SHA3 4223feb1636b48dd4e2870675dae900846cec14219476ef1a3619215b75c7fe7

2

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x10828
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.96759
MD5 01280c41db06e89b83c19e3fcd143c3f
SHA1 b68951fa35229567855b25c8d1aee553f8b59047
SHA256 9b5f6a7a17c173f0fd0986bde073a977a95b8046bfbdda9a0f604e50d548b2fc
SHA3 07651c508e2aa5aaf26e61376b192944c3797b06304888fd2c5c7000ba709b56

3

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.07537
MD5 eb5fc6714156df06194ec51c38dbe4df
SHA1 052f29f8f756de47472838810fdb4b0eb45655d1
SHA256 1f556af1899d51cb50c17eb0bf63db8797d531a1051f30f295f27c7d143307ab
SHA3 38dede9ea1b972499df184a6c0c510fa704489e56c9e5ded842b8de4ae12e1f4

4

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.25177
MD5 581b1a01c36a57ac0805bf67fb13d2d9
SHA1 2fb1024fb389cd608b2fcae8c523af7380d18d2c
SHA256 1762a9657fd95f8155c51ce406b6f2944eeeef18041907af4edf90470b8cd4ea
SHA3 7c31e779d6cd36599c51eb68eb955d848bbd22c8e629e8bf9fe64a4320d43ae7

5

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.37754
MD5 f7f21b961ace2537d3a1a84252ae36d7
SHA1 3d82c6c59c6fb0433a060da1afc3ec1d4e62fc11
SHA256 9b1f75247d898495d6dda774d0ff1dfb8ed61d06c5f8c946949ee567bdc1597e
SHA3 2f4a3ad70115558c5eb89fc419c6386a0653427c875a52298e492d0611ee2163

6

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.63606
MD5 198275d04a7c776b97c444f9d32fc62c
SHA1 30e386623b5020ac76b8c6d1529addf7edf417fa
SHA256 af03677069b60185728c80ed195775c910f9577fadbbd0da1d5109ff355324ec
SHA3 1a58449f5430086d7b60397848920d1c2ce8df9cfc62a76536509adc101f0984

7

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x858a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.98431
Detected Filetype PNG graphic file
MD5 c1786d07e7b57e5524981962d1ef751c
SHA1 4422db7c0c8b855f4a9425d6ded675a924cf9028
SHA256 9f37a368c8c769ec11c89395f64fe2d071bc1715e46c710ea166602d64569998
SHA3 e8be543a053c6feaa89bc13a0dbbde189c3b47e4827e440c448ec9c2a054e3ab

8

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x10828
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.87694
MD5 03b22367eb9b0dcdb1143d6aceb1f850
SHA1 ff9ec9d68d696abe0cbfbd4acfcf529f8404d452
SHA256 f8b7130cbd26894be7625c3842e7e19a5b25196eaa0fc12ae8a12410d8639c21
SHA3 59fe36b174844908355afee39a782303700b0bbea14233c5d08e14c9bbe79850

9

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.08277
MD5 23ddc570b346bc8d7caa06ff64523586
SHA1 f0a1a2ed8cee89201f81a1e4f422c726c52d157b
SHA256 c642cfb8c29e030ea90d6e0c01deb47c4703fbc9cb99890a701a956e95568556
SHA3 4f1de01a9b78a53413b2561febfebf14a7358bbb7369f4750ab679d12cdd7678

10

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.21363
MD5 132861639b31ce194b1eb2d90fefbb35
SHA1 01e7c635d96d6a0524ac3e118536b527cef87208
SHA256 0af7a6580f891781629efc258a291ebde6732552f777c4c9ece81b8bc1c47afb
SHA3 ff788a71e4a32ea10b2368496ccd925eade78540ea0d26ca8a0e4585752d802b

11

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.36678
MD5 28849a59f6ad5d2250831e9541762992
SHA1 6b4f6e14b09f6104e9fb805e6e4a5cc7e8a111dc
SHA256 f6ba7b1bbeccbe22f1443246f1b2ea419ff7d14e568a5d520bce66e805124749
SHA3 7e6653c4b99f720ea676d2063adf70f6d5f28c97e1b23c906a3dde5b0e8fadf7

12

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.61494
MD5 d9ce69e535e6fd1d96d0cd0e60b8cede
SHA1 8881cec21265f98480ae636f6aaa159bec2d5ee3
SHA256 f15bf341ea3fde299b9ddcf82cf055a860ff9bf2591244c9a40d7d5fc6fc1237
SHA3 e7d51e8fdd2198ece817938182415d495e3dbd113149725d925d04ac81353ce7

1002

Type RT_RCDATA
Language English - United States
Codepage Latin 1 / Western European
Size 0x8632
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.9609
Detected Filetype PNG graphic file
MD5 f62c8e9042073bea775cae3424ee62ec
SHA1 9d7f1b2994d2e081d4073fe1779368ae440a4293
SHA256 d33412fb648a9841c62dc5d948e301bab8dd71a2508bc72a36b0b0d07990d6be
SHA3 e43ef0a44777d8bb3157d2297c0554d908e2bd8f939d481190bad255938efe35

ID

Type RT_GROUP_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x5a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.79908
Detected Filetype Icon file
MD5 efca5f5ee2e2e3b2a3a7a6251f4959a9
SHA1 c4c7a0e4f44b355f075aafd1272ad778b7949883
SHA256 a7a026e306defff66905d3f6d3ec076df9f9c821f98285678b48a055e1f977f7
SHA3 79be5beee3eea9c11902ef6d03535bbe31c3100a804a9db973110a325165445e

1001

Type RT_GROUP_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x5a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.87162
Detected Filetype Icon file
MD5 a9b795408e27511725fa5cb33d352d5b
SHA1 d4f003abb29271f0d6f311cc0ec64b44cbe20797
SHA256 d8adee467ab072259bcfa93f66ce603f30913f96c01dd3d4678a11de0775fa32
SHA3 6f18ee1d3ae5c7fb2e83dad0627f1d0315bea4c000ad375299a0e032edd5ae3e

1 (#2)

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x15a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.79597
MD5 24d3b502e1846356b0263f945ddd5529
SHA1 bac45b86a9c48fc3756a46809c101570d349737d
SHA256 49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e
SHA3 1244ed60820da52dc4b53880ec48e3b587dbdbd9545f01fa2b1c0fcfea1d5e9e

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2020-Aug-10 21:20:32
Version 0.0
SizeofData 860
AddressOfRawData 0xaf8d0
PointerToRawData 0xae2d0

TLS Callbacks

StartAddressOfRawData 0x4afc3c
EndAddressOfRawData 0x4afc50
AddressOfIndex 0x4b3908
AddressOfCallbacks 0x4995e8
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0xb8
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x4b32e0
SEHandlerTable 0x4af82c
SEHandlerCount 41

RICH Header

XOR Key 0x76d43c8b
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 22
199 (41118) 6
C objects (VS 2015/2017/2019 runtime 28619) 12
ASM objects (VS 2015/2017/2019 runtime 28619) 11
C++ objects (VS 2015/2017/2019 runtime 28619) 30
Imports (VS 2015/2017/2019 runtime 28619) 4
Imports (26715) 23
Total imports 363
C objects (VS2019 Update 6 (16.6.1-5) compiler 28806) 111
C++ objects (VS2019 Update 6 (16.6.1-5) compiler 28806) 10
Resource objects (VS2019 Update 6 (16.6.1-5) compiler 28806) 1
Linker (VS2019 Update 6 (16.6.1-5) compiler 28806) 1

Errors