Manalyze report for a06f62e4076017ab978066d0f99c8b69

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2012-Jun-21 01:32:55
Detected languages	English - United States Japanese - Japan
Debug artifacts	E:\tanuki\wrapper-3.5.15-build\wrapper_prerelease_3.5.15-st\src\c\wrapperw32_VC8__Win32_Release\wrapperw.pdb
CompanyName	Tanuki Software, Ltd.
FileDescription	Java Service Wrapper Standard Edition 3.5.15
FileVersion	`3, 5, 15, 0`
LegalCopyright	Copyright (C) 1999, 2012 Tanuki Software, Ltd. All rights reserved.
InternalName	wrapperw
OriginalFilename	wrapperw.exe
ProductName	Java Service Wrapper Standard
ProductVersion	`3, 5, 15, 0`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Looks for VMWare presence: 005056` `May have dropper capabilities: CurrentControlSet\Services`
Info	Libraries used to perform cryptographic operations:	`Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress LoadLibraryW` `Functions which can be used for anti-debugging purposes: FindWindowW` `Can access the registry: RegQueryInfoKeyW RegQueryValueExW RegEnumValueW RegCreateKeyW RegOpenKeyExW RegCloseKey RegSetValueExW` `Possibly launches other programs: CreateProcessW` `Uses Microsoft's cryptographic API: CryptMsgGetParam CryptQueryObject CryptDecodeObject CryptMsgClose` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges` `Interacts with services: ControlService QueryServiceStatus OpenServiceW OpenSCManagerW DeleteService QueryServiceConfigW CreateServiceW ChangeServiceConfigW` `Enumerates local disk drives: GetDriveTypeA GetDriveTypeW` `Manipulates other processes: OpenProcess` `Can take screenshots: FindWindowW GetDC BitBlt CreateCompatibleDC` `Queries user information on remote machines: NetWkstaGetInfo`
Suspicious	The file contains overlay data.	`276200 bytes of data starting at offset 0xddb18.`

Hashes

MD5	`a06f62e4076017ab978066d0f99c8b69`
SHA1	`b55b633e00241197acf1492e2dc6c253afcaab7d`
SHA256	`f8f70e8c86c66213bf3b55e613d38994a4589d149ead25c961948d0c5ed6f82e`
SHA3	`0813edfa6f9225ffefe60b1ef863a3501f0530cea6aaa141a439bc301ce896e2`
SSDeep	`24576:Qkx79YD+/pAyX6/wjxOlya1OULxdddldddgddd+dddgddd9dddgddd5dddgddd+j:Qu79YD+/pXXHxl/Mdddldddgddd+dddv`
Imports Hash	`b6b48646b1bc87f6a6c2a6f094636f25`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`5`
TimeDateStamp	2012-Jun-21 01:32:55
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`9.0`
SizeOfCode	`0x54200`
SizeOfInitializedData	`0xccc00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000040E4C (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x149000`
SizeOfHeaders	`0x400`
Checksum	`0xde298`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`89e7d3cbcf804f69635382e2733bd637`
SHA1	`bb34fbff07897ff8b8b846afff044e86c167ae8a`
SHA256	`979631b2e24a9c5f264980590513337cd5cead6b8ad6c1a06c81e91a57abcae6`
SHA3	`cb82ac234d80aa341d6afba0b9071c5676e7a9e402270232c323b0d66b9e9a09`
VirtualSize	`0x5400f`
VirtualAddress	`0x1000`
SizeOfRawData	`0x54200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.37918`

.rdata

MD5	`bfaaa9336f2da1f31d603151e435ac4b`
SHA1	`4f1344888bec4111b8bf4f66c5be1bf8aaa6a16e`
SHA256	`b600766b0b5d7560c4e23966a7da75857715c4418f236e8229cbc3bd7ba6a742`
SHA3	`73a45c9f1321a3dd35998fad7fea6ef12548380bf3c3323747f99a7c7579d09d`
VirtualSize	`0x289d0`
VirtualAddress	`0x56000`
SizeOfRawData	`0x28a00`
PointerToRawData	`0x54600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.01494`

.data

MD5	`e9c785ca7dc38d1196f76f43d2465ee6`
SHA1	`37f91cf7e878fc07f182e44702b7a30d708bc7e4`
SHA256	`c968a980b026abb6139b04da40105a79f4cef2c1e023731524754f09d4160119`
SHA3	`eaead0ac53251010c4fe894af827b76a26bb4c4cf1c202c4ad5b92f671236344`
VirtualSize	`0x260d0`
VirtualAddress	`0x7f000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0x7d000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.96774`

.pdata

MD5	`557400b84d2c30d418a604b787bf0a80`
SHA1	`e43dffbbdcafb1dc90497d5f6cf0b11d93dd96fb`
SHA256	`1b171d929c9789db2b6da93a6bd9ccd308ec00bc51198397a7b5b70fb0013bd9`
SHA3	`c9e90053edfc489dd921fb1916e24e5d033fc757978a635ae3a2d6ab06d23242`
VirtualSize	`0x35a0`
VirtualAddress	`0xa6000`
SizeOfRawData	`0x3600`
PointerToRawData	`0x7ec00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.74991`

.rsrc

MD5	`71449b0a809a618b58083956462a748e`
SHA1	`c58c2de86b38b24097bb5ac5aec471948ed9bef5`
SHA256	`9509d917e4fbb18c84259a7c1bc481c14992c15301219b6b69bc738fec99eb9e`
SHA3	`47253934ced1e09e297480e6e61942afed3466a8017e8543a7feca4a1e1b3520`
VirtualSize	`0x9ef40`
VirtualAddress	`0xaa000`
SizeOfRawData	`0x9f000`
PointerToRawData	`0x82200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.24712`

Imports

MPR.dll	`WNetCancelConnection2W` `WNetAddConnection2W` `WNetGetUniversalNameW`
SHELL32.dll	`ShellExecuteExW`
NETAPI32.dll	`NetWkstaGetInfo` `NetApiBufferFree`
WSOCK32.dll	`#57` `#11` `#10` `#9` `#15` `#16` `#2` `#19` `#12` `#1` `#20` `#23` `#3` `#52` `#115` `#111` `#13`
SHLWAPI.dll	`PathIsDirectoryW` `PathFindOnPathW`
ADVAPI32.dll	`ControlService` `LsaClose` `QueryServiceStatus` `StartServiceW` `LookupAccountSidW` `ChangeServiceConfig2W` `LookupPrivilegeValueW` `LookupAccountNameW` `RegQueryInfoKeyW` `RegQueryValueExW` `LsaAddAccountRights` `GetTokenInformation` `OpenServiceW` `LsaOpenPolicy` `StartServiceCtrlDispatcherW` `OpenSCManagerW` `DeleteService` `LsaQueryInformationPolicy` `OpenProcessToken` `CloseServiceHandle` `LsaFreeMemory` `QueryServiceConfigW` `ConvertSidToStringSidW` `AdjustTokenPrivileges` `CreateServiceW` `RegisterServiceCtrlHandlerW` `LsaNtStatusToWinError` `RegEnumValueW` `SetServiceStatus` `RegisterEventSourceW` `RegCreateKeyW` `DeregisterEventSource` `RegOpenKeyExW` `ReportEventW` `RegCloseKey` `RegSetValueExW` `ChangeServiceConfigW`
USER32.dll	`EndPaint` `DestroyWindow` `SetWindowPlacement` `LoadImageW` `DialogBoxParamW` `FindWindowW` `BeginPaint` `RegisterClassExW` `GetWindowPlacement` `ReleaseDC` `GetDlgItem` `EndDialog` `SendDlgItemMessageW` `SetWindowPos` `ShowWindow` `CreateWindowExW` `IsWindowVisible` `SetDlgItemTextW` `SendMessageW` `UpdateWindow` `SetWindowTextW` `DefWindowProcW` `LoadStringW` `GetSystemMetrics` `GetDC`
GDI32.dll	`BitBlt` `DeleteDC` `GetDeviceCaps` `SelectObject` `CreateCompatibleDC` `CreateFontW` `GetObjectW` `GetStockObject`
CRYPT32.dll	`CryptMsgGetParam` `CertCloseStore` `CertFindCertificateInStore` `CertFreeCertificateContext` `CertGetNameStringW` `CryptQueryObject` `CryptDecodeObject` `CryptMsgClose`
WINTRUST.dll	`WinVerifyTrust`
pdh.dll	`PdhOpenQueryW` `PdhGetFormattedCounterValue` `PdhCollectQueryData`
VERSION.dll	`GetFileVersionInfoW` `GetFileVersionInfoSizeW` `VerQueryValueW`
IPHLPAPI.DLL	`GetAdaptersInfo`
KERNEL32.dll	`SetFilePointer` `GetConsoleCP` `SetEndOfFile` `GetProcessHeap` `GetCurrentDirectoryA` `SetEnvironmentVariableA` `GetStringTypeW` `GetDriveTypeA` `FreeEnvironmentStringsW` `GetModuleFileNameA` `DeleteCriticalSection` `GetStartupInfoA` `SetHandleCount` `RtlUnwindEx` `HeapCreate` `HeapSetInformation` `LCMapStringW` `FlsAlloc` `FlsFree` `FlsSetValue` `FlsGetValue` `DecodePointer` `EncodePointer` `IsValidCodePage` `GetOEMCP` `GetCPInfo` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `SetUnhandledExceptionFilter` `LoadLibraryA` `InitializeCriticalSectionAndSpinCount` `CreateFileA` `GetCommandLineW` `LCMapStringA` `GetStringTypeA` `GetLocaleInfoA` `EnumSystemLocalesA` `IsValidLocale` `CompareStringW` `WriteConsoleA` `GetConsoleOutputCP` `HeapReAlloc` `HeapSize` `CompareStringA` `UnhandledExceptionFilter` `GetStartupInfoW` `FindNextFileW` `GetConsoleMode` `SetConsoleMode` `ReadConsoleInputA` `SetStdHandle` `GetACP` `MultiByteToWideChar` `GetLastError` `CreateMutexW` `WaitForSingleObject` `WideCharToMultiByte` `Sleep` `FormatMessageW` `WriteConsoleW` `GetModuleFileNameW` `lstrlenW` `GetCurrentThreadId` `ReleaseMutex` `CloseHandle` `LocalFree` `GetFullPathNameW` `RaiseException` `PeekNamedPipe` `GetEnvironmentStringsW` `ConnectNamedPipe` `GetModuleHandleW` `CreateNamedPipeW` `WriteFile` `GetLocaleInfoW` `GetVersionExW` `TerminateProcess` `ReadFile` `SetThreadLocale` `GetThreadLocale` `GetProcAddress` `GetSystemInfo` `GetEnvironmentVariableW` `GetFileSize` `lstrcmpA` `SetPriorityClass` `GetDriveTypeW` `AllocConsole` `GetSystemDefaultUILanguage` `FreeLibrary` `CreateProcessW` `EndUpdateResourceW` `GetCurrentProcess` `QueryPerformanceCounter` `GetUserDefaultLCID` `GenerateConsoleCtrlEvent` `OpenProcess` `GlobalAlloc` `LoadLibraryW` `CopyFileW` `GetExitCodeProcess` `MulDiv` `FileTimeToSystemTime` `CreateFileW` `FlushFileBuffers` `GetStdHandle` `GetCPInfoExW` `GetCurrentDirectoryW` `BeginUpdateResourceW` `GlobalFree` `GetLocalTime` `LocalAlloc` `SetConsoleCtrlHandler` `GlobalMemoryStatusEx` `CreatePipe` `SetConsoleTitleW` `UpdateResourceW` `QueryPerformanceFrequency` `DuplicateHandle` `FileTimeToLocalFileTime` `GetCurrentProcessId` `lstrcpyW` `SetFileAttributesW` `CreateThread` `ExpandEnvironmentStringsW` `GetTickCount` `SetLastError` `HeapFree` `GetFileInformationByHandle` `GetFileType` `HeapAlloc` `FindClose` `FindFirstFileW` `DeleteFileW` `GetTimeZoneInformation` `GetSystemTimeAsFileTime` `MoveFileW` `SetEnvironmentVariableW` `SetCurrentDirectoryW` `EnterCriticalSection` `LeaveCriticalSection` `ExitProcess`

Delayed Imports

111

Type	`RT_BITMAP`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x8ca36`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.98288`
MD5	`47456059f69071d383ad952b595a2de6`
SHA1	`17e65d1f0928a871449f120bd05c56ae49f2148a`
SHA256	`7b843b2da0f4b61f99131429598a0ea22a7d8a87fbc840ea5972a7bc9ed51479`
SHA3	`0e6a7aed4ed4f1744ab4d07dad4a6a0b81ec2d24b07197f6ef9de7806f304144`
Preview

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.21334`
MD5	`e076e4b61d0e13f18f00697213d3cabf`
SHA1	`e96811ea1ab434568647b59d3fcca546c7d0b95b`
SHA256	`5ef4a8e7b61eacb058b8d91d3c875852337caad97ca1b39e5c0eb3d0a13f560a`
SHA3	`bbe8c7c7b51ada3a34a77ad69621b51dc96e44902257a92a441c01df5f19e6fb`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.15469`
MD5	`6215a22ecdc77e1e08ff0d5068b4c1d6`
SHA1	`179bc0ad9892619f58407941f4dc1cf4414962cd`
SHA256	`7ae4faf630c21c0be3729177cfc64e1dd1f55c1ed958a62011c956fe6952985e`
SHA3	`556c7888ecadbaf73b3685e5514255a1a99f4fbd54f434cfca2d33b9b8ce2f61`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.11956`
MD5	`3a2afe8a84e31ca0e2c33b38867853bb`
SHA1	`6d04b4d383c94f593735fda5bcd9225828e36ee2`
SHA256	`6fe87945cee9f84fe600c6ff6936d847773c5fa4da0c845b14f974b644c311ea`
SHA3	`938f3825b1cf5fd8b532b899369c16936d9db4656552e9f24073b3bd494335a3`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.06964`
MD5	`82eef09e3273b5438758344a97658692`
SHA1	`e17840fcb0110d2e53a8996433bccf7e2711b735`
SHA256	`6cf249ced712732238cea69c6c0732b644da9483da200ac54874842a77eda93a`
SHA3	`44ef6f4d4e4fe3df6b4b4201edfa06115ba3c2f16e9eba208e9ad831486015dc`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41461`
MD5	`f0705203a5462d01cdb1ad6b5816304f`
SHA1	`0b57190c53acf234ee142e8def5d53e5b1558234`
SHA256	`793272a5fc35b85bd4c7ebd09310d90416ccdaf86cb36d1dfa57ff249c42dd76`
SHA3	`aef50231b3cc7a89103f75471877f6c45d72195d88a7d40e2b9892abcef30476`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.75816`
MD5	`2eaa3fe8850aebdddba57862f0a58912`
SHA1	`69793ce5b4a2057e0316c5def6a43ae166b63fe1`
SHA256	`ab1e03191df64ae92870dc1696f78a5a8c8bdb3b942fdba4272233f42b60a9b2`
SHA3	`e63b86d35c63f9af57e71361b7e18772e13535499965c9f04b5da38f214b95fa`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.45156`
MD5	`409aeacd4b99cebd5a4b309de6b8d6b9`
SHA1	`83ded0d7e824416815161745c25b000d92af4286`
SHA256	`df5f0bb3b6404d50ed59dc89f8e090abe3524fa20f66acfcd1eb732274f56ca2`
SHA3	`add90620559437208b5dee30f66de5b17be0baecc2f14b5055c5d2b5b555599e`

8

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.41784`
MD5	`cfe4e49b2e8eea93d77dc1f07c51d5a6`
SHA1	`409709493f5309dbceb6859f7026f3eef247321e`
SHA256	`3407483869fa5b3c5a345b61f079bcd023abdb8195bc0c401e244aa52f32ca9f`
SHA3	`baf95eb23c89657231bd82d92b532a3aeceaeb52b57f3a8bbc4fb2970c95365e`

9

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01498`
MD5	`7d2b5df793f04e76d5eb27ae7ab3e30e`
SHA1	`669dab75116ef747a170afc9ce9a25db381a151d`
SHA256	`c6089ab648d384c6906b5f0a27675fb85517e39a891deb0ebd19cb981eb19c08`
SHA3	`130be90a507199b45f517aea0bb013690d49e5e1d4a333a5ea427fdd34b09045`

10

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.02541`
MD5	`0b3cbf31ffafaa422bdd25338d6ffe2c`
SHA1	`0e2d4c98d9dfa0f7d79998425896c8405256fc67`
SHA256	`3784b97effbe4ae102951b66bad87665462703aea508cc9d6cb01d1b0406fe16`
SHA3	`801b03ed57251b1a0003583fec6dd24f0961edad74dee70968366b212e135c93`

11

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.11458`
MD5	`8a65fc3a6ef7c6d258434a2c8aa90f8f`
SHA1	`18a68c6095f0b59215df766a54e4d52391a5c7e1`
SHA256	`6e42c2fbf92ce7fd38b291ea734483eaf38c40450572c5be998c0b1575d17f97`
SHA3	`52dbafd317ae03ea4145fb6cdb650c02efeccd4a176972969ba83bb144bcd2a3`

12

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.09383`
MD5	`87a310d1d12abdd8f590e7e99458ab09`
SHA1	`3103235eca4731887d31f8f2b64c55eee7cbb0dd`
SHA256	`01a3eb1032598b713f4f3976f1bc89303a30653fd1b9fc93e409ba6fd7087086`
SHA3	`4bdcf333e0fa1eb8f76804ddacfa485ad9e9efa71d11d9f57f7c4165682e7561`

13

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.02496`
MD5	`4b7a3fd737dd109b93940b7190d0f12e`
SHA1	`d59825cf4af2e93324d2119a4d7022f9f648bba2`
SHA256	`134f43e310f29990f68abfc0fb2b104d2c2599c22890ee37e9910ff4ff123586`
SHA3	`6d81f6bc77265ccbc030ba4b75f8b57ba0d2e064542a116288db2a133f55bdbb`

14

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x6c96`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.97198`
Detected Filetype	PNG graphic file
MD5	`7bca20eea2d2005c8c672b45303fee3d`
SHA1	`f15133f4f7a383b64515794a3ea4723a58a2c5ff`
SHA256	`d6887687bc5de3038bf72cf79bfc743132eb6a7446a2b749e57d24fa1e8f880b`
SHA3	`6b5e01b99f337f2d64398fdb8744fc63f67bed205f256cad0c296b2a332ee39d`

105

Type	`RT_DIALOG`
Language	Japanese - Japan
Codepage	Latin 1 / Western European
Size	`0xf4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.2836`
MD5	`2debab27104605a194be3f1e00d935eb`
SHA1	`e452a896e85c2d83d6765fe46a4efc0111bdc247`
SHA256	`0eed7303586d35d9f2b6aae051a039c75f070fc9519c6b1a42148cb1a272ea24`
SHA3	`2431660cc30ec07c4a265a5f13e6c0fe6c2dca8e17ae346d5d8eac64f3a0087d`

8 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.38158`
MD5	`4dda7f6c205975b1f4e49b838ba13e5a`
SHA1	`a1c7ba921faac3c544133e63a5e2dac9680430e6`
SHA256	`69b9597c772d18f4754b1c96ded79792377b944c86dc6d8780e1169a301b48fc`
SHA3	`93717b29966dc1c9ec6efb565ea1507f68144dc37088e564b889b067b7b95252`

9 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x20`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`70bc8f4b72a86921468bf8e8441dce51`
SHA1	`de8a847bff8c343d69b853a215e6ee775ef2ef96`
SHA256	`66687aadf862bd776c8fc18b8e9f8e20089714856ee233b3902a591d0d5f2925`
SHA3	`9e6291970cb44dd94008c79bcaf9d86f18b4b49ba5b2a04781db7199ed3b9e4e`

42

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.38158`
MD5	`4dda7f6c205975b1f4e49b838ba13e5a`
SHA1	`a1c7ba921faac3c544133e63a5e2dac9680430e6`
SHA256	`69b9597c772d18f4754b1c96ded79792377b944c86dc6d8780e1169a301b48fc`
SHA3	`93717b29966dc1c9ec6efb565ea1507f68144dc37088e564b889b067b7b95252`

1 (#2)

Type	`RT_MESSAGETABLE`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xc0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.20513`
MD5	`1a3fdc15bf22aa89bbd6feaea5441ea0`
SHA1	`2e853002422060f2feb8d8809f62bc2f1cbd0120`
SHA256	`2df6ed092017ec3015089efc51ed892f272b0ea862bf1e5b26aba1cd56ca7a49`
SHA3	`3b49d1bffe19fea85a6f9b9eeaf403c79aa86a153e88d3f0a4b4b9f1a86d3ffc`

102

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.75351`
Detected Filetype	Icon file
MD5	`a5d3044dc02a2c802acb3a3a5020ccfa`
SHA1	`f6d0b0661bd82c39580f9085d7e85785d25c1ce8`
SHA256	`5d0f38db0c382e6acba0882fd2a9354ca70ac1930a5e8dbbabeb7626612f0a0f`
SHA3	`5c9097d93bd3ea74b4ad17d62d59b0646b1034d2bd54368cc8dbe925b1c504f6`

1 (#3)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x74c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.07797`
MD5	`d21a7bfe1dcfee023cab33a3f523d2da`
SHA1	`58bc2f8b65bb7bc9b0d4855352c7883fa5d927d0`
SHA256	`932da772f7e5398f412a72abd1030f8934d6d9f7382cccb35e0e30bdccfa7648`
SHA3	`62dbb2230de9c0d1cd3bf0129050ce79ac4d102e0adf31cfa086f513844ea3e8`

1 (#4)

Type	`RT_VERSION`
Language	Japanese - Japan
Codepage	Latin 1 / Western European
Size	`0x3a4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.47678`
MD5	`aedfe34c8437decd8eaa0bcca7f96477`
SHA1	`134246dff70a9aa937d0a32bb737206e26d313ad`
SHA256	`775167d792381f6c4dbe24b36b5d0878ace6dace759294dbd9117a975739199e`
SHA3	`c6d95e07b2e4123bb85343e5b7c0ca45347c37fc9acb2c04e15e6fc90b068e0d`

String Table contents

t
t

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2012-Jun-21 01:32:55
Version	`0.0`
SizeofData	`133`
AddressOfRawData	`0x78900`
PointerToRawData	`0x76f00`
Referenced File	E:\tanuki\wrapper-3.5.15-build\wrapper_prerelease_3.5.15-st\src\c\wrapperw32_VC8__Win32_Release\wrapperw.pdb

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x122ed551`
Unmarked objects	`0`
150 (20413)	`6`
C++ objects (VS2008 build 21022)	`47`
C objects (VS2008 build 21022)	`181`
ASM objects (VS2008 build 21022)	`11`
Imports (VS2012 build 50727 / VS2005 build 50727)	`29`
Total imports	`269`
137 (VS2008 build 21022)	`11`
Linker (VS2008 build 21022)	`1`
Resource objects (VS2008 build 21022)	`1`

Errors

[*] Warning: The WIN_CERTIFICATE appears to be invalid.
[*] Warning: Multiple nodes using the name Version Info in a dictionary.