Manalyze report for a17252b64fef5a0199918e8d78924901

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-Mar-12 14:54:18
Detected languages	English - United States Polish - Poland
CompanyName	GOG Sp. z o.o.
FileDescription	GOG Galaxy Webinstaller
FileVersion	`2.0.0.2`
InternalName	GOG Galaxy Webinstaller.exe
LegalCopyright	(C) GOG Sp. z o.o. 2020
InternalName (#2)	GOG Galaxy Webinstaller.exe
ProductName	GOG Galaxy Webinstaller
ProductVersion	`2.0.0.2`

Plugin Output

Suspicious	PEiD Signature:	`UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX -> www.upx.sourceforge.net` `UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser`
Suspicious	The PE is packed with UPX	`Unusual section name found: UPX0` `Section UPX0 is both writable and executable.` `Unusual section name found: UPX1` `Section UPX1 is both writable and executable.` `The PE only has 9 import(s).` `The PE's resources are bigger than it is.`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Can access the registry: RegCloseKey` `Has Internet access capabilities: URLDownloadToFileW`
Suspicious	The PE is possibly a dropper.	`Resource 133 is possibly compressed or encrypted.` `Resource 134 is possibly compressed or encrypted.` `Resource 135 is possibly compressed or encrypted.` `Resource 136 is possibly compressed or encrypted.` `Resource 137 is possibly compressed or encrypted.` `Resource 138 is possibly compressed or encrypted.` `Resource 139 is possibly compressed or encrypted.` `Resource 140 is possibly compressed or encrypted.` `Resource 141 is possibly compressed or encrypted.` `Resource 142 is possibly compressed or encrypted.` `Resource 143 is possibly compressed or encrypted.` `Resource 144 is possibly compressed or encrypted.` `Resource 145 is possibly compressed or encrypted.` `Resources amount for 118.655% of the executable.`
Info	The PE is digitally signed.	`Signer: GOG Sp. z o.o.` `Issuer: DigiCert SHA2 Assured ID Code Signing CA`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`a17252b64fef5a0199918e8d78924901`
SHA1	`29836d2580d645a93942a2919488db61a3bf042e`
SHA256	`b5baa3eb03b32fd980a1ad0f1b149c711320237ed23f17d28af9e1659991c139`
SHA3	`4d884136b1a3460edeb733d88e028680d3ae44277b173bacafee78b07ea44b81`
SSDeep	`12288:T27p5j8DPeuUSFHqLV+JjY4UW61O4RAxDleFbWQCQTFgSYyAzB+Q/uLnK3:T27EDFHqLy826My+QiyGJyAV+muLK3`
Imports Hash	`0b5d23895837448a329cb1b4dc10916a`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2020-Mar-12 14:54:18
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x73000`
SizeOfInitializedData	`0x7a000`
SizeOfUninitializedData	`0x153000`
AddressOfEntryPoint	`0x001C62E0 (Section: UPX1)`
BaseOfCode	`0x154000`
BaseOfData	`0x1c7000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x241000`
SizeOfHeaders	`0x1000`
Checksum	`0xf8f1e`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

UPX0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x153000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

UPX1

MD5	`5c4515e9ba1914c8bc741dadbad6c869`
SHA1	`ceaa9c1671b704cf203e0a661a43b07abbedc383`
SHA256	`688fa842504ac578bf720fd05cc70b8b6ce245b8f31982b4d4e7bcbb3ec858b0`
SHA3	`ce60fa07834b9c5bd8adcc9acd04ac2b5171e85b1512cc858758a89cb8dd5dd9`
VirtualSize	`0x73000`
VirtualAddress	`0x154000`
SizeOfRawData	`0x72600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.93112`

.rsrc

MD5	`766d24cfac92f585413f9ab9242599e6`
SHA1	`55015c4c03a270c23ff63cf4d136edc33a5a3be7`
SHA256	`55a8ec2ec13f0a0bf2a30ac252538fcc3683c2cdf6b215f5e8abb2cc8093f8d2`
SHA3	`3b098b8a31038513cf77585bb56e02f98531014d62b40cd7f2761692b7937c5d`
VirtualSize	`0x7a000`
VirtualAddress	`0x1c7000`
SizeOfRawData	`0x79400`
PointerToRawData	`0x72a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.75154`

Imports

ADVAPI32.dll	`RegCloseKey`
KERNEL32.DLL	`LoadLibraryA` `ExitProcess` `GetProcAddress` `VirtualProtect`
SHELL32.dll	`ShellExecuteExW`
SHLWAPI.dll	`PathFileExistsW`
urlmon.dll	`URLDownloadToFileW`
USER32.dll	`MessageBoxW`

Delayed Imports

1

Type	`RT_ICON`
Language	Polish - Poland
Codepage	Latin 1 / Western European
Size	`0xcb28`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.44439`
MD5	`cfb6d819f37f3e012261f3f823c5b25e`
SHA1	`05cb4ff991d501fbef80d40518f9c8db8ddc6a57`
SHA256	`47f05ddd102bb3cf0115c2d516050cf28c3816535314c556c8acdb2e2b11a800`
SHA3	`0e52317b9a3c63f702d5334a579e034cbebd36edf6226f32fa40691538c47f1c`

2

Type	`RT_ICON`
Language	Polish - Poland
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.39916`
MD5	`80d0b6cae5ca6833c72627ea4e274b9d`
SHA1	`b00f095e1ef454955e2ea33fdfe0293ece4c37ac`
SHA256	`ab06c07edb8d61389566665d7452e827b0d221c151dbea5ecdbd2115855d7223`
SHA3	`c7fcbd64b5791882b98dd4a05dbc4d576c0e02c12d35f2a890bc0f902e5e0194`

3

Type	`RT_ICON`
Language	Polish - Poland
Codepage	Latin 1 / Western European
Size	`0x14f68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.35608`
MD5	`0653ae90ae5653ad47df9f62128f65ff`
SHA1	`6cf089cdfa8e8d304d5bbaa662e4dc6c1ed75745`
SHA256	`a2c86b9119c402e84b82a8a0de7cd6d911769fa8b0934117b760ffd062ec0a16`
SHA3	`1636d1d38383e4240cba3340a9e2c17973dcc708d714f52351587126f216efd4`

4

Type	`RT_ICON`
Language	Polish - Poland
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.34906`
MD5	`0efac166a671415272162e7f2f668cdb`
SHA1	`2c3b35784d1738f88a5f382bc3199d1d01266382`
SHA256	`2fcbe8124b953bf7df9a9489b2ae8af8d05200d83a95f116d49ea06b369e3381`
SHA3	`d32d34140ba63a2f5247548af9485f242afb64f093909cb71ffb203f987147ca`

5

Type	`RT_ICON`
Language	Polish - Poland
Codepage	Latin 1 / Western European
Size	`0x19ca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.28967`
MD5	`b31e145852382162ec95114fbbd80d62`
SHA1	`0748dfcb7f7fc72be5c41d4f9f3fa5fd4bcb7ebd`
SHA256	`f1f12bdce19716bc955edc231aabeb03f7f105ed17bb91c303d12825bfac6c04`
SHA3	`c1ebc7ee8d70bd482a956b81f7509768c76adc87b904039b68d52708340e666e`

6

Type	`RT_ICON`
Language	Polish - Poland
Codepage	Latin 1 / Western European
Size	`0x6b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.07714`
MD5	`d33b5b65a9b5f917df03e7a6ae0909aa`
SHA1	`6db5a8f22b5cfd497f27f8c31387993c1fe9d4f8`
SHA256	`14491142ca7305232cd5978ff70fb66714d0482897f0f78bc8907bf41b776716`
SHA3	`c5a37b6bdff3f361171c82cb0c20c78fc9feac8c6d6bb6dbbce691434731bd18`

7

Type	`RT_ICON`
Language	Polish - Poland
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.22115`
MD5	`e73277779bdd3d14cc520e88a6b6ec25`
SHA1	`cf0b849d36f9618b1d927be813c8e3171c2206f8`
SHA256	`18f1e5286abccc09be6936fa07ce60e7806e2947b84c8587df02bd10fe91bffd`
SHA3	`33a47006c02a0cb8e907e4d1388d849ce6947f564461698e2fe8f750998832de`

8

Type	`RT_ICON`
Language	Polish - Poland
Codepage	Latin 1 / Western European
Size	`0x886c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.97708`
Detected Filetype	PNG graphic file
MD5	`d841fb711de2b631625217a5df148192`
SHA1	`bc13610532c3a84cb49d57dcde62d02de0424a59`
SHA256	`875b3e4c424cff46700a5229d074b5827bd857beac18da0cfbe9c9aa1b59e9e0`
SHA3	`f251f2859c45a31d43643d2a5aa9d2264a575608a20a4319aae6c4e59dc82111`

9

Type	`RT_ICON`
Language	Polish - Poland
Codepage	Latin 1 / Western European
Size	`0xcd8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.05272`
MD5	`fed9c0f0f0233719a6f02a670e0bb8ee`
SHA1	`5d57997cd0a3980075142be1a974af024e1679aa`
SHA256	`d02f799b4bbceca9d279e890ce9b7d7adf771660fd46f393bead82ac05f31a14`
SHA3	`75697ef19d512c57ae0d24b684fbf569fa7d98e7c49366eaadc8cf4eda73688f`

10

Type	`RT_ICON`
Language	Polish - Poland
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.14182`
MD5	`866dab8395c7b841e2806d2a7df3b8da`
SHA1	`db13eaa73ec9eb3643691f6451687bc556c88b0e`
SHA256	`31f403f55d00c54b64318670ae249bf2d399be21560d132c31a251071f481617`
SHA3	`3acba772115b37ff8c4f83dfc2713c5db2da590bbfd67ecfa609a4905efa4a77`

11

Type	`RT_ICON`
Language	Polish - Poland
Codepage	Latin 1 / Western European
Size	`0x1a68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.87164`
MD5	`fc6d3c8ffa02f8fc99d55c4d782545b9`
SHA1	`db2c7540c3078113f2c49f1f9bedd43997563696`
SHA256	`cdbd233be4effb6b0839400c4c700f136da84b7692c1b1f7087c2856a4a86c54`
SHA3	`a8cc123d5c4e598f038fc37a323faffbb50a57c4cdfd943f9f73e7510b538b43`

12

Type	`RT_ICON`
Language	Polish - Poland
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.81386`
MD5	`5029ad098ec915c1e1129fe2557f7f75`
SHA1	`329386b2ca26dd3b44980226b5082d962c0248d7`
SHA256	`51016aa7e82fe6368f911fd834d3b3a8c51a551498fa2d0aa5a3af3bdbe59049`
SHA3	`f7c68fafaaf1e70658dadaafe9ab0e22fa01aeb5ab1ffd837356b1ab29ef9a05`

13

Type	`RT_ICON`
Language	Polish - Poland
Codepage	Latin 1 / Western European
Size	`0x32e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.767`
MD5	`16b9a489ebfc004b1ea1021ffa48e33f`
SHA1	`77d24e71b6a31bb3c994467c6db9dd8225a8d6f1`
SHA256	`b6ec757094b67c2b922cf54aded4ecaa701e319a50c613af2811dcc752aedb94`
SHA3	`f86ef0ffcb00630da84d360900029c693bae0ee3f322228da7404815a1f61b91`

14

Type	`RT_ICON`
Language	Polish - Poland
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.72111`
MD5	`2a48c402d26fa0a3df5707f12204974a`
SHA1	`14f88c4dc918c174a808af28eaec01e7f436398a`
SHA256	`efd8cd81f2cbca51aac9a3b671c34618bf32ea4616864bd56e1fe6c059295dc5`
SHA3	`be90416f2d46fc30284cc0ae8a45e3945cda55659509d5254c1ec6c333957c4f`

15

Type	`RT_ICON`
Language	Polish - Poland
Codepage	Latin 1 / Western European
Size	`0x5488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.80662`
MD5	`f11ad87947c907bf5aaa648b16e0df9d`
SHA1	`e8c407636ebe493e5817a5b6bd6058edc293cf82`
SHA256	`d6d3a8b905905ddb6c61fe616268623cc26fdee70b39117fd069435fbfece93b`
SHA3	`34b9e864ff006b796dc3b394529b758a980658c6397238130ccccb7bf3c9e880`

16

Type	`RT_ICON`
Language	Polish - Poland
Codepage	Latin 1 / Western European
Size	`0x67e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.53063`
MD5	`07f48d4f363a8547d10a517ac32ea942`
SHA1	`85520220e9b34265bf66312032f03e81a6bf2798`
SHA256	`ad8e6dd844112467a9caaa9d13a2384506e280a20036ca6e973b531671dbd39b`
SHA3	`daf35bb01b75b28abb8b9f5bb9a55235e9606769df75a067c7f87af748d8ca87`

17

Type	`RT_ICON`
Language	Polish - Poland
Codepage	Latin 1 / Western European
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.51918`
MD5	`d518e4ea93dde55b775d94775877bd56`
SHA1	`3172353bd6e4d94bcc911f41d9cd8c9828e2d369`
SHA256	`a42dc9b886d0d2fed62826e13d3e0d968857b4064d65ebc1eff27833ed1ed72b`
SHA3	`9ccec5197beba02866e3675308ec3b81fd386eac5049e6a5894b6a1f95fa01d5`

109

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

IDD_ABOUTBOX

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x168`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

7 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x74`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

109 (#2)

Type	`RT_ACCELERATOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

129

Type	`RT_RCDATA`
Language	Polish - Poland
Codepage	Latin 1 / Western European
Size	`0x8d848`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

133

Type	`RT_RCDATA`
Language	Polish - Poland
Codepage	Latin 1 / Western European
Size	`0x615e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.82988`
MD5	`4256fe5849550efc734e5712a97d6bdc`
SHA1	`d8da6142cf4c04294d96427ece6888569014f222`
SHA256	`ae91a0277d7032e38a4651548ca96c8b96b83acb90a9ce4d9dd8e5b5a95d3514`
SHA3	`8e9392f55919eff07803eb62d60bcc1987af95b9add263c862559fd695f9872c`

134

Type	`RT_RCDATA`
Language	Polish - Poland
Codepage	Latin 1 / Western European
Size	`0x1800`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.67485`
MD5	`edd72ce25611fb14ef9771a17068ea03`
SHA1	`08e97040b3f5d35829dabe7a602335be357129d9`
SHA256	`3d01bae885fdb9893871f63dc8890796aae38c9e364828a1c3302bf70840e396`
SHA3	`540e196c92de6c9c3248666ea7cbc7371da845b900143a0f4786ec7e50ecc894`

135

Type	`RT_RCDATA`
Language	Polish - Poland
Codepage	Latin 1 / Western European
Size	`0x1600`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.69247`
MD5	`21d80ae1e8d7d0b40fcea7bec2d29457`
SHA1	`fff463e6b01deb96cc6cc3ccf28f246481bcd1bf`
SHA256	`ba3733d34d09b6a2a58d1495bac64d13d13316800e1266b109f81b119de63166`
SHA3	`c033885a8aaf406ab8bed02f97ab50c8c8da96c0e7c32ef8753b9316c96c9b95`

136

Type	`RT_RCDATA`
Language	Polish - Poland
Codepage	Latin 1 / Western European
Size	`0x1600`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.67212`
MD5	`04fdf3ad300462cc0ed9e6956e3e5581`
SHA1	`7e9c472e33203af405bb8a479cc9ba4b864bb2aa`
SHA256	`8810c1609426e94b3ffddf04b637b0d7bc36567bea6726225e1d534936c2a521`
SHA3	`3fdf126170dc31968ec4d3122c73ffb427d8767924a49a63b254671b7a74f003`

137

Type	`RT_RCDATA`
Language	Polish - Poland
Codepage	Latin 1 / Western European
Size	`0x1600`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.68836`
MD5	`d9c5a3331ef28fc5d17c65461c7d395a`
SHA1	`cf95085edb2749ba1d4272e747c0b8b106ce3354`
SHA256	`0095e01a5f93d35f68e946bcc623e3f67d4f71dec6ad72e6c6c4437e3c5c9ec0`
SHA3	`0a0d2019c4fe22acf6fd91c045aa9a395a03ca39c369d7391032303a6029bc7a`

138

Type	`RT_RCDATA`
Language	Polish - Poland
Codepage	Latin 1 / Western European
Size	`0x1600`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.67073`
MD5	`1bc385759b796b8a8a7304cfc41bf6d6`
SHA1	`863407ba0783222aaf7c4f15abdae8d8724e289a`
SHA256	`bc652b05fe0720a0f6a7e7223aa282ccedb49c85a818e0c5102a2af866bab41b`
SHA3	`5871c582b6aaab66546c4e88a04591eda0280f53cff740a38eb8c8734de30af8`

139

Type	`RT_RCDATA`
Language	Polish - Poland
Codepage	Latin 1 / Western European
Size	`0x1600`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.82558`
MD5	`4aff351b4f22d08551f9481d83c23577`
SHA1	`ab8f7949abd2e03faf169d7841cdff91a33e1b24`
SHA256	`3005b7db3a50ab2db09976f11a245f02f2b0f546460a95f652b732278eadda22`
SHA3	`54b24dd96cbf645c6a45ef546f0996d11eabb31f12e9ed583dfad773d8d95913`

140

Type	`RT_RCDATA`
Language	Polish - Poland
Codepage	Latin 1 / Western European
Size	`0x1600`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.79534`
MD5	`23fb47130ae1693d00389ee507309af9`
SHA1	`3567606fe9a5d18df1f1814b52c94cf85936c890`
SHA256	`84d6cbaa54c0cb87d350be310b9d351783885b253968b15929a2aeb2c7a5bedf`
SHA3	`aefb28b5906e28d7bee95b44bc008eec2207215df078c83f6a9f632ce0fffd4d`

141

Type	`RT_RCDATA`
Language	Polish - Poland
Codepage	Latin 1 / Western European
Size	`0x1600`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.82212`
MD5	`02e37053a69407d01a2b444b64531f07`
SHA1	`a5f4c989a07e951fecfca130308e7aba9f2aaa62`
SHA256	`d39cb9947d83cd2bff90ebf0b9d2eda8c9a9f569125ff0ede3e1557fa4b4ce11`
SHA3	`ccd7a38202a5964f2550516290f24a96af15d761f1c6639e3ef2ed5f071bd57d`

142

Type	`RT_RCDATA`
Language	Polish - Poland
Codepage	Latin 1 / Western European
Size	`0x1600`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.77996`
MD5	`3cec1ee301bb66a71d4562aedc985f30`
SHA1	`542afc4a401ebac834e8fba734acf6bb8d072da8`
SHA256	`79a4eed32df55118e1e29d6ca5a039106aa751afdd84054a6568781f61184451`
SHA3	`81efd41af7755c7880f48db32c4325226d62b1175f9a6f6fe418d3241aafdbfd`

143

Type	`RT_RCDATA`
Language	Polish - Poland
Codepage	Latin 1 / Western European
Size	`0x1600`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.82993`
MD5	`ca026f964ba41e3dca7c1f60a4a51d4d`
SHA1	`59b7ae2bce525da1264fa2e93e90ef71fde05d9c`
SHA256	`65206b8a3d663e4b3159d9d3988820313f3a22c49a26ce0257804d0bc5b9a91c`
SHA3	`efcb587ecfcb5b94cc98f48d9a898eda945b206999777d1c65b89aa0ab5863a9`

144

Type	`RT_RCDATA`
Language	Polish - Poland
Codepage	Latin 1 / Western European
Size	`0x1600`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.83121`
MD5	`aa83362515adb6f2c2ac9e7d8cfb5a9e`
SHA1	`6524ff7ba9a46ea913ec39bbeb14a33a394e00b9`
SHA256	`5f8e9a99baef70aa51ec893401701e3fe09a786f76b964545d260957086de113`
SHA3	`ec1e55a9fb8bcc9db3b072ca4add02f83b9c9dd625eedd6e2002edcef2489832`

145

Type	`RT_RCDATA`
Language	Polish - Poland
Codepage	Latin 1 / Western European
Size	`0x1600`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.81202`
MD5	`a247661cefc9f652d9a4d264fe9c9850`
SHA1	`6289ab2ec0116a461e405fc198a59f9873e5a59f`
SHA256	`78619b0d864d4c2bf78f1a18cce3c3e4a019664109e444b4a5dc90a0e049126e`
SHA3	`abe658ced11c349418101161b41cfc3b959db55dda2763c13489c11a0bee6442`

132

Type	`RT_GROUP_ICON`
Language	Polish - Poland
Codepage	Latin 1 / Western European
Size	`0xf4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41644`
Detected Filetype	Icon file
MD5	`a7d1a6a134b3909a8b2c45b4c06e5f15`
SHA1	`72b5006e952e7248b6018b92db98fdba01a61eab`
SHA256	`a4d07773a6a51f7064b1215a0c11ef3ca6ab9cab559961f65eb58fcd3af4437b`
SHA3	`e69052ec3080a6219283a79c4d0176dfce435febc20b8be818b5ccf042efbb20`

1 (#2)

Type	`RT_VERSION`
Language	Polish - Poland
Codepage	Latin 1 / Western European
Size	`0x32c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.35618`
MD5	`014907370be7ed1ddde459ec3a08b4bd`
SHA1	`307198ee485c3c85f66b28dbd33b975c5ce6fdda`
SHA256	`e2ff3e17620c5f3474bef29698bd0f8969fc42f87e408f84663c6d5459d3098d`
SHA3	`86cfa3cfc55372fbcb56560e5908e1cdc8f7bf7087b52718939c6133362c8888`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.12886`
MD5	`262e2da31d4388bc67ba1eca106924a5`
SHA1	`59cc957866df0e70f62bfac2fcc0d577968f0105`
SHA256	`5b4b0be9c33743ff03ffc800ab2419a25590b29a93627eb407af751aa9f35b7c`
SHA3	`a85921b207cbf4d086a0d12a122952aa49bb49728a137a94c2b941b5dc3b6e7f`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2.0.0.2
ProductVersion	2.0.0.2
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	GOG Sp. z o.o.
FileDescription	GOG Galaxy Webinstaller
FileVersion (#2)	2.0.0.2
InternalName	GOG Galaxy Webinstaller.exe
LegalCopyright	(C) GOG Sp. z o.o. 2020
InternalName (#2)	GOG Galaxy Webinstaller.exe
ProductName	GOG Galaxy Webinstaller
ProductVersion (#2)	2.0.0.2

Resource LangID	Polish - Poland

TLS Callbacks

Load Configuration

Size	`0x5c`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x494b64`
SEHandlerTable	`0x48c5e0`
SEHandlerCount	`314`

RICH Header

XOR Key	`0xe26395f6`
Unmarked objects	`0`
241 (40116)	`18`
243 (40116)	`157`
242 (40116)	`31`
ASM objects (VS2015 UPD3 build 24123)	`24`
C++ objects (VS2015 UPD3 build 24123)	`118`
C objects (VS2015 UPD3 build 24123)	`37`
Imports (VS2008 SP1 build 30729)	`13`
Total imports	`161`
C++ objects (24234)	`3`
Resource objects (24234)	`1`
151	`1`
Linker (24234)	`1`

Errors

[!] Error: Could not reach the TLS callback table.
[*] Warning: Section UPX0 has a size of 0!
[*] Warning: Resource  is empty!
[*] Warning: Resource IDD_ABOUTBOX is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!