Manalyze report for a4a91ba73d3030b7ec686a9c8d24671b

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2062-Jul-25 12:18:00
Detected languages	English - United States Turkish - Turkey
Debug artifacts	wextract.pdb
CompanyName	Microsoft Corporation
FileDescription	Win32 Kabin Ayıklayıcısı
FileVersion	`11.00.19041.2604 (WinBuild.160101.0800)`
InternalName	Wextract
LegalCopyright	© Microsoft Corporation. Tüm hakları saklıdır.
OriginalFilename	WEXTRACT.EXE .MUI
ProductName	Internet Explorer
ProductVersion	`11.00.19041.2604`

Plugin Output

Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress LoadLibraryExA` `Can access the registry: RegDeleteValueA RegOpenKeyExA RegQueryInfoKeyA RegSetValueExA RegCreateKeyExA RegQueryValueExA RegCloseKey` `Possibly launches other programs: CreateProcessA` `Can create temporary files: GetTempPathA CreateFileA` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges` `Enumerates local disk drives: GetDriveTypeA GetVolumeInformationA` `Can shut the system down or lock the screen: ExitWindowsEx`

Hashes

MD5	`a4a91ba73d3030b7ec686a9c8d24671b`
SHA1	`a54f399c2f216cd726e39f7caa1947524ee4207f`
SHA256	`8b552a8855242570dc947cd7c950e2310fe87be5708528d63daffbe3bb3f7af3`
SHA3	`bdfba26c49bf1ee0f1bc4f87855287af344f1126f52092bb9da2e482c2f85820`
SSDeep	`1536:Wrae78zjORCDGwfdCSog01313t3s5gffH7YtBx:uahKyd2n31m5WfH7YtBx`
Imports Hash	`4cea7ae85c87ddc7295d39ff9cda31d1`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2062-Jul-25 12:18:00
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x7c00`
SizeOfInitializedData	`0x9a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000008200 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`A.0`
ImageVersion	`A.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x17000`
SizeOfHeaders	`0x400`
Checksum	`0x16ff8`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x80000`
SizeofStackCommit	`0x2000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`60800deac1fde21b98089f2241ee6168`
SHA1	`06e63be17d4a58c8b55b36c7342e541d00d61a93`
SHA256	`7576ef50474bb26481c3493e0a630b944feb21231eacea2318712911f9feb056`
SHA3	`b737d0c76b4aba5f95bb178d2645d9d3a3130dd54c89a8dd6b221e38342208af`
VirtualSize	`0x7b80`
VirtualAddress	`0x1000`
SizeOfRawData	`0x7c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.09626`

.rdata

MD5	`59d15cdf89780817c3d48dd588a6a129`
SHA1	`3b5f897036bf0d72ebd732362c8f60d2e1f1a5cf`
SHA256	`c7d4b98f92719ae90c3c37301242982e9f347e1d63c6f755cd1ac151b0be3873`
SHA3	`5ec34004d600d72bf223f1daf5441dd3f247a2c6adfd93f8dd14c4d1f9e383cf`
VirtualSize	`0x22c8`
VirtualAddress	`0x9000`
SizeOfRawData	`0x2400`
PointerToRawData	`0x8000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.72784`

.data

MD5	`9d1580dccaf8e787a43caf4bba48a079`
SHA1	`7f0ee10c956d86fef4e6351c3ee77dd00350a9c9`
SHA256	`63b8e6b32cd23956319cc43c5d0c7e44d067103511f800431a852978fced638a`
SHA3	`eaa542af2b1efe6c1307241883ded87cfcd9ecb44ee51891f77232e6245e845d`
VirtualSize	`0x1f00`
VirtualAddress	`0xc000`
SizeOfRawData	`0x400`
PointerToRawData	`0xa400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.18898`

.pdata

MD5	`15cd12257317071f28e4f7b728f8825e`
SHA1	`ad44ea7406ea6c51a0ab1ea04598f448ce47d593`
SHA256	`2150243a9c4f52a071023ab21b5bb12c148640bff6d9518cab89f5091049d4b5`
SHA3	`adaa5da9018ff6e4d33f0106e25683e01c6266e194b050acc98cfb348fa6beb7`
VirtualSize	`0x408`
VirtualAddress	`0xe000`
SizeOfRawData	`0x600`
PointerToRawData	`0xa800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.15637`

.rsrc

MD5	`0eea33401d739e1192676a87e2a011c1`
SHA1	`f8d5f167cdb494dde27a1219bed6dc899152e733`
SHA256	`aa0b61686cfae01ce484c47bb46c80e7a9c819063176debb224942e1b7a22d35`
SHA3	`724785049220703212e3edea8c896145fc6fd669601f549891fb2e44111b99fa`
VirtualSize	`0x692e`
VirtualAddress	`0xf000`
SizeOfRawData	`0x6a00`
PointerToRawData	`0xae00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.25816`

.reloc

MD5	`637787151ee546a94902de9694a58fd6`
SHA1	`4d5087ba3cb6a051543140baca75212fa7ac8e34`
SHA256	`61761b1f8715b59dfcdbab9a0f91fc990cdf0df65933bd7bec2aa058652dbfc8`
SHA3	`0cae7f0be3ed96ab0bb05262b46cf279e081b2c80bed7957f5795c8fdc2267bf`
VirtualSize	`0x20`
VirtualAddress	`0x16000`
SizeOfRawData	`0x200`
PointerToRawData	`0x11800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.406847`

Imports

ADVAPI32.dll	`GetTokenInformation` `RegDeleteValueA` `RegOpenKeyExA` `RegQueryInfoKeyA` `FreeSid` `OpenProcessToken` `RegSetValueExA` `RegCreateKeyExA` `LookupPrivilegeValueA` `AllocateAndInitializeSid` `RegQueryValueExA` `EqualSid` `RegCloseKey` `AdjustTokenPrivileges`
KERNEL32.dll	`_lopen` `_llseek` `CompareStringA` `GetLastError` `GetFileAttributesA` `GetSystemDirectoryA` `LoadLibraryA` `DeleteFileA` `GlobalAlloc` `GlobalFree` `CloseHandle` `WritePrivateProfileStringA` `IsDBCSLeadByte` `GetWindowsDirectoryA` `SetFileAttributesA` `GetProcAddress` `GlobalLock` `LocalFree` `RemoveDirectoryA` `FreeLibrary` `_lclose` `CreateDirectoryA` `GetPrivateProfileIntA` `GetPrivateProfileStringA` `GlobalUnlock` `ReadFile` `SizeofResource` `WriteFile` `GetDriveTypeA` `LoadLibraryExA` `SetFileTime` `SetFilePointer` `FindResourceA` `CreateMutexA` `GetVolumeInformationA` `WaitForSingleObject` `GetCurrentDirectoryA` `FreeResource` `GetVersion` `SetCurrentDirectoryA` `GetTempPathA` `LocalFileTimeToFileTime` `CreateFileA` `SetEvent` `TerminateThread` `GetVersionExA` `LockResource` `GetSystemInfo` `CreateThread` `ResetEvent` `LoadResource` `ExitProcess` `GetModuleHandleW` `CreateProcessA` `FormatMessageA` `GetTempFileNameA` `DosDateTimeToFileTime` `CreateEventA` `GetExitCodeProcess` `ExpandEnvironmentStringsA` `LocalAlloc` `lstrcmpA` `FindNextFileA` `GetCurrentProcess` `FindFirstFileA` `GetModuleFileNameA` `GetShortPathNameA` `Sleep` `GetStartupInfoW` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `TerminateProcess` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `GetTickCount` `EnumResourceLanguagesA` `GetDiskFreeSpaceA` `MulDiv` `FindClose`
GDI32.dll	`GetDeviceCaps`
USER32.dll	`ShowWindow` `MsgWaitForMultipleObjects` `SetWindowPos` `GetDC` `GetWindowRect` `DispatchMessageA` `GetSystemMetrics` `CallWindowProcA` `SetWindowTextA` `MessageBoxA` `SendDlgItemMessageA` `SendMessageA` `GetDlgItem` `DialogBoxIndirectParamA` `GetWindowLongPtrA` `SetWindowLongPtrA` `SetForegroundWindow` `ReleaseDC` `EnableWindow` `CharNextA` `LoadStringA` `CharPrevA` `EndDialog` `MessageBeep` `ExitWindowsEx` `SetDlgItemTextA` `CharUpperA` `GetDesktopWindow` `PeekMessageA` `GetDlgItemTextA`
msvcrt.dll	`?terminate@@YAXXZ` `_commode` `_fmode` `_acmdln` `__C_specific_handler` `memset` `__setusermatherr` `_ismbblead` `_cexit` `_exit` `exit` `__set_app_type` `__getmainargs` `_amsg_exit` `_XcptFilter` `memcpy_s` `_vsnprintf` `_initterm` `memcpy`
COMCTL32.dll	`#17`
Cabinet.dll	`#20` `#21` `#23` `#22`
VERSION.dll	`VerQueryValueA` `GetFileVersionInfoSizeA` `GetFileVersionInfoA`

Delayed Imports

3001

Type	`AVI`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2e1a`
TimeDateStamp	1970-Jan-09 07:13:23
Entropy	`3.52241`
MD5	`f9035cf32b756fd6a452e9fdfd4a5dd9`
SHA1	`6912e88a3ee4d2c98ca69772cec564c6334fd9c4`
SHA256	`3bd1d253c90f7e82dc70dc1e4b869cc2e5e154e6b4079be93837e4a6c68044c0`
SHA3	`8cd00290363b6d3e609845f2e5828f3e2adaf35c4a97561bcf427bbd054401a6`

2001

Type	`RT_DIALOG`
Language	Turkish - Turkey
Codepage	Latin 1 / Western European
Size	`0x31c`
TimeDateStamp	1970-Jan-09 07:13:23
Entropy	`3.5079`
MD5	`f31cd38aa7eb4cc1341ffcdd8155df84`
SHA1	`83d132b92a0eb381d8cdb46e6911a36541544782`
SHA256	`a3dc56ebbabcaf8d922724b444e1e1f76944744845216a15ab0cb604fcfd9c0b`
SHA3	`75cf93904a9101a37e888bcdd910dd2e0ee106ef3d07fd82de46caf2cb183b43`

2002

Type	`RT_DIALOG`
Language	Turkish - Turkey
Codepage	Latin 1 / Western European
Size	`0x18e`
TimeDateStamp	1970-Jan-09 07:13:23
Entropy	`3.23759`
MD5	`56ee50938fe93410ebb84bcc0c023e93`
SHA1	`69483c05559a1a43ed6ea90cad2249c9014ca788`
SHA256	`3e8bf7696bcea844aef70c26a0443a3ba611a12cc417af4eebb9190fcede1024`
SHA3	`7ec3dd80350418dc37a4012a5dddab2c37306debeb265d0f0de781db51291a6f`

2003

Type	`RT_DIALOG`
Language	Turkish - Turkey
Codepage	Latin 1 / Western European
Size	`0x178`
TimeDateStamp	1970-Jan-09 07:13:23
Entropy	`3.15309`
MD5	`f2ec0b1f4d417353ec53286023af080d`
SHA1	`53dd6b4efa16e14eca6820d9d4a2f0bb4bc59ce6`
SHA256	`4a2874b2a057154ef2f8a7185c3827e092b8c41c68caa8dbf735f4c631cc0481`
SHA3	`6654944ff52f82c17b9f0a2a277768c96456410b994858119781cb075ef21f02`

2004

Type	`RT_DIALOG`
Language	Turkish - Turkey
Codepage	Latin 1 / Western European
Size	`0x1b8`
TimeDateStamp	1970-Jan-09 07:13:23
Entropy	`3.17754`
MD5	`4ff395538638ea80341342c0fefce70b`
SHA1	`b5968ef0ba8b13f428d29419e497fa2aaf1aacad`
SHA256	`56229dc29cbe90fbda7ecff44e31fb984be465fbc996139994fade77d436b601`
SHA3	`40aed7f451cca87fd0e0eae9bd0a1ac0e9179c3a364cba27b293dbba9a81a553`

2005

Type	`RT_DIALOG`
Language	Turkish - Turkey
Codepage	Latin 1 / Western European
Size	`0x126`
TimeDateStamp	1970-Jan-09 07:13:23
Entropy	`3.0692`
MD5	`f5959e450b36cff0d7f56ad5f8872a29`
SHA1	`1501d0eeea65ffb782a960f0324c5f8108473e59`
SHA256	`c0ef92ff982102e91ae7e20b32f56c2f6fbb89eda5ed3d07888ed3e437ca0bfb`
SHA3	`cbf4544159db22f811a5345badfc60e0dc21316e4070d42e0eb535da0aada2c4`

2006

Type	`RT_DIALOG`
Language	Turkish - Turkey
Codepage	Latin 1 / Western European
Size	`0x11c`
TimeDateStamp	1970-Jan-09 07:13:23
Entropy	`3.13199`
MD5	`f738ef18c4671ee6625caf099d5a08b7`
SHA1	`a03d5e55523cf05f30ca75ef540e990127b79678`
SHA256	`84647cd7520569ca330c1ee1ce56bb53cff4b69c71cfe78715ccd933f1a81cb6`
SHA3	`aa3435de4c5f033234bb1b9f3ae44902db2a3e2c5baacef88d98f6c486d12a77`

63

Type	`RT_STRING`
Language	Turkish - Turkey
Codepage	Latin 1 / Western European
Size	`0x90`
TimeDateStamp	1970-Jan-09 07:13:23
Entropy	`2.8173`
MD5	`f2fbd21ab644f32dcbc6d5cfe34754cb`
SHA1	`ab39181ad4efeb5a5d57a3aea47d45837e182ac5`
SHA256	`dc79cb178198c68a80eb2044b48cb39b39d93f1df5141fafb8a64f69a74a8121`
SHA3	`4e655216d3558462750932508b9721f46ab2a730f2e789862ba2257f691aa5a1`

76

Type	`RT_STRING`
Language	Turkish - Turkey
Codepage	Latin 1 / Western European
Size	`0x50a`
TimeDateStamp	1970-Jan-09 07:13:23
Entropy	`3.56517`
MD5	`22967fb945dd0d9d124f87ebeb30e897`
SHA1	`acebf712317fb8092f0074c267102edc413da260`
SHA256	`bae5a8b2482e254b1999b764852b1626c456f350fc8ac09892ae4a6a20ee66d7`
SHA3	`00b81b90f60d15cfe81509a5219b28071ff8877d76f2acd1d715c32899264e8d`

77

Type	`RT_STRING`
Language	Turkish - Turkey
Codepage	Latin 1 / Western European
Size	`0x5c6`
TimeDateStamp	1970-Jan-09 07:13:23
Entropy	`3.53457`
MD5	`ad2aa941ce3972307311ff7cb1cdf5ff`
SHA1	`a78c0640e163f20b8986ff86c22698eea0f6d438`
SHA256	`e2d6b3c1cfddfd12bbe2fd549b5a132f2e99d0b369caa81491862e55fa19acb6`
SHA3	`d3bebab671de79e674ad7879904ec8e78df65e5d24cf9575590ad9ae5a4713eb`

80

Type	`RT_STRING`
Language	Turkish - Turkey
Codepage	Latin 1 / Western European
Size	`0x4b6`
TimeDateStamp	1970-Jan-09 07:13:23
Entropy	`3.53045`
MD5	`83122908445e28e9bb4bda7d5aedc15e`
SHA1	`cf1a75b7f6a8e87c7fbd1dfa8f5d008e11bbc5f0`
SHA256	`8789ced70cc3071355c51a1f45f2ee24d8b1ab26c4efed16d15a1e853d7095b6`
SHA3	`a5ad7199dc91d7bf083f7d365537126c417b9fdb4aed076342d0087ccb460a61`

83

Type	`RT_STRING`
Language	Turkish - Turkey
Codepage	Latin 1 / Western European
Size	`0x4c0`
TimeDateStamp	1970-Jan-09 07:13:23
Entropy	`3.54802`
MD5	`ffb92533093b5e499453f2c2979b9449`
SHA1	`a955060c383e173b61b204827a5dd937a43524fe`
SHA256	`5a5cf70ee56dd835a2dbc50f8ec28d18f30e808f00d0d18c9a9ac22c684a08ee`
SHA3	`d08f42e3db9d2d1d5cd1f6166d847b0be1bceb9987031c321551ce7e6fe4f729`

85

Type	`RT_STRING`
Language	Turkish - Turkey
Codepage	Latin 1 / Western European
Size	`0x332`
TimeDateStamp	1970-Jan-09 07:13:23
Entropy	`3.45904`
MD5	`7d031b95a12a21f4904bf20737d658bc`
SHA1	`9256780bc57c661810c8e7e2c90d6aadee9fe137`
SHA256	`a4d185b77efe0ae2460a2aa40815abb113be67112e56d88e73fd9b8009850efb`
SHA3	`ab2d1f886ea4ed4482d55ea81045c846c922b9f118760b0e87c9dba9cc9d8ecf`

ADMQCMD

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x7`
TimeDateStamp	1970-Jan-09 07:13:23
Entropy	`2.80735`
MD5	`527eeaa35a23dd5cac9bddcc2561a457`
SHA1	`0445b1735fd9797d537d360695940c7e68d25ace`
SHA256	`eaadcdd05a9a7c7f80d53d758f39e4399749d774b09a8a0165fe7c69ad6d8c3c`
SHA3	`28c8e1f57de512535bfd686562ef240323f7331b18e71f0506079f0e67e8f89e`

CABINET

Type	`RT_RCDATA`
Language	Turkish - Turkey
Codepage	Latin 1 / Western European
Size	`0x124`
TimeDateStamp	1970-Jan-09 07:13:23
Entropy	`5.37736`
MD5	`b47e225229c37fd19db31777b703e4ef`
SHA1	`f6fd1a55b80bd76bac8eb22f55025ed7c7bebe34`
SHA256	`1505153cd03fbcc25807de48f425714ac7d4f55c59e5980748e544b76bdcc216`
SHA3	`becff95a25257fd33e5b7352f4d659c9de50911bd933646eca89d9f0ec0d718a`

EXTRACTOPT

Type	`RT_RCDATA`
Language	Turkish - Turkey
Codepage	Latin 1 / Western European
Size	`0x4`
TimeDateStamp	1970-Jan-09 07:13:23
Entropy	`0`
MD5	`f1d3ff8443297732862df21dc4e57262`
SHA1	`9069ca78e7450a285173431b3e52c5c25299e473`
SHA256	`df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119`
SHA3	`8b0a2385d83c8bf7be27e59996f7d881d3bf1fc6606f81ce600b753ad94192a2`

FILESIZES

Type	`RT_RCDATA`
Language	Turkish - Turkey
Codepage	Latin 1 / Western European
Size	`0x24`
TimeDateStamp	1970-Jan-09 07:13:23
Entropy	`1.5482`
MD5	`cd59ec1986aa1a72c2f5e4b63f92cbd5`
SHA1	`942909c552945f550b9ea6afdd425cdbae29f6e3`
SHA256	`b5d34ee765b7667e3cf9aa8024fa32bb52dc2d1d3545aeda7e72bbd54170dc5a`
SHA3	`d8b2c9fd08ba684870e85f4849824971837f5f172097bd096dfd4bae138bd4f9`

FINISHMSG

Type	`RT_RCDATA`
Language	Turkish - Turkey
Codepage	Latin 1 / Western European
Size	`0x7`
TimeDateStamp	1970-Jan-09 07:13:23
Entropy	`2.80735`
MD5	`527eeaa35a23dd5cac9bddcc2561a457`
SHA1	`0445b1735fd9797d537d360695940c7e68d25ace`
SHA256	`eaadcdd05a9a7c7f80d53d758f39e4399749d774b09a8a0165fe7c69ad6d8c3c`
SHA3	`28c8e1f57de512535bfd686562ef240323f7331b18e71f0506079f0e67e8f89e`

LICENSE

Type	`RT_RCDATA`
Language	Turkish - Turkey
Codepage	Latin 1 / Western European
Size	`0x7`
TimeDateStamp	1970-Jan-09 07:13:23
Entropy	`2.80735`
MD5	`527eeaa35a23dd5cac9bddcc2561a457`
SHA1	`0445b1735fd9797d537d360695940c7e68d25ace`
SHA256	`eaadcdd05a9a7c7f80d53d758f39e4399749d774b09a8a0165fe7c69ad6d8c3c`
SHA3	`28c8e1f57de512535bfd686562ef240323f7331b18e71f0506079f0e67e8f89e`

PACKINSTSPACE

Type	`RT_RCDATA`
Language	Turkish - Turkey
Codepage	Latin 1 / Western European
Size	`0x4`
TimeDateStamp	1970-Jan-09 07:13:23
Entropy	`0`
MD5	`f1d3ff8443297732862df21dc4e57262`
SHA1	`9069ca78e7450a285173431b3e52c5c25299e473`
SHA256	`df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119`
SHA3	`8b0a2385d83c8bf7be27e59996f7d881d3bf1fc6606f81ce600b753ad94192a2`

POSTRUNPROGRAM

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x7`
TimeDateStamp	1970-Jan-09 07:13:23
Entropy	`2.80735`
MD5	`527eeaa35a23dd5cac9bddcc2561a457`
SHA1	`0445b1735fd9797d537d360695940c7e68d25ace`
SHA256	`eaadcdd05a9a7c7f80d53d758f39e4399749d774b09a8a0165fe7c69ad6d8c3c`
SHA3	`28c8e1f57de512535bfd686562ef240323f7331b18e71f0506079f0e67e8f89e`

REBOOT

Type	`RT_RCDATA`
Language	Turkish - Turkey
Codepage	Latin 1 / Western European
Size	`0x4`
TimeDateStamp	1970-Jan-09 07:13:23
Entropy	`0`
MD5	`f1d3ff8443297732862df21dc4e57262`
SHA1	`9069ca78e7450a285173431b3e52c5c25299e473`
SHA256	`df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119`
SHA3	`8b0a2385d83c8bf7be27e59996f7d881d3bf1fc6606f81ce600b753ad94192a2`

RUNPROGRAM

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x15`
TimeDateStamp	1970-Jan-09 07:13:23
Entropy	`3.88018`
MD5	`6b60bbc95b5e11d7beb25ae3dc7f27b8`
SHA1	`3d24d348faf9c417a719de889d93c22f9ac0496d`
SHA256	`35836e59fc93007252d9f4804edf0ab2e50f52395f4f1169366ec88bed0a958e`
SHA3	`70ca3239dfcf1de69cbb7a8650a0a972b4e416657f0af4c872219addad870b17`

SHOWWINDOW

Type	`RT_RCDATA`
Language	Turkish - Turkey
Codepage	Latin 1 / Western European
Size	`0x4`
TimeDateStamp	1970-Jan-09 07:13:23
Entropy	`0`
MD5	`f1d3ff8443297732862df21dc4e57262`
SHA1	`9069ca78e7450a285173431b3e52c5c25299e473`
SHA256	`df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119`
SHA3	`8b0a2385d83c8bf7be27e59996f7d881d3bf1fc6606f81ce600b753ad94192a2`

TITLE

Type	`RT_RCDATA`
Language	Turkish - Turkey
Codepage	Latin 1 / Western European
Size	`0xb`
TimeDateStamp	1970-Jan-09 07:13:23
Entropy	`3.0958`
MD5	`011ac8f88348c9e4fd73871dc7641b51`
SHA1	`b8afb28cae41fe2357479c1c204e9d7f06f716c9`
SHA256	`bb7a802e2ea753fbfcb39b613c460c06fd05c767468a1bd19990992443824845`
SHA3	`31b6601c5d9ad50aa8702137e4bc7700685b385b137ef9efd79e8012f956f9b4`

UPROMPT

Type	`RT_RCDATA`
Language	Turkish - Turkey
Codepage	Latin 1 / Western European
Size	`0x7`
TimeDateStamp	1970-Jan-09 07:13:23
Entropy	`2.80735`
MD5	`527eeaa35a23dd5cac9bddcc2561a457`
SHA1	`0445b1735fd9797d537d360695940c7e68d25ace`
SHA256	`eaadcdd05a9a7c7f80d53d758f39e4399749d774b09a8a0165fe7c69ad6d8c3c`
SHA3	`28c8e1f57de512535bfd686562ef240323f7331b18e71f0506079f0e67e8f89e`

USRQCMD

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x7`
TimeDateStamp	1970-Jan-09 07:13:23
Entropy	`2.80735`
MD5	`527eeaa35a23dd5cac9bddcc2561a457`
SHA1	`0445b1735fd9797d537d360695940c7e68d25ace`
SHA256	`eaadcdd05a9a7c7f80d53d758f39e4399749d774b09a8a0165fe7c69ad6d8c3c`
SHA3	`28c8e1f57de512535bfd686562ef240323f7331b18e71f0506079f0e67e8f89e`

1

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x400`
TimeDateStamp	1970-Jan-09 07:13:23
Entropy	`3.38083`
MD5	`1c8c5ddcc2e67d2e624f4956084d25a3`
SHA1	`8d0c20eb8dfdb2cd7f791ed6eaa433e0d41d74d7`
SHA256	`d04677d8e690bfdb98f4ca1a693b54e819c828a4775610811a412a314fe39607`
SHA3	`24e259c568f7c205c26ebd03db52bd7f35fc8be264bb89e80fc7520bd8c14d84`

1 (#2)

Type	`RT_VERSION`
Language	Turkish - Turkey
Codepage	Latin 1 / Western European
Size	`0x410`
TimeDateStamp	1970-Jan-09 07:13:23
Entropy	`3.46426`
MD5	`c79eb713d8c491e63c83087c8d0d2c99`
SHA1	`689f04225bcfd5d0ae2ea0cda4cc75f0e344d44b`
SHA256	`5b146dc526ae8edd64b951d47b39bfd93a4da38f493903bdc6eaeb491a9b7e59`
SHA3	`1a8ec811ec07bee40b2d840ab8a2dbdbe4d5c40fac8f22fc6269df162d16e61d`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x7e6`
TimeDateStamp	1970-Jan-09 07:13:23
Entropy	`5.00142`
MD5	`24a920dd92e3820a7fb081893dbfdc21`
SHA1	`c107c7e70fcb950a6b489741a9ff95640bf2d1c8`
SHA256	`ea7dbcb656b43eacb4f691740eaf9f53b79c347bffc0cd8c4f3b8e0e2f3e1a2f`
SHA3	`0799a889b78379e7e9e5c751426a1924f93f9fcbd28b9eefa11d281be4ca8999`

String Table contents

Lütfen ayıklanan dosyaların saklanacağı klasörü seçin.
%s
Disk alanı bilgileri alınamayan sürücü: %s.

Sistem İletisi: %s.
Gereken bir kaynak bulunamıyor.
İptal etmek istediğinizden emin misiniz?
İşletim sistemi sürüm bilgileri alınamıyor.
Bellek ayırma isteği başarısız oldu.
Ayıklama dosyası oluşturulamıyor.
Kabin geçersiz.
Dosya tablosu dolu.
Hedef klasör değiştirilemiyor.
Kur, programı yüklemek için %s KB boş disk alanı olan bir sürücü bulamadı. Lütfen önce biraz alan boşaltın ve YENİDEN DENE'ye veya kurdan çıkmak için İPTAL'e basın.
Bu klasör geçersiz. Lütfen bu klasörün var olduğundan ve yazılabilir olduğundan emin olun.
Bir klasör için tam yolunu belirtmeli veya İptal'i seçmelisiniz.
Klasör düzenleme kutusu güncelleştirilemedi.
Tarayıcı iletişim kutusu için gereken işlevler yüklenemedi.
Tarayıcı iletişim kutusu için gereken Shell32.dll yüklenemedi.
<%s> işlemini oluşturma hatası. Neden: %s
Bu sistemdeki küme boyutu desteklenmiyor.
Gereken bir kaynak bozuk olabilir.
Bu yükleme için Windows 95 ya da Windows NT 4.0 Beta 2 veya daha sonraki sürümü gerekir.
%s yükleme hatası
'%s' işlevinde GetProcAddress() başarısız. Olası neden: yanlış advpack.dll sürümü kullanılıyor.
Yüklemek için Windows 95 veya Windows NT gerekli
'%s' klasörü oluşturulamadı
Bu programı yüklemek için %s KB boş disk alanı %s sürücüsünde gerekiyor. Devam etmeden önce gereken alanı boşaltmanız önerilir.

Yine de devam etmek istiyor musunuz?
Windows klasörünü alma hatası
NT Oturumunu Kapat: OpenProcessToken hatası.
NT Oturumunu Kapat: AdjustTokenPrivileges hatası.
NT Oturumunu Kapat: ExitWindowsEx hatası.
Dosya ayıklaması başarısız. Yetersiz bellek (takas dosyası için yetersiz boş disk alanı) veya bozuk Kabin dosyası en olası nedendir.
Kurma programı, sürücü (%s) için birim bilgilerini alamadı.
Sistem iletisi: %s.
Kur, programı yüklemek için %s KB boş disk alanı olan bir sürücü bulamadı. Lütfen biraz alan boşaltın ve yeniden deneyin.
Yükleme programı zarar görmüş veya bozulmuş olabilir. Bu uygulamanın satıcısına başvurun.
Komut satırı seçeneği sözdizimi hatası. Yardım için Komut /? yazın.
Komut satırı seçenekleri:

/Q -- Paket için sessiz modlar,

/T:<tam yol> -- Geçici çalışma dosyasını belirtir,

/C -- /T ile birlikte kullanıldığında dosyaları yalnızca bu klasöre ayıklar.

/C:<Kmt> -- Yazan tarafından tanımlanan Yükleme Komutunu Geçersiz Kıl.

Değişikliklerin etkili olabilmesi için bilgisayarınızı yeniden başlatmalısınız.

Bilgisayarınızı şimdi yeniden başlatmak istiyor musunuz?
Sisteminizde '%s' paketinin bir kopyası zaten çalışıyor. Başka bir kopya çalıştırmak istiyor musunuz?
Bu dosya bulunamıyor: %s.
Bu makinede yönetici ayrıcalıklarınız yok. Bazı yüklemeler yönetici tarafından yapılmazsa düzgün biçimde tamamlanamaz.
'%s' klasörü yok. Oluşturmak istiyor musunuz?
Sisteminizde '%s' paketinin bir kopyası zaten çalışıyor. Aynı anda yalnızca bir kopya çalıştırabilirsiniz.
'%s' paketi çalıştırdığınız Windows sürümü ile uyumlu değil.
'%s' paketi sisteminizdeki %s dosyasının sürümüyle uyumlu değil.

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2062-Jul-25 12:18:00
Version	`0.0`
SizeofData	`37`
AddressOfRawData	`0x9a64`
PointerToRawData	`0x8a64`
Referenced File	wextract.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2062-Jul-25 12:18:00
Version	`0.0`
SizeofData	`496`
AddressOfRawData	`0x9a8c`
PointerToRawData	`0x8a8c`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2062-Jul-25 12:18:00
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x9c7c`
PointerToRawData	`0x8c7c`

TLS Callbacks

Load Configuration

Size	`0x118`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14000c008`
GuardCFCheckFunctionPointer	`5368747592`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x3690b900`
Unmarked objects	`0`
C++ objects (27412)	`1`
ASM objects (27412)	`2`
C objects (27412)	`18`
Imports (27412)	`17`
Total imports	`160`
C objects (LTCG) (27412)	`10`
Resource objects (27412)	`1`
Linker (27412)	`1`

Errors

[*] Warning: Tried to convert an invalid DosDate: 717203. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 717203. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 717203. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 717203. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 717203. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 717203. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 717203. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 717203. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 717203. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 717203. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 717203. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 717203. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 717203. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 717203. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 717203. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 717203. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 717203. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 717203. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 717203. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 717203. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 717203. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 717203. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 717203. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 717203. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 717203. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 717203. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 717203. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 717203. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 717203. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 717203. Falling back to posix timestamp.
[*] Warning: Multiple nodes using the name Version Info in a dictionary.
[*] Warning: Please edit the configuration file with your VirusTotal API key.
[!] Error: Could not load yara_rules/bitcoin.yara!
Could not load company_names.yara!
[!] Error: Could not load yara_rules/monero.yara!
[!] Error: Could not load yara_rules/findcrypt.yara!
[!] Error: Could not load yara_rules/compilers.yara!
[!] Error: Could not load yara_rules/suspicious_strings.yara!
[!] Error: Could not load yara_rules/domains.yara!
[!] Error: Could not load yara_rules/peid.yara!