Manalyze report for a8861f69f0f135c4464d0bdfc8f543b2c5043b457af4fd0902c6ac6b8a81c1f0

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Dec-18 18:44:31
Detected languages	English - United States
CompanyName
FileDescription
FileVersion
LegalCopyright

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains another PE executable: This program cannot be run in DOS mode.` `Contains domain names: clickteam.com http://www.clickteam.com http://www.clickteam.com/pub www.clickteam.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW LoadLibraryExA GetProcAddress LoadLibraryW` `Can create temporary files: GetTempPathW CreateFileW` `Uses functions commonly found in keyloggers: MapVirtualKeyW GetAsyncKeyState CallNextHookEx` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	The file contains overlay data.	`7241715 bytes of data starting at offset 0x106600.` `The overlay data has an entropy of 7.6568 and is possibly compressed or encrypted.` `Overlay data amounts for 87.0775% of the executable.`
Malicious	VirusTotal score: 8/65 (Scanned on 2026-04-14 04:37:05)	`ClamAV: Win.Keylogger.Ursu-9870720-0` `DeepInstinct: MALICIOUS` `Fortinet: W32/PossibleThreat` `Jiangmin: TrojanSpy.KeyLogger.mwo` `McAfeeD: ti!A8861F69F0F1` `Microsoft: Trojan:Win32/Yomal!rfn` `Paloalto: generic.ml` `Zillya: Trojan.Keylogger.Win32.14`

Hashes

MD5	`fd0f98e4153565f11ad71cf912dd168a`
SHA1	`27c53538bbae31bdeab85dc6e13d2e024dcdf474`
SHA256	`a8861f69f0f135c4464d0bdfc8f543b2c5043b457af4fd0902c6ac6b8a81c1f0`
SHA3	`30bbc516fedf02461e877a8dc3ad61209c4b1d30d7d0d6371ebc4ca573d206cc`
SSDeep	`196608:RGUN3eETMNoyo+YhZft3RAVTE1983VGHpyhHVtR7hXT05g:tN3eETMNpKZb1qI2HnR902`
Imports Hash	`1840f5bd75d8ce1f99d6803362246b15`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2019-Dec-18 18:44:31
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x99000`
SizeOfInitializedData	`0x6e400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00077729 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x9a000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x10a000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`774215ba3deae2ea6a2e68e9ccb0e88b`
SHA1	`d6b2f0c7e79e5ee949285b8693776710d79a427b`
SHA256	`abb026117a874de667282d541f95ae76f7d08a3f4eeac6b790a67608b1edf206`
SHA3	`3ad4b073d6c7aa666b91b7896df4e7e852dca9c0ec93db4571ba4303761fc3d2`
VirtualSize	`0x98f6a`
VirtualAddress	`0x1000`
SizeOfRawData	`0x99000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.55558`

.rdata

MD5	`2a4fd81a23063e2f98611419c8205b15`
SHA1	`1cc1440184240037e63bb631da604d383f73aefb`
SHA256	`83537aa06cdd0e888a4fccc70e2c80dcee78529683d2ad083cf14dbc19f1d9eb`
SHA3	`a24e5b14fa88c93db16528e8e0c2f6d32842e8b9c029d03513319fce52ca6057`
VirtualSize	`0x179f0`
VirtualAddress	`0x9a000`
SizeOfRawData	`0x17a00`
PointerToRawData	`0x99400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.88732`

.data

MD5	`14975c325761e34be16c246a750756ae`
SHA1	`27e0c65ee15435cf0cbff862ab653312ed29311d`
SHA256	`5dea18d8324739ab2f1dfd9a93f0bd69b916a6f283b6678915f7881fc1fd37a1`
SHA3	`3c94602736772cd0c689907f2faa987010f41fdcb7acf5e98bc4d16f50952940`
VirtualSize	`0x4524`
VirtualAddress	`0xb2000`
SizeOfRawData	`0x3400`
PointerToRawData	`0xb0e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.49309`

.rsrc

MD5	`9dae4e52a094ed245b932adb315da398`
SHA1	`3c7c7afe647b1e46c7ae031d4a1f2611ce4bcf7e`
SHA256	`7a05ba5e803b3385eeacb28888841673fa5f993c304ba346826e7c2452ab14a3`
SHA3	`85b3a82c07445f929f7c0c021498c8fc2260fa75a8af90e7e8b8be16befd535e`
VirtualSize	`0x4a210`
VirtualAddress	`0xb7000`
SizeOfRawData	`0x4a400`
PointerToRawData	`0xb4200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.23925`

.reloc

MD5	`cc73fbe3d186bcf85a5981f477187ca0`
SHA1	`6a179729e76717788e04f02db2789e79c63c9089`
SHA256	`aae72908ea6e4be62f296f4a37d34a41d299471dfbb926379eed3f88e2ff3d50`
SHA3	`f043d9087bdb7b627448c64d9d1873725e7c20c76a435dd84ff0f21f1b1fde08`
VirtualSize	`0x7f84`
VirtualAddress	`0x102000`
SizeOfRawData	`0x8000`
PointerToRawData	`0xfe600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.73439`

Imports

COMCTL32.dll	`#17`
WINMM.dll	`timeBeginPeriod` `joyGetDevCapsW` `joyGetPosEx` `timeEndPeriod`
KERNEL32.dll	`GetTempFileNameW` `GlobalAddAtomW` `GlobalDeleteAtom` `GetModuleHandleW` `lstrlenW` `GetLocaleInfoA` `LockResource` `VirtualProtect` `VirtualQuery` `SetLastError` `LoadResource` `SizeofResource` `FindResourceA` `FindResourceW` `IsBadReadPtr` `IsBadWritePtr` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCommandLineA` `FindNextFileA` `FindFirstFileExA` `GetProcessHeap` `DecodePointer` `GetFileType` `LCMapStringW` `EnumSystemLocalesW` `GetUserDefaultLCID` `IsValidLocale` `GetOEMCP` `IsValidCodePage` `GetStringTypeW` `GetCPInfo` `HeapFree` `GlobalFree` `HeapAlloc` `GetStdHandle` `GetModuleFileNameA` `GetModuleHandleExW` `ExitProcess` `HeapSize` `HeapCompact` `SetEnvironmentVariableW` `DeleteFileW` `GetACP` `LoadLibraryExW` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `EncodePointer` `RtlUnwind` `InitializeSListHead` `GetCurrentProcessId` `GetStartupInfoW` `IsDebuggerPresent` `IsProcessorFeaturePresent` `TerminateProcess` `GetCurrentProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `GetSystemTimeAsFileTime` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `InitializeCriticalSectionAndSpinCount` `QueryPerformanceFrequency` `QueryPerformanceCounter` `LoadLibraryExA` `GetSystemInfo` `RaiseException` `FileTimeToSystemTime` `FileTimeToLocalFileTime` `GetSystemTime` `GetVersion` `GetTempPathW` `FindClose` `FindNextFileW` `FindFirstFileW` `GetCurrentDirectoryW` `SetErrorMode` `GlobalUnlock` `GlobalLock` `GlobalAlloc` `GetExitCodeProcess` `GetCommandLineW` `WideCharToMultiByte` `Sleep` `SetCurrentDirectoryW` `CreateDirectoryW` `CloseHandle` `SetFilePointer` `WriteFile` `GetLastError` `ReadFile` `CreateFileW` `GetCurrentThreadId` `RemoveDirectoryW` `GetVersionExW` `GetModuleFileNameW` `WriteConsoleW` `GetLocaleInfoW` `MultiByteToWideChar` `FreeLibrary` `GetProcAddress` `LoadLibraryW` `SetStdHandle` `GetConsoleCP` `GetConsoleMode` `SetFilePointerEx` `FlushFileBuffers` `HeapReAlloc`
USER32.dll	`SystemParametersInfoW` `DrawEdge` `DrawTextW` `PostQuitMessage` `IntersectRect` `SetRect` `DrawFocusRect` `InvertRect` `CreateDialogParamA` `CreateDialogParamW` `CreateDialogIndirectParamA` `CreateDialogIndirectParamW` `DialogBoxParamA` `DialogBoxIndirectParamA` `DialogBoxIndirectParamW` `LoadMenuA` `LoadMenuW` `LoadStringA` `SetLastErrorEx` `GetTabbedTextExtentW` `GetUpdateRect` `IsIconic` `DefMDIChildProcW` `SetDlgItemTextW` `EndPaint` `BeginPaint` `PtInRect` `GetDlgItem` `MapVirtualKeyW` `ModifyMenuW` `GetDlgItemTextW` `EndDialog` `DrawMenuBar` `DestroyMenu` `LoadMenuIndirectW` `GetMenuItemCount` `SetWindowPlacement` `GetWindowPlacement` `GetFocus` `CallWindowProcW` `RemovePropW` `SetPropW` `GetPropW` `UnionRect` `DestroyWindow` `SetScrollPos` `SetScrollRange` `CreateWindowExW` `GetParent` `EndDeferWindowPos` `DeferWindowPos` `BeginDeferWindowPos` `SetFocus` `GetSysColor` `GetDesktopWindow` `RedrawWindow` `GetSystemMenu` `UpdateWindow` `SetWindowLongW` `MessageBoxW` `GetMenuStringW` `GetMenuItemID` `GetInputState` `FillRect` `LoadStringW` `DialogBoxParamW` `RegisterClassW` `RegisterClassExW` `LoadImageW` `LoadIconW` `GetWindow` `GetClassNameW` `GetTopWindow` `GetMonitorInfoW` `MonitorFromWindow` `GetSystemMetrics` `OemToCharA` `GetAsyncKeyState` `GetActiveWindow` `ShowCursor` `SetCapture` `ReleaseCapture` `GetKeyState` `GetWindowRect` `MapWindowPoints` `SetWindowPos` `IsZoomed` `GetWindowLongW` `AdjustWindowRectEx` `SendMessageW` `LockWindowUpdate` `IsWindowVisible` `GetClientRect` `SetWindowTextW` `IsDialogMessageW` `SetTimer` `GetClipboardData` `CloseClipboard` `SetClipboardData` `EmptyClipboard` `OpenClipboard` `IsClipboardFormatAvailable` `wsprintfW` `ShowWindow` `PostMessageW` `CheckMenuItem` `EnableMenuItem` `GetMenu` `InvalidateRect` `SetCursorPos` `ClientToScreen` `ScreenToClient` `GetCursorPos` `GetKeyboardState` `CopyRect` `UnhookWindowsHookEx` `KillTimer` `SetWindowsHookExW` `CallNextHookEx` `DestroyIcon` `GetSubMenu` `DeleteMenu` `GetMenuState` `LoadCursorW` `SetCursor` `ReleaseDC` `CreateIconIndirect` `GetDC` `MsgWaitForMultipleObjects` `DispatchMessageW` `TranslateMessage` `TranslateMDISysAccel` `GetMessageW` `PeekMessageW` `SendDlgItemMessageW`
GDI32.dll	`CreatePalette` `GetDeviceCaps` `SelectPalette` `RealizePalette` `GetObjectW` `CreateFontIndirectW` `CreatePen` `Rectangle` `SelectObject` `MoveToEx` `LineTo` `CreateSolidBrush` `GetStockObject` `SetTextColor` `SetBkMode` `DeleteObject` `GetClipRgn` `ExcludeClipRect` `SelectClipRgn` `GetTextExtentPointW` `GetCharWidthW` `DPtoLP` `SetTextAlign` `SetROP2` `LPtoDP` `SetBkColor` `Polygon` `TextOutW` `SetPolyFillMode` `GetTextMetricsW` `GetNearestPaletteIndex` `CreateHatchBrush` `SetDIBits` `CreateCompatibleBitmap` `CreateRectRgn` `CreateBitmap`
COMDLG32.dll	`GetSaveFileNameW` `GetOpenFileNameW`
SHELL32.dll	`ShellExecuteExW` `DragAcceptFiles` `DragQueryFileW`
MMFS2.dll (delay-loaded)	`#64` `#72` `#43` `#65` `#66` `#74` `#83` `#97` `#81` `#979` `#79` `#80` `#187` `#82` `#76` `#78` `#3` `#172` `#831` `#19` `#1033` `#430` `#425` `#419` `#423` `#431` `#121` `#31` `#1105` `#255` `#281` `#174` `#688` `#192` `#120` `#333` `#765` `#249` `#276` `#366` `#153` `#34` `#411` `#176` `#168` `#50` `#1072` `#1068` `#766` `#1071` `#422` `#1069` `#189` `#70` `#494` `#103` `#102` `#101` `#1000` `#173` `#372` `#982` `#1106` `#1017` `#876` `#361` `#32` `#445` `#47` `#106` `#107` `#105` `#786` `#264` `#286` `#169` `#554` `#587` `#585` `#520` `#619` `#462` `#761` `#170` `#1134` `#95` `#1123` `#1126` `#94` `#1124` `#1125` `#98` `#91` `#1049` `#1036` `#1031` `#433` `#536` `#1104` `#468` `#280` `#67` `#125` `#959` `#945` `#123` `#124` `#11` `#343` `#341` `#417` `#344` `#51` `#487` `#610` `#342` `#753` `#448` `#568` `#849` `#571` `#756` `#443` `#701` `#703` `#493` `#355` `#62` `#63` `#832` `#742` `#17` `#16` `#686` `#265` `#24` `#59` `#61` `#60` `#389` `#191` `#755` `#795` `#1054` `#1077` `#201` `#195` `#196` `#198` `#199` `#184` `#204` `#205` `#203` `#813` `#808` `#805` `#799` `#801` `#797` `#811` `#814` `#809` `#803` `#806` `#800` `#810` `#812` `#807` `#802` `#804` `#798` `#826` `#828` `#827` `#830` `#829` `#69` `#175` `#162` `#379` `#661` `#185` `#825` `#158` `#177` `#186` `#163` `#1073` `#183` `#10` `#9` `#6` `#8` `#7` `#834` `#1101` `#1007` `#837` `#896` `#975` `#953` `#893` `#986` `#954` `#895` `#1048` `#929` `#611` `#677` `#412` `#234` `#612` `#678` `#413` `#679` `#1118` `#680` `#573` `#414` `#415` `#416` `#232` `#972` `#681` `#476` `#620` `#762` `#236` `#75` `#114` `#104` `#171` `#789` `#790` `#46` `#111` `#42` `#113` `#691` `#241` `#272` `#245` `#274` `#363` `#645` `#584` `#519` `#356` `#739` `#713` `#137` `#155` `#115` `#254` `#785` `#722` `#328` `#116` `#90` `#84` `#1010` `#92` `#1008` `#1011` `#117` `#997` `#996` `#998` `#108` `#109` `#73` `#110` `#71` `#913` `#859` `#878` `#994` `#894` `#974` `#882` `#948` `#991` `#269` `#267` `#268` `#976` `#1006` `#985` `#1037` `#794` `#1053` `#1128` `#35` `#1080` `#18` `#340` `#14` `#984` `#68` `#819` `#820` `#77` `#484` `#28` `#682` `#30` `#118` `#122` `#5` `#418` `#750` `#695` `#23` `#58` `#57` `#1070` `#373` `#740` `#546` `#4` `#1055` `#2` `#1130` `#1029` `#1081` `#27` `#39` `#29` `#1120`

Delayed Imports

Attributes	`0x1`
Name	`MMFS2.dll`
ModuleHandle	`0xb53a8`
DelayImportAddressTable	`0xb4e48`
DelayImportNameTable	`0xaf5bc`
BoundDelayImportTable	`0xafae8`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

NoAmdPwrXpressRequestHighPerformance

Ordinal	`1`
Address	`0xb4a7c`

NoNvOptimEnablement

Ordinal	`2`
Address	`0xb4a80`

zi32Support

Ordinal	`3`
Address	`0xb4a78`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.74183`
MD5	`10d37b98d4897fd7d09029484982fdc7`
SHA1	`908881fe8185443ec1a9983fd7d9fae30b1aef63`
SHA256	`d8c87e98057c5a7d71a609f00624342d840ec7ca11d3afefe82570d8696d16d7`
SHA3	`d2f16ca169cbbfe9cbf7c61c9fffd6f8072614ab8c0fc8c777370245dde680d8`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.07098`
MD5	`bde660a2176e41cb9ddb285115058518`
SHA1	`305a6fbc24fb55bfa92c6c8ad60a7a78b1ab891f`
SHA256	`c5dea43f837139185e9312efc8ee1eefe1d24a999d62a4f1cc5ef1767cacb403`
SHA3	`e73a52183673f60919d76e63dd845d1c49c6d4f2527c31850acbe8d28951d264`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.95221`
MD5	`86418f67c6c2d96dc2e2d92cc304d04a`
SHA1	`eb2cc185aa9f5ae9ac8886233993643cf012f16c`
SHA256	`ed63f374b00c3547231a99729bfc3d9b1715078335e35c11c3c8722e592d1c9d`
SHA3	`9278865d4354a634929c8ce006fa922e6633764316875f7f74248462983a5985`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.92854`
MD5	`f717f8caa074daba1206266e9bd62464`
SHA1	`1637551b882445888ae46ae4100ab788600593e5`
SHA256	`54f1d140b9d2d84a3c145ee525741f98549ddcf3adcd9c4fbc919ec1782b31e7`
SHA3	`e47c63e7f65986b0085ba0014bdb9aad7f3a506aebd2e6025435c5ac9cfe36d7`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.99773`
MD5	`cf827ab9deb647913237045cfa841cbc`
SHA1	`4606da709ace5c98160edca3593f5aea9bfbfcff`
SHA256	`0c90ed09db3ff455b2d684aaf489f366a14ba8c3b7fa3e7e0cea27fe9c82dd71`
SHA3	`b0e8eb9eaa546b0711f722766c7e9dbb3792b207ef9577fcc14e5bfbe770dc42`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.58939`
MD5	`fa4afc6abe95e8971e039f30a8768d41`
SHA1	`7f11e496b205cb24dd6ae4314ef96128e67a227d`
SHA256	`16c6d3cf02803d67929ffb6ad2abc3913bd52583802a10b2782e9233099c61ad`
SHA3	`b03488c7d61448b3267fccee9390f12c2683f630bec1372ced99792fedf5e043`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.08745`
MD5	`b9590f17ca67a84fa5a72c2e6110596a`
SHA1	`f5c28e30fecf97462d704449d9f9c1fc36793ba7`
SHA256	`0a71554b8e31ff057f2ba2b721eb31bd5d13e087fb262b29abbfc937cd61843c`
SHA3	`256658029e3158e6d9834ef20a9cbb7743f31ac9b337e4872d3d6c54dc4b29e5`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.2601`
MD5	`1c98e0ad5050767586fbb226a820cdce`
SHA1	`dea2bc41ac818f71edaea1e28e9d91da974d73a0`
SHA256	`72d742c0ffc745ae2a6d767ecb9b0f27c9756c4e4afe645caf1651a5868ec0ca`
SHA3	`1a9a85645354bc802adbee3d1f1008fb09aa17d27cdccb0f2a1a942852b9ce31`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.2453`
MD5	`4d7587f6678519a128e30245da5a9281`
SHA1	`25d2fad63ce1dd07104deb4a46b3940d6f0251e4`
SHA256	`8cb563af8f6ac570810893e0f56ecfd595e3c540d44bdbc06f11bc2422fd220d`
SHA3	`44edc6dafd9c1ff416cfa793c8a8b2eaa0e8dcd6028130dbc50befabab399c99`

10

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.38291`
MD5	`67f51be7c8d2d8518afff0559b73c268`
SHA1	`7d71c8aa5000ea3c24f9a1637c2b40d1334a3942`
SHA256	`de8dd355722cc66eaa28fe77cfe67ffafe990852bbf8215ba4c0aba2c971d958`
SHA3	`250ed5f028ebfef8d6a3614a38c7adc38272e3b992d19fa36cf1a5865ba88b35`

700

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x72`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.16984`
MD5	`1c978effa5e126d2e952836d4233ec49`
SHA1	`932e970505fe597bf790eeb8e05573124f6dcf17`
SHA256	`2a791416c3db74cc78f93a6362848fc45a205bd85acb367a7a1c7bea617c161a`
SHA3	`54d1b6d2d5e05760dee04c33f1254732b3a5cf0c1eda2d86cd1142271eb881d6`

701

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x322`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.18215`
MD5	`c6faa1175dddd3a6a03328c9797012ab`
SHA1	`9cb62752d1882ff99cf2188529bf6cacb58780a9`
SHA256	`b719ff52bf975f4b4fd709c07b525bafdc388fb44e87ca1d1fc6eb2f284d93c5`
SHA3	`e7a457de2f1715b8194cbaa406c6bf74f86673c45ec771215992507f37e63636`

702

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x44`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.58858`
MD5	`ce04779c07f942dad8af2dc5574860bd`
SHA1	`30ed8fa5b592c3c1f20cc7b867b28842cf912db6`
SHA256	`98ba3a2076b30d208cb4581d49ad49170a9b4b742bcd7f0158994ae1620609d2`
SHA3	`0f9b397c6b5daca1604159785953aeefe66846567aba2c0cbb6b2727a8f3b3f9`

703

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.13521`
MD5	`e711c6d2a34afc7fd85ca790c0f3d6e2`
SHA1	`d4c8718c53bb3b8e64c4b359320f95436a5dba88`
SHA256	`ff74074fa53bfe627e8b2f69497257bfb55a78d9817bb4e73a9503c01ef158b8`
SHA3	`cdbc184ac675ed8b2f4cc35634aeca8c8f44aee9cfc08aa851da984e4c0dbc7b`

704

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x242`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.27571`
MD5	`1a25fb2122ff6998b2d271a7b9f59409`
SHA1	`281545b19a5c2bd79ca06cb0f49f52b638a8ab03`
SHA256	`1adfa6830dbeb9c0a5fbbcfe73d2431202cc76727c9342222ac30d37129e1621`
SHA3	`a51ca6b61ba6381f05b875794c2dea88b3ca1184c4c3d650cf3abf970f8933b8`

705

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xc2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.10029`
MD5	`2c8dae3f2ebee11656424bbdd09aa3f1`
SHA1	`fef7cf598624755c622bf314dda3fd424f73a9b0`
SHA256	`b0818ed82b064a204a8fdfc9073c44d7a94567fe7f964de2636e14a8f5a29744`
SHA3	`2a88d48cf06a4acaa96aa1b4702fe95e8198cccb1919d9a001ac6690dbc64018`

1 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1e2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.14519`
MD5	`3ff959ef91f3c55c9f1119778fbea2bb`
SHA1	`5615da34f8b2eaba2ca10848d7f3ca9afd4fcfab`
SHA256	`23ba722192ac40a5039731f03c056946b69e3bdc15af1fe18d5541ebc11daf62`
SHA3	`3ac43d9d0de35211f8278d63a6913508c9ef18d139b213321946d049a5c1ac5a`

2 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x24c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.09619`
MD5	`ca1270937660ae60992e534e9a43b48d`
SHA1	`8a53a737e4d702198de6b3fde0cc32ca73e794f1`
SHA256	`216e728951a2c53bacbefc6379bf8093fe18408e65585106180008f396103793`
SHA3	`caf2713eb059742fd4ec8e2abe26bfdaea67d2e94f3bc31bde1bb7e4b51fd09c`

7 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x144`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.53307`
MD5	`bc2661f0faad769fffc33aae5f3652c8`
SHA1	`9951563713cdbf84d240ae77ec7a74036b0c7862`
SHA256	`3c8b9116d953ccddc9d4138a2e087f69abdad85015b34de9d6db923222949624`
SHA3	`168f7dfdb45037c156c332ba9b3d55fc241812a9c67172977b0f7ad96a15e8c9`

8 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0xc8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.43545`
MD5	`880e75819c4fa31d7ad496fd4151534c`
SHA1	`43ba921b2f22d5c8035499f803db316fb255e7ac`
SHA256	`b3e0e114380cc4b2adc008da6be8e0f36a73a64ca32259e8e56ce31b1997543c`
SHA3	`09b16f8e5c2772afcd44ca05c14a0e555e525995d528b78f1f73617cb7b14750`

9 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2f2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.10268`
MD5	`85ffc151a140eaa4b12f953d82ec786e`
SHA1	`5878d9d96978cd0a34d4452eb8800ea2c3b4a75c`
SHA256	`c73f5e14a595dfede62ac2edbf2258574a0b0e746624a7fa33f966ad866b5a1d`
SHA3	`915d32e48833778e30343362d670e57b2de7bb07fe8f8fba4848a37c6fae1726`

100

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x92`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.88162`
Detected Filetype	Icon file
MD5	`f31e83f3983ae6f10ef166a7a686c680`
SHA1	`54a844e25e8e2d64e6433dddffd8aeabf71fee22`
SHA256	`aebb98855fa8fc3adb0efcf4888a7354e50ed0e47688f6b6ad5e18a1db6399b7`
SHA3	`0073688807fe663926033471fd618b74f20dbd650604fbf8289887fb22248950`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x420`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.11022`
MD5	`3c19b1660b69261a7c812309de47d84e`
SHA1	`41c038ad68be956905dbb29c26aa8a6b5f287a5d`
SHA256	`6f8d56f78cef32149911c62808591335ab38496330bff1abe8e111c0b4eaa891`
SHA3	`5b2bc4ff3f9f1d532321bdaaa2320bf5641aa348fefbfa9cedafdec51a63f5b4`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x547`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.35163`
MD5	`8f4b4f7df0708639482227ccecf941ef`
SHA1	`8396e428a3262cb01c934b208463141ab45b47c4`
SHA256	`9be0671dcfc3e83b2f8d348b64c33148c42f73c9e7820db496e5485d29629255`
SHA3	`7f6ffdb1163d8c719d711f85d5e8b95ddb9cd13b0cf06916b26892599563b186`

String Table contents

Window initialization error.
Application initialization error.
Error while opening file.
Not enough memory!
File error!
Cannot find %s!
There is not enough available space in the temporary drive. Free some disk space and try again.
This application has been built with an incompatible version of Clickteam Fusion.
This is not an application file!
Cannot load %s. This object might need an external program or library not yet installed.
Joystick not connected or driver not installed.
Cannot initialize Application.
Frame %d
Don't play samples.
Play samples.
Don't play music.
Play music.
%d (Num. keypad)
Backspace
Tab
Clear
Enter
Shift
Control
Space bar
Page Up
Page Down
End
Home
Left Arrow
Up Arrow
Right Arrow
Down Arrow
Select
Execute
Ins
Del
Escape
Heap
Video
Sound
Mb
An error has occured while reading the file.
This file is not a MMF application position file.
This file was not saved by this application.
This file was saved with an incompatible version of MMF runtime.
This file was saved by a incompatible version of the application.
The current frame is not the same as the saved one.
An error has occured while writing the file.

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.0.0.0
ProductVersion	0.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS` `VOS_DOS_WINDOWS16` `VOS_DOS_WINDOWS32` `VOS_OS232` `VOS_OS232_PM32` `VOS_WINCE` `VOS__PM32` `VOS__WINDOWS16`
FileType	`VFT_APP`
Language	English - United States
CompanyName
FileDescription
FileVersion (#2)
LegalCopyright

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2019-Dec-18 18:44:31
Version	`0.0`
SizeofData	`884`
AddressOfRawData	`0xae2a4`
PointerToRawData	`0xad6a4`

TLS Callbacks

Load Configuration

Size	`0xa0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x4b2ca0`
SEHandlerTable	`0x4ae1f0`
SEHandlerCount	`45`

RICH Header

XOR Key	`0x87d94857`
Unmarked objects	`0`
241 (40116)	`47`
243 (40116)	`142`
242 (40116)	`35`
199 (41118)	`2`
ASM objects (VS 2015/2017 runtime 26706)	`20`
C objects (VS 2015/2017 runtime 26706)	`20`
C++ objects (VS 2015/2017 runtime 26706)	`43`
Imports (VS2008 SP1 build 30729)	`15`
Total imports	`663`
C++ objects (VS2017 v15.9.16-18 compiler 27034)	`8`
C++ objects (LTCG) (VS2017 v15.9.16-18 compiler 27034)	`38`
Exports (VS2017 v15.9.16-18 compiler 27034)	`1`
Resource objects (VS2017 v15.9.16-18 compiler 27034)	`1`
Linker (VS2017 v15.9.16-18 compiler 27034)	`1`

Errors

Leave a comment

No comments yet.