Manalyze report for a8ae952cb322e88d2a3e701065c835af

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1992-Jun-19 22:22:17

Plugin Output

Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Uses functions commonly found in keyloggers: MapVirtualKeyA GetForegroundWindow CallNextHookEx` `Can take screenshots: CreateCompatibleDC GetDCEx GetDC`
Suspicious	The PE header may have been manually modified.	`The resource timestamps differ from the PE header: 2016-Sep-06 06:58:22`
Malicious	VirusTotal score: 15/57 (Scanned on 2016-09-07 17:46:45)	`Bkav: W32.eHeur.Malware03` `MicroWorld-eScan: Gen:Variant.Application.Bundler.DealPly.84` `Arcabit: Trojan.Application.Bundler.DealPly.84` `Invincea: backdoor.win32.hupigon.ck` `Symantec: Heur.AdvML.B` `BitDefender: Gen:Variant.Application.Bundler.DealPly.84` `Ad-Aware: Gen:Variant.Application.Bundler.DealPly.84` `F-Secure: Gen:Variant.Application.Bundler` `Zillya: Trojan.DealPlyGen.Win32.1` `Avira: ADWARE/DealPly.rsopq` `Antiy-AVL: Trojan/Win32.TSGeneric` `GData: Gen:Variant.Application.Bundler.DealPly.84` `Rising: Malware.Generic!9FgXlMvQNxH@3 (thunder)` `Ikarus: PUA.DealPly.Da` `Qihoo-360: HEUR/QVM05.1.0000.Malware.Gen`

Hashes

MD5	`a8ae952cb322e88d2a3e701065c835af`
SHA1	`dd410cb8b34e51e1694be1a3c22c42e4d72ef22b`
SHA256	`0a3bb59c6bd6c99553cc62226269b1cbc5bbc4a815d5ed934fb9e2606bc49bc8`
SHA3	`463bef1705be25f65a0682033e5049f08ba2cb2163b1dcb0408d3763e7242191`
SSDeep	`6144:UnxgGWA1d6HVJ2bBKYsy5syXum0zOOVZ6xaBgNwR1WMEBzyLDYtKP:Ux6WQAzum0dV8arRIMKc`
Imports Hash	`bac7991c89fd1762cdb08f8e011631b8`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	1992-Jun-19 22:22:17
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_BYTES_REVERSED_HI` `IMAGE_FILE_BYTES_REVERSED_LO` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x55200`
SizeOfInitializedData	`0x8400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00056100 (Section: CODE)`
BaseOfCode	`0x1000`
BaseOfData	`0x57000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`1.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x64000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

CODE

MD5	`5090d6cc5347b7424c57a98950f43601`
SHA1	`952e10734c80814b293d9c88385bf72e0b4e4e4a`
SHA256	`144f5e5ce7963910b459563dcc86bccaca632e2c021a67cf06f169d6df1f2db9`
SHA3	`ad4b6f0643048634fa6c56c4ee8694e1d1fefa198e6d3c91e09fd164c789f92a`
VirtualSize	`0x55174`
VirtualAddress	`0x1000`
SizeOfRawData	`0x55200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.82959`

DATA

MD5	`df1edfe71186c44b9c163cb6ae14cd70`
SHA1	`13c98a1d15c2c081999bc530eda994c64d4e9761`
SHA256	`6bcca397561d54d3197f97704ad53bbfcdd0df02e918e9378d51a81699dc2f8b`
SHA3	`2ff896bca707d94b5768d06da9ee328f809c29ddeb2301cb7dd761b234177f9b`
VirtualSize	`0x5d0`
VirtualAddress	`0x57000`
SizeOfRawData	`0x600`
PointerToRawData	`0x55600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.79901`

BSS

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x668`
VirtualAddress	`0x58000`
SizeOfRawData	`0`
PointerToRawData	`0x55c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`113829163309aa0a2b417d58da40dc74`
SHA1	`c331d1f4025cdb86a829fe77fbb780e05a2f39af`
SHA256	`a60d8a1499dc0c57dcc6bd57a55353baeb1c56a4b5b625c2dbbc1def4d68dac7`
SHA3	`4bbca7c3b0408ada32ae9e2aa447a71271858b56ddbd9ed701a6b737ff8f71a1`
VirtualSize	`0x1566`
VirtualAddress	`0x59000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x55c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.92572`

.tls

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x8`
VirtualAddress	`0x5b000`
SizeOfRawData	`0`
PointerToRawData	`0x57200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rdata

MD5	`7f0cb98f18f23e7b2324e96b772e0965`
SHA1	`786c227627f1440a20a8a7991ccc1241671e35a5`
SHA256	`10eddd568508309aae1f4133ee1658de2f80e45e51aa6ce473238be6a4f669e6`
SHA3	`aa9cea68cb74854deb5f10711a0131ef747a20f5f2aee5d19d3a7d30a130caea`
VirtualSize	`0x18`
VirtualAddress	`0x5c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x57200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`0.204488`

.reloc

MD5	`abf82d4755b2dcbfe64bf2a74f4bb6a6`
SHA1	`1eb00a5e5ebffb7f6194502234eeb077b007ffeb`
SHA256	`e89ada27172a46f7b8b7e3f5f3e6b00035b4149ddbae7bdff496280ecc5a5472`
SHA3	`38be4eb8c0fedb2b5f0db73db6e820825dd65c3f11829fd6bdf16517283ab677`
VirtualSize	`0x1f14`
VirtualAddress	`0x5d000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x57400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`6.58937`

.rsrc

MD5	`c33137802b1c2f1c81f1b3cd8e645153`
SHA1	`5cd9c96582d32661cbe9e29cf592327b77580849`
SHA256	`3435754a2455ccfbbd3f157bc21717e59a2164eff83a2db703b4eb29f9445adf`
SHA3	`11e28a824f2c00ac9431a7b8b976680385823f7d4f40204c99c040a2c74119bc`
VirtualSize	`0x4600`
VirtualAddress	`0x5f000`
SizeOfRawData	`0x4600`
PointerToRawData	`0x59400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`4.16764`

Imports

kernel32.dll	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `WideCharToMultiByte` `TlsSetValue` `TlsGetValue` `MultiByteToWideChar` `GetModuleHandleA` `GetLastError` `GetCommandLineA` `WriteFile` `SetFilePointer` `SetEndOfFile` `RtlUnwind` `ReadFile` `RaiseException` `GetStdHandle` `GetFileSize` `GetFileType` `ExitProcess` `CreateFileA` `CloseHandle`
user32.dll	`MessageBoxA`
oleaut32.dll	`VariantChangeTypeEx` `VariantCopyInd` `VariantClear` `SysStringLen` `SysAllocStringLen`
kernel32.dll (#2)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `WideCharToMultiByte` `TlsSetValue` `TlsGetValue` `MultiByteToWideChar` `GetModuleHandleA` `GetLastError` `GetCommandLineA` `WriteFile` `SetFilePointer` `SetEndOfFile` `RtlUnwind` `ReadFile` `RaiseException` `GetStdHandle` `GetFileSize` `GetFileType` `ExitProcess` `CreateFileA` `CloseHandle`
gdi32.dll	`UnrealizeObject` `StretchBlt` `SetWindowOrgEx` `SetViewportOrgEx` `SetTextColor` `SetROP2` `SetBkMode` `SetBkColor` `SelectPalette` `SelectObject` `SaveDC` `RestoreDC` `RectVisible` `RealizePalette` `MoveToEx` `IntersectClipRect` `GetWindowOrgEx` `GetTextExtentPointA` `GetStockObject` `GetObjectA` `GetDeviceCaps` `GetDIBits` `GetCurrentPositionEx` `GetBitmapBits` `ExcludeClipRect` `EnumFontsA` `DeleteObject` `DeleteDC` `CreateSolidBrush` `CreateRectRgn` `CreatePenIndirect` `CreateFontIndirectA` `CreateDIBitmap` `CreateCompatibleDC` `CreateCompatibleBitmap` `CreateBrushIndirect` `CreateBitmap`
user32.dll (#2)	`MessageBoxA`
comctl32.dll	`ImageList_GetDragImage` `ImageList_DragShowNolock` `ImageList_SetDragCursorImage` `ImageList_DragMove` `ImageList_DragLeave` `ImageList_DragEnter` `ImageList_EndDrag` `ImageList_BeginDrag` `ImageList_SetBkColor` `ImageList_ReplaceIcon` `ImageList_Destroy` `ImageList_Create`

Delayed Imports

1

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2016-Sep-06 06:58:22
Entropy	`3.00046`
MD5	`a04c3c368cb37c07bd5f63e7e6841ebd`
SHA1	`699300bceaa1256818c43fecfc8cad93a59156b2`
SHA256	`ee1c9c194199c320c893b367602ccc7ee7270bd4395d029f727e097634f47f8c`
SHA3	`58722e3138aad1382e284c1605ecd665ced536de4906749ac8d6e11252cc9558`

2

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2016-Sep-06 06:58:22
Entropy	`2.56318`
MD5	`9929115b21c2c59348058d4190392e75`
SHA1	`626fba1825d572ea441d36363307c9935de3c565`
SHA256	`9d9edf87ca203ecc60b246cc783d54218dd0ce77d3a025d0bafc580995a4abd8`
SHA3	`fea156e872544252c625076a6bf3baa733ee5b3d5399716e156734af7a841369`

3

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2016-Sep-06 06:58:22
Entropy	`2.6949`
MD5	`f321ad13d1c3f35a05d67773b4bc27d6`
SHA1	`30aded8525417e2531d5eb88bf2f868172945baa`
SHA256	`99676c52310db365580965ea646ece86c62951bfd97ec0aae9f738a202a90593`
SHA3	`04c839da98a8c50a36697076af5bc6d527560a69153b2f718f065908fd4fe3ad`

4

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2016-Sep-06 06:58:22
Entropy	`2.62527`
MD5	`5ca217e52bdc6f23b43c7b6a23171e6e`
SHA1	`d99dc22ec1b655a42c475431cc3259742d0957a4`
SHA256	`11726dcf1eebe23a1df5eb0ee2af39196b702eddd69083d646e4475335130b28`
SHA3	`b358d8a5b0f400dd2671956ec45486ae1035556837b5289df5f418fe69348b3f`

5

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2016-Sep-06 06:58:22
Entropy	`2.91604`
MD5	`6be7031995bb891cb8a787b9052f6069`
SHA1	`487eb59fd083cf4df02ce59d9b079755077ba1b5`
SHA256	`6f938aab0a03120de4ef8b27aff6ba5146226c92a056a6f04e5ec8d513ce5f9d`
SHA3	`0f1c6c0378a3646c9fbf3678bbeeccf929d32192f02d1ea9d6ba0be5c769e6ab`

6

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2016-Sep-06 06:58:22
Entropy	`2.80231`
MD5	`2e87b3c111e3073a841775c1f8ec5a90`
SHA1	`20292304fa2ef1bfdc4a1000e90a1c16d4765a96`
SHA256	`ce19ace18e87b572e6912306776226af5b8e63959c61cde70a8ff05b3bbdcc41`
SHA3	`9527f09e739c2064835800a7e5c317cb422bdd7237f00fca079a1c62f58a2612`

1 (#2)

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	2016-Sep-06 06:58:22
Entropy	`6.15758`
MD5	`43dac58ed6b49bb59e608d82c149bce4`
SHA1	`080a10efe1945df5bb76c12998cea297cb85adcb`
SHA256	`285bd44cb05141d4a3163addbe27bdb0832a3d1c5f3f9601a3fb21f050e3d583`
SHA3	`ecf14f545c83de466078ee8d7f812efc6c2a3ce73be283543c54df70c7a000a7`

3841

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3a8`
TimeDateStamp	2016-Sep-06 06:58:22
Entropy	`3.22081`
MD5	`f01ffe5f9df20131680ef1a53aadd9ff`
SHA1	`23cf08ab26c9636051ea04d0c0d1be2fba96dcb0`
SHA256	`c299a6cf7addd9334b3b04219ee11ab108b483ffb40e983beb7f45a77432d603`
SHA3	`d90937c6f2ca48c65389ee0fae3f2965c8cbc591fab5e8f35ea6e37330403993`

3842

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x348`
TimeDateStamp	2016-Sep-06 06:58:22
Entropy	`3.27291`
MD5	`2c25bd791c90a5ecf4365f7eb3a72cc3`
SHA1	`0564aa754b6bdf629fbcfb082151a810f48e11ba`
SHA256	`8b87c30f3b0fbcaea400d453cb56fa8b55778c6b50cfc3c09fa5be5d4d16939d`
SHA3	`23e5a9f535d3742e4531e6267808ca1a443857492c13afa88f8a3a5a1445cebb`

3843

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3ac`
TimeDateStamp	2016-Sep-06 06:58:22
Entropy	`3.31636`
MD5	`7d4fbb7d1b51a3a941daf9f69a6ba7f3`
SHA1	`2108559e4213e6c3737d0a245f2888ad10237703`
SHA256	`120f8d457f844894cdbcb38026d2397207a6a2d9d5e641093f6a8a06dd6e7c55`
SHA3	`b3ab563b0b4db01d5a4475b0fd8f6239665e15689f7eb2a9cf91114ca5f96945`

3844

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3e2`
TimeDateStamp	2016-Sep-06 06:58:22
Entropy	`3.28917`
MD5	`3ff292d213f8ef99c3db7d542c1c0415`
SHA1	`753fe12c9d5e8e03a15be30f001950f4abd5cb26`
SHA256	`56db0b798b0e80b356030ae50b7d2b907abbdd2abc8606aed9f24dd3009c5a4d`
SHA3	`35c7b43212ba09e04207d4ced23277e4b209354c44f428abde441e6477b588c4`

3845

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x234`
TimeDateStamp	2016-Sep-06 06:58:22
Entropy	`3.35694`
MD5	`6bc9045d3b92758eeafb4816b4d60e17`
SHA1	`3cf4ac512f1a711717ab1bfe51d32f9826bae2f3`
SHA256	`3ee268dd760afa5b374e9e1fa310fd613b9892e9a88623f07417f6d2e6cf4476`
SHA3	`3d19b9569828aff35701287859b9eae4d6d45cba204a20f3131078942a68f6b8`

3846

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2da`
TimeDateStamp	2016-Sep-06 06:58:22
Entropy	`3.42579`
MD5	`8b77dd18ed20f370b5ec6e38d12f0218`
SHA1	`7092fd5387e77b320c54121bc9db3c86687c5fec`
SHA256	`1f30e1e2c78f01912cfc476a00ac7e9ce6968f87e8291ee6746353eef9943d98`
SHA3	`422e341603d3dc618c058e28a7e574d73fc007909b58832295e0e8bdbba4a97d`

3847

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2fa`
TimeDateStamp	2016-Sep-06 06:58:22
Entropy	`3.27803`
MD5	`41f75583e05dbd1ab0bb046992ac530d`
SHA1	`95200008debd9acb496e2c3fc7f0af5e5d3d8499`
SHA256	`e4963e8ee4307eea5631f669f56538484b7a9a2e378a830c3bcfa92005795493`
SHA3	`dbf340ba130a7c115d62565ac3f9accbb0f2581f93ec3470e6705b5e7dc0b7c7`

3848

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x202`
TimeDateStamp	2016-Sep-06 06:58:22
Entropy	`3.37209`
MD5	`bd9d422d12c8d2d6bce01c239d7a5977`
SHA1	`2aff51ef0c0c574533f666052b9edd6a7d422753`
SHA256	`d5e02f9d82afd8fffb546c6a23310871b0876d9e1e377c672751c140f616c92b`
SHA3	`3d0cb1f2d134ef273771a948716dca167b8f068b93638e5d83e6099078e856ce`

3849

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xc8`
TimeDateStamp	2016-Sep-06 06:58:22
Entropy	`3.46341`
MD5	`a99fa234d8179d01c5eb7f8031cfdabc`
SHA1	`b2681c2e7c9e2097112c61265fb60834f3abdcac`
SHA256	`d4937b6283c32913d90c594a20800b24e20471a8c1797b0b686235de32873c31`
SHA3	`77e3ad8d07dfea1dbcc281773eaaaa067a4d8dff7cc1e5939874a21c5051a82a`

3850

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ec`
TimeDateStamp	2016-Sep-06 06:58:22
Entropy	`3.36478`
MD5	`a6012b964fe17d3c74db403f652ba738`
SHA1	`2d95dd18cd2e73fe596493aceb52839ac762a5a0`
SHA256	`b2fa909b44192a1bab395f4fd9de6148265075959544d0af8a04c9edb417fbb9`
SHA3	`6333877723ea5fbebcc941547398d4c1b9cf5a73afd1b8e343f184ddc08226e1`

3851

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x27a`
TimeDateStamp	2016-Sep-06 06:58:22
Entropy	`3.54267`
MD5	`3325091184a33aa03b0115a523051479`
SHA1	`c6cfc30590c7ee83b962f191d44fd4a23f1760ea`
SHA256	`0a067aa0656686a3572fe1e22527f03107fe0cb219d01033a7a4b5f9f83c8400`
SHA3	`2931abe9f435da1e04f15f5c5809dc5f5d82fdc0befaf40432745a811774a770`

3852

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3aa`
TimeDateStamp	2016-Sep-06 06:58:22
Entropy	`3.33`
MD5	`0b3585fcbe9866f751de76c2a1212dbe`
SHA1	`e9a645f09af132045ec7e2bf3b792ce312ec9366`
SHA256	`0a7ebe55bf87141e5f2006967f980753de14573cfebc6f631408aa7e14908432`
SHA3	`9779bd7e8a26487661ee69a3b0c320c1f206b6ba69a8abcd344c7e0b5e5d9530`

3853

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x7e`
TimeDateStamp	2016-Sep-06 06:58:22
Entropy	`2.54164`
MD5	`87d7ce102272b20feb5ccf0775e9464a`
SHA1	`8d9bd6389e6ec5ca78c65305b2b89fe5c4cd2a1a`
SHA256	`7cacb3a88c4d97346b7b6fe83db84d7c3c8737c3fe36b5043d7c9894c956798a`
SHA3	`e6a4200c798f8f7b81ea2e376785e55b739334c7110fd35316e67205259cf4d1`

4089

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2f2`
TimeDateStamp	2016-Sep-06 06:58:22
Entropy	`3.21823`
MD5	`bbf4b644f9dd284b35eb31573d0df2f7`
SHA1	`4f9885ae629e83464e313af5254ef86f01accd0b`
SHA256	`2c0d32398e3c95657a577c044cc32fe24fa058d0c32e13099b26fd678de8354f`
SHA3	`ebed2e4a929600c1460761d462143feb092840986b31c9748d3aeb8174d4205e`

4090

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x30c`
TimeDateStamp	2016-Sep-06 06:58:22
Entropy	`3.31515`
MD5	`ac2a0551cb90f91d779ee8622682dfb1`
SHA1	`ff0db7d2f48d85ceb3539b21ebe9d0ca3443f1da`
SHA256	`840989e0a92f2746ae60b8e3efc1a39bcca17e82df3634c1643d76141fc75bb3`
SHA3	`58a85f5c53df73aa79e5f5a36aa151ca0d9da4d450ebc2975a3ee827b46342a5`

4091

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2ce`
TimeDateStamp	2016-Sep-06 06:58:22
Entropy	`3.25024`
MD5	`c99b474c52df3049dfb38b5308f2827d`
SHA1	`7375e693629ce6bbd1a0419621d094bcd2c67bb7`
SHA256	`26bda4da3649a575157a6466468a0a86944756643855954120fd715f3c9c7f78`
SHA3	`c6013febd14dd876e3b81111ec17dd2724dbf4147b0ad7be9d03259bcb59fef3`

4093

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	2016-Sep-06 06:58:22
Entropy	`2.86149`
MD5	`aec4e28ea9db1361160cde225d158108`
SHA1	`249013a10cde021c713ba2dc8912f9e05be35735`
SHA256	`d786490af7fe66042fb4a7d52023f5a1442f9b5e65d067b9093d1a128a6af34c`
SHA3	`a067c4d88d719ed8d568951acb776bd798b691a8b153f8d94ba0574ede1fbf4c`

4094

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xb4`
TimeDateStamp	2016-Sep-06 06:58:22
Entropy	`3.20731`
MD5	`c76a8843204c0572bca24ada35abe8c7`
SHA1	`066052030d0a32310da8cb5a51d0590960a65f32`
SHA256	`00a0794f0a493c167f64ed8b119d49bdc59f76bb35e5c295dc047095958ee2fd`
SHA3	`07523cf88b3803ea41acfeb3c9c0c4b5b4b9fb6f9a3232802491d8de1b6c9166`

4095

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xae`
TimeDateStamp	2016-Sep-06 06:58:22
Entropy	`3.04592`
MD5	`4bd4f3f6d918ba49d8800ad83d277a86`
SHA1	`1f5e4c73965fea1d1f729efbe7568dcd081a2168`
SHA256	`34973a8a33b90ec734bd328198311f579666d5aeb04c94f469ebb822689de3c3`
SHA3	`2d01c56a5bf0b390addf4fb5b6ae02f9a64bd03ffd300d3763615bbb8ec911fe`

TBADAP

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xad`
TimeDateStamp	2016-Sep-06 06:58:22
Entropy	`5.36986`
MD5	`515b425138455e1e35c72927597f2c19`
SHA1	`cd685f878e4e9f00c2adc5160f48abd61d553135`
SHA256	`387369f5fa53cf11fbce470cd908ed28eeed0a03cf9f6dd70bc8c9d8d8a6215a`
SHA3	`c3ea4e967edd6f591265b2d6500c43f1e076d7456be5940e1630ea80959dd37b`

32762

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2016-Sep-06 06:58:22
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`dcaa3c032fe97281b125d0d8f677c219`
SHA1	`58fe36409f932549e2f101515abee7a40cf47b2c`
SHA256	`6e1e7738a1b6373d8829f817915822ef415a1727bb5bb7cfe809e31b3c143ac5`
SHA3	`02ef292e1b4a70e439e362af6b4fa213e3816ade45222b78dabab712b6afba54`
Preview

32763

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2016-Sep-06 06:58:22
Entropy	`1.83876`
Detected Filetype	Cursor file
MD5	`a2baa01ccdea3190e4998a54dbc202a4`
SHA1	`e8217df98038141ab4e449cb979b1c3bbea12da3`
SHA256	`c53efa8085835ba129c1909beaff8a67b45f50837707f22dfff0f24d8cd26710`
SHA3	`8874564c406835306368adf5e869422e1bb97109b97c1499caa8af219990e8dc`
Preview

32764

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2016-Sep-06 06:58:22
Entropy	`1.91924`
Detected Filetype	Cursor file
MD5	`aff0f5e372bd49ceb9f615b9a04c97df`
SHA1	`e3205724d7ee695f027ab5ea8d8e1a453aaad0dd`
SHA256	`b07e022f8ef0a8e5fd3f56986b2e5bf06df07054e9ea9177996b0a6c27d74d7c`
SHA3	`9cb042121a5269b80d18c3c5a94c0e453890686aedade960097752377dfa9712`
Preview

32765

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2016-Sep-06 06:58:22
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`48e064acaba0088aa097b52394887587`
SHA1	`310b283d52aa218e77c0c08db694c970378b481d`
SHA256	`43f40dd5140804309a4c901ec3c85b54481316e67a6fe18beb9d5c0ce3a42c3a`
SHA3	`38753084b0ada40269914e80dbacf7656dc94764048bd5dff649b08b700f3ed5`
Preview

32766

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2016-Sep-06 06:58:22
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`1ae28d964ba1a2b1b73cd813a32d4b40`
SHA1	`8883cd93b8ef7c15928177de37711f95f9e4cd22`
SHA256	`ff47a48c11c234903a7d625cb8b62101909f735ad84266c98dd4834549452c39`
SHA3	`a85dadd416ce2d22aa291c0794c45766a0613b853c6e3b884a2b05fc791427b8`
Preview

32767

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2016-Sep-06 06:58:22
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`0893f6ba80d82936ebe7a8216546cd9a`
SHA1	`0754cbdf56c53de9ed7fbd47859d20b788c6f056`
SHA256	`a0adcedb82b57089f64e2857f97cefd6cf25f4d27eefc6648bda83fd5fef66bb`
SHA3	`ce6148ade08ef9b829f83cb13b4c650d9d4a7012bfd1ab697a7870a05f4104f8`
Preview

MAINICON

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2016-Sep-06 06:58:22
Entropy	`1.91924`
Detected Filetype	Icon file
MD5	`80e042259a41ebc0811c1452ad59a73c`
SHA1	`055584d22b8401b73764107f541181855f8e4351`
SHA256	`daec50669948d7253812254df2aff0def2cad87d6e701c0eada57609a65b5cb1`
SHA3	`085c3ed04eeb2f722cc1056d340c75cb7578d2fcd163624c6aba11f686726fcd`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x33c`
TimeDateStamp	2016-Sep-06 06:58:22
Entropy	`5.2891`
MD5	`c21660e4204ff6c2cfa5cc18ac13d96c`
SHA1	`0fe2f382cecaca7db628f60f848b89b17493bc93`
SHA256	`9ba0d9cc200ed03d2c23e944b72e26f30d2c9d3fcae9eef46449b137d05dbf05`
SHA3	`ef3573a7a9df090e8aaaae15cde6645b1cfcfc09153f6cb6ddbbbab1aac85c2d`

String Table contents

Cannot assign a %s to a %s
Cannot create file %s
Cannot open file %s
Stream read error
Stream write error
Out of memory while expanding memory stream
Can't write to a read-only resource stream
WriteObject called twice for the same instance
Class %s not found
Invalid stream format
Resource %s not found
Resource %s is of incorrect class
List index out of bounds
Operation not allowed on sorted string list
String list does not allow duplicates
Tab index out of bounds
A component named %s already exists
''%s'' is not a valid component name
A class named %s already exists
''%s'' is not a valid integer value
Line too long
Invalid property value
Invalid property path
Property does not exist
Property is read-only
Error reading %s.%s: %s
Ancestor for '%s' not found
Bitmap image is not valid
Icon image is not valid
Metafile is not valid
Bitmap is empty
Cannot change the size of an icon
Unknown picture file extension (.%s)
Unsupported clipboard format
Out of system resources
Canvas does not allow drawing
Invalid image size
Too many images
Image dimensions do not match image list dimensions
Invalid ImageList
Unable to Replace Image
Invalid ImageList Index
Error creating window device context
Client of TDrag not initialized
Error creating window class
Error creating window
Cannot focus a disabled or invisible window
Control '%s' has no parent window
Cannot hide an MDI Child Form
Cannot change Visible in OnShow or OnHide
Cannot make a visible window modal
Scrollbar property out of range
%s property out of range
Menu index out of range
Menu inserted twice
Sub-menu is not in menu
Not enough timers available
Printer is not currently printing
Printing in progress
Printer index out of range
Printer selected is not valid
%s on %s
GroupIndex cannot be less than a previous menu item's GroupIndex
Cannot have more than one MDI form per application
Cannot create form. No MDI forms are currently active
Invalid component registration
Can only modify an image if it contains a bitmap
A control cannot have itself as its parent
OK
Cancel
&Yes
&No
&Help
&Close
&Ignore
&Retry
Abort
&All
Cannot drag a form
PutObject to undefined item
Could not load CARDS.DLL
Duplicate CardId found
An error returned from DDE ($0%x)
DDE Error - conversation not established ($0%x)
Error occurred when DDE ran out of memory ($0%x)
Unable to connect DDE conversation
FB
FG
BG
Cannot load older version of TShape
Metafiles
Enhanced Metafiles
Icons
Bitmaps
Grid too large for operation
Too many rows or columns deleted
Grid index out of range
Fixed column count must be less than column count
Fixed row count must be less than row count
%s on line %d
Identifier expected
String expected
Number expected
''%s'' expected
%s expected
Invalid numeric value
Invalid string constant
Invalid property value
Invalid binary value
Outline index not found
Parent must be expanded
Invalid value for current item
Invalid input value
Invalid input value. Use escape key to abandon changes
Invalid outline index
Incorrect level assignment
Invalid selection
File load error
Line too long
Maximum outline depth exceeded
Warning
Error
Information
Confirm
&Yes
&No
OK
Cancel
&Help
No help available
Help
&Abort
&Retry
&Ignore
&All
BkSp
Tab
Esc
Enter
Space
PgUp
PgDn
End
Home
Left
Up
Right
Down
Ins
Del
Shift+
Ctrl+
Alt+
(Unknown)
(None)
Value must be between %d and %d
Cannot create a default method name for an unnamed component
Invalid argument to date encode
Invalid argument to time encode
''%s'' is not a valid date
''%s'' is not a valid time
''%s'' is not a valid date and time
Invalid file name - %s
All files (.)\|.
All
: [ - no volume label - ]
Unable to insert a line
The specified directory does not exist. Create it?
Select Directory
Directory &Name:
D&rives:
&Directories:
&Files: (.)
Ne&twork...
Color
ABCDEFGHIJKLMNOP
Invalid clipboard format
Clipboard does not support Icons
Default
Text exceeds memo capacity
Custom Colors
Operation not supported on selected printer
There is no default printer currently selected
Unable to write to %s
Bits index out of range
(Untitled)
Invalid data type for '%s'
Failed to create key %s
Failed to set data for '%s'
Failed to get data for '%s'
Synchronize called when main VCL thread in a WaitFor call
Unknown RichEdit conversion file extension (.%s)
Menu '%s' is already being used by another form
'%s' is not a valid integer value
'%s' is not a valid floating point value
'%s' is not a valid date
'%s' is not a valid time
'%s' is not a valid date and time
Invalid argument to time encode
Invalid argument to date encode
Out of memory
I/O error %d
File not found
Invalid filename
Too many open files
File access denied
Read beyond end of file
Disk full
Invalid numeric input
Division by zero
Range check error
Integer overflow
Invalid floating point operation
Floating point division by zero
Floating point overflow
Floating point underflow
Invalid pointer operation
Invalid class typecast
Access violation at address %p. %s of address %p
Stack overflow
Control-C hit
Privileged instruction
Operation aborted
Exception %s in module %s at %p.
%s%s
Application Error
Format '%s' invalid or incompatible with argument
No argument for format '%s'
Invalid variant type conversion
Invalid variant operation
Variant method calls not supported
Read
Write
Format result longer than 4096 characters
Format string too long
Error creating variant array
Variant is not an array
Variant array index out of bounds
External exception %x
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
January
February
March
April
May
June
July
August
September
October
November
December
Sun
Mon
Tue
Wed
Thu
Fri
Sat
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday

Version Info

TLS Callbacks

StartAddressOfRawData	`0x45b000`
EndAddressOfRawData	`0x45b008`
AddressOfIndex	`0x4583d4`
AddressOfCallbacks	`0x45c010`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`(EMPTY)`

Load Configuration

RICH Header

Errors

[*] Warning: Section BSS has a size of 0!
[*] Warning: Section .tls has a size of 0!