Manalyze report for a92f13f3a1b3b39833d3cc336301b713

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2016-Jan-30 02:56:43
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to internet browsers: FIREFOX.EXE IEXPLORE.EXE` `Contains domain names: esd-secure.oracle.com http://dummy.xml http://java.sun.com https://javadl-esd-secure.oracle.com https://javadl-esd-secure.oracle.com/update/%s/map-%s.xml https://javadl-esd-secure.oracle.com/update/%s/map-m-%s.xml https://sjremetrics.java.com https://www.java.com https://www.java.com/applet/javaLatestVersion.xml java.sun.com javadl-esd-secure.oracle.com oracle.com secure.oracle.com sjremetrics.java.com www.java.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExA LoadLibraryA LoadLibraryW LoadLibraryExW` `Can access the registry: RegCloseKey RegDeleteValueA RegOpenKeyExA RegCreateKeyExA RegEnumKeyExA RegDeleteKeyA RegQueryInfoKeyW RegSetValueExA RegQueryInfoKeyA RegQueryValueExA RegEnumKeyA` `Possibly launches other programs: CreateProcessA` `Uses Microsoft's cryptographic API: CryptGetHashParam CryptReleaseContext CryptAcquireContextA CryptCreateHash CryptDestroyHash CryptHashData CryptMsgClose CryptQueryObject CryptMsgGetParam CryptStringToBinaryA CryptBinaryToStringA CryptProtectData CryptUnprotectData` `Can create temporary files: CreateFileA GetTempPathA CreateFileW` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Has Internet access capabilities: InternetTimeFromSystemTime InternetTimeToSystemTime InternetCrackUrlA InternetConnectA InternetReadFile InternetGetConnectedState InternetErrorDlg InternetOpenA InternetCloseHandle` `Functions related to the privilege level: OpenProcessToken` `Enumerates local disk drives: GetDriveTypeW` `Manipulates other processes: OpenProcess`
Malicious	VirusTotal score: 64/71 (Scanned on 2021-03-03 17:15:34)	`Bkav: W32.Common.34A8C359` `Elastic: malicious (high confidence)` `MicroWorld-eScan: Trojan.Ransom.AUC` `CAT-QuickHeal: Ransom.Petya.MUE.S6` `McAfee: Generic .jy` `Malwarebytes: Ransom.Petya` `Zillya: Trojan.Petr.Win32.5` `Sangfor: Suspicious.Win32.Save.a` `K7AntiVirus: Trojan ( 004e1c831 )` `Alibaba: Ransom:Win32/Petya.404bad21` `K7GW: Trojan ( 004e1c831 )` `Cybereason: malicious.3a1b3b` `Cyren: W32/Trojan.XMFF-8835` `Symantec: Ransom.Petya` `APEX: Malicious` `Paloalto: generic.ml` `ClamAV: Win.Trojan.Petya-6312160-0` `Kaspersky: Trojan-Ransom.Win32.Petr.l` `BitDefender: Trojan.Ransom.AUC` `NANO-Antivirus: Trojan.Win32.AD.ebjjem` `ViRobot: Trojan.Win32.S.Petya.806912` `SUPERAntiSpyware: Ransom.Petya/Variant` `Avast: Win32:Patched-AWP [Trj]` `Rising: Ransom.Petr!8.4667 (CLOUD)` `Ad-Aware: Trojan.Ransom.AUC` `TACHYON: Trojan/W32.Petr.806912` `Sophos: Mal/Generic-R + Troj/Petya-C` `Comodo: Malware@#3o4z9hhlvmp31` `F-Secure: Trojan.TR/AD.Petya.Y.hhcl` `DrWeb: Trojan.MBRlock.245` `VIPRE: Trojan.Win32.Generic!BT` `TrendMicro: Ransom_PETYA.E` `McAfee-GW-Edition: Generic trojan.jy` `FireEye: Generic.mg.a92f13f3a1b3b398` `Emsisoft: Trojan.Ransom.AUC (B)` `Jiangmin: TrojanRansom.Petya.b` `Webroot: Ransomware.Petya.Gen` `Avira: TR/AD.Petya.Y.hhcl` `Kingsoft: Win32.Troj.Undef.(kcloud)` `Microsoft: Ransom:Win32/Petya` `Gridinsoft: Ransom.Win32.Ransom.oa` `Arcabit: Trojan.Ransom.AUC` `AegisLab: Trojan.Win32.Petr.j!c` `ZoneAlarm: Trojan-Ransom.Win32.Petr.l` `GData: Win32.Trojan.Agent.2A5OIW` `Cynet: Malicious (score: 100)` `AhnLab-V3: Malware/Win32.RL_Generic.R295351` `VBA32: Trojan.MBRlock` `ALYac: Trojan.Ransom.Petya` `MAX: malware (ai score=100)` `Cylance: Unsafe` `Zoner: Trojan.Win32.42050` `ESET-NOD32: Win32/Diskcoder.Petya.A` `TrendMicro-HouseCall: Ransom_PETYA.E` `Tencent: Malware.Win32.Gencirc.10baca93` `Yandex: Trojan.Petr!oS9v/ZMuilY` `Ikarus: Trojan-Ransom.PetYa` `eGambit: Unsafe.AI_Score_99%` `Fortinet: W32/Petya.EOB!tr.ransom` `BitDefenderTheta: Gen:NN.ZexaF.34608.XuW@ay8Hnybi` `AVG: Win32:Patched-AWP [Trj]` `Panda: Trj/WLT.B` `CrowdStrike: win/malicious_confidence_100% (W)` `Qihoo-360: Trojan.Generic`

Hashes

MD5	`a92f13f3a1b3b39833d3cc336301b713`
SHA1	`d1c62ac62e68875085b62fa651fb17d4d7313887`
SHA256	`4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c`
SHA3	`feb48df8b07b0eafe412c16b458dfa3ca2c54531f8b10683b12b978b3fdfc97d`
SSDeep	`24576:z0wz1d5bAbWhrc56zQ9T4Ole+5PIuklOjB:Hd5Vhr4IMTbeGPJHjB`
Imports Hash	`bf084102e13441ce39f8d51d9bf55857`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2016-Jan-30 02:56:43
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`10.0`
SizeOfCode	`0x6fc00`
SizeOfInitializedData	`0x57c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0004D37D (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x71000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0xcb000`
SizeOfHeaders	`0x400`
Checksum	`0xc7a97`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f6bae6253a484c5230b45151efbc9764`
SHA1	`97316b7bbe38a2e8f1673b73c4c0d2a472d0b699`
SHA256	`fdf4355de2333f523a944e828e91d17e1faff409152894003ab9bd3cfcb71a63`
SHA3	`56a9f5957efb3f889dc1190f8a7a15c61fad4a04a0d3f57fb5dca1d4a528df7c`
VirtualSize	`0x6fb5c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x6fc00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.8915`

.rdata

MD5	`b41285be5ef1f91e9cd166df27510dfe`
SHA1	`5958ecde74e4eb29b01ae4bc4a32e9d04a6f0665`
SHA256	`185baf48963fe30baf7b7ab88396eb28d49c2ed06d60458aa6664b65e325a5a6`
SHA3	`723f7a381a641edca38f05dc964ce911960f5de1ee762a69cf01aaafc3a6a91c`
VirtualSize	`0x2267a`
VirtualAddress	`0x71000`
SizeOfRawData	`0x22800`
PointerToRawData	`0x70000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.1909`

.data

MD5	`4f7044a2f370232c7af655af9e9521d9`
SHA1	`22d494e22c52c6a5d48c2790d0c6e7cef97b3788`
SHA256	`4f4c1a0105d1be899bd671ca5d61b45af7eb709e68e138a26031d829e5ca9e3c`
SHA3	`b20353e8e678bfd20292b31cbbf25467d29a904c7243b1b5a4633d65178a0931`
VirtualSize	`0x6824`
VirtualAddress	`0x94000`
SizeOfRawData	`0x3e00`
PointerToRawData	`0x92800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.70604`

.rsrc

MD5	`af9a94eea80373366d933cb63b005850`
SHA1	`315f54fef545a9e7ec7e2dd80e3ed2c7a2cdb3bf`
SHA256	`7168d0c3bd1c27036cbbf2e181e89dfa1a94cacdf9ab7988bc3f53959e685008`
SHA3	`35284151d09356046b14b7accf8f403aeaee861c0c3bf7673533e64abaf2d229`
VirtualSize	`0x2460a`
VirtualAddress	`0x9b000`
SizeOfRawData	`0x24800`
PointerToRawData	`0x96600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.41494`

.reloc

MD5	`baeb46de8a9b5a0b030ee06325b52b05`
SHA1	`b9f0438de27fa5d3e742737df4d66a589516e5f7`
SHA256	`5b3d73a01a19f6b49c7cb036dd1cbb47852c1854fdfaf1f770a18ae983af147c`
SHA3	`758e6bf22ee83ea70be51b0aeba2e55396ee24a2916cbae46ad4269aae13eb47`
VirtualSize	`0xa142`
VirtualAddress	`0xc0000`
SizeOfRawData	`0xa200`
PointerToRawData	`0xbae00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.67711`

Imports

ole32.dll	`IIDFromString` `StringFromGUID2` `OleUninitialize` `OleInitialize` `OleRun` `OleSetContainedObject` `CoInitializeEx` `CoTaskMemAlloc` `CoTaskMemFree` `CoInitialize` `CoTaskMemRealloc` `CoUninitialize` `CoCreateInstance`
SHELL32.dll	`SHGetFolderPathW` `FindExecutableA` `Shell_NotifyIconA` `SHGetFolderPathA` `ShellExecuteExA`
WININET.dll	`InternetTimeFromSystemTime` `InternetTimeToSystemTime` `InternetCrackUrlA` `HttpQueryInfoA` `InternetConnectA` `InternetReadFile` `HttpOpenRequestA` `InternetGetConnectedState` `InternetErrorDlg` `HttpSendRequestA` `InternetOpenA` `InternetCloseHandle`
USER32.dll	`IsChild` `SetFocus` `SetRect` `GetWindowThreadProcessId` `RegisterClassExA` `GetFocus` `GetAncestor` `GetSystemMenu` `GetWindowRect` `GetParent` `GetClientRect` `SendMessageA` `GetClassInfoExW` `GetDC` `TranslateMessage` `RegisterClassExW` `GetWindowLongW` `ReleaseDC` `EnableMenuItem` `SetWindowLongW` `GetDesktopWindow` `SetWindowPos` `CreateWindowExW` `AdjustWindowRectEx` `LoadCursorA` `SetWindowLongA` `GetWindowLongA` `CreateWindowExA` `MessageBoxA` `CharNextA` `DispatchMessageW` `RegisterClassA` `LoadImageA` `GetSystemMetrics` `DispatchMessageA` `PostMessageA` `AppendMenuA` `CreatePopupMenu` `ShowWindow` `MsgWaitForMultipleObjectsEx` `GetCursorPos` `DefWindowProcA` `IsWindowUnicode` `SetWindowTextW` `DefWindowProcW` `wsprintfA` `LoadStringA` `DestroyWindow` `GetMessageA` `GetMessageW` `PostQuitMessage` `TrackPopupMenu` `SetForegroundWindow` `PeekMessageA`
COMCTL32.dll	`InitCommonControlsEx`
VERSION.dll	`GetFileVersionInfoA` `GetFileVersionInfoSizeA` `VerQueryValueW` `VerQueryValueA`
KERNEL32.dll	`GetStdHandle` `WriteConsoleW` `GetConsoleMode` `GetConsoleCP` `GetFileType` `GetStartupInfoW` `HeapSetInformation` `GetSystemTimeAsFileTime` `VirtualQuery` `GetSystemInfo` `GetModuleHandleW` `VirtualAlloc` `GetModuleFileNameW` `HeapAlloc` `HeapFree` `FileTimeToLocalFileTime` `GetDriveTypeW` `FindFirstFileExW` `SetStdHandle` `HeapReAlloc` `GetCPInfo` `RtlUnwind` `LCMapStringW` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `ExitThread` `CreateDirectoryW` `VirtualProtect` `GetFullPathNameW` `HeapCreate` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `SetLastError` `HeapSize` `GetLocaleInfoW` `SetHandleCount` `GetTimeZoneInformation` `SetFilePointer` `FlushFileBuffers` `IsDebuggerPresent` `IsProcessorFeaturePresent` `GetACP` `GetOEMCP` `IsValidCodePage` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `lstrcmpA` `GetModuleHandleA` `FindResourceA` `lstrlenA` `GetModuleHandleExA` `FreeLibrary` `LoadResource` `SetEndOfFile` `InterlockedDecrement` `GetCommandLineA` `WideCharToMultiByte` `InitializeCriticalSectionAndSpinCount` `SizeofResource` `SetDllDirectoryA` `IsDBCSLeadByte` `MultiByteToWideChar` `lstrlenW` `RaiseException` `GetLastError` `lstrcmpiA` `GetProcAddress` `GetModuleFileNameA` `LoadLibraryExA` `CreateMutexA` `DeleteCriticalSection` `CloseHandle` `WaitForSingleObject` `FormatMessageA` `GetExitCodeProcess` `LocalFree` `DeleteFileA` `SetEvent` `CreateEventA` `lstrcatA` `ResetEvent` `WaitForMultipleObjects` `CreateThread` `lstrcpyA` `lstrcpynA` `CreateFileA` `WriteFile` `Sleep` `ReadFile` `OpenEventA` `GetSystemTime` `GetCurrentProcess` `GetTickCount` `GetCurrentProcessId` `GetTempPathA` `SystemTimeToFileTime` `FileTimeToSystemTime` `MulDiv` `InterlockedExchange` `InterlockedExchangeAdd` `LocalAlloc` `GetCurrentThreadId` `FormatMessageW` `GetLocalTime` `ExitProcess` `GetLocaleInfoA` `GetWindowsDirectoryA` `OpenProcess` `TerminateProcess` `GetSystemDirectoryA` `FindFirstFileA` `FindClose` `LoadLibraryA` `LockResource` `GetNativeSystemInfo` `PeekNamedPipe` `SetHandleInformation` `CreateProcessA` `CreateDirectoryA` `GetProcessHeap` `CreatePipe` `GetSystemDefaultUILanguage` `GetThreadLocale` `GetUserDefaultUILanguage` `MoveFileExA` `GetFileAttributesA` `FindNextFileA` `OpenThread` `GetExitCodeThread` `GetModuleHandleExW` `LoadLibraryW` `LoadLibraryExW` `ReleaseMutex` `QueryPerformanceCounter` `QueryPerformanceFrequency` `CreateFileW` `SetFilePointerEx` `InitializeCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InterlockedCompareExchange` `GetStringTypeW` `EncodePointer` `DecodePointer` `GetCurrentDirectoryW` `GetFileInformationByHandle` `GetUserDefaultLCID` `EnumSystemLocalesA` `IsValidLocale` `CompareStringW` `SetEnvironmentVariableA` `InterlockedIncrement` `RemoveDirectoryA`
ADVAPI32.dll	`SetSecurityDescriptorDacl` `InitializeSecurityDescriptor` `RegCloseKey` `RegDeleteValueA` `RegOpenKeyExA` `RegCreateKeyExA` `RegEnumKeyExA` `RegDeleteKeyA` `RegQueryInfoKeyW` `RegSetValueExA` `CryptGetHashParam` `RegQueryInfoKeyA` `GetTokenInformation` `CopySid` `GetWindowsAccountDomainSid` `CreateWellKnownSid` `ConvertStringSecurityDescriptorToSecurityDescriptorW` `ConvertSidToStringSidW` `RegQueryValueExA` `CryptReleaseContext` `CryptAcquireContextA` `CryptCreateHash` `CryptDestroyHash` `CryptHashData` `RegEnumKeyA` `OpenProcessToken`
OLEAUT32.dll	`SysFreeString` `VarUI4FromStr` `VariantClear` `SysAllocString` `VariantCopy` `VariantInit` `VariantChangeType` `GetErrorInfo` `SysStringByteLen`
SHLWAPI.dll	`#12`
GDI32.dll	`GetStockObject` `GetDeviceCaps`
WINTRUST.dll	`WinVerifyTrust`
CRYPT32.dll	`CryptMsgClose` `CryptQueryObject` `CertGetNameStringW` `CertFindCertificateInStore` `CertCloseStore` `CryptMsgGetParam` `CryptStringToBinaryA` `CryptBinaryToStringA` `CryptProtectData` `CryptUnprotectData`
msi.dll	`#141` `#168` `#160` `#158` `#115` `#159` `#117` `#8` `#44` `#204` `#189` `#67` `#31` `#137` `#91`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xadaa`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.89436`
Detected Filetype	PNG graphic file
MD5	`ebd95e1e0948090c6ed19746b340ae80`
SHA1	`816016f7c0d1f213b49df19b0d11bd6d70c33aef`
SHA256	`e4df4f4ba785f76bf21264d17811e2809a294b13c0e655f7469a51fcef071f5e`
SHA3	`73fe741d448fc4f9333d4b58783fa0a6a993d9cbd6d996b8fbf8d4a74091f2de`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.26742`
MD5	`783e46b13368f0a2d8947e4972a94a8e`
SHA1	`f9b9e4bd734b12b852faab3f24b7826255feae2e`
SHA256	`49c3ceff833573d4a6d145cc566b5d6bfcb9f0a1aeb27470e2a3f56f280900f6`
SHA3	`f57255cf8548281f41522554a776c375f1945bed671e33ba83d822f8fa45c78a`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.2506`
MD5	`36cbd01c4e54e6bb8549854a0ed6799f`
SHA1	`b759c5f3c6ea226aab70883f922cf2c5fd468c2d`
SHA256	`67987b8a92579b218970356c10a62a5523e6cb4d3015b08d0f4c2be8619dfe06`
SHA3	`a7ecc2732a8b4ecb5e2416794b407d7ce84bbbc0832350c8b14e845a5fa53847`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.16647`
MD5	`3fbc2af732cd39fd0a1476f41f2151a8`
SHA1	`b7761aab6f0625aeb6cd709f5d12efa0dc97884e`
SHA256	`5a7035c802c4c4bda1529e66f059888c675247f5b2a771e82c72d2b21d5bbf04`
SHA3	`58af55a2b39c847836330297db7c22d87e9aa9efd097cc296c526d04aebff8fd`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.18741`
MD5	`393ca0d2ac684470f8711e1c0d73d267`
SHA1	`ed4a62b4bb1fe6b0596668a227d200047208cc78`
SHA256	`a9290f8d164d15e44889e481da4c2b4d97c0b1e5a651fc27baf5d2b8026a4056`
SHA3	`3b8fd86ee8f03917fcbbf131e31eee2fce8b2e5048dd82441fd2abd549e08b0f`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.13082`
MD5	`5ed1cef6d65c06afc874291a1d36b798`
SHA1	`0a25caeb6803ff5b1c3e997569aaa2d236115145`
SHA256	`f5b8eaba36a7d8c226eb06992299bb91b36aa0ea4d310be2114341c27398230b`
SHA3	`683f4b90968ac126552acaa606fbaa51c043398cc64b8866afd5206bfabc3867`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.82688`
MD5	`8b82e2a5dbcdb99b6a077cb0b7dc7e59`
SHA1	`8f464c2390bbf4d68739e29aaa409d42bcc6bb32`
SHA256	`fd0910a9885308d30a6bdc3829321ba63e7a672c657978ee8c588ff002e994cf`
SHA3	`9aa0b45195340b1e651d965cc4005b333a26aa8291ef65cb5d870cabe47f571d`

100

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.91902`
Detected Filetype	Icon file
MD5	`3da2accd8d77ab56a8a641bdbc8c36c9`
SHA1	`73b399ce16ef65274aa7e80fbc7d45e24ee0ca39`
SHA256	`682dd340925c673107146dde86347dd3edc5110c37c60fa7d028ed952f41fde7`
SHA3	`a4da82df1e3c24f14a04b2addf7ffd08f58e6bffc8b2e57380df63d08351801c`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x75e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.24978`
MD5	`ac7be1b128ec14d0a735a4986204c8dc`
SHA1	`0c502d7feda7c4dc172a5af7ef67b8e6050f519c`
SHA256	`ea932f4dd9f86d6a83eb2ca2564c933d0110688404aa8734889f2737c4f6ebfa`
SHA3	`9b2764282aeaf6e7cd7f2a0a04727d5c7afdbdb5d10e21d7387e7d4ca9972a62`

Version Info

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x4946a0`
SEHandlerTable	`0x483e80`
SEHandlerCount	`570`

RICH Header

XOR Key	`0x40c10710`
Unmarked objects	`0`
C++ objects (VS2010 build 30319)	`5`
152 (20115)	`1`
ASM objects (VS2010 SP1 build 40219)	`29`
C++ objects (VS2010 SP1 build 40219)	`72`
C objects (VS2010 SP1 build 40219)	`207`
C objects (VS2008 SP1 build 30729)	`12`
Imports (VS2008 SP1 build 30729)	`29`
Total imports	`351`
175 (VS2010 SP1 build 40219)	`83`
Resource objects (VS2010 SP1 build 40219)	`1`
151	`3`
Linker (VS2010 SP1 build 40219)	`1`

a92f13f3a1b3b39833d3cc336301b713

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

7

100

1 (#2)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors