Manalyze report for af1b2ff11576b8da12a86111f3b650292cbb8da9be91ae94744094698589746a

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2015-Jul-04 00:11:19
Detected languages	English - United Kingdom
FileVersion	`1.7.0.1`
Comments	checksum
FileDescription	point-and-click drive hashing for windows
ProductVersion	`1.7.0.0`
LegalCopyright	corz.org
Author	Cor
CompanyName	corz.org
Contact	checksum@corz.org
Copyright	corz.org
Instructions	Right-click any file or folder in explorer and choose one of the checksum options. Hold down the SHIFT key to bring up the options dialog.
Long Description	checksum is a hashing utility for windows. checksum enables you to create or verify a 'hash', aka. 'digital fingerprint' of any file or folder full of files, even whole disks. once the hash of a file has been generated, it can be checked at any time in the future to verify that not one single bit of data has changed. Even the slightest variation will produce a completely different hash.
ProductName	checksum
Publisher	corz.org
Web Page	http://corz.org/windows/software/checksum/
Compiled	04/07/2015 01:11:18
Build	Public Release

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: http://corz.org`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress LoadLibraryExW LoadLibraryW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowW` `Code injection capabilities: OpenProcess VirtualAllocEx WriteProcessMemory VirtualAlloc` `Code injection capabilities (PowerLoader): GetWindowLongW FindWindowW` `Can access the registry: RegisterHotKey RegEnumValueW RegDeleteValueW RegDeleteKeyW RegEnumKeyExW RegSetValueExW RegCreateKeyExW RegOpenKeyExW RegCloseKey RegQueryValueExW` `Possibly launches other programs: CreateProcessW CreateProcessAsUserW CreateProcessWithLogonW ShellExecuteW` `Can create temporary files: CreateFileW GetTempPathW` `Uses functions commonly found in keyloggers: GetAsyncKeyState AttachThreadInput MapVirtualKeyW GetForegroundWindow` `Has Internet access capabilities: InternetReadFile InternetCloseHandle InternetOpenW InternetSetOptionW InternetCrackUrlW InternetQueryOptionW InternetOpenUrlW InternetConnectW InternetQueryDataAvailable` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken DuplicateTokenEx CheckTokenMembership` `Enumerates local disk drives: GetDriveTypeW GetVolumeInformationW` `Manipulates other processes: OpenProcess WriteProcessMemory ReadProcessMemory Process32FirstW Process32NextW` `Can take screenshots: GetDC FindWindowW CreateCompatibleDC` `Reads the contents of the clipboard: GetClipboardData` `Can shut the system down or lock the screen: ExitWindowsEx InitiateSystemShutdownExW`
Info	The PE's resources present abnormal characteristics.	`Resource SCRIPT is possibly compressed or encrypted.`
Suspicious	VirusTotal score: 2/68 (Scanned on 2021-07-15 22:46:00)	`APEX: Malicious` `Sophos: Generic ML PUA (PUA)`

Hashes

MD5	`46d53ca028b087187f2c7b1987eb22ca`
SHA1	`5da8e41face876e234680365fdae45327586a7c5`
SHA256	`af1b2ff11576b8da12a86111f3b650292cbb8da9be91ae94744094698589746a`
SHA3	`b7d2dff1440ab8ff0c21ac9898d29bd0b3c140513ce4079e64d236edbe5c0136`
SSDeep	`24576:bGphMuzBMCx3Kta4ATJAH1mfpugR/md1bV5aanwe5Upyrfj:CZzO43KtaISugRed1bVkawmf`
Imports Hash	`dd0326cd76d237ab7d6d5701b2657ac0`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2015-Jul-04 00:11:19
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`11.0`
SizeOfCode	`0xa4200`
SizeOfInitializedData	`0x7f800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000002C9D4 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x12c000`
SizeOfHeaders	`0x400`
Checksum	`0x132c9c`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x400000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x400000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`653504b818484cf4ee49c67299ff78be`
SHA1	`a0221c55ac478fdbc72f9d36fd8f447b7734a3d0`
SHA256	`300bc6b6c0c13fdad1bafd20905884ee7992e6a9f0d8cbe4d943cddaca785aa6`
SHA3	`106831e70190f37e9dd8c106d60e14237fc2d0bfda59cbb313da247256785e68`
VirtualSize	`0xa4017`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa4200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.48819`

.rdata

MD5	`d0db9071607739ef84a929bf8c30b855`
SHA1	`8323f1b4d12ac962c864683ae4ad3f0543ba211c`
SHA256	`56bf25798507f20388581ff12be7992b87d03b32187041410f6d944e0287f1fd`
SHA3	`82bb9b2ec35c9da78ea6a9a0c3f28f8739a3af5cc700f2cdd5dfe81717c339be`
VirtualSize	`0x2cfa0`
VirtualAddress	`0xa6000`
SizeOfRawData	`0x2d000`
PointerToRawData	`0xa4600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.24953`

.data

MD5	`008c29e8d1470383af2296e294df31f4`
SHA1	`141a5f2ed9edbdad51e07986f44073713375d579`
SHA256	`be713a849227c3f69887bfef91e97ebd5c2a26037c4d11c48b3896935953d5cf`
SHA3	`df77d006578b733f7a18cc16c519befe04b659db9ba5f5c9003aa5ec80a06509`
VirtualSize	`0xbb40`
VirtualAddress	`0xd3000`
SizeOfRawData	`0x6a00`
PointerToRawData	`0xd1600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.13069`

.pdata

MD5	`d4b3d4174a17dfa6474e6d280af12659`
SHA1	`2176129cb4d847ace9ce72b1445ffb25b0ad1f89`
SHA256	`5eac2a93b03f57f8512823bedb3d3a2630fbf1a6a24112cf6362638972535ddf`
SHA3	`40286561172df13d66f49242a3b5ee47a89a93be0f8e5cac26eb5f10399cf275`
VirtualSize	`0x711c`
VirtualAddress	`0xdf000`
SizeOfRawData	`0x7200`
PointerToRawData	`0xd8000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.84374`

.rsrc

MD5	`74430e94afc0ac3e62060c8676f9970c`
SHA1	`7fcb29ee8e5c7a8a8d9bea706142e4bbde22114f`
SHA256	`2ea244d6f588e1ca2bb108d728462720266413e990dc9b261536918218b9c5e2`
SHA3	`bbb162a7d3ade83f77868338742be27dc4c48d592287138c0806d6d3d6105218`
VirtualSize	`0x42fec`
VirtualAddress	`0xe7000`
SizeOfRawData	`0x43000`
PointerToRawData	`0xdf200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.75339`

.reloc

MD5	`b8e224f97e8105bdaf4d064769c3c5d4`
SHA1	`dfb9db31a9c329bd1e7ee75a70bc18f2fe3f4530`
SHA256	`d5e824db8abecd0daeaece777a5b342a3827baa5c73983f00f4d369320f0749f`
SHA3	`2e082478c85a941934441a5b1fc88618a88992cb0a8ae5fbc75b9905737e0017`
VirtualSize	`0x1b88`
VirtualAddress	`0x12a000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0x122200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.81868`

Imports

WSOCK32.dll	`__WSAFDIsSet` `recv` `send` `setsockopt` `ntohs` `recvfrom` `select` `WSAStartup` `htons` `accept` `listen` `bind` `closesocket` `connect` `WSACleanup` `ioctlsocket` `sendto` `WSAGetLastError` `inet_addr` `gethostbyname` `gethostname` `socket`
VERSION.dll	`GetFileVersionInfoW` `VerQueryValueW` `GetFileVersionInfoSizeW`
WINMM.dll	`timeGetTime` `waveOutSetVolume` `mciSendStringW`
COMCTL32.dll	`ImageList_Destroy` `ImageList_Remove` `ImageList_SetDragCursorImage` `ImageList_BeginDrag` `ImageList_DragEnter` `ImageList_DragLeave` `ImageList_EndDrag` `ImageList_DragMove` `ImageList_Create` `InitCommonControlsEx` `ImageList_ReplaceIcon`
MPR.dll	`WNetUseConnectionW` `WNetCancelConnection2W` `WNetGetConnectionW` `WNetAddConnection2W`
WININET.dll	`InternetReadFile` `InternetCloseHandle` `InternetOpenW` `InternetSetOptionW` `InternetCrackUrlW` `HttpQueryInfoW` `InternetQueryOptionW` `HttpOpenRequestW` `HttpSendRequestW` `FtpOpenFileW` `FtpGetFileSize` `InternetOpenUrlW` `InternetConnectW` `InternetQueryDataAvailable`
PSAPI.DLL	`GetProcessMemoryInfo`
IPHLPAPI.DLL	`IcmpCreateFile` `IcmpCloseHandle` `IcmpSendEcho`
USERENV.dll	`UnloadUserProfile` `DestroyEnvironmentBlock` `CreateEnvironmentBlock` `LoadUserProfileW`
UxTheme.dll	`IsThemeActive`
KERNEL32.dll	`HeapFree` `Sleep` `GetCurrentThreadId` `MultiByteToWideChar` `MulDiv` `GetVersionExW` `GetSystemInfo` `FreeLibrary` `LoadLibraryA` `GetProcAddress` `SetErrorMode` `GetModuleFileNameW` `WideCharToMultiByte` `lstrcpyW` `lstrlenW` `GetModuleHandleW` `QueryPerformanceCounter` `VirtualFreeEx` `OpenProcess` `VirtualAllocEx` `WriteProcessMemory` `ReadProcessMemory` `CreateFileW` `SetFilePointerEx` `ReadFile` `WriteFile` `FlushFileBuffers` `TerminateProcess` `CreateToolhelp32Snapshot` `Process32FirstW` `Process32NextW` `SetFileTime` `GetFileAttributesW` `FindFirstFileW` `FindClose` `GetLongPathNameW` `DeleteFileW` `FindNextFileW` `MoveFileW` `CopyFileW` `DuplicateHandle` `RemoveDirectoryW` `SetSystemPowerState` `QueryPerformanceFrequency` `FindResourceW` `LoadResource` `LockResource` `SizeofResource` `EnumResourceNamesW` `OutputDebugStringW` `GetTempPathW` `GetTempFileNameW` `DeviceIoControl` `GetLocalTime` `CompareStringW` `DeleteCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `GetStdHandle` `GetProcessHeap` `TerminateThread` `LoadLibraryExW` `FindResourceExW` `VirtualFree` `FormatMessageW` `GetExitCodeProcess` `GetPrivateProfileStringW` `WritePrivateProfileStringW` `GetPrivateProfileSectionW` `WritePrivateProfileSectionW` `GetPrivateProfileSectionNamesW` `FileTimeToLocalFileTime` `FileTimeToSystemTime` `SystemTimeToFileTime` `LocalFileTimeToFileTime` `GetDriveTypeW` `GetDiskFreeSpaceExW` `GetDiskFreeSpaceW` `GetVolumeInformationW` `SetVolumeLabelW` `CreateHardLinkW` `SetFileAttributesW` `GetShortPathNameW` `CreateEventW` `SetEvent` `GetEnvironmentVariableW` `SetEnvironmentVariableW` `GlobalLock` `GlobalUnlock` `GlobalAlloc` `GetFileSize` `GlobalFree` `GlobalMemoryStatusEx` `Beep` `GetSystemDirectoryW` `GetComputerNameW` `GetWindowsDirectoryW` `GetCurrentProcessId` `GetProcessIoCounters` `CreateProcessW` `SetPriorityClass` `LoadLibraryW` `VirtualAlloc` `GetCurrentProcess` `GetCurrentThread` `CloseHandle` `GetLastError` `GetFullPathNameW` `SetCurrentDirectoryW` `IsDebuggerPresent` `GetCurrentDirectoryW` `lstrcmpiW` `RaiseException` `InitializeCriticalSectionAndSpinCount` `EncodePointer` `DecodePointer` `ExitProcess` `GetModuleHandleExW` `ExitThread` `HeapAlloc` `WaitForSingleObject` `CreatePipe` `CreateThread` `GetSystemTimeAsFileTime` `ResumeThread` `GetCommandLineW` `RtlPcToFileHeader` `HeapSize` `RtlUnwindEx` `IsProcessorFeaturePresent` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `SetLastError` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `GetStartupInfoW` `GetStringTypeW` `SetStdHandle` `GetFileType` `GetConsoleCP` `GetConsoleMode` `ReadConsoleW` `SetFilePointer` `GetTimeZoneInformation` `GetDateFormatW` `GetTimeFormatW` `LCMapStringW` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `HeapReAlloc` `WriteConsoleW` `SetEndOfFile` `CreateDirectoryW` `SetEnvironmentVariableA`
USER32.dll	`IsCharAlphaNumericW` `IsCharLowerW` `IsCharUpperW` `GetMenuStringW` `GetSubMenu` `GetCaretPos` `IsZoomed` `GetWindowLongW` `MonitorFromPoint` `GetMonitorInfoW` `SetWindowLongW` `SetLayeredWindowAttributes` `FlashWindow` `GetClassLongPtrW` `TranslateAcceleratorW` `IsDialogMessageW` `GetSysColor` `InflateRect` `DrawFocusRect` `DrawTextW` `FrameRect` `DrawFrameControl` `FillRect` `PtInRect` `DestroyAcceleratorTable` `CreateAcceleratorTableW` `SetCursor` `GetWindowDC` `GetSystemMetrics` `SetWindowLongPtrW` `DrawMenuBar` `GetActiveWindow` `CharNextW` `wsprintfW` `RedrawWindow` `DestroyMenu` `SetMenu` `GetWindowTextLengthW` `CreateMenu` `IsDlgButtonChecked` `DefDlgProcW` `CallWindowProcW` `ReleaseCapture` `SetCapture` `LockWindowUpdate` `DispatchMessageW` `TranslateMessage` `PeekMessageW` `UnregisterHotKey` `CharLowerBuffW` `MonitorFromRect` `LoadImageW` `CreateIconFromResourceEx` `mouse_event` `ExitWindowsEx` `SetActiveWindow` `FindWindowExW` `EnumThreadWindows` `SetMenuDefaultItem` `IsCharAlphaW` `IsMenu` `TrackPopupMenuEx` `GetCursorPos` `DeleteMenu` `CheckMenuRadioItem` `GetMenuItemID` `GetMenuItemCount` `SetMenuItemInfoW` `GetMenuItemInfoW` `SetForegroundWindow` `IsIconic` `BlockInput` `SystemParametersInfoW` `keybd_event` `SendInput` `GetAsyncKeyState` `SetKeyboardState` `GetKeyboardState` `GetKeyState` `VkKeyScanW` `LoadStringW` `DialogBoxParamW` `MessageBeep` `EndDialog` `SendDlgItemMessageW` `GetDlgItem` `SetWindowTextW` `CopyRect` `ReleaseDC` `GetDC` `EndPaint` `BeginPaint` `GetClientRect` `GetMenu` `DestroyWindow` `EnumWindows` `GetDesktopWindow` `IsWindow` `IsWindowEnabled` `IsWindowVisible` `InvalidateRect` `GetWindowLongPtrW` `GetWindowThreadProcessId` `AttachThreadInput` `GetFocus` `GetWindowTextW` `ScreenToClient` `SendMessageTimeoutW` `EnumChildWindows` `CharUpperBuffW` `GetClassNameW` `GetParent` `GetDlgCtrlID` `SendMessageW` `MapVirtualKeyW` `PostMessageW` `GetWindowRect` `SetUserObjectSecurity` `CloseDesktop` `GetKeyboardLayoutNameW` `ClientToScreen` `RegisterHotKey` `GetCursorInfo` `SetWindowPos` `CopyImage` `AdjustWindowRectEx` `SetRect` `SetClipboardData` `EmptyClipboard` `CountClipboardFormats` `CloseClipboard` `GetClipboardData` `IsClipboardFormatAvailable` `InsertMenuItemW` `OpenClipboard` `CloseWindowStation` `OpenDesktopW` `SetProcessWindowStation` `GetProcessWindowStation` `OpenWindowStationW` `GetUserObjectSecurity` `MessageBoxW` `DefWindowProcW` `MoveWindow` `SetFocus` `PostQuitMessage` `KillTimer` `CreatePopupMenu` `RegisterWindowMessageW` `SetTimer` `ShowWindow` `CreateWindowExW` `RegisterClassExW` `LoadIconW` `LoadCursorW` `GetSysColorBrush` `GetForegroundWindow` `MessageBoxA` `DestroyIcon` `FindWindowW` `GetMessageW` `EnableWindow`
GDI32.dll	`SetPixel` `DeleteObject` `GetTextExtentPoint32W` `ExtCreatePen` `StrokeAndFillPath` `StrokePath` `GetDeviceCaps` `CloseFigure` `LineTo` `AngleArc` `CreateCompatibleBitmap` `CreateCompatibleDC` `MoveToEx` `Ellipse` `PolyDraw` `BeginPath` `Rectangle` `SetViewportOrgEx` `GetObjectW` `SetBkMode` `RoundRect` `SetBkColor` `SelectObject` `CreatePen` `CreateSolidBrush` `SetTextColor` `CreateFontW` `GetTextFaceW` `GetStockObject` `CreateDCW` `GetPixel` `DeleteDC` `GetDIBits` `StretchBlt` `EndPath`
COMDLG32.dll	`GetSaveFileNameW` `GetOpenFileNameW`
ADVAPI32.dll	`GetAclInformation` `RegEnumValueW` `RegDeleteValueW` `RegDeleteKeyW` `RegEnumKeyExW` `RegSetValueExW` `RegCreateKeyExW` `GetUserNameW` `RegOpenKeyExW` `RegCloseKey` `RegQueryValueExW` `RegConnectRegistryW` `InitializeSecurityDescriptor` `InitializeAcl` `AdjustTokenPrivileges` `OpenThreadToken` `OpenProcessToken` `LookupPrivilegeValueW` `DuplicateTokenEx` `CreateProcessAsUserW` `CreateProcessWithLogonW` `GetLengthSid` `CopySid` `InitiateSystemShutdownExW` `LogonUserW` `AllocateAndInitializeSid` `CheckTokenMembership` `FreeSid` `GetTokenInformation` `GetSecurityDescriptorDacl` `SetSecurityDescriptorDacl` `AddAce` `GetAce`
SHELL32.dll	`DragQueryPoint` `ShellExecuteExW` `DragQueryFileW` `SHEmptyRecycleBinW` `SHGetPathFromIDListW` `SHBrowseForFolderW` `SHCreateShellItem` `SHGetDesktopFolder` `SHGetSpecialFolderLocation` `SHGetFolderPathW` `SHFileOperationW` `ExtractIconExW` `Shell_NotifyIconW` `ShellExecuteW` `DragFinish`
ole32.dll	`CoTaskMemAlloc` `CoTaskMemFree` `CLSIDFromString` `ProgIDFromCLSID` `CLSIDFromProgID` `OleSetMenuDescriptor` `MkParseDisplayName` `OleSetContainedObject` `CoCreateInstance` `IIDFromString` `StringFromGUID2` `CreateStreamOnHGlobal` `CoInitialize` `CoUninitialize` `GetRunningObjectTable` `CoGetInstanceFromFile` `CoGetObject` `CoInitializeSecurity` `CoCreateInstanceEx` `CoSetProxyBlanket`
OLEAUT32.dll	`SysStringLen` `VariantChangeType` `DispCallFunc` `CreateStdDispatch` `CreateDispTypeInfo` `UnRegisterTypeLib` `RegisterTypeLib` `LoadTypeLibEx` `VariantCopyInd` `SysReAllocString` `VariantTimeToSystemTime` `SafeArrayDestroyDescriptor` `SafeArrayDestroyData` `SafeArrayUnaccessData` `SafeArrayAccessData` `SafeArrayAllocData` `SafeArrayAllocDescriptorEx` `VariantInit` `VariantClear` `VariantCopy` `SysAllocString` `VarR8FromDec` `SafeArrayGetVartype` `OleLoadPicture` `QueryPathOfRegTypeLib` `SysFreeString` `SafeArrayCreateVector`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.66371`
MD5	`d6f27bf763eb666af934477958acf362`
SHA1	`f724ee386cda31b32b5c88e08b9abf562c016a57`
SHA256	`62ba0b2575098d4428c9a99bd060ef7572071698bf9d03b4bd430f5f691378e5`
SHA3	`6f4a250c7a91ddfcc872e14b8ed1e4aa33a5ebb3280f7d021b47aa46edfb9586`

2

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.05883`
MD5	`78f30e363a0499f530d057b4d639d36e`
SHA1	`360bd6476101b0cddc23d2c7eade326c1b16ceaf`
SHA256	`08bcba5aa989c988ea18f8101c84daaee58d4f0b584535a85186c8b98b66147e`
SHA3	`001ac9f6e8e52f9c3eb7101189fb953e2f4babfdea5b6e26b23b99173af38de4`

3

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.25499`
MD5	`ad424f5f5d5ff4460343686c61e4f75e`
SHA1	`29a1f0faadc42f1b9f9767d8c724fdc58dd165c8`
SHA256	`245fc49e4e955e1db3975b826dcf27ad2eb32a6831caa4cb6b501a3914bcfaa9`
SHA3	`4f3a627ee7d533397f7f5c70bb2dafa8857150e674cb31edd96949c7905de509`

4

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.17549`
MD5	`510c498c04288eafe560732e86d44cae`
SHA1	`62fbfd744b176825b72a8a7e9ce61e20a90c2c29`
SHA256	`07da5322aa2d4a4cdd13344a97f6e8a447663f9891b7b11817301a24f57bb468`
SHA3	`c1204612e5890138b4b6612daee93e8ce5f22505557e2ad36714425d864d3c15`

5

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.50747`
MD5	`75619d214774cfd58c18a2bcc4532a26`
SHA1	`62b1decd79b72c00ef75a071574fd0c91d05a261`
SHA256	`1d9f5b54d7899d75d7bfe5829b8b7e1217b6c5ed931420937e11661f26717cc5`
SHA3	`1cb3ef9824119d910530fe095fbccf1e4b9d10a9de8e5a4ce98e7042a82a7e35`

6

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.54881`
MD5	`5393b9c96649ec0dc16b086c7ca73d3d`
SHA1	`dd233679dcab8f71bd463a499d9c23ead67a8eb3`
SHA256	`efbc0793ed0719ed82234eb57bc56ef0a9d50d22df2439b5dbc335e4a4b48090`
SHA3	`e988cd0153f236254f88a376d41f8bdbbaaa463198bfe991d1d8ac93c1dff6ed`

7

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.47526`
MD5	`26c1442e01337ad41e2eb0f8ea5dda42`
SHA1	`dfc56808208dd52476c524bcb5cbb653f33c0f70`
SHA256	`90da08547ed9990e145cde196c015acbaa23a000c739e27fd1f63337db4b1cd2`
SHA3	`04f3d424659f41221d0274a62ec7187a98ecfa7cadc9ea832aa95bd3048316d8`

54

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.54668`
MD5	`b2100375d414e88cfdcdd77bb886ae75`
SHA1	`a8f4d35273ab9ce4d48d1bbab995781df95c94f0`
SHA256	`ba98bb188cc41523f606e4b1ecdc3de2ba75487acb61df15e2e88296aa361e26`
SHA3	`6eaddc9361b7a28f40821aeeb352c3ff679165dfffadc383f2a967e4309007b6`

55

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.37125`
MD5	`2948ac7fa65962266d6265c18ffecf3e`
SHA1	`414ea8ca1179468fedf343a3e6491c02fbd62829`
SHA256	`591e9e6d03569ac71e08379d0d4746adb0dab5db4a9e5f6b5294f8777e05637f`
SHA3	`a4d1400ae883ccdf9d6e9aa9a2ba459b166247d5fe85096e326c33af5d99b229`

56

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.56537`
MD5	`93136f4ffd424653fc643ffcdc94246f`
SHA1	`782b851ca58cb866624387e033147bbcc915eb8c`
SHA256	`303a1789b629d896b1f31f97336876e5f1bec7f01d67c4deaab83758db7fd886`
SHA3	`6f9cf25bf3545dc6638bfc4374ad0a73a2034b37d7adf3eb7188ea43f4fbdaff`

57

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.44914`
MD5	`42ce6f0c33decfda9fe15e189780d3ec`
SHA1	`2dd52fc3e5a8049f822c1017c7d57ae3a4092f3a`
SHA256	`63c87a1ed353830d86a21853ea903b800e9822fdf69b79aa595a636c02ec252e`
SHA3	`2c648b581fb3706173df940b465a3136ba13b8fced53e79813f368188f0aff39`

166

Type	`RT_MENU`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x50`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.68292`
MD5	`8140596ab00b98a11c13e6977d2d0977`
SHA1	`58abc231c2b5ac778a543a5dffcfabe867a6758d`
SHA256	`54f5e2ecbfc4f87380ca7466337676b99d0c4a21f806cf83f69fd48934c857ab`
SHA3	`7ccd3005ef4a3eccdb793d3b975a2f09338df5922357428238910610c0c59b70`

1000

Type	`RT_DIALOG`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0xf0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.95539`
MD5	`06fcec2dd8a8034a7d019e25ee4df65a`
SHA1	`0b202daa6ec2ab2193e933e62810864baee785a4`
SHA256	`dc4c4d96cc17a21ebb8dbe5842979ae7584b9ab71996064c8127c6511c6186d3`
SHA3	`0da788339dbf3891e183f0d2af311748f9090c3564edc89b9b95c1f78b517a2e`

7 (#2)

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x5a0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34242`
MD5	`6b7b01cf757d65a3a9d7d0905fc621d8`
SHA1	`2b8040f53671262e16626464ada9587d3d6d59fc`
SHA256	`50cbafb0f31b79e7ca53507ba82e4bf9132f081337ac4da91b84648586a0d919`
SHA3	`f71d02b6f831712c88dda4e860b9150b7513a8c90d038fc5364a7365d25bd7ce`

8

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x68a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.2817`
MD5	`5beaeebda5346956e395fad21661f382`
SHA1	`201f2f699e6917e953821d64105b226fdd8b5528`
SHA256	`9306910d4bb273465765832df77fb1fd78bd6e0bcbf9908636e323c34c92b613`
SHA3	`d6430a84edfc22e41b15dd4f7cfc2d249bf5a637189d9284f062644b1503f9ee`

9

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x490`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.28849`
MD5	`6b12d17c7622d8215889a2288098fa15`
SHA1	`a511bf459e5043fcb234829bf66a99565c244652`
SHA256	`e47fa3aec12353f6370b941bc5855e5551530c7b26f925b5a2e2692a0201450c`
SHA3	`8e3541de418e1046806ffb977c8babecd093b9816c92883261b074d1c47d96fb`

10

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x600`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.28103`
MD5	`5e2b0cf0dee57b85adac928b35dc04fe`
SHA1	`02c11b39c33d87ad66eed099fcfec7ad1633ac31`
SHA256	`fc7533f549e5f4189155288a2fad3e655391d3371b4987f42cdce4bb1118094d`
SHA3	`85730b28454e39e2a2b42abbdeb23dee8b00d6534e2422cf974a886ca7b0edfb`

11

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x65c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.26322`
MD5	`9bc568a6176f738ffb3109e53235b579`
SHA1	`b97786555bfa05f958f174e294080e235d91b571`
SHA256	`d38369002e36f73866a0d40b13e069b9ffdbda50957f4c88d52a72fecb9b4e45`
SHA3	`94318c553eb0928412a92e8cf9913ca5c35a03aa8c24bf151a6764793b2f6f90`

12

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x458`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.25314`
MD5	`251675704b2ae5ba25fdb42cfd5763a2`
SHA1	`ee6f9184dba0bd45090ee00b16c9173733097d10`
SHA256	`b423df5c81edfbf66e9814323858314b319d99e3cfee8cf122b0e4e2db2b91c8`
SHA3	`813dc50281d88546821d919d9884cffb16891934593a390c0123c64c6c975f67`

313

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x158`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.08572`
MD5	`193a9143563395ad14c6dac83d32e2ad`
SHA1	`87ca08eb609f9ceabbd8ea7a64263de9a05bbb22`
SHA256	`b3711acbe8e01fee7fd362112b4e42da05c728e98b85c0a3b4cb075977849cee`
SHA3	`7634b4daca191c6fa53de1d5964fa47f382afccebf5744e70a702fd179fad715`

SCRIPT

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x37d90`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99929`
MD5	`7605555107ec68a433024ad5015f4891`
SHA1	`19918304bd405ca30f2c8f938a10bf0aeb37f481`
SHA256	`5e639aa54ae07d87e6b8fee5861b479fb929a0314bec6b10a87a4b3084eab34a`
SHA3	`775dc3546c8965dd1f9ed0bdda89b705c99779115569573cef5d3dd7998eb321`

99

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.50341`
Detected Filetype	Icon file
MD5	`95beaaf4e106102ed747a67713d5b8ca`
SHA1	`421a5b3fba3ccf27515d190b5656b9a9f79012d1`
SHA256	`2dc88106dfd0a2a87471f304eaf9045518858085acf4f13f47fe480a07a4470c`
SHA3	`0cae5587054de6d2002a540dedcd97d01ef37ec815fd4dace82973083c29c5a5`

162

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.02322`
Detected Filetype	Icon file
MD5	`7a9605cb416b1a091d889b9d9f37ec66`
SHA1	`866c01641d672b6cd69901c1e055f174f47b35bb`
SHA256	`6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164`
SHA3	`af43e622bf6c842d1ada2985f8e68920ff7b22d8a0b1a12871968c23b5065651`

164

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.84274`
Detected Filetype	Icon file
MD5	`f64c60b749269fcf6659c450dda98486`
SHA1	`42945c3496bc4e1943a1a05926a9b5ee31d3e450`
SHA256	`ae172a9a2fd008910b537c92a95b38bfba0e5bbdaaca719bf686e6415a7a2ba1`
SHA3	`443830acdeb37f2b7f844756492b2b11f9fb93e9171617d8c799cebfd05cb37f`

169

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.02322`
Detected Filetype	Icon file
MD5	`60f05e3b8ea9e18928923bdbcc112277`
SHA1	`d97726a6e9c326a37507f879feca7e152157839c`
SHA256	`7698ef362b288a7e3b96304ca50814b42518cba38598db9dbb36d8b90212d76a`
SHA3	`390fd88c6012552aecc7f109e733a1bf00339b8b3758127752832484c9f13ce6`

201

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.54784`
Detected Filetype	Icon file
MD5	`c9431534eefbeb430ef0e0d0575da14e`
SHA1	`1649c438194c0ab891fd4f8759bafb40f33d2f4d`
SHA256	`179f140cf758a4bcab35c9bfa811d0094fbbcbe4d82fdd140794756ce9ca54cf`
SHA3	`db845cd8b5ec16c5a0073e188a88ddc3d91a813a887241d29f03bfcb609837a1`

1 (#2)

Type	`RT_VERSION`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x890`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.4134`
MD5	`900e68c24a7097b4d3c1a8e67f41c27c`
SHA1	`82fbd861be3a02084bb82e32c371393c6b6bddd8`
SHA256	`7d3df419f92e0e1438779b69056bc9f4b3eeabcef506ab850d8c256e821fd863`
SHA3	`2eea31aafad9b406220071fea67eb9bc6eb0e7251f089e346ebccaba3f0c7395`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x3b0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.38312`
MD5	`2b71f29584c60b1b3af72f0a2d1eb914`
SHA1	`e218d720360d198c0b89cd4a03adf449ad2421c3`
SHA256	`c05698e03020c9d6a92408a69515367457b96ddf1c5697f630c230687bb9ecb6`
SHA3	`e7e2ca890a43c79c37153176606b6dca058e0c33c171012e73b492fd47bff822`

String Table contents

(Paused)
Program Error
checksum has detected the stack has become corrupt.

Stack corruption typically occurs when either the wrong calling convention is used or when the function is called with the wrong number of arguments.

checksum supports the __stdcall (WINAPI) and __cdecl calling conventions. The __stdcall (WINAPI) convention is used by default but __cdecl can be used instead. See the DllCall() documentation for details on changing the calling convention.
"EndWith" missing "With".
Badly formatted "Func" statement.
"With" missing "EndWith".
Missing right bracket ')' in expression.
Missing operator in expression.
Unbalanced brackets in expression.
Error in expression.
Error parsing function call.
Incorrect number of parameters in function call.
"ReDim" used without an array variable.
Illegal text at the end of statement (one statement per line).
"If" statement has no matching "EndIf" statement.
"Else" statement with no matching "If" statement.
"EndIf" statement with no matching "If" statement.
Too many "Else" statements for matching "If" statement.
"While" statement has no matching "Wend" statement.
"Wend" statement with no matching "While" statement.
Variable used without being declared.
Array variable has incorrect number of subscripts or subscript dimension range exceeded.
Variable subscript badly formatted.
Subscript used on non-accessible variable.
Too many subscripts used for an array.
Missing subscript dimensions in "Dim" statement.
No variable given for "Dim", "Local", "Global", "Struct" or "Const" statement.
Expected a "=" operator in assignment statement.
Invalid keyword at the start of this line.
Array maximum size exceeded.
"Func" statement has no matching "EndFunc".
Duplicate function name.
Unknown function name.
Unknown macro.
Unable to get a list of running processes.
Invalid element in a DllStruct.
Unknown option or bad parameter specified.
Unable to load the internet libraries.
"Struct" statement has no matching "EndStruct".
Unable to open file, the maximum number of open files has been exceeded.
"ContinueLoop" statement with no matching "While", "Do" or "For" statement.
Invalid file filter given.
Expected a variable in user function call.
"Do" statement has no matching "Until" statement.
"Until" statement with no matching "Do" statement.
"For" statement is badly formatted.
"Next" statement with no matching "For" statement.
"ExitLoop/ContinueLoop" statements only valid from inside a For/Do/While loop.
"For" statement has no matching "Next" statement.
"Case" statement with no matching "Select"or "Switch" statement.
"EndSelect" statement with no matching "Select" statement.
Recursion level has been exceeded - checksum will quit to prevent stack overflow.
Cannot make existing variables static.
Cannot make static variables into regular variables.
Badly formated Enum statement
This keyword cannot be used after a "Then" keyword.
"Select" statement is missing "EndSelect" or "Case" statement.
"If" statements must have a "Then" keyword.
Badly formated Struct statement.
Cannot assign values to constants.
Cannot make existing variables into constants.
Only Object-type variables allowed in a "With" statement.
"long_ptr", "int_ptr" and "short_ptr" DllCall() types have been deprecated. Use "long", "int" and "short*" instead.
Object referenced outside a "With" statement.
Nested "With" statements are not allowed.
Variable must be of type "Object".
The requested action with this object has failed.
Variable appears more than once in function declaration.
ReDim array can not be initialized in this manner.
An array variable can not be used in this manner.
Can not redeclare a constant.
Can not redeclare a parameter inside a user function.
Can pass constants by reference only to parameters with "Const" keyword.
Can not initialize a variable with itself.
Incorrect way to use this parameter.
"EndSwitch" statement with no matching "Switch" statement.
"Switch" statement is missing "EndSwitch" or "Case" statement.
"ContinueCase" statement with no matching "Select"or "Switch" statement.
Assert Failed!
Obsolete function/parameter.
Invalid Exitcode (reserved for internal use).
Variable cannot be accessed in this manner.
Func reassign not allowed.
Func reassign on global level not allowed.
Unable to parse line.
Unable to open the script file.
String missing closing quote.
Badly formated variable or macro.
Missing separator character after keyword.

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.7.0.1
ProductVersion	1.7.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United Kingdom
FileVersion (#2)	1.7.0.1
Comments	checksum
FileDescription	point-and-click drive hashing for windows
ProductVersion (#2)	1.7.0.0
LegalCopyright	corz.org
Author	Cor
CompanyName	corz.org
Contact	checksum@corz.org
Copyright	corz.org
Instructions	Right-click any file or folder in explorer and choose one of the checksum options. Hold down the SHIFT key to bring up the options dialog.
Long Description	checksum is a hashing utility for windows. checksum enables you to create or verify a 'hash', aka. 'digital fingerprint' of any file or folder full of files, even whole disks. once the hash of a file has been generated, it can be checked at any time in the future to verify that not one single bit of data has changed. Even the slightest variation will produce a completely different hash.
ProductName	checksum
Publisher	corz.org
Web Page	http://corz.org/windows/software/checksum/
Compiled	04/07/2015 01:11:18
Build	Public Release

Resource LangID	English - United Kingdom

IMAGE_DEBUG_TYPE_RESERVED

Characteristics	`0`
TimeDateStamp	2014-Jun-01 17:45:09
Version	`0.0`
SizeofData	`4`
AddressOfRawData	`0xc5c30`
PointerToRawData	`0xc4230`

TLS Callbacks

Load Configuration

Size	`0x70`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1400d4210`

RICH Header

XOR Key	`0x56de5d3`
Unmarked objects	`0`
199 (41118)	`1`
C objects (50929)	`176`
ASM objects (50929)	`21`
C++ objects (50929)	`50`
C objects (VS2008 SP1 build 30729)	`8`
135 (VS2008 SP1 build 30729)	`1`
Imports (VS2008 SP1 build 30729)	`37`
Total imports	`537`
216 (VS2012 UPD4 build 61030)	`77`
ASM objects (VS2012 UPD4 build 61030)	`1`
Resource objects (VS2012 UPD4 build 61030)	`1`
151	`1`
Linker (VS2012 UPD4 build 61030)	`1`

Errors

Leave a comment

No comments yet.