Manalyze report for b844137dcc0e3f2a944ee79259286d26

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1992-Jun-19 22:22:17
Detected languages	English - United States

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: bitcrypter.com crypter.com http://www.bitcrypter.com http://www.crypter.com www.bitcrypter.com www.crypter.com`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryExA GetProcAddress LoadLibraryA` `Can access the registry: RegQueryValueExA RegOpenKeyExA RegCloseKey` `Manipulates other processes: WriteProcessMemory`
Suspicious	The file contains overlay data.	`400747 bytes of data starting at offset 0x3de00.` `The overlay data has an entropy of 7.99686 and is possibly compressed or encrypted.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`b844137dcc0e3f2a944ee79259286d26`
SHA1	`6a3b67d4730a863f54b5ef49269a586e810caa82`
SHA256	`caba09aa73b632725e8f2e24971bc8660a9fd477a428a09bd968049a241f71f1`
SHA3	`5ac30c4537872c9195e412496b24cf0a51547bde469f652a9be1d55c7a4c4ab1`
SSDeep	`12288:eP7r9r/+ppppppppppppppppppppppppppppp0Gu5bqlPdxjMFMUPNf/aWvC0ij4:e1qyKxoNt/tSjNG`
Imports Hash	`6e91350111ba006e2730d333ea6b85ab`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	1992-Jun-19 22:22:17
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_BYTES_REVERSED_HI` `IMAGE_FILE_BYTES_REVERSED_LO` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x7000`
SizeOfInitializedData	`0x36a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00007AE4 (Section: CODE)`
BaseOfCode	`0x1000`
BaseOfData	`0x8000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x45000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

CODE

MD5	`04bc1088a8f227493a1cee469fa4e8d9`
SHA1	`1f0982a41eb8a56a14d617156035054c5621f2de`
SHA256	`25ffa3922f4886c14eddfe5e5d8660c39b351d20ddc0ed6b8d97f335529b4081`
SHA3	`5699e768669a5263addc9e5ffcf3cb761bcb6de000115533b763b865f1d151f5`
VirtualSize	`0x6ee4`
VirtualAddress	`0x1000`
SizeOfRawData	`0x7000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.47695`

DATA

MD5	`3daaca5272717affb384c9a8b780d63d`
SHA1	`6cb109b25c6bc26059fbc09656d6f97a236c1454`
SHA256	`3f82fcf05b13d205a16e32229499a25b86a97d60b26ed8bb88bc4d5c2fdec672`
SHA3	`0e7ff54d970372cbf5b4533e650b6cfaa92fe40e285758512dc6831556b2835f`
VirtualSize	`0x204`
VirtualAddress	`0x8000`
SizeOfRawData	`0x400`
PointerToRawData	`0x7400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.68963`

BSS

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x18f9`
VirtualAddress	`0x9000`
SizeOfRawData	`0`
PointerToRawData	`0x7800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`8571e2c297c737cb80a32b8c7ce365c1`
SHA1	`cfa1962154a0dcb1c35a5320e70f5fa49aa905e4`
SHA256	`92e5b667a050320ca040562dd7f4dcdb2aa376c0dd0c302571c31b21b942a7cb`
SHA3	`6adccd5470fa11346f7114473b6301ad12cb549e8605220a5604fc20f3701e14`
VirtualSize	`0x7f0`
VirtualAddress	`0xb000`
SizeOfRawData	`0x800`
PointerToRawData	`0x7800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.46857`

.tls

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x8`
VirtualAddress	`0xc000`
SizeOfRawData	`0`
PointerToRawData	`0x8000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rdata

MD5	`a7b82b3154611a790d1a096c39c2ef2c`
SHA1	`f958d6e7f3b07ddac40d1052fb0d70b63cc8887a`
SHA256	`af060f8216d142704f8a878c06b062a7e35a7521e3cbff439cf8984de8b0fa78`
SHA3	`bd034d1d8cb403d30398b8a69f31b3418ff30a5e349ef9fd123c56d73b2e44ce`
VirtualSize	`0x18`
VirtualAddress	`0xd000`
SizeOfRawData	`0x200`
PointerToRawData	`0x8000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`0.204488`

.reloc

MD5	`036cc4f8fbf0720f8f0e952fa4f5a05a`
SHA1	`b957331d86ee91b07c9f2cd530e7cbed968dd7ee`
SHA256	`270081be6c0c77bb8512fceeca028b10f2fe038cf8468379366299aa36ffee78`
SHA3	`790eeac6b5fde0785ccd579f8b6adc2fd79e802d65c7459a13482e715eedd8c6`
VirtualSize	`0x904`
VirtualAddress	`0xe000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x8200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`6.38701`

.rsrc

MD5	`c03e8c87afa4027c9c92002cba7b8d69`
SHA1	`7c58f518ca5d594caab360900525ee6c20248005`
SHA256	`b1c7d99f83ece02233da9843f42a521af02f16e92980c000bb48a50175ed56e2`
SHA3	`183b9cc519aa97e166429b8d7df80a2a7eaf36fe9f687c108d53fa3c9a17896b`
VirtualSize	`0x35178`
VirtualAddress	`0xf000`
SizeOfRawData	`0x35200`
PointerToRawData	`0x8c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`4.44495`

Imports

kernel32.dll	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetVersion` `GetCurrentThreadId` `lstrlenA` `lstrcpynA` `LoadLibraryExA` `GetThreadLocale` `GetStartupInfoA` `GetProcAddress` `GetModuleHandleA` `GetModuleFileNameA` `GetLocaleInfoA` `GetLastError` `GetCommandLineA` `FreeLibrary` `FindFirstFileA` `FindClose` `ExitProcess` `WriteFile` `UnhandledExceptionFilter` `SetFilePointer` `SetEndOfFile` `RtlUnwind` `ReadFile` `RaiseException` `GetStdHandle` `GetFileSize` `GetFileType` `CreateFileA` `CloseHandle`
user32.dll	`GetKeyboardType` `MessageBoxA` `CharNextA`
advapi32.dll	`RegQueryValueExA` `RegOpenKeyExA` `RegCloseKey`
oleaut32.dll	`SysFreeString`
kernel32.dll (#2)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetVersion` `GetCurrentThreadId` `lstrlenA` `lstrcpynA` `LoadLibraryExA` `GetThreadLocale` `GetStartupInfoA` `GetProcAddress` `GetModuleHandleA` `GetModuleFileNameA` `GetLocaleInfoA` `GetLastError` `GetCommandLineA` `FreeLibrary` `FindFirstFileA` `FindClose` `ExitProcess` `WriteFile` `UnhandledExceptionFilter` `SetFilePointer` `SetEndOfFile` `RtlUnwind` `ReadFile` `RaiseException` `GetStdHandle` `GetFileSize` `GetFileType` `CreateFileA` `CloseHandle`
kernel32.dll (#3)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetVersion` `GetCurrentThreadId` `lstrlenA` `lstrcpynA` `LoadLibraryExA` `GetThreadLocale` `GetStartupInfoA` `GetProcAddress` `GetModuleHandleA` `GetModuleFileNameA` `GetLocaleInfoA` `GetLastError` `GetCommandLineA` `FreeLibrary` `FindFirstFileA` `FindClose` `ExitProcess` `WriteFile` `UnhandledExceptionFilter` `SetFilePointer` `SetEndOfFile` `RtlUnwind` `ReadFile` `RaiseException` `GetStdHandle` `GetFileSize` `GetFileType` `CreateFileA` `CloseHandle`
gdi32.dll	`CreateFontA`
user32.dll (#2)	`GetKeyboardType` `MessageBoxA` `CharNextA`
kernel32.dll (#4)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetVersion` `GetCurrentThreadId` `lstrlenA` `lstrcpynA` `LoadLibraryExA` `GetThreadLocale` `GetStartupInfoA` `GetProcAddress` `GetModuleHandleA` `GetModuleFileNameA` `GetLocaleInfoA` `GetLastError` `GetCommandLineA` `FreeLibrary` `FindFirstFileA` `FindClose` `ExitProcess` `WriteFile` `UnhandledExceptionFilter` `SetFilePointer` `SetEndOfFile` `RtlUnwind` `ReadFile` `RaiseException` `GetStdHandle` `GetFileSize` `GetFileType` `CreateFileA` `CloseHandle`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.09899`
MD5	`35d0626505772b37fe3a883310d91d7a`
SHA1	`b0aa897a99d3e83793ca0c526d9b88f7daf4cd3c`
SHA256	`1b410c84e8a57b06b9eeb1876b4f69cfefee77fae72e24fed62ac9b8d5a77fa0`
SHA3	`2f481144ac48202be07b4ad56b5c56e1c359e8926c661459f3b9b4d31eb49e9f`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.59953`
MD5	`f918a9311fc55aa02733653e783eaf71`
SHA1	`45da1c5f164075075aeae6131d0bd671edc4b5fd`
SHA256	`c07d11e7fdfe291bf4a98dff0b7e5cbddfbe7dfe5d0eadce9b3bc2ef77fba97a`
SHA3	`f63e76b5a626c75ca00e8d16f1cbb48427d99a391b22de0d5204868cf0c71432`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.14486`
MD5	`e46c30c58f3cb44e236643f6eb6e85e5`
SHA1	`4a432d47cc8a4b9260f892cfb9d2cb52e5fc74f5`
SHA256	`8199c15876e9c64c422be48df591e92e33497e8851b8abf1dde33414ef80efa8`
SHA3	`9cf86942d75d2a53ff4ba27070a6129c1ac1f8d057c71eb9203ed9a0ecd52c32`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.09101`
MD5	`b796c796b3d8ac08799cbc5a4d104f9f`
SHA1	`a893284ce056db38d1e6a9c46d591be084dc1640`
SHA256	`96e75de3b28b4d024c3e9820055ecfa7a3785c8ab6d50a9867d790d908420d4c`
SHA3	`3bda7504def8112fe990528dbe0fd96fb8361066fb050c6cbb5a521332946212`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x35e0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.94665`
Detected Filetype	PNG graphic file
MD5	`846a77216562e12267837f95a0ad51c7`
SHA1	`aace704fe706de969308c46dad4841cfd582cc5d`
SHA256	`28b90965d78cbc8579bf8678d31d9d6b3886ec11e34030ad978e137f0696d263`
SHA3	`0398f499dbd2c06d958abae7834a0487088a6aed7440f8454d2075d0c15b9d4a`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.86974`
MD5	`99e5d6e15b7ba7337b6996d7fbe938ec`
SHA1	`3ba13fbd8363a125c1be7c2d519f719ac9017df1`
SHA256	`74293b021844d2a6b71324abfa01892c4845e1eeb770311f5d18b13e1c27b115`
SHA3	`a3d7d323f1347cff3c8a385b5efdd1d56259910e227d74c8e470730885255c89`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.81963`
MD5	`a449f658f94fcad046cd45cdc227f656`
SHA1	`cffa66154f53fbe9cd70ab2d50dab9e66270054d`
SHA256	`25c550c6dabb52a82dd617d2cb3a6bc27bcf3b15497a07e563f7ea42ae68c2d2`
SHA3	`5bdd2f6d7f687400f76f79fb81c4c771ae81be00aa32101db549a25224d1778e`

8

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x6c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.29158`
MD5	`282e7f4f550128bd16ead0885eda40c1`
SHA1	`f9938f05fb67b4f4f347153fb1a8daca245cb22f`
SHA256	`aebb3208e432aedd2b4f1e3b497ba214642a0b866d7d5903fa8f464ad5e5ee5d`
SHA3	`fe91495235daf64cd8ed441904e1d6f228432f089e0abad1f59aa7e46a943230`

9

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.02008`
MD5	`c167923a143fcdc75da6f69d71aa3937`
SHA1	`d997be794dff9d6f110f4f283185bbc233a2dc27`
SHA256	`79db354661760421dcc522009f9b4d4a95a62c83eef97f6ccbe0537dbd9e88eb`
SHA3	`c5e948c14fe454890ef06f87062250e9b5bc2d1d2cb6a6c9ecab99cef397742f`

10

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.43049`
MD5	`e3049f65f3abc5632e8a18707645785f`
SHA1	`28ca66d229ce5b83888694b8cfa2d3153e7f02b9`
SHA256	`08189cb079d7c469d24a82fd3d031ed08395ee1446d775ac5bae991dfdac2e9c`
SHA3	`7287c7f17a9f177f68cf9b2627e5b23749e99ba34357e02a21d3ac88c92d74a1`

11

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.91014`
MD5	`dc066cb931f579d516a1a37ef7d1a661`
SHA1	`aca52135c3d2a6607ec72617b69633d1b43894c5`
SHA256	`6f7abc15c946ecb8d61c6a3e3d54193ebccdb5478dcd32afb36090ff6bc0a3b4`
SHA3	`fd153785e9781fa5f676968d36cb5e75c2be44473369d22c5401c9cfd5b48c2b`

12

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x67e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.94914`
MD5	`d81a2466d8410c5ecc212f99ba3afb7e`
SHA1	`1c4810ec5bc99ffa1008a78d6395cd247ffd057c`
SHA256	`ff6ec6856140c4230c208a2a732d7106fe1634dff489da5f66bf59cb526c86b9`
SHA3	`cb4f83ee7ff4c7bc4ba64f9c691c3e57199849afe31ba4979f412e17b9d7f95d`

13

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x5488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.84409`
MD5	`bb1a64d7b7f2bb8d709978857a7ba08a`
SHA1	`f80d3284d99793e0bac79793273e5759569d8f52`
SHA256	`c559469b11d8ece83fc529838347b06ee8554f51ae2e1b96889d407c93a17ecd`
SHA3	`eeda14ec4289c63eda9b8076f7321efd846bf4376ef2c5e87206414970cef0a5`

14

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.78027`
MD5	`00cfa6576e567cf775ad0567817685ca`
SHA1	`2b685a4265948c1a936f21f204448adeaf90a01b`
SHA256	`23b22de90190612a34fda14e1c0637400fdc1e0f400e14b695eb4bed799ea61a`
SHA3	`6255fdbd2a77a118f194b1db6dc8cd5b66656f4ee0f04d1c94a6edbea47b308a`

15

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.18214`
MD5	`2bd1617e44bb44db5f26dceac89c9b1e`
SHA1	`08459a4eda6a1b1bbcd7e27df668158288385e96`
SHA256	`b913a26a5d72266a02d6c4b20f8c0a559800eb2fbe46332c5ee43477a27ff8db`
SHA3	`83ede3dcf760cff9aafcaa2cbddef94010e6b8bbc06d1e4ce32bcba3b7be864a`

16

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.35437`
MD5	`3f3a5a5b0d794e4b144c63c100cc57c2`
SHA1	`baa5a75a48e16613f478200f66d47ec6678382a4`
SHA256	`0f858e021225f489f6b0be0f8e72090391a869535b721919b8428910bd59f688`
SHA3	`8295964de67ebd26fdc505fcd424f95b0b232541534082809d6449d1d84b9640`

17

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.55553`
MD5	`99419b12b8f7519179fce2c8f083a092`
SHA1	`a4cca4c5eb88ce6b422a33e7b191fc02c18ad89e`
SHA256	`630f7c7e1b5c67b5580fbee6c0502735339497c3590382eb0de9eb0ad378196d`
SHA3	`0ae60b41bf73ce23cf36754e642aa1647e14afb4aeda6227f6110761c318b85f`

18

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.7944`
MD5	`7e179152e2ae85bbab0a0ddf1d4067cd`
SHA1	`65063a6fedad647cbb13f7b0f15d9a2f536ce670`
SHA256	`75d5d72f1e1307e6070afa038d37d3598385aeb7d6b61e967380f4c04609b72e`
SHA3	`3711d5b1aa7d3ad4539736508155d5119d21a829e7399074defc908a9fae2edc`

1 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x224`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.61237`
MD5	`28f9e098b70ad01491825c8793081fef`
SHA1	`3a509413af4a928cf26f2eccdd3ef171bd05afa0`
SHA256	`956e077c2981bf1ac2c907a20bc02f914a89d91f8223edd20355061296f3fbad`
SHA3	`929f13fa0e8f82adc802dcd1c1648c4ac1844c88b19c896b850a0c36564bc952`

2 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x274`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.63234`
MD5	`b335e3de6eed25c811d5c51fb5a10659`
SHA1	`5d95cc26fbfefbd3962c1887ed8bdd23d43edbb1`
SHA256	`d3376c03bc840b9b72c703f4fca3b8d784f33aea60460da86d6ce7f40dfcea17`
SHA3	`cb0aa37b9dc2c1974b61198be0310257b89e5e97c9738e822733b43fd6cee1ed`

3 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xe0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.3171`
MD5	`c17c9d0c503b6bca3ec0fde961381e99`
SHA1	`525a4cffbb506ad8a9d5352c3f2e1bf81b2d88e0`
SHA256	`b37045f25cc3e155f99a565d32745d9547f7fe5efd622230c02f4c9e95f8a14f`
SHA3	`5af1751a74ca69b258b7c417798b7bca6c78961e32c2d7107072ca43571adb5f`

DVCLAL

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4`
MD5	`d8090aba7197fbf9c7e2631c750965a8`
SHA1	`04f73efb0801b18f6984b14cd057fb56519cd31b`
SHA256	`88d14cc6638af8a0836f6d868dfab60df92907a2d7becaefbbd7e007acb75610`
SHA3	`a5a67ad8166061d38fc75cfb2c227911de631166c6531a6664cd49cfb207e8bb`

PACKAGEINFO

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x5c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.25693`
MD5	`be51c49adb0ea65fc3cae557aaf62f49`
SHA1	`0e573b6f8758a8ac6c014b45f6edec9840c9db65`
SHA256	`5eaf89885eae9813ee65c5373087e28c319b43d88b147eef0c488aa0b9732a4c`
SHA3	`13ea6d83d137e21fca4ed7fb85982a6a83168e6bf4f1b919488dc7d1434a3184`

MAINICON

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x102`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.29655`
Detected Filetype	Icon file
MD5	`62f350c5a107dc9fc7081bf3517d2d4d`
SHA1	`b8e982d43c46f06a30dc2a7e3ba83fcb96f9e487`
SHA256	`303e9aec4421a809c7cb6fe91cd86a8c84005e65d78dca9a5e10195772bc0230`
SHA3	`a6ba588d00e3704fc8383c0865e940d94339b854d86a341a61637d371d0542bd`

String Table contents

oli4vwrip762hpp
Ksi8xyQshypiLerhpiE
Kyi6xjTvsgEhhviww
P~s4ethPmfvev}E
pyw=x~vgqtE
Il\|;mnxTvsgiww
Xri9vxqmrexiTvsgiww
Kwi7xiQshypiJmpiReqiE
Vtx;pnGsqtviwwFyjjiv
Vzx8pgHigsqtviwwJvekqirx
Rkx6YsrqetZmi{SjWigxmsr
Wtl5iupp762hpp
Jzm=rehI\|igyxefpiE
Gfv;ipexiJmpiE
Gmp6srwiLerhpi
H{i7pmixiJmpiE
Vkx7poQsziQiqsv}
Gqv5iyexiTvsgiwwE
Zvm=vixyepEppsgI\|
Kei4x}XlviehGsrxi\|x
Voi=efhTvsgiwwQiqsv}
[uv<mpxiTvsgiwwQiqsv}
Zem;vrxyepTvsxigxI\|
Wni<xlXlviehGsrxi\|x
Vsi:wvyqiXlvieh
R}x:hypp2hpp
Vmx:p{KixGsqtviwwmsr[svoWtegiWm~i
Ksi8xk[mrhs{wHmvigxsv}E
V~I4KfWZGW2I\I
Qnm=ghvswsjx2RIX`Jveqi{svo
yww5i\|v762hpp
P\|s=elhWxvmrkE
Xll<mow$mw$xli$XVMEP$zivwmsr2
lrx:xyt>33{{{2fmxgv}txiv2gsq
QfW;$tWerw$Wivmj
WnX4EeXMG

Version Info

TLS Callbacks

StartAddressOfRawData	`0x40c000`
EndAddressOfRawData	`0x40c008`
AddressOfIndex	`0x4080b0`
AddressOfCallbacks	`0x40d010`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`(EMPTY)`

Load Configuration

RICH Header

Errors

[*] Warning: Section BSS has a size of 0!
[*] Warning: Section .tls has a size of 0!