Manalyze report for b8b14ca4d271082785e5a35ec6d3828a

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2018-Aug-30 14:18:29
Detected languages	English - United States French - France Process Default Language
CompanyName	WinReducer.net
FileDescription	WinReducer EX-100
FileVersion	`2.0.0.0`
InternalName	WinReducerEX100.exe
LegalCopyright	by winterstorm2050 from WinReducer.net (2017)
OriginalFilename	WinReducerEX100.exe
ProductName	WinReducer EX-100
ProductVersion	`2.0.0.0`

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA256` `Uses constants related to TEA`
Suspicious	The PE is possibly packed.	`Unusual section name found:` `Unusual section name found:` `Unusual section name found:` `Unusual section name found:` `Unusual section name found:` `Unusual section name found:` `Unusual section name found:` `Section is both writable and executable.` `The PE only has 6 import(s).`
Info	The PE's resources present abnormal characteristics.	`Resource 24394 is possibly compressed or encrypted.`
Suspicious	The file contains overlay data.	`2518528 bytes of data starting at offset 0x54000.` `The overlay data has an entropy of 7.99993 and is possibly compressed or encrypted.` `Overlay data amounts for 87.9807% of the executable.`
Suspicious	VirusTotal score: 1/67 (Scanned on 2018-09-16 09:46:11)	`Cylance: Unsafe`

Hashes

MD5	`b8b14ca4d271082785e5a35ec6d3828a`
SHA1	`e3a7a4b1856268dda42bf9f23695c96a654502b2`
SHA256	`8a7ad9d9a0f95f14dbb8300dd4196db7351f9fa3b110986dbcb4e5fa7f9f328a`
SHA3	`09f69ba727bb218968ff4221797e1a0f1cb4dd564541101eddcdb469bf0dc563`
SSDeep	`49152:JNYM9mjTuN07IPZYFm6ipzN824zrL3y98X4Hm3HxtBtdkbQTUYFh:JNYM4uN07Zqpzgz4yHNtdQQTUYF`
Imports Hash	`3484aa5b9a6551da9ed46eb1cbb05a8d`

DOS Header

e_magic	`MZ`
e_cblp	`0xecce`
e_cp	`0x1bd3`
e_crlc	`0x2da8`
e_cparhdr	`0x2c5f`
e_minalloc	`0x8e88`
e_maxalloc	`0xa72b`
e_ss	`0xb4f8`
e_sp	`0x95c7`
e_csum	`0x599c`
e_ip	`0xfabd`
e_cs	`0xd605`
e_ovno	`0xd2d2`
e_oemid	`0xb64e`
e_oeminfo	`0xb8b8`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`8`
TimeDateStamp	2018-Aug-30 14:18:29
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`9.0`
SizeOfCode	`0x225206`
SizeOfInitializedData	`0x63573c`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000083F208 (Section: )`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x84f000`
SizeOfHeaders	`0x400`
Checksum	`0x2c0645`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x214e3e`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

(#2)

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x4f0`
VirtualAddress	`0x216000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

(#3)

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x5e1724`
VirtualAddress	`0x217000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

(#4)

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x67c`
VirtualAddress	`0x7f9000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

(#5)

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xc`
VirtualAddress	`0x7fa000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.rsrc

MD5	`357476ca2e35f51761738ef448727261`
SHA1	`71b67513f7f28acd056ff170e5ad25d6c4c4587d`
SHA256	`7b400f090b19648fd5b044f073dce6217adca9eddc1535f29453a6c20238aa81`
SHA3	`806defee80ae37e6a7751711ce49190a0b8679350d22c7034dce34e2a4347a2b`
VirtualSize	`0x41ab8`
VirtualAddress	`0x7fb000`
SizeOfRawData	`0x41c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.55493`

(#6)

MD5	`cf78adb155dc46b3419f909bc045e839`
SHA1	`6deed1a81ff6ba4829e751745cb13349dbc424a8`
SHA256	`504be0d3f012f70e5957de9c95a125cc256701d5a22f4b3fc35aca1173c79c44`
SHA3	`35ed740334d7d396603448ba28593f87dc45192684df9143f1b61c6ddb0e8c9c`
VirtualSize	`0x2000`
VirtualAddress	`0x83d000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x42000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.84115`

(#7)

MD5	`d52005b6708ad316ab4ccc455f331e67`
SHA1	`68af6afcdd829c2987d19910480f3b359cf1d642`
SHA256	`124a10a9876ca85814e3c3b0ada59d324355499ec41816290098bcd4039c25bc`
SHA3	`e6e836dce017359c7e6fdf388475175949f1df2f7a29eb170146c953cc7b9f61`
VirtualSize	`0xfed8`
VirtualAddress	`0x83f000`
SizeOfRawData	`0x10000`
PointerToRawData	`0x44000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.98989`

Imports

kernel32.dll	`GetModuleHandleA`
user32.dll	`CreateWindowExW`
advapi32.dll	`RegisterEventSourceA`
shell32.dll	`ShellAboutA`
MSVCR120.dll	`_cexit`
mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	French - France
Codepage	UNKNOWN
Size	`0x1ddb`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.93583`
Detected Filetype	PNG graphic file
MD5	`b5ba876376164dc99a2873fe2ed752fd`
SHA1	`d62270d1578a86a8ba892b2d523f01c3311d58c6`
SHA256	`3b53db5eda4a13cb2f8492a99d9759fd49899f397c1327909ae642c7ce30d174`
SHA3	`8cf03f97ec59084970866ec7ed0b3e8722ad9daa309b046b4bbe81f17c2bf94c`

2

Type	`RT_ICON`
Language	French - France
Codepage	UNKNOWN
Size	`0x4769`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.94885`
Detected Filetype	PNG graphic file
MD5	`47d8319789b3353ace7e7b5b1428d201`
SHA1	`839fca6014bdd17fb080a14c9d44593c87914390`
SHA256	`488cae8f945caf94d12505a5e8bd8d551a9b7d5ebd60ac54809f8e9e90ffa6ea`
SHA3	`7ddae4701ea2e7a8c72b67d7f7b7750fce96d80664191082295f98eabfbc094d`

3

Type	`RT_ICON`
Language	French - France
Codepage	UNKNOWN
Size	`0x1017c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98757`
Detected Filetype	PNG graphic file
MD5	`cb15bc41c7afeed2ed09c9758ed1bc9d`
SHA1	`d6408b8f66fe13e7b28686b00b2ced3713498e96`
SHA256	`b3ea6e75bb23644af08d8713546a5fa90d066ccf3275d2830d9fb3fe3b343212`
SHA3	`0a5f9eee97db410ddd7ff61f392e4d1d8826c10778e8a74ea05886450bb3c3d5`

4

Type	`RT_ICON`
Language	French - France
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.73905`
MD5	`9c94806a0abbe0558d1b32ac8ea1e9ed`
SHA1	`d9a556e3dcceacf928a89ec3a2927c3c22e0cbbf`
SHA256	`0fa319e78715afbc91a4f52a803fb600297ebf1f0a27fd4cae2611fc66406852`
SHA3	`d9a2ceaaa30d818127cc79bc0c89699bca713f66f2f21af566e29d597cffb62d`

5

Type	`RT_ICON`
Language	French - France
Codepage	UNKNOWN
Size	`0x1e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.52203`
MD5	`e3328ec4522045f899cc2f98fdc28a09`
SHA1	`7e7ae325b8906377d9b1babb1396f998c1449bd1`
SHA256	`0eb9ce61f9491931d63a3f97ad2e7c59294fe77075fa5f8654a63ea5f4ca0a96`
SHA3	`c0a986b055fda9af8897ae2a210240ca5c9cbf80cd228f082986faf4d5d45ab4`

6

Type	`RT_ICON`
Language	French - France
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.64561`
MD5	`b1f3e3e4a88600308559bc223b1db6cd`
SHA1	`e9b1520b5c644fb046e4432c9738d10b097e747d`
SHA256	`a8b7cf50073e74191d8a0fb06079fd81ff0aa9f0b56287c10954f1f21a7b1297`
SHA3	`dbd7c33e3c1f69700578623da6f0b9255705bd8471b9922c8f3d21d94be0d111`

7

Type	`RT_ICON`
Language	French - France
Codepage	UNKNOWN
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.08882`
MD5	`1e5c543aa3d86160bd3f7f8efae57031`
SHA1	`20b92bc65717ca0de01bd12b7ca8a38c751635e3`
SHA256	`41a51c60c3bad3a504ecac5ba538c7491919d618e7fb47a0f02b21d6bf0824f2`
SHA3	`73158c1af86137eec594d719cf799b062e4ca01c556efa6767f181c009f2a184`

8

Type	`RT_ICON`
Language	French - France
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.24759`
MD5	`615855adcf99a28eb65825135e163df2`
SHA1	`14313e0985a172ef626a114d2f0d161e1196af74`
SHA256	`63b6ba99b67b52c52e89e823a59fd646f4a54734356a072d718a8e4c56626c93`
SHA3	`459365932225fcf1316faf0365a315cb1bd64eb40c4c115ede84d722695b9878`

9

Type	`RT_ICON`
Language	French - France
Codepage	UNKNOWN
Size	`0x6c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.29578`
MD5	`0375ba706a299e722e0eafbc3dd7144a`
SHA1	`0919d85c12c082003a96e50bb3e4d7d795f9a85e`
SHA256	`5a7648df0622f5ff6d5375924baece4d2535b39a978546b789cdcf1e3837ba6d`
SHA3	`41d060ba6b2e2e37b16086efdbf26b1e4f16cb36ba9a0e7c83180c55eb235e3b`

10

Type	`RT_ICON`
Language	French - France
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.19987`
MD5	`ff4be7e416f8079bd10b90e0f494bc90`
SHA1	`ef66e41e10c32e886d0b5d18c52684f8af9a1999`
SHA256	`640881c52153af293412da8dd428605edeedd9723b880dc87da28f4ac54cea83`
SHA3	`bcb37d2f6348869e58b13c7bd33fdfe65708f4c0ccfb9d198eecd4a407edcd9f`

11

Type	`RT_ICON`
Language	French - France
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.63383`
MD5	`150c0dcd47d6fb1c1050ee14728838d5`
SHA1	`25d2975221d607da143f9eeea893c8832740bcd2`
SHA256	`a1dc7a53b825ac076d33837dace9a4716d5a1b4e7791cf08c6334a07aca8886f`
SHA3	`8076592d7d5b28c9d84998e65bd2ebfc2992987b2c98d30f8d1f47f83cb19052`

12

Type	`RT_ICON`
Language	French - France
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.82981`
MD5	`623dfeab6cb8ebea349bc0b0af548bdd`
SHA1	`c41afb4f496e453d704b77d5bf6e0ffacc673110`
SHA256	`14403eb9e5fc366d96ea259ed9cef33514818283b54dcec4845a5417fc7a25f7`
SHA3	`e2fe2b90825a83ace78f473cd548b7ded0e130c9d96cea30b43a549fb7e0db09`

13

Type	`RT_ICON`
Language	French - France
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.71637`
MD5	`2d2c037024065582b3a00d9682ccb594`
SHA1	`ae8fc5c51c8a8b691308e6d400b6c5626434bea2`
SHA256	`89be23af75bde5ead0d82d30d31a773f3509a0296a07dfbe69fd40e36ed5f317`
SHA3	`e283b185c558c2fe1d77df5120e0efb66f147fa4a15168b50587af79613e7289`

14

Type	`RT_ICON`
Language	French - France
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.62566`
MD5	`7c91059ddf8cc8f1d08bef4ac113dc10`
SHA1	`1a3f66881ea2cf66a2c625972c86735055bf6a17`
SHA256	`bc40e44f36f99fa1be3fcb56486083964cee1ea4e2e20e336fb573a7c00c2246`
SHA3	`2d80ac166c491a0218ae83e383320f4753817e5a3b40902cea480375393ec681`

15

Type	`RT_ICON`
Language	French - France
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.45482`
MD5	`ffb090043d7c537959e7934d3427ef79`
SHA1	`afc45d70d450d5c880e17d3ee87667ebce26ce58`
SHA256	`beba2b38c5f2973c75bf47bfa3c5ceaf7da35866d2ff8098435110d074ebb59f`
SHA3	`b0cc16ff6b039ddd3272cd7b0cd8aae68521af510f79e5663482fbb1cf7e8096`

16

Type	`RT_ICON`
Language	French - France
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.36608`
MD5	`cd97365ef50275f747f0affab0339713`
SHA1	`846b7e2dae799dde673d4a9d32f5c92074ec81f3`
SHA256	`f6b6524f44f88801f2ccedc1af473b8d75f955ee93c04a6e6b3e641e5f3256e9`
SHA3	`e08e665d835f9ef9963b1496ccdf6aa11ce8aa14abb1923f3425cbc614c43513`

17

Type	`RT_ICON`
Language	French - France
Codepage	UNKNOWN
Size	`0x5488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.35909`
MD5	`b2040dd8a322f598d124e3b8626c9095`
SHA1	`a9d41c66fbe3dc0ff6d5b209e1443eadc1a8d210`
SHA256	`df972055d4511cd7b87871dc931d01c65e2558f6caa23162ff9a81dae6637c03`
SHA3	`cdd87f3bca2122edba6e667ef5411282d883dae579a006fb16f4d0c9150ee3f6`

18

Type	`RT_ICON`
Language	French - France
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.36713`
MD5	`233a13ff8e1dfdc423d28ba722aac53b`
SHA1	`596146b3249f38ae190c47e66db7beb7fab2102d`
SHA256	`c6487c57e70710b904e10f74ca50008aa45be1e4142da229877fdf22cad009f4`
SHA3	`6fafb42f49410aec16543deefeecfb938958c6489d3efd0d1768af2a0ae21859`

19

Type	`RT_ICON`
Language	French - France
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.28141`
MD5	`9828d43e07b853f64a0c6ff564e20099`
SHA1	`4ca491dbedfe23eeca4e8313f46267a4e2ae43bc`
SHA256	`8988915c4f1b97a47ad8a6f1fd155a4ab3c9d6d611d3bb24603fb416c450eb92`
SHA3	`e344d560088e20cf54eb88b69b4506217ce9d54daaafd904e9851e28ef5a6829`

1 (#2)

Type	`RT_GROUP_ICON`
Language	French - France
Codepage	UNKNOWN
Size	`0x110`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.25158`
Detected Filetype	Icon file
MD5	`3bdea4606652a85fc450b745b5162b97`
SHA1	`c47563210b52361bbf36121c3bba78b56a577d57`
SHA256	`7cd147f812943a70d414274fcbca07454be839953fd86d21da02301305bc5fc9`
SHA3	`436b281ecbe1c1b3904669a5a7035e2f78cba75eaa281587e37334e6655e98f5`

1 (#3)

Type	`RT_VERSION`
Language	French - France
Codepage	UNKNOWN
Size	`0x328`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.36812`
MD5	`d09b7949bc59c4ba3928f8a45597594e`
SHA1	`4879776fe1db0b1b66b0761d1c46e96fe93d26ea`
SHA256	`59ddc5d6fc33f126c53a059d50cea189ce5ad4480e033d83e648deb3f6f7fa56`
SHA3	`cec188fda250a3a4e0b99243a15a5a201c761dd72427c9c8e308336cbe61d34f`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x236`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.02902`
MD5	`300ab7b7b520fd322132b07ece0bbb0f`
SHA1	`33b9a84fde27ffb83f847336736dcf4347d26ec6`
SHA256	`8aac71cbc90d07103414d54ba33bb091258086e9afc6cf178b0cd4d30444900a`
SHA3	`ffd396b46ce1af7587369a1b86daa3dfc15db680c03ddffe3abdfe6d84928778`

24394

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.27949`
MD5	`5c77ac2232895c37562cd413f8426ca7`
SHA1	`946bf55eaa1a667a0ffb9903b6c48b549ab37772`
SHA256	`02f5c39f32f052da1da12092447b0362cecc1e2ac0fa9f835e4fe52cdc50501c`
SHA3	`1bd5ffb220d89fb0056c605e275cd97bcc213ebec0a94752c351f4a49b1fed99`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2.0.0.0
ProductVersion	2.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	Process Default Language
CompanyName	WinReducer.net
FileDescription	WinReducer EX-100
FileVersion (#2)	2.0.0.0
InternalName	WinReducerEX100.exe
LegalCopyright	by winterstorm2050 from WinReducer.net (2017)
OriginalFilename	WinReducerEX100.exe
ProductName	WinReducer EX-100
ProductVersion (#2)	2.0.0.0

Resource LangID	French - France

TLS Callbacks

Load Configuration

Size	`0xb4def5ed`
TimeDateStamp	`2035-Jul-22 08:09:27`
Version	`57043.14260`
GlobalFlagsClear	`FLG_APPLICATION_VERIFIER` `FLG_CRITSEC_EVENT_CREATION` `FLG_DEBUG_INITIAL_COMMAND` `FLG_DISABLE_PAGE_KERNEL_STACKS` `FLG_DISABLE_PROTDLLS` `FLG_DISABLE_STACK_EXTENSION` `FLG_ENABLE_CLOSE_EXCEPTIONS` `FLG_ENABLE_CSRDEBUG` `FLG_ENABLE_HANDLE_EXCEPTIONS` `FLG_ENABLE_HANDLE_TYPE_TAGGING` `FLG_ENABLE_SYSTEM_CRIT_BREAKS` `FLG_HEAP_DISABLE_COALESCING` `FLG_HEAP_ENABLE_FREE_CHECK` `FLG_HEAP_ENABLE_TAGGING` `FLG_HEAP_PAGE_ALLOCS` `FLG_HEAP_VALIDATE_ALL` `FLG_HEAP_VALIDATE_PARAMETERS` `FLG_MAINTAIN_OBJECT_TYPELIST` `FLG_POOL_ENABLE_TAGGING` `FLG_STOP_ON_EXCEPTION` `FLG_STOP_ON_HUNG_GUI`
GlobalFlagsSet	`FLG_DEBUG_INITIAL_COMMAND` `FLG_DEBUG_INITIAL_COMMAND_EX` `FLG_DISABLE_DBGPRINT` `FLG_DISABLE_PROTDLLS` `FLG_DISABLE_STACK_EXTENSION` `FLG_ENABLE_CSRDEBUG` `FLG_ENABLE_HANDLE_EXCEPTIONS` `FLG_ENABLE_HANDLE_TYPE_TAGGING` `FLG_ENABLE_KDEBUG_SYMBOL_LOAD` `FLG_ENABLE_SYSTEM_CRIT_BREAKS` `FLG_HEAP_DISABLE_COALESCING` `FLG_HEAP_ENABLE_TAG_BY_DLL` `FLG_HEAP_ENABLE_TAIL_CHECK` `FLG_HEAP_VALIDATE_ALL` `FLG_HEAP_VALIDATE_PARAMETERS` `FLG_KERNEL_STACK_TRACE_DB` `FLG_POOL_ENABLE_TAGGING` `FLG_SHOW_LDR_SNAPS` `FLG_STOP_ON_HUNG_GUI` `FLG_STOP_ON_UNHANDLED_EXCEPTION` `FLG_USER_STACK_TRACE_DB`
CriticalSectionDefaultTimeout	`3724540749`
DeCommitFreeBlockThreshold	`0x3fcd1af97fbceffa`
DeCommitTotalFreeThreshold	`0xbc10faf278fef078`
LockPrefixTable	`0xff78bb389e3c60ff`
MaximumAllocationSize	`0x9de7783fef5875e4`
VirtualMemoryThreshold	`0xfc6cfe67cdef53f1`
ProcessAffinityMask	`0x7c78cef0783c11ea`
ProcessHeapFlags	`HEAP_GENERATE_EXCEPTIONS` `HEAP_NO_SERIALIZE`
CSDVersion	`31578`
Reserved1	`0x7cb6`
EditList	`0xe71e3fbfcd8af970`
SecurityCookie	`0xfc7e1e102b39a3ce`

RICH Header

Errors

[*] Warning: Section  has a size of 0!
[*] Warning: Section  has a size of 0!
[*] Warning: Section  has a size of 0!
[*] Warning: Section  has a size of 0!
[*] Warning: Section  has a size of 0!