b941dd9295c789ca95b86dbdf0805218

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 1970-Jan-01 00:00:00
Detected languages English - United States

Plugin Output

Suspicious PEiD Signature: HQR data file
Suspicious Strings found in the binary may indicate undesirable behavior: Contains references to security software:
  • MSApp.exe
Looks for Qemu presence:
  • qEmU
May have dropper capabilities:
  • CurrentControlSet\services
Contains domain names:
  • .dev.azure.com
  • .eq.dev.azure.com
  • .eq.github.com
  • .eq.go.mongodb.org
  • .eq.golang.org
  • .github.com
  • .golang.org
  • .hash.dev.azure.com
  • .hash.net
  • 0dev.azure.com
  • 1dev.azure.com
  • 2dev.azure.com
  • 4dev.azure.com
  • 5.in.applicationinsights.azure.com
  • 5github.com
  • 6dev.azure.com
  • 7github.com
  • 8dev.azure.com
  • Agithub.com
  • Bdev.azure.com
  • Cdev.azure.com
  • Ddev.azure.com
  • Idev.azure.com
  • a11yproject.com
  • abrechnungsrouter.haevg-rz.de
  • apimgmt-vhok-dev.azure-api.net
  • apimgmt-vhok-prod.azure-api.net
  • applicationinsights.azure.com
  • archive.org
  • auth0.com
  • az.haevg-rz.net
  • azure-api.net
  • azure.com
  • bottom-e.top
  • bound.top
  • boundaries.top
  • bugs.chromium.org
  • bugs.webkit.org
  • bugzilla.mozilla.org
  • c.style.top
  • caniuse.com
  • childrenRect.top
  • chromium.org
  • cloudfoundry.org
  • code.cloudfoundry.org
  • code.google.com
  • component.es
  • css-discuss.incutio.com
  • cssfontstack.com
  • dc.services.visualstudio.com
  • dev.azure-api.net
  • dev.azure.com
  • dev.ssl.abrechnungsrouter.haevg-rz.de
  • developer.mozilla.org
  • developer.paciellogroup.com
  • discuss.incutio.com
  • docs.haevg-rz.de
  • e.bottom-e.top
  • e.specSelectors.info
  • e.top-a.top
  • en.wikipedia.org
  • eq.dev.azure.com
  • eq.github.com
  • eq.go.mongodb.org
  • eq.golang.org
  • example.com
  • facebook.com
  • feross.org
  • func.az.haevg-rz.net
  • getbootstrap.com
  • github.com
  • gmail.com
  • go.mongodb.org
  • golang.org
  • google.com
  • haevg-rz.de
  • haevg-rz.net
  • hash.dev.azure.com
  • html.spec.whatwg.org
  • http://127.0.0.1
  • http://css-discuss.incutio.com
  • http://css-discuss.incutio.com/wiki/Printing_Tables\n
  • http://cssfontstack.com
  • http://fb.me
  • http://haevg-rz.de
  • http://microsoft.com
  • http://nicolasgallagher.com
  • http://pajhome.org.uk
  • http://pajhome.org.uk/crypt/md5
  • http://schemas.xmlsoap.org
  • http://schemas.xmlsoap.org/soap/encoding/
  • http://schemas.xmlsoap.org/soap/envelope/BasicAuth
  • http://schemas.xmlsoap.org/soap/http
  • http://schemas.xmlsoap.org/wsdl/
  • http://schemas.xmlsoap.org/wsdl/http/
  • http://schemas.xmlsoap.org/wsdl/mime/
  • http://schemas.xmlsoap.org/wsdl/soap/
  • http://schemas.xmlsoap.org/wsdl/soap12/
  • http://snook.ca
  • http://stackoverflow.com
  • http://tachyons.io
  • http://tobiasahlin.com
  • http://url.spec.whatwg.org
  • http://url.spec.whatwg.org/#urlutils
  • http://ws-i.org
  • http://www.google.com
  • http://www.w3.org
  • http://www.w3.org/1998/Math/MathML
  • http://www.w3.org/1999/xhtml
  • http://www.w3.org/1999/xlink
  • http://www.w3.org/1999/xlink\
  • http://www.w3.org/2000/svg
  • http://www.w3.org/2000/svg'
  • http://www.w3.org/2000/svg\
  • http://www.w3.org/2001/XMLSchema
  • http://www.w3.org/2001/XMLSchema-instance
  • http://www.w3.org/2001/XMLSchema-instanceidna
  • http://www.w3.org/2001/XMLSchemaDie
  • http://www.w3.org/2003/05/soap-envelope
  • http://www.w3.org/2003/05/soap-envelopeEs
  • http://www.w3.org/TR/CSS2/zindex.html\n
  • http://www.w3.org/XML/1998/namespace
  • http://www.w3.org/XML/1998/namespacexml
  • https://WMIC.exeX-Hash-DDownloadfont
  • https://apimgmt-vhok-dev.azure-api.net
  • https://apimgmt-vhok-dev.azure-api.net/func-vhok-deverrors
  • https://apimgmt-vhok-prod.azure-api.net
  • https://apimgmt-vhok-prod.azure-api.net/func-vhok-prodping
  • https://auth0.com
  • https://bugs.chromium.org
  • https://bugs.chromium.org/p/v8/issues/detail?id
  • https://bugs.webkit.org
  • https://bugs.webkit.org/show_bug.cgi?id
  • https://bugzilla.mozilla.org
  • https://bugzilla.mozilla.org/show_bug.cgi?id
  • https://caniuse.com
  • https://code.google.com
  • https://code.google.com/p/chromium/issues/detail?id
  • https://dc.services.visualstudio.com
  • https://dc.services.visualstudio.com/v2/trackFehler
  • https://dev.ssl.abrechnungsrouter.haevg-rz.de
  • https://dev.ssl.abrechnungsrouter.haevg-rz.de/healthTlsAuthsync
  • https://developer.mozilla.org
  • https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getRandomValues\nvar
  • https://developer.mozilla.org/en-US/docs/Web/API/window.crypto.getRandomValues\n
  • https://developer.mozilla.org/en-US/docs/Web/CSS/
  • https://developer.mozilla.org/en-US/docs/Web/Events/click#Safari_Mobile\n\n//
  • https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Common_types\nconst
  • https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/endsWith\n\n\nfunction
  • https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/includes\n\n\nfunction
  • https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/startsWith\n\n\nfunction
  • https://developer.mozilla.org/en/docs/Web/CSS/z-index\n
  • https://developer.paciellogroup.com
  • https://developer.paciellogroup.com/blog/2018/03/focus-visible-and-backwards-compatibility/\n
  • https://docs.haevg-rz.de
  • https://docs.haevg-rz.de/haevg-pruefmodul-anleitung/
  • https://en.wikipedia.org
  • https://en.wikipedia.org/wiki/Base64#URL_applications
  • https://example.com
  • https://feross.org
  • https://getbootstrap.com
  • https://github.com
  • https://goo.gl
  • https://html.spec.whatwg.org
  • https://html.spec.whatwg.org/multipage/#the-fieldset-and-legend-elements\n
  • https://hugogiraudel.com
  • https://instagram.com
  • https://itv.haevg-rz.de
  • https://itv.haevg-rz.de/healthRandom.binio.File
  • https://itv.haevg-rz.de/healthTlsAuthkonnte
  • https://json-schema.org
  • https://nodejs.org
  • https://petstore.swagger.io
  • https://petstore.swagger.io/v2/swagger.json
  • https://philipwalton.com
  • https://popper.js.org
  • https://popper.js.org/
  • https://popper.js.org\n
  • https://primer.github.io
  • https://primer.github.io/.\n//\n\n.custom-select
  • https://reactjs.org
  • https://redux.js.org
  • https://redux.js.org/Errors?code
  • https://registry.npmjs.org
  • https://registry.npmjs.org/
  • https://registry.npmjs.org/jsencrypt/-/jsencrypt-3.3.2.tgz
  • https://registry.npmjs.org/undici-types/-/undici-types-6.19.8.tgz
  • https://requirejs.org
  • https://smartbear.com
  • https://soundcloud.com
  • https://spdx.org
  • https://spec.openapis.org
  • https://spec.openapis.org/oas/3.1/dialect/base
  • https://spec.openapis.org/oas/3.1/dialect/base\
  • https://ssl.abrechnungsrouter.haevg-rz.de
  • https://ssl.abrechnungsrouter.haevg-rz.de%time%
  • https://ssl.abrechnungsrouter.haevg-rz.de/healthRandom.bincannot
  • https://ssl.abrechnungsrouter.haevg-rz.de/healthTlsAuthreflect
  • https://stackoverflow.com
  • https://tc39.es
  • https://test.itv.haevg-rz.de
  • https://test.itv.haevg-rz.de/healthTlsAuthder
  • https://test.ssl.abrechnungsrouter.haevg-rz.de
  • https://test.ssl.abrechnungsrouter.haevg-rz.de/healthTlsAuthsync/atomic
  • https://test.ssl.abrechnungsrouter.haevg-rz.dekonnte
  • https://twitter.com
  • https://useiconic.com
  • https://validator.swagger.io
  • https://validator.swagger.io/validator
  • https://validator.swagger.io/validator\
  • https://web.archive.org
  • https://web.archive.org/web/20180815150934/http
  • https://westeurope-5.in.applicationinsights.azure.com
  • https://westeurope-5.in.applicationinsights.azure.com/v2/trackreflect.ArrayOf
  • https://www.a11yproject.com
  • https://www.a11yproject.com/posts/2013-01-11-how-to-hide-content/\n//
  • https://www.facebook.com
  • https://www.facebook.com/hashtag/
  • https://www.haevg-rz.de
  • https://www.haevg-rz.de/Konnte
  • https://www.haevg-rz.de/haevg-pruefmodul-hilfestellung/only
  • https://www.haevg-rz.de/kontakt/
  • https://www.phpied.com
  • https://www.phpied.com/delay-loading-your-print-css/\n//
  • https://www.quirksmode.org
  • https://www.quirksmode.org/blog/archives/2014/02/mouse_event_bub.html\n
  • https://www.tiktok.com
  • https://www.tiktok.com/
  • https://www.tiktok.com/tag/
  • https://www.w3.org
  • https://www.w3.org/TR/2013/NOTE-WCAG20-TECHS-20130905/G1\n//\n//
  • https://www.w3.org/TR/mediaqueries-4/#mq-min-max\n//
  • hugogiraudel.com
  • immutable-pure-component.es
  • in.applicationinsights.azure.com
  • incutio.com
  • instagram.com
  • itv.haevg-rz.de
  • jquery.org
  • json-schema.org
  • microsoft.com
  • mongodb.org
  • mozilla.org
  • nicolasgallagher.com
  • nodejs.org
  • npmjs.org
  • offsets.top
  • openapis.org
  • paciellogroup.com
  • padding.top
  • pajhome.org.uk
  • parentRect.top
  • philipwalton.com
  • phpied.com
  • popper.js.org
  • popper.style.top
  • popper.top
  • popperOffsets.top
  • popperStyles.top
  • prod.azure-api.net
  • pure-component.es
  • quirksmode.org
  • r.top-a.top
  • react-immutable-pure-component.es
  • reactjs.org
  • redux.js.org
  • refOffsets.top
  • refRect.top
  • registry.npmjs.org
  • relativeOffset.top
  • requirejs.org
  • s-func.az.haevg-rz.net
  • schema.org
  • schemas.xmlsoap.org
  • services.visualstudio.com
  • smartbear.com
  • snook.ca
  • soundcloud.com
  • spec.openapis.org
  • spec.whatwg.org
  • specSelectors.info
  • ssl.abrechnungsrouter.haevg-rz.de
  • stackoverflow.com
  • style.top
  • system.specSelectors.info
  • t.top-i.top
  • t.top-s.top
  • test.itv.haevg-rz.de
  • test.ssl.abrechnungsrouter.haevg-rz.de
  • this.popper.style.top
  • tiktok.com
  • tobiasahlin.com
  • top-a.top
  • top-i.top
  • top-s.top
  • twitter.com
  • url.spec.whatwg.org
  • useiconic.com
  • vhok-dev.azure-api.net
  • vhok-prod.azure-api.net
  • visualstudio.com
  • web.archive.org
  • webkit.org
  • westeurope-5.in.applicationinsights.azure.com
  • whatwg.org
  • wikipedia.org
  • www.a11yproject.com
  • www.facebook.com
  • www.google.com
  • www.haevg-rz.de
  • www.phpied.com
  • www.quirksmode.org
  • www.tiktok.com
  • www.w3.org
  • xmlsoap.org
  • zloirock.ru
Info Cryptographic algorithms detected in the binary: Uses constants related to MD5
Uses constants related to SHA1
Uses constants related to SHA256
Uses constants related to SHA512
Uses constants related to AES
Suspicious The PE is possibly packed. Unusual section name found: .xdata
Unusual section name found: .symtab
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryW
  • LoadLibraryExW
  • GetProcAddress
Functions which can be used for anti-debugging purposes:
  • SwitchToThread
Info The PE is digitally signed. Signer: H\xC3\x84VG Rechenzentrum GmbH
Issuer: GlobalSign GCC R45 EV CodeSigning CA 2020
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 b941dd9295c789ca95b86dbdf0805218
SHA1 9bb33fd955898e904d3fb614cfa001a4e17b0eac
SHA256 c8bf56942391ba2f848e651d7c4933622ec533bcd5a6bf28e61c19cc070c68cd
SHA3 838717ec3b9d508bc992faa739ce35ac3a93b378100495528d4a1c04c872bb77
SSDeep 196608:rNuSnMtlSWjOQfXfENaQ3Ywk5eCoGkSNuVLga+mPo:ZuwMtDjOoXfENaQ3Ywk5eCoTLb2
Imports Hash c2d457ad8ac36fc9f18d45bffcd450c2

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0x8b
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 9
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0x1863c00
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 3.0
SizeOfCode 0x578000
SizeOfInitializedData 0xe2e00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000072D40 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.1
ImageVersion 1.0
SubsystemVersion 6.1
Win32VersionValue 0
SizeOfImage 0x1916000
SizeOfHeaders 0x600
Checksum 0x187deb5
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 448ad6e8b2fa50c20a623e8d2215fba1
SHA1 94bc218d7d47b5f7a4d14e8190540054bba24aa0
SHA256 deb72bf842add5308d1e728c969b573366206d5c46f5f3b4becf8509a11a9ac3
SHA3 a8005a14bf2e9413134bcf8d132ed14c9bbbf5f562396228c430c8403a79f411
VirtualSize 0x577f20
VirtualAddress 0x1000
SizeOfRawData 0x578000
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.19165

.rdata

MD5 d31f43f671360c65887900567407943b
SHA1 62175fa9f66e8f1b557686c2d71092e9d08f2ade
SHA256 b23dda6e4930f4b2a797d40f277b9295ebb881fa119319d005f0ef6fd1680044
SHA3 7808dbe6bbdb6870054375aa97ef3d146b36039bff42e54472553ebea928481a
VirtualSize 0x11cd748
VirtualAddress 0x579000
SizeOfRawData 0x11cd800
PointerToRawData 0x578600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.15096

.data

MD5 5924192fb13a4e08a211d169fffe773f
SHA1 add7189f7421f2ce43b67f10d9cc367f2ac61871
SHA256 5010cf0bcf93c6042802c48a1b8b9e0e42ee92378c0207247b9bc3f1450bf134
SHA3 ad187826b3f9432b915ed50ea077b61230a1ac1f36ab27205097ea37d07287fc
VirtualSize 0x17a070
VirtualAddress 0x1747000
SizeOfRawData 0xe2e00
PointerToRawData 0x1745e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.16162

.pdata

MD5 6b7c2cd22109bf468520fa462fa93c4a
SHA1 de2fbd7261f7405089559e4bcd3baf95604f0011
SHA256 7dbc9a340ca37052fe9f94f17832209a6846967a39643d7eaf45d1f999a523e5
SHA3 2458a07471fb695183dcefd0d25e5335ccf46b841c458efe39d5fb65a0e954ab
VirtualSize 0x22398
VirtualAddress 0x18c2000
SizeOfRawData 0x22400
PointerToRawData 0x1828c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.84795

.xdata

MD5 1caed360e51ba681daeb00c8a063ce86
SHA1 a4f424eb333f66648ce4ba0e629177044a3c233b
SHA256 b3f0db5944bf5190f080a02523ffc770b21a2911de668d8480ff9ae48f739f67
SHA3 cbadf115a701a1042ae861243f919f993b325ec5d038af94aefb62281f33eae5
VirtualSize 0xb4
VirtualAddress 0x18e5000
SizeOfRawData 0x200
PointerToRawData 0x184b000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.77783

.idata

MD5 e8846d7afcdf23dab8ff5f4a8284f8e5
SHA1 e0ef912a0616e5918ba861d778bf6eba3f23b898
SHA256 e4f4175b43a7156cebf9b25224b33a6e850d4fae23ce433f521aae2fc8c0a59b
SHA3 d78840abb2fb54f15e0a0f16494fed6d30c5ac6fa6768de6734e641436f01f47
VirtualSize 0x554
VirtualAddress 0x18e6000
SizeOfRawData 0x600
PointerToRawData 0x184b200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.15706

.reloc

MD5 4b8bf5ccc800bbfd57ad747726a15ba1
SHA1 81e8b5cfd16e94d3b03d26a81848f37b8f2abe10
SHA256 5c9d3c193d3f842c5369630174b53ebc930a32d94062c3d88efb8c86414b454b
SHA3 7ec5cf3d39ac45a1e31ebcb96d27383c84b98e6dd2cca58525bf8b48f61c48a3
VirtualSize 0x18392
VirtualAddress 0x18e7000
SizeOfRawData 0x18400
PointerToRawData 0x184b800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.44371

.symtab

MD5 07b5472d347d42780469fb2654b7fc54
SHA1 943ae54f4818e52409fbbaf60ffd71318d966b0d
SHA256 3e67f4a7d14b832ff2a2433e9cf0f6f5720821f67148a87c0ee2595a20c96c68
SHA3 a70a3e18515c06557b62676f2a8eb6d7d41962d8c9c7c49f4641c429cc65b977
VirtualSize 0x4
VirtualAddress 0x1900000
SizeOfRawData 0x200
PointerToRawData 0x1863c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.0203931

.rsrc

MD5 fd74ba59f96810637de67861a5b3de10
SHA1 30f26f5b25f81fe40aa4d1be9484e3a30fc79906
SHA256 7d8154e3985d93a0b3ddcf87d3f352e12f4f07dfbc336a3089ebd56feae21319
SHA3 493f75c56655e1f3624f582b028633af1043df0feebfbd1e5b42adf7eaa258c3
VirtualSize 0x14e18
VirtualAddress 0x1901000
SizeOfRawData 0x15000
PointerToRawData 0x1863e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.23405

Imports

kernel32.dll WriteFile
WriteConsoleW
WerSetFlags
WerGetFlags
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
RtlVirtualUnwind
RtlLookupFunctionEntry
ResumeThread
RaiseFailFastException
PostQueuedCompletionStatus
LoadLibraryW
LoadLibraryExW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetErrorMode
GetEnvironmentStringsW
GetCurrentThreadId
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler
AddVectoredContinueHandler

Delayed Imports

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.13025
MD5 78a73a9fe9fd6392780575cb6a698ec7
SHA1 e8b1817a741248ede530879b477ad8b66a663ed0
SHA256 fc0a57ef2b310552320092b021847af96eb4ebd1899d986a18e8f44d2b7c3f4c
SHA3 2141a29c72d47272d8a99eddddf68025b0e0477b9c31eb79ee8d0f70809fac0d

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x988
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.79959
MD5 890f75fcb208348d4720fb6b2f05db23
SHA1 f2293345d1ac7b2ed4296f3b1acb9371283093c5
SHA256 98001b9449d2eecb1d7c651afcaa69c9984ddc18c6adf69ff3740b0d0033bd46
SHA3 e281cd9af3933f9cea7440915071d94df476922326cb170eb261f95fe51dc888

4

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.43846
MD5 82d8e35b8413530e3d7089d6708d9f5e
SHA1 967d12a2e6401a9d0e5f5059b0f56314e1ad5819
SHA256 bf4ddd2c4dec491b6aab7437aee6313a9ae28a59950249f3220f8360bb8f9d63
SHA3 c01531d2a770b6411b62f1457954995f26261b0d00d8be0a8713ead66b2f85e0

5

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.97929
MD5 7014301e2850919c1da0710a3b5559e5
SHA1 11e93ae8d490675845e2f21b50a0308bed16a5c7
SHA256 9bb7c1044b15d96e3213215dc04038930cce4f46b2cf51304a3675c97a907fe1
SHA3 56c7b2fdb236e68a248343617d396a2954628923e2084e12a31a94e1f1d40ce3

6

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10828
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.83046
MD5 164ff69dd132ba1e5def1117b3cf201f
SHA1 42f7b191432152cc45e6b075757b978568955fc2
SHA256 c47d139e7efa3252e877cae19db6911afe8b85eef6574cbce6acb7334704e194
SHA3 ca538d99bd92e7c7984b1f63b9ef1de9d89a8cbd33b1e067042613428c68c4b0

1

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x4c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.88636
Detected Filetype Icon file
MD5 80833b685f1a37d1fd166890ebfb1255
SHA1 a8ffe909a931bd2743d5d915d1fc4e0faa5ed51e
SHA256 c2e9614de61c6871b24720d405c9f34e0070cb57adc62384e049d17c90a5e6a0
SHA3 ea904aa7d90bb78ee412573666cd697a1d4fe2d8a696a601a8466753d7db0f86

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->