Manalyze report for 01a5889657f92c934adea12f16d5d68fa3847ed384d9c8f50225b1c4fd5b051d

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Aug-18 13:13:52
Detected languages	English - United States
Debug artifacts	D:\Work\Workspace\Win32\build\x64-Release\HopmonClient.pdb
FileVersion	`24.07.07`
LegalCopyright	Copyright (C) 2021 - 2022
ProductVersion	`24.07.07`

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: schtask` `May have dropper capabilities: CurrentVersion\Run` `Accesses the WMI: ROOT\CIMV2` `Miscellaneous malware strings: cmd.exe` Contains domain names: adobe.com creativecommons.org http://creativecommons.org http://crl.m http://ns.adobe.com http://ns.adobe.com/exif/1.0/ http://ns.adobe.com/photoshop/1.0/ http://ns.adobe.com/tiff/1.0/ http://ns.adobe.com/xap/1.0/ http://ns.adobe.com/xap/1.0/mm/ http://ns.adobe.com/xap/1.0/sType/ResourceEvent# http://ns.adobe.com/xap/1.0/sType/ResourceRef# http://purl.org http://www.m.com http://www.m.com/pkiops/crl%20A.0 http://www.w3.org http://www.w3.org/1999/02/22-rdf-syntax-ns# http://www.w3.org/1999/xlink http://www.w3.org/2000/svg ns.adobe.com www.m.com www.w3.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress LoadLibraryExW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot SwitchToThread FindWindowW` `Code injection capabilities: VirtualAllocEx CreateRemoteThread WriteProcessMemory OpenProcess` `Code injection capabilities (PowerLoader): GetWindowLongW FindWindowW` `Can access the registry: RegQueryValueExW RegEnumKeyW RegCreateKeyExW RegSetValueExW RegOpenKeyExW RegEnumValueW RegDeleteValueW RegCloseKey` `Possibly launches other programs: CreateProcessA CreateProcessW WinExec CreateProcessAsUserW` `Uses Microsoft's cryptographic API: CryptAcquireContextW CryptReleaseContext CryptGenRandom` `Can create temporary files: CreateFileW GetTempPathW` `Uses functions commonly found in keyloggers: GetForegroundWindow MapVirtualKeyW` `Leverages the raw socket API to access the Internet: ntohs WSAStartup` `Functions related to the privilege level: OpenProcessToken CheckTokenMembership` `Interacts with services: QueryServiceStatusEx QueryServiceConfigW OpenServiceW OpenSCManagerW DeleteService CreateServiceW ControlService ChangeServiceConfigW` `Manipulates other processes: WriteProcessMemory Process32NextW Process32FirstW OpenProcess` `Can take screenshots: GetDC FindWindowW CreateCompatibleDC BitBlt`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`beb9678e3bbbfd6d5f0bddfe1a278b36`
SHA1	`ff8eadd05a0e74d121a2950a3e4a62d20e60065e`
SHA256	`01a5889657f92c934adea12f16d5d68fa3847ed384d9c8f50225b1c4fd5b051d`
SHA3	`24564226b7247fe60483aa7fedfa07f6e446f574414306184619d0cc5da6e04d`
SSDeep	`98304:2SLvdbBlQSwUPhWG8WW3cTwprK7SdUMHvqrStlBedUG:nLlbBKUJsx3+wNKVMPq+tlMUG`
Imports Hash	`a349ae8495d83befcb2036606a05b20f`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x130`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2024-Aug-18 13:13:52
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x391800`
SizeOfInitializedData	`0x400600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000352068 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x796000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`2a561b77fd59035c2c5934c4e7a454fa`
SHA1	`6606f7cb70ec32309e54cda2240abacddc821dd3`
SHA256	`9def123d44208ca2b7befedcf3e3eb14654571caef635652134cb21c2330d920`
SHA3	`ea17ee8470d01cae8cf13fead3a0883b5a74e228efe5ca796a705dcec68b9760`
VirtualSize	`0x39169c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x391800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.52985`

.rdata

MD5	`fe4d995830eb2ed3811d1ecf19bfa3e0`
SHA1	`996eeb74762de383ca8df83bfe1b454b3a229801`
SHA256	`4bd6f360fb6a86c8c6dc855401ec5f78a6ed784aa21f257a513f38316f0402f8`
SHA3	`608f365257847c8d0956a03465db5af9d35bfc5e3e1a0d377be5ad24af70f5dd`
VirtualSize	`0xdaca6`
VirtualAddress	`0x393000`
SizeOfRawData	`0xdae00`
PointerToRawData	`0x391c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.72024`

.data

MD5	`52c682c42949c4939ff4e1d1449f9ecb`
SHA1	`3f02e494b64d65fb7dfa7cd5007e7099c14293e9`
SHA256	`e99e2842c3e959ac6fac6d37402e50dc8a30b09c3ca6c69e3395a0ace77c2a28`
SHA3	`3c2b288459fa9bd9a18446a48ccf9cf7d2c0a3742adff4061a61b2c4b756bdca`
VirtualSize	`0x2e7864`
VirtualAddress	`0x46e000`
SizeOfRawData	`0x10da00`
PointerToRawData	`0x46ca00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.86685`

.pdata

MD5	`5b2d973cb1e9939062ed93b6e99cc005`
SHA1	`7d75dbba2d16036357501d0c420386ea9ffb6227`
SHA256	`bc4f6a99d41cae16cfcaec3911aab3f11dd3a4dc597636389861c1509a75e460`
SHA3	`335019d14b9c5c10d028938c22c63223456def704b0c614f720763f00a9a6dc8`
VirtualSize	`0x1f128`
VirtualAddress	`0x756000`
SizeOfRawData	`0x1f200`
PointerToRawData	`0x57a400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.35199`

.rsrc

MD5	`b1ea4993ae3635d9894284651b5dc8ea`
SHA1	`48636a0959cad4959d17eb4bd83543200b238005`
SHA256	`f38107c365329ca7a8f1f9f3e9401ad4a4fb316f253e3eb905259406cc57e086`
SHA3	`11f472dcc1fc83383a47c3ccadb033c5ea2b36945373010b75089f20000e385f`
VirtualSize	`0x170b0`
VirtualAddress	`0x776000`
SizeOfRawData	`0x17200`
PointerToRawData	`0x599600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.71945`

.reloc

MD5	`64095fec7b4f981382c29b1f386461e4`
SHA1	`ca0bd74eefbdc68b5f2feb14f7ebc33cce823fe5`
SHA256	`7b054f08db0fe5e1c92eb962741395b7f202ac03a47288dd5225452855c26ea6`
SHA3	`dbc881d8f02ae00a0dedfdb539ddf456303aed80c641c73920e8ba87f18f7b0a`
VirtualSize	`0x7994`
VirtualAddress	`0x78e000`
SizeOfRawData	`0x7a00`
PointerToRawData	`0x5b0800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.46299`

Imports

KERNEL32.dll	`ConnectNamedPipe` `CreateNamedPipeW` `WaitNamedPipeW` `GetConsoleWindow` `CreateMutexW` `OpenMutexW` `SetEvent` `ResetEvent` `WaitForSingleObjectEx` `CreateEventW` `WaitForMultipleObjects` `GlobalSize` `GlobalLock` `GlobalUnlock` `GetSystemTimeAsFileTime` `SystemTimeToTzSpecificLocalTime` `GetTimeZoneInformation` `SystemTimeToFileTime` `FileTimeToSystemTime` `LoadLibraryW` `FreeLibrary` `GetProcAddress` `GlobalAlloc` `TzSpecificLocalTimeToSystemTime` `GetStdHandle` `OutputDebugStringW` `LocalAlloc` `CreateThread` `SetThreadPriority` `GetExitCodeThread` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `GetOverlappedResult` `CreateIoCompletionPort` `GetQueuedCompletionStatus` `PostQueuedCompletionStatus` `CancelIo` `MultiByteToWideChar` `WideCharToMultiByte` `ExitProcess` `VirtualAllocEx` `VirtualFreeEx` `CreateRemoteThread` `WriteProcessMemory` `WriteConsoleW` `GetProcessHeap` `SetEnvironmentVariableA` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCommandLineA` `GetCPInfo` `GetOEMCP` `IsValidCodePage` `FindNextFileA` `FindFirstFileExA` `SetStdHandle` `GetStringTypeW` `LCMapStringW` `CompareStringW` `HeapReAlloc` `HeapAlloc` `GetFileAttributesExW` `CreateProcessA` `HeapFree` `GetConsoleCP` `ReadConsoleW` `GetACP` `GetModuleFileNameA` `GetFileType` `SetConsoleMode` `ReadConsoleInputA` `PeekConsoleInputA` `GetNumberOfConsoleInputEvents` `GetConsoleMode` `GetModuleHandleExW` `SetConsoleCtrlHandler` `LoadLibraryExW` `EncodePointer` `RaiseException` `RtlPcToFileHeader` `RtlUnwindEx` `InitializeSListHead` `GetStartupInfoW` `IsDebuggerPresent` `InitializeCriticalSectionAndSpinCount` `IsProcessorFeaturePresent` `UnhandledExceptionFilter` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `FindFirstFileW` `DeleteFileW` `SetFileAttributesW` `RemoveDirectoryW` `CreateDirectoryW` `SetFileTime` `GetFileTime` `FindClose` `SetFilePointerEx` `FlushFileBuffers` `ReadFile` `WriteFile` `GetFileSizeEx` `Thread32Next` `Thread32First` `Process32NextW` `Process32FirstW` `CreateToolhelp32Snapshot` `CreateProcessW` `CreatePipe` `SetHandleInformation` `WaitForSingleObject` `GetExitCodeProcess` `TerminateProcess` `GetCurrentProcessId` `OpenProcess` `GetUserDefaultLCID` `GetLocaleInfoA` `LocalFree` `CreateFileW` `CloseHandle` `DeviceIoControl` `GetProcessAffinityMask` `GlobalMemoryStatusEx` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `GetFileAttributesW` `EnumResourceNamesW` `GetCommandLineW` `GetCurrentThreadId` `QueryPerformanceFrequency` `QueryPerformanceCounter` `FindNextFileW` `GetSystemWow64DirectoryW` `GetTempPathW` `GetSystemDirectoryW` `GetModuleHandleW` `GetModuleFileNameW` `GetTickCount` `WinExec` `Sleep` `SetLastError` `GetLastError` `SwitchToThread` `SetUnhandledExceptionFilter` `GetCurrentProcess` `HeapSize`
USER32.dll	`TrackPopupMenuEx` `RemoveMenu` `DestroyMenu` `CreatePopupMenu` `CreateMenu` `DestroyCursor` `SetCursor` `SetMenuInfo` `SetParent` `GetSysColor` `ScreenToClient` `ClientToScreen` `GetWindowRect` `GetClientRect` `RedrawWindow` `InvalidateRect` `InsertMenuItemW` `SetMenuItemInfoW` `OpenClipboard` `CloseClipboard` `SetClipboardData` `EmptyClipboard` `OpenInputDesktop` `SetThreadDesktop` `PtInRect` `SetWindowLongPtrW` `LoadIconA` `MonitorFromWindow` `CreateIconIndirect` `EnumWindows` `FindWindowExW` `PostMessageW` `GetWindowThreadProcessId` `RegisterWindowMessageW` `CloseDesktop` `TranslateMessage` `DispatchMessageW` `GetMessageExtraInfo` `SendMessageW` `SendMessageTimeoutW` `GetParent` `EnumChildWindows` `GetClassNameW` `GetThreadDesktop` `DefWindowProcW` `PostQuitMessage` `RegisterClassW` `RegisterClassExW` `EndPaint` `BeginPaint` `IsWindowEnabled` `EnableWindow` `CreateWindowExW` `IsWindow` `DestroyWindow` `SetLayeredWindowAttributes` `SetWindowPos` `IsIconic` `SetFocus` `ReleaseCapture` `GetSystemMetrics` `GetForegroundWindow` `GetDC` `ReleaseDC` `SetWindowTextW` `GetWindowLongW` `SetWindowLongW` `FindWindowW` `GetWindow` `LoadCursorW` `LoadIconW` `DestroyIcon` `SetScrollInfo` `GetScrollInfo` `SystemParametersInfoW` `GetMonitorInfoW` `EnumDisplayMonitors` `GetAncestor` `SetDlgItemTextW` `GetActiveWindow` `MessageBoxW` `PostThreadMessageW` `GetMessageTime` `GetUserObjectInformationW` `IsZoomed` `GetMenu` `SetMenu` `SetWindowRgn` `GetMessageW` `AdjustWindowRectEx` `SetCapture` `GetCapture` `GetFocus` `BringWindowToTop` `ShowWindowAsync` `UpdateLayeredWindow` `GetMessagePos` `GetKeyState` `SetForegroundWindow` `GetDesktopWindow` `GetCursorPos` `EnumDisplaySettingsW` `MapVirtualKeyW` `TrackMouseEvent`
GDI32.dll	`DeleteDC` `DeleteObject` `GetDeviceCaps` `SelectObject` `CreateDCW` `SetStretchBltMode` `SetBrushOrgEx` `CreateDIBSection` `CreateSolidBrush` `SetBkColor` `SetBkMode` `SetTextColor` `CreateCompatibleDC` `CreateCompatibleBitmap` `BitBlt` `CreateRoundRectRgn` `CreateBitmap` `CreateFontW` `EnumFontFamiliesExW` `StretchBlt` `CreateEllipticRgn`
COMDLG32.dll	`GetOpenFileNameW` `GetSaveFileNameW`
ADVAPI32.dll	`InitializeSecurityDescriptor` `StartServiceCtrlDispatcherW` `SetServiceStatus` `RegisterServiceCtrlHandlerW` `RegQueryValueExW` `RegEnumKeyW` `RegCreateKeyExW` `RegSetValueExW` `RegOpenKeyExW` `RegEnumValueW` `RegDeleteValueW` `RegCloseKey` `StartServiceW` `QueryServiceStatusEx` `QueryServiceConfigW` `OpenServiceW` `OpenSCManagerW` `DeleteService` `CreateServiceW` `ControlService` `CloseServiceHandle` `ChangeServiceConfig2W` `ChangeServiceConfigW` `SetSecurityDescriptorDacl` `ImpersonateNamedPipeClient` `GetUserNameW` `CryptAcquireContextW` `CryptReleaseContext` `CryptGenRandom` `OpenProcessToken` `AllocateAndInitializeSid` `FreeSid` `CreateProcessAsUserW` `CheckTokenMembership`
SHELL32.dll	`SHOpenFolderAndSelectItems` `#190` `#155` `ShellExecuteExW` `DragQueryFileW` `Shell_NotifyIconW` `SHBrowseForFolderW` `SHGetPathFromIDListW` `SHGetMalloc` `SHGetFolderPathW`
ole32.dll	`CoUninitialize` `OleDuplicateData` `CoSetProxyBlanket` `CoInitializeSecurity` `StringFromGUID2` `ReleaseStgMedium` `CoCreateInstance` `RevokeDragDrop` `RegisterDragDrop` `CoInitializeEx` `OleInitialize` `DoDragDrop`
OLEAUT32.dll	`VariantClear` `SysAllocString` `VarBstrFromDec` `SysFreeString`
VERSION.dll	`GetFileVersionInfoW` `GetFileVersionInfoSizeW` `VerQueryValueW`
COMCTL32.dll	`#413` `InitCommonControlsEx` `#410`
WS2_32.dll	`ntohs` `WSAStartup`
DSOUND.dll	`#8` `#12`
IMM32.dll	`ImmAssociateContext`
gdiplus.dll	`GdipSetTextRenderingHint` `GdipSetInterpolationMode` `GdipSetWorldTransform` `GdipTranslateWorldTransform` `GdipGetWorldTransform` `GdipDrawLine` `GdipDrawLines` `GdipDrawArc` `GdipDrawRectangle` `GdipDrawEllipse` `GdipDrawPie` `GdipDrawPolygon` `GdipDrawPath` `GdipFillRectangle` `GdipFillPolygon` `GdipFillEllipse` `GdipFillPie` `GdipFillPath` `GdipDrawImageRectRect` `GdipSetClipRect` `GdipSetClipPath` `GdipGetClipBounds` `GdipSaveGraphics` `GdipRestoreGraphics` `GdipDeleteFontFamily` `GdipGetFamily` `GdipGetFontStyle` `GdipGetFontSize` `GdipDrawString` `GdipStringFormatGetGenericTypographic` `GdipCreateFontFamilyFromName` `GdipGetGenericFontFamilySansSerif` `GdipGetEmHeight` `GdipGetCellAscent` `GdipGetCellDescent` `GdipCreateBitmapFromScan0` `GdipSetSmoothingMode` `GdipDeleteFont` `GdipMeasureString` `GdipAddPathEllipse` `GdipCreateTexture` `GdipCreateLineBrush` `GdipSetLinePresetBlend` `GdipSetLineWrapMode` `GdipCreatePathGradientFromPath` `GdipSetPathGradientCenterColor` `GdipSetPathGradientSurroundColorsWithCount` `GdipSetPathGradientCenterPoint` `GdipGetPathGradientPointCount` `GdipSetPathGradientPresetBlend` `GdipSetPenMiterLimit` `GdipSetPenDashStyle` `GdipSetPathFillMode` `GdipStartPathFigure` `GdipClosePathFigure` `GdipAddPathLine` `GdipAddPathBezier` `GdipGetImageWidth` `GdipGetImageGraphicsContext` `GdipDisposeImage` `GdipCloneImage` `GdipGraphicsClear` `GdipDeleteGraphics` `GdipCreateFromHDC` `GdipFree` `GdipAlloc` `GdipGetSmoothingMode` `GdipSetImageAttributesColorMatrix` `GdipDisposeImageAttributes` `GdipCreateImageAttributes` `GdipGetPenFillType` `GdipGetPenColor` `GdipSetPenColor` `GdipSetPenLineJoin` `GdipSetPenLineCap197819` `GdipDeletePen` `GdipClonePen` `GdipCreatePen1` `GdipGetSolidFillColor` `GdipSetSolidFillColor` `GdipCreateSolidFill` `GdipGetBrushType` `GdipDeleteBrush` `GdipCloneBrush` `GdipGetMatrixElements` `GdipDeleteMatrix` `GdipCreateMatrix2` `GdipCreateMatrix` `GdipWidenPath` `GdipAddPathString` `GdipDeletePath` `GdipGetImageHeight` `GdipCreatePath` `GdiplusStartup` `GdipBitmapUnlockBits` `GdipBitmapLockBits` `GdipCreateFont` `GdipCreateBitmapFromHBITMAP` `GdipGetLineSpacing` `GdipClonePath`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.02703`
MD5	`c6a75b6bdd6de401e64f725237466fbf`
SHA1	`4e4f347db5138cbfde4841f7797596ff87c49944`
SHA256	`612c83d20239b46a4659d37ef58bc2c0019702434c810a2a2abf7cfe8f39dfc3`
SHA3	`d866c57144b01ad0a7243395c76df0c4544d3b04f4760830a55d1b2d1ce44473`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.62767`
MD5	`7700b3953ff02b0872ab419794343cd9`
SHA1	`510623d4c989b9ef8574355af2cdd044f82c6843`
SHA256	`167ebe572eea4739d09c3298e189cd87ee01a25d7b2b5b8dcf6b0207028ffe44`
SHA3	`932e69542c69e38fd9933afda9ea793ee8f3056cbdccccddb54573bcfab30e8a`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.28365`
MD5	`69a3b034b6899353dcf04bea079dd06f`
SHA1	`4acce9f999d8812c33daf935bcb4bf84641c1506`
SHA256	`a37ac33d5211acf0a3c438c543f24151b79a71c5dba2c7941889a273a8ed4302`
SHA3	`5deba9cb83afe6d0cd43660895ff37e796677d4a2f640012c06a09afa7a21783`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.77172`
MD5	`ef5d9d1449794c2fa6f7164c1b14e547`
SHA1	`255879d4c4cb86edcd72a0a0a7475749c82321f2`
SHA256	`515119c93029e80facbe3ac69e02444948c226f93cd1f2b32cfff76a8ad72626`
SHA3	`ea2b1fb2b8d7c62cfdc0e23e953fdc4e4da37a79d6eb894420a54fd6a506ce5f`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.45652`
MD5	`e730ad2da053d4f13e9220f98d0d94eb`
SHA1	`71c1ca52e885831130dbb11e13cef95bc8ff3bd5`
SHA256	`47e1d03decf9a4f1063d7015bad436e5ca5cff7307c6e5795d414f130d39d2fb`
SHA3	`dbb65c3a115fc9e6b4ff93632f46f5ed722fc2fc53af060a23f2272073d4ec15`

APP

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82914`
Detected Filetype	Icon file
MD5	`c8a73754f0079b8da1390c3fbd0d65b7`
SHA1	`59496d008eca8543fc3a3d540f943d8e92fa5448`
SHA256	`2cbe70c2a9368861cb50ad02ee7f3ce1b65e27a21d944cf6a17c08cc059179fd`
SHA3	`74b85bc4665a41cff173f7b3988ce7c5361c74eee5f0d53ed3bf4964b4e9de50`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x250`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.30952`
MD5	`daa8bba7da1b7c22c9183673579543ab`
SHA1	`0e876d017354eb436a430ebf65827765bafef227`
SHA256	`eae79592ae339c60cd767964a2ce03212dc67fefdd8d55270a1ad4ba5994a395`
SHA3	`d0bbf8eb717ad898ecf8e3a63ce90c4880635d55badad0ad3502c04cdc5049e4`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x321`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.13034`
MD5	`cd3ff49c95471d842fdda39809432961`
SHA1	`c385011902782b706aad60d708e1a398edeb65b3`
SHA256	`1bfd4b64c157d1ef6712c1778400f941b46da2d87ffff6124154da8d0c61199c`
SHA3	`7bc024097d1d18329bec477fd70a9af2169497eb1ad0980ac1899f9f88281a9f`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	24.7.7.0
ProductVersion	24.7.7.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
FileVersion (#2)	24.07.07
LegalCopyright	Copyright (C) 2021 - 2022
ProductVersion (#2)	24.07.07

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2024-Aug-18 13:13:52
Version	`0.0`
SizeofData	`83`
AddressOfRawData	`0x42203c`
PointerToRawData	`0x420c3c`
Referenced File	D:\Work\Workspace\Win32\build\x64-Release\HopmonClient.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2024-Aug-18 13:13:52
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x422090`
PointerToRawData	`0x420c90`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2024-Aug-18 13:13:52
Version	`0.0`
SizeofData	`908`
AddressOfRawData	`0x4220a4`
PointerToRawData	`0x420ca4`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2024-Aug-18 13:13:52
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x140422450`
EndAddressOfRawData	`0x140422458`
AddressOfIndex	`0x14057ff10`
AddressOfCallbacks	`0x140394540`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x100`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140511830`

RICH Header

XOR Key	`0x30d8ef20`
Unmarked objects	`0`
241 (40116)	`33`
243 (40116)	`168`
242 (40116)	`59`
199 (41118)	`5`
ASM objects (VS2017 v15.6.6 compiler 26131)	`11`
C objects (VS2017 v15.6.6 compiler 26131)	`21`
C++ objects (VS2017 v15.6.6 compiler 26131)	`48`
C objects (VS2008 SP1 build 30729)	`2`
Imports (VS2008 SP1 build 30729)	`31`
Total imports	`566`
C++ objects (VS2017 v15.7.5 compiler 26433)	`245`
C objects (VS2017 v15.7.5 compiler 26433)	`136`
C++ objects (LTCG) (VS2017 v15.7.5 compiler 26433)	`38`
Resource objects (VS2017 v15.7.5 compiler 26433)	`1`
151	`1`
Linker (VS2017 v15.7.5 compiler 26433)	`1`

Errors

Leave a comment

No comments yet.