beba2c9c1ec15438f301559ce9d9ce9c

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2010-Oct-30 20:54:54
Detected languages English - United States
Comments This installation was built with Inno Setup.
CompanyName
FileDescription K-Lite Codec Pack Setup
FileVersion 6.9.0.0
LegalCopyright
ProductName K-Lite Codec Pack
ProductVersion 6.9.0

Plugin Output

Suspicious The PE is possibly packed. Unusual section name found: .itext
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryExW
  • GetProcAddress
  • LoadLibraryW
Can access the registry:
  • RegQueryValueExW
  • RegOpenKeyExW
  • RegCloseKey
Possibly launches other programs:
  • CreateProcessW
Memory manipulation functions often used by packers:
  • VirtualAlloc
  • VirtualProtect
Functions related to the privilege level:
  • OpenProcessToken
  • AdjustTokenPrivileges
Can shut the system down or lock the screen:
  • ExitWindowsEx
Suspicious The file contains overlay data. 14553669 bytes of data starting at offset 0x44200.
The overlay data has an entropy of 7.99999 and is possibly compressed or encrypted.
Overlay data amounts for 98.1188% of the executable.
Suspicious VirusTotal score: 1/71 (Scanned on 2024-02-14 01:27:31) Cynet: Malicious (score: 100)

Hashes

MD5 beba2c9c1ec15438f301559ce9d9ce9c
SHA1 640e6d90ae3249af0c892e56d3b01e53d5a18f1d
SHA256 bd2735016aad193d058e63eeca06fe76eebea50a940e2f6eb6581294f3fce29d
SHA3 1f94af73affa381551f4d9dc4a138ed08a7fcf70060c60818891abcf4eccff2b
SSDeep 393216:yKKAl3KJnU6SfsZseQmx2i9jMsski5DMJaD/ajHrRRv:EA5KJUFxeki9T2NMJM/MHdRv
Imports Hash 9d8fb47598991ad8c0094898c32a6c3b

DOS Header

e_magic MZ
e_cblp 0x50
e_cp 0x2
e_crlc 0
e_cparhdr 0x4
e_minalloc 0xf
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0x1a
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 9
TimeDateStamp 2010-Oct-30 20:54:54
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0x15000
SizeOfInitializedData 0x2ee00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00016478 (Section: .itext)
BaseOfCode 0x1000
BaseOfData 0x17000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.0
ImageVersion 6.0
SubsystemVersion 5.0
Win32VersionValue 0
SizeOfImage 0x50000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x4000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 824e3957006b0613ed9c53ada45c1db3
SHA1 386995a1ffa7ac746880a639064ca65486965ae2
SHA256 233ed9874ee865b72f99fabb9cffc4f46b2f949bb8fa951cf91f3a491b587521
SHA3 557c54d2332094733a94dbbd801e0e232519953308bfdd35d656b4a607fb836f
VirtualSize 0x143f0
VirtualAddress 0x1000
SizeOfRawData 0x14400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.4822

.itext

MD5 a1e7b318e1115c7a9aaa4dee97b67e4b
SHA1 71b916fe4c740acdba23cbbfc4456c9cdab74312
SHA256 97a3a8adae8642f53c8350667e969cca741344601cdc82b0441a08bc771ef8c3
SHA3 6f60f4d9746915f0ea1399d40e7b056f473955d1da9af43951cc0c97140ef78c
VirtualSize 0xbe8
VirtualAddress 0x16000
SizeOfRawData 0xc00
PointerToRawData 0x14800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.00929

.data

MD5 00abeb3340a427c843c21fd934d5ae67
SHA1 a399a7790162b450faa9d1ffca52cea47da54359
SHA256 263b7dec6b3ecd70775532d7cd4f9bac738ba63f6d159c55501b88a9eca649ba
SHA3 43b96feac7c4a7ec34722484939280dd49c979f115a98e4507b637d6a90229b1
VirtualSize 0xd9c
VirtualAddress 0x17000
SizeOfRawData 0xe00
PointerToRawData 0x15400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.67593

.bss

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x5710
VirtualAddress 0x18000
SizeOfRawData 0
PointerToRawData 0x16200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata

MD5 b47eaca4c149ee829de76a342b5560d5
SHA1 56a0ec8ac42ef35b0ee132508701868d83befc42
SHA256 1ea5a02fe0fde79fdd2d25e4a9b685d18118b74dcc53bbba9d54df63a6fd53c0
SHA3 a6c4a3115f9b16fd917a83f2157a158c28362886cd7414b31f05d345ab308a17
VirtualSize 0xf9e
VirtualAddress 0x1e000
SizeOfRawData 0x1000
PointerToRawData 0x16200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.96778

.tls

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x8
VirtualAddress 0x1f000
SizeOfRawData 0
PointerToRawData 0x17200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata

MD5 3746f5876803f8f30db5bb2deb8772ae
SHA1 65e8dad930c8c32d40ca9aff4890630f20d87074
SHA256 9c8a4b346c5df43a9f90f5d15227c2dea3e7dfabfbe8402bcba85c3b2e9c84ae
SHA3 956c3695e53f796282349fc0b391c557d3f9bef6abb0d58045dacccc70b3a4cf
VirtualSize 0x18
VirtualAddress 0x20000
SizeOfRawData 0x200
PointerToRawData 0x17200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.190489

.reloc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x1940
VirtualAddress 0x21000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc

MD5 e09e4f489a1514287beeb13ae83a49cd
SHA1 3e489eaf2072c6cf793e3bbff56b96901d684b99
SHA256 1c0d745d986565cae2293c103ba3eb0c5ff682c7020d72d0a4d2945e32bbfbcb
SHA3 e0bc277106974d726d53884a15db2864f539248ffbf9dd01019a0f3557d0d290
VirtualSize 0x2ccfc
VirtualAddress 0x23000
SizeOfRawData 0x2ce00
PointerToRawData 0x17400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.68787

Imports

oleaut32.dll SysFreeString
SysReAllocStringLen
SysAllocStringLen
advapi32.dll RegQueryValueExW
RegOpenKeyExW
RegCloseKey
user32.dll GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
kernel32.dll GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
kernel32.dll (#2) GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
user32.dll (#2) GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
kernel32.dll (#3) GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
advapi32.dll (#2) RegQueryValueExW
RegOpenKeyExW
RegCloseKey
comctl32.dll InitCommonControls
kernel32.dll (#4) GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
advapi32.dll (#3) RegQueryValueExW
RegOpenKeyExW
RegCloseKey
oleaut32.dll (#2) SysFreeString
SysReAllocStringLen
SysAllocStringLen

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.52552
MD5 d5e35ccbf6855b025014d61910ede77e
SHA1 abb3e85e14704472c442c36d726ad565765f192c
SHA256 c3c2ded4f0e26a8ac363a9ef5c5f6524a7ad5cec6ae7f93e0082c23c836935af
SHA3 d6731cb8860a363e89da6e401b1ae8c5ce79a42dbd3da0beb7bab5c54098c76c

2

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.3013
MD5 43f5979dfe581278684f236c686a437d
SHA1 0d546d1059ad98cc18376673fe3be00faed6d3ae
SHA256 764b0f4b9e48ff68d6a95b98d86bbca07633d97ab35561f51b32e81f2acc8044
SHA3 d1e8a7b5efc25cf350c15f2d7e3cfd6b92c2d7345899ec8b21dce0e96578390b

3

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x8a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.0026
MD5 790ad45822214864a8b0075e9c023580
SHA1 0e9c15800d90be0bd0ca7777e997e47bd9720dee
SHA256 32ca9d9fd4d8a7c619e6c93f7b3c3e5e0f8c83cadcc44c6b76bbd5142f857e53
SHA3 4e52cfe32c6c8387b8a18746c13406af0299cbe686d09e4f77174a9a0947f38d

4

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x568
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.48375
MD5 91102139fdea8d44eacdbd6b76d5ba7b
SHA1 a666a710f9719476e7dba095cd7fa5b82fcdfe40
SHA256 c58e438dc3fa72f81daa26492ee5ff231cc83a0208e5ded3db7d37743a576235
SHA3 f2a482ef064a73ba49ab213aeb77aca7e6eb55fc8baaf025a1a331963b6f3718

5

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x10828
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.15677
MD5 881f2c31b35983594e83476c91161cf2
SHA1 7e306c051709f74e9a091d3dae331f440943df09
SHA256 ec109ffb2be6db3b879ac2e5a3a5bc3cf6cc07e0dfcda97dcd8cb7f2aeaed849
SHA3 1643795fc15659cd4195969a7c6ec52895d145c827d45e2f22bae9f1701818d3

6

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x94a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.68297
MD5 26dded786e6678f38c5fb930714dcc9a
SHA1 0102a960ba2afb563119ed33f1c862c02856b4ea
SHA256 1498eea1d96e030a1e49df76580acb2675b0901700e8e09b73eb18e1b44659ce
SHA3 3967b470260f02a63570b1463c5fd391389630c9cda299d89bd2f3c8062f72ae

7

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.5021
MD5 313824468e5526a045dae71989647b62
SHA1 23bd77af3b8e715b68a56ee3f50dfc8620dc9950
SHA256 5a0e3a5b4a221387c7e9397ebce852f9fd008c21c3f40922d742073ae309358b
SHA3 58c27d62a42700dbd122db1278269cf0202e9284e91466eb72c56b09f077d564

8

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.17401
MD5 7f4fb160f09bdf6a7ac8ac0ad65a5e83
SHA1 43e0300a9bf576b6ecae58879a4a2b26da54155b
SHA256 751619035e2713fc2129bddadb72f5359f87b13b8b7f63341e7cec7d2dd96381
SHA3 8c6ef0322a1a455e1403935dc411e0be10c5726bc8541ce28452a82442104edf

9

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.15266
MD5 b635e295c6eb8b7cfa9b4c5f6bd5c4f1
SHA1 dececc5b32934bd0e30b0d033395267995b1890c
SHA256 c8e08eb8dc342ac81b7e486237f87b95a402586e8193bc1b2c8e310939c158aa
SHA3 076814c9cdd907094af9df594085d15ba35e43c2114fc2e7600366c8a3ebcf12

10

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.62407
MD5 26d6987f342a232827c62d2b12f67294
SHA1 96ab942f2d080d870b5c96f9caf222d6c3a8fa71
SHA256 26d2bfa219de2381f73cd3edfeb47de80a352efbb220486032eca847c2b33515
SHA3 ebd95216e8028d3cbf7827c0d1f944f9c2d1176431dda153ef1f59cde3cf2aa3

4091

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0xc4
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.13038
MD5 d2772bcc007d8465cf41352da64ed008
SHA1 3cb80c1ec7e649f89f425b6d7fdd11dd5333e052
SHA256 57fbdcb9b1d61d1269f5e9bc3e4f325029bd89778123d7703251761eebe26dea
SHA3 28c495a2cc8d92c07ea21db55f8e6ea142d60465f042d175b590db37884f5eb4

4092

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0xcc
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.36196
MD5 1bb1699f3e79a261a1cb71a60a1ace7c
SHA1 268f9a2602e1187b881d96db521e82c8d051d656
SHA256 a073bc06540956a93a3ef6eaa7d558de6f92de721edd29d6a93551a0fab23c08
SHA3 a0d833ced8297a2d82be5b80dd79fa9f61b84033377016f4c588ff2cfc168cf9

4093

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x174
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.34841
MD5 b6bedb71d6a6fa5215e4afdd1e983bdc
SHA1 7541a76c3ab32506ab00c3ab56076bf01532b267
SHA256 203e2c213958348f4911dd2e3188ea694f7d1d97f9ea9a82f89f5ee7af8c9607
SHA3 3ad5273f1d88b58db23b17b0ecd52f1280b9c279f64aad4404f5487b5d8f264e

4094

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x39c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.29351
MD5 0b1533b447231c6319c4a10d84508e60
SHA1 f5477d91942bfe92a5dc3c46897a66fb663a124f
SHA256 6fa3bbc46b4cc3a979f4ebfc293c50453912eb51ef76d2ea3c7d3d86d7223e86
SHA3 aed1581927a66228d158a903e015bdfa9a12e44865ff24c991ba8e2c1a9de8c1

4095

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x34c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.34579
MD5 2596d19a6b88cbba9c9c9cb003affbc6
SHA1 37091a716fd1eed000e0c3bb195fbd589a750608
SHA256 7f63f3f944a0b62f8f3b35a60141081599f7f175605ced7e1b4dcb80fda58c8a
SHA3 0b2581dd0c1b08d882b1f4c4014652d2e7d046d95aa3df236690e9d22572b27c

4096

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x294
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.28057
MD5 1f9009e4d5b61392e05aa8ac6eceb6aa
SHA1 4af6f3144fff0951da37370a3d200e8d74fc4862
SHA256 cb21f2b28bfc6b8046348c7a96bf97149dc5f91e1cc1a4f2904a1044a008425a
SHA3 c1aebde06ed543947facd67a9541283cbec74e559e267c1b84c168a2bf839812

CHARTABLE

Type RT_RCDATA
Language English - United States
Codepage Latin 1 / Western European
Size 0x82e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.5072
MD5 6e9c1c8c0a0ec8d73165779560cd7ba4
SHA1 d044c45e2ffd24e1abef00079577df385e325ab4
SHA256 677245e2a6b2eb5495b4965b8c26025a4b26e8b8c21a825f658cb390b493b9a0
SHA3 3ec7819e8561ecad66b1ef2652d4f3b275030f7cf402f276daa38f28d288e4e7

DVCLAL

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x10
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4
MD5 d8090aba7197fbf9c7e2631c750965a8
SHA1 04f73efb0801b18f6984b14cd057fb56519cd31b
SHA256 88d14cc6638af8a0836f6d868dfab60df92907a2d7becaefbbd7e007acb75610
SHA3 a5a67ad8166061d38fc75cfb2c227911de631166c6531a6664cd49cfb207e8bb

PACKAGEINFO

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x1a0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.28128
MD5 da4546577bb32bf676de0cd06a35b8cb
SHA1 c8b2b1ea4bda3d17e14312ad3d46be51ac8d39c9
SHA256 84023e9e18099e4f84a87098d5b25ddd578c6ae394ac2ba1b048ca4b2fa14872
SHA3 e542135c833ba9a3e5dc11ef147b37d4e9b8e74e78d2a7a72addb374f3051f10

11111

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x2c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.61354
MD5 3cd5f5bdcef667060c7d26d59c1dee39
SHA1 85dbf7e62fff761d6cdefc5cd1a769bd484eb726
SHA256 244ccd8dc628ac368078ff324a4fa01310eab464eeb7aebd0ea91e8e0d4f3a24
SHA3 fc38e856cd462c7f6adb081cb62826015daea79a1a35e0b863be42b908befc3c

MAINICON

Type RT_GROUP_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x92
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.01278
Detected Filetype Icon file
MD5 4a3e941f802abd2763195f7c6210dde8
SHA1 3e9b4cbfe9c6c827767ddf0c96fdc92af5080f1c
SHA256 3f44c0a0d631cd480ceec87922969a384a71b65c47ebc22230db41a9806c2c4c
SHA3 3389c7111a2c316f10a7269c10844411f58eeab3b856033641180df48c78d778

1 (#2)

Type RT_VERSION
Language English - United States
Codepage Latin 1 / Western European
Size 0x4b8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.68653
MD5 95894fe7cac004a9373d80d9a4bfbe8f
SHA1 fbdb7595a810f73bb7c6f5abd42c833d00a3b5aa
SHA256 c6510f62094a4e67d44ce7e359269a91999f09e4556a361f32ec284539660b24
SHA3 276ba468013abe35c2705c5b878fc769ee42b0ffb11d1f8b576b152de201d67d

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x560
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.05007
MD5 8d7accca43bc3864983dbbb9af490005
SHA1 07ae72350bcbfedb5015a78efd74fcfd3bab11ac
SHA256 ec233469005d39f4f2673be991a0415318631a59c5976c35d4dd22db45226fd0
SHA3 d340127cbdd815e5c2dd4b44e8755c28512ad5e969b757cfcec6612b00e9d186

String Table contents

Thu
Fri
Sat
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Invalid file name - %s
January
February
March
April
May
June
July
August
September
October
November
December
Sun
Mon
Tue
Wed
Monitor support function not initialized
%s (%s, line %d)
Abstract Error
Access violation at address %p in module '%s'. %s of address %p
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
Variant or safe array is locked
Invalid variant type conversion
Invalid variant operation
Invalid variant operation (%s%.8x)
%s
Could not convert variant of type (%s) into type (%s)
Overflow while converting variant of type (%s) into type (%s)
Variant overflow
Invalid argument
Invalid variant type
Operation not supported
Unexpected variant error
External exception %x
Assertion failed
Interface not supported
Exception in safecall method
Object lock not owned
Invalid class typecast
Access violation at address %p. %s of address %p
Access violation
Stack overflow
Control-C hit
Privileged instruction
Operation aborted
Exception %s in module %s at %p.
%s%s
Application Error
Format '%s' invalid or incompatible with argument
No argument for format '%s'
Variant method calls not supported
Read
Write
Error creating variant or safe array
Variant or safe array index out of bounds
Out of memory
I/O error %d
File not found
Too many open files
File access denied
Read beyond end of file
Disk full
Invalid numeric input
Division by zero
Range check error
Integer overflow
Invalid floating point operation
Floating point division by zero
Floating point overflow
Floating point underflow
Invalid pointer operation

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 6.9.0.0
ProductVersion 6.9.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments This installation was built with Inno Setup.
CompanyName
FileDescription K-Lite Codec Pack Setup
FileVersion (#2) 6.9.0.0
LegalCopyright
ProductName K-Lite Codec Pack
ProductVersion (#2) 6.9.0
Resource LangID English - United States

TLS Callbacks

StartAddressOfRawData 0x41f000
EndAddressOfRawData 0x41f008
AddressOfIndex 0x4177b4
AddressOfCallbacks 0x420010
SizeOfZeroFill 0
Characteristics IMAGE_SCN_TYPE_REG
Callbacks (EMPTY)

Load Configuration

RICH Header

Errors

[*] Warning: directory 5 has a size of 0! This PE may have been manually crafted! [!] Error: Could not reach the requested directory (offset=0x0). [*] Warning: Section .bss has a size of 0! [*] Warning: Section .tls has a size of 0! [*] Warning: Section .reloc has a size of 0!
<-- -->