Architecture |
IMAGE_FILE_MACHINE_I386
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date |
2010-Oct-30 20:54:54
|
Detected languages |
English - United States
|
Comments |
This installation was built with Inno Setup.
|
CompanyName |
|
FileDescription |
K-Lite Codec Pack Setup
|
FileVersion |
6.9.0.0
|
LegalCopyright |
|
ProductName |
K-Lite Codec Pack
|
ProductVersion |
6.9.0
|
Suspicious |
The PE is possibly packed. |
Unusual section name found: .itext
|
Malicious |
The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
- LoadLibraryExW
- GetProcAddress
- LoadLibraryW
Can access the registry:
- RegQueryValueExW
- RegOpenKeyExW
- RegCloseKey
Possibly launches other programs:
Memory manipulation functions often used by packers:
- VirtualAlloc
- VirtualProtect
Functions related to the privilege level:
- OpenProcessToken
- AdjustTokenPrivileges
Can shut the system down or lock the screen:
|
Suspicious |
The file contains overlay data. |
14553669 bytes of data starting at offset 0x44200.
The overlay data has an entropy of 7.99999 and is possibly compressed or encrypted.
Overlay data amounts for 98.1188% of the executable.
|
Suspicious |
VirusTotal score: 1/71 (Scanned on 2024-02-14 01:27:31) |
Cynet:
Malicious (score: 100)
|
MD5 |
beba2c9c1ec15438f301559ce9d9ce9c
|
SHA1 |
640e6d90ae3249af0c892e56d3b01e53d5a18f1d
|
SHA256 |
bd2735016aad193d058e63eeca06fe76eebea50a940e2f6eb6581294f3fce29d
|
SHA3 |
1f94af73affa381551f4d9dc4a138ed08a7fcf70060c60818891abcf4eccff2b
|
SSDeep |
393216:yKKAl3KJnU6SfsZseQmx2i9jMsski5DMJaD/ajHrRRv:EA5KJUFxeki9T2NMJM/MHdRv
|
Imports Hash |
9d8fb47598991ad8c0094898c32a6c3b
|
e_magic |
MZ
|
e_cblp |
0x50
|
e_cp |
0x2
|
e_crlc |
0
|
e_cparhdr |
0x4
|
e_minalloc |
0xf
|
e_maxalloc |
0xffff
|
e_ss |
0
|
e_sp |
0xb8
|
e_csum |
0
|
e_ip |
0
|
e_cs |
0
|
e_ovno |
0x1a
|
e_oemid |
0
|
e_oeminfo |
0
|
e_lfanew |
0x100
|
Signature |
PE
|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections |
9
|
TimeDateStamp |
2010-Oct-30 20:54:54
|
PointerToSymbolTable |
0
|
NumberOfSymbols |
0
|
SizeOfOptionalHeader |
0xe0
|
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic |
PE32
|
LinkerVersion |
2.0
|
SizeOfCode |
0x15000
|
SizeOfInitializedData |
0x2ee00
|
SizeOfUninitializedData |
0
|
AddressOfEntryPoint |
0x00016478 (Section: .itext)
|
BaseOfCode |
0x1000
|
BaseOfData |
0x17000
|
ImageBase |
0x400000
|
SectionAlignment |
0x1000
|
FileAlignment |
0x200
|
OperatingSystemVersion |
5.0
|
ImageVersion |
6.0
|
SubsystemVersion |
5.0
|
Win32VersionValue |
0
|
SizeOfImage |
0x50000
|
SizeOfHeaders |
0x400
|
Checksum |
0
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve |
0x100000
|
SizeofStackCommit |
0x4000
|
SizeofHeapReserve |
0x100000
|
SizeofHeapCommit |
0x1000
|
LoaderFlags |
0
|
NumberOfRvaAndSizes |
16
|
MD5 |
824e3957006b0613ed9c53ada45c1db3
|
SHA1 |
386995a1ffa7ac746880a639064ca65486965ae2
|
SHA256 |
233ed9874ee865b72f99fabb9cffc4f46b2f949bb8fa951cf91f3a491b587521
|
SHA3 |
557c54d2332094733a94dbbd801e0e232519953308bfdd35d656b4a607fb836f
|
VirtualSize |
0x143f0
|
VirtualAddress |
0x1000
|
SizeOfRawData |
0x14400
|
PointerToRawData |
0x400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
Entropy |
6.4822
|
MD5 |
a1e7b318e1115c7a9aaa4dee97b67e4b
|
SHA1 |
71b916fe4c740acdba23cbbfc4456c9cdab74312
|
SHA256 |
97a3a8adae8642f53c8350667e969cca741344601cdc82b0441a08bc771ef8c3
|
SHA3 |
6f60f4d9746915f0ea1399d40e7b056f473955d1da9af43951cc0c97140ef78c
|
VirtualSize |
0xbe8
|
VirtualAddress |
0x16000
|
SizeOfRawData |
0xc00
|
PointerToRawData |
0x14800
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
Entropy |
6.00929
|
MD5 |
00abeb3340a427c843c21fd934d5ae67
|
SHA1 |
a399a7790162b450faa9d1ffca52cea47da54359
|
SHA256 |
263b7dec6b3ecd70775532d7cd4f9bac738ba63f6d159c55501b88a9eca649ba
|
SHA3 |
43b96feac7c4a7ec34722484939280dd49c979f115a98e4507b637d6a90229b1
|
VirtualSize |
0xd9c
|
VirtualAddress |
0x17000
|
SizeOfRawData |
0xe00
|
PointerToRawData |
0x15400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
2.67593
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
VirtualSize |
0x5710
|
VirtualAddress |
0x18000
|
SizeOfRawData |
0
|
PointerToRawData |
0x16200
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
MD5 |
b47eaca4c149ee829de76a342b5560d5
|
SHA1 |
56a0ec8ac42ef35b0ee132508701868d83befc42
|
SHA256 |
1ea5a02fe0fde79fdd2d25e4a9b685d18118b74dcc53bbba9d54df63a6fd53c0
|
SHA3 |
a6c4a3115f9b16fd917a83f2157a158c28362886cd7414b31f05d345ab308a17
|
VirtualSize |
0xf9e
|
VirtualAddress |
0x1e000
|
SizeOfRawData |
0x1000
|
PointerToRawData |
0x16200
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
4.96778
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
VirtualSize |
0x8
|
VirtualAddress |
0x1f000
|
SizeOfRawData |
0
|
PointerToRawData |
0x17200
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
MD5 |
3746f5876803f8f30db5bb2deb8772ae
|
SHA1 |
65e8dad930c8c32d40ca9aff4890630f20d87074
|
SHA256 |
9c8a4b346c5df43a9f90f5d15227c2dea3e7dfabfbe8402bcba85c3b2e9c84ae
|
SHA3 |
956c3695e53f796282349fc0b391c557d3f9bef6abb0d58045dacccc70b3a4cf
|
VirtualSize |
0x18
|
VirtualAddress |
0x20000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0x17200
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
Entropy |
0.190489
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
VirtualSize |
0x1940
|
VirtualAddress |
0x21000
|
SizeOfRawData |
0
|
PointerToRawData |
0
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
MD5 |
e09e4f489a1514287beeb13ae83a49cd
|
SHA1 |
3e489eaf2072c6cf793e3bbff56b96901d684b99
|
SHA256 |
1c0d745d986565cae2293c103ba3eb0c5ff682c7020d72d0a4d2945e32bbfbcb
|
SHA3 |
e0bc277106974d726d53884a15db2864f539248ffbf9dd01019a0f3557d0d290
|
VirtualSize |
0x2ccfc
|
VirtualAddress |
0x23000
|
SizeOfRawData |
0x2ce00
|
PointerToRawData |
0x17400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
Entropy |
4.68787
|
oleaut32.dll |
SysFreeString
SysReAllocStringLen
SysAllocStringLen
|
advapi32.dll |
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
|
user32.dll |
GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
|
kernel32.dll |
GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
|
kernel32.dll (#2) |
GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
|
user32.dll (#2) |
GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
|
kernel32.dll (#3) |
GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
|
advapi32.dll (#2) |
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
|
comctl32.dll |
InitCommonControls
|
kernel32.dll (#4) |
GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
|
advapi32.dll (#3) |
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
|
oleaut32.dll (#2) |
SysFreeString
SysReAllocStringLen
SysAllocStringLen
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
Latin 1 / Western European
|
Size |
0x2e8
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
3.52552
|
MD5 |
d5e35ccbf6855b025014d61910ede77e
|
SHA1 |
abb3e85e14704472c442c36d726ad565765f192c
|
SHA256 |
c3c2ded4f0e26a8ac363a9ef5c5f6524a7ad5cec6ae7f93e0082c23c836935af
|
SHA3 |
d6731cb8860a363e89da6e401b1ae8c5ce79a42dbd3da0beb7bab5c54098c76c
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
Latin 1 / Western European
|
Size |
0x128
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
3.3013
|
MD5 |
43f5979dfe581278684f236c686a437d
|
SHA1 |
0d546d1059ad98cc18376673fe3be00faed6d3ae
|
SHA256 |
764b0f4b9e48ff68d6a95b98d86bbca07633d97ab35561f51b32e81f2acc8044
|
SHA3 |
d1e8a7b5efc25cf350c15f2d7e3cfd6b92c2d7345899ec8b21dce0e96578390b
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
Latin 1 / Western European
|
Size |
0x8a8
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
5.0026
|
MD5 |
790ad45822214864a8b0075e9c023580
|
SHA1 |
0e9c15800d90be0bd0ca7777e997e47bd9720dee
|
SHA256 |
32ca9d9fd4d8a7c619e6c93f7b3c3e5e0f8c83cadcc44c6b76bbd5142f857e53
|
SHA3 |
4e52cfe32c6c8387b8a18746c13406af0299cbe686d09e4f77174a9a0947f38d
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
Latin 1 / Western European
|
Size |
0x568
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
3.48375
|
MD5 |
91102139fdea8d44eacdbd6b76d5ba7b
|
SHA1 |
a666a710f9719476e7dba095cd7fa5b82fcdfe40
|
SHA256 |
c58e438dc3fa72f81daa26492ee5ff231cc83a0208e5ded3db7d37743a576235
|
SHA3 |
f2a482ef064a73ba49ab213aeb77aca7e6eb55fc8baaf025a1a331963b6f3718
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
Latin 1 / Western European
|
Size |
0x10828
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
4.15677
|
MD5 |
881f2c31b35983594e83476c91161cf2
|
SHA1 |
7e306c051709f74e9a091d3dae331f440943df09
|
SHA256 |
ec109ffb2be6db3b879ac2e5a3a5bc3cf6cc07e0dfcda97dcd8cb7f2aeaed849
|
SHA3 |
1643795fc15659cd4195969a7c6ec52895d145c827d45e2f22bae9f1701818d3
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
Latin 1 / Western European
|
Size |
0x94a8
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
4.68297
|
MD5 |
26dded786e6678f38c5fb930714dcc9a
|
SHA1 |
0102a960ba2afb563119ed33f1c862c02856b4ea
|
SHA256 |
1498eea1d96e030a1e49df76580acb2675b0901700e8e09b73eb18e1b44659ce
|
SHA3 |
3967b470260f02a63570b1463c5fd391389630c9cda299d89bd2f3c8062f72ae
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
Latin 1 / Western European
|
Size |
0x4228
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
4.5021
|
MD5 |
313824468e5526a045dae71989647b62
|
SHA1 |
23bd77af3b8e715b68a56ee3f50dfc8620dc9950
|
SHA256 |
5a0e3a5b4a221387c7e9397ebce852f9fd008c21c3f40922d742073ae309358b
|
SHA3 |
58c27d62a42700dbd122db1278269cf0202e9284e91466eb72c56b09f077d564
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
Latin 1 / Western European
|
Size |
0x25a8
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
5.17401
|
MD5 |
7f4fb160f09bdf6a7ac8ac0ad65a5e83
|
SHA1 |
43e0300a9bf576b6ecae58879a4a2b26da54155b
|
SHA256 |
751619035e2713fc2129bddadb72f5359f87b13b8b7f63341e7cec7d2dd96381
|
SHA3 |
8c6ef0322a1a455e1403935dc411e0be10c5726bc8541ce28452a82442104edf
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
Latin 1 / Western European
|
Size |
0x10a8
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
5.15266
|
MD5 |
b635e295c6eb8b7cfa9b4c5f6bd5c4f1
|
SHA1 |
dececc5b32934bd0e30b0d033395267995b1890c
|
SHA256 |
c8e08eb8dc342ac81b7e486237f87b95a402586e8193bc1b2c8e310939c158aa
|
SHA3 |
076814c9cdd907094af9df594085d15ba35e43c2114fc2e7600366c8a3ebcf12
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
Latin 1 / Western European
|
Size |
0x468
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
5.62407
|
MD5 |
26d6987f342a232827c62d2b12f67294
|
SHA1 |
96ab942f2d080d870b5c96f9caf222d6c3a8fa71
|
SHA256 |
26d2bfa219de2381f73cd3edfeb47de80a352efbb220486032eca847c2b33515
|
SHA3 |
ebd95216e8028d3cbf7827c0d1f944f9c2d1176431dda153ef1f59cde3cf2aa3
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
Latin 1 / Western European
|
Size |
0xc4
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
3.13038
|
MD5 |
d2772bcc007d8465cf41352da64ed008
|
SHA1 |
3cb80c1ec7e649f89f425b6d7fdd11dd5333e052
|
SHA256 |
57fbdcb9b1d61d1269f5e9bc3e4f325029bd89778123d7703251761eebe26dea
|
SHA3 |
28c495a2cc8d92c07ea21db55f8e6ea142d60465f042d175b590db37884f5eb4
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
Latin 1 / Western European
|
Size |
0xcc
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
3.36196
|
MD5 |
1bb1699f3e79a261a1cb71a60a1ace7c
|
SHA1 |
268f9a2602e1187b881d96db521e82c8d051d656
|
SHA256 |
a073bc06540956a93a3ef6eaa7d558de6f92de721edd29d6a93551a0fab23c08
|
SHA3 |
a0d833ced8297a2d82be5b80dd79fa9f61b84033377016f4c588ff2cfc168cf9
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
Latin 1 / Western European
|
Size |
0x174
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
3.34841
|
MD5 |
b6bedb71d6a6fa5215e4afdd1e983bdc
|
SHA1 |
7541a76c3ab32506ab00c3ab56076bf01532b267
|
SHA256 |
203e2c213958348f4911dd2e3188ea694f7d1d97f9ea9a82f89f5ee7af8c9607
|
SHA3 |
3ad5273f1d88b58db23b17b0ecd52f1280b9c279f64aad4404f5487b5d8f264e
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
Latin 1 / Western European
|
Size |
0x39c
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
3.29351
|
MD5 |
0b1533b447231c6319c4a10d84508e60
|
SHA1 |
f5477d91942bfe92a5dc3c46897a66fb663a124f
|
SHA256 |
6fa3bbc46b4cc3a979f4ebfc293c50453912eb51ef76d2ea3c7d3d86d7223e86
|
SHA3 |
aed1581927a66228d158a903e015bdfa9a12e44865ff24c991ba8e2c1a9de8c1
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
Latin 1 / Western European
|
Size |
0x34c
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
3.34579
|
MD5 |
2596d19a6b88cbba9c9c9cb003affbc6
|
SHA1 |
37091a716fd1eed000e0c3bb195fbd589a750608
|
SHA256 |
7f63f3f944a0b62f8f3b35a60141081599f7f175605ced7e1b4dcb80fda58c8a
|
SHA3 |
0b2581dd0c1b08d882b1f4c4014652d2e7d046d95aa3df236690e9d22572b27c
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
Latin 1 / Western European
|
Size |
0x294
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
3.28057
|
MD5 |
1f9009e4d5b61392e05aa8ac6eceb6aa
|
SHA1 |
4af6f3144fff0951da37370a3d200e8d74fc4862
|
SHA256 |
cb21f2b28bfc6b8046348c7a96bf97149dc5f91e1cc1a4f2904a1044a008425a
|
SHA3 |
c1aebde06ed543947facd67a9541283cbec74e559e267c1b84c168a2bf839812
|
Type |
RT_RCDATA
|
Language |
English - United States
|
Codepage |
Latin 1 / Western European
|
Size |
0x82e8
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
3.5072
|
MD5 |
6e9c1c8c0a0ec8d73165779560cd7ba4
|
SHA1 |
d044c45e2ffd24e1abef00079577df385e325ab4
|
SHA256 |
677245e2a6b2eb5495b4965b8c26025a4b26e8b8c21a825f658cb390b493b9a0
|
SHA3 |
3ec7819e8561ecad66b1ef2652d4f3b275030f7cf402f276daa38f28d288e4e7
|
Type |
RT_RCDATA
|
Language |
UNKNOWN
|
Codepage |
Latin 1 / Western European
|
Size |
0x10
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
4
|
MD5 |
d8090aba7197fbf9c7e2631c750965a8
|
SHA1 |
04f73efb0801b18f6984b14cd057fb56519cd31b
|
SHA256 |
88d14cc6638af8a0836f6d868dfab60df92907a2d7becaefbbd7e007acb75610
|
SHA3 |
a5a67ad8166061d38fc75cfb2c227911de631166c6531a6664cd49cfb207e8bb
|
Type |
RT_RCDATA
|
Language |
UNKNOWN
|
Codepage |
Latin 1 / Western European
|
Size |
0x1a0
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
5.28128
|
MD5 |
da4546577bb32bf676de0cd06a35b8cb
|
SHA1 |
c8b2b1ea4bda3d17e14312ad3d46be51ac8d39c9
|
SHA256 |
84023e9e18099e4f84a87098d5b25ddd578c6ae394ac2ba1b048ca4b2fa14872
|
SHA3 |
e542135c833ba9a3e5dc11ef147b37d4e9b8e74e78d2a7a72addb374f3051f10
|
Type |
RT_RCDATA
|
Language |
UNKNOWN
|
Codepage |
Latin 1 / Western European
|
Size |
0x2c
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
4.61354
|
MD5 |
3cd5f5bdcef667060c7d26d59c1dee39
|
SHA1 |
85dbf7e62fff761d6cdefc5cd1a769bd484eb726
|
SHA256 |
244ccd8dc628ac368078ff324a4fa01310eab464eeb7aebd0ea91e8e0d4f3a24
|
SHA3 |
fc38e856cd462c7f6adb081cb62826015daea79a1a35e0b863be42b908befc3c
|
Type |
RT_GROUP_ICON
|
Language |
English - United States
|
Codepage |
Latin 1 / Western European
|
Size |
0x92
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
3.01278
|
Detected Filetype |
Icon file
|
MD5 |
4a3e941f802abd2763195f7c6210dde8
|
SHA1 |
3e9b4cbfe9c6c827767ddf0c96fdc92af5080f1c
|
SHA256 |
3f44c0a0d631cd480ceec87922969a384a71b65c47ebc22230db41a9806c2c4c
|
SHA3 |
3389c7111a2c316f10a7269c10844411f58eeab3b856033641180df48c78d778
|
Type |
RT_VERSION
|
Language |
English - United States
|
Codepage |
Latin 1 / Western European
|
Size |
0x4b8
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
2.68653
|
MD5 |
95894fe7cac004a9373d80d9a4bfbe8f
|
SHA1 |
fbdb7595a810f73bb7c6f5abd42c833d00a3b5aa
|
SHA256 |
c6510f62094a4e67d44ce7e359269a91999f09e4556a361f32ec284539660b24
|
SHA3 |
276ba468013abe35c2705c5b878fc769ee42b0ffb11d1f8b576b152de201d67d
|
Type |
RT_MANIFEST
|
Language |
English - United States
|
Codepage |
Latin 1 / Western European
|
Size |
0x560
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
5.05007
|
MD5 |
8d7accca43bc3864983dbbb9af490005
|
SHA1 |
07ae72350bcbfedb5015a78efd74fcfd3bab11ac
|
SHA256 |
ec233469005d39f4f2673be991a0415318631a59c5976c35d4dd22db45226fd0
|
SHA3 |
d340127cbdd815e5c2dd4b44e8755c28512ad5e969b757cfcec6612b00e9d186
|
Thu |
Fri |
Sat |
Sunday |
Monday |
Tuesday |
Wednesday |
Thursday |
Friday |
Saturday |
Invalid file name - %s |
January |
February |
March |
April |
May |
June |
July |
August |
September |
October |
November |
December |
Sun |
Mon |
Tue |
Wed |
Monitor support function not initialized |
%s (%s, line %d) |
Abstract Error |
Access violation at address %p in module '%s'. %s of address %p |
Jan |
Feb |
Mar |
Apr |
May |
Jun |
Jul |
Aug |
Sep |
Oct |
Nov |
Dec |
Variant or safe array is locked |
Invalid variant type conversion |
Invalid variant operation |
Invalid variant operation (%s%.8x) |
%s |
Could not convert variant of type (%s) into type (%s) |
Overflow while converting variant of type (%s) into type (%s) |
Variant overflow |
Invalid argument |
Invalid variant type |
Operation not supported |
Unexpected variant error |
External exception %x |
Assertion failed |
Interface not supported |
Exception in safecall method |
Object lock not owned |
Invalid class typecast |
Access violation at address %p. %s of address %p |
Access violation |
Stack overflow |
Control-C hit |
Privileged instruction |
Operation aborted |
Exception %s in module %s at %p. |
%s%s |
|
Application Error |
Format '%s' invalid or incompatible with argument |
No argument for format '%s' |
Variant method calls not supported |
Read |
Write |
Error creating variant or safe array |
Variant or safe array index out of bounds |
Out of memory |
I/O error %d |
File not found |
Too many open files |
File access denied |
Read beyond end of file |
Disk full |
Invalid numeric input |
Division by zero |
Range check error |
Integer overflow |
Invalid floating point operation |
Floating point division by zero |
Floating point overflow |
Floating point underflow |
Invalid pointer operation |
Signature |
0xfeef04bd
|
StructVersion |
0x10000
|
FileVersion |
6.9.0.0
|
ProductVersion |
6.9.0.0
|
FileFlags |
(EMPTY)
|
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language |
UNKNOWN
|
Comments |
This installation was built with Inno Setup.
|
CompanyName |
|
FileDescription |
K-Lite Codec Pack Setup
|
FileVersion (#2) |
6.9.0.0
|
LegalCopyright |
|
ProductName |
K-Lite Codec Pack
|
ProductVersion (#2) |
6.9.0
|
Resource LangID |
English - United States
|
StartAddressOfRawData |
0x41f000
|
EndAddressOfRawData |
0x41f008
|
AddressOfIndex |
0x4177b4
|
AddressOfCallbacks |
0x420010
|
SizeOfZeroFill |
0
|
Characteristics |
IMAGE_SCN_TYPE_REG
|
Callbacks |
(EMPTY)
|
[*] Warning: directory 5 has a size of 0! This PE may have been manually crafted!
[!] Error: Could not reach the requested directory (offset=0x0).
[*] Warning: Section .bss has a size of 0!
[*] Warning: Section .tls has a size of 0!
[*] Warning: Section .reloc has a size of 0!