Manalyze report for c4e2317beabc6a84ea8ff2317c197d6e

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2017-Oct-01 07:55:19
Detected languages	English - United States
FileDescription	bvnvnbfg
FileVersion	`3.3.3.3`
InternalName	sfsdffdswef
LegalCopyright	Copyright (C) 2003-2017
OriginalFilename	cbcbvdfg.exe
ProductName	cvbsdsd
ProductVersion	`3.3.3.3`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++`
Info	Interesting strings found in the binary:	`Contains domain names: .exe.bat.com exe.bat.com https://vbcv.com`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryW LoadLibraryExW GetProcAddress` `Functions which can be used for anti-debugging purposes: FindWindowW` `Code injection capabilities: WriteProcessMemory OpenProcess VirtualAllocEx` `Code injection capabilities (PowerLoader): FindWindowW GetWindowLongW` `Can access the registry: RegisterHotKey RegDeleteValueW RegDeleteKeyW RegSetValueExW RegCreateKeyExW RegQueryValueExW RegEnumKeyExW RegEnumValueW RegQueryInfoKeyW RegOpenKeyExW RegCloseKey` `Possibly launches other programs: CreateProcessW` `Can create temporary files: CreateFileW GetTempPathW` `Uses functions commonly found in keyloggers: MapVirtualKeyW GetAsyncKeyState AttachThreadInput CallNextHookEx GetForegroundWindow` `Memory manipulation functions often used by packers: VirtualProtect VirtualAllocEx` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Interacts with services: OpenSCManagerW` `Enumerates local disk drives: GetDriveTypeW GetVolumeInformationW` `Manipulates other processes: WriteProcessMemory ReadProcessMemory OpenProcess` `Can take screenshots: GetDC FindWindowW BitBlt CreateCompatibleDC` `Reads the contents of the clipboard: GetClipboardData` `Can shut the system down or lock the screen: ExitWindowsEx`
Malicious	VirusTotal score: 40/72 (Scanned on 2020-07-11 08:50:53)	`MicroWorld-eScan: Gen:Variant.Ulise.101067` `FireEye: Generic.mg.c4e2317beabc6a84` `ALYac: Gen:Variant.Ulise.101067` `Cylance: Unsafe` `K7AntiVirus: Riskware ( 0040eff71 )` `K7GW: Riskware ( 0040eff71 )` `Cybereason: malicious.beabc6` `Arcabit: Trojan.Ulise.D18ACB` `F-Prot: W32/Ursu.T.gen!Eldorado` `Symantec: ML.Attribute.HighConfidence` `APEX: Malicious` `Paloalto: generic.ml` `BitDefender: Gen:Variant.Ulise.101067` `NANO-Antivirus: Riskware.Win32.Relevant.ffkiaf` `Avast: Win32:Adware-gen [Adw]` `Tencent: Malware.Win32.Gencirc.10b81bef` `Ad-Aware: Gen:Variant.Ulise.101067` `Sophos: Mal/Generic-S` `F-Secure: Heuristic.HEUR/AGEN.1131041` `DrWeb: Adware.Relevant.167` `TrendMicro: TROJ_GEN.R002C0PG920` `Emsisoft: Gen:Variant.Ulise.101067 (B)` `Cyren: W32/Ursu.T.gen!Eldorado` `Jiangmin: Trojan.MSIL.jnxo` `Avira: HEUR/AGEN.1131041` `Fortinet: Riskware/PUP_XLG` `Antiy-AVL: Trojan/Win32.AGeneric` `Microsoft: PUA:Win32/Vigua.A` `Cynet: Malicious (score: 90)` `McAfee: PUP-XLG-IA` `MAX: malware (ai score=87)` `VBA32: BScope.Adware.Relevant` `TrendMicro-HouseCall: TROJ_GEN.R002C0PG920` `Rising: Malware.Undefined!8.C (CLOUD)` `GData: Gen:Variant.Ulise.101067` `BitDefenderTheta: Gen:NN.ZexaF.34132.fr0@aaXOs1ai` `AVG: Win32:Adware-gen [Adw]` `Panda: Trj/Genetic.gen` `CrowdStrike: win/malicious_confidence_70% (W)` `Qihoo-360: HEUR/QVM20.1.7D17.Malware.Gen`

Hashes

MD5	`c4e2317beabc6a84ea8ff2317c197d6e`
SHA1	`d5f6382d87c71784b9ad4ac4939828fd065c039b`
SHA256	`465dcf0b61c35cc0b466f1b811a3178a05193ba7f0b420341c961e8afb760518`
SHA3	`b72d63bdc340ad9e0c9ca0b4f668781b8517bdb9e8bf0811e7a3cf4aec63cac2`
SSDeep	`12288:YwFzF2ZT5PQKw+zVDDCCF7izciejegnvTWKA0uLpc4Zw5kK5T1iOzX:YE2QB2N7iz+je4bWirh5J7zX`
Imports Hash	`dd582b2c62dfd226a750bdded1d07e7a`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2017-Oct-01 07:55:19
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0xa1a00`
SizeOfInitializedData	`0x75600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00088A72 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xa3000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x120000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x400000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`8a214084988ff8beb2864aad755b4b92`
SHA1	`fc69e9bba53c7cf5b327ea2d012f5b76453da50d`
SHA256	`cc9b93d0d21aaaa48e7b18d474e0b9341ad2d0c82b4853b5033bb5b046b56069`
SHA3	`1fc3e645036ecc8de9d59b94f7b509ead9b2acc023c48fc3b9cf1409f7bb58a9`
VirtualSize	`0xa180a`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa1a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.62017`

.rdata

MD5	`6143705f2e4d1429cee1dc8be87ff5ce`
SHA1	`52be8789bc41785f0c50e034d69b7ca2520b2be1`
SHA256	`54b0b30b062fa71ef8bbda7d3a510ec7a1bd86d6de78fafac40e4eaca63796f5`
SHA3	`a4eb5ec0eab4fc1e3fd96c966aa80383c9b5b01cc36e153221b14e2f6eff12c8`
VirtualSize	`0x2735a`
VirtualAddress	`0xa3000`
SizeOfRawData	`0x27400`
PointerToRawData	`0xa1e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.94324`

.data

MD5	`57aee8e37ed0195f0ab0435447b744f5`
SHA1	`be32d94577f7b0f88f45110055440b73c10a6d96`
SHA256	`42acb68c8f76a00ebb69c4630480320377d7158d811903a5b752828e1ec4c590`
SHA3	`a5843c6ef129db0643b0c0b191d312104586792b880171a6264ae74d6192636f`
VirtualSize	`0x8204`
VirtualAddress	`0xcb000`
SizeOfRawData	`0x2800`
PointerToRawData	`0xc9200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.7597`

.rsrc

MD5	`f0ad844c170a9f7532f3f9945b3d4066`
SHA1	`8e5600f7c2b6cb6f33dc5ef46f5ecfd5e81a4018`
SHA256	`5e3033ccdcc13e268e1bb909c451b3e9f057fb3382110c49efa28dca5a7cbcfc`
SHA3	`602a2e61df6fafcfe0243b3128f4f3ed540530339cea8a425a8d21a9db32e04c`
VirtualSize	`0x4b84c`
VirtualAddress	`0xd4000`
SizeOfRawData	`0x4ba00`
PointerToRawData	`0xcba00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.4772`

Imports

WSOCK32.dll	`#11` `#52` `#57` `#116` `#115`
WINMM.dll	`joyGetPosEx` `mciSendStringW` `waveOutGetVolume` `mixerGetDevCapsW` `mixerGetLineInfoW` `mixerSetControlDetails` `waveOutSetVolume` `mixerGetControlDetailsW` `mixerGetLineControlsW` `mixerOpen` `joyGetDevCapsW` `mixerClose`
VERSION.dll	`VerQueryValueW` `GetFileVersionInfoW` `GetFileVersionInfoSizeW`
COMCTL32.dll	`CreateStatusWindowW` `ImageList_ReplaceIcon` `ImageList_GetIconSize` `ImageList_AddMasked` `ImageList_Destroy` `ImageList_Create`
PSAPI.DLL	`GetProcessImageFileNameW` `GetModuleFileNameExW` `GetModuleBaseNameW`
KERNEL32.dll	`FindNextFileW` `FindClose` `FileTimeToLocalFileTime` `SetEnvironmentVariableW` `Beep` `MoveFileW` `OutputDebugStringW` `CreateProcessW` `GetFileAttributesW` `WideCharToMultiByte` `MultiByteToWideChar` `GetExitCodeProcess` `WriteProcessMemory` `ReadProcessMemory` `GetCurrentProcessId` `OpenProcess` `TerminateProcess` `SetPriorityClass` `SetLastError` `GetEnvironmentVariableW` `GetLocalTime` `GetDateFormatW` `GetTimeFormatW` `GetDiskFreeSpaceW` `SetVolumeLabelW` `CreateFileW` `DeviceIoControl` `GetDriveTypeW` `GetVolumeInformationW` `CreateDirectoryW` `ReadFile` `WriteFile` `DeleteFileW` `SetFileAttributesW` `LocalFileTimeToFileTime` `SetFileTime` `GetFileSizeEx` `GetSystemTime` `GetSystemDefaultUILanguage` `GetComputerNameW` `GetWindowsDirectoryW` `GetTempPathW` `GetFullPathNameW` `GetShortPathNameW` `LoadLibraryW` `FreeLibrary` `LockResource` `LeaveCriticalSection` `VirtualProtect` `QueryDosDeviceW` `CompareStringW` `RemoveDirectoryW` `CopyFileW` `GetCurrentProcess` `FormatMessageW` `GetPrivateProfileStringW` `GetPrivateProfileSectionW` `GetPrivateProfileSectionNamesW` `WritePrivateProfileStringW` `WritePrivateProfileSectionW` `SetEndOfFile` `GetACP` `GetFileType` `GetStdHandle` `SetFilePointerEx` `SystemTimeToFileTime` `FileTimeToSystemTime` `GetFileSize` `VirtualAllocEx` `VirtualFreeEx` `EnumResourceNamesW` `LoadLibraryExW` `GlobalSize` `RaiseException` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `InitializeCriticalSectionAndSpinCount` `RtlUnwind` `InitializeSListHead` `QueryPerformanceCounter` `GetStartupInfoW` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `IsDebuggerPresent` `IsProcessorFeaturePresent` `CreateEventW` `WaitForSingleObjectEx` `ResetEvent` `SetEvent` `ExitProcess` `GetModuleHandleExW` `HeapSize` `HeapReAlloc` `HeapQueryInformation` `HeapFree` `HeapAlloc` `LCMapStringW` `LoadResource` `SizeofResource` `FindResourceW` `GetSystemTimeAsFileTime` `GetModuleFileNameW` `DeleteCriticalSection` `GetCPInfo` `GetVersionExW` `GetModuleHandleW` `GetProcAddress` `GetLastError` `CreateMutexW` `CloseHandle` `GetExitCodeThread` `SetThreadPriority` `CreateThread` `GetStringTypeExW` `lstrcmpiW` `GetCurrentThreadId` `GlobalUnlock` `GlobalFree` `GlobalAlloc` `GlobalLock` `GetCurrentDirectoryW` `FindFirstFileW` `SetErrorMode` `InitializeCriticalSection` `SetCurrentDirectoryW` `Sleep` `GetTickCount` `MulDiv` `EncodePointer` `GetCommandLineA` `GetStringTypeW` `GetConsoleCP` `GetConsoleMode` `GetProcessHeap` `FindFirstFileExW` `IsValidCodePage` `GetOEMCP` `GetEnvironmentStringsW` `GetCommandLineW` `FreeEnvironmentStringsW` `SetStdHandle` `FlushFileBuffers` `ReadConsoleW` `WriteConsoleW` `DecodePointer` `EnterCriticalSection` `VirtualQuery`
USER32.dll	`RedrawWindow` `SetParent` `GetClassInfoExW` `GetAncestor` `UpdateWindow` `GetMessagePos` `GetClassLongW` `DefDlgProcW` `CallWindowProcW` `CheckRadioButton` `IntersectRect` `PtInRect` `CreateDialogIndirectParamW` `CreateAcceleratorTableW` `DestroyAcceleratorTable` `InsertMenuItemW` `SetMenuDefaultItem` `RemoveMenu` `SetMenuItemInfoW` `IsMenu` `GetMenuItemInfoW` `CreateMenu` `CreatePopupMenu` `SetMenuInfo` `AppendMenuW` `DestroyMenu` `TrackPopupMenuEx` `CreateIconIndirect` `GetDesktopWindow` `CopyImage` `CreateIconFromResourceEx` `EnumClipboardFormats` `GetWindow` `BringWindowToTop` `GetTopWindow` `GetQueueStatus` `GetWindowRect` `GetClientRect` `SystemParametersInfoW` `AdjustWindowRectEx` `DrawTextW` `SetRect` `GetIconInfo` `SetWindowTextW` `IsWindowVisible` `CheckMenuItem` `MessageBoxW` `MapWindowPoints` `SetClipboardViewer` `LoadAcceleratorsW` `EnableMenuItem` `GetMenu` `CreateWindowExW` `RegisterClassExW` `LoadCursorW` `DestroyIcon` `DestroyWindow` `IsCharAlphaW` `MapVirtualKeyW` `MapVirtualKeyExW` `SetDlgItemTextW` `GetWindowTextW` `mouse_event` `WindowFromPoint` `GetSystemMetrics` `keybd_event` `SetKeyboardState` `GetKeyboardState` `GetCursorPos` `GetAsyncKeyState` `AttachThreadInput` `SendInput` `UnregisterHotKey` `RegisterHotKey` `PostQuitMessage` `SendMessageTimeoutW` `UnhookWindowsHookEx` `SetWindowsHookExW` `PostThreadMessageW` `IsCharAlphaNumericW` `IsCharUpperW` `IsCharLowerW` `ToUnicodeEx` `GetKeyboardLayout` `CallNextHookEx` `CharLowerW` `ReleaseDC` `GetDC` `OpenClipboard` `GetClipboardData` `GetClipboardFormatNameW` `CloseClipboard` `SetClipboardData` `EmptyClipboard` `PostMessageW` `RemovePropW` `SetPropW` `GetPropW` `FlashWindow` `SetMenu` `ExitWindowsEx` `GetMenuStringW` `GetSubMenu` `GetMenuItemID` `GetMenuItemCount` `GetLastInputInfo` `GetCursor` `ClientToScreen` `ChangeClipboardChain` `FindWindowW` `EndDialog` `IsWindow` `DispatchMessageW` `TranslateMessage` `ShowWindow` `CountClipboardFormats` `SetWindowLongW` `ScreenToClient` `IsDialogMessageW` `GetDlgItem` `SendDlgItemMessageW` `DialogBoxParamW` `SetForegroundWindow` `DefWindowProcW` `FillRect` `DrawIconEx` `GetSysColorBrush` `GetSysColor` `RegisterWindowMessageW` `IsIconic` `IsZoomed` `EnumWindows` `GetWindowTextLengthW` `EnableWindow` `InvalidateRect` `SetLayeredWindowAttributes` `SetWindowPos` `SetWindowRgn` `SetFocus` `GetGUIThreadInfo` `SendMessageW` `IsWindowEnabled` `GetWindowLongW` `GetKeyState` `TranslateAcceleratorW` `KillTimer` `PeekMessageW` `GetFocus` `GetClassNameW` `GetWindowThreadProcessId` `GetForegroundWindow` `GetMessageW` `SetTimer` `GetParent` `GetDlgCtrlID` `CharUpperW` `IsClipboardFormatAvailable` `SetActiveWindow` `MessageBeep` `EnumChildWindows` `VkKeyScanExW` `MoveWindow` `LoadImageW`
GDI32.dll	`GetClipRgn` `GetClipBox` `GetCharABCWidthsW` `SetBkMode` `CreatePatternBrush` `SetBrushOrgEx` `EnumFontFamiliesExW` `CreateDIBSection` `GdiFlush` `ExcludeClipRect` `SetBkColor` `SetTextColor` `GetPixel` `BitBlt` `CreateCompatibleBitmap` `GetSystemPaletteEntries` `GetDIBits` `CreateCompatibleDC` `CreatePolygonRgn` `CreateRectRgn` `CreateRoundRectRgn` `CreateEllipticRgn` `DeleteDC` `GetObjectW` `GetTextMetricsW` `GetTextFaceW` `SelectObject` `GetStockObject` `CreateDCW` `CreateSolidBrush` `CreateFontW` `FillRgn` `GetDeviceCaps` `DeleteObject`
COMDLG32.dll	`CommDlgExtendedError` `GetOpenFileNameW` `GetSaveFileNameW`
ADVAPI32.dll	`RegDeleteValueW` `RegDeleteKeyW` `RegSetValueExW` `RegCreateKeyExW` `RegQueryValueExW` `AdjustTokenPrivileges` `LookupPrivilegeValueW` `OpenProcessToken` `CloseServiceHandle` `UnlockServiceDatabase` `LockServiceDatabase` `OpenSCManagerW` `GetUserNameW` `RegEnumKeyExW` `RegEnumValueW` `RegQueryInfoKeyW` `RegOpenKeyExW` `RegCloseKey` `RegConnectRegistryW`
SHELL32.dll	`ExtractIconW` `DragQueryPoint` `SHEmptyRecycleBinW` `SHFileOperationW` `SHGetPathFromIDListW` `SHBrowseForFolderW` `SHGetDesktopFolder` `SHGetMalloc` `SHGetFolderPathW` `ShellExecuteExW` `Shell_NotifyIconW` `DragFinish` `DragQueryFileW`
ole32.dll	`OleUninitialize` `CoCreateInstance` `CoInitialize` `CoUninitialize` `OleInitialize` `CLSIDFromString` `CoGetObject` `StringFromGUID2` `CreateStreamOnHGlobal`
OLEAUT32.dll	`#35` `#20` `#7` `#418` `#24` `#18` `#23` `#22` `#148` `#21` `#17` `#16` `#19` `#11` `#27` `#2` `#12` `#9` `#15` `#6`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2b028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.95208`
MD5	`25b8a1de69597c55ab7fabdc0e322297`
SHA1	`fc35255a99f1283dae9f73563445b6cace060b05`
SHA256	`266001af6f72cbb0c6c23292c3f4928099cac7bba9cf0843456c29651c20d77f`
SHA3	`75a4b647ec64f9a5424c1e9eec1e6e5dec0e32edd72ee365db06ebf0fa1114ef`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.54635`
MD5	`3e20888d251d4af93be2ac814473dbf5`
SHA1	`1c1ed3503220c62219696a9d348609768f0200f2`
SHA256	`91d79c72971bb8620f9b123d56c1bcd692b6cf53d6f11aaf7d95463ff2ed0b8e`
SHA3	`7ab7acc59b84212155ba3a5cbb267924f8a5a6c9e464b3d63ae76049372990e5`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89621`
MD5	`5500857968351cd4c0e0889700a69d72`
SHA1	`e11de2f6366e2bb4c82e94b8f83998e88df160c2`
SHA256	`a5de9423a93627babf6976bf2451ecddfd825df2567aecad8b09b0c92ae71c59`
SHA3	`e4bca437caac4e6fc7fe708543e7e8c42529c50b10de3920a2fb7f4ce8813e2d`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.02448`
MD5	`e286a02559ad39c05f6e72b2cbcaa5d2`
SHA1	`84bd15e97928b1842ba9f21a9ab9c579e13dccd4`
SHA256	`020714ffb5ae20971da2af5cdfd3a5df8de56dd8ad0552a8fe98c90619279b1f`
SHA3	`78271d4484ccf1f10727c96c4b76c7b75fd673d459061d07ec84d179acb57729`

8

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.17489`
MD5	`541ca16bda65922ff5f4a8ea0b0a4000`
SHA1	`e19f2f4247c2e25cb11a5fcd9e00122204cd3777`
SHA256	`6d950873893dc63f8a648b00243dd3245a59d3f98c18ffdf175c1bcb4d7dde4a`
SHA3	`6680b4b4514be4c37dcbd676e247218c7a6757fe9c9cd56501407b9c44edf858`

9

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.54635`
MD5	`3e20888d251d4af93be2ac814473dbf5`
SHA1	`1c1ed3503220c62219696a9d348609768f0200f2`
SHA256	`91d79c72971bb8620f9b123d56c1bcd692b6cf53d6f11aaf7d95463ff2ed0b8e`
SHA3	`7ab7acc59b84212155ba3a5cbb267924f8a5a6c9e464b3d63ae76049372990e5`

10

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89621`
MD5	`5500857968351cd4c0e0889700a69d72`
SHA1	`e11de2f6366e2bb4c82e94b8f83998e88df160c2`
SHA256	`a5de9423a93627babf6976bf2451ecddfd825df2567aecad8b09b0c92ae71c59`
SHA3	`e4bca437caac4e6fc7fe708543e7e8c42529c50b10de3920a2fb7f4ce8813e2d`

11

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.02448`
MD5	`e286a02559ad39c05f6e72b2cbcaa5d2`
SHA1	`84bd15e97928b1842ba9f21a9ab9c579e13dccd4`
SHA256	`020714ffb5ae20971da2af5cdfd3a5df8de56dd8ad0552a8fe98c90619279b1f`
SHA3	`78271d4484ccf1f10727c96c4b76c7b75fd673d459061d07ec84d179acb57729`

12

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.17489`
MD5	`541ca16bda65922ff5f4a8ea0b0a4000`
SHA1	`e19f2f4247c2e25cb11a5fcd9e00122204cd3777`
SHA256	`6d950873893dc63f8a648b00243dd3245a59d3f98c18ffdf175c1bcb4d7dde4a`
SHA3	`6680b4b4514be4c37dcbd676e247218c7a6757fe9c9cd56501407b9c44edf858`

13

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.54635`
MD5	`3e20888d251d4af93be2ac814473dbf5`
SHA1	`1c1ed3503220c62219696a9d348609768f0200f2`
SHA256	`91d79c72971bb8620f9b123d56c1bcd692b6cf53d6f11aaf7d95463ff2ed0b8e`
SHA3	`7ab7acc59b84212155ba3a5cbb267924f8a5a6c9e464b3d63ae76049372990e5`

14

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89621`
MD5	`5500857968351cd4c0e0889700a69d72`
SHA1	`e11de2f6366e2bb4c82e94b8f83998e88df160c2`
SHA256	`a5de9423a93627babf6976bf2451ecddfd825df2567aecad8b09b0c92ae71c59`
SHA3	`e4bca437caac4e6fc7fe708543e7e8c42529c50b10de3920a2fb7f4ce8813e2d`

15

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.02448`
MD5	`e286a02559ad39c05f6e72b2cbcaa5d2`
SHA1	`84bd15e97928b1842ba9f21a9ab9c579e13dccd4`
SHA256	`020714ffb5ae20971da2af5cdfd3a5df8de56dd8ad0552a8fe98c90619279b1f`
SHA3	`78271d4484ccf1f10727c96c4b76c7b75fd673d459061d07ec84d179acb57729`

16

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.17489`
MD5	`541ca16bda65922ff5f4a8ea0b0a4000`
SHA1	`e19f2f4247c2e25cb11a5fcd9e00122204cd3777`
SHA256	`6d950873893dc63f8a648b00243dd3245a59d3f98c18ffdf175c1bcb4d7dde4a`
SHA3	`6680b4b4514be4c37dcbd676e247218c7a6757fe9c9cd56501407b9c44edf858`

17

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.54635`
MD5	`3e20888d251d4af93be2ac814473dbf5`
SHA1	`1c1ed3503220c62219696a9d348609768f0200f2`
SHA256	`91d79c72971bb8620f9b123d56c1bcd692b6cf53d6f11aaf7d95463ff2ed0b8e`
SHA3	`7ab7acc59b84212155ba3a5cbb267924f8a5a6c9e464b3d63ae76049372990e5`

18

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89621`
MD5	`5500857968351cd4c0e0889700a69d72`
SHA1	`e11de2f6366e2bb4c82e94b8f83998e88df160c2`
SHA256	`a5de9423a93627babf6976bf2451ecddfd825df2567aecad8b09b0c92ae71c59`
SHA3	`e4bca437caac4e6fc7fe708543e7e8c42529c50b10de3920a2fb7f4ce8813e2d`

19

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.02448`
MD5	`e286a02559ad39c05f6e72b2cbcaa5d2`
SHA1	`84bd15e97928b1842ba9f21a9ab9c579e13dccd4`
SHA256	`020714ffb5ae20971da2af5cdfd3a5df8de56dd8ad0552a8fe98c90619279b1f`
SHA3	`78271d4484ccf1f10727c96c4b76c7b75fd673d459061d07ec84d179acb57729`

20

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.17489`
MD5	`541ca16bda65922ff5f4a8ea0b0a4000`
SHA1	`e19f2f4247c2e25cb11a5fcd9e00122204cd3777`
SHA256	`6d950873893dc63f8a648b00243dd3245a59d3f98c18ffdf175c1bcb4d7dde4a`
SHA3	`6680b4b4514be4c37dcbd676e247218c7a6757fe9c9cd56501407b9c44edf858`

211

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x11e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.21226`
MD5	`5eb2b57ddd9e7eff7a536b3696cb12ce`
SHA1	`471d3aaa59ae763060850dbea7b57ef5976595be`
SHA256	`f4973641c6a2afde83390790b24974b35970c24ab26806fbcddd5613501a281b`
SHA3	`c7913817a499e9730361f54dbf16f34ff2f3a7102db6819d5f2066d4ddcb1ef8`

205

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xe8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82326`
MD5	`fec66af562e184a3acd4ada5b1603016`
SHA1	`fe5cd5d19cfc12992d23a18db8edaf1c06f610c2`
SHA256	`0b54b12fc56db7f7a5a366544081e75cfd312d6db7dd0b298b8088ad2f748908`
SHA3	`36780025f039a7044aac6d427f489314299b398567b3b737bb5f229278d74563`

212

Type	`RT_ACCELERATOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x48`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.96144`
MD5	`7fb94687aa0fe2b18873dba5ac59ab1d`
SHA1	`e19e8d6b0e33da063de27c83fa0bab4058513332`
SHA256	`86286a59831ad1d0d84eb411ae6fa236b21bca5d3ebfc93a59cf4b6bf1d466d0`
SHA3	`33011788d35d1127a1ee6fbdb975c0d4ef6b36d3896e0d27d3f75f0ff68e3aec`

ANH

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x425`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.06974`
MD5	`3fe461c576cd0703a24046acdddd80df`
SHA1	`91b497539e0a0497703abf5d1fab288821921aa4`
SHA256	`e7dfafcda63b34a13b45639cbaf7a5363e3151c789685145f4e48709302e280b`
SHA3	`64ef5e955fa9e7ac1895ff2ef8772fae7571d7cfa098eba0e0a1256cf0f839ce`

159

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Icon file
MD5	`cacc6b24409b5973a8afafc4c5ae80ae`
SHA1	`86e4a88447f26e43a5e943acd28c36ec19c370a9`
SHA256	`8f60c73da447224154ce4081c4033917b2f4a5c4a8c76a489245487dffdea470`
SHA3	`a83b208820573ca500202e1f5a5c0f31967ee7474395427026d6130c052b3365`

160

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.73042`
Detected Filetype	Icon file
MD5	`c77c9ef51ab9b0b2d67a607ce89bddc8`
SHA1	`6935b17b24febbe8cca4c0888901e8beaa17c3bb`
SHA256	`3743b15bad9e68b20468dfe9adcf42fd9c3da1dd9610eb2d281583bfce526df4`
SHA3	`af1c8ebf855cbd0f7747ddeabb694aaf21a6c7497a69af67bb4d0ef8537018ca`

206

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.73042`
Detected Filetype	Icon file
MD5	`6850e23840480606e551c6ff4b38df59`
SHA1	`25b9f7538d2c52252bd1f783dfef611bc6476d9c`
SHA256	`6cd9f2cf6e6b8fa134656f93183d974c9b97782c5a3a47330cf382b33ad4baaf`
SHA3	`569c5e4a0ee7533b684707e65df9d21907ac3c38e0b94b09c1cca52ba88713de`

207

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.73042`
Detected Filetype	Icon file
MD5	`e1622b10e4d178899d95156dede0ace7`
SHA1	`66db77aa9c8a2c1221fae9c4b9fca5c603460d75`
SHA256	`7b96691a2cfbc27ea8383710f2667524341d685f6c6545c090ce4bbba5093b42`
SHA3	`2e6e05c95a646277c01290d3daa65e9858ce7135bcfc7b3654c7af71036ac625`

208

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.67808`
Detected Filetype	Icon file
MD5	`9131bb90552728b97f3ebf38d86422ce`
SHA1	`85e77e99e99c9f10ea35ebaf6a81816f7a35850b`
SHA256	`54cc7584f813a382d75c26ed5c04200254f720c60d198a663da27c85ab031309`
SHA3	`82fbc273668a0c46540d76b4ae571c302cc9f00ea6e26f5b16a738da3c7f3bd6`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x27c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.43178`
MD5	`e4637b208e226b101bcea6b9506f348c`
SHA1	`884a3dbd0db4f76964d5dcb2dc69a88d4516dde1`
SHA256	`9fa7190c82639c20f1f028071bb5228341373e199476dfbb1a17d578ddf7bf87`
SHA3	`d415c0e4c8e6e065dc6ae0e4b67fd7428c6f4cf2b9d197a71a2a62d680ddc477`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x482`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.32708`
MD5	`e64f15fc7a8df4d9b58d4881c78f115e`
SHA1	`c7098d5343ea7471eb2bcb7d5634cbe9bca64d2a`
SHA256	`9b67eb4c0042e50c464d972f79e29f4f50d447529309d59d39a8582088e06bb2`
SHA3	`e4b236b079e88ea08010bb326a1e5af55b261caef5c4386d86d49b8c66020d71`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	3.3.3.3
ProductVersion	3.3.3.3
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
FileDescription	bvnvnbfg
FileVersion (#2)	3.3.3.3
InternalName	sfsdffdswef
LegalCopyright	Copyright (C) 2003-2017
OriginalFilename	cbcbvdfg.exe
ProductName	cvbsdsd
ProductVersion (#2)	3.3.3.3

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2017-Oct-01 07:55:19
Version	`0.0`
SizeofData	`856`
AddressOfRawData	`0xc6e64`
PointerToRawData	`0xc5c64`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2017-Oct-01 07:55:19
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x4c71cc`
EndAddressOfRawData	`0x4c71d4`
AddressOfIndex	`0x4cd6f0`
AddressOfCallbacks	`0x4a3774`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x98`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x4cb010`
SEHandlerTable	`0`
SEHandlerCount	`0`

RICH Header

XOR Key	`0x60b03f06`
Unmarked objects	`0`
ASM objects (24610)	`11`
C++ objects (24610)	`148`
C objects (24610)	`18`
ASM objects (25305)	`25`
C++ objects (25305)	`42`
C objects (25305)	`22`
262 (24610)	`7`
Imports (24610)	`27`
Total imports	`453`
265 (25508)	`42`
Resource objects (25508)	`1`
Linker (25508)	`1`

c4e2317beabc6a84ea8ff2317c197d6e

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

Imports

Delayed Imports

1

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

211

205

212

ANH

159

160

206

207

208

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors