Manalyze report for c4f3f5c87901d9ef70a7676caaec761b

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2018-Feb-08 00:12:42
Detected languages	English - United States Korean - Korea

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: \x00` `Section \x00 is both writable and executable.` `Unusual section name found: .naim\x00\xd7` `Unusual section name found: .idata` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found: zikhnsvx` `Section zikhnsvx is both writable and executable.` `Unusual section name found: jwqxbpnm` `Section jwqxbpnm is both writable and executable.` `The PE only has 2 import(s).`
Info	The PE's resources present abnormal characteristics.	`Resource 210 is possibly compressed or encrypted.` `Resource 211 is possibly compressed or encrypted.` `Resource 127 is possibly compressed or encrypted.` `Resource 128 is possibly compressed or encrypted.` `Resource 202 is possibly compressed or encrypted.` `Resource 203 is possibly compressed or encrypted.` `Resource 204 is possibly compressed or encrypted.` `Resource 3 is possibly compressed or encrypted.` `Resource 6 is possibly compressed or encrypted.` `Resource 7 is possibly compressed or encrypted.` `Resource 8 is possibly compressed or encrypted.` `Resource 10 is possibly compressed or encrypted.` `Resource 11 is possibly compressed or encrypted.` `Resource 12 is possibly compressed or encrypted.`
Info	The PE is digitally signed.	`Signer: Game Cafe Services` `Issuer: Starfield Secure Certificate Authority - G2`
Safe	VirusTotal score: 0/68 (Scanned on 2018-03-03 13:29:23)	`All the AVs think this file is safe.`

Hashes

MD5	`c4f3f5c87901d9ef70a7676caaec761b`
SHA1	`8b6017ace21fac0c04dbf32f6f70f68088c9d3c2`
SHA256	`3d3dc8350f0688642d962679633eb93097bae3a026b97994b8429a5d065c5702`
SHA3	`b3f05ce713277f555a7f6a8e2a418f82b1b5ec2442b28981e35176fdf9334ac7`
SSDeep	`98304:ehdgrZHygXCPjXLPFMKiLsky7UHTJxfmD09NFDZINTa:ehdgr4hg417UH9n9VuTa`
Imports Hash	`baa93d47220682c04d92f7797d9224ce`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x130`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`7`
TimeDateStamp	2018-Feb-08 00:12:42
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.1`
SizeOfCode	`0x772000`
SizeOfInitializedData	`0x1c9000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00CC1000 (Section: jwqxbpnm)`
BaseOfCode	`0x1000`
BaseOfData	`0x773000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.1`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xcc2000`
SizeOfHeaders	`0x1000`
Checksum	`0x490bbe`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_NO_ISOLATION`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

\x00

MD5	`d5e3c73621198e3577976502b2105b49`
SHA1	`06539da03b56f0ff8b21c098a7f1c4028679bbcb`
SHA256	`308d93a19f2cc214b1ad3bb0e963e69edb088e9ec0bc1fc0b57e03052a9fbf7f`
SHA3	`4f1ba379a66bee0eec85ada06d53380d29a5f33e0285fbf22334584c1ccd0a7e`
VirtualSize	`0xa4b000`
VirtualAddress	`0x1000`
SizeOfRawData	`0x30f000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.92041`

.rsrc

MD5	`89f3a57125a88da9d6c3572cfec1c0d7`
SHA1	`d0952d196405d39c8f7a31d9a48f8fdf58b2b478`
SHA256	`643f9aaf990b8b893381d702f9e261ba776ec84229479b47ff02674c9f2b7137`
SHA3	`794be385a22f82baf9fa9c089138007429d4145221f0945dddeda31db5de2cee`
VirtualSize	`0xa6bd4`
VirtualAddress	`0xa4c000`
SizeOfRawData	`0xa7000`
PointerToRawData	`0x310000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99625`

.naim\x00\xd7

MD5	`064664fee154748436ec53058f2ee742`
SHA1	`c95a2e2b85304d9f98fa483cb46a17527a64b710`
SHA256	`c684287448332c6d6914dfbad48c599e368ef57ba9cc7280b230c652c6fab431`
SHA3	`2bc41fc66d8028d5e1f3fbbede1f30e8d448ce6e560a401754a765e6af60d522`
VirtualSize	`0x7740`
VirtualAddress	`0xaf3000`
SizeOfRawData	`0x7740`
PointerToRawData	`0x3b7000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.09166`

.idata

MD5	`d63e17e890d1db88fab01179fe91a998`
SHA1	`c8136e45e1dd405c2f5b02ad39e02684935e6ee3`
SHA256	`bd0b411612ec013d7190a021d7f45d2e2dc3461002c9bc4f7c59c96668399864`
SHA3	`755b9524cf31859c268e6c8ca91682c748148bb16dec15920e7f654e47af4870`
VirtualSize	`0x1000`
VirtualAddress	`0xafb000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x3bf000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.220958`

MD5	`47cff4035830180104c220fe5049fc4e`
SHA1	`e78cdcf9f1ce25146a91e95b29df0e44ca566d74`
SHA256	`fb8b9b59be1729ed89cf3550c12e3bb36f0b15fdba9eb74e7b6d858c97845a9b`
SHA3	`5dc424abba2a1f0da2fd301bc8fc1fca80411675948dbb9aeb0a3839b126bc50`
VirtualSize	`0xfa000`
VirtualAddress	`0xafc000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x3c0000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.041681`

zikhnsvx

MD5	`825fe188a9e87983acfba11ac0753852`
SHA1	`259aa41b207e58764143c5fb5d7f2d2a878bc3be`
SHA256	`d8342bee32f0d068e1617c51e5061faf03db874f21fa98c641b7a61201d02ed9`
SHA3	`20635894809f0c42aef5a81ad5179cfa6ed15583141926dda58a37c5a6165eea`
VirtualSize	`0xcb000`
VirtualAddress	`0xbf6000`
SizeOfRawData	`0xcb000`
PointerToRawData	`0x3c1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.89336`

jwqxbpnm

MD5	`6cc780147c89c2512f2ecde1ef0eac1e`
SHA1	`b1521da7c947bf902219e73e559e9ae0c37f1ea1`
SHA256	`a07974f87a661a91cff80d42cc4b54ff4014e7f6e8f44547a3f16d4fc8f3cd6a`
SHA3	`065648b19a16d47531fe41453932945d7a92c5b74d975ce1ea1a27d253a58220`
VirtualSize	`0x1000`
VirtualAddress	`0xcc1000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x48c000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.876`

Imports

kernel32.dll	`lstrcpy`
comctl32.dll	`InitCommonControls`

Delayed Imports

210

Type	`NP`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0x599f8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99716`
MD5	`2d47286680cf0427f6c4ddca139d0ea2`
SHA1	`fd7a986c04e1ac2727b18650ba0b0d22aec89ebe`
SHA256	`2c31b004183cf1c888bcea10c79eb357ba7624d72d8c79b023e1aa858694b2ca`
SHA3	`e481dfacc37c8353ab266078ceff9d42a7c999144c17a5dc20a6f89428609f62`

211

Type	`NP`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0x13d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.38568`
MD5	`689cef267c62a83c620539c82d51eefb`
SHA1	`a0103bc6332edab9180c6184b265a247bf7db5e6`
SHA256	`fec2221227e683d5a99ccc8b14f288d563068ec1cfda98e3b8f53ee21dfe32a9`
SHA3	`bf023e3fd26f95138af609b8f017f25347c42a9db0a56a4d3e618adefb29a9bb`

127

Type	`TABLE`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0xf4d4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.9972`
MD5	`c8db55af5c6b23321eb5b3d45eb5746a`
SHA1	`ce4fe34059aae1202407792e99c33c561617bc4a`
SHA256	`bfb7888bf20d1f048b219aa174505ebfe123f239f5fa66d5402812bd560f619f`
SHA3	`898dc6dfa8c0ca2429d515b95b8c524a8c1ef885adffdca376bd0652870e0e15`

128

Type	`TABLE`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0x105fc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99691`
MD5	`53ed2dfab6e85c84158f92a3073833d3`
SHA1	`d09df9124b2a3b1e9973dc91a067e62209af6cba`
SHA256	`09317abe2f244ad97fc54025568a87b8472d8ae518472f216f4206cb92f657c6`
SHA3	`e97f0b6412469033e0dc0a997b6bf71c67ce754f73679d9e1f7f42130ed48232`

202

Type	`TABLE`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0x10a8c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99732`
MD5	`416ca9ceae5b5b41fc98143671d89b9f`
SHA1	`563e02cd199e8ec81fa6ade5c67abd2bdcf68120`
SHA256	`804b6fdb3997ecd8046b9558d3af391e4587d96713f1176a0c14ec356e42e667`
SHA3	`7dfdcf01ec1aa6b79630e730f892b824a6e2015d123f2d024fe49e1ac77082d3`

203

Type	`TABLE`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0x124`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.30643`
MD5	`3761c6834ad972ce526046e59c591e4c`
SHA1	`eaec0b9c49fe71c36db39580499df42729f6665f`
SHA256	`b85e02c0f8f4377ca819ba3f3111552f45a32da2d118b306d9389af52fab0e7b`
SHA3	`906f507ce55bcad95cf2f314520b74eba79003786db385b113e5dd30e6648a94`

204

Type	`TABLE`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0x15574`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99819`
MD5	`1b44792732a96de3872bafd10175c813`
SHA1	`573265591846bb5b465b13f5b36236ec59dfaf01`
SHA256	`3e504ff93807ce597a0819cec3cb1fecf7df555b22e91c98125f7757be1c82b7`
SHA3	`e42a0499bf4470ef2fb7ea69175bc380364daa6327e440f5e228e9491e10fad5`

3

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.03765`
MD5	`cbaaec2c1d1bcf09dbbf0b557c79e30b`
SHA1	`6d1e9d107fba06177c9f67693d6eec0337b9b450`
SHA256	`87092911d6f210ab941dd80cb0fe80a10dd8f276e7ddf032ad1c1a3c3cef6eb8`
SHA3	`04454e8e557cd8d6ef325607b985c1ce93293473b9b7c0ef80615f5efd19ca6b`

4

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.9737`
MD5	`f67c9a5cf2bb357b63d90d8223e8930c`
SHA1	`46e3f3249fd8a0b1fa0a4c98bcac778bd4655c74`
SHA256	`be161b575ef046f0b78025ba23bba54a1fe31a24663ed69fbdcee171f97bab28`
SHA3	`ab2c70d50ecb45efd5d99aa7649b21cd8d615dd2e824837d252eb149b697964f`

5

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.98185`
MD5	`1580ec25ec6c423aef4465fe7493d8c2`
SHA1	`c310a2b585c317adcef88c88d4c1327d10904020`
SHA256	`52f428777f04fbcc8acafa01a8e6ffaed17909076abb18682452624978405036`
SHA3	`22dfd7bf69c2dcd384c2361ee18c7fae36cb0ec7ab952444367aaca11b1c239a`

6

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.27721`
MD5	`4a2da307db6bc7311889430c0ba2d77c`
SHA1	`17a2e627005c928cdbd157563003237b6d014aa0`
SHA256	`585726ef021acf94f3f88a42d994dc9d4a3a53a52372118c138917c75483b794`
SHA3	`a38d21ba5d198e16962760fb6954e31508059cffd5526fd52e345f48aac4e19d`

7

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.34236`
MD5	`b497cb03bb87e42bf0c44c3796b4fdf2`
SHA1	`d34fcdf1b97437c18a330896dc35e31697dba086`
SHA256	`e0ebc6ee08e907bfa42e3cb1a345fd36836b56bc6e4192af54300ce72594ed0a`
SHA3	`221e23e5d384bb3525bb323685b3eeb7cab66a4352b947f0396eeaa1e17f9a49`

8

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.02794`
MD5	`067e16dcf1d7fd3b22f6d582f3bebcae`
SHA1	`a7e87ba1f3bd4e9cf373df8dab069b43d075dccd`
SHA256	`8b2f02cde7eb8af6acbe324b0bf5ff06ebf10bddc974e966865f73c695132744`
SHA3	`0d4d8dff585a40db396fc9aa792873b8624b65ee0fae74b7fe0d750bf8bbda48`

9

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.93573`
MD5	`6c91239a06c16bf327d6b66d30a6c990`
SHA1	`632b72f98d23f367dbeb26a27575b9f41a40ae98`
SHA256	`d300b979231dea7ceb9080245579aed83fcd67e0c357832448763e65f304123d`
SHA3	`c4588c9fdbb55e9e44b19ffe115948196873ed8b0d4d8a737a17891d806eebcf`

10

Type	`RT_CURSOR`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0x8ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.45589`
MD5	`b96e8dde530e630dc430d22e4f6c2c16`
SHA1	`e3e80b6b055190ce70a9300b6a7776f45727c1f4`
SHA256	`8af78c8ae89eff894f90e611457ea2e5a6ec185aafd33ee6768f618b0e9d4c23`
SHA3	`dfb6746964341feac8c471d0127f5d40ebeb915c37c827c4da21c777e4791034`

11

Type	`RT_CURSOR`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0x8ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.4578`
MD5	`12dd8f6c0dca6119d9b463dda3f78ab6`
SHA1	`31043a5c9c76ba01c9935fac47002ecb7586c348`
SHA256	`603cdfcef4d81b72d437b40cb502204904457dd31c346fc490eb77ba175a4bd0`
SHA3	`31b514cce0bdc302251ada42ccdd56ccdf7495152e81b69e4ce06c5c1f623c34`

12

Type	`RT_CURSOR`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0x8ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.48927`
MD5	`513a962a23bad0f549a3125ce653d39f`
SHA1	`ae94504bdac7b441557b349865973d08e5e04ed9`
SHA256	`d3d2e2db74c22880268ddcbe77238048c48727b5ae803ae37bda60940f0f140d`
SHA3	`ba1d8168c1f05af28c313c6280c4ddb73d1890c90b643381dd499e95015bcc89`

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.9327`
MD5	`7cadb5b3fda4b4abc9680794d7dbbd8e`
SHA1	`84b9ee169754eb5ae1b247e540a516f110a1a87b`
SHA256	`4551e434638d2f8fd9a81c823f0e0d10821d722dc305ff651546b48be836f23b`
SHA3	`e3dc5534485d0d1d654482caf551131cc0986cad299d7cec3369b8a266305d88`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.60895`
MD5	`c1901f3f05ee9681186b6c8c596cc00a`
SHA1	`f97e02708c4d66295f6f00339a9015994ea28d52`
SHA256	`cad3d9a042e34d13f10c891af8723754b48385a6cfad67e0e1a57aaad3f285dc`
SHA3	`f2c40e9f05f917519d4ed8f58f0aa91f200d1fc4b63432d58fad3736a8c83e51`

201

Type	`RT_ACCELERATOR`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3`
MD5	`109001b649ab3538bc9ad1b4ad14d97f`
SHA1	`c0dfee735b619c26a209095ecdef7b60fc624b6d`
SHA256	`16a03e97f31741349b2d75b2a3d46df566dec2c6344991bfcab5ba32a7c5ef33`
SHA3	`c749ada92583b0ebcd1e27cd611fb19738859a2e8b088a311f8b2a8f01193a55`

1 (#2)

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.22193`
MD5	`07ee34a1803a01ea5ecd9f39eb7d04b6`
SHA1	`1c3f8e6aa86499d86b5542699a0771ca8e668666`
SHA256	`ecd0ea7d7428e056e974514c9143b6aa858c2477e9e7753d27571a8dccff2a0b`
SHA3	`22d818b9b5c96ffb10d10b77e13283f067d992925ab2045c6bcf6ecd04441ebf`

2 (#2)

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.22193`
MD5	`ef328d6c728386a1dc849eefab6c27ab`
SHA1	`059b677f08026e1ffe09135620d9e50bb632edd7`
SHA256	`7320464b6aab6e3953adf9ab9ff09c8f1ea20ae50be2e0f044f3de352d115626`
SHA3	`9653e4201f5194839dcf29bbcb5ed5f5250101c5537d4cd6132be1c2454663d9`

3 (#2)

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.22193`
MD5	`254c5482c700cbaf2ebaf1d6c160001d`
SHA1	`ff827d5e53c7be982ed79e2a465ae2cdb9e28a86`
SHA256	`da38baa3791dccc2d7bf34167a199fba38cb7c549164079649549f930ad07faf`
SHA3	`c002297a2cf08312678629bd8e4022ecc08b015708e5e73e7c520308037f9ff6`

4 (#2)

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.32193`
MD5	`620d7b9dd69126523f828224100b0e9c`
SHA1	`f5218239660f0373461244d79e38abc4833a1221`
SHA256	`8940388ff14e9082f6486efbb1f96ac221e2652e513ee6199fbf3ea0657889fe`
SHA3	`ba1a26059ff1eda15b13465897f4f9fb8d05bceda33cec631c8231312eec9173`

5 (#2)

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.12193`
MD5	`1688b4ca6dd2635e4c60cf7cc75aa278`
SHA1	`b753cf0764e393315692c1e9302148d76b2b84ce`
SHA256	`f9d37e9b1433320705ee01f173e2da4ed4b4c79a1b6320c6a6247ae1194f641e`
SHA3	`3fa63bf144cc419405233c3706f0c0a34e3e451154f23d990cc5dd6a5e3e9b01`

6 (#2)

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.84644`
MD5	`b9c1941f6eabdee7eb51f51fb72bff47`
SHA1	`b74241e030974d2df96114ac05b8495031e24a68`
SHA256	`da0d8b23edad6886a753ac213c5b442f4f36b261d74c50cb15828ff1f98d4378`
SHA3	`3b61a9772f7601276bc172a1bbfa744cf4dcf21f432f3785b017bc031bd3c2be`

7 (#2)

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.32193`
MD5	`57894c38d08e1a965f9f2b14b7307991`
SHA1	`05f0357ac4dbeaff11d6581344292de6e6e3d812`
SHA256	`c809839a38852efe87af97170f18845ceafcf8ba27bc59f5040fd1faaafe2d10`
SHA3	`759c2475bc903d708accaa46e35067dd60fe8d74bfc6d5255dee108fa2c25383`

122

Type	`RT_GROUP_CURSOR`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.32193`
MD5	`dffd04f12f2c8338136c546e78979f8e`
SHA1	`692fecdc4041451a9dc61d5557ae81dc1e554103`
SHA256	`08a63481bf9a4b244c35db724f4ddda66f0b29cbf15848d7e194cf2ec9fdbfde`
SHA3	`bc17e0fa480eb6ee184858c7b08d097d56055e60255fe38963314ed3d65527a7`

123

Type	`RT_GROUP_CURSOR`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.22193`
MD5	`cba5196c5b78cd09e83af1799495b1c1`
SHA1	`d11edc0e1294f3503220e36536c264ab5b080388`
SHA256	`ddf08eac28294531225b9445bb23e3209c488c1c77346e760296ecc04e5be283`
SHA3	`66eefba8a992e6691cf2969d2615db22c1f3590e63f290c31c138605c55ecc49`

124

Type	`RT_GROUP_CURSOR`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.22193`
MD5	`82e833b68bc1566577947b3bfbf5b300`
SHA1	`3cda13f99053efdd299f40581045530da2883658`
SHA256	`32993d717753d57b331bf674dc4b5d059d6e2a17333797d56f03a74779c92337`
SHA3	`fc3b9e46ec3eb031181189bb28b86b02dc413423ecf60323f8bc4f53dff5b8dd`

101

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.32824`
Detected Filetype	Icon file
MD5	`98abddcf0c1dc29c999864264b78c981`
SHA1	`848c0e5121dad30e7b7381e85ddfeea5672366e7`
SHA256	`d58a6a1ee3d9ae7bb5bb4b019a84495af9b55381f295dc7beeaf222d58bd4c36`
SHA3	`791bcb018a1e72465a6006dbcdf1423c8740cdc634f355903df3c7738ba27552`

1 (#3)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x320`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41779`
MD5	`9b5111dd19b79366eabc98f1e1da4a4d`
SHA1	`28b1fd1df0f31bab4481def50d4a2c936a44dba3`
SHA256	`785fb5a77ac3191e415f454243fb333c59f3163acd877e3850860aa692c1e4e2`
SHA3	`611e61e9826b06d639944fea63e8525a380b10f862f5e9510df4924dc9b3840a`

MANIFEST_RESOURCE_ID

Type	`RT_MANIFEST`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0x23c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91577`
MD5	`4d3971723b5899df9b85c39f8301691d`
SHA1	`34ea87c319b3d5b900a0d6903260542b9187026a`
SHA256	`b18c614b6e39a6fd7708702659f23cdc9e03051c7a3bfcfa3de9b5d7e8b1b6f6`
SHA3	`746b532b277f6c6c115946235f9964601bf1b5bc6f51d7e21a3e3a6747bf67cf`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x209`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.92185`
MD5	`40d7966c12157e8608e4703c563af1de`
SHA1	`966dda9ba689f6470160d24673443329403039d5`
SHA256	`1be7a7bb877663bddae8169bf995766e25f8e5222873b60e739a204877aa26c8`
SHA3	`7d5013633bb9ead6463f6084d5c8c69daa09660c65e66ffc79317f9c044e8b99`

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x6a2dee54`
Unmarked objects	`0`
126 (50327)	`5`
ASM objects (VS2012 build 50727 / VS2005 build 50727)	`66`
C objects (VS2012 build 50727 / VS2005 build 50727)	`216`
49 (9044)	`2`
C objects (2179)	`6`
114 (VS2012 build 50727 / VS2005 build 50727)	`14`
Imports (VS2012 build 50727 / VS2005 build 50727)	`2`
Linker (VC++ 6.0 SP5 imp/exp build 8447)	`2`
C objects (VC++ 6.0 SP5 build 8804)	`44`
ASM objects (VS2003 (.NET) build 4035)	`6`
C++ objects (VS2003 (.NET) build 4035)	`154`
Imports (VS2003 (.NET) build 4035)	`33`
Total imports	`427`
Unmarked objects (#2)	`3`
C objects (VS2003 (.NET) build 4035)	`17`
C++ objects (VS2012 build 50727 / VS2005 build 50727)	`673`
Resource objects (VS2012 build 50727 / VS2005 build 50727)	`1`
Linker (VS2012 build 50727 / VS2005 build 50727)	`1`

Errors

[!] Error: Could not read a VS_FIXED_FILE_INFO!
[!] Error: Could not read a VS_FIXED_FILE_INFO!
[*] Warning: Could not parse a VERSION_INFO resource!
[!] Error: The number of ICON_DIRECTORY_ENTRIES is bigger than the number of resources in the file.
[*] Warning: Resource 1 is empty!
[!] Error: The number of ICON_DIRECTORY_ENTRIES is bigger than the number of resources in the file.
[*] Warning: Resource 2 is empty!
[!] Error: The number of ICON_DIRECTORY_ENTRIES is bigger than the number of resources in the file.
[*] Warning: Resource 3 is empty!
[!] Error: The number of ICON_DIRECTORY_ENTRIES is bigger than the number of resources in the file.
[*] Warning: Resource 4 is empty!
[!] Error: The number of ICON_DIRECTORY_ENTRIES is bigger than the number of resources in the file.
[*] Warning: Resource 5 is empty!
[!] Error: The number of ICON_DIRECTORY_ENTRIES is bigger than the number of resources in the file.
[*] Warning: Resource 6 is empty!
[!] Error: The number of ICON_DIRECTORY_ENTRIES is bigger than the number of resources in the file.
[*] Warning: Resource 7 is empty!
[!] Error: The number of ICON_DIRECTORY_ENTRIES is bigger than the number of resources in the file.
[*] Warning: Resource 122 is empty!
[!] Error: The number of ICON_DIRECTORY_ENTRIES is bigger than the number of resources in the file.
[*] Warning: Resource 123 is empty!
[!] Error: The number of ICON_DIRECTORY_ENTRIES is bigger than the number of resources in the file.
[*] Warning: Resource 124 is empty!
[*] Warning: [plugin_authenticode] Hashing algorithm 1.2.840.1015.13.2.5 is not supported.