Manalyze report for cab0cafc88771e5552dcc05890d2eedc

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2017-Feb-03 09:44:32
Detected languages	English - United States
FileVersion	`1.1.24.05`
ProductVersion	`1.1.24.05`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: .exe.bat.com ahkscript.org exe.bat.com http://ahkscript.org`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryW LoadLibraryExW GetProcAddress` `Functions which can be used for anti-debugging purposes: FindWindowW` `Code injection capabilities: WriteProcessMemory OpenProcess VirtualAllocEx` `Code injection capabilities (PowerLoader): FindWindowW GetWindowLongW` `Can access the registry: RegisterHotKey RegDeleteKeyW RegSetValueExW RegCreateKeyExW RegQueryValueExW RegEnumKeyExW RegEnumValueW RegQueryInfoKeyW RegOpenKeyExW RegCloseKey RegDeleteValueW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: CreateFileW GetTempPathW` `Uses functions commonly found in keyloggers: GetAsyncKeyState AttachThreadInput CallNextHookEx GetForegroundWindow MapVirtualKeyW` `Memory manipulation functions often used by packers: VirtualProtect VirtualAllocEx` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Interacts with services: OpenSCManagerW` `Enumerates local disk drives: GetDriveTypeW GetVolumeInformationW` `Manipulates other processes: WriteProcessMemory ReadProcessMemory OpenProcess` `Can take screenshots: GetDC FindWindowW BitBlt CreateCompatibleDC` `Reads the contents of the clipboard: GetClipboardData` `Can shut the system down or lock the screen: ExitWindowsEx`
Suspicious	VirusTotal score: 1/67 (Scanned on 2021-03-10 23:46:53)	`Zillya: Trojan.Starter.Win32.21811`

Hashes

MD5	`cab0cafc88771e5552dcc05890d2eedc`
SHA1	`969ab9b4e77ced999099d4a4e1b1a7055aa00062`
SHA256	`337f459f40aa0a3c1a904e986d02c130b65bb9cf9341120252b4bcd4da6e4a0a`
SHA3	`edd93851b8b1d4849f85283e887c234a965148e4616b4549c82e5b3876f74acb`
SSDeep	`24576:JDp6JWDhfPHCmRSBZroaOGSMC6aYg9eV2R:9p6JWDhfPHVszUaOGXCHYgeVe`
Imports Hash	`b6f29f6dcef4cf7c121f3377a4ea0050`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2017-Feb-03 09:44:32
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xc1000`
SizeOfInitializedData	`0x88000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000A3798 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x155000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA`
SizeofStackReserve	`0x400000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f23268356a9c402775688dca43282f49`
SHA1	`253cc58302c418f37f58a8633a6ff256f15be764`
SHA256	`5d2c5dc89c0d4d05e458ae259e6384c31dcadfb737f390f1c06ef04e45c7ff80`
SHA3	`8df814f65f60f3f18787d1a0f4eab9652f0edec1ee5192290a73815b8a22cd3f`
VirtualSize	`0xc0eac`
VirtualAddress	`0x1000`
SizeOfRawData	`0xc1000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.52706`

.rdata

MD5	`a90f29cc1ba843f9b0de7f299c561283`
SHA1	`901920832f6335ae4f17553c4f2ffa4e6a8a41d2`
SHA256	`5e15dd716ccc6be3dc4a0762f399b060d526c18b1a6fe8b773dc8e7ea5c2b99d`
SHA3	`7b3782c8525672de3e02615129c7a96d900467c1d1446c2c7a44a42473b9901d`
VirtualSize	`0x37fe8`
VirtualAddress	`0xc2000`
SizeOfRawData	`0x38000`
PointerToRawData	`0xc1400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.12897`

.data

MD5	`257780adeb9bd6c205987dddf4ddb7c3`
SHA1	`98d2f53cb5015180d82efb7788721260c252f087`
SHA256	`0ba4afec5005073608b2972b224ac4843c0d318c03998ce2eb5c83757e7d8722`
SHA3	`0b0aa620e3518da3212a328096a8e9c6e4a4a9b7a5ef51c66e99fa8b383dea64`
VirtualSize	`0xbd34`
VirtualAddress	`0xfa000`
SizeOfRawData	`0x3800`
PointerToRawData	`0xf9400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.28296`

.pdata

MD5	`41f639c50f55764e803d48cd4c4bcf47`
SHA1	`4d8758671acd6db3de4d5a49159995eaed1481b4`
SHA256	`ad914f78119c7a3856c2d309fd0584dc6b84c7db5f9543dee30f342f917999b5`
SHA3	`d1810a0050f908840017679dccb9146f6de3fd2e6caf5661f24b6141221d7508`
VirtualSize	`0x6e88`
VirtualAddress	`0x106000`
SizeOfRawData	`0x7000`
PointerToRawData	`0xfcc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.97726`

.gfids

MD5	`df9f0d7d86fa0ef2dd1fa3e3489034a7`
SHA1	`803a0fde6a3cd58d53c01f74eead68b95bf890a9`
SHA256	`1fba33184101be6b92e0ce9f9fa28fa061094eb4183f7207844b617db1d4b962`
SHA3	`f3546e5c534abe7a780d8f0a7396cf692afc8430b831df38f3fb7782ddc15d6b`
VirtualSize	`0xec`
VirtualAddress	`0x10d000`
SizeOfRawData	`0x200`
PointerToRawData	`0x103c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.96824`

.tls

MD5	`1f354d76203061bfdd5a53dae48d5435`
SHA1	`aa0d33a0c854e073439067876e932688b65cb6a9`
SHA256	`4c6474903705cb450bb6434c29e8854f17d8324efca1fdb9ee9008599060883a`
SHA3	`991fbbd46bbd69198269fe6c247d440e0f8a7d38259b7a1e04b74790301d1d2b`
VirtualSize	`0x9`
VirtualAddress	`0x10e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x103e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0203931`

.rsrc

MD5	`69225337b5ade3d62c5dce2d33573ccf`
SHA1	`8263353d1464d5fc0c269799975bdd4c73566ba6`
SHA256	`e6aeabffb385187ce84a805e7dd67e1c443c2dcbd5428038fdf995a5827cad84`
SHA3	`77d69716485512764f1cb5f045bd16ce104f1093ef0170844593fec2df0c25ae`
VirtualSize	`0x452b4`
VirtualAddress	`0x10f000`
SizeOfRawData	`0x45400`
PointerToRawData	`0x104000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.637`

Imports

WSOCK32.dll	`WSACleanup` `inet_addr` `gethostbyname` `gethostname` `WSAStartup`
WINMM.dll	`mixerSetControlDetails` `waveOutGetVolume` `joyGetPosEx` `mixerGetControlDetailsW` `mixerOpen` `mixerGetDevCapsW` `mixerGetLineControlsW` `waveOutSetVolume` `mixerClose` `mciSendStringW` `joyGetDevCapsW` `mixerGetLineInfoW`
VERSION.dll	`VerQueryValueW` `GetFileVersionInfoW` `GetFileVersionInfoSizeW`
COMCTL32.dll	`ImageList_Create` `CreateStatusWindowW` `ImageList_ReplaceIcon` `ImageList_GetIconSize` `ImageList_Destroy` `ImageList_AddMasked`
PSAPI.DLL	`GetModuleFileNameExW` `GetProcessImageFileNameW` `GetModuleBaseNameW`
KERNEL32.dll	`FindClose` `FileTimeToLocalFileTime` `SetEnvironmentVariableW` `Beep` `MoveFileW` `OutputDebugStringW` `CreateProcessW` `GetFileAttributesW` `WideCharToMultiByte` `MultiByteToWideChar` `GetExitCodeProcess` `WriteProcessMemory` `ReadProcessMemory` `GetCurrentProcessId` `OpenProcess` `TerminateProcess` `SetPriorityClass` `SetLastError` `GetEnvironmentVariableW` `GetLocalTime` `GetDateFormatW` `GetTimeFormatW` `GetDiskFreeSpaceW` `SetVolumeLabelW` `CreateFileW` `DeviceIoControl` `GetDriveTypeW` `GetVolumeInformationW` `CreateDirectoryW` `ReadFile` `WriteFile` `DeleteFileW` `SetFileAttributesW` `LocalFileTimeToFileTime` `SetFileTime` `GetFileSizeEx` `GetSystemTime` `GetSystemDefaultUILanguage` `GetComputerNameW` `GetWindowsDirectoryW` `GetTempPathW` `GetFullPathNameW` `GetShortPathNameW` `LoadLibraryW` `FreeLibrary` `EnterCriticalSection` `LeaveCriticalSection` `VirtualProtect` `FindNextFileW` `CompareStringW` `RemoveDirectoryW` `CopyFileW` `GetCurrentProcess` `FormatMessageW` `GetPrivateProfileStringW` `GetPrivateProfileSectionW` `GetPrivateProfileSectionNamesW` `WritePrivateProfileStringW` `WritePrivateProfileSectionW` `SetEndOfFile` `GetACP` `GetFileType` `GetStdHandle` `SetFilePointerEx` `SystemTimeToFileTime` `FileTimeToSystemTime` `GetFileSize` `IsWow64Process` `VirtualAllocEx` `VirtualFreeEx` `EnumResourceNamesW` `LoadLibraryExW` `GlobalSize` `TlsGetValue` `TlsAlloc` `InitializeCriticalSectionAndSpinCount` `RtlUnwindEx` `RaiseException` `EncodePointer` `RtlPcToFileHeader` `InitializeSListHead` `QueryPerformanceCounter` `IsProcessorFeaturePresent` `GetStartupInfoW` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `IsDebuggerPresent` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `CreateEventW` `WaitForSingleObjectEx` `ResetEvent` `SetEvent` `GetCommandLineW` `ExitProcess` `GetModuleHandleExW` `HeapSize` `HeapReAlloc` `HeapQueryInformation` `HeapFree` `HeapAlloc` `FindFirstFileW` `LockResource` `LoadResource` `SizeofResource` `FindResourceW` `GetSystemTimeAsFileTime` `GetModuleFileNameW` `DeleteCriticalSection` `GetCPInfo` `GetVersionExW` `GetModuleHandleW` `GetProcAddress` `GetLastError` `CreateMutexW` `CloseHandle` `GetExitCodeThread` `SetThreadPriority` `CreateThread` `lstrcmpiW` `GetCurrentThreadId` `GlobalUnlock` `GlobalFree` `GlobalAlloc` `GlobalLock` `GetCurrentDirectoryW` `SetErrorMode` `InitializeCriticalSection` `SetCurrentDirectoryW` `Sleep` `GetTickCount` `MulDiv` `TlsSetValue` `TlsFree` `LCMapStringW` `GetStringTypeW` `GetConsoleCP` `GetConsoleMode` `GetProcessHeap` `FindFirstFileExW` `GetCommandLineA` `IsValidCodePage` `GetOEMCP` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `FlushFileBuffers` `WriteConsoleW` `QueryDosDeviceW` `ReadConsoleW`
USER32.dll	`SetParent` `GetClassInfoExW` `GetAncestor` `UpdateWindow` `GetMessagePos` `GetClassLongPtrW` `DefDlgProcW` `CallWindowProcW` `CheckRadioButton` `IntersectRect` `PtInRect` `CreateDialogIndirectParamW` `GetWindowLongPtrW` `CreateAcceleratorTableW` `DestroyAcceleratorTable` `InsertMenuItemW` `SetMenuDefaultItem` `RemoveMenu` `SetMenuItemInfoW` `IsMenu` `GetMenuItemInfoW` `CreateMenu` `CreatePopupMenu` `SetMenuInfo` `AppendMenuW` `DestroyMenu` `TrackPopupMenuEx` `CreateIconIndirect` `GetDesktopWindow` `CopyImage` `CreateIconFromResourceEx` `EnumClipboardFormats` `GetWindow` `BringWindowToTop` `GetTopWindow` `SetActiveWindow` `EnumChildWindows` `MoveWindow` `GetQueueStatus` `GetWindowRect` `GetClientRect` `SystemParametersInfoW` `AdjustWindowRectEx` `DrawTextW` `SetRect` `GetIconInfo` `SetWindowLongPtrW` `IsWindowVisible` `MessageBoxW` `LoadImageW` `ChangeClipboardChain` `SetClipboardViewer` `LoadAcceleratorsW` `EnableMenuItem` `GetMenu` `CreateWindowExW` `RegisterClassExW` `LoadCursorW` `DestroyIcon` `DestroyWindow` `IsCharAlphaW` `GetCursor` `MapVirtualKeyExW` `VkKeyScanExW` `GetWindowTextW` `mouse_event` `WindowFromPoint` `GetSystemMetrics` `keybd_event` `SetKeyboardState` `GetKeyboardState` `GetCursorPos` `GetAsyncKeyState` `AttachThreadInput` `SendInput` `UnregisterHotKey` `RegisterHotKey` `PostQuitMessage` `SendMessageTimeoutW` `UnhookWindowsHookEx` `SetWindowsHookExW` `PostThreadMessageW` `IsCharUpperW` `IsCharLowerW` `IsCharAlphaNumericW` `ToUnicodeEx` `GetKeyboardLayout` `CallNextHookEx` `CharLowerW` `ReleaseDC` `GetDC` `OpenClipboard` `GetClipboardData` `GetClipboardFormatNameW` `RedrawWindow` `MapWindowPoints` `RemovePropW` `SetPropW` `GetPropW` `FlashWindow` `SetMenu` `ExitWindowsEx` `GetMenuStringW` `GetSubMenu` `GetMenuItemID` `GetMenuItemCount` `SetWindowTextW` `GetLastInputInfo` `CloseClipboard` `SetClipboardData` `EmptyClipboard` `PostMessageW` `FindWindowW` `EndDialog` `IsWindow` `DispatchMessageW` `TranslateMessage` `ShowWindow` `ClientToScreen` `MessageBeep` `SetDlgItemTextW` `GetDlgItem` `SendDlgItemMessageW` `DialogBoxParamW` `SetForegroundWindow` `DefWindowProcW` `FillRect` `DrawIconEx` `GetSysColorBrush` `GetSysColor` `RegisterWindowMessageW` `IsIconic` `IsZoomed` `EnumWindows` `GetWindowTextLengthW` `EnableWindow` `InvalidateRect` `SetLayeredWindowAttributes` `SetWindowPos` `CountClipboardFormats` `SetWindowLongW` `ScreenToClient` `IsDialogMessageW` `SendMessageW` `IsWindowEnabled` `GetWindowLongW` `GetKeyState` `TranslateAcceleratorW` `KillTimer` `PeekMessageW` `GetFocus` `GetClassNameW` `GetWindowThreadProcessId` `GetForegroundWindow` `GetMessageW` `SetTimer` `GetParent` `GetDlgCtrlID` `CharUpperW` `IsClipboardFormatAvailable` `SetWindowRgn` `SetFocus` `MapVirtualKeyW` `GetGUIThreadInfo` `CheckMenuItem`
GDI32.dll	`GetPixel` `GetClipRgn` `GetCharABCWidthsW` `SetBkMode` `CreatePatternBrush` `SetBrushOrgEx` `EnumFontFamiliesExW` `CreateDIBSection` `GdiFlush` `SetBkColor` `ExcludeClipRect` `SetTextColor` `GetClipBox` `BitBlt` `CreateCompatibleBitmap` `GetSystemPaletteEntries` `GetDIBits` `CreateCompatibleDC` `CreatePolygonRgn` `CreateRectRgn` `CreateRoundRectRgn` `CreateEllipticRgn` `DeleteDC` `GetObjectW` `GetTextMetricsW` `GetTextFaceW` `SelectObject` `GetStockObject` `CreateDCW` `CreateSolidBrush` `CreateFontW` `FillRgn` `GetDeviceCaps` `DeleteObject`
COMDLG32.dll	`CommDlgExtendedError` `GetSaveFileNameW` `GetOpenFileNameW`
ADVAPI32.dll	`RegDeleteKeyW` `RegSetValueExW` `RegCreateKeyExW` `RegQueryValueExW` `AdjustTokenPrivileges` `LookupPrivilegeValueW` `OpenProcessToken` `CloseServiceHandle` `UnlockServiceDatabase` `LockServiceDatabase` `OpenSCManagerW` `GetUserNameW` `RegEnumKeyExW` `RegEnumValueW` `RegQueryInfoKeyW` `RegOpenKeyExW` `RegCloseKey` `RegConnectRegistryW` `RegDeleteValueW`
SHELL32.dll	`DragQueryPoint` `SHEmptyRecycleBinW` `SHFileOperationW` `SHGetPathFromIDListW` `SHBrowseForFolderW` `SHGetDesktopFolder` `SHGetMalloc` `SHGetFolderPathW` `ShellExecuteExW` `Shell_NotifyIconW` `DragFinish` `DragQueryFileW` `ExtractIconW`
ole32.dll	`OleInitialize` `OleUninitialize` `CoCreateInstance` `CoInitialize` `CoUninitialize` `CLSIDFromString` `CoGetObject` `StringFromGUID2` `CreateStreamOnHGlobal`
OLEAUT32.dll	`SafeArrayGetLBound` `GetActiveObject` `SysStringLen` `OleLoadPicture` `SafeArrayUnaccessData` `SafeArrayGetElemsize` `SafeArrayAccessData` `SafeArrayUnlock` `SafeArrayPtrOfIndex` `SafeArrayLock` `SafeArrayGetDim` `SafeArrayDestroy` `SafeArrayGetUBound` `VariantCopyInd` `SafeArrayCopy` `SysAllocString` `VariantChangeType` `VariantClear` `SafeArrayCreate` `SysFreeString`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.63331`
MD5	`0dc9a4e921082dc663d4332373ea9a6e`
SHA1	`7f4e0247a98e5294c9089602f0c950d7790d50b9`
SHA256	`99be9db8f8f4886ae484bbd7e91539c98023ce3365ba3df72304251112ff21c6`
SHA3	`bbed255f06aeba742eaf50ffe7a7a82ae63fab700fae86349f14c498cfe7d867`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.20728`
MD5	`fee6fe9a44a1a3c0636f728a09b12df2`
SHA1	`7485b9d578cec8ae368ba0b56e0a8413bb907e2c`
SHA256	`c449eeaa5c9eee3256907149185ac1353469905723ad7176ae2f57be6a0cc2f4`
SHA3	`1bdc39fd764cab27527aa91c9ed14a63868e2d87ff699f68891419455dbd3036`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.9927`
MD5	`92b161694c13fd473e114e3a717660f1`
SHA1	`674646e58bd9a557c50cc32db0a68819160e8c9f`
SHA256	`a363b4635aad3e55faa926b381ed8eec599c6df3de3e464a88c103b7538d3922`
SHA3	`8fe8aba4424c2ce8aa1fb7ce245f295c8f3f821fb5067250ae69772159ba8434`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.84157`
MD5	`1c93a14c5a485c11350ef568f5e423c1`
SHA1	`bead6553859c4ec6e647551a19b224dc2357fc5f`
SHA256	`ae6b56a4aabbeb5d22f508ed6d1522ba6e5b668d1ffb05e4d9cee348a14197cd`
SHA3	`5719b4dc9bcc5a323c95d760317d4a5b737343f709eee16eddf819e8054ee6dd`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.3349`
MD5	`266626c8655c67b9530c361ca939f01d`
SHA1	`4f799d89f7255ef58628605cc0f37a3420925a3d`
SHA256	`1bfebd87e8f7129fe598c91a87ff03e7962b95af723ea024faf9549e6442aa84`
SHA3	`85b69f2f4e1bfa507c52634afc60ad29f41321a0a4526654693b1dd7a6f516d9`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.46964`
MD5	`fbbd1dfd9481f55d0e9ebc890ce09c3c`
SHA1	`cbfd96b3e1c556af63424b3a153def765077b8fb`
SHA256	`5ef6e7b16676575434a274b3654dcc6c4934adcb5c86ee31939720568578d2c0`
SHA3	`108eb4ba2bc3e913cec2e0d5cd215901fb0f4ebffc7fbd7679673ea2c735a609`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.56056`
MD5	`9104d9f5acc220ac5a9a1c29a283e42d`
SHA1	`7e274a143071c4d7801c07669074cd8fa2972047`
SHA256	`e773c795d1dbb9bf8cd8f73f12c4f02c047f58dc516be4a629fe807610476917`
SHA3	`8cd4a3f7555bedc4ecddbcb83b34780f450c902a91ddda511b41f9b6f1c21103`

8

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.58745`
MD5	`909ee17d79bca462529430e0cd2269bc`
SHA1	`9dcc1046fafaeab3aed9a21d347a03781256d36d`
SHA256	`d5927a27fb0b3bd317fcacb59b15b93a555ffb4a623230ac38544b108a58e15f`
SHA3	`672077f354383f77ac5e942d1cd5e00a65fcf2222f12be88b701fb07568c3ad7`

9

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x3eff8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.32818`
MD5	`057750fd8f0c899cc5075fb04c6219fe`
SHA1	`1e3bdae02379e5487ff09e663c4a3b3109a21ad1`
SHA256	`8b8b7a2f70237a9db97a41cbb7e3518c0e691e60c458a185f1cc76bd5c595f7e`
SHA3	`fe0c5ba49f80d943f9a5795c75ce24933b7e19a796789eca705d597f43dbb8fd`

211

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.37124`
MD5	`2cfd05e0e8346abd1be8b6933d0684ad`
SHA1	`898c4f11bceec1fb399cc9e0f305e09b9a2df803`
SHA256	`c0306fb5f7462e74df09e5e0627c01a238f291bbdc89c24c0ea1f46e7341ab5a`
SHA3	`8f3778cee4660e3c85805aa4bce2602547080ca7cfc425029bce1441a5af9a1f`

205

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xe8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82326`
MD5	`fec66af562e184a3acd4ada5b1603016`
SHA1	`fe5cd5d19cfc12992d23a18db8edaf1c06f610c2`
SHA256	`0b54b12fc56db7f7a5a366544081e75cfd312d6db7dd0b298b8088ad2f748908`
SHA3	`36780025f039a7044aac6d427f489314299b398567b3b737bb5f229278d74563`

212

Type	`RT_ACCELERATOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x48`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.96144`
MD5	`7fb94687aa0fe2b18873dba5ac59ab1d`
SHA1	`e19e8d6b0e33da063de27c83fa0bab4058513332`
SHA256	`86286a59831ad1d0d84eb411ae6fa236b21bca5d3ebfc93a59cf4b6bf1d466d0`
SHA3	`33011788d35d1127a1ee6fbdb975c0d4ef6b36d3896e0d27d3f75f0ff68e3aec`

>AHK WITH ICON<

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x54`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.20917`
MD5	`c7b885b947289f84608cc0847f408caa`
SHA1	`3c1aad5bcb3d267a3fdee4d4363172ef3b93a24e`
SHA256	`c7d340f5e2f0f6b9338ee8430ce2c31fe7080c06ff1c83abf1296b21eb354c5c`
SHA3	`3f524a045f12d8741f954e383ab2e94791debcc87a335a9fdaa8791cd26b6089`

159

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.88636`
Detected Filetype	Icon file
MD5	`d6244a3a069a52bf2bb4d119ac89b3f0`
SHA1	`4e793e030109510279158fe502e86d2b06868636`
SHA256	`eeeefa0c2de7ed1cdf378e1d773f31da075d8d208cf06ed1a843b62f6ba4790a`
SHA3	`f12d0485971273817ff56d50faa23826d013f31fc45588e1c8a1c4aba7344cc7`

160

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.02322`
Detected Filetype	Icon file
MD5	`6a368971d47678239d334269be28300e`
SHA1	`9fcfe92b319b372d6d59c9096cf13e9662e8299f`
SHA256	`45de95e2bc9da2d99016c89cba3816940f7ddb7f044c6d34b5f5c168c3b638ff`
SHA3	`10b30bfdab83169af38b453132bc26884230b58321aab1e2ebd88135cfae8457`

206

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.9815`
Detected Filetype	Icon file
MD5	`40c1414025bcc34e7ba97fd22bc9f5a4`
SHA1	`b53a6a13513b5205cef6fc6d7556ad80d8b62173`
SHA256	`d6659139f55adad2497df8d1a11fcd68324a00ccdadbc133ddd49fb79e9ccc1c`
SHA3	`88c00f73975983695c16e34c6a1750573250999152f5399a198b799e76349720`

207

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.0815`
Detected Filetype	Icon file
MD5	`9b2193af49fdb53892356f594e9f18b9`
SHA1	`448aa28721dd65475b37505de8140d88d5aa1501`
SHA256	`9b8ca9c6a330d0d17d1108ab5442d60ea574817a65caa860cceb24313cc4f0e4`
SHA3	`46527c3333b02958fd025cfdaa12d481f8505aa77c1cd0b5f15348e870530116`

208

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.0815`
Detected Filetype	Icon file
MD5	`5f51cbb6145d3a4c36cffa3b028b0199`
SHA1	`b2bbd2afcfa1c44725bf90df8948792d3bc7fb97`
SHA256	`fbb52a958caa73dce023ce27649d69f8886e86b5706e767153c41dde7b5eebf9`
SHA3	`93f253b05e0e42147b5a9000d421c3e105df42f9fafae5147c4e9a09958e3f79`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1fc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.25862`
MD5	`858bc7281a382a73b9315ffd629e93db`
SHA1	`db0bdfb20f2d6574c91b6e5df876fceaf38aa610`
SHA256	`82d0877adb0d3d1eacb7bf2569b8b36f5218673ad9296ca09d5d21c4ea91665d`
SHA3	`2081905ad67c797d13b368242a057ab1ff4019933a13d9ac86adddf78ddf6309`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x487`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.33598`
MD5	`860e627ae4633ebb9326e5a97f4c6cbd`
SHA1	`a2a09d7cc70c02b32b872c87d1a4817275cdca54`
SHA256	`29683761de7899822f4792623368bab484d93e2077fa91fc48c9d75a9d0228c7`
SHA3	`8407bd21860ad62fb4fadb9c8d3081ce755f71d75155c1d16ecddafe1bd8d94c`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.1.24.5
ProductVersion	1.1.24.5
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
FileVersion (#2)	1.1.24.05
ProductVersion (#2)	1.1.24.05

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2017-Feb-03 09:44:32
Version	`0.0`
SizeofData	`948`
AddressOfRawData	`0xee2cc`
PointerToRawData	`0xed6cc`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2017-Feb-03 09:44:32
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x14010e000`
EndAddressOfRawData	`0x14010e008`
AddressOfIndex	`0x1400fd838`
AddressOfCallbacks	`0x1400c2f08`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x94`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1400fa018`

RICH Header

XOR Key	`0x87a45a01`
Unmarked objects	`0`
241 (40116)	`19`
243 (40116)	`140`
242 (40116)	`23`
ASM objects (VS2015 UPD3 build 24123)	`8`
C++ objects (VS2015 UPD3 build 24123)	`40`
C objects (VS2015 UPD3 build 24123)	`20`
C objects (VS2008 SP1 build 30729)	`6`
135 (VS2008 SP1 build 30729)	`1`
Imports (VS2008 SP1 build 30729)	`27`
Total imports	`457`
ASM objects (VS2015 UPD3 build 24210)	`2`
265 (VS2015 UPD3.1 build 24215)	`42`
Resource objects (VS2015 UPD3 build 24210)	`1`
Linker (VS2015 UPD3.1 build 24215)	`1`

cab0cafc88771e5552dcc05890d2eedc

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.gfids

.tls

.rsrc

Imports

Delayed Imports

1

2

3

4

5

6

7

8

9

211

205

212

>AHK WITH ICON<

159

160

206

207

208

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors