Manalyze report for cb2b1f924d172e3cacdc35c943cd7dc2

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2012-Nov-15 12:20:03
Detected languages	English - United Kingdom English - United States
Debug artifacts	C:\MDM\Zinc4\projector\Release\projector.pdb
CompanyName	Istanbul NLP
FileDescription	Istanbul NLP
FileVersion	`1.0.0.0`
InternalName	Istanbul NLP
LegalCopyright	Istanbul NLP
LegalTrademarks	Istanbul NLP
OriginalFilename	Senior Okuma
ProductName	Istanbul NLP
ProductVersion	`1.0.0.0`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ v6.0 DLL` `Microsoft Visual C++ 6.0 - 8.0` `MASM/TASM - sig2(h)`
Suspicious	PEiD Signature:	`UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX -> www.upx.sourceforge.net` `UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser` `Crunch 4`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: control.exe` `Contains references to internet browsers: Chrome.exe chrome.exe firefox.exe` `Tries to detect virtualized environments: HARDWARE\DESCRIPTION\System Hardware\Description\System b3 eb 36 e4 4f 52 ce 11 9f 53 00 20 af 0b a7 70` `May have dropper capabilities: CurrentControlSet\Services CurrentVersion\Run` `Contains another PE executable: This program cannot be run in DOS mode.` `Miscellaneous malware strings: cmd.exe` Contains domain names: -q.-q.-q.-q.2r.2r.3r.3r.3r.3r.4r.4r.4r.4r.4r.4r.4r.Pw.Pw.p6.p6.p6.p6.p6.5r.6r.7r.7r.7r.7r.7r.8r.7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr -q.-q.-q.2r.2r.3r.3r.3r.3r.4r.4r.4r.4r.4r.4r.4r.Pw.Pw.p6.p6.p6.p6.p6.5r.6r.7r.7r.7r.7r.7r.8r.7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr -q.-q.2r.2r.3r.3r.3r.3r.4r.4r.4r.4r.4r.4r.4r.Pw.Pw.p6.p6.p6.p6.p6.5r.6r.7r.7r.7r.7r.7r.8r.7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr -q.2r.2r.3r.3r.3r.3r.4r.4r.4r.4r.4r.4r.4r.Pw.Pw.p6.p6.p6.p6.p6.5r.6r.7r.7r.7r.7r.7r.8r.7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr .adobe.com .jh.kh.lh.zh.xh.1O.ch .macromedia.com .q.dr.fr .tn.yn.un.in.pn.an.sn.dn.6c.6c.fn.gn.8c.hn.jn.jn.kn.ln.zn.xn.ec.cn .xr.cr.vr.br 0k.qk.wk.ek.rk.tk.yk.uk 0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr 0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr 0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr 0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr 0s.qs.gy.ws.es 0u.9r.9r.9r.qu.qu.wu.It.eu.ru.Ut.Ut.tu.Yt.tq.yu.uu.uu.Et.aq.aq.iu.pu.au 1g.2g.de 1k.nx.se 1m.2m.3m.4m.5m.6m.nl 2010-aia.verisign.com 2010-crl.verisign.com 2m.3m.4m.5m.6m.nl 2r.2r.3r.3r.3r.3r.4r.4r.4r.4r.4r.4r.4r.Pw.Pw.p6.p6.p6.p6.p6.5r.6r.7r.7r.7r.7r.7r.8r.7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr 2r.3r.3r.3r.3r.4r.4r.4r.4r.4r.4r.4r.Pw.Pw.p6.p6.p6.p6.p6.5r.6r.7r.7r.7r.7r.7r.8r.7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr 3m.4m.5m.6m.nl 3r.3r.3r.3r.4r.4r.4r.4r.4r.4r.4r.Pw.Pw.p6.p6.p6.p6.p6.5r.6r.7r.7r.7r.7r.7r.8r.7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr 3r.3r.3r.4r.4r.4r.4r.4r.4r.4r.Pw.Pw.p6.p6.p6.p6.p6.5r.6r.7r.7r.7r.7r.7r.8r.7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr 3r.3r.4r.4r.4r.4r.4r.4r.4r.Pw.Pw.p6.p6.p6.p6.p6.5r.6r.7r.7r.7r.7r.7r.8r.7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr 3r.4r.4r.4r.4r.4r.4r.4r.Pw.Pw.p6.p6.p6.p6.p6.5r.6r.7r.7r.7r.7r.7r.8r.7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr 4.0u.9r.9r.9r.qu.qu.wu.It.eu.ru.Ut.Ut.tu.Yt.tq.yu.uu.uu.Et.aq.aq.iu.pu.au 4.Pt.Pt.Pt.w3.w3.K1.K1.q3.q3.qq.9r.9r.Ew.Ew.It.It.M9.M9.Ut.B9.Ww.Yt.Tt.Rt.uq.Et.pq.sq.er.dq.rr.Wt.Wt.tr.Qt.Qt.ir 4.z2.ye.ue.ie.pe.ae.se.de 4m.5m.6m.nl 4r.4r.4r.4r.4r.4r.4r.Pw.Pw.p6.p6.p6.p6.p6.5r.6r.7r.7r.7r.7r.7r.8r.7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr 4r.4r.4r.4r.4r.4r.Pw.Pw.p6.p6.p6.p6.p6.5r.6r.7r.7r.7r.7r.7r.8r.7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr 4r.4r.4r.4r.4r.Pw.Pw.p6.p6.p6.p6.p6.5r.6r.7r.7r.7r.7r.7r.8r.7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr 4r.4r.4r.4r.Pw.Pw.p6.p6.p6.p6.p6.5r.6r.7r.7r.7r.7r.7r.8r.7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr 4r.4r.4r.Pw.Pw.p6.p6.p6.p6.p6.5r.6r.7r.7r.7r.7r.7r.8r.7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr 4r.4r.Pw.Pw.p6.p6.p6.p6.p6.5r.6r.7r.7r.7r.7r.7r.8r.7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr 4r.Pw.Pw.p6.p6.p6.p6.p6.5r.6r.7r.7r.7r.7r.7r.8r.7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr 5m.6m.nl 5r.6r.7r.7r.7r.7r.7r.8r.7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr 6c.6c.fn.gn.8c.hn.jn.jn.kn.ln.zn.xn.ec.cn 6c.fn.gn.8c.hn.jn.jn.kn.ln.zn.xn.ec.cn 6r.7r.7r.7r.7r.7r.8r.7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr 7r.7r.7r.7r.7r.8r.7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr 7r.7r.7r.7r.8r.7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr 7r.7r.7r.8r.7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr 7r.7r.8r.7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr 7r.8r.7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr 7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr 8c.hn.jn.jn.kn.ln.zn.xn.ec.cn 8k.9k.0k.qk.wk.ek.rk.tk.yk.uk 8r.7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr 96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr 9k.0k.qk.wk.ek.rk.tk.yk.uk 9r.9r.9r.qu.qu.wu.It.eu.ru.Ut.Ut.tu.Yt.tq.yu.uu.uu.Et.aq.aq.iu.pu.au 9r.9r.Ew.Ew.It.It.M9.M9.Ut.B9.Ww.Yt.Tt.Rt.uq.Et.pq.sq.er.dq.rr.Wt.Wt.tr.Qt.Qt.ir 9r.9r.qu.qu.wu.It.eu.ru.Ut.Ut.tu.Yt.tq.yu.uu.uu.Et.aq.aq.iu.pu.au 9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr 9r.Ew.Ew.It.It.M9.M9.Ut.B9.Ww.Yt.Tt.Rt.uq.Et.pq.sq.er.dq.rr.Wt.Wt.tr.Qt.Qt.ir 9r.qu.qu.wu.It.eu.ru.Ut.Ut.tu.Yt.tq.yu.uu.uu.Et.aq.aq.iu.pu.au 9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr 9s.0s.qs.gy.ws.es AN.SN.DN.FN.GN.HN.JN.KN.cn B9.Ww.Yt.Tt.Rt.uq.Et.pq.sq.er.dq.rr.Wt.Wt.tr.Qt.Qt.ir B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr DN.FN.GN.HN.JN.KN.cn Et.aq.aq.iu.pu.au Et.pq.sq.er.dq.rr.Wt.Wt.tr.Qt.Qt.ir Ew.Ew.It.It.M9.M9.Ut.B9.Ww.Yt.Tt.Rt.uq.Et.pq.sq.er.dq.rr.Wt.Wt.tr.Qt.Qt.ir Ew.It.It.M9.M9.Ut.B9.Ww.Yt.Tt.Rt.uq.Et.pq.sq.er.dq.rr.Wt.Wt.tr.Qt.Qt.ir FN.GN.HN.JN.KN.cn GN.HN.JN.KN.cn HN.JN.KN.cn It.It.M9.M9.Ut.B9.Ww.Yt.Tt.Rt.uq.Et.pq.sq.er.dq.rr.Wt.Wt.tr.Qt.Qt.ir It.M9.M9.Ut.B9.Ww.Yt.Tt.Rt.uq.Et.pq.sq.er.dq.rr.Wt.Wt.tr.Qt.Qt.ir It.eu.ru.Ut.Ut.tu.Yt.tq.yu.uu.uu.Et.aq.aq.iu.pu.au JN.KN.cn K1.K1.q3.q3.qq.9r.9r.Ew.Ew.It.It.M9.M9.Ut.B9.Ww.Yt.Tt.Rt.uq.Et.pq.sq.er.dq.rr.Wt.Wt.tr.Qt.Qt.ir K1.q3.q3.qq.9r.9r.Ew.Ew.It.It.M9.M9.Ut.B9.Ww.Yt.Tt.Rt.uq.Et.pq.sq.er.dq.rr.Wt.Wt.tr.Qt.Qt.ir M.AN.SN.DN.FN.GN.HN.JN.KN.cn M9.M9.Ut.B9.Ww.Yt.Tt.Rt.uq.Et.pq.sq.er.dq.rr.Wt.Wt.tr.Qt.Qt.ir M9.Ut.B9.Ww.Yt.Tt.Rt.uq.Et.pq.sq.er.dq.rr.Wt.Wt.tr.Qt.Qt.ir M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr O.ll.zl.xl.cl.vl.bl.nl Pt.Pt.Pt.w3.w3.K1.K1.q3.q3.qq.9r.9r.Ew.Ew.It.It.M9.M9.Ut.B9.Ww.Yt.Tt.Rt.uq.Et.pq.sq.er.dq.rr.Wt.Wt.tr.Qt.Qt.ir Pt.Pt.w3.w3.K1.K1.q3.q3.qq.9r.9r.Ew.Ew.It.It.M9.M9.Ut.B9.Ww.Yt.Tt.Rt.uq.Et.pq.sq.er.dq.rr.Wt.Wt.tr.Qt.Qt.ir Pt.w3.w3.K1.K1.q3.q3.qq.9r.9r.Ew.Ew.It.It.M9.M9.Ut.B9.Ww.Yt.Tt.Rt.uq.Et.pq.sq.er.dq.rr.Wt.Wt.tr.Qt.Qt.ir Pw.Pw.p6.p6.p6.p6.p6.5r.6r.7r.7r.7r.7r.7r.8r.7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr Pw.p6.p6.p6.p6.p6.5r.6r.7r.7r.7r.7r.7r.8r.7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr Qt.Qt.ir Rt.uq.Et.pq.sq.er.dq.rr.Wt.Wt.tr.Qt.Qt.ir Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr SL.tI.yI.uI.iI.pI.aI.uk SN.DN.FN.GN.HN.JN.KN.cn Tt.Rt.uq.Et.pq.sq.er.dq.rr.Wt.Wt.tr.Qt.Qt.ir Ut.B9.Ww.Yt.Tt.Rt.uq.Et.pq.sq.er.dq.rr.Wt.Wt.tr.Qt.Qt.ir Ut.Ut.tu.Yt.tq.yu.uu.uu.Et.aq.aq.iu.pu.au Ut.tu.Yt.tq.yu.uu.uu.Et.aq.aq.iu.pu.au Wt.Wt.tr.Qt.Qt.ir Wt.tr.Qt.Qt.ir Ww.Yt.Tt.Rt.uq.Et.pq.sq.er.dq.rr.Wt.Wt.tr.Qt.Qt.ir Yt.Tt.Rt.uq.Et.pq.sq.er.dq.rr.Wt.Wt.tr.Qt.Qt.ir Yt.tq.yu.uu.uu.Et.aq.aq.iu.pu.au adobe.com adobefpl.com ae.se.de aia.verisign.com an.sn.dn.6c.6c.fn.gn.8c.hn.jn.jn.kn.ln.zn.xn.ec.cn ap.sp.dp.fp.gp.hp.jp aq.aq.iu.pu.au aq.iu.pu.au ar.sr..q.dr.fr ats.macromedia.com auth.adobefpl.com bx.1k.nx.se ca.ca.ca cl.vl.bl.nl cr.vr.br crl.verisign.com crl3.adobe.com csc3-2010-aia.verisign.com csc3-2010-crl.verisign.com curl.haxx.se cx.vx.bx.1k.nx.se dn.6c.6c.fn.gn.8c.hn.jn.jn.kn.ln.zn.xn.ec.cn dp.fp.gp.hp.jp dq.rr.Wt.Wt.tr.Qt.Qt.ir dwinlock.kassl.de ek.rk.tk.yk.uk er.dq.rr.Wt.Wt.tr.Qt.Qt.ir er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr eu.ru.Ut.Ut.tu.Yt.tq.yu.uu.uu.Et.aq.aq.iu.pu.au example.com flash.net fn.gn.8c.hn.jn.jn.kn.ln.zn.xn.ec.cn fp.gp.hp.jp fpdownload.macromedia.com fpdownload2.macromedia.com fq.ur.ir.pr.ar.sr..q.dr.fr freeimage.sourceforge.net g.1g.2g.de gn.8c.hn.jn.jn.kn.ln.zn.xn.ec.cn gp.hp.jp gy.ws.es h.8k.9k.0k.qk.wk.ek.rk.tk.yk.uk hn.jn.jn.kn.ln.zn.xn.ec.cn http://adobe.com http://crl.verisign.com http://crl.verisign.com/ThawteTimestampingCA.crl0 http://crl.verisign.com/pca3-g5.crl04 http://crl.verisign.com/tss-ca.crl0 http://crl3.adobe.com http://crl3.adobe.com/AdobeSystemsIncorporatedFlashAccessRuntime/LatestCRL.crl0 http://csc3-2010-aia.verisign.com http://csc3-2010-aia.verisign.com/CSC3-2010.cer0 http://csc3-2010-crl.verisign.com http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D http://curl.haxx.se http://curl.haxx.se/docs/http-cookies.html http://fpdownload2.macromedia.com http://fpdownload2.macromedia.com/get/ http://fpdownload2.macromedia.com/get/flashplayer/update/current/xml/express/version_win_ http://fpdownload2.macromedia.com/get/flashplayer/update/current/xml/version_ http://freeimage.sourceforge.net http://individualization.adobe.com http://jimmac.musichall.cz http://logo.verisign.com http://logo.verisign.com/vslogo.gif04 http://ns.adobe.com http://ns.adobe.com/xap/1.0/ http://ocsp.verisign.com0 http://schemas.xmlsoap.org http://schemas.xmlsoap.org/soap/envelope/ http://www.adobe.com http://www.adobe.com/2006/actionscript/flash/proxy http://www.adobe.com/go/flashaccess_cp0 http://www.adobe.com/software/flash/about http://www.dwinlock.kassl.de http://www.gimp.orgg http://www.kassl.de http://www.macromedia.com http://www.macromedia.com/go/player_settings_ http://www.microsoft.com http://www.microsoft.com/whdc/ddk/debugging/ http://www.openssl.org http://www.openssl.org/support/faq.html http://www.w3.org http://www.w3.org/2001/XMLSchema-instance http://www.w3.org/XML/1998/namespace https://ats.macromedia.com https://ats.macromedia.com/Players/ATS/ATS10AS3/Shipping/html/Security/ProtectedMode/PenTestDriverDLL.sgn https://auth.adobefpl.com https://auth.adobefpl.com/1/ https://fpdownload.macromedia.com https://fpdownload.macromedia.com/get/ https://www.macromedia.com https://www.macromedia.com/bin/flashdownload.cgi https://www.macromedia.com/support/flashplayer/sys/ https://www.verisign.com https://www.verisign.com/cps0 https://www.verisign.com/rpa https://www.verisign.com/rpa0 i.ca.ca.ca i.ru.ru.ru iI.pI.aI.uk ie.pe.ae.se.de in.pn.an.sn.dn.6c.6c.fn.gn.8c.hn.jn.jn.kn.ln.zn.xn.ec.cn individualization.adobe.com inkscape.org ip.pp.ap.sp.dp.fp.gp.hp.jp ir.pr.ar.sr..q.dr.fr iu.pu.au jh.kh.lh.zh.xh.1O.ch jn.jn.kn.ln.zn.xn.ec.cn jn.kn.ln.zn.xn.ec.cn k.cx.vx.bx.1k.nx.se kassl.de kh.lh.zh.xh.1O.ch kn.ln.zn.xn.ec.cn lh.zh.xh.1O.ch ll.zl.xl.cl.vl.bl.nl ln.zn.xn.ec.cn logo.verisign.com m.1m.2m.3m.4m.5m.6m.nl macromedia.com microsoft.com ns.adobe.com openssl.org p6.5r.6r.7r.7r.7r.7r.7r.8r.7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr p6.p6.5r.6r.7r.7r.7r.7r.7r.8r.7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr p6.p6.p6.5r.6r.7r.7r.7r.7r.7r.8r.7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr p6.p6.p6.p6.5r.6r.7r.7r.7r.7r.7r.8r.7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr p6.p6.p6.p6.p6.5r.6r.7r.7r.7r.7r.7r.8r.7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr pI.aI.uk pe.ae.se.de pn.an.sn.dn.6c.6c.fn.gn.8c.hn.jn.jn.kn.ln.zn.xn.ec.cn pp.ap.sp.dp.fp.gp.hp.jp pq.sq.er.dq.rr.Wt.Wt.tr.Qt.Qt.ir pr.ar.sr..q.dr.fr q.-q.-q.-q.-q.2r.2r.3r.3r.3r.3r.4r.4r.4r.4r.4r.4r.4r.Pw.Pw.p6.p6.p6.p6.p6.5r.6r.7r.7r.7r.7r.7r.8r.7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr q.-q.-q.-q.2r.2r.3r.3r.3r.3r.4r.4r.4r.4r.4r.4r.4r.Pw.Pw.p6.p6.p6.p6.p6.5r.6r.7r.7r.7r.7r.7r.8r.7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr q.-q.-q.2r.2r.3r.3r.3r.3r.4r.4r.4r.4r.4r.4r.4r.Pw.Pw.p6.p6.p6.p6.p6.5r.6r.7r.7r.7r.7r.7r.8r.7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr q.-q.2r.2r.3r.3r.3r.3r.4r.4r.4r.4r.4r.4r.4r.Pw.Pw.p6.p6.p6.p6.p6.5r.6r.7r.7r.7r.7r.7r.8r.7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr q.2r.2r.3r.3r.3r.3r.4r.4r.4r.4r.4r.4r.4r.Pw.Pw.p6.p6.p6.p6.p6.5r.6r.7r.7r.7r.7r.7r.8r.7r.w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr q.xa.xa.ca.ca.ca q3.q3.qq.9r.9r.Ew.Ew.It.It.M9.M9.Ut.B9.Ww.Yt.Tt.Rt.uq.Et.pq.sq.er.dq.rr.Wt.Wt.tr.Qt.Qt.ir q3.qq.9r.9r.Ew.Ew.It.It.M9.M9.Ut.B9.Ww.Yt.Tt.Rt.uq.Et.pq.sq.er.dq.rr.Wt.Wt.tr.Qt.Qt.ir qk.wk.ek.rk.tk.yk.uk qq.9r.9r.Ew.Ew.It.It.M9.M9.Ut.B9.Ww.Yt.Tt.Rt.uq.Et.pq.sq.er.dq.rr.Wt.Wt.tr.Qt.Qt.ir qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr qs.gy.ws.es qu.qu.wu.It.eu.ru.Ut.Ut.tu.Yt.tq.yu.uu.uu.Et.aq.aq.iu.pu.au qu.wu.It.eu.ru.Ut.Ut.tu.Yt.tq.yu.uu.uu.Et.aq.aq.iu.pu.au r.9s.0s.qs.gy.ws.es rI.SL.tI.yI.uI.iI.pI.aI.uk rcImg.top rk.tk.yk.uk rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr rr.Wt.Wt.tr.Qt.Qt.ir rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr ru.Ut.Ut.tu.Yt.tq.yu.uu.uu.Et.aq.aq.iu.pu.au ru.ru.ru schemas.xmlsoap.org sn.dn.6c.6c.fn.gn.8c.hn.jn.jn.kn.ln.zn.xn.ec.cn somewhere.com sourceforge.net sp.dp.fp.gp.hp.jp sq.er.dq.rr.Wt.Wt.tr.Qt.Qt.ir sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr sr..q.dr.fr tI.yI.uI.iI.pI.aI.uk tk.yk.uk tn.yn.un.in.pn.an.sn.dn.6c.6c.fn.gn.8c.hn.jn.jn.kn.ln.zn.xn.ec.cn tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr tq.yu.uu.uu.Et.aq.aq.iu.pu.au tr.Qt.Qt.ir tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr tu.Yt.tq.yu.uu.uu.Et.aq.aq.iu.pu.au uI.iI.pI.aI.uk ue.ie.pe.ae.se.de un.in.pn.an.sn.dn.6c.6c.fn.gn.8c.hn.jn.jn.kn.ln.zn.xn.ec.cn up.ip.pp.ap.sp.dp.fp.gp.hp.jp uq.Et.pq.sq.er.dq.rr.Wt.Wt.tr.Qt.Qt.ir ur.ir.pr.ar.sr..q.dr.fr uu.Et.aq.aq.iu.pu.au uu.uu.Et.aq.aq.iu.pu.au verisign.com vl.bl.nl vx.bx.1k.nx.se w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr w3.K1.K1.q3.q3.qq.9r.9r.Ew.Ew.It.It.M9.M9.Ut.B9.Ww.Yt.Tt.Rt.uq.Et.pq.sq.er.dq.rr.Wt.Wt.tr.Qt.Qt.ir w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr w3.w3.K1.K1.q3.q3.qq.9r.9r.Ew.Ew.It.It.M9.M9.Ut.B9.Ww.Yt.Tt.Rt.uq.Et.pq.sq.er.dq.rr.Wt.Wt.tr.Qt.Qt.ir w3.w3.w3.0q.0q.Rw.Rw.9r.9r.wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr wk.ek.rk.tk.yk.uk wq.0r.0r.M9.rq.rq.B9.tq.tq.yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr wu.It.eu.ru.Ut.Ut.tu.Yt.tq.yu.uu.uu.Et.aq.aq.iu.pu.au www.adobe.com www.dwinlock.kassl.de www.inkscape.org www.kassl.de www.macromedia.com www.microsoft.com www.openssl.org www.verisign.com www.w3.org xa.ca.ca.ca xa.xa.ca.ca.ca xh.1O.ch xl.cl.vl.bl.nl xmlsoap.org xn.ec.cn xr.cr.vr.br y.up.ip.pp.ap.sp.dp.fp.gp.hp.jp yI.uI.iI.pI.aI.uk ye.ue.ie.pe.ae.se.de yn.un.in.pn.an.sn.dn.6c.6c.fn.gn.8c.hn.jn.jn.kn.ln.zn.xn.ec.cn yq.qr.qr.wr.sq.sq.er.rr.rr.96.tr.yr.fq.ur.ir.pr.ar.sr..q.dr.fr yr.fq.ur.ir.pr.ar.sr..q.dr.fr yu.uu.uu.Et.aq.aq.iu.pu.au z2.ye.ue.ie.pe.ae.se.de zh.xh.1O.ch zl.xl.cl.vl.bl.nl zn.xn.ec.cn
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses constants related to Blowfish` `Uses constants related to TEA` `Uses known Diffie-Helman primes` `Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryW LoadLibraryA GetProcAddress LoadLibraryExW` `Functions which can be used for anti-debugging purposes: FindWindowW` `Code injection capabilities (PowerLoader): FindWindowW GetWindowLongW` `Can access the registry: RegisterHotKey RegQueryInfoKeyW RegDeleteKeyW RegDeleteValueW RegOpenKeyExW RegEnumKeyExW RegCloseKey RegSetValueExW RegQueryValueExW RegOpenKeyW RegEnumValueW RegEnumKeyW RegEnumValueA RegCreateKeyExW RegOpenKeyExA` `Possibly launches other programs: CreateProcessW` `Uses Windows's Native API: ntohl ntohs` `Uses Microsoft's cryptographic API: CryptReleaseContext CryptGenRandom CryptAcquireContextA` `Can create temporary files: GetTempPathA GetTempPathW CreateFileW CreateFileA` `Uses functions commonly found in keyloggers: GetAsyncKeyState CallNextHookEx MapVirtualKeyW` `Has Internet access capabilities: InternetGetConnectedState WinHttpGetIEProxyConfigForCurrentUser WinHttpOpen WinHttpGetProxyForUrl WinHttpCloseHandle` `Leverages the raw socket API to access the Internet: closesocket gethostbyaddr inet_addr inet_ntoa gethostname setsockopt shutdown send sendto getsockopt __WSAFDIsSet select getsockname listen bind socket connect recvfrom accept recv WSAGetLastError getservbyname ntohl ioctlsocket getaddrinfo freeaddrinfo WSASetLastError getpeername WSAStartup htonl WSACleanup htons ntohs gethostbyname` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Enumerates local disk drives: GetVolumeInformationW GetLogicalDriveStringsW GetDriveTypeW GetDriveTypeA` `Manipulates other processes: OpenProcess` `Can take screenshots: FindWindowW GetDC BitBlt CreateCompatibleDC` `Can use the microphone to record audio: waveInOpen` `Can shut the system down or lock the screen: ExitWindowsEx`
Malicious	The PE is possibly a dropper.	`Resource 101 detected as a PE Executable.` `Resource 102 detected as a PE Executable.` `Resource 107 is possibly compressed or encrypted.`
Suspicious	The file contains overlay data.	`5012124 bytes of data starting at offset 0x189b000.`
Suspicious	VirusTotal score: 1/70 (Scanned on 2023-12-17 05:09:05)	`CrowdStrike: win/grayware_confidence_60% (D)`

Hashes

MD5	`cb2b1f924d172e3cacdc35c943cd7dc2`
SHA1	`0eb14f61c4f634996951d20da3956b4f72d67b68`
SHA256	`09c3e27ac283af6b8969b86e863b2dd3f0aee40c60c8787b7ae56b83964adfda`
SHA3	`52dcdc29df0a808070cf7ffeed3b0a8d15ca380627987ac5c224935610415ceb`
SSDeep	`393216:yWuoteSEPzVDJT1PwMrvOU23ESVij9WSCgeGlRHHtsJ74H/G0Y1K7i+ca2b:yibExwMbOU2BSCpGLH474fjY1KjA`
Imports Hash	`8bec5494b46e59d73cdeebf0270b64af`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x128`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2012-Nov-15 12:20:03
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`9.0`
SizeOfCode	`0x569e00`
SizeOfInitializedData	`0x1330e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x004F81AD (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x56b000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x18d5000`
SizeOfHeaders	`0x400`
Checksum	`0x1a16a68`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`20a0948f07a7f63bf9fa3ecafe913832`
SHA1	`a95c8070b46866a70a739fd37e6b5cbecddcda9f`
SHA256	`514be307c6a811a76c92b37430411662ddb201d23a0b64c1a9893245c9136b04`
SHA3	`cc32465cc973e3da34ecd69488bae88d989a454209178f4bd3b34896dc6644fe`
VirtualSize	`0x569c7a`
VirtualAddress	`0x1000`
SizeOfRawData	`0x569e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.62159`

.rdata

MD5	`cb1ed36f4ccc728bbe68988549e7b017`
SHA1	`8ffc79a806f0bf2429bd7e0a4b99ca6786789622`
SHA256	`ac7cb0969dfddaaa9160957f2ea156c7f88ea03b1422e0fc777a7f4f086f78a5`
SHA3	`acbc89c7025029f449710f1b5934ccb16a69f49cef38d4d7902870ba9432fa41`
VirtualSize	`0x2cbae8`
VirtualAddress	`0x56b000`
SizeOfRawData	`0x2cbc00`
PointerToRawData	`0x56a200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.93089`

.data

MD5	`8d2dc153b7c729020aa516496783defb`
SHA1	`f785f65d06011257b7abaf42a73e70093b605ad3`
SHA256	`92aade9eaeecca0390bce051c34ba3a9b0af812f37ed6f9db404634a4f1863bf`
SHA3	`29761872a1ef9e033ebc571071e753d4fae0da7d9d4a8b079ca4cec269de360f`
VirtualSize	`0x1ca4c4`
VirtualAddress	`0x837000`
SizeOfRawData	`0x193a00`
PointerToRawData	`0x835e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.95355`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0xd`
VirtualAddress	`0xa02000`
SizeOfRawData	`0x200`
PointerToRawData	`0x9c9800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`7ee765d42fd3866169b6bc46983854ce`
SHA1	`55b7128261b380248a6a22a9690c9d054d104c97`
SHA256	`e4d659505bdc85fd0fa3e757bbb745f0e90bcca82214302c456c4e274b8b536d`
SHA3	`83bdd320ced788e50b95e47b35ef93284422fc51bdaddb9830b27529ddeaa41c`
VirtualSize	`0xe40c8c`
VirtualAddress	`0xa03000`
SizeOfRawData	`0xe40e00`
PointerToRawData	`0x9c9a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.0353`

.reloc

MD5	`e50063d6ef2e5de96dcf2af81b393d42`
SHA1	`7ef899479ed26488b85e55e2ca6eb20d0c915a3a`
SHA256	`514ea4779ccb0fb128a1ec4b507db77e0ad3d620aee3a3bfb832a34717113662`
SHA3	`36649f9de6ab482b985be6d5c26b0f53a814b0a434b8f3674ec74a44822c691a`
VirtualSize	`0x9070e`
VirtualAddress	`0x1844000`
SizeOfRawData	`0x90800`
PointerToRawData	`0x180a800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.63299`

Imports

IPHLPAPI.DLL	`GetAdaptersInfo`
WININET.dll	`InternetGetConnectedState`
WS2_32.dll	`closesocket` `gethostbyaddr` `inet_addr` `inet_ntoa` `gethostname` `setsockopt` `shutdown` `send` `sendto` `getsockopt` `__WSAFDIsSet` `select` `getsockname` `listen` `bind` `socket` `connect` `recvfrom` `accept` `recv` `WSAGetLastError` `getservbyname` `ntohl` `ioctlsocket` `getaddrinfo` `freeaddrinfo` `WSASetLastError` `getpeername` `WSAStartup` `htonl` `WSACleanup` `htons` `ntohs` `gethostbyname`
urlmon.dll	`ObtainUserAgentString`
DDRAW.dll	`DirectDrawCreate`
d3d9.dll	`Direct3DCreate9`
WINHTTP.dll	`WinHttpGetIEProxyConfigForCurrentUser` `WinHttpOpen` `WinHttpGetProxyForUrl` `WinHttpCloseHandle`
KERNEL32.dll	`ClearCommBreak` `SetCommState` `PurgeComm` `FileTimeToSystemTime` `FileTimeToLocalFileTime` `GetFileTime` `GetTempFileNameW` `DebugBreak` `GetEnvironmentVariableW` `GetCPInfo` `IsValidCodePage` `GlobalMemoryStatus` `GetComputerNameW` `TerminateProcess` `OpenProcess` `GetFileType` `SetCurrentDirectoryW` `CopyFileW` `CreateMutexW` `ReleaseMutex` `TlsSetValue` `ExitProcess` `SetThreadPriority` `SuspendThread` `ResumeThread` `TlsGetValue` `TlsFree` `TlsAlloc` `GetModuleHandleA` `ExpandEnvironmentStringsW` `WaitForMultipleObjects` `CreatePipe` `PeekNamedPipe` `SetNamedPipeHandleState` `DuplicateHandle` `GetACP` `GetUserDefaultLCID` `IsValidLocale` `GetLocaleInfoW` `GetCurrentThread` `IsBadReadPtr` `IsBadStringPtrA` `EscapeCommFunction` `ReadConsoleOutputCharacterA` `GetConsoleScreenBufferInfo` `GetStdHandle` `WriteConsoleA` `WriteConsoleW` `FillConsoleOutputCharacterW` `SetConsoleCursorPosition` `SetErrorMode` `GetCommandLineW` `HeapSize` `GlobalSize` `SleepEx` `ExpandEnvironmentStringsA` `GetVersion` `GetVersionExA` `FlushConsoleInputBuffer` `WaitNamedPipeA` `OpenFileMappingA` `OpenEventA` `GetSystemDirectoryA` `GetModuleFileNameA` `GetWindowsDirectoryA` `GetLocaleInfoA` `CreateEventA` `ResetEvent` `GetFileAttributesExA` `SetCurrentDirectoryA` `GetCurrentDirectoryA` `QueryPerformanceFrequency` `FindNextFileA` `FindFirstFileA` `GetTimeZoneInformation` `HeapReAlloc` `IsDebuggerPresent` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `SetCommBreak` `GetCommState` `ClearCommError` `GetProcessHeap` `HeapFree` `HeapAlloc` `CreateThread` `CreateEventW` `GetExitCodeThread` `TerminateThread` `SetEvent` `FindNextFileW` `FindClose` `FindFirstFileW` `GetVolumeInformationW` `lstrlenA` `IsProcessorFeaturePresent` `CompareStringW` `CompareStringA` `GetStringTypeA` `EnumSystemLocalesA` `GetDateFormatA` `GetTimeFormatA` `SetEnvironmentVariableA` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `GetEnvironmentStrings` `FreeEnvironmentStringsA` `GetConsoleOutputCP` `InitializeCriticalSectionAndSpinCount` `GetOEMCP` `SetHandleCount` `HeapCreate` `GetStringTypeW` `LCMapStringW` `FreeConsole` `LCMapStringA` `SetConsoleMode` `ReadConsoleInputA` `DeviceIoControl` `GlobalMemoryStatusEx` `VerLanguageNameW` `GetStartupInfoW` `GetExitCodeProcess` `GetLogicalDriveStringsW` `CreateProcessW` `GetDriveTypeW` `GetSystemDefaultLangID` `OutputDebugStringA` `SetFileAttributesW` `GetShortPathNameW` `GetLongPathNameW` `WaitForSingleObject` `DeleteFileA` `AreFileApisANSI` `GetSystemTime` `LocalFree` `GetTempPathA` `GetCurrentProcessId` `DeleteFileW` `CloseHandle` `GetFileAttributesExW` `GetDiskFreeSpaceA` `CreateFileMappingW` `GetDiskFreeSpaceW` `LockFileEx` `GetTempPathW` `FlushFileBuffers` `CreateFileW` `ReadFile` `GetFileAttributesW` `GetFileAttributesA` `GetVersionExW` `FormatMessageW` `Sleep` `LoadLibraryW` `WideCharToMultiByte` `WriteFile` `FormatMessageA` `GetSystemTimeAsFileTime` `UnlockFileEx` `GetTickCount` `LockFile` `UnlockFile` `InterlockedCompareExchange` `QueryPerformanceCounter` `SetEndOfFile` `UnmapViewOfFile` `MapViewOfFile` `SetFilePointer` `GetFileSize` `CreateFileA` `GetFullPathNameA` `GetFullPathNameW` `LockResource` `InterlockedExchange` `LoadLibraryA` `VirtualAlloc` `VirtualFree` `lstrcmpA` `lstrcpynW` `GetCurrentThreadId` `DeleteCriticalSection` `lstrcmpiW` `EnterCriticalSection` `GetProcAddress` `SetLastError` `GetLastError` `RaiseException` `FlushInstructionCache` `GlobalUnlock` `lstrlenW` `MultiByteToWideChar` `lstrcmpW` `MulDiv` `LeaveCriticalSection` `SizeofResource` `GlobalAlloc` `InitializeCriticalSection` `GlobalLock` `GetCurrentProcess` `InterlockedDecrement` `InterlockedIncrement` `LoadLibraryExW` `LoadResource` `FreeLibrary` `FindResourceW` `OutputDebugStringW` `GetModuleFileNameW` `GetModuleHandleW` `GlobalFree` `GetConsoleCP` `SetConsoleCtrlHandler` `GetConsoleMode` `CreateDirectoryW` `SetEnvironmentVariableW` `GetCommandLineA` `GetStartupInfoA` `RtlUnwind` `SetStdHandle` `MoveFileW` `ExitThread` `GetFileInformationByHandle` `GetDriveTypeA`
USER32.dll	`TranslateAcceleratorW` `GetDoubleClickTime` `DestroyCursor` `GetDialogBaseUnits` `DrawEdge` `DrawStateW` `SetRect` `CheckMenuRadioItem` `GetSysColorBrush` `DrawIconEx` `DrawFrameControl` `CreateMenu` `AppendMenuW` `ModifyMenuW` `RemoveMenu` `InsertMenuItemW` `InsertMenuW` `CreatePopupMenu` `SetMenuItemInfoW` `GetSubMenu` `DestroyMenu` `GetMenuState` `SetMenu` `FindWindowExW` `LoadBitmapW` `InflateRect` `PtInRect` `UnregisterHotKey` `RegisterHotKey` `GetMenuItemCount` `GetMenuItemInfoW` `BeginDeferWindowPos` `EndDeferWindowPos` `MapWindowPoints` `GetUpdateRgn` `DeferWindowPos` `IsDialogMessageW` `TrackPopupMenu` `GetCapture` `GetActiveWindow` `GetMessageTime` `IsWindowEnabled` `SetParent` `GetCursorPos` `WindowFromPoint` `ScrollWindow` `EnableScrollBar` `SetScrollInfo` `GetScrollInfo` `EnableWindow` `GetKeyState` `GetAsyncKeyState` `PostQuitMessage` `SetWindowRgn` `GetMenu` `GetSystemMenu` `EnableMenuItem` `DrawMenuBar` `GetWindowPlacement` `ValidateRect` `IsIconic` `BringWindowToTop` `CreateIconIndirect` `GetIconInfo` `DestroyIcon` `SetCursor` `MsgWaitForMultipleObjects` `SetTimer` `KillTimer` `DdePostAdvise` `DdeConnect` `DdeNameService` `DdeCreateStringHandleW` `DdeClientTransaction` `DdeDisconnect` `DdeInitializeW` `DdeGetLastError` `DdeCreateDataHandle` `DdeGetData` `DdeFreeDataHandle` `DdeQueryStringW` `DdeUninitialize` `DdeFreeStringHandle` `WaitForInputIdle` `SetActiveWindow` `UnregisterClassA` `MoveWindow` `GetWindow` `PostThreadMessageW` `RegisterClassW` `MessageBeep` `GetWindowThreadProcessId` `CallNextHookEx` `SetWindowsHookExW` `UnhookWindowsHookEx` `ShowCursor` `SetCursorPos` `mouse_event` `CheckMenuItem` `PostMessageW` `SetForegroundWindow` `FindWindowW` `ExitWindowsEx` `EnumWindows` `SystemParametersInfoW` `FlashWindow` `IsWindowVisible` `GetWindowDC` `IsClipboardFormatAvailable` `ShowWindow` `MessageBoxW` `GetSystemMetrics` `keybd_event` `CloseClipboard` `VkKeyScanW` `MapVirtualKeyW` `EmptyClipboard` `OpenClipboard` `SetClipboardData` `UnionRect` `DrawTextW` `OffsetRect` `DrawFocusRect` `GetMessagePos` `HideCaret` `ChildWindowFromPoint` `ValidateRgn` `wsprintfW` `ChangeDisplaySettingsW` `EnumDisplaySettingsW` `GetClipboardFormatNameW` `CreateDialogIndirectParamW` `DefWindowProcW` `CallWindowProcW` `SetWindowTextW` `SendMessageW` `GetUserObjectInformationW` `GetProcessWindowStation` `IsZoomed` `MessageBoxA` `ReleaseCapture` `CreateWindowExW` `IsWindow` `SetWindowPos` `GetSysColor` `GetDesktopWindow` `RedrawWindow` `SetWindowLongW` `GetDlgItem` `ReleaseDC` `GetClassNameW` `GetWindowTextW` `CreateDialogParamW` `GetWindowLongW` `InvalidateRect` `GetMessageW` `TranslateMessage` `PeekMessageW` `CopyRect` `DispatchMessageW` `UpdateLayeredWindow` `AdjustWindowRectEx` `GetWindowRect` `LoadImageW` `LoadIconW` `EnumDisplayMonitors` `UpdateWindow` `GetLayeredWindowAttributes` `EndPaint` `ClientToScreen` `DestroyWindow` `GetWindowTextLengthW` `DestroyAcceleratorTable` `ScreenToClient` `CharNextW` `RegisterWindowMessageW` `FillRect` `IsChild` `SetCapture` `UnregisterClassW` `GetFocus` `GetParent` `InvalidateRgn` `LoadCursorW` `RegisterClassExW` `GetDC` `GetClassInfoExW` `BeginPaint` `SetFocus` `CreateAcceleratorTableW` `GetClientRect`
GDI32.dll	`GetBkColor` `ExtSelectClipRgn` `ExtFloodFill` `GetCharABCWidthsW` `GetTextExtentExPointW` `Arc` `Pie` `Polygon` `SetPolyFillMode` `PolyPolygon` `Rectangle` `RoundRect` `Ellipse` `MaskBlt` `ExtTextOutW` `StretchBlt` `CreateDIBitmap` `CreatePalette` `GetDIBColorTable` `LineTo` `MoveToEx` `GetPaletteEntries` `GetNearestPaletteIndex` `ExtCreatePen` `CombineRgn` `CreateHatchBrush` `CreatePatternBrush` `SelectClipRgn` `RestoreDC` `CreateRectRgnIndirect` `CreateICW` `SetTextAlign` `GetSystemPaletteEntries` `SetAbortProc` `StartPage` `CreateDCW` `EnumFontFamiliesExW` `GetEnhMetaFileW` `DeleteEnhMetaFile` `GetEnhMetaFileHeader` `CreateEnhMetaFileW` `PlayEnhMetaFile` `CloseEnhMetaFile` `SetViewportExtEx` `SetWindowExtEx` `SetWindowOrgEx` `PolyBezier` `SetPixel` `GetPixel` `SetROP2` `Polyline` `RectInRegion` `SaveDC` `GetClipBox` `PtInRegion` `EqualRgn` `GetRgnBox` `SetTextColor` `SetBkMode` `CreateFontIndirectW` `GetOutlineTextMetricsW` `ExcludeClipRect` `SetBrushOrgEx` `CreateRectRgn` `GdiFlush` `GetTextExtentPoint32W` `SelectPalette` `RealizePalette` `GetRegionData` `ExtCreateRegion` `OffsetRgn` `SetBkColor` `CreateBitmap` `GetDIBits` `StretchDIBits` `SetStretchBltMode` `EndPage` `GetTextMetricsW` `SetViewportOrgEx` `SetMapMode` `StartDocW` `TextOutW` `EndDoc` `CreateDIBSection` `BitBlt` `DeleteDC` `GetDeviceCaps` `DeleteObject` `SelectObject` `CreateCompatibleDC` `CreateCompatibleBitmap` `GetObjectW` `GetStockObject` `CreatePen` `CreateSolidBrush`
WINSPOOL.DRV	`OpenPrinterW` `ClosePrinter` `DocumentPropertiesW`
COMDLG32.dll	`GetSaveFileNameW` `ChooseColorW` `ChooseFontW` `PageSetupDlgW` `GetOpenFileNameW` `CommDlgExtendedError` `PrintDlgW`
ADVAPI32.dll	`CryptReleaseContext` `RegQueryInfoKeyW` `RegDeleteKeyW` `RegDeleteValueW` `RegOpenKeyExW` `RegEnumKeyExW` `RegCloseKey` `RegSetValueExW` `RegQueryValueExW` `RegOpenKeyW` `GetUserNameW` `AdjustTokenPrivileges` `LookupPrivilegeValueW` `OpenProcessToken` `RegEnumValueW` `RegEnumKeyW` `DeregisterEventSource` `ReportEventA` `RegisterEventSourceA` `RegEnumValueA` `CryptGenRandom` `RegCreateKeyExW` `CryptAcquireContextA` `RegOpenKeyExA`
SHELL32.dll	`ExtractIconExW` `ExtractIconW` `DragQueryFileW` `DragQueryPoint` `DragFinish` `DragAcceptFiles` `SHBrowseForFolderW` `SHGetPathFromIDListW` `SHGetMalloc` `SHGetSpecialFolderLocation` `#680` `ShellExecuteExW` `SHFileOperationW` `Shell_NotifyIconW` `SHGetFileInfoW`
ole32.dll	`OleSetClipboard` `OleIsCurrentClipboard` `ReleaseStgMedium` `RevokeDragDrop` `CoLockObjectExternal` `RegisterDragDrop` `OleRun` `CoTaskMemAlloc` `CoGetClassObject` `CoCreateInstance` `OleLockRunning` `CoUninitialize` `CoTaskMemRealloc` `CLSIDFromProgID` `CLSIDFromString` `CreateStreamOnHGlobal` `StringFromGUID2` `OleInitialize` `OleUninitialize` `CoInitialize` `CoTaskMemFree` `OleGetClipboard` `OleSetContainedObject` `OleFlushClipboard`
OLEAUT32.dll	`SysAllocString` `SysStringLen` `VariantClear` `LoadTypeLib` `VariantInit` `SysAllocStringLen` `VarUI4FromStr` `SysFreeString` `LoadRegTypeLib` `SysAllocStringByteLen` `VariantChangeType` `SysStringByteLen` `DispCallFunc` `SafeArrayAccessData` `SafeArrayDestroy` `SafeArrayCreate` `SafeArrayCreateVector` `SafeArrayUnaccessData` `SafeArrayPutElement` `VariantCopy` `SystemTimeToVariantTime` `VariantTimeToSystemTime` `GetErrorInfo` `OleCreateFontIndirect`
WINMM.dll	`mmioOpenW` `waveInUnprepareHeader` `mmioCreateChunk` `mmioClose` `waveInReset` `waveInAddBuffer` `mmioAscend` `waveInOpen` `waveInPrepareHeader` `waveInStart` `waveInGetDevCapsW` `waveInClose` `joyGetPos` `joyGetNumDevs` `joyGetDevCapsW` `joySetCapture` `mixerSetControlDetails` `mixerGetLineInfoW` `waveOutGetVolume` `waveOutSetVolume` `mixerGetControlDetailsW` `mixerOpen` `mixerGetLineControlsW` `mmioWrite` `timeGetTime` `waveOutGetDevCapsW`
COMCTL32.dll	`#17` `#16` `ImageList_Destroy` `ImageList_Draw` `ImageList_Add` `ImageList_Create` `ImageList_GetImageCount` `ImageList_GetIconSize` `ImageList_ReplaceIcon` `ImageList_Replace` `ImageList_Remove` `ImageList_SetBkColor` `ImageList_SetDragCursorImage` `ImageList_BeginDrag` `ImageList_DragMove` `ImageList_DragEnter` `ImageList_EndDrag` `ImageList_DragLeave`
RPCRT4.dll	`UuidToStringW` `RpcStringFreeW`

Delayed Imports

curl_easy_cleanup

Ordinal	`1`
Address	`0x2d30a0`

curl_easy_duphandle

Ordinal	`2`
Address	`0x2d3130`

curl_easy_escape

Ordinal	`3`
Address	`0x2fb8e0`

curl_easy_getinfo

Ordinal	`4`
Address	`0x2d3110`

curl_easy_init

Ordinal	`5`
Address	`0x2d2f80`

curl_easy_pause

Ordinal	`6`
Address	`0x2d33d0`

curl_easy_perform

Ordinal	`7`
Address	`0x2d2ff0`

curl_easy_recv

Ordinal	`8`
Address	`0x2d3540`

curl_easy_reset

Ordinal	`9`
Address	`0x2d3330`

curl_easy_send

Ordinal	`10`
Address	`0x2d35a0`

curl_easy_setopt

Ordinal	`11`
Address	`0x2d2fc0`

curl_easy_strerror

Ordinal	`12`
Address	`0x2e1a30`

curl_easy_unescape

Ordinal	`13`
Address	`0x2fbab0`

curl_escape

Ordinal	`14`
Address	`0x2fbb10`

curl_formadd

Ordinal	`15`
Address	`0x2fe6c0`

curl_formfree

Ordinal	`16`
Address	`0x2fe890`

curl_formget

Ordinal	`17`
Address	`0x2ff100`

curl_free

Ordinal	`18`
Address	`0x2e2610`

curl_getdate

Ordinal	`19`
Address	`0x2fd950`

curl_getenv

Ordinal	`20`
Address	`0x2fb850`

curl_global_cleanup

Ordinal	`21`
Address	`0x2d2f30`

curl_global_init

Ordinal	`22`
Address	`0x2d2e20`

curl_global_init_mem

Ordinal	`23`
Address	`0x2d2eb0`

curl_maprintf

Ordinal	`24`
Address	`0x2e17a0`

curl_mfprintf

Ordinal	`25`
Address	`0x2e1920`

curl_mprintf

Ordinal	`26`
Address	`0x2e18f0`

curl_msnprintf

Ordinal	`27`
Address	`0x2e0d30`

curl_msprintf

Ordinal	`28`
Address	`0x2e18c0`

curl_multi_add_handle

Ordinal	`29`
Address	`0x2e3240`

curl_multi_assign

Ordinal	`30`
Address	`0x2e3100`

curl_multi_cleanup

Ordinal	`31`
Address	`0x2e2a00`

curl_multi_fdset

Ordinal	`32`
Address	`0x2e28c0`

curl_multi_info_read

Ordinal	`33`
Address	`0x2e2b40`

curl_multi_init

Ordinal	`34`
Address	`0x2e26a0`

curl_multi_perform

Ordinal	`35`
Address	`0x2e4820`

curl_multi_remove_handle

Ordinal	`36`
Address	`0x2e3920`

curl_multi_setopt

Ordinal	`37`
Address	`0x2e2c50`

curl_multi_socket

Ordinal	`38`
Address	`0x2e4b80`

curl_multi_socket_action

Ordinal	`39`
Address	`0x2e4bb0`

curl_multi_socket_all

Ordinal	`40`
Address	`0x2e4bf0`

curl_multi_strerror

Ordinal	`41`
Address	`0x2e1d90`

curl_multi_timeout

Ordinal	`42`
Address	`0x2e2d60`

curl_mvaprintf

Ordinal	`43`
Address	`0x2e1830`

curl_mvfprintf

Ordinal	`44`
Address	`0x2e19a0`

curl_mvprintf

Ordinal	`45`
Address	`0x2e1970`

curl_mvsnprintf

Ordinal	`46`
Address	`0x2e0cd0`

curl_mvsprintf

Ordinal	`47`
Address	`0x2e1940`

curl_share_cleanup

Ordinal	`48`
Address	`0x2e8de0`

curl_share_init

Ordinal	`49`
Address	`0x2e8c20`

curl_share_setopt

Ordinal	`50`
Address	`0x2e8c40`

curl_share_strerror

Ordinal	`51`
Address	`0x2e1e00`

curl_slist_append

Ordinal	`52`
Address	`0x2d3640`

curl_slist_free_all

Ordinal	`53`
Address	`0x2d36a0`

curl_strequal

Ordinal	`54`
Address	`0x2fc220`

curl_strnequal

Ordinal	`55`
Address	`0x2fc240`

curl_unescape

Ordinal	`56`
Address	`0x2fbb30`

101

Type	`BIN`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0xde91b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.06688`
Detected Filetype	PE Executable
MD5	`54fc590185d7d00d65e53b9a5990dc14`
SHA1	`1c0c44ec9fee6afb8c97b9a017b0112cd4cfca07`
SHA256	`0c6eadb716830229f83d38d60891579a09786af8b9b4db46c057f6edf537e391`
SHA3	`94b10b7f47f12618d9a45d61bc47c0ed3f8d2fa132ef25aae05914dc1fda547f`

102

Type	`BIN`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0xa400`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.45603`
Detected Filetype	PE Executable
MD5	`1524ad5be5d49d642207378500c22042`
SHA1	`fff24ecafdab5718e3524ebed4ac3b3bbc42c748`
SHA256	`d5498f499a88429cc31aba4a9d66653294175bc28ca88b78a5806b78a83b044a`
SHA3	`9d0350bf672bc9d6803caf1fe0f0028126099bb815044cf17bfb6b06e4647963`

103

Type	`BIN`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0xd`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39275`
MD5	`2bc30f24765b470bfc6830defac5da76`
SHA1	`3ad84434ddc968956f394681d6f61d7aacfb4194`
SHA256	`b6fc208c0344099a4b3aa1bca05b1b7b2b8d5c80e1c6c3e3ae16f8f859a82f8a`
SHA3	`48baecac6cf0b5d20f6a75f4542c7d3d45d16818e3d268addfb7f84644bdc2de`

107

Type	`BIN`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x6421`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98756`
MD5	`6cb90925abbd3e23b858fb2776b4e5b6`
SHA1	`fb03cce856eee1ae5b46d2601121c2c42de9db2b`
SHA256	`63d111761e45f3428138378a46f1b3ea7ebbe7278518454645b8b3286b23e7a6`
SHA3	`8ef2faaa576694e519fb86b6f44b4af83e5b63a92bfbd9e989ac10d8feaeb20a`

109

Type	`BIN`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x146`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.28075`
Detected Filetype	Cursor file
MD5	`dbd44c4ac444d2e0448ec0ad24ec0698`
SHA1	`371d786818f0a4242d2fced0c83412caa6c17a28`
SHA256	`bf79bffdba70f456cb406fd1ece8652750363b94188510b5d73f36c8ea6e7ae9`
SHA3	`7f451c6b3ff9ee8c1dd82f022061d1975b9d7c94d988b00b7850e225387ecd56`

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.91249`
MD5	`47323808a55dba8701c884d9dbdcc8c0`
SHA1	`62cfd4d4fcad20c5cb4ec379f9e9d555564912e8`
SHA256	`6733f11b628297d7128e3edf82bf0b80707b08e618f3ef7224e74fa2fa7ee803`
SHA3	`c47f03a40880adb9aae60ff25a4c4cffc6067077f6fc9a2be1c58f06853950ab`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.19594`
MD5	`a30d0bd2d41b6e7afe71143cee8e87cc`
SHA1	`c54a5280365af3fba794deef31d45337d385b234`
SHA256	`07676e164640b3dc4b66a4becf96a21275620980a50ea1de7ac90c0a857e643a`
SHA3	`3264cdd80aa595ccb7f9dc626d4c7e8027a207fd6e29b3b50dbeedaacda3e0c7`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.54408`
MD5	`79c6cd089d760562cb07f8e5be914391`
SHA1	`e20713e11ed9b5e9415ac4f4f0c85b855a233199`
SHA256	`7eb05c706fd629b39c6b2390b323b59cce9e333585a52ab2e4e67fdee81dabc7`
SHA3	`2b4270e43fc9dbeb7ce26d4382e23feb62b2f694406d51907c7d98ac737c1d11`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.90632`
MD5	`4f506d09742c98c9a1a9084e83d988ca`
SHA1	`42771a9dfcc9e5e283a13d1f2409229adf4da682`
SHA256	`fabbdbe397c471c497f0f4ab2b9fdb2da7c55c155dec5737039a6969bb091372`
SHA3	`9c06ca7f6a1e1e9a6e109b0fce86517f350cef1731fa8a03b1a29f994e2c7aa5`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.27247`
MD5	`6c565a6fed4f399f9704e94169ca0df1`
SHA1	`4a83b73744fc523d222598cbc838a8c362e3fa9a`
SHA256	`651020655f53f348c0a6b51d365b6b702a3c365aeb30260cee9c842757b3ce0f`
SHA3	`8e1aa5d7b552fc2d01f1ffed89767f11797b04bacec7be5be29acac5fcbb9ced`

2003

Type	`RT_DIALOG`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0xdc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.96715`
MD5	`d42029c6a8bbb0dff11efb05cbde969d`
SHA1	`0535d80f4f2bc7065b8814bbd64d7b1e5003624a`
SHA256	`dfc509027aca793f747dad567b90fe4682fc7e243e03a964a76412cdd85b6b0a`
SHA3	`97a9f76ae16c6bacf293304f7ec7e48eaa035f0a897b4bf0476222cd8bb639e2`

105

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.64216`
Detected Filetype	Icon file
MD5	`dfbd71100ff6a295522cf5d0e5b23e7f`
SHA1	`60b5c1c18ecd775275b174e67d57f68361750b91`
SHA256	`5a20c79c0dbc9b4d82452d98bafc8fb2c607e9945b9b4f45175d2e2e37ecd5c2`
SHA3	`79758ffd46eafa5447b6af70288c138130d3071b21269df28713916a8d9af7f5`

1 (#2)

Type	`RT_VERSION`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x478`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.90774`
MD5	`70d62ee04d021faffa5b94f5f9a2224e`
SHA1	`96aa578a7570b393d3382fbc0b31f1e57bf2ce8b`
SHA256	`ceea4864e0f659e64c967387d34e2c23fb884feb6a379e6d8cf2cf353c5e2386`
SHA3	`fd9ee4ca48f46d095a11b9a1f983a0905915fb78c6531ca292430d8870378da8`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x406`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.16132`
MD5	`adaab93e079700e927d2a4074ac952e3`
SHA1	`ce850b408779b1b341ac25c729a2a6c1c35f44dc`
SHA256	`6492c4102bc76d8cde63b46efd8a4c3a70597215287eb88dbac3312dd6a8652c`
SHA3	`0205e1d0c130a1488013971a489152a0ff7b9854a15d7bd5efe4ffd2ca6ea118`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United Kingdom
CompanyName	Istanbul NLP
FileDescription	Istanbul NLP
FileVersion (#2)	1.0.0.0
InternalName	Istanbul NLP
LegalCopyright	Istanbul NLP
LegalTrademarks	Istanbul NLP
OriginalFilename	Senior Okuma
ProductName	Istanbul NLP
ProductVersion (#2)	1.0.0.0

Resource LangID	English - United Kingdom

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2012-Nov-15 12:20:03
Version	`0.0`
SizeofData	`69`
AddressOfRawData	`0x7e7560`
PointerToRawData	`0x7e6760`
Referenced File	C:\MDM\Zinc4\projector\Release\projector.pdb

TLS Callbacks

StartAddressOfRawData	`0xe02000`
EndAddressOfRawData	`0xe0200c`
AddressOfIndex	`0xdfd784`
AddressOfCallbacks	`0x96cc14`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0xd85fc4`
SEHandlerTable	`0xbff9d0`
SEHandlerCount	`2562`

RICH Header

XOR Key	`0x95e13ba7`
Unmarked objects	`0`
C++ objects (VS2008 build 21022)	`5`
150 (20413)	`13`
ASM objects (VS2008 SP1 build 30729)	`62`
C objects (VS2012 build 50727 / VS2005 build 50727)	`13`
Imports (VS2003 (.NET) build 4035)	`2`
Imports (9210)	`2`
C++ objects (VS2003 (.NET) build 4035)	`1`
Unmarked objects (#2)	`15`
C objects (VS2008 SP1 build 30729)	`1009`
C++ objects (VS2008 SP1 build 30729)	`547`
Imports (VS2012 build 50727 / VS2005 build 50727)	`35`
Total imports	`802`
138 (VS2008 SP1 build 30729)	`175`
Exports (VS2008 SP1 build 30729)	`1`
Linker (VS2008 build 21022)	`1`
Resource objects (VS2008 SP1 build 30729)	`1`

Errors

[*] Warning: Raw bytes from section .text could not be obtained.