Manalyze report for cbd7fb2cb315f8495c51649a4df9583f

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2018-Aug-08 13:28:46
FileDescription	Neot Lion Studio
FileVersion	`4.77.11.23`
InternalName	Neot Lion Studio
LegalCopyright	Neot Lion Studio
OriginalFilename	Neot Lion Studio
PrivateBuild	Neot Lion Studio
ProductName	Neot Lion Studio
ProductVersion	`4.77.11.23`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++ 8.0` `MSVC++ v.8 (procedure 1 recognized - h)`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Can access the registry: RegCloseKey RegSetValueExW RegCreateKeyExW RegDeleteKeyW` `Functions related to the privilege level: OpenProcessToken`

Hashes

MD5	`cbd7fb2cb315f8495c51649a4df9583f`
SHA1	`b6d969078cb5cc1c34f2f6291c74397250c42b5e`
SHA256	`e36e14bc6ff75646a6478cf94336a75330852884106fc98d1d9b05ffb17c2fd6`
SHA3	`e381f05c8c903073b8e014ac614c0512064877951953a8325d1ce5f65a9cd135`
SSDeep	`12288:tHiVlgALzTVwYgH/YAtZhapUulAPdpLcFLm:ZiVlgy9w/YUxXFVcFLm`
Imports Hash	`10acc1bbcf09d90dc186462aa3693765`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2018-Aug-08 13:28:46
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`99.0`
SizeOfCode	`0x8c400`
SizeOfInitializedData	`0x32800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0001124F (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x8e000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0xc1000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`7fe475a1141ca38c625f9f92a192aa7b`
SHA1	`cb0a30af1dd0239e101042225219e6c88ef794fd`
SHA256	`a98431890843b53e48cf196cd549bdd4b63d19677b2fc75d29123cc517cc838b`
SHA3	`179d02a387af191013c7a5704ad325b2d8a1244f539a2c6bbfadde37854388ca`
VirtualSize	`0x8c274`
VirtualAddress	`0x1000`
SizeOfRawData	`0x8c400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.4936`

.data

MD5	`8d2459f783abe19945602223c93f81d5`
SHA1	`fb729204c1dbcc4d3298837e456269a5345397fb`
SHA256	`a957a45126f149e8f61f329e1e96ec74fec7aeb906bca5d97cd2b5fdad786aef`
SHA3	`a4b8094b7a4278562da8ab1e5c132f0b8dbdcd406c85642d286768d54f8a1f1b`
VirtualSize	`0x2cfe8`
VirtualAddress	`0x8e000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x8c800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.22096`

.rsrc

MD5	`0c7d9c4ef010092c5615da9037b44074`
SHA1	`15f4524e7b9e5dfc82ce72a6ff3817b143303938`
SHA256	`f2d73932797d169bb2ffec2131c30a774ce2d7a400dbfcf5e26876b868925536`
SHA3	`b1f85b805b7a730ee802702295d2fb3f171a2e791bc7ac1d393d053ff3444e25`
VirtualSize	`0x5788`
VirtualAddress	`0xbb000`
SizeOfRawData	`0x5800`
PointerToRawData	`0x8dc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.95887`

Imports

USER32.dll	`DestroyWindow` `LoadIconW` `SendMessageW` `CreateWindowExW` `MessageBoxW`
SHELL32.dll	`ShellExecuteExW` `SHChangeNotify`
ADVAPI32.dll	`GetTokenInformation` `OpenProcessToken` `RegCloseKey` `RegSetValueExW` `RegCreateKeyExW` `RegDeleteKeyW`
KERNEL32.dll	`GetLocaleInfoW` `GetConsoleOutputCP` `CompareStringA` `CompareStringW` `SetEnvironmentVariableA` `CreateFileA` `CloseHandle` `WriteConsoleA` `InterlockedIncrement` `VirtualAlloc` `HeapSetInformation` `GetCommandLineW` `DecodePointer` `EncodePointer` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `RaiseException` `GetProcessHeap` `HeapSize` `HeapReAlloc` `HeapFree` `HeapAlloc` `HeapDestroy` `GetStartupInfoW` `TerminateProcess` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCPInfo` `GetACP` `GetOEMCP` `IsValidCodePage` `LCMapStringW` `IsProcessorFeaturePresent` `GetStringTypeW` `SetFilePointer` `GetConsoleCP` `GetConsoleMode` `SetStdHandle` `FlushFileBuffers` `WriteConsoleW` `WaitForSingleObject` `LocalFree` `GetLastError` `MultiByteToWideChar` `GetModuleFileNameW` `GetVersionExW` `WideCharToMultiByte` `GetSystemTimeAsFileTime` `GetProcAddress` `InterlockedDecrement` `GetTimeFormatA` `GetDateFormatA` `GetCommandLineA` `GetVersionExA` `GetStartupInfoA` `SetHandleCount` `GetStdHandle` `GetFileType` `GetCurrentProcess` `IsDebuggerPresent` `RtlUnwind` `GetModuleHandleA` `GetTimeZoneInformation` `ExitProcess` `TlsGetValue` `TlsAlloc` `TlsSetValue` `TlsFree` `SetLastError` `GetCurrentThreadId` `Sleep` `GetUserDefaultLCID` `GetLocaleInfoA` `EnumSystemLocalesA` `IsValidLocale` `GetStringTypeA` `WriteFile` `GetModuleFileNameA` `FreeEnvironmentStringsA` `GetEnvironmentStrings` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `HeapCreate` `VirtualFree` `QueryPerformanceCounter` `GetTickCount` `GetCurrentProcessId` `ReadFile` `InitializeCriticalSection` `LCMapStringA` `LoadLibraryA`

Delayed Imports

1

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.4877`
MD5	`0ac6c3ae0f11c6575d142ec24f22092a`
SHA1	`4fc9898365e2e3964f83fcc69c4718987cc874e5`
SHA256	`5849221e77474a47849430053b220a0e4cd520ed74e90be7b2823f224245b289`
SHA3	`0f945b33e3bdf1a0ce29be71630b06c441906573bad02e392e65f5707e461101`

2

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.51191`
MD5	`af7b2f2b86c6ae5160fa420d0aa9cc9d`
SHA1	`842d21797631ec131dccab8715e558381c7d7b91`
SHA256	`906685232b77f97bec7d70c9e910619bf9ba4138af1c93faf9b4828274324634`
SHA3	`bb9a16314bcb6a8597ddc463692244b2f417c4fa2b25eb04d1de9a2fb4262c10`

3

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.78227`
MD5	`4911e9647035d4234bea105b20dd70cd`
SHA1	`1c931e201bdc999c50a175e64caa12d6898ad230`
SHA256	`78eb6908881b5298a3bbcc98dbf6721c469e67cda41b682fbf931cbaa60de2f3`
SHA3	`61e6d4140d24c10231242801601db98c08b541e3ab981e9449f2586c50a1230d`

4

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.10541`
MD5	`9e42569b5e7053b6ac5813fb7adc4a54`
SHA1	`8e27c7003f6d4702e8d324a519bdee6bf13f2f03`
SHA256	`c82cd0e878bbd6c01c1c2399b7c728bac56ff58896406e850f7064648b107011`
SHA3	`66588a7f1201b41d11d3653052fefea4baed640dfab1d552e4e0aa11f9f0ca73`

5

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.04534`
MD5	`3d58754dbb2ce46b512b9f1577c6a963`
SHA1	`db04b5198bd3e6ac73d67c223372949c0d51204c`
SHA256	`4b62d677376a933793ab868588beb8897040f0d138dd47b215136d468218bc20`
SHA3	`aaeb66041c2b99c38c234b158540ff195d28e4f888520a9f94cbebfa9fcb790b`

6

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.20353`
MD5	`95b2a989f06f2a6bb960c189fef6ae2f`
SHA1	`3488d344e6ca444b70be523475aa34f29c25b451`
SHA256	`a0f6b66910eddfb754c22daf36d4b6063c72bcc135029c2e603226d53c1926d0`
SHA3	`e1c254f06dd798b9faff0fb5a79b32f1151ce4f5542731b27d2c940c0d1775f8`

7

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.98797`
MD5	`97101f017f8a018c2dbfd3232cfcfbe8`
SHA1	`91b8c39c5fbde5182112fb7aa48626787a1a94f1`
SHA256	`b0604ec33d67747ad2a7b5a784c00356c2ecc2c5f237cdabf32d971fc0c9734f`
SHA3	`40e9ebffd59d9c8af59e26ebccce89e59c952c836066a0c1fa8d61ef2d8eb4d0`

8

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.6633`
MD5	`ff4e5862f26ea666373e5fab2bddfb11`
SHA1	`cfa13c0ab30f1bbd566900dee3631902f9b6451c`
SHA256	`b8e6fc93d423931acbddae3c27dd3c4eb2a394005d746951a971cb700e0ee510`
SHA3	`91dae12a9f43c5443e0661091a336f882fa1482f75fa9a57c9298d1d70c8ae69`

9

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.80231`
MD5	`2e87b3c111e3073a841775c1f8ec5a90`
SHA1	`20292304fa2ef1bfdc4a1000e90a1c16d4765a96`
SHA256	`ce19ace18e87b572e6912306776226af5b8e63959c61cde70a8ff05b3bbdcc41`
SHA3	`9527f09e739c2064835800a7e5c317cb422bdd7237f00fca079a1c62f58a2612`

10

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.00046`
MD5	`a04c3c368cb37c07bd5f63e7e6841ebd`
SHA1	`699300bceaa1256818c43fecfc8cad93a59156b2`
SHA256	`ee1c9c194199c320c893b367602ccc7ee7270bd4395d029f727e097634f47f8c`
SHA3	`58722e3138aad1382e284c1605ecd665ced536de4906749ac8d6e11252cc9558`

11

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.56318`
MD5	`9929115b21c2c59348058d4190392e75`
SHA1	`626fba1825d572ea441d36363307c9935de3c565`
SHA256	`9d9edf87ca203ecc60b246cc783d54218dd0ce77d3a025d0bafc580995a4abd8`
SHA3	`fea156e872544252c625076a6bf3baa733ee5b3d5399716e156734af7a841369`

12

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.6949`
MD5	`f321ad13d1c3f35a05d67773b4bc27d6`
SHA1	`30aded8525417e2531d5eb88bf2f868172945baa`
SHA256	`99676c52310db365580965ea646ece86c62951bfd97ec0aae9f738a202a90593`
SHA3	`04c839da98a8c50a36697076af5bc6d527560a69153b2f718f065908fd4fe3ad`

13

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.62527`
MD5	`5ca217e52bdc6f23b43c7b6a23171e6e`
SHA1	`d99dc22ec1b655a42c475431cc3259742d0957a4`
SHA256	`11726dcf1eebe23a1df5eb0ee2af39196b702eddd69083d646e4475335130b28`
SHA3	`b358d8a5b0f400dd2671956ec45486ae1035556837b5289df5f418fe69348b3f`

14

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.91604`
MD5	`6be7031995bb891cb8a787b9052f6069`
SHA1	`487eb59fd083cf4df02ce59d9b079755077ba1b5`
SHA256	`6f938aab0a03120de4ef8b27aff6ba5146226c92a056a6f04e5ec8d513ce5f9d`
SHA3	`0f1c6c0378a3646c9fbf3678bbeeccf929d32192f02d1ea9d6ba0be5c769e6ab`

109

Type	`RT_BITMAP`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x328`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.35814`
MD5	`d849cc7ba1d8b9f95b86a231267b453f`
SHA1	`025c98a13baa21d5f749059daadf5346410714c8`
SHA256	`8b4a2267a9593743ce11ace0e9449257d27055eeb8cb6cee66f9787d002fcb7b`
SHA3	`84d21aeb20473647fb136b1a7447d1dbba086bd140aa5488baf237373040851e`
Preview

1 (#2)

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x368`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.89061`
MD5	`ca6ebf47d23472b84bdbc76c40fc75df`
SHA1	`48ac0baec63f36254fcefd5a2c39d672bf39f0cd`
SHA256	`70003732c5b64102ff9c8f84f5f6497c67b8b2850045fdd2c71dc826f0b938f9`
SHA3	`203577c365792b63f24482124a6f394a96c72ba6fc860c591e743bee0bd4bed8`

2 (#2)

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x748`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.68069`
MD5	`748822020d04bb36bf763b64e1283632`
SHA1	`37c0ce7e1aa62aa8e1d2b65e52ab659c9fa55e3d`
SHA256	`0acfcd597f54bf0c296b7dae543547cff190245d971b4d809a32dee322798a62`
SHA3	`49204afb313c50da58ce88a93778e2ee1dcb767b97bb2666337c9b88e38d9cdb`

3 (#2)

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.91651`
MD5	`20a106602bc90ae47fb02914b165c727`
SHA1	`519d130888187123bca6310b1f5ace4447b22731`
SHA256	`956ed49bb8e61240f361f8f57a49261aeb199f6fbe7acc37a44c9555e4b6c76e`
SHA3	`105f11a99025174d804b389ff9ce5d5a444ddc05c0314ecc6225b01099e609e5`

4 (#2)

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.48419`
MD5	`5801872b0f663d1bc732c365db9d6fe8`
SHA1	`54470793723664b4df90a4eb40f029a3739f9a9d`
SHA256	`b508976e54947527556d71175aa143caad8811f4aabf7e25c24f2fd763455505`
SHA3	`0870b6f2d2db7fa99a57ff6e9b4995f4667e48a79867d7f85265af8541443322`

HAND2

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.88048`
Detected Filetype	Cursor file
MD5	`9f670cc9b01e75540aad9f702c119ab6`
SHA1	`953c64f82fcf289bbd6a38c1eb0624fa5158a390`
SHA256	`dfccbb08a766f39f4551315521c258bf0b45d8e8085ae92decbdd67d586dff6f`
SHA3	`1f60f63f19e5799d0e2d7d1f8a286a8fe8dc3a21cd3a5c3b162792b1ab1de282`
Preview

HEART

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.92322`
Detected Filetype	Cursor file
MD5	`fff06c4e47853e641fa9f92045d96398`
SHA1	`2c87f1b831dd9c9e54607027d21c9d85ee911773`
SHA256	`9fd82e76001b6cbfe5d7908854352139f283cb73b3b93311e96069b4a79b11f5`
SHA3	`fa1f3d03e98f733b32b51e820dd92090231582d74108c554a1809a9a5beb8ce9`
Preview

ICON

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.06096`
Detected Filetype	Cursor file
MD5	`3db1ac3a8f31e470a01d23094b18dfee`
SHA1	`071d5938664b6462471320933f66c26bb48ed7a6`
SHA256	`bc815957391ce4d7052305e542ec6e5bc2239e2f5249dee9665ae43ea9fb7134`
SHA3	`765cd233c8c6e1018022eeb0434559200d18a57d98525524b302188d38285b9b`
Preview

IRON_CROSS

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.06096`
Detected Filetype	Cursor file
MD5	`901f04a064cd6962adb65f5241ab64f4`
SHA1	`c34160d8606269ad8ae70b564b2d4bc97926432a`
SHA256	`8e10eea5c0f5233adedde744c5b7b28c34fb4f2ede8d3bac0ac7fc2b51705fab`
SHA3	`ef84282f0e3722808e41cd367a98329f844543d1478af6dadf3a007eee42df43`
Preview

LEFTBUTTON

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.06096`
Detected Filetype	Cursor file
MD5	`7110b20fcb3f0bea0dd58542c36ed2b7`
SHA1	`13e6db29456bfd8c1edf8d8f90c7920cf3616106`
SHA256	`387b1778c391c35bf07dec9d3ff6865ec22c16bbcde8dc697fb97a698a879d68`
SHA3	`63e90fcc1c1fbc367e62e740ef570a7ae3935f6acbcbe92af211d70dcd60f4ea`
Preview

LEFT_PTR

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.06096`
Detected Filetype	Cursor file
MD5	`ba24a7047a578e636c8b3b7ef85a4c04`
SHA1	`fe40c43f1025f8ce3042cf1b1ce7095b32e4d5d0`
SHA256	`2f20b6daf01b7e61f627e8b60e854e8755ae422118aa960bc6ca1c5ef0df9155`
SHA3	`91d1199c7d9b2ddb6fcbe0820f4f4ef4ad10b335777c454b9c71d91d3e09f646`
Preview

LEFT_SIDE

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.06096`
Detected Filetype	Cursor file
MD5	`2e18f5b5e9f5be966f08ce0293562c81`
SHA1	`c65971926f0568e853065c8451c4919c72bc2bc2`
SHA256	`89b43615d33afbafbcea7fab48151853f2058560bf2ad2e7a47d2e70c5991582`
SHA3	`cdc8448c14d1351dfcdb9ea6981d0d904a4c8a91bccf0cf18330462fa91edaea`
Preview

32761

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.06096`
Detected Filetype	Cursor file
MD5	`de5f727497702115414797c7e5ae7181`
SHA1	`fb2813d22c9dc04fe4d30786d1791e3172c87ddd`
SHA256	`599d813ac8026ae38776a191b010ad319b20b1cfe19f9bf8498dfdf4722fdd04`
SHA3	`6d23b903030f12fa855ed8a190a2e49ae42d2a51856573411162296e38f2c2be`
Preview

32762

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.06096`
Detected Filetype	Cursor file
MD5	`350867b1ed641d029c466e4e72abfd9c`
SHA1	`20dadf638b62425f450fc0214c23f87dd7390606`
SHA256	`3721e67ba227ccdc12e401e0de785fef23940179901dc9a4f774723b53517b90`
SHA3	`9920dfaf60aabc231a6b4d2454ce6af3cd4f018913c6ed4a97c3011da776a13f`
Preview

32763

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.06096`
Detected Filetype	Cursor file
MD5	`ec7815200b2d22a92c26d9d2a1c05fe8`
SHA1	`acd79d1abe6d26cf6be4f3beb4b056c1eabca0cf`
SHA256	`858015e94f11689dffd45e85df0e4fe2820d7f28053c144596b5eb0ebb43e5f0`
SHA3	`a1a6c5959337696ed215f2775c6ad9999ce4ac22cdcf99d8bc47df339405df92`
Preview

32764

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.06096`
Detected Filetype	Cursor file
MD5	`97b27882f832beedb665ff874a110709`
SHA1	`7988f85febd51c576e88cce0704a14e289e0d317`
SHA256	`b3717e066bc17a7e28e3a45b35d76d8b067e391b5b344baf6fa4bdbe4e8feedf`
SHA3	`63ca064d5595a7dcdbc30472eea0655309034ea1254cb51ea69a3ad8f0dc3368`
Preview

32765

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.06096`
Detected Filetype	Cursor file
MD5	`54a550159c59b4362e6a2fe86386a0cd`
SHA1	`05d4ac3e7cda9aa581887e42d53c20bb247862e5`
SHA256	`50160363f4a2454015ce46878ae579e98e699f4e2092a6efe7c454bc4b76adde`
SHA3	`c0968c94ba0036eeaf91d443a32fcf932380ef54a514ee00422aac201c754a75`
Preview

32766

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.06096`
Detected Filetype	Cursor file
MD5	`f0a61adcb340fe14a10a708f5eaa7643`
SHA1	`e42860b3b4c711ba8da602fd40fe9416bef1dd9a`
SHA256	`6c3f176378a625aa73052a093fb5a410d2eb62e3d52397a71edc92ec0decc92c`
SHA3	`0daf12d4accfdbf380c8ec60135c1b9ce5b56524a4dddb5bf588a5b8f56644ff`
Preview

32767

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.06096`
Detected Filetype	Cursor file
MD5	`e00eb60844dd5e82c26275df06192873`
SHA1	`ebc5bf61af947ca88262e48d470b419b3d972c31`
SHA256	`e617bb2fa33eb73b89d8841af2f9534f34713784e2d4f203c05f36d266ac84cb`
SHA3	`f39923e2f414a1300170f78cb8770baf6f4a872f08e61d15fbb639da8862efb1`
Preview

104

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.67969`
Detected Filetype	Icon file
MD5	`4109bc7c671b196b116e999d2ebdeeac`
SHA1	`c816dbc492d9da38450803c20d8f7aaadc627c2b`
SHA256	`f9b4014be9add968851b182b35be4bebf08b130659350120c5fc279bb2f99953`
SHA3	`5b75ba9909bf40304430f4181b00c25f41887768084a13ca38cac6ddf7be1b42`

1 (#3)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2fc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.27601`
MD5	`7957ab6f1d47a79b4ccce34a12f53bf2`
SHA1	`b80163c1bfc564a3d790b636d1f097c025ac7841`
SHA256	`4e6ae0aa26fd99e50f912e556c00aaa6a081811989571e1e2306fec4ad6fe528`
SHA3	`f52fda12879cc3bca143ba724d47bbe4327fed779052fc744e1648d387c3992b`

1 (#4)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2c9`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.12745`
MD5	`489352cafce8d3a25e611407d1b10a2b`
SHA1	`84b5b16678df9c67ce9fe43c70017ffb83859223`
SHA256	`be2c1008d782080004a6bb7b333b23e30bde58a4abd1f06dacdaa47d565cdbd8`
SHA3	`2997a81c29387699da9ec34ce8f2f594c8334cf976c2e7fa952be07d04d527b5`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.2.0.551
ProductVersion	1.2.0.551
FileFlags	`VS_FF_PRIVATEBUILD`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
FileDescription	Neot Lion Studio
FileVersion (#2)	4.77.11.23
InternalName	Neot Lion Studio
LegalCopyright	Neot Lion Studio
OriginalFilename	Neot Lion Studio
PrivateBuild	Neot Lion Studio
ProductName	Neot Lion Studio
ProductVersion (#2)	4.77.11.23

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x48e04c`
SEHandlerTable	`0x402c40`
SEHandlerCount	`3`

RICH Header

XOR Key	`0xd16c6316`
Unmarked objects	`0`
ASM objects (VS2012 build 50727 / VS2005 build 50727)	`22`
C objects (VS2012 build 50727 / VS2005 build 50727)	`111`
Imports (VS2003 (.NET) build 4035)	`9`
Total imports	`110`
C++ objects (VS2012 build 50727 / VS2005 build 50727)	`29`
Resource objects (VS2012 build 50727 / VS2005 build 50727)	`1`
Resource objects (VS2008 build 21022)	`1`

Errors

[!] Error: [plugin_virustotal] VirusTotal API request rate limit reached!