d1ab72db2bedd2f255d35da3da0d4b16

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2009-Jul-13 23:42:48
Detected languages English - United States
Debug artifacts wscript.pdb
CompanyName Microsoft Corporation
FileDescription Microsoft ® Windows Based Script Host
FileVersion 5.8.7600.16385
InternalName wscript.exe
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename wscript.exe
ProductName Microsoft ® Windows Script Host
ProductVersion 5.8.7600.16385

Plugin Output

Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
  • LoadLibraryExA
  • LoadLibraryW
  • LoadLibraryA
Can access the registry:
  • RegCreateKeyA
  • RegCloseKey
  • RegSetValueA
  • RegOpenKeyA
  • RegQueryValueA
  • RegDeleteKeyA
  • RegSetValueExW
  • RegQueryValueExW
  • RegCreateKeyExW
  • RegCreateKeyExA
  • RegOpenKeyExW
  • RegQueryValueExA
  • RegEnumKeyExA
  • RegOpenKeyExA
  • RegSetValueExA
Can create temporary files:
  • CreateFileW
  • GetTempPathA
  • CreateFileA
Safe VirusTotal score: 0/66 (Scanned on 2018-12-05 10:09:32) All the AVs think this file is safe.

Hashes

MD5 d1ab72db2bedd2f255d35da3da0d4b16
SHA1 860265276b29b42b8c4b077e5c651def9c81b6e9
SHA256 047f3c5a7ab0ea05f35b2ca8037bf62dd4228786d07707064dbd0d46569305d0
SHA3 ad27e0f3bfb54ff2333c935425930412f48bb31c09d4d008dc64f92f58a7c4c4
SSDeep 3072:f2L8uyujrWp2XTUwVo3FyXtT7uQgxeV+Wssm/CDkuIr5Txt9x:f2guyue8y10gwV+xsmhNT5x
Imports Hash dd2ab570ca73bfbbedafd95db991284c

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2009-Jul-13 23:42:48
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 9.1
SizeOfCode 0x17600
SizeOfInitializedData 0xb000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00002F3B (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x18000
ImageBase 0x1000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.1
ImageVersion 6.1
SubsystemVersion 5.0
Win32VersionValue 0
SizeOfImage 0x26000
SizeOfHeaders 0x400
Checksum 0x2b2d4
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x8000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 7e9730ba2ec06090e3b0cb53d017e5c1
SHA1 98bf1aede46d65c50cb2266e772b21a39f2b2501
SHA256 c999f72ecb4cb8e7f17d6a66d82bc73b00eab17c9c278f72f61c2f53a5e216a9
SHA3 75871fdab664d23e64fa43a30a9d76f652be9a16e3fb2e09c55ccb388b9f4d47
VirtualSize 0x1757c
VirtualAddress 0x1000
SizeOfRawData 0x17600
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.34444

.data

MD5 f6c38d44b8319b8cf8bcc9108060f062
SHA1 86ca4754a81f789d34a00347a6b7cfcb99ab7778
SHA256 6f9696dd32df61de90cce0f91ee344d169888a2ddfbb3ac4bf1df92f4a9e3473
SHA3 12a1e2c6f4281a59f84ebd069172a760aab88c8cf16ca721d3096fcb6a14f2df
VirtualSize 0x4dc
VirtualAddress 0x19000
SizeOfRawData 0x600
PointerToRawData 0x17a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.763507

.rsrc

MD5 f859f3fbaafa7a63d32f566f88931873
SHA1 9b836daed22e3659616d420efd774892ccef8e29
SHA256 afc57ed2f5ddcbbc12b722a40d480734233dbfb7bdf5ad73270414f0a69a8bbd
SHA3 2adf7be29c46c41c3e3bc68014e01112fcde5d0eb98d341d5b4ce90c64ced7a2
VirtualSize 0x94b8
VirtualAddress 0x1a000
SizeOfRawData 0x9600
PointerToRawData 0x18000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.20923

.reloc

MD5 70afb83647ccee576016e3db5e11ca58
SHA1 61363fdcc8c5ecc8725cea0c9452434f29441941
SHA256 a2d9821e202e5dec4dedcfc58c48eb6904adaba2c76e2df9a4768109eda51166
SHA3 c9235e33aa605bc72832b694aa30f5b27a15eeb8d983b60c685e28350c937246
VirtualSize 0x13d4
VirtualAddress 0x24000
SizeOfRawData 0x1400
PointerToRawData 0x21600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.582

Imports

ADVAPI32.dll RegCreateKeyA
RegCloseKey
RegSetValueA
RegOpenKeyA
RegQueryValueA
RegDeleteKeyA
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegCreateKeyExA
RegOpenKeyExW
ImpersonateLoggedOnUser
RegisterEventSourceW
GetUserNameW
LookupAccountNameW
ReportEventW
DeregisterEventSource
IsTextUnicode
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
RegSetValueExA
KERNEL32.dll GetCommandLineA
lstrlenW
GetCommandLineW
HeapAlloc
HeapFree
GetProcessHeap
GetProcAddress
SearchPathW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GetVersionExW
CreateFileMappingW
LoadLibraryExW
SetLastError
LoadResource
FindResourceExW
CreateFileW
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetPrivateProfileIntW
GetPrivateProfileIntA
GetPrivateProfileStringW
GetPrivateProfileStringA
GetFullPathNameW
GetFullPathNameA
GetLocaleInfoA
LoadLibraryExA
LoadLibraryW
HeapReAlloc
GetStdHandle
GetConsoleMode
GetSystemDirectoryA
GetTempPathA
GetTempFileNameA
CreateFileA
WriteFile
FlushFileBuffers
GetUserDefaultLCID
GetCPInfo
GetFileAttributesW
FindFirstFileW
GetFileAttributesA
FindFirstFileA
FindClose
GetACP
CreateEventA
CreateThread
CloseHandle
SetEvent
FormatMessageW
LocalAlloc
LocalFree
FormatMessageA
GetVersionExA
GetModuleFileNameW
LoadLibraryA
FreeLibrary
lstrlenA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
OutputDebugStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange
InterlockedDecrement
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
USER32.dll GetMessageA
DispatchMessageA
GetActiveWindow
MessageBoxW
PostThreadMessageA
GetParent
TranslateMessage
PeekMessageA
MsgWaitForMultipleObjects
SendMessageA
PostMessageA
LoadStringW
LoadStringA
CharNextA
GetClassInfoA
RegisterClassA
CreateWindowExA
GetWindowLongA
SetWindowLongA
SetTimer
DefWindowProcA
PostQuitMessage
KillTimer
EnumThreadWindows
IsWindowVisible
GetClassNameA
msvcrt.dll _iob
_vsnwprintf
_errno
_vsnprintf
_beginthread
memcpy
memmove
malloc
free
mbtowc
isleadbyte
_snprintf
_itoa
wctomb
ferror
_swab
wcsrchr
_itow
__badioinfo
__pioinfo
_fileno
_lseeki64
_write
_isatty
??3@YAXPAX@Z
wcsncmp
_wcsnicmp
_wcsicmp
__mb_cur_max
??2@YAPAXI@Z
memset
_endthread
bsearch
OLEAUT32.dll #20
#150
#201
#202
#9
#10
#8
#27
#15
#26
#161
#12
#25
#19
#6
#4
#16
#186
#183
#2
#162
#7
ole32.dll CLSIDFromString
CLSIDFromProgID
MkParseDisplayName
CoGetClassObject
CoInitializeSecurity
CreateFileMoniker
CreateBindCtx
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoUninitialize
CoInitialize
CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
StringFromCLSID
CoGetMalloc
CoRegisterMessageFilter
VERSION.dll GetFileVersionInfoSizeW
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeA

Delayed Imports

Ordinal 1
Address 0x2bb9

1

Type MUI
Language English - United States
Codepage UNKNOWN
Size 0xe0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.80473
MD5 5ec23dd4d2b9a4bc302913edb27f86c3
SHA1 1a4c14438b1b4faceed7b631812e3474e1b569ab
SHA256 972da42c9ecc09b315675d3a3b13133b5d0250fefb345a1a8f8cfbb4d728193c
SHA3 2665780093a16c1ef26c15d2a9db552a315033c79670943e779dc0a777ef1edb

1 (#2)

Type TYPELIB
Language English - United States
Codepage UNKNOWN
Size 0x50cc
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.39742
MD5 ef95079909752f11e5bdfd365d8c5f4f
SHA1 5f0001059fc4fa318995b12d22bfbb53d1bed8cb
SHA256 07a3120a27a56ef666489895c0164274fa39b7415f74fa745a502f7dac4ecc8b
SHA3 03607f1b2e9da376fe3279a2fe53b8e76a82a0e6b1f7042b359a90592b1d8823

2

Type TYPELIB
Language English - United States
Codepage UNKNOWN
Size 0xca0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.62455
MD5 2762f4803329fdf509e0350fa5746899
SHA1 edeb3d965174024417aa93523ccc98336985f967
SHA256 5401fd857834723d85ee659d0b5ec6a4a91261a8bd0ee825514e8100f46d9ed9
SHA3 4add1355ee51b38e5b580d685944a57e1a0aa6f2c2fd2623916fb967bb89f9f4

1 (#3)

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.56892
MD5 7cbc67d89e560d38ec689996dc98f94c
SHA1 28add5a63c570cf2279e94bccbc952b588392526
SHA256 402380cc207c0eefdc2aec7bd0081da181fe3a28c3bdc573942e438bbdda22a2
SHA3 66dd4f8da736358acc772bdd8a5adc6f2410a6476c3c05faf31cee2a94c43e9e

2 (#2)

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.41512
MD5 8bb745b18c479987cda0e15d0adbafd6
SHA1 0f20f2481169f289affcd0141ab54e00825c4162
SHA256 50416d483dffdfb89263521bb38273c41d752a1faafbf6d904089e085f3147ac
SHA3 cb8e4afdf9d1b7e70ad3597b73ed647850fca20190a5ed8ab44c371f2b28b50e

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.33172
MD5 a34b2a422a9a9ec554bede2e8645edfa
SHA1 8535a3fbf151e9f1cb64472d4cc89230ac485d1f
SHA256 6c5f283e265de2cb31e673c0c1d7364a1afa48b114ea154019ae94d737953946
SHA3 904d09157de40697f574f26c310809d27e524019e7242ad224b9225f9b63edc7

4

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.88973
MD5 81f7331ee250ce678642c92838a70d0e
SHA1 8cd52b313ba20a1e98b7f936c3042a7a34a9b313
SHA256 969c17a1a4bd1f2bc831d1212956c9095aa310b307813bccfc12088df95d1c5a
SHA3 36ce3e73d0aa6f3ecbd0d6e207f168a9c4bda43dfe8cd3bb3f8955b51399976d

5

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.33542
MD5 789ada30cc8d4fa383b14b33b0713510
SHA1 6f49ee38448565efbd323b8e3ea19161c484420b
SHA256 1786f022b5225428e61d68aa9330a8fe2503e48c4ad2e2abf6f877b9175aeaec
SHA3 3d2f5f88a550a4450c23474701456b7664972816397a0600194db74931adc542

6

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.08736
MD5 a37529a0f69b66ae4a48274912dcb54e
SHA1 ebf42b885c60fbedd21e2184d055bef94cb46bdc
SHA256 656b6e6810bd4d061a717ac2ab560929dd6bcfabb60260632b666cd430e40951
SHA3 3eda536d1d337a87e38bedbe3fc64313f723b5a16c383acc558ef355ba97592d

7

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.06677
MD5 91b29cbacb281384c8840f2d416909b8
SHA1 774e8409a9a80d162b6839fa2cdf28f7bfa2297e
SHA256 44528408b839cea9d7b9c1a75eaf4db478bdac0245e82a63b54653f4e2ed9d56
SHA3 69d64b7a7eca199a65190fb769b87a3d9c88043a5019f033c69a013be52c5cb9

8

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.74743
MD5 9cc516d4170471776d2cb62dce36a5e1
SHA1 4ae3586e62b55048c2aeb903e0ec9e2c244908d2
SHA256 bb6ecc992483748a9fe62b5682d239a1a96c80977f31dda29519d400a3f2f12f
SHA3 f095244b41a3bf6041acd026777eb9225505dddb1129ba3e813e208a9adf1cc5

1 (#4)

Type RT_STRING
Language English - United States
Codepage UNKNOWN
Size 0x96
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.72156
MD5 0598944a649da43a5825f38469cc904a
SHA1 934dca27d29cba1eb0af63a61aea0c58ef8eb641
SHA256 557dcec2027f33fb4d5931473542337deba4e92dfb1135a7d328688c71c3faa1
SHA3 78cebc0c8172733c83d431eefa57e563193c830a22ffb7efebc6ae4a83a35121

2 (#3)

Type RT_STRING
Language English - United States
Codepage UNKNOWN
Size 0x1c0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.20172
MD5 a6de983a216ead058c9b2b3b4c0b4317
SHA1 ca2ad917abbaedc415cf2eb60bc51b93961eacf3
SHA256 daf8847ede76e765d7c0c4227bed3660cb4f3da1c2cb7176c96800df42e234b0
SHA3 4137d36258db7cebeef33fb58da34a14c35c2dfb453be5c9d6175caeab540d8b

3 (#2)

Type RT_STRING
Language English - United States
Codepage UNKNOWN
Size 0x2a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0.960953
MD5 0d9eb73abf7f810dd3a17b3cf0e094d5
SHA1 0b0f75b97636b0a87b99ede73a469712ccc1d93f
SHA256 3354c068580576a1bc7b92689859f50302bc850ddeacb3aa1bfa30617009a13c
SHA3 15e957460afaa6b2f018c655605271fbc6e1a8bfbad07e546bb1ef5f128050c1

63

Type RT_STRING
Language English - United States
Codepage UNKNOWN
Size 0x26
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0.695987
MD5 2c39bf94a9395c581f275ab6d71c1dd9
SHA1 153a1aa53fc3013b58edb0953c53b0eb05e2882f
SHA256 e3b7a6ffa1b69daab4a080f2aa06b09a358ed966f2c9a1780542f438528f1516
SHA3 4344703532dd643d6baa1bc0307d89d5134a363b4c6af0c684b1d0dbc1e00bf2

157

Type RT_STRING
Language English - United States
Codepage UNKNOWN
Size 0x602
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.38806
MD5 7202e3aedfcdad15301701843a6d8269
SHA1 b12c7cd12baa741136711f68f7be2898b2972c8c
SHA256 ee9bfa5acc5e88c14b6fb9b26fadf3fb8bdd49539a459d083add72381ae68456
SHA3 fba8739eca506e8ad53543be5a0c303b12fce76317b377739ba2cc10f66e8bb9

158

Type RT_STRING
Language English - United States
Codepage UNKNOWN
Size 0x180
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.09944
MD5 a563deec12608ff210034dbbd17e6c8a
SHA1 b47f8098946ef1e666e7cb5f157b8362f3bc8f6d
SHA256 3a09efe9098a66029f7697219ce53538bcd515c5daa589557d1c1ca5264b92be
SHA3 1518cb5690f6d1c574e62eecd163eb1dc938ce6fb879b90a11fe35b36fb7f865

163

Type RT_STRING
Language English - United States
Codepage UNKNOWN
Size 0x1e6
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.28339
MD5 822f7441ca868256f84c9653ed5d7f52
SHA1 8528c552edfc15d9f2da081335169b6039866a2a
SHA256 fbf264f8458f5aa97023d2dd83f35336be52a0bd8453607e1edbaf915a352d64
SHA3 4df61aef05f3d49acee04838a17d47fb20ea35d38f37f573a1a9e0dc66c9307b

191

Type RT_STRING
Language English - United States
Codepage UNKNOWN
Size 0x264
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.12914
MD5 d26a9ae7c1ff5ff32142020766175b45
SHA1 a8af55e8824547083f13e67b817f3ad57090ff7f
SHA256 21d071c2c0f0c593b5fd4a8101c33120f34fddcdcee78888b321b486f2d7840f
SHA3 06554434b5b9625d6bab2a45340784310b52e1269e35981dd6ab3338686a15c4

194

Type RT_STRING
Language English - United States
Codepage UNKNOWN
Size 0x1b0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.09046
MD5 836fa5f9cba82442d1e2f0ad9da27b2b
SHA1 dfadd27ab3e352705cb61e274a821a83b67e2fb7
SHA256 ad25a46c6129a06a64a566482a07c6d6d5beff3e19f44e045c1a8a4e2e881c96
SHA3 2ef6bcf2407e1e4349d5f6978a93e9af56991aea6d0e13cd38c114da02a05c99

201

Type RT_STRING
Language English - United States
Codepage UNKNOWN
Size 0x4c0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.29694
MD5 337b84b779f910dac0c6fd15fa46017d
SHA1 2ff46bc77c2367db6ffb209845ccbd398c9fa215
SHA256 9aa87e211ba10ae31272cff4b9e988a517ff14d28da8d2396063ac24c494e6e8
SHA3 0fe7736ac9a176101e95f3cf2c42307395f86457afd2ca1deba8f9bf00ae9206

207

Type RT_STRING
Language English - United States
Codepage UNKNOWN
Size 0x394
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.27711
MD5 f44ec3e938e56fd2821b603dabf035a1
SHA1 ba9b6a3efca66137583ab565a4ea89a479d21648
SHA256 6a1b3f84a1ce144c08b3c8fd5c8f14069704273760380459b25ae8e273187a82
SHA3 4df03103d47571604e28389a8d2f072afa5dd000007231905889621aa720f0da

208

Type RT_STRING
Language English - United States
Codepage UNKNOWN
Size 0x212
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.26503
MD5 12721f1be451a8a32e3e92834d5c2908
SHA1 d0f6b1f326941fdf181cdfe04d7458841a6de063
SHA256 42e4c5ef9be69c9a9a4182c40a068a1344a519e5e300a984e86a8bded900d4d2
SHA3 ba38ec7b23a42469286f6302986fda3857102bba32958697114ea682ca56a961

213

Type RT_STRING
Language English - United States
Codepage UNKNOWN
Size 0xa8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.79883
MD5 b0b66b841847d6c60922353dce970fa8
SHA1 0e55ad3804c259773710e428408b9722a030d402
SHA256 222f5e473131292334d97156b9148c7d728395418b1c98104071952faf7fd206
SHA3 7a04a59701f5d336ca1eee9e1ab5983c0d8ea6f2e449291659aa1de3a4d4a1bd

219

Type RT_STRING
Language English - United States
Codepage UNKNOWN
Size 0x5e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.40523
MD5 fcb8f9deb56051b655ed1b8c778d2e94
SHA1 e3ecd9cea1040909496cf185b4667c580983bfee
SHA256 af10417c87c1180441904916de9287450f93ad2f0a14217640d218fbf321f984
SHA3 f8739710b6714e98c9160948527c53157b0fcdf8b4b90bc540a4239b2aa907a8

1 (#5)

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x22
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.37086
Detected Filetype Icon file
MD5 d59e0d372ea5fd8c1f4de744376a6af4
SHA1 6883ce60e71a83424db0b41d0ab6bf61080e3de2
SHA256 b10e28a32eddb2ab20a46ceae59d9c0786911eb20f0c8dd2a28421f226ea2b8b
SHA3 5e39df982879204dd9f129a37d1e1c2ff906e88de9ae01b4418db5e8455e7ae1

100

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x22
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.55805
Detected Filetype Icon file
MD5 f6bfdcc9b84f40cd4f2f4986395461da
SHA1 978b284331426882bfe26c946469ba240854153d
SHA256 7b7cc020e1888740524df4831d80184a709a3cf52ed76335cb247253157f6e60
SHA3 bf2a54731d19e929f970d2d44a01de475c1c45ecd7a26d7eb6ac6cb90f5ba6e8

101

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x22
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.55805
Detected Filetype Icon file
MD5 8655b844bfee663f0d289f7e08cc609e
SHA1 8ef87ed45f7e495d1c52eb85996cec07ae5aca12
SHA256 b9526937ca2715e9b12796a65392e1913bb5c77f5e2420c78e31baf7dadac873
SHA3 23cbd20dfe62169dce3b5b154f7f0f6ce71dfca1b9cdcec0fc5c541cca5a08a1

102

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x22
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.47702
Detected Filetype Icon file
MD5 30d3c08a7e102b3c76c369e7d689187e
SHA1 0bedf3194368bdd38e251794b400804a566942f0
SHA256 cd07dc2185fca682e34141b058a2b4794bfde621a0e355e6e7080686a8c78750
SHA3 7f64f455d9bf5e37478805ed41507967845c44a11beb202cbc5f6eacf8327d15

1 (#6)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x378
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.51023
MD5 5b55b1c33398c34ede1694ced22d596a
SHA1 f4e846bd73f08c7ff29300a9f897bd1416ca7ab3
SHA256 f1395d161ba4d630c7fa1d12eb9bc41ce5192786d2aeb1f6bcdb77b9f27bfef9
SHA3 a059cebc7ddfca930943e98f730cc0f0d0a1c9e7d0c4382919edadec0c2d307a

String Table contents

Windows Script Host
Windows Script Host (debugging disabled)
Windows Script Host Error
Windows Script Host Input Error
This Unicode version of Windows Script Host will only execute under Windows NT.
Please use the ANSI version of Windows Script Host."
Usage:
Options:
value
wsh
Windows Script Host
Windows Script Host (debugging disabled)
Usage: WScript scriptname.extension [option...] [arguments...]
Options:
//B Batch mode: Suppresses script errors and prompts from displaying
//D Enable Active Debugging
//E:engine Use engine for executing script
//H:CScript Changes the default script host to CScript.exe
//H:WScript Changes the default script host to WScript.exe (default)
//I Interactive mode (default, opposite of //B)
//Job:xxxx Execute a WSF job
//Logo Display logo (default)
//Nologo Prevent logo display: No banner will be shown at execution time
//S Save current command line options for this user
//T:nn Time out in seconds: Maximum time a script is permitted to run
//X Execute script in debugger
WScript Error - Windows Script Host
Input Error - Windows Script Host
This Unicode version of WScript will only execute under Windows NT.
Please use the ANSI version of WScript.
Script: %1!ls!
Line: %2!lu!
Char: %3!ld!
Error: %4!ls!
Code: %5!lX!
Source: %6!ls!
WScript - Script Execution Error
Windows Script Host Remote Script
Remote script object can only be executed once.
Unable to execute remote script.
The Windows Script Host settings have been reset to default.
Command line options are saved.
The default script host is now set to "wscript.exe".
The default script host is now set to "cscript.exe".
Successful execution of Windows Script Host.
Successful remote execution of Windows Script Host.
Script execution time was exceeded on script "%1!ls!".
Script execution was terminated.
Could not locate automation class named "%1!ls!".
Could not connect object.
Could not create object named "%1!ls!".
Initialization of the Windows Script Host failed.
Can't find script engine "%2!ls!" for script "%1!ls!".
Can't change default script host.
An attempt at saving your settings via the //S option failed.
Loading script "%1!ls!" failed (%2!ls!).
Loading your settings failed.
Execution of the Windows Script Host failed.
Unexpected error of the Windows Script Host.
Windows Script Host access is disabled on this machine. Contact your administrator for details.
Attempt to execute Windows Script Host while it is disabled.
Attempt to execute Windows Script Host remotely while remote execution is disabled.
//T option requires timeout value.
Invalid timeout value for //T option.
Unknown option "%1!ls!" specified.
Extra argument specified to option "%1!ls!".
There is no script file specified.
Command line option mismatch.
There is no file extension in "%1!ls!".
//H option requires host name.
Host name for //H option must be "cscript" or "wscript".
There is no script engine for file extension "%1!ls!".
Can not find script file "%1!ls!".
Invalid pathname.
Need -E option.
-E option requires name of script engine.
Can't read script from stdin.
//CP option requires code page value.
Invalid code page value for //CP option.
Missing job name.
Unicode is not supported on this platform.
Unable to find job "%1!ls!".
Script setting file "%1!ls!" is invalid.
Invalid #codepage directive.
Win32 Error 0x%X
%1!ls! (%2!ls!)

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 5.8.7600.16385
ProductVersion 5.8.7600.16385
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName Microsoft Corporation
FileDescription Microsoft ® Windows Based Script Host
FileVersion (#2) 5.8.7600.16385
InternalName wscript.exe
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename wscript.exe
ProductName Microsoft ® Windows Script Host
ProductVersion (#2) 5.8.7600.16385
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2009-Jul-13 23:42:48
Version 0.0
SizeofData 36
AddressOfRawData 0x18558
PointerToRawData 0x17958
Referenced File wscript.pdb

IMAGE_DEBUG_TYPE_RESERVED

Characteristics 0
TimeDateStamp 2009-Jul-13 23:42:48
Version 565.6526
SizeofData 4
AddressOfRawData 0x18554
PointerToRawData 0x17954

TLS Callbacks

Load Configuration

Size 0x48
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x1019004
SEHandlerTable 0x100b6d0
SEHandlerCount 2

RICH Header

XOR Key 0x99c414f3
Unmarked objects 0
ASM objects (VS2008 SP1 build 30729) 9
C objects (VS2008 SP1 build 30729) 66
Imports (VS2008 SP1 build 30729) 15
Total imports 257
C++ objects (VS2008 SP1 build 30729) 58
126 (VS2012 build 50727 / VS2005 build 50727) 1
Exports (VS2008 SP1 build 30729) 1
Linker (VS2008 SP1 build 30729) 1
Resource objects (VS2008 SP1 build 30729) 1

Errors

<-- -->