Manalyze report for d8aa8cee37738cc181bbefd257a07553

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2007-Mar-13 22:21:01
Detected languages	English - United States
Debug artifacts	dw20.pdb
CompanyName	Microsoft Corporation
FileDescription	Microsoft Application Error Reporting
FileVersion	`11.0.8160`
InternalName	DW20
LegalCopyright	Copyright © 1999-2003 Microsoft Corporation. All rights reserved.
LegalTrademarks1	Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2	Windows® is a registered trademark of Microsoft Corporation.
OriginalFilename	DW20.Exe
ProductName	Microsoft Application Error Reporting
ProductVersion	`11.0.8160`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: CurrentVersion\Run` `Accesses the WMI: root\cimv2`
Suspicious	The PE is possibly packed.	`Section .text is both writable and executable.` `Unusual section name found: .cdata` `Unusual section name found: .heb\x07` `Section .heb\x07 is both writable and executable.`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress LoadLibraryW LoadLibraryExA` `Code injection capabilities: CreateRemoteThread OpenProcess VirtualAlloc` `Code injection capabilities (mapping injection): CreateFileMappingA CreateRemoteThread MapViewOfFile` `Can access the registry: RegCloseKey RegOpenKeyExA RegSetValueExA RegCreateKeyExA RegQueryValueExA RegEnumKeyExA RegQueryInfoKeyA RegEnumValueA RegQueryValueExW RegSetValueExW RegDeleteValueW RegDeleteValueA RegEnumValueW RegQueryInfoKeyW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: CreateFileA CreateFileW GetTempPathW` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc` `Has Internet access capabilities: InternetCloseHandle InternetReadFileExA InternetWriteFile InternetConnectA InternetOpenA InternetSetStatusCallback InternetGetConnectedState InternetCanonicalizeUrlA InternetCrackUrlA` `Functions related to the privilege level: CheckTokenMembership OpenProcessToken` `Manipulates other processes: OpenProcess ReadProcessMemory` `Changes object ACLs: SetNamedSecurityInfoW`
Suspicious	The file contains overlay data.	`177786 bytes of data starting at offset 0x9b958.` `The overlay data has an entropy of 7.92731 and is possibly compressed or encrypted.`
Malicious	The PE's digital signature is invalid.	`Signer: Microsoft Corporation` `Issuer: Microsoft Code Signing PCA` `The file was modified after it was signed.`
Malicious	VirusTotal score: 54/60 (Scanned on 2017-05-24 01:23:12)	`Bkav: W32.Pinfi.B` `MicroWorld-eScan: Win32.Parite.B` `nProtect: Virus/W32.Parite.C` `CMC: Virus.Win32.Parite.b!O` `CAT-QuickHeal: W32.Perite.A` `ALYac: Win32.Parite.B` `Zillya: Virus.Parite.Win32.9` `TheHacker: W32/Pate.B` `K7GW: Virus ( 00001b711 )` `K7AntiVirus: Virus ( 00001b711 )` `Arcabit: Win32.Parite.B` `Invincea: virus.win32.parite.b` `F-Prot: W32/Parite.B@mm` `Symantec: W32.Pinfi.B` `TotalDefense: Win32/Pinfi.A` `TrendMicro-HouseCall: PE_PARITE.A` `ClamAV: Heuristics.W32.Parite.B` `Kaspersky: Virus.Win32.Parite.b` `BitDefender: Win32.Parite.B` `NANO-Antivirus: Virus.Win32.Parite.bgvo` `ViRobot: Win32.Parite.A[h]` `Avast: Win32:Parite` `Ad-Aware: Win32.Parite.B` `Emsisoft: Win32.Parite.B (B)` `Comodo: Virus.Win32.Parite.gen` `F-Secure: Win32.Parite.B` `DrWeb: Win32.Parite.2` `VIPRE: Win32.Parite.b (v)` `TrendMicro: PE_PARITE.A` `McAfee-GW-Edition: BehavesLike.Win32.Pate.bc` `Sophos: W32/Parite-B` `Ikarus: Virus.Win32.Parite` `Cyren: W32/Parite.LAQX-0866` `Jiangmin: Win32/Parite.b` `Avira: W32/Parite` `Kingsoft: Win32.Parite.b.5756` `Endgame: malicious (high confidence)` `Microsoft: Virus:Win32/Parite.B` `ZoneAlarm: Virus.Win32.Parite.b` `GData: Win32.Parite.B` `AhnLab-V3: Win32/Parite` `McAfee: W32/Pate.b` `AVware: Win32.Parite.b (v)` `VBA32: Virus.Win32.Parite.b` `Zoner: Win32.Parite.B` `ESET-NOD32: Win32/Parite.B` `Rising: Virus.Parite!1.9B80 (classic)` `Yandex: Win32.Parite.B` `SentinelOne: static engine - malicious` `Fortinet: W32/Parite.B` `AVG: Win32/Parite` `Panda: W32/Parite.B` `CrowdStrike: malicious_confidence_100% (D)` `Qihoo-360: Virus.Win32.Parite.H`

Hashes

MD5	`d8aa8cee37738cc181bbefd257a07553`
SHA1	`c2e9e7897dd496a6e8788ffb7eaaa8c780f982b9`
SHA256	`0b3bd8f68676b90534a189dc5e231deba8aa77a2d79262103b3a506f3c6c6b2f`
SHA3	`1ef21d53a4ee397174d99c25c9d0de4d2b3740f308bf08583b0ffbf935adc74c`
SSDeep	`24576:AfPi1dJU43I98U7nYYJ2tHhA+SANLHgZpJEMLo9hjj28km:A/4MnYYJ2ZhHSGLHkJEME9p/`
Imports Hash	`bf4e14c06e307c44af88b518ea9774dc`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x148`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2007-Mar-13 22:21:01
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`7.0`
SizeOfCode	`0x64600`
SizeOfInitializedData	`0x5a400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000C2000 (Section: .heb\x07)`
BaseOfCode	`0x1000`
BaseOfData	`0x6c000`
ImageBase	`0x30000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xc3000`
SizeOfHeaders	`0x400`
Checksum	`0xa229c`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`1199d3e4848274e4dc2cf2607b4e1ef6`
SHA1	`aec646d6ed3e7fbce6232ab660fe9ef0051aca01`
SHA256	`e7da75371017a5ccc1080b2dac98118e463f5da111746c910320df8c75471fe9`
SHA3	`e85b6b0782da8a90e7fca38ba58270d532b3c28a3b17cf535bdd13c3c3f42bbe`
VirtualSize	`0x644da`
VirtualAddress	`0x1000`
SizeOfRawData	`0x64600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.63878`

.data

MD5	`ea1b9052a479429451ebe4782060d9f4`
SHA1	`bfd8f0a522b3d1a5c002cb2e739f9f8ece447128`
SHA256	`d9879ef27dc2fd4752e13b532315835ad30b8931dc300c04b8b9a25f079b6e60`
SHA3	`6ae9143f14e22fba4f9c3a10115a1d6d6760c3e23bf69930777b57d86fb05889`
VirtualSize	`0x569d4`
VirtualAddress	`0x66000`
SizeOfRawData	`0x31000`
PointerToRawData	`0x64a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.63416`

.cdata

MD5	`1fd62ec5648b0294c196045987fa1c25`
SHA1	`0877a7b5dd545994875db3a5244c45b91b457e02`
SHA256	`208da1f6516c34ec2775e4705486c382a29d880efe131728ab5e9dccf06a2990`
SHA3	`e424e6bd16c6ec9be74d5b11118e0daebdaff3b7e31c4f1f3af9c889ad67b681`
VirtualSize	`0x4`
VirtualAddress	`0xbd000`
SizeOfRawData	`0x200`
PointerToRawData	`0x95a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0815394`

.rsrc

MD5	`fd2a56ce2da91562b84181219a5f0c88`
SHA1	`3bb19b60280e5c8413981b39129ab56973b59226`
SHA256	`46df99753188191602d45c5237e3bf57e262a96075bb38097bbd42e9538dc567`
SHA3	`726a4460cdf7261727094882f32f8ef743602f680c0c50e5648597894c2e5664`
VirtualSize	`0x3648`
VirtualAddress	`0xbe000`
SizeOfRawData	`0x3800`
PointerToRawData	`0x95c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.73347`

.heb\x07

MD5	`e7535e63eb3f1cfb7d1bc3ea76e55829`
SHA1	`22ec16cb36f80b7569c66054bb114031d15ec8c7`
SHA256	`b26960a8dabfa5875183bbdc4bf388049d02f0ca8446e8a76730d279bc4c1b29`
SHA3	`f077d906076f75f4d949009d58f6f93bf3edbb736f03a918e114f510a01f5466`
VirtualSize	`0x1000`
VirtualAddress	`0xc2000`
SizeOfRawData	`0x600`
PointerToRawData	`0x9ba00`
PointerToRelocations	`0xffdbeaf0`
PointerToLineNumbers	`0x2daf13`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.00837`

Imports

ADVAPI32.dll	`RegCloseKey` `RegOpenKeyExA` `RegSetValueExA` `RegCreateKeyExA` `DeregisterEventSource` `ReportEventA` `RegisterEventSourceW` `ReportEventW` `RegQueryValueExA` `RegEnumKeyExA` `RegQueryInfoKeyA` `RegEnumValueA` `GetUserNameA` `RegQueryValueExW` `RegSetValueExW` `RegDeleteValueW` `ConvertStringSecurityDescriptorToSecurityDescriptorA` `ConvertSidToStringSidA` `SetNamedSecurityInfoW` `GetSecurityDescriptorDacl` `RegDeleteValueA` `FreeSid` `CheckTokenMembership` `AllocateAndInitializeSid` `RegEnumValueW` `RegQueryInfoKeyW` `GetLengthSid` `AddAccessAllowedAce` `AddAccessDeniedAce` `InitializeAcl` `IsValidSid` `CopySid` `GetTokenInformation` `OpenProcessToken` `OpenThreadToken` `SetSecurityDescriptorDacl` `InitializeSecurityDescriptor` `ConvertStringSecurityDescriptorToSecurityDescriptorW` `AddAce`
COMCTL32.dll	`ImageList_Destroy` `ImageList_Create` `ImageList_ReplaceIcon` `#17`
GDI32.dll	`GetTextMetricsA` `DeleteDC` `RestoreDC` `DeleteObject` `GetTextFaceA` `SelectObject` `CreateFontA` `GetDeviceCaps` `SetMapMode` `SaveDC` `CreateFontIndirectW` `GetObjectW` `GetTextExtentPoint32W` `SetTextAlign` `CreateFontIndirectA` `GetObjectA` `ExtTextOutW` `SetTextColor` `SetBkMode`
KERNEL32.dll	`LoadLibraryA` `GetProcAddress` `GetSystemDefaultLCID` `FreeLibrary` `MultiByteToWideChar` `GetProcAddress` `GetVersionExW` `GetVersionExA` `GetModuleFileNameW` `InitializeCriticalSection` `GetProcessHeap` `DeleteCriticalSection` `GetModuleHandleA` `lstrcpynA` `SetEvent` `CreateProcessW` `ExpandEnvironmentStringsW` `CreateFileMappingA` `GetFileSize` `CreateFileA` `UnmapViewOfFile` `CreateFileW` `GetTickCount` `WideCharToMultiByte` `WriteFile` `SetFilePointer` `GetTempPathW` `GetFileAttributesW` `SetEndOfFile` `IsDBCSLeadByte` `GetSystemDirectoryA` `SetThreadPriority` `CreateRemoteThread` `OpenProcess` `GetSystemDefaultUILanguage` `SetEnvironmentVariableA` `CreateDirectoryW` `GetLocalTime` `ReadProcessMemory` `VirtualQueryEx` `GetSystemInfo` `FindClose` `FindNextFileW` `FindFirstFileW` `GetComputerNameA` `SetPriorityClass` `SuspendThread` `ExitThread` `GetSystemTimeAsFileTime` `GetTimeFormatW` `GetDateFormatW` `LocalFree` `GetSystemWindowsDirectoryW` `MoveFileW` `lstrcmpiW` `GetLongPathNameW` `GetShortPathNameW` `GlobalFree` `GetSystemDefaultLangID` `QueryPerformanceCounter` `VirtualProtect` `UnhandledExceptionFilter` `GetCurrentThread` `LocalAlloc` `RaiseException` `GetLocaleInfoA` `GetVersion` `GetShortPathNameA` `OpenEventA` `CreateEventA` `OpenSemaphoreA` `CreateSemaphoreA` `OpenMutexA` `CreateMutexA` `GetProcessTimes` `GetModuleHandleW` `TlsGetValue` `TlsSetValue` `TlsFree` `TlsAlloc` `InitializeCriticalSectionAndSpinCount` `SetFileAttributesW` `InterlockedExchange` `InterlockedIncrement` `InterlockedDecrement` `GetUserDefaultLCID` `CompareStringW` `IsValidCodePage` `GetStringTypeExW` `IsValidLocale` `VirtualAlloc` `VirtualFree` `DuplicateHandle` `GetThreadSelectorEntry` `TerminateThread` `HeapCreate` `HeapFree` `HeapReAlloc` `HeapAlloc` `HeapDestroy` `LoadLibraryW` `GetPriorityClass` `GetThreadPriority` `GetThreadTimes` `GetThreadContext` `GetStartupInfoA` `ResumeThread` `GetCurrentThreadId` `OutputDebugStringA` `DebugBreak` `LoadLibraryA` `GetModuleFileNameA` `MulDiv` `SetLastError` `SetUnhandledExceptionFilter` `GetCurrentProcessId` `GetLastError` `CloseHandle` `CreateThread` `DeleteFileW` `TerminateProcess` `Sleep` `GetCurrentProcess` `SetProcessWorkingSetSize` `EnterCriticalSection` `LeaveCriticalSection` `WaitForMultipleObjects` `WaitForSingleObject` `ReleaseMutex` `MapViewOfFile` `GetCommandLineW` `GlobalAlloc` `LoadLibraryExA`
OLEACC.dll	`LresultFromObject` `CreateStdAccessibleObject`
ole32.dll	`CoCreateInstance` `CoInitializeEx` `CoUninitialize` `StringFromIID` `CoTaskMemFree`
OLEAUT32.dll	`#13` `#2` `#6` `#184` `#7`
MSVCRT.dll	`__getmainargs` `_initterm` `__setusermatherr` `_adjust_fdiv` `__p__commode` `__p__fmode` `__set_app_type` `__dllonexit` `_onexit` `_controlfp` `_amsg_exit` `_acmdln` `exit` `_cexit` `_ismbblead` `_XcptFilter` `_exit` `_c_exit` `time` `memset` `memcpy` `memmove` `tolower` `ceil` `strchr` `wcschr` `_except_handler3`
RPCRT4.dll	`UuidCreate`
SHELL32.dll	`ShellExecuteExA` `SHGetSpecialFolderPathW` `ExtractIconExA`
SHLWAPI.dll	`wnsprintfA` `AssocQueryStringW` `UrlGetPartA` `wvnsprintfA` `wnsprintfW`
urlmon.dll	`CreateURLMoniker`
USER32.dll	`CreateDialogIndirectParamA` `MapDialogRect` `CallWindowProcA` `CallWindowProcW` `LoadBitmapA` `UpdateWindow` `GetParent` `SendMessageTimeoutA` `EnumWindows` `GetWindowThreadProcessId` `IsIconic` `GetWindowPlacement` `DestroyIcon` `GetForegroundWindow` `FlashWindowEx` `GetFocus` `SetScrollInfo` `SystemParametersInfoA` `GetScrollInfo` `SetDlgItemTextA` `IsDlgButtonChecked` `LoadStringA` `SetFocus` `CheckDlgButton` `DestroyWindow` `IsWindow` `SendDlgItemMessageA` `GetSysColor` `DialogBoxParamW` `CreateDialogParamW` `SetWindowTextA` `GetDC` `MapWindowPoints` `GetSysColorBrush` `FillRect` `ReleaseDC` `SetWindowLongA` `LoadIconA` `GetSystemMetrics` `SetForegroundWindow` `GetWindowLongA` `GetWindowRect` `SetWindowPos` `DialogBoxParamA` `RegisterClassExA` `CreateWindowExA` `GetMessageA` `IsDialogMessageA` `TranslateMessage` `DispatchMessageA` `PostQuitMessage` `KillTimer` `SetTimer` `DefWindowProcA` `SendMessageA` `EnableWindow` `GetWindow` `GetDlgCtrlID` `IsWindowVisible` `MoveWindow` `SetRectEmpty` `DrawTextA` `DrawTextW` `GetWindowLongW` `IsWindowUnicode` `GetClassNameA` `SendMessageW` `EndDialog` `SetWindowTextW` `DrawFocusRect` `GetClientRect` `SetCursor` `InvalidateRect` `LoadCursorA` `ShowWindow` `LoadStringW` `DrawIconEx` `GetDlgItem` `EnumDisplayMonitors` `PostMessageA`
VERSION.dll	`GetFileVersionInfoSizeW` `GetFileVersionInfoW` `VerQueryValueA`
WININET.dll	`InternetCloseHandle` `HttpQueryInfoA` `InternetReadFileExA` `InternetWriteFile` `HttpSendRequestExA` `HttpOpenRequestA` `InternetConnectA` `InternetOpenA` `InternetSetStatusCallback` `InternetGetConnectedState` `InternetCanonicalizeUrlA` `InternetCrackUrlA` `HttpEndRequestA`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82929`
MD5	`fe056621ab356ef173aa8715dc59257b`
SHA1	`230c8caa11d058403f3050e262fa356e7412769f`
SHA256	`ab9b987b6f369760353507ad55ecb69a7d505117139e57991e4c5966efeb3e84`
SHA3	`cf7c1ee92da5f9405dcfe294f1457bc99dd3a4bc9fd116f1f4d3060f5a7a185a`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.26357`
MD5	`bca37bff9f4de7f63d64386d0bfb18d0`
SHA1	`97b3bc5b4b03f2da3f797af99d6ed0f5eea922a4`
SHA256	`6b1b4dd5b942469b06f92208d1a81d0b82e1cb5a32afcaeab063f5f51294c8b2`
SHA3	`c7f326ea3ed92c8125487f46516c83e555b8664e81b89f925c102d559a81ddb0`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.40072`
MD5	`ce343ac7d4bae4c11f39af6ee55ea779`
SHA1	`0acf7946128f7477636f4a063c07e74c68e8f1d7`
SHA256	`1c3184bd2233f2bb9e9476c57b8a95dd3016fcaf2c9d61e1b232a002db7226a9`
SHA3	`75045de9749084b568a93703c2edd58297b97d2142f54b6d3d54b331df0ed8ae`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.03353`
MD5	`d95be9874de5cab7614d9d0a18c82ee0`
SHA1	`84d0c41d7c37c56a1a869409181a4fbbcbb424c7`
SHA256	`51cdeb1068ada560a55e39d4425138704f9eb77d0f30133ed9bd25b31fb3c910`
SHA3	`e66929f7a7a117666e70e077f4b39a3736300f9071a7274859a4802dede89e73`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.7918`
MD5	`30f2c36f450fd590c7cbf763278f912f`
SHA1	`4f12daad5f531aba794db8b28c68dedbf1844d65`
SHA256	`bd43a5d6c0a1b53ae113e4b60053c5ba79725b56dcff721f1442db0611f7d17f`
SHA3	`b537539fb2234075b1fa691a6c4680e256bb330bd1c9fcebd51ace73f4a3f806`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.73124`
MD5	`945aed8200d916b876976126f06adc38`
SHA1	`c8e9228e6f3aea582b7b801cf0a552ea51986126`
SHA256	`b9b5df602060bbb3c476c183e4aa82e74a4fcb0cf8393a55a7ca5c35913e52af`
SHA3	`3578e8ca7496feb489ec0de7c7f41850ef748d3cd2e13678f68ba1b6ae6eb2bb`

1 (#2)

Type	`RT_MESSAGETABLE`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3fc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.05127`
MD5	`2f8e23d790ae941b940d75a42f9ed8dd`
SHA1	`3a70960d80cdb44ec8823655c3dab401ba1add6c`
SHA256	`27c8fb799ac66d854646c031a264dd1e352bd3e9ec78baf597f301f8bbddae31`
SHA3	`4556ce027b7fc46189ef83f39f43178436e2de1f862122177b267103bfabb11b`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.66931`
Detected Filetype	Icon file
MD5	`4f1bf0a3e0ea53301dc23c5086e1800b`
SHA1	`a3866cc65cb497d3be273f3912afdba86f58ea02`
SHA256	`2e5afd8074c9f54a3b5132ad2d5d17cb20ab66fd9949198a0cf50691b49708df`
SHA3	`1356b037687c1cdf21f56bcf23587abc54140529c29ef80b12fba89837bb3e6f`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4d4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41358`
MD5	`bfb2be2f60abb9c08305a484ada6c465`
SHA1	`f876be8f16c528048972fc006da2d7c389d8f19f`
SHA256	`1c02fecc5d5138ce8c994704ae66dea263d2971cfaffc90366e63395c1624b0a`
SHA3	`8dd0d934a887cb8dad834d6b0111609323a9de884d4065b6b3a1e32caa81afe2`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x369`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.66043`
MD5	`c0d4bf5330fefc1398a72757b7a19eb2`
SHA1	`661457182b81201bc7e4fec4dff4ca83aea282ea`
SHA256	`850a857b6258d0061c1a22fb2a1feac794f7cb4158fe2464870711b65ba9c3e9`
SHA3	`a591668266a0a45ff57af4cc8ac855d20aab6bb32c0fdbb126dd0735da0c45bc`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	11.0.8160.0
ProductVersion	11.0.8160.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	Microsoft Corporation
FileDescription	Microsoft Application Error Reporting
FileVersion (#2)	11.0.8160
InternalName	DW20
LegalCopyright	Copyright © 1999-2003 Microsoft Corporation. All rights reserved.
LegalTrademarks1	Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2	Windows® is a registered trademark of Microsoft Corporation.
OriginalFilename	DW20.Exe
ProductName	Microsoft Application Error Reporting
ProductVersion (#2)	11.0.8160

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2007-Mar-13 22:21:01
Version	`0.0`
SizeofData	`70`
AddressOfRawData	`0x65494`
PointerToRawData	`0x64894`
Referenced File	dw20.pdb

IMAGE_DEBUG_TYPE_RESERVED

Characteristics	`0`
TimeDateStamp	2007-Mar-13 22:21:01
Version	`545.2318`
SizeofData	`4`
AddressOfRawData	`0x65490`
PointerToRawData	`0x64890`

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x7eeea5d0`
Unmarked objects	`0`
C objects (9178)	`2`
C objects (2067)	`6`
Linker (VS98 build 8168)	`2`
14 (7299)	`6`
C objects (VS98 build 8168)	`7`
C++ objects (VS2003 (.NET) build 3077)	`1`
ASM objects (VS2003 (.NET) build 3077)	`3`
C objects (VS2003 (.NET) build 3077)	`4`
C objects (5060)	`2`
37 (8755)	`2`
Imports (2035)	`2`
C++ objects (40816)	`8`
C objects (VS2003 (.NET) build 4035)	`38`
Imports (9210)	`12`
Imports (2067)	`13`
Total imports	`379`
C++ objects (5060)	`26`
94 (VS2003 (.NET) build 3052)	`1`
Linker (VS2003 (.NET) build 3077)	`1`

d8aa8cee37738cc181bbefd257a07553

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.data

.cdata

.rsrc

.heb\x07

Imports

Delayed Imports

1

2

3

4

5

6

1 (#2)

103

1 (#3)

1 (#4)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_RESERVED

TLS Callbacks

Load Configuration

RICH Header

Errors