Manalyze report for e01007b2ff8fcb64c2ce71d7c54d29be

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-Sep-07 20:37:49
Debug artifacts	C:\dacufofupip2\rimemofozetozi\file-gedigitasopuv\36 yo.pdb

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA`
Malicious	VirusTotal score: 58/67 (Scanned on 2021-10-19 08:10:45)	`Bkav: W32.AIDetect.malware1` `Lionic: Trojan.Win32.DelShad.4!c` `Elastic: malicious (high confidence)` `MicroWorld-eScan: Gen:Heur.Mint.Titirez.Iq0@a9d0C9aG` `ALYac: Trojan.Ransom.LockBit` `Malwarebytes: Trojan.MalPack` `Sangfor: Trojan.Win32.Save.a` `K7AntiVirus: Trojan ( 005690671 )` `Alibaba: Trojan:Win32/Azorult.ad698775` `K7GW: Trojan ( 005690671 )` `CrowdStrike: win/malicious_confidence_90% (W)` `Cyren: W32/Kryptik.EWJ.gen!Eldorado` `Symantec: ML.Attribute.HighConfidence` `ESET-NOD32: a variant of Win32/Kryptik.HMID` `APEX: Malicious` `Paloalto: generic.ml` `ClamAV: Win.Malware.Generic-9890416-0` `Kaspersky: HEUR:Trojan.Win32.DelShad.gen` `BitDefender: Gen:Heur.Mint.Titirez.Iq0@a9d0C9aG` `NANO-Antivirus: Trojan.Win32.DelShad.jahqkr` `SUPERAntiSpyware: Trojan.Agent/Gen-Kryptik` `Avast: Win32:DropperX-gen [Drp]` `Ad-Aware: Gen:Heur.Mint.Titirez.Iq0@a9d0C9aG` `TACHYON: Ransom/W32.LockBit.567296` `Sophos: ML/PE-A` `Comodo: Malware@#98zlr5gd3klu` `DrWeb: Trojan.Encoder.34323` `Zillya: Trojan.Kryptik.Win32.3496259` `TrendMicro: Ransom.Win32.LOCKBIT.ENO` `McAfee-GW-Edition: BehavesLike.Win32.Lockbit.hc` `FireEye: Generic.mg.e01007b2ff8fcb64` `Emsisoft: Gen:Heur.Mint.Titirez.Iq0@a9d0C9aG (B)` `Ikarus: Trojan.Win32.Azorult` `GData: Win32.Trojan.BSE.13K4JBF` `Jiangmin: Trojan.Stop.auq` `Webroot: W32.Malware.Gen` `Avira: TR/Crypt.Agent.whamq` `Antiy-AVL: Trojan/Generic.ASMalwS.349162D` `Kingsoft: Win32.Troj.Undef.(kcloud)` `Gridinsoft: Trojan.Win32.Kryptik.oa` `Arcabit: Trojan.Mint.Titirez.EEBF19` `Microsoft: Trojan:Win32/Azorult.RF!MTB` `Cynet: Malicious (score: 100)` `AhnLab-V3: CoinMiner/Win.Glupteba.R440044` `Acronis: suspicious` `McAfee: Packed-GDT!E01007B2FF8F` `MAX: malware (ai score=84)` `VBA32: BScope.Backdoor.Mokes` `Cylance: Unsafe` `TrendMicro-HouseCall: Ransom.Win32.LOCKBIT.ENO` `Rising: Trojan.Kryptik!1.D91D (CLASSIC)` `Yandex: Trojan.DelShad!mDHWPvPiqrc` `SentinelOne: Static AI - Malicious PE` `Fortinet: W32/GenKryptik.FKHU!tr` `BitDefenderTheta: Gen:NN.ZexaF.34218.Iq0@a8d0C9aG` `AVG: Win32:DropperX-gen [Drp]` `Panda: Trj/Genetic.gen` `MaxSecure: Trojan.Malware.74279478.susgen`

Hashes

MD5	`e01007b2ff8fcb64c2ce71d7c54d29be`
SHA1	`ee4ffd48637959a5fb999608e22eb4a0487d6dff`
SHA256	`bc7a8a1a103aba8623b7cb73a8c32d5a3a9a8550d1a0fabbb1a01a48497ad0fb`
SHA3	`8e13cc8a7f358e8e6934a194c926f0eda2fd201c0bc69d40b5a49878f5d509f2`
SSDeep	`12288:2ft8j6SzcsMO4hWEfp+YwWEmlKg7CyduX2Btu:KC6SbMO4hNf02ldJ`
Imports Hash	`b7ebe503aba8ff6fce4b2b89581116dd`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2020-Sep-07 20:37:49
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`9.0`
SizeOfCode	`0x70200`
SizeOfInitializedData	`0x1d3ae00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001D6E (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x72000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x1da8000`
SizeOfHeaders	`0x400`
Checksum	`0x8c7f6`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`4acfbb1a60dd21db2a057ba95f77fa77`
SHA1	`8c51c456f8b0bee734fbdf6889d2ae3f8d123957`
SHA256	`fb64b9efb04f85915c143e73eaa2fd00a03f5d35e6371e1dddb5b71de993884f`
SHA3	`41d944225000a084fbee38adad3610754007ebcd864a091299d922866a60e65c`
VirtualSize	`0x701f0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x70200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.97575`

.rdata

MD5	`4aa9fe42cbc6770654042a39b8504dbc`
SHA1	`17a65f6a1ed45c22b7d51ee8ea8d8eedc2b4ccd2`
SHA256	`c7dd0fc46304d26f00c828c952fdfe1c2f4984f5590fd79e4dea94330c4feb1b`
SHA3	`88372641bb7ac28123904b3a8eb0f21e31ba0c5674e8aac1d1c089c3ec42d0a1`
VirtualSize	`0x351a`
VirtualAddress	`0x72000`
SizeOfRawData	`0x3600`
PointerToRawData	`0x70600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.19154`

.data

MD5	`db2994f34ba594ed1ec7c17efaf337e9`
SHA1	`a5cf657e83a418f259f27e173de283641df69b00`
SHA256	`af67a57c03330b091677f449422fd18a20cdbf5738de76d94469b98f82979d81`
SHA3	`18d77201ebd925649295fb1db14c7bc2a14e79c4ae21620e279a8706ef1a0603`
VirtualSize	`0x1d1cc00`
VirtualAddress	`0x76000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0x73c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.3319`

.rsrc

MD5	`0d59e4bb19708242013144a4d7931ab9`
SHA1	`f3a21652374a6fa360e754bf47519ee7a0b78788`
SHA256	`75db87c8f99610408304191bdd7057268573784c9a2f729dbc50ba427e73b194`
SHA3	`c7628f9f97b19cc9c7c12ae4e9481922d8f28ee0d806e556d9329fb57930ef43`
VirtualSize	`0x14db8`
VirtualAddress	`0x1d93000`
SizeOfRawData	`0x14e00`
PointerToRawData	`0x75a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.38615`

Imports

KERNEL32.dll	`SetLocalTime` `InterlockedIncrement` `ReadConsoleA` `InterlockedDecrement` `GetCurrentProcess` `GetSystemWindowsDirectoryW` `SetEnvironmentVariableW` `GetEnvironmentStringsW` `GetUserDefaultLCID` `AddConsoleAliasW` `SetVolumeMountPointW` `EnumCalendarInfoExW` `WriteFile` `GetUserDefaultLangID` `GetEnvironmentStrings` `WriteConsoleOutputA` `LeaveCriticalSection` `lstrcpynW` `FindNextVolumeW` `VerifyVersionInfoA` `HeapQueryInformation` `GetModuleFileNameW` `GetACP` `GetConsoleOutputCP` `GetProcAddress` `GetComputerNameExW` `VerLanguageNameA` `CreateTimerQueueTimer` `HeapUnlock` `LocalAlloc` `GetDefaultCommConfigA` `GetModuleHandleA` `QueueUserWorkItem` `GetConsoleTitleW` `PeekConsoleInputA` `GetCPInfoExA` `ReadConsoleInputW` `GlobalReAlloc` `LCMapStringW` `PulseEvent` `GetCommandLineW` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `GetModuleHandleW` `Sleep` `ExitProcess` `GetLastError` `GetStdHandle` `GetModuleFileNameA` `TlsGetValue` `TlsAlloc` `TlsSetValue` `TlsFree` `SetLastError` `GetCurrentThreadId` `EnterCriticalSection` `TerminateProcess` `IsDebuggerPresent` `HeapSize` `SetHandleCount` `GetFileType` `GetStartupInfoA` `DeleteCriticalSection` `SetFilePointer` `FreeEnvironmentStringsW` `HeapCreate` `VirtualFree` `HeapFree` `QueryPerformanceCounter` `GetTickCount` `GetCurrentProcessId` `GetSystemTimeAsFileTime` `LoadLibraryA` `InitializeCriticalSectionAndSpinCount` `GetCPInfo` `GetOEMCP` `IsValidCodePage` `MultiByteToWideChar` `RtlUnwind` `HeapAlloc` `HeapReAlloc` `VirtualAlloc` `WideCharToMultiByte` `SetStdHandle` `GetLocaleInfoA` `GetStringTypeA` `GetStringTypeW` `LCMapStringA` `GetConsoleCP` `GetConsoleMode` `FlushFileBuffers` `CloseHandle` `WriteConsoleA` `WriteConsoleW` `CreateFileA`
USER32.dll	`RealGetWindowClassW`
GDI32.dll	`GetCharWidthFloatA`

Delayed Imports

963

Type	`BOLAWACULATOREGOWAVOVOSIXAZIWEMU`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x21af`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.64022`
MD5	`5cdf5c8908a73a2c63a8570fa88760e4`
SHA1	`e432209d1cd16b03ec6a27deca27af5556c3b2d1`
SHA256	`72d544712d1f0943298935c2c8813d8aa07f0e9a04c2ee7327c1d4f2106004bb`
SHA3	`6875e65ea541a6b3246ff1e2f333cfaaf89125f59122decc6c863679516fdf88`

19

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x130`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.94201`
MD5	`eab2fb4e88264321de249646c892e8dd`
SHA1	`caf3a04b089673366cd460343c2cf24ff52a881a`
SHA256	`e93247249fe943b538088084e9fdef4094a79bc16502cab0b5bce7b0e6f5b642`
SHA3	`2cd271fdc732adca61883fa3e26b3ac3388a36716fdb320abf4803978423b4b6`

20

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.697`
MD5	`43a50c2f09e0a5994b49ed27a7cd89f3`
SHA1	`fbe8d240f3c5c5ef8c48e44fee1d4ea2e868e726`
SHA256	`688c7705da1cf555e6cd446aca007277e9dbc97967bb261e1f23f31a4f6721c1`
SHA3	`8b53d1fbe374e0be8bd64ef443fa782a894e705ac186b0f3ec32c08a60b2d2ab`

21

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.76287`
MD5	`53fae6172bd9e2af02f0cee75c62384c`
SHA1	`f5fb873564c65f3d6cb39dbd3305936f67e953c1`
SHA256	`3060c1f6855b4c81c6ab44cf155ca716021863a192a5e778d5626e1cb8f8f028`
SHA3	`f8c0ba633e60acc9cd1cbbae84bc0448b8d8aafe2bb0de93b59e2da57a2ba4ac`

22

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x130`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.6581`
MD5	`e3d3493a8aadecb9cec77d61dd54db11`
SHA1	`edd0e22c5e81e93b7fd062f0694ee163af0032cf`
SHA256	`609cf0e1c5d2f8c59ce55228574bd35efef29d9ea018a50a9bc73703d4170006`
SHA3	`e824a67cab47321d321cfaf202372e12217dd2c51da1a06b80b78824c3e9c842`

23

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xb0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.20327`
MD5	`16c20d0ed86841e37517f8d83b93e29b`
SHA1	`e26dec83bca4adfa8b90bda52ae3021403cd5624`
SHA256	`67ceff3facc1ae98c4212a57be34fd73f7ac41d47c65002d6b77f7a3f3d33144`
SHA3	`5b0d040056292048079f110dc7a0db1ac5250c91a5a8fa12438cf7f2f026d5e1`

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.81652`
MD5	`b04ab92a5e5b67430f43e78810874459`
SHA1	`65683d42b5e1d4ccac5f0634e3635200563283b5`
SHA256	`5e32fb32fc7c73c4331c28c3ecea3501939438e8ab29996685bb1e9871335cf3`
SHA3	`6856c70b7aeb841cfc415215ba7ac87cf228130e3780ca16100302d160cd5099`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.80996`
MD5	`6350b3bebe74627fc96d34efe46269bc`
SHA1	`6580a8f2377d63d0e402f2621078009af1596d9c`
SHA256	`618773243d232913d1afaf70e97f1aba0c304294c6c478984b6b837c3ab46956`
SHA3	`4a85151f072796d32a4665a943ae0994dcefa0d2e620f0a7c580317081280c20`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x6c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.92836`
MD5	`c0b02de2fb97c158fc4bfafc09999e26`
SHA1	`d7bcc980f566cf127a0f51cf719550c6c7d4467a`
SHA256	`e8424869427f9a0417c65bffdf98fc7847c04966fbef089670e3fdfebf6c989b`
SHA3	`a19edbe57c675fa78909ac17cc12a80e9120fe7feaa509cebb3648b767128f26`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.02001`
MD5	`5a7283a2e21a0438b48334ae3ffcc2c3`
SHA1	`646d9b9ed066999e287af2b96d1f6571b8ae81bb`
SHA256	`377955a5c5dd3ed295d4842b77d8738a35b5fc20099a294adccd577a4a9a8281`
SHA3	`bb0bb8a6ea4bfe99417c0eb9f65e25af16a4c71eff6aaa1f0b98a3bbb64ffead`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.06484`
MD5	`0cdbcc6cd40e2fdd3ff932a391388879`
SHA1	`9f4185e2f9d07ec2a43934b262a920e71cb77e9f`
SHA256	`82df6dacdcabf7e176a7b67db0e4c86b4983e9b19f0eb835754b1667b921890e`
SHA3	`f255dbdea415a386d03ebab61b5dfa11a31a373f1175254f9d576c7be64cd705`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.15248`
MD5	`a1cd1d6154d8dec09fcfcf72d1d39c65`
SHA1	`5920f9c188138785bb4e968c29ec6ea09b747ad7`
SHA256	`429c79c8b6ea472b4dbad8fd9b418beef7a43cd973115319a1c99d82773a152c`
SHA3	`fef9754041866c6b4a36e50aceb71536777f48fd6ac3da29c007a9a3933b327e`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.98417`
MD5	`890b991c0f56d7102ff4e1beb633cde8`
SHA1	`0a905c95421d290543e9650275f9a6c4c3a5d7eb`
SHA256	`2aa8319be26263fe87c2ccc4aa6447a6de8461503926916793dda010e4717d3f`
SHA3	`c8f73ffd72633afdd91ef1408f20b14836d56e442aba87b9728e81442e2a061d`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.07278`
MD5	`3061240fd197a361dbfd537b2854e650`
SHA1	`6bd6e160a8ad2da72ecb378c1f2c8d5ae13b9e60`
SHA256	`a43516023b442af12b40b21c9ed9ff80efbef1ee860335ed24f74637455be529`
SHA3	`1b91ec02e8f8424442011d67e1b8f20e039716787931fb74a401a5085230ed4c`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.16295`
MD5	`611f40a20d11e7f6967664b89b056eaf`
SHA1	`88acf5d7d49341f662e2f0692c0f22f418c0d0b6`
SHA256	`7271c25ee75d1b69e908e7ce4022d20170d0fecae10000b43851c897003cda2c`
SHA3	`f2f15e3a24fad266093ace922b39565574290b1fb898d3426a7c31e01151728e`

10

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.08821`
MD5	`35dfaffbd92d556e7b7a067ba2347303`
SHA1	`bce9032b9d2ce41593c80155b84d8514f6d2243b`
SHA256	`b48e19976d56c89d9df89911002e545df4f6910d99313267dda338bd2ec04296`
SHA3	`1a645fed27ed87e67a52a6590a9ddd9243939817c6c53529d931b27e5ceb45f6`

11

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.77851`
MD5	`4e2913e763120887c9e115c6b9bc4a78`
SHA1	`6241e5d9d26362b6c07d067464555849d2624a3c`
SHA256	`9679b25e5c9b24f0faecea19cadca95fe52fb737348c64a0a9ac55fb19c90f8f`
SHA3	`be334bcc38456e68d6b60782156930cec56d0103834fe2237cf6f0018b9b1623`

12

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.54989`
MD5	`8c1911559e26e743452e354244985803`
SHA1	`a69c710aa0dbce790059226b568522bf20f03b0e`
SHA256	`698f90d238774244dd0cc2c77bd71d161fb31faddb7dd062796635ea0cb92435`
SHA3	`5039e02277a4cd4f5dc13ed5495466c67b09e7f483cd4dbb2c719d55877a39be`

13

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.58716`
MD5	`340eb757efb3e0fc42b12957c4e563e8`
SHA1	`e2b36a667375c539e0574ce5b2a4b855e398b03b`
SHA256	`b7ef37afc7657757f1bcb58ca2e8757cc6d0904a748bbd743ab9be24b63c93ff`
SHA3	`238b1d02badbb57c69933aaa1e842adfcd9c322d44dc79f130477f149cadb20d`

14

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.52622`
MD5	`9d852d2355e9af1781b1a4a524fec06f`
SHA1	`f5f292d2f594e422e707d958cad1b2b083dd1a51`
SHA256	`148eb42b69ea67fb7961bc0fe3ceef626acb0bbf990bcd8f699f65975b406535`
SHA3	`881784aa5e0f670ebde931cf4345c2de6782afbfc32b115de2e74bcff0b7ad78`

15

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x6c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.6627`
MD5	`2ae2a4192ee24b4592e179456664c9b3`
SHA1	`057d07a7ba4a5f98b469b378d5a298c16d9a26bc`
SHA256	`ca51ad949d53160cecb7f0af2de69da87b7f65bcb953885b75bcc7bcb83e68ac`
SHA3	`d6e8d8e9c27522f9fcfb07bd1500e993500778dd522f0b79ac8f901d3415e5cb`

16

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.85961`
MD5	`ae8932e4b7c08d897a5ad6480ad679c1`
SHA1	`b260cd358dab0ec292bed66ce522cbb651f01b31`
SHA256	`6ea08085bd2a3949f0f7e494657f525259fd8fe6478f87ed93580dab3a0ea0c5`
SHA3	`2ddce45ba6ebbb038ff595022dc65752ab7401db22a90fd8294fa8f51e9f9abd`

17

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.78147`
MD5	`da61f91b72f2885766e100a0d951ac7c`
SHA1	`1126473a0ff05b98b58262c88cd4daaf22287274`
SHA256	`adb76417a02b8a3d304c0768e69315aac0441463e94cabf7e08a2aec2f1b710f`
SHA3	`5d92d7fb2a0a6a364b637085b6a31159520290ca302a0ef1274e4d327d8c0c5b`

18

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.31704`
MD5	`5fbf008682ca6eb28e6102dad2b9c52a`
SHA1	`0460c7a9aa973984fc8f144105b5605faba77c93`
SHA256	`c064b4c712c93f3a05ce0d74f038540f46ae9bbd3bafe070c253640fcfa61c99`
SHA3	`93e3a6095eadbde83c97cae438e9d37107570f27e18efb61eaad83e26c13b9b0`

17 (#2)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3be`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.24114`
MD5	`1c5b347860abe05178b6f9d01d718300`
SHA1	`0ac8c13f2fff75c80be227cc1ee01f092334b612`
SHA256	`d095b0c2a71b6c2241524691ce8360ec9bbf7d624cb73b5218872e35866aa19f`
SHA3	`5a5e06bb31248fa32351bc9e7a263e3d3111c181595e6d2a07da1f76d5d96c78`

19 (#2)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x23e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.14808`
MD5	`9e5ce5ee978bd73423759d4f6294dd75`
SHA1	`a773e9291f105895e0b4b4fcdb02ad3bb3794187`
SHA256	`a169ef365fe50fc6b7a9085c0131a957c5143293a3e90c22762d0b918a5bc0fb`
SHA3	`91292da85658f411d5a675d3ebdf6cb906b55ae76ee08d549345038b150a650e`

20 (#2)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x64e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.28487`
MD5	`e6fa73d928166c41e726872a629dd44e`
SHA1	`65615d7145f97188423e6c10f97d02c29ea9cc51`
SHA256	`c69575dbc1c33a9a319d4f76b5811f8803d1b9cc98ad737752cafe81c656b82e`
SHA3	`78c8109524cbcbfc7e3dfb493b7558c3c66cda13d7ad05def9caa0b37b0808d2`

24

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x48c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.28079`
MD5	`dbc4edda4afddf84210bf0e01310e7c6`
SHA1	`696117b5b0700f024636cd960e811ee0ef021f36`
SHA256	`f79fbe414e1e892bdc105ba10e54949373289962789fce6523c68e559de16e2f`
SHA3	`14cb602a465f4644beced6366beaac01967d10ca2ff9ed84818dfb27665c827b`

570

Type	`RT_ACCELERATOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x40`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.0367`
MD5	`68ddb71d876a79ed6806c83d511a0006`
SHA1	`a1034ecc8eea306c774743e5980db6eabe663b68`
SHA256	`ac243cefb9b1fafccb3b979fc279b43cbc81624c6439fab8cd73685cda5fe129`
SHA3	`0a3d572ce7eb829df4523849b28630bf153edc1d1d886b69f13d0dd797f55bbf`

2375

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.98048`
Detected Filetype	Icon file
MD5	`5ad03c07deb0fe72c9cb285fc9e91c2e`
SHA1	`6a1ea2db2ba7451b23a35ee0c4306beac6b70e2c`
SHA256	`f03aa736d396352b89a6edbef6871c2e1e0682802a878b5356c01ce65436c768`
SHA3	`ec19d771d3668e85a0cd9f5bae55090c0a6fd403fc3e1f7cfaa572101677e3dc`

2384

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.42369`
Detected Filetype	Icon file
MD5	`e0e4a4ae602a78b0de001c5028ca9ea2`
SHA1	`eb0364b66908b6d1cb2592368ec6ec881712b375`
SHA256	`536c811fcb55b19782cd8bd2024471fea82ed3f13cbfd69eab4dc8cccc9f73ce`
SHA3	`42a18ffcea58abc0bead6c9a2d758ccf09843131ecd718b8cbca2e90a60b4dd6`

2387

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.33006`
Detected Filetype	Icon file
MD5	`c5d38d41931825c215dbd52fab9306f5`
SHA1	`cca057b1075ed7606769ea4611c550b0be30c4dd`
SHA256	`3a32c657cbd0970950b52af99b394ba47e703a976633d5270346ad94154c0d54`
SHA3	`8d0dac349a26f2b2d214bae77011336f4c694ca53e310ae2b287f18dc9c85551`

117

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.8055`
Detected Filetype	Icon file
MD5	`ef9ef11df4fa3b2263bd734dc0f9a1ea`
SHA1	`5675faabc92f40112f4a5ecd73eab6a72679174e`
SHA256	`38c9c90403bd7746056c3306dd262e89632474f3bb372d3a191e90951d7d9ecc`
SHA3	`91f1feae7caf21c700ce2a85c63a036cc9964e8652d80b05ad19ffc43764092e`

118

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x76`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.85812`
Detected Filetype	Icon file
MD5	`160a4674d1a4048d80b3617538c5c764`
SHA1	`4915feb5b5cccd9e75f0bd4af5e35211353a207e`
SHA256	`146e554f0d56db9a88224cd6921744fdfe1f8ee4a9e3ac79711f9ab15f9d3c7f`
SHA3	`21c2ca5b60b02fd80163c30c40f4ee04b99cb028575ab8be5a4d6710d3a18321`

150

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.79189`
Detected Filetype	Icon file
MD5	`327a7dbe7b957fb7798bf812a11000e2`
SHA1	`7b43d45aac98bc4980170c8bd5d8c89fac6f3740`
SHA256	`28531d00bee75de4e07529bdc31ddc1ed379ff009cfbaee8822d16fba4ec4c56`
SHA3	`f5a24bced792f9f252bca429cf91f1ad4d0972428d4cba09be73946e4df00748`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1b4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.47124`
MD5	`1ccf587e73d62e47c178c7ef58d332e7`
SHA1	`3f7e38ea8cbb96c4d7eb9c379594e61994bda3d1`
SHA256	`ed2e5758ef9d486a4da422477ee23a293fb012291eb3ef5cb839627df48816e5`
SHA3	`444600f78ceaadd20abf058bcb8bbf4b7f262ceb95b1cd0a70d6871f88712b53`

String Table contents

Teluyopabem wile cogeruroga gob weto bopado tuvoja
Nizav wasebuweguxu kaxaka polaxamuwo taxoyud riximunu
Duboyo lejo hujahig sohafote kudetuvog bajac
Coyuvodi kevovipuyuviw
Fef jupabilav hak zefobebiregova boci sopapikibiyefo xowehujutiye sipuyof vizelazafaxuvac
Mawezusaxised sumazusi mihi pumezezeb pacubetuyonoyen
Xub hukiyutawoxine copidudidos soyatilixolehuy doco cesetigijobuduk juxiwudukuzos fihutabucizuhed pozakoliyofe
Widihaxotegafu hawu riwusizo tinisagayusag
Sis gabajuwoho novoyukiwapepab
Cawo kipifucezi gapu vihovixeyalesej hasamadajoko hudixogi badeyudevaseya keto xatufaxuwenih xokaham
Pihopofuwezume tadamapicolid luzikufujeyi wubowe takiridutuza famecihoyol hatelifobuza
Feti kuzemidejunari fovapexazij nibi moreb dixagaw zowu
Xanuludi weki
Lewehe makihexiyowud nulakuwet mitifudomuzuhan tafiju tohe rocufiduzuwovet
Tiwucike jirecuvacirin kug hocafifohigesoz mihecuhumimuya
Sudukahiv nixovihayekazup lim tosopupami lobap yoxiguwupumej cugakap mevivodugav nusanafixoy wikifahageva
Hivudal lazawubitoluxed pinujerutu kuyig busuxojedul gunezejiwigajo cudilamokixilu
Kejocus sijizojagejijun lezoxa
Tah sewodanifovojiv nit kapahari wejanalaporafo rujawowucebaye yowuci govo wopovayuto
Sohusidipo pepikakowiwa
Doveror tebawiroli xofihocu falew kofohikewuweco fogeyewog wiyotesexih feyegike
Sepefe mamebikalarifo cawejociyiyo xuxizugo kanevupul jadepado tavofic jecoyop vumidafo
Vabayasised taserururodukef riresijeruzameh
Cuhe sazo jabupafulaya bel yasolosolugize voyufiherovixeb
Vuradeleye gij menuti yehari fecaxagefucarir vay decocix
Dujulesiye dadaveyiyehit geciwigun biwudusowoku tosizadekuhar lovihic wijalu najexamamug siyarije kefevi
Fuhizofo vukemasok
Biladuy tahalalofogun gocuzidategeheg yacivit mafuyul bahotan witixi bodicovo ximuc
Yijeveyeliju dubibozag saragekeconucin zuxosuwamar lusex mejexebiyuh gaco soyavedilapuk pebusuhovila bimewaduki
Mecebagucu pamexilide pahosezogif
Bavopifivid foxehi zunulejil
Memikatelacaf wiyijuzovay zelanatojudub
Netuposiwoveyaf navasigef porebowubuce
Hiwal divimajehehoxot haxif
Vivat
Focutilur neyetoyamenapis raruv kigileba sahepegubux jifules wexidukige leju rih

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2021-Aug-25 15:28:13
Version	`0.0`
SizeofData	`84`
AddressOfRawData	`0x73750`
PointerToRawData	`0x71d50`
Referenced File	C:\dacufofupip2\rimemofozetozi\file-gedigitasopuv\36 yo.pdb

TLS Callbacks

StartAddressOfRawData	`0x4737cc`
EndAddressOfRawData	`0x4747bc`
AddressOfIndex	`0x2191a8c`
AddressOfCallbacks	`0x4721bc`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0`
SEHandlerTable	`0`
SEHandlerCount	`0`

RICH Header

Errors

[!] Error: StringFileInfo expected, read StringFileInform instead.
[!] Error: StringFileInfo expected, read StringFileInform instead.
[*] Warning: Could not parse a VERSION_INFO resource!
[!] Error: Could not locate RT_ICON with ID 19!
[*] Warning: Resource 2375 is empty!
[!] Error: Could not locate RT_ICON with ID 20!
[*] Warning: Resource 2384 is empty!
[!] Error: Could not locate RT_ICON with ID 22!
[*] Warning: Resource 2387 is empty!